The FCCPC’s Digital, Electronic, Online, or Non-Traditional Consumer Lending Regulations 2025 (“DEON Regulations”) are promulgated under the Federal Competition & Consumer Protection Act (FCCP Act) 2018. In its preamble, the Regulation expressly states that it is made “pursuant to Section 163 of the FCCPC Act 2018” and invokes the Commission’s general consumer protection powers under Sections 17, 18 and 163 of the Act[1][2]. Thus the FCCPC already empowered by the FCCP Act to regulate anti-competitive or unfair practices is authorized to issue these rules to protect consumers and ensure competitive, transparent markets. The Regulations expressly reiterate that they supplement (and do not replace) any other legal obligations under sectoral laws, and that compliance with them does not excuse non compliance with other laws[3][2]. In sum, the Regulations rest on the FCCPC’s statutory mandate to protect consumers from “unfair and deceptive or unconscionable” practices in the marketplace.
The objectives of the Regulations mirror this mandate. They seek to harmonize Nigeria’s fragmented digital lending sector, promote transparency, and prevent exploitation of borrowers[4]. The FCCPC explicitly describes them as “standards, guidelines and guidance…in furtherance of [its] obligation and function to protect consumers and ensure a competitive and optimized market” (citing Sections 17(a),(g),(m),(s),(t),(x),(y) and 18 of the Act)[1]. In practice, this means imposing uniform rules on all forms of non-traditional lending (e.g. mobile phone, app based and other fintech loans), where previously oversight was limited or fragmented. The Regulations build on earlier interim guidelines (issued in 2022) but now constitute a “full, binding framework” for digital lenders[4]. By aligning with the FCCPC Act’s consumer‑protection goals, they aim to extend traditional financial-sector safeguards to the rapidly‑growing “loan app” and airtime credit industry.
Scope of the Regulations
The DEON Regulations have very broad applicability. By their terms they govern “all applicable transactions of unsecured loans, including any lending to consumers by way of cash, airtime, data, cashback, services, barter in exchange for monetary value” so long as the transaction is “digital, electronic, online or non-traditional”[5]. In plain terms, any app, platform or service that lends value (cash or otherwise) digitally to Nigerian consumers falls within scope. This encompasses cash loan apps, “buy‑now‑pay‑later” e‑commerce schemes, airtime/data advances by telecoms, peer‑to‑peer mobile lending, and even barter schemes provided they involve a verifiable monetary value. The Regulations explicitly extend to not only primary lenders but also vendors, service providers, partners or collaborators who benefit from lending transactions[6]. For example, a mobile money operator issuing “airtime loans” and any fintech partner sharing revenues with it must both comply.
Importantly, the scope is territorially broad. The rules apply to any person or business doing digital lending to consumers in Nigeria, whether operating physically or online[7][8]. Even if a lender is only licensed in a particular state or foreign jurisdiction, its activities “intended or [that] actually occur beyond state lines” fall under the FCCPC’s purview[9]. The Regulations also expressly cover situations where lending occurs through digital infrastructure crossing state boundaries or involving foreign partners[10]. Thus a foreign lender (or foreign based app) targeting Nigerian borrowers is caught if it operates a Nigerian language service or markets to Nigerian consumers. The rules also clarify that FCCPC approvals under this framework do not replace but may substitute for other sectoral licenses; however, they do not relieve lenders from obtaining any required banking or telecom licenses elsewhere[11].
In sum, virtually all modern consumer‑loan models in Nigeria are captured. As one legal analysis notes, “Any company or platform engaging in consumer lending via digital channels, whether in Nigeria or operating cross-border but serving Nigerian consumers, falls within the scope”[12]. The Regulations explicitly cover “Regulated Undertakings” (e.g. banks and telecoms) when they undertake consumer lending, and make such approvals concurrent with any sectoral regulation[13][14]. This wide net is deliberate: it aims to draw informal “loan apps” and nonbank platforms into a formal regulatory regime, and to prevent loopholes whereby a fintech might evade oversight by operating through a partner or foreign affiliate.
