ARTICLE
15 April 2026

Key Regulatory Update: CBN Guidelines On Instant Payment Functionalities And Mobile Banking Security

PL
Pavestones Legal

Contributor

Pavestones Legal logo
Pavestones is a modern, full service, female led law practice with a particular focus on technology and innovation. The practice was borne out of a desire to meet the legal requirements of businesses by adopting a modern, cost effective and less archaic approach. Our key practice areas are Corporate and Commercial, Technology and Innovation, Data Protection and Compliance Services, Energy and Natural Resources and Banking and Finance.
Explore Firm Details
On 12 March 2026, the Central Bank of Nigeria (CBN) issued a circular (the "Circular") to all financial institutions (FIs) offering Instant Payment (IP) services in Nigeria.
Nigeria Finance and Banking
Aderonke Alex-Adedipe and Mark Imonitie
Aderonke Alex-Adedipe’s articles from Pavestones Legal are most popular:
  • within Finance and Banking topic(s)
  • in United States
  • with readers working within the Aerospace & Defence and Retail & Leisure industries
Pavestones Legal are most popular:
  • within Finance and Banking, Environment and Consumer Protection topic(s)

Introduction

On 12 March 2026, the Central Bank of Nigeria (CBN) issued a circular (the “Circular”) to all financial institutions (FIs) offering Instant Payment (IP) services in Nigeria.

The Circular provides the CBN’s Guidelines on instant payments and introduces sweeping measures to strengthen IP operations, enhance security protocols, improve consumer protection, and align with global best practices. This newsletter highlights the key provisions introduced by the Guidelines.

  1. VOLUNTARY OPT-IN AND OPT-OUT FUNCTION

Under the existing framework, FIs are not mandated to provide a feature on their mobile banking application, enabling customers to voluntarily opt in or out of IP services.

The new Guidelines however require FIs to allow customers to opt in or out at any time, subject to Multi-Factor Authentication (MFA).

New customers will be onboarded in opt-in mode by default. While opted out, customers cannot perform instant online fund transfers from their account; however, such transfers remain available via a physical branch visit.

  1. FLEXIBILITY IN SETTING TRANSACTION LIMITS

Prior to establishing the Guidelines, the maximum transaction limits of N25,000,000.00 for individuals and ₦250,000,000.00 for corporate entities, were fixed, with no option for customers to set personalized limits within those thresholds.

The Guidelines will subsequently allow both individuals and corporate entities to adjust these limits as needed, subject to enhanced due diligence and appropriate risk management by the FI.

To ensure security, the new transaction limit takes effect only after the customer completes the Multi-Factor Authentication (MFA) process.

  1. LIVELINESS CHECKS AND ENHANCED SECURITY FOR ONLINE TRANSACTIONS

The Guidelines provide that where a customer seeks to open an account online or reactivate an online account, the following enhanced security measures shall apply:

  • liveliness check of the online account;
  • real-time validation of BVN/NIN database for online account openings/reactivations;
  • enhanced authentication mechanisms such as biometric authentication, soft token, hard token, for online account reactivations.

A liveliness check is a biometric security measure which confirms that a user is a live, physically present human rather than a photo, video, or deepfake—by analyzing facial traits like skin texture, eye movement, and depth during remote onboarding or transactions, thereby preventing spoofing attacks.

  1. FRAUD MONITORING FUNCTIONALITY

The Guidelines mandate that all FIs implement and activate enterprise-wide fraud monitoring functionality covering both in-flows and out-flows. This measure restricts suspicious transactions in real-time while enabling prompt fraud detection and response.

  1. MANDATORY DEVICE BINDING

Under the existing framework, customers can operate their mobile banking application concurrently on multiple devices. The new Guidelines restrict mobile banking applications to one active device at a time, prohibiting concurrent use across devices. Switching to a new device triggers automatic deactivation of the previous one, followed by re-activation and authentication.

  1. ADDITIONAL REQUIREMENTS

The Guidelines introduce the following measures for mobile financial services applications and internet banking:

  • New account owners: Upon activation of a mobile banking application, inflow and outflow transactions are limited for the first 24 hours, and FI’s shall set the limit not to exceed ₦20,000.00 (Twenty Thousand Naira).
  • Existing account owners: Upon activation of a mobile banking application, outflow transactions are limited for the first 24 hours, and FI’s shall set the limit not to exceed ₦20,000.00 (Twenty Thousand Naira)
  • First-time login on a new device for internet banking requires enhanced Multi-Factor Authentication (MFA).

Conclusion

The Central Bank of Nigeria’s (CBN) new Guidelines on Instant Payment Functionalities for Financial Institutions mark a significant advancement in safeguarding digital transactions nationwide.

Effective 1 July 2026, financial institutions (FIs) must implement these measures. Among other requirements, the Guidelines necessitates comprehensive security and Data Protection Impact Assessments (DPIAs) to ensure compliance with the Nigeria Data Protection Act 2023 particularly resulting from mandatory features like multi-factor authentication (MFA), facial recognition, and continuous transaction monitoring.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Aderonke Alex-Adedipe
Aderonke Alex-Adedipe
Person photo placeholder
Mark Imonitie
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More