Regulatory Alerts2017-07-03 | BPS/DIR/GEN/CIR/04/005Exposure Draft on the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch list for the Nigerian Financial System
The document outlines the policy framework for managing and utilizing the Bank Verification Number (BVN) Watch-List in Nigeria. Banks must enlist individuals involved in confirmed fraudulent activities into their watch-list system, which is managed by the Nigeria Inter-Bank Settlement System (NIBSS). The categories of fraud and associated sanctions are clearly defined. Sanctions include but are not limited to prohibiting account holders from utilizing electronic banking channels and non-personal transactions. A bank's failure to enlist confirmed fraudsters or placing an individual on the watch-list without proper justification may result in penalties. This policy ensures that banks operate effectively, fostering transparency and ensuring financial stability. Additionally, the policy outlines the processes for individuals wrongfully to be delisted from the BVN Watch-List. This includes receiving clearance certificates from the Committee of Chief Audit Executives and notifying the NIBSS in writing, signed by both the MD/CEO and the Chief Audit Executive.
CENTRAL BANK OF NIGERIA Central Business District P.M.B. 0187, Garki, Abuja.
+234 - 0946238445 BANKING AND PAYMENTS SYSTEM DEPARTMENT BPS/DIR/GEN/CIR/04/005 July 3, 2017 To: All Deposit Money Banks, Switches, Money Operators and Payment Terminal Service Providers EXPOSURE DRAFT ON THE REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS AND WATCH-LIST FOR THE NIGERIAN FINANCIAL SYSTEM The Central Bank of Nigeria (CBN), in furtherance of its mandate for the development of the electronic payments system in Nigeria hereby releases the Exposure Draft on the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Financial System for your review and comments.
Kindly forward your inputs on or before July 14, 2017 to the & Payments System Department and Director, Banking pspo@cbn.gov.ng.
Thank you for your usual cooperation.
`Dipo Fato Director Banking & Payments System Department CENTRAL BANK OF NIGERIA REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS AND WATCH-LIST FOR THE NIGERIAN FINANCIAL SYSTEM Table of Contents Preamble… 1.0 REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS .................... 3 1.1 Introduction 1.2 Objectives 1.3 Scope .
1.7 Deposit Money Banks (DMBs) and the Other Financial Institutions (OFIs) 2.1 Introduction ..... 10 Objectives 2.2 ............... 10 2.3 Scope .
...
2.4 Fraud categories .
2.5 Stakeholders ................................................................................................................ 11 3.0 Responsibilities ...
3.1 CBN .
Banks/Other Financial Institutions 3.2 3.3 NIBSS .....................
| ... |
|---|
3.4 Committee of Chief Audit Executives (CAEs).
3.5
| ……… |
|---|
| Delisting from the watch-list |
|---|
Customers 4.0 5.0 Sanctions and Penalties .
6.0 Delisting Options .
Glossary of Terms .
Preamble
In exercise of the powers conferred on the Central Bank of Nigeria (CBN), by Sections 2 (d) and 47 (2), of the CBN Act, 2007, to promote and facilitate the development of efficient and effective systems for the settlement of transactions, including development of the electronic payment systems; Central Bank of Nigeria hereby issues the Regulatory Framework for the Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Financial System.
$$\mathsf{F R A M E W O R K\quad F O R\quad I}$$ $$\mathbf{\mu}$$ $$\mathrm{ATORY}$$
Operations
1.0 REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN)
1.1 Introduction
The Central Bank of Nigeria, in collaboration with the Bankers Committee, proactively embarked upon the deployment of a centralized Bank Verification system and launched the Bank Verification Number (BVN), in February, 2014. This is part of the overall strategy of ensuring effectiveness of Know Your Customer (KYC) principles, and promotion of safe, reliable and efficient payments system. The BVN gives each customer of Nigerian banks, a unique identity across the banking Industry.
The BVN will have the ability to identify a person by a physical characteristic such as fingerprints, facial, voice or retinal scans. This has had several applications in security and has been used by several organizations. It has become popular because of its many advantages over the traditional security systems, such as passwords and Personal Identification Numbers (PIN).
The selected identification option for the Nigeria Bank Customer Identification Scheme is fingerprints and facial recognition.
1.2 Objectives
The objectives of the Regulatory Framework for BVN Operations in Nigeria are as follows: i. To clearly define the roles and responsibilities of stakeholders; ii. To clearly define the Bank Verification Number operations in Nigeria; iii. To outline the process/operations of the watch-list; and iv. Define access, usage and ownership of the BVN data, requirements and conditions.
