DECODING THE NCC’S DRAFT BUSINESS RULES FOR MOBILE VIRTUAL NETWORK OPERATORS IN NIGERIA

/0 Comments/in , /by

BY SEUN TIMI-KOLEOLU AND HILLARY OKOROTIE

Introduction

The Nigerian Communications Commission (“NCC”) recently published the Draft Business Rules for Mobile Virtual Network Operators in Nigeria (the “Draft Rules”), aimed at establishing a comprehensive regulatory framework for the operation of Mobile Virtual Network Operators (“MVNOs”) in Nigeria. The Draft Rules aim to promote transparency in the relationships between MVNOs, Host Network Operators (“HNOs”), and service delivery. The Draft Rules outline key operational obligations, compliance requirements and standards intended to guide the conduct of MVNOs within the Nigerian telecommunications sector.

In this newsletter, we share insights into the impact of the Draft Rules on the operations of MVNOs.

Onboarding and Integration of MVNOs

The Draft Rules establish a structured onboarding and integration framework aimed at minimizing delays in the negotiation, onboarding, and integration processes between MVNOs and HNOs. Under the Draft Rules, every HNO is required to maintain an approved Reference Onboarding Information Pack containing key information and requirements relevant to prospective MVNO partnerships. Upon receiving a request from a licensed MVNO, the HNO is required to acknowledge receipt within ten days and, within twenty days of receiving the required documentation from the MVNO, confirm its readiness to proceed together with an indicative implementation timeline. Where an HNO declines a hosting request, it is required to provide the MVNO and the NCC with a rationale for the refusal within the same twenty days period.

Furthermore, upon confirmation of readiness to proceed, the parties are required to commence negotiations and establish a joint onboarding working group within ten days to oversee implementation. The Draft Rules also prohibit HNOs from unjustifiably and indefinitely delaying the onboarding process. The Rules further provide that commercial and technical agreements relating to onboarding and integration must be concluded within one hundred and twenty days from the date of the formal hosting request.

Commercial Agreements between MVNOs and HNOs

Under the Draft Rules, parties are required to submit any executed commercial agreement relating to MVNO services to the NCC within fourteen days of execution, or within such timeline as may be prescribed by the NCC. In addition, the Draft Rules also impose ongoing obligation to notify the NCC in respect of amendments to existing agreements. Specifically, where parties make changes relating to pricing, onboarding models, numbering arrangements, interconnection architecture, SIM ownership, eSIM enablement, customer migration or termination rights, the NCC must be notified within thirty days of executing such amendments and prior to the implementation of the changes.

The Draft Rules further require that commercial agreements clearly identify the party responsible for key operational obligations, including Know Your Customer (“KYC”) verification, activation approvals, subscriber complaint management, and other compliance responsibilities relating to eSIM services.

Furthermore, existing commercial agreements between MVNOs and HNOs are required to be reviewed in line with the provisions of the Draft Rules within thirty days from the commencement date of the Draft Rules. This transitional period is intended to ensure that existing MVNO operations and contractual arrangements are aligned with the regulatory requirements introduced by the NCC.

The Dispute Resolution Framework Under the Draft Rules

The Draft Rules also introduce a structured dispute resolution mechanism aimed at preventing prolonged commercial and technical disagreements between MVNOs and HNOs. Under the Draft Rules, every commercial agreement must contain a clearly defined escalation ladder, for example technical disputes affecting onboarding of users or service continuity must first be escalated between designated technical leads within five days, while unresolved commercial disputes are to be escalated to executive representatives within ten days.

Where parties are unable to resolve the dispute, either party may refer the matter to the NCC. Importantly, the Rules prohibit retaliatory measures pending the duration of any dispute such as disruption of the service.

Consumer Protection and Quality of Service Obligations

The Draft Rules prohibit HNOs from unfairly limiting or restricting MVNO network traffic, this is aimed at ensuring fair treatment and quality service delivery for MVNO subscribers operating on host networks.

In addition, MVNOs are required to maintain transparent tariff structures, accessible customer complaint channels and effective dispute resolution mechanisms. The Draft Rules also place primary responsibility for subscriber relationships and customer care obligations on MVNOs, notwithstanding their reliance on HNO infrastructure. In delivering their services, MVNOs are further required to comply with the consumer protection standards and regulatory requirements prescribed by the NCC.

Conclusion

The Draft Rules seek to address some of the challenges that affect MVNO operations, particularly onboarding delays, infrastructure access, commercial uncertainty, disputes over operational responsibilities and other operational aspects of MVNOs. When finalized, these Rules will represent a significant step towards establishing a more structured and transparent framework for MVNO operations in Nigeria.

An aspect of the Draft Rules that can be improved upon is with respect to the regulation of quality of service and traffic management. We recommend that the NCC includes detailed guidelines to monitor the quality of service provided by HNOs and traffic management practices with a view to promoting fair treatment of all MVNOs.

For further details on MVNO licensing framework and the various tiers of MVNO licences, please refer to our previous newsletter.

NIGERIA CAPITAL MARKET REGULATORY UPDATE: SEC MANDATES REGISTRATION OF COLLATERAL MANAGEMENT COMPANIES, WAREHOUSE OPERATORS AND WAREHOUSES

/0 Comments/in , /by

BY ADERONKE ALEX-ADEDIPE & OMODELE FATODU

On 11 May 2026, the Securities and Exchange Commission (the “Commission”) issued a circular clarifying the registration requirements applicable to certain capital market operators.

The Circular applies to entities involved in the storage, management and facilitation of commodities used in structured trade financing or warehouse receipt arrangements. In particular:

  • Collateral Management Companies (“CMCs”);
  • Warehouse Operators; and
  • Warehouses linked to commodity exchanges or electronic warehouse receipt systems.

