FRAMEWORK FOR THE ESTABLISHMENT OF PASS-THROUGH DEPOSIT INSURANCE FOR SUBSCRIBERS OF MOBILE MONEY OPERATORS IN NIGERIA

Nigeria Deposit Insurance Corporation June 2015

Table of Contents FRAMEWORK FOR THE ESTABLISHMENT OF PASS-THROUGH DEPOSIT INSURANCE Page 1.0 Introduction 3 1.1 Concept of Mobile Payment System 3 1.2 Regulatory Framework for the Mobile Payment System 3 1.3 Deposit Insurance Coverage for the Mobile Payment System 4 2.0 Objectives 4 3.0 Beneficiaries 4 4.0 Participants 4 4.1 Deposit Insurer 5 4.2 Mobile Money Operators 5 4.3 Insured Institutions 5 4.4 Subscribers/Customers 5 4.5 Mobile Money Agents 5 5.0 Regulator 5 6.0 Stakeholders 5 7.0 Modus Operandi 6 7.1 Eligibility for Coverage 6 7.2 Coverage Level 6 8.0 Issuance of Guidelines/Guidance Notes 7 9.0 Risk Management 7 10.0 Consumer Protection 7 1

11.0 Glossary 8 REGULATIONS FOR THE OPERATION OF PASS-THROUGH DEPOSIT INSURANCE 1.0 Citation 10 2.0 Interpretations 10 3.0 Application of Regulations 11 4.0 Determination of Insured Amount 11 5.0 Bare Trust 11

1. Deposit 11 II. Capacity 11 III. Ownership 11 IV. Agreement 11 6.0 Subscribers' Records 11 7.0 Rendition of Returns 12 8.0 Insertion of NDIC Coverage on Subscription Forms 12 9.0 Information on Domiciliation of Trust (Pool) Accounts 12 10.0 Movement of Trust (Pool) Accounts 12 11.0 Fidelity Bond Insurance 12 12.0 Know Your Customer and Customer Due Diligence 12 13.0 Risk Management 13 14.0 Risk Management Action by Mobile Money Operators 13 15.0 Penalty 14 2

1.0 INTRODUCTION The purpose of this framework is for the establishment of Pass-Through Deposit Insurance to subscribers of Mobile Money Operators so as to engender confidence in the mobile payment services and promote financial inclusion, thereby reducing the level of the unbanked.

1.1 CONCEPT OF MOBILE PAYMENT SYSTEM

The Mobile Payment System (MPS) refers to payment services operated under financial regulation and performed from or via a mobile device. It is a convenient, secure and affordable way to send money and pay for goods and services using mobile phones. Mobile phones are an attractive way to promote financial inclusion given their extensive presence in the population and their global reach. Mobile phones can serve as a virtual bank card, point of sale terminal (POS), Automated Teller Machine (ATM), or internet banking terminal. The confluence of banking technologies with mobile telephony leads to wider penetration and holds new promise of financial inclusion for the majority of the unbanked. Mobile phones are recognised as the single most transformative solution for economic development by providing access to capital and information to the world's unbanked at a very reasonable cost. This is because mobile phones have proven to be ideal for basic and advanced banking as well as continuous innovation.

1.2 REGULATORY FRAMEWORK FOR THE MOBILE PAYMENT SYSTEM

The Central Bank of Nigeria (CBN) issued a regulatory framework for the operations of MPS in Nigeria in June 2009 as a measure to reduce the level of the unbanked. Consequently, CBN granted licences to Mobile Money Operators (MMOs) in Nigeria comprising bank and non-bank operators. The growing number of MMOs and subscribers in the country presented new challenges, part of which includes the safety and security of the depositors' funds in the digital and new virtual environment which necessitated the need for enhanced regulations as well as protection of subscribers of MMOs under the scheme. 3

1.3 DEPOSIT INSURANCE COVERAGE FOR THE MOBLE PAYMENT SYSTEM

Deposit insurance is vital to the MPS because subscribers need assurance that their deposits are safe and available at all times as provided by the Deposit Insurance System (DIS). A sound and stable banking system backed by a DIS and accessible to all is therefore essential for mobile payments and invariably financial inclusion. This helps to attract the unbanked to formal banking services. One of the critical objectives of the Nigeria Deposit Insurance Corporation (NDIC) is the protection of large number of unsophisticated depositors, hence the need to protect the subscribers of MMOs.