1.3 Scope
The Framework provides standards for the BVN operations in Nigeria. These include among others, the Standard Operating Guidelines and Framework on Watch-list for the Nigerian Financial System.
i. The Standard Operating Guidelines (SOG), prescribes the processes/procedures for collecting, updating, linking, storing and using identification data from the banks' customers.
ii. The Watch-list is a database of banks' customers identified by their BVNs, who have been involved in confirmed fraudulent activities in the banking industry in Nigeria.
1.4 Participants in the BVN Operations This Regulatory Framework shall guide activities of the participants in the provision of the Bank Verification Number (BVN) Operations in Nigeria. Participants are grouped into four (4) categories: i. Central Bank of Nigeria (CBN); ii. Nigeria Inter-Bank Settlement System (NIBSS); iii. Deposit Money Banks (DMBs); iv. Other Financial Institutions (OFIs); and v. Bank Customers
1.5 Central Bank Of Nigeria
The CBN shall: i. Approve the Regulatory Framework and Standard Operating Guidelines; ii. Approve eligible users for access to the BVN database; iii. Ensure that the objectives of the BVN initiative is fully achieved; iv. Conduct oversight on the NIBSS, DMBs and OFIs operations of the BVN; and v. Monitor other stakeholders, to ensure compliance.
1.6 Nigeria Inter-Bank Settlement System (NIBSS) The NIBSS shall: i. Collaborate with other stakeholders to develop/review the Standard Operating Guidelines of the BVN; ii. Initiate review of Guidelines, as the need arises, subject to the approval of the CBN; iii. Ensure seamless operations of the BVN system; iv. Maintain the BVN database; v. Manage access to the database by the approved users; vi. Ensure recourse to the CBN on any request for BVN information by any party; vii. Render quarterly report of customers on the watch-list to the CBN, DMBs and OFIs; and viii. Ensure adequate security of the BVN information.
1.7 Deposit Money Banks (DMBs) and the Other Financial Institutions (OFIs) The DMBs and OFIs shall: i. Ensure proper capturing of the BVN data and validate same before the linkage with customers' accounts; ii. Ensure all operated accounts are linked with the owner's BVN; and iii. Report all suspicious BVNs to the NIBSS for update of the Central Watch-list database.
1.8 Bank Customers Bank Customers shall: i. Abide by the Regulatory Framework and Standard Operating Guidelines on the BVN and the Framework on Watch-List for the Nigerian Financial System.
1.9 The Bvn Processes/Procedures
These are as listed below: i. Enrollment: The enrolment is the process where individuals have their biometric and demographic data captured into the BVN central database system and a unique ID, the Bank Verification Number (BVN), generated for the customer. This will bring a lot of value to the banking system in Nigeria, especially in the area of Know Your Customer (KYC).
ii. Identification: By Identification, it means comparison of person's biometrics against biometrics of all enrolled customers to see if the person is already enrolled or not before issuing the BVN.
iii. Verification: This refers to the process of verifying the customer by matching his/her biometric template with what has been captured in the database. By Verification, it means 1:1 comparison of person's biometrics against biometrics of an enrolled customer with the same BVN to see if the biometrics is matching. This therefore enables the bank to uniquely identify the customer and also meets the minimum KYC requirement.
iv. Linking of Customer's Unique ID to all related bank accounts: This is a process of using the customer's unique ID generated after his/her enrolment to link all his/her bank accounts irrespective of which bank the account is domiciled. This ensures that the customer would not be able to enroll twice and that the customer's activities in other banks (especially suspicious ones) can be easily made available to other banks where the customer has an account(s).
v. Offline Authentication: Offline verification will use fingerprints presented on card readers with offline capabilities to authenticate the customer by comparing the fingerprint or the facial geometry with the data stored on the e-identity card.
vi. Fraud Management: This is a process aimed at using a traceable Unique Customer Identity to deter, prevent, detect and mitigate the risks of financial fraud in the industry.
vii. Customer Information Update: This is the process by which the customer updates his/her information on the central identity database.
viii. Credit Check: This process involves evaluating an applicant's loan request in order to determine that the borrower will fulfil his/her obligation. Approved Credit Rating Guidelines require Banks to render regular information to the credit bureaus, including information of all credits advanced to customers, defaults by customers and other credit related information.
1.10 Access to BVN Database The following organizations/institutions may be allowed access to the BVN database for information, subject to the CBN approval: i. Deposit Money Banks (DMBs) and Merchant Banks; ii. Other Financial Institutions (OFIs); iii. National Law Enforcement Agencies; iv. Other regulatory agencies; v. Other Agencies not here mentioned, as approved by the CBNs Management.
