All Posts By

DealHQ Partners

Overview of the Guidelines for Contactless Payments in Nigeria

Nigeria has experienced significant growth and development in its financial sector, driven in large part by the integration of technology.
Technology has revolutionized the way banks operate in Nigeria, enhancing their efficiency, expanding their reach, and transforming the customer experience. The growth of fintech companies has further entrenched the relevance of technology and its potential to redefine the Nigerian financial services ecosystem.
The financial services sector has been at the forefront of leveraging technology to address challenges, enhance services, and stimulate economic growth. With banks and fintech companies in Nigeria embracing innovative solutions such as mobile banking, online platforms, and electronic payment systems to offer convenient and accessible financial services to a wider population, it is clear that there is a recognition of the potential inherent in technology to reshape financial services.
A case in point which highlights the efforts being put into building a more innovative financial ecosystem is the introduction of contactless payments. The COVID pandemic and the resultant lockdown triggered significant changes in the payment industry. Specifically, it amplified the need for contactless payments and ushered in a wave of unprecedented innovation and product development in the payment industry globally.
Given the record traction in the Nigerian payment market, the Central Bank of Nigeria (CBN), recognizing the… Click here to download article...


About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

You may contact our team on:


Telephone: +234 1 4536427 or +234 9087107575

Episode 3 Season 2- Nigeria’s Energy Transition Plan – One Year On: Cost vs Gains Analysis

Simply is a sponsored podcast of DealHQ Partners, where we engage thought leaders on trending issues around law and business in the most simplistic manner.

On this Episode 3; our Ayobami Elias leads Mr. Akin Akinfemiwa, the CEO of Geregu Power, in conversation around Nigeria’s Energy Transition Plan specifically assessing its capacity to meet Nigeria’s immediate and future energy demands, whether the plan is aligned to economic priorities of providers of capital, developers and users of energy and most importantly what just energy transition means to Africa vis-à-vis finding the capital required to implement our Net Zero ambition.

Listen here:




As technology and digital innovation continues to advance, the volume of data generated and exchanged by users of the internet, mobile/web applications and other digital devices has raised the security of personal data to the status of “matter of national concern” in Nigeria.

On the 14th of June 2023, the President of the Federal Republic of Nigeria, signed into Law, the Nigerian Data Protection Act (the Act) thereby establishing by statute, the Nigerian Data Protection Commission; which is entrusted with the power to make and enforce regulations for the protection and security of the personal data of Data Subjects in Nigeria.


The Act provides the legal framework for the establishment of the Nigeria Data Protection Commission, the regulation of the processing of personal data of Data Subjects, and for other related matters. The objective of the Act is to safeguard the constitutional right of Data Subjects in Nigeria as relates to the processing activities undertaken by Data Processors or Data Controllers.  A Data Controller is a person, organization, or a statutory body who determines the purposes for, and the way Personal Data is processed or is to be processed. Consequently, a Data Processor is one who processes the data in the manner prescribed by a Data Controller).


The Act applies to and is binding on Data Controllers or Data Processors who are either:

  1. Resident or operating in Nigeria;
  2. Processing data within Nigeria; or
  3. Processing data of Data Subjects in Nigeria.

Data Controllers or Processors who fall into any of the underlisted categories are exempted from the application of the Act:

  1. One or more individuals who process personal data solely for personal or household purposes;
  2. Data Controllers or Processors who deal with/process personal data which have been prescribed for exemption by the Commission.

The Act establishes the Nigeria Data Protection Commission as an independent body responsible for prescribing regulations, codes, guidelines, and procedures in furtherance of its functions geared towards the enhancement of personal data protection.

