102

Introduction

Banking regulation in Nigeria aims to ensure financial stability, protect depositors, prevent abuse of the financial system, and foster confidence in the banking sector. With increasing complexity arising from digital banking, FinTech growth, money-laundering threats, liquidity pressures, and macroeconomic volatility, regulators have strengthened both prudential and non-prudential supervision. Risk management and compliance now sit at the heart of the regulatory framework.

Legal and Regulatory Framework

Here are the principal laws, regulatory bodies, and guidelines governing banking in Nigeria:

Component Description / Role
1. Central Bank of Nigeria (CBN) The primary regulator of banks and other financial institutions. It issues prudential guidelines, supervises banking operations, enforces compliance, and sets capital and liquidity requirements.
2. Banks and Other Financial Institutions Act (BOFIA) 2020 Provides the legal basis for licensing, regulation, supervision, and resolution of banks and other financial institutions, and defines the CBN’s regulatory powers.
3. Companies and Allied Matters Act (CAMA) 2020 Governs incorporation, corporate governance, disclosure, and other company-law obligations applicable to banking institutions.
4. Anti-Money-Laundering / Combating Financing of Terrorism (AML / CFT) Laws Includes the Money Laundering (Prevention and Prohibition) Act 2022, CBN AML/CFT/CPF Regulations 2022, and the Terrorism (Prevention and Prohibition) Act 2022. The Nigeria Data Protection Act (NDPA) 2023 establishes the Nigeria Data Protection Commission (NDPC), while the Nigerian Financial Intelligence Unit (NFIU) Act 2018 creates the NFIU for financial-intelligence functions. These laws are enforced alongside the EFCC Act.
5. Regulatory and Supervisory Guidelines / Circulars by CBN Cover areas such as capital adequacy, credit risk, liquidity, foreign exchange, agent banking, cybersecurity, and digital-banking operations. Circulars are issued frequently to address emerging risks.

Key Regulatory Requirements

1. Capital Adequacy & Recapitalisation

The CBN requires banks to maintain a minimum capital base relative to their licence category. In March 2024, it announced revised minimum paid-up share capital thresholds:

  • International Commercial Banks – ₦500 billion
  • National Commercial Banks – ₦200 billion
  • Regional Commercial Banks – ₦50 billion

Banks are submitting recapitalisation plans to meet these thresholds.

2. Liquidity Requirements

Banks must maintain sufficient liquidity to meet short-term obligations. The CBN sets liquidity ratios, mandates stress testing, and requires contingency-funding plans. Supervisory reviews ensure compliance with prudential benchmarks.

3. Credit Risk Management

The Credit Reporting Act 2017, the CBN Credit Risk Management System (CRMS), and licensed Credit Bureaux enable the aggregation and sharing of borrower credit information. This framework enhances creditworthiness assessment, prevents multiple exposures to the same obligor, and reduces systemic credit-default risk.

4. Agent Banking / Bank Agents

Agent Banking is governed by the CBN Agent Banking Guidelines, updated in the Consolidated Guidelines for Agent Banking (2025). The framework regulates how banks engage third-party agents to deliver financial services, including mobile-money and digital-payment channels. It requires banks to:

  • Conduct agent due diligence and risk assessment;
  • Monitor agent transactions and volumes;
  • Set transaction and liquidity limits; and
  • Define contractual and liability arrangements to mitigate operational, legal, reputational, and liquidity risks.

5. Corporate Governance

Corporate governance in Nigerian banks is primarily governed by the CBN Corporate Governance Guidelines (effective 1 August 2023) and BOFIA 2020. These mandate effective board oversight, independent directors, robust internal controls, audit and risk-management committees, compliance functions, and transparent reporting systems. Non-compliance attracts sanctions such as fines, directive orders, or suspension of board members.

6. AML / CFT / KYC

Banks must comply with the Money Laundering (Prevention and Prohibition) Act 2022, Terrorism (Prevention and Prohibition) Act 2022, CBN AML/CFT/CPF Regulations 2022, and Customer Due Diligence Regulations 2023. Obligations include:

  • Customer and beneficial-ownership verification (Know Your Customer – KYC);
  • Ongoing monitoring of transactions;
  • Enhanced due diligence for Politically Exposed Persons (PEPs);
  • Reporting of suspicious transactions to the NFIU; and
  • Record-keeping and data-protection compliance under the NDPA 2023.

