Concept Paper Outlines - Compiled v2

CYBERSECURITY

– Protecting the Financial System
By: FCMB and SCB

1

Cybersecurity – Protecting the Financial System

In recent times, the changing consumer preference and the race to meet up to
international service delivery standards, scale operations and improve operational
efficiency has led to rapid adoption of technology, cloud based services and initiation
of Application Programming Interface (API) economy among others to drive
interconnectivity with other service partners.
This drive has led to a proliferation of several digital channels and presented a huge
opportunity for delivering products and services in a convenient and enjoyable
manner, with the digital connectivity expected to unlock innovation and prosperity
around the world. However, as government and corporate organizations increasingly
depend on the complex internet enabled business solutions, they also become
increasingly vulnerable to cyberattacks on the information and data shared across
these channels. Cybercriminals are taking advantage of the borderless playing field
and the trust among nation states, corporations and global law enforcement to build
their criminal enterprises and launch targeted attacks. And the increasing level of the
cyberthreat is now becoming a major obstacle to the collective path to progress.
Cost to society
The severity of the cyber-attacks has in recent time attained alarming levels with
developed economies and high-end global organizations reporting increasing level of
attacks. It has caused a lot of havoc to individuals; private and public businesses and
even threaten national security and financial health.
At corporate level, sensitive company information are stolen and made available to
competition, which causes untold embarrassment and reduces the competitive

2

strength of industries. It also leads to loss of revenue, through identity theft,
unauthorized access to vital information such as trade secrets and proprietary
information. These unquantifiable losses reduce profitability, as more time is spent
preventing, troubleshooting or protecting company assets from the side effects of
cybercrime, rather than engaging in more productive activities.

In September 2018, Facebook experienced a network vulnerability which allowed
hackers gain access to user accounts, potentially exposing the personal information of
nearly 30 million users. This big security breach further heightened fear, even the
huge tech-savvy social media companies are not immune to the cyberattacks. Also at
the Marriott-owned Starwood hotel group in 2018, guest information for up to 500
million guests has been compromised, including payment information, names, billing
addresses, phone numbers, email addresses, passport numbers among others, leading
to Marriott facing a fine of about $123 million from the UK authorities over this breach.
And in July 2019, a Silence hacker group were alleged to have stolen over $3 million
from Bangladesh's Dutch Bangla Bank.

Beyond the hackers looking to make a profit through stealing individual and corporate
data, entire nation states are now using their cyber skills to infiltrate other
governments and perform attacks on critical infrastructure. High level of cybercrime
brings the country’s name into disrepute within the international community, leading
to reduction in trade and the inflow of much needed FDIs. Computer security giant
McAfee has predicted that: “Nation-state cyberwarfare will become an equalizer,
shifting the balance of power in many international relationships just as nuclear
weapons did starting in the 1950s”. The national integrity of the globally respected
United States electioneering process was called to question recently on the back of
alleged cyber interference. Developed economies including the USA, China, Russia etc.
have in recent time increased global tension on the back of counter claim on cyber-
attacks.

Households and individuals are also not immune to the impact of cyber threat, with
the unpleasant experiences undermining the digital financial services customer’s
finances and overall trust in the financial system. This is even more pronounced among
the low-income customers, who are least able to rebound from the losses and the
newly banked, whose trust in financial services may be fragile. It remains a big drag
on the financial inclusion drive and economic growth agenda of the government.

According to a 2018 report by the US based Center for Strategic and International
Studies (CSIS) working with McAfee, cybercrime which costs the world’s economy
almost $500 billion, or about 0.7% of global income In 2014, more than the income
of all but a handful of countries, is now costing the world about $600 billion, or
0.8% of global GDP. While global spending on cybersecurity products and services

3

will top $103 billion in 2019, up 9.4 percent from 2018, with large enterprises having
about 500 -1000 employees spending the most.

Without doubt the increasing cost of protecting against cyber attacks taking into
consideration information asymmetry within the large informal developing economies
remain unimaginable

The case in Nigeria

In the case of Nigeria, the issue of cybercrime and its impact on the Nigerian economy
in relations to FDI inflow has increasingly become worrisome. This is becoming more
visible with the increasing level of unemployment, as the impact on business
confidence is leading multinationals and their parent companies to flee the country
and, in some instances, cut their staff strength due to cyber-attacks that has led to
fall in profit. Not only is cyber insecurity affecting investments, it is also affecting
tourism, acclaimed to be a leading source of foreign exchange globally. With travel
warnings issued across the world to foreigners visiting Nigeria either for leisure or to
set up businesses, national image is daily being impaired.

