Nigeria maintains a prominent position among the top four countries in Africa for fintech. A recent report highlighted its leading role in hosting the largest concentration of fintech companies on the continent, with South Africa, Kenya, and Egypt ranking second, third, and fourth, respectively. In 2024, Nigeria attracted 47% of the fintech deals in Africa, solidifying its status as the most active destination for such transactions.
In 2024, fintech remained the dominant force in Africa’s tech ecosystem, securing USD1.4 billion, which accounted for 60% of total equity funding. The sector attracted 131 deals, representing 29% of all transactions. Fintech experienced a 16% year-on-year increase in deal count and a 59% growth in total funding, underscoring its rapid expansion. In Nigeria, fintech made up 72% of the country’s total equity funding. While Nigeria was one of Africa’s most diverse VC markets in 2023, sectoral diversification decreased in 2024, with fintech taking the lead in local funding. Large funding rounds from companies like Moove Africa and Moniepoint influenced this shift. Without these two megadeals, fintech still accounted for 31% of Nigeria’s total funding, which would have been a slight decline from the 37% seen in 2023.
2024 also witnessed a refocus on indirect regulation of the Nigerian fintech industry and increased reports of incidents of de-banking fintech operators: in particular, the Central Bank of Nigeria (CBN) reportedly imposed various monetary penalties on banks for non-compliance with compliance obligations in general and KYC obligations which trickled down to fintech entities becoming increasingly more concerned with compliance to avoid the risk of getting de-banked.
Another important development in 2024 is the issuance of a Payment Terminal Service Aggregator (PTSA) license to Unified Payments Service Limited in April 2024, thereby increasing the number of PTSAs in Nigeria to two. All payment service providers were then mandated to integrate with both PTSAs.
Regulatory attitudes, funding patterns and widespread adoption of emerging technology are likely to shape the evolution of the Nigerian fintech landscape in the coming twelve (12) months. Emerging technology such as artificial intelligence (AI) will likely be integrated into financial services, particularly for robo-advisory services and wealth management platforms.
Fintech Regulatory Landscape in 2024
Reviewed Guidelines of International Money Transfer Services in Nigeria
On 31 January 2024, the CBN issued the Reviewed Guidelines of International Money Transfer Services in Nigeria (Reviewed IMTS Guidelines), effectively repealing the previous guidelines issued on 26 September 2014. The Reviewed IMTS Guidelines establish a new framework for the licensing and operation of International Money Transfer Operators (IMTOs) in Nigeria. It introduces several new requirements, including those for starting IMTO services and restrictions on IMTO operations. Interestingly, the Reviewed IMTS Guidelines specify that all banks are prohibited from operating IMTO services and that fintech companies are not allowed to obtain approval for IMTO. The guidelines, however, do not expatiate what it means by “fintech companies are not allowed to obtain approval for IMTO.”
Cybercrimes (Prohibition & Prevention) (Amendment) Act 2024
The Cybercrimes (Prohibition and Prevention) Act 2015, as amended by the Cybercrimes (Prohibition and Prevention) (Amendment) Act 2024, introduces a crucial update regarding the reporting of cyber threats. The Amended Act now mandates that any individual or entity – whether public or private – must notify the National Computer Emergency Response Team (National CERT) about any cyber threat or breach within 72 hours of detection, significantly reducing the previous deadline of seven days. Failure to comply with this reporting requirement can result in a fine of NGN2,000,000 and/or denial of internet services.
This new provision aligns with Section 40(2) of the Nigeria Data Protection Act (NDPA), which encourages data controllers to report personal data protection breaches to the Nigeria Data Protection Commission (NDPC) within 72 hours of awareness. While not every cyber threat or breach results in a personal data breach, the obligation to report to the National CERT applies regardless. However, if the breach involves personal data, both the National CERT and the NDPC must be notified within the same 72-hour period.
These changes strengthen the country’s cybercrime response framework and aim to enhance data security and transparency across sectors.
Guidance Notice on the Registration of Data Controllers and Data Processors of Major Importance pursuant to the Nigeria Data Protection Act 2023 (NDPA)
In 2024, the NDPC expatiated the concept of Data Controllers and Processors of Major Importance (DCPMIs), entities processing personal data deemed crucial to Nigeria’s economy, society, or security. Section 65 of the NDPA allows the NDPC to designate such entities based on the volume and significance of data processed. The NDPC’s Guidance Notice issued in February 2024 outlines that entities processing personal data for over 200 individuals in six months or working in sectors like finance, healthcare, and education may qualify as DCPMIs. Organisations under fiduciary relationships with data subjects are also considered. The registration requirement aims to enhance data protection standards for critical data handlers in Nigeria.
There has been a recent decision of the Federal High Court of Nigeria invalidating certain provisions of the Guidance Notice and further mandating that the NDPC clarifies entities exempted from the Guidance Notice.
CBN rules for Virtual Assets Service Providers (VASPs)
On 22 December 2023, the CBN issued Guidelines on the Operations of Bank Accounts for Virtual Assets Service Providers (VASP) (Account Guidelines). In issuing the Account Guidelines, the CBN has lifted the restrictions it had previously placed on banks and other financial institutions to close the account of persons dealing in cryptocurrency transactions ie, entities registered by the SEC as VASPs under the Securities and Exchange Commission (SEC) Rules on Issuance Offering and Custody of Digital Assets (Digital Assets Rules) will now be allowed to operate bank accounts pursuant to the Account Guidelines. Conversely, banks and other financial institutions are still prohibited from dealing in cryptocurrency. The framework further provides minimum standards and requirements for banking business relationships and account opening for VASPs and creates effective monitoring of the activities of banks and Other Financial Institutions (OFIs) in providing services to the Nigerian
Securities and Exchange Commission (SEC)-licensed VASPs/digital assets entities in the country. This shift signals a more open and regulated approach to the cryptocurrency ecosystem in Nigeria. While previously the focus was on restricting activity owing to concerns, the new Guidelines aim to provide a framework for safe and monitored engagement between VASPs and the broader financial system.
Framework on Accelerated Regulatory Incubation Program for the Onboarding of VASPs and DISPs
On 21 June 2024, the SEC launched the Framework for Accelerated Regulatory Incubation Program (ARIP) to onboard VASPs and Digital Investment Service Providers (DISPs) in Nigeria in cohorts pending when the SEC operationalises the Digital Assets Rules. This ARIP creates a special window for entities involved in virtual asset activities to apply for approval in principle from the SEC, allowing them to begin limited operations in the meantime.
Upon the Digital Assets Rules becoming operationalised, participants in the ARIP who demonstrate adherence to the program’s conditions will subsequently transition into full registration with the SEC. This transition will be subject to a review by the SEC, which may impose additional requirements. The primary objective of the framework is to familiarise the SEC with the business models of prospective VASPs and DISPs while ensuring they align with the country’s regulatory standards. The SEC subsequently issued an exposure draft of amendments to the Digital Assets Rules, which is scheduled to take effect from 30 June 2025, calling for comments on same and subsequently deleted the exposure draft.
Forecasting Nigeria’s Fintech Market Growth in 2025
High inflation rate and FX scarcity
According to the National Bureau of Statistics, as of December 2024, Nigeria’s inflation surged to 34.8%, which is a 30-year high and an approximately 6% YoY increase from the 28.92% recorded in December 2023. Despite the consolidation of all the segments of the FX market into the I&E window efforts of the CBN to improve the supply of FX, the FX market continues to experience a high level of volatility, and this has continued to impact the repatriation of capital and the strain on foreign transactions.
Lay-offs and cut-offs
Interestingly, it was reported that the CBN laid off approximately 1,000 staff members in 2024. Some operators, such as Traction Apps, also laid off some staff members. However, generally speaking, there was a reduction in reports of lay-offs in 2024 compared to 2023.
Increased regulatory activities
The changes in leadership at the CBN are anticipated to bring forth a series of policy reforms to strengthen the national economy. Already in 2024, the CBN issued newly revised guidelines preventing fintech start-ups from carrying out IMTO services. The CBN also increased the application fees for the IMTO license to NGN10 million.
The new rules also set a minimum operating capital of USD1 million for foreign IMTOs and its naira equivalent for their indigenous counterparts. In a bid to further curb the inflation rate and the free fall of the naira against the US dollar, it is expected that the CBN and other regulatory agencies continue to dole out policies that could impact the operations of companies within the fintech sector.
