This article provides an overview of the new law, it considers the objectives, application, principles guiding the processing of personal data, cross-border transfer of personal data and other key provisions.

Application of the Nigeria Data Protection Act

The Act applies to data controllers or data processors domiciled, resident or operating in Nigeria and the processing of personal data that occurs within Nigeria. It also applies to situations where the data controllers or data processors are not domiciled, resident or operating in Nigeria but are processing the personal data of data subjects in Nigeria.

The Act does not apply to the processing of personal data which is done solely for personal or household purposes by one or two more persons. The Act also does not apply to the processing of personal data necessary for the investigation, detection or prosecution of crimes or the prevention or control of a public health emergency, etc.

Objectives of the Act

The Act seeks to achieve the following objectives:

1. Safeguard the fundamental rights, freedoms and interest of data subjects as guaranteed under the Constitution.
2. Regulate the processing of personal data and ensures that personal data is processed in a fair, lawful and accountable manner.
3. Protect data subjects’ rights and provide means of recourse and remedies in the event of breach.
4. Ensure that data controllers and data processors fulfill their obligations to data subjects.
5. Establish an impartial, independent and effective regulatory Commission to superintend over data protection and privacy issues and supervise data controllers and data processors.

Establishment and Functions of the Nigeria Data Protection Commission

The Act established the Nigeria Data Protection Commission (“the Commission”) for the purposes of achieving the objectives of the Act. Thus, the Commission has the core functions of regulating the deployment of technological and organizational measures to enhance personal data protection, accredit, licence, and register suitable persons to provide data protection compliance services, register data controllers and data processors, receiving complaints relating to violations of the Act or any subsidiary legislations.

Principles of Processing Personal Data

Data controllers and data processors process personal data on the basis of care and accountability to data subjects. Accordingly, data controllers and data processors must act in a fair, lawful and transparent manner, collect data only for specified and legitimate purpose, hold and retain the data accurately, not longer than necessary, and generally ensure appropriate security measures are taken to secure the personal data.

Consent and Lawful Basis for the Processing of Personal Data

Consent of a data subject is very important for processing personal data. A data subject is a person whose information or data is being processed or sought to be processed. A data controller or data processor must obtain the consent of a data subject before processing his/her data, and it lies on the data controller or processor to prove that the data subject has given consent. The request for consent must be in a clear simple language and format with information that the data subject reserves the right to withdraw the consent at any time.  The consent must be freely and intentionally given either in writing, orally or through electronic means. Silence or inactivity does not amount to consent. In the case of a child, or person lacking legal capacity), the consent of a parent or guardian will suffice. The need to obtain consent of parent or guardian, may however not apply where the processing of personal data is necessary to protect the vital interests, or for the purpose of the education, medical or social care of such child or person lacking legal capacity, or where it is necessary for proceedings before a court.

The consent must be given for the specific purpose(s) for which personal data is processed, or where the processing is necessary for the following purposes:

1. For the performance of a contract to which the data subject is a party
2. For compliance with a legal obligation to which the data controller or data processor is subject
3. To protect the vital interest of the data subject or another person
4. For the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller or data processor
5. For the purposes of the legitimate interest pursued by the data controller or data processor, or by a third party to whom the data is disclosed.

Obligations of a Data Controller

• Obligation to Provide Information: A data controller has the obligation to provide certain necessary information to a data subject before collecting his personal data. The information which the data controller must provide to the data subject include the following:

1. Identity, residence or place of business and means of communication with the data controller and its representative.
2. Recipients or categories of recipients of the personal data
3. Existence of the rights of the data subject
4. Retention period for the personal data, etc.

The data controller shall make this information available by means of a privacy policy which should be expressed in a clear, concise, transparent, intelligible and easily accessible format.

• Data Privacy Impact Assessment Obligation: The assessment is a process designed to identify the risks and impact of processing personal data. A data controller is required to conduct a data privacy impact assessment where the processing of personal data may result in high risk to the rights and freedom of a data subject. This is to be conducted before the processing of personal data.
• Obligation to Erase Personal Data: A data controller has the obligation to erase the personal data of a data subject without undue delay where it is no longer necessary or where the data controller has no other lawful basis to retain the personal data.

Obligations of a Data Processor

Data controllers are engaged by data processors to process personal data. These data processors are also mandated to comply with the principles for the processing of personal data, assist the data controller to fulfill its obligation, implement appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data. Where a data processor engaged by a data controller further engages another data processor, the data processor directly engaged by the data controller is obliged to notify the data controller of its engagement with another data processor.

Data Protection Officers

Data controllers that process significant personal data are required to designate a person as a Data Protection Officer (DPO). The DPO may be an employee of the data controller or a person engaged by a service contract and must possess expert knowledge on data protection laws and practices. A DPO advises data controller, monitors compliance with the Act and related data protection policies of the data controller. The DPO also act as the contact point for the Commission on data processing issues.

Rights of Data Subjects

A data subject has the following rights with respect to the processing of his personal data by a data controller.

1. Right to Confirmation from a Data Controller. A data subject has the right to obtain from a data controller without constraint or unreasonable delay, confirmation as to whether the data controller or a data processor operating on its behalf is storing or otherwise processing personal data relating to the data subject and if so, the purpose of the processing, the recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, etc.
2. Right to receive a copy of his personal data in a commonly used electronic format.
3. Right to correction or deletion of the data subject’s personal data where correction is not possible where the personal data is inaccurate, out of date, incomplete or misleading.
4. Erasure of personal data of the data subject without undue delay
5. Right to restrict the processing of personal data
6. Right to withdraw consent to the processing of personal data at any time.
7. Right to object to the processing of personal data relating to the data subject.
8. The right to reject being subject to a decision based solely on automated processing of personal data.
9. The right to receive personal data in a structured, commonly used and machine-readable format and be able to transmit it to another data controller without any hindrance.

Data Security

Data controllers and data processors are required to implement appropriate technical and organisational measures to ensure the security, integrity and confidentiality of personal data in the possession. They must ensure that personal data are protected against accidental or unlawful destruction, loss, misuse, alteration, unauthorized disclosure or access.

The security measures that may be implemented to ensure personal data security include encryption, periodic assessments of risks to processing systems and services, regular testing, assessing and evaluation of the effectiveness of the measures, regular updating of the measures and introducing new measures to address shortcomings, etc.

Personal Data Breaches

Personal data breach is the breach of the security of a data controller or data processor which leads to or may lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or processed.

Data processors are required to notify data controllers or engaging data processors of personal data breaches which the data processors store or process upon becoming aware of it by describing the nature of the personal data breach and the number of data subjects and personal data records concerned and also respond to all information requests from the data controllers or the engaging data processors.

Data controllers should also notify the Commission of personal data breaches which are likely to result in a risk to the rights and freedoms of individuals within 72 hours of becoming aware of such breach. Data controllers are also to communicate the personal data breach to the data subjects in a plain and clear language including measures that could be taken by the data subjects to mitigate any possible adverse effects.

Data controllers and data processors are also required to keep a record of all personal data breaches, facts relating to the breaches, its effects and remedial actions taken.

Cross-border Transfers of Personal Data

Data controllers and data processors are not allowed to transfer or permit the transfer of personal data from Nigeria to another country unless:

1. The recipient is subject to a law, binding corporate rules, contractual clauses, code of conduct or certification mechanism that affords an adequate level of protection.
2. meets one of the lawful basis for transfer of personal data outside Nigeria.

The level of protection considered adequate must uphold the principles that are substantially similar to the conditions for processing personal data provided by the Act. An adequate level of protection is assessed by taking into account the existence of an effective data protection law, access of public authority to personal data, existence of an independent supervisory authority, etc.

Registration of Data Controllers and Data Processors

Data controllers and data processors of major importance are mandated to register with the Commission within six months after the commencement of the Act or upon becoming a data controller or data processor of major importance. Data controllers or data processors of major importance are data controllers or data processors that process personal data of particular value or significance to the economy, society or security and are resident or operating in Nigeria.

The Commission is required to maintain and publish a register of duly registered data controllers and data processors of major importance on its website. A data controller or data processor of major importance shall be removed from the register where it ceases operation.

