Fidelity Bank Challenges N555.8m Fine By NDPC, Denies Data Breach Allegation
Fidelity Bank has denied allegation of data breach and disputed the N555.8 million fine imposed on it by the Nigerian Data Protection Commission (NDPC).
The bank insisted that it adhered to all relevant data protection laws and conducted itself with the highest ethical standards.
The divisional head of brand and communications at Fidelity Bank, Meksley Nwagboh, issued a statement on Wednesday asserting that the bank “conducted itself to the highest ethical standards by ensuring full compliance with extant laws on data protection.”
The NDPC, however, maintained that Fidelity Bank violated data privacy laws, leading to the substantial fine. According to Vincent Olatunji, the national commissioner of the NDPC, the bank’s “arrogance ultimately led us to impose the full penalty.”
But, in response to the fine, Fidelity Bank clarified that the alleged breach involved an account opening request received online, which was never operational due to incomplete documentation. The bank emphasised that it had “carried out due diligence by immediately blocking the account and subsequently closing it when outstanding documents were not provided.”
Detailing the timeline, the bank stated, “On April 30th, 2023, we received a notice of investigation from the Nigerian Data Protection Agency (NDPA), now the Nigerian Data Protection Commission (NDPC). The investigation was in respect of a complaint from [name withheld] who claimed that [name withheld] details were used to open an account in the bank without [name withheld] consent.”
Fidelity Bank conducted an internal investigation in response to the notice and discovered that “an account opening request was received online in the name of [name withheld], and an email was sent to the email address attached to the request informing them about this.”
“In compliance with our Data Protection policy, accounts created online without full documentation are not allowed to be operational and are closed after 30 days if the outstanding documents are not provided to authenticate the identity of the person seeking to open the account,” the bank added.
The bank further explained, “In compliance with our data protection laws, the account was not allowed to be operational as the passport photograph and BVN were not provided. The account was immediately placed on ‘Post No Debit’ status as the applicant was expected to complete the account opening process by providing the outstanding documents for verification within 30 days. This was not done, and the account was eventually closed.”
Fidelity Bank also mentioned that they had responded to the NDPC on May 2nd, 2023, asserting that there was no data breach and that the account opening process was never completed. “On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational,” the bank said.
The bank disclosed that on July 7, 2023, they were invited for a Pre-Action meeting with the NDPC, during which they reiterated their stance. Despite providing evidence to support their claims, the NDPC proceeded to impose a penalty. Fidelity Bank reported that they received a letter on December 5, 2023, demanding a ‘remedial fee’ of N250 million within 21 days and was surprised to receive another on August 20, 2024, escalating the fee to N555.8m while still in discussion with the commission.