www.gosodipo.com  
   Home Feedback Search About Us    
   Services Partners Seminars News Publications Newsletters
Seminars    
         

THE LEGAL DIMENSION OF INFORMATION TECHNOLOGY AND THE BUSINESS

OF BANKING IN THE NEW MILLEN1UM: A FOCUS ON E.B., E-COMMERCE, ON-

LINE BANKING ETC*

 

INTRODUCTION

 Although hardly any banking act defines it in this parlance, the business of banking is basically about service delivery. Consequently, the introduction of facilities that enhance the delivery of banking services in a cost-effective manner is always a welcome development. This is what Information Technology offers.

With increasing competition in the market place, and several modes of delivery for banking products and services, channel management has become an important issue ', not only in retaining customer loyalty but maintaining and growing overall profitability.  Information Technology (1- T.) provides the platform to achieve both - anywhere in the world. The same is true in Nigeria. Though the introduction of I.T to me business of banking in Nigeria is barely a decade old, the fragility of our present legal framework to accommodate the myriads of complex situations and problems arising from the integration of I.T into delivery of banking services is fast becoming apparent.

In this paper, we will focus on the practical issues that arise from the adoption of I.T in the

banking business, primarily through a legal perspective.

This paper is divided into four parts, m part I, we will look briefly at the concept of I- T, Electronic Banking (E-B.) tracing the history of E. B. in Nigeria. Part 2 will examine the operational modalities of electronic banking - highlighting the practical issues arising therefrom.

The third part will analyse the highlighted issues within the confines of our legal framework, and finally, suggestion for reform as well as means of managing risks of conducting business on the internet will be prescribed in the last section.

PARTI

Information Technology (I.T)

I. T. in summary refers to any activity that uses information to fulfill its mission such as those activities whose primary job tasks involve acquiring, building , maintaining, operating and supporting the systems that collect and process information.2 It is the entire business of gathering, collating, analysing, transmitting and storing, recalling, accessing or in anyway dealing with or making I.T translates therefore to the use of computer system and telecommunication facilities in the conduct of operation whereby transaction initiation and execution are facilitated by technology-

* Paper delivered by Mr. Seye Kosoko at an International Conference on Electronic Commerce and Telecommunications in Nigeria on 26/9/2002

1. Balachandran/Guru - E.B. Developments in Malaysia: Prospects & problems (2000) J.I.B.L., Issue 10

2 Quality Assurance Manager's Handbook, Orlando, Florida: The Quality Assurance Institute, 1991.

In banks, IT contributes to faster execution of transactions through the integration of the front and back office functions, resulting in enhanced product and service delivery and ultimately increased transaction volumes.

electron ic Ranking (E.B.)

E.B. in the simplest of terms is the execution of banking transactions with electrically provided information. E. B. enables the execution of information based transactions between two or more parties using interconnected networks. This may be by magnetic tape, disc, telecommunication or wireless application protocol links. The terms E.B or Electronic funds Transfer (EFT) are used interchangeably and refer to the payment of a customer's instruction by electronic means. So long as the interbank communciation is by electronic means, me Funds Transfer (FT) will be classified as electronic. EFT eliminates the use of paper in effecting payment orders, replacing paper documents with electronic pulses which can be processed by computer.3

Electronic payments really have not much to do with money. What happens in EFT is that debts are transferred from one bank to another. The only connection with money is that the units in which the debts are denominated are real money units.4 EFT systems are primarily concerned with the management of information, i.e. the transmission of information between banks and the resulting change in bank records. The effect of an EFT between each banks and its customer is that there is a change in the respective indebtedness of the bank and the customer.

From the foregoing, it becomes apparent that IT and E.B. are inextricably linked and indeed E.B. may be properly described as a subset and offshoot of IT.

Types of E.K.