Registration and Licensing Requirements
A cornerstone of the DEON Regulations is mandatory registration and licensing of all digital lenders. All entities engaging in covered lending must apply for FCCPC approval. Section 7 provides that any lender in business before July 21, 2025 must apply for approval within 90 days of commencement. New entrants must likewise obtain approval before offering any loan service. Critically, no digital lending activity may be conducted without prior FCCPC approval[12]. In practical terms, every fintech, mobile money operator, airtime credit provider or informal “loan app” must complete a formal application. Anyone who had entered into collaborative lending partnerships (e.g. revenue sharing with agents or vendors) must also register those partnerships; indeed, a “Consumer Lending Services Agreement” between partners must be submitted as part of the application (see below)[15][16].
The application process is detailed and document-intensive. Regulation 12 and Schedule 1–3 specify exhaustive requirements. Applicants must submit: incorporation and CAC documents; the identities and profiles of directors, management and ultimate beneficial owners; audited financial statements (to evidence financial capacity); any relevant sectoral licenses (e.g. CBN, NCC)[15]; and copies of all lending contracts or terms of service[15][16]. Importantly, the application must include a standard Consumer Lending Services Agreement for the proposed lending (between the lender and any partners), covering all key terms. Regulation 13 then lists the minimum contents of that agreement, including inter alia the parties’ obligations, the nature of the lending service, detailed borrower rights, interest and fee structures, risk allocation, default recovery methods, and a data protection clause[16]. In other words, the contract itself is scrutinized for fairness (any unilateral or unfair term can cause rejection)[17].
Once submitted, the Commission has a short turnaround obligation: the Regulations set a 30‑day review period (subject to extension)[18]. If approved, the applicant must pay prescribed fees. An initial non‑refundable application fee of ₦100,000 is payable on filing[19]. Upon approval, Mobile Money Operators providing airtime/data loans pay ₦1,000,000, and Digital Money Lenders (cash loan fintechs) pay ₦1,000,000 for registration (covering up to two loan apps)[20]. Additional apps (beyond two and up to a five‑app cap) incur ₦500,000 each[21]. These amounts may be revised by future FCCPC guidelines. In short, applicants must budget at least ₦100k upfront and ₦1M on approval, plus potential additions for extra platforms.
Approvals have a finite duration. An FCCPC license expires on 31 December of the third year after issuance and must be renewed by 31 March of the following year[22]. Thereafter it renews every 36 months subject to payment of an annual levy (₦500,000) and satisfactory compliance[22]. Failure to renew automatically voids the license[23]. The Commission also retains broad revocation power: any material misrepresentation by the applicant, violation of the Act or these Regulations, or conduct “against the interests of Consumers” can trigger immediate termination of the approval[24][25]. Directors of non-compliant firms may even be disqualified (see Penalties below).
Key Takeaway: No digital lender may operate legally without FCCPC approval. This reforms the largely unregulated status quo. In practice, all fintech loan apps, BNPL providers, and even informal “social media loan sharks” will have to formalize into corporate entities, file applications, and pass muster. Partnerships (e.g. telecom-fintech collaborations) must be backed by approved contracts. The high compliance bar (detailed documentation, fee payments, periodic renewals) marks a significant shift toward formal oversight of Nigeria’s once wild west lending sector.
Consumer Protection Provisions
The Regulations impose extensive conduct rules to protect borrowers and ensure transparency. These are grouped under “Disclosure and Transparency”, “Fair Treatment”, “Responsible Conduct”, and related headings. Together they forbid the secretive, high-cost lending tactics that plagued many loan apps.