Although these categories of operators were already recognised and regulated under the SEC Rules on Commodity Exchanges and Trading Platforms; Warehouse Receipt Systems; and Collateral Management and Warehousing Operations, the Circular appears intended to reinforce compliance with the existing registration regime and clarify that entities operating under informal, transitional or unregistered arrangements are not exempt from regulatory requirements.

The Commission notes that entities currently carrying on any of the relevant activities under such informal or transitional arrangements are also required to apply for registration. Accordingly, the Commission has directed all existing and prospective entities within the scope of the Circular to submit complete registration applications within 90 days from the date of the Circular (the “Registration Deadline”).

The SEC further clarified that compliance will only be recognised upon submission of a complete application within the Registration Deadline. Consequently, incomplete applications, or failure to respond to requests for additional information within the stipulated timelines, will not satisfy the registration requirement.

In view of this Circular, we have set out below a brief overview of the registration and minimum capital requirements applicable to CMCs and Warehouse Operators:

S/N Capital Market Operator Registration Documents Minimum Capital
1. Collateral Management Companies
  • Duly completed SEC Forms 2, 2D and 3
  • Minimum of three sponsored individuals, including a Managing Director and Compliance Officer;
  • Certificate of Incorporation, Memorandum and Articles of Association, and CAC Status Report;
  • Company profile, organisational structure and details of principal officers;
  • Evidence of payment for shares allotted to shareholders;
  • Evidence of financial and technical capacity to carry out collateral management functions;
  • Latest audited accounts or statement of affairs; and
  • Valid fidelity insurance bond covering at least 20% of the minimum paid-up capital.
 Tier 1 (Local/Regional Operators) – ₦200,000,000

Tier 2 (National/International Reach) – ₦500,000,000

 
2. Warehouse Operators
  • Duly completed SEC Forms 2, 2D and 3;
  • Minimum of three sponsored individuals, including a Managing Director and Compliance Officer;
  • Certificate of Incorporation, Memorandum and Articles of Association, and CAC Status Report;
  • Evidence of adequate storage facilities and appropriate security arrangements;
  • Evidence of requisite weighing and quality control equipment;
  • Evidence of comprehensive insurance coverage for facilities, equipment and commodities;
  • Evidence of suitable operational infrastructure, including loading and unloading systems;
  • Standard Operating Procedures (SOPs) for warehousing operations;
  • Latest audited accounts or statement of affairs; and
  • Valid fidelity insurance bond covering at least 20% of the applicable minimum capital requirement.
 ₦500,000,000

 

Conclusion

The Circular reflects the Commission’s intention to strengthen regulatory oversight, transparency and accountability within the commodities trading and warehouse receipt ecosystem. By requiring all relevant operators to formally register, the Commission is likely seeking to ensure that only entities with adequate operational capacity, governance structures and financial standing participate in the market and remain subject to direct regulatory supervision.

Accordingly, entities operating within this sector should assess whether their activities fall within the scope of the Circular and take immediate steps to commence or regularise their registration with the Commission where applicable.

KEY REGULATORY UPDATE IN THE POWER SECTOR: NERC MINI-GRID REGULATIONS 2026

/0 Comments/in , /by

BY SEUN TIMI-KOLEOLU AND MARK IMONITIE

Introduction

On 10 April 2026, the Nigerian Electricity Regulatory Commission (NERC) published updated Mini-Grid Regulations to accelerate electricity access for communities that are unserved or underserved by the national grid.

The Mini‑Grid Regulations 2026 (“New Regulations”) replaces the Mini-Grid Regulations 2023 (“Previous Regulations”) and align with recent power-sector reforms.

In this newsletter, we examine some of the key changes introduced by the New Regulations.

  1. Expanded Capacity Threshold

The Previous Regulations permitted for a maximum capacity of 1 MW, because the technology and market for mini-grids at the time was nascent in Nigeria.  The New Regulations now allow for the provision of mini-grids at a higher capacity of up to 5 MW for isolated mini-grids and 10 MW for interconnected mini-grids.

Gleaning from the provisions of the regulations, isolated mini-grids may be described as mini-grids which operate independently from the distribution network and are well suited for designated unserved areas. On the other hand, interconnected mini-grids are linked to the distribution network and suitable for commercial purposes.

With increased capacity, mini-grid providers can now supply power for commercial uses, such as cold storage, agro-processing, and small-scale manufacturing. This aligns with national programmes such as the Distributed Access through Renewable Energy Scale‑up (DARES) and other electrification initiatives.

  1. Transparent and Defined Administrative Processes

The New Regulations more clarity to administrative processes than what existed under the Previous Regulations. The Regulations provide that systems below 100 kilowatts (kW) may be registered with NERC, while systems above 100 kW require a permit from NERC. The New Regulations provide that applications for permit must be processed by NERC within 30 business days.

  1. Improved Monitoring and Reporting Framework

The New Regulations require operators to file annual reports for systems below 1MW and quarterly reports for systems above 1MW. This capacity‑based differentiation ensures that oversight by NERC is proportionate, and greater scrutiny is applied to larger, higher‑value projects.

The New Regulations provide that all mini‑grid and interconnected mini‑grid developers must submit mandatory milestone reports throughout a project lifecycle. Milestones include: financial close; procurement of major equipment; start of site works; completion of construction; commissioning; energization; and and entry into commercial operation.

In addition, by the New Regulations, NERC is empowered to standardize reporting datasets and tailor approval requirements to project type, installed capacity, interconnection status, and market relevance. NERC may also publish aggregated sector data on permits, registrations, project progress, and operational performance.

These measures introduced by the New Regulations strengthen transparency, compliance monitoring, and creates a foundation for data‑driven electrification planning. With enhanced monitoring, evaluation, and public reporting, regulators, policymakers, and investors will have clearer visibility into sector performance, thereby enabling better and more informed decisions.

