2024 saw significant changes in Nigeria’s legal and regulatory landscape, with notable developments across various sectors including financial services, oil and gas, energy, transportation, etc.  Significant judicial decisions were also delivered by the courts which shaped the tax and gaming landscapes in Nigeria. This recap is divided into four parts representing the four quarters of the year, highlighting what we think are the most impactful laws and regulations, reforms, and judicial decisions in 2024.

1^st Quarter (January – March 2024)

Forex policy reforms were implemented by the Central Bank of Nigeria (CBN) with the aim of stabilizing the Naira, fostering economic growth and the provision of agricultural funding to support food production. Financial policy and regulations were revised by the CBN to ensure the financial industry players operate within a well-regulated environment ensuring the integrity of the financial services sector.

• On 5 January 2024, the Supreme Court of Nigeria delivered a judgment in the case of National Inland Waterways Authority (NIWA) v. The Lagos State Waterways Authority (LASWA). The Supreme Court reaffirmed the power of the Federal Government through the National Inland Waterways Authority (NIWA) to control the activities on the country’s waterways. The decision of the court settled the dispute between NIWA and Lagos State over the appropriate party with regulatory rights over the country’s waterways with the decision of the court in favour of NIWA.
• On 18 January 2024, the National Agency for Food and Drug Administration and Control (NAFDAC) launched the Narcotic Drugs Serialisation Pilot Project, in a bid to strengthen the quality and security of medical products in the country’s drug distribution network. NAFDAC disclosed that the initiative was aimed at combatting the proliferation of substandard and falsified medicines by implementing a traceability system, addressing challenges posed by unscrupulous elements in the pharmaceutical supply chain.
• On 29 January 2024, the CBN issued the Financial Market Price Transparency circular requiring all Authorized Dealers that the CBN has permitted financial markets transactions to be conducted on a ‘’willing buyer will seller’’ basis and therefore expects prices to be quoted and displayed in a transparent manner.
• On 31 January 2024, the CBN issued the Reviewed Guidelines on International Money Transfer Services in Nigeria. The Guidelines stipulate the regulatory requirements that must be met to process and obtain license to provide international money transfer services in Nigeria. The Guidelines revised upward the application fees, capital requirements, etc.
• On 31 January 2024, the CBN issued the Harmonising of Reporting Requirements on Foreign Currency Exposure of Banks to address the growth in foreign currency exposures of banks through their Net Open Position (NOP). Therefore, to ensure the risks are well managed and avoid losses, the CBN issued the guidelines to address it.
• On 2 February 2024, the CBN issued the Cash Reserve Requirement Framework Implementation Guidelines which stated the implementation of a significant policy change by revising the Cash Reserve Ratio (CRR) framework. This update included a reduction in the Loan-to-Deposit Ratio (LDR) compliance requirement from 65% to 50%, aiming to address lending shortfalls among deposit money banks. The revised framework requires banks falling short of this new LDR threshold to allocate 50% of the shortfall as part of their CRR with the CBN.
• On 27 March 2024, the Nigerian president issued a directive titled Implementation of a Single-Digit Tax System which aims to streamline Nigeria’s tax structure by reducing the number of taxes to a maximum of nine. This initiative seeks to simplify the tax code, alleviate the tax burden, and foster a more business-friendly environment. The directive will take effect following the completion of the Presidential Committee on Fiscal Policy and Tax Reforms’ work.
• On 28 March 2024 the CBN issued the Review of Minimum Capital Requirements for Commercial, Merchants and Non-Interest Banks in Nigeria which stipulated new minimum capital requirements for banks. It sets the minimum capital base for commercial banks with international authorisation at N500 billion. The minimum capital base for commercial banks with national authorisation is now N200 billion, while the requirement for those with regional authorisation is N50 billion. Merchant banks are required to have a minimum capital base of N50 billion, while non-interest banks with national and regional authorisations must meet minimum requirements of N20 billion and N10 billion, respectively. All banks are required to meet these requirements within 24 months starting from 1 April 2024 and ending on 31 March 2026.

2^nd Quarter (April – June 2024)

The second quarter saw the enactment of laws and the issuance and revision of key financial regulations by the CBN. The Student Loans Access to Higher Education (Repeal and Re-enactment) Bill, 2024 was enacted. The Cybersecurity levy was set for implementation by the CBN but was eventually suspended due to public outcry over the announcement and the proposed implementation of the levy. The electricity market is also gradually being deregulated by states with some states receiving the approval of the NERC to regulate electricity market within their respective states.

• On 3 April 2024, the Nigerian president signed the Student Loans Access to Higher Education (Repeal and Re-enactment) Bill, 2024 into law. This revised legislation aims to provide financial assistance to indigent Nigerian students by offering interest-free loans through the Nigerian Education Loan Fund. The law is intended to promote accessible higher education and functional skill development for students across the country.
• On 22^nd April 2024, the Federal Government launched a ₦200 billion Intervention Fund Aimed at Supporting Micro, Small, and Medium Enterprises (MSMEs) and Manufacturers. This initiative, introduced by the Bank of Industry, is designed to stimulate local production, reduce import dependency, and enhance Nigeria’s industrial growth. Eligible businesses can access loans under favourable terms, including single-digit interest rates and flexible repayment conditions, to improve capacity, expand operations, and create jobs.
• On 2 May 2024, the Federal Inland Revenue Service (FIRS) issued a directive titled Implementation of Stamp Duty on Mortgage-Backed Loans and Bonds. The Nigerian government directed banks to deduct stamp duty charges on mortgages. This directive is aimed at improving revenue generation from the stamp duty on financial transactions. The charge is applicable to all mortgage transactions and is expected to support government revenue collection. It introduced a 0.375% stamp duty on mortgage-backed bonds. This charge applies to various types of mortgage and legal instruments as specified under the Stamp Duties Act (SDA).
• On 6 May 2024, the CBN issued the Cybercrimes (Prohibition, Prevention, etc) (Amendment) Act 2024 – Implementation Guidance on the Collection and Remittance of the National Cybersecurity Levy. The Guidance required the deduction of 0.5% cybersecurity levy on all electronic transactions. The Guidance exempted certain transactions including loan disbursements and repayment, salary payments, letters of credits, cheques clearing and settlement, etc. The implementation of the Guidance has now been temporarily suspended following protests by the public
• On 7 May 2024, the Corporate Affairs Commission (CAC) issued a public notice titled CAC and Fintech Operators which mandated all Point of Sale (POS) operators in Nigeria to complete their business registration with the CAC by 7 July 2024 which was eventually extended by 60 days to 5 September 2024. This directive by the CAC aligned with the Companies and Allied Matters Act (CAMA) 2020 and the Central Bank of Nigeria’s (CBN) agent banking guidelines which aim to safeguard the operations of FinTechs, improve accountability, and strengthen the economy.
• On 22 May 2024, the CBN issued the Revised Regulatory and Supervisory Guidelines for Bureau De Change Operations in Nigeria. The Guidelines required existing Bureau De Change (BDC) operators to re-apply for a new license in accordance with any of the license categories and meet the minimum capital requirements within six months. New applicants are also required to comply with the Guidelines which supersedes the Revised Operational Guidelines for Bureau De Change in Nigeria dated November 2015. It also categorizes BDC license into tier 1 with permission to operate in any state and tier 2 with permission to operate in only one state.
• On 14 June 2024, the SEC issued a circular titled Implementation of Enterprise Risk Management, it provides that all Capital Market Operators (CMOs) are required to implement an Enterprise Risk Management (ERM) framework that conforms to international standards such as the Committee of Sponsoring Organizations of the Treadway Commission (COSO), the International Organization for Standardization (ISO 31000), Financial Action Task Force (FATF) Recommendations and any other internationally recognized risk management standards. The adoption of comprehensive risk management practices is important in minimizing systemic impact and safeguarding the interests of all stakeholders.
• On 24 June 2024, The Securities and Exchange Commission released a circular titled Revamped E-Dividend Mandate Management System Portal which launched the revamped e-Dividend Mandate Management System (e-DMMS) Portal. This is noted to be an important step towards curbing the growth of unclaimed dividend and generally improving investor experience in the Nigerian Capital market. The revamped e-DMMS Portal introduces a “self-service interface” that allows investors apply to mandate their accounts for e-dividend virtually, without having to visit a Registrar or a Bank.
• On 28 June 2024, the Nigerian president signed an executive order eliminating tariffs, excise duties, and VAT on imported pharmaceutical inputs. This is part of a broader initiative to support local drug manufacturers and improve the availability of essential medicines in Nigeria. The executive order is intended to make local pharmaceutical producers more competitive by reducing costs, thereby ensuring more affordable healthcare for Nigerians.

3^rd Quarter (July – September 2024)

The third quarter of 2024 saw a lot of regulatory activities by regulators in Nigeria. The CBN, SEC and NCC were all very active as they issued regulations and initiated reforms applicable to operators in the various sectors which they regulate.  The Federal Government introduced the Deduction of Tax at Source Regulations 2024, aligning with the National Tax Policy and exempting certain sectors like telecommunications. Significant judicial decisions were also handed down as in the case of the Federal High Court allowing companies to have single shareholder regardless of the incorporation date.

