What you need to know about Nigeria's Cybercrimes Act

Episode 223 May 09, 2024 00:54:12
What you need to know about Nigeria's Cybercrimes Act
Techpoint Africa Podcast
What you need to know about Nigeria's Cybercrimes Act

May 09 2024 | 00:54:12


Hosted By

Chimgozirim Nwokoma Oluwanifemi Kolawole Bolu Abiodun

Show Notes

Today on the podcast, we welcome a familiar face, Omoruyi Edoigiawerie, Startup Attorney and Chief Servant, E & C Legal. He joins our hosts as we discuss:
  • Nigeria's about-to-be-implemented cybersecurity levy
  • Nigerian PoS agents registering with the CAC
  • The latest update on the Patricia hack

Did you know? Nigeria deploys 74,000 new Point of Sale terminals on average each month. Find out more here

Subscribe to The Modern Workplace/Equity Merchants/Techpoint Digest/ and  Intelpoint's newsletter/ 
00:00 - Intro
02:40 - Nigeria's cybersecurity levy
28:01 - Nigerian PoS agents to register with CAC
37:22 - Update on the Patricia saga
Useful links
This episode was produced by Ogheneruemu Oneyibo and Crystal-Agnes Joseph
Email us your feedback at podcast@techpoint.africa. Visit www.techpoint.africa/ for more stories.
Music - Beach by MBB -
Find us on Twitter, Facebook, Instagram, and TikTok @TechpointAfrica
View Full Transcript

