The Central Bank of Nigeria (CBN) is rolling out a new framework to tackle rising fraud in the banking sector: customers must now report fraudulent transactions within 72 hours, while financial institutions, including banks and fintechs, are bound by a 16-working-day cycle to investigate and issue refunds.
The new rules come as fraud in Nigeria’s financial sector continues to surge. Data from the Financial Institutions Training Centre (FITC) shows fraud losses jumped 603% to ₦3.29 billion ($2.27 million) in Q1 2025, with 12,347 cases reported, a 7.63% increase from the previous year.
The CBN released draft guidelines dated November 26, 2025, for handling Authorised Push Payment (APP) fraud, aimed to strengthen preventive measures, tighten bank accountability, and ensure faster reimbursements for victims.
“When finalised, the Guidelines would mandate all financial institutions to institute preventive measures as well as modalities for mitigating and managing APP fraud,” a circular signed by Rita Sike, director, Financial Policy and Regulation Department, read.
This marks the continuation of the CBN’s over a decade-long fight against fraud. In 2011, it established the Nigeria Electronic Fraud Forum (NeFF) to encourage the exchange and the sharing of knowledge on fraud issues among operators. In 2015, it mandated that financial institutions open dedicated fraud desks to provide support to customers on electronic fraud. In 2023, it mandated stricter Know Your Customer (KYC) measures, requiring customers to provide their Bank Verification Number or a national identification number (NIN) for account or wallet opening.
In 2024, the apex bank instructed the Nigeria Inter-Bank Settlement System (NIBSS) to debit the accounts of commercial banks that receive fraud proceeds.
What is APP fraud?
The CBN defines it as tricking or misleading a customer into authorising a payment, via WhatsApp, SMS, email, or other channels, to a third-party account or wallet.
“Facilitation, negligence, or non-compliance by financial institutions, such as failure to act on red flags, weak Know Your Customer (KYC) or fraud controls, staff collusion, delayed resolution, and use of accounts for fraudulent purposes,” it said.
Any customer who is a victim of APP fraud is expected to report the incident within 72 hours. Reports should include transaction date, amount, recipient details, and supporting documents.
Banks must now acknowledge the report within 24 hours and launch an investigation immediately.
During investigations, the CBN may direct NIBSS or any relevant settlement entity to withhold settlement for the full value of any transaction identified as fraudulent. “This may extend to second-level or other subsequent beneficiary institutions along the transaction chain,” the CBN said.
Investigations must conclude within 14 working days, and unresolved cases can be escalated to the CBN’s Consumer Protection and Financial Inclusion Department. Reimbursements are to be made within 48 hours of investigation conclusion.
When an APP fraud incident involves more than one financial institution, the originating financial institution must start an investigation and notify the other institution(s) involved within 30 minutes. Affected institutions are expected to make reimbursement within 16 working days from the date the incident was first reported.
If a financial institution fails to flag or freeze a fraudulent transaction due to inadequate systems, it bears the cost. Where no financial institution is at fault, and the customer is also not at fault, banks must share the refund equally.
Who gets refunds, and who doesn’t
Customers are eligible for reimbursement when they report fraud within 72 hours and cooperate with investigations; show no negligence, collusion, or criminal intent; were misled under false pretences; or were protected by weak or absent bank controls.
Customers are not eligible for refunds if they acted fraudulently or negligently; failed or report the fraud after 72 hours; and if the transactions predate the guideline’s effective date.
Exceptions to the 72-hour rule apply if delays were due to illness, force majeure, or unavailability of reporting channels, or if fraud resulted from bank staff negligence or internal control failures.
Failure to conclude investigations within the set timeframe without justification will now attract regulatory sanctions. Customers can also take issues up with the CBN if they are not satisfied with the outcome of any investigation.
However, providing false, misleading, or incomplete information to the CBN will attract sanctions on the individual and the bank.
To ensure the successful implementation of this new rule, financial institutions must have 24/7 fraud reporting channels, Early Warning Systems (EWS) to detect and mitigate APP fraud, red-flag suspicious accounts, monitor behaviour, and document fraud indicators, regularly report APP fraud incidents to the CBN, and implement financial literacy outreach for customers.
The draft guideline is currently open to comments from financial institutions and the public for three weeks. Once finalised, it will form a critical part of the CBN’s ongoing effort to strengthen Nigeria’s financial ecosystem.