  1. Risk-based Environmental Compliance Framework

The New Regulations adopt a practical, risk‑based approach to environmental compliance for mini‑grid projects. For solar and battery‑supported systems up to 10 MW, developers need to only complete environmental screening and prepare an Environmental and Social Management Plan (ESMP) rather than a full Environmental and Social Impact Assessment (ESIA). Projects with greater potential impact such as hydro, biomass, thermal generation, or developments in environmentally sensitive areas remain subject to a full ESIA.

Operators are required to comply with all applicable environmental laws and the New Regulations empower NERC to suspend or revoke permits for non‑compliance.

This differentiation in compliance requirement, addresses barriers such as high cost, long timelines, and procedural complexity which have hitherto hindered entry for developers serving rural and underserved communities. By simplifying requirements for low‑risk projects, the New Regulations reduce upfront transaction costs, shorten development timelines, and remove a major bottleneck to project delivery.

  1. Clear Dispute Resolution Mechanism

The New Regulations establish a defined, time‑bound dispute resolution pathway, replacing the vague wording in the Previous Regulations that left parties without a clear process for dispute resolution.

Under the New Regulations, parties must first seek resolution through negotiation within 30 days (extendable by mutual agreement). If negotiation fails, disputes are referred to the regulator for final adjudication. This structured sequence introduced by the New Regulations, promotes timely, predictable, and enforceable dispute resolution.

Conclusion

The New Regulations mark a pivotal shift whereby mini-grids are no longer seen as peripheral infrastructure but as being central to Nigeria’s electrification goals. By making mini-grids more scalable, bankable, and integrated, the New Regulations pave the way for a more resilient electricity market that can tackle both access gaps and ongoing supply challenges.

PROTECTING INNOVATION IN NIGERIAN TECH CONTRACTS: COMMON PITFALLS AND SOLUTIONS

/0 Comments/in , /by

BY ADERONKE ALEX-ADEDIPE AND ENIOLA SOGBESAN

Introduction

In the current global digital economy, businesses enjoy significant competitive advantage from intangible assets such as intellectual property, confidential data and proprietary processes. In Nigeria, given that many businesses rely heavily on innovation and technology services, effective intellectual property is critical to long-term enterprise value and commercial sustainability.

In Nigeria, the intellectual property terrain is regulated by the provisions of the Copyright Act, Trademarks Act & Patents and Designs Act. However, while the provisions of these laws are robust, they do not sufficiently prevent disputes between parties. In practice, the allocation, licensing, transfer and enforcement of intellectual property rights are determined by the terms of contract. Notwithstanding, most intellectual property disputes usually arise because IP clauses are wrongly drafted, silent on risk allocation and misaligned with commercial objectives.

In this article, we examine the importance of IP clauses in technology agreements, identify loopholes that may give rise to disputes and proffer strategies for mitigating risks with regard to Nigerian and cross-border transactions.

The Role of IP Clauses in Tech Agreements

IP clauses are essential features of a modern technology agreement. They help determine who owns these intangible assets, the terms on which they may be used and any applicable restrictions. IP clauses are critical in agreements such as licensing and distribution agreements, joint ventures & mergers and acquisitions. In granting any IP rights under any of these agreements, parties should ensure that the IP clauses are detailed enough to protect the interest of the grantor while specifying whether the rights are granted on an exclusive or non-exclusive basis.

Common IP Clause Dispute Triggers

  1. Unclear ownership provisions – Uncertainty and lack of clarity on IP ownership in technology contracts is the basis of most IP clause disputes. This ambiguity becomes visible when there is a breakdown in the business relationship between the parties or there is an increase in the value of the asset. Where IP ownership provisions are not clearly drafted, it gives room for statutory and judicial interpretation.

    For example, under the Nigerian Copyright Act 2022, copyright is vested in the author of a work subject to certain exceptions including employment relationships and commissioned works. This therefore suggests that in the absence of clear assignment of the IP in such works, the author may retain ownership of the software or creative materials produced for a client.

  2. Inadequate licensing terms – Similarly, poorly drafted licensing terms can also give rise to IP-related disputes, particularly because IP licensing determines the extent of the economic value that can be derived from an intellectual property asset. Where there is ambiguity regarding the scope, duration, territory, or exclusivity of a license, such uncertainty may lead to overreach, misuse, or infringement disputes.

    At a minimum, licensing terms should highlight the scope, territorial limits, sublicensing rights (if applicable) and post-termination rights and obligations. Any failure to clearly define these terms, may enable a licensee to assume broader commercial rights than was intended, while the licensor may restrict its ability to explore the IP in other jurisdictions.

  3. Confidentiality Breaches– Trade secrets which constitute an IP asset class protects commercially valuable information. These are not registered but merely derive their value from its confidential nature, therefore confidentiality clauses are an essential protective mechanism in technology agreements. Important elements that should be included in a confidentiality clause include; definition of what constitutes confidential information, duration of the confidentiality obligations, exceptions and remedies in case of a breach.
  4. Inadequate Enforcement Provisions – While parties do not intend to engage in IP disputes at the onset of the business relationship, a well drafted IP clause should anticipate this possibility. In many technology agreements, the failure to specify the obligations of each party in relation to the ownership and use of the IP results in inconsistent enforcement strategies and disputes between the contracting parties themselves.

    This inadequacy extends to creating uncertainty as to who bears responsibility for monitoring infringement and initiating legal action. Without this clarity, enforcement actions against infringers may be protracted and weaken the commercial value of the IP.