E.B. has evolved over the year from mere computerisation of customers' accounts and account information and Automated Teller Machines (ATM) which allows for deposit and withdrawals of cash and transfer of funds, to Telebanking which allows delivery of branch financial services via telecommunication devices where bank customers can perform retail banking transaction (with the exception of withdrawals) by dialing into a touch tone telephone or mobile communication unit, which is connected to a an automated system of the bank by utilising Automated Voice Response technology-^ A more recent innovation in the Nigerian E.B. terrain is the PC based banking. PC banking refers to the process of banking at home/office by subscribing to and dialing into a bank's intranet via a proprietary software system. PC banking makes it possible for computer literate customers who possess a PC and a modem to perform banking transactions from the comfort of their homes/offices.h Internet banking is the latest progression of E.B. in Nigeria. Internet banking does not require the use of any proprietary software, unlike in PC banking - only browsers are used. Banking on the net allows for two scenarios namely:

  Banks with an existing branch of networks offering financial services through the internet and

  Banks without any branches offering banking services through the internet (Virtual banking).

Internet banking still being at an embryonic state in Nigeria, the range of banking services that are offered via the net are largely limited- Whilst in the developed world, the services described above are offered by majority of banks, only few banks in Nigeria can honestly boast of E.B.

3 Lanre Ola Oluwa: Basic Lessons on Information Technology Law (1998) 2 MIL BQ 49 P. 50

' 0. Ajayi. Legal AspecLs of Electronic Banking in Nigeria - a paper delivered at ADCG Seminar on

Preventing Fraud in an Electronic Banking Environment - 20/2/98

5 Cititel from Citibank Nigeria, GTB also offers this service

6 Paylink, Citibanking on-line from Citibank Nigeria

services beyond computerisation of account information and branch interconnectivity. The few

banks who have exceeded this amongst the few banks which offer a wider variety of E.B.

products/services and products include provision ofATMs, debit cards, smart cards, PC banking,

telebanking and internet banking.

 

Apart from appalling basic infrastructure (notably electricity and telecommunications), other

factors which contribute to the low growth and acceptance of E.B. in Nigeria include the

reluctance to move away from traditional hard cash and general mistrust in our society and the

high level of illiteracy prevalent in the country as well as the present level of computer literacy

even amongst the literate.

 

Additionally, an enlightened customer considers three factors before submitting to a new

technology - convenience, minimal costs and maximum security, m promoting E.B. products

and services, Nigeria banks must be able to clearly demonstrate to the customers that these factors

have been diligently and practically addressed- Banks should also embark on enlightenment and

marketing drives which emphasise the availability, ease and advantages of E.B. services and

products. Finally, banks must ensure that the services are simple, easy, user-friendly and of

sufficiently high quality to ensure customer satisfaction.

 

PART 1] - Operational and Practical Issue Arising from E-B.

 

As mentioned above, what really happens in E.B. is a transfer of debts between the parties

involved by electronic means. , Banks (as well as customers) are therefore concerned that these

electro-communication are not only duly authorised and initiated, but that they have not been

repudiated or interfered with.

 

Due Authorisation cmd Verification

 

A key issue that arises from E.B. is that of the viability of the authorisation limitation of E.B.

transactions- Traditionally, customers authorise banks to execute transactions on their behalf via

documents which were duly executed/signed. With the advent of E.B- - Personal Identification

Numbers (P.I-NS), digital signatures, biometrics, dynamic signature analysis have replaced the

manual signature of customers.

 

How do banks verify electronic instructions? Who bears the risk of unauthorised instruction?

When funds are mistakenly transferred to the wrong account, is the beneficiary bound to return

same? Does the transferee have any rights against a recipient who converts such funds to his own

use, being fully aware of the wrong transfer? These arc part ofthe questions that arise from E.B.

 

Privacy/Confidentiality

 

Privacy issues also arise from E. B. E.B. transactions are not as anonymous as cash transactions

as details ofE. B. transactions can be recorded in a central data bank. Details ofthe customer's

identity will be recorded as they initiate transactions and since E.B- can be used to conduct a wide

variety of transactions, a record ofthe an individual's movements and purchasing habits can be

 

created. This is the more so with the use ofthe smart card technology.

 

Should customers be notified of or consent to potential uses and disclosure of information?

Other risks of breach of the banker's duty of confidentiality to its customers in an E.B. arena may

arise either from bank employees who obtain and misuse customer information or from outsiders

who obtain access into a bank's system by hacking into it?

 

Who bears the risk of me breach of privacy/confidentiality of the customer? Should there be a

rigid rule or should it depend on the circumstance of breach? What due diligence measures

should the bank have taken to minimise the occurrence of the risk?

