QBy Chibuike Njoku & Ndu Nwokolo
Fintech, or financial technology, is applying advanced digital solutions to enhance financial services. It encompasses innovations such as mobile banking, digital payment systems, and online lending platforms, all designed to streamline financial transactions and improve accessibility. By leveraging sophisticated software, artificial intelligence, and data analytics, fintech disrupts traditional banking models, enabling businesses, individuals, and consumers to manage their financial activities through computers and mobile devices efficiently.
Nigeria’s fintech industry has experienced remarkable growth, driven by a young, tech-savvy population, increased smartphone usage, and an evolving regulatory environment. Fintech startupsgrew from 144 in 2021 to over 217 in 2024, reflecting rapid expansion. The widespread adoption of mobile money and digital payments has boosted financial inclusion, entrepreneurship, and innovation. Fintech solutions have enhanced transaction efficiency, improved credit access, and contributed to economic dynamism. Notably, the alternative lending market is projected to grow by 34.8% annually, reaching $230.9 million in 2024.
However, the rapid growth of fintech in Nigeria has raised gravenational security challenges. While technology-driven financial services offer numerous benefits, they have also created vulnerabilities that cybercriminals and illicit actors can exploit for fraud, money laundering, cyberattacks and kidnapping for ransom (KFR). Notably, in early 2023, cybercriminals targeted three Nigerian financial institutions, resulting in losses exceeding ₦5 billion. The rise of cryptocurrencies has further complicated Nigeria’s regulatory landscape. Despite a Central Bank of Nigeria (CBN) ban on banks transacting with crypto entities, digital currencies remain widely used, with 33.4 million Nigerians investing in digital assets within six months. For instance, the National Bureau of Statistics (NBS) reported that kidnapping ransom of ₦2.2 trillion was paid in twelve months, and many of such transactions were made via a POS (Point of Sale) machine. This rapid adoption challenges regulators in curbing illicit financial activities.
This edition of the Nextier SPD Policy Weekly examines the complex interplay between fintech and national security in Nigeria. It highlights the critical challenges fintech companies face in safeguarding the financial ecosystem and explores strategies to mitigate security risks while fostering a resilient and well-regulated fintech sector.
The Ostrich Effect: Ignoring the Risks
The rapid expansion of Nigeria’s fintech sector has transformed the financial landscape, driving financial inclusion, digital innovation, and economic growth. However, the industry faces significant security risks that remain largely unaddressed alongside these advancements. Regulatory gaps, cybersecurity threats, illicit financial flows, and data privacy concerns pose serious national security and economic stability challenges.
The regulatory approach towards the fintech industry in Nigeria is multifarious. This is evident from the fact that no single regulatory authority is assigned to it. It is being regulated by several agencies in Nigeria, which could be attributed to the fact that fintech activities often cut across several transactions, which often crisscross into several areas controlled by several other government-established institutions. The central regulatory bodies in the fintech sector include the Corporate Affairs Commission, Central Bank of Nigeria, Securities and Exchange Commission, Nigerian Communications Commission, National Information Technology Development Agency, National Insurance Commission, Federal Competition and Consumer Protection Commission, Federal Inland Revenue Service, Nigerian Data Protection Commission and National Office for Technology Acquisition and Promotion. The extent to which any of the listed institutions/bodies will be involved with any fintech will depend on the kind of transactions or activities in which the fintech is engaged. This fragmented approach results in regulatory overlaps and ambiguities, hindering adequate supervision and compliance.
Nigeria ranks among the top African nations facing cyber threats. According to the African Cyberthreat Assessment Report 2023 by INTERPOL, Nigeria recorded 5,366 detectionsof malicious software, placing it among the most affected countries on the continent. Regarding financial losses, reportshave shown that financial institutions in the country suffered losses amounting to ₦52.26 billion due to fraud in 2024. Similarly, hacking and phishing are prevalent cyber threats in Nigeria. A 2023 survey revealed that 61% of Nigerian respondents encountered phishing scams while using online banking or mobile wallet services. The lack of robust cybersecurity frameworks exacerbates these threats, leaving many financial institutions vulnerable.
