Category: Business

Read Adedeji Olowe’s take on business, business models, and other transformational topics about business in Nigeria, Africa, and the world.

Transforming Payments in Nigeria with Open Banking

This is the email that birthed Open Banking Nigeria. Sent just 2 minutes to midnight on June 1, 2017. Sent to those unfortunate to be my friends and so, are subjected to never-ending streams of half-baked ideas and utter madness.

It’s a very long read, so be warned!

****************************************

Good evening everyone,

At one time or the other, we all heard about how payments would be the next big deal. We have heard of big data, APIs, yeti, abominable snowman and all the rest. Unfortunately, many ideas, companies, and committees have been long on intentions but short on execution.

All of us in this email thread know what APIs can do and how payments can transform the lives of our customers, the fortunes of our companies and improve trade and transactions in the country.

However, things are not the way they should be: APIs are hard to get; tough to implement and even more difficult to integrate with.

The Challenge

There are many sides to this problem:

For the average Nigerian bank, many FinTechs are knocking on the door requesting APIs to do basic things such as payments, validating data, collections, etc. Many are developing custom APIs which don’t scale to other implementations. Keeping track of who is connected to what is a challenge. Monetization is a difficulty.

For FinTechs, (I suffered this over the last few months), convincing banks to allow connectivity is met with apathy, distrust, and unbearable burden. Each bank comes with custom integration methods and codes. Many banks never allow connectivity, so the world-changing solution dies when the Xth bank joins, two years after.

For risk managers, (you know yourselves!) the new craze of FinTechs, apps, and services is a disaster waiting to happen. The surface area for which a breach can occur expands with every new connection, and nevertheless, the product managers are blaming risk + control managers for being cogs in the wheel of progress.

The CIO that wants to implement a robust ESB solution, which adequately caters for different external applications connecting with core banking solution, is faced with complicated software that is expensive to buy, implement, support and integrate. By the way, nobody else in the industry knows how the software works and so when the smart cookie who runs it resigns, the solution is abandoned after two years of never-ending implementation.

So what is the Way Forward?

I have faced this problem in almost all the dimensions possible. However, my current experience in FinTech and as an outsider looking into banking has shown me how crippling this is for banks, FinTechs, risk managers, CIOs, etc.

However, my broad experience has also demonstrated that we stand, as a country, at a junction by which this problem can be solved simply, cheaply and everyone would be a winner.

It would be an open-source, non-partisan API standard for banks and other OFIs.

Why not PSD2 or Open Banking Project (UK)

The problems banks and FinTechs currently face also plaguing everyone in Europe, and they consequently came up with EU Government backed PSD2 and industry-led Open Banking.

Ordinarily, it would have been easy to fork their project for Nigerian banks. Unfortunately, their implementation could be expensive, complicated and time-consuming for anyone to implement.

Developing what works for our environment, regulation, our level of technical maturity, etc. may have a greater chance of success than wholesale adoption of international standards.

However, references would be made to international best practices where and when it suits the local objectives.

Problems the Open API Should Solve

This initiative should solve practical problems of payment interconnectivity for different industry player:

Banks: A non-proprietary API infrastructure which any of the FinTech and other partners can connect with simply and securely. It would be easy also to monetize the connections, set limits and enforce transaction integrity

FinTechs: With every bank adopting the interface, connecting to each would be a breeze. They can focus on building amazing solutions without wasting time and effort convincing each bank for connectivity and also developing extensive custom codes for each

Risk Managers: With a single doorway that provide a consistent interface and means for managing external integrators, risks can be reduced, and threats can be easily seen and controlled

Product Managers: FinTechs are not foes but friends who can multiply a bank’s transactions and together bring new sources of revenue, especially in the new regime of low transaction fees

Industry: The Open APIs will also provide a level playing field for everyone which ultimately allows innovation to grow while preventing bigger players from stifling others because of legacy connectivities and platforms

The Open Banking API Tenets

  • Non-partisan
    It will not favor any company, groups or sector over another. Contributions shall be accepted from everyone
  • Open and free for anyone to use
    The standard shall be free for anyone to use
  • Technology agnostic
    While the interface would be standard driven, how each bank, OFI, etc. choose to implement would not be dictated
  • Simple to implement
    It would favor simplicity over gimmicks or exoteric functionalities
  • Secure
    Security would be inbuilt from grounds up to engender confidence by companies, regulators, and other stakeholders

Starting Up

While the API standard would be open and free for anyone able to contribute, we all know that it has to start with something and with some people. Each of you receiving this email has been previously approached and selected for various reasons and skill set.