Adoption of cryptocurrency
Following the relaxation of the restrictions on cryptocurrency transactions in Nigeria, there is an optimistic outlook for increased acceptance and utilisation of digital currencies in various sectors of the Nigerian economy. Businesses, financial institutions, and the general public are expected to embrace the convenience and efficiency offered by digital currencies, thereby fostering a more dynamic and inclusive financial ecosystem. It is likely that regulatory frameworks will be established to provide clarity and ensure the secure and responsible use of cryptocurrency.
The most prevalent fintech business models in Nigeria are:
Payments and Remittances
The payments subsector of the fintech industry is by far the most active in Nigeria and has received the most interest from investors and regulators alike. Payment services cover business-to-business applications (such as payment-processing providers and solutions for accepting payments) and business-to-consumer applications (including services such as mobile wallets and payment applications that enable individuals to pay on the go and make peer-to-peer transfers). Remittance-related products focus on cross-border money transfers from migrant populations to their “home” country: indeed, IMTOs, in particular, have had their operations limited to inbound transfers but are now allowed to also engage in business-to-person and business-to-business inbound transfers, unlike the old framework under which IMTOs could only deal in personal remittances.
Lending and Financing
Digital lending applications and Buy Now, Pay Later (BNPL) services, also referred to as “point of sale instalment loans”, have proliferated the Nigerian fintech space. The ability to provide quicker loans through a simplified lending process (mostly without collateral) gives this model a competitive advantage over traditional lending, but legacy players are also deploying similar solutions. Nigerian fintech companies also provide innovative solutions for financing assets and trade, particularly through the instrumentality of sale credits.
Investech
Investech start-ups are leveraging technology to allow Nigerians to grow their funds. These opportunities range from real estate to agriculture and the money market. These fintech companies focus on deploying solutions to improve and democratise investment and wealth management to their customers.
Personal Finance
Another popular business model for fintech companies in Nigeria is offering a personal savings solution that manages personal bills, accounts and/or credit.
Nigeria operates a three-tier federal system of government, with powers shared by the Constitution of the Federal Republic of Nigeria, 1999 (as amended) among the federal, state and local governments. The regulation of banking activities falls within the federal government’s purview, and federal laws generally regulate most fintech companies’ operations. Furthermore, there is no specific regulatory regime focused on fintech companies in Nigeria – they are generally subject to the regime applicable to other companies operating similar businesses/models in a particular sector.
Payments
This subsector is principally regulated by the Banks and Other Financial Institutions Act 2020 (BOFIA), supplemented by various guidelines issued by the CBN from time to time that apply to legacy players and fintech companies alike. Any fintech operating as a Payment Service Provider (PSP) is required to incorporate a Nigerian entity and obtain a CBN licence to operate.
Lending and Financing
This subsector is also principally regulated by BOFIA – albeit supplemented by various guidelines issued by the CBN from time to time that apply to legacy players and fintech companies alike, including relevant prudential guidelines. In order to hold deposits and engage in lending/financing operations in Nigeria, fintech companies require any of the following:
However, fintech companies that are not focused on holding deposits but want to provide lending services across the country may procure a finance company licence from the CBN. Relatedly, fintech companies not focused on holding deposits or providing lending services across the entire country may operate with a moneylender’s licence pursuant to the Money Lender laws of the relevant state(s) they operate in. The money lender’s licence application regime is less onerous than the other regimes – hence the attraction for fintech companies. Yet another alternative is for a fintech to partner with entities that hold the relevant lending licences and merely provide the technology platform through which the loans are advanced. The Federal Competition and Consumer Protection Commission (FCCPC) added an additional layer of regulatory framework to the digital lending space in 2022 by requiring all digital money lenders to register with it in accordance with the FCCPC’s Regulatory/Registration Framework and Guidelines for Digital Lending.
Investech
Entities engaged in the provision of investment services must register with the SEC as capital market operators. Much like personal finance applications, investech companies have also begun partnering with registered capital market operators to provide these services.
Personal Finance
In order to accept deposits from customers, fintech companies are required to obtain any of the banking licences identified under “lending” from the CBN. In practice, however, fintech companies offering personal finance applications in Nigeria typically operate through partnerships with established MFBs or other deposit money banks (DMBs). Fintech companies have also begun to acquire MFB licences to deliver their products.
Financial Services Through Telecommunications Infrastructure
In addition to the foregoing, under the Licence Framework for Value Added Services, the Nigerian Communications Commission (NCC) is responsible for the regulation of businesses that offer financial services by leveraging mobile phones or other telecommunications infrastructure.
The compensation models for the industry participants vary depending on the business model.
For payment services, the compensation model is highly regulated in Nigeria. Companies in this subsector profit by receiving a percentage of the transaction fees that are typically incurred when making payments. In this regard, the Electronic Payment Guidelines provide that fees and charges for web transactions are to be agreed between service providers and banks/entities to which the services are being provided. They also provide that the maximum total fee that a merchant can be charged for web transactions will be subject to negotiations between the merchant and the acquirer (the bank that maintains the merchant bank’s account). These negotiations must take into account the provisions of the CBN Circular on the Implementation of Interchange Fee (the “Interchange Guidelines”). The Interchange Guidelines regulate the interchange fees paid by the acquirers to card issuers (the financial institution that issues credit/debit cards to customers).
For online lending, the Money Lender laws of various states prescribe limitations on the interest on loans that money lenders may impose.
In Nigeria, there is generally no difference between the regulation of fintech industry participants and the regulation of legacy financial institutions.
Fintech companies generally operate within the existing regulatory regime for the financial services industry. This is evident from the provisions of BOFIA, which explicitly recognise PSPs and IMTOs as financial institutions to be regulated as per other financial institutions (such as finance companies, which are legacy players) in the manner provided for by BOFIA. Also, legacy players are developing products to compete with fintech companies, thereby obscuring the regulatory lines.
In 2019, a Financial Industry Sandbox launched by the Financial Service Innovators Association of Nigeria in conjunction with the CBN and the Nigeria Inter-Bank Settlement System (NIBSS) was designed to allow fintech companies to test solutions and products within a controlled environment through the NIBSS Application Programming Interface (API) and those of other existing companies (the “Sandbox”).
The Regulatory Incubation Programme introduced by the SEC targets individuals and businesses (registered, or intending to register, with the SEC) planning to launch an innovative product or process in the Nigerian capital market. Such innovators are expected to complete the fintech assessment form that can be accessed through the Innovation and FinTech Portal on the SEC website. Similarly, as discussed earlier, the SEC further introduced the ARIP as an interim sandbox for VASPs, announced the first cohort into the ARIP, and indicated that the next cohort would be announced in 2025. The National Insurance Commission (NAICOM) has also introduced a regulatory sandbox programme for eligible applicants.
In furtherance of the CBN’s commitment to building a financial services sector that promotes innovation, effective service delivery, healthy competition and financial inclusion, the CBN Sandbox Regulations were released in January 2021 (the “Sandbox Regulations”). The Sandbox Regulations set out the requirements provided by the CBN for conducting live tests on innovative products, services and other solutions in a controlled environment. To this end, the CBN will review the products and solutions of applicants (licensed institutions, fintech companies, innovators and researchers) during their implementation. After calling for applications in December 2022, the CBN admitted selected applicants into its regulatory sandbox programme in 2023.
The legislation establishing various regulators specifies the jurisdiction limits of such regulators.
The CBN is the apex monetary authority in Nigeria and is responsible for the regulation of all banks and financial institutions operating in Nigeria. The bulk of fintech companies in Nigeria deal in payment/financial services and, in so doing, assume quasi-banking functions – thereby coming within the regulatory purview of the CBN.
Nigeria’s primary regulatory body for investments and capital markets transactions is the SEC. The jurisdiction of the SEC in the regulation of operating fintech companies can be found in the operation of Investech applications, crowdfunding platforms, and, in recent years, cryptocurrencies, among others. In the same vein, certain fintech companies that offer the option of pooling together capital from individual investors towards investment in certain asset classes (collective investment schemes) must be registered with the SEC.
NAICOM regulates the insurance industry in Nigeria. Its jurisdiction extends to insurtech companies that carry on insurance businesses.
The NDPC oversees the implementation of the NDPA and regulates the processing of personal information, along with related matters.
