As a result of the above, it has become imperative for companies to adopt proactive and practical risk management strategies aimed at identifying vulnerabilities, strengthening internal controls, and mitigating potential cyber threats. At the heart of these are legal and compliance issues which companies have to comply with in a world of increasing cyber security risks. To effectively manage cyber risks, organizations must first understand the modern forms cyber threats and risks may take. Some of the most prevalent threats include the following:

1. Phishing Attacks: Phishing is one of the most common and dangerous cyber threats to businesses, responsible for many data breaches. It occurs when attackers pretend to be trusted contacts and trick employees into clicking malicious links, downloading harmful files, or revealing sensitive information such as passwords or financial details. Modern phishing attacks are highly sophisticated, including corporate email compromise, where criminals steal the email credentials of executives and send fraudulent payment requests. Because phishing targets human behavior rather than technical systems, it is usually difficult to stop. Businesses can reduce the risk by using email security gateways, post-delivery protection tools, and security awareness training to help employees identify and report suspicious emails.

2. Malware Attacks: Malware refers to harmful software such as viruses and trojans that hackers use to access networks, steal data, or damage systems. It often spreads through infected websites, spam emails, or compromised devices. Small businesses are especially vulnerable because malware can damage devices, cause costly repairs, and expose sensitive business or customer data. To prevent malware attacks, organizations should implement endpoint protection systems and web security tools that block malicious downloads and prevent access to dangerous websites.

3. Ransomware: Ransomware is a cyberattack where hackers encrypt a company’s data and demand payment to restore access. It has become increasingly common because it is highly profitable for cybercriminals. Businesses that are often targeted are the ones that lack strong security systems or reliable backup systems. When important data is locked, organizations may face major operational disruptions and financial losses. To reduce this risk, businesses should install strong endpoint protection across all devices and implement secure cloud backup systems. Reliable backup systems allow companies to recover their data without paying ransom demands.

4. Insecure Passwords: Weak or easily guessed passwords are a major cybersecurity risk for many businesses. Employees often reuse passwords across multiple accounts or create simple passwords that attackers can easily guess. This can allow hackers to gain unauthorized access to sensitive company systems and information. The problem often occurs because employees are unaware of the risks associated with poor password practices. Businesses should use password management tools to generate and store strong passwords securely. In addition, multi-factor authentication (MFA) should be implemented to add an extra layer of security protection.

5. Insider Threats: Insider threats arise from individuals within the organization, such as employees, former staff, contractors, or partners who have access to company systems. These threats may occur intentionally due to malicious motives or unintentionally due to negligence or lack of awareness. Because insiders already have authorized access, they can cause serious data breaches or security incidents. The risk increases when employees have access to systems or information, they do not need for their roles. Businesses can reduce insider threats by promoting cybersecurity awareness, providing regular employee training, and limiting system access based on job responsibilities.

Key Compliance Obligations for Companies in Nigeria.

As cyber threats continue to evolve, several legal and regulatory frameworks impose specific obligations on companies to safeguard digital systems and personal data. To remain compliant and avoid regulatory sanctions, organizations must prioritize the following key compliance obligations.

1. Risk Management Requirements: Nigerian companies must continually evaluate and mitigate risks to ensure that they avoid any potential breaches that may occur from cybersecurity threats and risks. Central Bank of Nigeria (CBN) Guideline on Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Banks, 2024 mandates that Nigerian financial institutions move beyond basic security to a structured, continuous risk lifecycle. Under this guideline, companies must execute these four core risk management activities:
• Risk Identification: Organizations must identify all information assets and the specific threats or vulnerabilities associated with their confidentiality, integrity, and availability.
• Risk Assessment: A formal risk assessment must be conducted at least annually. Also, new assessments are required immediately following major changes, such as mergers, acquisitions, or the deployment of new technology and it also requires that the findings be recorded in a Cybersecurity Risk Control Self-Assessment report.
• Risk Measurement: Institutions are now required to quantify the financial loss and reputational damage that could result from identified cyber risks.
• Risk Mitigation & Treatment: Security measures such as encryption or multi-factor authentication must be implemented in direct proportion to how critical the asset is and based on the assessment, management must explicitly choose to reduce, accept, avoid, or transfer (e.g., through insurance) each identified risk.

2.Registration as a Data Controller / Processor with the NDPC: Pursuant to section 44 of the Nigeria Data Protection Act 2023 (NDPA), organisations that process personal data in Nigeria are required to register with the Nigeria Data Protection Commission (NDPC) as a Data Controller or Data Processor, particularly where they process personal data on a large scale or process sensitive personal data. Registration enables the NDPC to ensure compliance with applicable data protection obligations. Organisations are generally required to provide details of their data processing activities, the categories of personal data processed, and the security measures implemented to protect such data. Failure to register where required may expose organisations to regulatory sanctions and administrative penalties under the NDPA.

3. Conducting Data Protection Impact Assessments (DPIAs): Prior to the commencement of any project or data processing activity in Nigeria, an organization must identify its objectives and determine the necessity of a Data Protection Impact Assessment (DPIA). Under Section 28 of the Nigeria Data Protection Act (NDPA) 2023, a data controller is legally mandated to carry out a DPIA where processing is likely to result in a high risk to the rights and freedoms of data subjects. The NDPA General Application and Implementation Directive (GAID) 2025 clarifies these high-risk circumstances. A DPIA is mandatory when evaluating or scoring (profiling) data subjects, when engaging in automated decision-making with legal or similar significant effects, when conducting systematic monitoring and when sensitive or highly personal data is involved etc. Adherence to Section 28 of the NDPA 2023 and the GAID 2025 is a mandatory prerequisite for high-risk data processing. Failure to conduct a DPIA where required not only invites significant regulatory sanctions from the NDPC but also compromises the organization’s commitment to Data Protection.

4. Appointment of Data Protection Officers: Pursuant to section 32 of the Nigeria Data Protection Act 2023 (NDPA), a data controller of major importance is required to designate a Data Protection Officer (DPO) with expert knowledge of data protection law and practices and the ability to carry out the tasks prescribed under the Act. The Act further provides that a data controller or data processor must ensure that its Data Protection Officer is involved, properly and in a timely manner, in all issues relating to the protection of personal data. The duties of the DPO include informing the organisation and its employees of their legal obligations under applicable data protection laws, overseeing internal data protection policies and audits, and preparing periodic internal compliance reports for management, which may be integrated into the organisation’s Record of Processing Activities (RoPA).

5. Filing of Annual Compliance Audit Returns (CARs): Under the Nigeria Data Protection Act (NDPA) 2023 and the General Application and Implementation Directive (GAID) 2025, data controllers and processors of major importance are required to conduct an annual audit of their data protection practices. It mandates the filing of a Compliance Audit Return (CAR) with the Nigeria Data Protection Commission (NDPC) to demonstrate accountability and transparency, the deadline for this filing is 31st March of each year. The audit must be conducted and the CAR filed through a licensed Data Protection Compliance Organisation (DPCO), which provides an independent verification statement to the Commission. Failure to file the CAR by the prescribed deadline may result in penalty.

6. Breach Notification Obligations: Under Section 40 of the Nigeria Data Protection Act (NDPA) 2023, organizations are strictly required to report personal data breaches to the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of an incident likely to result in a risk to the rights and freedoms of individuals. Where a breach is categorized as high risk, the data controller must also notify the affected data subjects immediately in plain and clear language. The GAID 2025 further clarifies that these notifications must include a description of the breach, the categories of data affected, likely consequences, and the mitigation measures taken.

7. Legal Consequences: Cybersecurity incidents can expose organizations to significant legal, financial, and reputational consequences. Under the Cybercrimes (Prohibition, Prevention, etc.) Act, unauthorized access to computer systems, cyber fraud, identity theft, and related cyber offences attract criminal penalties, including fines and imprisonment for offenders. Organizations that fail to implement adequate safeguards may also face regulatory scrutiny, particularly where their systems are exploited to facilitate cybercrime. In addition, the Nigeria Data Protection Act empowers the Nigeria Data Protection Commission to impose administrative fines and corrective measures on organizations that fail to adequately protect personal data or comply with statutory data protection obligations.

Strategies for Strengthening Cybersecurity Compliance.

To effectively manage regulatory obligations and reduce cybersecurity risks, companies and organisations operating in Nigeria should consider adopting the following strategies:
1. Conduct Regular cybersecurity Risk Assessments: Organizations should carry out periodic cybersecurity risk assessments tailored to their specific operational and technological environment. A structured and tiered risk management approach enables companies to identify vulnerabilities, prioritize the protection of critical assets, and allocate resources efficiently.

2. Develop and Maintain an Incident Response Plan: Companies should establish a comprehensive incident response plan outlining procedures for the detection, containment, investigation, and remediation of cyber incidents. The plan should also include clear protocols for notifying regulatory authorities and affected stakeholders within the timelines required by law.

3. Implement Regular Cybersecurity Training for Employees: Human error remains one of the leading causes of cybersecurity incidents. Regular training programs focusing on phishing awareness, secure data handling, and general cybersecurity best practices can significantly reduce vulnerabilities and promote a culture of security within the organization.

4. Ensure Continuous Compliance Monitoring and Reporting: Organizations should actively monitor developments in cybersecurity regulations and guidelines, both within Nigeria and internationally. Continuous compliance monitoring enables companies to remain aligned with evolving regulatory standards and to respond proactively to emerging legal requirements.

5. Leverage Technology and Automation for Security Management: The use of advanced cybersecurity technologies, including automated monitoring tools and artificial intelligence-driven threat detection systems, can significantly strengthen an organization’s security posture. Automated systems can detect anomalies, flag potential threats, and initiate rapid responses, thereby enhancing both regulatory compliance and operational resilience.

Conclusion

Cybersecurity has become an essential priority for organizations operating in today’s digital economy. As businesses increasingly rely on digital systems for their operations, they must also recognize the growing risks posed by cyber threats such as phishing, ransomware, malware, and insider attacks. These threats not only cause financial and operational disruptions but may also expose companies to regulatory penalties and reputational damage.

