Lagos: Ahead of Nigeria's open banking implementation in August, a cybersecurity expert, Mr Anthony Fakiyesi, has emphasised the need to prioritise robust cybersecurity protocols to safeguard sensitive information and protect the financial ecosystem's integrity. Fakiyesi, also a cloud-security consultant, made this known in an interview with the News Agency of Nigeria on Tuesday.
According to News Agency of Nigeria, open banking mandated by the Central Bank of Nigeria (CBN) means that banks in Nigeria are now required to share customer data with other authorised financial institutions and third-party providers. This sharing would be done through a standardised Application Programming Interface (API) under the framework established by the CBN.
The expert explained that while open banking promises innovation, interoperability, and financial inclusion, Nigeria must confront significant challenges such as cyber threats and data privacy violations. He highlighted that the implementation would open the door to services like account aggregation, personalised financial management, and seamless cross-platform transactions.
Fakiyesi stated that with ISO 20022 as its backbone, the system brought structured, rich data formats that facilitated smarter fraud detection and cross-border functionality. However, he raised concerns about its introduction into an already vulnerable cybersecurity landscape, noting that Nigeria's financial institutions lost over N59 billion to fraud in 2023 alone, with increasingly sophisticated cyberattacks such as phishing, SIM-swapping, banking trojans, and business email compromise continuing to plague both consumers and banks.
He warned that as data moves beyond the control of traditional banks and into the hands of multiple third-party providers, the risk of data breaches grows exponentially. Fakiyesi stressed the absence of an accreditation and vetting system for third parties, as seen in mature open banking markets like the United Kingdom, could leave consumer data exposed, particularly if providers lack adequate security measures.
He added that regulatory clarity is needed since the current framework does not include clear policies for incident compensation or mandatory security certifications. Fakiyesi noted that countries like the United Kingdom and Australia enforce strong consumer protection laws, including financial reimbursement in the event of fraud linked to open banking services, and the absence of such measures in Nigeria could erode public trust.
Fakiyesi also pointed out that cybersecurity awareness remains low, especially outside urban areas, and many users are unfamiliar with how their data is used, how to grant consent securely, or how to recognise suspicious activity. He mentioned that the Nigeria Data Protection Commission (NDPC) rightly emphasised the need for robust consent management, data minimisation, and privacy-by-design principles.
Drawing comparisons, he noted that the UK's open banking ecosystem is supported by comprehensive cybersecurity frameworks. He suggested that Nigeria could learn from this by establishing a central accreditation body, enforcing breach notification timelines, and building a national security baseline for fintech.
To ensure a secure rollout of open banking, Fakiyesi stressed the need for Nigeria to prioritise establishing an accreditation system for third-party providers. He also called for mandating strict data protection policies, creating regulatory provisions for customer reimbursement and dispute resolution, and launching cybersecurity awareness campaigns for consumers and providers.
He encouraged investment in advanced threat detection and infrastructure hardening, as well as capacity strengthening of NDPC, CBN, and other oversight bodies to monitor compliance. Fakiyesi concluded by stating that while open banking is undoubtedly a game-changer that can democratise financial services, drive fintech innovation, and deepen digital inclusion, without security by design and robust governance, it could expose Nigeria to new waves of cyber threats and data privacy violations. If done right, Nigeria has the potential not only to modernise its financial ecosystem but also to set a benchmark for open banking in emerging markets where innovation and cyber resilience must grow side-by-side.