The rapid adoption of fintech platforms, particularly those facilitating cryptocurrency transactions, has introduced new challenges in combating money laundering and terrorism financing. The inherent characteristics of digital transactions—such as speed and a degree of anonymity—pose significant obstacles to effective monitoring and regulation. However, the challenges Nigeria faces are not unique. Globally, there is growing concern over the use of cryptocurrencies for illicit purposes, including terrorism financing. For instance, reportshave highlighted how terrorist organisations have attempted to leverage cryptocurrency for fundraising, prompting international efforts to enhance regulatory frameworks. In many major cities in Nigeria, the growth and success of ‘one chance’ kidnappingsyndicates have been aided by the availability and efficiency of POS machines. With the machines, the criminals are able to wipe out money in the account of the kidnapped victims in minutes once they get hold of the victim’s ATM (automated teller machine) card and Personal Identification Number (PIN).Most of the POS machines used are from the new Fintech banks.These crimes have persisted even though all bank accounts are required to be connected to the Bank Verification Number. This brings to light a bigger issue: despite telephone numbers being linked to an individual’s National Identification Number (NIN) and bank account, it remains impossible to trace, name or block accounts when crimes are committed.
The proliferation of cryptocurrencies has introduced unregulated financial activities into Nigeria’s economy, presenting challenges to economic stability and regulatory oversight. In February 2025, Nigeria’s Federal Inland Revenue Service (FIRS) filed a lawsuit against Binance, the world’s largest cryptocurrency exchange, seeking $79.5 billion in economic damages and $2 billion in back taxes, alleging tax evasion and economic harm.The legal action against Binance highlights regulators’ complexities in managing unregulated digital currencies.
The proliferation of unregulated digital lending platforms has led to predatory lending practices and significant data privacy violations. These unscrupulous loan applications exploit consumers by imposing exorbitant interest rates and mishandling personal data, resulting in financial distress, identity theft, and erosion of trust in the financial system. Many digital lenders operate without proper regulation, offering short-term loans with excessive interest rates and hidden charges. These practices often trap borrowers in cycles of debt, exacerbating their financial instability. Investigations have revealed that some loan providers resort to unethical recovery methods, including public shaming and harassment of borrowers and their contacts.
National Security Implications of Weak Fintech Regulations in Nigeria
Nigeria’s burgeoning fintech sector has significantly enhanced financial inclusion and economic growth. However, inadequate regulatory oversight poses substantial national security risks.This includes threats to financial stability, digital crime networks, international implications, and economic and social consequences.
Unregulated fintech firms may engage in high-risk activities without sufficient oversight, potentially leading to systemic risks. The International Monetary Fund (IMF) highlighted that the swift growth of digital banks, or “neobanks,” into riskier business segments and inadequate regulation can introduce vulnerabilities into the financial system. These vulnerabilities include higher risk-taking in loan originations without appropriate provisioning and underpricing of credit risk.
Digital crime networks operate through various means, including phishing, identity theft, and unauthorised transactions, often leveraging gaps in regulatory oversight. In the first eight months of 2023, reports showed that three prominent Nigerian fintech companies collectively suffered losses exceeding ₦5 billion (approximately $6 million) due to hacking incidents. Notably, Flutterwave experienced a security breach resulting in the theft of ₦2.9 billion (around $3.7 million).
The inherent security vulnerabilities within the fintech sectorhave far-reaching international consequences, particularly when compounded by systemic corruption and porous borders that facilitate illicit financial flows and support extremist groups like Boko Haram. These cybersecurity breaches extend beyond national borders, affecting international stakeholders and compromising the integrity of global financial systems. For instance, a recent operation in Lagos led to the arrest of 792 individuals involved in sophisticated romance and cryptocurrency frauds targeting victims in the United States, Canada, Mexico, and Europe. The operation uncovered a vast call centre with teams working in shifts, highlighting the scale and organisation of such fraudulent activities.
Systemic corruption and inadequate border control exacerbate Nigeria’s fintech security challenges. The country’s porous borders have been linked to various security issues, including arms smuggling and the movement of extremist elements. These vulnerabilities facilitate illicit funds’ flow, undermining national and international security. The lack of stringent regulatory oversight in the fintech sector further compounds these issues. Weak enforcement of anti-money laundering (AML) and counter-terrorism financing (CTF) regulations allows illicit financial activities to thrive, posing significant risks to the global financial system.
A lack of robust regulatory frameworks can deter both domestic and foreign investment. Investors seek stable and predictable environments; regulatory ambiguities or deficiencies can lead to higher risk perceptions, thereby reducing investment inflows. Reports have shown that Nigeria’s foreign investment inflows have remained below US$1.5 billion per annum, at US$468 million in 2022, compared to US$11.4 billion in Egypt during the same period. This disparity is attributed to structural factors, including infrastructural deficits, policy inconsistency, and insecurity, which create an unfriendly business and investment climate.
Recommendations for Strengthening Fintech Security in Nigeria
A comprehensive and proactive approach is required to mitigate security risks in Nigeria’s fintech sector. The following policy recommendations outline key measures to strengthen fintech security, enhance consumer confidence, and ensure financial stability.
