Introduction
- The Central Bank of Nigeria (CBN) on September 11, 2024, issued a Directive mandating all Payment Service Providers (PSPs) [1] to route Point of Sale (PoS) transactions through CBN licensed Payment Terminal Service Aggregators (PTSAs) – (the “Directive”). The Directive is aimed at decentralizing the routing of PoS transactions through multiple aggregators and improving the tracking of electronic transactions in Nigeria.
Background
- For context, PTSAs are intermediaries that manage the routing of PoS transactions between merchants and acquiring banks [2]. Prior to April 2024, the Nigeria Interbank Settlement System (NIBSS) used to be the solely licensed PTSA to track electronic transactions in Nigeria.[3]
- However, on the 19th of April 2024, Unified Payment Services Limited (UPSL) was issued a PTSA license in addition to NIBBS [4] to mitigate the risk associated with relying on a single aggregator and provided Acquirers (banks/financial institutions facilitating merchant payments) [5] with more flexibility in choosing a secure way to process PoS transactions.
- Prior to the Directive, PoS transactions were routed by the processors and configured by the Acquirers in collaboration with the POS merchants through a single Payment PTSA, NIBSS.[6] This centralized approach raised security concerns as PoS terminals were susceptible to high levels of fraud, accounting for about 26.37% of fraud incidents in 2023.[7] The rationale for this Directive is to enhance the monitoring and regulation of electronic payments, ensuring that every PoS transaction is processed within a secure and traceable system.
- In furtherance of the CBN’s objective to track electronic transactions and mitigate potential security concerns surrounding PoS transactions, the CBN issued the Directive to regulate Payment Terminal Service Providers (PTSPs) connectivity to PTSAs to enhance transparency and decentralization of the digital payment system, consequently, mandating all PTSPs to connect all PoS terminal transactions either through NIBBS or UPSL (“CBN-licensed PTSA”).
This newsletter explains the Directives and highlights the obligations for PSPs and the Nigeria’s payments ecosystem.
Key Highlights of the Directive
- One of the major highlights of the Directive is that the CBN now mandates all Acquirers to route all transactions initiated at PoS terminals, whether in physical stores (brick-and-mortar) or through electronic PoS systems (such as mobile or web-based PoS), through any of the CBN-licensed PTSAs. This requires PTSPs to configure PoS terminals to send transaction data to either of the CBN-licensed PTSAs. This requirement applies to both existing and new PoS terminals. Practically, the responsibility for routing these transactions falls on the PTSPs [8], who will handle the configuration of the PoS terminals as specified by the Acquirer. Merchants and agents accepting payments via PoS terminals typically won’t interact directly with the PTSAs, however, they must be aware of this change to ensure seamless transaction processing.
- In addition to the obligation of routing all PoS terminal transactions through CBN-Licensed PTSAs, the Directive requires that the PTSAs must process all PoS transactions through certified and licensed Processors. This means that after a transaction reaches a the CBN-licensed PTSA, then the CBN-licensed PTSA must pass the transaction to a Processor that has been certified by a relevant payment scheme, such as Visa, MasterCard, or Verve [9], selected by the Acquirer and is licensed by the CBN. By doing so, the CBN ensures that only authorized and certified processors handle PoS transactions, significantly enhancing the security and compliance of the payment system. This requirement adds an extra layer of security by creating a controlled processing environment where each transaction is managed within a regulated framework. Acquirers benefit from this structure as well, gaining the flexibility to choose from multiple certified Processors that are integrated with both CBN-licensed PTSA, enabling them to select trusted partners that best suit their operational needs.
- Furthermore, the Directive introduces specific monthly reporting obligations for PTSPs and PTSAs. The PTSPs are now required to compile and submit detailed monthly reports to the CBN which must include (y) the total number of merchants and agents they manage; and (z) information on which PTSA services were used to route the transactions of each merchant or agent. They must compile this data into a standardized report format that meets CBN’s requirements, which is expected to be provided by the CBN. The report must then be submitted by the PTSPs to the Director, Payments System Management Department, within seven days of the month’s end. Submission is usually done through a specified email provided by the CBN and CBN’s physical address.
- The PTSAs on the other hand are also required to submit monthly reports to the CBN which must include detailed information on all transactions processed through their platforms during the month. The PTSAs would need to maintain detailed logs of all processed transactions, including transaction volumes, values, and routing details. While some level of reporting may have existed before, this Directive formalizes and standardizes the reporting requirements for PTSPs and PTSAs,[10] providing the CBN with a more transparent and unified view of the payment ecosystem. Similar to PTSPs, PTSAs must submit these reports to the CBN no later than seven days after the end of each month. This means that they have a seven-day window starting from the first day of the new month to compile and submit the required data.
- All relevant stakeholders must commence regularization with the PTSAs (including configuring the PoS) and notify the CBN in writing to confirm compliance within 30 days from the date of the Directive being October 11, 2024. Failure to comply by the date will result in appropriate sanctions to be determined by the CBN.
Conclusion
The Directive to enhance the monitoring of electronic transactions and decentralize the routing of PoS transactions marks a significant step toward strengthening Nigeria’s digital payment ecosystem. Given the recent statistics from the Nigeria Inter-Bank Settlement System Plc, which identified PoS terminals as accounting for 26.37% of the country’s fraud incidents in 2023, this move is both timely and necessary. This initiative directly addresses these security concerns by introducing stricter routing and reporting requirements, ensuring that transactions are processed through a more secure and traceable system.
Furthermore, this Directive seems to also align with the broader regulatory environment, following the Corporate Affairs Commission’s notice in May requiring PoS operators to register their businesses. Together, these measures contribute to a more robust and regulated payment ecosystem.
[1] Section 131 of Banks and Other Financial Institutions Act (BOFIA), 2020 defines a Payment Service Provider (PSP) as an entity licenced by the Central Bank of Nigeria to provide payment service (also known as, technical or technology infrastructure software solutions or services for facilitating end-to-end electronic payment to third parties and such other services as the Governor may by regulation designate)
[2] Article 3.4.3.5 of the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, 2020
[3] https://nibss-plc.com.ng/payment-terminal-and-application-certification/
[4] https://www.cbn.gov.ng/Paymentsystem/PSPs.asp
[5] Article 5(1) of the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, 2020
[6] Article 3.4.1.5 and Article 3.4.3.1 of the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, 2020
[7] https://nibss-plc.com.ng/2023-annual-fraud-landscape/
[8] Article 3.4.3.5 of the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, 2020
[9] Licensed Payments Service Providers https://www.cbn.gov.ng/Paymentsystem/PSPs.asp
[10] Article 1.7 of the CBN Guidelines on Operations of Electronic Payment Channels in Nigeria, 2020