Furthermore, the NCC is empowered by the Nigerian Communications Act 2003 to regulate the telecommunications industry in Nigeria. Thus, fintech companies offering services that involve the use of mobile networks or mobile phones, such as mobile money, are subject to the NCC’s regulatory purview and must obtain operating licences from the NCC.
Finally, the FCCPC is Nigeria’s apex regulator for consumer protection and competition affairs. Acting as the regulatory authority saddled with implementing the Federal Competition and Consumer Protection Act (FCCPA), the FCCPC regulates the activities of fintech companies, aiming to protect the rights of consumers under the FCCPA.
Fintech regulators in Nigeria do not traditionally issue “No-Action” letters in the same way as regulators in some other countries, such as the U.S. Securities and Exchange Commission.
However, Nigerian regulators do provide regulatory clarity and approvals through other mechanisms. For example, the SEC may issue approval in principle for certain activities, as seen with the Accelerated Regulatory Incubation Program (ARIP) for Virtual Asset Service Providers (VASPs) or “No-Objection” letters. Similarly, the CBN may issue guidelines, circulars, or exemptions to provide regulatory clarity on specific fintech activities.
In the absence of a “No-Action” letter, fintech firms often rely on regulatory guidelines or formal approvals (like licenses or authorisations) from relevant authorities, such as the CBN, SEC, or other regulatory bodies like the National Information Technology Development Agency (NITDA), to ensure compliance with regulations.
Generally, the powers given to players in the financial services industry by the regulator(s) through the various licences cannot be transferred, assigned or otherwise outsourced to third parties without the regulator’s consent. However, there are exceptions. By way of example, certain financial services can be provided by a third party (agent) to customers on behalf of DMBs or mobile money operators (as vendors) pursuant to the CBN Guidelines for the Regulation of Agent Banking and Agent Banking Relationships in Nigeria. The vendors must apply for approval to the CBN, stating the extent of agent banking activities and the responsibilities of relevant parties, as well as the risk management, internal control, operational procedures and any other policy and procedures relevant to the agent banking arrangement. The parties to the agent banking arrangement are also required to enter into service-level agreements and agent banking contracts that are satisfactory to the CBN.
BOFIA imposes an obligation on financial institutions (including fintech companies operating as digital banks, IMTOs, PSPs and fintech companies whose objectives include investment management) to adopt policies stating their commitments to complying with AML/CFT obligations under subsisting laws and regulations. Such financial institutions are also obligated under BOFIA to implement control measures to prevent any transaction that facilitates criminal activities, money laundering, or terrorism.
More specifically, the CBN AML/CFT Regulations 2022 require financial institutions to, among other things:
A major enforcement action in 2024 is the imposition of fines of USD220 million on Meta Inc and WhatsApp LLC by FCCPC for obnoxious, exploitative and unscrupulous business practices that violate the FCCPA and the Nigerian Data Protection Regulation 2019. An interesting point regarding this penalty is that, in reaching a decision, the FCCPC compared the practices of WhatsApp in other jurisdictions with the practices of WhatsApp within Nigeria. This strongly suggests that from a consumer protection perspective, regulators are now more willing to consider actions/inactions across multiple jurisdictions.
Other significant enforcement actions include the reported CBN imposition of penalties of over NGN 15 billion on banks over a space of three months ranging from October 2024 to December 2024 and the reported imposition of penalties of about NGN1.5 billion within the first six months of 2024 for violation of foreign exchange guidelines and other regulatory offences. Another example of this is the reported directive given by the NCC to telecommunication companies to restrict access to Binance’s website and other cryptocurrency platforms to prevent illegal financial activity and FX market manipulation.
Perhaps the most significant enforcement action in 2024 is the revocation of the banking licence of Heritage Bank Plc by the CBN for reasons of mismanagement of the financial position of the bank and little reasonable chance of recovery. There were concerns that the bank constituted a systemic risk to the broader financial market in Nigeria. On the other side of the pond, while the SEC was not reported to have withdrawn any licenses, the SEC did issue public warnings against dealing with unlicensed entities operating in the capital market, such as Marino FX Ltd.
Implementing non-financial services regulations, such as those addressing privacy, cybersecurity, social media content, and software development, has significant implications for both fintech companies and legacy financial institutions. Fintech firms are particularly affected by privacy regulations like NDPA, which mandates robust data protection measures, transparency, and user consent. These companies must establish systems for real-time data processing and security, whereas traditional banks, with their legacy systems, may find compliance less challenging but face difficulties transitioning older infrastructure to meet modern privacy requirements.
Cybersecurity regulations, such as the Cybercrimes Act, also play a crucial role in shaping the landscape for fintech companies. These regulations require fintechs to implement strong cyber defences and report any incidents promptly. The relatively new nature of fintech operations means they often lack the resources and infrastructure of legacy institutions, leaving them more vulnerable to cyber threats. On the other hand, legacy players generally have more established cybersecurity frameworks but may still struggle with outdated systems that are ill-equipped to handle new, sophisticated digital threats.
Social media content regulations, especially around cyberstalking and defamation, add another layer of complexity for fintechs, particularly those that operate or engage with users on social media platforms. Fintech companies must ensure their platforms do not inadvertently facilitate harmful or illegal content. Traditional financial institutions, with their smaller social media presence, may face fewer regulatory challenges in this area, although this could change as they expand digital interaction channels. On 16 May 2024, the Federal High Court in Lagos, Nigeria, ruled in favour of the Central Bank of Nigeria (CBN) in the case of Chris Eke v Central Bank of Nigeria, affirming the CBN’s Customer Due Diligence Regulation issued on 20 June 2023. This regulation mandates that financial institutions collect their customers’ social media handles as part of the standard KYC process. The court held that the regulation did not infringe upon the privacy rights of bank customers.
Intellectual Property laws such as the Nigeria Copyright Act, Trade Marks Act, and Patents and Designs Act also require compliance with patent and copyright provisions and the assurance that any third-party software used is appropriately licensed. Both fintechs and legacy players must navigate these regulations to ensure legal compliance and maintain consumer trust in a rapidly evolving digital financial environment.
The NIBSS, among other things, initiates and develops an integrated nationwide network for electronic or paperless payments, funds transfer, and transaction settlement. To fulfil its mandate, the NIBSS sets verification standards that must be complied with by industry participants who seek to consummate transactions on the NIBSS network.
In addition, the Companies and Allied Matters Act 2020 (as amended) (CAMA) stipulates that all companies in Nigeria must prepare audited financial statements comprising an auditor’s report certified by an independent auditor. However, companies that have not carried on business since incorporation and small companies as defined under Section 394 of the CAMA are exempt from preparing audited financial statements. Thus, all fintech companies operating in Nigeria must be audited annually by certified independent audit firms, except those that fall within the exemption bracket.
Generally, it is not permissible for licensed/registered companies offering regulated products to offer unregulated products and services. Regulated entities in the financial services industry submit annual returns for their operations/businesses and undergo an annual examination that will expose unregulated products/services. Nonetheless, certain participants offer regulated and unregulated products and services through the same legal entity.
The main legislation prohibiting money laundering in Nigeria is the Money Laundering (Prevention and Prohibition) Act 2022 (MLPA). The CBN’s AML/CFT Regulations regulate financial institutions under the CBN’s regulatory purview, and the SEC’s AML/CFT Regulations regulate institutions under the SEC’s regulatory purview.
The MLPA, which is more general in its scope, imposes the obligation to conduct KYC checks on financial institutions and designated non-financial businesses (DNFBs). To the extent that an unregulated entity does not fall under the definition of a financial institution or a DNFB, it is not bound by the requirements of the MLPA – given that it relates to financial institutions and DNFBs, including the fulfilment of the KYC requirements. However, a fintech company that holds a CBN or SEC licence and/or falls under the definition of a financial institution or DNFB under the MPLA is required to comply with the KYC requirements as stipulated under the relevant laws and regulations and to make the required periodical returns.
Nigeria’s anti-money laundering (AML) and sanctions regulations are largely designed to align with the standards set by the Financial Action Task Force (FATF).
Nigeria is a member of the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA), a specialised institution of the Economic Community of West African States (ECOWAS), and the FATF Style Regulatory Body (FSRB) in West Africa. GIABA facilitates the adoption and implementation of AML and counter-terrorist financing (CFT) measures in West Africa, ensuring that member states, including Nigeria, comply with international standards.