The overall policy direction of the affairs of the Commission shall be controlled by a governing council which shall consist of seven people headed by a Chairman who shall be a retired judge of a superior court of record. All seven members of the governing council shall be appointed by the President on the recommendation of the Minister.[2]


Personal Data of a Data Subject can only be processed when a lawful basis for such has been established. The Act like other Data Privacy statutes (such as the GDPR) recognizes that Lawful Basis shall be deemed established in the following scenarios:

  1. Consent: Data Subject’s consent has been procured and the consent has not been withdrawn;
  2. Contract: Processing the personal data is necessary or the performance of a contract for which the Data Subject is a Party;
  3. Legal Obligation: Processing the data is necessary for compliance with a legal obligation to which the Data Controller or Processor is subject;
  4. Public Interest: Processing the personal data is necessary for public interest purposes or in exercise of official authority vested in a controller;
  5. Vital Interest: to protect a life;
  6. Legitimate Interest: Where the processing of personal data of a data subject is necessary in the legitimate interest of the processor or another third party.

Relatedly, even after Lawful Basis is established, every Data Processor is expected to adhere to these general principles:

  1. Personal Data must be processed in a fair and transparent manner;
  2. Personal Data must be collected for a specified and legitimate purpose; and must not be further processed in a manner or for a purpose incompatible with that which has been specified;
  3. Personal Data collected must be limited to that which is adequate and relevant for the purpose for which it is collected;
  4. Personal Data must be retained only for only as long as is necessary to achieve the Lawful Basis for which it was collected;
  5. Personal Data must be processed in a manner that guarantees the security of personal data against loss, unlawful processing, destruction loss or damage.
  6. Personal Data is processed for the purpose of a legitimate interest by a data controller or third party to which the data is disclosed.

Amongst other things, the following mandatory provisions are to be noted by and complied with by all Data Controllers and Processors:


All Data Controllers and Processors of major importance[3] are now mandated to appoint a designated Data Protection Officers (DPO) with expert knowledge of data protection laws and practices and who may either be an employee of the organization or engaged under a valid service contract[4].


Every Data Processor or Controller who envisages that any of its processing activity is likely to violate or result in high risk to the rights and freedom of  Data Subjects by virtue of its nature, scope, context and purpose; is mandated to conduct a data protection impact assessment. It is expected that the Commission will issue guidelines to establish the categories of processing which will now require the conduct of data protection impact assessment.[5]


Every Data Controller is required to notify the Commission within 72 hours of becoming aware of any personal data breach which is likely to result in a risk to the right and freedom of a Data Subject.[6]


Cross-Border Transfer of personal data to third parties no longer requires the supervision/consent of the Attorney General of the Federation. Notwithstanding Personal Data of Data Subjects cannot be transferred to a cross border recipient; unless the transferor has satisfied itself that the foreign third-party recipient:

  1. Has a lawful basis for processing such data;
  2. Has in place a mechanism to ensure adequate level of protection of such data to the extent and level prescribed by the Act. [7]


The Act mandates the registration of Data Controllers and Data Processors of major importance with the Commission within six months from the commencement of the Act or of becoming a Data Controller or Data Processor of major importance.  The Act also prescribes the process of registration and grants the Commission the power to prescribe the registration fee and to grant exemptions from registration at their reasonable discretion. Furthermore, Registered Processors and Controllers must notify the Commission of any change in the registration details provided.

The Commission is expected to keep a register of Data Controllers and Processors on its website and to update same regularly. When a Data Controller or Data Processor ceases to be one of major importance, it must notify the Commission who shall remove its name from the register[8].


The Act guarantees Data Subjects the inherent right to:

  1. Obtain from a Data Controller; confirmation as to whether its personal data is being stored or processed and where so; further information on the purpose, nature/category of data being processed, recipients of such data including international/cross border recipients, period for which data will be kept;
  2. Right to demand rectification, erasure or restriction in processing (pending resolution, objection or enforcement of a legal claim) without delay;
  3. Right to decline to give or to withdraw consent;
  4. Right to demand discontinuation of processing (except on grounds of public interest);
  5. Right to lodge a complaint with the Commission;
  6. Right not to be subject to a decision based solely on automated processing of personal data.


The Act has provided a procedure for Data Subjects whose rights have been violated or is likely to be violated by any Data Controller or Processor; to file a complaint with the Commission[9]. The Commission is mandated to investigate and where it is established that the right of a Data Subject is likely to be violated, the Commission will  issue an appropriate compliance order  against such Data Controller including:-  (1) a warning (2) a directive to comply or (3)  a cease and desist order.

