Fidelity Bank has firmly rejected claims of a data breach and has contested the fine levied by the Nigerian Data Protection Commission.
According to The PUNCH, the Divisional Head of Brand and Communications for the bank, Meksley Nwagboh, stated on Wednesday that Fidelity Bank “conducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection.”
The NDPC had announced on Wednesday that it had imposed a fine of N555.8 million on the bank, accusing it of breaching data privacy regulations.
The National Commissioner of NDPC, Vincent Olatunji, remarked that the bank’s “arrogance ultimately led us to impose the full penalty.”
In response to the penalty, Fidelity Bank clarified that the supposed data breach had been thoroughly investigated, revealing that “an account opening request was received online, but the account was not operational due to incomplete documentation.”
The bank elaborated that it had taken prompt action by blocking the account and later closing it when the required documents were not submitted.
Fidelity Bank also provided a timeline of events, stating that on April 30th, 2023, they received a notice of investigation from the Nigerian Data Protection Agency, now known as the Nigerian Data Protection Commission.
The investigation centered around a complaint from an individual who claimed that their personal details had been used to open an account at the bank without their consent.
Upon receiving the notice, the bank conducted an internal inquiry and discovered that “an account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.”
The bank noted that, in line with its Data Protection policy, accounts created online without complete documentation are not activated and are closed after 30 days if the necessary documents are not provided.
“In compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account,” the bank explained.
Fidelity Bank further clarified, “In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided.”
The bank assured that the account was promptly placed on ‘Post No Debit’ status, and since the applicant failed to provide the required documents for verification within the 30-day period, the account was subsequently closed.
On May 2nd, 2023, the bank responded to the NDPC, stating that no laws had been violated as there was no data breach, and the account opening process was not completed.
The bank emphasized, “On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational.”
Following this, Fidelity Bank was invited to a Pre-Action meeting with the NDPC on July 7th, 2023.
During the meeting, the bank reiterated its position, as outlined in its earlier communication dated May 2nd.
However, despite presenting their explanation and supporting evidence, the NDPC informed them that it had decided to impose a penalty on the bank.
Fidelity Bank revealed that on December 5th, 2023, it received a letter from the NDPC demanding payment of a “remedial fee” of N250 million within 21 days. The bank immediately initiated further discussions with the Commission, confident that it had not breached any law or regulation.
Nevertheless, while still engaging with the NDPC, the bank received another letter on August 20th, increasing the demand to N555.8 million.