• On July 2024, some states including Imo, Enugu, Ekiti, and Ondo received the approval of the Nigerian Electricity Regulatory Commission (NERC) to regulate their electricity markets in line with the provisions of the Electricity Act, 2023. This allows the states to oversee power generation, transmission, and distribution within their jurisdictions, marking a significant step towards decentralizing electricity regulation in Nigeria.
• On 11 July 2024, the Supreme Court of Nigeria delivered judgment in the case between the Attorney General of the Federation v. Attorney General of Abia State & 35 Others. This landmark decision reinforced the financial autonomy of local governments, declaring it unconstitutional for state governors to withhold funds allocated to local governments, dissolve local government councils, or appoint caretaker committees. The court mandated that funds meant for local governments be paid directly into their accounts, ensuring their independence and strengthening democratic governance at the grassroots level.
• On 19 July 2024, the CBN issued the Guidelines on Management of Dormant Accounts, Unclaimed Balances and Other Financial Assets in Banks and Other Financial Institutions in Nigeria. The Guidelines revised the 2015 guidelines on the subject matter. The Guidelines aim to reunite beneficial owners with unclaimed balances and financial assets, holding funds in trust for beneficial owners, etc. It also states the roles of key stakeholders including the CBN, Nigeria Deposit Insurance Commission (NDIC), financial institutions, account owners and beneficial owners, etc.
• The Nigerian Communications (Consumer Code of Practice) Regulations, 2024 with a commencement date of 29 July 2024 was issued by the Nigerian Communications Commission (NCC). The Regulations aim to prescribe the procedures to be followed by licensees in determining the contents and features of a consumer code of practice and preparing same for approval.
• The NCC issued the Nigerian Communications (Type Approval) Regulations, 2024 with a commencement date of 29 July 2024. The regulations apply to every person providing communication services, manufactures or supplies communications equipment. It also prescribes the processes for the type of approval of communications equipment and identify applicable technical standards while ensuring that communications equipment used in communications networks are safe and do not compromise national security.
• On 29 July 2024, the Nigerian president signed the National Minimum Wage Act 2019 (Amendment) Bill into law, raising Nigeria’s national minimum wage from ₦30,000 to ₦70,000 per month, following extensive negotiations between the Federal Government, labour unions, and the private sector.
• On 30 July 2024, the Federal High Court ruled in Primetech Design and Engineering Nigeria Limited v. The Corporate Affairs Commission (CAC) in favour of allowing all private companies in Nigeria regardless of their incorporation date, to have a single shareholder under the Companies and Allied Matters Act 2020 (CAMA 2020). This decision clarifies that section 18(2) of CAMA 2020 applies universally to both new and older private companies. Previously, there was uncertainty about whether this provision applied only to companies incorporated before the enactment of CAMA 2020. The ruling is significant as it removes restrictions on private companies transitioning to a single shareholder structure without the risk of being wound up by the regulator, offering greater flexibility for business growth.
• On 2 September 2024, the Nigerian Investment Promotion Commission (NIPC) the Revised Service Fee Schedule for Business Registration and Pioneer Status Incentives (PSI) Applications. This increased the fees for applying for business registration and obtaining pioneer status incentives, conducting due diligence, introduced an annual business registration renewal fee, etc.
• On 3 September 2024, the Securities and Exchange Commission (SEC) introduced an electronic filing system to improve the efficiency of the Nigerian capital market. This system aims to reduce listing time for securities and enhance liquidity, enabling quicker access to capital for companies. This is expected to streamline approvals, increase transparency, boost investors’ confidence, and ultimately contributing to the growth of the Nigerian economy.
• On 30 September 2024, the Federal Government introduced the Deduction of Tax at Source (Withholding) Regulations, 2024 which was published in the official gazette and followed by a public notice issued by the FIRS on 2^nd October 2024. These regulations, set to take effect on 1 January 2025 exempt items such as telephone charges, internet data, airline tickets, and out-of-pocket supplier expenses from withholding tax, aligning with the National Tax Policy.

4^th Quarter (October – December 2024)

The final quarter of 2024 witnessed a series of landmark judicial decisions, regulatory developments, and advancements in Nigeria’s economic and financial landscape. Landmark court decisions signalling a shift toward greater accountability and adherence to the rule of law. Regulatory agencies introduced policies aimed at fostering transparency. These developments collectively highlight Nigeria’s strides toward modernization, sustainable growth, and global competitiveness.

• On 2^nd October 2024, the Federal High Court sitting in Abuja ruled in the case between Abubakar Marshal v. Vehicle Inspection Officers (VIO) that VIOs lack statutory authority to stop private vehicles, demand roadworthiness certificates, impound vehicles, or impose fines on motorists. The court clarified that the requirement for roadworthiness certificates applies exclusively to commercial vehicles under existing laws. The court described the actions of the VIOs, including the imposition of fines and confiscation of private vehicles as oppressive, unlawful, and without legal foundation.
• Value Added Tax Modification Order 2024 and Notice of Tax Incentives for Deep Offshore Oil & Gas Production in accordance with the Oil & Gas Companies (Tax Incentives, Exemption, Remission, etc.) Order 2024 were issued by the Federal Government. The VAT Modification Order 2024 exempts energy products including diesel, LPG, CNG and clean energy infrastructures from VAT while the Notice of Tax Incentives introduces new tax reliefs to attract investments into Nigeria’s deep offshore Oil & Gas projects.
• On 3 October 2024, the Federal Inland Revenue Service (FIRS) issued a public notice notifying taxpayers that The Deduction of Tax at Source Withholding (WHT) Regulations, 2024 would take effect from 1^st January 2025 ending the current withholding tax regime contained in the Companies Income Tax Act.
• The FIRS launched an Unstructured Supplementary Service Data (USSD) Code on 9 October 2024 for the purpose of improving taxpayers’ satisfaction. The USSD enables taxpayers to retrieve their Taxpayers Identification Number (TIN) verify Tax Clearance Certificate (TCC), etc.
• On 7 October 2024, the Federal High Court, Lagos struck out the suit commenced by the Manufacturers Association of Nigeria (MAN) v. National Electricity Regulatory Commission (NERC) & 11 Others which challenged the implementation of electricity tariff review on the grounds of the suit being an abuse of court process having not being commenced in accordance with due process and no disclosure of reasonable cause of action.
• In October 2024, Moniepoint, a Nigerian FinTech startup became a unicorn by getting a $1 billion valuation after raising $110 million in Series C funding which highlights the rapid growth and importance of FinTech payment providers in Nigeria.
• In November 2024, the Federal Government announced its plan to establish a national data bank to serve as a centralized platform for the collection, analysis and dissemination of transport-related data for the purpose of informed decision-making and policy formulation.
• On 15 November 2024, the Supreme Court of Nigeria declined to declare the Economic and Financial Crimes Commission (EFCC), Nigerian Financial Intelligence Unit (NFIU) and Independent Corrupt Practices and Other related offences Commission (ICPC) as illegal and unconstitutional in the suit between Attorney General of Kogi State & 18 Ors v. Attorney General of Federation suit No: SC/CV/178/2023).
• On 22 November 2024, the Supreme Court of Nigeria in the case between Lagos State Government & Ors v. Attorney General of Federation & Anor suit No SC/1/2008 nullified the National Lottery Act, 2005 and limited its application to only the Federal Capital Territory (FCT). The National Lottery Act, before the decision of the Supreme Court, applied in the entire country to sports betting and lottery licensing.
• On 29 November 2024, the Central Bank of Nigeria (CBN) released Revised Guidelines for The Nigerian Foreign Exchange Market (NFEM), marking a significant overhaul of the country’s FX operations. The new framework consolidates all FX windows, redefines the roles of market participants, and introduces stricter compliance and transparency measures. Key provisions address the roles of Authorized Dealers, Bureaux de Change (BDCs), pricing mechanisms, interbank trading, compliance, and reporting standards. The guidelines mandates that all BDC transactions comply with licensing terms and be reported in real time. Furthermore, all FX transactions must now be priced through the Electronic Foreign Exchange Matching System (EFEMS), a centralized platform that also publishes daily FX rates for public access, underscoring a strong emphasis on pricing transparency and rigorous reporting requirements.
• On 3 December 2024, the Lagos State Governor signed the Lagos Electricity Bill 2024 into law, marking a significant step toward energy independence for Lagos State. This legislation establishes the Lagos State Electricity Regulatory Commission to oversee the electricity market, regulate power generation, and set tariffs. It also created the Lagos State Electrification Agency to promote off-grid solutions and enhance electricity access in underserved areas. Additionally, the bill introduces the Lagos Electrification Fund to finance the state’s grid expansion and off-grid projects with a focus on renewable energy, energy efficiency, and decarbonization.
• On 11 December 2024, the Central Bank of Nigeria (CBN) imposed a fine of ₦1 billion each on Moniepoint and OPay for regulatory non-compliance. These penalties were part of the CBN’s routine audits of the activities of FinTechs which identified compliance issues within these companies. The fines underscore the CBN’s commitment to enforcing strict regulatory standards in Nigeria’s rapidly expanding digital financial services industry. On 16 December 2024, the Federal Competition and Consumer Protection Commission (FCCPC) rejected Coca-Cola Nigeria Limited’s appeal against a N186 million fine. The fine was imposed due to deceptive branding practices, including misleading product descriptions and unfair marketing tactics. The FCCPC’s decision underscores its commitment to protecting consumers and ensuring fair and honest practices in the Nigerian market.
• On 16 December 2024, the Securities and Exchange Commission published the Re-exposure of Amendments to Rules on Digital Assets Issuance, Offering Platforms, Exchange and Custody. The proposed amendment is to extend the rules to cover new virtual assets activities and business models such as cross chain transfer services, on/off-chain transmission orders, advisory on virtual assets investment, placing and distribution of virtual assets, etc.

Conclusion

2024 has been a year of significant changes and reforms in Nigeria’s legal and regulatory landscape. The government introduced impactful rules and regulations including policy changes in areas such as tax, financial services sector, capital markets, electricity, minimum wage, with regulations like the Deduction of Tax at Source (Withholding) Regulations 2024, Lagos Electricity Law 2024 and the National Minimum Wage Act reflecting efforts to improve economic conditions. The Central Bank of Nigeria, the Securities Exchange Commission and Federal Inland Revenue, the Nigerian Communications Commission, etc. also issued new and amended guidelines and regulations to provide updated regulatory requirements and obligations of players in the regulated industries. The judiciary also delivered impactful decisions such as the Federal High Court’s ruling on the issue of single shareholder pursuant to the Companies and Allied Matters Act, 2020 and the decision of the Supreme Court nullifying the application of the National Lottery Act in the federating 36 states of the country.  As we approach the new year, we extend our sincere gratitude to all our clients for their continued trust in us and wish you a Merry Christmas and a prosperous New Year 2025.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Goldsmiths Solicitors – Legal Recap for the Year 2024 first appeared on Goldsmiths Solicitors.