  5. Post Termination Obligations – While IP disputes arise at the end of contractual relationships, the termination of a contract does not automatically extinguish all IP rights unless otherwise provided. In the absence of clearly defined post termination obligations, former licensees may continue using such IP assets thereby exposing both parties to legal and commercial risks. A well drafted post termination clause should address reversion rights, return or destruction of materials and any other ongoing license restrictions.

Practical Fixes & Risk Mitigation Strategies.

  1. Precise definitions and clear ownership of IP assets should be set out in the agreement.
  1. Legal due diligence and contract audits should be undertaken prior to executing the contract as it will help identify and mitigate potential risk factors associated with the IP asset.
  1. There should be a periodic review of the contract and update of IP clauses as the underlying technology evolves.
  1. To provide an additional layer of security, all IP assignments should be executed and properly registered with the relevant government agencies.

Conclusion

IP clauses are designed to protect the value of the underlying IP asset and provide commercial value to the holder. However, where they are ambiguous or misaligned with operational and commercial objectives, they become sources of disputes. Moreover, in a global economy which is increasingly driven by innovation and creativity, effective IP drafting, especially in technology agreements, is a core requirement that should consider the applicable legal framework, transaction structure and the commercial objectives of the parties.

Therefore, businesses and practitioners should engage IP contractual frameworks with the perspective of risk management and value protection which will further strengthen the value and commercial returns on the underlying IP asset.

BANKING AND FINANCE REGULATION IN NIGERIA – INTEREST RATE DETERMINATION, NOFR BENCHMARK

/in , /by

BY SEUN TIMI-KOLEOLU AND PROMISE ITAH

Introduction

On April 17, 2026, the Central Bank of Nigeria (CBN) announced the introduction of the Nigerian Overnight Financing Rate (NOFR) in collaboration with the Financial Markets Dealers Association (FMDA). The NOFR is a daily benchmark designed to reflect the actual cost of short-term borrowing between banks, based on real market transactions. According to the CBN, the introduction of the NOFR is aimed at enhancing transparency, strengthening monetary policy transmission, and deepening Nigeria’s money market.

In this newsletter, we highlight the rationale and framework of the NOFR, as well as its implications for the market.

What is the Rationale behind the NOFR?

Nigeria’s short-term interest rates have traditionally been guided by the Monetary Policy Rate (MPR) and interbank indicators such as the Open Buy Back (OBB) and Overnight (OVN) rates, which are meant to reflect the cost of overnight borrowing between banks.

However, these indicators do not always reflect actual transactions, as they may be influenced by estimates, limited trading activity, or inconsistent reporting. As a result, they may not accurately capture the true cost of short-term funding.

The Nigerian Overnight Financing Rate (NOFR) was introduced to address this gap by replacing indicative pricing with a benchmark based on actual transactions, thereby improving reliability and market confidence.

What is the Framework of the NOFR?

The NOFR is an average interest rate that reflects the actual cost of overnight lending between banks in naira, where the loans are secured by collateral, and based on real market transactions. The rate is calculated by giving more weight to larger transactions and removing unusually high or low rates (the higher 10% and the lower 10% percent volumes are excluded from the calculation), so that the final figure reflects normal market conditions and provides a more accurate picture of how banks actually price short-term funding.

The transactions used to calculate the NOFR must meet the following conditions:

  1. they must be carried out on the specific day the rate is being calculated (the fixing day);
  2. they must be reported by approved banks;
  3. Each transaction must be at least ₦5 billion, so that only significant market activity is included.

The rate is published daily at 10:00 a.m. for the preceding business day. Where there is insufficient qualifying transaction data, the previous day’s rate is retained and published to ensure continuity and stability. The CBN is responsible for the governance and regular publication of the NOFR. The rate can be accessed on the CBN website.

 

What are the Key Market Implications?

Some key market implications of the introduction of the NOFR are set out below:

  1. Corporate Borrowers: While the NOFR may not immediately reduce borrowing costs, it provides a clear and transparent base rate for floating-rate loans. This makes loan pricing more consistent and easier to compare. Borrowers may seek to review existing loan agreements, especially floating-rate clauses, as pricing will gradually shift to NOFR-based benchmarks, making interest costs more responsive to overall market conditions.
  2. Banks and Financial Institutions: In view of the improved accuracy in pricing short-term loans, banks will have a clearer view of funding costs, enabling more effective day-to-day liquidity management.
  3. Investors: The greater transparency and reliability of the NOFR may make it easier to price and value instruments such as treasury bills and bonds. This is expected to improve pricing consistency across the market and give both local and foreign investors greater confidence in expected returns.
  4. Legal/Contractual Considerations: The introduction of the NOFR means that existing financial agreements referencing older interbank rates or bank-specific pricing may need to be reviewed and updated to reflect the new benchmark. Going forward, new agreements are likely to adopt NOFR as the base rate, with an added margin. This makes it important to include clear provisions on benchmark use and replacement in new agreements.

Conclusion

The introduction of the NOFR marks a significant shift in how interest rates are determined in Nigeria and aligns the country with global benchmarks best practices such as the Secured Overnight Financing Rate (SOFR) in the United States and the Sterling Overnight Index Average (SONIA) in the United Kingdom. While the CBN expects the NOFR to enhance transparency, strengthen monetary policy transmission, and deepen Nigeria’s money market, its impact will ultimately depend on adoption and effective administration.

REDEFINING AML COMPLIANCE: UNDERSTANDING CBN’S BASELINE STANDARDS FOR AUTOMATED AML SOLUTIONS FOR FINANCIAL INSTITUTIONS

/in , /by

BY ADERONKE ALEX-ADEDIPE AND HILLARY OKOROTIE

Introduction

With the increasing need to ensure financial security in today’s rapidly digitizing landscape and evolving compliance demands, the Central Bank of Nigeria (CBN) issued its Baseline Standards for Automated Anti-Money Laundering (AML) Solutions for Financial Institutions (“AML Solutions”) on March 10, 2026. This was followed by a Guidance Note on implementation, released on March 31, 2026.