A draft document outlining objectives, design, and API definitions would be developed and released for additional inputs. The final document would be robust enough to be presented to the general public for adoption.

Key areas that need help would be for API design, security, scalability and regulatory.

Conclusion

It has been a long email and thanks for reading this far. Questions, comments and other contributions are welcomed.

Best regards, 

Adédèjì Ọlọ́wẹ̀
www.dejiolowe.com

Customer experience is everything: How GTBank catalyzed the explosion of digital payments in Nigeria

Everyone who has played a role in payments in Nigeria can attest to the fact that the current upswing in the adoption of digital payments started around the middle of 2014 when the trio of GTBank, Fidelity, and Zenith Banks pushed out their USSD banking products.

Consequently, the number of us going to banking halls to do transactions has been falling each day precipitously. The 2017 KPMG BICSS showed that mobile banking penetration In Nigeria jumped from 20% coverage in 2015 to a vertigo-inducing 48% in 2017.

Some people, including those who talked to KPMG, call USSD Banking Mobile banking but then who cares? If customers can use a service to meet their payment and financial needs, Hallelujah!

Many reasons have been given for the sudden rise. Many experts and thought leaders (whatever that means) have adduced this as evidence of innovations from banks and Fintechs. Others feel it’s a natural progression of things.
Armchair pundits, especially my humble self, think that the ubiquity of USSD, the simplicity of use and the cost of access were significant factors for the transformation. And em, cough, the branding, and money GTBank poured behind *737# Simple Banking ensured that even the dead heard about it. It was a winner from day one.

Some even feel because of the biting and nasty recessions, tellers and customer service officers earn less to buy makeups. Nobody wants to waste money on a trip to banks just to see ugly girls. I digress.

But I was wrong. Or maybe not 100% wrong.

I was fortunate to have been a part of this game for the last five years, but I now have a contrary opinion of what made the change to happen. While I would give credence to the value of innovation in payments and other digital thingamajigs, the fundamental products being pushed weren’t inherently new (many apps wear pretty faces though with poorly applied lipsticks).
The most significant reason has been the customer experience when getting on with the services.

I have spent my life railing against sadistic banking processes that prioritizes “Control and Compliance” over customer experience. Get me right; I’m a stickler for control, processes and risk management. But many of our control and compliance procedures appear to provide cover while in fact, they hurt customer acquisition and when the real attacks come, they can’t even cover the banks’ backsides.
So how did this happen?

Before 2014, most services by banks require a visit to a branch, completing a form and hoping it gets done on the system. Usually, your password never gets to you, and the processes were just full of pain and misery.
GTBank led the pack by daring the gods of control and compliance. They designed the USSD banking process to have you input your bank account and then use your last four digits of your card number as the PIN. It was daring, maybe a little foolish but it was groundbreaking regarding customer experience.

Signups exploded. The market noticed.
Luckily the transaction types were simple, and transaction limits were truly limited. Being able to get on a digital service without worshiping an idol at the local branch was a boon.

How GTBank influenced digital payments
The rapid and immediate success of GTBank’s *737# Simple Banking made it difficult for other banks to offer something “more secure” for the onboarding process and their approach was a justification for hapless product managers to force approval of comparable products at the copycat banks. At Fidelity Bank, my “village” sense wouldn’t allow me to implement last four digits of PAN though; we settled for good ‘ole PINs.

One of the large banks waited years before launching their USSD Banking because of “risk,” but in the end, the market forced their hands to do self-service USSD and live with the risks. Unfortunately, they lost out on the massive income they could have made between 2014 and 2016.

Alat is transforming the next wave
Wema Bank, despite facing branding and perception headwinds, launched Alat Digital Bank into the market last year (2017). The Naysayers are already adding pepper and sauce to their words in anticipation of making a meal out of them – the service has been very successful. Unconfirmed figures point to about 200K users in 8 months with deposit north of N1B.
The curious thing is, Alat offers nothing more than a standard savings account with 10% interest but with everyone broke in Lagos, that can’t be the most important reason.

What Alat has done well is the ease at which anyone can open a full-fledged Tier 3 account and even have the debit card delivered (free as of the time I did mine) without touching a sheet of paper or visit a bank branch.