Following the emergence of online betting, the Nigerian gambling industry has experienced extraordinary growth in the past few years. This also followed the legalization of some forms of gambling in the Nigerian Criminal Code Act, 1990. The industry has therefore continued to attract both local and international investors due to its huge potentials.

Gambling activities in Nigeria broadly include sports betting, lottery, gaming, casinos, lotto, etc. In order to legitimately operate any type of gambling activity in Nigeria, an operator must first obtain the appropriate licenses from the regulatory authorities. Using Lagos State as a case study, this article explains the regulatory requirements and processes involved in obtaining sports betting license in Lagos State.

Regulatory Framework

Previously, a sports betting company wishing to operate within Nigeria required both a federal license issued by the National Lottery Regulatory Commission (NLRC) and a state licence from the state in which it wishes to operate from. At the federal level, the NLRC, established under the National Lottery Act, 2005, served as the primary body overseeing gaming activities across the country. Concurrently, state governments regulated sports betting within their jurisdictions through their respective regulatory authorities. However, a recent landmark judgment in Lagos State Government & Ors v. Attorney General of Federation and Anor with suit number SC/1/2008 delivered by the Supreme Court of Nigeria in November 2024, has changed this position by nullifying the National Lottery Act, 2005 and declaring that the National Assembly lacks the jurisdiction to legislate on matters related to lotteries and games of chance, as such powers reside exclusively with state Houses of Assembly to legislate on lottery and gaming within their respective states. Thus, the import of the Supreme Court judgement is that the National Lottery Act, 2005 now applies only within the Federal Capital Territory (FCT) where the National Assembly has the legislative power to enact laws on lottery and gaming matters. Therefore, lottery and sports betting companies are now only required to obtain licenses solely from the state(s) in which they intend to operate.

In Lagos State, the regulatory body responsible for controlling and regulating sports betting activities is the Lagos State Lotteries and Gaming Authority (LSLGA). Sports betting companies must obtain the requisite license from LSLGA before commencing operations in the state.

With a large internet penetration and the rise of online betting, in practice, a sports betting company can obtain a license in one state and be accessible online in another state thereby avoiding the need to apply for licences in multiple states.

Requirements for Obtaining a Sports Betting License/Permit from Lagos State Lotteries and Gaming Authority (LSLGA):

As stated above, the regulatory body responsible for issuing sports betting license/permit in Lagos State is the Lagos State Lotteries and Gaming Authority (LSLGA). The requirements for obtaining a sports betting permit from the LSLGA include:

1. Company Incorporation: The first step towards obtaining a sports betting license from the LSLGA is the incorporation of a local company in Nigeria with the Corporate Affairs Commission (CAC) as mandated under the Companies and Allied Matters Act, 2020 (CAMA). This is a compulsory regulatory requirement for any company wishing to do any business in Nigeria.
2. Share Capital: The company must meet the minimum share capital requirement of N20,000,000.00 (Twenty Million Naira) as prescribed by the LSLGA. Please note however that the CAC now requires that any company with foreign participation must have a minimum share capital of N100,000,000 (One Hundred Million Naira). If the company being set up has foreign participation either by shareholding or directorship, the minimum share capital from a CAC point of view must therefore be N100,000,000. Also note that this amount is merely the minimum value of the company shares at the time of registration and the shares do not have to be fully paid up.
3. Financial and Technical Ability: The company must demonstrate the financial and technical ability to operate a sports betting business. The applicants must demonstrate financial stability and viability by submitting audited financial statements, proof of sufficient capital, and a detailed business plan. Regarding the technical ability, operators must invest in a robust technical infrastructure for their sports betting platform, including secure servers, data protection, and reliable payment processing systems. Compliance with international online security standards is also very essential.
4. Applicant companies cannot be wholly-owned by foreigners as Nigerians are required to hold at least fifteen percent (15%) of the shares in foreign-owned companies to fulfil local content requirement and promote local participation.
5. Payment of application and license/permit fees.

Procedures for Obtaining a Sports Betting License/Permit from LSLGA:

The procedure for obtaining a sports betting license from the LSLGA is divided into three stages as follows: the application stage, the approval in principle stage and the final or grant of license stage.

Application Stage:

At this stage, an application for a sports betting license/permit is to be submitted to LSLGA together with the following documents:

1. A letter of intent.
2. Evidence of payment of non-refundable application fee
3. Company incorporation documents issued by CAC (Certificate of Incorporation, status report showing details of directors, minimum share capital and registered address and MEMART).
4. Detailed business plan/proposal on the sports betting scheme which should provide information and documentation on the following:
   1. Business structure information such as address of the registered office, branches, outlets and planned locations, particulars, profile and relevant qualification(s) of directors and key personnel, Tax Clearance Certificate (“TCC”) of Director(s) in the last three (3) years, description of operations and management structure, a sports betting industry analysis that clearly demonstrates an understanding of the sports betting industry, marketing and distribution plans, address of planned location, branches and outlet(s). Please note that these must be lock-up shops – kiosks and mobile vendors are not allowed.
   2. Proposed sports betting operations including details of planned games, relevant sports activities, approximate odds to be used, Operator’s game rules and participants’ Code of Practice, Number and frequency of sports/games and prizes and price structure.
   3. Financial projections including management account, company’s bank statement of the preceding year to support financing plans, five years projected profit and loss account, balance sheet, cash flow analysis which should provide for the annual licence fee and monthly gaming tax, capital investments, etc.
   4. Hardware and software information including servers, routers, firewalls, operating systems and database application specification.
   5. General information on the architectural diagram clearly illustrating the technical operational flow, the proposed platform (whether self-host or cloud based) and the contact information of the hosting company if cloud based.
   6. Detailed information about the applicant’s bookmaker, betting sites and technical consultants, proposed technical topography including a schematic diagram clearly illustrating the technical operational flow.

Due diligence will be conducted on every application to determine the suitability of the applicant for the license within a period of 10 to 15 working days. The applicant will also be required to make a presentation before the LSLGA to justify the grant of the license as part of the application process. Upon the satisfactory fulfilment of the requirements of the application stage and payment of the license fee, an Approval in Principle (AIP) will be granted.

Approval-in-Principle (AIP):

After a successful presentation and upon a satisfactory fulfilment of the pre-approval requirements, the applicant must pay a license fee currently N50,000,000.00 (Fifty Million Naira). Once this payment is made, the applicant is issued an Approval in Principle (AIP). An AIP serves as a temporary licence allowing the company to operate for a period not exceeding three (3) months (90 days) during which the company will be excused from paying tax.  The AIP is typically granted with specific conditions that must be met before the issuance of a final or substantive license.

Grant of License:

Upon the expiration of the AIP and the applicant’s fulfilment of all stipulated conditions set on the AIP, a final license is issued to the applicant. This license is valid for one (1) year from the date of issuance and is renewable annually for a fee currently N10,000,000.00 (Ten Million Naira).

Post-Licensing Obligations

Following the issuance of the license and commencement of operations, licensed operators are required to fulfill certain post-license obligations, including the remittance of a monthly gaming tax of 2.5% of their sales revenue to the regulatory body. Additionally, licenses must be renewed annually upon expiration to maintain operational compliance. There are also other tax obligations for e.g. income tax, Value Added Tax (VAT), company income tax, etc. that are payable by the company either to the state revenue authority or the Federal Inland Revenue Services. The licensed operators are also required to make the filings of their annual returns with the CAC to ensure their regulatory compliance.

Conclusion

With the rise of online betting, the Nigerian gaming industry has experienced extraordinary growth in recent years. Previously, sports betting was regulated at both the federal and state levels in Nigeria. However, a recent landmark Supreme Court judgment in November 2024 clarified that sports betting companies are now only required to obtain licenses exclusively from the states where they intend to operate as the licensing and regulatory powers and oversight of the NLRC is now limited only to the Federal Capital Territory. Upon obtaining the license, operators must comply with all post-license obligations, including remittance of fees to the regulatory body, renewal of license, payment of taxes, filing of annual returns with the CAC, etc.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Practical Tips on How to Obtain Sports Betting License in Lagos State, Nigeria first appeared on Goldsmiths Solicitors.

Telemedicine is the delivery of healthcare services remotely using information and communication technologies which allow real-time audio or audio-visual patient-health provider communication, diagnosis and treatment through laboratory tests and drug prescriptions. With the expansion of internet penetration in Nigeria, telemedicine has become an emerging business in Nigeria and has begun to experience significant growth. This is partly driven by the increasing need for accessible healthcare, the advancement of technology, the outbreak of Covid-19 which resulted into limited physical consultations with healthcare providers and the mass exodus of health care professionals from Nigeria in the last few years. Telemedicine also provides accessibility and thereby bridges the gap in healthcare access, especially in rural and underserved areas where medical facilities and professionals are scarce. Recently, there has been an increased interest in telemedicine business from both local and foreign players in that space.

Presently, there is no single substantive law regulating the operation of telemedicine in Nigeria. However, the operation of a telemedicine business is subject to the specific requirements of certain laws which include the Companies and Allied Matters Act, 2020 (CAMA), Nigeria Data Protection Act, 2023, Medical and Dental Practitioners Act, 1988, the National Health Act 2014, Pharmacists Council of Nigeria (Establishment) Act, 2022, Nursing and Midwifery (Registrations, etc) Act, 1979, Constitution of the Federal Republic of Nigeria, 1999, etc.

This article highlights the regulatory requirements necessary for the operation of telemedicine business in Nigeria.

Regulatory Requirements

Although there is no specific law regulating telemedicine in Nigeria, telemedicine is not unregulated. There are certain regulatory requirements which broadly apply to the operation of a telemedicine (business) in Nigeria. These requirements include:

1. Company incorporation: One of the requirements for the operation of any business in Nigeria, is the incorporation of a local company as required by the CAMA. Thus, to operate a telemedicine business in Nigeria, a local company has to be incorporated with the Corporate Affairs Commission (CAC). There are different share capital requirements which apply depending on whether the business is locally or foreign owned. In addition to incorporating a local company, a company with foreign participation is also required to be registered with the Nigerian Investment Promotion Commission (NIPC) and also obtain a business permit from the Federal Ministry of Interior.