Where however an actual violation is established; the Commission may issue an enforcement order issuing sanctions against such Data Processor or Controller. Such order may include (1) a directive to remedy (2) a directive to pay compensation (3) order to account for profits made from a violation (4) order to pay penalty which in the case of a Data Controller of major importance will be the higher of NGN10Million or 2% of gross revenue for the preceding financial year.  Where the offender is not a Data Controller of major importance, the penalty will be the higher of NGN2Million OR 2% of gross revenue for the preceding financial year. Where Data processor or controller is dissatisfied with the order imposed by the commission, it is at liberty to apply to court for judicial review, within thirty days of the issuance such order[10].

Where an order is defiled, the defaulting Processor or Controller commits an offence and becomes criminally liable upon conviction by a competent court [11]. The court may also order the Processor or Controller upon conviction to forfeit any economic benefit or financial proceeds in accordance with the Proceeds of Crime (Recovery and Management) Act or any other similar law.[12]


Directors, Managers, Partners, Secretaries or other similar officer of any convicted Data Processor or Controller shall be deemed jointly and vicariously liable with the organization for any breach or violation or offense under the Act; unless such officer can prove that the offence was committed without his/her knowledge, consent or connivance; and that he/she exercised all such diligence to prevent the commission of the offence. Data Controllers and Data Processors also remain vicariously liable for the acts or omissions of their agents, clerks, servants or employees.[13]


Whilst the Commission remains a legal entity which can sue or be sued, Actions against the Commission are required to be instituted within three months of the time in which such cause of action arose and subject to the service of a one month written notice of intention to sue having been served on the Commission. The Act further directs that no execution or attachment process can be issued against the property of the Commission in respect of an action or suit filed against it[14].


The Act  recognizes and has given legitimacy to  all  actions (orders, rules,  decisions, directions, licenses and authorizations) of NITDA, OR the Bureau  done prior to the coming into force of the Act as if they are acts of the Commission itself and they shall remain binding  until they are waived, cancelled or repealed by the Commission. This includes specifically, the Nigerian Data Protection Regulation (NDPR) 2019.[15] The Nigeria Data Protection Commission effectively succeeds the erstwhile Nigeria Data Protection Bureau (NDPB) and puts to an end the argument that the NDPB is not statutorily created.


It is clear given the priority and attention given to  the assent of the by the newly elected President of Nigeria and the Federal Executive Council; that data privacy is recognized as a critical focus area for the Federal Government. It can therefore be fairly deduced that enforcement of the Act will be top of mind for the Government and the Commission.

The Act has further mandated registration for all data processors and controllers within the next six months. Consequently, Businesses operating in Nigeria except where exempt will be required to immediately reposition their protocol of operation to ensure consistent compliance with the Act. Finally, Data Processors and Controllers must keep as top of mind the potential risk of sanctions and criminal liability where they have directly or vicariously violated the rights Data Subjects as guaranteed under the Act.

This Article is written by DealHQ’s Technovation and Data Governance Practice Team, DealHQ is a licensed Data Protection Compliance Organization (DPCO). We understand the importance of safeguarding sensitive data and complying with local and foreign data protection laws applicable to your business to protect your organization’s reputation and mitigate potential cybersecurity or data violation risks which can have significant financial, legal and systemic implications for your Business. Our service niche includes (1) Data Protection/Governance Advisory (2) Data Protection Compliance Support (3) Data Protection Audit Services and (4) Outsourcing of Data Protection Officers.

About DealHQ

We are an Africa Focused deal advisory/boutique commercial law firm focused on supporting businesses and positioning them to operate efficiently within their market sphere. We are known for our quality service delivery which is focused on attention to detail, creativity, timely execution and client satisfaction.

Our service offering includes: corporate commercial, real estate & construction, finance, capital markets & derivatives, mergers and acquisitions, private equity, infrastructure, technovation and data privacy, agriculture & commodities, business formations & start up support amongst others.

