On March 12, 2026, the Central Bank of Nigeria issued a circular that will force every bank, neobank, digital lender, and payment service provider in the country to rearchitect its account opening and device onboarding flow. The deadline is July 1, 2026 — 110 days away.
The directive mandates that all new account openings and reactivations must include biometric liveness verification, validated in real time against the Bank Verification Number (BVN) or National Identity Number (NIN) database. The CBN has also introduced a ₦20,000 transaction cap — on both inflows and outflows — for the first 24 hours after any new mobile banking application is activated.
Both measures target the same threat: the growing industrialisation of synthetic identity fraud in Nigerian digital banking.
What the Directive Requires
The circular, addressed to banks, fintechs, and payment service providers, sets out three core technical requirements:
1. Real-time liveness verification
Every account opening and reactivation must include a liveness check — a biometric test that uses facial recognition and optical character recognition (OCR) to confirm that the person completing onboarding is physically present and matches their registered identity. The liveness signal must be validated against the BVN or NIN database in real time, not through asynchronous batch processing.
2. BVN/NIN database cross-match
The verification must run against the Nigeria Inter-Bank Settlement System (NIBSS) biometric infrastructure, which holds enrolled BVN and NIN records. Institutions cannot rely solely on document scanning or third-party identity providers unless those providers have an approved, live connection to the NIBSS database.
3. First-24-hour transaction limits on new devices
Any newly activated mobile banking application — regardless of account age — will be subject to a ₦20,000 cap on both inflows and outflows for the first 24 hours. This cap applies at the device level, not the account level: a customer who activates a banking app on a new phone will face the limit even if their account is years old.
Why July 1 Is a Hard Deadline for Product Teams
For consumer fintechs, this is not a compliance filing exercise. It requires changes to the core account opening flow — the sequence of screens, API calls, and identity checks that onboard every new user.
Most Nigerian fintechs currently offer tiered KYC: a basic tier that permits account opening with just a phone number and BVN number, and higher tiers that require document uploads or in-person verification for higher transaction limits. The CBN’s new directive creates a minimum floor: real-time liveness verification is now mandatory at entry-level account opening, not just for elevated tiers.
The implications for conversion rates are material. Biometric liveness checks add time and friction to onboarding — and on mobile, each additional step reduces completion rates. Fintechs that have optimised account opening flows for speed will need to balance the compliance requirement against user experience.
The ₦20,000 daily device activation cap creates a separate product consideration. For a neobank offering instant transfers, the cap means that any customer switching devices — upgrading a phone, resetting an app, reinstating after a lockout — faces a 24-hour reduced functionality window. Customer service teams should expect a spike in complaints from users unaware of the new limit.
The Identity Infrastructure It Depends On
The directive’s real-time database cross-match requirement puts significant load on NIBSS — the central clearing institution that hosts Nigeria’s BVN and NIN biometric data. If every new account opening now requires a live API call to NIBSS, the system must be able to handle the concurrent volume from all institutions simultaneously.
NIBSS has been scaling its infrastructure progressively as CBN digital identity requirements have expanded, but the liveness check mandate is likely the largest single demand placed on the BVN/NIN database in terms of transaction frequency. Institutions should test NIBSS API response times under peak load conditions before July 1.
The directive also creates a compliance dependency on a government-operated infrastructure. If NIBSS experiences downtime or API latency, affected institutions face a dilemma: pause account opening entirely (creating customer impact) or proceed without the required verification (creating regulatory exposure). Institutions should seek explicit CBN guidance on acceptable fallback procedures before the go-live date.
Who Is Affected — and How Differently
Commercial banks already have extensive KYC infrastructure. For them, the liveness check is largely an upgrade to existing digital onboarding flows, with NIBSS integration likely already in place for some verification steps. The primary cost is technical integration and potential UI redesign.
Digital-only banks and neobanks (Kuda, Moniepoint, OPay, Palmpay and their peers) face the highest operational impact. Their core competitive advantage is frictionless onboarding — account opening in minutes, no branch visit required. Adding a mandatory liveness check that depends on NIBSS response time changes their product architecture. Institutions with in-house engineering teams can rebuild; smaller fintechs may need to engage third-party identity verification vendors (Prembly, Seamfix, Smile ID, VerifyMe) who already have NIBSS-connected liveness check products.
Payment Service Providers that do not currently hold customer accounts but issue wallets or stored value instruments are also in scope. For these entities — many of whom operate under lighter-touch CBN licences — implementing a full liveness check may require infrastructure investment they have not yet budgeted.
Digital lenders offering loan products through app-only channels face a compounded challenge: their existing onboarding may already include credit bureau checks and BVN validation, but the liveness requirement adds a live biometric step that not all current stacks support.
The Fraud Context
The CBN’s motivation is not abstract. In 2025, Nigeria’s banking sector experienced a significant rise in account takeover fraud and synthetic identity-based account creation, driven partly by the widespread availability of stolen BVN data and the industrialisation of document forgery tools. A fraudster with a valid BVN and a fake ID document can currently pass many existing onboarding flows.
Liveness checks solve a specific problem: they verify that the person completing onboarding is physically present and matches the BVN/NIN biometric record, not just that they know the right numbers. Synthetic identities — assembled from real identity data but operated by fraudsters — cannot pass a real-time liveness check against a biometric database.
The ₦20,000 first-24-hour cap addresses a complementary vector: SIM-swap and device hijacking attacks, where a fraudster who gains access to a new device immediately attempts to move funds before the account holder notices. A 24-hour delay window limits the damage window for device-level compromise.
What Institutions Should Do Now
Immediate (this week):
- Audit your current account opening and reactivation flows to identify where liveness verification is absent
- Engage your NIBSS integration provider (or a third-party vendor) on the timeline for real-time BVN/NIN liveness API access
- Notify product and engineering teams: July 1 is a hard compliance deadline, not a target
Short-term (by end of April):
- Test liveness check integration in staging environments
- Request CBN guidance on acceptable fallback procedures for NIBSS downtime scenarios
- Design user communication for the ₦20,000 device activation cap (in-app notifications, support FAQ updates)
Pre-go-live (May–June):
- Load-test NIBSS API integration under expected peak transaction volumes
- Complete UAT and compliance review
- Ensure your compliance team can produce evidence of implementation for CBN’s post-deadline examination
The Bottom Line
The CBN’s liveness check directive is a technical mandate with a consumer protection rationale and a hard deadline. For Nigerian fintech product teams, the question is not whether to comply — it is how to integrate a real-time biometric requirement into flows designed for speed, without losing the acquisition advantage that digital onboarding provides. July 1 does not move.
BETAR.africa tracks regulatory developments across all 54 African nations. Sources: CBN circular (March 12, 2026); TechCabal (March 13, 2026); Nairametrics; Prembly; Seamfix; NIBSS. Related: BETA-555 (CBN AI in AML), BETA-321 (Nigeria NCC Telecom Policy Overhaul), BETA-610 (NCC/CBN Joint Refund Framework).
UphivaBETAR
