From AML obligations to practical KYC tips, we’re sharing best practices for onboarding users in Nigeria, a country with a booming fintech market.
In the last few years, Nigeria has become a major fintech player in Africa. The country has produced 5 out of Africa’s 7 unicorns so far, while its fintech start-ups raised $1.5 billion in 2021 alone. Moreover, Nigeria has the highest cryptocurrency use rate in the world.
At the same time, Nigeria is a significant source of financial and cybercrime. According to the Sumsub Fraud Study 2021, the country is a global leader in ID document forgery. This brings additional challenges for fintech companies onboarding Nigerian users. This article provides practical tips for performing KYC checks on Nigerian customers that can help avoid sanctions and fraud.
The Nigerian financial sector falls under the Central Bank of Nigeria Regulations of 2013 (Anti-money Laundering and Combating the Financing of Terrorism in Banks and Other Financial Institutions in Nigeria) as amended in 2019 (the CBN’s regulations). These regulations define the services conducted by “financial institutions,” including, but not limited to:
As for cryptocurrency businesses, they can’t technically operate in Nigeria, as the CBN prohibited banks and financial institutions from facilitating payments for crypto exchanges. Still, cryptocurrency is not considered illegal, so Nigerian citizens have resorted to peer-to-peer platforms currently not falling under any AML regulations.
Along with the CBN’s regulations, Nigerian businesses must implement a number of AML measures described in the Money Laundering (Prohibition) Act of 2011 and Securities and Exchange Commission Regulations of 2013 (Capital Market Operators Anti-Money Laundering and Combating the Financing of Terrorism). These regulations prescribe risk-based CDD procedures as a part of AML obligations, which include:
1. Conducting CDD in cases defined by regulations. CDD is not only necessary at the beginning of the customer relationship. It also comes into play during an existing customer relationship, including when:
Businesses are also required to conduct CDD if they doubt the accuracy of previously obtained identity information.
2. Conducting Enhanced Due Diligence (EDD) in cases defined by regulations. Businesses must implement enhanced checks for higher-risk customers:
Enhanced Due Diligence is a series of supplementary measures in the customer verification process. This includes obtaining approval from senior management or requesting sources of wealth or funds prior to reaching a verdict about a potential customer.
To ensure proper CDD, Nigerian businesses must identify and verify their users. To identify Nigerian users, businesses must require the following details, where relevant:
The CBN’s regulations list official documents that businesses must accept as users’ proof of identity and proof of address when verifying Nigerian users:
The CBN’s regulations also approve of other verification methods, such as contacting the customer by phone to verify their phone number or certification of the customer’s identity by an embassy official or notary.
In 2007, Nigeria established the National Identity Database to combine citizens’ identity information and biometrics into a National Identification Number (NIN). Having access to the database, businesses can verify users by comparing obtained identity information with the database details linked to a person’s NIN. Accordingly, the database enables user verification by three options:
The document that confirms the user’s presence on the National Identity Database is called an NIN Slip (NINS). However, the Slip itself isn’t an identity document; rather, it serves as a receipt of one’s enrollment in the database. Accordingly, verification of the Slip is done by checking details within the National Identity Database itself.
According to the Sumsub Identity Fraud Study, Nigerian IDs are among the most forged documents in the world. That’s why we recommend paying extra attention to the verification process when it comes to Nigerian users. So, let’s take a closer look at official ID documents in Nigeria and their characteristics.
The following IDs can be used for verification of Nigerian users:
Let’s examine some tips for detecting altered documents based on Sumsub’s experience with onboarding Nigerian users.
To effectively detect document alteration, businesses should apply a four-step screening process.
Checking integrity means making sure that all elements, fonts, and colors correspond with the documents’ official templates. The ID document must contain:
The integrity of Nigerian documents can be checked based on templates from official resources:
To check document security features like watermarks, holograms, seals, etc., we recommend using AI-powered systems due to the extensive number of checks needed for each document. Here’s a list of the security features to be screened just for the National Drivers Licence:
The image authenticity check examines whether ID images have been altered by photoshop or other means. This can be done by automated signature and pixel analysis which distinguishes deliberate image tampering from benign cosmetic changes like cropping, resizing, or rotation.
Nigerian passports and e-ID cards contain an MRZ—a codified element that facilitates automated scanning of personal data. The MRZ consists of two or three lines of characters, numbers, and separators, that are decoded during scanning. The extracted information is then compared with the data that’s visible on the document.
Tampered documents aren’t the only risk occurring at the verification stage. Fraudsters can also purchase real documents on the darknet, which makes detecting identity theft more complicated since no document alteration is occurring. Here’s Sumsub’s take on the most secure and efficient onboarding process:
All in all, a secure onboarding process should include a combination of approaches, such as image authenticity analysis, database screening, and biometric checks.