CBN CIRCULAR ON AMENDMENTS TO REVISED REGULATORY FRAMEWORK FOR BVN OPERATIONS AND WATCHLIST: IMPLICATIONS FOR FRAUD PREVENTION AND BANKING SECURITY IN NIGERIA

Introduction to the CBN BVN Circular 2026

The continued digitisation of Nigeria’s banking sector has fundamentally altered the way financial transactions are conducted. Mobile banking applications, internet banking platforms, electronic transfers, and digital payment systems have improved efficiency and accessibility across the financial system. However, the rapid growth of digital banking has also led to a corresponding rise in cybercrime, identity theft, SIM-swap fraud, unauthorised transfers, and other forms of electronic financial fraud.

In response to these growing threats and the increasing sophistication of financial crimes within the digital banking ecosystem, the Central Bank of Nigeria, on the 12th of March, 2026, issued amendments to the Revised Regulatory Frameworkfor Bank Verification (BVN) and Watch-List for the Nigerian Banking Industry, which was scheduled to take effect on the 1st of May, 2026. The amendments are primarily aimed at strengthening customer protection mechanisms, enhancing the security architecture of the banking industry, and improving fraud detection and prevention within Nigeria’s financial sector.

Background to the BVN System

The Bank Verification Number (BVN) was introduced by the Central Bank of Nigeria (CBN) on the 14th of February, 2014, as a centralised biometric identification system for customers within the Nigerian banking industry. The CBN issued the Revised Regulatory Framework for Bank Verification Number (BVN) Operations and Watchlist for the Nigerian Banking Industry on the 12th of October, 2021. This was introduced to strengthen the operational, legal, and institutional framework governing the administration and use of the BVN within Nigeria’s financial sector. The framework sought to enhance customer identification processes, improve fraud detection mechanisms, and establish clearer guidelines for the management of the BVN database and watchlist system within the banking industry. It also provided regulatory standards relating to BVN enrolment, data access, watchlist procedures, dispute resolution, and inter-agency cooperation among financial institutions and relevant stakeholders. Furthermore, the framework was aimed at reinforcing Know Your Customer (KYC) obligations, reducing financial crimes, and improving the overall integrity, security, and stability of Nigeria’s digital banking ecosystem.

The BVN system has played an important role in:

• Reducing identity theft and fraudulent banking activities;
• Strengthening customer authentication processes;
• Enabling biometric verification of customers;
• Identifying blacklisted customers within the banking system; and
• Improving inter-bank customer verification.

Key Features of the CBN Circular

1. Temporary Watchlist for Suspicious Transactions

In accordance with the amendments, financial institutions are required to establish and maintain a temporary watchlist for BVNs flagged for suspicious or unusual transactions. Those BVNs are to be placed on the temporary watchlist for 24 hours, pending investigation and customer clarification. During this period, restrictions may be imposed on affected accounts while banks assess the legitimacy of the transactions. This mechanism is designed to strengthen real-time fraud monitoring and improve the ability of financial institutions to respond swiftly to suspicious financial activities.

2. Age Restriction for Independent BVN Registration

The framework further provides that only individuals aged 18 years and above may independently enroll for a BVN. Minors are expected to operate accounts under the supervision or authority of parents or guardians. This is aimed at improving accountability and reducing the risks associated with unsupervised financial activities involving minors.

3. Restrictions on Phone Number Amendments

According to the amendment, customers are permitted to change the phone number attached to their BVN only once in a lifetime. This is aimed at combating SIM-swap fraud and unauthorised access to banking profiles, while improving identity stability and strengthening customer traceability within the banking system.

4. Access to BVN Data

The circular further provides that access to BVN databases shall be restricted exclusively to financial institutions licensed by the Central Bank of Nigeria. Notwithstanding this restriction, the Central Bank of Nigeria reserves the discretionary authority to approve access to BVN databases in exceptional circumstances, provided that such access is granted in accordance with applicable legal and regulatory provisions. This is aimed at safeguarding the confidentiality, integrity, and security of customers’ biometric and personal data within the Nigerian banking system.

Data Protection and Privacy Concerns: Implications for Fraud Prevention and Banking Security

The BVN framework involves the collection, storage, and processing of highly sensitive biometric and personal data belonging to millions of Nigerians. While the restriction of access to licensed institutions is intended to strengthen the security and confidentiality of customer information, concerns may arise regarding the extent of data sharing, the adequacy of cybersecurity safeguards, the possibility of unauthorised disclosures, and the risk of misuse of biometric data.

Consequently, the implementation and operation of the revised policies must comply with existing constitutional and statutory safeguards relating to privacy and data protection. In particular, section 37 of the Constitution of the Federal Republic of Nigeria 1999 (as amended) guarantees the privacy of citizens, their homes, correspondence, telephone conversations, and telegraphic communications. In addition, the Nigeria Data Protection Act 2023establishes the legal framework regulating the processing, storage, protection, and transfer of personal data within Nigeria. Financial institutions and regulatory agencies must therefore ensure that customer information is processed lawfully, securely, and strictly for legitimate regulatory and banking purposes.

Conclusion

The amendments issued by the CBN represent a significant regulatory effort aimed at strengthening the security structure of Nigeria’s banking system and combating the increasing threat of electronic fraud, cybercrime, and identity-related financial offences. The reforms are consistent with broader global trends favouring stricter digital identity management systems, enhanced Know Your Customer (KYC) obligations, and stronger anti-fraud mechanisms within financial institutions. Although the policies are likely to improve fraud detection, customer verification processes, and overall banking security, their long-term effectiveness will depend substantially on efficient implementation, technological adaptability, regulatory flexibility, institutional coordination, and public awareness. Continuous regulatory review and stakeholder engagement will therefore remain necessary to ensure that the framework effectively balances cybersecurity objectives with customer convenience, financial inclusion, privacy rights, and accessibility within Nigeria’s rapidly evolving digital financial environment.

This newsletter is provided for general information purposes only and does not constitute legal, regulatory, or professional advice. While reasonable care has been taken in preparing this publication, readers are advised not to rely on its contents as a substitute for specific legal advice. Institutions and individuals are encouraged to consult their legal, compliance, or other professional advisers to obtain advice tailored to their particular circumstances.