- Disclosure and Interest Rates: Lenders must fully disclose all loan terms (interest rates, fees, repayment schedule, penalties) in plain language before any loan is made[26]. Specifically, §17(a) requires that the consumer be given clear, unambiguous notice of “the terms of the Lending Service (including interest rates, repayment terms, and any associated fees)” in simple English, in a way “that shall not be misleading or deceptive”[27]. Websites and apps must conspicuously display up to date interest rates and charges[28], and the exact contract terms must be delivered to the borrower (digitally or otherwise) prior to disbursement[29]. Marketing and advertisements must likewise be factual and not exaggerate benefits[30]. In effect, the Rules outlaw “hidden” fees or surprise rate hikes: every cost must be spelled out in advance, mirroring consumer credit disclosure norms.
- Interest Rate Monitoring: The FCCPC also mandates periodic review of consumer lending rates[31]. Section 23 requires the Commission to ensure that rates are “not exploitative” and to issue guidelines under Section 163 of the Act to that effect[31]. (Although no explicit interest cap is stated, this empowers the FCCPC to monitor and potentially cap usurious practices.)
- Fair Treatment of Consumers: Section 18 obliges lenders to treat all borrowers fairly and without bias[32]. Contract terms may not be changed arbitrarily except as agreed in advance, and lenders must honor their own contract clauses[33]. Crucially, loan contracts cannot contain “unfair terms” as defined in Section 127 of the FCCPC Act (terms that create a significant imbalance to consumers)[34]. The Regulations spell out examples of prohibited clauses: for instance, contracts cannot waive lender liability for misrepresentation or negligence[35], cannot allow unilateral changes without notice[36], nor require a borrower to give up any statutory right[37]. In short, any one-sided provision that would exploit consumers is forbidden.
- Responsible Business Conduct: Beyond contractual fairness, lenders must follow ethical business practices. §19 prohibits predatory marketing: lenders may not bombard people with unsolicited credit offers, must not bundle loans into unrelated services, and may not impose unsolicited loan upgrades[38][39]. All lending must be “opt-in” only no automatic top-ups or pre‑authorized lending is allowed[38]. For example, a lender cannot automatically deposit additional loan amounts into a consumer’s account without the consumer’s explicit request and consent[38]. Customers must actively request each loan. The Regulations also outlaw unethical debt collection practices by implication: while there is no explicit “no harassment” clause, lenders are explicitly barred from acting inconsistently with agreed terms or exploiting consumers[33][40], and the FCCPC Act itself prohibits unconscionable practices. Lenders must establish consumer friendly complaint channels and respond promptly to queries[39][41].
- Privacy and Data Protection: Section 21 explicitly requires compliance with the Nigeria Data Protection Act 2023 and related rules[42]. Lenders must obtain customers’ express consent before collecting personal data (credit histories, phone records, etc.), must secure that data, and must use it only for permitted purposes. Consumers have the right to request a statement of their borrowing history within 24 hours[43]. These provisions aim to curb abusive practices such as lenders harvesting contacts for harassment or selling data without consent. By tying in the recent NDPA, the Regulations bring digital lenders under Nigeria’s data‑privacy framework.
- Complaints and Redress: The Regulations put the onus on lenders to handle complaints internally and on the FCCPC to provide an external avenue. Section 22 directs each lender to maintain a documented, independent complaint handling process and to resolve issues within 24–48 hours[41]. More importantly, any consumer may escalate unresolved disputes to the FCCPC. The FCCPC has set up a dedicated “Lenders’ Taskforce” and encourages aggrieved borrowers to email complaints to [email protected][44]. The Commission is empowered to investigate and mandate redress under its general consumer protections powers.
Summary: These consumer protection rules require maximum transparency, fairness and consumer consent. Borrowers must know exactly what they owe before accepting a loan; they must consent each time; and lenders must treat complaints swiftly. Hidden fees, surprise rate hikes, retracted contracts or harassment tactics are expressly banned or covered by anti-unfair practice rules[26][38]. In effect, the Regulations seek to align digital lenders with the responsible lending standards long imposed on banks and MFIs.