7. Disclosure & Transparency

Banks must file accurate prudential returns to the CBN, make risk and financial disclosures under BOFIA 2020, and comply with Financial Reporting Council (FRC Nigeria) standards and IFRS. Public disclosures enhance transparency and market discipline.

8. Risk Management Frameworks

Banks must maintain enterprise-wide risk-management systems covering credit, market, operational (including ICT and cyber), liquidity, legal, reputational, and environmental & social risks, in line with the Nigerian Sustainable Banking Principles.

Emerging and Recent Regulatory Trends

  • AML / CFT / Cybersecurity Supervision: Heightened inspections, spot checks, and sanctions for weak compliance.
  • Foreign Exchange Market Reforms: Following the 14 June 2023 FX circular, CBN unified exchange markets under a willing-buyer–willing-seller system. In October–November 2024, it launched the Electronic Foreign Exchange Matching System (EFEMS) to improve transparency and efficiency in FX transactions.
  • Bureaux de Change Regulation: In March 2024, CBN revoked 4,173 BDC licences for non-compliance with AML/CFT obligations and reporting requirements.
  • FinTech and Digital Bank Oversight: CBN and NDPC are strengthening frameworks for licensing, data protection, cybersecurity, and KYC in digital financial services.
  • Enforcement and Sanctions: Recent actions include Heritage Bank’s licence revocation (June 2024) and Fidelity Bank’s ₦555.8 million fine (Aug 2024) by the NDPC for data-privacy breaches.

Risk Management in Practice

  1. Governance & Oversight Structures – Boards, audit and risk committees, and compliance departments maintain oversight; internal audit functions test control effectiveness.
  2. Risk Identification & Assessment – Periodic assessments, stress testing, and monitoring of macroeconomic indicators (inflation, FX, interest-rate risk).
  3. Control Mechanisms & Mitigation – Policies, limits, contingency planning, and RegTech tools for monitoring and fraud detection.
  4. Monitoring & Reporting – Internal/external audits, regulatory reporting to CBN, NFIU, EFCC, and early-warning systems through key-risk indicators.
  5. Training & Compliance Culture – Regular staff training, ethical conduct, and whistle-blowing frameworks promote a “tone-at-the-top” culture.
  6. Crisis Management & Recovery Planning – Business-continuity plans and regulatory resolution mechanisms (merger, bridge-bank, or liquidation under BOFIA 2020 / NDIC Act) ensure orderly recovery or exit where necessary.

Challenges / Risks to Effective Compliance

  • Frequent regulatory updates and circulars
  • High cost of compliance technology and staffing
  • Limited capacity in smaller institutions
  • Data-quality and integration issues
  • Growing cybersecurity and digital-fraud exposure
  • Macroeconomic shocks affecting capital and liquidity positions

Recent Regulatory Actions

  • Heritage Bank (2024): Licence revoked for insolvency; NDIC appointed liquidator.
  • BDC Mass Revocations (2024): 4,173 licences withdrawn for AML/CFT and reporting failures.
  • Recapitalisation Plans (2024–2026): Banks directed to meet new paid-up share-capital thresholds.
  • Data Protection Enforcement (2024): NDPC fined Fidelity Bank ₦555.8 million for breaches of the NDPA 2023.

Best Practices & Recommendations

  1. Adopt Integrated Risk-Management Frameworks – Combine prudential, operational, and cyber-risk management into unified ERM systems.
  2. Invest in RegTech & Automation – Deploy analytics, AML/KYC automation, and fraud-detection tools.
  3. Strengthen Data Governance – Ensure reliable, timely data and seamless credit-bureau integration.
  4. Continuous Training & Ethical Culture – Regular staff updates and leadership accountability.
  5. Scenario Analysis & Stress Testing – Prepare for FX shocks, inflation, and liquidity stress.
  6. Regulatory Engagement – Maintain dialogue and feedback loops with CBN, NDIC, NDPC, and NFIU.
  7. Prioritise Cybersecurity & Third-Party Risk – Secure digital platforms and vendor ecosystems.

Conclusion

Nigeria’s banking-regulatory landscape is comprehensive, spanning prudential, operational, AML/CFT, governance, and disclosure requirements. Effective risk management today demands not only compliance but anticipation of emerging risks and the embedding of compliance within corporate culture. As reforms by the CBN, NDIC, NDPC, and NFIU deepen, banks must continuously modernise their systems, strengthen governance, and leverage technology to maintain resilience in an evolving financial environment.

References

Taiwo Adedoyin – Executive Associate

Lateepha Dauda – Associate

Sharing is caring!

Write a Comment