Nigeria’s telecoms regulator has published proposals to require all mobile network operators to give subscribers at least 14 days’ notice before deactivating inactive SIM cards — and to feed the records of every churned and recycled number into a centralised database that Nigeria’s financial regulators can query in real time.

The Nigerian Communications Commission published a consultation paper on February 26, 2026 setting out the rules for TIRMS — the Telecoms Identity Risk Management System. The platform has already been built and tested with telecom operators. Stakeholder comments close March 20, and the NCC is expected to launch TIRMS shortly after.

The Recycled SIM Problem

When a Nigerian telco deactivates a SIM for inactivity and reassigns that number to a new subscriber, the new holder inherits a significant risk window. Nigerian banks permit USSD-based transactions — initiated by dialling from a registered number — without requiring a PIN, because the system treats calling from the registered line as implicit authentication. A new SIM owner can initiate transfers from the previous holder’s account simply by dialling the bank’s USSD code.

One-time passwords sent by SMS are equally vulnerable: they arrive on whichever handset currently holds the SIM. A recycled number gives its new owner access to OTPs for bank accounts, investment platforms, and mobile wallets linked by the previous subscriber — without any action on their part.

The NCC estimates fraud losses attributable to SIM recycling and related mobile identity exploits at ₦6.5 billion in 2025. There is currently no mandatory quarantine window blocking OTPs during number reassignment and no public registry of recycled numbers for financial institutions to consult before processing transactions.

What TIRMS Requires

Under the proposed rules, operators must notify subscribers via an alternative phone number or email at least 14 days before deactivating their SIM for inactivity. After deactivation, operators must upload the churn record to TIRMS within seven days.

The TIRMS database will track four SIM states: churned, recycled, SIM-swapped, and barred. The Central Bank of Nigeria, the Securities and Exchange Commission, pension regulators, the National Identity Management Commission, and security agencies will have controlled access to query number status — allowing them to flag when a phone number linked to a financial account has recently changed hands.

The NCC says TIRMS will provide “a uniform approach for all sectors in relation to the integrity and utilisation of registered MSISDNs on the Nigerian Communications network.”

Context: Nigeria’s Mobile Identity Tightening

TIRMS is the latest in a series of moves by Nigeria’s financial and telecoms regulators to close mobile-number-as-identity vulnerabilities. The CBN last week mandated real-time biometric liveness verification for all account openings — tying account creation to a biometric record rather than a phone number alone. On March 13, the CBN separately restricted BVN-linked phone number changes to once per lifetime, limiting the window in which a SIM swap can be used to redirect banking OTPs.

Together, the three measures — liveness checks at onboarding, BVN phone number lock, and TIRMS recycled-number visibility — address the same underlying problem from three directions: at account creation, at identity re-linking, and at the network layer. Nigeria’s regulatory stack for mobile identity fraud is materially closer to closure than it was a month ago.

Stakeholders can submit comments on the TIRMS consultation via the NCC’s website at ncc.gov.ng until March 20, 2026.