On February 14, 2014, the Central Bank of Nigeria (CBN) deployed a centralised BVN system. The rationale for the creation of BVNs (an 11-digit code which uniquely identifies every customer across the Nigerian Banking industry through their biometric details) is to enhance the Know Your Customer (KYC) process in the banking industry to curb illegal and fraudulent transactions within the industry.

To channel the BVN system towards the prevention of fraudulent banking activities and prevent abuse of use, the CBN on October 18, 2017 issued the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Banking Industry, 2017 ("Previous Framework").

On October 12, 2021, the CBN published the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Banking Industry, 2021 ("Framework") which revises the Previous Framework. The Framework defines the operations of BVN as well as the establishment and operation of a watch-list for the Nigerian Banking Industry.

Today's newsletter briefly highlights salient provisions on use, access and prohibited activities in relation to BVN of customers.

Who Can Access the BVN Database?

Similar to the Standard Operating Guidelines for BVN Matching System, 2021 (SOG), the Framework categorises persons who can access BVN information of customers into two- Tier 1 users and Tier 2 users.

Tier 1 users include banks (e.g. deposit money banks, payment service banks), Mobile Money Operators and Other Financial Institutions ("OFIs") (e.g. Microfinance Banks and Finance Companies), while Tier 2 users include Payment Service Providers, Credit Bureaus and other entities approved by the CBN. While Tier 1 users do not require the approval of the CBN to gain access to the BVN of customers, Tier 2 users can only access the BVN of customers through the Nigeria Inter-Bank Settlement System (NIBSS). In addition, all institutions except banks require the consent of customers to gain access to their BVN.

Law enforcement agencies, The National Pension Commission, Pension Fund Administrators and other entities as may be approved by the CBN can only access BVN information upon the presentation of a valid Federal High Court order.

It is pertinent to note that foreign entities are not eligible to access the BVN database, while individuals are not eligible to access the BVN of other persons.

Are there any restrictions on use of BVN?

Although the Framework restricts the use of BVN to purposes specified by the CBN, the Framework does not explicitly mention any specific purpose. It, however, prohibits the use of BVN for the purpose of (i) sanctioning individuals for non-financial offences, (ii) identification of individuals outside the banking system and (iii)any other misuse, as may be designated by the CBN. The Framework prescribes several penalties for failure of participants to comply with the provisions of the Framework1.

What is a Watch-List in the Nigerian Banking Industry?

The Framework also establishes a Watch-list for the banking industry to address the increasing incidence of fraud. The Watch-list is a record of the BVN of individuals who are involved in confirmed cases of breaches as listed in the Framework.

While some breaches such as the use of forged documents, forgery, duplicate enrolment, infractions on AML/CFT laws and the Cybercrimes (Prohibition, Prevention, etc) Act, 2015 are self-explanatory, breaches such as compromise, non-cooperation with efforts to reverse wrong credit, erroneous multiple or duplicate payments or credits, concealment of relevant information, dishonest acts, receipt of proceeds of deception, deception, complicity and connivance are rather ambiguous and vague.

In determining whether an individual is guilty of a breach, the institution is required to investigate the alleged breach within 1 month of the report of the breach and the individual will also be entitled to a fair hearing. During the process of the investigation, the customer's account will be placed on "post-no-debit" and the customer is to be given 3 business days to present evidence in his favour.

Which Sanctions apply to Individuals whose BVN are on the Watch-List?

The Framework provides for a number of sanctions for persons whose BVNs are on the Watch-list by reason of the commission of a breach (Watch-listed Individuals). Some of the penalties include:

  1. The Watch-listed Individual is prohibited from entering into any new relationship with any Bank or OFI;
  2. Any bank or OFI can choose to discontinue a business relationship with the Watch-listed Individual;
  3. Banks or OFIs that do not discontinue their relationship with the Watch-listed Individual are required to prohibit the Watch-listed Individual from using all electronic banking channels such as ATMs, POS, internet banking, mobile banking, USSDs and from issuing third party cheques. Cash inflows will, however, be allowed into the account or wallet of the Watch-listed Individual; and
  4. The Watch-Listed Individual is prohibited from referencing accounts and from accessing or guaranteeing credit facilities.

It is also interesting to note that the Framework, unlike the Previous Framework now applies the sanctions to the bank and OFI accounts and wallets (except for Tier 1 accounts) of Watch-listed individuals as opposed to only banks under the Previous Framework.


The publication of the Framework is a step in the right direction in protecting the BVN information of individuals. In addition, while the Watch-List is a commendable effort by the CBN to penalize individuals perpetrating fraud in the banking industry, the offences and the mode of investigating and confirming that a breach has truly occurred leaves room for abuse of the Watch-List process.

We recommend that provisions be made for the establishment of an independent tribunal to investigate the occurrence of a breach and penalize erring individuals. Guidelines should also be set up to ensure that the investigation and penalization process are in accordance with the principles of fair hearing and natural justice.


1. Paragraph 3.1.2. of the Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Banking Industry, 2021

Originally published October 22, 2021

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.