The new draft policy compelling banks and regulated financial institutions to compensate victims of Authorised Push Payment (APP) fraud within 48 hours after completion of investigation by the Central Bank of Nigeria (CBN) may have caused jitters in the industry.
Burdened by capital recapitalisation project, the operators in the industry say the timing of the policy is suspicious and a distraction.
Based on the development, customers are gearing up for possible showdowns with some banks, which, hitherto, had treated compensation with levity and endless processes that had resulted in losses by the affected cusromers.
Comsequently, analysts say the financial sector may soon witness a major shift in its consumer-protection framework, a development they say is ro the advantage of cistomwrs, as the CBN is said to be committed to the full implementation of the policy.
APP fraud occurs when criminals manipulate, deceive, or psychologically pressure victims into sending money to them directly.
Unlike the classic cyber intrusions, the victim’s banking credentials remain uncompromised—the transfer is authorised by the customer but under misleading circumstances.
This loophole has historically prevented customers from receiving refunds under conventional fraud-protection systems.
The CBN’s newly issued exposure draft, dated November 26, 2025, introduces strict timelines and liability structures designed to provide faster redress, especially as social-engineering and deception-based scams continue rising across Nigeria’s digital-payment ecosystem.
Under the proposed framework, financial institutions must conclude all investigations into reported APP fraud within 14 working days.
Once eligibility is confirmed, the bank must process a refund to the affected customer within 48 hours.
The apex bank cautioned that institutions that fail to identify suspicious activity, delay escalation, or allow fraudulent proceeds to move through their systems will be held financially responsible.
The draft highlights that APP fraud is fundamentally different from traditional account breaches because victims are persuaded—sometimes emotionally, sometimes through impersonation or false investment offers—into authorising the transfers themselves.
These schemes have grown increasingly sophisticated amid the expansion of instant-payment channels nationwide.
According to the CBN, the initiative aims to deepen trust in Nigeria’s digital-transactions landscape, where instant transfers dominate everyday financial activity.
Stakeholders have a three-week window to submit feedback before the final policy is issued.
Higher Responsibility For Banks:
To strengthen institutional accountability, the guidelines require board-level oversight over fraud-risk controls.
Banks must develop improved monitoring systems, enhance escalation protocols, and carry out comprehensive post-incident analysis for every confirmed case.
The proposed rules further mandate banks to deploy Early Warning Systems capable of detecting behavioural anomalies, unusual transaction flows, repeat fraud claims, market-intelligence signals, and accounts previously associated with suspicious patterns.
Dedicated fraud-analytics units are expected to regularly update frameworks and document red-flag triggers.
In multi-bank fraud cases, the institution that initiated the transfer is obligated to begin inquiries immediately and notify all involved banks within 30 minutes of receiving a complaint.
READ ALSO:FG Approves 2026 Fiscal Plan, Targeting 2.06m bpd, $64 Crude Oil Benchmark, N1,512/$1 Exchange Rate
When CBN Takes Over:
Derermimed ro out rhe banks on rheir toes, CBN has warns that where delays exceed the 14-day period, the apex bank’s Consumer Protection and Financial Inclusion Department and will issue a binding decision.
Eligibility Requirements For Customers:
Eligibility requirements are clearly defined, as customers must have authorised transfers due to misrepresentation, deception, or lack of reasonable suspicion of fraud.
They must also report incidents within 72 hours; however, exceptions apply in cases involving illness, force majeure, security threats, or unavailable reporting channels.
Banks are required to provide round-the-clock reporting platforms, including email, mobile apps, USSD channels, hotlines, and physical branches.
CBN To Embark On Awareness:
To deepen public understanding of fraud risks, the CBN is mandating quarterly awareness campaigns delivered in multiple local languages across different media platforms.
The guidelines also outline a cost-sharing model: where neither bank is at fault yet the customer qualifies for reimbursement, the refund burden will be split evenly. All institutions must comply with the Nigeria Data Protection Act 2023 in their handling of sensitive information.
According to a banker, good as the policy might be, the timing is wrong as the banks have enough that they are battling with.
Besides, he sees the policy as shifting responsibilities to the banks, when according to him, ‘customers ought to be discreet and responsible when carrying out any transaction’.
