Fintech 2021

Last Updated March 19, 2021

Ghana

Law and Practice

Authors



Addison Bright Sloane is a full-service premier law firm based in Accra with comprehensive industry knowledge across various practice areas, such as litigation, arbitration, corporate and commercial practice, energy, real property, data protection, intellectual property, insurance and technology. The firm has a dedicated four-member technology team led by the managing partner and has worked extensively in the areas of intellectual property, data protection, cyberspace, fintech law and regulation, and has advised a number of multinational companies on Ghana’s legislation as well as embarked on a number of technology projects. Addison Bright Sloane’s recent work within the digital innovation industry was its role in advising an international online music streaming service provider on its entry into the Ghanaian market. The firm also collaborates with global law firms and organisations to advise high-profile clients in all aspects of the law.

Recent Developments

Ghana’s fintech market dominates in the sectors of business, banking, health and insurance. The Ghanaian fintech market has experienced significant growth over the past year.

Mobile money services

Mobile money services are the dominant fintech business in Ghana. They are operated by telecommunications companies, with MTN Ghana, Vodafone Ghana and AirtelTigo Ghana as the active players in the industry in Ghana. Initially, they only offered users a platform on which to save and withdraw monies via their individual mobile networks. Currently, the platform allows users to pay utility bills, obtain credit services, receive remittances, and send and receive money from banks. The banking sector has also adopted fintech solutions in service delivery with a number of banks partnering with fintech start-ups and other tech companies to offer mobile money services through banking apps. For example, GT Bank Ghana and Fidelity Bank Ghana have both partnered with Expresspay to provide mobile money services to customers. A survey conducted by the Bank of Ghana revealed that there were 14.7 million mobile money accounts as of May 2020.

Ghana Interbank Payments and Settlement Systems

The Ghana Interbank Payments and Settlement Systems (GhIPSS) is the national payment systems infrastructure provider and a subsidiary of the Bank of Ghana. It has a mandate to provide an effective and secure interoperable electronic payment platform to attain the goal of ensuring financial inclusion for all players in the Ghanaian economy. The GhIPSS’s Mobile Money Interoperability (MMI) platform permits seamless transactions across various telecommunications networks. According to the 2020 market performance report by the Bank of Ghana, 77 million transactions worth GHS254 billion (approximately USD44.3 billion) were processed on the GhIPSS.

The use of QR Codes

Ghana has upgraded its fintech market by introducing Quick Response (QR) Codes. Ghana is the first country in Africa and only the third in the world to introduce a national QR Codes payment system. Ghana’s Universal QR Code was officially launched in November, 2020. The Universal QR Code is the first of its kind in the world and has the unique feature of catering to the needs of both the banked and unbanked sectors of the economy. Customers are able to effect instant payment for goods and services from varying sources such as mobile wallets, bank accounts and cards by scanning a QR Code on a smartphone or dialling the USSD code of the payment service provider. This is a monumental step towards achieving a cash-lite economy. The Universal QR Code is currently utilised by 13 banks and the three major telecoms companies in Ghana, ie, MTN Ghana, Vodafone Ghana and AirtelTigo Ghana.

The Fintech and Innovation Office

Last year, the Bank of Ghana set up the Fintech and Innovation Office with responsibility for the licencing and oversight of dedicated electronic money issuers, payment services providers, closed loop payment products, payment support solutions and other emerging forms of payments delivered by non-bank entities.

The Office will help accelerate the bank’s cash-lite, e-payments and digitisation agenda. The Office also generates policies that will advance fintech, innovation and interoperability in Ghana.

Crowdfunding policy

The Bank of Ghana recently rolled out a policy on crowdfunding. The purpose of the policy is to advance the development and use of crowdfunding platforms and products for Ghana’s banking sector.

This development signals the potential of digital platforms to transform the traditional crowdfunding model. The Bank of Ghana requests that entities wishing to use donation-based and reward-based models for crowdfunding should apply to the Bank of Ghana for a licence. This crowdfunding policy is expected to further the modernisation of the banking sector by ensuring financial inclusion. The regulation of crowdfunding will offer more protection, security and accountability to consumers, and safeguard their contributions. The models of crowdfunding permitted by the central bank are donation-based and reward-based crowdfunding. These comprise the collection, holding and disbursement of funds and are made available to banks, specialised deposit-taking institutions (SDIs), dedicated electronic money issuers (DEMIs) and enhanced payment service providers (EPSPs). The Bank of Ghana collaborates with the Securities and Exchange Commission (SEC) to regulate debt (peer-to-peer lending) and equity models which hinge on securities, loans and leverage payment platforms.

Some fintech firms have applied to the SEC for a licence to operate crowdfunding platforms targeted at the agricultural sector.

Insurance companies

Insurance companies have optimised their service provision by integrating technology into their core business functions, thereby making insurance policies accessible on mobile devices and digital platforms. Insurance services such as motor, property and life insurance are available digitally. Health insurance policies are widely patronised on fintech platforms.

Future Changes and Challenges

The next 12 months will present interesting dynamics for fintech businesses. The Bank of Ghana has strongly indicated its intent to streamline the operations of fintech companies by enforcing minimum capital requirements.

Cyber-risk and fraudulent activities on fintech platforms constitute a major challenge. To deal with the issue comprehensively, Ghana’s legislature has enacted Ghana’s first Cybersecurity Act and revised Ghana’s Anti-Money Laundering Law to be in tandem with current risk assessment and trends.

The COVID-19 pandemic has had a significant effect on the fintech industry. Many companies have become receptive to remote working and digital transactions. There is therefore an inclination for industry players and business people to incorporate permanent digital financial innovations and solutions into their businesses.

Funding of fintech start-ups and small and medium enterprises is of crucial importance to bolster competition in the industry for optimised services. In the ensuing months, partnerships between start-up tech companies and financial institutions will further augment the growth of the industry.

The Main Fintech Models in Ghana

Funds transfer

This model allows customers to deposit and transfer funds via an online mobile payment platform or mobile banking application.

Payment gateways

Customers are able to conduct business transactions using online mobile devices. This is a payment service that works with the customer’s preferred digital wallet or bank account to offer a convenient, overall and safer payment experience. It is a complete end-to-end online and mobile payment transaction solution that enables consumers and businesses to send and receive funds.

Bills payment

This model allows customers to transfer money from digital platforms or mobile accounts to a creditor or vendor of public/private utility to be credited against a specific account.

