Regulatory Alerts2017-10-18 | BPS/DIR/GEN/CIR/04/010Regulatory Framework for BVN Operations & Watch-List for the Nigerian Financial System
The Central Bank of Nigeria (CBN) has released a regulatory framework for Bank Verification Number (BVN) operations and a watch-list for the Nigerian banking industry to enhance security and reduce fraud. The framework defines the roles and operations of the BVN and watch-list, with the BVN giving each bank customer a unique identity. The watch-list is a database of customers involved in confirmed fraud, with penalties including restrictions on account operations and access to credit facilities. The CBN will oversee the process, with Nigeria Inter-Bank Settlement System maintaining the watch-list database.
CENTRAL BANK OF NIGERIA Central Business District P.M.B. 0187, Garki, Abuja.
+234 - 0946238445 BANKING AND PAYMENTS SYSTEM DEPARTMENT BPS/DIR/GEN/CIR/04/010 October 18, 2017 To: All Deposit Money Banks, Switches, Mobile Money Operators, Payment Terminal Service Providers, Payment Solution Service Providers, Mirco Finance Banks & Others THE REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS AND WATCH-LIST FOR THE NIGERIAN FINANCIAL SYSTEM The Central Bank of Nigeria (CBN), in furtherance of its mandate to develop and enhance the security of the electronic payments system in Nigeria hereby releases the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Financial System.
The implementation of the Framework is with immediate effect.
Best regards, irector, Banking & Payments System Department CENTRAL BANK OF NIGERIA REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS AND WATCH-LIST FOR THE NIGERIAN BANKING INDUSTRY
Table Of Contents
Preamble 1.0 REGULATORY FRAMEWORK FOR BANK VERIFICATION NUMBER (BVN) OPERATIONS ....................... 3
| 1.1 Introduction |
|---|
| 1.2 Objectives. |
| 1.3 Scope . |
| 1.4 BVN Operations |
| 1.5 The BVN Operational Processes and Procedures |
| 1.6 Eligibility for Access to the BVN . |
| 1.7 Access Fees . |
| 1.8 Security and Data Protection |
| 1.9 Risk Management . |
| 1.10 Consumer Protection and Dispute Resolution |
| 1.11 Updating Customer's BVN Records. |
| 2.0 WATCH-LIST FOR THE NIGERIAN BANKING INDUSTRY |
| 2.1 Fraud categories. |
| 2.2 Stakeholders |
| 2.3 Sanctions and Penalties . |
| 2.4 Delisting from the Watch-list |
| Glossary of Terms |
Preamble
In exercise of the powers conferred on the Central Bank of Nigeria (CBN), by Sections 2 (d) and 47 (2), of the CBN Act, 2007, to promote and facilitate the development of efficient and effective payments systems for the settlement of transactions, including development of the electronic payment systems; the Central Bank of Nigeria hereby issues the Regulatory Framework for the Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Banking Industry.
1.0 Regulatory Framework For Bank Verification Number (Bvn) Operations 1.1 Introduction
The Central Bank of Nigeria, in collaboration with the Bankers Committee, proactively embarked upon the deployment of a centralized Bank Verification System and launched the Bank Verification Number (BVN), in February, 2014. This is part of the overall strategy of ensuring effectiveness of the Know Your Customer (KYC) principles, and the promotion of a safe, reliable and efficient payments system. The BVN gives a unique identity across the banking Industry to each customer of Nigerian banks.
This Framework also defines the establishment and operations of a Watch-list for the Nigerian Banking Industry, to address the increasing incidences, of frauds, with a view to engendering public confidence in the banking industry.
This framework, without prejudice to existing laws, is a guide for the operations of the Watch-List in the Financial System. The Watch-list is a database of bank customers identified by their BVNs, who have been involved in confirmed fraudulent activities.
1.2 Objectives
The objectives of the Regulatory Framework for BVN and Watch-list Operations in Nigeria are as follows: i. To clearly define the roles and responsibilities of stakeholders; ii. To clearly define the operations of the Bank Verification Number (BVN) in Nigeria; iii. To define access, usage and management of the BVN information, requirements and conditions; iv. To provide a database of watch-listed individuals; v. To outline the process and operations of the Watch-List; and vi. To deter fraud incidences in the Nigerian Banking Industry.
