For Nigeria’s financial sector, the first half of 2026 was less about new licences or flashy product launches and more about rules. Between January and June, the Central Bank of Nigeria (CBN) issued many directives that touched almost every corner of the financial system, from how customers access their accounts to how banks monitor suspicious transactions, store data, handle foreign exchange, and protect consumers.
Viewed individually, each circular addressed a specific issue. Taken together, they reveal something bigger.
The CBN is moving towards a financial system where institutions are expected to prove compliance continuously rather than periodically, prevent fraud before it happens instead of responding afterwards, and adopt stronger governance standards that increasingly mirror global regulatory expectations.
Here are the most notable directives that shaped Nigeria’s financial sector in the first half of 2026.
1. Device binding became mandatory
One of the most consumer-facing directives of H1 2026 was the introduction of mandatory device binding for digital financial services.

The directive requires financial institutions to strengthen the relationship between a customer, their registered device and their account before certain digital transactions can be completed.
While customers may experience additional verification when changing phones or attempting to log in from unfamiliar devices, the objective is to make it significantly harder for fraudsters to hijack accounts through SIM swaps, stolen credentials or social engineering.
For banks and fintechs, this meant redesigning onboarding and authentication processes. For customers, it introduced another security layer that may occasionally add friction but is designed to reduce one of Nigeria’s fastest-growing fraud vectors.
Why it matters
The CBN is signalling that passwords and one-time passwords are no longer enough. Digital identity must be tied to trusted devices.
2. Data localisation became a regulatory priority
Another major shift was the CBN’s push for stronger data localisation requirements.
For years, many Nigerian financial institutions relied heavily on foreign cloud infrastructure to store and process customer information. The latest directive raises expectations around where critical financial data resides and how institutions manage operational resilience.

Although data localisation often sounds like a technical issue, its implications extend much further. Banks and fintechs may need to rethink cloud providers, disaster recovery plans, cybersecurity architecture and infrastructure spending.
Customers are unlikely to notice immediate changes, but the directive reflects the regulator’s growing focus on keeping critical financial infrastructure within Nigeria’s regulatory reach.
Why it matters
This isn't simply about where data is stored. It is about who controls critical financial infrastructure when something goes wrong.
3. The CBN wants to know who really owns companies
The introduction of stronger Ultimate Beneficial Ownership (UBO) requirements marks another important change.
Historically, financial institutions mainly verified the company opening an account. Under the new requirements, they are increasingly expected to identify the individuals who ultimately own or control that business, even where ownership passes through several layers of corporate entities.
The change aligns Nigeria more closely with international anti-money laundering standards and makes it harder for shell companies to hide behind complex ownership structures.

Banks now face greater due diligence obligations, particularly for corporate customers and higher-risk sectors.
Why it matters
Knowing a company's registered name is no longer enough. Institutions are increasingly expected to know who ultimately sits behind it.
4. Buying expensive compliance software is no longer enough
Among the most significant regulatory documents issued this year were the Baseline Standards for Automated AML, CFT and CPF solutions.
On the surface, the circular appears highly technical. Its broader message, however, is remarkably simple.
The CBN repeatedly makes it clear that institutions cannot outsource compliance simply because they purchased sophisticated software. Banks remain responsible for ensuring their anti-money laundering systems actually work, regardless of the tech vendor involved. Institutions that rely on manual workarounds or unsupported claims of compliance risk failing supervisory assessments, and implementation roadmaps must be submitted within the prescribed timeline.
This shifts regulatory attention away from whether a bank has an expensive AML platform and towards whether that platform genuinely detects suspicious activity.
Why it matters
Tech has become an expectation, not proof of compliance. The regulator is increasingly measuring outcomes rather than software purchases.
5. Sanctions screening became much stricter
The CBN also strengthened expectations around sanctions compliance through directives relating to Nigerian sanctions lists and international obligations.
Financial institutions are expected to improve customer screening, monitor beneficial owners, identify sanctioned individuals quickly and comply with reporting obligations where matches are found. The framework reinforces that sanctions compliance is not limited to international banks but applies across regulated institutions.
While most customers will never encounter these systems directly, they form part of the invisible infrastructure protecting the financial system from terrorist financing, proliferation financing and organised financial crime.
Why it matters
Compliance is becoming more proactive. Institutions are increasingly expected to identify risks before regulators do.
6. Bureau de Change operators returned to the official market under tighter rules
The CBN reopened access for licenced Bureau de Change operators to purchase foreign exchange through authorised dealer banks under the Nigerian Foreign Exchange Market (NFEM).

The move aims to improve liquidity within the retail foreign exchange market while imposing stricter controls around KYC, settlement, reporting and transaction limits. BDCs are also required to return unused balances to the market within 24 hours rather than holding positions indefinitely.
The directive represents another attempt to balance market liquidity with tighter regulatory oversight.
Why it matters
The CBN is trying to improve access to retail foreign exchange without returning to a less controlled market structure.
7. The CBN rewrote how banks can charge customers
The revised Guide to Charges is much more than a pricing document.
It updates the rules governing fees across commercial banks, microfinance banks, payment service banks, mobile money operators and several other regulated institutions. It also strengthens disclosure requirements, phases down current account maintenance fees over time and introduces additional compliance responsibilities for financial institutions.
For consumers, the practical effect is greater transparency around what institutions can and cannot charge.
For banks, it requires closer coordination between compliance and tech teams to ensure systems apply only permitted charges.
Why it matters
Consumer protection is increasingly being enforced through system design rather than relying on complaints after customers are charged incorrectly.
8. Failed airtime and data transactions received a formal framework
Anyone who has lost money buying airtime or mobile data knows the familiar cycle of being referred from the bank to the telecom provider and back again.
The proposed framework seeks to reduce that confusion by defining responsibilities across banks, payment service providers and mobile network operators while introducing timelines for transaction updates and reversals.
Instead of leaving customers to determine who is responsible for a failed purchase, the framework creates a clearer operational process for resolving disputes.
Why it matters
Sometimes the most important regulations are the ones ordinary people actually notice.
9. POS terminals will become much harder to move unnoticed
The CBN also updated its geo-fencing requirements for Point-of-Sale terminals.
Following industry engagement, the permitted geo-fence radius was increased from 10 metres to 70 metres while enforcement was extended to August 1, 2026. Financial institutions are expected to resolve operational issues and submit evidence of compliance before enforcement begins.

Although technical, the directive supports broader efforts to reduce fraud involving relocated or improperly deployed payment terminals.
Why it matters
The regulator increasingly wants to know not only who owns a payment terminal but where it is operating.
What H1 2026 tells us about the CBN
Perhaps most importantly, the CBN is aligning more closely with international standards on sanctions, beneficial ownership, anti-money laundering and governance while adapting those principles to Nigeria’s financial system.
Taken together, these directives point to a regulator with a noticeably different focus. Fraud prevention now receives greater attention than fraud response. Also, tech is no longer treated as a competitive advantage but as a regulatory expectation and compliance is shifting from paperwork to continuous monitoring.
Individually, each circular addresses a different problem. Together, they outline the direction the regulator wants Nigeria’s financial sector to follow.