That ease and experience are what the other banks, who started online account opening a million years before Alat/Wema Bank, have not been able to pull off. Ask any bank how many accounts get opened online, you will be very embarrassed for their CEOs.

There are bears in the wood
I would be very foolish to say that there are no risks to self-service in banking. Banks and hapless customers get shafted by the day, and a bank that isn’t vigilant could get cleaned out.
However, the smart banks have figured out that a well-designed process flow and fraud monitoring can thwart an average fraudster. Even with SIM cloning, the most dangerous digital evil on the prowl, customers can be easily protected when intelligent backend analytics are applied to customer transactional behaviors.

Fraudsters count on banks and FinTechs not talking. It’s killing digital payments!

Fraud plagues Nigerian online transactions. Nigeria lacks centralized fraud prevention services, with the recent CBN watchlist being limited. A global fraud repository could aid but requires robust risk management and quality assurance. Collaboration is vital to combat fraud and ensure a safer digital environment.

Electronic fraud is a significant reason why many Africans especially Nigerians, including highly educated middle-class, don’t want to do transactions online or use digital products. While a lot is being done with efforts such as Two Factor Authentication, customer opt-ins, etc., frauds still go on because banks and payment providers don’t share information with each other.
Fraudsters are still having a field day because of one thing – evil thrives in darkness.
Recently one of my friends running a payment company called to find out what we could do to some people who did fraud on his platform. As a matter of practicality, I told him nothing.
Think about it, what if he went to the police? Unless the fraudsters were so brazenly sloppy, the Police probably can’t investigate to catch them. He will spend the next few months going back and forth like a poorly installed pendulum, some random arrests could be made, but in the end, just like others, nothing would happen.
So, he did what every payment company or bank has been doing since – improved his systems, licked his wounds clean and moved on with life. I’m dead sure he’s silently cursing them under his breath.
But my gut feelings told me these bad guys didn’t just start with him – they have been on this less than illusory career for long. And that is the crux of the matter.
In South Africa, the banks, payment providers, and just everyone came around to form the SAFPS (Southern African Fraud Prevention Service). If you did a bad thing and your name strolls into their list, trust me, your transactions will continue to fail, but you will know why.
International internet service providers also use large crowd-sourced databases of spammers (SPAMHAUS) where source IP addresses and domain names of spammers are logged. If you spam and your name goes there, your emails will never be delivered again (to those who use the database for filtering spams). Major companies in Nigeria, including almost all banks, use SPAMHAUS to protect their email infrastructure.
So why don’t we have the same thing in Nigeria? I am very sure if my friend had a service he could check transactions against, the boys who scalped him may have been stopped from getting their loot. And let’s say he was their first port of call, if he reports them, they won’t be able to hurt anyone again.
The Central Bank of Nigeria (CBN) and Nigeria Electronic Fraud Forum (NEFF) did the right thing recently when the CBN watchlist was inaugurated. My banks have been sending me warning messages not to misbehave because if my name should enter that list, my own don do.
This list is limited to only banks and BVNs alone. However, we know that fraud surface area covers extend to emails, phones (those spammy BVN update alerts), IP addresses, etc. Another challenge is that many frauds happen on platforms beyond banks. For example, fraudsters routinely log into wallet systems to defraud hapless customers.
A centralized global repository of fraud information, accessible and non-partisan would go a long way to instill confidence, and just allow everyone to snore longer at night. The cost of transaction also goes down as cost attributable to fraud losses would not be overlaid on transaction fees anymore. However, without this repository and other means of squelching fraud, innovations from smart Fintechs may never reach that critical level as payers will always be frightened to go online.
If they could pull this off in South Africa, why not Nigeria? It would be to everyone’s benefit to collaborate and crowdsource information.
Nevertheless, crowdsourced fraud information comes with risks as well. What do I do if a payment provider maliciously put my name on that list and my transactions get flagged? What if someone takes them to court and asks for $1B damages for failed transactions?
A shared repository of fraud information doesn’t remove the requirements for proper risk management – which much FinTechs lack. I mean, risk management is as boring as hell, no place in the awesome sexiness of a startup. True? False! Adhering to regulations, PCI-DSS, ensuring that changes follow maker/checker processes, logging everything that moves, encryption, hashing before and after changes, etc. guarantees your neurons are used for product development, not recovery efforts.
You can’t underestimate the need for testing. Quality assurance is another major area of lack for Fintechs and this is probably responsible for 70% of the holes that the fraud lizards crawl through. Beyond normal happy path, regression, a double-blind ethical hacking can pinpoint gaps that need plugging.
Beyond all these, collaboration and information sharing will go a long way to keep the bad boys at bay; Christmas is around the corner, and everyone wants to hammer.

