Nigeria’s telecoms regulator has crossed a line most African countries have not. As of late March 2026, the Nigerian Communications Commission’s Telecoms Interference Reporting and Management System — TIRMS — is operational: a real-time database that licensed operators must use to flag and share scam numbers across all four mobile networks simultaneously. MTN Nigeria, Airtel Nigeria, Glo, and 9mobile are all enrolled. The NCC calls it the first national real-time scam-flagging infrastructure on the continent. The problem is that it was built entirely separately from the Central Bank of Nigeria’s own real-time fraud architecture, which is also going live this quarter — and the two systems share no common interface, no shared dataset, and no coordinated enforcement trigger.

TIRMS’s mandate is specific: licensed telcos must report fraudulent or suspicious numbers to the NCC’s central database within defined timeframes, and subscriber-facing scam alerts are to be surfaced before a call connects. The mechanism allows an operator to flag a number as a known scam source; that flag propagates across the network, meaning a Glo subscriber calling a number already flagged by MTN’s fraud team sees the alert before answering. In theory, it closes the arbitrage that has allowed fraud actors to migrate between operators after being identified by one.

What TIRMS Does — and Doesn’t Do

The operational details matter. TIRMS is a telecoms-layer system: it works at the point of call initiation, not at the point of financial transaction. It can flag a number before a subscriber answers. It cannot stop a payment that originates from a different channel — a web session, a USSD transaction, a mobile banking app. This is where the architecture gap with CBN becomes acute.

The CBN’s AI-powered AML baseline mandate, which took effect for Tier 1 banks in Q1 2026 and extends to all licensed institutions through 2026, operates at the transaction layer. Banks must implement machine-learning fraud detection that flags anomalous transactions in real time. But the CBN system uses account identifiers — BVNs, account numbers — not phone numbers. A fraud actor using a SIM that TIRMS has flagged as suspicious would not automatically trigger the CBN’s bank-level detection unless the bank separately maps that phone number to a BVN record and builds its own cross-reference.

“The phone number is the actual attack surface,” said Gbenga Adeyinka, a cybersecurity analyst at Cybervergent, the Lagos-based firm that raised $3 million in Q1 2026. “SIM-swap fraud, OTP interception, vishing — they all begin with the phone number. TIRMS addresses that layer. The CBN system addresses the financial transaction layer. If those systems were exchanging data in real time, you would close the gap between the two. Right now, that exchange doesn’t exist.”

The Enforcement Gap

Beyond the technical architecture problem, the enforcement mechanisms for each system run through different channels with different incentives.

Under the NCC mandate, operators that fail to report fraudulent numbers or that fail to surface TIRMS flags to subscribers face licence-level sanctions. The NCC has demonstrated willingness to impose significant fines in recent years: MTN Nigeria alone has received over N1 trillion in regulatory penalties since 2015 across various NCC enforcement actions, though most were later reduced on appeal. The enforcement posture is credible enough that all four major operators enrolled in TIRMS before the March deadline.

The CBN’s AML mandate carries its own penalty framework through the Financial Institutions Training Centre and NFIU reporting requirements. But a bank that successfully detects a CBN-layer fraud has no automated channel to report the phone number used in the transaction to TIRMS. The reverse is also true: an NCC-registered scam number would not be propagated to bank fraud detection systems without manual intervention.

The coordination failure is structural. The NCC and CBN have overlapping jurisdiction over mobile money, USSD financial services, and the increasing integration of telecoms infrastructure with fintech payment rails. But they operate under different legislation — the Nigerian Communications Act and the Banks and Other Financial Institutions Act — with no joint operational committee for fraud infrastructure standards. The gap this creates is exploitable.

What Operators Are Doing

For Nigeria’s four licensed mobile operators, TIRMS compliance means building or integrating a reporting pipeline to the NCC’s central database. Industry sources indicate that all four enrolled before the March 27 activation deadline, but the quality of initial data pipelines varies. Real-time flagging at scale requires continuous feeds from fraud operations teams, which smaller operators like 9mobile — under financial pressure through 2025 and 2026 — are less well-resourced to maintain.

MTN Nigeria, which operates Nigeria’s largest mobile money product (MoMo) and has the most developed fraud operations infrastructure, is best positioned. Airtel Nigeria, whose parent Airtel Africa has been building cross-market fraud infrastructure since its Osusu money service rollout, is also well-resourced. The system is only as strong as the operator feeding the least data into it.

The Coordination Ask

The question now is whether the NCC and CBN will move toward interoperability. There is precedent for joint NCC-CBN action — the two regulators co-issued guidance on USSD billing disputes in 2020 and have coordinated on mobile money licensing frameworks. But operational data-sharing in real time between a fraud flag database and a bank AML system is a different order of integration: it requires joint standards on data format, legal frameworks for sharing personally identifiable subscriber data, and agreed protocols for what a bank does when it receives a TIRMS flag.

Neither regulator has publicly committed to building that bridge. TIRMS is the NCC’s system. The AI AML baseline is the CBN’s mandate. Until there is a common API or a joint supervisory body with the authority to mandate interoperability, Nigeria will have two of the most sophisticated real-time fraud systems in Africa that cannot see each other’s data.

That is better than most African markets have. It is not as good as a coordinated system would be.

Related coverage: Nigeria’s NCC Proposes 14-Day Notice Before SIM Deactivation — and a New Database to Kill Recycled-Number Fraud (BETA-661) · CBN AI/AML Mandate Triggers African RegTech Gold Rush (BETA-1074)