Responding to the global challenge, the Nigeria government enacted the Cybercrime
(Prohibition, Prevention, Etc.) Act in 2015, which prescribes punishment for
cybercrime related offences. In tandem with this, the CBN also released the Risk-
Based Cybersecurity Framework for Deposit Money Banks and Payment Service
Providers in 2018

Despite the above efforts, government, the financial service sector and household in
Nigeria have not been immune to the spree of cyber-attacks and data breaches, with
mixed cases of phishing attacks, malicious software embedded at payment interfaces
and ransomware gaining more traction. According to the “Nigeria Electronic Fraud
Forum Annual Report” published by the Central Bank of Nigeria, financial service fraud
volume reported in 2018 is the highest seen in the last four years, increasing in volume
by about 55%, from about N1.6bn in 2017 to about N2.1bn(US$ 7.1 million) in 2018.
With mobile channel fraud taking the lead in both fraud volume and actual loss. This
loss is excluding the recorded over 38,000 attempted fraud count valued at over
₦9Billion within the last 12 months.

Considering the high penetration rate in Nigeria (68.9%), mobile has become an
obvious channel for Nigerians at the bottom of the pyramid to use as they adopt
financial services for the first time. EFInA in its 2018 Survey showed that the uptake
and usage has been persistently low (at 3.3%), despite its rapid growth in many other
emerging markets, with lack of trust being a key obstacle affecting the uptake of
mobile financial services in Nigeria

4

Need for collaboration

While the global impact of cyber-attacks appears all encompassing, the financial sector
appears the most affected as cyber-attacks on all other sectors of the society
culminate in financial loss. With the financial sector depending on complex IT systems
in order to function and are at the same time linked across the sector via data centers,
payment and settlement systems, addressing cyber concerns remains germane to
having a sound, reliable and safe financial system. A stable financial system relies,
inter alia, on trust that book-entries of transactions are correct and are kept
confidential, that settlement of payments and securities trades takes place in a timely
manner and that customer-oriented systems are safe and accessible. Repeated
cyberattacks on financial sector firms and systems may weaken confidence in the
financial system and an extensive cyberattack that compromises critical systems could
potentially affect the whole sector or significant parts of it. While individual financial
sector stakeholders are developing strong focus on IT security to protect themselves
within the scope of their operations, including making their systems resilient to
cyberattacks, the multifaceted nature of the cyberthreat exposes each component of
the financial system as a potential weak link that could compromise the whole financial
system. Hence the very strong justification for collaboration.

In the United Kingdom, the biggest insurers and banks have teamed up to create a
new organization to defend the country’s financial infrastructure against cyber-
attacks. Called “the Financial Sector Cyber Collaboration Centre”, the organization
is backed by several banks, insurers and securities exchanges. The body is the
brainchild of UK Finance, an amalgamation of six financial trade institutions. The
center will also be working with the National Cyber Security Centre (NCSC) and
National Crime Agency (NCA).

Also, within the European Union block, cybersecurity was identified as one of the main
challenges in its 2017 mid-term review of the Digital Single Market. The Network and
Information Security (“NIS”) Directive (2016) which is the first piece of EU-wide
legislation on cybersecurity. The adopted EU Cybersecurity Act gives ENISA, the EU
Cybersecurity Agency, a reinforced role and establishes an EU-wide cybersecurity
certification framework for digital products, processes and services. This is
complemented by the European Supervisory Authorities’ (“ESA”) advice to
improve ICT risk management requirements, streamline incident reporting standards
and establish an EU-wide cyber resilience testing framework.

