Concern on overregulation as CBN throws hat into anti-money laundering

* Introduces new measures to monitor politicians, customers
* SERAP: Regulation violates freedom of expression, rights to privacy

With two different policy documents issued at the weekend, the Central Bank of Nigeria (CBN) has raised the bar on know your customer (KYC) protocols and charged financial institutions (FIs) on implementations.

The guidelines handed down to FIs, who have been regularly accused of aiding financial crimes, with titles – ‘Guidance Note on Politically Exposed Persons’ (PEPs) and ‘CBN Customer Due Diligence (CDD) Regulations 2023’ contain specifics call-to-actions banks should execute to combat financial crimes.

The regulation may have raised questions on the line between KYC and the right to privacy with the Socio-Economic Rights and Accountability Project (SERAP) already giving the acting Governor of the Central Bank of Nigeria (CBN), Mr. Folashodun Shonubi, a three-day ultimatum to “immediately delete the patentially unlawful provisions” of the customer due diligence regulation asking banks to obtain information on customers’ social media handles for identification purpose.

“The CBN Regulations and directive to banks to obtain details of customers’ social media addresses violate Nigerians’ rights to freedom of expression and privacy. It is inconsistent and incompatible with the rule of law. The CBN ought to contribute to the advancement of respect for the rule of law and human rights in the discharge of its statutory functions, and not undermine or violate these fundamental legal requirements and standards. The purported mandatory requirement would inhibit Nigerians from freely exercising their human rights online. If obtained, such information may also be misused for political and other unlawful purposes,” SERAP argued in a letter to the apex bank.

The apex bank directed that money deposit banks (MDBs) must obtain comprehensive information about customers, including social media handles as part of measures “designed to improve the ability of financial institutions to identify and monitor potential risks linked to customer activities.”

“By including social media handles as part of the customer identification process, banks seek to gain further insights into customers’ online presence and activities, helping to assess potential risks and monitor for suspicious behaviour.

“For individuals, the CDD process now encompasses gathering information such as legal name, addresses (permanent and residential), contact details (telephone, email, and social media handles), date and place of birth, Bank Verification Number (BVN), Tax Identification Number (TIN), nationality, occupation, public position held, name of employer, official personal identification number and a unique identifier contained in a valid government-issued document bearing the customer’s name, photograph and signature,” the CDD guidelines stated.

The second document details actions the banks should statutorily take to identify and monitor PEPs and their relations to mitigate money laundering, financing of terrorism and proliferation financing (ML/FT/PF) as concerned individuals “may misuse their power and influence for personal gain or advantage to themselves, close family members and/or associates”.

Last year, the Basel Institute on Governance rated Nigeria as a high-risk country for money laundering and terrorist financing. The country was rated 6.77 out of 10, with the country being 17th out of 128 countries assessed.

The CBN’s move is lauded on the grounds of reducing the country’s vulnerability. But there are also concerns about overregulation, which experts said has negative consequences for efforts to reduce the bank’s financial inclusion drive.