Enforcement and Penalties

A data subject who is aggrieved by the action, inaction or decision of a data controller or processor may lodge a complaint with the Commission and it may investigate the complaint where it is not vexatious or frivolous.

The Commission may also issue a compliance order once it is satisfied that any requirement of the Act or subsidiary legislation has been violated or likely to be violated by a data controller or data processor. The order may be a warning, order to comply with the request of a data subject or a cease-and-desist order. The Commission may also issue an enforcement order or impose a sanction for violation of the Act or a subsidiary legislation.

The penalty or remedial fee for violation of the Act or subsidiary legislation is:

1. Higher maximum amount, which is the greater of N10,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor of major importance.
2. Standard maximum amount, which is the greater of N2,000,000 and 2% of its annual gross revenue in the preceding financial year, in the case of a data controller or data processor not of major importance.

Conclusion and Remarks

The Nigeria Data Protection Act, 2023 is an important piece of legislation and has been long in coming. It provides for the basic principles and the lawful bases for the processing and transfer of personal data in Nigeria and applies to both resident and non-resident data processors. It provides for the responsibilities of data controllers and data processors while also providing for the rights of data subjects. The processing of sensitive personal data and the personal data of children and persons lacking legal capacity to consent must follow the applicable principles as provided by the Act. Data security measures which are robust are expected to be put in place by data controllers and data processors to protect against the risk of personal data breaches. The Act creates the Nigerian Data Protection Commission which has the overall responsibility to ensure compliance and impose penalties where necessary. Both resident and non-resident data processors are advised to pay particular attention to this new legislation as they are now required to take specific steps to ensure compliance with the Act.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Better Late than Never: Nigeria Finally Passes the Data Protection Act first appeared on Goldsmiths Solicitors.

A Trademark is a unique sign or mark that distinguishes the goods and services of one business from another. A mark can either be a device, brand, heading, label, ticket, name, signature, word, letter, numeral, or any combination thereof. Most businesses, companies or organizations have distinctive marks that sets them apart from other businesses.

The relevant law that governs Trademark in Nigeria is the Trademarks Act, Laws of the Federation of Nigeria 2004 (LFN 2004). This article explains the procedure for the registration of trademarks, enforcement, and remedies for the infringement of trademarks in Nigeria.

Requirements for Registration of Trademark:

1. Applicant’s details (i.e., name, signature, nationality, and address).
2. Details of the trademark.
3. A representation of the mark.
4. The classification of goods and/or services (Nigeria uses the Nice Classification of Goods and Services).
5. A signed Power of Attorney

Procedures for Registering a Trademark:

1. Availability search: The first step is to conduct an availability search at the Trademark Registry to ensure that there are no marks similar or in conflict with the proposed mark.
2. Application: If there are no conflicts, an application for trademark registration is filed at the Trademark Registry. After submission of the application form and payment of the necessary fees, the Registrar issues an Acknowledgement Letter confirming receipt of the application.
3. Acceptance: Where the application is approved on the grounds that the mark is distinctive, a Letter of Acceptance will be issued within one to three months by the Registrar of Trademarks.
4. Publication and Certification: Upon the acceptance of the application, the Registrar ensures the notice of the application is published in the Nigerian Trademark Journal. The purpose of this publication is to notify interested parties who may have objections to the application. The opposition period is two months from the date of publication. Where there are no objections or where an objection raised has been upheld, the Applicant may proceed to make an application for the issuance of Certificate of Registration and subsequently, a Certificate of Registration would be issued by the Registrar of Trademarks.

A trademark once registered is valid in Nigeria for an initial period of 7 years in the first instance and subsequent renewals are valid for 14 years.

Trademark Infringement

A trademark is infringed when a person without consent from the trademark owner uses the mark or an identical mark in a way that is likely to deceive the public or cause confusion. Where such rights are infringed upon, the proprietor can institute an action in court for the infringement of such trademark. The court with jurisdiction for trademark proceeding in Nigeria is the Federal High Court. The burden of proof lies on the Proprietor of the trademark to show that his right has been infringed upon. Section 5 (2) Trademarks Act provides that:

“without prejudice to the generality of the right to the use of a trade mark given by such registration as aforesaid, that right shall be deemed to be infringed by any person who, not being the proprietor of the trade mark or a registered user thereof using it by way of the permitted use, uses a mark identical with it or so nearly resembling it as to be likely to deceive or cause confusion, in the course of trade, in relation to any goods in respect of which it is registered.”

The owner of an unregistered trademark on the other hand may institute an action for passing off where there is an infringement.

Enforcement of Rights and Available Remedies

The owner of a registered trademark can enforce his rights through the any of the following options:

1. Filing an opposition within 60 days of the publication in the Trademark journal against the registration of an identical or similar trademark. This is done by filing a Notice of Opposition, the Respondent is required to file a counter statement and the matter will be determined by the Registrar as to whether registration of the mark will be entertained or not. The notice must be in writing and must contain the grounds for the opposition.
2. Making a formal application to the Trademark Registrar for the cancellation of the trademark. This however should be supported with evidence of prior registration of the mark by the proprietor.
3. Sending a cease and desist letter to the infringer to inform him of the trademark that is being infringed and warning him to stop further violations of the mark. Where such infringer refuses, a legal action can be instituted.
4. Apply for a search and seize order where the infringement is known to the proprietor of the Trademark. It allows the owner the opportunity to enter the premises of the infringer without notice to seize all infringing goods.

Where the owner of a trademark commences legal action for the enforcement of his exclusive right to a trademark, the following remedies may be available through the courts:

1. The owner of the trademark can seek damages for compensation for losses suffered in relation to infringement of the trademark especially when such infringement impacts negatively on the owner’s business. The evidence must show a direct causal relationship between the infringement and actual harm.
2. Injunctive reliefs may be sought and granted. The court could prevent the infringer from further using the mark or may restrict usage of the mark to certain areas or impose certain conditions for its usage.
3. An Anton Pillar order can be sought to give access to the owner to enter the premises where the infringed goods are kept and take possession of it.
4. The court can also grant an order of account of profit to recover all the profits made by the infringer from the unauthorized use of the Trademark where such act amounts to gross loss of profit on the part of the owner.

Conclusion

The benefits of trademark registration generally and in Nigeria cannot be overemphasized. The certificate of trademark registration issued by the Registrar, is irrefutable evidence of registration of a mark and confers a right on the owner to use the trademark to the exclusion of others. Not only is a registered trademark protected under the law, but it also protects the identity and goodwill of the brand. The owner of a registered trademark can equally assign or transfer his trademark to an individual or corporate entity and generate revenue from it. Any infringement of the registered trademark could be met by an enforcement action and the registered trademark owner could get injunctive order or damages against the infringer.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Trademarks in Nigeria: Registration, Infringement and Enforcement first appeared on Goldsmiths Solicitors.

A Payment Solution Service Providers (PSSP) licence is a financial licence within the payments system which is issued by the Central Bank of Nigeria (CBN). A PSSP licence authorizes the licensee to provide and operate payment processing gateway and portals, solution/application development, and merchant service aggregation and collections services. A  PSSP license does not provide the authorization to hold customers’ funds or create and issue wallets. PSSPs are predominantly Financial Technology (FinTech) companies that enable  and facilitate  online and offline payments solutions which include collections, check-out, biller aggregation and payout services.

The CBN is the regulatory authority that issues PSSP licenses in Nigeria. The CBN also provides constant regulatory oversight over the activities of PSSP licensees in Nigeria.

Who can Apply for a PSSP Licence in Nigeria

Only a company that is duly registered with the Corporate Affairs Commission (CAC) in Nigeria and also meets the minimum share capital requirements and other regulatory requirements of the CBN can apply for a PSSP licence in Nigeria.

The Process of Obtaining a PSSP Licence from the CBN in Nigeria

A PSSP licence is processed in two stages viz:

• Approval-in-Principle (AIP): This is the preliminary stage of obtaining a PSSP license. During this stage, an application is to be made to the CBN for the grant of the license and they are expected to give an Approval-in-Principle or reject the application. Where an AIP is given, it is only valid for a period of six months. The AIP does not authorize the applicant to commence operation but only allows the applicant to take steps towards obtaining the final licence.
• Final Licence: The applicant is required to consolidate the AIP stage by taking steps to ensure its readiness for commencement of operation, notifying the CBN of its readiness to commence operation, by paying and applying for final licence. Upon the grant of the final licence, the applicant can commence its operations.

