By Boluwatife Oshadiya | June 16, 2026
Key Points
- CBN has directed banks, fintechs and payment service providers to store all payment transaction data generated in Nigeria on local servers from January 1, 2027
- Technology investor Osaretin Asemota warns the directive could create operational and cybersecurity challenges if implementation capacity is inadequate
- The new rule forms part of broader CBN reforms aimed at strengthening oversight, transparency and resilience in Nigeria’s payments ecosystem
Main Story
The Central Bank of Nigeria’s new directive requiring banks, fintech firms and other payment service providers to store all payment transaction data generated within Nigeria on local servers from January 1, 2027, has sparked debate among industry stakeholders, with technology investor and entrepreneur Osaretin Victor Asemota warning that the policy could create significant operational risks if poorly implemented.
The directive, contained in a circular issued by the CBN’s Payments System Supervision Department and signed by Director Rakiya Yusuf, is part of a broader regulatory framework designed to improve oversight, transparency and resilience within Nigeria’s rapidly expanding digital payments industry. The policy applies to deposit money banks, microfinance banks, mobile money operators, payment processors, switching firms, payment solution providers and other licensed participants in the payments ecosystem.
Under the new requirements, all payment transaction data generated within Nigeria must be stored and managed domestically in accordance with Nigerian data protection laws. The CBN said the move is intended to strengthen regulatory visibility, improve cybersecurity oversight, support financial crime investigations and reduce reliance on foreign-hosted infrastructure. Operators have until January 1, 2027, to achieve full compliance.
However, reacting to the announcement, Asemota expressed concerns about the readiness of many financial institutions to sustain such an infrastructure shift.
What’s Being Said
“My problem with this is that anyone who has dealt with tech people inside banks will know that this is a horror story waiting to happen. A lot has improved since then, as infrastructure has been moved more to the cloud,” said Osaretin Victor Asemota, technology investor and entrepreneur.
“Banks don’t pay tech people well and pay contractors even less. Unless there is a local shared services miracle, this will be a data and security nightmare if forced within the prescribed time frame.”
Asemota further argued that while institutions may move quickly to comply with the regulation, long-term maintenance and sustainability remain bigger concerns.
“They will rush to comply, but sustaining it is the problem. These guys can’t sustain anything for long. If you have ever integrated any product directly with a bank, you will understand well.”
The technology investor also recalled previous experiences integrating financial technology products with Nigerian banks, noting that telecommunications companies sometimes had to provide additional support to ensure successful deployment of applications within banking systems.
On the rationale behind the directive, the CBN said the rapid growth of electronic payments, increasing digital financial inclusion and the emergence of dominant players within key payment segments necessitated stronger oversight measures. The regulator added that data localisation would enhance national control over critical financial infrastructure and improve access to transaction records during investigations.
What’s Next
- Financial institutions and payment operators are expected to begin reviewing their infrastructure and cloud-hosting arrangements ahead of the January 1, 2027 compliance deadline
- Industry stakeholders are likely to engage regulators on implementation timelines, cybersecurity requirements and local data-centre capacity
- The policy could accelerate investment in Nigerian data centres, cloud infrastructure and digital storage services as operators prepare for compliance requirements
Bottom Line
The Bottom Line: The CBN’s push for payment data localisation reflects a broader global trend toward data sovereignty and stronger regulatory oversight of digital financial systems. However, as Asemota’s concerns highlight, the success of the policy may depend less on compliance deadlines and more on whether Nigeria’s financial sector possesses the technical capacity, cybersecurity expertise and infrastructure resilience required to manage sensitive payment data at scale without disrupting service delivery.