2. Registrations and Licensing: Healthcare providers must possess the necessary qualifications, professional licenses and registrations to provide healthcare services to patients in Nigeria. These registrations and licenses are provided by the Medical and Dental Practitioners Act, 1988, Nursing and Midwifery (Registrations, etc) Act, 1979 and the Pharmacists Council of Nigeria (Establishment) Act, 2022. Depending on the model of operation, it may also be necessary to obtain certain licenses/registrations from the Federal Ministry of Health, National Agency for Food and Drug s Administration and Control (NAFDAC), etc.

In Lagos state, health facilities including telemedicine are to be registered with the Health Facility Monitoring and Accreditation Agency (HEFAMAA) pursuant to the Lagos State Health Sector Reform Law, 2006 with the registration renewable annually. 

3. Data Privacy and Protection: The Nigerian Constitution, 1999 guarantees and protects the privacy of citizens and to that extent, the Nigeria Data Protection Act, 2023 (NDPA) which amplifies the constitutionally guaranteed right to privacy, is the regulatory framework applicable to the collection, processing and storage of (patients’) data. Telemedicine providers are required to process patients’ data in accordance with the requirements of the NDPA. The NDPA regulates the cross-border transfer of patients’ data and also provides for security measures to be adopted by telemedicine businesses to ensure the security and protection of patients’ data.

The NDPA also provides for the obligation to register as a data processor/controller. Since telemedicine businesses collect and process patients’ data including health records, they are required to register with the Nigeria Data Protection Commission (NDPC) as data controller/processor.

4. Technology Transfer: The National Office for Technology Acquisition and Promotion Act 1979 (NOTAP Act) regulates the transfer and acquisition of foreign technology by companies in Nigeria by making the contracts and agreements to transfer technology registrable with NOTAP. Invariably, the transfer of foreign healthcare technologies such as patents to a telemedicine company would be subject to registration with NOTAP.

5. Confidentiality: Patients’ health information is to be obtained and held confidentially by telemedicine providers without disclosing it or allowing access to it by unauthorized third parties as required by the National Health Act, 2014. Thus, there is an obligation to put in place measures to ensure that unauthorized persons do not have access to the medical information and health records of patients. Failure to comply attracts sanctions which include monetary penalties and terms of imprisonment.

Other Legal Considerations

To ensure seamless operation in Nigeria, telemedicine operators should pay particular attention to the following:

1. Records System: It is required as a matter of best practice and in line with the requirements of applicable laws and regulations for telemedicine providers to develop and maintain a robust records system for the management of the health records of patients. These records enable the providers to easily keep records of consultations, diagnoses, prescriptions, hospital referrals, etc. provided to patients.
2. Privacy policy: Developing a privacy policy which elaborately provides for the essence of the collection and retention of patients’ information and health records. The privacy policy should be in compliance with the requirements of the Nigerian Data Protection Act, 2023 and its subsidiary regulations.
3. Data Security: Telemedicine operators should have a robust data security system capable of protecting the information and health records of patients from data breaches and violations. Some of the data security measures that could be adopted include anonymisation, pseudonymisation, encryption, etc. which ensures the integrity and protection of patients’ sensitive information and health records.
4. Licence Renewals: Attention must be paid to licenses and registrations renewal deadlines to ensure that providers continuously comply with legal requirements regarding renewal of licences. It is very important that health practitioners including doctors, nurses and pharmacists’ licenses and registrations are up to date.
5. Regulatory Filings: Appropriate returns should be filed with the relevant regulatory authorities to ensure continuous regulatory compliance. Company annual returns should be filed with the Corporate Affairs Commission (CAC) as at when due to avoid the payment of penalties. There is also the obligation to conduct and file data impact assessment reports with the Nigerian Data Protection Commission (NDPC) relating to processing of data that may pose high risk to the confidentiality of patients’ data.
6. Tax Returns: Telemedicine companies are required to pay tax and file tax returns with the Federal Inland Revenue Service (FIRS). In particular, telemedicine companies are obliged to pay companies income tax (CIT) on their profits and file their returns with the FIRS usually within six months from the end of their financial year.

Conclusion

Driven by the increasing need for accessible healthcare, the advancement of technology and the mass exodus of healthcare professionals from Nigeria in the last few years, there has been a marked increase in the provision of telemedicine in Nigeria.  The operation of a telemedicine business in Nigeria is regulated by various laws relating to the incorporation of businesses, licensing and registrations, data processing and protection, confidentiality, etc. Telemedicine providers must ensure that their healthcare professionals’ licenses and registrations are up to date in compliance with applicable laws and regulations.  Contracts and agreements for the transfer of healthcare technologies are required to be registered with NOTAP.

Telemedicine providers are to ensure compliance with applicable laws and regulations relating to data security, regulatory and tax filings with the CAC, NDPC and FIRS, license and registrations renewals and keeping and maintaining robust health record systems that guarantees the confidentiality of patients.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Navigating the Regulatory Requirements for Telemedicine Business in Nigeria first appeared on Goldsmiths Solicitors.

With Nigeria being a leading Fintech hub in Africa, we have in last few years witnessed a surge in online money lending service. The operation of money lending business in Nigeria is regulated by the Money Lenders Laws of the various states in Nigeria, the Federal Capital Territory (FCT) and the Federal Competition and Consumer Protection Commission (FCCPC). There are 36 states and a Federal Capital Territory (FCT) in Nigeria and an operator must obtain the money lenders license from the regulatory authority in the relevant state(s) in which they wish to operate or the FCT before commencing operations. It is important to note that where the money lending business is to be carried on in more than one state, a money lenders license must be obtained in each state in which the money lending business is to be carried on. It is a criminal offence to engage in the business of money lending without a money lenders license.

In Lagos State, the money lender’s license is granted by the Lagos State Ministry of Home Affairs. Using Lagos State as a case study, this article explains how to obtain the money lenders license in Lagos State and the digital money lenders registration with the FCCPC. The processes and procedures are similar in other states.

Requirements for Money Lenders License in Lagos State

The Lagos State Money Lenders Law is the principal law which regulates money lending in the state and the regulatory authority responsible for issuing licenses is the Lagos State Ministry of Home Affairs. Money lenders license can only be issued to corporate entities in Lagos state. Thus, any potential investor interested in money lending business is required to first incorporate a company in Nigeria.

The requirements for processing and obtaining a money lenders license in Lagos state are as follows:

1. Incorporation documents including company certificate of incorporation, Memorandum and Articles of Association, etc. of the applicant company issued by the Corporate Affairs Commission (CAC).
2. The minimum share capital of the applicant company is N20,000,000 (Twenty Million Naira). However, where the company has foreign participation, the minimum share capital requirement is N100,000,000 (One Hundred Million Naira).
3. Police Clearance Certificate of two directors of the applicant company.
4. Three (3) years Tax Clearance Certificate (TCC) for the company and for at least two (2) directors.
5. Reference letter from the applicant’s bankers in Nigeria.
6. Proof of payment of the application and processing fees.

The Procedure for Obtaining Money Lender’s License in Lagos State

The procedure for obtaining the money lenders license in Lagos State is initiated with an application to the Chief Magistrate of the Magistrates Court within the magisterial district where the lending company is located and ends with the issuance of a money lenders license to the applicant. The procedure for obtaining the license is highlighted below:

1. An application in the prescribed form is made to the Chief Magistrate of the Magisterial District where the applicant company is located.
2. The Chief Magistrate issues a Money Lenders Certificate (Form B) and a letter addressed to the Permanent Secretary of the Lagos State Ministry of Home Affairs to the applicant company confirming due diligence of the applicant company and recommending the issuance of a money lenders license.
3. An application is made to the Nigerian Police for the issuance of Police Clearance Certificates for two directors of the applicant company.
4. A formal application is made to the Lagos State Ministry of Home Affairs for money lender’s license accompanied with the following documents:
5. Form B and the Letter of Recommendation issued by the Chief Magistrate.
6. Incorporation documents of the applicant company.
7. Three years Tax Clearance Certificate (TCC) of the applicant company and of at least two directors.
8. Police Clearance Certificates for two directors of the applicant company.
9. A reference letter from a commercial bank being the bankers of the applicant company in Nigeria.
10. Proof of payment of the application and processing fees.
11. A physical inspection of the applicant company’s place of business will be carried out by the Lagos State Ministry of Home Affairs upon submission of the application.
12. A Money Lenders License is issued to the applicant company by the Lagos State Ministry of Home Affairs where it is satisfied that all the statutory requirements have been met and the applicant company is considered fit and proper to act as a money lender.

Validity and Renewal of Money Lender’s License in Lagos State

Money lenders license is valid in Lagos State for a period of one year and therefore subject to renewal every subsequent year. To process the renewal of the license, the licensed operator is required to obtain a new Money Lenders Certificate (Form B) from the Chief Magistrate accompanied with the expired license, updated tax clearance certificate and evidence of payment of the renewal fee. Upon being satisfied that the requirements continue to be met, a renewed license is issued.

Registration with the Federal Competition and Consumer Protection Commission (FCCPC)

In 2022, the Federal Competition and Consumer Protection Commission (FCCPC) issued the Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending, 2022 (“the Guidelines”). The Guidelines require digital money lenders to register with the FCCPC before the commencement of business operations. The process of registering with the FCCPC is summarized as follows:

1. The digital money lender is to obtain an Audit Trust Mark from the Nigerian Data Protection Commission.
2. Obtain a compliance Audit Report and Privacy Impact Assessment Report from a duly registered Data Protection Compliance Organisation (DPCO).
3. Obtain and complete the requisite digital money lender’s registration form from the FCCPC. The completed form is to be accompanied with some documents which include:
4. Incorporation documents of the applicant.
5. The company’s terms of use and privacy policy
6. The company’s code of conduct
7. Brief description of the business and details of its groups, subsidiaries and affiliates.
8. Evidence of feedback and complaint resolution mechanism
9. Evidence of payment of the registration fee
10. Obtain and complete the requisite declaration form from FCCPC.