The process of obtaining a PSSP licence from the AIP stage to the final licence stage involves the following:

1. Write an application letter for a PSSP license which is addressed to the Director, Payments Systems Management Department of the CBN.
2. The application letter is accompanied with the required documents which include:

• Certificate of incorporation of the company with the Corporate Affairs Commission (CAC), with a share capital of N100,000,000 (One Hundred Million Naira)
• Memorandum and Articles of Association of the company
• Form CAC 2A (Return of Allotment of shares)
• Form CAC 7A (Particulars of Directors)
• Tax Clearance Certificate (TCC) and Tax Identification Number (TIN) of the Company
• Company’s profile
• Details of ownership
• Board structure
• Business plan
• Information Technology policy
• Dispute resolution framework
• Necessary certifications such as Payment Card Industry Data Security Standard (PCIDSS), Payment Terminal Service Aggregator (PTSA), etc.
• Evidence of payment of the non-refundable application fee of N100,000 (One Hundred Thousand Naira).
• Evidence of the deposit of the refundable minimum capital of N100,000,000 (One Hundred Million Naira). This is required to be made in full (one lump sum) and in the name of the applicant.

3. The CBN assesses the application for the PSSP licence and the accompanying documents and if it is satisfied with the application, it proceeds to grant an Approval-in-Principle.

4. Upon obtaining AIP from the CBN, the applicant then makes payment of the licence fee of N1,000,000 (One Million Naira) to the CBN designated account and proceeds to apply for a final licence within six months of obtaining AIP.

5. The CBN inspects the registered place of business of the applicant company and its readiness to commence operation and proceeds to issue the final licence if it is satisfied with the outcome of its inspection.

Validity and Renewal of PSSP Licence

PSSP licence validity period is as determined by the CBN and renewable if the operations of the PSSP licensee is satisfactory to the CBN. Recently, CBN renewed Cellulant’s PSSP licence and this shows the satisfaction of the CBN with the services of the company in providing payment solutions in Nigeria. Thus, the renewal of a PSSP licence by the CBN is a vote of confidence on the operation of a PSSP licensee.

Conclusion

A Payment Solution Service Providers (PSSP) licence is an important licence within the Nigerian payment systems which enables the provision of financial services such as the operation of payment processing gateway and portals which is utilized by merchants to accept debit or credit card purchases from customers. A PSSP licensee provides both online and offline payment solutions. A PSSP licence is obtainable from the CBN by submitting an application to the CBN and paying the required application and license fees within the stipulated timelines.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post How to Obtain a Payment Solution Service Providers Licence in Nigeria first appeared on Goldsmiths Solicitors.

By a Circular dated 7^th March 2023, the Central Bank of Nigeria (CBN) released the “Operational Guidelines for Open Banking in Nigeria” (‘the Guidelines’). The Guidelines set out rules for sharing the data/information of customers between participants in the open banking system. Although not defined in the Guidelines, open banking system may be defined as the exchange of the data of an entity’s customers with other entities for the purpose of providing innovative financial services. Thus, the Guidelines recognize the right of customers to privacy and data protection and set out the rules for engaging in open banking in Nigeria. It among other things, stipulates technical requirements/considerations for operating in the open banking system, identifies the risks associated with open banking to include cyber security, data privacy and integrity, product management, money laundering and regulatory compliance, and outlines the rules to manage these risks.

In this article, we highlight some salient provisions of the Guidelines such as who the participants in open banking are, the obligations of participants, regulatory oversight functions, policies/frameworks to be formulated by participants, reporting obligations, intellectual property issues and risk management.

Participants in Open Banking Operations

These are the organizations/persons who may engage in the exchange of customers’ data for the purpose of providing/receiving innovative financial services. Participants in open banking are classified based on the roles and the services they provide as follows:

1. API Providers;
2. API Customers; and
3. Customers.

API providers (APs) are those who use Application Programming Interface (API) to avail data or service to another participant. They can be licensed financial institutions, fast-moving consumer goods (FMCG) companies such as cosmetics, beverages, drugs, etc. companies, retailers, payroll service bureau, etc.

API Customers (ACs) are those that use API released by APs to access data or service. They are the recipients of API containing the data or service of other customers.

Customers as participants are the data owners who shall be required to provide consent for the release of their data for the purpose of accessing financial services. They may provide consent whilst filling out a form, etc.

Open Banking Registry

By the Guidelines the CBN is expected to maintain and provide an Open Banking Registry (‘the Registry’). The Registry is charged with regulatory oversight functions for participants in open banking. Participants in open banking are required to be registered with the Registry and their details are to be held by the Registry. The Registry is also to maintain an API interface which would serve as the primary means by which API providers manage the registration of their API customers.

Responsibilities of API Providers and API Consumers

The Guidelines set out several responsibilities which APs and ACs are expected to comply with. These responsibilities provide rules for ensuring accessibility of open banking systems and procedures, transparency, cybersecurity, privacy protection, etc.  Some of these responsibilities are:

1. Configuration management: APs and ACs are required to keep detailed inventory of open banking system configuration items in accordance with current Information Technology Infrastructure Library (ITIL) Standards. They are also to have automated configuration management (CM) processes and a configuration management policy.
2. Execution of a Service Level Agreement (SLA): They are required to execute an SLA which is to contain provisions on accounting and settlement, fee structure, reconciliation of bills, registration, and sponsorship responsibilities. The fee structure is also to be publicly disclosed on their websites and applications.
3. They are to ensure that all systems required for open banking are available, functioning optimally and meet up with the minimum standards on service monitoring, incident management, performance monitoring and event logging.
4. They are to ensure that they meet the minimum performance standards for open banking systems. The Guidelines outlines several key performance indicators (KPIs) to ascertain compliance with the minimum performance standards. One of such KPI is that where the average API total processing time is less than 3 seconds, it would be considered as ‘operational’, where it is less than or equal to 7 seconds, it would be considered as ‘suspect’, and where it is greater than 7 seconds, it would be considered as ‘critical’.
5. APs and ACs are required to maintain Business Continuity Plan (BCP) which are to among other things, indicate the architecture of the Online Transaction Processing (OLTP) and Online Analytical Processing (OLAP) infrastructure, trigger events, processes for failover and fail-back, and includes quarterly failover exercises and review of processes. The Guidelines also sets the threshold for failover and fail-back procedures as ’30 minutes of downtime’. They are also required to implement Disaster Recovery Plans (DRP) which may also be entrenched in the BCP. The plans are to be tested every 6 months. Whilst CBN is to oversee testing procedures, it is the responsibility of ACs and APs to provide the facilities for testing.
6. They are to ensure that they have problem management systems in place. The problem management system is aimed at managing incidents known to be recurring and which are not resolved under the SLAs. APs and ACs are to maintain a Problem Register which is to be made available to regulators, auditors, risk, and control teams within the organization. The problem management system is to be always electronic, or cloud based.
7. They are to ensure compliance with interface requirements. Some of these requirements are ensuring that interfaces between APs and ACs are 100% electronic, the data interchange format must be JavaScript Object Notation (JSON) and ensuring that the data standard for financial transactions are model based on ISO 20022 or any other global applicable minimum standard.
8. ACs and APs are to ensure that they maintain best competition practices. They are to comply with the provisions of section 2 of the Code of Conduct for the Nigerian Banking Industry which guards against unethical practices/unprofessional conducts by persons in the banking industry.
9. They are to ensure that the data in their possession is well protected and are to set up effective information security management systems and are to ensure compliance with technical security standards and minimum-security principles as contained in US NIST CSRC.
10. Change management obligations. They are required to collate change requirements and plan the changes for the next month. Changes to be made, whether pre-emptive or responsive are to be reported with sufficient details and in accordance with the prescribed notifications to be sent to all stakeholders that may be affected by such changes. The notifications are to be made in the following order:

• 24 hours before the intended change
• 1 hour before the intended change.
• Immediately the change has been completed and the services have been confirmed restored.
• 30 minutes after the change should have been completed but has been prolonged or failed.
• At the point of commencing a change rollback.
• When the services have been restored.