In Nigeria, legal frameworks such as the Nigeria Data Protection Act and the Cybercrimes (Prohibition, Prevention, etc.) Act place clear obligations on organizations to safeguard personal data and maintain secure digital systems. Consequently, companies must adopt proactive cybersecurity practices, including risk assessments, employee training, incident response planning, and continuous compliance monitoring. By strengthening internal controls and prioritizing cybersecurity governance, Nigerian organizations can better protect their systems, maintain regulatory compliance, and build long-term trust with customers and stakeholders.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

The Nigerian telecommunication sector has continued to experience exponential growth by attracting interests from local and international investors. With a teeming youth population, increase in remote work, online streaming, Nigeria presents immense opportunity for investments in the telecommunication sector especially the provision of internet services.
An Internet Service Provider (ISP) is a company that provides access to the internet through various technologies including fibre-optics, satellite and cable, to individuals and organisations and may also provide other related services such as web hosting, etc.

The Nigerian Communications Commission (NCC) is the regulatory authority with the responsibility of licensing Internet Service Providers in Nigeria. NCC has over the years, issued ISP licenses to some notable internet service providers in Nigeria while ensuring that the Nigerian telecommunication market remains competitive through strict regulations and supervisory oversight of licensed entities. Any entity desirous of providing internet services as an ISP in Nigeria must comply with all the licensing and technical requirements and be issued a license by NCC before it can legally operate in Nigeria.
This article discusses the regulatory requirements and processes for obtaining an Internet Service Provider’s license from the NCC in Nigeria.

Requirements for Obtaining Internet Service Provider’s License

An Internet service provider’s license is an individual license which means that the licensing terms, scope of operation and limitation, obligations, etc. are specific to the service being provided. This is distinct from a class license which has its terms and conditions and the obligations of the licensees common to all the holders. Therefore, to apply for an internet service provider’s license in Nigeria, the applicant must satisfy the conditions for obtaining individual license. These requirements include the following:

1. Company incorporation: The company laws in Nigeria, require that a local company must first be incorporated with the Corporate Affairs Commission (CAC) in Nigeria. There is no minimum share capital requirement for an Internet Service provider’s license, however, where the company has foreign participation, the minimum share capital requirement is N100,000,000 (One Hundred Million Naira) as required by the Federal Ministry of Interior. The corporate documents of the company including the certificate of incorporation, certified true copy of the memorandum and articles of association and status report are required to be submitted to NCC.
2. Tax Registration: Upon incorporation with CAC, the company must be registered with the Federal Inland Revenue Service (FIRS) and obtain its Tax Identification Number (TIN), Tax Clearance Certificate (TCC), etc. which are required to be submitted to NCC for obtaining an ISP license.
3. Security Clearance: An applicant for an ISP license may be required to obtain security clearance from the State Security Service (SSS) for the proposed service and provide NCC with the report on the company and its directors to NCC.
4. The applicant must meet the technical requirements including type approval of telecommunication equipment for operating ISP license as stipulated by NCC.
5. Evidence of sufficient financial resources to provide long-term services to the satisfaction of NCC.
6. Feasibility report of proposed services.
7. Any other document or information that NCC may require from the applicant.

Internet Service Provider’s Licensing Process
Upon satisfying the requirements for obtaining an ISP license, the applicant is required to submit an application to NCC for ISP license, supported by the required documents. The applicant must pay a non-refundable application fee which is 5% of the applicable ISP license fee. Upon the satisfactory review and approval of the application, NCC shall require the payment of the license fee within 30 days. Upon the payment of the license fee, the applicant would therefore be issued with an ISP license authorizing it to provide internet services in Nigeria subject to the terms and conditions stated in the license and compliance with all applicable laws and regulations.

License Validity and Renewal
The internet service providers license is usually valid for 5 years and subject to renewal before the expiration of the license. The application for the renewal of an ISP license must be submitted to NCC at least six months before the expiration of the license. The licensee must also have complied with the terms and conditions of the license including the payment of the annual operating levy to be eligible for the renewal of the license.

Conclusion
Nigerian teeming youth population, growing internet penetration, coupled with increase in remote work and online streaming, presents immense opportunity for investments in its telecommunication sector especially the provision of internet services. ISP license is issued by NCC which is the regulatory authority that regulates the Nigerian telecommunication sector. ISP license allows the provision of internet services through either fibre-optic, satellite or cable to individuals and organisations. Only companies incorporated in Nigeria can apply for ISP license after satisfying other licensing and technical requirements stipulated by NCC. If NCC is satisfied with the application for ISP license, it issues approval to the applicant and requires the payment of the full license fee to be paid within 30 days. Once the applicant pays the license fee, NCC issues the applicant with the license authorising it to provide internet services in Nigeria subject to the terms and conditions of the license and compliance with applicable laws and regulations.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

Companies with foreign ownership are entities incorporated in Nigeria but owned wholly or partly by non-Nigerian individuals or corporate bodies. Nigeria permits foreign participation across most sectors of its economy, and foreign investors may acquire up to 100% ownership of a Nigerian company, subject to compliance with statutory requirements and sector-specific restrictions.

The Companies and Allied Matters Act (CAMA), 2020 allows for 100% foreign ownership of businesses in Nigeria. Similarly, the Nigerian Investment Promotion Commission (NIPC) Act, 1995 also permits 100% foreign ownership, except in sectors with local participation reserved for Nigerians such as certain agricultural activities, cottage industries, and small-scale enterprises, as well as activities on the negative list. The negative list prohibits investment by both Nigerian and foreigners in areas such as the production of arms and ammunition, production of and dealing in narcotic drugs and psychotropic substances, production of military and para-military wear and accoutrements, as well as any additional activities designated from time to time by the Federal Executive Council.

While CAMA and the NIPC Act permit full foreign ownership of companies registered in Nigeria subject to the exceptions stated above, certain industries while permitting foreign ownership of companies, impose local content requirements that restrict full foreign ownership. These requirements do not necessarily prohibit foreign investment but aim to ensure that Nigerian labour, materials, expertise, and enterprises are meaningfully integrated into operations within those sectors.

Local content refers to the contribution a business project makes to the host community or country beyond the direct revenue or profits derived from project. It involves the use of local labour, expertise, suppliers, goods and services, building local capacity, and transferring technology.

Governments adopt local content frameworks to encourage domestic participation, foster sustainable economic development, strengthen local capacity, and promote knowledge transfer. This article highlights the key local content requirements in various Nigerian sectors to guide foreign investors in assessing compliance obligations and structuring investments appropriately.

Local Content Requirements in the Oil and Gas Industry
The local content obligations in Nigeria’s oil and gas sector are governed by the Nigerian Oil and Gas Industry Content Development Act, 2010 (Local Content Act) which provides a comprehensive framework for local content implementation and defines local content as the quantum of composite value added to or created in Nigeria through utilization of Nigerian resources and services in the petroleum industry resulting in the development of indigenous capability without compromising quality, health, safety and environmental standards. The Act applies to all operations in the Nigerian oil and gas industry including Exploration and Production/Service Companies.

The Act requires that Nigerian companies must be used for services where capacity exists, provides for levels of minimum thresholds for Nigerian ownership regarding the provision of different services in the sector, employment, and training; establishment of project offices in areas of operation; preference for Nigerian goods, services, and labour.

Companies formed and registered in Nigeria in accordance with the provisions of CAMA and not having less than 51% equity shares by Nigerians are regarded as Nigerian companies by the Local Content Act. International or multinational companies that work through their Nigerian subsidiaries must also satisfy the minimum local content requirement with respect to the equipment deployment for execution of works by ensuring that a minimum of percentage of the equipment is owned by the Nigerian subsidiaries. Failure to comply with the local content requirements applicable in the oil and gas sector attracts sanctions and penalties which can include fines, cancellation of the project or both.

The Local Content Act remains one of Nigeria’s strongest industry-specific local content frameworks, shaping how foreign and multinational companies structure their operations, partnerships, and investments in the oil and gas sector.

Local Content Requirement in the Maritime Industry
Local content development in the Nigerian maritime sector is primarily driven by the government to foster local capacity development. The enactment of the Coastal and Inland Shipping (Cabotage) Act, 2003 was one of the earliest initiatives by the Nigerian government to foster local capacity by implementing local content policies. The Cabotage Act is designed to promote local content and empower indigenous stakeholders in the shipping industry. It stipulates that vessels engaged in domestic trade must be wholly owned by Nigerian citizens, manned exclusively by Nigerian crew, built and registered in Nigeria. These provisions ensure that the economic benefits of coastal shipping accrue primarily to Nigerians.

However, where local capacity is insufficient, waivers may be provided as a temporary measure from local content requirements pending the development of indigenous capability. To support the Cabotage framework, the government established the Cabotage Vessel Financing Fund (CVFF), aimed at providing financial assistance to Nigerian shipowners to acquire and operate vessels that meet cabotage requirements.
Local content obligations under the Local Content Act, 2010, also significantly affect maritime operations. The Act requires that vessels used in oil and gas operations be Nigerian-flagged, crewed, and, where possible, built or maintained locally. The Petroleum Industry Act, 2021 also broadens the application of local content to cover marine services across all oil and gas licenses, leases, and contracts. As a result, maritime operators are now pivotal to oil-sector compliance, with oil companies required to patronize Nigerian shipping companies, shipyards, and maritime professionals.

Local Content Requirements in the Mining Industry
The Nigerian Minerals and Mining Act, 2007 regulates all aspects of the exploration and exploitation of solid minerals in Nigeria. Although the Act does not prescribe minimum Nigerian ownership thresholds or explicit preference for Nigerian goods and labour, it embeds local participation through its licensing structure. It provides that to obtain a lease, license or permit, the applicant must be a citizen of Nigeria or a company duly incorporated under the Companies and Allied Matters Act or a Mining Co-operative. Thus, a foreigner or foreign company that intends to legally operate in the Nigerian mining industry must incorporate a local subsidiary in Nigeria. The Act also provides that the holder of a Mining Lease, Small scale Mining Lease or Quarry Lease must, before commencing any development activity within the lease area, execute Community Development Agreement (CDA) with the host community. The CDA will ensure the transfer of social and economic benefits to the community such as apprenticeship, technical training and employment opportunities for indigenes of the communities.