Also, recently in June 2019, The Monetary Authority of Singapore (MAS), the Bank of
England and the Financial Conduct Authority announced they will be working together

5

to strengthen cyber security in their financial sectors. The collaboration involves MAS
and the UK financial authorities identifying effective ways to share information and
exploring potential for staff exchanges as hosts to global financial centers and FinTech
firms
Increasingly, it is becoming apparent that both on the local and global space, given
the complex nature of cyber-attacks, collaboration among key stakeholders, guided
by firm commitments to the dictates of applicable policies remains the most effective
armament to address cyber concerns

Paper focus
This paper presents an opportunity to further analyze and proffer solutions to the
increasing threat in the cyberspace, most especially as it impacts financial services
delivery and the drive to increase level of financial inclusion in Nigeria

Questions to answer:

1. What is the relevance of Cyber Security to the 2019 Bankers’ Committee
Retreat theme of ‘Advancing Digital and Mobile Technology to Impact
Sustainable Economic Growth and Development’?

a. How will it secure Digital and Mobile Technology innovations that will
drive productivity, efficiency and advance sustainable economic growth
and social development?

b. How will it improve financial inclusion driven by consumer confidence in
a safe and secure financial service?

2. What are the head wins and drivers for Nigeria’s financial system?

a. Matured regulations and standards e.g. CBN Risk-Based Cybersecurity
Framework for Financial Institutions; Information Technology Standard
Blueprint etc.

3. What is the level of maturity in Nigeria against global leading
practices/capabilities?

a. Low information security awareness amongst the workforce and the
general population (cyber literacy).

b. Lack of research and development in local cyber security space

c. Shortage in skills and competence

d. Over reliance on foreign OEMs and consultants

6

4. From a gap analysis, which areas require attention?
a. Collaboration amongst industry players
b. Collaboration amongst policy makers (Alignment of regulations)

5. What are some key facts/statistics?
6. What is the Value at play – opportunity for the financial system/customers?

a. Increased consumer confidence leading to improved financial inclusion
b. Maximising the benefits of digital innovation
7. Talking points for Retreat participants
a. Cyber Resilience – For the Deposit Money Banks (DMBs) and critical

financial market infrastructure (FMIs)
b. Fintech – Secure innovation
c. Cyber security skills shortage
d. Collaboration between industry players

Questions to answer:
1) What is Nigeria’s cyber security maturity level
2) How adequate are the current cybersecurity policies to protect the financial
sector?
3) Is there any capacity or infrastructural limitations affecting cybersecurity
implementation?
4) What are the factors promoting cyber risks in the financial landscape?
5) How can the banker’s committee as a body contribute to effective cyber
secure financial services landscape?
6) What limitations are the industry players facing in effectively promoting cyber
threat awareness among consumers

7

7) What partnership policy initiatives can we promote across arms of the
government to increase cyber security responsibilities among all key
stakeholders

8) What policy support could regulators provide to deposit money banks to invest
more in cyber security

A list of feasible solutions that are substantiated with supporting evidence.

Questions to answer:
1. What are possible responses/solutions?
2. Is this a new solution or has this solution been implemented in other countries?

For both, provide justification and evidence to show that the solution will be
effective and workable in Nigeria Financial System – ease of delivery,
infrastructure, costs, etc. What are some challenges that might be encountered?
3. How can this solution be implemented? Who are the key stakeholders to
implement it?
4. What is the value at stake for Nigeria if these issues/gaps are not addressed?

At the end of the session, the panel discussion on the topic “Cybersecurity –
Protecting the Financial System “will aim to among other things address:
▪ Ways and means of strengthening technical and capacity challenges affecting

effectiveness of cybersecurity especially in the banking context
▪ Recommend new modalities and approaches for managing the impact of

cyberattacks on the financial system
▪ Promote policy measures to strengthen the effectiveness of cyber laws as it

affects the financial service industry
▪ Provide basis for a shared purpose among key stakeholders to address

cybercrime threats and challenges
▪ Reinforce consumer trust in the emerging digital space to drive financial inclusion

and safeguard their resources

8

Digital Ecosystems for SMEs
By: Joel Nyatse and Tunde Adama

9

Digital Ecosystems for SMEs

FSDH Merchant Bank

Citibank Nigeria Limited

▪ SME Sectorial Overview
o Importance of SMEs to economies (General) – Use of data and
statistics from other countries and regions
o Importance of SMEs to Nigeria – Contribution to GDP, employment etc.

▪ General trends/ key statistics on Nigerian SMEs (revenues, growth, ownership
structure, access to credit etc.)

