Nigeria’s Banks and Other Financial Institutions Act

If you operate in Nigeria’s credit market long enough, you eventually run into the limits of what you can get away with. Early on, it might feel like product, distribution, and collections are the real constraints. Then regulation steps in and quietly dictates how far you can scale, what risks you can take, and even what kind of customers you can serve.

That is where the Banks and Other Financial Institutions Act, 2020 comes in.

The Banks and Other Financial Institutions Act, 2020 (BOFIA 2020) is the primary law that determines who can lend, how they can lend, and what happens when things go wrong. It replaced the 1991 version of the law and reflects how much the Nigerian financial system has changed, especially with the rise of digital lending and fintech infrastructure.

For lenders and credit providers, especially those building or scaling with platforms like Lendsqr, BOFIA 2020 is less about theory and more about operational reality. It shapes onboarding, product design, risk management, governance, and even how you recover loans.

This article walks through the Act in a way that connects the legal provisions to how lending businesses actually operate.

What BOFIA 2020 is really trying to do

At a high level, BOFIA 2020 sets out to formalize and supervise the entire financial intermediation process in Nigeria. It covers banks, microfinance institutions, finance companies, and extends into newer categories like fintech-enabled lenders and payment service providers.

The law reflects a shift in how regulators think about financial risk. The system is no longer just about traditional banks holding deposits and issuing loans. It now includes digital platforms that originate credit, distribute financial products, and manage borrower relationships without physical branches.

BOFIA 2020 responds to that shift in a few specific ways.

It broadens the scope of what qualifies as a regulated financial activity. If your business model involves lending or credit intermediation, the delivery channel does not exempt you from oversight.

It gives the Central Bank of Nigeria stronger authority to supervise institutions in real time. The regulator is not expected to wait for failure before taking action.

It introduces mechanisms for dealing with failing institutions without destabilising the broader system.

It also creates a structured approach to loan recovery, including provisions for a specialised Credit Tribunal. For lenders, this translates into a more controlled operating environment where regulatory expectations show up in everyday decisions.

Licensing: the first gate you cannot bypass (Sections 1–14)

The most immediate requirement under BOFIA 2020 is licensing. Sections 1 to 14 make it clear that no entity can carry on banking business or operate as a regulated financial institution without a licence from the Central Bank of Nigeria.

This is not a procedural formality. It is a strict entry condition.

Only companies incorporated in Nigeria are eligible to apply for a licence. The Central Bank has full discretion to grant or refuse applications, and it can impose conditions that limit what an institution can do. These conditions may define product scope, customer segments, or geographic reach. If a company carries on regulated activities without a licence, it is committing an offence.

From a lender’s perspective, this has a few direct implications. First, your legal structure matters. You cannot operate lending activities through informal arrangements or loosely defined entities.

Second, your licence type must align with your product offering. A microfinance bank, for example, cannot behave like a commercial bank simply because it has the technical capability to do so. Third, licensing is not a one-time event. The Central Bank can suspend or revoke licences, and those decisions can immediately affect your ability to operate.

For platforms like Lendsqr, this means lender onboarding cannot stop at collecting incorporation documents. Licence verification and ongoing validation have to be part of the system. If a lender’s licence status changes, the platform needs to detect that and respond appropriately.

Recommended read: Everything you need to know about the Central Bank of Nigeria act

The Central Bank’s expanded authority

One of the defining features of BOFIA 2020 is how much authority it gives the Central Bank of Nigeria.

The regulator can issue directives, conduct examinations, impose restrictions, and intervene directly in the management of financial institutions. It can also remove directors, appoint interim management, or take control of an institution that shows signs of distress.

This level of authority reflects a deliberate policy direction. The goal is early intervention rather than post-failure clean-up.

For lenders, this changes how compliance should be approached. It is no longer enough to meet minimum requirements on paper. The expectation is that institutions operate in a way that continuously aligns with regulatory standards.

If the Central Bank identifies weaknesses in your risk management or governance, it can act before those weaknesses translate into financial losses. That means compliance becomes an ongoing operational function rather than a periodic exercise.

Prudential regulation: where risk management becomes enforceable (Sections 24–28)

BOFIA 2020 empowers the Central Bank to define prudential standards that institutions must follow. These include requirements around capital adequacy, liquidity, credit concentration, and provisioning.

In practice, this affects how lenders structure their balance sheets and manage their loan portfolios.

Institutions are required to maintain minimum capital levels that reflect the scale and risk profile of their operations. Liquidity requirements ensure that they can meet short-term obligations without stress.

Credit concentration limits prevent excessive exposure to a single borrower or group of related borrowers. This is particularly relevant for lenders that work with corporate clients or high-value retail segments.

Provisioning rules require lenders to recognize potential losses early. Non-performing loans must be identified, classified, and provisioned for according to regulatory guidelines. These requirements are not abstract. They shape day-to-day decisions such as how much to lend, who to lend to, and how to price risk.