2.0 OBJECTIVES

The objectives of Pass-Through Deposit Insurance include the following:

i. To guarantee the payment of insured sums to subscribers of MMOs in the event of failure of insured institutions where MMOs maintain Pool accounts ii. To enhance confidence and ensure continuous sustenance of the MPS iii. To protect and ensure the safety and stability of the MPS iv. To promote financial inclusion

3.0 BENEFICIARIES

The provision of Pass-Through Deposit Insurance coverage is limited to the subscribers of funds domiciled in MMOs' Trust (Pool) accounts in insured institutions in Nigeria.

4.0 PARTICIPANTS

The participants of the Pass-Through Deposit Insurance scheme are as follows:

i. Deposit Insurer; ii. Mobile Money Operators; iii. Insured Institutions; iv. Mobile Money Agents; and v. Subscribers/Customers. 4

4.1 DEPOSIT INSURER

The deposit insurer for this purpose is the NDIC.

4.2 MOBILE MONEY OPERATORS

These are licensed organizations that provide mobile payment services for subscribers that are signed-on to their schemes. They maintain Trust (Pool) accounts with insured institutions on behalf of their subscribers. MMOs could be bank or non-bank entities.

4.3 INSURED INSTITUTIONS

These are financial institutions where Trust (Pool) accounts are maintained and operated by MMOs on behalf of their subscribers. Insured institutions make transaction settlements on behalf of the MMOS.

4.4 SUBSCRIBERS/CUSTOMERS

These are the contributors to the Trust (Pool) accounts maintained by MMOs in designated insured institutions.

4.5 MOBILE MONEY AGENTS

Mobile Money Agents (Agents) are appointed by MMOs to receive or pay monies at various locations on their behalf. The Agents also maintain the identities and account records of their customers.

5.0 REGULATOR

The regulator for the purpose of Pass-Through Deposit Insurance coverage for subscribers of MMOs in Nigeria shall be the NDIC.

6.0 STAKEHOLDERS

The CBN and NDIC are the regulators/supervisors for the MPS and insured institutions. 5

7.0 MODUS OPERANDI

The mode of implementing Pass-Through Deposit Insurance for MMOs in Nigeria shall be based on the following:

7.1 ELIGIBILITY FOR COVERAGE

The conditions for eligibility of Pass-Through Deposit Insurance for subscribers of MMOs are as follows:

i. The relationship between the MMOs and their subscribers shall be based on Bare Trust arrangement. ii. MMOs are required to take Fidelity Bond Insurance for any losses caused by fraudulent acts of their staff and Agents. iii. The records of the Trust (Pool) account holders at the insured institutions shall clearly indicate that the account holder is an Agent or Custodian acting in a fiduciary capacity, and not the actual owner of the funds. The funds must belong to the individual subscribers and not the Agent or Custodian. iv. The identities and interests of actual owners of funds in Trust (Pool) accounts shall be disclosed in records maintained by the insured institutions, MMOs and Agents. v. All KYC requirements on the owners of funds in Trust (Pool) accounts shall be fully met as specified by CBN.

7.2 COVERAGE LEVEL

The subscribers of MMOs will be insured up to the maximum coverage level of Five Hundred Thousand Naira (#500,000) per subscriber per DMB or the applicable coverage level for depositors in line with the NDIC Act.

Further issues on coverage level, determination of insured amount, subscribers' records, rendition of returns, fidelity bond insurance, and know your customer and due diligence are all provided for under the 6

guidelines for the operation of Pass-Through Deposit Insurance to subscribers of MMOs.

8.0 ISSUANCE OF GUIDELINES/GUIDANCE NOTES

Pursuant to S.56 (1) of the Nigeria Deposit Insurance Act, 2006, the Board of NDIC may issue Regulations, Rules or Orders to give full effect to the provisions of the Act. Accordingly, the NDIC has issued Regulations to operators on implementation of Pass-Through Deposit Insurance to subscribers of the MPS.

9.0 RISK MANAGEMENT

The MMOs shall ensure their mobile banking services are designed and offered in a secure manner, and customers are made aware of steps they can take to protect the integrity of their mobile money transactions. Further issues on risk management are provided for under the guidelines for the operation of Pass-Through Deposit Insurance to subscribers of MMOs.