Episode Transcript

[00:00:00] Speaker A: When you talk about the Cybercrime act, what are you talking about? The act is supposed, you know, is enacted to ensure the prevention, detection, prosecution, and punishment of cybercrimes in Nigeria. It is enacted to ensure the protection of critical national information infrastructure, promote cyber security and protect computer systems and networks, protect data and the intellectual property rights of. Of Internet users. [00:00:33] Speaker B: Hello, everyone. Welcome back to the Tech Point Africa podcast. Today we'll be discussing nigerian businesses being mandated to pay 0.5% tax called the Cyber Security Levy, and also the Corporate Affairs Commission's directive for PoS businesses to be registered or incorporated before July 7. We also give you an update on Patricia's case. Was it a mismanagement or the outcome of an irreversible act? So, my name is Oluwanifele, and I'm your host on today's episode of Tech Points Africa podcast. [00:01:19] Speaker C: With me in the studio is Chimgo's room and Bolu. [00:01:24] Speaker B: And for today's story to give more insight for these stories, we'll also be joined in the studio, virtually by Omari. Omari is becoming a frequent face on this podcast, and I love it. Omari is the CEO of E and C. Um, legal. Uh, okay, let's get to the conversation immediately. Omar. Aye, aye. Sorry. Please, can you say hi to our listeners who is waving both ants? If you are listening to this on as audio. Yes. Um, let's quickly get to this. Two days ago, um, there was a directive expecting all telecommunication companies, um, financial institutions, Nigeria stock Exchange, and a few other businesses to pay 0.5% cybersecurity levy as part of what is expected by cybersecurity act in Nigeria. And I want to talk about the levy and touch on a few other provisions in that act that is affecting businesses. So where do we start? So, I think a good place to start is talk about the levy. Then we talk about the National Cybersecurity Fund and also the act. I'm not talking to you, chimgozin, because you're looking at him as if I want to ask you a question. Please, can you just fill us in on the requirements of this act? Touching more on the levy. That is causing a lot of bro haha on the Internet. [00:03:08] Speaker A: So here's the thing. Let's look at what does the law say? There's a Cyber crime act. First of all, this law has been there since 2015, so it's not a 2024 legislation. The 2024 act only just amended the 2015 act, and this clause has even been there since 2015. So 2024 only just made a little modification because what was in the 2015 act was just 0.005. It wasn't clear whether that was percentage or decimal. But the 2024 act now amended that, you know, to say 0.5% or 0.005 in decimal. And what the act says, right. Is that electronic transactions will attract a 5% cybersecurity levy from businesses. Emphasis transactions by businesses listed in the schedule in that act. And what does the schedule say? The schedule lists five businesses. GSM and telecom, stock exchange, insurance banks and financial institutions. Right. And one other. Yeah, one of the entity. Five of them. [00:04:38] Speaker D: Right. [00:04:40] Speaker C: The stock exchange banks and financial insurance companies. [00:04:46] Speaker A: Right. These five entities are the entities that are bound by that section. That's what the axis. Now also, I see, as lawyers, one of the things we don't do is that we don't read sections in isolation. If you look further in that law, you will find that the punishments or the penalties for non compliances refer to businesses. Do you understand me? The penalties refer to businesses that fail to comply will be fined or wound up. So that clearly puts it in purview. So let's keep that in one place. And then we go to the CBN guardians or the CBN circular that makes it appear to seem that it is a general application. Because what we take out of that conversation is that if I go to buy bread and I give my PoS deduct one 0.5% cybersecurity, I do not think that that was the intent of the makers of that law. And I don't think that in any wave of interpretation, that is what that law means. So what has happened is that the CBN circular and the act are not in sync. There is a divergence, and that must be clarified then. Secondly, the guardians proceeds to give certain exemptions. So again, I will take you back to the act. The act established a cyber security advisory council made up of about 18 or so entities. CBN is only a member of that council. The act empowers the council to oversee and regulate the implementation of the provisions of the act and not CBN. So I'm wondering if CBN really has the powers to issue the guidance they have issued. Should that not be coming from the cybersecurity council, or is that guardianship flowing from the instructions of the council? They will need to clarify that, but then they go ahead to make a couple of exemptions, exemptions that are not in the act. The act does not make any exemption. The act provides for all using the phrase all, but then they go to make exemptions. So what has happened. The CBN have by that letter attempted to make law. Let's even assume that. [00:08:08] Speaker B: And it's not as if the act has been amended. [00:08:11] Speaker A: Yeah, let's even assume that those exemptions are rightly made. The next question we'll be asking would be what are the indices for determining what, for instance, salary payment is? What are the indices for determining loan repayments? What are the indices for determining school fees payments? I'm not sure that, yeah, they have thought through these measures because what will not happen. [00:08:50] Speaker B: That is the word that exactly. [00:08:55] Speaker A: What is salary from the narrative or from the sender and the receiver? If I work in tech point, for instance, tech point can make multiple transfers to me during the month for different assignments. So which one exactly are we now going to look at the timing? Okay, so this one comes on the 30th. So this is salary. Does the bank really work? So you guys are the gurus in the technology space, right? Does the bank? [00:09:27] Speaker B: That assumption is not welcome. [00:09:30] Speaker A: Do they have the functionalities to now use the narratives in transfers to determine the authenticity of the transactions? [00:09:44] Speaker B: So these are the questions on many people's mind. And it further but races the point that this has not been truly appears. [00:09:52] Speaker