By Matthew Denis Abuja
Findings show that fraud attacks on deposit money banks increased year on year. Athough the actual monetary loss dropped in 2019 as against 2018. Technology mediated transactions such as the use of automated teller machine and internet-based transactions experienced the most fraud. In relation to the role of insiders, all cadres of staff were involved in the fraud but majority of those involved were temporary staff.
Arising from this perspective, it is usually suggested by the Nigerian Deposit Insurance Corporation (NDIC) that banks should continue to strengthen security system and governance structures. Employing temporary staff should be phased out while online and offline vigilance should be mounted. The NDIC plays a vital role in ensuring that the deposits of customers and organisations are secured during emergency or collapses of such financial institution being it a commercial or microfinance bank.
Records from the Nigerian Communication Commission (NCC) show that the country has the largest internet users and mobile telecommunication subscribers in Africa, considering our population.
The data released by NCC in 2018 indicates that Nigeria had over 100 million internet subscribers and over 150 million mobile telecommunications subscribers. However, the increasing internet penetration and telecommunications access in Nigeria has had implications on the rise of cybercrime in the country.
In particular, there has been a growing trend in the perpetration of cybercrime such as phishing, electronic card fraud, Automated Teller Machine scams, hacking, malware attacks, identity theft, denial of service attacks and Business E-mail Compromise fraud.
A report by a non-governmental organization, Paradigm Initiative Nigeria, estimates that the annual and potential cost of cybercrime to the Nigerian economy is over 13 billion US dollars. One sector that has been affected by the growing trend of cybercrime in Nigeria is the banking and financial services sector. In this regard, both banking and financial institutions as well as their customers have repeatedly been targets of cybercrime activities.
Despite this development, however, the Nigerian government appeared slow in providing an elaborate legal response that will ensure the protection of consumers. Finally, in 2015, the Cybercrimes (Prohibition and Prevention) Act was enacted to criminalize cybercrime and provide for the protection of critical information infrastructure. The Act also introduced a range of provisions aimed at protecting the users of electronic banking and payment services from cybercrime. This paper seeks to examine these consumer protection provisions with a view to assessing the extent to which they can effectively protect consumers in the Nigerian banking and financial sector from cybercrime. The paper observes that the Act’s consumer protection regime is not adequate as some of its provisions, such as section 19(3), do not place sufficient obligations on banks to safeguard the personal banking information of their customers. It also identifies the absence of a liability regime on unauthorized payment transactions where a consumer’s electronic banking or payment information is compromised.
Additionally, the article highlights comparative examples of legal regimes that protect consumers of electronic banking and payment services in technologically advanced jurisdictions such as the European Union and the United States, with a view to identifying lessons that could be adopted in order to strengthen the consumer protection regime under the Cybercrimes Act. To this end, some tentative reform proposals to the Act are put forward.
The Nigerian Consumer Protection Council Act defines a ‘consumer’ as “an individual who purchases, uses, maintains or disposes of product or services.”Thus, in generic terms, a ‘consumer’ refers to an ‘end-user’ of goods or services. In the banking and financial services context, a ‘consumer’ or ‘customer’ would then mean any person who subscribes to or uses the services of a banking or financial institution. Such services may include deposit, savings, credit, debit, money transfer, or electronic banking and payment services.
‘Consumer protection’ refers to the “act of safeguarding the interests of the consumer in matters relating to the supply of goods and services.”
Accordingly, the concept of consumer protection is generally used to classify measures that seek to ensure that consumers are fairly treated and that their rights are protected in commercial transactions that involve the supply of goods or services. The basic rights of a consumer include:
The right to safety: This requires that consumers are to be safeguarded against goods or services that are defective or risk prone;
The right to information: This implies that consumers are to be informed adequately with respect to the accurate price, as well as the quality, or quantity of goods or services;
The right to choice: This implies that consumers are to be provided with a wide variety of goods or services to choose from;
The right to be heard: This entitles consumers to make complaints and receive a response from the suppliers of goods or services;
The right to seek redress: This implies that consumers are entitled to seek redress for their complaints in complaint resolution forums;
The right to consumer education: this requires that consumers are to be educated about their rights, as well as the products or services they wish to purchase; and,
The right to compensation: This implies that a consumer should be compensated appropriately by a supplier when a product or service is found to be defective.
The Nigerian banking and financial services sector comprises twenty two major commercial deposit money banks as well as special investment banks and community banks, and non-bank financial institutions. The sector is regulated by government institutions including the Central Bank of Nigeria (CBN) and the Nigeria Deposit Insurance Corporation (NDIC). In particular, the CBN is responsible for regulating and supervising the commercial activities of banks and financial institutions and also has a consumer protection unit that manages complaints made by consumers against banks and financial institutions, while the NDIC is responsible for insuring the deposit liabilities of Nigerian banks and supervising insured banks. Aside from the CBN and the NDIC, other government agencies such as the Economic and Financial Crimes Commission (EFCC) and the Consumer Protection Council (CPC) have mandates that apply in the banking and financial sector. For example, the EFCC can investigate financial crimes such as cybercrime in the banking and financial sector, while the CPC can take measures to protect consumers in the sector. Thus, in light of the above regulatory landscape of the Nigerian banking and financial sector, it can be discerned that there are multiple government institutions and agencies whose powers and regulatory mandates apply in different aspects of the sector.