In this newsletter, we provide an overview of the requirements of the AML Solutions for financial institutions.

What is the Purpose of the AML Solutions?

The AML Solutions is aimed at establishing a structured and automated system for the identification and reporting of suspicious transactions and strengthening adherence to AML, Combating the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) regulatory requirements. It also applies to all financial institutions operating in Nigeria.

What are Some of the Obligations of Financial Institutions?

  1. Customer Due Diligence (CDD), Know Your Customer (KYC) and Know Your Business (KYB): Financial institutions are required to implement effective CDD, KYC and KYB frameworks supported by automated or semi-automated onboarding, instant identity verification, and integration with national identity databases such as the Bank Verification Number (BVN) and National Identification Number (NIN) systems. They must also ensure proper documentation of beneficial ownership, maintain accurate and up-to-date customer data. AML Solutions must support end-to-end CDD, KYC, KYB, and enhanced due diligence processes, including automated risk profiling and behavioral transaction analysis. They must also enable continuous data integration of KYC/KYB data with customer risk profile to provide investigators with a unified view of customer profiles and transactional history for effective monitoring and decision-making.
  1. Sanction Lists & Politically Exposed Person (PEP) Screening: Financial institutions are required to conduct sanctions and screening of PEP at onboarding and on a continuous basis. They are also required to maintain clear procedures for reviewing, escalating, and resolving alerts and being able to demonstrate the effectiveness of their screening processes with proper documentation. AML Solutions must integrate domestic/international sanctions and watchlists with instant updates, automatically flagging or blocking transactions on confirmed matches in line with regulatory requirements.
  2. Risk Assessment & Transaction Monitoring: Financial institutions are required to conduct and document periodic business risk assessments and ensure AML systems reflect these risk profiles. The AML Solutions must assess transactions based on risk and identify possible money laundering activities. It should generate explainable alerts and enable pre-emptive actions to support decision-making.
  3. Reporting & Governance: Financial institutions must ensure accurate, complete, and timely regulatory reporting, supported by internal reviews and approval processes. The AML Solutions must be implemented to ensure automated or semi-automated generation of the required reports. They are also required to establish governance frameworks covering system ownership, access controls, model validation, and periodic audits.
  4. Security & Data Protection: There is also a requirement that all data processed and stored within AML systems comply with the scope of the Nigeria Data Protection Act (NDPA) 2023 and other applicable regulations. The AML Solutions must support this by securely collecting and storing relevant data, applying security controls such as encryption in transit, at rest, and in use, enforcing role-based access and secure authentication.

What is the Compliance Timeline for the AML Solutions?

The compliance timeline for the AML Solutions is 18 months for deposit money banks and 24 months for other financial institutions. However, all financial institutions are required to prepare and submit a detailed implementation plan to the CBN within 3 months of the issuance of the AML Solutions. The implementation plan must provide a clear and detailed roadmap on the steps the financial institution intends to implement to meet all obligations set out in the AML Solutions.

What is the Risk of Non-Compliance?

Where financial institutions fail to implement the AML Solutions or does so in a manner that results in ineffective AML/CFT/CPF controls, they may be subject to penalties. This liability extends not only to the financial institutions but also to personnel responsible for the implementation of the AML Solutions. Applicable penalties will be imposed in accordance with existing regulations, including the CBN AML-CFT-CPF Administrative Sanctions Regulations 2023, the Banks and Other Financial Institutions Act, and other relevant regulatory frameworks.

Conclusion

The AML Solutions imposes clear and enforceable obligations on financial institutions to implement effective, technology-driven frameworks for detecting and monitoring money laundering and other related activities. It is therefore imperative for financial institutions to promptly implement these requirements in line with the prescribed timelines.

VIRTUAL ASSET SERVICE PROVIDER (VASP) LICENCES IN KENYA & NIGERIA – WHAT YOU NEED TO KNOW

/in , /by

By Seun Timi-Koleolu, Ombo Malumbe,  Eniola Sogbesan and Faith Ngarama 

 

Introduction

The future of Africa’s digital asset market is no longer speculative. It is real, growing, and increasingly regulated. For founders, Fintechs, and even traditional financial institutions looking to operate in the digital currency space, obtaining a Virtual Asset Service Provider (VASP) license is the price of market entry. In jurisdictions like Nigeria and Kenya—two of the continent’s most active crypto markets—regulators are moving to formalize the ecosystem, protect consumers, and bring operators within a defined legal framework.

However, while both countries are moving in the same direction, their regulatory approaches, licensing processes, and compliance expectations differ in important ways. Understanding these nuances is critical for any business looking to establish or expand operations across either market.

In this newsletter, we examine the licensing requirements, regulated activities, applicable regulatory authorities and other practical considerations for navigating the process successfully.

S/N SUBJECT NIGERIA KENYA
1 Principal Regulator Securities and Exchange Commission Central Bank of Kenya, and Capital Markets Authority
2 License Categories ·       Ancillary Assets Service Providers (AVASPs)

·       Digital Assets Offering Platform (DAOP)

·       Digital Assets Intermediary (DAI)

·       Digital Assets Platform Operator

·       Real-world Assets Tokenization and Offering Platform

·       Digital Assets Exchange (DAX)

·       Digital Assets Custodian

 ·       Virtual Asset Wallet Provider

·       Virtual Asset Exchange

·       Virtual Asset Payment Processor

·       Virtual Asset Broker

·       Virtual Assets Investment Advisor

·       Virtual Asset Manager

·       Virtual Asset Offering Provider (Initial Coin Offering)

·       Virtual Asset Offering Provider (Virtual Asset Tokenization)

·       Virtual Asset Offering Provider (Token Issuance)

·       Virtual Asset Offering Provider (Stablecoin Issuance)

 

3 Permissible Activities Digital Assets Offering Platform This license is used to facilitate fund raising through a digital asset offering via the use of a distributed ledger technology. Virtual Asset Wallet Provider: Services provided by a third party, in which the private keys to the subject’s virtual assets are held and managed by the third party for proof of ownership and facilitation of transactions.