International remittances

This platform allows customers to receive money directly into their accounts from cross-border accounts, and allows foreigners to transfer money to Ghana using digital platforms.

Digital insurance/insurtech

Customers can conveniently purchase insurance products through digital platforms. Customers have access to health and life insurance cover through airtime and mobile money deductions.

Digital lending

This model affords customers the opportunity to quickly and easily apply for short-term loans through their mobile devices and receive credit decisions without delay. Identity and mobile accounts of customers are verified before disbursement of a loan.

API service platforms

This is a platform that allows fintechs to integrate their systems seamlessly.

Bulk transactions

Bulk transactions including payment of pensions and salaries.

Over-the-counter transactions

This refers to trading conducted directly between two parties without the direct supervision of an exchange. It also involves bilateral contracts in which two parties agree on how a particular trade or agreement is to be settled in future.

Crowdfunding

This model entails the collection or mobilisation of funds in small amounts from different individuals to fund projects or support causes. This could be done through donations or fundraisers.

One of the main fintech businesses in Ghana is the provision of payment service solutions with technology. The Bank of Ghana pursuant to the Payment Systems and Services Act of 2019 (Act 987) is responsible for regulating activities relating to payment, clearing and settlement systems.

Bank of Ghana

Applications

The Bank of Ghana is mandated to issue out licences and authorisation to banking and non-banking institutions that offer financial solutions using technology, like payment system services. Applicants are required to furnish the Bank of Ghana with company registration documents, details of shareholders and proposed products. The Bank of Ghana may reject the application if the applicant fails to meet the requirements. Licences and authorisation may be granted if the Bank of Ghana is satisfied that the applicant has met the registration requirements within 90 days. The Payment Systems and Services Act outlines the permissible transactions, which include domestic payments, domestic money transfers and bulk transactions, among others.

Suspensions and penalties

A body corporate that engages in payment system services without a licence or authorisation is liable to a fine of 5,000 penalty units (with one penalty unit being equal to GHS12). A person who engages in payment system services without a licence is also liable to a fine of not more than 4,000 penalty units or to a term of imprisonment of not more than seven years. The Bank of Ghana wields the power to suspend licences if it decides that a licensed or authorised body does not meet the infrastructure requirements, or the affairs of the licensed or authorised body are being conducted in a manner detrimental to the interest of consumers. The Bank of Ghana may also invoke its power of revocation if it decides that a service provider is engaged in risky and unethical practices or a service provider provides false or misleading information in acquiring a licence. The Bank of Ghana may also impose administrative penalties on service providers who are derelict in complying with the conditions contained in the licence or authorisation.

Data Protection Commission

The Data Protection Commission established by the Data Protection Act, 2012 (Act 843) is another regulator of the fintech industry. The primary role of the Commission is to ensure the privacy of personal data by regulating the processing of personal information, particularly obtaining, holding, using or disclosing personal information. The Commission ensures that the processing of the personal data of consumers is done without infringing on the rights of the data subjects or users, including those using various fintech platforms. Processing of personal data must take into account the principles of accountability and lawfulness of processing. Fintech businesses are required to register with the Data Protection Commission before processing the personal data of customers. They are also required to adopt robust security measures to protect the integrity of personal data. Any unauthorised access to personal data should be communicated immediately to the Commission. A data controller that fails to register with the Commission, but processes personal data, is committing an offence and is liable on summary conviction to a fine of not more than 250 penalty units or a term of imprisonment of not more than two years, or both.

Securities and Exchange Commission

The Securities Industries Act, 2016 (Act 929) established the Securities and Exchange Commission (SEC), which regulates service providers trading in securities. Fintechs that wish to provide financial securities solutions are required to apply to the SEC for a licence. The Commission maintains surveillance over the activities to ensure fair, orderly and equitable dealings in the securities. The Commission may exercise its powers of suspension or revocation of licences if it decides that a service provider has not complied with the conditions outlined in its licence.

Cybersecurity Authority

The Cybersecurity Authority was established under the Cybersecurity Act, 2020 (Act 1038) to regulate cybersecurity-related matters and to regulate owners of critical information infrastructure. The Authority regulates cybersecurity activities and promotes the development of cybersecurity in Ghana. The Authority is required to establish a platform of cross-sector engagements on matters of cybersecurity for effective co-ordination and co-operation among key public institutions. The Authority is also required to register owners of critical information infrastructure. It advises the government and other institutions on cybersecurity. The Authority also promotes the security of computers and computer systems in Ghana. The authority performs monitoring oversight over cybersecurity threats both within and outside the country, certifies cybersecurity products and services, provides technical support to law enforcement agencies in prosecuting cyber-offenders, and issues licences for the provision of cybersecurity services. Fintech firms are required to comply with the guidelines and policies issued from time to time by the Authority.

Anti-money Laundering Regulations

The Anti-money Laundering Act, 2020 (Act 1044) requires businesses, including fintechs, to conduct their activities in a manner that prevents the commission of money-laundering, fraudulent transactions and the financing of terrorism.

National Insurance Commission

Fintech businesses operating within the insurance industry are also required to register with the National Insurance Commission (NIC) pursuant to the Insurance Act, 2006 (724). The Payment Systems and Services Act requires payment service providers to engage in insurance models to get a licensed insurance company to underwrite their product.

Electronic Transactions Regulations

The Electronic Transactions Act, 2008 (Act 772) seeks to provide for and facilitate electronic communication and related transactions. It aims to remove and prevent the instatement of barriers to electronic communication and transaction. The Act further seeks to develop a safe, secure and effective environment for the consumer, business and government to conduct and use electronic transactions. To this end, the Act ensures that fintechs operate within an environment that is safe and secure.

Industry players are allowed to charge customers directly.

Industry participants are required to notify the customer of any transactions (including fees and charges) by electronic notification or physical receipt. The notice must state the transaction amount, transaction type, unique transaction reference, date and time of transaction, and fees charged.

A payment service provider who intends to introduce changes to fees and charges is required to inform the customer seven days in advance through electronic short messages.

A payment service provider must also notify customers electronically about charges with the option to cancel a transaction before authorisation.

The regulation of fintech industry players is greatly different to that of legacy players in that fintech industry participants providing financial services are primarily regulated by the Payment Systems and Services Act, among other enactments highlighted above, whereas legacy players such as banks that offer traditional banking services are regulated by the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930).