A: To be a hasty, a hasty decision or one that, you know, was made without fully contextualizing the intent of the act. [00:10:05] Speaker B: So if looking at it now, how undercooked this particular directive looks like, looking at the cybercrime. Cybercrime act, which, which of the provisions there do you think would have been easier to implement if not this? To make the fund active? [00:10:30] Speaker A: No. So the cybercrime act goes beyond the fund. We are just, everyone is just raising Hula baddie because of the deductions and the fears that come with it. But really, what really is the intent of the act? When you talk about the cybercrime act, what are you talking about? The act is supposed, you know, is enacted to ensure the prevention, detection, prosecution and punishment of cybercrimes in Nigeria. Yeah, it is. It is enacted to ensure the protection of critical national information infrastructure, promote cyber security and protect computer systems and networks, protect data and the intellectual property rights of Internet users. So it's a good law and the intent is essential to a continued and improved digital economy. So we are in technology and innovation, right? This fourth industrial revolution, right? You need laws like this. Now, the Office of National Security Advisor is the office established under law and within its purview is cybersecurity. They gone ahead to establish a cyber security advisory council. That advisory council includes all the agencies and bodies that in one way or the other would relate with issues that have to do with cybercrime and also private sector personnel. Because, for instance, the Internet Society of Nigeria, the Computer Society of Nigeria, some private sector practitioners are, by that law, members of that cyber Security Advisory Council. And it is the duty of the council to formulate policies and regulations to ensure the attainment of the objectives under the act. So the levy, for instance, is a part of that act and essentially a means of generating the necessary funds to help fight cybercrime. Because again, as you know, Nife and me as an expert in technology, you know that cyberpai is expensive, right? But, but I think that what has happened is that since 2015, when the act was amended, certain aspects of the act were just left in abeyance. And then our government today has woken up to now begin to look at all the loopholes for revenue generation. And they are plugging those loopholes because I know previously there was a budget for cyber security and then someone says, hey, wait a minute, there's an act that enables certain levels. You're not activating that. Please go collect that money from them. I don't have money to give you. [00:13:44] Speaker B: So low and gain fruits. So I think it remains to be seen how they are going to implement this. And that is what you are looking at, because a lot of things are not very clear in this, in how this is going to be enforced, that is going to be implemented. How is actually the technology involved? Because this is a technology problem, as it were. Because if you can't define what the money is from the originator to the receiver at that point, there's now you can deduct the fee. And going by the kind of situation that exists between telcos where some of these deductions are fulfilled after it has been done, if you want to do that with, with banks, it will be very difficult because after you say, okay, maybe after the end of the month, we will now look at which money is coming from where and for what. Then we now do the deduction many people will be owing people. There's a reporting window. [00:14:48] Speaker D: There's a reporting window. So if you do not report exactly, so you pay. Fine. [00:14:53] Speaker B: I hope they think, they think about it again and see maybe there are other ways to put money in the fund. Thank you very much, Omori, for joining us. We understand that you need to be on another call very soon. We would have loved to have you for other stories, but thank you very much for the insights you've given. And then we are not technology experts. We are just technology journalists. Thank you. Do enjoy the rest of your day. [00:15:25] Speaker A: I continue to put you on, but I'll go on social media and I'll call you my tech expert. [00:15:31] Speaker B: Ah, please. Now. Yeah. Okay. I think Omori has mentioned what this levy is for and why it exists and why is the lowest angling fruit to put money in the cyber security fund. But yeah, there are other provisions in the cybercrime act that I want us to quickly touch on before we move on from their story. And Omeri mentioned some of them, which means that which includes the act has been on for almost a decade now, if not more. And this particular levy only affects businesses and not even all businesses. So what other things is it that people might have been missing that might have caused the panic that this particular story caused? [00:16:28] Speaker D: I think the only person that should be blamed for any panic is the CBN, not any other person, because the warding of the circular was confusing to, like, every nigerian. So yes, if you were able to point out really quickly that this is supposed to be for businesses, but for most of us who were not aware of the act before the secular went out, nobody was aware. Like, you'd have to make a reference to the act to understand that this is business like, just businesses that are being referred to. But even when you do that, you now start seeing some of the exemptions and some of, like. Yeah, some of the exemptions that make you wonder, okay, how is this, like, I don't know how many businesses pay tuition? If any of you are, if any of you pay attention, please don't. Please reach out to me. I think it's the CBN has to be blamed. If you are putting blames anywhere, it's the CBN. [00:17:27] Speaker B: And so cybercrime act. [00:17:30] Speaker D: Yeah. [00:17:31] Speaker B: What are the things that people are missing out? [00:17:33] Speaker D: Oh, there are quite a few. So one of the first things I saw that made me laugh was if you want to operate a cyber, a cyber cafe right now, you have to register with the Computer Professionals Registration Council. You remember that earlier in the year there was some chatter about IT professionals who we really do not know what qualifies as IT professionals right now. Because is a graphic designer going to be an IT professional? Is the growth marketer at a startup? Qualifiers like. [00:18:04] Speaker B: An IT professional. [00:18:06] Speaker D: But there are some chatter about you having to register with a society. I don't know, like basically go and register a club in order for you to practice information technology. Still very vague what information technology means. But for this case, if you want to operate a cyber cafe, you have to register with those guys and you also have to register with the CAC, like do a business name registration. In addition, you maintain a register. So every person who comes through to use your facilities, you have to keep a record of them. And that record can be demanded by, it can be demanded by law enforcement. And part of the reason I think they want a register is for cybercrimes committed at cyber cafes. So there are penalties for, there are penalties for cyber crimes committed, either aiding them or cybercrimes committed that. Cyber coffees. [00:19:03] Speaker B: I think, I think that there's like the state of emergency. Should we put on this act to be amended? So I think when it came up, it was like at a time where more people use cyber cafes. I mean, this is, we don't have like, and it's amended. [00:19:21] Speaker D: Yeah, it's an amended act. So that's, that's why we are seeing the levy coming up. It was amended in 2024, which, for example, we couldn't find, as at the time the CBN circular went out, we couldn't find any copy of the amended act on the Internet. We couldn't find it. And fortunately, some people were able to find it and they shared it. But before then, we couldn't find it because then I checked on Tuesday morning. I couldn't find it anywhere, but someone was kind enough to share it. But yeah, it's been amended. But one of the things I noticed while reading through is some of the, some of the will, I say, circumstances around the time it was created, they've changed. [00:20:01] Speaker B: Yeah. [00:20:02] Speaker D: So for example, cyber cafes are not exactly a thing. There are a few around, to be fair. [00:20:09] Speaker B: Yes, but not as much as people. Mobile phones you now carry around Internet. [00:20:14] Speaker D: Exactly. So maybe they are trying to like cover all business, but yeah, that particular section wasn't amended. Something else I saw is. Okay, so for child pornography, which I don't know how much of a problem it is in Nigeria. So what? It's very strict fines and geotherms as well. You cannot groom a minor. Well, if you like, you can, but if you do, you shall pay fine or go to prison. There's a penalty for that. Um, there's a penalty too, for sending unsolicited. So those, those who send nudes. [00:20:57] Speaker B: It can be prosecuted? [00:20:58] Speaker D: Yes. Those of you that send unsolicited nudes, um, you can, you can. No, you can. You will be prosecuted, assuming, um, the person reports. So it's actually a crime to send unsolicited, um, nudes? Funny enough. Yeah. I mean, I've heard some stories of people, like, sliding to DM's you're sliding news. [00:21:17] Speaker B: Yeah, I guess. I guess. [00:21:19] Speaker D: Funny thing is, it doesn't cover, um. It doesn't cover, um, what's it called, this hit porn now, like, where someone records is sex tape and then puts it out or threatens to put it out on the Internet. It doesn't. I believe it's a cyber crime. And I may correct me if I'm wrong. Yeah, it is a cybercrime, but nothing is mentioned. So, yes, I guess that's something that should be included, amended again. [00:21:50] Speaker C: What does actually change from the amendment in 2015 is very. [00:21:54] Speaker D: Is actually warding, for the most part, is wardens, like. So for, I think, section 17, they use genesis instead of genuineness in 2015. So it's basically, I don't know, they need a copy. Editorial mistakes. Yeah. A lot of spelling mistakes in their life. [00:22:11] Speaker B: So this is, this is. I'm not making a claim here. So I just thought that, okay, when. When this came to view and were looking like, oh, how do we fund this act? And there is a fund for it. What is the quickest thing we can do to get money into the fund? I think why this was reviewed or amended as the cases is for the sake of delivery. [00:22:34] Speaker D: So I would not go as far as I would never divorce bad fit actions from the nigerian government. But the second thing is, I don't think that's why it was amended, although it could be why it was amended. So very little amendment was actually made to the section. I don't think any amendment. If I remember correctly, no amendment was made to the section that contains the fund or that addresses the fund. I can't remember any amendment being done to that. But I think the thing is, from the way the fund is set up, right, the other avenues of funding it is fines. And like I was saying before we started the podcast, I personally think the fines are not good enough, although Murray says it should be punitive but not vindictive. So I still think that, for example, finding a bank less than 10 million naira for lapses in their cybersecurity infrastructure is too small for you. You could do that to a smaller company, but not to a bank that has billions of dollars in. Sorry, billions of naira in an era, to be honest. [00:23:45] Speaker B: So there are a lot of things to unpack here. [00:23:50] Speaker D: Oh, sorry, there's one more. And this is the part that I need the creators of the act to probably come speak to us about. Right. So your bank has a duty of care to put in place cybersecurity measures. However, if your account is breached or hacked, you now have a burden of proof, or have the burden of proof to show that the financial institution did not do what they are supposed to do. I don't know how that's going to play out for the average person like me, who is not a cybersecurity expert. How do I know that the bank did not put, like, the specific guardrails in place? I don't know. [00:24:32] Speaker B: I think it's. That's the way it works for many products. Um, surely, um, maybe digital products. That is why they add terms and conditions with. That's where they add terms and conditions. So you can check those between the lines to see what they're indemnifying themselves against and where it. Where it ends on their part and where it starts on your part. So, different conversation. [00:24:58] Speaker D: Because my own problem is on the burden of proof, how do I prove that the bank did not do what they were supposed to do? [00:25:04] Speaker B: That is what I'm trying to say. I'm not here to defend anything. [00:25:09] Speaker D: I actually know