Regulatory Requirements for Fintechs in Nigeria

Navigating the terrain of financial technology in Nigeria can be a daunting endeavour, given the intricate fabric of regulatory measures woven by various governing bodies. In this climate, understanding and adhering to the Regulatory Requirements for Fintechs in Nigeria is not just a matter of compliance but of strategic survival and success.

This article aims to demystify the regulatory landscape and offer actionable insights for fintech companies aiming to thrive within Nigeria’s vibrant digital finance sector.

This sector has seen a major rise in start-ups every year, signalling the digital revolution. According to Statista, In 2023, there were 217 fintech startups in Nigeria. This is arguably the highest number in Africa.

What is Fintech?

Fintech, short for financial technology, refers to the use of innovative digital technologies to provide financial services and solutions. Fintech companies in Nigeria are businesses that leverage technology to offer a wide range of financial products and services.

Examples of Fintechs in Nigeria are; Paystack, Kuda, Opay, MoneiPoint, PalmPay, Carbon, Flutterwave,

Regulatory Requirements for Fintechs in Nigeria

Before laying the foundation of your fintech venture in Nigeria, it is imperative to familiarize yourself with the governing frameworks that dictate the do’s and don’ts within the industry.

For potential fintech entrepreneurs and established entities alike, the Central Bank of Nigeria’s (CBN) regulatory framework is the cornerstone of financial legality. Ensuring full compliance with the CBN’s guidelines is not a mere formality; it’s a necessity for sustainable business operations and maintaining the integrity of Nigeria’s financial ecosystem.

1. Becoming Literate in Fintech Licensing

For fintech companies to operate legally in Nigeria, they must obtain the necessary licenses and approvals from the relevant regulatory authorities. The key aspects of fintech licensing in Nigeria include;

a. The Central Bank of Nigeria (CBN) Licensing

b. Securities and Exchange Commission (SEC) Licensing

c. Nigerian Communications Commission (NCC) Licensing

d. Other Regulatory Licenses.

Let us explore these points a bit.

  • Central Bank of Nigeria (CBN) Licensing:

Fintech firms must obtain the appropriate licenses from the CBN, such as a Payment Solution Service Provider (PSSP) license or a Mobile Money Operator (MMO) license, to offer financial

services. Additionally, the CBN’s licensing process involves thorough evaluations of the company’s operational and financial capabilities and compliance with regulations.

  • Securities and Exchange Commission (SEC) Licensing:

Fintech companies engaged in capital market activities, like crowdfunding, peer-to-peer lending, or digital asset trading, must register with the SEC and obtain the necessary licenses. The SEC’s licensing requirements focus on investor protection, market transparency, and adherence to capital market regulations.

  • Nigerian Communications Commission (NCC) Licensing:

Fintechs that utilize telecommunications infrastructure or provide mobile-based financial services must obtain the relevant licenses and approvals from the NCC. This ensures compliance with the NCC’s regulations on network security, quality of service, and consumer protection.

  • Other Regulatory Licenses:

Depending on the specific services offered, fintech firms may also require licenses or approvals from other regulatory bodies, such as the National Insurance Commission (NAICOM) for insurance-related activities or the National Pension Commission (PenCom) for pension-related services.

2. Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) Protocols

The significance of AML and CFT protocols can never be overstated. In line with directives from Nigeria’s Financial Intelligence Unit (NFIU), implementing rigorous anti-money laundering and counter-terrorism financing measures is a clear indicator of your fintech’s integrity and dedication to global financial security standards.

Fintech companies in Nigeria must comply with stringent anti-money laundering (AML) and combating the financing of terrorism (CFT) protocols established by the Central Bank of Nigeria (CBN). Major protocols to be observed by Fintechs in Nigeria are;

  • Customer Identification and Verification (KYC)
  • Transaction Monitoring and Reporting
  • Record-keeping and Audit Trail
  • Ongoing Compliance and Reporting
  • Customer Identification and Verification (KYC):

A critical protocol is implementing robust know-your-customer (KYC) processes to accurately identify and verify the identities of customers. Also maintaining up-to-date customer due diligence records.