Bank of Ghana

The Bank of Ghana has established a regulatory and innovation sandbox pilot in collaboration with EMTECH Service LLC. The sandbox will be available to banks, specialised deposit-taking institutions and payment service providers, including dedicated electronic money issuers as well as unregulated entities and persons with innovations that meet the sandbox requirements. Innovations eligible for the sandbox environment will have to satisfy any of the following broad categories:

  • new digital business models not currently covered, explicitly or implicitly, under any regulation;
  • new and immature digital financial service technology; and
  • innovative digital financial services products that have the potential to address a persistent financial inclusion challenge.

The Bank of Ghana will give preference to products and services leveraging blockchain technology, remittance products, crowdfunding products and services, e-KYC (electronic know-your-customer) platforms, regtech (regulatory technology), suptech (supervisory technology) and digital banking, among others.

Securities and Exchange Commission

In 2020, the SEC issued guidelines on the regulatory sandbox. These guidelines provide a framework for the issuance of regulatory sandbox licences in order to conduct a capital market activity or related service for which there are no, or no adequate, provisions under any laws regulating the business or capital market activity. A person shall not be eligible for a regulatory sandbox licence from the Commission unless the applicant has fully complied with the applicable laws of incorporation. An applicant must comply with the fit and proper criteria of the Commission. An applicant seeking a regulatory sandbox licence must submit an application using the common form with the required attachments to the Director-General of the Commission for consideration. Licencees of the Commission, or other firms that wish to provide capital market services or fintech firms operating within the capital market space and professional services firms partnering with or providing support to such businesses can apply to enter a regulatory sandbox to test innovative capital market products and services in the production environment but within a well-defined space and duration.

Bank of Ghana

The fintech industry is regulated by more than one institution. The Bank of Ghana is the main supervisory and regulatory authority in all matters relating to payment, clearing and settlement systems. The Bank of Ghana is mandated to issue licences and authorisation to non-banking and banking institutions, respectively, that intend to engage in payment services. Applicants are required to furnish the Bank of Ghana with documents covering the registration of their companies, details of shareholders and proposed products. The Bank of Ghana may reject an application if the applicant fails to meet the requirements. Licences and authorisation may be granted if the Bank of Ghana is satisfied that the applicant has met the registration requirements within 90 days. The Payment Systems and Services Act clearly outlines the permissible transactions, which include domestic payments, domestic money transfers and bulk transactions, among others. The Bank of Ghana’s role is therefore limited to the issuance of licences for entities partaking in payment services.

Data Protection Commission

Fintech entities deal with the personal data of their users in terms of the collection, processing and storage of data. The Data Protection Commission established under the Data Protection Act is responsible for protecting the privacy of the individual and their personal data by regulating the processing of personal information, and to provide processes to obtain, hold, use or disclose personal information. The role of the DPC begins once fintech customers share or provide personal data by using the platforms, and this duty ends when there has been adherence to the data protection principles in the collection, processing and retention of data.

Securities and Exchange Commission

Where a fintech company provides a digital tool for trading in securities, the SEC is the main body to govern that venture. The SEC regulates and promotes the growth and development of efficient, fair and transparent security marketing, by which investors and the integrity of the market are protected. The Commission formulates principles for the guidance of the industry, to monitor the solvency of licence holders and take measures to protect the interests of customers.

Cybersecurity Authority

The Cybersecurity Authority was established under the Cybersecurity Act, 2020 to regulate cybersecurity activities in the country and regulate the owners of the critical information infrastructure. Thus, a fintech entity that owns or operates a critical information structure, would be required to register with the Authority. The Authority also promotes the security of computers and computer systems in Ghana. Fintech firms are required to comply with the guidelines and policies issued by the Authority.

Financial Intelligence Centre

The Financial Intelligence Centre, established by the Anti-money Laundering Act, ensures that fintech companies do not engage in money-laundering, terrorism-financing and economic crimes, and assists in the identification of the proceeds of unlawful activity. Fintech firms may register with the Centre and also establish a formidable anti-money laundering and anti-terrorism financing policy. The FIC’s role therefore begins with monitoring the activities of fintechs to ensure that they are compliant with the anti-money laundering laws, and ends when there has been strict adherence.

National Insurance Commission

The National Insurance Commission regulates the activities of fintech firms that provide digital insurance policies and it ensures the effective administration, supervision, regulation, monitoring, and control of the business of insurance to protect insurance policy holders and the insurance industry other than health insurance. The Payment Systems and Services Act requires fintechs that engage in insurance models to ensure their product is underwritten by a licensed insurance provider. The National Insurance Commission must ensure that the product is licensed and that it is in compliance with the insurance laws.

Bank of Ghana

Regulated functions can be outsourced. The Bank of Ghana requires service providers that desire to outsource technology platforms, internal audit and risk management functions, and operational functions to inform the Bank of Ghana in writing. The authorised or licensed entity cannot outsource any of the operational functions if this is likely to impair the internal control of the licensed entity, as well as the Bank of Ghana’s ability to monitor compliance.

The Payment Systems and Services Act requires licensed and authorised entities to enter into service level agreements in all outsourcing arrangements, and submit a copy to the Bank of Ghana within ten days after execution.

The contractual terms must not result in delegation by senior management of its accountability. In addition, the relationship between the licensed entity and its clients must not be altered by the arrangements. The contractual arrangement should not undermine the licence requirements and must not suspend or revoke conditions under the licence.

Industry players are required by the Bank of Ghana to outsource to a regulated entity.

Securities and Exchange Commission

The SEC, in accordance with the Securities and Exchange Act, may accord recognition to a company or an organisation as a self-regulatory organisation in relation to a specified segment of the securities industry.

The Commission may accord recognition where the organisation or company has a constitution that is consistent with the Act, and has the capacity as well as the financial and administrative resources to carry out the function of self-regulator.

The Commission by written arrangement may delegate a power or function to a self-regulatory organisation. The arrangement must provide the terms and conditions of power or the function delegated to the self-regulatory organisation by the Commission.

The Payment Systems and Services Act, 2019 requires fintechs to institute an in-built control mechanism for complete audit trail. They are required to have a complete record of accounts opened, tracking and monitoring transactions on their platforms, their internal policy, procedures and accountability structures pertaining to anti-money laundering and financial crimes.

