NCC Corporate Governance Guidelines : Raising The Compliance Bar For Nigeria's Telecommunications Sector

On 6th August 2025, the Nigerian Communications Commission (the "Commission", "NCC") issued the Corporate Governance Guidelines for the Communications Industry 2025 ("Guidelines"),¹ rescinding the Nigerian Communications Commission Telecommunication Code of Corporate Governance 2016 (the "2016 Code"), and aligning the governance structures of telecommunications companies with the Nigerian Code of Corporate Governance 2018 , the Companies and Allied Matters 2020 (CAMA), and global best practices.

At the launch of the Guidelines, Dr. Aminu Maida, Executive Vice Chairman of the Commission, stated that the Guidelines are designed to bolster transparency, internal controls and risk management across Nigeria's rapidly evolving telecom industry. Dr. Maida remarked that given the pivotal role of the sector in shaping the future of Nigeria's digital space and its proximity to cybersecurity, energy, climate and consumer-demand risks, "corporate governance is no longer a soft requirement. It is now a strategic imperative."

The Guidelines establish a robust compliance framework mandating stricter board oversight, transparency, and accountability for telecommunications companies. The Guidelines aim to foster innovation and enterprise while ensuring adherence to due process, ethics, and sound regulatory controls.

KEY PROVISIONS OF THE NEW GUIDELINES

The guidelines impose a new range of detailed requirements on telecom licensees. Key highlights include: 1

1. Board composition and sector expertise: Under the new Guidelines, board composition and expertise have been strengthened considerably. The Guidelines2 institute mandatory requirements that are a distinct departure from the prescriptive provisions of what was provided in 2016 Code. The shareholders of each licensee are required to appoint a board of directors made up at least 5 members including a Chairman, Managing Director/Chief Executive Officer, Executive Directors, Non-Executive Directors and Independent Non-Executive Directors (INEDS).

The Guidelines mandate that non-executive directors outnumber the executive directors and also stipulate that at least one-third of the board be made up of independent directors; in order to ensure compliance with these obligations, companies are required to appoint at least two non-executive directors, one of whom must be independent with demonstrable competence in Information Communication Technology and/or Cybersecurity Expertise.

2. Leadership Separation, Tenure Limits, and Cooling-Off Rules: The 2025 Guidelines tighten governance controls by prescribing clear separation of leadership roles and stricter tenure limits. Under paragraph 7(5) and paragraph 36 respectively, the Board Chairman must be a non-executive, must not hold the MD/CEO position while in office, and is subject to a five-year cooling-off period before assuming any executive role in the same licensee or its affiliates; a similar bar applies to non-executive directors.

In order to avert conflicts of interest, the Guidelines prohibit companies from appointing more than two members of the same family to the board at any given time. Former commissioners and directors of department of the NCC are required to completely serve out mandatory post-service restrictions of five and three years respectively before joining a licensee's board of directors.

The Guidelines also reduces the maximum service period for non-independent directors from 15 years to 10 years; the service term of INEDs is capped at two four-year terms. All directors that have served out the maximum tenure are required to serve out a three-year cooling-off period before they may be reappointed to the board of the licensee or its subsidiaries. However, in order to prevent a gap in a critical leadership position, companies are, solely for purposes of succession planning, permitted to appoint an executive director as Chief Executive Officer.

3. Strengthened Audit Oversight and Committee Structure (Paragraph 8): The Guidelines both streamline and expand board committee governance. Every board is required to create the following board committees- Audit Committee, Governance/Remuneration/Nomination Committee, and Risk Management Committee; companies are granted the discretion to merge the Audit and Risk Management committees provided the joint committee competently discharges the audit and risk functions.

The committees are required to operate under formal charters, meet at least twice annually, comprise directors with relevant expertise, and observe limits on multiple memberships; the Audit Committee must consist entirely of non-executive directors, include at least one independent director, and have at least one member with professional accounting competence or equivalent financial literacy. Reinforcing this architecture, paragraphs 31(4)–(5) introduce new compliance-focused duties for the Audit Committee: monitoring and reporting on the external auditor's performance as well as independence, and ensuring the statutory audit report expressly confirms the licensee's compliance with the NCC Guidelines.

4. Annual independent board evaluation (Paragraph 12): The Guidelines also introduce stricter governance processes around evaluation of director's performance. Each year, the directors must undergo an assessment by an independent external consultant. The results of the evaluation test, which reflect the performance of each director, and remedial steps are to be included in the licensee's annual report.
5. Expansion on financial and non-financial reporting (Paragraph 34): The Guidelines go beyond retaining the dual financial and non-financial reporting obligations created by the 2016 Guidelines to expand the scope of accountability. The new provisions expressly require the board to present a balanced, coherent, and transparent assessment of the licensee's financial position and prospects. The Guidelines also broaden the non-financial component to include the presentation of industry network/subscriber statistics, CSR and other civic responsibility reports. The board is saddled with the obligation of ensuring the integrity of the annual report which has to be prepared in compliance with the provisions of the CAMA.
6. Structured compliance reporting to the NCC (Paragraph 37): The Guidelines place strong emphasis on transparency through robust reporting obligations. The Guidelines impose a mandatory duty on all licensees to submit mid-year compliance reports by 31st July of each year and annual compliance reports by 31st January of each year using the NCC's prescribed template. The board is also required to certify the accuracy of the report before submission. Together, these provisions create a dual framework, setting out what must be disclosed and ensuring that adherence to governance standards is continuously monitored and verifiable by the regulator.
7. Mandatory ESG/CSR reporting and sustainability obligations (Paragraph 14(10): Environmental, Social and Governance (ESG) reporting is another new feature of the Guidelines. While the previous code encouraged corporate social responsibility but did not integrate ESG principles, the Guidelines now require companies to submit an annual Sustainability and CSR report which details the ESG goals and progress, as well as steps taken toward renewable energy adoption.
8. Enhanced whistleblowing and disciplinary framework (Paragraph 29,): The Guidelines take whistleblowing far beyond the limited framework of the 2016 Code. In addition to maintaining the requirement for secure reporting channels such as hotlines and emails and periodic reviews by the Audit Committee, the Guidelines introduce new safeguards and enforcement tools. These include a mandatory reward or safety net for whistleblowers, clear protections against retaliation, and a provision allowing even the Chairman or MD/CEO to raise concerns about the board or chief executive. A notable structural change is the creation of an Ethics and Disciplinary Committee to assess reported cases, take appropriate action, and provide investigation summaries to the Audit Committee.
9. Clear risk management and combined assurance model (Paragraph 28): In the area of internal controls, the Guidelines build on the foundation of the 2016 Code but introduce a broader and more targeted scope. While both require boards to maintain a transparent system for financial reporting and compliance, supported by periodic effectiveness checks, the updated provisions expressly promote a combined assurance model that fosters synergy between internal and external audit functions. The objectives remain largely consistent, covering efficiency of operations, asset protection, legal compliance, sustainability, and reporting reliability but the new framework adds a specific obligation for directors to seek professional advice in line with board-approved procedures and uniquely addresses the resolution of industry and interconnect indebtedness as part of the control system. This targeted expansion reflects sector-specific risks and financial realities absent from the 2016 Code.
10. Stronger internal audit requirements: The Guidelines move beyond the discretionary tone of the 2016 Code by making the establishment of a dedicated Internal Audit function a mandatory requirement for all licensees rather than a board option. While they retain key elements from the earlier framework, such as requiring cooperation from both board and management, senior-level positioning of the Internal Audit leadership, specific qualification criteria for the Head of Internal Audit, direct reporting lines to the CEO with open access to the Board Chairman and Audit Committee Chair, and Audit Committee concurrence for appointment or removal, the new provisions broaden eligibility by recognising competence in compliance procedures alongside accounting expertise and relevant professional certifications beyond local accountancy bodies.
11. Mandatory Regulatory Officer role (Paragraph 26): By introducing new structural and compliance requirements, the Guidelines expand stakeholder management obligations beyond the limits of the 2016 Code. In addition to maintaining the duty to assess and engage with external stakeholders and to put in place frameworks that recognise the sector's societal and economic importance while ensuring service quality and effective handling of service failures, boards must now adopt a formal stakeholder management and communication policy, ensure stakeholder communications are clear, concise, and published on the licensee's website and disclose key governance information online. A significant new provision is the mandatory appointment of a Regulatory Officer, tasked with overseeing compliance with the Act and subsidiary legislation, managing regulatory filings, and handling NCC inquiries or audits as seen in paragraph 26(4).
12. More prescriptive shareholder engagement rules (Paragraph 25): The Guidelines broaden the earlier shareholder–stakeholder balance provisions by embedding them within a formalised governance structure. While the 2016 Code focused on equitable treatment of shareholders, minority protection, and sustaining public trust, the new framework requires the board to adopt a documented stakeholder management and communication policy, ensure all communications are clear, concise, and accessible via the licensee's website, and conduct structured stakeholder assessments with engagement programmes overseen by management.

