Policy & Regulations - Afrikan Heroes

South African President Signs New Cybercrimes Law

June 11, 2021

The South African President Cyril Ramaphosa has signed the Cybercrimes Bill into law which has brought to focus certain aspects of the law many people are oblivious of. Now an act of parliament, the bill seeks to bring the country’s cybersecurity laws in line with the rest of the world.

One of the features of the new bill is the creation of offences and the criminalisation of, amongst others, the disclosure of data messages which are harmful.

What this means is that if you send someone a WhatsApp message containing illegal material or with violent intentions, you can now be prosecuted for it.

Examples of data messages now criminalised include:

Messages which incite violence or damage to property.

Messages which threaten persons with violence or damage to property.

Messages which contain an intimate image sent without the subject’s consent.

However, this isn’t just limited to WhatsApp. Sending any of these kinds of messages to someone over any online platform can land you in hot water.

Other offences that can land you with jail time or a hefty fine include cyber fraud, extortion and theft of incorporeal property (which includes digital property), according to Ahmore Burger-Smidt, director and head of Data Privacy Practice at Werkmans Attorneys.

“The unlawful and intentional access of a computer system or computer data storage medium is also considered an offence along with the unlawful interception of or interference with data,” says Burger-Smidt.

“This creates a broad ambit for the application of the Cybercrimes Act which defines ‘data’ as electronic representations of information in any form.”

Being convicted for one of these offences under the new Cybercrimes Act will make you liable to either a fine or to be imprisoned for a period of up to 15 years. You can also be fined and face jail time, depending on the seriousness of the offence.

Other Insights from the New Cybercrimes Bill

Burger-Smidt continues to say that the Cybercrimes Act will also mean important changes for electronic communications service providers and financial institutions to take into serious account. One of which is an obligation to assist the government in the investigation of cybercrime. These obligations include the providing of data, hardware, applications, or any other particular to the courts during investigations.

“There is also a reporting duty on electronic communications service providers and financial institutions to report, without undue delay and where feasible, cyber offences within 72 hours of becoming aware of them.”

“A failure to do so may lead to the imposition of a fine not exceeding R50,000 ($3674.36),” Burger-Smidt said.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry

It Now Costs Up To $1.2m To Secure A Fintech License In Mauritius

June 10, 2021

More than ten years ago, fintech startup Paga was looking for the best African country to headquarter in. Its home country, Nigeria, was a big turn-off. In 2009 when the company was formed, the country was performing poorly across all the key ease of doing business indexes. In fact that year, the World Bank placed it 118th out of 180 countries globally on the ease of doing business ranking (it was 13th in Africa). And so, coupled with having one of the highest corporate tax rates in Africa (30%), and the fact that investors in African startups were still few and skeptical then about where their money went to, the choice of Nigeria as the headquarters of Paga was discarded. In its place, was a tiny island, Mauritius, located off the coast of East Africa, with a population of barely 1.2 million.

Apart from the fact the Mauritius was where Paga’s first investor (Goodwell Investments BV) was headquartered in Africa (and so the choice was only natural for ease of investments), that year the country ranked 24th in the world on the ease of doing business index, and first in Africa.

But Paga was lucky. As at 2009, the regulation of fintech companies in Africa was still at the infancy. Mauritius only began to legislate on a national payment system in 2018 following the enactment of the National Payment Systems Act. Before then, fintech startups in Mauritius had relied on a regulatory sandbox licensing regime introduced in the Investment Promotion Act of 2016. The sandbox license, however, only allowed them to test their products and services, and no more. The extent to which they could scale their businesses under the license was, therefore, hugely limited.

However, with the recent introduction of the National Payment Systems (Authorisation and Licensing) Regulations in the small island nation, it is safe to say that the era of piggy-backing on a sandbox license to run fintech operations in the country is over.

But How Will Foreign Fintech Companies Cope Under The New Regulations?

First, it is important to point out that a lot of things have changed, including that there are now wider options for African fintech companies looking for countries to headquarter their operations in— Paga has even re-headquartered away from Mauritius to the UK.

Nevertheless, Mauritius remains a country of choice for African fintech startups looking to reduce regulatory risks associated with maintaining legal presence in only one country.

To get any electronic payments license in Mauritius under the new regulations, the foreign company can either be a local company registered in Mauritius, or a foreign company setting up a local fintech branch.

All the law requires is that the company makes application to the Bank of Mauritius, the country’s central bank, for a licence to either act as a payment service provider, or operate a payment system, clearing system or settlement system in Mauritius.

But there are more to it, and they would be considered accordingly.

Fintech license Mauritius — *Mauritius is Africa’s number one destination for ease of doing business according to the World Bank. Image credits: Fabien Dubessay*

How Many Days Does It Take To Procure The License?