11. APs and ACs are required to have secure real-time communication platforms for first level incident responders within their organizations and respective ACs/APs for incident notification, investigation, and resolution. Emails are however not sufficient communication channels for incident management in open banking. The communication platforms are to accommodate text voice and video conferencing as effective modes of communication.

Termination of Agreement between Participants.

Any participant desirous of terminating a relationship is required to give the other party 20 business days’ notice of such termination. Where the relationship is terminated without notice due to fraud, abuse of service, etc. the AP is required to provide the AC with a report justifying the termination within 2 business days.

Policies/Frameworks to be Formulated under the Guidelines

ACs and APs are required to formulate the following policies:

1. Data Governance Policies. These policies are to govern the way APs and ACs handle the data of customers. They are to be approved by a committee of its Board of Directors or at minimum, an executive management committee.
2. Data Ethics Framework. The Data Ethics Framework is to provide the principles for collecting, collating, storing, analyzing, processing, etc. data. The Framework is also to provide consistent procedures for the documentation, verification, etc. of data to ensure compliance with extant laws and regulations.
3. Data Breach Policy. This policy is aimed at preventing, managing, assessing, reviewing, etc. data breach.
4. Configuration Management Policy. This Policy is to be approved by the AP’s or AC’s executive or board level information technology steering committee or an equivalent body not less than executive level.
5. Risk Management Framework. This Framework is to set out guiding principles for the management and mitigation of risks. Participants are to have a risk management committee which is to consist of at least three members of senior management cadre.

Rendition of Returns/Reporting Obligations

One of the ways CBN safeguards the privacy rights of customers and ensure data security under the Guidelines is by mandating ACs and APs to render periodic returns to the CBN. The returns are to state the volume and value of transactions, the number of users, success and failure rates, security and fraud incidents, downtime reports and any other information as CBN may require from time to time.

Participants are also required to introduce an incident reporting portal to enable easy, efficient, and fast reporting of cybersecurity breach incidents.

ACs and Aps are to provide monthly API Consumers Reports to each other indicating among other things, statistics of incidents/problems, SLA compliance and aggregate impact in downtime or loss of service, the number and category of Fraud and Disputes with accompanying SLA performance, and the excerpts of the problem register indicating new, existing, and resolved problems.

ACs and APs are also required to make ‘Customer Reports’ to customers who have subscribed to one or more ACs stating among other things, transcript of ACs activities on the use of customer-permissioned data shall be provided to the customers at the minimum every month or for a period less than a month as may be requested by a customer, a transcript of each AC’s activities against the customer’s account/wallet for at least the last 30 days, etc.

Data Sharing

The Data of individuals is an intangible yet sensitive asset. The Guidelines provide for rules for data sharing with other (outsourced) service providers as well as between APs and ACs. Before APs share the data of a customer with ACs, they are to obtain the consent of the customer and authenticate the consent to ensure it emanates from the customer. This is to be done by putting in place Two Factor Authentication (2FA). The AC on the other hand is also required to furnish the customer with certain information such as its legal name, CAC registration number, means of identification in the open banking registry, access type and duration, means of withdrawal of consent, etc. for the consent obtained to be valid.

Intellectual Property

The Guidelines make provisions on IP issues and stipulates that the IP rights in any data or other information would always remain with the participant/party whom such data emanated from. Thus, parties are to be mindful of this provision while drawing up Agreements to ensure that no clause runs contrary to this stipulation.

Resolution of Complaints

By the Guidelines, participants are to stipulate how customers can lodge their complaints during the customer’s onboarding. Where there is a complaint, participants are required to acknowledge receipt of the complaint within 24 hours and are to resolve the complaint within 48 hours of its receipt.

Conclusion

It is important to emphasize that the Guidelines only applies to the exchange of data for the purpose of providing innovative financial services in Nigeria. Any organization that controls the data of its customers is now allowed to exchange it with other entities for the purpose of providing innovative financial services in Nigeria. However, before the information of customers are shared, their consents must be obtained, authenticated by API provider, and validated by the API customer. The Guidelines provides minimum security measures and risk management systems to be put in place to protect the information of customers. It sets out rules that would guard against the violation of the privacy rights of customers while promoting efficiency, financial inclusion, healthy competition, and customers’ access to services available to them in the financial service industry.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post An Overview of CBN’s Operational Guidelines for Open Banking in Nigeria first appeared on Goldsmiths Solicitors.

The protection of IP in Nigeria is mostly governed by the Trademark Act, and the Patents and Designs Act and the agency responsible is the Trademarks, Patents and Designs Registry of the Federal Ministry of Trade & Investment.

Nature of Intellectual Property

According to World Intellectual Property Organisation (WIPO), Intellectual Property (IP) refers to creations of the mind, such as inventions; literary and artistic works; designs; and symbols, names and images used in commerce.[i]

A person’s Intellectual Property may be protected as a patent, copyright or a trademark. Patent protects your inventions such as when you invent something innovative i.e. a new software e.g.  ChatGPT. Trademark protects the name, logo and symbols pertaining to your products or brand. Copyright protects your original works such as literary, musical, dramatic and artistic works, sound recordings, broadcasts including songs, movies, published articles, computer programmes, novels, etc. Patent and trademark must be registered before they can be protected from infringement or unauthorised use in Nigeria. Even though copyright can be registered in Nigeria, registration is not mandatory as original works are automatically protected when they are reduced into a definite form of expression from which it can be perceived, reproduced or communicated directly or with the aid of any machine or device.[ii]

The Benefits of Protecting your Intellectual Property

Intellectual property are assets and as a result they can be stolen, copied, adapted, and infringed upon in any possible way if not properly protected under the appropriate system created for their protection. The infringement would also not be redressable if the intellectual property is not protected.  A well protected intellectual property guarantees the owner the following benefits:

1. It protects your creativity as the author of the work. Protecting your intellectual property ensures that your creativity is not taken advantage of without your authorization, thus leading to loss of patronage from customer and loss of revenue.
2. IP protections gives you a right to the exclusive use of your intellectual property. Any unauthorised use by any other person is an infringement that gives you the right to proceed against them to stop the unauthorised use and claim damages.
3. Protecting your intellectual property protects your brand against reputational damage. Your intellectual property such as your brand name and logo distinguish your business and set it apart from your competitors. If your intellectual property is not protected, counterfeit goods could be sold or poor services delivered with your brand name and logo which would affect the reputation and overall goodwill of your business.
4. It is a source of revenue or income. IP helps you to make money when you license, sell, or commercialize your creations or inventions.
5. IP can be used as a security for example whilst raising funds for your business. For instance, patents of an invention can be used as a collateral for securing loan.

How to Protect your IP in Nigeria

It is very important that you take adequate measures to ensure you do not disclose your IP to anyone before they are fully registered . Your IP can be protected by registering it with the Trademarks, Patents and Designs Registry, and Nigerian Copyright Commission (NCC). For start-ups seeking investors, this should be done even before pitching your idea to any investor. Disclosure of your IP before registration could prejudice or affect your right over the IP if someone registers it before you. Most IP for example trademark and patent operates on the basis of “first to file” principle. Also ensure that your works that are eligible for copyright protection should be fixed in a definite form of expression before passing it to any other person.

Remedies for Breach of IP

The owner of an IP can seek available remedies in the court having jurisdiction where his IP has been infringed. The remedies available include:

1. Damages or account of profits. Damages could be awarded to compensate for the loss suffered as a result of the infringement. Alternatively, an account of profit could be ordered to enable the IP owner to recover all the profits made by the infringer from the unauthorised use of the IP.
2. This remedy operates to stop the infringer from continuing the unauthorised exploitation of the IP.
3. Delivery up for destruction. The court could make an order mandating the infringer to deliver up the infringing products and the devices used in making them for destruction.

Conclusion

Intellectual Property is an important asset, and its value can only be fully realized and enjoyed only when fully protected. Nigeria has proven to be a major global hub for innovations in tech, music, movies, etc. It is very important that you take adequate measures to ensure you do not disclose your IP to anyone before they are fully registered. Start-ups have to be particularly careful with the IP before pitching for investors. In the event that a protected IP is infringed, there are remedies available to the IP to the owner in the form of damages, injunction and destruction of the infringing products.