Service providers are further required to have appropriate and tested technology equipped with fraud monitoring and detection tools. An iron-cast cybersecurity policy must complement these efforts.

Service providers must ensure that transactions against a subscriber are authorised by the account holder and further confirm that the subscriber is duly notified of the transaction.

They are to ensure sound and prudent management, administrative and accounting procedures and adequate internal control systems.

Appropriate security policies to safeguard the integrity, authenticity and confidentiality of data and the processing system must be in operation.

Adequate business continuity capabilities, appropriate disaster recovery planning and effective audit functions to provide periodic reviews of the security control environment and critical systems must be made available.

In addition, a service provider must ensure that the system maintains a complete audit log of all user activities for at least six years.

Industry players are required by law to take the necessary steps to secure the integrity of personal data in the possession or control of a person through the adoption of appropriate, reasonable, technical and organisational measures to prevent loss of, damage to, or unauthorised destruction and unlawful access to, or unauthorised processing of, personal data.

Bank of Ghana

The Bank of Ghana may suspend the licence or authorisation of an industry player on the grounds that the service provider has failed to meet the infrastructure requirements of the Bank of Ghana and that the affairs of the service provider are being conducted in a manner detrimental to the interest of the payment systems.

The Bank of Ghana may also revoke a licence or authorisation where the service provider:

  • fails to provide information requested by the Bank of Ghana, or refuses to permit inspections to be conducted;
  • has provided false or misleading information for the purposes of applying for a licence or authorisation;
  • engages in risky practices that threaten the payment systems and are detrimental to users and other providers;
  • is declared insolvent by a competent court of jurisdiction;
  • ceases to operate the business for more than six months; and
  • fails to provide services within six months of being issued with authorisation or a licence.

A financial institution that operates a payment system without authorisation from the Bank of Ghana is liable to a fine of not less than 4,000 penalty units. An individual who operates a payment system without licence is liable to a fine of not less than 1,500 penalty units and not more than 3,000 penalty units or a term of imprisonment of not less than four years and not more than seven years, or both.

The Bank of Ghana may also impose penalties on service providers that fail to comply with the terms and conditions of their licence or authorisation.

Data Protection Commission

The Data Protection Commission may issue an enforcement notice directed at data controllers who have contravened any data protection principles to refrain from processing any personal data or personal data of the description specified in the notice. A data controller who is not licensed cannot process personal data.

Cybersecurity Authority

The Cybersecurity Authority is duty bound to provide standards for cybersecurity education, hardware and software engineering, research and development, and practitioners in relevant industries. It may suspend the licence of an entity operating cybersecurity services if the licensee fails to renew its licence one month after expiration, or when a licensee fails to comply with the conditions contained in the licence. The Authority may revoke the licence of an entity registered to operate cybersecurity where the licence was obtained by fraud or the licensee ceases to carry out its authorised business.

The Authority is mandated to impose administrative penalties on anyone operating cybersecurity services without a licence or anyone found in breach of cybersecurity principles.

Data Protection Act

Industry participants may be required to register with the Data Protection Commission and comply with the provisions of the Data Protection Act. The Act requires that a person who processes data should take into account the privacy of the individual. Data to be processed must be directly obtained from the data subject. A data controller who collects personal data must do so for a specific purpose which is explicitly defined and lawful, and related to the activities of the individual. A data controller is also enjoined to make a data subject aware of the purpose for which the data has been collected. Industry players are expected to take the necessary steps to secure the integrity of personal data in the possession or control of a person through the adoption of appropriate, reasonable, technical and organisational measures to prevent loss of, damage to, or unauthorised destruction, and unlawful access to, or unauthorised processing of, personal data.

Industry players may not provide, use, obtain or procure information relating to a data subject for the purposes of direct marketing, without the prior written consent of the data subject.

Cybersecurity Act

The Cybersecurity Act also establishes a Sectorial Computer Emergency Response Team to collect and collate data on cyber incidents, as well as co-ordinating responses to cybersecurity incidents within the sectors. These include, the public sector, banking and finance sector, security sector, telecommunications sector, and the utility and energy sector.

Industry players are required to have a cybersecurity policy for licencing and authorisation. Service providers are duty bound to have appropriate and tested technology equipped with fraud monitoring and detection tools.

Industry players are also expected to comply with this critical legal framework, to enhance fintech services.

Fintechs are required to ensure their books and accounts are audited, with a copy filed at the Bank of Ghana at the end of each financial year.

Service providers are to furnish the Bank of Ghana with details of their external auditors.

In the case of banks or SDIs engaged in fintech, they are required to constitute a subcommittee of directors to exercise oversight and manage operations.

The Data Protection Commission requires data controllers to obtain a licence from the Commission before processing personal data. The Data Protection Act imposes duty on data processors to protect the integrity and privacy of data subjects.

Industry players belonging to various professional bodies may find that they also monitor and review the activities of members.

The Electronic Transactions Act also establishes an industry forum for entities engaged in electronic transactions. The Forum serves as a platform to bring together industry players from time to time to discuss matters of common interest that relate to their industry.

Industry players that engage in telecommunications also have their activities reviewed by the Chamber of Telecommunications, an advocacy institution made up of firms operating telecommunications services to assist in directing telecommunications policies and research. It promotes the interests of members through stakeholder engagements.

Industry participants can only offer regulated products.

Bank of Ghana

The Bank of Ghana requires industry players to apply for a licence or authorisation before engaging in business. The Payment Systems and Services Act clearly outlines various products and services industry players are permitted to explore. Any form of technological enhancement of products and services requires prior consent and approval from the Bank of Ghana. Industry players that engage in products and services that are not sanctioned by the regulator are liable for sanctions. The regulator may suspend or revoke the licence or authorisation of a defaulting industry participant. The regulator is permitted to impose penalties or issue directives to the defaulting entity to cease offering unapproved services. The regulator may, through various publications, warn the public against engaging in products that have not been approved.

Securities and Exchange Commission

The Securities Industry Act established the SEC to ensure that industry participants operating in securities trading are licensed and offer regulated products.

Data Protection Commission

The Data Protection Commission, set up under the Data Protection Act, also regulates the collection, processing and retention of data obtained from data subjects. It registers and licenses data controllers and issues enforcement notices to persons processing personal information unlawfully, to desist from same.