I. Strengthening Regulatory Frameworks: The Nigerian government must establish clear, enforceable, and adaptive fintech regulations that address emerging risks while promoting innovation. Regulatory bodies such as the Central Bank of Nigeria (CBN), the Securities and Exchange Commission (SEC), and the Nigerian Financial Intelligence Unit (NFIU) should collaborate to create policies that ensure compliance with international financial security standards. A regulatory sandbox approach can also be adopted to test new financial technologies in a controlled environment before full-scale implementation.
II. Collaboration Between Government and the Private Sector: A multi-stakeholder approach is essential in securing Nigeria’s fintech landscape. The government should work closely with private fintech companies, banks, and cybersecurity firms to develop security best practices, share threat intelligence, and implement robust security protocols. Public-private partnerships can help establish joint cybersecurity initiatives, enabling a more coordinated response to financial threats such as cyber fraud, identity theft, and digital financial crimes.
III. Enhancing Cybersecurity Measures: Nigeria must invest in advanced digital security infrastructure to address the growing cyber-attack risks. Fintech companies should be mandated to implement robust encryption technologies, multi-factor authentication, and real-time fraud detection systems. Establishing a Financial Cybersecurity Fusion Centre—a central body responsible for monitoring and responding to cyber threats in the financial sector—can further enhance resilience against cyber risks.
IV. Stronger Anti-Money Laundering (AML) and Know Your Customer (KYC) Requirements: Fintech platforms must enforce stricter AML and KYC regulations to combat financial crimes such as money laundering and terrorism financing. Artificial intelligence and blockchain technology can enhance identity verification processes, track suspicious transactions, and ensure real-time compliance monitoring. Regulatory authorities should also implement stringent penalties for non-compliance to deter illicit financial activities.
V. Ethical AI and Data Protection: As fintech companies increasingly adopt artificial intelligence for risk assessment and fraud detection, it is crucial to ensure ethical AI deployment and robust data protection measures. Nigeria must strengthen its Data Protection Act to align with global standards such as the General Data Protection Regulation (GDPR). Fintech firms should be required to conduct regular audits on data security, implement strong encryption measures, and obtain user consent before collecting or processing personal data.
VI. Public Awareness and Capacity Building: Consumer education and digital literacy initiatives are essential in mitigating fintech-related security risks. Government agencies, fintech firms, and civil society organisationsshould collaborate to provide awareness campaigns that educate users on secure digital transactions, fraud prevention, and personal data protection. Law enforcement agencies and regulatory personnel must alsoreceive specialised training to effectively detect, investigate, and prosecute fintech-related crimes.
VII. Strengthen Coordination and Data Integration: There is a need to establish a unified system that enhances synergy among telecom companies, banks, national institutions responsible for identification, and national security agencies. This system should ensure seamless tracing, identification, and blocking of accounts linked to crimes, leveraging the mandatory connection of bank accounts to the Bank Verification Number (BVN) and telephone numbers to the National Identification Number (NIN).
Nigeria’s fintech sector offers significant opportunities but poses serious risks, including cyber threats and illicit financial flows. Immediate policy action is needed to prevent economic disruptions, protect investor confidence, and address security concerns. The government must strengthen regulations, enhance cybersecurity, and enforce compliance while fostering collaboration between regulators, fintech firms, and security agencies. Ignoring these risks could lead to long-term instability, making urgent intervention essential to ensure a secure and sustainable fintech ecosystem.
Policy Recommendations
1. The Nigerian government must establish clear, enforceable, and adaptive fintech regulations that address emerging risks while promoting innovation.
2. There is a need for collaboration between the government and the private sector to secure Nigeria’s fintech landscape.
3. Nigeria must invest in advanced digital security infrastructure to address the growing cyber-attack risks.
4. Fintech platforms must enforce stricter Anti-MoneyLaundering (AML) and Know Your Customer (KYC)regulations to combat financial crimes such as money laundering and terrorism financing.
5. It is crucial to ensure ethical AI deployment and robust data protection measures.
6. Consumer education and digital literacy initiatives are essential in mitigating fintech-related security risks.
7. There is a need to establish a unified system that enhances synergy among telecom companies, banks, national institutions responsible for identification, and national security agencies.
(Dr. Chibuike Njoku is an Associate Consultant at Nextier and a lecturer at the International Relations and Diplomacy Department at Chrisland University, Abeokuta, Ogun State, Nigeria; while Dr. Ndu Nwokolo is a Managing Partner at Nextier and an Honorary Fellow at the School of Government at the University of Birmingham, UK)
