Fidelity Bank has firmly denied allegations of a data breach and rejected the fine imposed by the Nigeria Data Protection Commission (NDPC). In a statement from Meksley Nwagboh, the bank’s Divisional Head of Brand and Communications, Fidelity Bank asserted that it “has always conducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection.”
RELATED: Fidelity Bank fined N555.8m by NDPC for data protection violations
The controversy arose earlier this week when the NDPC imposed a fine of N555,800,000 (Five Hundred and Fifty-Five Million, Eight Hundred Thousand Naira) on Fidelity Bank following an investigation into alleged breaches of the Nigeria Data Protection Act, 2023, and the Nigeria Data Protection Regulation, 2019. The fine, equivalent to 0.1% of the bank’s annual gross revenue in 2023, is required to be paid within 14 days of the notice.
Vincent Olatunji, the National Commissioner/CEO of NDPC, claimed that the bank’s “arrogance ultimately led us to impose the full penalty.” However, Fidelity Bank countered this by stating that it had not violated any laws. According to the bank, the alleged data breach was investigated internally, revealing that “an account opening request was received online, but the account was not operational due to incomplete documentation.”
The bank further explained that it took immediate action by blocking and eventually closing the account when the necessary documents were not provided. “On April 30th, 2023, we received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now the NDPC,” Fidelity Bank stated. The investigation concerned a complaint that a person’s details were allegedly used to open an account without consent.
“At no point was the account ever operational”
Upon receiving the notice, Fidelity Bank conducted an internal review and found that “an account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.” The bank emphasized its compliance with its data protection policy, which mandates that accounts created online without full documentation are not operational and are closed after 30 days if the required documents are not submitted.
“In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided,” the bank noted. “The account was immediately placed on ‘Post No Debit’ status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days. This was not done, and the account was eventually closed.”
Fidelity Bank reiterated that “at no point in the process was the account ever operational.” Despite providing evidence and engaging with the NDPC, the bank was informed of the decision to impose a penalty. On December 5, 2023, Fidelity Bank received a letter from the NDPC demanding a ‘remedial fee’ of N250 million within 21 days. The bank immediately began another round of discussions with the Commission, convinced that it had not breached any laws or regulations.
However, while still engaging with the NDPC, Fidelity Bank received another letter on August 20, demanding an increased payment of N555.8 million naira. The bank continues to dispute these allegations and fines, maintaining its stance of non-violation of data protection laws.