Financial Intelligence Centre

The Financial Intelligence Centre, a body set up by the Anti-money Laundering Act, also ensures industry participants do not undertake activities relating to money-laundering, tax evasion and the financing of terrorism.       

Different asset classes do not require different models. They exhibit similar characteristics and traits and are subject to the same laws and regulations.

The introduction of robo-advisers has revolutionised the investment industry with information available on demand.

Legacy players undertake transactions via a digital device or a fintech platform at approved flat rates.

Legacy players have incorporated robo-adviser solutions as part of their mainstream services, for efficiency and convenience.

Best execution of customer trades is based on order-matching rules in accordance with price priority and secondary precedence rules (display precedence and time precedence).

There are no significant differences in the business or regulation of loans to individuals and small businesses.

Individuals, a company, a partnership, an association and any other group of persons acting in concert, whether incorporated or not, are permitted to enter into a credit agreement.

The Payment Systems and Services Act, 2019 stipulates that fintech firms that operate credit products must ensure that such products are underwritten by a licensed bank or SDI.

Financial institutions offering online lending are also enjoined to engage the services of insurers or insurance companies to underwrite loans. These processes are dictated by the policies of the individual banks.

Loans are largely financed through deposits, as well as lender-raised capital from the banks.

Financial institutions may raise funds through the stock exchange and apply the proceeds in online lending.

Peer-to-peer lending is another mode of raising funds through crowdfunding platforms, which the Bank of Ghana recently made operational by the issuance of a policy guideline.

Syndication of loans is largely achieved through crowdfunding. This involves the collection of funds, usually small amounts from different individuals, to support projects or causes through digital platforms. There are four major categories of crowdfunding, namely, donations, rewards, equity and debt crowdfunding.

The Bank of Ghana has issued a policy guideline for crowdfunding and requires entities seeking to engage in donation and reward crowdfunding models to apply to the Bank of Ghana for a licence. Service providers are to comply with data protection and anti-money laundering laws.

Payment processors can either use existing payment rails or create new ones.

The Bank of Ghana regulates cross-border payments and remittances.

In February 2021, the Bank issued guidelines on inward remittances. The guidelines require fintech firms that wish to partner with Money Transfer Operators (MTOs) to engage in inward remittance services, to apply to the Head of Fintech and Innovation Office of the Bank.

The fintech firm must ensure that the MTO is a registered entity and licensed by a competent authority in its country of registration to carry out international money transfer services.

There must also be strict adherence to data protection in compliance with the Data Protection Act. Sharing of personal data must be in accordance with the principles of accountability and lawfulness of processing, and must not infringe on the privacy rights of data subjects.

The Financial Intelligence Centre also monitors incidents of money-laundering in cross-border payments. The Centre ensures that industry players have adequate internal policies and procedures to prevent money-laundering, financing of terrorism, and tax evasion.

Fund administrators are regulated under the Securities Industry Act, 2016 (Act 929). They are not regulated based on their activities.

The contractual terms are based on regulations.

The main trading platforms are the Ghana Stock Exchange (GSE) and the Ghana Commodity Exchange (GCX).

The Ghana Stock Exchange

The GSE was established to facilitate the mobilisation of long-term capital by corporate bodies through the issuance of securities and to provide a platform for trading issued securities. The mission of the GSE is to provide an efficient securities market for national economic development through access to capital and investment. The goal of the GSE is to become an internationally recognised securities market. A company is regarded as listed on the GSE when its securities are approved to be bought and sold on the stock exchange. Shares that have been newly issued cannot trade in the Over-the-Counter (OTC) Market before being listed on the GSE. The GSE operates a parallel market known as the Ghana Alternative Market (GAX). Its focus is on businesses with the potential for growth. The GAX accommodates companies at all levels of development, including start-up as well as small and medium-scale companies. The Ghana Fixed Income Market (GFIM) also facilitates the secondary trading of all fixed income securities and other securities to be determined from time to time. The market was established by key stakeholders in the financial market led by the Bank of Ghana, GSE, Central Securities Depository Ghana Ltd (CSD), Ghana Association of Bankers, Ministry of Finance, Financial Market Association (ACI Ghana) and Licensed Dealing Members (LDMs) of the GSE. The GFIM is based on the existing licence that the GSE has to operate a market for securities. The main regulator for the market is the SEC.

The Ghana Commodity Exchange

The GCX is a private company limited by shares, structured as a public private partnership, with the government of Ghana currently the sole shareholder. The aim of the exchange is to establish links between agricultural and commodity producers and buyers, to secure competitive prices for their products, assuring the market quantity and quality as well as timely settlement of their trade. GCX business operations consist of a trading platform powered by a provider trading system and a warehouse storage operation linked to the exchange through an electronic warehouse receipt system (e-WRS), backed by collateral management services.

All asset classes are subject to the same regulatory regime, ie, the Securities Industry Act, 2016 (Act 929) and the SEC Regulations 2003 (LI 1728).

The emergence of cryptocurrency has not altered or impacted regulations, as the innovation is not recognised in Ghana. There is no specific regulation on cryptocurrency in Ghana's jurisdiction. However, regulations in the Payment Systems and Services Act, the Cybersecurity Act and the Electronic Transaction Act currently regulate the fintech industry.

A company applying for listing on the Main Board of the GSE of any class of its shares is, as a general rule, expected to meet the following requirements:

  • minimum stated capital – it must have a stated capital after the public floatation of at least GHS1 million in the case of an application relating to the First Official List, and GHS250,000 for the GAX;
  • minimum public float – shares issued to the public must not be less than 25% of the number of issued shares of the company;
  • payment of shares – shares must be fully paid for as, except in very exceptional circumstances, the exchange will refuse a listing in respect of partly paid shares; and
  • spread of shares – the spread of shareholders at the close of an offer should be adequate in the GSE’s opinion, with at least 100 shareholders after the public offer for the Main Board and 20 for the GAX.

A company or institution seeking the admission of debt securities to the GSE may be considered for such admission if the security concerned has a total issue amount of not less than GHS1 million face value, or there are at least 50 holders of such securities.

In the case of government securities, there is no prescribed minimum in respect of either amount of issue or number of holders to permit admission to the GSE’s list.

Debt securities for which listing is sought are created and issued pursuant to a trust deed duly approved by the SEC.

The SEC currently applies price priority and precedence rules.

Peer-to-peer trading platforms are currently not allowed. However, the Bank of Ghana has issued a policy guideline on crowdfunding which permits peer-to-peer lending, and interested persons are required to apply for a licence.