Local Content Requirements in the Aviation Industry
The Nigerian aviation sector is primarily regulated by the Civil Aviation Act, 2022 and the Nigerian Civil Aviation Regulations, 2023, which address a variety of aviation issues, including aircraft registration, consumer protection, staff licensing, and airworthiness. The Regulations provide that to obtain an Air Transport Licence; the applicant must be a company in which Nigerians hold the majority of the shareholding. The Regulations also provide that for an applicant to obtain an Airline Operations Permit; Nigerians must own the majority of the company’s shares. Also, in order to register an aircraft in Nigeria, the Act and the Regulations provide that the aircraft must be owned by a Nigerian citizen or a foreigner who is lawfully admitted for permanent residence in Nigeria or by a company duly incorporated in Nigeria and the aircraft is based and used primarily in Nigeria. There is the Fly Nigeria Bill currently being promoted in the National Assembly, which is the first real effort at developing a Nigerian Aviation local content policy. This Bill seeks to protect and give market share to Nigerian airlines and prevents public funds from being ferried away by foreign airlines but plowed back into Nigerian airlines to generate employment, revenue, access to capital, foreign investment, career projection for core professionals.

Local Content Requirements in the Telecommunication Industry

Nigeria’s telecommunications sector is primarily regulated by the Nigerian Communications Act, 2003. In 2021, the Federal Government launched the National Policy for the Promotion of Indigenous Content in the Nigerian Telecommunications Sector to increase local participation and strengthen domestic capacity in the industry. Under the policy, local content requirements apply to companies involved in manufacturing telecommunications equipment such as smartphones, masts, fibre optic cables, etc., providing services and software for telecommunications sector, research and development. Therefore, companies providing the above services are required to meet the indigenous content requirements which are as follows:
a. incorporated in Nigeria;
b. having its principal place of business in Nigeria; and
c. having at least 51% of its share held by Nigerians.
The policy aligns with Executive Order 005 (2018), which refers to companies that meet the criteria, amongst others of being incorporated in Nigeria; having its principal place of business located in Nigeria; and having at least 51% of its equity held by Nigerians. The overall objective is to create a framework for supporting indigenous telecommunications businesses to become world class service providers among others.

Local Content Requirement in the Insurance Industry
In 2016, the National Insurance Commission (NAICOM) issued a circular titled Utilization of In-Country Capacities of Nigerian Insurers, Reinsurers and Pools Prior to Foreign Facultative Reinsurance. It established local content and empowerment requirements in insurance placements, stating that insurance placements relating to Nigerian risks must first exhaust local capacity before seeking foreign reinsurance. If local capacity is insufficient, insurers must submit documentary evidence showing how local capacity was fully utilised, and obtain written approval from NAICOM before engaging any foreign reinsurer. Under the newly enacted Nigerian Insurance Industry Reform Act 2025, local capacity must be fully utilized for all classes of insurance before they are insured or reinsured abroad, subject to the approval of NAICOM.

Local Content Requirement in the Lottery and Gaming Industry
In Nigeria, lottery and gaming companies are regulated by each state of the federation. This means that they are regulated by the appropriate regulatory body and law in the state(s) in which they operate. For instance, in Lagos State, the Lagos State Lotteries and Gaming Authority Law, 2021 establishes regulatory frameworks that promote local content and empowerment within the lottery and gaming sector in Lagos State. Key provisions include that licensed operators train and employ Nigerians, especially for customer-facing and technical roles. Also, 100% foreign ownership is not permitted as Nigerians are required to hold at least 15% of the shares in a foreign-owned lottery and gaming company to fulfil local content requirement and promote local participation.
Beyond the sectors considered above, there are other local content requirements required in other industries. For instance, foreign investors are prohibited from owning shares or holding board positions in private security guard companies, engineering firms must be registered with the Council for the Regulation of Engineering in Nigeria (COREN), with certain registrations requiring at least 55% Nigerian ownership.

Conclusion
The Companies and Allied Matters Act, 2020 permits 100% foreign ownership of companies in Nigeria, and the Nigerian Investment and Promotion Commission Act similarly allows full foreign participation except in sectors listed on the negative list. However, several key sectors of the Nigerian economy require mandatory minimum local content requirements, limiting foreign ownership and participation to ensure indigenous participation. These policies aim to promote indigenous involvement across strategic sectors, retain value within the national economy, and reduce dependence on foreign expertise and capital. Local content policies are steadily transforming the various sectors from a dependency-based service domain into growth engines capable of driving industrialization, job creation, and capital retention. However, implementation and consistency are keys to the actualization of the intendments of these local content policies. It is recommended that all sectors adopt formal local content frameworks to maximize the economic benefits. With sustained commitment, coordinated regulation, and strategic implementation, Nigerian industries can become self-reinforcing catalysts for national economic growth.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

Nigeria’s investment in satellite technology, anchored by the Nigerian Communications Satellite Limited (NIGCOMSAT), sits at the intersection of law, policy, and rapid technological innovation. As a state-owned enterprise mandated to provide satellite communication services, NIGCOMSAT operates within a sophisticated legal and regulatory ecosystem designed to ensure compliance with global norms while positioning Nigeria strategically within the emerging global space economy. For industry stakeholders, legal practitioners, and technology enthusiasts, understanding this framework is essential, as it dictates how satellite services are delivered, how international partnerships are structured, and how the broader technology landscape is governed.

The International Foundation

Nigeria’s involvement in global space governance is rooted in its commitments under the United Nations Committee on the Peaceful Uses of Outer Space (COPUOS). The cornerstone of these commitments is the Outer Space Treaty of 1967, which establishes that outer space is a domain accessible to all nations for peaceful purposes and prohibits national appropriation of celestial bodies. For Nigeria, this treaty carries a significant implication: the assignment of international responsibility for all national space activities, whether conducted by governmental or non-governmental entities.

Beyond the foundational 1967 treaty, Nigeria is a signatory to several other key instruments, including the Rescue Agreement of 1968, the Liability Convention of 1972, and the Registration Convention of 1975. These agreements form a safety net for international space operations, ensuring that states are held liable for damages caused by their space objects and are committed to the rescue of astronauts in distress. This international layer ensures that NIGCOMSAT’s operations, such as the management of the NigComSat-1R satellite, remain consistent with the principles of transparency and liability shared by the global community.

Technical Coordination and Spectrum Management

At the technical level, satellite operations are governed by the International Telecommunication Union (ITU). The ITU manages the two most finite resources in the satellite industry: radio frequency spectrum and orbital slots. Because satellite signals do not respect national borders, coordination is required to prevent “signal interference,” which could disrupt critical communications.

Nigeria participates in this process to secure its orbital slots, that is, the specific positions in geostationary orbit where its satellites reside. This coordination is not merely a technical necessity but a legal safeguard that provides regulatory assurance to commercial partners that satellite services will remain stable and secure from external interference.

The Domestic Regulatory Architecture

At the home front, the primary regulator of the space sector is the National Space Research and Development Agency (NASRDA). Established under the NASRDA Act of 2010, the agency is tasked with the development and regulation of space science and technology in Nigeria.

The regulatory reach of NASRDA has been significantly strengthened by the Regulations on Licensing and Supervision of Space Activities (2015), which became effective in 2021. These regulations introduced a formal licensing regime for all entities operating space objects or conducting space-related activities within Nigerian territory. More recently, the Handbook on Space Regulation and Spectrum Management, 2025 has modernized this framework by introducing three distinct licensing categories:

1. Upstream Licenses: These cover the space segment itself, including Satellite Landing Permits for operations over Nigerian territory and Space Spectrum Access licenses.

2. Midstream Licenses: These involve the processing and management of satellite data, including teleport services, encryption, and network management.

3. Downstream Licenses: These focus on ground-based infrastructure, such as the operation of ground stations, the manufacturing of space objects, and the construction of launch facilities.

The 2025 Handbook also emphasizes stringent financial and safety requirements for operators. Operators are now required to provide an indemnity to the Federal Government and maintain a minimum of $15,000,000 (Fifteen Million USD) in third-party liability insurance to cover potential damages arising from their space activities.

Telecommunications and Commercial Oversight

While NASRDA oversees the space segment of operations, the Nigerian Communications Commission (NCC) regulates the communications segment under the Nigerian Communications Act (NCA), 2003. This dual oversight is particularly relevant for NIGCOMSAT’s commercial activities. The NCC ensures that satellite-based telecommunications services adhere to national standards for quality of service, competition, and consumer protection.

Specific NCC guidelines, such as the Commercial Satellite Communications Guidelines 2018 dictate how foreign and domestic satellite operators can land their signals in Nigeria. This ensures that while Nigeria remains open to global satellite constellations, it maintains the sovereign right to regulate data transit and protect the local digital economy.

Future Outlook and Digital Ambition

Nigeria’s legal and regulatory architecture is the backbone of its long-term digital ambitions. Recent initiatives, such as the “Big Picture” Digital Switchover (DSO), a collaboration between NIGCOMSAT and the National Broadcasting Commission (NBC) demonstrate how this framework supports practical national goals. By pivoting to a satellite-first approach for digital broadcasting, the government aims to provide universal access to information while accelerating the rollout of digital services to underserved regions.

Furthermore, the introduction of a digital portal for license applications under the 2025 Handbook signals a move toward a more transparent and efficient “Space-as-a-Service” model. For innovators and businesses, this structured foundation mitigates international risks and provides the regulatory clarity needed to drive investment in satellite engineering, remote sensing, and the Internet of Things (IoT).

In conclusion, it is important to note that despite the structured evolution of the legal landscape, Nigeria’s space sector has encountered notable setbacks and criticisms, most significantly the 2008 in-orbit failure of the original NigComSat-1 due to power subsystem anomalies and the extended delay in activating the 2015 NASRDA Regulations, which only took effect in 2021. Historical critiques have often focused on perceived inter-agency rivalries between NASRDA and NIGCOMSAT and a lack of private sector engagement, alongside financial hurdles that have left some technical facilities underfunded. However, the 2025 Handbook on Space Regulation and Spectrum Management marks a significant shift toward future growth by introducing a streamlined, tiered licensing system and a digital portal for applications, aimed at transforming the sector into a revenue-generating industry with a projected annual potential of over $200 billion. As NigComSat-1R nears its decommission date in 2028, the government’s strategic move toward full commercialization and the engagement of “gap-filler” partnerships with global operators like Eutelsat and OneWeb underscore a more resilient, market-driven approach to maintaining Nigeria’s orbital presence and regional influence.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

2025 was a very exciting year and saw significant changes in Nigeria’s legal and regulatory landscape. Series of laws were enacted by the National Assembly and regulatory guidelines were also issued by regulators including the Central Bank of Nigeria, Federal Competition and Consumer Protection Commission, the Nigerian Communications Commission, etc. There were also some important judicial decisions from the courts in Nigeria which shaped the legal and regulatory space in the country. This recap is divided into four parts representing the four quarters of the year, highlighting what we think are the most impactful laws and regulations, reforms, and judicial decisions in 2025.