[i] https://www.wipo.int/about-ip/en/ accessed on 17/11/2021

[ii] Section 1 (2) (b) of the Nigerian Copyright Act LFN 2004

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post The Benefits of Protecting your Intellectual Property in Nigeria first appeared on Goldsmiths Solicitors.

2022 has been an incredibly busy and exciting year in the Nigerian legal and regulatory environment. There were major and far-reaching changes ushered in by the regulatory authorities particularly the Central Bank of Nigeria (CBN). There were also major developments relating to Banking and Finance, Competition and Consumer Protection, Startups, Capital Markets, Insolvency, etc. In this article, we have highlighted some of the major legal, regulatory, and judicial changes that occurred in 2022. This article is divided into four parts representing four quarters of the year. In each quarter, we deal with all the major legal changes that occurred therein.

1^st Quarter (January – March 2022)

A remarkable feature of the first quarter was the issuance of regulations/guidelines by the CBN. Within this period, the Electoral Act 2022 was also signed into law by the President. The new Electoral Act introduced important changes to the conduct of elections Nigeria. Below are some of the highlights of the 1^st quarter:

• The Central Bank of Nigeria (CBN) Guidelines on the Introduction of E-evaluator, e-invoicing for Import and Export in Nigeria. Although the Guidelines were issued in January, it became operative on 1 February 2022 and requires the submission of an electronic invoice authenticated by the Authorised Dealer Bank for all import and export operations. The electronic invoice replaces the usual hardcopy final invoice.
• On 11 January 2022, President Muhammadu Buhari approved the establishment of the Nigerian Diaspora Investment Trust Fund, a private sector investment window for Nigerians in the diaspora to support direct investments in the country.
• On 18 January 2022, the Lagos State Government introduced the Consolidated Informal Transport Sector Levy to harmonize the taxes paid by transporters to the state government.
• On 26 January 2022, the Federal High Court in the case of Attorney General of Rivers State v. Attorney General of Federation and 3 Others, invalidated deductions by the Federal Government from the Federation Account for funding the Nigeria Police Trust Fund.
• The Central Bank of Nigeria Operating Guidelines for RT200 Non-Oil Export Proceeds Repatriation Rebate Scheme. This is a programme designed and introduced by the CBN to incentivize exporters in the non-oil export sector with the goal of raising $200 billion in FX over the course of the next three years.
• The Central Bank of Nigeria Guidelines for Regulation and Supervision of Credit Guarantee Companies in Nigeria. The Guidelines seeks to ensure a conducive environment for Micro, Small and Medium Enterprises (MSMEs) to be able to access credit at low interest rates from banks and financial institutions. The requirements for obtaining a license and also the activities which are permitted and not permitted by the license are contained in the Guidelines.
• On 7 February 2022, the Lagos State Governor signed the Lagos State Real Estate Regulatory Authority Bill into Law. The law introduced significant changes to the real estate landscape in Lagos State by mandating the registration of real estate practitioners.
• Electoral Act (Amendment) Act 2022 (the Electoral Act). The new Electoral Act was signed into law on 25 February 2022 by President Muhammadu Buhari. The Electoral Act empowers the Independent National Electoral Commission (INEC) to transmit election results electronically. Section 84 (12) of the Act, prohibits appointees of government, government officials from holding office while vying or contesting at party primaries.
• On 4 March 2022, the CAC stated in a circular that schools and other institutions would no longer be registrable as business names. This means they can now only be registered as a company pursuant to the Companies and Allied Markets Act 2020.
• On 23 March 2022, the Nigerian Communications Commission (NCC) issued the License Framework for the Establishment of Mobile Virtual Network Operators in Nigeria.

2^nd Quarter (April – June 2022)

This quarter witnessed a high level of enactment of laws and the issuance of regulations by the regulatory authorities. Importantly, three laws were passed to deal with the issues of corruption and terrorism in Nigeria. One of these laws (Money Laundering [Prevention and Prohibition] Act 2022) prompted the issuance of a guidelines by the CBN to bring its AML/CFT regulations in compliance with the requirements of the new law. The Securities and Exchange Commission (SEC) also issued a guideline to regulate digital and virtual assets. Below are some of the highlights of the 2^nd quarter:

• On 6 April 2022, the President signed Executive Order 11 which mandates government to institutionalize maintenance of public buildings. The National Biotechnology Development Agency Act, 2022 was also signed on the same day. The law provides the legal framework for the established agency to carry out research and create public awareness in biotechnology to encourage private sector participation.
• On 24 April 2022, the Corporate Affairs Commission announced the approval of the Insolvency Regulations 2022 by the Minister of Industry, Trade and Development. The regulations govern insolvency proceedings under the Companies and Allied Matters Act 2020.
• On 12 May 2022, the President signed the Money Laundering (Prevention and Prohibition) Act, 2022, the Proceeds of Crime (Recovery and Management) Act, 2022, and the Terrorism (Prevention and Prohibition) Act, 2022.
• The Central Bank of Nigeria Exposure Draft Guidelines for Open Banking in Nigeria. These Guidelines are aimed at enhancing competition and innovation in the banking system. It established the principles for data sharing across the banking and the payments system and broadened the range of financial products and services available to bank customers.
• The Central Bank of Nigeria Guidelines for the Registration and Operation of Bank Neutral Cash Hubs (BNCH) in Nigeria. The Guidelines are aimed at  reducing the risks and cost borne in the course of cash management and to also enhance cash management efficiency. The registration of a BNCH is to be undertaken in two stages of obtaining CBN Approval-in-Principle and final approval. The BNCH are to be licensed to take deposit and disburse high volume cash on behalf of financial institutions but cannot carry out lending activities, receive or disburse foreign currency or sub-contract their operation.
• Revised Guidelines for the Operation of Non-Interest Financial Institutions’ Instruments by the Central Bank of Nigeria. These Guidelines replaced the 2012 Guidelines and were issued to regulate the issuance of non-interest instruments by Non-Interest Financial Institutions (NIFIs) while also stipulating the requirements and terms of operation for NIFIs.
• The Central Bank of Nigeria (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction in Financial Institutions) Regulations, 2022. The CBN issued the Regulations to bring its regulations on anti-money laundering and combatting the financing of terrorism to be in compliance with the Money Laundering (Prevention and Prohibition) Act, 2022 and safeguard the financial institutions from being used for financial crimes.
• The Securities and Exchange Commission issued the Rules on the Issuance, Offering Platforms and Custody of Digital Assets. The Rules were issued by SEC on 13 May 2022 and provide for the issuance of digital assets, registration requirements for Digital Assets Offering Platforms (DAOPS) and Digital Assets Custodians (DAC) among others.
• On 25 May 2022, the Federal High Court in the case of Femi Davies v. National Broadcasting Commission, nullified the National Broadcasting Code (6^th Edition) through which the National Broadcasting Commission (NBC) sought to regulate the practice of advertising in Nigeria. The court held that it was beyond the power of the NBC to regulate advertisement.

3^rd Quarter (July – September 2022)

The regulatory authorities in the banking and finance sector, particularly the CBN, were very active in issuing one form of guidelines or the other. The Federal Competition and Consumer Protection Commission (FCCPC) issued a guideline to regulate the activities of digital money lenders after a series of predatory practices by many digital money lenders. There was also a judgement of the Court of Appeal which re-affirmed the power of the Federal Inland Revenue Service to collect VAT from hoteliers. Below are some of the highlights of the 3^rd quarter:

• The Central Bank of Nigeria Review of the Industry Quick Response (QR) Code Presentment Options. The review was done by the CBN to enhance the flexibility offered by the use of QR codes in payments. The review provides that the implementation of the QR code for payments shall be based on either merchant-presented or consumer-presented modes.
• The Central Bank of Nigeria Exposure Draft on the Digital Financial Services Awareness Guidelines. This was developed to address gaps in consumer knowledge and practices with Digital Financial Services (DFS). The Guidelines provides for a set of principles and expectations for financial service providers to integrate in the provision of DFS to ensure consumer understanding, good treatment and positive outcomes.
• On 1 July 2022, the Court of Appeal set aside the judgement of the Federal High Court in the case of The Registered Trustees of Hotel Owners and Managers Association of Lagos v. Attorney General of Lagos State which invalidated the powers of the Federal Inland Revenue Service (FIRS) to collect Value Added Tax (VAT) from hoteliers and held that the collection of the tax is in the purview of the state government. The Court of Appeal has now held that it is the FIRS that has the authority to collect VAT. See Federal Inland Revenue Service v. The Registered Trustees of Hotel Owners and Managers Association of Lagos.
• Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending 2022. The regulations were issued by the FCCPC on 18 August 2022 to provide the FCCPC’s approach to regulating the digital lending space and makes provisions for the requirements for approval/registration to carry out the business of digital lending in Nigeria. Thus, by this Framework and Guidelines, institutions engaged in digital lending activities are to be registered with the FCCPC.
• The Revised Handbook on Expatriate Quota Administration 2022 (the Revised Handbook). On 31 August 2022, the Federal Ministry of Interior announced the issuance of the Revised Handbook. The Handbook increased the minimum share capital requirement of a company wishing to apply for business permit from N10,000,000 to N100,000,000. It also reduced the lifespan of Expatriate Quotas (EQs) from ten to seven years. However, the provisions of the Handbook are yet to be operational.
• The Advertising Regulatory Council of Nigeria (ARCON) banned the use of foreign voice-over artists and models on any advertisement which targets the Nigerian advertising space. The ban took effect on 1 October 2022.

4^th Quarter (October – December 2022)

The Nigeria Startup Act was enacted during this quarter, and it represents a remarkable achievement towards incentivizing startups in Nigeria through the incentives and programmes dedicated to spur the growth of startups in Nigeria. A sport policy was also developed and approved with the motive to position the sport sector to generate revenue while standardizing it. The CBN was also active with the issuance of several guidelines and regulations to regulate players in the Nigerian financial services sector. Below are some of the highlights of the 4^th quarter:

• Exposure Draft Guidelines for the Regulation of Representative Offices of Foreign Banks in Nigeria. The Guidelines stipulate how a representative office of foreign banks can be licensed in Nigeria. It enumerates the activities they can validly engage in in Nigeria such as marketing the products and services of their foreign parent or affiliate and states that they cannot engage directly in any financial transaction.
• Exposure Draft Guidelines on Contactless Payments in Nigeria. The Guidelines provide the minimum standards and requirements for the operation of contactless payments and specified the roles of stakeholders such as acquirers, issues, payment schemes, merchants, etc.
• Nigeria Startup Act 2022. On 19 October 2022, the Nigeria Startup Act, 2022 was signed into law. The law aims to provide an enabling environment for the establishment, development, and operation of startups in Nigeria and to position Nigeria’s startup ecosystem as the leading digital technology centre in Africa.
• National Sports Industry Policy (NSIP) 2022 – 2026. On 2 November 2022, the Federal Executive Council (FEC) approved the National Sports Industry Policy (NSIP) 2022 – 2026. The policy contains provisions on governance regulations, infrastructure development plans, incentives for private investors, etc. aimed at standardizing the Nigerian sport sector and thereby generating revenue.
• CBN Naira Redesign Policy – Revised Cash Withdrawal Limits. Citing the need to combat fraud, corruption, terrorism and to ensure that most of the money in circulation are within the banking vault, the CBN issued the policy document on 6 December 2022 to reduce the daily and weekly cash withdrawal limit and also to introduce certain requirements for withdrawing across the counter beyond the set limit at the rate of 5% fee for individuals and 10% for corporate organizations. The revision of the cash withdrawal limits was done by the CBN pursuant to the recent redesign of the Nigerian currency i.e. N200, N500 and N1,000 notes. Coming less than three months before the next general elections in Nigeria, this policy has received a lot of resistance from the political class.

Conclusion

2022 has been a remarkable year in the Nigerian legal and regulatory space and saw the enactment of the Start Up Act, the redesign of the Naira and the introduction of far-reaching regulations especially by CBN aimed and tackling corruption, fraud and financial crimes.

We use this opportunity to wish all our clients a very Merry Christmas and best wishes for the New Year 2023. Thank you all for your support.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post Goldsmiths Solicitors – Legal Recap for the Year 2022 first appeared on Goldsmiths Solicitors.

This article provides an insight into the provisions of the Guidelines.

What is Contactless Payment?

According to the Guidelines, contactless payment is a payment system that involves the use of contactless technology that enables an alternative payments method whereby payment instruments such as pre-paid, debit and credit cards, stickers, fobs, wearable devices, tokens and mobile electronic devices are used without physical contact with devices.

Aims of the Guidelines

The guidelines aim to provide the minimum standards and requirements for the operations of contactless  payments in Nigeria, and also specify the roles and responsibilities of the stakeholders involved in contactless payments in Nigeria.

Who are the Participating Stakeholders?

The participating stakeholders in contactless payments in Nigeria are:

1. Acquirers
2. Issuers
3. Payment Schemes
4. Card Schemes
5. Switching Companies
6. Payments Terminal Service Providers (PTSPs)
7. Payments Terminal Service Aggregator (PTSA)
8. Merchants
9. Terminal Owners
10. Customers
11. Any other stakeholder/participant(s) as may be designated by the CBN.

The stakeholders are required to obtain CBN’s approval for contactless payments products and for innovative use cases and value-added services.

Minimum Standards for Contactless Payments in Nigeria

The participating stakeholders that process and/or store customers’ information are obliged to ensure that their terminals, applications and processing systems comply with the below standards at the minimum:

1. PA DSS – Payment Application Data Security Standard
2. PCI PED – Payment Card Industry Pin Entry Device
3. PCI DSS – Payment Card Industry Data Security Standard
4. Triple DES – Data Encryption Standards shall be the benchmark for all data transmitted and authenticated between each party. The Triple DES algorithm is the minimum standard.
5. AES – Advanced Encryption Standards
6. EMV – the deployed infrastructure must comply with the minimum EMV requirements for Contactless acceptance
7. ISO27001 – Information Security Management System
8. Other standards as may be specified by CBN from time to time.

Each participating stakeholder (operator) is mandatorily required to maintain valid certification to the above standards and regularly review the status of its systems, applications, networks and devices, to ensure they remain compliant.

Roles and Responsibilities of Stakeholders

The Guidelines provide for the separate roles and responsibilities of the stakeholders as follows:

Acquirers

Some of the roles and responsibilities of acquirers with respect to contactless payments in Nigeria include:

1. Only CBN licensed institutions can serve as acquirers for contactless payments.
2. Acquirers shall ensure that their applications, instruments, tokens and devices meet current standards and specifications for contactless payments.
3. Acquirers shall execute contactless payments agreements with parties for utilizing contactless platforms for payments.
4. Acquirers shall be able to accept all cards or payments instruments used in Nigeria.

Issuers

Some of the roles and responsibilities of Issuers with respect to contactless payments in Nigeria include:

1. Only CBN licensed institutions shall serve as Issuers for contactless payments.
2. Issuers shall ensure that activation of contactless payment is at customer’s instance, and with full consent.
3. Issuers shall ensure that their applications, instruments, tokens and devices meet current standards and specifications for contactless payments.
4. Issuers shall activate only accounts and wallets with Bank Verification Number (BVN).
5. Issuers shall ensure that transaction limits are strictly adhered to.

Payment Schemes and Card Schemes

Payment Schemes and Card schemes have the same roles and responsibilities with respect to contactless payments in Nigeria. These roles and responsibilities include:

1. Ensuring that all contactless transactions are processed online or submitted via current processing specifications.
2. Implement a documented risk management process to identify and treat risks associated with contactless payments.

Switching Companies

Switching companies have the responsibility of ensuring that contactless transactions consummated by all payment instruments issued in Nigeria are successfully switched between acquirers and issuers.

Payment Terminal Service Providers (PTSPs)

Some of the roles and responsibilities of PTSPs with respect to contactless payments in Nigeria include:

1. Ensuring that all their terminals for contactless payments are functional at all times.
2. Ensure they have adequate support infrastructure that support coverage for merchants.
3. Ensure all deployed devices and terminals have support service contact information.
4. Prevent instrument clashes even when multiple contactless payments devices are present.