The regulatory challenges include unlawful activities in peer-to-peer trading, although the same is unregulated under Ghanaian laws.

The interest of the customer must be paramount and negotiations must be flexible to allow customers to secure better pricing. Industry players must uphold timely execution of contracts and the attainment of best results.

The payment order flow for equities is T+3, ie, the settlement date for equities is three business days after the transaction date. It is T+2 for bonds, in other words, the settlement date for bonds is two business days after the transaction date.

The Securities Industry Act outlines the following market integrity principles.

  • A person who is connected to a body corporate six months prior shall not deal in securities of that body corporate because of access to vital information.
  • Industry participants are prohibited from employing a device or a scheme intended to defraud or deceive an entity.
  • Industry participants are prohibited from engaging in false or misleading trading. Fictitious transactions meant to inflate the market are proscribed.
  • Market players are prohibited from engaging directly or indirectly in any act that is likely to lower the market price with the intent of inducing others to purchase securities.
  • Dissemination of false and misleading statements seeking to destabilise the market is forbidden.

There is no specific regulation in Ghana dealing with algorithmic trading. However, the Electronic Transaction Act, the Cybersecurity Act and the Payment Systems and Services Act regulate the digital and financial technology industry in Ghana.

Ghana does not recognise algorithmic trading and has no guidelines on requirements for registering as market makers when functioning in a principal capacity. However, the Securities Industry Act requires that any person who wants to be a market maker in securities trading must apply for a licence from the Commission and abide by the guidelines issued by the Commission.

The Securities Industry Act outlines the regulatory framework for mutual funds (funds) and market operators (dealers).

Mutual Funds

A person or entity that seeks to establish and operate a mutual fund, or seeks to issue an invitation to the public to acquire shares in a mutual fund, or poses as carrying on the business of dealing in mutual funds, must obtain a licence from the SEC. The directors operating the mutual fund must appoint an independent body to act as manager and also appoint an independent body to act as custodian but this custodian must be a bank, an insurance company or any other financial institution. The directors of the fund are mandated to give directions which accord with the Act to the manager and also to determine the investment and general policies of the company. Failure to acquire a licence before operating a mutual fund attracts an administrative penalty of 4,500 penalty units.

Market Operators

By contrast, a person who seeks to be a market operator or dealer in various securities in Ghana must obtain a licence from the SEC. However, representatives of licensed dealers or market operators who act on behalf of the latter but do not personally deal with clients, do not require a licence to deal in securities. Furthermore, licences can only be issued to body corporates, except in cases where the dealer is an investment adviser.

.

Programmers in this sector are not currently regulated in Ghana. However, programmers who manage electronic systems, programs and applications are regulated under the Electronic Transactions Act.

Financial research platforms and their participants are required to register for a licence with the SEC before the commencement of their research activities. There must be strict adherence to the requirements of the Payment Systems and Services Act, the Data Protection Act and the Electronic Transactions Act.

The regulators issue newsletters and information updates in a timely manner on their digital platforms. This helps to prevent the spread of rumours and other unverified information, to forestall any reliance on such information.

There must be a verification pool where information posted is scrutinised before being uploaded for public consumption. This is crucial in preventing the circulation of false or unverified information, to forestall any reliance on such information.

The Payment Systems and Services Act requires fintechs that offer insurance products to ensure their products are underwritten by a licensed insurer. The National Insurance Commission regulates the insurance industry. The Commission requires the licensed insurer to submit a contract entered into with the fintech firm in respect of the insurance product for approval. The Commission will ascertain the viability of the product, as well as the applicable charges, before granting approval. The Commission will also verify how easily customers can access claims from the insurance product.

Different types of insurance are treated differently by industry participants and regulators. The National Insurance Commission may license an entity to operate a life insurance business or non-life insurance business. A company licensed to operate a life insurance business shall not subsequently be licensed to operate a non-life insurance business and vice versa. An insurer licensed to operate non-life insurance business can engage in property insurance, motor insurance, accident insurance, travel insurance, liability policies, engineering policies and marine policies. The Commission also requires companies licensed to operate life insurance business to engage in products like pension and annuities products, funeral policies, endowment policies and whole life policies. Industry participants treat each product differently and each product differs in terms of its application requirements, the premiums to be paid and the amount to be claimed.

The Bank of Ghana has not specifically institutionalised and provided any legal framework for regtech providers in Ghana. However, the Bank did intimate in its Sandbox Pilot Guideline that it would give preference to products and services leveraging regtech solutions within Ghana’s financial sector.

The contractual terms must clearly define the rights and responsibilities of both parties. The financial service firm must impose adequate and measurable terms in the service level agreements. The contract terms must reflect the independence of the parties.

Financial services firms must adopt the most appropriate pricing method for the financial institution's needs.

The Payment Systems and Services Act regulates the contractual relationships between financial services firms and technology providers.

The contractual terms must not result in delegation by senior management of its accountability. The contractual arrangement should not undermine the licence requirements and must not suspend or revoke conditions under the licence.

The contractual arrangements are dictated by both regulations and industry custom and must be signed by the parties, with a copy submitted to the Bank of Ghana within ten days after execution.

Traditional players in the financial services industry can only implement blockchain technology as part of their services when licensed or authorised to do so by the Bank of Ghana. Currently, blockchain technology is not regulated by the Bank of Ghana because it is still in the exploratory stage, in spite of traditional players’ desire to include this innovative technology in service delivery.

Ghana’s regulator, the Bank of Ghana, does not recognise or classify blockchain solutions as part of the financial services regulated in Ghana, largely due to its inherent risk. In a circular, the Bank alluded to the potential of blockchain to improve efficiency of service when prudently managed and encouraged traditional players to explore its potential pending the maturity and licensing of the technology in Ghana. The Bank is confident that services delivered on blockchain technology will be a good candidate for the sandbox environment.

Blockchain assets are not regulated financial instruments in Ghana because they do not fall under the regulatory purview of the Bank of Ghana. This is attributable to the inherent risks associated with the services and the absence of a regulatory framework to govern the use of such assets.

There is currently no regulation of issuers of blockchain assets or of initial sales of blockchain assets. A person who trades in these assets is therefore operating unlawfully. 

The SEC, which regulates trading activities and platforms in Ghana, does not recognise blockchain assets and no legal framework governing blockchain assets has therefore been instituted. Individuals who trade in these assets therefore operate unlawfully and at their own risk.

