Ethiopia: National Bank issued Financial Consumer Protection (Directive No. FCP/01/2020) including security obligations

On 25 August 2020, the National Bank of Ethiopia (NBE) issued the Financial Consumer Protection Directive No. FCP/01/2020 and it enters into force with a grace period. The directive shall be effective and in full force six months from the issue date. Financial Services Providers must implement policies to ensure data confidentiality and security, inform consumers about these policies and data practices, and make them accessible. Providers must protect data through organisational, physical, and technical measures, collect data lawfully for legitimate purposes, and use it consistently with the original collection purpose or with explicit consent. They must ensure third parties handle data securely, allow consumers to access their data, and correct inaccuracies, notifying relevant third parties. The "Credit Reference Bureau Directive No. CRB/02/2019" provisions also apply.