Stay current and updated
with our rich newsletters
and articles
The Expanding Scope of Customer Due Diligence Requirements for Financial Institutions in Nigeria: A Necessity Or Nonessential?
INTRODUCTION
In consideration of the widespread recognition of money laundering and terrorism financing as global phenomenas which pose threats to international peace and security , it is becoming an increasing global trend for countries to employ extensive customer due diligence measures as a way of fostering financial transparency and countering the misuse of corporate entities by criminals or terrorists as smokescreens for money laundering and terrorism financing activities.
This Article examines the expanding scope of customer due diligence measures for financial institutions and the necessity or otherwise of some of these measures in Nigeria.
THE CENTRAL BANK OF NIGERIA (CUSTOMER DUE DILIGENCE) REGULATION, 2023
Contributing to teeming global efforts against money laundering and terrorism financing, Nigeria has enacted a number of legislations and regulations expected to combat money laundering and terrorism financing activities, among which include the Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023.
The CBN (CDD) Regulations was passed pursuant to the Money Laundering (Prevention & Prohibition) Act, 2022 and the Central Bank of Nigeria (CBN) AML/CFT/CPF Regulations, 2022. The Regulation is basically a body of additional customer due diligence measures which financial institutions (FIs) under the regulatory purview of the Central Bank of Nigeria are required to incorporate into their Know- Your- Customer (KYC) process in order to enhance the compliance of FIs with relevant provisions of the MLPPA , TPPA , CBN (AML, CFT, and CPF) 2022 and international best practices. The Regulation is expected to complement the relevant provisions of the CBN (AML, CFT & CPF) Regulations on customer due diligence measures and enable the CBN enforce compliance with customer due diligence measures in line with the CBN, AML, CFT and CPF Regulations by FIs.
CONTROVERSIES SURROUNDING THE CBN-CDD REGULATIONS, 2023
Some provisions of the CBN (CDD), Regulations 2023 sparked a series of legal controversies, after its passing. One of such controversial provisions is Regulation 6 (a) (iv) of the Regulation which requires FIs to mandatorily procure the social media handles of their customers who are individuals in addition to their legal names, permanent and residential addresses, telephone numbers, email addresses, bank verification number (BVN), tax identification numbers (TIN) amongst other data. The provision reads as follows:
‘Financial Institutions shall identify their customers (whether permanent or occasional, and whether natural or legal persons or legal arrangements) and obtain the following information-
a) For individuals -
IV. telephone number, e-mail address and social media handle.’
The mandatory obligation on FIs to procure customers’ social media handles has spawned a number of legal concerns at the fore of which include arguments centred around the breach of the fundamental human right to privacy as guaranteed under section 37 of the Constitution as well as its potential infringement of the principle of data minimization as prescribed by the Nigeria Data Protection Act, 2020. The veracity of the claims mentioned above in relation to this provision will now be briefly appraised under following sub-heads:
BREACH OF RIGHT TO PRIVACY AS GUARANTEED UNDER SECTION 37 OF THE CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIA, 1999 (AS AMENDED):
Advocates of this contention argue that the mandatory procurement of customers’ social media handles by FIs may result in the potential restriction of the fundamental right to freedom of expression and right to privacy as guaranteed under chapter IV of the Constitution. While the weight of this concern is appreciated, it is necessary to recall that the essential objective of the CBN (CDD) Regulation, 2023, is to deter money-laundering, proliferation of weapons of mass destruction and terrorism financing.
Reports show that social media is rapidly becoming a tool for radicalization, recruitment, funding and execution of terror activities and arms proliferation in the hands of terrorists and criminals . It can therefore be argued that this development has triggered the need for the procurement of customers’ social media handles by FIs. During counter-terrorism investigations, law enforcement agencies may have cause to rely on FIs for the provision of crucial information on persons of interests which may include social media handles. These information can be made available upon the order of a court of competent jurisdiction.