Virtual Asset Exchange: Providing a digital online platform facilitating virtual asset transfers and exchanges. Exchanges may occur between one or more forms of virtual assets, or between virtual assets and fiat currency; or A platform providing for the facilitation of the sale, trading, or exchange of virtual assets for fiat currencies or for other virtual assets.

Virtual Asset Payment Processor: Arranging transactions involving virtual assets and fiat currency, or between virtual assets.

Virtual Asset Broker: Facilitate the exchange between one or more forms of virtual assets through a virtual asset exchange and virtual asset wallet providers for and on behalf of clients, which may include retail, institutional investors, or funds.

Virtual Assets Investment Advisor: Provision of investment advice on virtual assets, initial virtual asset offering and non-fungible tokens for and on behalf of clients, which may include individuals or institutional investors.

Virtual Asset Manager: Managing portfolios in accordance with mandates given by clients on a discretionary basis where such portfolios include one; or more virtual assets.

Virtual Asset Offering Provider (Initial Coin Offering): Issuing and selling virtual assets to the public. May involve participating in and providing financial services relating to the initial coin offering.

Virtual Asset Offering Provider (Virtual Asset Tokenization): The process of converting real-world assets (like real estate, art, or, commodities) into digital token on a blockchain.

Virtual Asset Offering Provider (Token Issuance): Provision of tokenization platform for issuance and secondary trading of tokens of real-world assets.

Virtual Asset Offering Provider (Stablecoin Issuance): The process of creating and managing approved stablecoins.
Digital Assets Intermediary

This license is used to facilitate transactions involving virtual assets such as:

a. execution of orders for virtual assets on behalf of clients;

b. acceptance and transmission of orders for virtual assets on behalf of clients;

c. placing of virtual assets;

d. providing advice on virtual assets investment;

e. providing financial portfolio.
Digital Assets Custodian

This license is suitable for facilitating the safekeeping/holding in custody and/or administration of virtual assets or instruments that enable control over virtual assets.
Digital Assets Exchange

This license is used to facilitate the trading of virtual or digital assets.
The creation of new license categories such as

·       Ancillary Virtual Asset Service Providers (AVASPs)

·       Digital Assets Platform Operators (DAPOs); and

·       Real‑World Assets Tokenization and Offering Platforms (RATOPs).

highlights an area where further regulatory clarity will be required. As there is no existing regulatory framework that expressly identifies the permissible activities that fall within these newly introduced license categories.
4 Share Capital Requirements Ancillary Assets Service Providers (N300 million)

Digital Assets Offering Platform

(N 1billion)

 

Digital Assets Intermediary

(N500 million)

 

Digital Assets Platform Operator

(N500 million)

 

Real-world Assets Tokenization and Offering Platform

(N 1 billion)

 

Digital Assets Exchange

(N 2 billion)

 

Digital Assets Custodian

(N2 billion)

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 Virtual Asset Wallet Provider

(KSH 150 million)

 

Virtual Asset Exchange

(KSH 150 million)

 

Virtual Asset Payment Processor

(KSH 50 million)

 

Virtual Asset Broker

(KSH 30 million)

 

Virtual Assets Investment Advisor

(KSH 2.5 million)

 

Virtual Asset Manager

(KSH 30 million)

 

Virtual Asset Offering Provider (Initial Coin Offering)

(KSH 200 million)

 

Virtual Asset Offering Provider (Virtual Asset Tokenization)

(KSH 200 million)

 

Virtual Asset Offering Provider (Token Issuance)

(KSH 200 million)

 

Virtual Asset Offering Provider (Stablecoin Issuance)

(KSH 500 million)
5 Corporate

Governance

Requirements

 All VASPs must have a minimum of five (5) directors, three (3) of whom must be Nigerian.

Also, the board of each VASP must comprise of the following committees

·       Nomination and Governance

·       Remuneration

·       Audit and Risk Management

 The Board of Directors will constitute at least three (3) members.

 

Structure:

·       1/3 must be independent directors.

·       Not more than 1/3 shall be related to any director.

·       The Board’s chairperson shall not be appointed as the Chief Executive Officer (CEO).
6 Investment Thresholds High Networth Individuals

(No restriction)

 

Angel Investors

(maximum of N50 million per issuer within a 12-month period)

 

Retail Investors

(maximum of N1million per issuer not exceeding N10 million within a 12-month period)

 There are yet to be any restrictions on Investment Thresholds. However, this does not limit such limits being applied as per the applicable laws more so from the Capital Markets Authority’s side.

 Conclusion

Securing a Virtual Asset Service Provider (VASP) license in Nigeria or Kenya is no longer simply a regulatory requirement but a strategic step toward building a credible and sustainable digital asset business. While both jurisdictions are actively developing their frameworks, they each present distinct requirements and regulatory expectations that must be carefully navigated. Businesses looking to operate in either market must take a proactive approach to compliance, ensuring that their structures, governance, and operational models align with the applicable rules from the outset.

Ultimately, success in this space will depend not only on obtaining a VASP license, but on maintaining ongoing compliance in an evolving regulatory environment. As regulators continue to refine their approach to Virtual assets, businesses that prioritize transparency, strong internal controls, and regulatory engagement will be best positioned to scale confidently. For prospective entrants, understanding the regulatory landscape early and preparing accordingly will make the difference between a smooth market entry or costly delays.

