← Back to Thinking
Essay10 min read·November 2021

Tightening the Lid on Customer Biometric Data: A Review of the CBN's Revised BVN Regulatory Framework

Co-authored with Rahma Ibiyeye

The CBN's Revised BVN Framework introduces tiered access, wider sanctions, new reporting obligations, and API implementation guidance. This article examines the key innovations and their impact on the financial ecosystem.

Regulatory PolicyData Protection

In 2014, the Central Bank of Nigeria in collaboration with Nigerian Banks introduced the Bank Verification Number to act as a centralized Biometric Information System for financial institutions and law enforcement agencies in Nigeria. This was a frontier in the CBN's drive to improve access to credit, curb financial crimes and maintain a database of banked Nigerians.

Introduction of a Tiered Access Regime

The Revised Framework has introduced a tiered regime with Banks and Other Financial Institutions (excluding PSPs) as Tier 1 and PSPs, Credit Bureaus, and other approved entities as Tier 2. Different access rights and rules apply to each tier. Only banks can now access BVN data without customer consent. OFIs and Tier 2 participants must first secure the consent of the customer. This signals a drive towards the implementation of proper consent architecture in preparation for the Open Banking Framework in Nigeria.

Wider and Clearer Range of Sanctions

The Revised Framework now makes provisions for possible infractions by participants and provides for more extensive sanctions for customers with BVNs on the Watchlist and makes novel provisions for participating institutions.

API Implementation Guidance

One of the major hints at the development of a framework compatible with an Open Banking regime are the key provisions relating to Application Programming Interface in the Revised Framework. Under this new regime, the BVN API can only be used for account/wallet opening, account maintenance, and other operations in compliance with the Revised Framework.

General Comments and Conclusion

The innovations in the Revised Framework are quite laudable and will go a long way to strengthening the war against financial crimes while guaranteeing privacy and information integrity. However, there are concerns it may stifle the growth of Fintech and Regtech companies because of access bottlenecks being implemented by the tiered system.

Originally published as a Regcompass Newsletter

← All articles