Furthermore, it is a rudimentary principle of Nigerian jurisprudence that fundamental human rights are neither absolute nor do they exist at large. These rights are subject to restrictions in the interest of defence and public safety. Against this backdrop, individuals must therefore exercise their fundamental rights in accordance with the law and not at the detriment of public safety and order. Hence, individuals who are reasonably suspected to be perpetrating financial crimes or financing terrorism on/through social media or found to have in deed perpetrated financial crimes or financed terrorism on social media contrary to the provisions of the law should not be allowed to seek protection under the cloak of fundamental human rights to continue the perpetration of illegal activities.
Most fundamentally, it is not sufficient to make blanket allegations of breach of fundamental rights . Any person who alleges that his fundamental human rights have been infringed upon must as a matter of law specifically demonstrate the harm or damage done to him. This principle applies in the present situation. To succeed in an action for enforcement of fundamental human rights, an Applicant must demonstrate the occurrence of specific circumstances that amount to the alleged breach of his or her fundamental rights to privacy as a result of the procurement of their social media handle in order to gain any iota of credibility.
THE PRINCIPLE OF DATA MINIMIZATION
Some argue that Regulation 6 (a) (iv) of the CBN (CDD) Regulations, 2023 potentially jeopardizes the safety and protection of peoples’ personal information. While conceding that the objective of the Regulation is to provide an extra layer of protection against the risks associated with money laundering, terrorism financing and proliferation of arms, supporters of this argument suggest that the mandatory procurement of customers’ social media handles may not be necessary to achieve this objective, given that the CBN already demands the disclosure of a customer’s personal data such as the name of the customer or the customer’s BVN. They further suggest that this requirement could be regarded as running contrary to the principle of data minimization as prescribed in the Nigeria Data Protection Act. This argument is premised on the principle that a data processor must restrict itself to the minimum information necessary to achieve the purpose of why the data is being processed.
However, as has been earlier stated, it can be argued that the procurement of customers’ social media handles for identification purposes by financial institutions has grown expedient in light of the growing use of social media by terrorists and criminals as a tool for money laundering and terrorism financing. Like BVNs, social media handles may be useful in unravelling financial crimes and the sponsorship of terrorism as law enforcement agencies often rely on financial institutions to provide sensitive information on persons of interest upon leave of a competent court of jurisdiction. Social media coulld be instrumental to counter-terrorism and anti-money laundering investigations in various ways. Some of these ways include the analysis of social media platforms in order to enhance the identification and detection of suspected individuals, the employment of facial recognition technology to share and compare data to enable the identification of terrorists, unknown persons of interests and other subjects who [may appear on social media channels.
CHRIS EKE V. CENTRAL BANK OF NIGERIA
The Federal High Court, Lagos coram Hon. Justice Dimgba upheld the validity of Section 6 (a)(iv) of the Central Bank of Nigeria (Customer Due Diligence) Regulations 2023, in this case wherein it considered some of the issues which have been highlighted above.
The suit which was instituted by way of an Originating Motion primarily sought a declaration of the Court to the effect that Section 6 (iv) of the Central Bank of Nigeria (Customer Due Diligence) Regulations 2023 is unconstitutional, undemocratic, null and void to the extent of its inconsistencies with section 37 of the Constitution of the Federal Republic of Nigeria and an order of perpetual injunction restraining the Respondent from enforcing Section 6 (a) (iv) of the Central Bank of Nigeria (Customer Due Diligence) Regulations, 2023 which requires financial institutions to request customers social media handles as part of their Know-Your-Customer requirements. The reliefs sought were anchored on a two-pronged premise that privacy in the context of section 37 of the Constitution extends beyond the protection of family affairs and private correspondences to freedom from unlawful intrusion into personal matters. It was also alleged by the Applicant therein that the directive is in breach of the Nigeria Data Protection Act, 2023.