1st Quarter (January – March 2025)

The first quarter was significantly marked by the issuance of guidelines and regulations from regulators and key judicial decisions by the courts. The Central Bank of Nigeria issued guidelines to suspend the extension of export proceeds and also announced the approval of the Nigerian Foreign Exchange (FX) Code. Key decisions which shaped the tax landscape and also affirmed the multi-sectoral regulatory authority of the Federal Competition and Consumer Protection Commission 9FCCPC) were delivered by the courts. The Investment and Securities Act, 2025 was also signed into law by the Nigerian President.

• The implementation of the Deduction of Tax at Source (Withholding) Regulations, 2024 began on 1st January 2025 requiring corporate entities, statutory bodies, public authorities, etc. to deduct withholding tax at source from 1st January 2025.
• On 8 January 2025, the Central Bank of Nigeria (CBN) issued a circular on the Suspension of Extension of Exports Proceeds on Behalf of Exporters for the immediate suspension of approvals for the extension of repatriation of export proceeds on behalf of exporters mandating that proceeds for non-oil exports must be repatriated and credited to the exporters’ domiciliary accounts within 180 days and for oil and gas exports, within 90 days from the date of the bill of lading.
• On 11th January 2025, the Presidential Enabling Business Environment Council announced that it would establish commercial courts and Ease of Doing Business Councils across all 36 states and the Federal Capital Territory as part of its effort to improve the country’s business climate.
• On 22nd January 2025, the CBN announced the approval of the Nigerian Foreign Exchange (FX) Code as a guideline to the banking industry to promote ethical conduct of Authorised Dealers in the Nigerian Foreign Exchange Market.
• 0n 24 January 2025, in a circular titled “Waiver of Non-Refundable Annual License Renewal Fee for Existing Bureaux De Change”, the CBN announced the waiver of payment of annual renewal fee for existing bureau de change (BDC) operators due to transition into the new BDC regulatory structure required by CBN.
• On 27 January 2025, the Federal High Court (FHC) in the appeal between Federal Inland Revenue Service v. MTN Nigerian Communications Plc (FHC/L/1A/2024), set aside the judgement of the Tax Appeal Tribunal (TAT) which awarded the sum of $71 million against MTN while declining the reliefs for penalties and interest sought by FIRS. The FHC increased the liability and ordered MTN to pay $87.9 million as penalties and interest.
• On 28 January 2025, the Collective Management Regulations, 2025 was issued by the Nigerian Copyright Commission and repealed the Copyright (Collective Management Organisation) Regulations, 2007. The Regulations provide for the approval and supervision of companies seeking to operate as a Collective Management Organisation (CMO) and their relationships with users and other CMOs, etc. The Regulations impose administrative fines ranging from N200,000 t0 N500,000 for unethical practices and non-compliance with the Regulations. Other sanctions include caution, suspension or disqualification.
• On 3 February 2025, the National Pencom Commission issued the Revised Circular on the Operations of Branch Offices and Service Centres by Licensed Pension Fund Administrators. The circular was issued to give effect to section 72 of the Pension Reform Act, 2014 and provides the metrics for requiring the opening and operation of branches and service centres by Pension Fund Administrators in Nigeria.
• On 7 February 2025, the Federal High Court in Emeka Nnubia v. Minister of Industry, Trade and Investment, Federal Competition and Consumer Protection Commission & Anor in Suit No: FHC/L/CS/1009/2024 affirmed the Federal Competition and Consumer Protection Commission (FCCPC) as the primary regulator for competition and consumer protection issues in all sectors in Nigeria including the telecommunications sector.
• On 12 February 2025, the Federal Ministry of Interior issued a circular on the Review of Approving Authority for Expatriate Quota and Citizenship Applications. The review was done to enhance transparency and accountability in the administration of Expatriate Quota and Citizenship applications.
• On 4 March 2025, the first Mobile Virtual Network Operator (MVNO) to be licensed by the Nigerian Communications Commission (NCC) launched and commenced operations in Nigeria.
• On 13 March 2025, the Court of Appeal in Kuda Microfinance Bank Ltd v. Amarachi Kenneth Blessing (CA/EK/48/2024) held that a bank may lawfully restrict a customer’s account upon receiving reports of fraudulent or suspicious activity without the need to first obtain a court order.
• On 20 March 2025, the Nigeria Data Protection Commission issued the Nigeria Data Protection Act General Application and Implementation Directive, 2025 (hereinafter “the GAID). The GAID was issued to provide clarity and practical guidance on the implementation of the NDPA. It repealed the Nigeria Data Protection Regulation, 2019 and the Nigeria Data Protection Regulation Implementation Framework, 2020.
• On 29 March 2025, the Nigerian President, signed the Investment and Securities Act, 2025 into law. The Act repealed the Investment and Securities Act, 2007 and it is aimed at strengthening the legal and regulatory framework for investments and capital market activities in Nigeria. The Act classified exchanges into composite and non-composite exchanges and also legally recognised virtual assets bringing an end to the uncertainty concerning transacting virtual assets in Nigeria.

2nd Quarter (April – June 2025)

The second quarter saw a lot of regulatory actions from regulators in the exercise of their regulatory powers and functions. Laws were also enacted in this quarter. The Securities and Exchange Commission issued a circular on the transmutation of executive directors and the Nigerian Immigration Service (NIS) issued guidelines for the purpose of implementing e-visa system, automated landing and exit cards in Nigeria. Four Nigerian tax laws were enacted to unify tax laws and revolutionize tax collections and enforcement in Nigeria.

• On 6 April 2025, the Registrar General of the Corporate Affairs Commission, announced the launch of an AI-driven Intelligent Company Registration Portal (ICRP) to revolutionize business registration in Nigeria and improve ease of doing business in Nigeria.
• On 25 April 2025, the Competition and Consumer Protection Tribunal upheld the $220 million penalty imposed on Meta platforms Incorporated (Facebook and WhatsApp) by the Federal Competition and Consumer Protection Commission (FCCPC) for data discriminatory practices in Nigeria and ordered for the payment of $35,000 as reimbursement for FCCPC’s investigation expenses. Part of the orders made by the Tribunal against Meta Platforms Incorporated include to immediately reinstate the rights of Nigerian users to determine how their data is shared and submit a compliance letter by 1 July 2025.
• On 2 May 2025, the Nigerian Immigration Service released the Guidelines for the Implementation of the e-Visa Application System and Automated Landing and Exit Cards. The Guidelines introduced e-visa which replaced visa on arrival. The e-visa application system also introduced thirteen (13) short-visit visa categories for eligible foreign travellers and imposed penalties for overstaying visas effective from 1 September 2025. Electronic landing and exit cards were also introduced to replace the manual processes of embarking and disembarking travellers.
• On 29 May 2025, the Nigerian President approved the establishment of the National Credit Guarantee Company Limited (NCGC) and the appointment of its board and management team. The NCGC is backed with an initial capital of N100 billion for the purpose of expanding access to finance for Micro, Small and Medium Enterprises (MSMEs), manufacturers, large businesses, etc. across Nigeria.
• On 11 June 2025, the Lagos State Electricity Regulatory Commission (LASERC) issued Order No. LASERC ORDER/001/2025 establishing the regulatory framework for electricity market operations within Lagos State. The issuance of the Order marked the conclusion of the transition for transfer of regulatory oversight from Nigerian Electricity Regulatory Commission to LASERC. The Order requires individuals and entities to obtain licenses from LASERC to legally undertake regulated electricity activities within Lagos State.
• On 17 June 2025, the Corporate Affairs Commission (CAC) announced the review of its service fees effective from 1 August 2025. The fees for company incorporation and post-incorporation services were therefore reviewed upward. The implementation date was also subsequently postponed to 1 October 2025.
• On 19 June 2025, the Securities and Exchange Commission (SEC) issued the Circular to All Public Companies and Capital Market Operators on the Transmutation of Independent Non-Executive Directors and Tenure of Directors. SEC directed the immediate discontinuance of the transmutation of Independent Non-Executive Directors (INEDS) into Executive Directors within the same company or its group structure by public companies and significant capital market operator. SEC also introduced a 3-year cool off period for Chief Executive Officer or Executive Director upon stepping down from a company before being eligible for appointment as Chairman.
• On 26 June 2025, the Nigeria President signed four tax reform bills into law. The four laws are: the Nigeria Tax Act 2025, the Nigeria Tax Administration Act 2025, the Nigeria Revenue Service (Establishment) Act 2025, and the Joint Revenue Board (Establishment) Act 2025. The Acts repeals certain tax laws and also reduced the multiplicity of taxes with the aim harmonising tax collection and enhancing the ease of doing business in Nigeria.
• On 30 June 2025, the Nigerian President ordered the temporary suspension of the implementation of the Financial Reporting Council (Amendment) Act, 2023 which imposed new annual dues on large private companies classified as Public Interest Entities.

3rd Quarter (July – September 2025)

The third quarter was also significantly marked by regulatory actions through issuance of Guidelines and regulations. Sanctions and penalties were also imposed for regulatory breaches. The Federal Inland Revenue Service (FIRS) announced the discontinuance of the issuance of tax exemption certificates. The Nigerian Communications Commission issued a license framework for licensing and regulating international Application to Person (A2P) messaging in Nigeria.

