New NDPC Directive on International Data Transfers

New NDPC Directive on International Data Transfers

Updates

The Nigeria Data Protection Commission (NDPC) has released the General Application and Implementation Directive (GAID) 2025 to guide the implementation of the Nigeria Data Protection Act (NDPA) 2023. This directive focuses on international data transfers, clarifying that data controllers must ensure adequate protection or use approved mechanisms like binding corporate rules before transferring personal data outside Nigeria. It also establishes procedural expectations for maintaining records of transfer mechanisms and responding to NDPC compliance requests.

CBN's Issues Draft Guidelines on Handling Authorised Push-Payment Fraud

CBN’s Issues Draft Guidelines on Handling Authorised Push-Payment Fraud

Updates

The Central Bank of Nigeria (CBN) has released an Exposure Draft of the Guidelines for Handling Authorised Push Payment (APP) Fraud, signalling a major shift in liability and consumer protection across the financial system. The Guidelines mandate that Financial Institutions (FIs), including banks and fintechs, must establish 24/7 reporting channels and adhere to strict timelines: acknowledging complaints within 24 hours, concluding investigations within a maximum of 14 working days, and processing mandatory reimbursements within 48 hours of resolution. The draft places clear accountability on Financial Institutions, making non-compliance a regulatory breach that will attract sanctions for both the institution and responsible individuals. This regulatory action transforms fraud management into a systemic risk that must be overseen by the Financial Institutions (FIs’) Board of Director