The Central Bank of Nigeria (CBN) has fixed 18 years as the minimum age for the registration of the Bank Verification Number (BVN) as part of new measures aimed at strengthening identity verification and improving security across Nigeria’s banking system.
The directive was contained in a set of circulars issued by the apex bank to banks, financial institutions and payment service providers on March 12, 2026.
Under the new rule, only individuals aged 18 and above will be eligible to enrol for a BVN. The CBN said the policy is intended to strengthen customer identification processes and reduce the misuse of bank accounts for fraudulent activities.
As part of the reforms, the apex bank also introduced tighter monitoring controls within the BVN system to help track suspicious transactions across the financial sector.
According to the circular, financial institutions are now required to create temporary watchlists for BVNs linked to suspected fraudulent activities. Such BVNs may remain on the watchlist for up to 24 hours while the affected customers are contacted to clarify the transactions.
The CBN explained that the measure would allow banks to respond swiftly to suspicious activities while still giving customers the opportunity to confirm legitimate transactions.
In another adjustment to BVN operations, the apex bank placed restrictions on changes to phone numbers linked to BVN records. Customers will now be allowed to modify the phone number associated with their BVN only once, a move the CBN said is designed to prevent fraudsters from repeatedly altering contact details to bypass security checks.
The bank also stated that access to the BVN database will remain restricted to financial institutions licensed by the regulator, although exceptions may be granted in special circumstances in line with existing laws. The new BVN regulations are expected to take effect from May 1, 2026.
Alongside the BVN reforms, the apex bank announced new security requirements for instant payment services used for electronic transfers between banks.
Under the new arrangement, customers will have the option to voluntarily opt out of instant transfer services if they wish to temporarily stop electronic transfers from their accounts. Once the opt-out feature is activated, transfers will not be possible either within the same bank or to other banks, although customers may still conduct transactions by visiting bank branches.
The CBN added that the opt-in and opt-out process must be secured with multi-factor authentication to ensure that only the account owner can activate the feature.
Customers will also be permitted to set their own transaction limits for instant payments. While the existing maximum limits of ₦25 million for individuals and ₦250 million for corporate accounts remain unchanged, customers may choose lower limits to reduce exposure to fraud.
Any adjustment to transaction limits must undergo enhanced verification and risk assessment by the financial institution, according to the directive.
The apex bank further directed banks to deploy enterprise fraud monitoring systems capable of tracking incoming and outgoing transactions in real time in order to quickly detect suspicious activities.
In addition, banks must strengthen identity verification when customers open accounts online or attempt to reactivate dormant accounts. The CBN said accounts opened digitally must undergo liveliness checks, while customer details must be validated immediately against the National Identity Management Commission database through the National Identity Number (NIN) system as well as the BVN platform.
Enhanced authentication tools such as biometric verification, soft tokens and hard tokens are also expected to be used during online account reactivation.
The regulator also introduced new security requirements for mobile banking applications. Under the guidelines, a mobile banking app will be permitted to operate on only one device at a time, preventing customers from using the same application simultaneously on multiple phones.
Where a customer switches to a new device, the application will require fresh authentication before it becomes active.
The CBN also set temporary transaction limits for newly activated mobile banking applications. Within the first 24 hours of activation, the maximum amount that can be transferred will not exceed ₦20,000, whether the account is new or an existing account being accessed on a new device.
Similarly, customers logging into internet banking on a new device for the first time will be required to complete additional authentication procedures. The instant payment security rules will take effect from July 1, 2026.
In a separate circular, the apex bank also revised guidelines on the management of dormant accounts and unclaimed balances in the banking sector.
Under the new directive, banks will be allowed to accept requests for the reactivation of dormant accounts through alternative channels instead of requiring customers to visit bank branches physically, provided strong identity verification procedures are in place.
The CBN also removed the requirement for customers to submit affidavits when reactivating dormant accounts, as long as the funds in the account have not been transferred to the Unclaimed Balances Trust Fund Pool Account.
However, affidavits will still be required when customers seek to reclaim funds that have already been transferred to the trust fund pool.
The regulator further directed banks and other financial institutions to improve transparency by publishing information on dormant accounts and unclaimed balances.
Under the directive, banks must display details such as the name of the account holder, the type of account, the name of the bank and the branch where the account is domiciled on their official websites.
Banks without operational websites are expected to publish the information on the websites of their industry associations, while the list of dormant accounts must also be published once every year in at least two national daily newspapers.
Where the list is extensive, banks may publish a short notice directing customers to a section of their website where the full details are available.
State and unit microfinance banks are exempt from newspaper publication but must display the information at their business locations.
The CBN explained that the publication of such information does not violate the Nigeria Data Protection Act 2023, noting that the law permits the processing of personal data when it is necessary to comply with legal obligations.
The apex bank added that its authority to issue the directive is backed by provisions of the Banks and Other Financial Institutions Act 2020, which empowers the regulator to set guidelines on the management of unclaimed funds held by financial institutions.
The circular on dormant accounts takes immediate effect and replaces an earlier directive issued in February 2025.