• On 6 July 2025, the Nigeria Data Protection Commission (NDPC) imposed a fine of N766,242,500 on Multichoice Nigeria who are the owners of DSTV for breaching the Nigerian Data Protection Act through unlawful cross-border data transfers and violation of Nigerian data subjects’ personal data.
• On 8 July 2025, the Nigerian Communications Commission (NCC) issued the License Framework for International Application to Person (A2P) Messaging in Nigeria. The framework was issued by NCC in a move to regulate Application to Person services in Nigeria through the introduction of the International A2P Messaging Aggregator License.
• On 25 July 2025, the Federal Competition and Consumer Protection Commission (FCCPC) issued the Digital, Electronic, Online or Non-Traditional Consumer Lending Regulations, 2025. The regulations provide for the registration of digital and traditional money lenders with the exception of licensed microfinance banks. It also imposes obligations including filing of bi-annual and annual reports, etc. on money lenders with sanctions and penalties provided for the breach of any of the provisions of the Guidelines.
• On 29 July 2025, the Federal Inland Revenue Service (FIRS) in a public notice announced the discontinuance of issuance of tax exemption certificates to all taxpayers including pioneer status companies, non-governmental organisations and free zone entities. Subsisting tax exemption certificates would not be renewed by the FIRS.
• On 30 July 2025, the National Insurance Commission (NAICOM) issued the Guidelines for Insurtech Operations in Nigeria. The Guidelines became operational on 1 August 2025 providing a regulatory framework for the safe and responsible deployment of Insurtech solutions by licensed insurance operators. The Guidelines provide the minimum capital requirements for Insurtech operators as well as the permissible and non-permissible activities.
• On 5 August 2025, the Nigerian President, signed the Nigerian Insurance Industry Reform Act, 2025 into law. The Act repealed the Insurance Act 2003 and consolidated several insurance laws including the Marine Insurance Act, Motor Vehicles (Third Party Insurance) Act, etc. into a unified and streamlined legal framework for the insurance industry. It also revised the minimum capital requirements for insurance companies across various insurance categories to reflect a risk-based capital approach in alignment with current international standards and practices.
• On 6 August 2025, NCC announced the release of the Guidelines on Corporate Governance, 2025. The Guidelines are applicable to all communication companies in Nigeria and provides for the composition of the board of directors, board committees and appointment processes, etc.
• On 16 September 2025, the Central Bank of Nigeria (CBN) issued a circular on the Appointment and Announcement of Successors to Managing Director. The CBN requires Payment Service Banks (PSBs) to obtain the regulatory approval of the CBN of the successor of a Managing Director (MD/CEO) no later than six months to the expiration of the tenure of the incumbent MD/CEO.
• On 18 September 2025, the Federal Government issued a directive mandating all mining and quarrying companies licensed since 2024 to finalize their Community Development Agreements with host communities before 31 December 2025.
• On 21 September 2025, the Minister of Solid Minerals Development announced the revocation of 1,263 mineral licenses in Nigeria following failure by the licensees to comply with the mandatory payment of their annual service fees.
• On 29 September 2025, the National Pension Commission (PENCOM) issued a circular which reviewed the minimum capital requirement for Pension Fund Administrators (PFAs) and Pension Fund Custodians (PFCs). The circular directs PFAs to increase their capital base to 20 million Naira from 5 million Naira while PFCs are to increase their capital base to 25 billion Naira from 2 billion Naira.

4th Quarter (October – December 2025)

Key regulatory activities especially in the Nigerian financial services and oil and gas sectors occurred in the fourth quarter. The Central Bank of Nigeria (CBN) issued guidelines to regulate agent banking activities in Nigeria. A draft Guidelines for handling Authorized Push Payment Fraud was also issued by CBN to preserve the integrity of Nigerian payment system. The Nigerian Investment Promotion Commission also put a stop to applications for Pioneer Status Incentive in view of the Economic Development Tax Incentive (EDTI) to commence from 1 January 2026.

• On 6 October 2025, the Central Bank of Nigeria (CBN) issued the Guidelines for the Operation of Agent Banking in Nigeria. The Guidelines provides for the permissible and non-permissible agent banking activities, appointment of agents, agent qualification and due diligence requirements, rules on agents’ locations and geo-tagging of agents’ devices, etc.
• On 9 October 2025, CBN issued the Exposure Draft Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria to provide additional guidance on the operation of ATMs and provide clarity of security requirements of ATMs, resolution of failed transactions, etc.
• On 10 November 2025, the Nigerian House of Representatives ad hoc committee on the economic, regulatory and security implications of cryptocurrency adoptions and Point of Sale Operations discussed the opportunities, challenges and future of Nigeria’s digital finance ecosystem with cryptocurrency operators and digital asset innovators.
• With effect from 10 November 2025, the Nigerian Investment Promotion Commission (NIPC) stopped receiving applications for Pioneer Status Incentive in a bid to fully transition to the new Economic Development Tax Incentive (EDTI) scheme which will take effect from 1 January 2025.
• On 13 November 2025, the Nigerian Midstream and Downstream Petroleum Regulatory Authority (NMDPRA) announced the suspension of the proposed 15 percent import duty on Premium Motor Spirit (PMS) and Automotive Gas Oil (AGO) which was initially approved by the President and announced by the NMDPRA on 21 October 2025.
• On 26 November 2025, the Securities and Exchange Commission (SEC) directed all capital market operators to state their compliance level and ensure that all tradable instruments are registered in line with the newly enacted Investments and Securities Act, 2025 no later than January 2026.
• On 26 November 2025, CBN issued the Draft Guidelines for Handling Authorised Push Payment Fraud. The draft Guidelines provides for reporting APP fraud, resolution and reimbursement and the roles of financial institutions in preventing, detecting and mitigating APP fraud. The Guidelines also mandates financial institutions to have an APP Fraud Policy and implemented by the Boards of financial institutions.
• On 28 November 2025, the Nigeria President approved the establishment of the National Tax Policy Implementation Committee to oversee the implementation of Nigeria’s newly enacted tax laws which would take effect from 1 January 2025.
• On 1 December 2025, the Nigerian Upstream Petroleum Regulatory Commission (NUPRC) launched the 2025 oil licensing round through digital bids of the 50 oil and gas blocks approved for bidding. The oil licensing round is expected to deepen investment in the Nigerian upstream sector.
• On 10 December 2025, the Joint Revenue Board (formerly Joint Tax Board) placed a nationwide ban on road taxes, levies and related charges in a bid to sanitize Nigeria’s tax administration and improve the ease of doing business.

Conclusion

2025 has been a remarkable year of significant changes and reforms in Nigeria’s legal and regulatory landscape. Key regulatory guidelines and regulations were introduced by regulators including the Central Bank of Nigeria, the Federal Competition and Consumer Protection Commission, the Nigeria Data Protection Commission, etc. The CBN introduced the guidelines for agent banking to regulate agent banking activities. The CBN guidelines for handling APP fraud was also issued to preserve the integrity of the financial services sector. The Nigerian tax landscape was also reshaped with the enactment of four new tax laws which repealed some existing tax laws and consolidated several tax laws. The Investments and Securities Act, 2025 ushered in a new regime for the recognition of virtual assets. Key judicial pronouncements were also made by the courts. The Competition and Consumer Protection Tribunal imposed fines on Meta Platforms incorporated for violating the Nigeria Data Protection Act and unlawful cross-border transfer of data of Nigerian data subjects. The Court of Appeal also delivered a judgement authorizing financial institutions to freeze customers’ bank accounts on suspicion of fraudulent activities without the need to first obtain a court order.

As we approach the new year, we extend our sincere gratitude to all our clients for their continued trust in us and wish you a Merry Christmas and a prosperous New Year 2026.

Please note that the contents of this Article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

The emergence and continued growth of Financial Technology (FinTech) companies in the Nigerian financial services sector has redefined how financial services are delivered, with technology driven solutions that enable faster payments, lending and wealth management. These innovations often lead to complex collaborations between FinTech startups, traditional banks and third-party service providers. These partnerships may inevitably expose the parties to legal and regulatory risks if not properly managed.

As FinTechs and banks increasingly depend on one another to provide innovative financial solutions, products and services to customers, poorly drafted agreements can expose the parties to regulatory breaches, penalties, data protection violations, commercial disputes, etc. To manage legal risks in FinTech contracts, the contracting parties must first conduct thorough legal and other due diligence on prospective partners, establish a robust compliance framework, and develop a robust partnership agreement that allocates roles and responsibilities and anticipates potential risks.

Nature of FinTech Partnerships

FinTechs do not operate in a vacuum. They depend on strategic partnerships/collaborations to launch and provide their products and services to customers. Partnerships and collaborations enable FinTechs that may not hold the necessary financial license from the Central Bank of Nigeria (CBN) to partner with licensed financial institutions so as to leverage its financial license to provide products and services to customers.

Through collaborations and partnerships, FinTechs are for example able to provide services to e-commerce platforms offering point-of-sale lending or payment processing for e-hailing providers or sharing infrastructure such as Application Programming Interface (API) with other technology service providers who require it.

Legal Risks in FinTech Partnerships

Partnerships and collaborations stimulate innovation in the FinTech industry but can also expose parties to unique legal, regulatory, reputational and operational risks. The success or failure of a FinTech partnership often depends on how well these risks are identified, allocated and addressed within a contract. Below are some of the most common legal risks that arise from such partnerships.

1. Regulatory Risk: FinTech product offerings in Nigeria such as payment processing, digital lending, crowdfunding, and wealth management are all regulated by specific regulatory agencies including the Central Bank of Nigeria (CBN) and the Securities and Exchange Commission (SEC) under specific license categories with terms and conditions attached to each license category. Regulatory approvals are usually required for most partnerships before a financial institution can legally enter into any such partnerships. Failure to obtain the appropriate regulatory approval for proposed partnerships may result in regulatory sanctions and penalties including fines, revocation of license, etc.

2. Data Protection and Cybersecurity: Fintech operations are heavily data driven, involving the collection and processing of sensitive personal and financial information. Under the Nigeria Data Protection Act 2023 (NDPA), both parties in a partnership may qualify as joint data controllers or processors, sharing equal responsibilities for compliance. A data breach affecting one party can expose both to liability, enforcement actions by the Nigeria Data Protection Commission (NDPC), and reputational damage.