60 days from the receipt of a complete documentation. However, the central bank is required to get back to the applicant within 30 days from the receipt of an application, for the applicant to supply any outstanding documents or information.

What Are The Requirements For Obtaining The License?

To be able to obtain any of the category of the licenses, the fintech company must fulfil the following key requirements:

The fintech company must have a place in Mauritius where it runs its business from, and must maintain a staff according to its size.

If the fintech company is registered in Mauritius, it must have a board of at least three directors (not a corporate director). One of the directors must be appointed as an independent director.

If the fintech company is a foreign-registered company only launching a branch in Mauritius, it can appoint only a representative (and not a board of directors). However, approval of Bank of Mauritius must be first sought.

The fintech company must also maintain the minimum capital expected of its license category.

It must also put in place, an anti-money laundering and combatting the financing of terrorism and proliferation transaction monitoring system.

For more details on the documents to submit to obtain the license, click here (.pdf).

Can The License Be Revoked Once Granted?

Yes. The Bank of Mauritius can revoke the fintech license, in many circumstances, including if the company:

fails to start a business within six months of receiving the license.

fails to abide by the terms and conditions of the license as well as any other relevant law.

ceases to operate the business for which it has been given a license.

has been convicted of any offence related to money laundering or terrorism.

is a branch of a foreign-registered company that no longer has a license, or registration in the country where it was founded.

no longer has a physical presence in Mauritius, or if the Mauritian branch is registered outside of Mauritius, no longer has a physical presence in the country in which it is registered.

Note: The company must also renew the license every year upon paying the prescribed fees.

Are There Any Other Things Special About The Regulations?

Yes. Under the regulations, a license may be issued to a fintech company for the issuance of digital currency, provided that:

the provision of the digital currency does not include the provision of credit facilities to customers.

the amounts collected and put in the trust account for each digital currency holder are traceable.

digital currency is issued on receipt of funds for amount exactly equal to the monetary value offered, etc.

For more details on the license generally, click here (.pdf).

Fintech license Mauritius Fintech license Mauritius

S/N	TYPE OF LICENSES	Minimum Capital Requirement (In Mauritian Rupee)

1	For a payment service provider to provide the following payment service – (a) services enabling cash to be placed on a payment account, including all operations required for operating a payment account (b) services enabling cash withdrawal from a payment account, including all operations required for operating a payment account (c) execution of payment transactions, including transfers of funds on a payment account with the payment service provider of the user or with another payment service provider, including the execution of direct debits and one-off direct debit payment transactions through a payment card or a similar device credit transfers and standing orders (d) execution of payment transactions where the funds are covered by a credit line for a payment service user, including the execution of – (i) direct debits and one-off direct debits (ii) payment transactions through a payment card or a similar device credit transfers and standing orders (e) issue of payment instruments and/or acquiring of payment transaction	5 million (US$121k)
2	(f) money remittance (g) payment initiation services	3 million (US$73k)
3	(h) account information services	1 million (US$24k)
4	(i) any other services functional to the transfer of money, including the issuance of electronic money and electronic money instruments, but excluding the provision of solely online or telecommunication services or network access, of which – (i) small e-money issuer (ii) large e-money issuer (iii) other services	3 million (US$73k) 5 million (US$121k) Will vary according to nature and size of business and will be specified by the central bank by notice to the applicant
5	For an operator of – a payment system; a clearing system; or a settlement system	50 million (US$1.2m)

Minimum Capital Requirement for various types of fintech licenses in Mauritius

Why Did Nigerian Pioneer Fintech Company Paga Headquarter Away From Mauritius To The UK?

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning write

Companies In Nigeria Can Now File For Tax Online

June 7, 2021

The Federal Inland Revenue Service (FIRS), which is in charge of tax collection in Nigeria, has revised its e-filing platform and now expects all taxpayers to file their Companies Income Tax (CIT) and Value Added Tax (VAT) forms online only on the upgraded FIRS e-filing platform.

Here Is How To Go About It

The platform’s login credentials are the same as those required to apply for a corporate tax clearing certificate (TCC). If you don’t have a login, contact your tax office and submit the necessary information so that the FIRS can set up your account on the platform.

Through the links provided below, you may obtain the FIRS’s step-by-step guidelines for submitting CIT and VAT on the platform. Taxpayers must complete the online filing procedure to get a Remita Retrieval Reference number, which they may use to pay the applicable taxes either through the Remita site or through a bank.

Except in “exceptional circumstances,” most FIRS tax offices may no longer accept hard copies of CIT and VAT returns. As a result, all taxpayers must complete their online registration on the e-filing platform to prevent having their returns rejected.

To ensure a smooth filing season, any issues with the platform should be swiftly forwarded to the appropriate FIRS tax office for rectification.

Please use the links below to view and download the following documents:

Nigeria companies tax online Nigeria companies tax online

South Africa Says It Has No Plans To Ban Trading In Crypto Assets

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

South Africa Says It Has No Plans To Ban Trading In Crypto Assets

June 6, 2021

As more individuals invest in crypto-assets, South Africa’s National Treasury says it is evaluating a range of possible regulatory paths in South Africa. The Treasury noted that crypto assets have expanded significantly in South Africa over the previous five years, with consumers predominantly investing in 12 main crypto-asset trading platforms such as Luno, Altcoin Trader, and VALR, in a recent presentation to parliament.

“Crypto-assets have become too big to ignore and pose a number of risks for consumers if not sufficiently regulated,” it said.

Here Is What You Need To Know

Treasury believes that there are at least two million retail investors in the nation using these platforms, with daily transaction volumes of R2 billion.

However, it is feared that at least half of these investors do not completely comprehend how these assets function, preferring to focus on returns of 50% or more, according to the report.

Likely Approaches To Be Adopted By The Regulator

According to Treasury, authorities in South Africa now have a choice of essentially three approaches:

A Complete Ban: A comprehensive ban is not recommended, according to Treasury, because South Africa is far past the point where this is a possible, given the broad acceptance of crypto-assets. It cautioned that a prohibition would push activities underground and need increased policing. South Africa is also a member of the Financial Action Task Force (FATF), an intergovernmental organization that mandates the country to regulate cryptocurrency service providers.

Do nothing — Treasury has stated that given South Africa’s participation in the FATF and local organizations that require consumer protection, such as the Financial Sector Conduct Authority, this is not an option (FSCA).

Regulate — According to Treasury, regulating crypto-asset operations is the only viable solution. Rather than the commodity itself, this should control the services, such as wallets and exchanges. It did warn, however, that regulation is not the same as endorsement, and that the public should be made aware of cryptos’ intrinsically volatile and dangerous character. It also recommends that crypto-assets stay unregistered as legal currency and unrecognized as electronic money.

On Track To Conquer African Fintech Market, MFS Africa Signs A New 100m Mobile Money Cards Partnership

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning write

Suspension: What Is The Fate Of Startups In Nigeria That Market On Twitter?

June 5, 2021

The coming days would be heavily uncertain for startups in Nigeria which rely on Twitter, the global social media giant, to market their products or services. This follows the indefinite suspension of the latter by the Nigerian government for deleting a controversial tweet and a video posted by the country’s President Mohammed Buhari, in which he threatened Biafran separatists by referencing the 1967–1970 civil war, which claimed the lives of a million people.

The tweet, Twitter had said, violated its rules and policies. However, government had insisted the microblogging site was being used to “undermine the country’s corporate existence.” Ironically, the information was disseminated via the Federal Ministry of Information and Culture’s official Twitter account.

While public debates about the propriety or otherwise of the suspension still rage on, it is important to consider the fate of Nigeria-based startups which rely on Twitter for marketing purposes.

*Digital 2019 Nigeria (January 2019). Source: DataReportal*

How Have Companies Elsewhere Where Twitter Is Under Block Circumvented The Situation?

Although there are wide options open to companies affected by the government suspension of Twitter in Nigeria, including the use of a Virtual Private Network (VPN), company policies around further marketing on Twitter may be guided mostly by the need to avoid running into legal issues with regulators and government agencies, especially as penalties may come by way of sanctions and fines.

However, a few lessons may be gleaned from countries where Twitter or other social media networks are currently under block.

In China, even though Twitter is officially blocked, the platform continues to be used by major Chinese corporations and national media outlets, such as Huawei and CCTV, through a government-approved VPN. Generally, the Chinese government has officially prohibited the use of VPNs that have not been approved by the government (VPNs must provide the government with backdoor access to be approved, which renders them unsecure). This law, however, only applies to businesses and organizations, and not to people. However, fines and jail terms have ranged from three days to more than five years for Chinese individuals discovered constructing or selling unlicensed VPNs.

In North Korea, anyone attempting to get entry to Twitter — which had had access to it blocked since 2016 — without special authorization from the North Korean government, including international tourists and residents, will be prosecuted.

Twitter suspension Nigeria market — *Digital 2019 Nigeria (January 2019). Source: DataReportal*

What Happens To Nigerian Startups Hoping To Continue To Rely On Twitter For Marketing?

Although the Nigerian government’s directive suspending Twitter only stops at a statement for now, its implementation may have the effect of penalizing any Nigerian company that advertises on the platform by any unofficial circumventions, especially as the country’s government has been known, in recent times, for muffling lives out of businesses through regulations and policies.

According to the statement from the Ministry of Information and Culture, the National Broadcasting Commission (NBC) had been immediately mandated to commence the process of licensing all OTT and social media operations in Nigeria.

The recently approved 6th amendment to the country’s broadcasting code states that all persons wishing to operate web/online broadcasting services within the Nigerian territory must be registered with the Nigerian Broadcasting Commission (NBC), in charge of regulating broadcast media in Nigeria. The implication of this is that all online broadcasting or streaming services existing in Nigeria must not only be registered and licensed by the NBC, but must also comply with any programming standards issued by the NBC. Thus the NBC, in totality, is bringing all forms of online broadcasting within its control. In the event of breach of the new rules, the online broadcast service shall be blocked, taken down or shutdown completely, the rules state.

However, while it could be argued that the operations of Twitter in Nigeria does not fall under the provisions of the new NBC Code, and indeed under the powers of the country’s broadcasting commission, any such arguments may not matter much for companies, especially startups, as they struggle to stay away from regulatory sanctions for now, pending new developments.

Nevertheless, while Twitter has officially been suspended, other social media platforms remain operative in the West African country.

In 2020, the number of social media users in Nigeria reached roughly 28 million, a majority of whom are young people aged between 18–35 years.

On a negative note, unemployment rate in Nigeria increased to 33.30 percent in the fourth quarter of 2020 from 27.10 percent in the second quarter of 2020.

A good of number Nigeria’s young people act as “influencers” on Twitter, essentially assisting brands to market their products and services.

Globally, Twitter’s potential advertising reach is roughly 396 million people.

Twitter suspension Nigeria market Twitter suspension Nigeria market

What Nigeria ’s New Broadcast Media Regulation Means For Media Startups

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

Data Protection: What Startups In Nigeria Must Do To Be Data Privacy Compliant

June 2, 2021

In March this year, the Nigerian Information Technology Development Agency (NITDA), the body which, for now, regulates all activities related to data collection and protection, did the uncommon: it slammed the sum of ₦5 million ($13,123) against a financial services provider, Electronic Settlements Limited, for data protection breach.

In fact, NITDA did not stop there; it proceeded to place the fintech company, which is behind products like Paypad, a mobile Point of Sale (mPoS) service, and CashEnvoy, a web payment gateway, under an intense six-month oversight.

NITDA’s action was uncommon because, before then, matters of punishment for data protection breaches in Nigeria have been rare and far-fetched.

In fact, after that incident, the agency quickly published an implementation guide on the rules on data protection (passed in 2019 as Nigerian Data Protection Protection) to show it means every bit of its words on data protection in Nigeria.

Therefore, to assist Nigerian tech startups substantially comply with laws on data privacy, it would be important to clarify Nigeria’s regulatory ecosystem for data privacy in practice.

Nigeria data protection startups Nigeria data protection startups Nigeria data protection startups Nigeria data protection startups

S/N	COMPLIANCE AREAS	REQUIREMENTS	OTHERS/DOCUMENTATION	REPORTING TIMELINE/AUTHORITY

1	Consent	-Obtain positive consent from data subject on every point of data collection. Consent is positive if it allows data subject to act on it. -Consent must be explicit and never implied, such as the use of “tick-box” or “opt-in box”	Consent is required: -for any direct marketing activity, except to existing customers of the Data Controllers who have purchased goods or services; -for the Processing of Sensitive Personal Data; -for further processing; -for the processing of the personal data of a minor; – before personal data is processed in a country which is not in the Whitelist of Countries published by NITDA from time to time. -before the Data Controller makes a decision based solely on automated Processing which produces legal effects concerning or significantly affecting the Data Subject	–
2	Security	-Adhere to relevant security standards while protecting the company’s data. Adherence may be verified through data security certifications pursuant to standards such as ISO 27001; SOC2, etc.		–
3	Data Protection Impact Assessment (DPIA)	-Conduct DPIA whenever intense use of personal data is involved. -Specifically in Nigeria, conduct DPIA if data processing involves; a) evaluation or scoring (profiling); b) automated decision-making with legal or similar significant effect; c) systematic monitoring; d) when sensitive or highly Personal Data is involved; e) when Personal Data Processing relates to vulnerable or differently-abled data subjects; and f) when considering the deployment of innovative processes or application of new technological or organizational solutions. – DPIA is required for highly sensitive personal data such as: Biometric data; Data related to sexual preferences; Genetic data; Health data; Political opinions; Race and ethnic origin; Religious or philosophical beliefs; Trade union memberships. -Where the origin of the sensitive data is of a country other than Nigeria, conduct DPIA in accordance with the rules and regulations of the foreign country.		– DPIA report and approval obtained from NITDA for collecting data under paragraphs (a) to (f) in the requirement section. – Assessment reports may be facilitated by softwares such as Smartsheet; OneTrust ; TrustArc; Tugboat Logic
4	Internal Data Protection Policy	-Develop and circulate internal data protection policy to staff and vendors, especially as it concerns the collection and processing of Personal Data. -In the policy document, outline the steps they are to take to ensure the organisation’s direction is achieved and maintained; methods of responding to data breach, etc.		–
5	Data Protection Officer	-Appoint a data protection officer if: a) the core activities of the organisation involve the processing of the Personal Data of over 10,000 (ten thousand) Data Subjects per annum; b) the organisation processes Sensitive Personal Data in the regular course of its business; or the organisation possesses critical national information infrastructure (as defined under the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 or any amendment thereto) consisting of Personal Data. -If the Nigerian company is a subsidiary of an international company, appoint a data protection officer to be based in Nigeria. Also, give the Nigerian DPO full access to the entire data management system of the international company.	-The DPO shall not be liable if the company fails to comply with data protection rules. -The DPO shall oversee the entire data protection practices of the company.	– Appoint DPO within 6 months from starting a business or within six months from November, 2020.
6	Offshore Data Transfer/Sharing	-Make sure country of data transfer/sharing falls within NITDA’s White-List -Obtain an adequacy decision from Attorney-General of the Federation through NITDA -Where the destination of transfer falls outside the White-List, present verifiable consent documents to NITDA. -Implement a Binding Corporate Rule (BCR) or sign and submit a Standard Contracting Clauses (SCC) to NITDA where personal data transfer is to a foreign subsidiary or headquarters	Documents for approval of transfer: – the list of countries where the Personal Data of Nigerian citizens and residents are being transferred to in the regular course of business; -the data protection laws of the relevant data protection office/administration of such countries listed in (i) above; -the privacy policy of the Data Controller, which is NDPR-compliant; -an overview of the encryption method and data security standards; and -any other detail that assures the privacy of Personal Data is adequately protected in the target country	-Transfer reported to NITDA on a case-by-case basis; -BCR or SCC submitted separately on each occasion or included in data audit report.
7	Third Party Risk Management	-Enter into data processing agreements with third parties for every data sharing. In the third party agreement, ensure that clauses on data use only permit third parties to process expressly authorized data. The agreement must also grant the party sharing the data rights to delete, rectify or access the data. Insert a clause in the agreement to demand the third party receiver to comply with NPDR or their local data laws. -Secure confidence, either by agreements or document verifications, that the third parties have adequate security for the shared data. -Publish a list of third party data receivers. The publication must contain the category of third party receivers; the type of data disclosed; their countries; the purpose of the disclosure.		-Publication of third party data receivers included in the audit report and submitted to NITDA every 12 months.
8	Data Correction; Updating; Objection; Deletion Systems	Ensure there is a system in place for data: -correction, update, objection or deletion.		–
9	Data Retention	-State retention period of data collated in every contract, privacy policy with data subject. -Document evidence of data destruction		-Where no retention period is stated in the agreement, the retention period shall be -3 (three) years after the last active use of a digital platform. – (six) years after the last transaction in a contractual agreement. -Delete immediately if deceased relative presents evidence of death. -Delete immediately if data subject requests.
10	Data Protection Audit	– Engage a Data Protection Compliance Organization (DPCO) to perform a Data Protection Audit and file a report with NITDA	-DPCO must submit data protection audit every twelve months. -If the company is processing personal data of more than 1000 people in 6 months, submit a summary audit through DPCO to NITDA. – For company processing personal data of more than 2000 people in a year submit an audit report through DPCO to NITDA	– Deadline for submission is on or before every 15^th of March.
11	Data Breach Response	-Notify victims of breach within 72 hours. -Write an official letter to NITDA, notifying them of personal data breach within 72 hours of breach. -Write an official letter to Nigeria Computer Emergency Response Team (‘ngCERT’), notifying them of system breach within 7 days of each breach. – In the notification letter : describe breach; state period of breach; describe personal data breached; assess risk of harm of breach; estimate victims of breach; describe remedial steps; describe steps taken to inform victims; contact of the notifying company.		-Report to NITDA 72 hours of the breach. – Report to ngCERT within 7 days of each breach.
12	Data Protection Compliance On Website	-Publish privacy policy on website. -notify and allow data subjects CONSENT to the use of cookies on the website. Keep the cookies policy simple and easy to understand. The privacy policy should contain the following: a)what constitutes the Data Subject’s consent; b) description of collectable personal information; c) purpose of collection of Personal Data; d) technical methods used to collect and store personal information, cookies, JWT, web tokens etc.; e) access (if any) of third parties to Personal Data and purpose of access; f) available remedies in the event of violation of the privacy policy; g) the time frame for remedy;		-within 3 months of commencement of business.
13	Data Protection Compliance on apps	– Publish privacy policy on apps -Privacy policy should contain the following heads: i)Information the company collects ii) Why the information is collected iii) What the company does with the information it collects. iv) Consent and privacy controls v) Sharing information vi) Security of Information vii)Deleting, retaining information viii) Third party sites, etc. -There should be pop-up consent boxes at every point of information collection in the app for purposes of obtaining consent from data subjects.		-Within 3 months of commencement of business.
14	Continuous Training	-Train members of senior management and employees that collect data on Nigerian data protection laws and practices.		-within the first 6 (six) months of incorporation and then on a biennial basis

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

A New 10-Year Master Plan Launched By Ghana SEC Has Huge Plans For Fintech, Venture Capital And Blockchain

May 30, 2021

The Securities and Exchange Commission (SEC) in Ghana, responsible for regulating the country’s financial markets, has launched its maiden Capital Market Master Plan (CMMP) to serve as the blueprint for the development of the capital market in Ghana for the next 10 years. The plan, if fully implemented, would significantly improve the country’s startup landscape, especially as it relates to fintech, venture capital, regulatory sandbox regime, the adoption of blockchain technology as well as crowdfunding.

*Daniel Ogbarmey Tetteh, Director-General of Ghana’s Securities & Exchange Commission*

“The Capital Market Master Plan forms part of Ghana’s efforts at building a robust and sustainable long-term financial market to anchor the country’s accelerated development goals of its real sector of the economy. It is aimed at charting the course and providing the blueprint to guide the development and growth trajectory of the capital market over a ten-year uninterrupted period,” Daniel Ogbarmey Tetteh, Director-General of Ghana’s Securities & Exchange Commission, about the blueprint.

Ghana SEC Blockchain fintech — *Ghana SEC hopes to achieve the 10-year master plans through the structures above. Source: SEC Ghana*

Here Are A Few Of The Plans Especially As They Relate To Ghana’s Startup Landscape

On Fintech

The SEC says it would introduce:

Regulatory Sandbox — for piloting innovative proposals and determining their impact and the appropriate regulatory approach within a safe space. The SEC says the partnership will make it easy for the regulator to deal adequately with associated risks such as the use, analysis and sale of customer data and increased systemic vulnerabilities.

Digital platforms for retail trading — to incorporate within the capital markets the best practices and lessons learned from the application of Fintech in other sectors, particularly digital banking.

Capital Market Fintech Meeting — quarterly/semi-annual meetings coordinated by SEC attended by Ghana Stock Exchange, Central Securities Depository (CSD) Ghana, selected market participants and Fintech companies in Ghana to discuss market needs and opportunities and regulatory obstacles to technological development within the market.

On Blockchain:

The SEC says it is exploring the usage of blockchain in the following:

Clearing and Settlements — The accurate recording capabilities of blockchain may make current clearing and settlement procedures redundant, resulting in faster transactions and reduced costs for financial institutions; and

Cross-border transactions — Transferring money across borders has traditionally been slow and expensive, since systems typically pass through multiple banks on the way to the payment’s final destination. Blockchain, can make the process faster, more accurate and less expensive.

On Crowdfunding

The SEC says it would develop clear regulations around crowdfunding, aimed at protecting public and informing decisions, without opening up riskier issuance risks.

On Venture Capital

The SEC states it would work with Ghana’s Attorney General, the Registrar General and the Ghana Revenue Authority, to fashion a framework that will enable private equity and venture capital to thrive in Ghana.

It particularly notes in the plan that currently, Ghana does not have a limited-liability partnership structure. Thus private equity funds have to be structured as companies limited by shares. This, it notes, creates the following issues: (a) Taxation of management fees at the fund level instead of at the general partner level, (b) Taxation of the vehicle as a company instead of pass-through tax treatment, and (c ) Limited ability for payouts since standard companies cannot distribute in a way that impairs capital, which is not relevant in the case of a private equity fund.

To download the master plan, click here (.pdf).

Ghana SEC Blockchain fintech Ghana SEC Blockchain fintech

Ghana’s New Regulatory Sandbox Regime Favours Blockchain Startups Ahead Of Others

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

Crowdfunding And Investment Platforms In Nigeria Must Obtain Licenses To Exist After June 30, 2021 — SEC

May 29, 2021

The Securities and Exchange Commission (SEC) in Nigeria has mandated all persons or entities operating an investment/crowdfunding portal or digital commodities investment platform in Nigeria to restructure all operations in accordance with the requirements of its new rules and apply for registration and obtain the requisite licenses on or before June 30, 2020.

“This is to inform all stakeholders that as part of efforts to ensure investor protection while encouraging innovation in the conduct of securities business, the rules governing Crowdfunding business in Nigeria came into effect on the 21st day of January, 2021,” a statement from SEC reads.

“While the transitional period elapsed on the 21st day of April, 2021, the Commission hereby directs all existing investment crowdfunding portals/digital commodities investment platforms to note the requirements and eligibility criteria for raising funds through and/or operating a Crowdfunding Portal and comply with the registration requirements or cease operations by the 30th of June, 2021, failing which the operations of such platform would be categorized as illegal and attract regulatory sanction as stipulated in the Rules,” it further adds.

Under SEC’s new regulation, only MSMEs (Micro, small and medium enterprises) registered as a company in Nigeria with a minimum of two years operating track record are eligible to raise funds through a Crowdfunding Portal registered by the Securities and Exchange Commission. However, if the MSME has been less than 2 years in operation, but has a strong technical partner who has been in operation for at least 2 years, it will qualify. It will also qualify if it has a core investor on ground.

However, some MSMEs are prohibited from raising funds through a crowdfunding portal, and they include those with (i) complex structures (that is, an MSME without adequate clarity about its ownership or control which make it difficult to immediately ascertain the beneficial owners of the entity) ; (ii) public listed companies and their subsidiaries; (iii ) MSMEs with no specific business plan; (iv) MSMEs that propose to use the funds raised to provide loans or invest in other entities.

NB:

Micro Enterprises in Nigeria are those enterprises whose total assets (excluding land and buildings) are less than Ten Million Naira with a workforce not exceeding ten employees.
Small Enterprises are those enterprises whose total assets (excluding land and building) are above Ten Million Naira but not exceeding One Hundred Million Naira with a total workforce of above ten, but not exceeding forty-nine employees.
Medium Enterprises are those enterprises with total assets excluding land and building) are above Fifty Million Naira, but not exceeding One Billion Naira with a total workforce of between 50 and 199
employees — Source: SMEDAN Nigeria

SEC Investment licenses Nigeria

What Does Nigeria’s New Crowdfunding Regulation Mean For Startups, In Simple Terms?

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

Uganda Issues First Fintech License, Which Costs Up To $2.8m To MTN, Airtel

May 26, 2021

The era of unregulated fintechs in Uganda has ended. This is as a result of the country’s new law — National Payment System (NPS) Act 2020 — and the gazetting of the NPS Implementing Regulations on 5th March 2020, requiring every fintech company in the East African country to procure a fintech license to remain in operations. To that effect, Bank of Uganda (BoU), the country’s central bank, has issued the country’s first ever fintech licenses to both MTN Mobile Money Uganda Limited and Airtel Mobile Commerce Uganda Limited.

“Pursuant to Section 9 of the National Payment Systems Act, 2020 and Regulation 3 of the National Payment Systems Regulations, 2021, Bank of Uganda has issued licences to the following entities:
Airtel Mobile Commerce Uganda Limited.
MTN Mobile Money Uganda Limited.
In addition, M/s Wave Transfer Limited received the Bank of Uganda’s approval to operate under the Regulatory Sandbox Framework, pursuant to Section 16 of the National Payment Systems Act, 2020 and Regulation 5 of the National Payment Systems (Sandbox) Regulations, 2021.
The Bank of Uganda will continue to support the development of a vibrant and resilient payments eco-system that promotes economic growth,” a statement released by the bank reads in part.
Read also:Why Investors Poured New $2m In Nigerian Fintech Startup, Mono

Uganda’s largest telecom firms have been providing mobile financial services without a license for years.

The National Payment System Department of the Bank of Uganda is in charge of overseeing the country’s payment system in order to ensure its overall effectiveness and credibility.

A Set Of Sweeping Regulations

Uganda’s National Payments Systems Act of 2020 demands that no one can provide a payment service, operate a payment system, or issue a payment instrument without first obtaining a license from the central bank.

Any person who defies this risks an imprisonment period of not more than four years, including having to immediately stop offering such payment services. The person will also be barred from ever obtaining a license again from the central bank.

S/N	License Category	License Class	Minimum Capital Requirement

1	Payment Systems Operator	Funds transfer systems:Large funds transfer systems whose transaction value exceeds one hundred billion shillings per month	1bn Shillings ($282k)
		Medium funds transfer systems whose transaction value exceeds one billion shillings per month and does not exceed one hundred billion shillings per month	500m Shillings ($141k)
		Small funds transfer systems whose transactions value does exceed one billion shillings per month	100m Shillings ($29k)
		Clearing systems or switches	500m Shillings ($141k)
		Settlement systems	250m Shillings ($71k)
		Third party systems	100m Shillings ($29k)
2	Payment Service Provider	Electronic money issuer Large electronic money issuer whose total trust account value exceeds exceed two hundred billion shillings.	10bn Shillings ($2.8m)
		Medium electronic money issuer whose total trust account value exceeds five hundred million but does not exceed two hundred billion shillings.	5bn Shillings ($1.4m)
		Small electronic money issuer whose total trust account value does not exceed five hundred million shillings.	250m shillings ($71k)

The application fees for each of Uganda’s payment systems license.

What Activities Are Eligible For Grant of License Under The New Law?

Under the new law, if a fintech company meets one or more of the following criteria, its application for a license may be approved by the central bank. The activities include:

Clearing payment instructions between financial and non-financial institutions;
Settling obligations resulting from clearing payment instructions.
Using an electronic system to move funds from one account to another;
Electronic money transfer from one electronic device to another;
Provision of technological services for or on behalf of a payment system provider to facilitate switching, routing, clearing, or data management;
Provision of electronic payment services to the unbanked and underbanked population;
Provision of financial communications networks;
Ordering or transmitting payment instructions;
Fulfilling payment obligations at points of sale, merchantoutlets or over the internet.

The central bank is mandated to grant the license within sixty days from the date of the application for a licence.

The law also created a regulatory sandbox regime, for those who want to test-run innovative financial products or services without obtaining a license.

Uganda fintech license Uganda fintech license

Central Bank of Nigeria Toughens Rules For Fintech Startups Looking For Licenses

Charles Rapulu Udoh

Charles Rapulu Udoh is a Lagos-based lawyer who has advised startups across Africa on issues such as startup funding (Venture Capital, Debt financing, private equity, angel investing etc), taxation, strategies, etc. He also has special focus on the protection of business or brands’ intellectual property rights ( such as trademark, patent or design) across Africa and other foreign jurisdictions.
He is well versed on issues of ESG (sustainability), media and entertainment law, corporate finance and governance.
He is also an award-winning writer

Nigeria’s Central Bank Raises Capital Requirements for Payment Solutions Service Providers $609,000

May 25, 2021

The Central Bank of Nigeria (CBN) has issued a new licence requirements for payment systems, increasing the minimum capital requirements for Payment Solutions Service Providers (PSSPs) to $609,000 (N250 million) from $ 243,767 (N100 million). The new framework also reviewed downward the capital requirements for licensing of Payment Solution Services (PSSs) to N100 million from N250 million

The Capital requirement for the Switching and Processing licence remains unchanged at N2 billion, including Mobile Money Operator licence, which was retained at N2 billion. Others include the capital requirements for the Payment Terminal Service Provider (PTSP) licence, which remains at N100 million. The Super Agent licence was also maintained at N50 million.

The apex bank in the statement announcing the upward review stated that eligibility for each license category was tied to any corporate entity registered by the Corporate Affairs Commission (CAC), with Memorandum and Article of Association (MEMART).

For switching and processing licence, documentary requirements under the new payment systems framework include a certificate of incorporation of the company, Memorandum and Articles of Association, Form CAC 2A (Return on Allotment of shares) and Form CAC 7A (Particulars of Directors).

Others are a tax clearance certificate for three years of the company (if applicable) and Taxpayer Identification Number (TIN) of the company; the company’s profile; detailing the current type of business operation, products and services.

Others are structure of holding company or parent company (if applicable), details of ownership: private/public; ultimate parent; any significant changes in ownership in the last two years, the total number of employees, organogram among a host of other requirements.

Part of the capital requirements for the mobile money operators are N2 billion shareholders’ funds unimpaired by losses, preceding three-years audited financial statements of the company (If applicable); and escrow of refundable N2 billion into CBN PSP Share Capital Deposit Account.

It added that the deposit for escrow must be in full (one lump sum) and must be made in the name of the company applying for a licence (not an individual or related company).

Also, escrowed funds are to be invested in treasury bills, subject to the availability of treasury instruments, which would be refunded accordingly.

Application and licensing for super agents also harped on-refundable application fee of N100,000.00 payable to the CBN.

It further stipulated that for the validity of the licence, there will be approval-in-principle for six months and commercial licence validity is as determined by the bank renewable upon satisfactory performance of operations as well as others, as advised from time to time.

Kelechi Deca

Kelechi Deca has over two decades of media experience, he has traveled to over 77 countries reporting on multilateral development institutions, international business, trade, travels, culture, and diplomacy. He is also a petrol head with in-depth knowledge of automobiles and the auto industry