 

Money Laundering

 

The ease with which electronic funds transfer can be used to facilitate money laundering has

serious implications for E. B. The good news though is that the transaction trail which E.B.

provides can assist the regulators track funds flow, setting up an audit trail which may discourage

the use of the financial system for such illicit activities.

 

Electronic Records

 

E.B. necessarily means that preservation and retention of transaction records will be by electronic

means- The mode of electronic record retention must therefore be such as allows the electronic

record remain accessible so as to be usable for subsequent reference, to be retained in its original

form or which accurately represents the original information and which allows for the retention of

the identification of (he origin, destination and the date and time for dispatch or receipt of the

electronic record.7

 

The requirement of various enactments8 on retention of banking records must be borne in mind in

preserving electronic rccords-

 

Computer and Other Electronically Generated Evidence

 

Following from the fact that records of E. B transactions must be stored electronically is the mode

of evidencing these transactions in the even of disputes arising from E.B. transactions. The issue

here is whether our rules of evidence recognise electronically generated evidence. Would a PIN

under the extant Nigerian law be described as a signature?9 Do our rules of evidence require

revision to accommodate the new concepts resulting from E.B. which arc unknown to our

substantive let alone adjectival law? These are some of the evolving problems that I. T - E.B.

pose to our present legal framework.

 

Negligence

 

Where E.B. involves the use of cards, the issuer must carefully address the issue of liability

arising fl-om the use of the card by the cardholder. This will be primarily a matter of contract. Of

course the cardholder will be liable for any authorised use of his card.

 

Can the cardholder be liable for the tort of negligence however? To establish negligence, the card

issuer must be able to establish the duty of care on the cardholder, foreseeability of damage

resulting from the cardholder's conduct, the carelessness of the cardholder and the causal

 

7 Fong. H-Commerce: A legislative Initiative in the Hong Kong SAR Vol. 15 Issues 3 JIBL 2000

s Money Laundering Act, 1995 - Section 7, Banks and Other Financial Institutions Act, 1991 - Section 24,

9 See generally, Osiha]0: "Problems of Proof Computer and Other Electronically Generated Hvidence in

Local and International Financial Transactions'" - published in International Finance & Kxtemal Debt

Management, Workshop papers of U NDP Conference on international Financial Transaction/Intcmal.ional

Banking, May 1991 P. 320-352.

connection between the cardholder's carelessness and the damages caused to the issuer10 The

burden of proving negligence falls on the issuer, which may not be easy to discharge -- especially

in proving the cardholder's carelessness. It is advisable to recover from a negligent cardholder in

contract rather than tort especially where contract terms are clear. An issuer negligent in

performing its obligations will also be liable to the cardholder. Where the issuer does not

properly verify customer's signature or authorisation instruction, the issuer will bear the brunt of

fraudulent transaction.

 

liability For Misuse

 

Common law principles of contract governs question of liability for misuse of charge and credit

cards. Where me misused token is a smart card or cheque card, additional consideration based on

agency principles apply. It may be argued that regardless of the terms on which the card is

issued, a bank is not entitled to debit its customer's account for an unauthorised transaction.11

The argument here is based on the allocation of risks connected with the use of smart. The better

view may be though, to pre-determine where the responsibility of risk will lie where the misuse

of the medium of exchange is as a result of the negligence or fault of the customer, the customer

will be responsible for loss resulting therefrom - e.g. where a cardholder fails to give notice of

the loss or misappropriation of the token. Wordings of smart/cheque card clauses may be tightly

worded to ensure that bank's liability is confined to payment on smart cards authorised by, or of

cheques signed by the real cardholder.

 

Taxation

 

i

 

The type of taxation applicable to E.B. transactions should also be considered- VAT is the most

pertinent, being a tax on me consumption of goods & services. Banks should take into account

the computation of VAT charging for E. B. transactions.

 

PART III - Legal Framework for EB in Nigeria

 

The first point to note here is that there are no legal regulations whatsoever relating to Electronic

Banking in Nigeria. The problems highlighted above have no solutions in our extant legal

dispensation. Even banks conducting E.B. transactions need no special permission to do so from

the CBN.

 

We can however suggest solutions to the problems highlighted based on the general principles of

contract, as well as prescribe guidelines for the development of Nigerian Law in this area.

 

Digital Signalure/PINS/Authentication of Electronic Signatures and Instructions

 

While fraudulent transactions resulting from misuse of these (signatures) can be practically and

technically guarded against by tight security and encryption mechanisms (such as public key

cryptography, biometrics, dynamic signature analysis), liability resulting from the misuse can

largely be regulated by contract. Players in the E.B. arena should clearly distribute responsibility

in the event ofcrystalization of this risk. E.B. being a relatively new terrain in Nigeria, customers

will lack the muscle to properly bargain advantageous contractual terms. As such it may be

prudent for regulators to wade in cautiously to protect the customer. Contract terms may however

 

10 I.T.A.V. Amrani (1994)3 NWLR (Pt 331)P 300, Wmfield & Jolowiczon Tort (14th Edition) p.78

'] 0. Ajayi Op cit I .cgal aspects of Electronic Banking et al ...... Op. oil

specify that Banks receiving an electronic message arc authorised to accept any properly

authenticated message which purportedly emanates from the sender, and may act on it without

making any enqury aboul the circumstances of the instruction.''

 

Privacy/Confidentiality                                           i

 

Conflicts which may ensue from privacy and confidentiality issues can also be curtailed by

conn-actual provision expressly obtaining the customer's consent to disclosure of information to

third parties. The scope of the disclosure should be clearly defmed however, in order to achieve

balance and not entirely remove the confidentiality foundation of the banker - customer

relationship.

 

Money laundering

 

Whilst parties may expressly agree not to use E.B. facilities to aid laundering activities, the

current Money Laundering Act (MLA) place reporting and know your customers obligations on

financial institutions - which should be adhered to in the conduct of their business, the manner of

 

service/product delivery not withstanding. With smartcards, transaction trails can be recorded

electronically and this will also assist the regulators in monitoring laundering-!'

 

Electronic Record & Electronically Generated Evidence

 

Modifications are necessary to our present law of evidence to accommodate both electronic

 

records and electronically, generated evidence- Even the MLA must be interpreted to include

electronic records when it prescribes the length of time records must be preserved under the Act.

 

On electronically/computer generated evidence, courts would do well to interpret our present

laws so as to accommodate the new concepts arising from E.B. The courts should be willing to

accept me evidence of use of a PIN as raising a presumption that the cardholder authorised the

transaction- The courts may also take judicial notice of computerised system of keeping accounts

in the commercial and banking sectors in Nigeria14 In Anyeabosi V- R. T. Briscoe15 , the

Supreme court admitted a computer print out as secondary evidence under section 97(i)(d)(g) of

the evidence Act.

 

Negligence and Liability For Misuse

 

The contracts regulating the E. B. transactions should plainly determine responsibility and

remedies in the event of negligence. Nigeria, not being subject to any equivalent of the Unfair

Contract Terms Act of 1977, banks here may provide elaborately for exclusion of liability in

 

certain situations and the distribution of responsibility under various scenarios.

 

12 Clive Freedman: H-Commerce - the U.K's Draft Electronic Commerce Bill - (1999)

J.B.L. Issue 12.

 

13 Sections 2,6(2), 6(2) & 10(i) - Money Laundering Act, 1995

 

14 See Ogolo v 1MB (1996) NWLR (P 419) P 314 al 32%- See S.74 Evidence Act Cap 112,1990. Note

that in the three levels of our superior courts of record-courts here have accepted computer generated

evidence - See Anyeabosi V. R. J. Briscoe and Kate Enterprises v. Daewoo (1985) 2 NWLR (P 5)P 116.

 

15 (1987) 13 NWLR (Pt 59) p 84

Jurisdiction and Choice of Law Issues

 

These should be clearly addressed in advance by contract to avoid uncertainty. This is not so in

the case ofTortious liability. Since E.B. especially internet, banking is available to a wide variety

of persons across varying jurisdictions, each jurisdiction will apply its own rules for determining

the applicable law of tort.

 

Regulatory Supervision of E.B.

 

What role should the CBN play in regulating E.B.? What permission should a bank which wishes

to use E.B. as a service delivery mode obtain before proceeding? What new laws need to be

introduced? What new crimes must be defined?

 

It is arguable whether the private sector should be the chief decision maker as regards policy and

operational issues of E.B- and that the Government should only intervene when there is clear

evidence of market failure or deficiencies.1([

 

In Nigeria today, strictly speaking, CBN approval is not even required to launch E.B. products or

services. Mere notification prior to lake off of the product/services is sufficient.17 Taking into

consideration, the complexities of E.B. transactions which are still evolving daily, we suggest that

informed attention should be paid more closely to E-B. by our regulators. However, given the

global nature of E.B., the internet will need to be regulated through international rather then

purely territorial means18. It js in view of this that a light interventionist approach of regulation is

suggested- Regulators should at the very least be concerned with the security of online banking19.

In coming up with regulations/guidelines for E.B., study groups/committees should be formed,

commissioned with studying the growth of E.B. in Nigeria and charting a course forward for a

practical regulatory regime.

 

In charting a course for the development of the law in respect of E.B. in Nigeria, the following

principles should undcrgird the evolution of relevant laws:

 

  Ensuring that business people/customers can choose whether to do business through the use

of paper documentation or by electronic means without any avoidable uncertainty arising out

of the use of electronic means of communication.

 

Ensuring that the fundamental principles underlying the law of contract and tort remain

untouched save to the extent that adaptation is required to meet the needs of electronic

commerce.

 

  Ensuring that any laws which are enacted to adapt the law of contract or the law of torts to the

use of electronic commerce are expressed in a technologically neutral manner so that changes

to the law are not restricted to existing technology and can equally apply to technology yet to

be invented.

 

16 Jason Chuah: The New EU Directives to regulate electronic Money Institutions (2000) JIBL - Issue 8.

 

17 CBN Circular Ref. No. BSD/CR/8/98 on Guidelines for the Introduction of New Financial Products and

Advertisements by Deposit Taking Financial Institutions of 23/3/2000.

 

18 Sawyer; Electronic Transactions B.U for New Zealand (Part I) [2000] J. I.B.L. issue 10

 

19 Fong: E-Commerce: A legislature Initiative in the Hong Kong SAR op Cit.

 

Freshfields: Don't get caught in the internet: Know your liabilities - July 2000 publication at

 

http\\ :www. freshfields. corn

  Ensuring compatibility between principles of domestic and private international law as

applied in Nigeria and those applied by the country's major trading partners.

 

Further, the following questions need to be addressed in respect of banking law and taxation:

 

  Is there any need lo control the issue and use of electronic money? (e.g. smartcard).

 

  What form of registration should issuers of electronic money undergo?

 

   Is special legislation necessary to prevent money laundering in an E.B./e-commerce arena, or

to protect consumers from an issuer's default?

 

Is there any need to be concerned about the international movement of electronic money?

 

What (if any) are the legal or economic implications arising from allowing "electronic money

issued in one country to be redeemed in another?

 

Should banking issues be addressed by our law reform commissions or CBN or both?

 

  Are any further steps beyond redefining "writing" and "signature" to include electronic

equivalents, necessary to facilitate paperless international transactions?

 

  Is there a case for special rules for taxation of electronic transactions? Should these issues be

addressed by the Law Reform Commissions or FBIR or both?

 

Is there a need for a revision of our criminal codes to accommodate computer related crimes?

 

The answers to these questions will doubtless go a long way to create a balanced regulatory

environment for the operation ofE.B. in Nigeria.

 

E-Commerce

 

A cursory look at the legal issues generally arising from conducting business on the internet is

necessary before concluding our discussion. The key potential liabilities for conducting business

on the net are summarised below:

 

(a)     Contractual Liability

 

Unwanted contractual obligation may arise where service providers/suppliers are not in

control of the acceptance process. A prescribed method of acceptance should be defined

to avoid uncertainty. Additionally, e-suppliers need to be aware of the steps to be taken

to ensure effective incorporation of the e-suppliers terms and conditions. Care should be

taken with disclaimers of liability, jurisdiction and choice of law clauses and arbitration

agreements on websites and in e-contracts.

 

(b)     Tortious Liability

 

E-suppliers may also be exposed to tortious liabilities arising from materials placed on

their web sites - e.g. fraud by an employee in the scope of his authority,

misrepresentation, negligent, misstatement and defamation.

 

(c)    Jurisdiction and Choice of Law for Torts

 

Whilst the jurisdiction and choice of law for resolution of disputes arising under contract

can be prescribed clearly in advance, this is not so in the event of tortious liability. Each

jurisdiction will apply its own rules for determining the law to be applied to torts.

Determining the applicable law gives rise to uncertainty if there are number of competing

jurisdictions in which one or more elements of the tort may have taken place. Each case

 

20 These arc the guiding principles upon which the New Zealand Commission to analysis of developing e-

commerce regulations were based. See Sawyer - Supra. See also N.2 Law Commission Report 50:

 

Electronic Commerce Fart One : A Guide for the legal & Business Community (Oct. 1998) available at

Http://sss,lawcom.govt.nz/ECOMM/RSOCon.htm.

is likely to turn on its own particular facts. The law of the country which has the most

significant relationship with the tort and the parties may however be applied.

 

(d) Defamation

 

E-suppliers are likely to be liable for defamatory materials written, edited or published on

 

their website. Defamation, being a tort, the law applicable in determining the occurrence

of the tort will determine the defences available to a defendant.

 

(e)    Hyperlinks

 

The risk exists that websites owners providing links to other sites may be held liable for

 

the contents of linked sites. An action for negligent misstatement may be brought on the

basis that the existence of a link on the linking website gave rise to a representation that

the contents of the website were true and reliable. A claimant may have difficulty though

in establishing the necessary duly of care, and that the claimant's reliance was reasonable

and caused the loss complained of.

 

(0     Criminal Liability

 

Issues of what amount to crime on the net and the relevant criminal jurisdiction will

depend on the activity of, and jurisdiction where relevant elements of the offence

occurred. E-suppliers may also fmd themselves victims ofcybercrime which may result

in civil liability in negligence - e.g. include spoofing, data theft, defacing etc.

 

Managing the risk of doing business in the internet

General Contract Terms and Website Design

 

Most risks can be managed by drafting appropriate terms and conditions for the use of a website

and for any e-contract that is made. In designing their websites and drafting terms and conditions

- appropriate terms setting out the relevant information required concerning the e-supplier and

the contract and clear rules as to when the contract will be considered to be concluded and

contractual obligations arising from the contract should be defmed. Liability should be limited

and excluded as desired and all other relevant terms should be specified. The design of the

website must ensure that the terms and conditions for operation of the site and any c-contract

arising from the operation of the website are effectively incorporated e.g. by use of prominent

hyperiinks.

 

Jurisdiction and Choice of Law Clauses

 

E-suppliers should lake steps to limit the jurisdiction in which they can be sued by incorporating

an effective jurisdiction clause into c-contracts. Although the extent to which choice of law

clauses will apply to non-contractual clauses is uncertain, these clauses should be drafted to

widely cover non-contractual disputes.

 

Restricting Access

 

To avoid liability for contravention of criminal law or regulations in certain jurisdictions, e-

suppliers may consider limiting website access from those jurisdictions. A home page may, for

instance, require the person accessing the website to state the jurisdiction from which they are assessing the site. Unwanted jurisdictions can therefore be screened out assuming that people are

honest about their location.

 

Third Party Material

 

Where c-supphers are notified that third party material on parts of the web for which they are

 

responsible contains harmful material, they should initiate a review as soon as possible. Linking

website owners may also consider obtaining indemnities from linked websitc owners for any loss

suffered as a consequence of me contents of the linked site.

 

Website Security

 

Potential claims may be avoided by reviewing security architecture - e.g. the use of firewalls and

encryption.

 

Alternative Dispute Resolution (APR.)

 

ADR techniques can be used to resolve disputes arising from the use of a web-site or out of an e-

contract. As an alternative, arbitration may be used as a speedy and effective dispute resolution

system. For an on-line arbitration agreement to be valid, there must be agreement between the

parties which should ideally from part of the contractual terms and conditions.

 

CONCLUSION

 

I have attempted to present an overview of primarily legal issues arising from the conduct ofE.B.

and doing business on the internet. Whilst this is not an exhaustive review of problems relating to

this aspect of the law, it is hoped that the issues highlighted and solutions proffered will assist in

 

navigating the uncharted course ofE.B. and e-commerce in Nigeria.

 

10

 

 

 
Send mail to a.dosumu@gosodipo.com with questions or comments about this web site.
Last modified: December 19, 2005

designed & built by: Henry Nwachukwu

e-mail: henrynwachukwu1@yahoo.com