However, In February 2023, the FATF added Nigeria to its “grey list,” citing significant deficiencies in the country’s AML and CFT framework. This designation indicates that Nigeria is under increased monitoring due to strategic shortcomings in its AML/CFT regime. Nigerian regulators have been concentrating on getting Nigeria removed from the grey list.
Nigeria has made some progress since the greylisting. In a meeting held on 25 October 2024, the FATF approved Nigeria’s fourth progress report since the country was placed on the grey list in February 2023
In Nigeria, reverse solicitation has historically permitted foreign entities to offer regulated products and services without triggering local regulations – albeit, it remains a practice that is merely tolerated, and its scope and limitations have yet to be fully tested.
Robo-advisers for cryptocurrencies will be regarded as DISPs under the ARIP and regulated as such. In contrast, robo-advisers for other securities may be regulated under the general Rules on Robo-Advisory Services in Nigeria (the “Robo-Advisory Rules”) issued by the SEC in a bid to regulate the adoption and deployment of robo-advisory services in the Nigerian capital market.
Both the ARIP and Robo-Advisory Rules are silent on the types of business models that can be established, however the Robo-Advisory Rules in particular recognise that the services provided by robo-advisers can be fully automated – with no human intervention in the entire advisory process.
Robo-advisory solutions have been sparsely deployed in providing financial advisory services in Nigeria as traditional (human) models continue to remain popular. Nevertheless, numerous investech solutions (such as RiseVest and Cowrywise) use robo-advisory-based interfaces (ie, the process of gathering information from a client/user through surveys and questionnaires, then investing or providing investment recommendations based on such data). Predominantly, legacy asset management/stockbroking firms have implemented automated solutions more often for first-link interfaces with customers.
Robo-advisory services are limited in their deployment in Nigeria. However, regulators have taken a proactive approach in ensuring that robo-advisers – as they expand in the Nigerian market – ensure the best execution of customer trades.
In July 2018, the Nigerian Exchange Group Plc (then the Nigerian Stock Exchange, or NSE) issued the Rules on Order Handling and Best Execution (NGX Order Handling Rules), which stockbrokers/dealing members – whether they utilise technology solutions in their service offerings or not – are required to comply with in the execution of customer trades. The Robo-Advisory Rules also seek to regulate the adoption and deployment of robo-advisory services in the Nigerian capital market and set out compliance requirements and standards that robo-advisers in Nigeria are required to adhere to when ensuring adequate protection for their clients.
Differences in the business or regulation of loans exist in Nigeria based on the nature of the borrower. Loans are typically provided under a commercial bank or MFB licence issued by the CBN. Although the commercial banking licence targets the general populace, MFBs target low-income earners, vulnerable groups, informal sector operators, micro-entrepreneurs, subsistence farmers and SMEs and provide loans with less stringent application and collateral requirements. It is not unusual to see online or digital lenders collaborate with MFBs or obtain MFB licences, thanks to relaxed application and compliance processes compared with the traditional banks, with restrictions on the value of loans that may be granted to individual businesses. However, traditional banks are not prevented from granting loans to similar entities – many of which have already introduced specialised online lending products targeted at SMEs.
Also, fintech companies that are not focused on holding deposits but instead on providing lending services within the geographical limits of a state may operate with a Money Lender’s licence under the Money Lender laws of the relevant state(s) in which they operate. The Money Lender’s licence application regime is less onerous than the other regimes, hence the attraction.
Online lenders are using deep-learning algorithms to process vast amounts of data and, more accurately, quantify the risk of default to improve underwriting processes. The introduction of the Credit Reporting Act in 2017, which facilitates credit reporting and gathering, appears to have also strengthened the underwriting process – given that the loans availed through these platforms are mostly provided without collateral. This has allowed the banks to underwrite loans for the mass markets with credit loss rates well below the industry average. Furthermore, the Global Standing Instruction mandate of the CBN became effective in August 2020 and is aimed at facilitating loan recovery from individual borrowers across the financial system.
However, no specific regulations provide for a particular underwriting process for online lenders in Nigeria. Thus, general requirements applicable to traditional players will apply to online lenders.
There is no specific source of funds unique to fintech companies for online lending in Nigeria. However, the most common source is equity raised by lenders. Other funding sources include loans from shareholders or third parties, deposit-taking activities, instruments from the debt capital markets, peer-to-peer bilateral funding, and securitisation.
Loan syndications are quite popular in the Nigerian financial market, albeit mostly with traditional banking institutions as opposed to online lenders – given that the value of loans typically disbursed through online lending platforms tends to be small.
Usually, where the value of a loan to be procured by a borrower is huge, a financial institution will pool together a syndicate of other banks to provide the loan on similar terms. A security trustee is appointed to hold collateral provided by the borrower for the benefit of the syndicate of lenders. A facility agent is also appointed to collect interests and repayments from the borrower and distribute them to the syndicate, as well as monitor the borrower’s financial covenants and administer waivers and amendments to the loan documentation. From time to time, syndicated loans are also subject to prudential guidelines prescribed by the CBN.
Payment processors and payment gateways in Nigeria often operate within existing payment rails established by the CBN, such as the Real Time Gross Settlement System. Within this system, payment processors and payment gateways (acting through settlement banks) can provide an avenue for real-time processing and settlement of transactions undertaken between customers and merchants.
CBN regulates cross-border payments and remittances. It also issues licences to organisations seeking to provide such services in Nigeria. The most relevant regulations in this respect are the Pan African Payment and Settlement Systems (PAPPS) Guidelines (the “Reviewed IMTS Guidelines”) and the Guidelines on International Mobile Money Remittance Services (the “IMMRS Guidelines”).
Specifically, the reviewed IMTS Guidelines provide minimum standards and requirements for IMTOs, specify delivery channels for such money transfer operations and provide guidelines for implementing processes and flows of international money transfer services. The IMMRS Guidelines were issued to complement the then-subsisting IMTS Guidelines by facilitating foreign exchange transactions through mobile applications.
The PAPSS Guidelines were issued with the objective of regulating cross-border payments within the African Continental Free Trade Agreement framework. The PAPSS Guidelines contained various limitations, such as transaction limits, which only apply to trade-backed and inward transactions. The PAPSS Guidelines were aimed at enabling innovation in cross-border trade and access to new markets, thereby providing a simple process that reduces the complexities and costs of foreign exchange for cross-border transactions between African markets and secures instant cross-border payment capabilities to their customers all over Africa. Interestingly, by a letter dated March 2024, the CBN removed the transaction limits on PAPSS for trade and payment services and permitted authorised dealer banks to source for foreign exchange for settlement of PAPSS transactions through the Nigerian Foreign Exchange Market with no recourse to the CBN.
The applicable and permissible platforms for trading securities in Nigeria depend on the type of security intended to be listed. The current trading platforms permissible for debt securities are the NGX and the FMDQ Securities Exchange Limited (FMDQ). Equity securities can be traded publicly on the NASD Plc ( NASD OTC Securities Exchange) and NGX, whereas commodities can be traded on the AFEX Commodities Exchange Limited, the Lagos Commodities and Futures Exchange, the Nigeria Commodity Exchange, and the FMDQ.
Pursuant to the completion of the demutualisation process of the NSE in 2021, a new non-operating holding company, the Nigerian Exchange Group Plc ( NGX Group), was created. The NGX Group has three operating subsidiaries:
The NGX is responsible for listing, trading, technology, market data and other core exchange functions. The NGX also provides for the Growth Board, which is a trading platform available to small and mid-sized fast-growth companies in order to raise critical long-term capital at relatively low cost so they can realise their business potential.
The main regulation for listing on the NGX is the NGX Rulebook of 2015, which may be amended occasionally. The regulations for listing securities on the FMDQ include the FMDQ Bond Listing and Quotation Rules December 2014, the FMDQ Short-Term Bonds Registration Process and Listing Rules
2016, the Sukuk Listing Rules 2017, and the FMDQ Commercial Paper Registration and Quotation Rules April 2021, whereas the regulation for listing on the NASD is the NASD OTC Market Rules. These rules are, however, amended from time to time.
FMDQ Private Markets Limited, a subsidiary of FMDQ Group Plc, offers a platform for the registration of instruments issued by private companies in the capital markets. This platform facilitates the disclosure of private companies’ activities in the Nigerian capital markets by serving as an information repository – the information is recorded via a restricted access portal called the Private Companies’ Securities Information and Distribution Portal.
