Call us now:
A recent TikTok video by a Nigerian food vendor and business owner has reignited an important conversation about platform responsibility, identity misuse and regulatory compliance in the digital economy. In the video, the vendor accused Glovo of allowing an account to operate in her business name, without her knowledge, consent, or authorization.
According to her account, the impersonating profile was actively delivering food to customers using her brand identity. The vendor reportedly reached out to Glovo repeatedly through social media channels and later through her lawyer, requesting that the issue be investigated and remedied. As at the time of writing, there has been no positive or decisive response. The legal implications in this case run very deep. In this article we give special attention to Customer Due Diligence and the importance of the Know Your Customer (KYC) stipulations of the CBN Anti-money Laundering Regulations of 2013.
Customer Due Diligence (CDD) is the operational backbone of KYC. Under the Regulations, institutions and relevant businesses are required to identify customers, verify their identities, and understand the nature and purpose of the business relationship before onboarding and during the lifecycle of that relationship. CDD obligations extend beyond merely collecting names or phone numbers. They include:
– Identification and verification of customers using reliable, independent documentation
– Verification of beneficial ownership where the customer is a business
– Understanding the nature of the business relationship, including how and why the customer intends to use the service
– Ongoing monitoring, to ensure transactions remain consistent with the customer’s profile.
Critically, the Regulations prohibit the maintenance of anonymous or fictitious accounts. Where a business name is used, there must be reasonable assurance that the person operating the account has the authority to do so.
The CBN Regulations establish KYC as a core principle requiring institutions and regulated businesses to properly identify and understand the persons and entities with whom they conduct business. The objective is not limited to preventing money laundering or terrorism financing, it is also designed to eliminate anonymity, prevent identity misuse, and reduce the risk of fraudulent or deceptive commercial relationships what about to protect end users?. In effect, KYC serves as the first line of defence against impersonation, misrepresentation and systemic abuse of business platforms.
Customer Due Diligence (CDD) operates as the practical mechanism through which KYC obligations are fulfilled. The Regulations require businesses to identify customers, verify their identities using reliable and independent documentation, establish beneficial ownership where the customer is a business, and understand the nature and purpose of the business relationship. These obligations must be satisfied before a relationship is established and must continue on an ongoing basis. The Regulations expressly discourage the creation or maintenance of anonymous, fictitious, or inadequately verified accounts, making it clear that identity verification is not optional but mandatory.
The importance of these obligations becomes clearer when applied to a platform involving multiple stakeholders. In the context of a food delivery platform such as Glovo, three parties are directly affected by KYC and CDD failures: the platform itself, the food vendors listed on the platform, and the customers placing orders. The platform acts as the gatekeeper, controlling onboarding, business listings, branding and access to customers. This position places a heightened responsibility on the platform to ensure that vendors are who they claim to be and that anyone operating under a business name is duly authorised to do so. Where KYC processes are weak or superficial, the platform risks enabling impersonation and misrepresentation.
For food vendors, inadequate KYC controls expose them to reputational and economic harm. When a third party is allowed to operate in the image of an existing business without consent, the legitimate vendor may suffer loss of goodwill, customer confusion and even regulatory exposure for acts they did not commit. These risks are precisely the type of harm KYC and CDD obligations are meant to prevent. The failure is not merely technical; it undermines the integrity of the commercial ecosystem and erodes trust between platforms and legitimate businesses.
Customers, although often overlooked in KYC discussions, are majorly affected. Consumers rely on platforms to provide a level of assurance that listed vendors are genuine and properly vetted. When KYC systems fail, customers may unknowingly transact with unauthorised operators, exposing them to substandard goods, food safety concerns and loss of consumer remedies. From a regulatory standpoint, this creates consumer protection implications that extend beyond private disputes and into the realm of systemic risk.
To remain compliant with the Regulations, best practice requires companies to adopt robust, risk-based KYC frameworks. This includes verifying business registration documents, confirming beneficial ownership, ensuring that individuals acting on behalf of businesses have proper authority and conducting periodic reviews of existing relationships. Importantly, compliance does not end at onboarding. Ongoing monitoring is required to ensure that the use of an account remains consistent with the information originally provided and that red flags, such as complaints of impersonation, are addressed promptly and decisively. Effective KYC systems also require clear escalation and remediation procedures when identity misuse is alleged.
Failure to comply with KYC and CDD obligations attracts regulatory consequences. The Regulations empower supervisory authorities to impose administrative sanctions, including monetary penalties, directives to correct deficiencies, enhanced supervision, and restrictions on operations. These sanctions apply even in the absence of proven money laundering or terrorist financing. The breach lies in the failure to carry out adequate due diligence itself, not merely in the eventual harm that may result. Persistent or systemic non-compliance further exposes institutions to reputational damage and intensified regulatory scrutiny.
Ultimately, in platform-driven markets where speed and scale are prioritised, compliance obligations serve as essential safeguards. Where platforms fail to truly know their customers, and fail to diligently verify those acting within their ecosystems, they risk legal exposure, regulatory sanctions, and the loss of public trust.