The regulatory frameworks are contained in two separate documents issued by the apex banks. The documents are created to address challenges in regulatory sandbox and quick response (QR) code payment operations in the country.
“In furtherance of its mandates to, ensure the safety and stability of the Nigerian financial system, promote the use and adoption of electronic payments and foster innovation in the payments system, the Central Bank of Nigeria hereby issues the framework for QR code payments in Nigeria,” the CBN said in one of the documents that detailed the operational relationships among issuers, acquirers, merchants, other financial service providers and customers.
In the document, the Bank spelt out risk management issues and the reporting processes while allocating responsibilities to relevant participants in the value chain, warning that it “shall apply appropriate sanctions to any party that fails to comply accordingly”.
It stated: “Issuers and acquirers shall agree to minimum due diligence guidance for merchant onboarding without prejudice to know your customers/anti-money laundering (KYC/AML) requirements of the Bank… Issuers and acquirers shall ensure behavioural monitoring and fraud management systems are implemented to prevent, detect and mitigate fraud and money laundering.
“Issuers shall provide quarterly risk management assessment reports to the Director, Payments System Management Department. The risk management assessment report shall include, among others, fraud reports, vulnerabilities assessment and risk-mitigating measures introduced.”
According to the CBN, participants shall ensure full interoperability of QR code scheme in Nigeria and work towards achieving its seamless operation.
The regulator left the determination of transaction limit to issuers alongside customers. It, however, directed that the threshold should be set based on the outcome of a customer’s risk profile assessment.
Merchants are mandated by the regulatory framework to cooperate with acquiring banks or other participants, as the case may be, to investigate reported fraudulent cases. They are also expected to report all suspicious transactions to acquirers for necessary actions.
“QR code payments in Nigeria shall be based on the EMV® QR Code Specification for Payment Systems. The Bank may also approve the implementation of any other QR Code Standard provided it meets the prescribed security requirements within the framework, demonstrates interoperability with other existing implementation in the industry and/or cost benefits to end-users (merchants and customers),” the apex bank said.
QR code is a type of barcode that could be read by a digital device and which is used for financial transactions. QR code merchant payment is a growing innovation in the payment system. On the other hand, a regulatory sandbox is a formal process where firms conduct live tests of new, innovative products, services, delivery channels or business models in a controlled environment. Regulatory oversight, subject to appropriate conditions and safeguards, is an essential component of the process.
The CBN said: “This framework, therefore, defines the establishment, rules and operations of a regulatory sandbox for the Nigerian payment system to promote effective competition, embrace new technology, encourage financial Inclusion and improve customer experience, with a view to engendering public confidence in the financial system.”
It listed the objectives of the guidelines thus: increasing the potential for innovative business models that advance financial inclusion, reducing time-to-market for innovative products, services, increasing competition, widening consumers’ choice and lower costs and ensuring appropriate consumer protection safeguards in innovative products.
Other objectives are to define the roles and responsibilities of stakeholders and the operations of the sandbox for the Nigerian payments system, to ensure adequate provisions in regulations to create an enabling environment for innovation without compromising on safety for consumers and the overall payments system and to provide an avenue for regulatory engagement with financial technology firms in the payment space.
To participate in the regulator sandbox, products are expected to improve accessibility, enhance the efficiency and effectiveness of financial institution risk management and address gaps or open up new opportunities for financial benefits.
“An applicant shall identify the potential risks to financial institutions and financial consumers that may arise from the testing of the product, service or solution in the sandbox and propose appropriate safeguards to address the identified risks,” the CBN stated.