Competition and Reporting Safeguards
In recognition of the competitive dimension of lending, Parts 5–6 of the Regulations impose special safeguards. For example, any “Regulated Undertaking” (such as a mobile network operator) that provides airtime or data loans must use at least two intermediaries for service activation, one of which must be fully Nigerian owned[45]. This local content rule aims to promote indigenous participation in the lending value chain. The rules also forbid exclusivity or anti‑competitive arrangements between lenders and partners: any lending partnership involving a dominant provider requires FCCPC approval, and dominant lenders cannot tie up borrowers unfairly[46][47]. In practice, telecoms and fintechs must remain open to multiple partners and cannot give unfair advantages to select vendors. These competition measures dovetail with general FCCPC mandates (e.g. the Restrictive Agreements Regulations) and ensure that digital credit markets remain contestable rather than monopolized.
On reporting, the Regulations demand rigorous record‑keeping and transparency. Lenders must keep accurate transaction and complaint records, and they must file biannual and annual reports to the FCCPC detailing volumes, values, fees collected and complaints history[48][49]. The Commission can demand any records on 48 hours’ notice[50]. Importantly, lenders are directed to share consumer-loan data with credit bureaus (subject to NDPA rules)[51]. By feeding digital-loan transactions into the credit-reporting system, these rules seek to integrate digital lending into the broader credit architecture benefiting consumers by building credit histories, and benefiting responsible lenders by reducing information asymmetries.
Penalties and Enforcement
Violating the DEON Regulations carries strict sanctions. Any person or company contravening the rules faces sanctions “including fines, suspension of operations, or delisting” (revocation of approval)[52]. The prescribed fines are substantial: a corporate lender may be fined up to ₦100 million or 1% of turnover (whichever is greater)[53]. Individual officers (directors) can be fined up to ₦50 million each[53] and even banned from serving as directors for up to five years[54]. The Regulations explicitly allow the FCCPC to suspend or revoke a lender’s approval for any material breach (false information, prohibited practices, or any conduct “against the interests of consumers”)[24][25].
Thus, an errant fintech could literally be shut down or forced into bankruptcy if found abusing consumers. Moreover, the FCCPC can also levy fines through its general Administrative Penalties Regulations. For example, a telecom that fails to meet the “two intermediaries” requirement may face penalties under Section 23[45]. The credible threat of hefty fines and license revocation creates powerful incentives for compliance. It also signals that the FCCPC intends to treat digital lenders with the same enforcement muscle it applies to consumer goods and telecoms.
Implications for Lenders, Fintechs and Informal Platforms
These Regulations dramatically reshape Nigeria’s digital lending landscape. Registered fintechs and banks must re‑engineer their operations to comply. They will need legal review of loan contracts, new customer onboarding processes (to ensure clear disclosures and opt‑in consent), robust data security systems, and dedicated compliance teams. Partnerships with other firms (e.g. NBFCs partnering with apps) will require formal contracts and joint FCCPC applications[55][56]. Innovative platforms will incur higher overhead from fees (₦1M+) and from these compliance obligations, but will benefit from legal clarity and a level playing field. Traditional banks, which already obey strict lending rules, may see competitive opportunity: previously unregulated loan apps now face similar rules, reducing regulatory arbitrage and potentially making banks more competitive partners or service providers.
Fintech and mobile-money operators are squarely covered. For instance, a telco issuing airtime loans to customers must register as a Regulated Undertaking and meet all requirements, including use of local service providers[45]. An e-commerce platform offering “BNPL” financing will need its lending arm to be registered and will have to submit its lending agreement. Previously informal actors (social-media loan apps, personal network lenders, etc.) now cannot legally operate unless they incorporate and register. Many have already faced FCCPC enforcement under the Interim Guidelines; the 2025 Regulations leave no ambiguity that unlicensed lending is prohibited.
