For years, consumer lending was one of the easiest ways to enter Nigeria’s fintech space. Startups could operate with a simple state-issued moneylender’s licence and minimal oversight. This low barrier spurred innovation in marketplaces, wallets, telcos, HR platforms, and agri-tech firms that layered credit offerings onto their existing products. This led to the growth of buy-now-pay-later (“BNPL“), airtime and data credit, earned wage access, and input financing for agri-businesses.
But minimal oversight came at a cost. Borrowers faced harassment, personal data was misused, and unethical recovery methods became common. In response, the Federal Competition and Consumer Protection Commission (the “FCCPC”) introduced interim guidelines in 2022, ordering the delisting of rogue loan apps from Google Play Store and enforcing consumer-protection standards.
On 25 July 2025, the FCCPC took a firmer step by issuing the Digital, Electronic, Online, or Non-Traditional Consumer Lending Regulations (the “DEON Regulations”), a comprehensive framework that formalizes oversight across Nigeria’s digital lending ecosystem. This article highlights the scope, obligations, and implications of the new rules.
A Wider Regulatory Net
The DEON Regulations expand the FCCPC’s oversight beyond traditional loan apps to cover nearly every actor involved in consumer credit. The rules apply to all digital platforms that facilitate unsecured lending or advance any form of value to consumers, from cash, airtime, data, cashback, services, or any benefit with a monetary equivalent.
Importantly, the Regulations extend to all entities that participate in, enable, or profit from a lending transaction. This includes:
- telcos offering airtime/data credit or powering lending rails;
- marketplace platforms providing instalment or BNPL checkout options;
- wallets and agents disbursing loan proceeds;
- HR or payroll platforms providing earned-wage access; and
- embedded finance partners co-branding with lenders.
Even if an organisation already operates in a regulated sector, its consumer-lending activities remain subject to FCCPC oversight. FCCPC’s approval does not however replace any licence required by other regulators. The only full exemption applies to institutions licensed under the Banks and Other Financial Institutions Act (BOFIA). Microfinance banks, however, must seek an FCCPC waiver to qualify for this exemption.
Initial Registration Requirement
Entities covered by the DEON Regulations must register with the FCCPC within 90 days of commencement to continue offering lending services.
Key registration details:
- Application fee: ₦100,000
- Approval fee: ₦1,000,000 (covers up to two lending apps)
- Additional apps: ₦500,000 each (maximum of five apps per entity)
Registration confirms a platform’s eligibility to operate legally and signals compliance readiness to both regulators and investors.
Ongoing Compliance Obligations
The 2025 Regulations impose stricter operating standards and reporting obligations on qualified entities. Specifically, they are required to:
- Maintain comprehensive records of all consumer lending transactions and complaint resolutions for at least five (5) years from the date of submission;
- Submit biannual reports on transactions, interest rates, and complaints;
- File annual returns with the FCCPC before the 31st March of each year;
- Obtain FCCPC’s prior approval for any Consumer Lending Services Agreement (e.g., partnership agreements);
- Renew registration every 36 months;
- Transmit data relating to borrowers to recognized Credit Bureaus when requested by the FCCPC or any regulator(s);
- Comply with Data Protection Law, including the NDPA 2023 and any subsidiary enactments (e.g., The General Application Implementation Directive, 2025); and
- Notify the FCCPC in writing of any changes to the details provided in the initial registration within fourteen (14) days of the said change.
These obligations establish a governance structure similar to the Central Bank of Nigeria’s (CBN) oversight of the banking sector, signalling a shift toward greater accountability in digital credit operations.
Sanctions & Enforcement
Violations of the DEON Regulations attract strict penalties. Offenders may face fines, suspension, delisting, or revocation of approval. Individuals risk fines up to ₦50 million, while companies may pay up to ₦100 million or 1% of annual turnover, whichever is higher. Directors may also face fines of up to ₦50 million and disqualification for five years.
Implications for Fintech and Platform Operators
The DEON Regulations mark a shift from permissive innovation to structured compliance. The days of informal credit partnerships and undocumented lending flows are over. Every participant in a lending value chain, from lenders to payment processors, must now demonstrate regulatory accountability.
Key strategic implications:
- Compliance as a differentiator: Platforms that align early with the FCCPC’s reporting and data-protection standards will gain trust from investors and customers.
- Governance integration: Embedded-lending partners and marketplaces must include compliance protocols in partnership agreements.
- Data discipline: Given the NDPA’s cross-reference, companies must synchronize data-governance policies with lending compliance.
- Licensing convergence: Further harmonization between the FCCPC, CBN, and data-protection authorities is likely, making multi-regulator coordination essential.
Conclusion
The era of lightly regulated digital lending in Nigeria is over. The DEON Regulations establish clear standards for transparency, accountability, and consumer protection, applying equally to fintechs, telcos, and platforms that power or profit from lending flows. Future growth in Nigeria’s digital credit ecosystem will depend not only on innovation but also on compliance, governance, and responsible data use. The FCCPC’s latest move sets the tone for a more mature, auditable, and consumer-centric lending market, one where credibility is as critical as capital.