1.3 Scope
The Framework provides standards for the BVN operations and Watch-list for the Nigerian Banking Industry.
The Watch-list comprises a database of bank customers' identified by their BVNs, who have been involved in confirmed fraudulent activity in the banking industry in Nigeria.
1.4 Bvn Operations 1.4.1 Participants In The Bvn Operations
This Regulatory Framework shall guide activities of the participants in the provision of the Bank Verification Number (BVN) Operations in Nigeria.
Participants are grouped into five (5) categories: i. Central Bank of Nigeria (CBN); ii. Nigeria Inter-Bank Settlement System (NIBSS); iii. Deposit Money Banks (DMBs); iv. Other Financial Institutions (OFIs); and v. Bank Customers
1.4.1.1 Central Bank Of Nigeria
The CBN shall: i. Approve the Regulatory Framework and Standard Operating Guidelines; ii. Approve eligible users for access to the BVN information; iii. Ensure that the objectives of the BVN initiatives is fully achieved; iv. Conduct oversight on BVN operations and systems; v. Monitor other stakeholders, to ensure compliance; vi. Issue circulars to regulated institutions on the operations of the watch-list; vii. Review framework for the operations of the watch-list, as the need arises; viii.Apply appropriate sanctions for non-compliance with this document; ix. The Director, Risk Management Department of the CBN shall review cases referred to it before issuance of a formal clearance to an individual for the purpose of delisting from the Watch-List; and x. The Director, Risk Management Department of the CBN shall mediate on issues arising from the BVN Watch-list.
1.4.1.2 Nigeria Inter-Bank Settlement System (NIBSS) The NIBSS shall: i. Collaborate with other stakeholders to develop and review the Standard Operating Guidelines of the BVN; ii. Initiate review of Guidelines, as the need arises, subject to the approval of the CBN; iii. Ensure seamless operations of the BVN system; iv. Maintain the BVN database; v. Manage access to the BVN information by the approved users; vi. Ensure recourse to the CBN on any request for BVN information by any party; vii. Ensure adequate security of the BVN information; and viii. Maintain an on-line real-time Watch-list Portal.
NIBSS shall maintain the Watch-list database on behalf of stakeholders and shall be responsible for the following: i. Update the Watch-list database with the enlisted individuals by banks. ii. Use the Watch-list report submitted by banks and duly endorsed by the MD/CEO of the bank, with clearance from the Director, Risk Management Department of CBN to remove delisted individuals from the database.
iii. Provide banks with a portal for the verification of watch-listed individuals in their respective categories.
iv. Provide Application Programme Interface (API) for eligible institutions to integrate their systems to the BVN database for online validation of watch-listed individuals at transaction time.
v. Keep audit trail of all activities on the watch-list database.
vi. Put in place a Service Level Agreement (SLA), with relevant stakeholders.
vii. Provide access to the watch-list database to the Central Bank of Nigeria.
viii. Comply with the ISO standards for security and business continuity.
