CBN’s Data Localisation Mandate: Fintech Sector Faces Infrastructure Hurdles and Compliance Risks
The Central Bank of Nigeria’s (CBN) recent directive mandating the domestic storage and processing of all payment-related data has ignited significant apprehension within Nigeria’s fintech sector. This policy, set to take effect from January 2027, presents a six-month compliance window for financial institutions, payment companies, and fintech operators, raising critical questions about the nation’s infrastructure readiness, disaster recovery capabilities, migration complexities, and the long-term financial implications of adherence.
According to a circular issued on Monday, June 15, 2026, the CBN requires all entities facilitating payments in Nigeria to ensure that data generated within the financial system is hosted and managed domestically. While the apex bank asserts that this measure is designed to bolster the integrity, sovereignty, and resilience of Nigeria’s payment infrastructure, fintech executives express concerns that the directive could impose substantial operational strain if the local data ecosystem is not adequately prepared to handle the scale of data migration involved.
A primary concern for many fintechs, which currently rely on global cloud infrastructure providers like Amazon Web Services (AWS) and Microsoft Azure for critical functions such as transaction processing, fraud detection, and customer data storage, is the capacity and reliability of local data centres. The new policy permits continued engagement with global cloud providers, but mandates that these providers ensure data residency within Nigeria. This effectively necessitates a shift of workloads from foreign regions to domestic data centres operated by entities including Equinix’s MDXi, Rack Centre, Open Access Data Centres, Kasi Cloud, and telco-backed facilities from MTN Nigeria and Airtel Africa.
Adedapo Sobayo, co-founder and CTO of Rank, highlights that the core challenge lies not in the availability of local infrastructure, but in its capacity, reliability, and the potential for systemic disruption if the migration is executed hastily. “Of course, there are data centres in Nigeria, but the problem I have is the processing capacity of these data centres. The biggest companies in Nigeria are financial institutions, so what’s the quality of service that these data centres can offer?” he stated. Sobayo further notes that despite recent investments in Nigeria’s data centre landscape, many fintechs have not yet rigorously tested these facilities at production scale. This is a critical oversight in a market where the payments ecosystem processes over 14 billion transactions annually, and even minor disruptions can lead to widespread service degradation. A rushed migration without thorough testing risks destabilising services relied upon by millions.
Beyond capacity, the reliability and resilience of local infrastructure remain significant concerns. Unlike global cloud providers with decades of experience in building redundancy systems and multi-region failovers, Nigeria’s local infrastructure is still maturing. Musa Ganiyu, CEO of Payvessel, echoes this sentiment, pointing out that the policy’s focus on payment transaction data, rather than the broader supporting infrastructure, could complicate the transition. Ganiyu identifies disaster recovery as a critical gap. “The main problem is going to be disaster recovery. If a major incident happens on a local data centre where you host your data, and there’s no backup on a foreign server, that’s going to be a big problem,” he explained. Furthermore, the geographical concentration of most data centres in Lagos limits the availability of geographically distributed availability zones, a crucial failsafe mechanism for hedging against outages.
Infrastructure design is also a critical factor, as Sobayo points out. Data centres are often built for specific purposes, and their suitability for the demanding workloads of Nigeria’s fast-growing payments sector varies. The specialised nature of global infrastructure, with tightly aligned compute, networking, and inference layers, is difficult to replicate.
The immediate operational challenge of data migration itself is substantial. Moving large-scale financial systems from foreign cloud environments to domestic infrastructure requires more than simple file transfers; it involves re-architecting systems, replicating databases, validating data integrity, and ensuring uninterrupted transaction processing. Poorly executed migrations could lead to extended downtime, particularly if fallback systems are not robustly designed.
Cost is another significant consideration. Global cloud providers have historically offered incentives like cloud credits, which have helped fintechs scale without substantial upfront infrastructure investment. Local providers have offered less extensive support, meaning many early-stage companies face commercial pricing from the outset. While large enterprises may negotiate predictable pricing, smaller startups could encounter higher marginal costs. Furthermore, the 24/7 technical support and automated incident response offered by global providers are still developing in the local market, posing a risk for fintechs where downtime directly translates to financial losses and customer dissatisfaction.
Despite these considerable challenges, Sobayo remains cautiously optimistic, suggesting that the six-month transition period is achievable if institutions adopt a structured migration approach and secure the right infrastructure partners promptly.