what they're supposed to do. [00:25:11] Speaker B: Okay, so if you isolate the case of maybe you, maybe your phone was stolen, right, and they had access to your bank app. [00:25:22] Speaker D: Yeah. [00:25:22] Speaker B: Right. Which was supposed to be maybe biometric secured or passworded, and they had access to it. Right. That particular case, he said that there is a, there is a bug or there's something wrong with the mobile app that made them to have access to it. So in that case, if you address, if you approach your bank and you're asking questions on how were they able to access my app, right. Your bank will probably say, maybe you didn't, it's not passworded. Right. Or something else, or you didn't protect your. The security of your mobile phone. That is one. So they are trying to move the body of proof to you. This is. I'm speaking about this from experience. Now, you get. So if you are able to look for something the bank is supposed to do to make sure that their mobile app, for instance, is not accessible except through the owner, if you can look for something, then you can shift the blame to the banks. But as far as the bank is concerned, as for your bank app to be secured, to be, for someone to gain access to your bank app without your presence there, that means that you've either given that person access, maybe their fingerprint is also can also access your bank apps or whatever it is on your phone you get. So the reason I made that case is because if you find out very well, the bank's influence enters a point and you as a user, your influence has ends as a point. So in the, in that case you might not be able to tell that exactly this is what my bank is supposed to do. But when you present a case, right, and they give you the possibility of how that is possible, how the fraud was able to happen, then you can also look at where your bank should have protected you. And then if you present that case and they say okay, this and this is what we have done to make sure this did not happen, it has to be human error from your side, then I don't know what defense you want to put up on that. Again, I am not trying to defend banks. I'm just mentioning the case of what happens with many products, very digital products and how they indemnify themselves. So for people that are listening, we have a number of articles addressing this, the cyber security levy, other things that we might have missed or you do not even know exist about the cybercrime act on our website. Please check them out and on techpoint Africa you will find them there. I think we should move from there to something else that CBN was involved in. In the course of this week. Maybe CBN was not really the major proponent, but they are involved. So on Monday, Corporate Affairs Commission CAC made a directive or gave a directive that all points of sales that is pos operators in Nigeria or those that work with fintechs like Op, Pampay, Moneypoint and the rest that they should be registered as a business on CAC and for. And then CAC now gets on some of the requirements of CBN or directive of CBN for PoS operators in Nigeria. And yeah, we, it's, that also caused a lot of, I won't say panic, but people were expressing their grievances about why is this coming? Why can't they just leave us alone? Why can't they just. [00:29:12] Speaker D: Lawyers and cat registration. [00:29:19] Speaker B: So as you would expect, this is a, this is a business opportunity for people that are playing in the field. For instance, a startup, what's the name Nobis that I'm using to company incorporation as a product for it and wrote on that to tell people, especially businesses, fintechs that have POS operators on their platforms to help those businesses to register. But yeah, we went to the street at some point to ask the people that are doing this business to understand what they think about this new development. [00:30:02] Speaker D: Very very bad. [00:30:03] Speaker A: Instead of me to register my Pos. [00:30:06] Speaker B: I would rather throw it away. And it seems it is not generally welcomed, you know, especially the fact that you have to pay for this business registration, depending on who you ask, depending on who you ask, this particular registration that is being expected of these PoS businesses, the price range from, depending on where you're going to who you are approaching for it. It ranges between 17,000 naira to about 25,000 naira. Now imagine, yes, pos businesses look like a lucrative business depending on your location and how accessible you are to users because of the charges you make from the people that come to use your service. But it's not everyone that can boast of having enough profit to, to put into this registration. And that is one of the issues that were raised. Right. [00:31:11] Speaker C: So is it not for their own, can we say the registrants, for their own benefits? [00:31:17] Speaker B: It's actually for the benefit of users. [00:31:20] Speaker D: First of all, you, in an ideal world, you would know your, you will not be running a business without registering it. So it's not about whether you're making enough money or whether not making enough money. Should you be registering your business? [00:31:36] Speaker B: Yes. [00:31:39] Speaker D: Fortunately, it's also like just a one time payment. I don't, I think you have to renew after or something like that. It's. To be honest, it's not a lot of money. It's only a lot of money. [00:31:51] Speaker B: Yeah. If that's calculated into capital, you know? So I think the way, the reason why emotions have come into this particular issue is pos business has come to become like a, out for people who cannot do other businesses, or it has come as the easiest way to enter into a financial business, for instance. And because of the way agency banking has been embraced and how fintechs have and banks even have. Like, it looks like it not even looks like it's a very, very profitable market. Right. From. Well, from, well, from reports we are getting from money points and pampay, they're. [00:32:44] Speaker D: Not showing us how much they're making exactly. [00:32:48] Speaker B: And the volume and number of agents they have if there's nothing in that market. [00:32:52] Speaker D: So, okay, it's a. Is a large market. [00:32:56] Speaker B: Yeah. [00:32:57] Speaker D: We are yet to see how profitable. Exactly. Margins are notoriously low, which is one. So if you go back maybe four or five years ago, price was a competitive advantage. If you could lower your