3. Intellectual Property and Technology Ownership: Most FinTech solutions depend on proprietary software, mobile applications, and digital interfaces. Disputes may arise over ownership of intellectual property developed or used during a partnership, especially when one party customizes a platform or co-creates a product, if intellectual property is not properly protected and ownership defined.

4. Liability and Risk Allocation: When digital transactions fail due to systems failure or downtime, unauthorised transfers, or service interruptions, customers may suffer losses. The question then arises: who bears the liability? If not properly defined, both parties could be held jointly and severally responsible under consumer protection or other laws. There is therefore a need to include clear indemnity provisions, caps on liability, and mechanisms for loss allocation in any contract.

5. Consumer Protection and Dispute Resolution: Fintech partnerships often involve multiple parties receiving or processing customers’ transactions, making accountability complex when issues arise. Consumers protection regulations require that consumers know which entity is responsible for handling their complaints. Agreements should define the customer-facing entity, procedures for addressing complaints, refund obligations, and timelines for resolution. Establishing a clear dispute resolution process whether internal escalation, mediation, or arbitration helps preserve business relationships and avoid reputational damage.

6. Cross-Border and Jurisdictional Issues: Some partnerships involve cross-border data transfers or offshore service provision. In such cases, questions may arise regarding applicable laws, tax, jurisdiction, dispute resolution and enforcement of judgments. It is therefore advisable that the governing law, jurisdiction, mechanisms for settling disputes and enforcing foreign arbitral awards or judgments be clearly specified.

Essential Tips for Managing Legal and Regulatory Risks in FinTech Partnerships

Effectively managing legal and regulatory risks in FinTech partnerships/collaborations begin with having a contract that clearly sets out the rights and responsibilities of the parties. While regulations may provide the overall compliance framework, the contract is usually what sets out responsibilities, clarifies liabilities, and ensures both parties operate within legally acceptable limits. A clearly set out agreement not only protects the parties but also signals to regulators that the relationship is grounded in proper governance and accountability. Below are some essential tips for managing legal and regulatory risks that may arise from partnerships in the FinTech services sector:

A. Choose the Right Contract Type: FinTech projects and services may require different types of contracts and agreements to formalize relationships and transactions. Service Level Agreements (SLAs) set the quality and performance standards of any FinTech service, like availability, reliability, security, compliance, as well as the penalties and remedies for any breaches. Data Sharing Agreements (DSAs) detail the terms of how data is collected, stored, processed, and shared between the parties. Software Licensing Agreements (SLAs) grant the rights and obligations of using a FinTech software or platform, such as scope, duration, fees, and limitations. Lastly, Partnership Agreements (PAs) establish the roles, responsibilities, contributions, and benefits of each part to a FinTech collaboration or joint venture. Additionally, they define the governance, decision-making, dispute resolution, and termination mechanisms of the partnership. It is important to understand the nature of the FinTech project, the parties involved, and the regulatory environment, as these factors determine which agreements are necessary, their specific terms, and how they should be structured to protect all stakeholders and ensure legal and operational compliance.

B. Use Clear and Concise Language: Like in all contracts, one of the most important aspects of managing FinTech contracts and agreements is to use clear and concise language that leaves no room for ambiguity or misinterpretation. It is advised to consistently use accurate terminologies, definitions and references throughout the contract to ensure easy reading, understanding and interpretations.

C. Constant Review and Update of Agreements: FinTech agreements should be regularly reviewed and updated to ensure that they reflect current trends, future needs and expectations of parties and customers and that they also align with any regulatory or policy changes introduced from time to time by the regulators. There is also a need to keep abreast with technological developments and innovations in the FinTech ecosystem to ensure that contracts are updated to incorporate service provision with the use of advanced and innovative technology.

D. Seek Professional Advice and Support: Managing FinTech contracts can be challenging, especially if the parties do not have expertise or did not consult experts to deal with the legal, technical, or business aspects of the partnership arrangements. The best approach to avoiding potential pitfalls is to from the outset, seek assistance from professionals who can support and seamlessly guide through the process of negotiating, contracting, interpreting and enforcing these agreements.

In summary, a well-structured FinTech contract should amongst others specify which party bears regulatory responsibility for compliance; how customer data is stored, shared, managed and protected; how revenue, risk, and liability are allocated and shared; termination, jurisdiction, dispute resolution, etc. Without these, fintech relationships could easily breakdown and lead to regulatory breaches, contractual disputes, and reputational damage for parties. In essence, the contract is not merely a record of collaboration, it is the foundation that sustains trust, compliance, and operational success in FinTech partnerships.

Conclusion

As the FinTech industry in Nigeria continues to grow, strategic partnerships will continue to play increasingly pivotal role for FinTech companies seeking to scale their operations and penetrate new markets. This collaborative approach allows FinTechs to accelerate their growth while minimizing the risks and challenges typically associated with scaling and/or market entry.

FinTech partnerships are essential to driving innovation, inclusion, and competitiveness in Nigeria’s financial ecosystem. Without robust legal and contractual foundations, these partnerships can expose parties to significant regulatory, legal, operational, and reputational risks. Effective contracting in the digital finance ecosystem requires more than just template agreements. Well-structured contracts are not merely instruments of protection; they are robust tools for innovation and trust in the future of digital finance.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact:

Agent banking entails the provision of financial services by a third party (Agents) to customers on behalf of a licensed deposit-taking financial institutions (Principals).

This article therefore provides an overview of some of the key provisions of the new Guidelines.

Scope of Permissible Agent Banking Activities

The activities which are allowed or prohibited under agent banking relationships are set out in the Guidelines. Some of the activities that are permitted under agent banking are cash deposits and withdrawals, facilitating bill payments, local currency funds transfer services, providing account opening forms on behalf of principal, facilitating cheque book request and collection, etc.

Super Agents and Agents are however prohibited from carrying out banking services including account opening, loan underwriting, investment and foreign exchange services.

Agent Banking Arrangements

Agent banking arrangements or relationships could involve two or three parties as the case may be. Agent banking relationship could involve the Principal and the Agents or where the relationship is tripartite, include a Super Agent as an intermediary between the Principal and Agents.

The Principal is a duly licensed deposit-taking financial institutions authorized to carry out agent banking activities; the Super Agent is an incorporated entity licensed to carry out the activities of recruiting, aggregating and managing Agents, while Agents are individuals or non-individual entities appointed by Principals or Super Agents to carry out agent banking activities.

An agent banking relationship is formalized when a financial institution enters into an agent banking agreement with an Agent for the purpose of providing any of the permitted agent banking activities. An Agent cannot be engaged by more than one financial institution to provide agent banking services or be under more than one network of Super Agent at a time.

Mandatory Regulatory Requirements for Appointment of Agents

Financial institutions and Super Agents have very strict regulatory obligations in the appointment of Agents to provide permitted agent banking services to customers. These regulatory requirements are to be met by financial institutions or Super Agents prior to the appointments of Agents. The regulatory requirements include obtaining satisfactory documentations from Agents such as certificate of incorporation with the Corporate Affairs Commission (CAC), particulars and Bank Verification Numbers (BVN) of directors/promoters etc., conducting enhanced due diligence on Agents, and carrying out risk assessment obligations on Agents prior to their appointment and onboarding. The risk assessment could be carried out directly by the financial institution or through a Super Agent.

Use of Dedicated Agent Accounts

Transactions by Agents within the scope of the permitted activities are required to be performed through a dedicated account or wallet maintained with the Principal and the POS device provided to the Agent shall be linked with the account or wallet only. Performance of transactions outside the dedicated account or wallet is a violation which attracts sanctions including liability for any misconduct or fraud arising from the transaction, termination of the agent banking agreement and blacklisting of the Agent.

List of Agents and Locations

Financial institutions are to publish a list of their Agents on their website. Each branch of the financial institution is also required to display the list of its Agents within its locality.

Agents are only allowed to provide agent banking services within their approved locations and may not relocate, transfer or close their operations at the approved locations without prior notification to the financial institution and/or Super Agent.

To prevent Agents from operating at multiple locations, devices provided to Agents in providing agent banking services must be geo-fenced or tagged to the operate only within the agreed registered Agent location. The requirement for the devices to be geo-fenced or tagged will take effect from 1^st April 2026.

Operational and Transactional Limits

Financial institutions are required to provide operational and transactional limits for Agents in line with the Guidelines and ensure that the limits are not exceeded in the provision of agent banking services. Accordingly, the mandatory transaction limits set by the Guidelines include N100,000 daily limit and N500,000 weekly limit for deposits and withdrawals. A daily and weekly limit of N100,000 apply to bill payments.

Sanctions and Penalties

The CBN may direct financial institutions to take remedial or corrective actions including taking actions that it may deem appropriate against erring Agents or terminating the Agent Banking Agreement. CBN may also impose sanctions and penalties against financial institutions, Super Agents and/or Agents as the case may be. The sanctions which CBN may impose include:

1. Suspension or prohibition from further engagement in agent banking business
2. Prohibition from onboarding new agents
3. Suspension or removal of the Board, Management and officers of the Principal
4. Revocation of agent banking approval
5. Revocation of operational license.

Conclusion

The issuance of the new Guidelines by CBN is to ensure the regulation of the operations of agent banking in Nigeria. Agents are restricted to transact only the permitted business activities within their approved locations. The devices of Agents are to be geo-fenced or tagged to prevent Agents from operating from multiple locations. Agent banking arrangements are to be formalized with the execution of agent banking agreements upon the satisfactory review of the documentations, conduct of enhanced due diligence and risk assessments. CBN has the power to direct financial institutions who are Principals in agent banking arrangements to take remedial or corrective actions, however, CBN has extensive powers to impose administrative penalties and sanctions on erring Principals and Super Agents.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

Prior to the enactment of the ISA, the legality of trading or transacting in virtual/digital assets was uncertain especially following the Central Bank of Nigeria (CBN) circular of 2021 which directed all financial institutions to identify persons and entities transacting or operating cryptocurrency exchanges in Nigeria and ensure that their bank accounts are closed.

In 2022, the Nigerian Securities and Exchange Commission (SEC) issued the ‘New Rules on Issuance, Offering Platforms and Custody of Digital Assets’ (Digital Asset Rules) which set out the requirements for licensing and regulating different trading activities relating to virtual/digital assets including Virtual Assets Service Provider (VASP), Digital Assets Custodian (DAC), Digital Assets Offering Platform (DAOP) and Digital Assets Exchange (DAX) in Nigeria. Despite the issuance of these new rules by the SEC, the regulatory uncertainty on virtual/digital assets persisted until the enactment of the ISA 2025.

