THE Central Bank of Nigeria has ordered banks and other financial institutions to reimburse victims of Authorised Push Payment (APP) fraud within 48 hours, marking one of the strongest regulatory moves yet to protect customers from rising electronic fraud in the country.
APP fraud occurs when customers are manipulated, persuaded or misled into voluntarily sending money to fraudsters who may impersonate legitimate entities or refuse to fulfil obligations. This type of fraud often relies on social engineering and exploits customer vulnerabilities.
News Point Nigeria reports that the directive, which was issued through a circular addressed to all banks, other financial institutions, public interest groups and the general public, sets out strict requirements for how financial institutions must investigate, resolve and reimburse customers affected by APP fraud, and the introduction makes clear that the focus is squarely on ensuring that victims are repaid within the stipulated 48-hour window once investigations are concluded.
The circular, titled “Draft Guidelines for Handling Authorised Push Payment Fraud,” was signed by Rita I. Sike, director of the Financial Policy & Regulation Department of the CBN, and was published on Tuesday. It states that banks and OFIs must implement “a fair, timely, and transparent reimbursement process” for affected customers.
According to the CBN, “customers who are victims of APP fraud shall be eligible for reimbursement, subject to the investigation outcomes,” and the reimbursement “shall be made within 48 hours from the conclusion of a documented APP fraud investigation.”
The guideline explains that where an APP fraud incident involves more than one financial institution, the originating institution must commence investigation immediately and notify the receiving institution within 30 minutes of receiving the customer’s complaint. All data exchanged during the investigation must comply with the Nigeria Data Protection Act, 2023.
The involved institutions are expected to conduct a joint investigation to determine any lapses, the amount lost or unrecoverable, and the modalities for joint reimbursement as well as measures to prevent future occurrences. Where joint investigations are required, reimbursement must be completed within 16 working days from the date the incident was first reported.
In the circular, the CBN said the exposure of the draft guidelines is part of its mandate to promote a sound financial system and address the rising incidence of APP fraud. The Bank stressed that when finalised, the guidelines will compel financial institutions to deploy preventive measures and adopt robust processes for mitigating and managing APP fraud across all payment channels.
The CBN noted that Nigeria’s financial system has benefited immensely from the growth of digital channels such as USSD, internet banking and instant transfers, which have improved efficiency, expanded financial inclusion and provided unparalleled convenience.
However, the rapid rise of these channels has been accompanied by a surge in electronic fraud, which has resulted not only in financial losses but also in the erosion of public trust in the financial system. Among these fraudulent activities, APP fraud has become one of the most troubling forms.
Unlike traditional fraud where an account is compromised without the owner’s knowledge, APP fraud involves situations in which customers are manipulated, persuaded or misled into voluntarily sending money to fraudsters who may impersonate legitimate entities or refuse to fulfil obligations. This type of fraud often relies on social engineering and exploits customer vulnerabilities.
In explaining its move, the CBN said its action aligns with its mandate under the CBN Act, 2007 and the Banks and Other Financial Institutions Act (BOFIA) 2020 to ensure a safe, sound and resilient financial system. It emphasised that the guidelines should be read alongside other CBN regulations, including the Consumer Protection Framework and relevant circulars.
The draft guidelines also outline several key expectations. Victims of APP fraud are required to report the incident to their financial institution within 24 hours, although the CBN provides an additional 48-hour grace period if necessary. The report must contain adequate details such as transaction date, amount, recipient account information and any supporting documents. Once a report is received, the financial institution must immediately commence investigation, acknowledge receipt within 24 hours, issue a unique case reference number and clearly outline the review timeline.
The CBN may also direct NIBSS or any relevant settlement entity to withhold settlement for the full value of transactions identified as fraudulent, extending this to subsequent beneficiary institutions where necessary. Full investigations must be concluded within 14 working days, after which decisions must be communicated to customers, including clear reasons where reimbursement is denied.
The guidelines also state that failure by banks to conduct investigations within the stipulated timelines without reasonable justification may be deemed a breach of consumer protection obligations and attract regulatory sanctions.
However, the CBN notes that if a customer fails to report an APP fraud incident within 72 hours without reasonable justification, such as illness, force majeure events, or delayed awareness of the fraud, the financial institution may not be obligated to reimburse the customer, except where internal control failures or staff negligence contributed to the incident.
Overall, the draft guidelines signal a strong stance by the CBN to protect consumers, strengthen trust in the financial system and provide a clear framework for resolving APP fraud cases swiftly, with the central requirement being that victims must be reimbursed within 48 hours once investigations are concluded.