In exercise of the powers conferred on the Central Bank of Nigeria (CBN), by Sections 2 (d) and 47 (2), of the CBN Act, 2007, to promote and facilitate the development of efficient and
effective systems for the operations Non-Bank Acquiring service in Nigeria; the Central Bank of Nigeria hereby issues the Regulatory Framework for Non-Bank Acquiring in Nigeria.
Regulatory Requirements for Non-Bank Acquiring In Nigeria
Objectives
The objectives of this document are to:
I. Establish Non-Bank Acquiring as a regulated service.
II. Provide minimum standards and requirements for the operations of Non-Bank Acquiring in Nigeria.
1.2 Participants in Non-Bank Acquiring in Nigeria
This Regulatory Framework shall guide activities of the participants in the provision of the operations of Non-Bank Acquiring in Nigeria.
Participants are grouped into three (3) categories:
i. Acquiring Banks
ii. Card Schemes
iii. Non-Bank Acquirer
Roles and Responsibilities of Non-Bank Acquirers
Policies
The Non-Bank acquirer shall implement policies that include the minimum standards established by Card Scheme to mitigate risk to the Card Scheme payment system.
The policies must be approved by the acquirer’s Board of Directors or an appropriate senior executive Committee. Policies must be made available to Card Scheme upon request.
Merchant Agreements
The Non-Bank acquirer shall utilize merchant agreements that meet Card Scheme minimum requirements for disclosure and clearly define both acquirer and merchant obligations.
It should also ensure merchant agreements in use by the acquirer and third party agents, including subsequent updates are reviewed and approved prior to their use.
In addition, it should have a merchant agreement in place with each merchant before transaction services are provided.
Merchant Underwriting
The Non-Bank acquirer shall:
a. Control merchant approvals per pre-determined policies and procedures.
b. Provide Card Scheme acceptance privileges in accordance with the Card Scheme
Merchant Risk Monitoring
The Non-Bank acquirer shall maintain adequate risk controls to monitor merchant activity to ensure compliance with the Card Scheme Rules and prevent undue harm to the acquirer, customers and the Card Scheme.
Third-Party Agent Risk
The Non-Bank acquirer shall conduct due diligence on all third-party agents prior to registration, in accordance with the Card Scheme Third Party Agent Due Diligence Risk Standards.
It shall also perform ongoing monitoring and oversight of third-party agents to control the agent relationship and its activities.
Furthermore, shall ensure that third-party agents are aware of the
acquirer’s policies and requirements to remain in compliance with Card Scheme Rules.
Settlement Arrangements
i. An acquirer’s agreement with the merchant must state that the acquirer’ is responsible for providing settlement funds directly to the merchant.
ii. The security and handling of merchants’ funds is a fundamental acquirer’s responsibility.
iii. Acquirers have direct responsibility for settlement to merchants.
iv. Agents are not permitted to directly access or hold merchants’ funds, whether from settlement or reversals.
v. Reserves collected to guarantee a merchant’s Card Scheme payment system obligations must be held and controlled by the acquirer.
Acquirers must hold and control reserves that are accumulated and derived from merchant settlement funds or used to guarantee a merchant’s payment system obligations to the acquirer.
vi. The Non-Bank acquirer shall process the payment of funds to its merchants in a proper and timely manner. Regardless of any contractual limits of liability between a member and its
agents.
vii. Card Scheme holds the Non-Bank Acquirer responsible for controlling all aspects of merchant funding process.
viii. Acquirers must provide settlement funds directly to the merchant, or payment facilitator on behalf of sponsored merchants, promptly after transaction receipt deposit.
ix. Merchant funds payments must be the same as the transaction totals, less any chargebacks, credit transaction receipts, or other agreed fees and discounts.
x. The acquirer must not waive, release, abrogate, or otherwise assign to a nonmember/agent its obligation to guarantee and ensure payment for all transactions in which the merchant honoured a valid Card Scheme Card properly presented for payment.
xi. An acquirer must have controls in place related to establishing and changing merchant bank accounts where settlement funds are deposited, including controls to:
a. Prevent a new bank account number from being established by an unauthorized party to divert merchant funds.
b. Confirm or review all bank account changes, including changes completed by authorized third parties.
Sponsorship
The application for a licence by the entity engaging in Non-Bank acquiring must be sponsored by a minimum of three (3) Acquiring banks, where settlements shall be domiciled.
Card Scheme License/Approval
The entity must obtain the licence/approval of every Card scheme it wishes to acquire its transactions
Risk Management
Non-Bank acquirers shall develop and provide an appropriate governance structure, to manage the risk inherent in the acquiring service.
There must be documented and approved policies in place; which support the risk management function and also highlight the acquiring program strategy, including targeted merchant segments, various entities/agents involved, their responsibilities, likely risks, and mitigation procedures.
Non-Bank acquirers must have the ability to perform due diligence before onboarding new merchants.
Merchant history as well as checks, against various databases, credit reports, personal and business financial statements, and income tax returns of the business and their owners to determine if there were previous fraud, litigation, AML, high chargeback, etc.
Non-Bank acquirers must have a process to ensure adequate merchant agreements are effected.
Non-Bank acquirers must demonstrate their compliance with all applicable security standards and they should ensure all merchants, agents and other third parties that store, transmit and use sensitive card data are PCI DSS certified.
Requirements for Regulatory Review and Approval
The CBN requires the following of companies intending to provide Non-Bank Acquiring in Nigeria. It will review the adequacy of the company’s submissions and provide feedback:
I. The company must be a CBN approved Processor and/or Switch
II. Provide the following documentation:
a. Card Scheme license/approval
b. Due Diligence and Merchant Onboarding Process
c. Merchant Risk Monitoring Framework
d. Sponsorship letter from three (3) Acquiring banks
e. Draft merchant agreements
f. Details of its settlement arrangements
g. SLA with Acquirer Bank
Termination of Licence
The CBN shall terminate a Non-Bank Acquirer’s Licence based on the following:
- Fails to meet the conditions for renewal of the operating license as a Switch or TPP in Nigeria.
- Dissolution of Card Association Agreement.
- Inability to maintain a relationship with at least two (2) Card Associations.
- Operational failures that lead to significant losses/fraud.
- Any other reason(s) that may be determined by the CBN from time to time