1.4.1.3 Deposit Money Banks (DMBs) and the Other Financial Institutions (OFIs) The DMBs and OFIs shall: i. Ensure proper capturing of the BVN data and validate same before the linkage with customers' accounts; ii. Ensure all operated accounts are linked with the signatories' BVN; iii. Ensure customer's name on the BVN database is the same in all of his/her accounts, across the Banking Industry; iv. Report confirmed fraudulent individual's BVN to NIBSS for update of the Watch-list database; v. Report the BVN of deceased customers to NIBSS for update on the BVN database; vi. Render returns to NIBSS for enlisting individuals involved in confirmed fraudulent activities. The report should be signed by the Chief Audit Executives; vii. The CBN (Banking Supervision Department) shall be granted real-time online access, to access the Watch-list database; viii. The Chief Audit Executive of the customer's bank shall be notified, where a bank needs to watch-list a customer of another bank, with a copy to CBN; ix. The Chief Audit Executive of the customer's bank, upon notification, shall investigate within one (1) month and after confirmation of the fraudulent activity, watch-list the customer within two (2) business days; x. The Chief Audit Executive of the customer's bank shall be sanctioned appropriately by the CBN if no action is taken within one (1) month on the notification received from another bank on its customer; xi. Delisting of individuals from the Watch-list, after due clearance; xii. Integrating the banking system to the Watch-list database, for online identification/verification of watch-listed individuals, as transactions occur; xiii. Enforcing the appropriate sanctions on customers as stipulated; and xiv. Updating the terms and conditions of account opening package with the following disclaimer for new accounts and communicating the update to existing customers; 'If a fraudulent activity is associated with the operation of your account, you agree that we have the right to apply restrictions to your account and report to appropriate law enforcement agencies'.
1.4.1.4 Bank Customers
Bank Customers shall: i. Abide by the Regulatory Framework for BVN Operations and the Watch-list for the Nigerian Banking Industry;
1.5 The Bvn Operational Processes And Procedures
These are as listed below: i. Enrollment: The enrolment is the process where individuals have their biometric and demographic data captured in the BVN central database system and a unique ID, the Bank Verification Number (BVN), generated for the customer.
ii. Identification: This refers to the comparison of a person's biometrics to the biometrics of all enrolled customers, to confirm if the person is already enrolled or not, before issuing the BVN.
iii. Verification: This refers to the process of verifying the customer by matching his/her biometric template with what has been captured in the database.
iv. Linking of Customer's Unique ID to all related bank accounts: This is a process of using the customer's unique ID generated after his/her enrolment to link all his or her bank accounts, irrespective of which bank the account is domiciled. This ensures that the customer would not be able to enroll twice and that the customer's activities in other banks (especially suspicious ones) can be easily made available to all banks where the customer has account(s).
v. Fraud Management: This is a process aimed at using a traceable Unique Customer Identity to deter, prevent, detect and mitigate the risks of fraud in the banking industry.
vi. Customer Information Update: This is the process by which the customer updates his/her information on the central identity database.
1.6 Eligibility For Access To The Bvn
The following entities may have access to BVN information, subject to the approval of the CBN: I. DMB II. OFIs III. MMOs IV. PSPs V. Law Enforcement Agencies VI. Credit Bureaus VII. Other entities as applicable.
1.7 Access Fees
There shall be access fees payable for accessing information from the database, subject to the approval of the CBN. Such fees shall be determined from time to time.
1.8 Security And Data Protection
i. Parties involved in the BVN operations, shall put in place, secured hardware, software and encryption of messages transmitted through the BVN network; ii. BVN data shall be stored within the shores of Nigeria and shall not be routed across borders without the consent of the CBN; iii. Users of the BVN information shall establish adequate security procedures to ensure the safety and security of its information and those of its clients, which shall include physical, logical, network and enterprise security; and iv. Parties to the BVN operations shall ensure that all information that its employees have obtained in the course of discharging their responsibilities shall be classified as confidential.
1.9 Risk Management
BVN participants must ensure that risks mitigations techniques are in place to minimize operational, technical, fraud risks, etc. BVN operations should not be susceptible to sustained operational failures, as a result of system outages.
1.10 Consumer Protection And Dispute Resolution
In the event of complaints by a bank customer, disputes shall be resolved by banks or escalated to the CBN, when unable to resolve.
1.11 Updating Customer'S Bvn Records
Change of customer records shall be allowed as follows:
- Name change with supporting documents, subject to a maximum of twice a year. 2. Change of date of birth shall be allowed once with supporting documents. 3. Minor correction due to errors supported with valid means of identification.
The Central Bank of Nigeria has issued circulars to this effect.
