Operating a diaspora payment platform in Nigeria requires careful attention to regulatory licensing and data protection obligations. Compliance is not merely procedural; it directly shapes how such platforms must be structured and operated.
Regulatory Licensing and Licensing Structures
To operate legally, platforms must obtain appropriate licensing from the Central Bank of Nigeria (CBN).
International Money Transfer Operators (IMTO) Licence
- International Money Transfer Operators (IMTOs) are licensed only to handle incoming funds from abroad.
- The CBN set this rule to track foreign currency and stabilize exchange rates.
- All transfers must be paid in Naira, either by cash pickup or bank deposit.
- Sending money out of Nigeria requires a different license, rarely granted to non-banks.
- Banks and fintechs may act as agents for approved IMTOs.
Revised BDC Guidelines
- The CBN introduced a two-tier licensing system for Bureau De Change (BDC) operators.
- Tier 1 covers national operators, while Tier 2 applies at the state level, both with stricter standards.
- BDCs can now serve as cash-out points for IMTO transactions, provided they are digitally processed.
- Systems must connect directly with the CBN and national payment platforms for real-time tracking.
- Partnerships with diaspora platforms require identity checks and due diligence to prevent misuse.
Fintech companies are required to follow the updated licensing categories set for the Nigerian payments system, which often involves upgrading their permits to national licenses to ensure they remain in compliance.
Mandatory Compliance Frameworks
Recent directives have strengthened oversight to curb fraud and ensure secure remittances.
ISO 20022 Standard
- The CBN has introduced a directive requiring the adoption of the ISO 20022 messaging standard and the mandatory geo-tagging of payment terminals to improve transparency, data quality, and oversight.
- By adopting the ISO 20022 global standard, the central bank ensures payment data is richer and more accurate across the system.
- This rule applies to all payments but is especially critical for diaspora remittances and cross-border transfers, where detailed information improves transparency.
- Alongside this, every payment terminal must now be geo-tagged to a physical location.
- This helps regulators track activity more effectively and strengthens fraud prevention across the ecosystem.
Data Protection
- The Nigeria Data Protection Commission (NDPC) enforces strict compliance under the Nigeria Data Protection Act (NDPA) to safeguard personal information.
- Fintechs must register as data controllers or processors of major importance due to the high volume of sensitive financial data they handle.
- A Data Protection Officer is required, with annual audits submitted by March 15.
- Platforms must obtain clear user consent, secure data storage, and report breaches within 72 hours. Non-compliance can result in heavy fines, legal action, and business disruption.
Diaspora-Specific Financial Products
The CBN has introduced specific accounts for diaspora Nigerians: the Non-Resident Nigerian Ordinary Account (NRNOA) and the Non-Resident Nigerian Investment Account (NRNIA).
- The NRNOA supports daily financial needs in local or foreign currency.
- The NRNIA allows investment in Nigerian assets.
- Both accounts permit conversion at official CBN rates and full repatriation of funds abroad. They provide flexibility for diaspora Nigerians to manage earnings and investments seamlessly.
Operational Requirements and Risk Management
- Payment platforms must follow strict KYC rules, verifying identities through national databases and due diligence.
- Approved IMTOs can access foreign exchange via the CBN or authorized dealer banks.
- All remittances must arrive in foreign currency but are paid out in Naira, either as cash or bank deposits.
- Disputes are handled under the E-payment Dispute Arbitration Framework, offering quick resolution outside the courts.
Key Regulatory Bodies
Central Bank of Nigeria (CBN)
- The CBN is the primary regulator of financial services.
- It issues licences under BOFIA 2020 and the CBN Act 2007.
- Fintechs must obtain appropriate licences and comply with its guidelines.
Nigeria Data Protection Commission (NDPC)
- The NDPC enforces the Nigeria Data Protection Act (NDPA).
- In March 2025, it issued the GAID directive, effective September 19, 2025.
- Fintechs handling Nigerian data must register as controllers or processors of “major importance.”
- Annual audits are required, and cross-border transfers must use approved safeguards like adequacy decisions, contractual clauses, or explicit consent.
Securities and Exchange Commission (SEC)
- The SEC regulates Nigeria’s capital markets under the ISA.
- Fintechs raising public funds must register securities with the SEC.
- In 2022, it introduced Rules on Digital Assets and later launched ARIP for firms awaiting VASP licences.
- The ISA 2025 now requires all digital assets and exchanges to be registered, treating them as regulated securities to protect investors and ensure transparency.