KEY REGULATORY UPDATE: CBN GUIDELINES ON INSTANT PAYMENT FUNCTIONALITIES AND MOBILE BANKING SECURITY

/in , /by

By: Aderonke Alex-Adedipe and Mark Imonitie

Introduction

On 12 March 2026, the Central Bank of Nigeria (CBN) issued a circular (the “Circular”) to all financial institutions (FIs) offering Instant Payment (IP) services in Nigeria.

The Circular provides the CBN’s Guidelines on instant payments and introduces sweeping measures to strengthen IP operations, enhance security protocols, improve consumer protection, and align with global best practices. This newsletter highlights the key provisions introduced by the Guidelines.

  1. VOLUNTARY OPT-IN AND OPT-OUT FUNCTION

Under the existing framework, FIs are not mandated to provide a feature on their mobile banking application, enabling customers to voluntarily opt in or out of IP services.

The new Guidelines however require FIs to allow customers to opt in or out at any time, subject to Multi-Factor Authentication (MFA).

New customers will be onboarded in opt-in mode by default. While opted out, customers cannot perform instant online fund transfers from their account; however, such transfers remain available via a physical branch visit.

  1. FLEXIBILITY IN SETTING TRANSACTION LIMITS

Prior to establishing the Guidelines, the maximum transaction limits of N25,000,000.00 for individuals and ₦250,000,000.00 for corporate entities, were fixed, with no option for customers to set personalized limits within those thresholds.

The Guidelines will subsequently allow both individuals and corporate entities to adjust these limits as needed, subject to enhanced due diligence and appropriate risk management by the FI.

To ensure security, the new transaction limit takes effect only after the customer completes the Multi-Factor Authentication (MFA) process.

  1. LIVELINESS CHECKS AND ENHANCED SECURITY FOR ONLINE TRANSACTIONS
    The Guidelines provide that where a customer seeks to open an account online or reactivate an online account, the following enhanced security measures shall apply:

    • liveliness check of the online account;
    • real-time validation of BVN/NIN database for online account openings/reactivations;
    • enhanced authentication mechanisms such as biometric authentication, soft token, hard token, for online account reactivations.

    A liveliness check is a biometric security measure which confirms that a user is a live, physically present human rather than a photo, video, or deepfake—by analyzing facial traits like skin texture, eye movement, and depth during remote onboarding or transactions, thereby preventing spoofing attacks.

  2. FRAUD MONITORING FUNCTIONALITY

The Guidelines mandate that all FIs implement and activate enterprise-wide fraud monitoring functionality covering both in-flows and out-flows. This measure restricts suspicious transactions in real-time while enabling prompt fraud detection and response.

  1. MANDATORY DEVICE BINDING

Under the existing framework, customers can operate their mobile banking application concurrently on multiple devices. The new Guidelines restrict mobile banking applications to one active device at a time, prohibiting concurrent use across devices. Switching to a new device triggers automatic deactivation of the previous one, followed by re-activation and authentication.

  1. ADDITIONAL REQUIREMENTS

The Guidelines introduce the following measures for mobile financial services applications and internet banking:

  • New account owners: Upon activation of a mobile banking application, inflow and outflow transactions are limited for the first 24 hours, and FI’s shall set the limit not to exceed ₦20,000.00 (Twenty Thousand Naira).
  • Existing account owners: Upon activation of a mobile banking application, outflow transactions are limited for the first 24 hours, and FI’s shall set the limit not to exceed ₦20,000.00 (Twenty Thousand Naira)
  • First-time login on a new device for internet banking requires enhanced Multi-Factor Authentication (MFA).

Conclusion

The Central Bank of Nigeria’s (CBN) new Guidelines on Instant Payment Functionalities for Financial Institutions mark a significant advancement in safeguarding digital transactions nationwide.

Effective 1 July 2026, financial institutions (FIs) must implement these measures. Among other requirements, the Guidelines necessitates comprehensive security and Data Protection Impact Assessments (DPIAs) to ensure compliance with the Nigeria Data Protection Act 2023 particularly resulting from mandatory features like multi-factor authentication (MFA), facial recognition, and continuous transaction monitoring.

About us:

Pavestones is a full-service legal practice, licensed by the Nigeria Data Protection Commission as a Data Protection Compliance Organization. We provide quality and innovative legal and data protection  support across diverse industries, helping clients operate in compliance with applicable laws and regulations to drive sustainable business growth.

REGULATORY UPDATE: NDPC EXTENDS DATA AUDIT FILING DEADLINE

/in , /by

By Seun Timi-Koleolu and Omodele Fatodu

The Nigeria Data Protection Commission (“NDPC”) has announced an extension of the deadline for the filing of the 2025 Data Protection Compliance Audit Returns (“CAR”) from March 31 to May 30, 2026. Data Processors and Controllers of Major Importance (“DPCMIs”) are therefore encouraged to utilise this period to ensure that their data protection frameworks are aligned with regulatory expectations and to file their Compliance Audit Returns within the extended timeline.

DPCMIs should note that failure to file within the prescribed timeline will attract regulatory sanctions. In particular, late filing of the CAR is subject to a penalty of 50% of the applicable filing fee, in addition to the risk of further regulatory scrutiny or enforcement action by the NDPC.

