Nigeria Overhauls Fraud Liability in Landmark Move Against APP Scams

A new set of draft guidelines from Nigeria’s central bank promises to fundamentally reshape liability for digital fraud, placing the onus on financial institutions to reimburse victims of authorised push payment (APP) scams. The proposal from the Central Bank of Nigeria (CBN) marks a decisive shift away from a system where customers who were tricked into making payments typically bore the financial losses, a problem that has cost the sector at least ₦159 billion since 2020, according to analysis by Finance in Africa.

The move targets one of the fastest-growing financial crimes in the country, where fraudsters use social engineering to deceive customers into authorising transactions. By establishing mandatory reimbursement, strict investigation timelines, and ecosystem-wide cooperation, the CBN is signalling that protecting consumers requires structural reform, not just cautionary advice.

Background and Context

Nigeria’s rapidly expanding digital payments infrastructure has long been hampered by systemic vulnerabilities that fraudsters have exploited. These weaknesses are well-documented in industry reports and form the backdrop for the CBN’s intervention. A primary issue is fragile Know Your Customer (KYC) foundations, where Tier-1 accounts can be opened with minimal information, and critical identifiers like the Bank Verification Number (BVN) have been compromised, enabling the creation of mule accounts.

Internal collusion presents another significant risk. The Financial Institutions Training Centre (FITC) estimates that bank losses from insider-enabled fraud have exceeded ₦24 billion since 2020. Furthermore, the process for recovering stolen funds is notoriously slow, often requiring ex parte court orders and coordination across dozens of institutions, creating delays that criminals leverage to their advantage. Finally, limited collaboration across the financial ecosystem means that fraud flags raised by one institution, often a bank with visibility through the Nigeria Inter-Bank Settlement System (NIBSS), frequently fail to reach fintechs and other payment providers in time. Industry-led initiatives like Project Radar have struggled to overcome these coordination challenges.

Key Figures and Entities

The CBN is the central architect of the proposed reforms, positioning itself as the enforcer of a new consumer protection standard. The guidelines will apply universally to the country’s financial ecosystem, including major commercial banks such as Access Bank, Fidelity Bank, and First Bank of Nigeria, as well as leading fintech firms and payment platforms like Flutterwave, MTN MoMo, and Wema Bank. High-profile fraud incidents at these very institutions have underscored the urgent need for a unified and robust regulatory response.

Legal and Financial Mechanisms

The draft guidelines introduce a suite of new obligations designed to hard-code accountability and speed up redress. The most significant change is the establishment of reimbursement as a regulatory expectation. Customers who are deceived into making a payment, report the fraud within 72 hours, and are not found to have been negligent, “shall be eligible for reimbursement,” shifting the presumption of liability away from the victim and onto the institution.

To combat the systemic delays that have hindered past investigations, the CBN has introduced strict timelines. Institutions must acknowledge complaints within 24 hours, launch immediate formal investigations, and conclude cases within 14 working days. If a refund is due, it must be issued within 48 hours of the resolution. Furthermore, the rules mandate the implementation of real-time behavioural monitoring systems and dedicated fraud units capable of detecting suspicious patterns, elevating fraud detection from an operational task to a core risk management function.

Governance is also addressed directly. Every financial institution will be required to adopt a Board-approved APP Fraud Policy, with oversight from the Board Risk Management Committee and Board Audit Committee. This makes fraud a board-level responsibility. Crucially, the guidelines enforce system-wide collaboration, obligating institutions to share information, freeze suspicious accounts, and escalate unresolved cases to the regulator. Failure to act promptly will result in the institution being held liable for the total exposure, with penalties for both the organisation and responsible individuals for non-compliance or false reporting.

International Implications and Policy Response

Nigeria’s proposed reforms align with a growing international consensus on tackling digital payment fraud. The United Kingdom’s Payment Systems Regulator is implementing mandatory reimbursement for APP fraud victims in 2024. In Brazil, the centralised PIX instant payment system uses a shared fraud database to prevent illicit transfers, while India has tightened liability rules for its Unified Payments Interface (UPI) ecosystem to address social engineering scams. The CBN’s draft guidelines place Nigeria within this global movement towards shared liability, data-driven detection, and faster consumer redress.

Sources

This report draws on the Central Bank of Nigeria’s draft guidelines, analysis by Finance in Africa, data from the Financial Institutions Training Centre (FITC), and reporting on industry initiatives such as Project Radar. It also references policy developments from the UK’s Payment Systems Regulator, the Central Bank of Brazil, and the Reserve Bank of India.