Frequently Asked Questions on FCCPC’s new consumer lending regulations

The Federal Competition and Consumer Protection Commission (FCCPC) has introduced the Digital, Electronic, Online, or Non-Traditional Consumer Lending Regulations, 2025, which took effect on July 25, 2025. These rules change how digital lending is governed in Nigeria and affect not just direct lenders, but also mobile money operators, fintech companies, and even vendors that provide services in the lending process.

Below are answers to common questions from Lenders, compliance teams, and other stakeholders.

1. When did the new regulations take effect?

The regulations became law on July 25, 2025. From that date, the FCCPC has full legal authority to enforce them. This means businesses in scope must already be in compliance or risk facing penalties. There is no formal grace period written into the rules.

2. Who needs to comply?

Any business involved in consumer lending through digital, online, electronic, or other non-traditional means is covered, even if lending is not the main focus of their operations. The test the FCCPC uses is whether you receive any benefit from the lending arrangement.

This includes:

• Digital lenders and fintech companies. For example, app-based loan providers like Branch or Carbon that operate entirely online.
• Money lenders and cooperatives such as registered moneylending companies or thrift savings cooperatives that extend credit to members.
• Mobile money operators offering credit services. For example, Paga or Opay when they provide short-term loans through their wallets.
• Telecommunications companies providing airtime or data advances. For example, MTN’s “Borrow Me Credit” or Glo’s “Borrow Me Data” services.
• Agricultural platforms that give farmers inputs on credit, such as Farmcrowdy or ThriveAgric when they supply seeds or fertiliser with deferred payment terms.
• Retailers or service providers offering installment or deferred payment options. For instance, electronics stores offering “buy now, pay later” arrangements through a digital checkout.
• Fintechs, vendors and service providers in the lending value chain who earn from the transaction. For example, payment processors like Paystack and Flutterwave that facilitate loan disbursements and repayments, or lending infrastructure providers like Lendsqr.

3. What is the “benefit test” and why does it matter?

The benefit test is the FCCPC’s standard for deciding if your business falls under the regulations. It doesn’t matter if the loan is secured or unsecured, or whether you operate in Nigeria or abroad. if you gain a benefit, in cash or kind, you are subject to the rules.

Benefits can include direct cash interest or fees, goods or services provided in exchange for repayment, commissions or incentives from lending activities, as well as barter-based or non-cash benefits.

4. Are microfinance banks exempt?

Yes, but not automatically. CBN licensed Microfinance Banks (MFBs) are excluded from the registration requirement, but they still need to apply to the FCCPC for a formal waiver. Other banks remain subject to the full requirements.

5. What documents are needed for registration?

The application process is paperwork-heavy and goes well beyond basic company details. You will need:

• Corporate Affairs Commission (CAC) incorporation and constitutional documents.
• A list of directors, shareholders, and beneficial owners.
• Copies of any sectoral licences you hold.
• Standard terms and conditions for lending contracts.
• Customer service and privacy policies.
• Evidence of tax compliance.
• A Compliance Audit Report and Data Protection Impact Assessment (DPIA) from a registered Data Protection Compliance Organisation (DPCO).

6. How do I get copies of my sectoral licences?

If your business is regulated by another body such as the Central Bank of Nigeria (CBN), the Nigerian Communications Commission (NCC) or a state licensing authority, you can request official copies from that regulator. Most will issue certified true copies on application, often for a small administrative fee. Some licenses can also be downloaded from your regulator’s online portal if you have an account. Make sure the copy you submit to the FCCPC is current, legible and shows the license number, issue and validity period.

Also read: How to comply with FCCPC’s new consumer lending regulations

7. Does “evidence of tax compliance” apply even for a new company or just the directors?

The FCCPC expects evidence of tax compliance from the applicant company itself, regardless of how new it is. If your company has not yet completed a financial year, you can provide proof of registration with the Federal Inland Revenue Service (FIRS) and any available tax filings to date. For very early-stage companies with no operational history, the FCCPC may still require directors to provide their personal tax clearance certificates, particularly if the business has not generated any corporate tax records yet.

8. How do I get a Compliance Audit Report and DPIA from a registered DPCO?

You will need to engage a Data Protection Compliance Organisation (DPCO) that is accredited by the Nigeria Data Protection Commission (NDPC). The NDPC maintains a public list of registered DPCOs on its website. Once engaged, the DPCO will review your data processing activities, assess compliance with the Nigeria Data Protection Act, and prepare both the Compliance Audit Report and the Data Protection Impact Assessment (DPIA) required by the FCCPC. The process typically involves document reviews, interviews with key staff, and an evaluation of your IT systems and security measures. It is best to start this early, as completing the audits and reports can take several weeks.

9. What are the fees involved?

The costs are split into several categories:

• ₦100,000 non-refundable application fee.
• ₦1,000,000 approval fee for up to two software applications.
• ₦500,000 for each additional app, up to a maximum of five.
• ₦500,000 renewal fee for subsequent approval cycles.

The initial approval lasts for one year. Renewals are then required every 36 months.

10. How long does FCCPC approval take?

Plan for at least 30 days for both registration and partnership agreement reviews. The FCCPC can extend this period if necessary, so you should not assume the process will be completed quickly. It’s best to build extra time into your commercial and operational timelines.

11. Do vendor partnerships need FCCPC approval?

Yes. All agreements with vendors or partners connected to your lending activities must be submitted to the FCCPC for review and approval before they take effect. This applies to: activation partners (e.g., airtime/data service providers), payment processing partners, collection agencies and technology vendors linked to loan disbursement or servicing.

Any amendments, renewals, or assignments of these agreements also require prior approval. The FCCPC can reject agreements that they consider unfair or anticompetitive.

12. What are the reporting obligations?

You will need to file: Biannual operational reports, which shows the number of consumer lending transactions, their total value, interest and fees collected, and complaint tallies with resolution outcomes. You will also need to file Annual returns, due by 31 March for the preceding year. These must include transaction and complaint data as well as audited financial statements showing lending income.

All related records must be kept for at least five years. The FCCPC can also request records at any time, and you will have just 48 hours to provide them.

13. What are the penalties for non-compliance?

The penalties are significant:

• Up to ₦50,000,000 for individuals.
• Up to ₦100,000,000 or 1% of turnover (whichever is higher) for corporate entities.
• Director disqualification for up to five years.
• Suspension of operations, revocation of approvals, and forced termination of contracts.

The reputational impact of being publicly sanctioned is another major risk, especially in a competitive and regulated market.

14. What about data protection requirements?

The regulations require you to submit a DPIA and compliance audit from a registered DPCO. You must also meet all obligations under the NDPA, as enforced by the Nigeria Data Protection Commission.

Your systems should be able to provide a complete consumer usage statement within 24 hours, control access to personal data through secure authentication, encrypt data in storage and in transit and implement tested breach response procedures.

15. What’s the fastest way to get compliant?

While there is no shortcut, you can move faster by swiftly conducting a benefit test on your business model to confirm scope, gather all required registration documents early, engage a DPCO immediately for your DPIA and compliance audit, review and update all partnership agreements, set up reliable reporting and record-keeping systems, finally budget for application, approval, and current and subsequent renewal costs.

16. What happens if I am a foreign lender targeting Nigerian consumers?

The regulations apply regardless of where you are incorporated or operate from. If you lend to Nigerian consumers and derive any benefit, you must comply. This may mean appointing a local representative to handle FCCPC submissions.

17. I only offer credit occasionally. Do I still need to register?

Yes, if the lending meets the benefit test. Even incidental credit, like offering a “buy now, pay later” option a few times a year, can bring you into scope.

18. Can I launch a product while my FCCPC application is pending?

No. Lending activities covered by the regulations cannot begin until approval is granted. Doing so can result in penalties, suspension, or a complete ban from operating.

19. How do I handle partnerships already in place?

Existing agreements must be submitted to the FCCPC for review. If they do not meet the commission’s standards, you may need to amend them or terminate them.

Also read: FCCPC’s new consumer lending regulation

20. Is there a cap on interest rates under the new rules?

The FCCPC has indicated it will monitor rates to ensure they are fair and non-exploitative, but the regulations do not set a fixed cap. You should still ensure your pricing can be justified under consumer protection principles.

21. How does this interact with other regulators like the NDPC or CBN?

You must meet FCCPC requirements in addition to any obligations from sector-specific regulators. For example, data-related obligations under the NDPC still apply, and banks must meet CBN rules alongside FCCPC compliance.

22. What if I fail to respond to a record request in 48 hours?

Failure to meet this deadline can be treated as a breach, leading to penalties and possibly triggering a deeper investigation into your operations.

23. How much internal capacity will I need to maintain compliance?

These regulations require ongoing attention rather than a one-time compliance exercise. To keep up, you will likely need a compliance officer or dedicated team to stay on top of the requirements, strong legal oversight to ensure your contracts and processes meet the standards, IT systems that can produce the required reports quickly, and consistent board-level engagement on compliance matters.

24. What about my FCCPC interim regulation licence?

If you registered under the FCCPC’s Interim Framework for digital lending before 2024, your approval does not automatically transfer into the new regime. You must reapply under the 2025 Regulations, provide all the required documents, and pay the updated fees. For applicants who were already in the process at the start of 2025 and had paid the earlier ₦500,000 approval fee, the FCCPC now requires you to make up the difference to meet the new ₦1,000,000 fee.

25. What if I only do loans offline?

The new rules focus on digital, electronic, online, and other non-traditional lending channels. If your lending operations are entirely offline and do not involve any digital process (from application to disbursement) you may fall outside the scope. However, many “offline” lenders still use digital tools somewhere in the process, such as bank transfers, mobile verification, or online loan tracking. If that is the case, you could still be caught by the benefit test, so it is safer to assess your process carefully before assuming an exemption.

26. What about private lending between employers and employees?

If the lending is part of an employer’s internal staff welfare scheme and not offered to the general public or for commercial gain, it may not be covered. However, if the scheme charges interest, involves third-party service providers, or is operated as a profit-making initiative, it could fall within scope. It is important to review the arrangement in light of the benefit test to determine whether FCCPC registration is required.

Also read: Download the FCCPC Digital Lending Regulations 2025

If you have more questions about the FCCPC’s new consumer lending regulations or how they apply to your business, send us a meesage at [email protected].