Payment Terminal Service Aggregator (PTSA)

The PTSA shall, on an annual basis, or more frequently, certify POS terminals for contactless payments to ensure POS terminals meet the approved standard for the industry and also put in place a risk management process.

Merchants

Some of the roles and responsibilities of merchants with respect to contactless payments in Nigeria include:

1. Ensuring that deployed devices and applications are available for contactless payments of goods and services.
2. Merchants shall be held liable for fraudulent contactless payments arising from negligence/connivance.
3. Contactless payment transaction value and associated charges shall be clearly communicated to the customer prior to consummation of the transaction.
4. Display the contactless symbol

Terminal Owners

Terminal owners are to ensure that all terminals and devices are compliant with appropriate minimum specifications and also ensure the implementation of a documented risk management process.

Customers

Customers have the option to opt-in by applying and consenting to applicable terms and conditions and can withdraw without prior notice to the issuer. Customers are also obliged to authenticate contactless payments transaction as may be required, exercise due diligence in carrying out contactless payments transactions and protect their payments instruments from unauthorized use.

Transaction Limit

The CBN is to determine the appropriate transaction and cumulative daily limits for contactless payments from time to time. However, stakeholders are permitted to set limits in line with CBN’s limits.

Contactless payment transactions below stipulated daily limits may not require customers’ authorization such as token, biometrics, pin, etc. while higher-value contactless payments shall require customer verification such as pin, mobile code, biometric, etc.

Sanctions and Penalties

Stakeholders are required to comply with the provisions of the Guidelines and other relevant regulations of the CBN. Failure to comply attract appropriate sanctions and penalties as may be determined by the CBN.

Conclusion

The Exposure Guidelines provides a regulatory framework for the activities and conduct of affairs of the stakeholders in the contactless payments system in Nigeria. When the Guidelines become operational, all stakeholders will be required to conduct their affairs and carry out their roles in accordance with the minimum set standards under the Guidelines.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post An Overview of the Central Bank of Nigeria Exposure Draft Guidelines on Contactless Payments in Nigeria first appeared on Goldsmiths Solicitors.

What is a Startup?

A Startup is defined in the Act as “a Company in existence for not more than 10 years, with its objectives being the creation, innovation, production, development or adoption of a unique digital technology innovative product, service or process”.

Regulatory Authorities and Structures under the Nigerian Startup Act.

The Act introduces several Authorities and structures which are responsible for the administration and development of startups in Nigeria. These established regulatory Authorities are distinct from other regulatory bodies which regulate the various sectors in which a startup may operate in Nigeria. Some of these Authorities and structures are:

• The National Council for Digital Innovation and Entrepreneurship (the ‘Council’).

The Act establishes the Council and empowers it to formulate policies for the realization of the objectives of the Act. The Council consists of about 13 members including the President and Vice President of Nigeria who are to respectively serve as Chairman and Alternate Chairman of the Council. The Council is also to appoint a Council Agent who is to submit reports on the status of programmes implemented to the Council.

• The National Information Technology Development Agency (NITDA)

The NITDA functions as Secretariat and is the operational arm of the Council. It is to be chaired by the Director General of NITDA. As part of its duties, the Secretariat is required to manage the process of startup labelling and establish a Startup Support and Engagement Portal to provide support to startups.

• The Startup Support and Engagement Portal (the ‘Portal’).

The Portal is to serve as a platform and may be described as a one-stop shop through which startups conduct their registration process with the relevant Ministries, Departments and Agencies (‘MDAs). The activities of the Startup Portal are to be administered by a Coordinator to be appointed by the Secretariat with the approval of the Council.

• The Startup Consultative Forum (the ‘Forum’).

The Forum is to be set up on the Startup Portal to provide a platform for information sharing and collaboration among startups. It is to comprise of industry stakeholders including representatives from labelled startups, venture capitalists and angel investors.

• Accelerators and Incubator and Innovation Hubs.

The Secretariat is to establish accelerator and incubator programmes for startups. An accelerator is a fixed-term cohort programme designed to provide startups with mentorship and educational assistance, while an incubator on the other hand is a company, partnership or NGO whose primary object is to support the establishment and development of startups, promotion of innovation, and related activities through the offer of dedicated physical spaces and services. The Council is also to issue a framework for the establishment and operation of startup innovation clusters, hubs, physical and virtual innovation parks in each state of the Federation. The Hub is to promote collaboration among startups and between startups and big companies.

Startup Labelling

A company, sole proprietorship or partnership may be issued a certificate by the Secretariat labelling it as a startup and thus, making it entitled to incentives provided under the Act. To be eligible for startup labelling, the following conditions must be met:

1. In the case of a company, the company ought to be in existence for not more than 10 years from the date of its incorporation;
2. Its objects ought to be that of innovation, development, production, improvement and commercialization of a digital innovative product or process;
3. It is to be a holder or repository of a digital technology product or process, or the owner or author of a registered software;
4. At least one of its founders or co-founder is to be a Nigerian who would share from the profit or revenue from the sale of shares.

It is vital to note that the provisions of the Act including the startup labelling will not apply to an organization that is a holding company or a subsidiary of a company which is not registered as a startup.

Procedure for the application for a Startup Label

A startup desirous of being so labelled is required to make an application in the prescribed form on the Startup Portal which is to be established by the Secretariat with the approval of the Council. This application is to be supported by documents and fee to be prescribed by the Secretariat.

Validity/Duration of the Startup Label

The startup label when issued is valid for 10 years from the date of issuance. Startups so labelled are expected to comply with specified obligations. Where a labelled startup fails to comply with its obligations, the Coordinator may notify the startup of its default and the startup is expected to rectify the default within 30 days of being notified. Where the startup remains in default after the 30-days period, its label may be withdrawn.

A startup whose label has been withdrawn may only re-apply to the Secretariat for re-issuance once the default has been rectified.

Obligations of Startups under the Act

Startups are to fulfil specific obligations to enable them enjoy the benefits and incentives granted under the Act. They are to:

1. Comply with extant laws governing businesses in Nigeria, such as the Companies and Allied Matters Act, 2020;
2. Comply with obligations set out by the coordinator after the issuance of the startup label;
3. Notify the Coordinator of any changes in its structure or objects within a month from the date of such change;
4. Provide information annually on the number of human resources, total assets and annual turnover achieved from the period the startup label was granted;
5. Maintain proper book of accounts in accordance with reporting obligations under extant laws and regulations;
6. Provide an annual report on incentives received and advancements made by virtue of the incentives.

Incentives provided under the Act

The Act makes provision for various tax and fiscal incentives to labelled startups. These incentives cuts across reliefs for the labelled startups, their employees, service providers and investors. They are:

1. The Pioneer Status Incentive Scheme.

Labelled startups that fall within industries provided under the list of Pioneer industries and products as provided under the List of Pioneer Industries and Products, 2017 or any subsequent law may apply to the Nigerian Investment Promotion Commission (NIPC) for the grant of reliefs and incentives under the scheme. An example of startups that may benefit from this Scheme are companies involved in the development of ready-made software. A startup qualified to benefit from this scheme may enjoy a renewable 3-year tax holiday.

2. Four years tax holiday.

Labelled startups may be exempted from any form of income taxation for a period of four (4) years from the date of the issuance of the startup label. The Ministry of Finance is expected to provide simplified requirements for startups to benefit from this incentive.

3. 5% tax relief on assessable profits.

To benefit from this additional tax relief, the labelled startups is to have at least 10 employees of which 60% are employees without any form of work experience and who are within 3 years of graduating from school or any vocation within the assessment period. This tax relief is valid for a maximum period of five years.

4. Export incentives for labelled startups involved in exportation of products and services.

Startups deemed eligible under the Export (Incentives and Miscellaneous Provisions) Act are also entitled to export incentives and financial assistance from the Export Development Fund, Export Expansion Grant, and the Export Adjustment Scheme Fund.

5. Investment Credit Tax.

This relief is applicable to angel investors, venture capitalists, private equity fund, accelerators or incubators of a labelled startup and entitles them to tax credit equivalent to 30% of their investment.

6. Exemption from Capital Gains Tax (CGT) on disposal of assets by investors.

The Act exempts investors from taxation upon the disposal of its assets in a startup.

