Nigeria’s open banking framework is, by most measures, ready. The Central Bank of Nigeria published its Regulatory Framework in 2021 and followed with detailed Operational Guidelines in 2023. These documents established the legal architecture for consent-based data sharing between financial institutions and licensed third-party providers, covering everything from API standards and data classification to incident reporting and business continuity requirements. The industry has matched this effort.
Through 2025, a central steering committee and five dedicated workstreams brought together experts from banks, fintechs, consulting firms, and regulatory bodies to develop the implementation infrastructure. We’ve uncovered the core submissions in our article: Has Nigeria’s Open Banking Conversation Lost Momentum? This body of work now sits with the CBN for final review and approval. The question facing the industry now is what happens next? More specifically, what must regulators get right in the period between approval and go-live to ensure that open banking actually works in practice? This is where the conversation becomes more nuanced.
Regulatory frameworks, however well-drafted, do not self-execute. The transition from approved policy to functioning ecosystem requires a series of deliberate operational steps, and the sequencing of those steps matters enormously. This piece outlines what must be in place before go-live can reasonably succeed, not as criticism, but as a reflection on the conditions necessary for operational maturity.
Approval for the implementation timelines comes first
Open banking is unusual in Nigerian regulatory history because of its scope. Most CBN regulations affect a defined subset of regulated entities. Capital adequacy requirements apply to banks. Payment service provider licensing affects PSPs. Mobile money guidelines touch a specific category of fintech. Open banking does not fit this pattern. It applies to every entity that holds or processes customer financial data, which in practice means virtually every institution the CBN regulates: commercial banks, microfinance banks, payment service providers, fintechs, switches, and data processors. This breadth explains why the current moment matters.
While the development process has been collaborative, drawing on expertise from banks, fintechs, consultancies, and industry bodies, approval rests with the regulator alone. Until that approval comes, the ecosystem is in a holding pattern. Banks cannot begin formal implementation because the governing documents are not yet final. Fintechs cannot apply for accreditation because the accreditation process has not been officially established. Infrastructure operators cannot open registration because the Registry does not yet have regulatory backing.
Every subsequent step in the implementation sequence depends on the: formal CBN approval of the submitted framework and its supporting artifacts. This is not a procedural formality. Given the scope of what open banking touches, approval signals that the Central Bank has reviewed the technical standards, the legal frameworks, the security protocols, and the governance structures, and determined that they are fit for purpose. It signals that the regulator is prepared to supervise a live ecosystem built on these foundations. That signal must come before the ecosystem can responsibly proceed with implementation.
Institutional roles must be defined
Open banking requires infrastructure that sits outside any individual bank or fintech. The Open Banking Registry, which tracks and maintains information on all entities permitted to participate, must be operated by a designated body. The Consent Management System, which ensures that consumer consent is recorded, verified, and revocable in a standardized way across the ecosystem, similarly requires a central operator. These are not functions that can be distributed across participants or left to emerge organically. They require clear institutional ownership. NIBSS is a logical candidate for these roles. It already operates critical shared infrastructure for the Nigerian financial system and has experience with platform validation through its work with POS providers. The CBN may nominate NIBSS to manage both the Registry and the Consent Management System, or it may assign these functions to different entities. What matters is that the assignments are made explicitly and publicly.
Verification and certification present a related question. Before a fintech or bank can participate in open banking, someone must assess whether they meet the technical and security requirements. This could be NIBSS, extending its existing validation capabilities. It could follow the model established under the Nigeria Data Protection Act, where independent assessors were accredited to conduct compliance assessments. Either approach can work, but the approach must be defined. Participants need to know who to approach, what documentation to submit, what standards they will be assessed against, and how long the process takes. Ambiguity about institutional roles delays implementation more than almost any technical challenge. Banks and fintechs cannot prepare effectively when they do not know who will assess them, what the assessment involves, or where to register. The CBN’s announcement should resolve these questions definitively.
Implementation timelines must be sequenced
There has been anticipation within the industry about when open banking will officially launch. Internal expectations have circulated, and various dates have been discussed informally. But no official go-live date has been committed to by the CBN, and this is worth stating clearly. The absence of a public announcement is not a delay. It reflects the reality that implementation timelines must be carefully structured before they are communicated. When the CBN does announce a go-live date, that announcement should come with a sequenced implementation timeline rather than a single deadline. At minimum, three milestones must be distinguished and communicated.
First, the point at which banks and other participants must begin implementation work: integrating APIs, configuring consent mechanisms, updating internal processes. Second, the official go-live date when the system becomes operational and participants can begin offering open banking services. Third, a compliance deadline representing the latest point by which all in-scope institutions must be fully compliant. This sequencing serves multiple purposes. It gives participants time to build, test, and refine their implementations rather than rushing to meet a single hard deadline. It allows for a phased rollout where early movers can surface issues before the entire ecosystem is live. It gives the regulator time to ensure that its own supervisory systems are functioning before it must actively enforce compliance. And it provides clarity that reduces the confusion and misaligned expectations that inevitably arise when timelines are ambiguous.
The UK experience is instructive here. Open banking launched in the UK in January 2018, but adoption was slower than policymakers anticipated, and one contributing factor was insufficient communication about what was happening and when. This contributed to cautious uptake rather than outright implementation. Nigeria has invested years in building a strong regulatory and technical foundation. It would be unfortunate to undermine that investment through unclear timing or rushed implementation at the final stage.
Resources must accompany requirements
Regulations establish obligations. Implementation requires resources. These are distinct, and providing one without the other creates frustration and delays. When the CBN announces the implementation timeline, participants will need access to technical documentation, reference architectures, testing environments, and integration endpoints for the Registry and Consent Management System. They will need clarity on API specifications, authentication protocols, and data formats. They will need sample consent flows and guidance on how to present consent requests to consumers across different channels.
Much of this work has already been done through the industry workstreams, but they must be approved and made accessible to all participants once the framework is approved. This is where ecosystem stakeholders play a defined role. Open Banking Nigeria and similar bodies can serve as distribution channels for documentation, hosts for technical resources, and facilitators of industry dialogue. The CBN remains the source of authoritative requirements, but implementation support can and should be distributed across the ecosystem. The key is that roles are clear and resources are available well in advance of compliance deadlines.
Internal alignment and supervisory readiness
A regulator cannot supervise what it does not internally understand. Open banking cuts across multiple departments within the Central Bank: payments systems, banking supervision, consumer protection, information technology, and potentially others. Each of these areas has a role in oversight, and each must understand how open banking affects their domain. This requires active training, scenario planning, and cross-departmental coordination. Staff in consumer protection must understand how consent works, how consumers revoke access, and what complaints might look like. Staff in banking supervision must understand how API availability requirements translate into compliance assessments. Staff in payments must understand how open banking intersects with existing switching and settlement infrastructure.
Open banking is a relatively new innovation. For many within the regulatory institution, it will be unfamiliar territory. Concepts like API-based data sharing, third-party provider accreditation, and consent lifecycle management may not map neatly onto existing supervisory frameworks. Internal capacity building is essential before the CBN can effectively oversee a live ecosystem. This is also a matter of sustained institutional attention. Open banking implementation will take time, and competing priorities will inevitably arise. If ownership within the CBN is unclear, or if the officials driving implementation move to other roles without effective handover, momentum can stall yet again. Internal advocacy for open banking as a priority must be maintained through the implementation period.
Consumer protection
Open banking ultimately succeeds or fails based on consumer trust. Consumers will not read regulatory frameworks or API specifications. They will experience open banking through the applications they use and the problems they encounter. If something goes wrong and they have nowhere to turn, trust erodes quickly and will be difficult to rebuild. This means consumer protection mechanisms must be operational before go-live. Complaint handling processes must be defined and publicized. Dispute resolution must be accessible and enforceable. Consumers must know what to do if they believe their data has been misused, if a transaction fails, or if they want to revoke consent they previously granted.
Consumer education matters as well. Open banking asks people to share their financial data in new ways, with entities they may not have previously interacted with. This requires explanation about what open banking is, what rights consumers have, what protections are in place, and how to exercise those rights. The communication toolkits developed by the CBN-led workstreams are designed to address this, translating technical concepts into language that ordinary consumers can understand. If we know Nigerians well enough, then we know for sure that complaints will arise. Security incidents will most likely occur. Fraudsters will try to take advantage of any perceived loophole. The measure of a well-designed system is not whether these problems happen, but whether the system is prepared to handle them when they do. If complaint mechanisms are unclear or inaccessible at launch, consumer confidence will suffer before open banking has a chance to demonstrate its benefits.
The path forward
Nigeria’s open banking journey has taken its time. From the formation of Open Banking Nigeria in 2018 through the regulatory framework in 2021, the operational guidelines in 2023, and the intensive workstream activity through 2025, the approach has prioritized building the foundation over speed. The decision to develop implementation infrastructure collaboratively with the industry, rather than imposing it through top-down mandate, may have extended timelines, but it has also produced a more comprehensive and better-tested set of artifacts which are now under CBN review. When that review concludes and approval is granted, the next phase begins. That phase requires clarity on timing, explicit assignment of institutional roles, accessible resources for participants, internal readiness within the regulator, and consumer protection mechanisms that function from day one.
Open banking in Nigeria will not be judged solely by the quality of its regulatory documents, though those documents are strong. It will be judged by whether the system works in practice, whether participants can implement it without confusion, and whether consumers trust it with their financial data. The foundation is solid. What remains is the operational work of bringing it to life in a way that earns and sustains the needed trust.
