INTRODUCTION
Nigeria’s financial technology (fintech) industry did not arrive at fragmented regulation by accident. It is the by-product of growth that was faster, wider, and more systemic than any single existing regulator was designed to handle. 9 leading fintech firms in Nigeria command a combined valuation of approximately $10.6 billion. Over 430 companies operate in the ecosystem. In 2024 alone, Nigeria’s mobile money and digital payment platforms processed approximately 3.9 billion transactions valued at about ₦71.5 trillion. Yet, no single statutory authority regulates it all. This is the problem the Nigerian Fintech Regulatory Commission Bill (the Bill) seeks to solve. Passed for second reading on October 28, 2025 and revisited at a public hearing on March 3, 2026, the Bill proposes a single independent body, the Nigerian Fintech Regulatory Commission (NFRC), to license, supervise and regulate fintech activities in Nigeria.The goal is clear; the solution, however, raises significant legal and operational questions.
WHAT HAS MADE THE BILL NECESSARY?
Depending on the nature and or scale of their operations, fintech companies in Nigeria currently answer to some or all of the following[1]:
1. Corporate Affairs Commission (CAC) for incorporation and corporate status management.
2. Nigeria Investment Promotion Commission (NIPC) for fintechs with foreign participation.
3. Nigeria Revenue Service (NRS) for Federal taxation
4. States’ Internal Revenue Services for States’ taxes.
5. Central Bank of Nigeria (CBN) for payments, licensing and prudential supervision.
6. Securities and Exchange Commission (SEC) for capital markets activity and virtual assets under the Investment and Securities Act, 2025 (ISA).
7. Nigeria Deposit Insurance Corporation (NDIC) for fintech’s with deposits operations.
8. Federal Competition and Consumer Protection Commission (FCCPC) for consumer protection and digital lending under the Digital, Electronic, Online or Non-Traditional Consumer Lending Regulations 2025 (DEON).
9. Nigerian Communications Commission (NCC) for mobile-linked services.
10. Nigeria Data Protection Commission (NDPC) for personal data protection.
11. National Information Technology Development Agency (NITDA) for data governance and digital infrastructure.
12. National Office for Technology Acquisition and Promotion (NOTAP) for foreign technology transfers.
The result has been precisely what one would expect: overlapping compliance calendars, conflicting supervisory expectations, inconsistent licensing standards, and a compliance cost structure that disproportionately burdens earlier-stage operators who lack the in-house legal capacity to manage multiple regulatory relationships simultaneously.
WHAT SHOULD THE NFRC MEAN FOR OPERATORS, FINANCIAL INSTITUTIONS + INVESTORS?
For fintech 0perators and payment providers, there is a need to have a model for a dual-licensing environment, even if there is no expectation for the Bill to pass in its current form. This means mapping your existing regulatory footprint, that is, every CBN authorisation, every SEC registration, every FCCPC notification, and then assess how an NFRC licensing obligation would interact with each. There is also a need to review your compliance structures and governance frameworks for gaps against the Bill’s proposed mandatory requirements, including dedicated in-house compliance counsel and periodic technology audits.
Financial institutions are not exempt in this conversation. For banks and financial institutions with fintech partnerships, assess whether your fintech-linked activities or structures fall within the NFRC’s proposed licensing scope. The Bill’s open banking and interoperability provisions, if retained, could reshape competitive dynamics in payments and digital lending. Contractual arrangements with fintech partners should be reviewed for regulatory change provisions.
For investors, the Bill’s intent is broadly investor-positive: a more coherent regulatory framework, clearer market structure, reduced compliance arbitrage. The structural risks, that is, dual licensing, overboard discretion and constitutional vulnerability are material until resolved.
MORE RECENT UPDATES
The Bill now sits before the following 5 of Nigeria’s House of Representatives’ (House) Committees (Joint Committee Hearing): Digital and Electronic Banking, Banking Regulations, Science and Technology, Communications, and Capital Market and Other Financial Institutions. The Joint Committee stage is where the serious drafting work happens, where stakeholder memoranda are tested, amendments proposed, and fundamental structural choices made. The Committees’ Report will be critical.
While the House advances the Bill, the Senate has moved in precisely the opposite direction. The Senate’s approach is to amend the Bank and Other Financial Institutuions Act 2020 (BOFIA) to formally designate qualifying fintechs as systemically important institutions, establish a national registry for transparency and beneficial ownership, and strengthen risk-based supervision within the existing CBN framework.
The Senate’s approach is indeed narrower and only contemplates a CBN oversight for an ecosystem that requires a one-stop shop in regulation. The die is cast in the path of a potential amendment to BOFIA while the Bill and the resulting NFRC still scales through. Did we hear ‘over-regulation’?
CONCLUSION
More than before, fintech companies and associations need to pay closer attention to the legislative menu by being at the table; else! No gainsaid that enhanced and formal legislative laision and consultations are recommended for Nigeria fintech companies and associations, including and especially during the current legislative birthing of the Bill.
At AO2LAW, we maintain a foremost Government Liaison Practice including for legislative engagements. Situated within our Commercial and Criminal Law Practice Group (CCLP), our Practice brings to bear our expertise in policy formation, legislative guidance and drafting, all of which ensures our Clients’ concerns are heard, effectively, in the law-making process.
For further information on the foregoing (none of which is a legal advice) or related matters, please generally contact us at cclp@ao2law.com, or specifically contact the authors
[1] We have left out the Fintech Association of Nigeria which exists as an elective self-regulating private-sector coordinating body, with no statutory authority.
Please do not treat the foregoing as legal advice as it only represents the public commentary views of the authors. All enquiries about this should please be directed at the key contacts
