CBN to initiate 72-hour refund rule for bank fraud victims

The Central Bank of Nigeria (CBN) has proposed new rules that could give bank customers faster access to refunds after falling victim to online fraud. Under the rule, victims of Authorised Push Payment (APP) fraud would have up to 72 hours to report incidents, after which banks must investigate and issue refunds within a set timeframe. 

This was revealed in a recent document, “Draft Guidelines for Handling Authorised Push Payment Fraud”, published by the CBN on Tuesday and signed by Rita I. Sike, director of the Financial Policy & Regulation Department.

“Any customer who is a victim of APP fraud is expected to, within 24 hours of the occurrence, report the incident to their financial institution using the designated channels. Notwithstanding this expectation, customers shall have up to an additional 48 hours to make such a report,” the draft reads.

According to the CBN, the draft guidelines were issued through a circular addressed to all banks, other financial institutions, public interest groups and the general public. It aims to foster its mandate of promoting a sound financial system in Nigeria by addressing the rising incidence of Authorised Push Payment fraud in the financial system for comments. 

“When finalised, the Guidelines would mandate all financial institutions to institute preventive measures as well as modalities for mitigating and managing APP fraud,” it added.

Read also: 16 banks have met the new CBN minimum capital base – Cardoso

The CBN noted that customers who fail to report an Authorised Push Payment (APP) fraud incident within 72 hours, and without reasonable justification, may not be entitled to reimbursement. 

It said “reasonable justification” could include circumstances beyond the customer’s control, such as illness, force majeure events, the time of becoming aware of the fraud, security constraints, or the unavailability of reporting channels. 

However, where internal control failures or staff negligence contributed to the fraud, financial institutions would still be obligated to provide refunds.

What does APP fraud mean to Nigerians?

According to the draft guidelines, Authorised Push Payment (APP) fraud means an act of persuading, influencing, or enticing an individual through deception, misrepresentation, or undue advantage to authorise or initiate a payment or transaction that results in financial loss or facilitates an APP fraud incident.

This can be seen as an inducement, coercion, or misleading of a user/customer into authorising a payment via WhatsApp, SMS, email, or any other communication channel to a third party’s account or wallet.

“Facilitation, negligence, or non-compliance by financial institutions, such as failure to act on red flags, weak Know Your Customer (KYC) or fraud controls, staff collusion, delayed resolution, and use of accounts for fraudulent purposes can also be called an APP fraud,” it added.

The CBN has ordered Banks and OFIs to establish reporting mechanisms that allow customers to report APP fraud incidents through designated channels, including customer service hotlines, email, mobile applications and in person at any branch.

The designated channels may include emails, SMS/USSD options, mobile applications, official social-media handles, and a toll-free service hotline, which shall support multiple languages. These channels shall be operational 24 hours a day, seven (7) days a week, while affected customers who report an incident shall be attended to within 72 hours.

“An account identified through transaction monitoring, investigation, or intelligence as exhibiting suspicious characteristics, unusual patterns, or behaviour commonly associated with fraudulent activities, thereby warranting enhanced scrutiny or temporary restriction pending further review,” the CBN said.

Read also: CBN retains interest rate at 27% amid push for economic recovery

What is the way forward?

The CBN has advised financial institutions to implement the Early Warning System (EWS) for the prevention and/or timely detection and mitigation of APP fraud. 

Such measures may include red flagging accounts on suspicion of fraudulent activities, behavioural monitoring, and documentation of EWS indicators such as accounts identified through fraud typologies, repeated complaints, unusual inflows/outflows, or previous involvement in fraud cases. These accounts shall be subjected to enhanced monitoring and/or restricted pending investigation.

“Financial institutions shall acknowledge receipt of the report within twenty-four (24) hours and issue a unique case reference number to the customer and a summary of the review process, including indicative timelines for resolution,” the draft stated.

However, the CBN may direct NIBSS or any relevant settlement entity to withhold settlement for the full value of any transaction identified as fraudulent. The full investigation shall be concluded within 14 working days, after which a clear decision shall be communicated to the customer. 

CBN noted that financial institutions must clearly communicate the outcome of the APP fraud investigations to the customer, stating whether reimbursement is approved or denied.

“Failure to initiate or conclude the investigation within the stipulated timelines without reasonable justification may constitute a breach of consumer protection obligations and attract appropriate regulatory sanctions,” it said.

Read also: How CBN’s Open Banking system will impact Nigerian fintechs: All you need to know