7. Exemption on the Personal Income Tax of employees.

The Act exempts eligible employees from remitting 35% of their personal income for a period of 2 years from the date of engagement by the labelled startup. However, the Act does not provide the requirements for eligibility but gives the Secretariat and the Joint Tax Board the responsibility of determining  the requirements for eligibility.

8. Reduction of withholding tax for foreign entities who are service providers of labelled startups.

Foreign entities that provide technical, consulting, professional or management services to a labelled startup is required to pay 5% withholding tax as opposed to the 10% withholding tax applicable to service providers. This tax shall be the final tax to be paid by the foreign entity.

Funding for Startups under the Act

Some of the funding arrangement provided under the Act are:

1. The Startup Investment Seed Fund (‘the Fund’).

The Act establishes the Fund which is to be managed by the Nigeria Sovereign Investment Authority (‘the Fund Manager’). A sum of at least N10,000,000,000 (Ten Billion Naira) is to be paid annually into the Fund which would be utilized to provide financial support to startups and reliefs to accelerators, incubators and hubs.

2. Access to Government funds and the Credit Guarantee Scheme (CGS).

The Act establishes the CGS with the primary objective of providing accessible financial support to labelled startups. The Act also directs the Secretariat to ensure that labelled startups have access to grants and loan facilities administered by the Central Bank of Nigeria (CBN) and other bodies empowered to assist MSMEs.

The Startup Portal as a One-stop Shop for Labelled Startups.

The major function of the Startup Portal to be set up by the Secretariat is to act as a one-stop shop for startups to register with the MDAs regulating some sectors in Nigeria. The Act charges the Secretariat to collaborate with some regulatory bodies in setting up sections on the startup portal for the registration and administration of the activities of labelled startups with these bodies. These regulatory bodies are the Corporate Affairs Commission (CAC), the National Office for Technology Acquisition and Promotion (NOTAP), the National Copyright Commission and the Trademark, Patent and Designs Registries, the Nigeria Export Processing Zone Authority, the Central Bank of Nigeria (CBN) and the Securities Exchange Commission (SEC). The aim of this exercise is to ensure swift and seamless registration processes for startups. For instance, the Secretariat is to work with CBN and SEC to create a section on the startup portal to ease the licensing procedure for financial technology (Fintech) companies. The Secretariat in conjunction with the NEPZA is also to establish a Technology Development Zone to spur the development of startups, accelerators and incubators.

The startup portal is also to have a section through which labelled startups who intend to participate in CBN’s sandbox or SEC’s regulatory incubator or in any other sandbox may fast track their application process. The labelled startup must however meet all the requirements to participate in the sandbox or regulatory incubator.

Repatriation of Capital and Profits.

In order to encourage foreign investments in startups, the Secretariat is to work with the CBN to ensure the repatriation of the proceeds of investments by foreign investors through an authorized dealer at the prevailing CBN rate. The repatriation is to be done on freely convertible currency of dividends or profits attributed to the foreign investor net all applicable taxed; and the proceeds in the event of sale or liquidation of the labelled startup, net all applicable taxes. To benefit from this arrangement, the investor would be required to present its Certificate of Capital Importation (CCI) as proof of injection of funds into the labelled startup.

Conclusion

The signing of the Nigerian Startup Act is no doubt a welcome development in Nigeria.  The provisions of the Act when implemented would encourage innovation and investment in the Nigerian startups especially in the FinTech space. There are many tax and fiscal incentives that are available to labeled startups including investors, foreign entities and employees. There are however concerns that this Act is yet another layer of bureaucracy in the already over regulated Nigerian business environment.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

The post The Nigerian Startup Act, 2022, Nigeria’s Bold Step to Encourage Innovation? first appeared on Goldsmiths Solicitors.

The Companies and Allied Matters Act 2020 (CAMA) is the principal legislation that governs the registration of companies in Nigeria while the Corporate Affairs Commission (CAC) is the regulatory authority. Apart from the registration of the company, there are other regulatory requirements that must be met before any company can legally commence its business in Nigeria.

Registration with CAC

The process involved in the registration of a company in Nigeria are as follows:

1. Availability and Reservation of Proposed Name
2. Application and Registration
3. Approval

Availability and Reservation of Name

The first step is to conduct a name availability search with the CAC. The purpose of this is to ensure that the proposed name of the company is available for use and that there is no other company that has registered the same or similar name. Once the name is available, the CAC would issue a certificate of name reservation, which is usually valid for 60 days, enabling the registration to proceed to the next stage. It is always advisable to propose two names in case the first name is not approved.

Application and Registration

Following the reservation of the proposed name above, the next step would be to prepare all the necessary documents in support of the application. These includes the memorandum and articles of association of the proposed company. To this end, the promoters of the proposed company are required to provide the following information:

1. The type of company to be registered
2. Registered address of the company
3. The objects or nature of business of the company
4. Details of the company secretaries
5. Minimum issued share capital. (Please note that there is a minimum issued share capital requirement of N10,000,000 for companies with foreign participation. The minimum issued share capital could be more depending on the sector the company wishes to operate in).
6. Particulars of the proposed shareholders.
7. Particulars of the proposed directors.

Approval by CAC

Once the above information has been received and completed, they are submitted to the CAC for vetting. Payment of the filing fee is made and stamp duty is charged on the minimum issued share capital at the rate of 0.75%.  If satisfied, the CAC shall issue a certificate of incorporation evidencing that the company is now a legal entity authorized to commence business in Nigeria. Simultaneously, the Federal Inland Revenue Services (FIRS) would issue a Tax Identification Number (TIN) to the newly registered company. The TIN is a unique identifier that is linked to the company which enables it charge and remit the appropriate taxes to the FIRS.

Business Registration with Nigerian Investment Promotion Commission (NIPC)

Following the successful incorporation of the new entity with the CAC, there is a mandatory requirement for that entity to be registered with the NIPC before the company could legally commence any business in Nigeria. The NIPC has the primary responsibility to encourage, promote and cordinate investment in the Nigerian economy. The NIPC also has the responsibility of granting some incentives like pioneer status to any company which qualifies for such status.

The application to the NIPC involves filling the relevant application form, providing details of the shareholders and directors of the company and paying the appropriate official fee. If satisfied, the NIPC would issues a Certificate of Business Registration to the entity.

Business Permit, Expatriate Quota and Work Permit

In addition to the above, a wholly owned foreign company wishing to operate in Nigeria must obtain a business permit from the Nigerian Ministry of Interior and expatriate quotas if it wishes to employ foreigners in the country.  The expatriate quota is the precursor to the application for and issuance of work permit to the foreigner being employed by the company in Nigeria. Once approved, the expatriate is issued a Combined Expatriate Residence Permit and Aliens Card (CERPAC) which allows the employee to reside and work in Nigeria.

Certificate of Capital Importation

The company will need to obtain a Certificate of Capital Importation (CCI) from an authorised dealer, usually a local bank to serve as evidence of importation of capital which could be equity, debt, cash or goods into the country. The CCI also guarantees the unconditional repatriation of capital and profits out of the country.

Other Registrations/licensing Requirements

Depending on the sector of the Nigerian economy where the new company wishes to operate, it may be necessary to obtain registrations and/or licenses from some of the following (non-exhaustive) agencies:

• Central Bank of Nigeria (CBN)
• National Agency for Food and Drug Administration and Control (NAFDAC)
• Nigerian Electricity Regulatory Commission (NERC)
• Nigerian Communications Commission (NCC)
• Nigerian Civil Aviation Authority (NCAA)
• Nigerian Maritime Administration and Safety Agency (NIMASA)

Conclusion

Nigeria is a country of over 200 million people and operates a free market economy. There are no restrictions on foreigners wholly owning and operating companies in the country. The CAMA is the principal legislation that governs company registrations in the country and the CAC is the main regulatory body that oversees the registration of companies in Nigeria. The NIPC has the primary responsibility to encourage, promote and coordinate investment in the Nigerian economy. Any company wishing to employ expatriates in Nigeria must first obtain an expatriate quota for the relevant expatriate positions and then obtain work and residency permits.

There are other licensing and registration regimes, which depending on the sector the company wishes to operate in, it will also have to register with those agencies.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact us.

The post How a Foreigner can Register a Local Company in Nigeria first appeared on Goldsmiths Solicitors.