In a series of regulatory guidelines issued last week, the Central Bank of Nigeria (CBN) introduced new measures aimed at strengthening security, transparency and consumer protection across Nigeria’s financial services sector.
Released through several circulars between March 10 and March 13, 2026, the new rules cover areas including instant payments, ATM deployment, fraud monitoring, Bank Verification Number operations, dormant accounts and anti-money laundering systems.
In this explainer, Pinnacle Daily examines 17 key rules contained in the circulars and what they mean for banks and their customers.
1. Device Binding and New Limits for Mobile Banking
Under revised instant payment rules issued on March 12, the central bank introduced tighter controls for mobile banking applications.
Banks must ensure that a mobile banking app is linked to only one device at a time, meaning customers cannot operate the same banking app simultaneously on multiple devices.
When a customer switches devices, the app will require reactivation and fresh authentication.
For the first 24 hours after activating a mobile banking app, temporary transaction limits will apply. For both new and existing customers, banks may set the limits, but they cannot exceed ₦20,000.
Customers logging into internet banking from a new device will also be required to complete additional multi-factor authentication.
These rules will take effect from July 1, 2026.
2. Customers Can Switch Instant Transfers On or Off
The CBN introduced a voluntary opt-out and opt-in feature for instant payment services.
Customers can disable instant online transfers from their accounts whenever they wish.
During that period, they will not be able to carry out digital transfers, but can still visit their bank physically to make transactions.
The process will require multi-factor authentication, and all new bank customers will automatically be enrolled in the instant payment service unless they choose to opt out.
3. Customers Can Adjust Their Own Transfer Limits
The central bank also allowed customers to voluntarily set lower transfer limits for their accounts.
While the maximum limits remain ₦25 million for individuals and ₦250 million for corporate accounts, customers can reduce their limits if they prefer tighter security.
Any change will require customer consent through multi-factor authentication and additional due diligence by the bank.
READ ALSO:
- CBN Tightens Instant Payment Rules, Introduces New Fraud Controls for Banks
- FG Seeks Nigerians’ Views on Social Media Age Limits for Children
- Fintiri Defects to APC with Cabinet, PDP Officials
- NERC Orders DisCos to Refund Customers ₦20.33bn for Meter Payments
4. Banks Must Install Enterprise-Level Fraud Monitoring
To strengthen fraud detection, the CBN directed all financial institutions to deploy enterprise fraud monitoring systems.
These systems must track both incoming and outgoing transactions and automatically flag suspicious activity that could signal fraud.
5. Liveliness Checks for Online Account Opening
The regulator also introduced stricter identity verification for digital account opening.
Banks must now conduct “liveliness checks” to confirm that a real person is opening the account. Online account openings and reactivations must also be validated in real time using the BVN or National Identity Number database.
Banks are expected to adopt stronger authentication tools such as biometric verification, soft tokens, hard tokens and multi-factor authentication.
6. Temporary Watchlist for Suspected Fraud
In another circular dated March 12, the CBN updated the regulatory framework governing Bank Verification Numbers.
Banks must now maintain a temporary watchlist for BVNs linked to suspected fraudulent transactions reported by another financial institution.
A BVN can remain on the list for up to 24 hours, during which the account holder will be contacted to clarify the transaction.
This rule will take effect from May 1, 2026.
7. New Age Rule for BVN Registration
The central bank also introduced a new age requirement for BVN enrolment. Only individuals aged 18 years and above will be allowed to register for a BVN under the new guideline.
The rule takes effect from May 1, 2026.
8. Restrictions on Changing BVN Phone Numbers
Another amendment limits how often customers can update phone numbers linked to their BVN.
Under the new rule, a phone number connected to a BVN can only be changed once, a move aimed at reducing identity fraud.
This directive will also begin on May 1, 2026.
9. Access to BVN Database Limited to Licensed Institutions
The CBN also restricted access to the BVN database to only financial institutions licensed by the central bank.
However, the regulator retains the authority to grant access in exceptional cases in line with existing laws.
This rule takes effect from May 1, 2026.
10. Easier Reactivation of Dormant Accounts
In another directive dated March 12, the CBN introduced changes to the reactivation of dormant accounts.
Banks are now allowed to receive reactivation requests through alternative channels instead of requiring customers to appear physically at bank branches, provided proper identity verification measures are in place.
READ ALSO:
- Nigeria Banks Secure ₦3.85trn in Capital Raise
- How FG Can Ease the Burden of Rising Petrol Prices on Businesses – Centre
- Ex-CBN Deputy Governor, Bala Bello, Hails Tinubu for Appointing him as Economic Adviser
- CBN Bars Big Loan Defaulters from Fresh Credit
The central bank also removed the requirement for affidavits when reactivating dormant accounts that have not been transferred to the Unclaimed Balances Trust Fund pool account.
This directive takes immediate effect.
11. Mandatory Disclosure of Dormant Accounts
Banks must also publish certain information about dormant accounts and unclaimed balances.
The information to be disclosed includes the account holder’s name, account type, the name of the bank and the branch where the account is domiciled.
Banks without active websites must publish the information on the websites of their industry associations.
12. Annual Newspaper Publication of Dormant Accounts
In addition to online disclosure, banks must publish information about dormant accounts in at least two national newspapers every year.
Where the list is extensive, banks may publish a notice directing customers to a searchable section on their websites containing the full details.
State and unit microfinance banks are only required to display the information at their business locations.
13. Data Protection Clarification on Dormant Accounts
The CBN clarified that the publication of dormant account information does not violate the Nigeria Data Protection Act.
According to the regulator, the law allows personal data to be processed when it is necessary to comply with a legal obligation or to protect the interests of the account holder.
14. New Automated Anti-Money Laundering Systems
In a separate circular dated March 10, the CBN issued baseline standards for automated anti-money laundering systems across financial institutions.
The framework requires banks and other financial institutions to deploy technology capable of detecting and reporting suspicious transactions in real time.
Implementation begins immediately on March 10, 2026. Deposit money banks must achieve full compliance within 18 months, while other financial institutions have 24 months.
All institutions must submit implementation roadmaps to the regulator within three months of the circular’s issuance.
15. New Guidelines for ATM Operations
In another circular dated March 13, the central bank issued fresh guidelines for the operations of Automated Teller Machines across Nigeria.
The rules are designed to improve ATM access in urban and rural areas, strengthen security protocols and align Nigeria’s ATM operations with global standards.
All banks and payment service providers are required to comply with the guidelines.
16. Minimum ATM Deployment Requirement
Under the new framework, banks must deploy at least one ATM for every 7,500 payment cards issued.
The requirement will be implemented gradually over three years. Financial institutions must achieve 30 per cent compliance in 2026, increase deployment to 60 per cent in 2027 and reach full compliance by 2028.
17. Stronger Security Rules for Biometric ATMs
For ATMs that use biometric authentication, the CBN introduced stricter technical and privacy standards.
Banks must deploy anti-spoofing technology capable of detecting fake biometric attempts, encrypt biometric data and ensure secure system operations.
The machines must maintain an authentication success rate of at least 98 per cent and process approvals within roughly 1.2 seconds.
Where biometric verification fails, the ATM must automatically switch to another authentication method while logging the incident for system diagnostics.
Alex is a business journalist cum data enthusiast with the Pinnacle Daily. He can be reached via ealex@thepinnacleng.com, @ehime_alex on X