For digital lenders, this also means that algorithmic decisioning models must align with prudential expectations. If your credit model consistently produces high default rates, that becomes a regulatory issue, not just a business problem.

Platforms like Lendsqr need to support lenders in implementing these controls. This includes features for portfolio monitoring, loan classification, and reporting that aligns with regulatory formats.

Corporate governance: accountability moves to individuals (Sections 47–56)

BOFIA 2020 places significant emphasis on corporate governance. The law does not treat governance failures as abstract issues. It links them directly to institutional risk and assigns responsibility to specific individuals.

Directors and senior management must meet fit and proper criteria. Their experience, integrity, and track record are subject to regulatory scrutiny.

There are also limits on tenure and restrictions on holding multiple directorships. These provisions aim to prevent concentration of power and conflicts of interest.

Boards are expected to actively oversee risk management and internal controls. This is not a ceremonial role.

Perhaps more importantly, BOFIA 2020 introduces personal liability for directors and officers in cases of misconduct or negligence. If governance failures lead to losses or regulatory breaches, individuals can be held accountable.

For lenders, this changes how leadership teams should think about decision-making. Risk oversight cannot be delegated entirely to compliance units. It has to be embedded at the board and executive level. This also affects hiring decisions. Bringing in experienced management is not just about operational competence. It is also about meeting regulatory expectations.

Recommended read: Everything to know about the Nigeria credit reporting act

Credit administration: how lending itself is regulated (Sections 19–23)

BOFIA 2020 goes beyond who can lend and addresses how lending should be done.

The Act includes provisions that restrict insider lending and connected exposures. Loans to directors, officers, or related parties are subject to strict controls.

There are also limits on large exposures. Lenders cannot concentrate too much risk in a small number of borrowers. Credit processes must be documented and structured. This includes approval workflows, documentation standards, and monitoring procedures.

Provisioning for impaired loans is mandatory. Lenders must recognize when loans show signs of distress and account for potential losses. For many lenders, especially those scaling quickly through digital channels, this is where compliance becomes operationally demanding.

You cannot rely on informal credit processes or undocumented decision-making. Every loan needs to pass through a defined structure that can be reviewed and audited. Platforms like Lendsqr play a role here by enforcing workflow discipline. Credit policies can be translated into system rules, approval hierarchies, and audit trails.

This reduces the risk of inconsistent lending practices and helps institutions stay within regulatory expectations.

Enforcement: what happens when things go wrong (Sections 60–75)

BOFIA 2020 gives the Central Bank a wide range of enforcement tools.

These include administrative penalties, monetary fines, and operational restrictions. In more severe cases, the regulator can revoke licences or take control of an institution.

The Act also allows for the removal of directors and the appointment of interim management. One notable feature is the introduction of mechanisms to support loan recovery, including the concept of a Credit Tribunal. This creates a more structured path for enforcing credit obligations.

For lenders, enforcement risk is not limited to extreme scenarios. Even routine compliance failures can attract penalties.

This has two implications. First, institutions need to monitor compliance continuously. Waiting for regulatory audits to identify issues is not a viable approach.

Second, systems and processes must produce accurate and auditable records. If a regulator requests information, the institution should be able to provide it without delays or inconsistencies.

What BOFIA 2020 means for Lendsqr and similar platforms

For a platform like Lendsqr, BOFIA 2020 shapes both who can participate and how the platform itself should be designed.

Only licensed lenders can operate on the platform. This requirement affects onboarding, verification, and ongoing monitoring. The platform must also align with the regulatory scope of each lender. A lender’s licence determines what products it can offer, and the platform should enforce those boundaries.

Compliance cannot be treated as a one-time check during onboarding. It has to be continuous. Licence status, regulatory directives, and prudential requirements can change, and the platform needs to reflect those changes.

Reporting is another key area. Lenders are required to submit periodic returns to the Central Bank. Platforms that support data aggregation and reporting reduce the operational burden on lenders and improve accuracy.

In practical terms, this means building systems that can handle audit trails, generate reports, and support regulatory reviews.

What this means for borrowers, even if indirectly

While BOFIA 2020 focuses on institutions, it also affects borrowers in practical ways. When lenders operate within a regulated framework, borrowers benefit from a level of protection, as loan terms, collection practices, and dispute resolution processes fall under regulatory oversight. They also have access to formal channels if misconduct occurs.

For lenders, this sets a clear expectation around fairness and transparency, since aggressive or opaque practices can attract regulatory scrutiny and weaken reputation. Non-compliance under BOFIA 2020 carries tangible consequences, including financial penalties, operational restrictions, and even licence revocation. In more serious situations, officers may face civil or criminal liability.

There is also the less obvious cost of reputational damage. In a market where trust influences funding, partnerships, and customer acquisition, regulatory issues can have lasting effects. For lenders looking to scale, these risks can disrupt growth at critical stages.