In addition, FMDQ Private Markets features three boards for private company bonds: the Private Companies’ Bonds (PCB) Main Board, the Growth Board, and the Cradle Board. The specific board a company is listed on depends on the nature of the issuer and its ability to meet the relevant requirements.
The rules and regulations applicable to each asset class extend to securities listing, transaction monitoring, and compliance by members with the ISA, the SEC Rules and the various rules of the applicable exchanges and trade points. The ISA enables the SEC to oversee the derivatives market.
In December 2019, the SEC approved and published rules that regulate both exchange-traded and OTC derivatives, as specified. Notwithstanding the foregoing and in line with the Digital Assets Rules and the ARIP, cryptocurrency-related transactions will likely be regulated under the foregoing rather than the broader rules on derivative trading.
The adoption of cryptocurrency in Nigeria was initially met with scepticism and regulatory uncertainties, but it has more recently gained acceptance. The first positive response was given by the SEC in September 2020 when it published the Statement on Digital Assets and their Classification and Treatment, whereby the SEC – asserting that all digital assets are securities (unless proven otherwise) and thus subject to its regulatory purview – set out a regulatory framework for digital assets.
On the other hand, after two previous circulars warning of the dangers of cryptocurrencies, in February 2021, the CBN issued a circular prohibiting banks and other financial institutions from facilitating transactions involving cryptocurrency and directing said banks and other financial institutions to identify and close down the accounts of persons operating cryptocurrency exchanges within their systems. This directive from the CBN was generally regarded as a “crypto ban”. Following the crypto ban, the SEC released a statement asserting that there was no conflict between its position and the CBN’s position but that entities affected by the crypto ban would not be admissible to its RI Programme until such entities can operate bank accounts in Nigeria.
Notwithstanding the foregoing, in May 2022, the SEC issued the Digital Assets Rules, which sought to establish a framework for the regulation and operations of digital assets within Nigeria. The general expectation, albeit unconfirmed by either regulator at the time, was that entities registered by the SEC under the DAR would be exempted from the crypto ban imposed by the CBN. Twenty months after the issuance of the DAR, the CBN issued the Account Guidelines, which, in essence, confirmed that entities registered as VASPs under the Digital Assets Rules may now operate specialised bank accounts in Nigeria. The SEC subsequently introduced the ARIP as an interim measure to register VASPs and has admitted some entities into its first cohort.
Aside from the actions of the SEC and the CBN, the National Assembly passed the Nigerian Finance Act 2023 in June 2023 (Finance Act). Under the Finance Act, individuals and businesses that buy, sell and trade digital assets (including cryptocurrencies) will be subjected to a deduction of 10% tax on their earnings. Similarly, it will be recalled that VASPs had been included in the MLPA. Relatedly, the CBN issued a Central Bank Digital Currency called e-naira in 2021 and indicated approval for a stablecoin pegged to the naira called cNGN in 2023.
In essence, cryptocurrency exchanges have had a profound impact on the regulatory environment in Nigeria, and the regulatory changes have, in turn, affected the fintech market. The absence of a clear-cut regulatory oversight concerning cryptocurrency exchanges has significantly impacted the financial market, with almost USD2 million lost by a single cryptocurrency exchange platform, Patricia. This loss remains unaccounted for, and there were valid concerns at the time that the loss might spill over into the formal payment/banking system.
It should be noted that three major fintech companies that ceased operations in 2023 were related to cryptocurrency. There is speculation that the high burn rate in the industry is linked to the regulatory challenges faced by participants. With the introduction of an accepted regulatory framework that does not include a ban on cryptocurrency, it is anticipated that clear prudential guidelines and remedies will be established to address any other issues that may arise concerning cryptocurrency exchange platforms.
Companies seeking to be listed on the NGX must comply with the NGX’s listing rules in the NGX Rulebook as well as the relevant provisions of the CAMA, the ISA and the SEC Rules. A company may be listed on the Main Board, the Premium Board, the Technology Board or the Growth Board of the NGX. In addition, the main board of the NGX has three listing standards that apply to companies seeking to list on the Main Board. The NGX Rulebook also stipulates other listing requirements for companies seeking to be listed on the Premium Board, the Growth Board and the Technology Board.
Furthermore, the FMDQ Bond Listing and Quotation Rules December 2014 provides for the listing standards for the quotation of securities for companies, mutual funds, exchange-traded funds, and mortgage-backed and asset-backed securities on the FMDQ. Meanwhile, the NASD OTC Market Rules sets out the requirements for a company seeking to be listed on the NASD OTC Securities Exchange.
Also, private companies seeking to note securities on the FMDQ Private Companies’ Securities Information and Distribution Portal must comply with the requirements of the following rules issued by the FMDQ Private Markets, depending on the type of security:
No general order-handling rules apply to dealers in the Nigerian capital markets regulatory sphere, as each exchange is expected to issue its order-handling rules. By way of example, the NGX Order Handling Rules regulate order handling and execution for dealing members. These rules provide that when executing a client’s order, a dealing member must take into account the following criteria for determining the relative importance of the execution factors:
Peer-to-peer trading platforms are subject to the same regulatory regime as centralised trading platforms. However, decentralised peer-to-peer trading platforms have emerged as an alternative to traditional players, especially when the regulatory environment prevents traditional players from effectively participating.
A good example of the foregoing is the use of peer-to-peer trading platforms to fund and withdraw from accounts held with cryptocurrency exchange platforms. It should be recalled that the crypto ban was in place until December 2023, thereby forcing traders in cryptocurrency to embrace peer-to-peer trading platforms to allow inflow and outflow of monies without the risk of having their bank accounts closed down. However, peer-to-peer cryptocurrency trading platforms will be regarded as either VASP and/or DISP under the ARIP.
No rules or regulations expressly permitting or prohibiting payment for order flow. However, the NGX Order Handling Rules provide that each dealing member must execute its client’s specific instructions and take all reasonable steps to obtain the best possible result for a client while executing an order or a specific aspect of an order. In addition, the NGX rules on the registration of market makers provide that every applicant who intends to be a market maker must ensure that they have in place a proper supervisory programme and a system to ensure proper management of conflict of interest.
Currently, the NGX has a market surveillance and investigation department whose primary mission is to protect the integrity of the capital market from fraud, manipulation and abusive practices and to ensure fair and orderly market and investor protection. Additionally, the NGX launched the X-whistle, which is a whistle-blowing portal for secure and effective submission of information relating to violations of rules and regulations in the Nigerian capital market. X-Whistle allows any person to raise genuine concerns about unethical or unlawful conduct by market participants on an anonymous basis to protect market integrity. In 2020, the NGX (then NSE) upgraded X-Whistle in order to strengthen investor protection. The upgraded portal features a single repository for complaints, tips, and referrals, as well as the ability to generate detailed and varied reports with analytics for proper tracking.
Like the NGX, the FMDQ also has a market surveillance department that monitors members’ trading activities to ensure transparency, credibility and integrity in the FMDQ markets. The FMDQ also takes disciplinary actions against its members for violations of the FMDQ rules and regulations and publishes compilations of these actions on its website monthly. The FMDQ whistle-blowing policy allows stakeholders (members, employees, regulators, investors, industry professionals, issuers and the general public) to provide tips regarding activities/issues within the FMDQ portals.
There are currently no regulations in relation to high-frequency and algorithmic trading in Nigeria.
Although high-frequency trading is not prevalent in Nigeria, the NGX Rulebook provides that firms wishing to be considered for market-making functionality when applying for a dealing membership will need to meet higher technological requirement levels, which include the ability to manage, measure and control their portfolio risk using probability algorithms that take into consideration their open positions, borrowing inventory, and collateralised obligations.
The SEC Rules and the ISA do not specifically provide for the registration of market makers in high-frequency and algorithmic trading when they are functioning in a principal capacity.
There are no regulatory distinctions between funds and dealers engaged in high-frequency and algorithmic trading.
There are currently no regulations for high-frequency and algorithmic trading and programmers in Nigeria. However, the Robo-Advisory Rules provide that robo-advisers must – at a minimum – disclose in writing the following to their clients:
In addition, robo-advisers are required to have policies, procedures and controls in place to monitor and test the algorithms regularly to ensure that they are performing as intended and – at a minimum – processes and controls to detect any error or bias in the algorithms.
