Tackling Financial Cybercrime In Nigeria: The Role Of Law, And Other Regulatory Bodies -By Oluwaleye Adedoyin Grace

ABSTRACT

This article explores the challenge of financial cybercrime in Nigeria and examines the roles of law and regulatory bodies in addressing it. It highlights key legislation such as the Cybercrimes Act 2015 (amended 2024), the EFCC Act 2004, and the Money Laundering Act 2022, which provide the legal framework for prosecuting financial cybercrimes. The use of the National Identification Number (NIN) for identity verification is discussed as an important measure to prevent fraud. The article also outlines the contributions of agencies like the EFCC, ngCERT, NIBSS, and NDIC in enhancing financial security and consumer protection. It emphasizes the need for adaptive policies and stronger compliance to combat evolving cyber threats effectively.

INTRODUCTION

With the digitization of financial services, Nigeria has experienced a concurrent rise in financial cybercrime, including phishing, identity theft, and online fraud. This escalating menace erodes public trust in financial institutions and adversely affects the broader economy. As cybercriminals exploit technological advances to perpetrate fraud, identity theft, and money laundering, effective legal and regulatory responses have become imperative. This article examines how Nigeria’s evolving legal framework and the proactive roles of regulatory bodies are critical in combating financial cybercrime, safeguarding the nation’s financial system, and promoting trust in digital transactions.

DEFINITIONS AND SCOPE OF FINANCIAL CYBERCRIME

Adrian Constantin Stanila, Head of Cyber Security Incident Response at Visma, defines financial cybercrime as profit-driven criminal activity conducted through cyber means to obtain financial gain. This includes offenses such as identity fraud, ransomware attacks, and unauthorized access to financial accounts .

The principal legal definition in Nigeria is provided by the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015, as amended in 2024. This legislation criminalizes acts including cyber fraud, identity theft, phishing, electronic forgery, and unauthorized access to financial systems. The statutory framework also addresses offenses such as manipulation of payment technologies (including ATMs and Point of Sale terminals), deployment of malware to disrupt financial data, and cyber-enabled money laundering.

This Act works in conjunction with other relevant laws, notably the Economic and Financial Crimes Commission (Establishment) Act 2004 and the Money Laundering (Prohibition) Act 2022, which collectively regulate financial crimes facilitated by cyber means .

Therefore, financial cybercrime in Nigeria can be understood as criminal activities involving the use of computers, networks, or electronic communication systems to unlawfully access, manipulate, or steal financial assets or information.

STATISTICS ON FINANCIAL CYBERCRIME IN NIGERIA

Financial cybercrime is a major issue in Nigeria, accounting for nearly a third of reported financial crimes in the country. The Economic and Financial Crimes Commission (EFCC) estimates annual losses from these crimes to exceed ₦500 billion . Cases have risen by approximately 20% each year from 2022 to 2024, reflecting both growing digital financial use and better reporting .

Phishing and online fraud make up around 45% of cybercrime cases, with unauthorized access, identity theft, and cyber-enabled money laundering also significant. Since introducing mandatory customer identity verification using the National Identification Number (NIN) in 2023, reported incidents to the National Computer Emergency Response Team (ngCERT) increased by 15%, showing improved detection .

Law enforcement has secured over 1,000 convictions in related cases between 2023 and 2025. Financial institutions also demonstrate strong compliance, with over 90% reporting suspicious transactions as required by the Money Laundering (Prohibition) Act 2022, aiding efforts to track illicit funds .

LEGAL FRAMEWORK FOR TACKLING FINANCIAL CYBERCRIME

The cornerstone of Nigeria’s cybercrime legislation is the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015, amended in 2024. The 2024 amendments strengthened the legal regime by enhancing reporting protocols, reducing the timeframe for cyber threat notifications to 72 hours, and establishing sectoral Security Operations Centers (SOCs) alongside the National Computer Emergency Response Team (ngCERT), thereby improving incident response agility .

A recent landmark case illustrating the application of this framework is EFCC v. Kehinde Odeyemi & Ors . The defendants were charged with conspiracy to steal by manipulating server and domain credentials of Premium Trust Bank to gain unauthorized access to its database. They were arraigned under Sections 27 and 28(1)(b) of the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 (as amended) .

A significant innovation within the framework is the mandatory verification of customer identities for electronic financial transactions using the National Identification Number (NIN) issued by the National Identity Management Commission (NIMC). This measure aims to curb anonymous fraudulent activities. For example, in EFCC v. Chika Stanley Okoh , the accused was convicted for online impersonation under Section 22(3) of the Cybercrimes Act 2015 and sentenced to 18 months’ imprisonment or a ₦1,000,000 fine plus community service. Similarly, FRN v. Wilfred Fajemisin   reflects ongoing judicial enforcement in this area.