Funds that invest in blockchain assets are not regulated in Ghana because both the Bank of Ghana and the SEC do not recognise or have any regulatory regime in place with regard to blockchain assets.

Virtual currencies have not been defined by the Bank of Ghana because they are not recognised in this jurisdiction.

"DeFi" (decentralised finance) is not currently recognised or regulated by the Bank of Ghana. This is largely attributable to the high level of risk and lack of accountability associated with the use of this technology.

Financial institutions are allowed to operate open banking and there are a number of laws regulating open banking in Ghana. An example is the activity of electronic money issuers and payment service providers.

Under the Payment Systems and Services Act, a payment service provider must ensure appropriate security policies and measures intended to safeguard the integrity, authenticity and confidentiality of data and operating processes that are shared with third parties. The Act encourages payment service providers to have a system capable of inter-operating with other payment systems. At the same time, however, the Act enjoins payment service providers to desist from engaging in any act which would result in systemic risk or affect the integrity, effectiveness or security of the respective payment system.

Financial institutions must comply with the Data Protection Act and the Cybersecurity Act as well.

The Data Protection Act provides that a person who process personal data must avoid infringing on the personal rights and the privacy rights of data subjects and also process the data in a lawful and reasonable manner.

The Cybersecurity Act, 2020 also requires owners of critical information infrastructure to report any incident of cybersecurity to the relevant sectorial computer emergency response team or National Computer Emergency Response Team within 24 hours.

Open banking may offer benefits to consumers in the form of convenient access to financial data and services but it also potentially poses a risk to financial privacy and the security of data.

Financial institutions require prior consent from customers before sharing personal data and must avoid sending unsolicited messages to customers.

Banks must ensure that third parties use shared personal data in a lawful, reasonable and legitimate manner.

Addison Bright Sloane

No 22B Akosombo Street
Ambassadorial Enclave
Airport Residential Area
Accra

+233 303 971 501

info@addisonbrightsloane.com www.addisonbrightsloane.com
Author Business Card

Trends and Developments


Authors



Addison Bright Sloane is a full-service premier law firm based in Accra with comprehensive industry knowledge across various practice areas, such as litigation, arbitration, corporate and commercial practice, energy, real property, data protection, intellectual property, insurance and technology. The firm has a dedicated four-member technology team led by the managing partner and has worked extensively in the areas of intellectual property, data protection, cyberspace, fintech law and regulation, and has advised a number of multinational companies on Ghana’s legislation as well as embarked on a number of technology projects. Addison Bright Sloane’s recent work within the digital innovation industry was its role in advising an international online music streaming service provider on its entry into the Ghanaian market. The firm also collaborates with global law firms and organisations to advise high-profile clients in all aspects of the law.

The Development of Fintech in Ghana

Ghana’s financial technology industry has experienced a significant level of growth over the past years in response to emerging trends in the financial or banking sector, as well as the services industry. Fintech companies are a gateway to unbridled access to digital financial services and investments, and digital technology is fuelling access to financial services for a considerable majority of Ghana’s population. Ghana’s fintech space has advanced from a primarily trading platform into a sophisticated financial tool. The rising trend in Ghana is the conduct of banking business through digital technology for universal access and timely services.

The fintech market has fostered financial inclusion and has positively supported Ghana’s quest to migrate towards a cashless and digital economy. Fintech is a catalyst for economic growth too, as transactions via fintech platforms are easier to tax.   

A study by the World Bank reveals that a surge in the patronage of financial technology or digital commerce was pivotal in realising the World Bank’s goal of universal financial access for the year 2020. Indeed, Africa has nearly 700 million digital financial services users. 

The strategy for sustaining the use of fintech is to encourage the adoption of emerging technology and innovation, such as the use of Application Programming Interfaces (APIs). The fintech market in Ghana is predominant in banking, retail and commerce, investment gateways, and music and movie streaming platforms, among others.

Collaboration between Fintech Start-ups and Financial Institutions

A significant trend in Ghana is the collaboration between fintech start-ups and financial institutions in the provision of banking services. They have collaborated to offer agency banking services through the use of USSD codes and banking applications, which makes financial services accessible to all through internet connectivity on mobile or digital devices. For example, GCB Bank has been granted authorisation by the Bank of Ghana to issue electronic money via a USSD channel, the GCB banking app, as well as a QR code, and this has optimised banking services in a magnificent way.

Independent Fintechs Boost Competition

Other fintech companies offer financial services independently and are boosting competition in the industry for optimal services.

MTN Ghana blazes a trail

There have been landmark developments in Ghana’s fintech industry relative to the services market. Telecommunications trailblazer MTN Ghana has entered into a partnership with MasterCard aimed at accelerating the growth of the fintech market in Ghana. The service will allow for seamless, safe and secure global e-commerce via a MasterCard digital payment solution enabled by the MTN mobile money service. It is expected that this service will make financial services accessible to about 300 million customers. MTN customers who have access to the MasterCard virtual payment solution, connected to the MTN mobile money wallet, can effect online payments to merchants across the globe via a digital payment platform. 

MTN Ghana has again collaborated with Western Union to allow MTN customers registered on the mobile money service to receive Western Union transfers into their mobile money wallets. This collaboration is aimed at meeting customers’ varying preferences by offering multiple pay-out channels either into the MTN mobile money wallet or at a Western Union agency. This service innovation allows customers to receive international money transfers directly into their digital wallet account.

AirtelTigo collaborations

Another telecommunications giant, AirtelTigo has collaborated with Western Union to channel international money transfers and remittances directly into the accounts of AirtelTigo cash digital platform holders.

The telecoms company has also entered into another partnership with a corporate trustee, People’s Pension Trust, to provide a digital personal pension facility known as “RetireRite”, which is a tier-three mobile retirement pension and savings product. Customers subscribe to the service with a minimum contribution of GHS1 and, upon retirement, will access their claim via the AirtelTigo digital money payment platform. This innovative digital solution focuses on financial inclusion and making pension schemes accessible to all, particularly those in the informal sector who are ineligible for the national or government pension scheme.