Informal and small-scale lenders face the stiffest challenge. Many loan-app operators have avoided any licensing, so obtaining FCCPC approval (and financing the 1M Naira fee) may be a barrier. The Commission has allowed some “justifiable exceptions” under the earlier guidelines[57], but going forward it will likely push all platforms to formalize or exit. This could purge the worst “loan shark” apps from the market, but it may also temporarily reduce credit availability if small players cannot or will not comply.
Finally, regulated industries must coordinate. The House of Representatives (Oct. 2025) expressed concern that FCCPC did not sufficiently consult other regulators (CBN for banks/microfinance, NCC for telecom lending, NDPC for data protection, etc.)[58]. Telecom associations (e.g. ALTON) have complained about potential conflict with NCC and CBN rules. In practice, lenders that straddle regulators (banks, telcos) will need to satisfy both FCCPC and sectoral rules. This parallel oversight raises compliance complexity and has even prompted legislative motions to suspend the Regulations pending harmonization[59][60]. Nonetheless, as it stands, digital lenders must engage with the FCCPC first and foremost, even as they hold any required sectoral licenses.
Consumer Protections and Remaining Gaps
The DEON Regulations contain many strong consumer-protection features. By demanding full upfront disclosure and prohibiting “opt-out” lending, they target core abuses that plagued many Nigerians (e.g. exorbitant hidden-interest loans pushed via deceptive apps). The requirement that credit data be reported to bureaus promotes transparency and could help borrowers build credit profiles, further protecting them from repeated predatory offers. The mandated complaints mechanism and stiff penalties give consumers formal redress channels and deterrents against abuse. Overall, the rules significantly enhance legal safeguards for vulnerable borrowers.
However, enforcement gaps remain. Critics note overlaps and ambiguities with other laws. For example, CBN’s microfinance and credit guidelines are not automatically preempted, and telecom operators worry that FCCPC’s “one fully local intermediary” rule conflicts with NCC/NIPC foreign-ownership rules[58]. The requirement to register and pay fees could push some platforms underground if not enforced. The FCCPC’s ability to police cross-border lenders is untested: many loan apps operate from abroad (e.g. in Asia) and might not cooperate with Nigerian enforcement, though any local-marketing or local partner is covered.
Additionally, while lenders must promise fair debt collection, the Regulations do not explicitly ban specific abusive collection tactics (e.g. social-media shaming or persistent calls). Such practices may still violate general Nigerian laws or the FCCPC Act’s unfair-practice provisions, but the Regulations could have been more explicit. The House’s recent motion also highlighted concerns about investor certainty overly stringent rules might stifle fintech innovation or drive capital away, contrary to goals of inclusion[61]. Balancing strict consumer safeguards with a dynamic digital economy will require ongoing attention.
Policy Context and Comparisons
The introduction of these rules reflects several policy goals. Chief among them is consumer protection. Nigeria’s policymakers have reacted to dozens of news reports of loan-app abuses (astronomical interest, harassment, data leaks) by creating a legal floor of borrower rights. Formalizing the industry also serves market stability: it discourages fly‑by‑night lenders and fosters trust in digital credit. The requirement to use at least one local service provider in airtime loans suggests an aim of economic inclusion and local capacity-building. By applying the same disclosure and data rules to digital lenders that apply to banks (and in line with Nigeria’s Data Protection Act 2023), the Regulation also extends global best practices to the local fintech arena.
In terms of financial inclusion, the rules are a double‑edged sword. On one hand, consumers gain a safer environment which may encourage more Nigerians to try formal digital credit. On the other hand, the compliance burden (especially for small fintechs) may raise costs and leave a gap until smaller players adapt. Policymakers seem to have judged that the long-term benefit of weeding out predatory lenders outweighs short-term contraction in supply.