The content of this Article is not intended to replace professional legal advice. It merely provides general information to the public on the subject matter.

Do you need to know more about our Data Privacy Services? You may contact our team on:


Telephone: +234 1 4536427 or +234 9087107575

Click here to download article…

[1] Part I Nigerian Data Protection Act, 2023.

[2] Part II and III of the Act.

[3] A Data Controller or Processor domiciled, resident in or operating in Nigeria who processes or intends to process personal data of such number of Data Subject within Nigeria as the Commission may prescribe as being of major importance.

[4] Section 33 of the Act.

[5] Section 29 of the Act.

[6] Section 41 of the Act.

[7] Part IX of the Act.

[8] Part X of the Act.

[9] Sections 47, 48 and 49 of the Act.

[10] Section 51 of the Act.

[11] Section 50 of the Act.

[12] Section 53 of the Act

[13] Section 54 of the Act

[14] Part XII of the Act.

[15] Section 64 the Act.


The open banking ecosystem in Africa has certainly taken flight, with countries such as South Africa, Kenya, Nigeria and Ghana recording unprecedented rate of product development, innovation and adoption across the regions digital financial services market. That said, strengthening financial systems regulation, risk management and financial data governance remain critical to achieving continuous and sustainable growth in the sector. The introduction of Nigeria’s open banking regulations is bold, audacious and enviable. It is expected that its implementation will be strategic and impactful.

Continue Reading



The 2023 “Budget of Fiscal Consolidation and Transition’’ was signed into law on the 3rd of January 2023; at its core, it focuses on maintaining fiscal viability and ensuring a smooth transition for the incoming administration, come May 29, 2023.

President Muhammadu Buhari in his speech at the joint session of the National Assembly on the 7th of October 2022, noted that beyond ensuring fiscal sustainability, his administration will in the new year focus on improving the country’s business enabling environment, accelerate revenue-based fiscal consolidation efforts and strengthen expenditure and debt management.

The 2023 budget proposal was primarily influenced by the Federal Government’s medium-term fiscal outlook which takes into cognizance current fiscal and economic realities such as the continuing global and domestic challenges sparked by recurring COVID-19 spikes, climate change and the impact of Russia-Ukraine War on global economies.  It is therefore anticipated that Nigerian State will grapple the headwinds of low revenue, high inflation, exchange rate depreciation and insecurity.

Key Elements of The Budget: Expenditure Summary

The expenditure policy of the Federal Government for 2023 is designed to achieve the strategic objectives of the National Development Plan (2021 – 2025), which include macroeconomic stability; human development; food security; improved business environment; energy sufficiency; improving transport infrastructure; and promoting industrialization through Small and Medium Scale Enterprises.

The aggregate expenditure (inclusive of GOEs and project-tied Loans) is projected to be NGN 21.83trillion – which is 20% higher than the total expenditure for 2022 (including supplemental appropriations).

  1. Recurrent (non-debt) spending is estimated at NGN8.33trillion, (including NGN200 Billion to fund the Federal Governments social investment programme). Total Recurrent (non-debt) spending therefore amounts to 38.2 % of total expenditure;
  2. Aggregate Capital Expenditure stands at NGN6.46trillion amounting to 30% of total expenditure which is 10% higher than the total Capital Expenditure spend for 2022;
  3. Total Debt Service spend stands at NGN6.31trillion amounting to 29% of total expenditure. This is 71. % higher than 2022 as it includes total interest payment of NGN1.2 trillion on Ways & Means Advances from the Central Bank.