OPINION OF THE COURT ON THE NOTICE OF PRELIMINARY OBJECTION
Sustaining the Notice of Preliminary Objection, the Court relied on NDIC v. CBN to hold that unless there is a clear allegation of bad faith by a complaining litigant on the part of the CBN in the execution of its duties, an action against it cannot be sustained. The Court agreed with the contention that the suit was incompetent on the basis that the Applicant had failed to establish prima facie bad faith on the part of the CBN in its issuance of the CBN (CDD) Regulations, 2023 which includes Regulation 6 (a) (iv) by virtue of section 52 of the Central Bank of Nigeria Act, 2007.
The Court went on further to hold that the requirement to provide a social media handle during documentation processes appears to serve the objectives of the Regulation as adumbrated in Part 1, Section 1 of the Regulations.
OPINION OF THE COURT ON THE MERITS
In regarding the claim of the Applicant that the requirement of FIs to request and collect the social media handles of their customers as part of their KYC process infringes on his right to privacy, the Court held that the claim was ambitious, speculative and amounted to a far throw since the Regulations are directed to and apply to FIs and not private individuals.
The Court pointed out that even if it could be argued that the provisions of the Regulations could potentially and inevitably affect the Applicant, the Applicant had failed to provide supporting affidavit evidence demonstrating that the Applicant operates an account with a financial institution and that the said institution had demanded for his social media accounts.
Working with the assumption that banks had begun to implement the Regulations, the Court held that even if the Applicant had demonstrated that he holds an account with a financial institution and was being hindered or irritated by the requirement to provide his social media accounts as part of their KYC process, the Applicant still had a choice to refuse to do business with any bank insisting on the information.
In its final assessments, the Court stated that it did not consider the requirement for customers’ social media accounts by FIs an infringement of customers’ right to privacy as guaranteed under section 37 of the Constitution. The Court went on further to classify the requirement of a social media handle as serving the purpose of being an additional means through which a customer may be contacted just like email addresses, phone numbers and other means by which the customer can be contacted.
Conclusively, the court opined that given that the essence of social media presence is the promotion of publicity, it appears ironic and counter-intuitive that suggestions exist to the effect that the demand by FIs for information on social media handles with which an individual exposes and immerses himself or herself in the public pool of social interactions amounts to a violation of privacy rights, which right itself contemplates or is all about the isolation of a person from public glare.
CONCLUSION
In view of the reality of the growing misuse of social media as a tool for the perpetration of financial crimes and acts of terrorism by criminals and terrorists, it is advised that concerned stakeholders adopt a dispassionate approach while considering the propriety or otherwise of the customer due diligence measures being put in place by the government to counter money laundering, terrorism financing and the proliferation of weapons of mass destruction in order to achieve the most favourable outcomes.
As suggested by the Court, a customers’ social media handles could be regarded as a basic requirement just as other required data through which a customer may be contacted, which all data processors are obligated to protect, secure and use prudently in accordance with the law and no more. Conversely, the CBN as an industry regulator along with FIs are urged to refrain from misusing the Regulation as a leeway to unduly interfere with bank customers’ information or infringe upon their right to privacy.
Conclusively, it is generally agreed that the concerns as to whether effective measures have been put in place to ensure that FIs indeed comply with data protection laws or are sanctioned where they are found to have breached customers’ privacy rights are valid and should be looked into.
Click to read the full article
The issue of reasonable remuneration for legal services has been one of consistent controversy and debate. It is of significant concern as legal practitioners invest substantial time, effort, and skill into rendering services which are not adequately remunerated.
2024-01-19
In the last few years, Nigeria has experienced a rapid shift in technological growth and advancement impacting the country’s economy positively through unprecedented investment in the sector. According to the Nigerian Startup Ecosystem Report 2022, it was reported that Nigeria is Africa’s most popular investment destination, the report also revealed that between 2015 and 2022, 383 Nigerian tech Startups raised a total of $2Billion, higher than any other country.
2023-02-16