Financial Regulatory Update for Africa: Digital Payments, Data Protection and Electronic Signature

OneSpan Team,

A lot has happened in the financial regulatory space over the past year. In Africa, regulators introduced a number of changes in areas like cybersecurity, data protection, digital payments, anti-money laundering (AML), and electronic signature.  

This is going to be a busy year for those involved in securing financial transactions and storing data to ensure conformance with regulations. On the regulatory front, in South Africa, for example, the Protection of Personal Information Act, a sweeping legislative initiative originally introduced in 2013 to strengthen consumer protection in the region, goes into full effect this year. The timing is right: in the wake of the COVID-19 pandemic, fraud is rising as criminals monetize PII gleaned from data breaches – making cybersecurity and data protection key priorities not just in Africa but around the world.    

Yet despite growing rates of fraud in the wake of COVID-19, it is a time of opportunity for the region’s financial service providers. Prior to the pandemic, several African nations were already underway to modernize their respective payment systems and defining regulations for those systems. Countries around the globe have seen a significant increase in electronic payments in the last year and Africa is no exception.  Ghana’s Interbank Payment and Settlements System (GhIPSS) saw a 51% increase in transactions through the first half of 2020 compared to the same period in 2019, as citizens migrated away from cash. Similarly, in late 2019, South Africa announced plans to replace its digital payment system with a new system that will expand its user base to include low value person-to-person (P2P) consumer transactions and use QR codes for mobile payments. In addition, Nigeria published guidelines on operations of electronic payment channels last June, which include the development of electronic payment systems.

As summed up in the 2019 Africa Guide to Financial Regulation from global law firm Clifford Chance, “African jurisdictions vary in their financial regulatory legislation and treatment of financial services activity, but the region’s drive for improved regulatory systems and the establishment of more effective regulatory frameworks has been on the rise in the past two decades.”1 In this blog, we pull the highlights from our inaugural OneSpan Global Financial Regulations Report to provide a summary of how regulatory trends are driving transformation for financial institutions in the region.

Anti Money Laundering (AML)

As in other regions of the world, Africa is facing an ongoing drive to combat money laundering and terrorist financing. In May 2020, the Financial Action Task Force published their COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses. The paper “identifies challenges, good practices and policy responses to new money laundering and terrorist financing threats and vulnerabilities arising from the COVID-19 crisis.”

Coincidentally, Angola enacted Law Number 5/2020 the same month, which establishes new rules on customer due diligence applicable to cross-border transactions.
In Nigeria, the Central Bank of Nigeria Anti-Money Laundering and Combating the Financing of Terrorism Amendment Act 2019 was amended in October 2019. Several amendments address KYC requirements, customer due diligence measures, and identity verification.

Data Privacy

As in other regions of the world, African nations have been focused on data privacy and data protection. Nigeria published the Data Protection Regulation Implementation Framework in 2019 to help entities comply with the Nigeria Data Protection Regulation (NDPR). Kenya passed the Data Protection Act in 2019, which regulates how and when personal data can be obtained, handled and disposed. In May, the Moroccan Data Protection Authority Deliberation took effect, which provides guidance on the processing of personal data stored electronically and in paper form, including mail. South Africa’s Protection of Personal Information Act will go into full effect in June 2021; the central bank has encouraged proactive compliance ahead of that deadline.

Electronic Signatures

Like the United Kingdom, Australia, several members of the European Union, and others around the world that enacted regulatory actions for the use of e-signature last year, Kenya passed the Business Laws Amendment in 2020. The law introduced several significant changes to existing laws to improve the ease of doing business. The law highlights the use of electronic signatures and advanced electronic signatures, which have been permitted for some time but with lackluster adoption. The law was passed in March 2020 around the outset of the pandemic.

Parties can now sign contracts using advanced electronic signatures, thus aligning the provisions of the Law of Contract Act, Cap. 23 (the “LCA”) with those of the Kenya Information and Communications Act, 1998 (the “KICA”). While the KICA already made provision for the conducting of electronic transactions and the use of electronic signatures and advanced electronic signatures, application of these provisions has been unconventional. The new amendment will hopefully see parties embrace technology and conclude contracts virtually, making it more efficient to carry out business and deepen digital transformation.

Trusted Digital Identity

For financial institutions in African countries, regulatory compliance as it relates to digital ID authentication and verification can often seem unclear. Relatively straightforward challenges that would have relatively straightforward solutions in regions where PSD2 and GDPR are in force take a more unsteady course in North, Central, and West Africa, where there is limited regulatory framework development and oversight in both the financial and technology sectors.

North, Central, and West African countries have the potential to lead regional efforts in digitizing economies, increasing financial inclusion through mobile money payment systems, and creating open banking systems. In lieu of these government-led initiatives, African central banking systems, technology and financial agencies, and third-party stakeholders have continued to step up efforts to ensure a robust regulatory landscape that will foster financial technology innovation and aid in the enforcement against digital identity fraud and other forms of financial cybercrime.


South Africa is poised to set the example on cryptocurrency regulation for the rest of the continent. The Reserve Bank of South Africa has introduced new regulations stipulating how people “can, and should” hold cryptocurrency. The new regulations went into effect in early 2020 after a more than five-year consultation period.


The coronavirus has impacted the globe, and policymakers and regulators have been forced to change.   Coronavirus aside, the future is bright and North, Central, and West African countries have the potential to lead regional efforts in digitizing economies, increasing financial inclusion through mobile money payment systems and creating open banking systems.

For further insights and updates affecting the financial sector, download our Global Financial Regulations Report. We welcome your feedback on how we can improve on this valuable resource. Reach us at [email protected] with your comments on this report.

This blog is the fifth of a regional series covering financial regulations in North America, Asia-Pacific, the Middle East, Latin America, Africa, and the European Union. Subscribe to our blog for alerts as new blogs are published.

2022 OneSpan Global Financial Regulations Report

OneSpan Global Financial Regulations Report

Download this 2022 report to keep current on the latest regulatory and legislative changes around the world – relative to e-signature, digital identity, cybersecurity, and more.

Download Now


The OneSpan Team is dedicated to delivering the best content to help you secure tomorrow's potential. From blogs to white papers, ebooks, webinars, and more, our content will help you make informed decisions related to cybersecurity and digital agreements.