Nigeria’s fintech regulation: Why the Senate is rewriting rules just 5 years after BOFIA 2020

The Nigerian Senate’s fresh move to amend the Banks and Other Financial Institutions Act to ‘accommodate fintech’ barely five years after President Muhammadu Buhari signed BOFIA 2020 into law raises uncomfortable questions about whether the celebrated legislation of November 2020 was truly as comprehensive as its architects claimed.

Senator Adetokunbo Abiru’s assertion that fintech companies now pose systemic risks equal to or greater than traditional banks suggests that the 2020 Act, despite its much-touted provisions on financial technology regulation, failed to anticipate or adequately address the explosive growth of Nigeria’s digital finance ecosystem.

Senator Tokunbo Abiru

The fintech provisions that BOFIA 2020 delivered

When President Buhari (late) described BOFIA 2020 as a historic and significant achievement, the legislation introduced explicit provisions for regulating fintech companies for the first time in Nigerian banking law.

Section 57 of the Act prohibited any person from carrying on specialised banking or the business of other financial institutions, including fintech operations, except as a company duly incorporated in Nigeria holding a valid Central Bank of Nigeria licence.

Section 69 went further, mandating that no person shall carry on any fintech business in Nigeria except if duly incorporated and licensed under the Act, with detailed provisions for licence applications.

The 2020 law expanded CBN’s regulatory breadth to cover what it termed other financial institutions, explicitly capturing fintech companies under banking supervision.

Read also: Nigeria’s fintech bill passes second reading: major elements to look out for

Section 61 applied the full weight of Chapter A provisions, including offences, penalties and CBN powers, to these entities with necessary modifications.

The Act granted the CBN Governor authority under Section 31 to appoint directors charged with supervisory functions over regulated entities, providing flexibility to oversee fintech companies based on their specific competencies.

It addressed cybersecurity concerns, imposed requirements for information display and website advertisements, and established penalties for regulatory violations in the financial system.

Yet here we are in December 2025, with the Senate declaring that large fintech operators have evolved into systemic risks capable of destabilising the national economy and that existing laws no longer reflect their influence or interconnectedness.

This admission is extraordinary. It means that despite BOFIA 2020’s explicit recognition of fintech regulation, despite its provisions requiring incorporation and licencing, despite its expansion of CBN oversight powers, the legislation fundamentally miscalculated the trajectory and implications of technology-driven financial services.

Abiru’s description of the problem is telling. He noted that mobile money operators, digital lenders, switching and settlement companies, wallet providers and payment service banks now serve tens of millions of Nigerians, process huge transaction volumes daily and control vast stores of sensitive behavioural and financial data.

Read also: “We found out that some fintechs operate from China”- Lawmakers flag gaps in Nigeria’s fintech regulation

Yet the laws governing them no longer reflect their influence. This implies that even the five-year-old BOFIA 2020, which explicitly set out to regulate fintech activities, has already become obsolete. This is not simply a matter of routine updating. It suggests the 2020 framework was built on assumptions about fintech scale and systemic importance that proved incorrect almost immediately.

While that Act required licencing and imposed supervisory requirements, it apparently lacked mechanisms for designating certain fintech operators as systemically important institutions subject to enhanced oversight.

The proposed amendment seeks to create a statutory basis for such designation:

• Establish a national registry ensuring traceability and beneficial ownership disclosure,
• Empower CBN with enhanced prudential tools tailored to digital institutions,
• Strengthen data sovereignty protections and bolster consumer protection frameworks.

These are not minor technical adjustments. They represent core regulatory infrastructure that should have been embedded in BOFIA 2020 if lawmakers had truly grasped the fintech challenge.

The April 2024 incident Abiru cited, when CBN temporarily halted customer onboarding by several fintech firms due to Know Your Customer compliance failures, anti-money laundering red flags and suspicious transactions, further demonstrates that BOFIA 2020’s regulatory tools proved insufficient in practice.

The Senator characterised this episode as evidence that the scale of these institutions has outgrown existing regulatory tools. But those tools were only four years old. Either the drafters of BOFIA 2020 failed to imagine how quickly fintech would expand, or they deliberately created a permissive framework that prioritised innovation over systemic stability.

Abiru’s concerns about foreign ownership structures, offshore data storage and opaque beneficial ownership networks operating beyond regulatory visibility are particularly damning.

He stated that Nigeria cannot say with certainty where all financial and behavioural data processed by some institutions is stored, who has access to it, or which foreign jurisdictions may claim it.

Read also: Who manages payment transaction history of Nigerians?  

This is a sovereignty crisis playing out in real time. BOFIA 2020 empowered CBN to regulate fintech companies, but apparently did not mandate data localisation, transparency in beneficial ownership or restrictions on foreign-controlled infrastructure. These omissions now threaten national security, according to the Senate sponsor of the new amendment.

The Senator’s rejection of proposals for a standalone fintech regulatory agency, arguing instead for integrating oversight within the Central Bank, actually aligns with the philosophy behind BOFIA 2020.

That Act already placed fintech regulation under CBN’s authority. What has changed is the recognition that CBN needs far more robust powers and tools than BOFIA 2020 provided.

Abiru invoked international best practice favouring integration of fintech oversight within central banks, but international best practice in 2020 should have informed BOFIA 2020 itself. The fact that Nigeria is now scrambling to catch up suggests the country adopted a light-touch regulatory model when a more assertive framework was needed.