Key Elements of The Budget: Revenue Summary

Total revenue available to fund the 2023 FGN Budget is estimated at NGN11.1 trillion. In aggregate, about 20% of projected revenue will come from oil-related sources, while circa 80% will come from non-oil sources primarily taxes and Government collections.  The Federal Government has therefore developed a robust strategy to enhance collections and widen the tax revenue pool. This includes:

  1. Improving non-oil revenue receipts, tax administration and sustain the effort to expand the non-oil revenue base;
  2. Strengthening tax systems by improving collection efficiency, enhancing compliance, and reorganizing the business practices of revenue agencies by deploying appropriate technology;
  3. Widening the tax net to include businesses in the informal sector;
  4. Introduction of frameworks for recovering duties, taxes and appropriate fees from custom related transactions conducted over electronic networks;
  5. Enhancing port efficiency, strengthen anti-smuggling measures, review of tariffs and waivers and issue of licenses for the development of modern terminals in existing ports, especially outside Lagos:
  6. Enforcing extant laws limiting cost-to-revenue ratio of GOEs to a maximum of 50 percent;
  7. Deploy Technology and ICT solutions needed to enhance revenue collections and compliance;
  8. Improve the performance of GOEs through the effective implementation of the approved Performance Management Framework.

Key Elements of The Budget: Deficit and Deficit Financing

Overall budget deficit stands at NGN10.78trillion (circa 4.78% of GDP) which is to be finance financed mainly through government borrowings from local and foreign sources including multilateral/bilateral loan draw downs and privatization proceeds. Once more this exceeds the threshold set by the Fiscal Responsibility Act however considering the existential security and economic challenges plaguing the Federal Government is compelled to increase its overall fiscal expenditure.


The Nigerian Finance Bill 2023 has been passed by both legislative houses but is yet to be assented to by the President. At the presentation of the budget by the Minister of Finance on 4th of January 2023, the Honourable Minister stated that the delay in the passage of the bill was as a result of the ongoing vetting and approval process from key stakeholders. it is anticipated that the bill which has now completed its legislative approval cycle will get executive assent any time now.

The Finance Bill amongst other things amends the: Capital Gains Tax Act (CGTA), Companies Income Tax Act (CITA), Customs, Excise Tariff, Etc. (Consolidation) Act, Personal Income Tax Act (PITA), Petroleum Profits Tax Act (PPTA), Stamp Duties Act (SDA), Value Added Tax Act (VATA), Corrupt Practices and Other Related Offences Act and Public Procurement Act.

The table below details the key changes in law effected via the Bill.



As is typical of this administration, the Federal Government kept to its commitment to pass and commence implementation of the Appropriation Act in a timely fashion even though the complementary Finance Bill suffered a delay snag. Generally due to the change of administration anticipated at around mid-year 2023, it is expected that supplementary appropriation laws will be passed to align the Appropriation Act with the Economic and Fiscal Policy of the incoming administration.  Furthermore, gleaning from the posture of the Federal Government and the spirit and letter of the budget it is expected (at least for the first half of the year) that:

  1. More incentives and tax holidays for players in the renewable energy sector will be implemented in line with the Federal Government’s intention to encourage domestic and industrial adoption of renewable energy alternatives.
  2. More repeals and cancellation of tax benefits and incentives;
  3. More effort to promote, incentivize and adopt technology and innovation;
  4. Fiscal instability, slow growth, food crisis, and high interest rates are likely to continue into 2023 as the underlying causes such as Russia-Ukraine war and the Covid-19 crises are yet to abate;
  5. Likely removal of fuel subsidy after the expiration of the extension will potentially increase the cost of living and doing business in Nigeria;
  6. Federal Government will drive revenue generation and tax collection aggressively;
  7. Increased government borrowing may provide short-term relief but lead to negative impacts such as higher interest rates, inflation, and shrinking disposable income in the long term;
  8. Federal Government will pass and effect the enforcement of the Finance Bill.


Do you need to know more about the Appropriation Act? Our Finance team is available to support you.

You may contact our team on: Email: Telephone: +234 1 4536427 or +234 9087107575

Click here to download PDF

Season 2 Episode 1- The Appropriation Act 2023: Key Implication for Nigerian Businesses

Simply is a sponsored podcast of DealHQ Partners, where we engage thought leaders on trending issues around law and business in the most simplistic manner.
Altis Fitness Club – Gyms Fitness Italy buying legal oxandrolone online in 2 jk fitness diamond smith machine professional
On the first episode of Season 2, Our Tosin Ajose leads Mr. Opeyemi Agbaje, the Founder and CEO of RTC Advisory Services Ltd – a leading strategy and business advisory firm, in a conversation on the recently enacted 2023 Appropriation Act. The conversation bothers on the key elements of the expenditure and revenue summary, Nigeria’s ballooning public debt profile, and the potential impact of the 2022 finance bill on Nigerian businesses.

