CBN Audits: Key Considerations for Fintechs & Microfinance Banks

As fintechs and microfinance banks continue to scale across Nigeria’s dynamic financial ecosystem, regulatory scrutiny from the Central Bank of Nigeria (CBN) is intensifying. One key oversight tool in the CBN’s regulatory arsenal is the CBN audit, a process which newer operators, like fintechs and microfinance banks, often find unclear, reactive, or even intimidating. This article sheds some light on the regulatory rationale for a CBN Audit.

What Is a CBN Audit?

A CBN audit is an on-site or off-site examination conducted by the Central Bank of Nigeria to assess a regulated financial institution’s compliance with applicable laws, regulations, guidelines, and prudential requirements. It may involve:

1. Review of internal controls and risk management systems.

2. Scrutiny of customer onboarding and KYC/AML processes

3. Assessment of financial soundness, liquidity, and capital adequacy

4. Evaluation of your IT and cybersecurity systems

5. Inspection of governance structures, board oversight, and records

CBN typically exercises its powers through the Banking Supervision Department, Other Financial Institutions Supervision Department (OFISD), or Payments System Management Department, depending on the license type.

Types of CBN Audits.

The BOFIA empowers the CBN to conduct audits of its licensees. The types of CBN Audits allowable under the BOFIA are.

A. Routine (or On-site) Examination: These kinds of audits are conducted periodically and may often involve a physical visit from the CBN examiners. The aim of such audits will be to review financial records and loan books, risk management frameworks, compliance with corporate governance rules, and customer due diligence and AML compliance

B. Special (or Targeted) Examination: Special examinations are conducted when there’s a red flag or specific concern, such as sudden liquidity stress, reports of insider lending or non-performing loans, whistle-blower complaints, and breaches of prudential guidelines.

Off-site Surveillance

The CBN continuously monitors banks off-site using regular reports submitted by the institutions, such as: (a) Monthly returns (financial and operational), (b) Prudential ratios (e.g., liquidity, capital adequacy), (c) Foreign exchange exposure, or (d) Loan performance data. These reports feed into risk-based supervision, which helps the CBN decide which banks need deeper scrutiny.

Outcome of a CBN Audit

Depending on the seriousness of the issues uncovered during a CBN Audit, a CBN licensee may be required to submit a remediation plan to remedy compliance gaps. Serious breaches can lead to more serious sanctions, such as Monetary fines, suspension of directors or officers, restrictions on operations, and revocation of the license.

Final Comments

For new entrants and licensees (banks, microfinance institutions, payment service providers, digital banks, etc.), CBN audits can make or break regulatory credibility. As a foundational matter, new licensees must appreciate that the CBN operates a risk-based supervision (RBS) framework. That means that CBN doesn’t just check for compliance with circulars but will also broadly assess governance and culture, risk management systems, internal controls, management integrity, and competence.

It is often prudent to build a culture of compliance very early on, maintain up-to-date and accurate records, and also closely monitor prudential and regulatory ratios.

Balogun Harold's insights are shared for general informational purposes only and do not constitute legal advice. For tailored guidance, please contact our Banking & Finance Lawyers at bhlegalsupport@balogunharold.com