  • Transaction Monitoring and Reporting:

Monitoring customer transactions for suspicious activities. Also, reporting any suspicious transactions or activities to the relevant authorities, such as the CBN and the Financial Intelligence Unit (FIU).

  • Record-keeping and Audit Trail:

Maintaining detailed records of all customer transactions and activities, and ensuring a comprehensive audit trail to facilitate investigations, if required.

  • Ongoing Compliance and Reporting:

Conducting periodic reviews and updates to AML/CFT policies and procedures.

Submitting mandatory reports to the CBN and other regulatory bodies, as required.

3. Data Protection and Customer Privacy

In an era where data is akin to digital currency, adhering to Nigeria’s data protection regulations, especially the Nigeria Data Protection Regulation (NDPR), is crucial for safeguarding customer information and privacy.

Hence, fintech companies in Nigeria must prioritize protecting customer data and ensuring sensitive information’s privacy. There are crucial regulatory requirements fintech companies must adhere to, and they are;

  • Registration with the Nigerian Data Protection Regulation (NDPR)
  • Data Security and Governance
  • Data Privacy Policies and Disclosures
  • Data Subject Rights
  • Incident Response and Breach Notification

Let’s delve into it

  • Registration with the Nigeria Data Protection Regulation (NDPR):

Fintech firms must register with the National Information Technology Development Agency (NITDA) and comply with the NDPR. This regulation mandates the implementation of appropriate technical and organizational measures to safeguard personal data.

  • Data Security and Governance:

Fintechs are required to establish robust data security frameworks to protect customer information from unauthorized access, modification, or misuse. This includes implementing access controls, encryption, and regular security audits.

  • Data Privacy Policies and Disclosures:

Fintech companies must have clear and transparent data privacy policies that inform customers about the collection, usage, and storage of their personal information. Customers must be provided with adequate notice and given the option to consent to data processing activities.

  • Data Subject Rights:

Fintech firms must respect the rights of data subjects, such as the right to access, rectify, or delete their personal information. Established processes must be in place to handle customer requests and address data subject concerns.

  • Incident Response and Breach Notification:

Fintechs are required to have incident response plans to address data breaches or security incidents. They must promptly notify the relevant authorities and affected customers in the event of a data breach, as per the NDPR guidelines.

4. Engaging with the Securities and Exchange Commission (SEC) Guidelines

For those in asset management, investment, or crowdfunding platforms, the Securities and Exchange Commission (SEC) guidelines are critical. They serve to create an environment of trust and accountability that protects both stakeholders and the reputation of your fintech venture.

Fintech companies in Nigeria that engage in capital market activities, such as crowdfunding, peer-to-peer lending, or digital asset trading, must comply with the regulations and guidelines set forth by the Securities and Exchange Commission (SEC).

Let’s delve into key SEC Compliance for Fintechs.

  • Registration and Licensing
  • Market Transparency
  • Reporting and Compliance
  • Cooperation with SEC
  • Registration and Licensing:

Fintech firms operating in the capital markets must register with the SEC and obtain the necessary licenses to legally offer their services as stated in part VI of the Investment and Securities Act (2007). This includes obtaining approvals for specific financial products or investment platforms.

  • Market Transparency:

Fintech companies are required to maintain a high level of market transparency, providing accurate and timely disclosures about their operations, financial performance, and any material changes. This allows the SEC to effectively monitor and supervise the fintech’s activities.

  • Reporting and Compliance:

Fintechs must comply with the SEC’s reporting requirements, submitting regular financial statements, compliance reports, and any other information requested by the regulator. Continuous monitoring and adjustment of practices are necessary to maintain compliance.

  • Cooperation with the SEC:

Fintech companies must be responsive and cooperative in their engagement with the SEC, providing any information or assistance required during examinations or investigations. Open communication and a collaborative approach can help fintechs navigate the regulatory landscape more effectively.