Listen here:


DealHQ Partners Law Undergraduate Essay Competition 2023

The 2023 DealHQ Partners Law Undergraduate Essay Competition is now open to 200 – 500 level law undergraduates across all Nigerian Universities.

Qualified candidates are required send in their submissions on or before 15th of March 2023 to

To participate, Candidates must:

  1. Be a law student between 200-500 level in a Nigerian university with a valid student identity card;
  2. Follow all DealHQ Partners’ social media Pages (LinkedIn, Instagram, Twitter, Facebook, YouTube);
  3. Submit an essay in word and pdf format on the topic “Nigeria’s Climate Action Strategy: How Policy and Regulation will enable Nigeria’s journey to achieving sustainable economic development and its proposed 2060 Net Zero target”
  • Maximum of 2500 words (excluding infographics, graphs or charts which may be included to reinforce your thoughts or related data)
  • Font: Candara
  • Font size: 12
  • Line spacing: single
  • Alignment:  all text must be justified
  • Data references must be from verifiable sources
  • Essay must be marked with candidate’s full name (as seen on Student ID Card) and Matriculation Number
  1. Send entries accompanied with a scanned copy of student ID and social media handle to: on or before 15th of March 2023.
  • Top 20 entries will make it to the Pre-Qualification stage
  • Top 10 entries will make it to the Formal Review stage
  • Top 5 entries will make it to the Final Presentation/Award stage
  • Winners will be announced in April 2023

*Strict adherence with submission guidelines is required, Defective submissions will be disqualified.

Season 1 Episode 11 – Financial Technology – Bridging Africa’s Financial Exclusion Gender Gap through Social Innovation

Simply is a sponsored podcast of DealHQ Partners, where we engage thought leaders on trending issues around law and business in the most simplistic manner.

On Episode 11, our final episode in Season 1, our Orinari Horsfall is joined by Solape Akinpelu, a Certified Financial Education Instructor and Co-founder of HerVest, Nigerian based fintech company pioneering inclusive finance for African women, in a conversation on gender based financial exclusion in Africa. Specifically, the conversation discusses the effect of highlights the impact of gender based exclusion on Africa’s development and economic prosperity and the role that HerVest and other social innovators in Africa are playing in tackling issues around access to finance for African Women.


Listen here:




The Covid-19 pandemic and the resultant lockdown triggered significant changes in the payment industry. Specifically, it amplified the need for contactless payment and ushered in a wave of unprecedented innovation and product development in the payment industry globally.

Given the record traction in the Nigerian payment market; the Central Bank of Nigeria (CBN), recognizing the need for a tailored regulatory framework to support the burgeoning sector growth, in January 2021, issued the Framework for Quick Response (QR) Code Payment; and more recently, in October 2022, released the Exposure Draft of the CBN Guidelines for Contactless Payment in Nigeria.

The Guideline defines contactless payment as: “the consummation of financial transaction without physical contact between payer and the acquiring device(s)”. This means that secure payments can be made with tags, debit/credit cards, smart cards, mobile and other devices that use Near-Field Communication (NFC), Radio Frequency or QR Codes.

In a bid to preserve the integrity, safety and stability of the Nigerian financial system and to facilitate the safe and secure use of Contactless payment, the Guideline amongst other things provides for:
i. the roles and responsibilities of various stakeholders within the contactless payment eco- system;
ii. the minimum standard/specification for all contactless payment terminals, applications, and processing systems;
iii. guidelines for the provision of Value-Added Services; and
iv. the power of the CBN to prescribe and enforce sanctions and penalties for breach of the Guideline.