The application is to be submitted to the FCCPC together with the required documents. In practice, the FCCPC allows some flexibility in the registration process by allowing applicants to begin the digital money lender’s registration process while waiting for the Audit Trust Mark and the Compliance Report and Privacy Impact Assessment Report.

Failure to register with the FCCPC may lead to the permanent blacklisting of the digital money lender’s business and the removal of its digital apps from online platforms such as Google Play Store and Apple Store, etc. which will make the money lender unable to transact its business in Nigeria.

Conclusion

With the growth of FinTechs in Nigeria, there has been tremendous growth in the Nigerian online money lending space in the last few years. The business of money lending is regulated in Nigeria by the state governments, the FCT and the FCCPC. An operator is required to obtain a money lenders license in any of the 36 states of Nigeria in which it wishes to carry on business. Individual licenses must be obtained in every state in which an operator seeks to do business. Any company desirous of providing money lending services through any digital platform is required to register with the FCCPC before commencing business in Nigeria failing which its business and digital apps could be permanently blacklisted.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post How to Obtain Money Lenders License in Lagos State, Nigeria first appeared on Goldsmiths Solicitors.

This article highlights the requirements, processes and practical considerations to consider when registering imported products with NAFDAC in Nigeria.

Requirements for the Registration of Imported Products with NAFDAC

The requirements for the registration of imported products with NAFDAC will usually include the following:

A. Power of Attorney or Contract Manufacturing Agreement: A power of Attorney is required to authorize a local agent to act on behalf of the foreign manufacturer of the products. The Power of Attorney must be signed by either the Managing Director, General Manager, Chairman or President of the manufacturing company and it should also state the names of the products to be registered. If the foreign manufacturer does not wish to use a local agent, it may set up its own local company in Nigeria in order to register its products in its name, in which case, a Contract Manufacturing Agreement required.

B. Certificate of Manufacture and Free Sale: This is a document that provides evidence that the manufacturer is licensed to manufacture the products in its country of origin and the sale of the products does not contravene the laws of the manufacturer’s own country. It is issued by the relevant health or regulatory authority in the country of manufacture.

C. Comprehensive Certificate of Analysis: The Certificate of Analysis is issued by a quality control laboratory that has evaluated the products to be registered. It must state the brand name and batch number of the products and must also be signed by the laboratory analyst who evaluated the products in the country of manufacture.

D. Certificate of Incorporation: An applicant is expected to submit evidence of company incorporation with the Nigerian Corporate Affairs Commission (CAC). There are two approaches that may be adopted here. The first approach is that a local agent may be engaged and as such the local agent submits its company information and documents to NAFDAC for the product registration. The second approach is that the applicant may incorporate its own local company in Nigeria for the purpose of registering its imported products with NAFDAC.

E. Evidence of Trademark Registration: Trademark registration certificate or acceptance letter issued by the trademark office showing that an application has been made to register the trademark in in Nigeria in the name of the manufacturer.

F. Letter of Invitation for Good Manufacturing Practice: The manufacturer is required to write a letter of invitation addressed to NAFDAC, inviting its officials to visit and inspect the factory of the manufacturer abroad.

G. Labels/artworks: A print out of the label and artwork for the product to be registered is required. There must be a provision for NAFDAC registration number on the label and there must also be provisions for batch number, date of manufacture and expiry date together with other usage and storage instructions.

Product Registration Processes

The imported product registration processes usually involve the application, import permit, laboratory analysis, factory inspection and approval stages.

1. Application

NAFDAC Application form for the product registration is to be obtained and completed with the required information relating to the applicant and the product to be registered. Upon completing the application form, an application letter for the registration of the imported product on the applicant’s letterhead is addressed to NAFDAC. The application letter is to be submitted with the required documents outlined above together with the completed NAFDAC application form.

2. Import Permit

When an application has been successfully submitted and all supporting documents reviewed, an import permit is issued by NAFDAC for the importation of the samples of the product The imported of the sample is to enable NAFDAC conduct laboratory analysis on the products as outlined below. The import permit is usually valid for a period of 12 months. NAFDAC would usually specify how many samples they require.

3. Laboratory Analysis

The imported samples are submitted to NAFDAC laboratory for evaluation. The submission of the samples is accompanied with payment receipt of the official application and processing fee, certificate of analysis and a copy of the import permit. The laboratory analysis may not be successful if the outcome of NAFDAC analysis shows that there are any discrepancies in the information contained in the certificate of analysis. Where this happens, NAFDAC may issue a query for compliance directive. The compliance may involve importing new samples of the products together with an updated certificate of analysis of the products and resubmitting it for a fresh laboratory analysis. This will inevitably affect the times lines for approval discussed below.

4. Factory Inspection

Further to the letter invitation for Good Manufacturing Practice (GMP) and the payment of the required GMP fees, NAFDAC would usually visit the manufacturing facility in the country of origin to inspect it for Good Manufacturing Practice. In practice this visit does not always take place but the fee is still required to be paid.

5. Approval

The application for imported product registration is approved where NAFDAC is satisfied with the documentations provided, the samples provided and the Good Manufacturing Practice of the manufacturer in the country of origin. Upon the approval of the product, notice of registration is issued to the applicant. A unique NAFDAC registration number is also issued to the manufacturer. The registration is valid for 5 years from the date of registration and has to be renewed thereafter for another period of 5 years.

Product Registration Timelines

Depending on the product to be registered, the timelines for registration of imported products could vary between a period of 90 days or 120 days. The timeline is usually 90 days for food products and 120 days for drugs. In practice this is not always possible and registrations have been known to take longer than this due to a combination of factors.

Practical Considerations

In practice, it is not always possible to obtain registration in the timeline stated above. One of the reasons of this is the issuance of compliance directives by NAFDAC. Once a compliance directive is issued by NAFDAC, the clock stops ticking and time begins to count afresh from the period of when the compliance is remedied.  It is immaterial whether or not the compliance was done the same day or a within reasonable period thereafter.

Another possible cause of delay is that upon the submission of samples to NAFDAC, you would have to visit NAFDAC offices several times in person in order to obtain the result of the laboratory analysis as this is not usually communicated by email.

A further factor that may affect the registration is that during the application, the form together with all supporting documents are required to be uploaded online as part of the NAFDAC application process. In practice however, you are also required to submit the hard copies of these documents to NAFDAC offices.

An applicant that decides to register his own local company for the purpose of submitting an application to NAFDAC will have to company with other law relating to company registration in Nigeria including the requirement of obtaining tax registration with the Federal Inland Revenue Services (FIRS) and ensuring that the company is profiled on Taxpro-max for the purpose of validating the company’s profile with NAFDAC. In our experience, this usually takes some time to achieve and may further extend the registration time beyond the timeline provided by NAFDAC for product registration. The company is also required to file its annual returns to the CAC and file its monthly VAT returns whether or not it is trading.

Strike action by NAFDAC officials may sometimes also affect the timelines for the registration of a product with NAFDAC. We have experienced strike action from NAFDAC officials in the past which led to delayed product registration especially at the laboratory analysis stage.

In order to mitigate against most of these factors, it is advisable to ensure that from the outset, you have all your documents, samples, etc. ready and thoroughly reviewed before any application is made. It is also very important to promptly respond to any queries raised by NAFDAC so as to minimize the time between compliance and approval.

Conclusion

NAFDAC is the regulatory agency responsible for the registration of imported food, drugs, cosmetic products and medical devices. The application for imported product registration is made to NAFDAC with the supporting documents and the payment of official fees. NAFDAC approves the application for the product registration upon being satisfied with the applicant’s documentations and Good Manufacturing Practice. In practice however, it is not always possible to register a product within the time frame published by NAFDAC due to a variety of factors which are mostly internal.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

The post Practical Considerations on Registering Imported Products with National Agency for Food and Drugs Administration and Control (NAFDAC) first appeared on Goldsmiths Solicitors.

This article provides an overview of the new law, it considers the objectives, application, principles guiding the processing of personal data, cross-border transfer of personal data and other key provisions.

Application of the Nigeria Data Protection Act

The Act applies to data controllers or data processors domiciled, resident or operating in Nigeria and the processing of personal data that occurs within Nigeria. It also applies to situations where the data controllers or data processors are not domiciled, resident or operating in Nigeria but are processing the personal data of data subjects in Nigeria.

The Act does not apply to the processing of personal data which is done solely for personal or household purposes by one or two more persons. The Act also does not apply to the processing of personal data necessary for the investigation, detection or prosecution of crimes or the prevention or control of a public health emergency, etc.

Objectives of the Act

The Act seeks to achieve the following objectives:

1. Safeguard the fundamental rights, freedoms and interest of data subjects as guaranteed under the Constitution.
2. Regulate the processing of personal data and ensures that personal data is processed in a fair, lawful and accountable manner.
3. Protect data subjects’ rights and provide means of recourse and remedies in the event of breach.
4. Ensure that data controllers and data processors fulfill their obligations to data subjects.
5. Establish an impartial, independent and effective regulatory Commission to superintend over data protection and privacy issues and supervise data controllers and data processors.

Establishment and Functions of the Nigeria Data Protection Commission

The Act established the Nigeria Data Protection Commission (“the Commission”) for the purposes of achieving the objectives of the Act. Thus, the Commission has the core functions of regulating the deployment of technological and organizational measures to enhance personal data protection, accredit, licence, and register suitable persons to provide data protection compliance services, register data controllers and data processors, receiving complaints relating to violations of the Act or any subsidiary legislations.

Principles of Processing Personal Data

Data controllers and data processors process personal data on the basis of care and accountability to data subjects. Accordingly, data controllers and data processors must act in a fair, lawful and transparent manner, collect data only for specified and legitimate purpose, hold and retain the data accurately, not longer than necessary, and generally ensure appropriate security measures are taken to secure the personal data.

Consent and Lawful Basis for the Processing of Personal Data

Consent of a data subject is very important for processing personal data. A data subject is a person whose information or data is being processed or sought to be processed. A data controller or data processor must obtain the consent of a data subject before processing his/her data, and it lies on the data controller or processor to prove that the data subject has given consent. The request for consent must be in a clear simple language and format with information that the data subject reserves the right to withdraw the consent at any time.  The consent must be freely and intentionally given either in writing, orally or through electronic means. Silence or inactivity does not amount to consent. In the case of a child, or person lacking legal capacity), the consent of a parent or guardian will suffice. The need to obtain consent of parent or guardian, may however not apply where the processing of personal data is necessary to protect the vital interests, or for the purpose of the education, medical or social care of such child or person lacking legal capacity, or where it is necessary for proceedings before a court.