A major addition is the compulsory appointment of a Regulatory Officer, responsible for ensuring compliance with the Act and subsidiary legislation, managing regulatory filings, and responding to NCC audits or inquiries. These measures supplement the existing obligations to recognise the sector's societal and economic importance, commit to service excellence, and have effective processes for addressing service failures.

13. Time-bound enforcement and management-change powers: The Guidelines saddle the Commission with a range of enforcement procedures aimed at preventing non-compliance. The Commission may conduct routine on-site and off-site supervision, mandate notification and remediation timelines for breaches, and stipulate that failure to correct a grievous breach within four months may lead to licence suspension and eventual revocation. The Commission may, as an alternative or interim measure, require changes in management to restore compliance.

EFFECT OF NON-COMPLIANCE

The NCC will actively monitor and enforce the Guidelines. Inspectors will conduct periodic on-site and off-site reviews of each operator's governance practices. Where a breach is identified, the licensee will be formally notified and given a deadline to rectify it. Failure to remedy a "grievous" breach within four months can trigger severe penalties, the NCC may suspend the operator's licence, and if non compliance continues, revoke it entirely. In lieu of immediate suspension, the Commission reserves the right to demand board or management changes to restore compliance.

In a nutshell, governance lapses will no longer be viewed as a mere indiscretion as they, will moving forward, carry weightier consequences including the revocation of operational licenses and the loss of office by defaulting officers.

IMPLICATIONS FOR TELECOMMUNICATION COMPANIES ("TELCOS")

The Guidelines make multiple reforms to the governance landscape of telecommunications companies. On the heels of these reforms which directly impact board structure and processes, telecommunications companies are required to review and, where necessary, reconstitute their boards to meet the new standards which specify the mandatory ratio of independent directors and qualified audit committee members. Appointment procedures will become more formal and rigorous, with greater scrutiny of directors' backgrounds.

On the governance front, companies must establish or strengthen internal audit and risk functions and instill a culture of compliance. These changes will entail training costs and possibly hiring or consulting expenses, but they are intended to pay off in stronger investor confidence and operational integrity.

For investors and shareholders, the new rules should enhance transparency and protection. By mandating timely disclosures, robust board oversight and limits on conflicts of interest, the NCC aims to reduce fraud and mismanagement within the ranks of the telecommunications sector. Institutional investors and regulators should find it easier to evaluate telecommunication firms when annual reports and compliance statements are standardized. In the long run, it is projected that better governance controls will attract capital and enhance healthy competition, consistent with the global expectation that sector operators are compliant with robust corporate standards.

For sector regulators and policymakers alike, the Guidelines provide a clear enforcement framework. The Commission now has an explicit frame of reference for enforcing sanctions, including licence revocation if problems persist. This could deter malpractice and encourage self-regulation within the industry.

By explicitly adopting the Nigerian Code of Corporate Governance 2018 and the CAMA 2020 as baselines, the Commission has bridged any gaps between the sector-specific governance requirements and the applicable national and global best practices. In effect, telecom companies are held to significantly higher standards than ever before.

CONCLUSION

The NCC's 2025 Corporate Governance Guidelines mark a decisive shift towards stricter oversight, clearer accountability, and enhanced transparency in Nigeria's telecommunications sector. By codifying detailed governance structures, reporting obligations, and enforcement measures, the Commission has set a benchmark aligned with global best practices. Operators must act swiftly to comply, as failure to do so risks severe sanctions, including licence revocation. In the long term, these measures are expected to strengthen investor trust, improve operational integrity, and position Nigeria's telecom industry for sustainable growth.

Footnotes

1 Nigerian Communications Commission, "Guidelines on Corporate Governance for Telecommunications Licensees (2025)" (July 2025) https://www.ncc.gov.ng/sites/default/files/2025-07/Guidelines-on-Corporate-Gov.pdf accessed 8th August 2025

Originally published August 20, 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.