Understanding Financial Technology (Fintech) Regulatory Framework in Nigeria

Understanding Financial Technology (Fintech) Regulatory Framework in Nigeria

By Ekele Chinda


The Financial Technology (fintech) Industry is rapidly developing in Nigeria. Fintech is the use of creative and innovative technology to improve financial services. The advent of smartphones and other technology innovations has enhanced the access to finance and the use of technology to render services is evidenced through mobile and retail banking, payment and processing, lending, capital market trading, investment, crypto or virtual currency

Fintech has changed the traditional means of banking and rendering of other financial services not only in Nigeria but all over the world.

What Is Financial Technology (Fintech)?

Financial technology (better known as fintech) is used to describe new technology that seeks to improve and automate the delivery and use of financial services. At its core, fintech is utilized to help companies, business owners, and consumers better manage their financial operations, processes, and lives. It is composed of specialized software and algorithms that are used on computers and smartphones. Fintech, the word, is a shortened combination of “financial technology.” The financial products offered by FinTech include money transfer, investing, lending, crowd funding, crypto-currency, smart contract, peer to- peer payments, amongst others.

FinTech in Nigeria was birthed in 2007, with the Payments System Vision 2020 however it became very popular in 2012 with the introduction of the cashless policy. Through the implementation of the PSV2020 and subsequent activities of CBN and the Financial Services Sector, Nigeria has witnessed an impressive growth of electronic payments and a move from the dominance of cash as a means of payment. In 2013, CBN initiated a further formal assessment of the payments market, resulting in the issuing of PSV2020 Release 2.0. The goal of the PSV2020 is “to facilitate economic activities by providing safe and efficient mechanisms for making and receiving payments with minimum risks to the Central Bank, payment service providers and end-users, extending the availability and usage to all sectors and geographies, banked and unbanked, and conforming to internationally accepted regulatory, technical and operational standards.”

The absence of a direct and unified regulation on FinTech in Nigeria lead to the notion that the Nigerian FinTech industry is uncharted territory. However, notwithstanding the inexistence of a cohesive FinTech regulation, the Central Bank of Nigeria (CBN) has issued several guidelines, which impacts various aspects of the FinTech industry, especially the digital payments sub sector which has witnessed the highest amount of activity. These regulations seek to improve financial inclusion while allowing for continuous innovation.


The Central Bank of Nigeria ( CBN )has issued guidelines that impact FinTech companies in Nigeria and these guidelines are elaborated below

1. Guidelines on Mobile Money Services

In 2009, the CBN issued the guidelines on mobile money services in Nigeria
with the aim of ensuring a structured and orderly development of mobile money services in Nigeria. Basically mobile money services are financial services offered over mobile devices, such as mobile payment, credit card payment.The guidelines identify two models for the implementation of mobile money services: Bank Led and Non-Bank Led.

Under the Bank Led model, either a bank or a consortium of banks may act as a Lead Initiator in providing mobile money services as part of its banking services.

A corporate organization (other than a deposit money bank or telecommunication company) specifically licensed by CBN to provide mobile
money services in Nigeria may also act as a Lead Initiator of mobile money services under the Non-Bank Led model.

The guideline also identifies the various participants in the mobile money industry – Banks, licensed corporate organizations, infrastructure providers,
Mobile Network Operators (MNOs), and consumers – their roles and responsibilities and, the minimum technology standards and business rules.

2. Guidelines on Operations of Electronic Payment Channels
The electronic payment guidelines provide specific regulations on the use and operations of the following e-payment channels: Automated Teller Machine
(ATM), Point of Sale (POS) machines, Mobile Point of Sale (MPOS) devices and the Internet. The guidelines are made to supersede the previous standards and guidelines on ATM operations and POS card acceptance services issued by the Central Bank of Nigeria (CBN).The e-payment guidelines identify stakeholders in electronic payment, such as Acquirers, Issuers, Merchants, and Cardholders, and define their roles and responsibilities. It specifies the standards and specifications for ATM technology, guidelines for ATM deployment, minimum standards and specifications for POS terminals, minimum standards and technical specifications for MPOS devices, and minimum standards for gateway provider of web payment.

The guidelines also establish a settlement mechanism for POS and MPOS transactions with the Nigeria Interbank Settlement Systems (NIBSS) acting as
the Payment Terminal Service Aggregator for the financial industry.

3. Regulatory Framework for the Use of USSD for Financial Services in Nigeria

Taking effect from October 2018, the guidelines seek to reduce the risks associated with the Implementation and use of USSD technology for offering financial services in Nigeria. Therefore, only mobile network operators and CBN licensed entities with a letter of no objection or letter of introduction from the CBN are eligible for the issuance of USSD short codes by the Nigerian Communications Commission (NCC).

A transactional limit of N100, 000 per customer, per day, is placed on all transactions conducted through the USSD channel, and a customer desirous of a
higher limit will be required to execute a documented indemnity.

The guidelines also require financial institutions providing use of the USSD channel to encrypt all USSD information and offer customers the option to opt in/out of the USSD channel. Furthermore, no USSD channel shall be deployed for financial services unless a deactivation mechanism, which allows users to block their account from operating USSD services, is put into place.

4. Blockchain and Virtual Currency

In light of the emergence of virtual currencies and the risks associated with virtual currency exchanges and virtual currency activities, the Central Bank of Nigeria, on the 12th of January 2017, by a circular, drew the attention of banks and other financial institutions to these risks and required them to take the following actions pending substantive regulation by the CBN:

i. Ensure they do not use, hold, trade or transact in virtual currencies, such as Bitcoin, Ripples, Litecoin, Onecoin, etc.
ii. Ensure that existing bank customers that are virtual currency exchangers have effective Anti-Money Laundering/Combating Financing of Terrorism controls that enable them to comply with customer identification, verification and transaction monetary requirements.

iii. Where banks or other financial institutions are not satisfied with the controls put in place by the virtual currency exchanges customers, the relationship should be discontinued; and
iv. Any suspicious transaction should immediately be reported to the Nigerian Financial Intelligence Unit (NFIU).

Any financial institution that ignores the above caution, does so at its own risk.

In a further press release on the 28th of February 2018, the CBN reiterated its position that cryptocurrencies and Exchanges are neither licensed nor regulated in Nigeria and dealers or investors in any kind of cryptocurrency in Nigeria are not protected by law.

Protecting Personal Data in Nigeria’s FinTech Ecosystem

The Nigerian Data Protection Regulation issued by the National Information Technology Development Agency (NITDA) in January 2019 lays down regulations for the processing of data.

These regulations apply to persons of Nigerian descent residing in or outside Nigeria. It provides that data may only be collected and processed for a specific lawful process upon the grant of consent by the Data Subject.

Furthermore, data may only be stored for the period within which it is reasonably needed and must be secured against all foreseeable hazards.

One of the numerous measures to protect data under the Regulation is data encryption, which is also a data protection requirement under the CBN regulatory framework for the use of USSD. The USSD regulation provides that USSD-based financial transactions and data stored by the USSD application at Financial Institutions shall be encrypted.

The CBN Consumer Protection Framework for Banks and other Financial Institutions also regulates the protection of consumer assets and privacy. It
provides that consumers’ financial and personal information shall be securely stored at all times and shall not be released to a third party without the written consent of the consumer.

A third party here includes a subsidiary or an associated company.

FinTech and Cybersecurity in Nigeria

The general law on Cybersecurity in Nigeria is the Cybercrime (Prohibition, Prevention, etc.) Act which prescribes punishment for actions such as phishing,
hacking, electronic theft, cyberstalking, cybersquatting, and cyber terrorism. The Act, however, is silent on mechanisms institutions need to put in place to
strengthen their cyber defenses.

In response to this, the CBN recently issued the Risk-Based Cyber-Security Framework and Guidelines for Deposit Money Banks and Payment Service
Providers, which took effect on 1st January 2019, to outline the minimum cybersecurity baseline to be put in place by Deposit Money Banks (DMBs) and
Payment Service Providers (PSPs) in order to enhance their cybersecurity resilience.

The guidelines make provisions on Cybersecurity Governance and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment,
Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, Monitoring and Reporting.


Innovation and regulation are often seen as rivals. Hence, posing a difficult task for the body saddled with the responsibility of regulating the industry on how to regulate such industry without putting a peg on innovation.

The importance of a solid legal framework for FinTech in Nigeria cannot be over-emphasized, as this will boost investors’ confidence in the industry and increase the ease of doing business. It is crucial that the framework must be flexible enough to accommodate further growth and not inimical to the financial inclusion goal it is meant to address.

This article is for information purposes, it may or may not reflect the current position of the law and is therefore not intended to provide legal advice or guidance on litigation or provide commentary on any pending case or legislation.