10.0 CONSUMER PROTECTION

MMOs shall ensure that robust consumer complaint resolution policies and practices shall be put in place to address service and process failures.

The development for regulatory framework of financial consumer protection is in progress. However, the rights and liabilities of subscribers of mobile payments services should in the first instance be covered by the agreements with their MMOs. In furtherance of this, all participants with grievances or queries concerning the Pass-Through Deposit Insurance coverage may contact the NDIC HELP DESK toll free line on 0800-6342-4357 (0800-NDIC-HELP) or send an email to helpdesk@ndic.gov.ng, info@ndic.gov.ng. 7

11.0 GLOSSARY Agent: - An individual or organisation authorised by a mobile money operator to transact business on its behalf in certain locations.

Custodian: - A mobile money operator with the responsibility for safeguarding, holding and managing subscribers funds on their behalf. The mobile money operator exercises legal authority over the funds.

Deposit Insurance Protection provided to depositors against risk of loss arising from the failure of insured institutions.

Deposit Insurance System (DIS) - One component of a financial system safety net that guarantees the protection of depositors in the event of a bank failure and promotes financial stability.

Deposit Money Bank (DMB) - Any company licensed by the CBN to take liabilities in the form of deposits payable on demand, transferable by cheque or otherwise usable for making payments.

Financial inclusion - The delivery of financial services at affordable costs to the unbanked who are mostly disadvantaged and constitute the low-income segment of the society.

Insured institution - A financial institution licensed by the CBN as a deposit money, microfinance or primary mortgage bank, whose deposit liabilities are protected by the deposit insurance system.

Know Your Customer (KYC) - The process of a business verifying the identity of its clients.

Mobile Payment System (MPS) - Payment services operated under financial regulation and performed using mobile devices.

Mobile Money Operator (MMO) - Any organization licensed by the CBN to provide mobile payment services for subscribers signed-on to its scheme.

Pass-Through Deposit Insurance - Deposit insurance coverage that guarantees the funds of subscribers of mobile money operators in insured institutions in the event of failure. 8

Pool account - Account opened and operated by a mobile money operator in an insured institution on behalf of its subscribers. 9

NIGERIA DEPOSIT INSURANCE CORPORATION (PASS THROUGH DEPOSIT INSURANCE) REGULATIONS (MADE PURSUANT TO SECTION 56 OF THE NDIC ACT, 2006)

Date of Commencement []

1.0 CITATION

These Regulations may be cited as "Nigeria Deposit Insurance Corporation (Pass-Through Deposit Insurance) Regulation".

2.0 INTERPRETATIONS

Agent: - An individual or organisation authorised by a MMO to transact business on its behalf in certain locations.

Bare Trust: - Trust account where each beneficiary holds a separate share and is entitled to protection within the parameters of the scheme. MMOs shall maintain accounts in insured institutions on a trust basis that clearly indicates the interest of all beneficiaries in the Trust (Pool) accounts.

Custodian: - A MMO with the responsibility for safeguarding, holding and managing subscribers funds on their behalf. The MMO exercises legal authority over the funds.

Financial Inclusion: - The delivery of financial services at affordable costs to the unbanked who are mostly disadvantaged and constitute the low- income segment of the society.

Pass-Through Deposit Insurance: - Deposit insurance coverage that guarantees the funds of subscribers of MMOs in insured institutions in the event of failure.

Pool account: - Account opened and operated by a MMO in an insured institution on behalf of its subscribers. 10

3.0 APPLICATION OF REGULATIONS

The funds of subscribers to Mobile Payment Systems shall be insured under the Pass-Through Deposit Insurance (governed) by the following regulations

4.0 DETERMINATION OF INSURED AMOUNT

The subscribers' funds in Trust (Pool) accounts and funds in other deposit accounts held in the same insured institution under the same capacity and interest shall be aggregated and insured up to the maximum coverage level.

5.0 BARE TRUST

The following conditions must be met to ensure that the products qualify as deposits under the NDIC Act.

i. Deposit: The subscribers must have deposits in an insured institution which may be held in the name of an Agent or Custodian (e.g. MMO) ii. Capacity: The relationship between the MMO and the subscribers must be clearly indicated in a custodial or agency capacity and not a debtor/creditor relationship. iii. Ownership: The Funds must be owned by the subscriber(s) and not the MMO which is acting in a fiduciary capacity iv. Agreement: The terms of the agreements between the parties i.e. (the MMO and the subscribers) should not create a different set of duties on behalf of the agent (MMO) which may end up creating a debtor/creditor relationship.

