Legal and regulatory frameworkLegal role
What legal role does corporate risk and compliance management play in your jurisdiction?
Corporate risk and compliance management are routine elements to which attention must be paid in corporate governance in Nigeria. However, it is not presently recognised as a distinct field of law in Nigeria. Prior to the 2007 banking crisis, the amount of attention paid to corporate risk management was significantly less than that placed on compliance. An example of the emphasis placed on compliance is the provision in section 295 of the Companies and Allied Matters Act (CAMA) Cap C20, Laws of the Federation of Nigeria 2004, which is an amendment to the CAMA enacted in 1990. The 2004 amendment requires publicly traded companies to appoint a company secretary with specialised knowledge (eg, a legal practitioner, chartered accountant or chartered secretary). The company secretary is responsible for ensuring compliance with legislation and regulations. However, the 2007 crisis in the banking sector led to financial sector reforms, which put risk and compliance on the legislative front lines. An example of this was the enactment of the Investment and Securities Act 2007. This legislation required all organisations involved in the Nigerian capital market to appoint a compliance officer.
In most major corporate bodies in Nigeria, other than those involved in the capital market, corporate risk and compliance tend to be the responsibility of general counsel or in-house legal departments and it would appear that only the largest corporate bodies have a specific compliance department. This is notwithstanding provisions in the Investment and Securities Act that require registered organisations to appoint a compliance officer.Laws and regulations
Which laws and regulations specifically address corporate risk and compliance management?
As indicated above, corporate risk and compliance management is yet to be viewed as a distinct practice area in Nigeria. There are, however, a number of laws and regulations to which attention needs to be paid when considering these matters. The laws and regulations that address corporate risk and compliance, which tend to be in respect of specific commercial activities, include the following:
- The Companies and Allied Matters Act 2004;
- the Investment and Securities Act 2007;
- the Anti-Money Laundering Act 2011;
- the Banking and Other Financial Institutions Act 2004;
- the Financial Reporting Council of Nigeria Act 2011;
- the International Financial Reporting Standards;
- the Central Bank of Nigeria (Establishment) Act 2007; and
- the National Deposit Insurance Corporation Act 2006.
- The Codes of Corporate Governance for Banks in Nigeria and Discount Houses, issued by the Central Bank of Nigeria (CBN);
- the Guidelines for Risk Management Framework for Licensed Pension Operators, issued by the National Pension Commission;
- the Code of Good Corporate Governance for the Insurance Industry in Nigeria, issued by the National Insurance Commission;
- the Nigerian Stock Exchange Listing Requirements;
- the Securities and Exchange Commission (SEC) Rules and Regulations;
- the SEC Code of Corporate Governance;
- the SEC Code of Conduct for Shareholders’ Associations;
- the Nigerian Communications Commission Code of Corporate Governance for telecommunication companies; and
- Credit Bureau Regulations issued by the CBN.
Give details of the main standards and guidelines regarding risk and compliance management processes.
As discussed above, there is no uniform set of risk and compliance standards applicable to all Nigerian companies. By legislation passed in 2011, the National Assembly created the FRCN. The functions of the FRCN under the statute include:
- developing and publishing accounting and financial reporting standards to be observed in the preparation of financial statements of public interest entities;
- reviewing, promoting and enforcing compliance with the accounting and financial reporting standards adopted;
- receiving notices of non-compliance with approved standards;
- receiving copies of annual reports and financial statements of public interest entities from preparers;
- advising the federal government on matters relating to accounting and financial reporting standards;
- maintaining a register of professional accountants and other professionals engaged in the financial reporting process;
- monitoring compliance with the reporting requirements specified in the adopted code of corporate governance;
- promoting compliance with the adopted standards issued by the International Federation of Accountants and the International Accounting Standards Board;
- monitoring and promoting education, research and training in the fields of accounting, auditing, financial reporting and corporate governance;
- conducting practice reviews of registered professionals;
- reviewing financial statements and reports of public interest entities;
- enforcing compliance with the legislation and the rules of the FRCN on registered professionals and the affected public interest entities;
- receiving, in advance of publication, copies of all qualified reports, together with detailed explanations for such qualifications, from auditors of the financial statements, along with the power to prevent publication of the financial statements until all accounting issues relating to the reports are resolved by the FRCN;
- adopting and keeping up-to-date accounting and financial reporting standards, and ensuring consistency between standards issued and the International Financial Reporting Standards;
- specifying, in the accounting and financial reporting standards, the minimum requirements for recognition, measurement, presentation and disclosure in annual financial statements, group annual financial statements, or other financial reports by all public interest entities, in the preparation of financial statements and reports; and
- developing or adopting and keeping up-to-date auditing standards issued by relevant professional bodies and ensuring consistency between the standards issued and the auditing standards and pronouncements of the International Auditing and Assurance Standards Board.
