CBN issues regulatory framework for non-bank merchant]

The Central Bank of Nigeria (CBN) has issued a regulatory framework for a risk-free operation of non-bank merchant acquiring in the country.

The guideline, released yesterday and signed by the Director, Payments System Management Department, Musa Jimoh, said the document was part of its mandate to facilitate a sound electronic payment system.

The framework covers the rights and obligations of the parties involved in the non-bank merchant acquiring process, minimum operational standards and responsibilities of the regulator, among others.

Those involved in the value chain, according to the CBN, are non-bank acquirer, settlement bank/sponsor bank, merchant’s deposit money bank, card schemes, other payment schemes and the Nigeria Central Switch (NCS).

Acquirers refer to payment processors in the card transaction chain. They authorise transactions and route them to the appropriate card networks.

The regulatory framework followed an exposure draft released earlier by the regulatory authority in furtherance of the development of the payment system in the country.

The CBN said in the new document that only licensed switching and processing companies, besides acquiring banks, shall be allowed to process and settle transactions on behalf of merchants in Nigeria.

“The Bank shall approve non-bank acquirers as it deems necessary from time to time,” it said.

On risk mitigation, the document said non-bank acquirers would be required to have in place adequate policies for the management of risks associated with the acquiring services just as “necessary agreements shall be executed with parties to the acquiring services.”

“The non-bank acquirer shall have and implement policies that include minimum standards established by the payments schemes (including card schemes) to mitigate risk to the payment system.

The policies shall be approved by the acquirer’s board of directors or as appropriate, an executive management committee. Upon request, these policies shall be made available to relevant schemes,” the CBN added.

A non-bank acquirer, according to the guideline, shall also maintain minimum standards in accordance with the guidelines on electronic payment channels in Nigeria and risk controls to monitor merchant activity.

“Participants shall develop and provide an appropriate governance structure, to manage the risk inherent in the acquiring service. There shall be documented and approved policies in place, which support the risk management function and highlight the acquiring programme strategy, including targeted merchant segments, various entities/agents involved, their responsibilities, likely risks and mitigation procedures.

“Non-Bank Acquirers shall comply with all applicable security standards and shall ensure all merchants who store, transmit and use sensitive card data are payment card industry and PCI DSS-certified.”

An acquirer is also mandated to ensure compliance with the respective payment scheme rules while protecting stakeholders, including merchants, consumers, schemes and participants. As part of proactive measures to reduce risk, acquirers would have a fraud monitoring/behavioural management solution in place.