Where are these 37 Million Ghostpreneurs in Nigeria?

The ongoing revolution in payments, automated credits, and self-service onboarding that have fueled massive growth in digital banking over the last 3 years seems to have largely overlooked the Nigerian Micro, Small and Medium Enterprises (MSME) sector. Forget whatever anyone says, the small business owners have been left behind.  Who did they offend?
At a recent event, I touted the numbers from SMEDAN that Nigeria had, as of 2013, 37,067,416 MSMEs, someone almost stoned me with her stiletto (with wicked looking pointies that could be deemed a weapon of personal destruction) because the numbers just didn’t look real.
Or are they Ghostpreneurs?
The numbers didn’t add up for me as well. Where are these companies or micro-enterprises? Finding them is hard. I mean, every bank will tell you that 7% or less of its accounts belong to non-individuals. When you look at NIBSS June 2017 figures, corporate accounts are just 6.5M out of the 98M accounts strewn across 20+ Nigerian banks. And the 98M accounts belong to about 26.5M accounts which average about 3+ accounts per individual. And by the way, over 98% of account holders have accounts with more than one bank.
Something doesn’t add up.
Of course, it was easy to see. Many of the MSMEs run their businesses with their personal accounts, so they are probably not Ghostpreneurs. So Sisi Clara Cake and Thingz, Baba Bisi Furniture Works probably run off their personal accounts with Bank A and B. Would you have thought they love it that way? Maybe not.
Until recently, opening a personal account in Nigeria was one of those rites of passage where you must pull a tooth with rusty pliers, by yourself and without anesthetics. Calling it painful and sadistic would be an exercise in understatement. The good thing is that over the last 2 years, the self-service revolution has extended from digital services to account opening.
At first, banks streamlined their account opening packages, so you won’t have to write GMAT essays just to open your Savings Account and then naturally progressed to opening accounts online. Now, practically all forward-looking banks allow you to open accounts online or via USSD. Unfortunately, what you get is a basic Tier 1 account and to upgrade to a proper account you can live with, a trip to the bank branch is still required. Alat by Wema has done a good job though – you get to open a proper account 100% online, and even your debit card is ferried to your shanty free of charge. I hope others see the light!
However, opening a business account is still an exercise in morbid self-flagellation; no bank seems to get it right. They ask you for all types of documentation, like what tribal mark your dead great grandmother had (you never met her!). They require random documents from fledgling entrepreneurs, who can barely put together their business plans. Many of these documents require pilgrimages to dens of government agencies. Ultimately, unless that account is critical, most entrepreneurs use their personal accounts to run their side gigs.
Think about it, have you ever paid your friend that does small chops as side hustle via her company account?
The lack of ease to open a business account has been a lose-lose-lose for every single stakeholder.
Not having a business account, in the company name, means a small business will never be able to scale. I mean, do you think Shell or Mobil will give you a small supply contract with a personal account? Absolutely not. Furthermore, by the time the small business eke out some semblance of progress and a business account is opened, the company is locked out of valuable business loans because the new account would not have the financial history that has been lost to the founder’s account.
The efforts of different banks, especially Diamond and Fidelity Banks (Disclosure: I worked at Fidelity Bank), would continue to be hampered if the ease of business account opening is not addressed.
The government also loses because taxes are lost when revenues for companies are sunk into individual accounts. The government is also not able to have data to track the performance of MSME initiatives, and they are not able to drive grants to sectors in dire need of one (I dey try myself, I know!)
What the MSMEs need today is a bank, beyond the rhetoric and adverts, which can automate the account opening processes. If an individual does not need to worship at a bank branch to open accounts same should also be extended to MSMEs. A startup should be able to start the process, upload all documentation and have an account opened within minutes or hours at most. There are APIs, tools and other offline services available banks to authenticate almost all documentation required for business account opening. Each director or signatory in the account would also be part of the process and can be validated as well.
I honestly believe this would happen as soon as the market for individual digital payments reaches maturity. However, between now and then, the first banks to streamline this process may have a lockdown on MSME business accounts.