The Guideline clearly articulates the role and responsibilities of the various stakeholders in the contactless payment eco-system, prescribing standards and specification for all forms of market technology and systems whilst also prescribing processes and principles that will govern their relationship with each other.

A.  Acquirers
An Acquirer is a CBN-licensed institution that facilitates the acceptance of payments from customers to merchants through contactless payment devices such as Point of Sale Terminals (POS), Mobile Applications, and QR Codes amongst others. An Acquirer will typically be the account bank of a merchant who is utilizing the contactless payment system for fee collection from its customers.
The guideline requires all Acquirers to:
i. ensure that all deployed contactless payment devices deployed are certified by CBN and meet prescribed specifications/standards.
ii. operate an agnostic acceptance policy such that all cards, capable of contactless payment, issued in Nigeria shall be accepted irrespective of the issuer.
iii. conduct customer KYC (Know Your Customer) and train Customers compliance with applicable Regulations.
iv. take measures to prevent the use of their networks and devices in violation of Anti-Money Laundering Laws.
v. execute a Contactless Payment Agreement with all Customers prior to granting access to the Acquirer’s contactless payment platform.

In a bid to protect unwary or naive customers from the perpetuation of fraud, the guideline restricts Acquirers from admitting or profiling agent banking terminals operators to its Platform or facilitating contactless transactions on their behalf.

B. Issuers
Like the Acquirers, only CBN-licensed institutions are permitted to act as Issuers for contactless payments. An Issuer is responsible for issuing contactless payment enabled cards, tags, or mobile applications to consumers (consumers being people who procure cards, tags, tokens or contactless payment enabled mobile apps to facilitate payments to merchants or other service providers. Examples of CBN-licenced institutions in Nigeria that already issue contactless payment enabled cards and devices include the First Bank of Nigeria, United Bank for Africa, and Providus bank. These cards have embedded Radio Frequency Identification (RFID) technology which communicates with card readers to enable payment transfers. Issuers are required to ensure, that all tokens and devices issued by them for payment by Customers meet prescribed standards and specifications. Furthermore, Issuers are required to obtain and properly document Customer’s consent prior to enabling Customer’s device for contactless payment. Specifically, the guideline prohibits unsolicited activation of contactless payment service on any payment enabled device owned by any Customer. Relatedly, prior to activating contactless payment service for any Customer, an Issuer is required to verify and identify such Customers by his/her Bank Verification Number (BVN).

C. Payment System and Card System Administrators
Payment/Card System Administrators are operators of card and payment systems (such as Mastercard, Visa, Remita, and Flutterwave). Whilst Issuers are responsible for issuing cards and other enabled devices to Customers, the Payment/Card System Administrators oversees the administration and use of issued cards for payment. Payment System and Card System Administrators are required to comply with the Guideline generally and act in accordance with prescribed processing specifications whilst ensuring that their systems and schemes are interoperable.

D. Switching Companies
Switching Companies are CBN-licensed institutions that oversee the routing of transaction data, interbank payment clearing and settlement, payment authentication and authorisation and risk management. The Nigeria Interbank Settlement System (NIBSS) is the Central Switch for the Nigerian Financial Market. Other than the NIBSS; Interswitch, eTranzact, and Flutterwave are some of the other licensed Switching Companies. The Guideline mandates Switching Companies to ensure that contactless transactions via approved payment instruments issued in Nigeria are successfully switched and to undertake periodic risk assessment to mitigate against money laundering and financing terrorism within the system.

E. Payment Terminal Services Providers
Payment Terminal Service Providers are CBN-licenced institutions that deploy contactless payment enabled Payment Terminals (Point of Sale Terminals) for use within the financial ecosystem. Payment Terminal Services Providers are by the Guideline, required to assure the quality and functionality of all contactless payment enabled terminals issued by them through optimal maintenance, availability of a 24/7 support infrastructure. It is recommended that response time for repair or replacement should not exceed 48 hours from the time of escalation.

