Author: admin

In today’s digital age, the protection of personal data and sensitive information has become a critical concern for organisations operating in Nigeria. With the increasing amount of data being collected and stored, it’s essential for organisations to comply with regulations such as the Nigeria Data Protection Act (NDPA) to ensure the proper handling and protection of this information.

There are numerous benefits to data protection compliance, not just for the individuals whose information is being protected, but for the organisations themselves. Let’s take a closer look at these benefits.

Protection of Sensitive Information

The primary benefit of data protection compliance is the protection of sensitive information, such as personal data and financial information. This includes information such as names, addresses, National Identification Numbers, and credit card numbers. Compliance with data protection regulations, such as the NDPA, ensures that this information is properly secured and only accessed by authorized individuals.

Prevention of Costly Fines and Legal Penalties

Organisations that are not compliant with data protection regulations can face significant financial penalties, as well as damage to their reputation. The NDPA, signed into law in June 2023, empowers the Nigeria Data Protection Commission (NDPC) to impose fines of up to 2% of an organisation’s annual gross revenue or ₦10 million, whichever is higher, for non-compliance. Compliance with regulations such as the NDPA can help organisations avoid these penalties and protect their bottom line.

Building Trust and Credibility

Data protection compliance also helps organizations to build trust and credibility with customers, partners, and other stakeholders. When organisations demonstrate their commitment to protecting personal data and sensitive information, they can gain the trust and confidence of their customers and other stakeholders. This can lead to increased business and revenue opportunities.

Improved Management and Control of Information Flow

Compliance with data protection regulations also helps organizations to better manage and control the flow of information within their organization. This includes processes for collecting, storing, and sharing personal data, as well as for destroying data when it is no longer needed. Compliance with data protection regulations helps organisations to ensure that personal data is handled in a responsible and secure manner.

Penalties for Non-Compliance

Non-compliance with data protection regulations can have severe consequences. Beyond the immediate financial penalties, organisations may face long-term reputational damage and loss of customer trust. The NDPA emphasizes the importance of sustainable data management practices, ensuring that organisations not only comply with current regulations but also adopt forward-thinking strategies to protect data in the future.

Relevant Deadlines

Organisations must conduct annual data protection audits and submit their reports to the NDPC by March 15th of each year. Failure to meet these deadlines can result in additional penalties and increased scrutiny from regulatory bodies.

Stransact: Your Partner for Data Protection Compliance

At Stransact, we understand the importance of data protection and are dedicated to helping organisations achieve and maintain compliance with the NDPA. Our firm is certified by the Nigeria Data Protection Commission (NDPC) as a Data Protection Compliance Organisation (DPCO) and we perform compliance audits for firms to ensure their systems are secure and are protecting data adequately.

Our team of experts has the knowledge and experience necessary to guide organisations through the compliance process and ensure they meet all the requirements. We take the time to understand our client’s unique needs and tailor our services accordingly to provide the best possible outcome.

Contact Us

Contact us today to learn more about our compliance audit services and how we can help your organisation protect personal data and sensitive information. Our goal is to make the compliance process as smooth and stress-free as possible for our clients, so they can focus on growing their business. Send an email to [email protected]

Conclusion

Data protection compliance is essential for organizations operating in Nigeria. It protects sensitive information, prevents costly fines and legal penalties, builds trust and credibility with customers and stakeholders, and improves the management and control of information flow. At Stransact, we are committed to helping organizations achieve and maintain compliance with the NDPA and are ready to assist you with your compliance needs.

 

The Money Laundering (Prevention and Prohibition) Bill, 2022, signed into law by Former President Muhammadu Buhari, repealed the 2011 Money Laundering (Prohibition) Act.

According to section 1, the Act aims to enhance and strengthen Nigeria’s current legal and institutional framework for fighting and preventing money laundering. We will closely highlight the Act’s noteworthy provisions.

Virtual Assets

The Act includes provisions for virtual assets, which correspond to the growth of digital currencies such as Bitcoin, Ethereum, Solana, and more in the blockchain ecosystem. Section 30 of the Act defines virtual assets as `digital representations of value that can be digitally exchanged or transferred and utilized for payment or investment purposes,`  but excludes digital representations of fiat currencies, securities, and other financial assets.

Expansion of Financial institutions’ reach

One of the Act’s major highlights is the expansion of the definition of `financial institutions` to include virtual asset service providers, as well as `designated non-financial businesses and professions` to include businesses in the hospitality industry, dealers in mechanized farming equipment, farming equipment and machinery, dealers in precious metals and precious stones, dealers in real estate, estate developers, estate agents and brokers, high-value dealers, and molecular biologists.

