The Central Bank of Nigeria (CBN) has directed all commercial banks and financial technology (fintech) companies operating in the country to move their payment processing data to Nigeria within the next six months.
The new directive is part of efforts to strengthen regulatory oversight, improve data security, and enhance control over the country’s rapidly expanding digital financial sector.
According to the policy, all transaction data generated through point-of-sale (PoS) terminals, mobile banking platforms, online payment systems, and other digital channels must be stored and processed within Nigeria. This means that financial institutions currently relying on foreign cloud servers and overseas data centers will be required to relocate their critical payment data to local facilities.
The move represents one of the most significant regulatory changes in Nigeria’s financial technology industry in recent years.
For many banks and fintech firms, the directive will require major adjustments to their existing technology infrastructure. Several companies currently host sensitive customer information and transaction records on international cloud platforms located outside Nigeria. To comply with the new regulation, they will need to either invest in local cloud infrastructure or partner with domestic data center providers.
Industry experts believe the transition could lead to increased operational expenses, especially for startups and smaller fintech companies that may not have the financial resources of larger institutions. Costs associated with data migration, infrastructure upgrades, cybersecurity systems, and local hosting arrangements are expected to rise in the short term.
Despite these challenges, the Central Bank insists that keeping financial data within the country is essential for protecting national interests and strengthening Nigeria’s digital economy.
Regulators argue that local data storage will improve the government’s ability to monitor financial transactions, enforce compliance, and respond quickly to security threats. It will also reduce dependence on foreign technology infrastructure and provide greater control over sensitive financial information belonging to Nigerian citizens and businesses.
The policy is expected to boost Nigeria’s data center industry, as demand for local hosting services is likely to increase significantly. Local technology companies providing cloud services and data storage solutions may benefit from new business opportunities as banks and fintech firms seek compliant infrastructure partners.
Supporters of the initiative believe the policy could also create jobs within the technology sector by encouraging investment in local digital infrastructure. Increased demand for data centers, cybersecurity services, cloud computing solutions, and technology support services could stimulate growth across several segments of the economy.
The CBN has made it clear that compliance is mandatory. Financial institutions that fail to meet the deadline could face strict regulatory actions. These penalties may include substantial fines, restrictions on operations, or even the suspension of operating licenses.
The apex bank views the policy as a critical step toward protecting Nigeria’s financial ecosystem from external risks. Authorities have expressed concerns about the security implications of storing sensitive financial data outside the country, particularly at a time when cyber threats are becoming more sophisticated globally.
By ensuring that transaction data remains within Nigeria’s borders, regulators hope to improve data protection, strengthen financial stability, and reinforce public confidence in digital payment systems.
As the 180-day compliance period begins, banks and fintech companies are expected to accelerate efforts to review their technology systems and develop strategies for meeting the new requirements.
The directive underscores the CBN’s commitment to building a more secure, resilient, and self-reliant digital economy while ensuring that financial data generated by millions of Nigerians remains under local regulatory control.