The 2025 Guidelines For Insurtech Operations In Nigeria (Insurtech Guidelines) were recently introduced, which created two classes of insurtechs:
However, we have yet to see how these regulations will play out in practice.
Under the Insurtech Guidelines, products shall be categorised as contained in the Insurance Act and other Guidelines as the Commission may approve and release.
There is no substantive law that regulates regtech providers in Nigeria. However, depending on the nature of the tools adopted and the services provided, the activities of regtech companies may be regulated by cross-sectorial laws and/or regulations. An example of such regulation is the NDPA. Accordingly, regtech providers whose activities entail the processing of personal data of data subjects would be bound to comply with the provisions of the NDPA. Where the activities of regtech providers involve the processing of personal data of a customer of a financial institution, for example, such regtech company will be directly obliged to comply with the provisions of the NDPA.
Generally, the nature and terms of the contract between financial services firms and regtech providers are predominantly governed by the contract’s general principles and the parties’ agreed terms during negotiation.
Notwithstanding the existence of such contracts, financial services firms have a duty to ensure that specific contractual terms/clauses are inserted in service contracts to make the services consistent with regulatory provisions.
Through the Consumer Protection Framework 2016, the CBN imposes a duty on financial services institutions to ensure that they put effective consumer risk management frameworks in place to protect consumers’ information and assets. Consequently, financial services firms – when contracting with regtech providers – insist on assurances that the regtechs accurately process and adequately protect consumer details.
The application of blockchain technology in the Nigerian financial services industry is increasingly gaining momentum, as industry players are now utilising it in their service delivery. Notably, in 2022, it was announced that NGX would commence using blockchain technology for trade settlement in 2023; however, no further developments were recorded in this regard. Zone’s blockchain continues to spark interest from traditional financial players, but no major reports exist.
Relatedly, as mentioned in 7.3 Impact of the Emergence of Cryptocurrency Exchanges, there have been ongoing discussions on adopting cNGN (a stablecoin pegged to the naira).
Blockchain technology is generally unregulated in the Nigerian financial services industry. However, the adoption of blockchain technology via digital or virtual assets is now regulated in certain respects, particularly following the introduction of the Digital Assets Rules and the ARIP, as discussed earlier.
Per the SEC’s Digital Assets Rules, blockchain assets may be divided into digital assets and virtual assets. Digital assets are digital tokens representing assets such as debt or equity claims on the issuer, whereas virtual assets are digital representations of value that can be transferred, digitally traded, and used for payment or investment purposes. Virtual assets do not include digital representation of fiat currencies, securities and other financial assets.
The Digital Asset Rules require all promoters/entities/businesses proposing to conduct initial digital asset offerings within Nigeria (or targeting Nigerians) to submit an assessment form, a draft White Paper, and a legal opinion on whether or not the tokens are securities. The SEC will review the submission, and where the SEC concludes that the assets are securities, the issuer will be required to register such assets. The authors, however, note that the SEC has yet to issue any licence under these rules but has issued some approvals under the ARIP.
Blockchain asset trading platforms are regulated under Part D – Rules on VASPs and Part E – Rules on Digital Asset Exchange (DAX) of the Digital Assets Rules.
VASPs are required to register under Part D by filing the appropriate SEC forms and submitting all required documents. VASPs have various obligations, including monitoring and ensuring compliance with its rules, ensuring fair treatment of its users, and obtaining and retaining self-declared risk acknowledgement forms from users before their investment.
DAX operators must comply with general requirements for VASPs and seek registration as DAX operators under Part E. There are various regulatory restrictions/obligations for DAX operators. These obligations include reporting obligations and the submission of rules to the SEC. Perhaps the most prominent restriction is the prohibition of DAX operators from facilitating the trading of any virtual/digital asset unless the SEC has issued a no-objection to the trading of the virtual digital asset.
While staking services are not specifically addressed in Nigerian laws, they are regulated under the broader framework for digital assets and VASPs and fall under the regulatory framework established by the SEC and the CBN. VASPs are entities that facilitate the exchange, trading, transfer, or other services involving virtual assets.
Entities that wish to operate legally in the staking services sector must register with the SEC, obtain the necessary license, and comply with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations. They are also required to fulfill reporting obligations, which include disclosing information about their operations, directors, and beneficial owners.
The regulatory environment is evolving, and the CBN, which initially prohibited banks from facilitating cryptocurrency transactions in 2021, has since relaxed its stance. In December 2023, the CBN allowed financial institutions to open bank accounts for crypto businesses, provided they comply with SEC licensing requirements.
The provision of lending services relating to cryptocurrencies is regulated in Nigeria. SEC regulates such activities under its Digital Assets Rules. These rules broadly define virtual assets as digital representations of value used for payment, trading, or investment purposes and establish the framework for regulating VASPs.
Lending services involving cryptocurrencies fall within the broader scope of VASPs, subject to licensing and registration requirements under the SEC’s framework. This includes compliance with anti-money laundering (AML) and know-your-customer (KYC) standards, reporting obligations, and other operational guidelines.
The offering of cryptocurrency derivatives is regulated in Nigeria under the Digital Assets Rules. These rules define virtual assets as “a digital representation of value that can be transferred, digitally traded and used for payment or investment purposes.” The regulation introduces various categories of VASP, each with specific registration and licensing requirements.
Entities involved in offering cryptocurrency derivatives must register with the SEC and comply with the regulatory framework outlined in the Digital Assets Rules. This includes adherence to anti-money laundering (AML) and know-your-customer (KYC) requirements, as well as other operational and reporting obligations. The SEC’s framework aims to ensure that all digital asset market participants operate within a regulated environment to protect investors and maintain market integrity.
There are currently no specific laws or regulations governing DeFi in Nigeria. However, the authors are mindful that the operations of DeFi platforms are likely to be treated as those of a VASP under the Digital Assets Rules.
The Digital Aset Rules provide limits on funds to be raised by an issuer. Specifically, the maximum quantum of funds an issuer may raise within any 12-month period is NGN10 billion or 20 times the issuer’s shareholders’ funds (whichever is lower). The issuer is also required to demonstrate that the gross proceeds to be raised would be sufficient to undertake the project as proposed in the White Paper.
In addition, it is probable that market intermediaries and market operators dealing in such fund derivatives and collective investment will need to be registered or approved by the SEC.
The e-naira and the cNGN are the only virtual currencies/stablecoins recognised by the CBN. It is also unlikely that virtual currencies will be deemed virtual or digital assets under the Digital Asset Rules. Nevertheless, under the 2020 SEC Statement on Crypto-Assets, virtual currencies will be treated as commodities if traded on a recognised investment exchange and/or where they are issued as an investment.
NFTs may be regarded as virtual or digital assets under the Digital Asset Rules.
In 2021, the CBN issued the Regulatory Framework for Open Banking in Nigeria (the Open Banking Framework) in its effort to enhance competition and innovation in the banking system. Subsequently, building on the Open Banking Framework, the CBN – in collaboration with industry stakeholders – developed and issued the Operational Guidelines for Open Banking (Operational Guidelines) in 2023. The Operational Guidelines set out detailed provisions on – among other things – the responsibilities and expectations for the participants in the open banking ecosystem, the framework for sharing information, and customer experience standards.
The ease of accessibility to data occasioned by open banking raises confidentiality and privacy concerns. It is, however, commendable that the Open Banking Framework and Operational Guidelines require participants to comply with all data privacy laws and regulations (including the NDPA consumer protection obligations).
Under Nigerian law, the elements of fraud – otherwise known as “obtaining by false pretence” – are that:
The foregoing also applies to financial services and fintech in Nigeria. Such entities must file returns on incidents and fraud attempts recorded within the reporting period.
Regulators in Nigeria are focused on combating all areas of fraud in the financial industry. However, the key focus areas are money laundering and advance fee fraud, as well as other related offences.
The CBN’s Consumer Protection Regulations 2019 require financial institutions to avoid unfair contract terms that limit their liability to customers. This means that if fintech’s actions or negligence leads to customer losses, they are responsible for compensating the affected customers.
Additionally, the FCCPA empowers the FCCPC to enforce consumer rights, including the right to fair treatment and protection from unfair practices. fintech companies must adhere to these standards to avoid legal repercussions.
Specific situations where Nigerian fintech service providers could be held responsible for losses suffered by a customer are as follows.
