By integrating financial services products into non-financial platforms and business models, embedded finance is changing the Nigerian financial services landscape faster than the regulatory and legal frameworks that govern it. Several banks are distributing financial products through digital channels using FinTech. The fintechs are leveraging bank APIs to deliver services that were once available only to licensed financial houses. Retailers, logistics companies and software companies are integrating payments, lending and insurance into their customer experiences.
This has huge commercial potential. Legal risks are also real and not adequately managed in most bank-finance partnership arrangements we review. Five key legal requirements that every embedded finance partnership in Nigeria must meet before the arrangement goes live are laid out in this article.
- REGULATORY APPROVALS
The CBN must sign off on every bank-financed arrangement in Nigeria. As well as the Central Bank of Nigeria’s framework for the regulation and supervision of FinTech companies and its guidelines on third-party service provider arrangements, there are bank-finTech partnerships that operate outside these requirements and are subject to regulatory sanctions for both parties.
Before any embedded finance arrangement is structured, the key regulatory questions are: Should it have its own CBN license for what it does in the partnership, or is it using the bank’s license? When is the bank authorised to operate the FinTech? So has the arrangement been disclosed to the CBN as required by those guidelines? Which party has ongoing reporting obligations in relation to embedded finance activity?
A partnership agreement that leaves these questions unanswered or that fails to get regulatory approvals does not create regulatory exposure. It may also be unenforceable in Nigerian law if it requires either party to do something that is not permitted by its licence.
- LIABILITY ALLOCATION
The most commercially sensitive and often overlooked element of bank-finance partnership agreements in Nigeria is liability allocation. Whether or not a transaction fails, a customer is damaged, or a regulation is broken, the question of who pays has to be settled before the event, not during it.
So the specific liability scenarios that need to be covered in every embedded finance partnership agreement are: technology failures; who is liable for system downtime, failed transactions and data errors that affect customers? Who is responsible for customer harm caused by embedded financial products? AML/KYC failures; Who should be vetting the customer and checking that the transaction is not being used for money laundering or terrorist financing? If the embedded finance arrangement breaches CBN guidelines; who pays the regulatory and financial costs?
The right answer to each of these depends on who controls the technology, interacts with customers, holds the license, and can prevent the failure. Not acceptable is an agreement that is silent on these questions or that places liability resolution in a post-event dispute process.
- DATA SHARING & NDPA COMPLIANCE
Embedded finance relationships necessarily involve sharing customer financial and personal data between the bank and the non-financial platform. All such sharing is governed by the Nigeria Data Protection Act 2023 (NDPA) and specifically facilitated by the CBN’s Operational Guidelines for Open Banking in Nigeria (2023) which states a clear legal basis before the partnership launches and each data sharing arrangement must have a legal basis before the partnership goes live.
Specifically, embedded finance partnerships require a lawful basis for each type of data shared – consent, contract, legitimate interest, or other basis appropriate to the data and sharing arrangement; a data processing agreement between the bank and the FinTech outlining the processing, security requirements, data retention, and obligations in case of data breach – the bank will be a data controller for regulatory reasons, but the contractual relationship must be clear; and a customer disclosure framework that informs customers at the point of engagement what data will be shared and used under the arrangement.
In embedded finance arrangements data ownership becomes a commercial issue as well as a regulatory one. Data generated by embedded finance is of great commercial use – for product development, credit risk assessment, and targeted offers. Clauses regarding who gets to own, use, and commercialise the data are among the most commercially critical elements of any bank-finance partnership agreement.
