The Central Bank of Nigeria (CBN) has released draft guidelines that would compel banks and other financial institutions to reimburse customers who fall victim to Authorised Push Payment (APP) fraud within 48 hours after investigations are concluded.
Published on November 26, 2025, the draft framework represents one of the most robust consumer-protection measures yet from the apex bank, following a surge in social-engineering scams and payment-manipulation schemes across Nigeria’s financial system.
Under the proposal, financial institutions must complete investigations into reported APP fraud within 14 working days. Once a customer is confirmed eligible, reimbursement must be issued within 48 hours. The CBN warned that institutions that fail to detect suspicious activity or prevent fraudulent proceeds from moving through their systems will be fully liable.
APP fraud differs from account compromise because victims are manipulated into authorising transactions themselves, often through impersonation, deception, emotional distress, or fictitious investment offers.
The draft aims to strengthen trust in Nigeria’s digital-payments ecosystem, where instant transfers dominate retail transactions. Stakeholders have three weeks to submit comments before the final regulations are issued.
The framework introduces extensive governance obligations, including mandatory board-level oversight of fraud-risk policies, prevention strategies, and post-incident reviews. Banks are required to deploy Early Warning Systems capable of detecting unusual transaction patterns, repeated fraud complaints, previously flagged accounts, and other behavioural indicators.
Financial institutions must also set up dedicated fraud-analytics units to document red-flag triggers, enhance internal controls, and maintain updated detection frameworks.
In multi-bank fraud cases, the originating institution must launch an investigation immediately and notify all other institutions involved within 30 minutes of receiving the complaint.
If an investigation is not concluded within the 14-day window, the matter will be escalated to the CBN’s Consumer Protection and Financial Inclusion Department for a binding decision. Any institution that fails to freeze fraudulent proceeds or allows such funds to move due to weak controls will bear full liability.
Transparency is mandatory. Banks must clearly communicate investigation outcomes to customers, including reasons for denial of reimbursement, and submit quarterly reports to the CBN containing records of investigations, reimbursements, and fraud-awareness campaigns.
Eligibility for reimbursement requires that the customer authorised the transaction under false pretence, had no reasonable basis to suspect fraud, and reported the incident within 72 hours. There must be no evidence of negligence, collusion, or criminal intent. However, late reporting may be excused in cases of illness, force majeure, security risks, or unavailable reporting channels.
Banks are also required to provide 24/7 reporting options, including hotlines, email, mobile apps, USSD, and in-branch channels.
The draft clarifies cost-sharing rules: where neither the sending nor receiving bank is at fault but the customer qualifies for reimbursement, both institutions must split the cost equally. All data handling during investigations must comply with the Nigeria Data Protection Act 2023.
The CBN further emphasised the need for consumer education. Banks must conduct quarterly fraud-awareness campaigns across multiple languages and platforms, given that APP fraud relies largely on manipulation rather than system breaches.