The SEC is the regulatory authority responsible for the registration and licensing of virtual assets including Virtual Asset Service Providers (VASPs). VASP is defined as an entity that conducts one or more of the following activities or operations for or on behalf of another person:

1. Exchange between virtual assets and fiat currencies;
2. Exchange between one or more forms of virtual assets;
3. Transfer of virtual assets;
4. Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and
5. Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Registration of VASPs is governed by the ISA 2025, Digital Assets Rules, and other applicable SEC rules and regulations.

Initial Assessment Filing and Accelerated Regulatory Incubation Program (ARIP)

All promoters of any initial digital asset offerings (including VASPs) within Nigeria or targeting Nigerians are required to comply with the SEC mandatory initial assessment filing before applying for Accelerated Regulatory Incubation Program (ARIP). To comply with the initial assessment filing, VASP promoters are required to complete and submit an assessment form and draft white paper providing the details of the digital assets offering, and information about the issuer. To fully comply with the initial assessment filing, the filing is required to be accompanied with a legal opinion providing the justifications for classifying the tokens to be sold through the digital asset offering as securities or not.

Upon the submission of an initial assessment filing, SEC would review it and notify the applicant of its eligibility to submit an application for ARIP. Participation in ARIP provides an applicant with an Approval in Principle to legally operate and provide its services in a regulated environment under supervision by the SEC. A successful participation in ARIP would entitle the applicant to apply for full registration with the SEC to provide its services to the broader public in Nigeria.

Requirements for the Registration of Virtual Assets Service Providers (VASP)

An applicant for a VASP license is required to be a company incorporated with the Corporate Affairs Commission (CAC) and must meet all the requirements stipulated by the SEC to obtain a VASP license in Nigeria. The requirements which a VASP applicant must meet include the following:

1. Evidence of incorporation of a local entity including Certificate of Incorporation, Memorandum and Articles of Association (MEMART) and Status Report with the Corporate Affairs Commission (CAC).
2. Latest audited accounts or audited statement of affairs of the company in the case of a new company.
3. A business model with a clear or unique value proposition.
4. Know Your Customer (KYC) procedures and risk management protocol.
5. Copies of the rules of the applicant for investor protection, conflict of interest, customer protection, dispute resolution, etc.
6. Evidence of sufficient financial, human and other resources for the operation of a VASP license
7. Evidence of appropriate security arrangements in compliance with SEC Technology Risk Management requirements.
8. A letter of no objection or approval letter issued to the applicant by regulator(s), where the applicant operates in other sectors.
9. An office in Nigeria managed by a director of the applicant company resident in Nigeria.
10. Sworn undertaking to maintain, keep proper records and render returns to the SEC.
11. Sworn undertaking to comply with applicable SEC Rules and Regulations and the Investment and Securities Act, 2005 by a director or company secretary.
12. Any additional requirements which the SEC may require.

Capital Requirements and Registration Fees

An applicant for a VASP license is required to have a minimum paid-up capital of N500,000,000 (Five Hundred Million Naira). The minimum paid-up capital could be bank balances, fixed assets or investment in quoted securities. A current fidelity bond covering at least 25% of the minimum paid-up capital is also required by the SEC.

The required registration fee payable to SEC for obtaining the VASP license is N30,000,000 (Thirty Million Naira). There are other fees payable to SEC for registration including application, processing and sponsored individuals’ fees.

Where the applicant complies with the registration requirements and pay the applicable registration fees, SEC may grant registration to the applicant and list the applicant in the list of its licensed capital market operators. However, the SEC may reject the application for registration if the proposed activity infringes public policy, is injurious to investors or violates any laws, rules and regulations implemented by SEC.

Conclusion

The enactment of ISA 2025 has put to rest the uncertainties surrounding virtual assets in Nigeria. This means that virtual assets are recognized in Nigeria as securities with SEC being the regulatory authority for these assets with powers to register Virtual Asset Service Providers (VASPs) and other digital assets service providers.

For a VASP to be registered, it must first submit an initial assessment filing to determine its participation in ARIP which is a form of Approval in Principle which allows the VASP to provide its services in a regulated environment under the supervision of SEC.

A successful participation in ARIP would further entitle the VASP to apply to the SEC for registration provided that it can meet the registration requirements and pay the fee stipulated by the SEC. If the SEC is satisfied it may grant registration to the applicant and list it in the list of registered capital market operators. However, SEC may also reject the application where the proposed activity is contrary to public policy or it is injurious to investors, etc.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

Money laundering and terrorist financing are major threats to national and global security, and Nigeria is no exception. Under Section 18(2) of the Money Laundering (Prevention and Prohibition) Act, 2022 (MLPPA), money laundering is defined as the act of concealing, disguising, converting, transferring, or controlling funds or property, knowing they are proceeds of an unlawful act. Terrorist financing on the other hand, refers to the provision of funds or financial support to individuals or groups to enable them commit acts of terrorism.

Financial institutions have long been the primary focus of anti-money laundering and counter-terrorism financing (AML/CFT) efforts by governments, it is however now widely recognized that several other sectors are also at risk of being exploited by illicit financial actors. These sectors include professionals, business support services and businesses that are not primarily engaged in financial services but are vulnerable to being used as channels for illicit financial flows. These businesses and professions, often referred to as Designated Non-Financial Businesses and Professions (DNFBPs), include lawyers, real estate agents, accountants, casinos, non-governmental organizations (NGOs), among others. Section 30 of the MLPPA defines DNFBPs as dealers in jewellery, cars and luxury goods, precious stones and metals, chartered accountants, audit firms, tax consultants, clearing and settlement companies, legal practitioners, hotels, casinos, supermarkets, dealers in real estate, audit firms, etc. and such other businesses as the Federal Ministry of Industry, Trade and Investment or appropriate regulatory authorities may from time to time designate.

To ensure effective regulation and oversight of these sectors, the Nigerian Special Control Unit on Money Laundering (SCUML) was established. SCUML operates as a unit under the Nigerian Economic and Financial Crimes Commission (EFCC) and is responsible for registering, monitoring, and supervising DNFBPs in accordance with the MLPPA, the Terrorism (Prevention and Prohibition) Act 2022, and relevant SCUML Regulations.

Legal and Regulatory Framework for AML/CFT in Designated Non-Financial Institutions

In line with international standards and global best practices, Nigeria has established a comprehensive legal and regulatory framework to address money laundering and terrorist financing within DNFBPs. This framework is designed to guide, regulate, and enforce compliance among DNFBPs. Key laws and regulations governing AML/CFT compliance in DNFBPs include:

The Money Laundering (Prevention and Prohibition) Act, 2022 (MLPPA): The MLPPA repealed the Money Laundering (Prohibition) Act, 2011 and introduced a more robust legal and institutional framework for combating money laundering and related offences in Nigeria. The Act establishes the SCUML as the regulatory authority responsible for supervising DNFBPs and ensuring their compliance with AML/CFT obligations. The Act mandates DNFBPs to implement internal controls, procedures, and policies to mitigate money laundering and terrorism financing risks, particularly in relation to new products or emerging technologies.

The Terrorism (Prevention and Prohibition) Act, 2022 (TPPA): This Act repealed the Terrorism (Prevention) Act, 2011. It provides for a unified and comprehensive framework for the detection, prevention, prohibition, and prosecution of acts of terrorism, terrorism financing, proliferation, and financing the proliferation of weapons of mass destruction in Nigeria. It complements the MLPPA and emphasizes customer due diligence and the reporting of suspicious transactions related to terrorism financing. The TPPA incorporated the Nigeria Sanctions Committee (NSC), tasked with identifying and publishing the names of individuals and entities linked to terrorism and proliferation financing in Nigeria. It mandates all DNFBPs to among other things, identify and freeze all funds, assets, and other economic resources belonging to listed individuals or entities, report such actions to the NSC, and file Suspicious Transaction Reports with the Nigerian Financial Intelligence Unit (NFIU) for further investigation. To support compliance, the NSC launched the Nigeria Sanctions List Alert System (NigSac), which provides real-time alerts to DNFBPs on designated persons and entities. Subscription to this alert system is considered a critical obligation under the TPPA for all DNFBPs.

Nigerian Financial Intelligence Unit Act, 2018: This Act established The Nigerian Financial Intelligence Unit (NFIU) as the central national agency responsible for receiving and analysing disclosures from reporting organizations, to produce financial intelligence to other agencies combating money laundering, terrorism financing, and other financial crimes. The NFIU is empowered to request financial information from a broad range of institutions and to issue guidance and directives to these institutions and to conduct on-site inspections to ensure compliance with anti-money laundering and counter-terrorist financing regulations.

The Economic and Financial Crimes Commission (Establishment) Act, 2004: This Act establishes the Economic and Financial Crimes Commission (EFCC) as Nigeria’s principal agency for investigating and prosecuting financial crimes, including money laundering. The EFCC works in collaboration with the NFIU and other regulatory bodies to enforce anti-money laundering, and prosecute offenders.

Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering the Proliferation Financing of Weapons of Mass Destruction for Designated Non-Financial Businesses and Professions and Other Related Matters) Regulations, 2024: These Regulations cover the relevant provisions of the MLPPA, TPPA and any other relevant laws or regulations that provides for AML/CFT and Countering Proliferation Financing of Weapons of Mass Destruction (CPF), the conduct of Customer Due Diligence, monitoring and filing of suspicious transactions reports to the NFIU, etc. The Regulations designate the SCUML as the body responsible for the registration, monitoring and supervision of DNFBPs’ compliance with AML/CFT/CPF obligations. The Regulations mandate DNFBPs to implement risk-based AML/CFT/CPF programs proportionate to their business operations and ensure clients and customers are integrated into these systems., amongst other obligations.

