The Central Bank of Nigeria (CBN) has ordered banks, fintech companies, mobile money operators, and other payment service providers to store and manage all payment transaction data within Nigeria’s borders by 1 January 2027, as the regulator moves to consolidate oversight of one of Africa’s fastest-growing digital payments markets.
The directive forms part of a wider regulatory overhaul that also introduces ownership disclosure requirements and limits designed to prevent excessive market concentration. The CBN said the rapid expansion of electronic payments and digital financial services has raised concerns around market concentration, operational dependence, ownership transparency, and the storage of critical payment data.
Nigeria’s payments industry has grown sharply over the past decade, driven by mobile banking, agency banking, fintech applications, card payments, and online transfers. That growth has made digital payments central to daily financial life for millions of Nigerians — and has elevated the sector’s importance to broader financial stability.
Data sovereignty at the centre
At its core, the policy addresses one of the most sensitive questions in modern finance: who controls payment data, where it is stored, and how readily regulators can access it when risks emerge. By requiring that payment transaction data generated in Nigeria be stored and managed locally — in line with Nigerian data protection laws — the CBN is asserting that it must be able to see into the system it is responsible for supervising.
Banks and fintechs that currently rely on offshore infrastructure will need to review how they host, process, and back up payment records before the 2027 deadline. The shift could stimulate investment in local data centre capacity, but it is also expected to raise compliance costs for firms with significant offshore dependencies.
Ownership and market structure
Beyond data localisation, the CBN’s overhaul targets ownership transparency and market dominance. Payment operators will be required to disclose ownership structures, while new limits aim to prevent any single player from accumulating disproportionate control over the payments infrastructure that underpins Nigeria’s economy.
The regulator’s concern is straightforward: as digital payments have become systemically important, the CBN wants greater visibility over the companies moving money across the economy — who owns them, how they are structured, and where their data lives.
Compliance costs and infrastructure implications
The policy does not appear to ban foreign cloud providers from operating in Nigeria’s financial sector outright, but it does require that the data itself remain onshore. For international technology firms and global fintechs operating in Nigeria, this introduces a new layer of localisation compliance that will require investment in Nigerian infrastructure or partnerships with local data hosting providers.
The 2027 deadline gives the industry roughly two years to adapt — a window the CBN appears to have calibrated to allow meaningful transition without indefinite delay. Whether that timeline proves sufficient will depend on how quickly local data infrastructure can scale to absorb demand from a payments sector processing transactions at the volume Nigeria’s market now generates.
Nigeria’s experience is likely to be watched closely across the continent. Several African regulators have signalled interest in similar data sovereignty frameworks as digital financial services deepen their penetration of domestic economies, and the CBN’s approach — combining localisation mandates with ownership disclosure and market structure rules — may offer a template for peers navigating the same pressures.