  1.  Practical Steps During the Extension Period

To make effective use of the extended timeline, DPCMIs should consider the following:

  1. Data Mapping: Ensure that all personal data processing activities are clearly identified and documented, including the nature of data collected, purposes of processing, storage locations, and third-party disclosures.
  2. Policy Review: Review privacy policies and internal data protection procedures to confirm that they are up to date and aligned with regulatory requirements and actual data processing practices.
  3. Remediation of Prior Findings: Ensure that any identified gaps or recommendations from prior audits have been appropriately addressed and implemented.
  4. Engage a licensed Data Protection Compliance Organisation (DPCO): A licensed DPCO can conduct the data protection compliance audit and file the CAR on behalf of the organisation, helping to ensure that the audit meets NDPC expectations.
  1. Update on Filing Fees

DPCMIs are also reminded that the filing fees applicable to the CARs were revised under the General Application and        Implementation Directive, 2025 (“GAID”). The fees depend on the DPCMI category, as well as the number of data subjects processed by the organisation, as outlined below:

  1. Ultra-High Level DPCMI
    Tier A – 50,000 data subjects and above: N1,000,000
    Tier B – 25,000 – 49,999 data subjects: N750,000
    Tier C – below 25,000 data subjects: N500,000
  2. Extra-High Level DPCMI
    Tier A – 10,000 data subjects and above: N250,000
    Tier B – 2,500 – 9,999 data subjects: N200,000
    Tier C – below 2,500 data subjects: N100,000
  1. Further Guidance

For a more detailed overview of compliance obligations under Nigerian data protection laws, and the role of DPCOs, please refer to our previous publications:

Conclusion

The extension of the 2025 data audit filing deadline provides organisations with an extended opportunity to review their data protection practices and file their Compliance Audit Returns on time.

Pavestones is a full-service legal practice, licensed by the Nigeria Data Protection Commission as a DPCO. We provide support to organisations across diverse industries in conducting data protection compliance audits, preparing and filing Compliance Audit Returns, and ensuring alignment with the GAID and Nigeria Data Protection Act, 2023.

New CBN Measures on Diaspora Remittances: What They Mean for Market Participants

/in /by

BY ADERONKE ALEX-ADEDIPE AND PROMISE ITAH

Introduction

On March 24, 2026, the Central Bank of Nigeria (CBN) issued a circular on Measures to Further Deepen Diaspora Remittances and Compliance (the “Circular”). The Circular, which is effective from May 1, 2026, builds on the CBN’s revised guidelines for international money transfer services in Nigeria, and is aimed at enhancing  diaspora remittances, strengthening transparency, traceability, and effective monitoring of all remittance related transactions.

In this newsletter, we highlight the measures introduced by the CBN and assess their practical implications for participants.

What Are the New Measures?

The following measures have been prescribed by the CBN.

  1. Designated Naira Settlement Accounts: All transactions related to International Money Transfer Operators’ (IMTO) operations, including payments to beneficiaries and any settlements, must be processed through designated settlement accounts held with authorised dealer banks (ADBs or Banks). IMTOs may either open new accounts or use existing ones for this purpose and can maintain multiple naira settlement accounts based on their business needs. However, they are required to regularly provide the CBN with an updated list of these designated accounts through the Director of the Trade and Exchange Department.
  2. Account Funding Restrictions: The circular makes it clear that these settlement accounts can only receive money from remittances or foreign exchange transactions carried out by the IMTOs or their agents through authorized participants in the Nigerian Foreign Exchange Market (NFEM). This means that no other funds are allowed to be deposited into these accounts.
  3. Authorised Transfers to Other Market Participants and BDCs: To improve the flow of foreign exchange and support fair pricing, ADBs are permitted to process foreign currency transfers from IMTO settlement accounts to other ADBs and approved market participants, including licensed Bureau de Change (BDC) operators.
  4. Real-Time FX Pricing: IMTOs must set their remittance rates to reflect current market prices from Bloomberg’s BMatch platform rather than being set independently. By doing this, the CBN aims to ensure more accurate pricing, reduce information gaps between banks and IMTOs, and encourage greater use of the official FX market.
  5. Compliance and Record Keeping: In addition to complying with the above measures, all IMTOs (and ADBs) must strictly comply with anti‐money laundering and counter-terrorism financing rules. Detailed records of all remittance transactions (origins, amounts, beneficiaries, conversions, etc.) must also be kept for regulatory review and audit purposes.

 

What Are the Practical Implications?

The new measures may require certain operational changes. We have set out below, some key implications and action points for IMTOs, banks, BDCs and other stakeholders:

  1. IMTOs (Money Transfer Operators):

    In view of the above regulatory measures, IMTOs may require system upgrades and staff training and must also strengthen record-keeping and AML/KYC processes, maintaining detailed transaction logs for regulatory review.

  2. ADBs (Commercial Banks):

    ADBs should prepare for increased demand from IMTOs to open and manage multiple naira settlement accounts and streamline onboarding processes accordingly. Banks will also need to closely monitor these accounts to ensure they are used solely for remittance flows and comply with FX funding requirements, while supporting IMTOs in meeting AML/CFT obligations.

  3. BDCs:

    Since ADBs are permitted to process foreign currency transfers from IMTO settlement accounts, BDCs may engage ADBs and their IMTO partners to access this FX liquidity.

  4. General Market Effects:

    In general, the measures are expected to improve transparency by channeling remittance flows through the formal banking system, giving the CBN greater visibility into FX inflows. In the medium term, it is expected that this will reduce reliance on informal markets, support better rate alignment, and contribute to improved liquidity and stability in the FX market.

Conclusion

The CBN’s new measures on diaspora remittances are part of a series of significant steps toward formalising diaspora remittance flows and improving transparency in Nigeria’s foreign exchange market. By mandating designated settlement accounts, real-time pricing, and stricter compliance standards, the framework is expected to enhance liquidity, strengthen regulatory oversight, and reduce reliance on informal channels. While stakeholders will need to adjust their operations to meet the new requirements, the CBN expects that the reforms should, over time, support better price discovery and contribute to greater stability of the naira.