The consent must be given for the specific purpose(s) for which personal data is processed, or where the processing is necessary for the following purposes:

1. For the performance of a contract to which the data subject is a party
2. For compliance with a legal obligation to which the data controller or data processor is subject
3. To protect the vital interest of the data subject or another person
4. For the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or data processor
5. For the purposes of the legitimate interest pursued by the data controller or data processor, or by a third party to whom the data is disclosed.

Obligations of a Data Controller

• Obligation to Provide Information: A data controller has the obligation to provide certain necessary information to a data subject before collecting his personal data. The information which the data controller must provide to the data subject include the following:

1. Identity, residence or place of business and means of communication with the data controller and its representative.
2. Recipients or categories of recipients of the personal data
3. Existence of the rights of the data subject
4. Retention period for the personal data, etc.

The data controller shall make this information available by means of a privacy policy which should be expressed in a clear, concise, transparent, intelligible and easily accessible format.

• Data Privacy Impact Assessment Obligation: The assessment is a process designed to identify the risks and impact of processing personal data. A data controller is required to conduct a data privacy impact assessment where the processing of personal data may result in high risk to the rights and freedom of a data subject. This is to be conducted before the processing of personal data.
• Obligation to Erase Personal Data: A data controller has the obligation to erase the personal data of a data subject without undue delay where it is no longer necessary or where the data controller has no other lawful basis to retain the personal data.

Obligations of a Data Processor

Data controllers are engaged by data processors to process personal data. These data processors are also mandated to comply with the principles for the processing of personal data, assist the data controller to fulfill its obligation, implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data. Where a data processor engaged by a data controller further engages another data processor, the data processor directly engaged by the data controller is obliged to notify the data controller of its engagement with another data processor.

Data Protection Officers

Data controllers that process significant personal data are required to designate a person as a Data Protection Officer (DPO). The DPO may be an employee of the data controller or a person engaged by a service contract and must possess expert knowledge on data protection laws and practices. A DPO advises data controller, monitors compliance with the Act and related data protection policies of the data controller. The DPO also act as the contact point for the Commission on data processing issues.

Rights of Data Subjects

A data subject has the following rights with respect to the processing of his personal data by a data controller.

1. Right to Confirmation from a Data Controller. A data subject has the right to obtain from a data controller without constraint or unreasonable delay, confirmation as to whether the data controller or a data processor operating on its behalf is storing or otherwise processing personal data relating to the data subject and if so, the purpose of the processing, the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, etc.
2. Right to receive a copy of his personal data in a commonly used electronic format.
3. Right to correction or deletion of the data subject’s personal data where correction is not possible where the personal data is inaccurate, out of date, incomplete or misleading.
4. Erasure of personal data of the data subject without undue delay
5. Right to restrict the processing of personal data
6. Right to withdraw consent to the processing of personal data at any time.
7. Right to object to the processing of personal data relating to the data subject.
8. The right to reject being subject to a decision based solely on automated processing of personal data.
9. The right to receive personal data in a structured, commonly used and machine-readable format and be able to transmit it to another data controller without any hindrance.

Data Security

Data controllers and data processors are required to implement appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data in the possession. They must ensure that personal data are protected against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure or access.

The security measures that may be implemented to ensure personal data security include encryption, periodic assessments of risks to processing systems and services, regular testing, assessing and evaluation of the effectiveness of the measures, regular updating of the measures and introducing new measures to address shortcomings, etc.

Personal Data Breaches

Personal data breach is the breach of the security of a data controller or data processor which leads to or may lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or processed.

Data processors are required to notify data controllers or engaging data processors of personal data breaches which the data processors store or process upon becoming aware of it by describing the nature of the personal data breach and the number of data subjects and personal data records concerned and also respond to all information requests from the data controllers or the engaging data processors.

Data controllers should also notify the Commission of personal data breaches which are likely to result in a risk to the rights and freedoms of individuals within 72 hours of becoming aware of such breach. Data controllers are also to communicate the personal data breach to the data subjects in a plain and clear language including measures that could be taken by the data subjects to mitigate any possible adverse effects.

Data controllers and data processors are also required to keep a record of all personal data breaches, facts relating to the breaches, its effects and remedial actions taken.

Cross-border Transfers of Personal Data

Data controllers and data processors are not allowed to transfer or permit the transfer of personal data from Nigeria to another country unless:

1. The recipient is subject to a law, binding corporate rules, contractual clauses, code of conduct or certification mechanism that affords an adequate level of protection.
2. meets one of the lawful basis for transfer of personal data outside Nigeria.

The level of protection considered adequate must uphold the principles that are substantially similar to the conditions for processing personal data provided by the Act. An adequate level of protection is assessed by taking into account the existence of an effective data protection law, access of public authority to personal data, existence of an independent supervisory authority, etc.

Registration of Data Controllers and Data Processors

Data controllers and data processors of major importance are mandated to register with the Commission within six months after the commencement of the Act or upon becoming a data controller or data processor of major importance. Data controllers or data processors of major importance are data controllers or data processors that process personal data of particular value or significance to the economy, society or security and are resident or operating in Nigeria.

The Commission is required to maintain and publish a register of duly registered data controllers and data processors of major importance on its website. A data controller or data processor of major importance shall be removed from the register where it ceases operation.

Enforcement and Penalties

A data subject who is aggrieved by the action, inaction or decision of a data controller or processor may lodge a complaint with the Commission and it may investigate the complaint where it is not vexatious or frivolous.

The Commission may also issue a compliance order once it is satisfied that any requirement of the Act or subsidiary legislation has been violated or likely to be violated by a data controller or data processor. The order may be a warning, order to comply with the request of a data subject or a cease-and-desist order. The Commission may also issue an enforcement order or impose a sanction for violation of the Act or a subsidiary legislation.

The penalty or remedial fee for violation of the Act or subsidiary legislation is:

1. Higher maximum amount, which is the greater of N10,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor of major importance.
2. Standard maximum amount, which is the greater of N2,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor not of major importance.

Conclusion and Remarks

The Nigeria Data Protection Act, 2023 is an important piece of legislation and has been long in coming. It provides for the basic principles and the lawful bases for the processing and transfer of personal data in Nigeria and applies to both resident and non-resident data processors. It provides for the responsibilities of data controllers and data processors while also providing for the rights of data subjects. The processing of sensitive personal data and the personal data of children and persons lacking legal capacity to consent must follow the applicable principles as provided by the Act. Data security measures which are robust are expected to be put in place by data controllers and data processors to protect against the risk of personal data breaches. The Act creates the Nigerian Data Protection Commission which has the overall responsibility to ensure compliance and impose penalties where necessary. Both resident and non-resident data processors are advised to pay particular attention to this new legislation as they are now required to take specific steps to ensure compliance with the Act.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Better Late than Never: Nigeria Finally Passes the Data Protection Act first appeared on Goldsmiths Solicitors.

A Trademark is a unique sign or mark that distinguishes the goods and services of one business from another. A mark can either be a device, brand, heading, label, ticket, name, signature, word, letter, numeral, or any combination thereof. Most businesses, companies or organizations have distinctive marks that sets them apart from other businesses.

The relevant law that governs Trademark in Nigeria is the Trademarks Act, Laws of the Federation of Nigeria 2004 (LFN 2004). This article explains the procedure for the registration of trademarks, enforcement, and remedies for the infringement of trademarks in Nigeria.

Requirements for Registration of Trademark:

1. Applicant’s details (i.e., name, signature, nationality, and address).
2. Details of the trademark.
3. A representation of the mark.
4. The classification of goods and/or services (Nigeria uses the Nice Classification of Goods and Services).
5. A signed Power of Attorney

Procedures for Registering a Trademark:

1. Availability search: The first step is to conduct an availability search at the Trademark Registry to ensure that there are no marks similar or in conflict with the proposed mark.
2. Application: If there are no conflicts, an application for trademark registration is filed at the Trademark Registry. After submission of the application form and payment of the necessary fees, the Registrar issues an Acknowledgement Letter confirming receipt of the application.
3. Acceptance: Where the application is approved on the grounds that the mark is distinctive, a Letter of Acceptance will be issued within one to three months by the Registrar of Trademarks.
4. Publication and Certification: Upon the acceptance of the application, the Registrar ensures the notice of the application is published in the Nigerian Trademark Journal. The purpose of this publication is to notify interested parties who may have objections to the application. The opposition period is two months from the date of publication. Where there are no objections or where an objection raised has been upheld, the Applicant may proceed to make an application for the issuance of Certificate of Registration and subsequently, a Certificate of Registration would be issued by the Registrar of Trademarks.

A trademark once registered is valid in Nigeria for an initial period of 7 years in the first instance and subsequent renewals are valid for 14 years.

Trademark Infringement

A trademark is infringed when a person without consent from the trademark owner uses the mark or an identical mark in a way that is likely to deceive the public or cause confusion. Where such rights are infringed upon, the proprietor can institute an action in court for the infringement of such trademark. The court with jurisdiction for trademark proceeding in Nigeria is the Federal High Court. The burden of proof lies on the Proprietor of the trademark to show that his right has been infringed upon. Section 5 (2) Trademarks Act provides that:

“without prejudice to the generality of the right to the use of a trade mark given by such registration as aforesaid, that right shall be deemed to be infringed by any person who, not being the proprietor of the trade mark or a registered user thereof using it by way of the permitted use, uses a mark identical with it or so nearly resembling it as to be likely to deceive or cause confusion, in the course of trade, in relation to any goods in respect of which it is registered.”

The owner of an unregistered trademark on the other hand may institute an action for passing off where there is an infringement.

Enforcement of Rights and Available Remedies

The owner of a registered trademark can enforce his rights through the any of the following options:

1. Filing an opposition within 60 days of the publication in the Trademark journal against the registration of an identical or similar trademark. This is done by filing a Notice of Opposition, the Respondent is required to file a counter statement and the matter will be determined by the Registrar as to whether registration of the mark will be entertained or not. The notice must be in writing and must contain the grounds for the opposition.
2. Making a formal application to the Trademark Registrar for the cancellation of the trademark. This however should be supported with evidence of prior registration of the mark by the proprietor.
3. Sending a cease and desist letter to the infringer to inform him of the trademark that is being infringed and warning him to stop further violations of the mark. Where such infringer refuses, a legal action can be instituted.
4. Apply for a search and seize order where the infringement is known to the proprietor of the Trademark. It allows the owner the opportunity to enter the premises of the infringer without notice to seize all infringing goods.

Where the owner of a trademark commences legal action for the enforcement of his exclusive right to a trademark, the following remedies may be available through the courts:

1. The owner of the trademark can seek damages for compensation for losses suffered in relation to infringement of the trademark especially when such infringement impacts negatively on the owner’s business. The evidence must show a direct causal relationship between the infringement and actual harm.
2. Injunctive reliefs may be sought and granted. The court could prevent the infringer from further using the mark or may restrict usage of the mark to certain areas or impose certain conditions for its usage.
3. An Anton Pillar order can be sought to give access to the owner to enter the premises where the infringed goods are kept and take possession of it.
4. The court can also grant an order of account of profit to recover all the profits made by the infringer from the unauthorized use of the Trademark where such act amounts to gross loss of profit on the part of the owner.

Conclusion

The benefits of trademark registration generally and in Nigeria cannot be overemphasized. The certificate of trademark registration issued by the Registrar, is irrefutable evidence of registration of a mark and confers a right on the owner to use the trademark to the exclusion of others. Not only is a registered trademark protected under the law, but it also protects the identity and goodwill of the brand. The owner of a registered trademark can equally assign or transfer his trademark to an individual or corporate entity and generate revenue from it. Any infringement of the registered trademark could be met by an enforcement action and the registered trademark owner could get injunctive order or damages against the infringer.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Trademarks in Nigeria: Registration, Infringement and Enforcement first appeared on Goldsmiths Solicitors.

A Payment Solution Service Providers (PSSP) licence is a financial licence within the payments system which is issued by the Central Bank of Nigeria (CBN). A PSSP licence authorizes the licensee to provide and operate payment processing gateway and portals, solution/application development, and merchant service aggregation and collections services. A  PSSP license does not provide the authorization to hold customers’ funds or create and issue wallets. PSSPs are predominantly Financial Technology (FinTech) companies that enable  and facilitate  online and offline payments solutions which include collections, check-out, biller aggregation and payout services.

The CBN is the regulatory authority that issues PSSP licenses in Nigeria. The CBN also provides constant regulatory oversight over the activities of PSSP licensees in Nigeria.

Who can Apply for a PSSP Licence in Nigeria

Only a company that is duly registered with the Corporate Affairs Commission (CAC) in Nigeria and also meets the minimum share capital requirements and other regulatory requirements of the CBN can apply for a PSSP licence in Nigeria.

The Process of Obtaining a PSSP Licence from the CBN in Nigeria

A PSSP licence is processed in two stages viz:

• Approval-in-Principle (AIP): This is the preliminary stage of obtaining a PSSP license. During this stage, an application is to be made to the CBN for the grant of the license and they are expected to give an Approval-in-Principle or reject the application. Where an AIP is given, it is only valid for a period of six months. The AIP does not authorize the applicant to commence operation but only allows the applicant to take steps towards obtaining the final licence.
• Final Licence: The applicant is required to consolidate the AIP stage by taking steps to ensure its readiness for commencement of operation, notifying the CBN of its readiness to commence operation, by paying and applying for final licence. Upon the grant of the final licence, the applicant can commence its operations.

The process of obtaining a PSSP licence from the AIP stage to the final licence stage involves the following:

1. Write an application letter for a PSSP license which is addressed to the Director, Payments Systems Management Department of the CBN.
2. The application letter is accompanied with the required documents which include:

• Certificate of incorporation of the company with the Corporate Affairs Commission (CAC), with a share capital of N100,000,000 (One Hundred Million Naira)
• Memorandum and Articles of Association of the company
• Form CAC 2A (Return of Allotment of shares)
• Form CAC 7A (Particulars of Directors)
• Tax Clearance Certificate (TCC) and Tax Identification Number (TIN) of the Company
• Company’s profile
• Details of ownership
• Board structure
• Business plan
• Information Technology policy
• Dispute resolution framework
• Necessary certifications such as Payment Card Industry Data Security Standard (PCIDSS), Payment Terminal Service Aggregator (PTSA), etc.
• Evidence of payment of the non-refundable application fee of N100,000 (One Hundred Thousand Naira).
• Evidence of the deposit of the refundable minimum capital of N100,000,000 (One Hundred Million Naira). This is required to be made in full (one lump sum) and in the name of the applicant.

3. The CBN assesses the application for the PSSP licence and the accompanying documents and if it is satisfied with the application, it proceeds to grant an Approval-in-Principle.

4. Upon obtaining AIP from the CBN, the applicant then makes payment of the licence fee of N1,000,000 (One Million Naira) to the CBN designated account and proceeds to apply for a final licence within six months of obtaining AIP.

5. The CBN inspects the registered place of business of the applicant company and its readiness to commence operation and proceeds to issue the final licence if it is satisfied with the outcome of its inspection.

Validity and Renewal of PSSP Licence

PSSP licence validity period is as determined by the CBN and renewable if the operations of the PSSP licensee is satisfactory to the CBN. Recently, CBN renewed Cellulant’s PSSP licence and this shows the satisfaction of the CBN with the services of the company in providing payment solutions in Nigeria. Thus, the renewal of a PSSP licence by the CBN is a vote of confidence on the operation of a PSSP licensee.

Conclusion

A Payment Solution Service Providers (PSSP) licence is an important licence within the Nigerian payment systems which enables the provision of financial services such as the operation of payment processing gateway and portals which is utilized by merchants to accept debit or credit card purchases from customers. A PSSP licensee provides both online and offline payment solutions. A PSSP licence is obtainable from the CBN by submitting an application to the CBN and paying the required application and license fees within the stipulated timelines.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post How to Obtain a Payment Solution Service Providers Licence in Nigeria first appeared on Goldsmiths Solicitors.

By a Circular dated 7^th March 2023, the Central Bank of Nigeria (CBN) released the “Operational Guidelines for Open Banking in Nigeria” (‘the Guidelines’). The Guidelines set out rules for sharing the data/information of customers between participants in the open banking system. Although not defined in the Guidelines, open banking system may be defined as the exchange of the data of an entity’s customers with other entities for the purpose of providing innovative financial services. Thus, the Guidelines recognize the right of customers to privacy and data protection and set out the rules for engaging in open banking in Nigeria. It among other things, stipulates technical requirements/considerations for operating in the open banking system, identifies the risks associated with open banking to include cyber security, data privacy and integrity, product management, money laundering and regulatory compliance, and outlines the rules to manage these risks.

In this article, we highlight some salient provisions of the Guidelines such as who the participants in open banking are, the obligations of participants, regulatory oversight functions, policies/frameworks to be formulated by participants, reporting obligations, intellectual property issues and risk management.

Participants in Open Banking Operations

These are the organizations/persons who may engage in the exchange of customers’ data for the purpose of providing/receiving innovative financial services. Participants in open banking are classified based on the roles and the services they provide as follows:

1. API Providers;
2. API Customers; and
3. Customers.

API providers (APs) are those who use Application Programming Interface (API) to avail data or service to another participant. They can be licensed financial institutions, fast-moving consumer goods (FMCG) companies such as cosmetics, beverages, drugs, etc. companies, retailers, payroll service bureau, etc.

API Customers (ACs) are those that use API released by APs to access data or service. They are the recipients of API containing the data or service of other customers.

Customers as participants are the data owners who shall be required to provide consent for the release of their data for the purpose of accessing financial services. They may provide consent whilst filling out a form, etc.

Open Banking Registry

By the Guidelines the CBN is expected to maintain and provide an Open Banking Registry (‘the Registry’). The Registry is charged with regulatory oversight functions for participants in open banking. Participants in open banking are required to be registered with the Registry and their details are to be held by the Registry. The Registry is also to maintain an API interface which would serve as the primary means by which API providers manage the registration of their API customers.

Responsibilities of API Providers and API Consumers

The Guidelines set out several responsibilities which APs and ACs are expected to comply with. These responsibilities provide rules for ensuring accessibility of open banking systems and procedures, transparency, cybersecurity, privacy protection, etc.  Some of these responsibilities are:

1. Configuration management: APs and ACs are required to keep detailed inventory of open banking system configuration items in accordance with current Information Technology Infrastructure Library (ITIL) Standards. They are also to have automated configuration management (CM) processes and a configuration management policy.
2. Execution of a Service Level Agreement (SLA): They are required to execute an SLA which is to contain provisions on accounting and settlement, fee structure, reconciliation of bills, registration, and sponsorship responsibilities. The fee structure is also to be publicly disclosed on their websites and applications.
3. They are to ensure that all systems required for open banking are available, functioning optimally and meet up with the minimum standards on service monitoring, incident management, performance monitoring and event logging.
4. They are to ensure that they meet the minimum performance standards for open banking systems. The Guidelines outlines several key performance indicators (KPIs) to ascertain compliance with the minimum performance standards. One of such KPI is that where the average API total processing time is less than 3 seconds, it would be considered as ‘operational’, where it is less than or equal to 7 seconds, it would be considered as ‘suspect’, and where it is greater than 7 seconds, it would be considered as ‘critical’.
5. APs and ACs are required to maintain Business Continuity Plan (BCP) which are to among other things, indicate the architecture of the Online Transaction Processing (OLTP) and Online Analytical Processing (OLAP) infrastructure, trigger events, processes for failover and fail-back, and includes quarterly failover exercises and review of processes. The Guidelines also sets the threshold for failover and fail-back procedures as ’30 minutes of downtime’. They are also required to implement Disaster Recovery Plans (DRP) which may also be entrenched in the BCP. The plans are to be tested every 6 months. Whilst CBN is to oversee testing procedures, it is the responsibility of ACs and APs to provide the facilities for testing.
6. They are to ensure that they have problem management systems in place. The problem management system is aimed at managing incidents known to be recurring and which are not resolved under the SLAs. APs and ACs are to maintain a Problem Register which is to be made available to regulators, auditors, risk, and control teams within the organization. The problem management system is to be always electronic, or cloud based.
7. They are to ensure compliance with interface requirements. Some of these requirements are ensuring that interfaces between APs and ACs are 100% electronic, the data interchange format must be JavaScript Object Notation (JSON) and ensuring that the data standard for financial transactions are model based on ISO 20022 or any other global applicable minimum standard.
8. ACs and APs are to ensure that they maintain best competition practices. They are to comply with the provisions of section 2 of the Code of Conduct for the Nigerian Banking Industry which guards against unethical practices/unprofessional conducts by persons in the banking industry.
9. They are to ensure that the data in their possession is well protected and are to set up effective information security management systems and are to ensure compliance with technical security standards and minimum-security principles as contained in US NIST CSRC.
10. Change management obligations. They are required to collate change requirements and plan the changes for the next month. Changes to be made, whether pre-emptive or responsive are to be reported with sufficient details and in accordance with the prescribed notifications to be sent to all stakeholders that may be affected by such changes. The notifications are to be made in the following order:

• 24 hours before the intended change
• 1 hour before the intended change.
• Immediately the change has been completed and the services have been confirmed restored.
• 30 minutes after the change should have been completed but has been prolonged or failed.
• At the point of commencing a change rollback.
• When the services have been restored.

11. APs and ACs are required to have secure real-time communication platforms for first level incident responders within their organizations and respective ACs/APs for incident notification, investigation, and resolution. Emails are however not sufficient communication channels for incident management in open banking. The communication platforms are to accommodate text voice and video conferencing as effective modes of communication.

Termination of Agreement between Participants.

Any participant desirous of terminating a relationship is required to give the other party 20 business days’ notice of such termination. Where the relationship is terminated without notice due to fraud, abuse of service, etc. the AP is required to provide the AC with a report justifying the termination within 2 business days.

Policies/Frameworks to be Formulated under the Guidelines

ACs and APs are required to formulate the following policies:

1. Data Governance Policies. These policies are to govern the way APs and ACs handle the data of customers. They are to be approved by a committee of its Board of Directors or at minimum, an executive management committee.
2. Data Ethics Framework. The Data Ethics Framework is to provide the principles for collecting, collating, storing, analyzing, processing, etc. data. The Framework is also to provide consistent procedures for the documentation, verification, etc. of data to ensure compliance with extant laws and regulations.
3. Data Breach Policy. This policy is aimed at preventing, managing, assessing, reviewing, etc. data breach.
4. Configuration Management Policy. This Policy is to be approved by the AP’s or AC’s executive or board level information technology steering committee or an equivalent body not less than executive level.
5. Risk Management Framework. This Framework is to set out guiding principles for the management and mitigation of risks. Participants are to have a risk management committee which is to consist of at least three members of senior management cadre.

Rendition of Returns/Reporting Obligations

One of the ways CBN safeguards the privacy rights of customers and ensure data security under the Guidelines is by mandating ACs and APs to render periodic returns to the CBN. The returns are to state the volume and value of transactions, the number of users, success and failure rates, security and fraud incidents, downtime reports and any other information as CBN may require from time to time.

Participants are also required to introduce an incident reporting portal to enable easy, efficient, and fast reporting of cybersecurity breach incidents.

ACs and Aps are to provide monthly API Consumers Reports to each other indicating among other things, statistics of incidents/problems, SLA compliance and aggregate impact in downtime or loss of service, the number and category of Fraud and Disputes with accompanying SLA performance, and the excerpts of the problem register indicating new, existing, and resolved problems.

ACs and APs are also required to make ‘Customer Reports’ to customers who have subscribed to one or more ACs stating among other things, transcript of ACs activities on the use of customer-permissioned data shall be provided to the customers at the minimum every month or for a period less than a month as may be requested by a customer, a transcript of each AC’s activities against the customer’s account/wallet for at least the last 30 days, etc.

Data Sharing

The Data of individuals is an intangible yet sensitive asset. The Guidelines provide for rules for data sharing with other (outsourced) service providers as well as between APs and ACs. Before APs share the data of a customer with ACs, they are to obtain the consent of the customer and authenticate the consent to ensure it emanates from the customer. This is to be done by putting in place Two Factor Authentication (2FA). The AC on the other hand is also required to furnish the customer with certain information such as its legal name, CAC registration number, means of identification in the open banking registry, access type and duration, means of withdrawal of consent, etc. for the consent obtained to be valid.

Intellectual Property

The Guidelines make provisions on IP issues and stipulates that the IP rights in any data or other information would always remain with the participant/party whom such data emanated from. Thus, parties are to be mindful of this provision while drawing up Agreements to ensure that no clause runs contrary to this stipulation.

Resolution of Complaints

By the Guidelines, participants are to stipulate how customers can lodge their complaints during the customer’s onboarding. Where there is a complaint, participants are required to acknowledge receipt of the complaint within 24 hours and are to resolve the complaint within 48 hours of its receipt.

Conclusion

It is important to emphasize that the Guidelines only applies to the exchange of data for the purpose of providing innovative financial services in Nigeria. Any organization that controls the data of its customers is now allowed to exchange it with other entities for the purpose of providing innovative financial services in Nigeria. However, before the information of customers are shared, their consents must be obtained, authenticated by API provider, and validated by the API customer. The Guidelines provides minimum security measures and risk management systems to be put in place to protect the information of customers. It sets out rules that would guard against the violation of the privacy rights of customers while promoting efficiency, financial inclusion, healthy competition, and customers’ access to services available to them in the financial service industry.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post An Overview of CBN’s Operational Guidelines for Open Banking in Nigeria first appeared on Goldsmiths Solicitors.

The protection of IP in Nigeria is mostly governed by the Trademark Act, and the Patents and Designs Act and the agency responsible is the Trademarks, Patents and Designs Registry of the Federal Ministry of Trade & Investment.

Nature of Intellectual Property

According to World Intellectual Property Organisation (WIPO), Intellectual Property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.[i]

A person’s Intellectual Property may be protected as a patent, copyright or a trademark. Patent protects your inventions such as when you invent something innovative i.e. a new software e.g.  ChatGPT. Trademark protects the name, logo and symbols pertaining to your products or brand. Copyright protects your original works such as literary, musical, dramatic and artistic works, sound recordings, broadcasts including songs, movies, published articles, computer programmes, novels, etc. Patent and trademark must be registered before they can be protected from infringement or unauthorised use in Nigeria. Even though copyright can be registered in Nigeria, registration is not mandatory as original works are automatically protected when they are reduced into a definite form of expression from which it can be perceived, reproduced or communicated directly or with the aid of any machine or device.[ii]

The Benefits of Protecting your Intellectual Property

Intellectual property are assets and as a result they can be stolen, copied, adapted, and infringed upon in any possible way if not properly protected under the appropriate system created for their protection. The infringement would also not be redressable if the intellectual property is not protected.  A well protected intellectual property guarantees the owner the following benefits:

1. It protects your creativity as the author of the work. Protecting your intellectual property ensures that your creativity is not taken advantage of without your authorization, thus leading to loss of patronage from customer and loss of revenue.
2. IP protections gives you a right to the exclusive use of your intellectual property. Any unauthorised use by any other person is an infringement that gives you the right to proceed against them to stop the unauthorised use and claim damages.
3. Protecting your intellectual property protects your brand against reputational damage. Your intellectual property such as your brand name and logo distinguish your business and set it apart from your competitors. If your intellectual property is not protected, counterfeit goods could be sold or poor services delivered with your brand name and logo which would affect the reputation and overall goodwill of your business.
4. It is a source of revenue or income. IP helps you to make money when you license, sell, or commercialize your creations or inventions.
5. IP can be used as a security for example whilst raising funds for your business. For instance, patents of an invention can be used as a collateral for securing loan.

How to Protect your IP in Nigeria

It is very important that you take adequate measures to ensure you do not disclose your IP to anyone before they are fully registered . Your IP can be protected by registering it with the Trademarks, Patents and Designs Registry, and Nigerian Copyright Commission (NCC). For start-ups seeking investors, this should be done even before pitching your idea to any investor. Disclosure of your IP before registration could prejudice or affect your right over the IP if someone registers it before you. Most IP for example trademark and patent operates on the basis of “first to file” principle. Also ensure that your works that are eligible for copyright protection should be fixed in a definite form of expression before passing it to any other person.

Remedies for Breach of IP

The owner of an IP can seek available remedies in the court having jurisdiction where his IP has been infringed. The remedies available include:

1. Damages or account of profits. Damages could be awarded to compensate for the loss suffered as a result of the infringement. Alternatively, an account of profit could be ordered to enable the IP owner to recover all the profits made by the infringer from the unauthorised use of the IP.
2. This remedy operates to stop the infringer from continuing the unauthorised exploitation of the IP.
3. Delivery up for destruction. The court could make an order mandating the infringer to deliver up the infringing products and the devices used in making them for destruction.

Conclusion

Intellectual Property is an important asset, and its value can only be fully realized and enjoyed only when fully protected. Nigeria has proven to be a major global hub for innovations in tech, music, movies, etc. It is very important that you take adequate measures to ensure you do not disclose your IP to anyone before they are fully registered. Start-ups have to be particularly careful with the IP before pitching for investors. In the event that a protected IP is infringed, there are remedies available to the IP to the owner in the form of damages, injunction and destruction of the infringing products.

[i] https://www.wipo.int/about-ip/en/ accessed on 17/11/2021

[ii] Section 1 (2) (b) of the Nigerian Copyright Act LFN 2004

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post The Benefits of Protecting your Intellectual Property in Nigeria first appeared on Goldsmiths Solicitors.