1.11 Age Limit
The minimum age limit for obtaining a Bank Verification Number (BVN) shall be eighteen (18) years. Banks operating accounts for Undergraduates/Under Minors under the age of 18 may however obtain information/data to issue a BVN to this category of account holders. Such banks must ensure compliance with the legal requirements for obtaining such information/data.
1.12 Charges
There shall be charges payable for accessing information from the database subject to an approval of the CBN. Such charges shall be determined from time to time by the CBN. 1.13 Security and Data Protection i. Parties involved in the BVN operations, shall put in place, secured hardware, software and encryption of messages transmitted through the BVN network; ii. BVN data shall be stored within the shores of Nigeria and shall not be routed across borders without the consent of the CBN; iii. Users of the BVN database shall establish adequate security procedures to ensure the safety and security of its information and those of its clients, which shall include physical, logical, network and enterprise security; and iv. Parties to the BVN operations shall ensure that all information that its employees have obtained in the course of discharging their responsibilities shall be classified as confidential.
1.14 Risk Management
The BVN participants must ensure that risks mitigations techniques are in place to minimize operational, technical, fraud risks, etc. The BVN operations should not be susceptible to sustained operational failures, as a result of system outages.
1.15 Bvn Infrastructure
The BVN infrastructure shall be hosted in the CBN, NIBSS, DMBs and OFIs (as applicable).
1.16 Consumer Protection And Dispute Resolution
In the event of complaints, the following shall apply: a. All customers' complaints shall be treated as contained in the Standard Operating Guidelines; b. The DMBs and NIBSS shall have equal responsibility for compliance with the dispute resolution procedure; and c. Where records are falsified by any party, adequate sanctions, as contained in 2.11 shall apply.
1.17 Criteria For Accessing Bvn Information By The Law Enforcement Agencies
The law enforcement agencies which include amongst others, the Nigerian Police Force (NPF), Economic and Financial Crime Commission (EFCC), Department of State Security Services (DSS), Nigerian Financial Intelligent Unit (NFIU), etc may apply to the Director, Banking & Payments System Department for information on BVN operations. However, such a request must be accompanied with an evidence of a court process to enable the Bank act appropriately.
2.0 Framework On Watch-List For The Nigerian Financial System 2.1 Introduction
As part of our effort towards ensuring financial stability, the Central Bank of Nigeria (CBN), in collaboration with the Bankers Committee, has put in place, this Framework on Watch-list for the Nigerian Financial system, to address the increasing incidence of frauds and other unethical practices with a view to engendering public confidence in the financial system.
This framework, without prejudice to existing laws, is a guide for the operations of the Watch-List in the Financial System. The Watch-list is a database of bank customers identified by their BVNs, who have been involved in confirmed fraudulent activities. The watch-list shall be effective from the inception of the BVN.
2.2 Objectives
To outline the process/operations of the watch-list.
To provide database of watch-listed individuals. To guide financial institutions in their operations.
2.3 Scope
The framework covers amongst others, the following: 2.4 Fraud categories The reporting institution shall use the table below to classify fraudulent activities.
| S/N | Description | Category | Amount | ||
|---|---|---|---|---|---|
| 1 | Forgery, | compromise, | complicity, | 0 | 0 |
| fraudulent | duplicate | enrolment. | Any | ||
| fraudulent infraction without monetary amount involved. |
| 2 | Confirmed successful and unsuccessful | 1 | N1 - N250,000.00 | |
|---|---|---|---|---|
| fraud attempts within the amount range | ||||
| 3 | Confirmed successful and unsuccessful | 2 | N250,001.00 - N1,000,000.00 | |
| fraud attempts within the amount range | ||||
| 4 | Confirmed successful and unsuccessful | 3 | N1,000,001.00 | - |
| fraud attempts within the amount range | N50,000,000.00 | |||
| 5 | Confirmed successful and unsuccessful | 4 | N50,000,001.00 and above | |
| fraud attempts within the amount range | ||||
| 6 | Reintroduction of the individual earlier | 5 | Enlisting of individual earlier on | |
| delisted from the watch-listed | the list or delisted. | |||
| 7 | Individual committed fraud and is at | 99 | Wanted Fraudulent Individual. | |
| large |
2.5 Stakeholders
Watch-list stakeholders include i. CBN ii. Bankers Committee iii. Banks/Other Financial Institutions iv. NIBSS v. Committee of Chief Audit Executives vi. Bank Customers
3.0 Responsibilities 3.1 Cbn
i. Issue a CBN circular to regulated institutions on the operations of the watch-list.
ii. Review framework for the operations of the watch-list as need arises.
iii. Apply appropriate sanctions for non-compliance to this document.
