Founders and investors looking to create solutions or invest within Nigeria’s financial technology (Fintech) sector would need to embrace its regulatory landscape. This article is the first of a series highlighting key regulators of the Fintech sector in Nigeria.

10 November 22

Central Bank of Nigeria
The Central Bank of Nigeria (CBN) is the lead regulator of banks and other financial institutions in Nigeria. Beyond traditional banks, the CBN regulates entities such as payment service providers, discount houses, bureau de change companies, and mortgage refinance companies.

As a key regulator, the CBN also issues guidelines and circulars covering specific functions of its regulated entities, including guidelines relating to consumer protection, information technology minimum requirements, and anti-money laundering provisions.

Securities and Exchange Commission

The Securities and Exchange Commission (SEC) regulates activities in the Nigerian capital markets. As a result, where the actions or products of a Fintech entity would cover activities such as asset management/trade, the SEC will act as the primary regulator.

It is also common practice for a company’s business activities within the Fintech space to cover core financial products and capital market activities. In this case, the Fintech entity would be regulated by the CBN and the SEC. It must obtain relevant licences/approvals from regulators to conduct business in Nigeria.

While the Central Bank of Nigeria and the Securities and Exchange Commission are the major regulators which govern Fintech companies, other key regulators either complement the roles played by the primary regulators or act as the major regulator due to the nature of services/products offered. This post focuses on some of the regulators that play adjunct roles.

Other regulators with oversight over certain financial technology (fintech) companies in Nigeria are:

Nigeria Deposit Insurance Corporation

All deposit-taking financial institutions licensed by the Central Bank of Nigeria (for example, microfinance banks with digital product offerings and commercial banks) are required to insure a percentage of their deposit liabilities with the Nigerian Deposit Insurance Corporation (NDIC). This deposit insurance system protects customers against the loss of their insured deposits. If the deposit-taking financial institution fails (as designated by its lead regulator), customers are entitled to recover specific sums.

The NDIC recently established a Fintech and Innovations Unit to collaborate with financial service innovators to develop and promote technology-driven solutions geared toward protecting depositors.

National Office for Technology Acquisition and Promotion

The principal function of the National Office for Technology Acquisition and Promotion (NOTAP) is to monitor the transfer of foreign technology to Nigeria. Foreign technology includes the use of trademarks, the right to use patented inventions, the supply of technical expertise/ assistance and the provision/training of operating staff.

Nigerian companies, including Fintechs, entering into technology transfer agreements (TTAs) with foreign parties will need to register these contracts with NOTAP. This will ensure foreign currency payments/royalties due to the foreign entity under the TTAs can be sourced from the CBN official foreign currency market.

National Insurance Commission

The National Insurance Commission (NAICOM), which regulates the insurance sector, was established pursuant to the NAICOM Act 1997. Concerning fintech entities, the Commission supervises the activities of companies that deliver insurance services via technology, generally known as ‘InsurTech’ entities.

As such, innovators, tech companies, and startups that provide technology-enabled solutions in this financial services segment must obtain requisite operating licenses from NAICOM.

Federal Competition and Consumer Protection Commission

The Federal Competition and Consumer Protection Commission (FCCPC) was established by the Federal Competition and Consumer Protection Act 2018. The Commission discharges competition, merger control, and consumer protection regulatory functions, among other things.

As such, any fintech entity engaged in any merger and/or acquisition transaction that falls within the regulatory remit of the FCCPC will be required to exercise requisite recourse to the FCCPC. In addition, fintech entities are subject to relevant consumer protection regulations issued by the FCCPC from time to time.

The Nigerian Communications Commission

The Nigerian Communications Commission (NCC) is an agency established pursuant to the Nigerian Communications Act 2003 and is responsible for regulating all activities in the telecommunications industry in Nigeria.

The NCC enforces standards for companies that deploy communication devices to facilitate their product offerings. For instance, fintech companies, such as Payment Terminal Service Providers (PTSPs) that deploy communication equipment, will have to obtain ‘Type Approval’ from the NCC. The NCC also issues ‘Individual Licenses’ to Mobile Money Operators who provide Value Added Services (VAS) using shortcodes such as Unstructured Supplementary Service Data (USSD). Therefore, fintech companies which operate in this space are subject to the regulatory oversight of the NCC.

Nigerian Data Protection Bureau and National Information Technology Development Agency

The principal data protection regulations in Nigeria are the Nigerian Data Protection Regulation (NDPR) and the Nigerian Data Protection Regulation Implementation Framework 2020 (the “Framework”), which are subsidiary regulations issued by the National Information Technology Development Agency (NITDA) pursuant to the National Information Technology Development Agency Act 2007. In addition to NITDA, the Nigerian Data Protection Bureau (NDPB) was established by the presidency on 4 February 2022 to enforce data protection regulations, among other things. The powers previously exercised by NITDA under the NDPR and the Framework in relation to the implementation of data protection laws are now exclusive to the NDPB.

Operationally, the NDPB regulates the processing of personal data as contained in the NDPR and the Framework. In contrast, NITDA regulates cloud computing services/data centres used for storing and processing data in Nigeria. Therefore, fintech companies which operate in these spaces are subject to the regulatory oversight of the relevant data protection agency(ies).

Should you have any questions regarding a guide of the key regulators in the Nigerian Fintech sector, please do not hesitate to contact Ajibola Asolo.


1. Toritseju Dottie, Senior Associate
2. Duunebari Seth-Nzor, Associate
3. Ebube Akpamgbo, Associate
4. Gregory Yinka-Gregg, Associate