Adhering to the SEC’s guidelines is crucial for fintech firms to operate legally and maintain the trust of investors in the Nigerian capital markets.

Who Regulates Fintech Companies in Nigeria?

The Central Bank of Nigeria (CBN) stands at the helm of fintech regulation, but it’s a multifaceted landscape.

Other government agencies regulate fintech companies, and each of them has its own set of rules and guidelines, depending on how your fintech company operates. It’s essential to recognize the various other regulatory bodies and their unique roles in overseeing fintech operations. We will focus on the primary regulatory bodies.

1. The Role of the Central Bank of Nigeria (CBN)

The CBN’s influence on the fintech space is both far-reaching and meticulous. The Central Bank of Nigeria is a primary regulator, albeit, not the only regulator. The CBN is responsible for issuing licenses, such as Payment Solution Service Provider (PSSP) and Mobile Money Operator (MMO) licenses, and enforcing compliance with regulations. Here’s a quick snapshot of its regulatory arms:

2. Understanding the Mandate of the Nigerian Deposit Insurance Corporation (NDIC)

The NDIC plays a crucial role in depositor protection and maintaining confidence in the financial system. The NDIC provides deposit insurance coverage for customers of licensed financial institutions, including fintech companies that accept deposits.

When you open your mobile bank like Opay, the opening UI reads; “Insured by NDIC.” This is crucial to ensure the reliability of fintech companies. Your fintech must:

  • Align with NDIC’s requirements for deposit insurance.
  • Understand the NDIC’s processes for insured fund settlement.

3. The Securities and Exchange Commission (SEC) of Nigeria’s Jurisdiction

Fintech companies dealing with investments fall under the SEC’s watchful eye. The SEC also regulates the capital markets in Nigeria, including fintech firms engaged in activities like crowdfunding, peer-to-peer lending, and digital asset trading.

Fintechs operating in these areas must register with the SEC and adhere to the relevant capital market regulations. This is stated in its 2007 ISA ACT. Achieving compliance means:

  • Regular reporting on securities and investment-related activities.
  • Ensuring adherence to the SEC’s rules on transparency and consumer protection.

4. Data Regulation by the National Information Technology Development Agency (NITDA)

Information security is paramount, and NITDA sets the standards for data management. NITDA is the government agency responsible for IT policy and regulations in Nigeria. They provide guidelines on data protection, cybersecurity, and other IT-related things. Fintechs must comply with their stipulated guidelines however stringent. Fintechs should:

5. The Corporate Affairs Commission

The regulatory authority in charge of all Nigerian company incorporation and statutory oversight is the CAC. The CAC establishes rules governing how businesses are operated in Nigeria and makes sure that all legal requirements are met by these businesses.

To conduct business in Nigeria (as opposed to conducting business with) fintech businesses (including banks) must be incorporated at the CAC unless the Minister of Trade, Industry, and Investment exempts them from this requirement. This is according to sections 78 and 80 of CAMA, 2020. Comply with the CAC and,

  • Register your company
  • Share Capital for a fintech company is 100 million

Other Regulatory Bodies

They include,

  • NCC – The Nigerian Communication Commission
  • FCCPC – Federal Competition and Consumer Protection Commission
  • NDPC – The Nigerian Data Protection Commission
  • NAICOM – The National Insurance Commission
  • NOTAP – The National Office For Technology Acquisition and Promotion
  • FIRS – Federal Inland Revenue Service

Embracing Regulatory Excellence in Fintech

In conclusion, the pathway to fintech success in Nigeria’s burgeoning digital financial landscape is paved with rigorous regulatory frameworks.

Full compliance with the various regulatory bodies, ranging from the CBN to the SEC, is a golden rule for fintech businesses aiming to secure their place in the competitive market.

Regularly fortifying and updating operations in response to the evolving regulatory environment will position fintechs to flourish.

It is within this context that a fintech company in Nigeria can truly unlock its full potential and contribute to the nation’s financial transformation