 

Read More: Capital Gains, Crypto, and Compliance: Understanding SEC’s Incubation Programs and Tax Implications

 

Special Control Unit against Money Laundering (SCUML)

The statutory recognition of SCUML  which was established by the Federal Government in 2005 under the Federal Ministry of Industry, Trade, and Investment, is one of the Act’s milestones. SCUML collaborates closely with the Economic and Financial Crimes Commission (EFCC).

The SCUML is in charge of ensuring that non-designated financial enterprises and professions comply with the Act’s obligations.

Penalty for money laundering violations

Under the 2011 Act, individuals convicted of money laundering faced up to seven years imprisonment, a fine equivalent to the full proceeds of the crime, or both.

However, the 2022 Act makes such a person subject to imprisonment for at least four years or a fine of at least five times the amount of the proceeds of the crime, or both. Corporate bodies who commit money laundering offenses face a penalty of not less than five times the value of the profits.

Evaluating New Technologies and Business Strategies for Money Laundering Risks

Financial institutions, as well as non-designated businesses and professions, are required to detect and analyze money laundering and terrorism funding risks that may arise as a consequence of the development of new technology, business practices, and products. To carry out this commitment effectively, the relevant Institutions must conduct risk assessments and implement acceptable risk management and mitigation procedures.

Attorney-client confidentiality

Under Section 192 of the Evidence Act and Rule 19 of the Rules of Professional Conduct, 2007, attorney-client communications related to briefs or instructions are protected. As a result, such correspondence cannot be divulged by the attorney unless the client consents.

However, the Act states that attorney-client privilege does not apply to the following transactions: the purchase or sale of real estate, the purchase or sale of a business, the management of client money, securities, or assets, the opening or management of bank, savings, or securities accounts, the creation or management of trust companies or similar structures, or the proceeds of an unlawful act.

 

Read More: Financial Management Strategies for Sustainable Growth in Nigeria’s Oil and Gas Industry

 

Casinos

The Act mandates casinos to report financial transactions of customers to the Special Control Unit against Money Laundering (SCUML).

Persons with political influence

According to the Act, financial institutions and non-designated financial enterprises and professions must develop methods for identifying whether a client or a customer’s beneficiary is politically exposed.

Section 4(8) mandates financial institutions and non-financial businesses to follow specific protocols when dealing with foreign politically exposed persons (PEPs). These include obtaining senior management approval, identifying the source of income, and conducting ongoing monitoring of the relationship.

The foregoing requirements also apply to domestic politically exposed people with whom there is a high-risk business connection.

 

Read More: Comprehensive Review: Deduction of Tax at Source (Withholding) Regulations 2024

 

Customer identification

The Act requires financial and designated non-financial firms and professions to take reasonable steps to identify and authenticate their clients, as well as anybody claiming to act on their behalf.

International money, securities, and cash transfers

Section 3(1) of the Act states that any transfer of funds, securities, or cash in excess of $10,000 to or from a foreign country by a corporate body must be reported to the Central Bank of Nigeria, the Securities and Exchange Commission, and the Economic and Financial Crimes Commission within one day (the 2011 Act required such transfers to be reported within seven days).

Separate transaction execution:

Any single transaction in excess of N5,000,000 or its equivalent for individuals and N10,000,000 or its equivalent for corporate bodies must be reported to the Nigerian Financial Intelligence Unit and Special Control Unit against Money Laundering (`SCUML`) by financial institutions and designated non-financial businesses and professions. Section 30 of the Act defines `designated non-financial business and profession` as automotive dealers, hospitality businesses, casinos, clearing and settlement companies, consulting firms, real estate dealers, high value dealers, legal practitioners, licensed professional accountants, tax consultants, and so on.

It should be noted that Section 2(2) of the Act clearly forbids splitting a single transaction into two or more distinct transactions in order to avoid reporting such transaction. Prior to the Act’s passage, some people used transaction splitting to avoid reporting transactions that fell inside the specified monetary levels.

Conclusion

The Money Laundering (Prevention and Prohibition) Act, 2022, represents a significant step forward in Nigeria’s fight against money laundering and financial crimes. By addressing emerging trends such as virtual assets, expanding the scope of financial and non-financial institutions, and reinforcing compliance through stricter penalties and regulations, the Act strengthens the country’s legal and institutional framework for combating illicit activities.

Businesses and professionals must stay informed and compliant with these provisions to avoid penalties and contribute to a more transparent financial ecosystem. As Nigeria continues to align with global best practices, the implementation of this Act sets the foundation for a stronger, more secure economic environment.