commissions, you could get more agents. So naturally, that means your margins will be reduced. So I would not say it's a super profitable niche, because now you have, you need, like, huge volumes for you to, to stay afloat, which could explain why some of them are moving away from it. But I think we should not be spending a lot of time talking about whether you should register your business. Really? Um, yes, I understand where a lot of people are coming from. So here's the thing. I think it's a case of a good thing coming at a bad time. I don't think, first, to be fair, I actually don't think there's a wrong time to be introducing to require businesses to get registered. But the problem is this is maybe. [00:34:04] Speaker B: These people didn't consider themselves as a business. [00:34:09] Speaker D: What are you, okay, so here's also the thing, and maybe we can't always blame people for this. Um, if you are providing a service, I think we've had this conversation in a way, when we're talking about the tax obligations that the federal government was trying to impose on creatives. See, if you provide the service you are supposed to like, you could register a sole proprietorship. And that's just you. Yeah, that's one form. You there. If you order. Yeah. If you are the categories you could register your business under doesn't make you any less a business than a dangote, for example. The fact that you're doing maybe 500k in annual revenue doesn't make you any less of a business. Yeah, you're a business. So let's move on from that. If you don't have the money to register your business, I do not know. I mean, I can't help you, right? But if you don't have the money, maybe you could, maybe you go borrow some money as part of your capital. [00:35:12] Speaker B: So I think going forward now, getting into POS business, for instance, you will know that this is part of my capital. [00:35:21] Speaker D: It's important for the security bit as well. You should also be, I mean, if we can now track identities, of course with a digital device, we could know who this is registered to. Or if you could, if you can now track identities because, okay, you have register the business. Yes. Then it's more helpful as well. So I don't know why, as a. [00:35:46] Speaker B: User, if you get to a store, pos store, and you do not see like certificate of incorporation on, don't use them, you can leave. And that should kind of prove to you, to protect you as a user that this person is registered. Even if they commit fraud, they can be apprehended, tracked. So, but yeah, this is both to protect the users and also the operators. And I'm hoping that if the time, if the deadline that has been given is not too short, I'm expecting as many people. As long as it is, it is a business, as you mentioned, as long as you see it as a business, unlike some people that feel like, oh, I'm just going to abandon it if they. I'm going to abandon it. Fine, maybe they have, they have other, other businesses. But if it's your sole business, you. [00:36:38] Speaker D: Should start asking babas, tailors, hairdressers, if they have to register. [00:36:45] Speaker C: I don't know who's asking them. [00:36:48] Speaker D: If you don't for, if you've come. [00:36:49] Speaker B: For positive, as you mentioned, it's ideal. As long as you are rending a service, you should have registered your business, right? Not until you are directed to do so and you have a deadline to do so, as the case is here. But yeah, we'll follow this story and see how it plays out and how people react to it. I think we should move from there to a story that I won't say we've overflowed on this podcast, not from my mouth. [00:37:28] Speaker D: Let us be honest. [00:37:29] Speaker B: And because we are journalists and we have to journal the progress of happiness, this is necessary for us to talk about. And that is the story of Patricia startup, the cryptocurrency. [00:37:47] Speaker C: How you said the story of Patricia, there should be like music entrance. [00:37:55] Speaker B: It sounds like we are about to start narrating again. Like again, what's happened again. [00:38:02] Speaker C: So, um, yes, there has been some updates. There are some new information that we've heard from sources within, without beside clothes, several of them, yes. About this whole Patricia stuff. So, um, if you remember very well, um, last year, May, Patricia told us. Yes, Patricia announced that they go out and they are to pause withdrawals because of the act. And, you know, it's been a year now, and a lot of customers, they've not resumed withdrawals. And a lot of customers have been lamenting about, you know, the inability to access their funds. And, you know, we were able to speak to some of them who revealed that, you know, they had very huge sums of money in Patricia, and it has affected them in, you know, very different ways. And, you know, they had, some of them had like, really painful stories to tell. So the update basically, is that some sources have said that. Let me start with the first. Let me start them. Start with the different sources. So one of the sources used to work on the company's cyber security team. And interestingly, that source said that the team was not aware of a yak when the company announced that there was a. So you can imagine how weird it sounds if it's like I'm the security of a, let's say I'm meant to security studio, for example, and then I'm there I'm sitting down. And then my boss, let's say, on a man now, comes and said, ah, guy, they've stolen all the cameras and all the laptops. [00:39:53] Speaker B: I'm like, I didn't know about it. [00:39:56] Speaker C: I can see all the, like, oh, there were some ones that we had somewhere that would have got stolen. I was here throughout. I didn't see anybody coming. [00:40:04] Speaker B: Yeah. [00:40:05] Speaker C: And I'll be looking at like, are you. [00:40:08] Speaker B: What are you trying to cook? [00:40:10] Speaker C: Is everything okay? [00:40:11] Speaker B: Are you trying to cook? [00:40:12] Speaker D: So. [00:40:12] Speaker C: Which was basically what happened. And they were like, what's going on? We are seeing this in the news. And so they said they asked questions, and they were like, don't worry about it. Stuff like that. Why would you tell me? This is my job. I'm supposed to be secure. [00:40:25] Speaker B: You're telling me no worries. [00:40:27] Speaker C: And then they told them that the person said. They told the team that, um. Oh, don't worry. It's a reconciliation