Partnership between Premium Textiles Ghana Limited and KudiGo

A significant development in Ghana’s fintech growth is the partnership between the manufacturers of Ghana’s primary textile brand, GTP, and KudiGo, a fintech start-up company, to market and exhibit bespoke made-in-Ghana textile prints on the global market. In aligning with current digital trends, the two companies have created an e-commerce digital platform to make an online inventory available to purchase, both locally and internationally. The service allows customers to access an online fashion show to enable them to make informed choices on their purchases.

FIDO provides online loans

FIDO is a fintech start-up licensed by the Bank of Ghana to provide online loans to customers. The service is accessible through a mobile application and the eligibility requirements are simply a valid ID and a digital mobile money platform through which the loan can be accessed. This makes access to loans seamless and stress-free.

Regulation of the Fintech Industry

Financial technology has become ubiquitous and therefore it is essential to have a protective and compact legal framework to forestall the challenges associated with it. The major drawback that plagues the fintech industry is cyber and other fraudulent activities. It is therefore important for operators to revise their fraud detection protocols in order to encourage patronage of this emerging market. 

Electronic Transactions Act

There has been an evolution in the regulation of Ghana’s fintech industry. In 2009, when MTN Ghana launched its digital payment platform known as MTN mobile money, the only enactment which had some connection with the industry was the Electronic Transactions Act, 2008. The Act had been brought in to regulate electronic transactions and records of any type. It embodies provisions on safeguarding electronic transactions, consumer protection while conducting electronic transactions, and protection of critical databases, and it outlines a number of activities proscribed under the Act.

Data Protection Act

In 2012, the Data Protection Act was enacted to offer protection to data subjects whose data would be collected, processed and retained in the use of digital tools or the conduct of electronic transactions. The main object of the Act is to protect the privacy of the individual and their personal data by regulating the processing of personal information. The Act outlines the data protection principles that data processors should comply with, such as seeking the consent of a data subject before processing their data, using the data collected for the purpose specified, and not retaining data beyond the permitted statutory duration, among others.

Payment Systems and Services Act

Ghana enacted the Payment Systems and Services Act in 2019 to regulate the issuance of electronic money, payment instruments, payment service providers and electronic money issuers. The law regulates fintech companies that undertake payment services and outlines laws on licensing, capital requirements, compliance requirements, consumer protection, and the responsibilities of electronic money issuers as well as payment service providers.

Cybersecurity Act

In December 2020, Ghana’s first Cybersecurity Act was assented to by the president. The Act was brought in to regulate cybersecurity in Ghana and to regulate owners of the critical information infrastructure in the country, in respect of cybersecurity activities, service providers and practitioners. The Act also establishes Ghana’s first Cybersecurity Authority, whose functions include promoting the security of computers and computer systems, monitoring cybersecurity threats within and outside Ghana, establishing the standards for certifying cyber products and services, and providing technical support for law enforcement and security agencies to prosecute cyber offences, among others. 

Revision of Anti-Money Laundering Law

In December 2020, Ghana also revised its Anti-Money Laundering Law to consolidate all laws on the subject and to establish the Financial Intelligence Centre. The Act outlines provisions on how to identify the proceeds of unlawful activity and to combat money-laundering, terrorism-financing, financing of a proliferation of mass weapons of destruction, and tax evasion. Fintech businesses are required to be anti-money laundering compliant. 

Bank of Ghana as key regulator

The key regulator of the fintech industry is the Bank of Ghana. Under the Payment Systems and Services Act, the bank is responsible for regulating the activities of banks providing payment services in the country. The Bank of Ghana recently established the FinTech and Innovation Office with specific responsibility for electronic money issuers (mobile money operators), payment service providers, closed loop payment products, payment support solutions and other innovative forms of payment delivered by non-bank entities. There are other regulators, such as the Data Protection Commission, which is responsible for ensuring that the data of fintech consumers is collected, processed and retained in a manner that accords with Ghana’s data protection principles. The Securities and Exchange Commission (SEC) regulates fintech firms that trade in securities in the country. The National Insurance Commission regulates the activities of insurance companies offering digital insurance products and services via fintech apps. The Cybersecurity Authority was recently set up to protect Ghana’s cyberspace and critical databases.

It is apparent that Ghana currently has a robust regulatory regime in which the fintech industry can thrive, in order to accelerate the growth of the industry as well as the country’s economy.

Conclusion

Ghana’s fintech landscape is evolving. Fintech businesses are involved in insurance, agriculture, banking, pensions and investment services. There is a need to improve on the existing legislation on the subject to deal with emerging technologies like artificial intelligence and blockchain technologies. Mobile money interoperability, which allows mobile money transactions to take place between the different telecoms companies, is a laudable development for the fintech industry in Ghana.

Addison Bright Sloane

No 22B Akosombo Street
Ambassadorial Enclave
Airport Residential Area
Accra

+233 303 971 501

info@addisonbrightsloane.com www.addisonbrightsloane.com
Author Business Card

Law and Practice

Authors



Addison Bright Sloane is a full-service premier law firm based in Accra with comprehensive industry knowledge across various practice areas, such as litigation, arbitration, corporate and commercial practice, energy, real property, data protection, intellectual property, insurance and technology. The firm has a dedicated four-member technology team led by the managing partner and has worked extensively in the areas of intellectual property, data protection, cyberspace, fintech law and regulation, and has advised a number of multinational companies on Ghana’s legislation as well as embarked on a number of technology projects. Addison Bright Sloane’s recent work within the digital innovation industry was its role in advising an international online music streaming service provider on its entry into the Ghanaian market. The firm also collaborates with global law firms and organisations to advise high-profile clients in all aspects of the law.

Trends and Development

Authors



Addison Bright Sloane is a full-service premier law firm based in Accra with comprehensive industry knowledge across various practice areas, such as litigation, arbitration, corporate and commercial practice, energy, real property, data protection, intellectual property, insurance and technology. The firm has a dedicated four-member technology team led by the managing partner and has worked extensively in the areas of intellectual property, data protection, cyberspace, fintech law and regulation, and has advised a number of multinational companies on Ghana’s legislation as well as embarked on a number of technology projects. Addison Bright Sloane’s recent work within the digital innovation industry was its role in advising an international online music streaming service provider on its entry into the Ghanaian market. The firm also collaborates with global law firms and organisations to advise high-profile clients in all aspects of the law.

Compare law and practice by selecting locations and topic(s)

{{searchBoxHeader}}

Select Topic(s)

loading ...
{{topic.title}}

Please select at least one chapter and one topic to use the compare functionality.