Negligence in Service Delivery
If a fintech company fails to meet its duty of care in providing services, such as failing to ensure secure transactions, leading to financial loss (e.g., unauthorised transactions or cyber theft), the company could be liable for the direct financial losses caused by its negligence. They may be required to compensate the customer for the full loss amount.
Breach of Contract or Unfair Terms
If the fintech service provider has breached its contract or included unfair terms in agreements that limit its liability to the customer, it may be liable for the losses. For example, if the terms allow the company to avoid responsibility for certain failures, and those failures result in customer loss, the company may be held accountable.
Failure to Provide Accurate Information
If a fintech service provider offers misleading or inaccurate information that leads the customer to make poor financial decisions or incur losses (eg, incorrect data about investment opportunities), the company may be held liable.
Failure in Safeguarding Customer Funds
If a fintech platform negligently fails to secure customers’ funds or personal data, leading to fraud, hacking, or theft, it would be responsible for those losses. This includes failure to implement robust cybersecurity measures.
Violation of Consumer Protection Regulations
Under Nigerian law, particularly the FCCPA, fintech companies must not engage in unfair trade practices or violate customer rights. They could be held liable if they fail to adhere to consumer protection laws and cause harm to the customer (such as charging hidden fees or withholding funds unfairly).
Failure to Resolve Queries
If a customer suffers losses and the fintech company fails to address complaints or resolve queries properly, especially when the service was defective or the customer was charged incorrectly, the company could be held liable.
Breach of Data Protection Laws
If a fintech company violates data protection laws, such as the Nigerian Data Protection Act, by mishandling a customer’s personal data, leading to identity theft or financial loss, it could be held responsible.
48 Awolowo Road South West
Ikoyi Lagos
Nigeria
+234 1252 0795
banwigho@banwo-ighodalo.com www.banwo-ighodalo.comIntroduction
Nigeria’s financial technology (fintech) industry has grown into one of Africa’s most significant financial ecosystems, reshaping traditional banking, payments, lending, insurance, and wealth management. Driven by innovation, investment, and regulatory shifts, the sector will continue to evolve rapidly in 2025, expanding financial access and efficiency.
The fintech sector has become a cornerstone of Nigeria’s digital economy, attracting both domestic and foreign investment. As of 2025, Nigerian fintech start-ups have raised billions of dollars in funding, contributing to the country’s position as one of Africa’s leading fintech hubs. The rapid adoption of digital payments, mobile banking, and alternative financial services has accelerated financial inclusion, bringing millions of previously unbanked individuals into the formal financial system.
Despite its impressive growth, the fintech industry operates within a complex regulatory environment. Regulatory bodies such as the Central Bank of Nigeria (CBN), the Securities and Exchange Commission (SEC), the Nigeria Data Protection Commission (NDPC), and the Federal Competition and Consumer Protection Commission (FCCPC) have introduced policies to balance innovation with financial security. With increasing smartphone penetration, digital payment adoption, and alternative credit solutions, the landscape is transforming at an unprecedented pace.
This article explores the major trends, regulatory updates, and key developments shaping the Nigerian fintech industry in 2025.
Regulatory Landscape and Compliance Developments in Nigeria’s Fintech Sector
Regulation remains a cornerstone of financial technology (fintech) expansion in Nigeria, ensuring market stability, consumer protection, and systemic resilience. Regulatory agencies such as the Central Bank of Nigeria (CBN), the Securities and Exchange Commission (SEC), the Nigeria Data Protection Commission (NDPC), and the Federal Competition and Consumer Protection Commission (FCCPC) continue to refine and enforce policies that shape the digital finance ecosystem. Recent regulatory developments reflect a concerted effort to enhance financial inclusion, data security, and market integrity while addressing emerging risks in the rapidly evolving fintech landscape.
CBN Oversight and Payment Regulations
The CBN remains Nigeria’s principal regulator overseeing digital banking, mobile money, and electronic payment services. In response to the payments sector’s dynamic growth, the apex bank has introduced and refined policies that provide a structured framework for fintech operations. The updated Guidelines on Mobile Money Services clarify key licensing requirements, operational models, and capital adequacy thresholds, ensuring that mobile money operators maintain financial stability while expanding their services.
Additionally, the Payment Systems Vision 2025 (PSV 2025) outlines strategic objectives to reduce the volume of cash transactions and accelerate the adoption of digital payments. This vision aligns with broader national financial inclusion goals, fostering efficiency in electronic transactions while minimising the risks associated with cash-based economies.
A major regulatory milestone has been the revised Open Banking Framework, which mandates secure data-sharing protocols among financial institutions. This framework facilitates greater interoperability within the banking and fintech sectors, promoting competition, innovation, and consumer access to diverse financial products. The CBN aims to expand digital financial services while safeguarding data privacy and security by enabling third-party providers to securely access customer financial data with user consent.
Furthermore, the CBN has intensified supervisory oversight of digital lenders and payment service providers, ensuring compliance with ethical lending practices and financial stability requirements. The regulatory landscape has evolved to accommodate Payment Service Banks (PSBs), which are financial institutions licensed to operate in underserved and rural areas. PSBs have empowered telecommunications firms and fintech start-ups to deliver basic banking services to unbanked populations, thereby driving financial inclusion and reducing barriers to accessing formal financial services.
The regulator’s overarching emphasis on reducing cash dependency complements Nigeria’s broader economic transformation agenda. It supports digital financial transactions, enhances transparency, and mitigates the risks associated with cash-based economies, such as fraud, tax evasion, and illicit financial flows.
SEC’s Digital Asset and Crowdfunding Regulations
Recognising the proliferation of investment-related fintech firms, the Securities and Exchange Commission (SEC) has introduced and enforced policies designed to enhance investor protection and ensure regulatory compliance in capital market innovations. The SEC Crowdfunding Regulations establish clear guidelines for start-ups and businesses leveraging digital platforms to raise capital. These rules impose compliance obligations on crowdfunding intermediaries, requiring them to implement investor protection measures, maintain transparent disclosures, and prevent fraudulent fundraising activities. The framework ensures that equity crowdfunding remains viable for start-ups to access funding while safeguarding investors from potential exploitation.
Additionally, the SEC Rules on Digital Assets and Virtual Asset Service Providers (VASPs) outline stringent regulatory requirements for cryptocurrency exchanges, blockchain-based financial services, and tokenised securities. The SEC mandates virtual asset platforms to comply with rigorous licensing, reporting, and risk management obligations. By enforcing strict Anti-Money Laundering (AML) and Know-Your-Customer (KYC) standards, the regulatory framework aims to mitigate illicit financial activities while fostering responsible innovation within Nigeria’s digital asset ecosystem.
Given the growing adoption of cryptocurrency and decentralised financial services, fintech companies operating in this space must align with SEC regulations to ensure compliance, protect investors, and enhance market integrity.
Data Protection and Consumer Privacy Compliance
Data protection and cybersecurity have become focal points of regulatory enforcement with the increasing digitisation of financial services. The Nigeria Data Protection Act 2023 (NDPA) Nigeria Data Protection Regulations (2019) imposes stringent compliance obligations on fintech firms, requiring them to implement robust data governance measures, secure financial data processing mechanisms, and uphold consumer privacy rights. Under the NDPA, fintech companies must obtain explicit user consent before processing personal financial data or engaging in cross-border data transfers. This regulation aligns with global data protection best practices, ensuring that Nigeria’s financial ecosystem maintains high standards for data security and privacy.
The Nigeria Data Protection Commission (NDPC) actively enforces compliance through audits, investigations, and penalties for data breaches or unauthorised data handling practices. Given the regulator’s heightened scrutiny, fintech firms must adopt advanced cybersecurity protocols, including encryption technologies, fraud detection systems, and transparent data-handling policies.
Failure to comply with data protection regulations can result in hefty fines, reputational damage, and legal liabilities. As such, fintech firms must proactively invest in compliance frameworks, strengthen their data security infrastructure, and ensure adherence to evolving regulatory expectations.
FCCPC and Consumer Protection Frameworks
The rapid expansion of digital lending platforms in Nigeria has raised concerns regarding unethical lending practices, high interest rates, and aggressive debt collection methods. In response, the Federal Competition and Consumer Protection Commission (FCCPC) has expanded its Digital Lending Guidelines to enforce fair lending standards and prevent predatory financial practices. The revised lending regulations require digital lenders to register with the FCCPC, disclose clear loan terms, and adhere to ethical debt recovery practices. Lenders must ensure that borrowers receive transparent, fair, and non-coercive lending terms, reducing the risks of consumer exploitation.
