The Nigerian Regulatory Landscape
| Regulator | Primary Jurisdiction | Key Requirements |
|---|---|---|
| Central Bank of Nigeria (CBN) | Banks and financial institutions | AML/CFT, KYC, capital adequacy, consumer protection |
| Securities and Exchange Commission (SEC) | Capital market operators | Disclosure, registration, market conduct |
| NAICOM | Insurance companies | Solvency, product standards, claims handling |
| FIRS | All taxable entities | CIT, VAT, PAYE, transfer pricing |
| NDPC | Data controllers and processors | NDPA 2023 — data protection, breach notification |
| EFCC / ICPC | All organizations | Financial crimes, corruption, asset recovery |
| CAC | All registered companies | CAMA 2020 — annual returns, beneficial ownership |
Building a Compliance Management System (CMS)
A Compliance Management System provides the organizational structure, processes, and tools to systematically identify, assess, and manage compliance obligations. ISO 19600 (now superseded by ISO 37301) provides the international standard for CMS design.
- Leadership and commitment: Board and senior management must visibly own compliance — not delegate it entirely to the compliance function
- Compliance obligations register: A comprehensive, living document of all applicable laws, regulations, standards, and contractual commitments — updated as the regulatory environment changes
- Risk-based compliance planning: Resources allocated based on the potential impact and likelihood of compliance failure, not on regulatory category alone
- Compliance controls: Specific policies, procedures, and operational controls designed to ensure each compliance obligation is met
- Training and awareness: All staff understand their specific compliance obligations and the consequences of failure
- Monitoring and review: Ongoing assessment of whether compliance controls are working and whether the regulatory landscape has changed
- Reporting and escalation: Compliance failures, near-misses, and regulatory communications reported promptly to appropriate organizational levels
The Role of the Compliance Officer
The Compliance Officer (or Chief Compliance Officer in larger organizations) is responsible for designing, implementing, and monitoring the CMS. Critically, the CCO must have:
- Direct access to the board and audit committee — not just management
- Authority to halt non-compliant activities — not just report them
- Adequate resources — staff, budget, and technology — to fulfil the function's mandate
- Independence from revenue-generating functions to avoid conflict of interest
Compliance Programme Effectiveness — Key Metrics
- Number of regulatory breaches in the period vs. prior period
- Percentage of staff who have completed mandatory compliance training
- Number of regulatory enquiries or examinations initiated
- Time from identification to resolution of compliance issues
- Percentage of compliance action items closed within agreed timelines
Key Takeaway
Regulatory compliance in Nigeria's active enforcement environment is not optional — it is a survival requirement. Organizations that build genuine compliance management systems, allocate adequate resources, and hold management accountable for compliance outcomes protect themselves from regulatory action, reputational damage, and the operational disruption that follows a significant compliance failure.
Read: AML & Financial Crime →