2.0 Watch-List For The Nigerian Banking Industry 2.1 Fraud Categories
The reporting institution shall use the table below to classify fraudulent activities.
| 0 | ||
|---|---|---|
| S/N | Description | Category |
| 1 | Forgery, compromise, complicity, fraudulent duplicate enrolment. Any fraudulent infraction without monetary value. | 1 |
| 2 | Confirmed successful fraud with monetary value | 2 |
| 3 | When a customer is watch-listed more than once | |
| 4 | Fraudulent individual that is at large | 99 |
2.2 Stakeholders
Watch-list stakeholders include: i. CBN ii. Banks/Other Financial Institutions iii. Nigeria Interbank Settlement System (NIBSS) iv. Banks' Customers
2.3 Sanctions And Penalties 2.3.1 Framework
The following penalty shall apply to a violator of the framework: i. Appropriate penalties shall apply to any bank that fails to enlist individuals confirmed to be involved in fraudulent activity.
ii. Any other stakeholders who fail to perform its stipulated responsibilities shall be penalized by the CBN
2.3.2 Watch-List
The following penalties shall apply for customers on the watch-list: i. A watch-listed individual shall not be allowed to enter into new relationship with any bank.
ii. A bank may choose not to continue business relationship with account holder on the watch-list. Where a bank chooses to continue an existing business relationship with holders of account on the watch-list, the account holder shall be prohibited from all echannels, such as ATM, POS, Internet Banking, Mobile Banking, including issuance of third-party cheques. A watch-listed customer shall not provide reference to another customer, neither shall he/she be allowed access to credit facility or guarantee credit facilities.
iii. A watch-listed individual shall remain in the watch-list for a period as specified in the penalty table. In the event of a reoccurrence, the tenure shall begin to count from year one.
iv. Penalties that applied to watch-listed customers shall apply to all accounts that he or she is a signatory to.
The following table prescribes the period of the penalty for each infraction on the Watch-list.
| S/N | Infraction | Category | Penalty |
|---|---|---|---|
| 1 | Forgery, compromise, complicity, fraudulent duplicate enrolment. Any fraudulent infraction without monetary value | 0 | As stipulated in Section 2.3.2 above for a period of five (5) years. |
| 2 | Confirmed successful fraud with monetary value | 1 | As stipulated in Section 2.3.2 above for a period of ten (10) years |
| 3 | When a customer is watch-listed more than once | 2 | As stipulated in Section 2.3.2 above for a period of ten (10) years and transactions are limited to the branch where account is domiciled |
| 4 | Individual who committed fraud and is at large | 99 | As stipulated in Section 2.3.2 above and POST-NO- DEBIT flag on all accounts linked to the BVN |
2.4 Delisting From The Watch-List
All aggrieved individuals listed in the watch-list shall go to their bank to obtain formal request for delisting.Only a bank that places an individual on the watch-list can request for such delisting.
2.4.1 Reasons For Delisting
i. Upon expiration of term in the watch-list ii. Erroneous listing of a BVN on the watch-list
2.4.2 Process For Delisting 2.4.2.1 Automatic Delisting
Once a watch-listed BVN has served its term in the watch-list, the NIBSS system shall automatically delist the BVN and notify the bank.
2.4.2.2 Manual Delisting
i. Where a bank realizes that an individual was placed on the watch-list in error, the bank shall apply in writing, with supporting documents to the Director, Risk Management Department of the CBN, for approval to delist. The supporting documents shall be duly authorized by the MD/CEO and the Chief Audit Executive of the bank.
ii. Upon approval from CBN, the bank shall forward the approval to NIBSS for delisting.
iii. NIBSS shall effect the delisting within one (1) business day of receiving the letter.
iv. The bank shall notify the customer appropriately.
Glossary Of Terms
BANKING INDUSTRY - CBN licensed entities which includes DMBs, MFIs, MMOs & OFIs BANKS- DMBs, MMOs & OFIs BVN- Bank Verification Number CBN- Central Bank of Nigeria DMBs- Deposit Money Banks KYC- Know Your Customer MFIs - Micro Finance Institutions MMOs - Mobile Money Operators NIBSS- Nigeria Inter-Bank Settlement System OFIs - Other Financial Institutions PIN- Personal Identification Numbers PSP-Payments Service Providers