Complementing the Cybercrimes Act, the Economic and Financial Crimes Commission (Establishment) Act 2004 empowers the EFCC to investigate and prosecute economic and financial crimes with cyber elements, including money laundering and advance-fee fraud. The Money Laundering (Prohibition) Act 2022 supports these efforts by requiring financial institutions to report transactions exceeding US$10,000 to regulators, thereby facilitating the tracking of illicit financial flows. Notably, in EFCC v. Solomon Stephen Ufayo , the accused was convicted for posting false bank documents to defraud ₦2,404,000 and sentenced to one year’s imprisonment or a ₦500,000 fine alongside community service. Another case, Nigeria Police Force v. Rabiu Aliyu Salisu , further demonstrates active enforcement.

Overall, Nigeria’s robust legal framework is actively enforced with judicial responses spanning cases involving insider cyber fraud, cyberterrorism, and international syndicates .

ROLE OF LAW AND REGULATORY BODIES

The roles of law and regulatory bodies in combating financial cybercrime in Nigeria are distinct yet complementary, collectively aimed at safeguarding the integrity of the financial system and enhancing cybersecurity.

ROLE OF LAW

1. Criminalization and Definition of Offenses: The Cybercrimes (Prohibition, Prevention, Etc.) Act 2015 (as amended in 2024) explicitly defines and criminalizes a range of financial cyber offenses, including identity theft, phishing, unauthorized access to financial systems, electronic forgery, cyber fraud, and money laundering conducted through digital means.

2. Protection of Critical National Infrastructure: The legislation designates certain financial infrastructures as critical national information infrastructure and imposes severe penalties for any attacks that disrupt or damage these vital systems .

3. Obligations for Reporting and Data Protection: The Act mandates financial institutions and service providers to implement robust safeguards for protecting sensitive customer data, restrict unauthorized access, and promptly report cyber incidents to authorities such as the National Computer Emergency Response Team (ngCERT).

4. Enforcement Powers: The law grants law enforcement agencies comprehensive investigative and prosecutorial authority, enabling them to obtain search warrants, make arrests, seize evidence, and prosecute offenders in Federal High Courts throughout Nigeria.

5. Jurisdiction and International Cooperation: The Act clarifies jurisdictional reach, permitting Nigerian courts to try cybercrime cases regardless of the geographic origin of the offense, and facilitates international collaboration in investigating and prosecuting cross-border cybercrimes.

6. Establishment of Advisory and Funding Bodies: The legislation also establishes institutional mechanisms such as the Cybercrime Advisory Council and the National Cyber Security Fund, which support policymaking, capacity building, and public awareness initiatives .

ROLE OF REGULATORY BODIES

1. Central Bank of Nigeria (CBN): The CBN establishes cybersecurity standards for financial institutions through frameworks such as the Risk-Based Cybersecurity Framework and related guidelines.

2. Nigerian Communications Commission (NCC): The NCC regulates telecommunications operators to ensure the security of communication infrastructure and enforces compliance with data protection and cybersecurity standards .

3. Economic and Financial Crimes Commission (EFCC): The EFCC is responsible for investigating and prosecuting financial cybercrimes. It actively traces and recovers assets linked to cyber fraud and related economic offenses, contributing significantly to the legal enforcement landscape .

4. Nigeria Inter-Bank Settlement System (NIBSS): NIBSS oversees the security of interbank payment systems and continuously monitors transaction patterns to identify anomalies, thereby playing a crucial role in detecting and preventing cyber fraud.

5. Nigeria Deposit Insurance Corporation (NDIC): NDIC supports efforts to monitor banking frauds and contributes to consumer protection by promoting confidence in the banking system.

6. Collaboration Mechanisms: These regulatory bodies collaborate extensively through inter-agency task forces, intelligence-sharing platforms, joint operations, and public-private partnerships.

CHALLENGES

1. Inadequate technical expertise among law enforcement and judiciary.

2. Rapidly evolving cybercrime techniques requiring agile policy responses.

3. Limited public awareness and preventive education.

4. Jurisdictional complexities in cross-border cybercrime prosecution.

RECOMMENDATION

1. Expanded capacity-building programs for stakeholders s

2. Stricter compliance enforcement for financial institutions

3. Enhanced public cyber literacy campaigns,

4. Deepened international cooperation to address extraterritorial challenges.

CONCLUSION

In conclusion, the fight against financial cybercrime in Nigeria hinges on a robust legal framework supported by vigilant regulatory bodies. Recent legislative advancements and enforcement successes demonstrate the nation’s commitment to protecting its financial ecosystem from evolving cyber threats. However, ongoing collaboration, technological adaptation, and public awareness remain essential to sustain progress and address emerging challenges, particularly those posed by cross-border cybercrime. Strengthening these efforts will be vital to securing Nigeria’s digital financial future and restoring public confidence in electronic transactions.