F. Payment Terminal Service Aggregator
A Payment Terminal Service Aggregator (“PTSA”) oversees the interconnectivity of all payment terminals deployed with the Nigerian Payment Ecosystem. The Nigeria Interbank Settlement Scheme is the sole PTSA in Nigeria. It ensures that all terminals used in the e-payment ecosystem and all devices deployed in Nigeria are brand-agnostic and would accept all cards issued by any bank or other licensed card schemes without discrimination. NIBSS ensures the standardization of technical and operational specifications of all devices deployed within the Nigerian financial system. The Guideline requires the PTSA to certify that all Point-of-Sale terminals used for contactless payment meet required standard for the payment industry. It is also required to implement a documented risk management process to identify threats before, during and after all payment transactions.

G. Merchants
These include businesses (large institutions or SMEs), that employ contactless payment devices as a means of receiving payment from customers. Merchants are by the Guideline, required to ensure that devices deployed for contactless payments are of the required specification, they are also required to exercise due diligence in effecting all payment transactions as they remain liable for any fraud resulting from negligence or connivance during a contactless payment transaction.

The Guideline further, requires all merchants who accept contactless payments to display the contactless payment symbol visibly in their location. They are also required to undertake second level authentication for transactions of a value which is higher than the stipulated limit per day via the customer’s Personal Identification Number (PIN) OR token code.

H. Customers
A customer is anyone making payment through a Contactless payment method. The Guideline requires Customers to exercise due diligence during contactless payment transactions whilst leaving them in full control to opt-in or out of any contactless payment service.

Prior to the release of the Draft Guideline, the only existing regulation in the contactless payment ecosystem was the Framework for Quick Response (QR) Code Payment in Nigeria, January 2021 (“Framework”). The Exposure Guideline is therefore a solid improvement on the hitherto QR Code Framework as it specifically sets out market requirements for the use and operation of all forms of contactless payment technology.

Apart from the wider scope of the Guideline, the general adoption of contactless payment will have an overall far-reaching effect on the economy as it will create a smarter, faster, more efficient and easy-to-use mode of payment which requires less manpower. It will also promote health and safety and reduce potential disease transmission at points of sale.

It is also necessary to mention that the posture of the Guideline is generally User-Centric, as the CBN mandates that use of contactless payment service must be elective whilst holding all participants within the value chain to regulatory service levels.

Without doubt, the benefit of the Guideline is enormous, yet a big impediment remains the introduction of transaction limit for contactless transactions, the Exposure Draft specifically provides for a NGN5000 (five thousand naira) transaction limit for a single transaction and a cumulative daily transaction limit of NGN30,000 (thirty thousand naira) per User. Transactions that fall outside this limit require an additional layer of authentication. Whilst the intention of the limit is noble and driven by the need to protect Users from significant impact should fraud, theft, impersonation, funds misappropriation occur; the threshold seems too low considering commercial realities in present day Nigeria. To guarantee that the contactless payment system remains a viable alternative for users therefore, it is imperative for the CBN to consider an upward review of the prescribed limit.

Finally, the Guideline envisages growth and innovation in the contactless payment ecosystem and therefore provides a protocol for innovative use cases. Where any stakeholder intends to offer novel or value-added service falling within the contactless payment niche, it is required to procure and obtain the prior approval of the CBN.


Contactless payment is fast becoming a preferred mode of payment across the Globe. UK Finance magazine reports that contactless payments accounted for over a quarter of all payment transactions in the United Kingdom in 2021. It is therefore expected that the introduction and implementation of the Guideline, shall in days to come foster public trust, deepen the contactless payment eco-system and consequently accelerate the speed of its adoption in Nigeria.


Season 1 Episode 10 – Anniversary Special: DealHQ Partners 4 years of enabling Businesses in Africa

Simply is a sponsored podcast of DealHQ Partners, where we engage thought leaders on trending issues around law and business in the most simplistic manner.

On Episode 10, we are joined by our Lead Advisor and founding partner – Tosin Ajose who takes us on a journey down memory lane. She shares insights on the Firms values, foundational goals, the challenges of starting up and building a sustainable legal enterprise, and the Firm’s unique winning culture.


Listen here: