In recent years, the regulatory approaches that govern fintechs in Nigeria have also witnessed more pragmatic approaches and solutions. For instance, in June 2024, the SEC established a regulatory incubation programme for onboarding of virtual asset providers in Nigeria. The Finance Act, 2023 also expanded the scope of chargeable assets to include digital and virtual assets, formally recognising them in Nigeria. All these are regulations and policies (and more) that govern the operation of fintechs in Nigeria.
The Financial Technology (FinTech) industry in Nigeria has continued to witness a massive growth owing to so many reasons that include high mobile and internet penetration, a young and tech savvy population, and the solution that the fintech companies provide for the general public. Fintech startups continue to foster the transformation of the traditional banking system in Nigeria at an unprecedented pace and continue to advance the reach and efficiency of financial services within and beyond the country.
Meanwhile, the lack of a cohesive, single and unified regulatory framework for the fintech industry has made compliance become a daunting task, leaving fintech operators at the detriment of the ambiguous regulatory landscape. This calls for formal orientation and familiarity between the regulatory bodies, the regulations they make and the fintech companies.
In this article, closer attention will be paid to the essential anti-money laundering regulations and regulatory bodies that impact the operation of fintech startups in Nigeria.
REGULATORY BODIES FOR ANTI-MONEY LAUNDERING IN THE NIGERIAN FINTECH INDUSTRY
Explained below are regulatory bodies that are responsible for making laws that sees to the effectiveness of the fintech startups in Nigeria:
- The Central Bank of Nigeria (CBN): The CBN is Nigeria’s primary financial regulator and is responsible for issuing AML directives to banks, fintechs, and other financial institutions. The CBN oversees the enforcement of the Money Laundering (Prohibition) Act in the financial sector and issues guidelines to ensure compliance. Fintech companies offering financial services to Nigerian consumers must obtain the appropriate licences and comply with CBN’s applicable guidelines.
- Economic and Financial Crimes Commission: The EFCC is the primary law enforcement agency responsible for investigating and prosecuting money laundering, fraud, and other financial crimes in Nigeria. It works closely with other regulatory bodies to implement AML regulations and monitor fintechs. The EFCC established SCUML to monitor and enforce AML compliance among designated non-financial institutions (DNFIs), which often intersect with fintechs. SCUML requires fintechs and DNFIs to register, submit suspicious transaction reports (STRs), and implement AML measures.
- Nigerian Financial Intelligence Unit (NFIU): The NFIU is the central body responsible for collecting, analyzing, and sharing financial intelligence related to money laundering and terrorist financing in Nigeria. It operates independently but reports to the EFCC for enforcement purposes. The NFIU issues guidelines for submitting STRs and cash transaction reports (CTRs) and mandates fintechs to implement Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures.
- Security and Exchange Commission (SEC): the SEC is primarily responsible for regulating Nigeria’s capital markets, and fintech companies involved in investment or securities are under its purview. It enforces AML compliance for financial products such as crowdfunding, peer-to-peer lending, and other capital market-related fintech services. The SEC has AML/CFT guidelines for fintechs under its regulatory scope, requiring KYC, CDD, and reporting of suspicious activities to prevent money laundering in investment-related services.
- National Information Technology Development Agency (NITDA): NITDA oversees data privacy and cybersecurity in Nigeria’s tech space. While its primary function isn’t AML enforcement, NITDA ensures that fintechs comply with data protection laws through the Nigeria Data Protection Regulation (NDPR) and cybersecurity guidelines, which indirectly support AML by securing personal and financial information. The NDPR mandates fintechs to protect customer data, which aligns with AML objectives by securing the integrity of financial data used in AML compliance. The NDPR mandates fintechs to protect customer data, which aligns with AML objectives by securing the integrity of financial data used in AML compliance.
- Corporate Affairs Commission (CAC): Charged with the responsibility of registering businesses in Nigeria and enforcing compliance with corporate governance practices, the CAC the context of fintechs in Nigeria, ensures proper identification of beneficial owners, reducing the risk of anonymous entities that can be used for money laundering. By mandating that fintechs disclose their ownership structure, the CAC supports transparency and aids other regulatory bodies in AML monitoring.
These regulatory bodies collectively form Nigeria’s AML framework, focusing on financial integrity, transparency, and security in fintech operations. They enforce Know Your Customer (KYC), Suspicious Transaction Reporting (STR), and Customer Due Diligence (CDD) requirements while ensuring data protection and cybersecurity align with AML goals. Collaboration among these bodies is crucial to maintaining AML compliance in Nigeria’s rapidly growing fintech sector.
ANTI-MONEY LAUNDERING REGULATIONS THAT IMPACT FINTECHS IN NIGERIA
Although not together in a unified piece of framework, the fintech industry in Nigeria is governed by a robust set of Anti-Money Laundering (AML) regulations, with the sole objective of countering financial crimes and foster transparency and integrity within the financial ecosystem.
Below is an in-depth exploration of the major AML regulations impacting the fintech sector in Nigeria, each crafted to tackle unique aspects of money laundering, fraud, and financial transparency.
- Money Laundering (Prevention and Prohibition) Act, 2022: The MLPPA serves as the foundation of Nigeria’s AML regulatory landscape, with updated provisions that address modern financial challenges, including digital finance and fintech.  The Nigerian Money Laundering Act is hinged on the core principles of; Customer Due Diligence (CDD) – where fintech companies are required to verify the identity of their customers before establishing business relationships. This involves gathering identifiable information (e.g., ID, address, and financial background) and assessing the customer’s risk level; Enhanced Due Diligence (EDD) – which is for higher-risk customers, such as politically exposed persons (PEPs), fintechs must apply EDD, which requires more extensive background checks, close monitoring, and enhanced verification methods; Suspicious Transaction Reporting (STR) – that mandates fintechs to monitor and report transactions deemed unusual or suspicious. Transactions that lack a clear economic rationale or seem atypical for a customer’s profile are flagged and reported to the Nigerian Financial Intelligence Unit (NFIU) within 24 hours; Record Keeping – mandates that records of all transactions and CDD data must be retained for at least five years. This provision allows fintechs to support investigations if historical data is needed by regulators or law enforcement. The Act’s comprehensive approach ensures that fintechs monitor transactions carefully and keep an audit trail, which is crucial for tracing suspicious activities and preventing illicit financial flows.
- Central Bank of Nigeria (CBN) Anti-Money Laundering and Counter-Financing of Terrorism (AML/CFT) Regulations: The CBN oversees all financial institutions in Nigeria, including fintechs, to ensure adherence to AML/CFT standards aimed at curbing financial crime. The core requirements of the CBN AML/CFT regulations include KYC compliance, risk assessment, transaction monitoring and AML training for employees. By implementing these regulations, the CBN promotes a standardized approach to AML compliance across the financial ecosystem, including the fintech sector. This protects financial stability and ensures fintechs operate within a transparent, regulated framework.
- Nigerian Financial Intelligence Unit (NFIU) Guidelines: The NFIU is Nigeria’s central financial intelligence authority, providing regulatory guidelines that focus on reporting obligations, specifically for suspicious and large cash transactions. The reporting obligation of Nigerian fintechs include; Suspicious Transaction Reports(STRs), Currency Transaction Reports (CTRs, Data sharing collaboration. The NFIU’s regulatory measures encourage information sharing and collaboration between fintechs and government agencies, enhancing Nigeria’s capacity to prevent financial crimes.
- Anti-Terrorism (Prevention) Act, 2013: Although primarily designed to prevent terrorism financing, this Act directly influences AML obligations for fintechs, given the overlap between money laundering and terrorist funding activities. This Act mandates fintech companies to establish protocols to identify transactions potentially linked to terrorism financing, including screening customer profiles against international watchlists. It also mandates that fintechs must report any transactions or accounts suspected of terrorist connections.
- Central Bank of Nigeria (CBN) KYC Regulations: The CBN’s KYC regulations are a core component of Nigeria’s AML framework, focusing on verifying customer identity to prevent financial crime. This regulation is the framework that governs: Customer Identification – that requires fintechs to collect key customer information, including names, addresses, and national identification numbers, to confirm identity. This minimizes the risk of fraudulent accounts and ensures that fintechs understand their customers. This regulation also directs fintechs to adopt a risk based approach to the KYC process.
- Foreign Exchange (Monitoring and Miscellaneous Provisions) Act, 1995: This Act governs the flow of foreign exchange within Nigeria and is relevant to fintechs engaged in cross-border transactions or foreign currency services. This Act mandates that Fintechs must adhere to limits on cross-border and foreign exchange transactions, ensuring transparency and adherence to AML principles, and that fintechs must also report high-value forex transactions to regulators, helping track cross-border flows that could be linked to laundering or other illicit activities.
- Nigerian Data Protection Regulation (NDPR), 2019: While the NDPR primarily governs data privacy, it intersects with AML compliance as fintechs must handle and share customer data securely. The NDPR provides guidelines for data security, data processing consent, data retention and disposal and outlines their intersection with Anti-money laundering.
These regulations create a robust Anti-Money Laundering framework that fintechs in Nigeria must navigate to operate compliantly. From rigorous customer verification processes to real-time transaction monitoring and secure data handling, Nigerian fintechs are mandated to implement stringent controls that collectively contribute to a transparent and secure financial system. Compliance with these regulations not only shields fintechs from legal repercussions but also builds trust, making Nigeria’s fintech industry safer and more reliable.
For fintech founders and leaders, AML compliance isn’t just a regulatory box to tick—it’s a strategic priority that fosters customer trust and supports business continuity. Navigating the seemingly ambiguous landscape of Anti-money laundering is a herculean task and it is my duty to ease your company of the stress. Reach out to me on olamidat@gmail.com and let us begin a journey towards a compliant company.