issue. Okay. Reconciliation issue. What are we now hearing? Act in the news and stuff like that? And then some other sources actually confirmed that they were asked, but not at time when it was announced. Like, two years or so before. Right. And people were saying even after that time, Patricia continued working. Right. Nothing happened. Some few customers are trying to us that they've not been able to access their money for some time longer before the announcement. Yes, the announcement. Right. But what those people are saying is, it has happened a long time ago, and they can't really blame the act for why they had to pause withdrawals and why people cannot access their money. And one very, very reliable source told us that it is not because of the act that people cannot access their money. That is due to mismanagement. Right. And, you know, a lot of other pointers point to the fact that something is definitely wrong. Patricia, for example, I noticed that lot. [00:41:36] Speaker D: Has been wrong for the better part of two years now. [00:41:39] Speaker C: Yeah. I'm saying, before the arc was announced. [00:41:41] Speaker D: Right. [00:41:41] Speaker C: So, for example, I noticed that c level employees left at around the same time, which is weird. I mean, ordinary employees, we understand, but c level employees. Five of them left. Three left. Like, same month in 2023. [00:42:00] Speaker B: Like direct competitors. [00:42:03] Speaker C: Yes. So one left December 2022. So you see that it was very close. [00:42:10] Speaker B: It was as if there's an abandoned. [00:42:13] Speaker D: Yeah. [00:42:13] Speaker C: It's like when all the captains. [00:42:14] Speaker B: Something is happening internally. [00:42:16] Speaker C: All the people that are driving the ship. Right. All of them decide to leave the captain. Right. Be real. It looks like something is wrong. Something is definitely wrong. Which means that, you know, Patricia is not is not telling the users enough. [00:42:33] Speaker B: The full story. [00:42:34] Speaker C: The full story. So those are some of the updates. And it's interesting that some people actually coming out to actually say, okay, this. A lot of things are wrong. A lot of things were said that cannot say that we can, because the gravity of those things are very high, that we cannot just rely on what people say we actually need. So, which is what we are working hard to get at this point. But very, very heavy accusations were made against the CEO, against the CEO, against the company itself. We also heard that the company was told that, oh, there's something wrong with, I think a security consulting firm also said something wrong with your security. Right. You need to act fast. And, you know, those things were not acted upon until later on. Things like the company didn't have a board for a while despite the fact that they made so much money and things like that. And, you know, there were also accusations against the CEO, that he was the only one that could access funds like that, could move funds within the company. [00:43:41] Speaker B: They had a CFO. [00:43:42] Speaker C: Yes. So the CFO was almost like a figurehead, because what am I doing there when you can basically do and undo with, you know, the money in the company? Um, there were also things that were said that the way funds were used were kind of lavish. Not even kind of say it was lavish. So all these things, you know, make you feel, you know, as a customer, it makes you feel or betrayed. And also knowing the fact that nothing really, you just didn't keep my money. [00:44:14] Speaker B: Well, yeah. So this is one of these, another time where we, I think a time where we discuss issues like this in the studio, there's none of those times that we do not have to touch on corporate governance. Right. And due time. [00:44:32] Speaker C: Yes, yes. [00:44:33] Speaker B: It's unfortunate because while users are a very important state stakeholders and startups. Right. It is, it is before users start making use of a product to be able to find out the, how, how disciplined they are about their corporate governance. You might not be able to, as a user, you get, you might not be able to until situations like this happen and you start questioning it. Right. Even though users are very important, critical stakeholders in the company. So I think this is a call out to founders, to business owners, law enforcement. [00:45:18] Speaker D: Yes. [00:45:19] Speaker C: They should look into things like that. [00:45:22] Speaker D: I think this is so two things I would say for customers here. Like you mentioned, it's a bit difficult for you to know. You really can't know that someone is. [00:45:35] Speaker B: Going to carry your money around. [00:45:38] Speaker D: You just can't accept. I mean, if you have those powers. That's cool. [00:45:42] Speaker B: Which powers? [00:45:44] Speaker D: Don't worry. You would if you can. Like if there's a way you can just magically know that someone will run you streets. Kudos. But I think first thing you should probably do once it's a financial institution, check whether they are regulated by the CBN. Of course this means that there are some investments you will not make. Right. Usually. [00:46:07] Speaker B: How do you get. If they are regulated is their licenses? [00:46:10] Speaker D: Yeah. Okay. So a lot of them. So very serious companies are going to be brandishing licensed or regulated by the CBN or SEc on their website. On their websites. I think if you even have it when you're about to open the app. Right. Because you won't see that information in app. But a lot of them put it very close. Very. So if you just go to the footer of the website, you would. You. You would see that. But the ones that don't have it, if they are playing in spaces that are already regulated by the CBN, you can always check the CBN website. So for example, CUDA is not. I mean there's no specific regulation for or new banks in Nigeria. Bokuda is a microfinance bank and they are regulated. Am I doing ad for them? [00:46:58] Speaker B: Oh, go on. You're making an instance. [00:47:01] Speaker D: Yeah. So if you go to the CBN's website, they have a list of all regulated financial institutions. I think there was a new circular two days ago that contains an updated list. So you can go check it out. So if someone tells you you are regulated by the CBN and you go to the CBN website, you don't see it. Please. Better off believing the CBN than believing some random tech guy. So that's it. CBN