3.2 Banks/Other Financial Institutions
i. Render returns to NIBSS for enlisting individuals involved in confirmed fraudulent activities signed by Chief Audit Executives.
ii. A monthly returns (in the prescribed format) of all customers recommended for inclusion in the watch-list shall be forwarded to the Director, Banking Supervision Department, not later than the 5th day after the month end. However, where the 5th day happens to be weekend or public holiday , returns should be submitted the previous day. A Nil report should be rendered in the event that no customer was recommended for watch-list inclusion within the month.
iii. Where a bank needs to watch-list a customer of another bank, the Chief Audit Executive of the customer's bank shall be notified.
iv. Delisting of individuals from the watch-list after due clearance.
v. Integrating the banking system to the watch-list database, for online identification/verification of watch-listed individuals as transactions occur.
vi. Enforcing the appropriate sanctions on customers as stipulated.
vii. Banks to update the terms and conditions of account opening package with the following clause for new accounts and communicate the update to existing customers. "If a fraudulent activity is associated with the operation of your account, you agree that we have the right to apply restrictions to your account and report to appropriate law enforcement agencies".
3.3 NIBSS NIBSS shall maintain the Watch-list database on behalf of stakeholders and shall be responsible for the following: i. Update the watch-list database with the enlisted individuals by banks.
ii. Use the watch-list report submitted by banks and duly endorsed by the MD/CEO of the bank with clearance from Committee of Chief Audit Executives to remove delisted individuals from the database.
iii. Provide banks with a portal for the verification of watch-listed individuals in their respective categories indicating the categories of fraud.
iv. Provide Application Programme Interface (API) for Financial Institutions to integrate their systems to the BVN database for online validation of watch-listed individual at transaction time.
v. Keep audit trail of all activities on the watch-list database.
vi. NIBSS shall put in place a Service Level Agreement (SLA), with relevant stakeholders.
vii. Provide access to the watch-list database to the Central Bank of Nigeria.
3.4 Committee Of Chief Audit Executives (Caes)
i. The CAEs shall review cases referred to it before issuance of a formal clearance to an individual for the purpose of delisting from the watch-list.
ii. The CAEs shall mediate on issues arising from the BVN watch-list.
3.5 Customers i. Customers shall report all suspicious or unauthorized activities in their accounts upon discovery.
4.0 Delisting from the watch-list All aggrieved individuals listed in the watch-list shall go to their bank to obtain formal request for delisting.Only a bank that placed an individual on the watch-list can request for delisting.
5.0 Sanctions And Penalties
i. Appropriate penalties shall apply for any breach of this framework.
ii. Appropriate penalties shall apply to any bank that fails to enlist individuals confirmed to be involved in fraudulent activity.
iii. A bank may choose not to continue or establish business relationship with individuals on the watch-list.
iv. Where a bank chooses to continue business relationship with holders of account on the watch-list, the account holder shall be prohibited from all e-channels (inward and outward) and non-personal transactions (such as ATM, POS, Internet Banking, Mobile Banking), including issuance of third-party cheques. A watch-listed customer shall not reference accounts, neither access nor guarantee credit facilities.
v. Where a bank establishes or continues banking relationship with watch-listed individual(s), the bank is liable for any loss suffered by any other party.
BVN of individuals who have committed fraud and are at large, shall be placed in category 99. Individuals under this category are not allowed to conduct banking transaction in any bank (Post no transaction on all accounts linked to the BVN).
vi. Penalties that applied to watch-listed customers, shall apply to all accounts that he/she is a signatory to.
vii. A watch-listed individual shall remain in the watch-list for a period of ten (10) years and in the event of a reoccurrence, the tenure shall begin to count from year one.
6.0 Delisting Options
i. Where a bank receives clearance certificate from the Committee of Chief Audit Executives to delist a watch-listed individual, a report shall be forwarded to NIBSS accordingly.
ii. Where a bank realizes that an individual was placed on the watch-list in error, the bank shall immediately notify NIBSS in writing, signed by the MD/CEO and the Chief Audit Executive. NIBSS shall effect the delisting within one business day of receiving the letter.
iii. A written apology shall be forwarded to individual erroneously placed on the watch-list by the enlisting entity, in addition to the delisting.
Glossary of Terms BVN- Bank Verification Number CBN- Central Bank of Nigeria DMBs- Deposit Money Banks KYC- Know Your Customer NIBSS- Nigeria Inter-Bank Settlement System PIN- Personal Identification Numbers