SCUML Regulations 2013 (as amended by SCUML Regulations 2016): This is also known as the Federal Ministry of Industry, Trade and Investment (Designation of Non-Financial Institutions and Other Related Matters) Regulations, 2013. It was issued pursuant to the Money Laundering (Prohibition) Act, 2011. Despite the repeal of the enabling Act, the Regulations remain in force as subsidiary legislation. The Regulations designate specific businesses and professions as Non-Financial Institutions (NFIs) and impose key AML/CFT obligations, including customer due diligence, the establishment of internal compliance programs, and reporting requirements. The Regulations also established SCUML as the body responsible for registering, supervising, and monitoring DNFBPs. It should be noted that under this regulation, the SCUML was initially established as a department under the Federal Ministry of Industry, Trade and Investment. SCUML has now been re-established under the EFCC by the MLPPA, reflecting a more enforcement-driven approach.

Additionally, Nigeria actively collaborates with international bodies such as the Financial Action Task Force (FATF), the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA), and the Egmont Group of Financial Intelligence Units to enhance and align its AML/CTF framework with global standards.

Statutory Obligations of Designated Non-Financial Businesses and Professions Under the AML/CFT Framework

Under Nigeria’s AML regime, DNFBPs are legally required to comply with several statutory obligations aimed at preventing money laundering, terrorist financing, and proliferation financing. DNFPBs are enjoined to comply with these obligations to avoid regulatory sanctions, including fines, penalties, or business closure. The key obligations imposed on DNFBPs include:

1. Registration: To register with the SCUML under the relevant category and be issued with registration certificate.
2. Customer Due Diligence: DNFBPs must implement risk-based customer due diligence measures. This involves verifying customers’ identities, identifying beneficial owners, and assessing risks associated with each customer.
3. Reporting Suspicious Transactions: DNFBPs are required to submit Suspicious Transaction Reports (STRs) to the NFIU when they detect transactions that may be linked to money laundering, terrorism financing, or other financial crimes within 24 hours after the said transaction.
4. Reporting International Transfer of Funds and Cash: DNFBPs are required to report in writing a transfer to or from a foreign country of funds or securities by a person or body corporate including a money service business of a sum exceeding US$10,000 or its equivalent to the NFIU within one day from the date of the transaction.
5. Record Keeping: DNFBPs must maintain records of transactions, customer identification data, and supporting documents for at least five years after the completion of the transaction. These records must be accessible for regulatory review.
6. Internal Procedures, Policies and Controls Compliance Programs: DNFBPs must establish internal AML/CFT compliance programs, including the development of policies, procedures, and controls to prevent financial crimes. Regular staff training and independent audits are also encouraged as they are essential to ensure ongoing compliance.
7. Risk Assessment: DNFBPs are mandated to undertake risk assessments for new products, business practices and technologies before launching them to identify and manage money laundering risks. DNFBPs must then take appropriate measures to manage and mitigate any identified risks.
8. Politically Exposed Persons (PEPs): DNFBPs must conduct Enhanced Due Diligence (EDD) on PEPs, requiring additional scrutiny of transactions, ongoing monitoring, and obtaining senior management approval before establishing or maintaining a business relationship.
9. Currency Transactions Reports (CTRs): DNFBPs are mandated to make Currency Transactions Reports to SCUML of any single transaction, lodgement or transfer of funds in excess of N5,000,000 or its equivalent in the case of an individual or N10,000,000 in the of body corporate within 7 days from the date of transaction.
10. Cash Based Transactions Reports (CBTRs): DNFBPs are required to make Cash Based Transactions Reports to SCUML on any single transaction in excess of $1,000 or its equivalent within 7 days from the date of transaction.

Conclusion

Designated Non-Financial Businesses and Professions (DNFBPs) play a critical role in Nigeria’s fight against money laundering and terrorism financing. Their statutory obligations under AML/CFT regulations include registration, record-keeping, reporting suspicious activities, conducting customer due diligence, amongst others. Non-compliance can result in various sanctions, including fines, suspension, revocation or withdrawal of operating license by the appropriate licensing authority. As DNFBPs in Nigeria continue to grow and engage with global markets, it is it is imperative they remain up to date with regulatory developments and adopt effective compliance practices. By doing so, they can mitigate legal and reputational risks, prevent financial crimes, and contribute to the country’s broader efforts to combat financial crimes.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com  or contact:

On 26^th June 2025, the President of the Federal Republic of Nigeria signed four landmark tax reform bills into law, marking a significant shift in the nation’s tax landscape. The laws are the Nigeria Tax Act (Ease of Doing Business), the Nigeria Tax Administration Act, the Nigeria Revenue Service (Establishment) Act, and the Joint Revenue Board (Establishment) Act. Once operational, these laws are expected to simplify tax administration, improve compliance, enhance revenue generation, and foster a more business-friendly environment. The implementation of the newly signed four tax fiscal reform laws will commence by 1^st January 2026.

This article outlines some notable highlights of the Acts that individuals and businesses should be aware of.

Key Highlights of Nigeria’s Newly Signed Tax Reform Acts

Some of the highlights of the newly signed Tax Reform Acts include:

1. Personal Income Tax Relief: Low-income earners earning NGN800,000 or less per annum are completely exempted from personal income tax under the Nigeria Tax Act (NTA). 25% personal income tax applies only to individuals earning above N50 million annually. The Act also increases the tax exemption threshold for compensation for loss of employment or injury from NGN10million to NGN50million.
2. VAT Exemptions on Essential Goods and Services: Essential goods and services including food items, medical equipment and services, pharmaceuticals, tuition fees, electricity, educational books and materials, exports (excluding oil and gas exports) etc., are exempted from VAT. The impact of this is that businesses selling these goods and services can recover their VAT costs, despite the zero rate.
3. Establishment of Nigeria Revenue Service (NRS): The Federal Inland Revenue Service (FIRS), the agency established to regulate the collection of tax in Nigeria has now become Nigeria Revenue Service (NRS). The Nigeria Revenue Service (Establishment) Act repeals the current Federal Inland Revenue Service Act and defines the NRS’ expanded mandate, including non-tax revenue collection of other agencies such as the Nigeria Customs Service, Nigeria Upstream Petroleum Regulatory Commission (NUPRC), Nigeria Ports Authority (NPA), among others. The Bill also lays out transparency, accountability, and efficiency mechanisms. The Acts also provide that State Internal Revenue Services (SIRS) will be autonomous in the running of their affairs.
4. Increase in Tax Exemption Threshold for Small Companies: Prior to the assent of the Acts, only small companies with an annual gross turnover of less than N25m were exempted from tax. Under the new Acts, there is an increase in the tax exemption threshold for small companies from annual gross turnover of N25m to N100m. Thus, small companies with gross turnover of N100m and below and total fixed assets not exceeding NGN250million are now exempt from Companies Income Tax (CIT), Capital Gains Tax (CGT) and the newly introduced Development levy.
5. Increased Capital Gains Tax (CGT) rate – The NTA increases the CGT rate from 10% to 30% for companies, aligning the CGT and CIT. For individuals, capital gains will be taxed at the applicable income tax rate based on the progressive tax band of the individual.
6. Introduction of Development Levy – Nigerian companies except small companies will pay a “Development Levy” at 4% of their assessable profits. The Development Levy consolidates the Tertiary Education Tax (TET), Information Technology Levy (IT), the National Agency for Science and Engineering Infrastructure (NASENI) levy and the Police Trust Fund (PTF) levy.
7. Introduction of Economic Development Incentive – The Acts replace the “pioneer” tax holiday with a new Economic Development Incentive (EDI), offering a 5% annual tax credit for 5 years on qualifying capital expenses made by eligible companies within 5 years from production start. Unused credits can be carried forward for another 5 years, after which they expire.
8. Minimum Effective Tax Rate (ETR) – Nigerian companies who are members of a multinational group with aggregate group turnover of EUR750million and above or have an annual turnover of NGN50billion and above, will now be subject to ETR of 15% of their “Net Income”. This rule does not apply to Free Zone companies on their exports out of Nigeria, provided that such companies are not part of multinational groups.
9. Introduction of the Office of Tax Ombuds: Under the new Acts, an Office of Tax Ombud has been introduced to protect taxpayers against arbitrary tax assessments. The Tax Ombuds office will liaise with the tax authorities on behalf of taxpayers and serve as an independent arbiter to review and resolve complaints relating to taxes, levies, duties or similar regulatory charges.
10. Increased penalties for non-compliance: There has been a significant increase in non-compliance penalties and the introduction of new penalties. Some of the updates include increase in the penalty for failure to file returns to NGN100,000 in the first month, and NGN50,000 for every month the failure continues, introduction of new penalties such as penalty of NGN5million for awarding contracts to individuals or entities that are not registered for tax, penalties for failure to grant access for deployment of technology, inducing a tax officer, etc.
11. Powers for AGF to Deduct Taxes: The new laws grant the Attorney General of the Federation (AGF) powers to deduct unremitted taxes by a government or MDA and pay to the beneficiary government.
12. VAT and CIT Rates Remain the Same: Under the new laws, Value Added Tax (VAT) remains at 7.5% and Company Income Tax (CIT) for large companies remains at 30%, without any increment. However, the 30% rate can be reduced to 25% effective from a date as may be determined in an Order issued by the President on the advice of the National Economic Council.
13. Tax Incentives for Agricultural Companies: Income generated by companies engaged in agricultural businesses, including crop production, livestock, aquaculture, forestry, dairy, cocoa processing and manufacturing of animal feeds will be exempt from income tax for the first five (5) years from commencement of business.

Other notable reforms introduced by the new Acts include; transfer of income from Electronic Money Transfer levy exclusively to states as part of stamp duties, ceding of 5% of VAT revenue to states by the federal government, tax break or incentives for employers to hire more people, tax exemption on personal effects not exceeding N5m, VAT exemption on purchase of real estate, amongst others.

Conclusion

The signing of the four landmark tax reform Acts in Nigeria marks a significant transformation in Nigeria’s tax regime. The reforms introduced by these Acts are expected to reduce the tax burden on vulnerable groups, encourage MSME growth, and stimulate foreign and local investments. Businesses are advised to reassess their compliance strategy and consult with legal or tax professionals to understand how the new laws affect their operations.

Please note that the contents of this article are for general guidance on the Subject Matter. It is NOT legal advice.

For further information or to see our other service offerings, please visit www.goldsmithsllp.com or contact: