How to comply with FCCPC’s new consumer lending regulations

The Federal Competition and Consumer Protection Commission (FCCPC) has brought the Digital, Electronic, Online, or Non-Traditional Consumer Lending Regulations, 2025 into effect as of July 25, 2025. These rules significantly change the way lending is done in Nigeria’s digital space. They are not limited to banks or licensed money lenders alone. The scope is wide, pulling in mobile money operators, fintech startups, telecommunications companies offering airtime or data advances, agricultural technology platforms extending input credit, and even businesses that provide instalment payment options through apps.

If you gain any form of benefit from a lending transaction, whether in cash, goods, commissions, or barter, the FCCPC considers you covered under these regulations. The penalties for non-compliance are severe, which makes understanding and following the rules a business survival priority. This guide is intended to walk through practical steps for meeting your obligations and building compliance into your operations.

1. Start with the benefit test

Before beginning the registration process or assembling documents, determine whether your activities meet the FCCPC’s “benefit test”. This is the scope trigger for the entire regulation.

The benefit test applies to any lending activity carried out digitally, electronically, online, or through non-traditional channels. It is irrelevant whether the loan is secured or unsecured, or whether the business is based in Nigeria or operates from another country. If your business derives value from a lending transaction in any form, these rules apply to you.

Who is likely covered:

• Digital lenders and fintech companies providing personal or consumer loans.
• Mobile money operators offering short-term overdrafts or credit facilities.
• Telecommunications companies granting airtime or data advances to customers.
• Agricultural platforms providing seeds, fertiliser, or equipment on credit.
• Retailers or service providers that allow customers to pay in instalments via an online platform.
• Vendors or service providers that partner with lenders and share in the income generated from lending activities.

It is important to conduct this assessment carefully. Even if lending is incidental to your main business model, the fact that you receive a benefit from it will bring you under FCCPC oversight.

Action points:

• Document all ways in which your business offers, facilitates, or benefits from credit transactions.
• Include partnerships and indirect lending arrangements in your review.
• Confirm whether your digital channels reach customers in more than one state, since this is a geographic trigger for the rules.

2. Map your lending operations

Once you know you fall within the scope, the next step is to document exactly how your lending operations work. The FCCPC expects clarity on your process from loan origination to repayment, including the role of third-party vendors.

This exercise helps you understand the compliance obligations for each stage of your lending cycle. It also exposes areas where vendor approval will be required.

Operational mapping should cover:

• Customer acquisition: How customers find and apply for loans.
• Credit assessment: The methods used to determine eligibility, including automated scoring systems.
• Loan disbursement: Channels used to release funds or goods.
• Repayment process: Methods for repayment collection, whether through digital wallets, bank transfers, or deductions from airtime.
• Complaint handling: Procedures for receiving and resolving customer issues.
• Vendor involvement: Third parties that handle any part of the process, including loan management software, payment gateways, call centres, or activation service providers.

Action points:

• Create a flow diagram or written process map that captures every operational stage.
• Identify all vendors and service providers involved, noting their role and contractual arrangements.
• Flag areas where FCCPC prior approval will be needed for vendor relationships.

Also read: Requirements for publishing Nigerian loan apps on Apple App Store

3. Assemble your compliance dossier

The FCCPC approval process requires extensive documentation. Missing even one required element can delay your application.

Core documentation requirements include:

• Corporate Affairs Commission incorporation documents and constitutional records.
• A list of directors, key management staff, shareholders, and beneficial owners.
• Applicable sectoral licences, such as CBN or NCC permits where relevant.
• Standard loan terms and conditions used with consumers.
• Privacy and data protection policies.
• Customer service policies and complaint resolution processes.
• Evidence of tax compliance.
• A Compliance Audit Report.
• A Data Protection Impact Assessment (DPIA) prepared by a registered Data Protection Compliance Organisation (DPCO).

Engaging a DPCO early is advisable because they will need to review your systems, trace data flows, and assess your data protection controls before producing the required reports.

Action points:

• Create a checklist of all FCCPC-required documents.
• Begin with items that take the longest to prepare, such as DPCO audits and tax clearance.
• Ensure all information in your submissions is accurate to avoid future revocation of approvals.

4. Budget for the full compliance cycle

Compliance with the FCCPC regulations has direct financial costs. These fees apply to every covered business, regardless of size.

The key fees are:

• Application fee: ₦100,000 (non-refundable).
• Approval fee for digital lenders: ₦1,000,000 (covers up to two software applications).
• Additional app registration: ₦500,000 each (maximum of five apps).
• Renewal fee: ₦500,000.

Initial approvals last for one year. After that, renewals are required every 36 months, and the renewal process comes with its own fees and documentation requirements.

Action points:

• Budget for the initial fees as well as ongoing renewals.
• If you operate multiple lending apps, calculate the total approval costs in advance.
• Include these compliance costs in your annual financial planning.

5. Prepare and submit partnership agreements

The FCCPC requires oversight over all partnerships and vendor relationships linked to lending. This applies whether the partner provides technology, payment processing, customer acquisition, or other operational services.

All such arrangements must be documented in a Consumer Lending Services Agreement and submitted for approval before they take effect. Existing agreements must be regularised, and any amendments or subcontracts will also need approval.

Special note for airtime and data lending: If your business involves credit for telecommunications services, you must have at least two activation service providers, one of which must be wholly Nigerian-owned, within 60 days of starting operations.

Action points:

• Review all current and planned vendor and partnership agreements.
• Prepare agreements for FCCPC submission.
• Build the FCCPC’s 30-day review period into your contract timelines to avoid operational delays.

6. Build a solid reporting and record-keeping system

One of the most significant operational shifts in the new regulations is the detailed and recurring reporting requirement. This is not a one-time obligation at registration but a continuing compliance duty throughout your operations.

The key reporting timelines are:

• Biannual operational reports: Must include the number of consumer lending transactions, their total value, all interest and fees collected, and a breakdown of complaints received along with their resolution status.
• Annual returns: Due by 31 March each year for the preceding calendar year. These must include the same transaction and complaint data as the biannual reports, plus audited financial statements clearly showing income from lending activities.

In addition to these scheduled reports, the FCCPC reserves the right to demand records at short notice. Businesses have only 48 hours to provide such information once formally requested.

Action points:

• Implement data models that track all lending-related metrics, including transaction volume, revenue, fees, and complaints.
• Maintain complaint resolution logs with dates and outcomes.
• Preserve all relevant records for a minimum of five years.
• Include record retrieval capabilities in your incident response and legal hold processes so that you can meet the 48-hour demand window.

Also read: Download the FCCPC Digital Lending Regulations 2025

7. Elevate compliance to a board-level responsibility

The new framework treats compliance as a governance issue, not just an operational one. This is reflected in the penalties, which can apply personally to directors as well as to the corporate entity.

Natural persons can face administrative penalties of up to ₦50,000,000. Corporates risk up to ₦100,000,000 or 1% of turnover from the previous year, whichever is higher. Directors can also be disqualified from holding office for up to five years.

Given these risks, compliance oversight should be formally included in board agendas, with regular reporting from the compliance team.

Action points:

• Establish a compliance oversight function that reports directly to senior management and the board.
• Maintain documented evidence of all remedial work carried out after any breach or warning.
• Train directors on their specific responsibilities under the FCCPC regulations.
• Schedule periodic internal compliance audits and present findings at board meetings.

8. Understand and plan for enforcement powers

The FCCPC has given itself wide enforcement powers under the new regulations. Beyond financial penalties, the Commission can suspend your operations, delist you from the public register of approved lenders, revoke approvals or order the termination of partnership agreements.

Approvals can be revoked if you provide false or misleading information, breach any provision of the regulations, or engage in conduct deemed harmful to consumers. In certain cases, such as when a sectoral licence expires or becomes restricted, related contracts may need to be terminated within five days.

Action points:

• Ensure all application information is accurate and can be supported with evidence.
• Monitor the validity of all sectoral licences and renewal dates.
• Include clauses in partnership agreements that address regulatory changes and potential FCCPC termination orders.
• Track FCCPC communications closely to avoid missing any compliance deadlines.

Also read: FCCPC’s new consumer lending regulation

9. Avoid the most common compliance traps

With the breadth of the regulations, several areas are likely to catch businesses off guard, especially those new to regulated environments.

Common pitfalls include:

• Assuming that offering credit only occasionally or as a secondary service exempts you from compliance.
• Overlooking the need for FCCPC approval of vendor and partnership agreements.
• Missing the minimum 30-day review period for partnership approvals and launching deals too soon.
• Forgetting that each lending app requires separate registration and approval fees.
• Failing to keep complete, accessible lending records for the required five-year period.

Avoiding these mistakes requires proactive planning and integration of compliance into both your legal and operational processes.

Compliance as an ongoing business discipline

The FCCPC’s new regulations have changed the rules of the game for anyone offering or facilitating consumer credit in Nigeria. They are not just a set of one-time registration steps. They are an ongoing set of obligations that touch almost every part of a lender’s operations. From the way you work with vendors to how quickly you can pull up a five-year-old transaction record.

Whether you think the rules are too heavy-handed or overdue, they are already in effect and the penalties for ignoring them are severe. The businesses that will cope best are those that treat compliance as part of day-to-day business management rather than a box to tick at registration. That means budgeting for it, building it into your timelines, and making sure your board is paying attention.

For founders and operators, the takeaway is simple: get organised now. If you meet the benefit test, register. If you use vendors, get the agreements in shape and approved. If your record-keeping and reporting systems cannot produce what the FCCPC wants on time, fix them before the first request comes in. The rules are here, and they are not going away.