sec. Just to cover your basis. It just means that crypto. Crypto startups are not exactly supported or regulated. Which means your crypto investments are like. You really are not that protected to be fair. So yeah, you can. You can. I mean, apart from the volatility, the fact that they are not like regulated. Second thing I'll say is that this probably speaks to like the role that regulators are supposed to play. If we had gotten past this. Do crypto today. Don't do crypto today. Ban on ban. It's gone past. [00:48:12] Speaker B: Another news this week was Niger saying they should remove P two P trading from their platforms. Crypto exchange platform. [00:48:19] Speaker D: If we had. If we had some clarity around regulation, right. We would know that this guy should operate in x way or should not operate in x ray. So this is why regulations are very important. Because I've been saying jail time, jail time. I'm not joking. Right? If you're regulated CBM, they will just pick you up. They don't need to stress too much. If you misbehave, go ask the banks that their directors have used customer phones to play agile. Whatever they, they carry, they will carry you. You be doing your explanation and be, and be doing your hack explanation from prison. So if we had clarity on regulation, some of these things will be reduced. And really, I don't know what regulators want to do, but you need to stop playing these funny games. If you are serious about your job, figure out how to understand what these guys are doing. There's a reason we have regulatory sandboxes, even if it means packing all the crypto startups or blockchain startups and throw them inside the sandbox for the next two years. Do it. But at least you know that while they're in our sandbox, crypto guys or ex blockchain guys to come and advise or work with you, because one of the things is you don't exactly understand what they are doing. So can you create, I mean, unfortunately we have a committee like we are caused with setting up committees in this country, and I'm about to add to it, but can you set up a small five man panel, I'm sorry, Nigerians that have to disappoint you. But can the SEC, for example, because I think this is, this falls under the limit. Can the SEC set up a small panel of crypto experts, blockchain. Blockchain experts that help them navigate this? Because it's getting silly to be doing this dance in public. Yeah, like, I mean, come on, have some shit. [00:50:18] Speaker B: Users are not, customers are not feeling protected. And it is on the regulator side to make sure that they are. And that is what we'll be ending today's podcast with. And we've discussed some from the eyes to the lows. And we like, was there any eye? Yeah. [00:50:43] Speaker D: If you think there was a high, you can point it out. Point it out in the comment section, wherever you are. [00:50:49] Speaker B: Siva lining, right. At least if you don't know about cybercrime acts, you know about it now. So that's a win for me. Yeah. So please, we like to get your feedback. What do you think about the podcast? What you think we can do better stories you would like us to cover and talk about? And by the way, we have a lot of stories on the tech Point Africa website, Techpoint Africa. You can go there and keep up with all tech companies in Africa, please, if you're listening to this on Spotify. Don't forget to drop us a review. So much love that. And if you're also catching us on any of our social media platforms, or if you're done listening to it here, you can go to any of our social media platform, tech point Africa and drop us a comment on any of our snippets and share. And also tell people about Techpoint Africa podcast. You don't want to stop seeing us or hearing from us. Or do you, do you. [00:51:54] Speaker D: Have mine? [00:51:57] Speaker B: No, I'm not threatening you. I'm just saying I would love to hear from you. It's been a while, but yeah, we will see us here next week, by God's grace. But we have our newsletters we like to talk about. We have the Tech Point digestion, equity merchant, modern workplace newsletters. All these newsletters are focused on different industries, while the tech points african tech point Digest focuses on everything that is going on in the african tech space. Friday. This Friday, I mean, tomorrow is pitch Friday again. [00:52:41] Speaker D: It's come true for your boy. [00:52:43] Speaker B: It's a country for your vadashing. Because keep in mind, it's Odin at Zone Tech park in Bagada. You can show your face. What did I just say? [00:52:58] Speaker C: Yeah, yeah. [00:52:59] Speaker B: You can show your face and come. If you've not been there before, you can come and give yourself a benefit of doubt. I'm sure you know, regrets to be there. It's a. It's a good networking, um, time every month where people in the energy tech space or Lagos tech ecosystem come together to come and network and listen to pitches and also learn, what are we talking about tomorrow? [00:53:25] Speaker D: How to build a tech startup when you don't have tech skills. [00:53:29] Speaker B: When you don't have tech skills, right? All of you having ideas in your head and you're thinking, I don't have. I need a CTO. And the CTO will buy you and all come and listen to somebody that has been there. That is to be Odukoya, the CEO of CDK. Come and listen to him, how he navigated it. And he's running a successful business now. We love to have you say hi. If you see any one of us there, we will say hi back, hopefully. Thank you once again for joining us. Catch you in the next one. Bye.

Other Episodes

Episode 129

September 29, 2022 00:37:12
Episode Cover

Lagos tech hubs are "unsafe"?

Today on the Techpoint Africa Podcast, we look at some of the trending stories in the African tech space this week.The stories: Over 2000...



September 17, 2019 00:08:30
Episode Cover

Guess who's back? Nigeria Air?

Today on the Techpoint Africa Podcast, Nigeria's national carrier project, Nigeria Air is "back", BudgIT co-founder Seun Onigbinde gets government appointment and then quits,...



February 14, 2020 00:22:28
Episode Cover

Pivot or die: Introducing 'CHOP' by Gokada

All Techpoint articles referenced on today's episode here. https://techpoint.africa/topics/techpoint-africa-podcast-23/ TechCabal's side of the Gokada CHOP story https://techcabal.com/2020/02/13/gokada-partners-jumia-food-deliveries/ WeeTracker's damning report about Andela https://weetracker.com/2020/02/12/andela-struggle-to-place-mid-level-devs/ Plugs:...