6.0 RECORDS OF SUBSCRIBERS IN THE INSURED INSTITUTION

Adequate and comprehensive records of all subscribers by which they can easily be identified as adjudged to be satisfactory by the NDIC shall be maintained by the insured institutions, MMOs and Agents. 11

7.0 RENDITION OF RETURNS

The insured institutions, MMOs and Agents shall render returns in specified formats to NDIC and CBN on predetermined frequencies.

8.0 INSERTION OF NDIC COVERAGE ON SUBSCRIPTION FORMS

MMOs shall insert a provision that subscribers in Trust (Pool) accounts are insured by NDIC in their subscription forms.

9.0 INFORMATION ON DOMICILIATION OF TRUST (POOL) ACCOUNTS

Subscribers' funds shall be maintained in Trust (Pool) accounts domiciled in insured institutions. Subscribers shall also be informed of which insured institutions the Trust (Pool) account is domiciled.

10.0 MOVEMENT OF TRUST (POOL) ACCOUNTS

The Regulator may direct a MMO to move its Trust (Pool) account in an insured institution to any insured institution where it considers it expedient to do so and the MMO shall comply with such directive. The subscriber must also be notified once such a move occurs and to this end, the contract between the subscribers and their MMO must inform them of such a possibility.

11.0 FIDELITY BOND INSURANCE

MMOs shall provide the evidence of doing so to NDIC. The applicable rate of the fidelity bond shall be communicated by NDIC from time to time.

12.0 KNOW YOUR CUSTOMER AND CUSTOMER DUE DILIGENCE

All MMOs shall comply with the provisions of the CBN Circulars on the use of "Three - Tiered Know Your Customer Requirements" as follows:

Tier 1

#3,000 per transaction per subscriber and not more than #30,000 per day. Only the subscriber's name and mobile telephone numbers are required. 12

Tier 2

#10,000 per transaction per subscriber and not more than #100,000 per day. Subscriber's name, mobile telephone numbers, and additional information on identification and addresses are required.

Tier 3

#100,000 per transaction per Subscriber and not more than ₩1,000,000 per day. Subscriber's name, mobile telephone numbers and more stringent KYC details such as supporting identification and utility bill are required.

Notwithstanding these transaction limits, there is no ceiling on the individual subscriber account balances in the scheme.

13.0 RISK MANAGEMENT

The minimum level of protection should include strong customer authentication processes, provision data transmission security, discouragement of subscribers' use of public Wireless Local Area Network (WLAN) and unfamiliar applications as well as requests for updates on personal security details and applications in order to prevent phishing and malware.

The following table gives further guide to the risk management actions to be taken by all MMOs.

14.0 RISK MANAGEMENT ACTION BY MOBILE MONEY OPERATORS

MMOs shall:

i. Take appropriate measures to authenticate the identity and authorization of customers with whom they conduct business over the MPS. ii. Use transaction authentication methods that promote non- repudiation and establish accountability for e-banking transactions. iii. Ensure that appropriate measures are put in place to promote adequate segmentation of duties within MPS databases and applications. 13

iv. Ensure that proper authorization controls and access privileges are in place for MPS databases and applications. v. Ensure that appropriate measures are put in place to protect the data integrity of MPS transactions, records and information. vi. Ensure that clear audit trails exist for all MPS transactions. vii. Take appropriate measures to preserve the confidentiality of key MPS information, commensurate with the sensitivity of the information being transmitted or stored. viii. Ensure that adequate information is provided on their websites to allow potential customers to make an informed decision about the MMOs identity and regulatory status prior to entering MPS relationships. ix. Take appropriate measures to ensure adherence to customer privacy requirements applicable to the jurisdictions in which the mobile payment services are provided. Χ. Have effective capacity, business continuity and contingency planning processes to ensure the availability of the MPS and mobile payment services at all time. xi. Develop appropriate incident response plans to manage, contain and minimize problems from unexpected events including internal and external attacks that may hamper the provision of products and services.

15.0 PENALTY

The NDIC may impose penalties in accordance with its enabling Act for infringements of the rules in this regulation. 14