Comparatively, Nigeria’s approach is now among the stricter in Africa. Some other countries have similar regimes: e.g., Kenya’s central bank is finalizing regulations for digital credit providers (proposed in 2025) that also emphasize licensing, disclosures, and borrower consent[62]. In India, the RBI’s recent Digital Lending Directions (2025) likewise mandate that lending apps fully disclose key facts to borrowers and that loans flow directly into borrower accounts, effectively banning ghost lending[63]. These global trends show convergence around transparency and consumer‑safety in fintech. Nigeria’s DEON Regulations echo these themes, though with uniquely local features (like the local-intermediary requirement).
Finally, the Regulations replace an earlier Interim Framework from 2022, which was largely voluntary and advisory. The new rules are mandatory and far more detailed. The 2022 Guidelines had required loan apps to register by a November 2022 deadline, but faced compliance delays and had no teeth[64]. By contrast, the 2025 Regulations enshrine those registration requirements into law and attach significant penalties. In practice, this marks a shift from a soft “guidance” to a hard regulatory regime, reflecting the FCCPC’s move from warnings to enforcement.
Conclusion
The FCCPC’s 2025 digital lending Regulations create a comprehensive legal regime for Nigeria’s booming fintech credit sector. They rest on solid statutory authority and set out clear, detailed rules covering registration, lending contracts, pricing, advertising, data privacy, complaints and penalties. For digital lenders and fintechs, the rules impose substantial compliance obligations requiring formal licensing, transparent operations and coordination with other regulators. For consumers, the Regulations promise much stronger protections against hidden fees, harassment and data abuse. Implementation will be challenging, however, due to overlapping jurisdictions (CBN, NCC, NDPC) and the informal nature of many current lenders. Early reactions (including a motion in the House) suggest industry and regulators will need to collaborate on harmonization. Nonetheless, by formalizing Nigeria’s digital credit market, the FCCPC aims to foster financial inclusion and consumer confidence helping the country realize the benefits of fintech innovation while minimizing its risks[4][61].
Sources: Primary text of the DEON Regulations[1][65][21][26][38][52] and expert summaries[4][12][58].
[1] [2] [3] [5] [6] [8] [9] [10] [11] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37] [38] [39] [40] [41] [42] [43] [44] [45] [46] [47] [48] [49] [50] [51] [52] [53] [54] [55] [56] [65] Digital Consumer Lending 2025 Latest | PDF | Loans | Interest
https://www.scribd.com/document/913543362/Digital-Consumer-Lending-2025-Latest-1
[4] [7] Nigeria’s 2025 Consumer Lending Regulations: Key Frameworks and Guidelines
https://www.shqlegal.com/publications/understanding-the-2025-digital-electronic-online-and-non-traditional-consumer-lending-regulations-in-nigeria
[12] Demystifying Deon: Your Essential Guide To The FCCPC’S Latest Lending Rules – Dodd-Frank, Consumer Protection Act – Nigeria
https://www.mondaq.com/nigeria/dodd-frank-consumer-protection-act/1692284/demystifying-deon-your-essential-guide-to-the-fccpcs-latest-lending-rules
[57] [64] Policy change – Digital Policy Alert
https://digitalpolicyalert.org/change/12880-federal-competition-and-consumer-protection-commission-limited-interim-regulatoryregistration-framework-and-guidelines-for-digital-lending-2022
[58] [59] [60] [61] Reps Move to Stop Implementation of FCCPC Digital Lending Regulations – Democracy Radio
https://democracyradio.ng/reps-move-to-stop-implementation-of-fccpc-digital-lending-regulations/
[62] [PDF] Draft-Central-Bank-of-Kenya-Non-Deposit-Taking-Credit-Providers …
https://www.centralbank.go.ke/wp-content/uploads/2025/08/Draft-Central-Bank-of-Kenya-Non-Deposit-Taking-Credit-Providers-Regulations-2025.pdf
[63] THE RBI’S DIGITAL LENDING DIRECTIONS, 2025: A UNIFIED CODE FOR A FRAGMENTED SECTOR? – Legal Developments