Beyond digital lending, the FCCPC continues to enforce consumer protection standards across the fintech sector, ensuring that companies uphold fair competition principles, prevent deceptive financial practices, and maintain compliance with consumer rights regulations. Fintech firms must integrate robust risk management frameworks, establish transparent dispute resolution mechanisms, and enhance customer service protocols to align with evolving consumer protection laws.
Emerging Trends Driving Fintech Growth
Expansion of digital payments and mobile money
The acceleration of digital payments remains a defining factor in Nigeria’s fintech growth, with financial technology firms and telecommunications operators leading the expansion of mobile money services. The increasing adoption of cashless transactions is driven by consumer demand for convenience, government-led financial inclusion policies, and the CBN’s Payment Service Bank (PSB) licensing framework, enabling non-bank entities, including telecom companies and fintech start-ups, to provide basic financial services. This expansion has significantly increased banking penetration in previously underserved communities, allowing individuals and small businesses in rural and remote areas to access formal financial services. Mobile money platforms have emerged as critical enablers of financial transactions, facilitating peer-to-peer transfers, bill payments, and merchant transactions through mobile wallets and digital banking applications.
In addition, contactless payment solutions, QR code-based transactions, and digital wallets are becoming more prevalent across various sectors, including retail, hospitality, and transportation. As consumer behavior shifts towards digital-first payment methods, businesses are integrating these technologies into their operations, reducing dependency on cash and enhancing transaction efficiency.
Another notable development is the rise of Buy Now, Pay Later (BNPL) services, which have gained substantial traction among Nigerian consumers, particularly in the e-commerce space. BNPL platforms allow users to access instant credit for essential and discretionary purchases, offering a flexible alternative to traditional lending. These platforms leverage AI-powered risk assessment models to assess creditworthiness, enabling individuals without formal credit histories to participate in the credit economy. As BNPL adoption grows, its impact on consumer spending patterns, online retail expansion, and financial accessibility is expected to increase.
Artificial Intelligence and automation
Artificial Intelligence (AI) is revolutionising risk assessment, fraud detection, and customer service. AI-driven credit scoring models are improving loan approvals for individuals and businesses without traditional credit histories. Fintechs also leverage AI-powered chatbots for dispute resolution and financial advisory services, streamlining customer interactions and enhancing service delivery.
Machine learning algorithms are playing a critical role in fraud prevention, helping financial institutions identify suspicious transactions and mitigate cybersecurity risks. As AI adoption deepens, fintech firms are investing in advanced analytics and automated compliance solutions to improve operational efficiency.
Embedded finance and “Super Apps”
The concept of embedded finance, the integration of financial services into non-financial platforms, has gained substantial momentum in Nigeria’s fintech space. Businesses across diverse industries, including e-commerce, ride-hailing, logistics, and retail, embed financial services such as payments, lending, and insurance directly into their platforms, providing users with seamless and convenient financial experiences. For instance, e-commerce platforms now offer embedded payment solutions, enabling consumers to complete transactions without relying on external payment gateways. Similarly, ride-hailing companies and delivery services have integrated financial products such as microloans and insurance packages, allowing drivers and gig workers to access essential financial services within their platforms.
The growing trend of super apps is also transforming Nigeria’s fintech ecosystem. Leading fintech firms are building multi-service platforms combining digital banking, lending, investment management, and lifestyle services into one application. These super apps provide users with an all-in-one financial experience, eliminating the need to switch between multiple platforms for different financial needs.
As embedded finance and super apps continue to gain traction, fintech companies are forming strategic partnerships with traditional banks, insurance firms, and regulatory bodies to expand their service offerings while ensuring compliance with evolving financial regulations.
Central Bank Digital Currency (CBDC) adoption
The Central Bank of Nigeria (CBN) has been actively promoting the adoption of Nigeria’s Central Bank Digital Currency (CBDC), the eNaira, as part of its broader effort to drive digital financial transformation. Since its launch, the eNaira has been integrated into digital wallets, with ongoing initiatives to expand its use for cross-border remittances, merchant transactions, and government disbursements.
Despite its potential benefits, eNaira adoption has faced challenges, including limited public awareness, concerns over digital literacy, and the dominance of existing digital payment solutions. However, the CBN continues to roll out incentives, regulatory frameworks, and fintech partnerships aimed at encouraging greater adoption. By enabling more seamless peer-to-peer transactions and reducing reliance on traditional banking infrastructure, the eNaira is expected to play a crucial role in the future of Nigeria’s digital payment ecosystem.
Blockchain and Decentralised Finance (DeFi)
Although Nigeria’s fintech regulatory environment remains cautious toward blockchain-based financial solutions, interest in decentralised finance (DeFi) continues to grow among investors, start-ups, and financial innovators. DeFi platforms leverage smart contracts and blockchain technology to offer financial services such as peer-to-peer lending, tokenised asset trading, and decentralised exchanges without reliance on traditional banking intermediaries.
The potential of blockchain technology extends beyond cryptocurrency trading. Nigerian fintech companies and financial institutions are exploring blockchain-based payment solutions, which offer enhanced security, transparency, and efficiency for domestic and international transactions. The tokenisation of assets, including real estate and commodities, is also emerging as an innovative use case, enabling fractional ownership and improved liquidity in investment markets.
Regulatory uncertainty remains a key challenge for widespread DeFi adoption in Nigeria. However, the Securities and Exchange Commission (SEC) is expected to introduce comprehensive guidelines to govern DeFi platforms, ensuring investor protection while fostering blockchain innovation. As regulatory clarity improves, Nigeria’s fintech ecosystem could witness increased integration of blockchain solutions into mainstream financial services.
Legal and compliance challenges
As fintech adoption grows, legal and compliance risks remain a challenge. Strict adherence to AML and Counter-Terrorism Financing (CTF) laws is crucial, and fintech is required to implement KYC verification and transaction monitoring systems. Regulatory bodies are increasing enforcement actions against non-compliant firms, making legal, due diligence essential for start-ups and established fintech companies alike.
Consumer protection remains a major focus, with the FCCPC Act and CBN Consumer Protection Framework mandating fair lending practices, transparent pricing, and dispute resolution mechanisms. The evolving nature of financial crime and cybersecurity threats has also prompted regulators to enforce stricter cybersecurity compliance frameworks, requiring fintech firms to adopt international best practices in data encryption, fraud prevention, and risk management.
Cross-border transactions present additional legal considerations, with fintech firms engaging in global trade must comply with international data protection laws. Nigerian fintechs expanding beyond local markets must navigate the complexities of international financial regulations while ensuring local compliance.
Conclusion
The Nigerian fintech industry in 2025 will be defined by continued technological innovation, evolving regulatory frameworks, and an increasing focus on improving financial accessibility. Fintech firms continue to disrupt traditional financial models, offering alternative solutions to banking and financial services. However, the need for regulatory compliance has never been more important. For long-term sustainability, fintech companies must navigate regulatory landscapes effectively, ensuring that they meet the Central Bank of Nigeria (CBN)and theSecurities and Exchange Commission (SEC)requirements.
The rise of digitalpayments, AI-driven financial services, and decentralised finance (DeFi) is accelerating the digital transformation of financial services. These advancements enable greater financial inclusion, bringing essential services to previously underserved populations. Yet, as fintech companies expand, they must also invest in cybersecurity, data protection, andfraud prevention to ensure their offerings are innovative and secure.
Strategic partnerships with traditional financial institutions, telecom companies, and regulators will be key to overcoming operational and regulatory challenges. These collaborations help fintechs integrate into the broader financial ecosystem, ensuring compliance while expanding their services. Furthermore, continued investment in digital infrastructure including cloud computing, secure payment systems, and data storage will be crucial to supporting the growing demand for reliable, secure financial solutions.
As the Nigerian fintech sector grows, it is positioned to play an increasingly important role in shaping the future of finance not just in Nigeria but across the African continent. By balancing innovation with regulatory compliance and security, the fintech industry can continue to grow, driving financial inclusion, enhancing access to financial services, and contributing to the region’s broader economic development.
Plot 1B
Block 129
Jide Sawyerr drive
Lekki Phase 1
Lagos
Nigeria
+234 (0) 700362529
info@doa-law.com www.doa-law.com