The first half of 2026 brought one of the busiest regulatory periods Nigeria’s financial sector has seen in recent years. From device binding and data localisation to stricter anti-money laundering standards and sanctions screening, the Central Bank of Nigeria (CBN) issued a steady stream of directives that reached almost every corner of the industry.
The impact, however, was far from equal.
Some institutions only needed to adjust existing processes. Others faced changes that reached into their tech infrastructure, customer onboarding, compliance systems and day-to-day operations. Looking across the directives, there is a clear pattern. The closer an institution sits to Nigeria’s payment infrastructure and customer-facing financial services, the broader the regulatory burden it carried.
Commercial banks had the broadest compliance burden
If there was one group affected by almost every major directive issued in H1 2026, it was deposit money banks.

Commercial banks were required to implement device binding for digital channels, strengthen sanctions screening, comply with new Ultimate Beneficial Ownership (UBO) requirements, and align with the revised Guide to Charges. They were also required to adopt the Baseline Standards for Automated AML/CFT/CPF solutions, implement updated Point-of-Sale geo-fencing requirements and support new frameworks for failed airtime and data transactions. They remained central to the CBN’s revised foreign exchange arrangements involving Bureau de Change operators.
Which institutions were affected by which directive?
| Directive | DMBs | Fintechs | MMOs | PSPs | Switches | BDCs | MFBs |
|---|---|---|---|---|---|---|---|
| Device binding | ✓ | ✓ | ✓ | ✓ | |||
| Data localisation | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| UBO | ✓ | ✓ | ✓ | ✓ | |||
| AML Baseline | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Sanctions | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Guide to Charges | ✓ | ✓ | ✓ | ✓ | |||
| NFEM | ✓ | ✓ | |||||
| Geo-fencing | ✓ | ✓ | ✓ | ✓ | ✓ | ||
| Failed airtime framework | ✓ | ✓ |
That breadth reflects the position banks occupy within Nigeria’s financial system. They hold deposits, issue payment instruments, settle transactions, provide foreign exchange services and serve as compliance anchors for much of the wider financial ecosystem.
Unlike institutions with narrower licences, banks rarely found themselves outside the scope of a major circular.
Digital banks and fintechs faced the biggest tech overhaul
Digital-first financial institutions encountered a different kind of challenge.
Many of the significant H1 2026 directives required changes not only to compliance manuals but also to software.
The device-binding directive required financial institutions to strengthen the relationship between customers, their registered devices and digital banking services. The data localisation directive affected where sensitive financial data could be stored and processed. UBO requirements reshaped corporate onboarding, while the new AML standards set minimum expectations for automated monitoring systems to detect suspicious activity in real time.
For digital banks and fintechs whose products are built around fast onboarding and cloud-native infrastructure, these were operational requirements rather than administrative exercises.
Instead of changing policies alone, many would have needed to update authentication systems, customer verification processes and backend infrastructure to align with the new rules.
Payment infrastructure providers quietly received some of the deepest obligations
The institutions that move money behind the scenes rarely receive public attention.
Yet several H1 directives landed squarely on payment switches, processors and payment service providers.
The revised geo-fencing requirements for POS terminals required institutions to monitor terminal locations within an updated 70-metre radius, replacing the earlier 10-metre requirement and extending the implementation deadline to August 1, 2026.
The draft framework for failed airtime and data transactions introduced defined responsibilities across banks, payment service providers and mobile network operators while setting expectations for transaction status updates and reversals.
These measures did not directly affect most consumers. They strengthened the systems responsible for keeping electronic payments reliable and traceable.
Bureau de Change operators experienced fewer directives, but one major policy shift
Unlike banks, Bureau de Change operators were not touched by every regulatory update.
The most significant development came when the CBN permitted licenced BDCs to access foreign exchange through authorised dealer banks within the Nigerian Foreign Exchange Market (NFEM).
The approval expanded access to the official market while introducing tighter rules around customer identification, reporting obligations, settlement procedures and the return of unused foreign exchange balances within 24 hours.
Rather than increasing the number of rules affecting BDCs, the CBN altered one of the sector’s most important operating channels.
| Institution | Device | AML | Data | UBO | Geo | Charges | Total |
|---|---|---|---|---|---|---|---|
| Commercial Banks | High | High | High | High | Medium | High | Very High |
| Digital Banks | High | High | High | High | Low | Medium | Very High |
| MMOs | High | High | High | Medium | Medium | Medium | High |
| BDCs | Low | Medium | Low | Medium | Low | Low | Medium |
Consumers also felt the effects
Not every directive targeted financial institutions alone.
Some were designed to directly change the customer experience.
The revised Guide to Charges updated the fees that regulated institutions may apply while strengthening disclosure requirements across commercial banks, microfinance banks, payment service banks and mobile money operators.
The draft framework on failed airtime and data purchases aimed to reduce one of the most common customer complaints by defining responsibilities for reversals and failed transactions.
Device binding also introduced additional authentication steps for some digital banking activities, reflecting the CBN’s increasing emphasis on preventing account compromise before it occurs.
Although customers may notice these measures differently from those of regulated institutions, they remain part of the same regulatory shift.
4 themes explain where the CBN focused its attention
Looking across the first half of the year, the directives cluster around four priorities.
The first is identity. Device binding, UBO requirements and stronger sanctions screening all seek to improve the financial system’s understanding of who is opening accounts and conducting transactions.
The second is infrastructure. Data localisation, POS geo-fencing and payment system requirements focus on strengthening the resilience and visibility of the country’s financial rails.
The third is continuous compliance. The AML baseline standards make clear that institutions remain responsible for compliance regardless of the technology they deploy, while expecting automated monitoring rather than periodic checks.
The fourth is consumer protection. Updated charge guidelines and the framework for failed airtime and data transactions place greater emphasis on transparent pricing and clearer operational responsibilities.

Taken together, these priorities explain why some institutions had to change more than others.
Commercial banks bore the heaviest regulatory burden because they operate across nearly every regulated activity. Digital banks and fintechs faced extensive tech-driven adjustments because many of the new requirements centred on digital infrastructure. Payment service providers absorbed new operational obligations that strengthened the reliability of electronic payments, while Bureau de Change operators navigated targeted reforms to their participation in the foreign exchange market.
The H1 directives were concentrated where the CBN believes financial stability, fraud prevention and consumer confidence are built—inside the systems that move money, verify identity and keep Nigeria’s digital financial infrastructure running.