The granting of such wide functions and powers on such a body, not unexpectedly, created tensions between the FRCN and auditors, the Institute of Chartered Accountants of Nigeria, the Association of National Accountants of Nigeria, public companies, large private companies, public interest entities (defined in the legislation as ‘governments, government organisations, quoted and unquoted companies and all other organisations that are required by law to file returns with regulatory authorities and this excludes private companies that routinely file returns only with the Corporate Affairs Commission and the Federal Inland Revenue Service’), and numerous other bodies.
In addition to these tensions, there was also widespread dissatisfaction with the provisions in the legislation that enabled the FRCN to impose levies on registered professionals (publicly quoted companies) based on market capitalisation, and on public interest entities based on turnover.
After skirmishes in 2014-2016 between the FRCN and auditors of banks, directors of banks that the FRCN purported to suspend or remove from office, and a former governor of the CBN, the executive secretary of the FRCN was dismissed in January 2017. A new executive secretary was appointed, along with a chairman. The three Corporate Governance Codes, for the private, public and not-for-profit sectors, issued in October 2016 were suspended. A committee was established in January 2018 to review the suspended codes and to develop and recommend the revised Code(s). The issue as to what is the lawful extent of the powers of the FRCN remains unaddressed.
In the interim, the various other regulatory bodies have retained a certain level of freedom to impose their own guidelines. These tend to be strongly influenced by international standards. Common to virtually all bodies is a requirement for a compliance officer to be appointed and for there to be a risk management committee.
The general nature of the main standards and guidelines regarding risk and compliance management processes can be seen from regulations issued by the CBN in respect of banks and other financial institutions, which is probably the most regulated sector in Nigeria. The CBN regularly issues regulations and guidelines that set standards that undertakings regulated by it must follow. These include updating qualification requirements of chief compliance officers and specifying standards required for risk management procedures.
The guidelines that come from the CBN are largely influenced by international agreements and independent advisory bodies such as the Financial Action Task Force. Currently, CBN guidelines require banks and other financial institutions to adhere to the following:
- there must be a chief compliance officer (CCO). Initially, it was required that there be one for each branch, but this was relaxed to allow one to serve clusters of branches;
- the CCO must report directly to the board and must have the status of at least a general manager;
- the CCO must in addition to a minimum education requirement have training in an international standard;
- there must be a risk management committee;
- with regard to the finance industry, there are different standards that banks may use in their risk management procedures; these are based on international standards and there is an implication that, with preapproval from the CBN, there is flexibility in acceptable standards;
- there are different risk management standards prescribed by the CBN for different kinds of transactions and actions such as accepting new customers, providing credit services for individuals and providing credit services for companies;
- additionally, the CBN issues extensive manuals detailing procedures required for compliance with legislation; and
- every financial institution is required to have a comprehensive anti-money laundering/combating financial terrorism (AML/CFT) compliance programme to guide its compliance efforts and to ensure the diligent implementation of the CBN manual.
Are undertakings domiciled or operating in your jurisdiction subject to risk and compliance governance obligations?
Generally, there is a requirement for the appointment of a compliance officer who reports directly to the board. However, the specifics vary from industry to industry as no uniform set of rules and regulations currently exist. Nevertheless, it would appear that the general requirements are that the compliance officers have specialised knowledge, independence from management and report directly to the board of directors.
What are the key risk and compliance management obligations of undertakings?
As addressed above, Nigeria does not have a singular set of risk and compliance management obligations. Financial institutions are regulated by the CBN, which has issued numerous regulations. The only obligation that applied to all corporations whether public, private, financial or non-financial, is the requirement for the appointment of a compliance or risk management committee/officer to oversee the compliance protocols of the organisation. Frequently, such officers are required to be part of senior management and to have direct reporting lines to the board of directors. Other obligations are sector-specific.