Fintech founders in Nigeria are not arguing with the Central Bank’s plan to keep payment data within the country. Their bigger question is whether local infrastructure can handle the job without pushing up costs or creating new operational risks.
This discussion has gathered pace since the CBN directed banks, fintechs and other financial institutions to store payment data in Nigeria by January 2027.
The policy aims to improve oversight and ensure sensitive financial information remains under Nigerian jurisdiction.
While founders say they understand the push for stronger oversight and data sovereignty, many are also asking whether the country’s digital infrastructure is ready for such a transition.
Chibueze Damian, founder and CEO, Paymita, said his first reaction was concern.
“While I understand the objective of improving data sovereignty and regulatory oversight, Nigeria’s data centre ecosystem is still not there yet and also it is still developing and may not yet offer the same scale, reliability, redundancy, and cost efficiency available in some global cloud environments.”
Damian said infrastructure reliability is very critical for fintech businesses whose services depend on uninterrupted operations.
“Any policy that limits infrastructure choices without equivalent local alternatives could increase costs and operational risks.”
Still, he believes the CBN directive for data localisation could provide long-term benefits if it attracts sustained investment into Nigeria’s digital infrastructure.
“At the same time, I see the policy as an opportunity to bring in investment in Nigeria’s digital infrastructure over the long term.”
Roosevelt Elias, founder and CEO of Payble, views the directive differently. In his opinion, the CBN is not introducing a new policy but enforcing a direction it has signalled for years.
“This is not new policy. The CBN has signalled data localisation intent for years. What this circular does is put a deadline behind it, and that is the right move. A regulator that issues a directive and actually enforces it is better for the sector than one that files its own circulars away and moves on.”
He believes the conversation goes beyond data sovereignty and touches the structure of Nigeria’s digital economy.
“Nigeria loses an estimated $850 million annually in cloud revenue to foreign providers. That money funds data centres in Ireland and Virginia, not Lagos.”
Damian said regulators are ultimately aiming for stronger data security, regulatory access and better control over sensitive payment information. However, he stressed that local infrastructure must be able to meet the demands of fast-growing fintech companies if the policy is to achieve its goals.
He expects the first impact to be felt in infrastructure planning and compliance spending.
“Fintechs may need to review their hosting arrangements, data architecture, and partnerships to ensure compliance with the directive.”
Roosevelt also pointed to the fact that one of the biggest weaknesses in Nigeria’s payments ecosystem is not fraud but fragmented transaction records spread across different systems.
“A significant share of transaction data in Nigeria sits across fragmented processors and poorly reconciled systems. That makes it nearly impossible to detect systemic risk before it builds.”
The result, he said, is that many businesses process significant transaction volumes but remain invisible to lenders.
“The most consistent pattern I see is businesses doing real transaction volume with no credit identity, not because they are not creditworthy, but because their financial history never cohered into something a bank could read or act on.”
While he considers the CBN data localisation policy an important step, he cautioned that location alone will not solve every problem.
“The directive does not mandate standardised data formats or API-level regulatory access, and those things matter as much as geography.”
On the issue of compliance, both founders expect additional costs. Damian believes fintech firms will need to reassess their hosting arrangements and data architecture before the deadline arrives.
Roosevelt said the migration itself is manageable because domestic data centre providers already operate in Nigeria and additional capacity is being developed. His bigger concern is the recurring compliance burden that follows.
“The harder cost is the one that does not appear in any infrastructure budget: the compliance audit trail.”
He said ongoing security certification and audit requirements could become a permanent operational expense, especially for smaller operators without dedicated compliance teams.
Despite their concerns, both founders believe the directive could strengthen Nigeria’s fintech ecosystem if infrastructure investment keeps pace with regulation.
“I believe it can strengthen the ecosystem in the long term if accompanied by significant investment in local data centre capacity and reliability,” Damian said.
“Without that support, smaller startups may face higher costs and operational challenges that could slow innovation and growth in Nigeria fintech space.”
For Roosevelt, the biggest test electricity supply and operating conditions for data centres.
“The risk is on the power side. Nigerian data centres currently run diesel backup that can account for up to 40% of operating costs.”
He believes the next two years will determine whether the policy delivers lasting infrastructure improvements or simply increases costs for operators.
With the January 2027 deadline in sight, financial institutions are beginning to prepare for payment data to remain within Nigeria’s borders, but then, the infrastructure needed to support that purpose should be made ready in time.