In 2018, estimates from the CBN indicated a relatively low patronage of banking and financial services in Nigeria, with only about 53 percent of Nigeria’s adult population utilizing banking and financial services, while about 37 percent of the country’s adult population are unbanked. This low patronage has been traced to factors such as stringent account opening requirements and procedures, concerns over poor services, the absence of banks and financial institutions in rural areas, low levels of financial literacy, and cultural norms.
However, for over a decade, the CBN has been taking steps to increase the population of Nigerians that make use of banking and financial services by implementing policies that promote financial inclusion. For example, in 2003, the CBN began to modernize the payment services system by granting approvals to some commercial banks to introduce electronic banking services such as electronic funds transfer services, debit and credit cards, internet banking, mobile banking and Automated Teller Machines (ATM). In 2007, the CBN launched the Payments System Vision 2020 to promote a wider range of electronic payment services such as Point of Sale (PoS) Terminals. In 2011, the CBN also issued the Industry Policy on Retail Cash Collection and Lodgment (IITP/C/001), also known as the Cashless Policy. The policy aims to enhance the development of a cashless economy in Nigeria by reducing the high usage of cash for financial transactions and promoting the use of electronic payment channels as well as the financial inclusion of persons that do not utilize formal banking channels.
Following the implementation of the cashless policy, the volume of transactions via electronic banking and payment channels has increased by over 100 percent. Reports from Nigeria’s National Bureau of Statistics indicate that there is an increasing adoption of electronic banking and payment services by consumers, including ATM and PoS terminals. However, the overall acceptance of these technologies among Nigerian consumers is still relatively low. For example, a survey conducted by the National Bureau of Statistics found that despite a high ownership of debit cards, only 3.1 percent of consumers preferred to use card/PoS terminals for the payment of goods and services.
The Nigerian Cybercrimes Act generally criminalizes several forms of cybercrime that affect the banking and financial sector. For example, the Act criminalizes computer related forgery; computer related fraud; the transmission of electronic mails with intent to defraud; unlawful diversion of banking and financial electronic mails with intent to defraud; unauthorized modification of computer data; unauthorized hindering of computer systems; insider collusion to perpetrate fraud on bank customers; and, the theft of payment terminals or electronic devices such as ATM and PoS terminals. In addition to the above, the Act establishes specific provisions that aim to protect consumers of banking and financial services. Those specific provisions will be discussed below.
The CBN/NDIC during bank supervision and examination focus on the main aspects of banking operations. These include capital requirement, loan concentration, liquidity ratio, provisioning, internal control and management among others. Good internal control is very essential in order to minimize fraud and other malpractices which can lead to loss of assets. It also helps in ensuring compliance with laid down rules and regulations on banking business by the operators. These reasons explain why bank examiners focus on the internal control systems of banks.
Under the leadership of the Managing Director of NDIC, Alhaji Bello Hassan, a highly disciplined, humble and sociable professional. He steered the affairs of the NDIC through good times and also through serious economic crises and uncertainties, as could be attested to by available records. Through his innovation, rich experience, technocratic background, and through effective collaboration with other regulatory institutions and agencies of the government, the NDIC under his leadership has, throughout these years, stood tall amongst its peers on continental and global stages. The Payout had been applied to 35 out of 49 failed banks. The option involves the winding-up of a failed bank and payment of the insured deposits up to the insurable limit to its depositors. Depositors with uninsured funds and other general creditors of the failed bank do not receive either immediate or full reimbursement, instead they are issued Liquidator’s Certificates.
The certificate entitles its holder to a portion of the dividend declared by the Liquidator from the failed bank’s assets. Other claimants of the failed bank such as other creditors and even shareholders receive their portion of the dividend declared by the Liquidator from the failed bank’s assets after all depositors had been fully paid. Given that all the failed banks’ licenses had been revoked before the new NDIC 2006 Act, the deposit insurance coverage level applicable to the insured depositors was N50,000.00 per depositor per failed bank. The applicable coverage limit had since 2006 been increased to N200,000.00 per depositor per insured failed institution for the universal banks while it became N100,000.00 per depositor per insured primary mortgage institution (PMI) or microfinance bank (MFB) in order to ensure the adequacy of the coverage levels. In that respect, as at December 31,2010, the Corporation had paid a total of N7.597 billion insured deposits to insured depositors of the bank-in-liquidation.
It is on record that NDIC conducted 148 routine risk-based supervisions of DMBS and 150 risk assets assessments from 2014 – 2019. Similarly, the Corporation conducted 250 special investigations arising from petitions and complaints from stakeholders mainly in respect of excessive interest charges, breach of trust, unlawful conversion of deposits, etc. Through such investigations, the NDIC was able to send a strong signal to bank operators against unethical banking practices. It also examined 1,398 MFBS and 46 PMBS from 2014–2019 which revealed weaknesses in the subsectors.
These proactive measures give credence to the sector-wide held view among the regulated and keen observers alike that “fearing NDIC is the beginning of wisdom” as, under Hassan’s leadership, NDIC could go to any length professionally and legally possible in discharging its constitutional mandate of protecting depositors and stabilizing the financial system of the nation without fear or favour.
Several Financial Experts cross boards have lauded the stringent supervision of NDIC in protecting the savings of customers with commercial banks from mischievous people with fraudulent desire.