The Central Bank Of Nigeria Regulatory Update: Revised Cash Policies And Authorised Push Payment Fraud Guidelines

Introduction

The Central Bank of Nigeria (“CBN”) has recently issued two regulatory communications: (i) the Revised Cash-Related Policies, effective 1 January 2026; and (ii) the Draft Guidelines for Handling Authorised Push Payment (“APP”) Fraud. Both documents introduce new operational requirements for financial institutions and provide guidance for customers, lenders, and payment service providers.

1. REVISED CASH-RELATED POLICIES – Key Changes

1. Removal of Cash Deposit Limits – The CBN has abolished previously applicable cash-deposit limits. Under the former regime, customers were subject to cumulative deposit limits and charges for excess cash deposits. These thresholds and associated fees have now been completely removed.
2. Upward Adjustment of Withdrawal Limits –  Individuals may now withdraw up to ₦500,000 weekly, while corporate entities may withdraw up to ₦5 million. Withdrawals exceeding these limits will attract processing fees of 3% for individuals and 5% for corporate entities.
3. Elimination of Special Withdrawal Authorisations – The requirement for customers to seek special CBN approval for unusually large cash withdrawals (previously ₦5 million for individuals and ₦10 million for corporate entities) has been discontinued.
4. Enhanced Obligations for Financial Institutions – Banks are required to ensure that ATMs remain adequately funded and stocked with various denominations. They must maintain a designated account for processing fees charged on withdrawals above the stipulated limits. Banks are also required to submit specified periodic reports, including returns on cash withdrawals above the specified limit and returns on cash deposits to the CBN to support ongoing compliance and supervision.

2. CBN DRAFT GUIDELINES ON APP FRAUD

What is APP Fraud?

APP fraud occurs when a customer is tricked into voluntarily initiating a payment to an account controlled by a fraudster. Although the customer authorises the transfer, it is done under false pretences through deception, manipulation, impersonation, or other fraudulent means.

Key Highlights

1. Standardised Reporting Framework for Fraud Incidents – Customers are required to report suspected or actual APP fraud to their financial institution within 24 hours, with allowance for reporting within 72 hours where reasonable justification is provided. The guidelines state that “reasonable justification” may include, but is not limited to, circumstances beyond the control of the customer such as illness, force majeure events, time of becoming aware of the fraud, security constraints, or demonstrable unavailability of reporting channels. Upon receiving a report, the institution must acknowledge receipt within 24 hours, open a case file, and begin processing the complaint in line with the guidelines.
2. Mandatory Inter-Bank Notification within 30 Minutes – Where an APP transaction involves more than one financial institution, the institution that first receives the complaint must notify the other insitiution within 30 minutes of receiving the customer's complaint.
3. Defined Timelines for Customer Refunds – Where a customer is entitled to a refund, the responsible institution must complete it within 48 hours after concluding the investigation. In cases involving multiple institutions, refunds must be completed within 16 working days of the complaint.
4. Strengthened Fraud-Prevention and Consumer-Protection Duties – Financial institutions must provide 24/7 fraud-reporting channels and implement an early warning system to prevent and detect APP fraud in a timely manner. They are required to ensure that customers are aware of available reporting channels and receive clear, accessible, and ongoing education on APP fraud risks and reporting procedures. Financial institutions must also carry out quarterly APP fraud awareness campaigns across multiple media and languages, and ensure that any information shared with other institutions complies with the Nigerian Data Protection Act 2023.
5. Customer Refund Eligibility –  Refund eligibility is subject to the following conditions:
   • The customer authorised the transaction under false pretence and had no reason to suspect fraud;
   • The customer reported the fraud within 72 hours and cooperated with the investigation;
   • There is no evidence of negligence, collusion, or criminal intent by the customer; and
   • The financial institution failed to implement appropriate fraud detection, warning, or verification protocols that could have prevented the transaction.

   Financial institutions are not obligated to reimburse where:

   • The customer acted fraudulently or negligently;
   • The customer delayed reporting beyond 72 hours without reasonable justification; and
   • The transaction occurred before the effective date of the guideline, unless the institution voluntarily applies it retroactively.

Conclusion

CBN's Revised Cash-Related Policies and Draft Guidelines on APP Fraud introduce updated operational requirements that affect both financial institutions and customers. Banks and payment service providers should review these documents to ensure compliance ahead of the effective dates, while customers should familiarise themselves with the reporting procedures and eligibility criteria to protect their interests in cases of APP fraud.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.