▪ Define digital ecosystems – what are they and what are they composed of?
▪ Examples of successful digital ecosystems from around the global and African

domain (finance industry and other wise)
▪ Benefits of digital ecosystems to participants – partners, customers etc.
▪ Relevance of creating digital ecosystems for SMEs to driving sustainable

economic growth and relevance in Nigeria (contribution to GDP, employment
etc.)

▪ Ecosystems enable players collaborate to create value for the customer. What
are the pain points of Nigerian SMEs?
o Presentation and Analyses of questionnaire administered to sample
SMEs

▪ Which of these challenges can banks can try to solve via digital ecosystem
products and services?
o Do existing solutions exist? Where are the opportunities for further
product/ service development?
o Are solutions being provide by non-bank entities?
o Do collaborative opportunities between banks and these entities exist?

▪ Are there legal, regulatory or structural challenges to solving these problems?
▪ How can digital ecosystems be leveraged to enhance value proposition for

SMEs (access to funding and markets, skills development, logistics support,
financial management etc.)
▪ Challenges faced by banks in supporting Nigerian SMEs.

10

o Recent successes and reasons to be optimistic

▪ What key success factors are critical for developing digital ecosystems (strong
user base, diversity of partners, collaboration capabilities etc.)

▪ What strategies should be adopted in building sustainable ecosystems for
Nigerian SMEs?

▪ From which other industries can the banking industry identify partners for
collaboration?

▪ What types of partnership agreements will be most suited for our market
(M&As, Strategic Alliances, Multiple Alliances, Investments etc.)

▪ What capabilities and competences do banks need to develop?
▪ What legal or regulatory hurdles have to be surmounted?
▪ Standardization can help SMEs reduce costs, improve innovation capacity as

well as quality of their products and services and thereby enhance their
competitiveness. How can we improve standards in the SME space?

Talking Points/Considerations for Participants during the Retreat.
▪ What is the outlook for digital and SME ecosystems in Nigeria?
▪ Practical next steps

We will require additional members for this workgroup from banks that are active
players in the SME space. As such, we are requesting for one member each from
GTB/Access Bank and First Bank/Fidelity.

11

‘Streamlining Taxation
Through Digital’
By: Access Bank Plc and
SCBN Limited

12

Concept Paper Topic
Streamlining Taxation through Digital

Bank Responsible
Standard Chartered Bank Nigeria Limited and Access Bank Plc
Adedeji Adesola- Standard Chartered Bank Nigeria Limited
Bright Oyasor- Access Bank Plc
Aliyu Bakare- Access Bank Plc

Albert Einstein said- The hardest thing in the word to understand is income tax. This is
imminent in the multiplicity and complexity of tax laws, and the ambiguity in the interpretation
of the tax laws.

In Nigeria, Tax administration is vested in the three tiers of government. The Federal Inland
Revenue Service (FIRS), administered all Taxes payable to the Federal Government, while the
State Boards of Internal Revenue (SBIRs) of all the states in the Federation administered the
taxes payable to the State Governments. Local Governments also administer rates and levies
collectible by them through their various councils.

There are a good number of taxes payable by persons doing business in Nigeria. These include
Companies' income tax, Personal income tax, Capital gains tax, Value-added tax, Education
tax, technology tax, stamp duties, withholding tax and the newly introduced Police trust
fund. Penalties are imposed for failure to pay taxes when due.

The Nigeria economy for many years (being a mono income economy) had dependent heavily
on fund generated from crude oil. However, due to alternative solutions and advancement in
technologies in recent times the prices of crude oil have experienced a significant decline. The
decline in the price of oil in recent years has led to a decrease in the funds available for
distribution to the Federal, State and local Governments. The need for Federal, State & Local
Governments to generate adequate revenue from internal sources has thus become a matter of
extreme importance. This need underscores the eagerness of all tiers of government to look for
new sources of revenue or to become aggressive and innovative in revenue collection from
existing sources.

Taxation has therefore become one of the most important sources of revenue to the government
in terms of the magnitude of revenue derivable, certainty and consistency. Owing to the
inherent power of the government to impose and collect taxes, the government is assured
always of its tax revenue no matter the circumstances. The Nigeria tax authorities are becoming

13

more aggressive in the area of revenue generation and resorting to underhand tactics to drive
revenue, ambiguities in the provisions of the Nigeria tax laws and a host of other reasons.

Based on the above, there has been an upward surge in the number of multidimensional
requests, enquiries and correspondence from the Federal and State tax authorities. These
letters, which sometimes bother on the ridiculous has led to an increase in the frequency of
desk reviews and tax audits in Nigeria.

QUESTIONS FOR DISCUSSION

1. Given that the tax to GDP ratio in Nigeria is currently about 6%, how can digital
technology assist the government to improve this?

2. What are the things we can disruptively do to improve our tax to GDP ratio? We
need to move away from the routine and do things differently that will change the status
quo.

3. How can digital technological be deployed to minimise incidence of multiple taxation
in Nigeria?

4. What are the best ways digital technology can be optimised to simplify tax
computation and bring clarity to the various taxes payable by different businesses in
Nigeria?

5. How can the complexities in tax laws and administration be eliminated riding on
digital technology?

6. How can we deploy digital technology to improve accountability and transparency
in the tax space?

7. How can government leverage digital resources to make tax evasion difficult
amongst eligible tax payers; and improve collection.

8. What are the likely downsides to using digital technology in taxation and the
mitigants that can be employed?

9. i Are there studies / research which confirm that technology has helped other
developing economies to increase their tax to GDP ratio?

ii. How can Nigeria leverage on the experience of these countries to digitalize its tax
system.

10. Although the e-filing system has been introduced into the Nigerian tax system, tax
payers still file hard copy tax returns. What can be done to ensure that a full-fledged
tax digital technology system proves to be seamless and more efficient for all tax
types?

14

11. A large proportion of the Nigerian economy is made up of SMEs who still struggle
with their business cost. Given the high cost of tax technology, what will be done to
ensure that these businesses are also able to utilize technology in complying with
taxation while managing cost?
12. What other areas excluding revenue collection, can digital technology be beneficial
to tax processes?
13. Timely communication of tax initiatives and policy changes to various stakeholders
is very important. How can FIRS and various States IRS take advantage of digital
technology to achieve this?
14. There have been debates over the place of electronic filing in the Nigerian law,
therefore do tax authorities in Nigeria have the necessary legal powers to mandate
online filing, or to use electronic submissions as evidence in court?
15. In 2018, the percentage of Nigerian who do not use internet was measured to be
about 53%. How will these individuals be integrated into a digital tax system where
they are required to file their tax returns online?
16. What are the enablers that can improve the level of utilization of technology by all
stakeholders in the taxation system?
17. What in your view is the general disposition of companies in Nigeria towards
adopting digital technology in their tax functions?

Conclusion
The Nigerian tax system is faced with numerous challenges, which can be
surmounted through the proper deployment of digital technology in our tax space.
The questions above should provoke ideas generation which when implemented will
improve the Nigerian tax system and enhance the ease of doing business in Nigeria.

15

‘Digital Lending Ecosystem’
By: Union Bank

16

Digital Lending

• Union Bank
• GTB
• Access Bank
• Sterling

A short introduction of the allocated topic.

Questions to answer:
1. What is the relevance of digital lending to ‘Advancing Sustainable
Economic Growth and Development’?
2. What are the head wins and drivers for Nigeria’s digital lending ecosystem?
3. What is the level of maturity vs global leading practices/capabilities?

A description of gaps in financial system capability compared with leading
environments.

Questions to answer:
1. What are the gaps with the current system?
2. What is the value at stake for Nigeria if these issues/gaps are not
addressed?
3. What are the issues/opportunities for improvement?
4. Can this be quantified? If so, provide quantification
5. What needs to be done?

A list of feasible solutions that are substantiated with supporting evidence.

17

Questions to answer:
1) What are possible responses/solutions?
2) Is this a new solution or has this solution been implemented in other countries?
For both, provide justification and evidence to show that the solution will be
effective and workable in Nigeria Financial System – ease of delivery,
infrastructure, costs, etc. What are some challenges that might be
encountered?
3) How can this solution be implemented?
4) What enablers need to be put in place? Who are the key stakeholders to
implement it?

Talking Points/Considerations for Participants during the Retreat.

18