CBN's Open Banking Guidelines: Implications for Non-Bank Entities
It is often assumed that the Central Bank of Nigeria’s (the “CBN”) Open Banking Framework and related guidelines ( the “Open Banking Guidelines”) are relevant only to banks and licensed fintech companies. However, a closer reading of the Open Banking Guidelines suggests that its application may be significantly broader, extending to any company that holds or consumes financial data through APIs, regardless of sector.
The Legal Basis for Broad Applicability
First, section 6.1 of the CBN Operational Guidelines for Open Banking (2023) states unambiguously that only entities that are registered on the Open Banking Registry are eligible to participate in the open banking ecosystem, either as API Providers or API Consumers.
Secondly, the Open Banking Guidelines define API Providers and API Consumers based not on sector, but on function, that is, whether an entity holds financial data and exposes it via APIs (i.e., an API Provider), or whether it accesses financial data through APIs (i.e., an API Consumer). We find no provisions that expressly limit or restrict these roles to licensed banks or fintechs. This suggests that any company, regardless of sector, that shares or accesses customer financial data via APIs must register with the Open Banking Registry (the “OBR”) and comply with the Guidelines.
Although the Open Banking Guidelines do not define financial data in specific terms, it appears that the categories of financial data which may trigger application under the Guidelines are limited to:
(a) Product and service information (PIST)
(b)Market insights (MIT)
(c) Personal information and transaction data (PIFT)
(d) Profiling and scoring data (PAST).
This structure reflects a deliberate move by the CBN towards a truly open banking system, and anticipates participation by non-traditional financial entities such as telecom companies, payment processors, retailers, ride-hailing platforms, payroll providers, insurance firms, and investment platforms.
Regulatory Risk of Non-Compliance
Except the CBN provides some clarification regarding the scope of the Open Banking Regulations, the implications for non-bank and non-fintech entities can be material. We discuss some considerations as follows:
Unregistered participation in Open Banking: Companies that exchange financial data through APIs without registering on OBR expose themselves to CBN enforcement, and potentially to liability under Nigeria’s data protection laws for unauthorized data processing.
Companies may inadvertently fall within scope: To illustrate this concern, a ride-hailing company that exposes driver earnings data to a lending platform, or an HR tech company offering payroll APIs to salary advance providers, may, subject to clarification from the CBN, be caught within the scope of the Guidelines and may therefore need to comply, even if they do not hold a financial services licence.
Liability and reputational exposure: In the event of a data breach or dispute involving shared financial data, a non-registered entity may be viewed as operating unlawfully, thereby limiting its ability to enforce agreements or benefit from legal protections afforded to compliant participants.
Conclusion
It may be prudent for legal and compliance teams within non-bank organizations to conduct a regulatory impact assessment of their API-driven data flows to determine whether financial or transactional data processed falls within the scope of the Open Banking Guidelines.
Balogun Harold's insights are shared for general informational purposes only and do not constitute legal advice. For tailored guidance, please contact our Technology Lawyers at bhlegalsupport@balogunharold.com

Olu A.
LL.B. (UNILAG), B.L. (Nigeria), LL.M. (UNILAG), LL.M. (Reading, U.K.)
Olu is a Partner in the Firm’s Transactions & Policy Practice. Admitted as a Barrister & Solicitor of the Supreme Court of Nigeria in 2009, he has spent over a decade advising clients on high-value transactions and policy matters at some of Nigeria’s leading law firms.
olu@balogunharold.com
Kunle A.
LL.B. (UNILAG), B.L. (Nigeria), LL.M. (UNILAG), Barrister & Solicitor (Manitoba)
Kunle is a Partner in the Firm’s Transactions & Policy Practice. Admitted as a Barrister & Solicitor of the Supreme Court of Nigeria in 2009, he has spent over a decade advising clients on high-value transactions and policy matters at some of Nigeria’s leading law firms.
k.adewale@balogunharold.comRelated Articles
The Host Community Development Trust: Key Commercial Issues
A central issue concerns the scope of the powers of the Nigerian Midstream and Downstream Petroleum Regulatory Authority to issue the Midstream Petroleum (Host Communities Development Trust) Regulations 2024.
Payment Transaction Data Localisation in Nigeria: New CBN Rules and Their Legal Implications
While the CBN payment transaction data directive appears straightforward, its legal implications depend on how its key requirements are interpreted and operationalised in practice.
The Legal Framework for Classified Information in Nigeria: Key Considerations
It would be prudent for the Federal Government undertake a comprehensive review of the Official Secrets Act to ensure that it reflects contemporary national security, technological and governance realities.
Data Localisation in Nigeria: Key Considerations for Cloud Service Providers and AI Companies
Nigeria does not yet have a single, economy-wide data localisation statute. Instead, the regime has developed incrementally on a sector-by-sector basis, through a combination of primary legislation, sectoral regulations, licensing conditions, and regulatory guidelines issued by agencies