Nigeria’s financial sector may soon witness a major shift in its consumer-protection framework as the Central Bank of Nigeria (CBN) has released a new draft policy that could compel banks and regulated financial institutions to compensate victims of Authorised Push Payment (APP) fraud within 48 hours once their investigations are completed.
APP fraud occurs when criminals manipulate, deceive, or psychologically pressure victims into sending money to them directly. Unlike classic cyber intrusions, the victim’s banking credentials remain uncompromised—the transfer is authorised by the customer but under misleading circumstances. This loophole has historically prevented customers from receiving refunds under conventional fraud-protection systems.
The CBN’s newly issued exposure draft, dated November 26, 2025, introduces strict timelines and liability structures designed to provide faster redress, especially as social-engineering and deception-based scams continue rising across Nigeria’s digital-payment ecosystem.
Under the proposed framework, financial institutions must conclude all investigations into reported APP fraud within 14 working days. Once eligibility is confirmed, the bank must process a refund to the affected customer within 48 hours. The apex bank cautioned that institutions that fail to identify suspicious activity, delay escalation, or allow fraudulent proceeds to move through their systems will be held financially responsible.
The draft highlights that APP fraud is fundamentally different from traditional account breaches because victims are persuaded—sometimes emotionally, sometimes through impersonation or false investment offers—into authorising the transfers themselves. These schemes have grown increasingly sophisticated amid the expansion of instant-payment channels nationwide.
According to the CBN, the initiative aims to deepen trust in Nigeria’s digital-transactions landscape, where instant transfers dominate everyday financial activity. Stakeholders have a three-week window to submit feedback before the final policy is issued.
To strengthen institutional accountability, the guidelines require board-level oversight over fraud-risk controls. Banks must develop improved monitoring systems, enhance escalation protocols, and carry out comprehensive post-incident analysis for every confirmed case.
The proposed rules further mandate banks to deploy Early Warning Systems capable of detecting behavioural anomalies, unusual transaction flows, repeat fraud claims, market-intelligence signals, and accounts previously associated with suspicious patterns. Dedicated fraud-analytics units are expected to regularly update frameworks and document red-flag triggers.
In multi-bank fraud cases, the institution that initiated the transfer is obligated to begin inquiries immediately and notify all involved banks within 30 minutes of receiving a complaint. Where delays exceed the 14-day period, the case will be taken over by the CBN’s Consumer Protection and Financial Inclusion Department, which will issue a binding decision.
Eligibility requirements are clearly defined. Customers must have authorised transfers due to misrepresentation, deception, or lack of reasonable suspicion of fraud. They must also report incidents within 72 hours; however, exceptions apply in cases involving illness, force majeure, security threats, or unavailable reporting channels. Banks are required to provide round-the-clock reporting platforms, including email, mobile apps, USSD channels, hotlines, and physical branches.
To deepen public understanding of fraud risks, the CBN is mandating quarterly awareness campaigns delivered in multiple local languages across different media platforms. The guidelines also outline a cost-sharing model: where neither bank is at fault yet the customer qualifies for reimbursement, the refund burden will be split evenly. All institutions must comply with the Nigeria Data Protection Act 2023 in their handling of sensitive information.
 has...){kind=link}