Loan App Requirements in Nigeria: Licence, FCCPC Registration & NDPR (2026)

The legal, regulatory and app-store requirements you must understand before launching a digital lending app in Nigeria — money-lender vs CBN licence, FCCPC registration, NDPR data protection and ethical collections.

Talk to a Loan App Engineer Loan App Development Hub
By Musskart Technology Editorial Team Published: Updated: Reviewed by Musskart Senior Engineers

What It Actually Takes to Launch a Loan App in Nigeria

Building the app is the easy part. The reason most Nigerian loan apps fail — or get delisted from Google Play within weeks — is not the code; it is compliance. Before you write a line of loan app development scope, you need to understand the licensing, registration and data-protection requirements that govern digital lending in Nigeria, and you need to build those requirements into the product from day one rather than bolting them on after a regulator or app store comes knocking.

Important: This article is general guidance for founders and product teams, not legal advice. Regulations, frameworks and registration processes change, and the right licensing route depends on your exact lending model. Before you launch, engage a qualified Nigerian fintech lawyer to confirm your obligations. Musskart builds the technology and the compliance controls; we are not your legal counsel.

At Musskart Technology Limited we have delivered 250+ projects since 2020 from Asaba, Delta State and Abuja, including financial-grade lending platforms with audit trails, consent logging and secure identity verification. This page walks through the loan app requirements in Nigeria as we understand them in 2026: licensing options, FCCPC registration, NDPR/NDPA data protection, ethical collections, app-store policy, credit-bureau and KYC obligations, and a practical requirements checklist.

250+

Projects Since 2020

2022

FCCPC Digital Lending Framework

NDPR

+ NDPA Data Protection Apply

0

Contact-Harvesting Permissions

Licensing Options: Money-Lender's Licence vs CBN Licence

There is no single "loan app licence" in Nigeria. The licence you need depends on what kind of lending you do and how you fund it. There are two broad routes founders should understand.

State Money-Lender's Licence

Most consumer digital lenders in Nigeria operate under a state money-lender's licence, issued under the money-lenders law of the state where the business operates (for example Lagos or the FCT). This route is designed for lending out of your own capital rather than taking deposits from the public. In practice, many digital lenders combine a state money-lender's licence with FCCPC registration under the 2022 digital-lending framework — that pairing is the common path for app-based consumer microloans.

CBN-Regulated Licence (Context)

A Central Bank of Nigeria (CBN) licence — such as a microfinance bank or finance company licence — sits in a different regulatory tier. You generally need a CBN licence if you intend to take deposits from the public or operate as a regulated finance company, which brings capital requirements, prudential supervision and ongoing CBN reporting. This is a heavier, more capital-intensive route and is not what most app-only consumer lenders start with.

The decision between these routes is exactly where a Nigerian fintech lawyer earns their fee. Your products, your funding source, whether you take deposits, and your growth plans all change the answer. Do not assume — get it confirmed in writing before you build.

FCCPC Registration Under the 2022 Digital Lending Framework

The Federal Competition and Consumer Protection Commission (FCCPC) issued the Limited Interim Regulatory / Registration Framework and Guidelines for Digital Lending (2022) in response to widespread abuses by loan apps. Operating a consumer digital lending business in Nigeria without FCCPC approval has led to apps being delisted from Google Play and to enforcement action. Registration is one of the core loan app requirements in Nigeria today.

Based on the framework as published, FCCPC registration for a digital lender typically calls for:

1. Corporate and incorporation documents

Your CAC incorporation certificate, memorandum and articles, and evidence that the company is properly registered to carry on a lending business.

2. Directors and shareholders

Identification and details of directors, shareholders and key officers — the FCCPC wants to know who is actually behind the app, not just a brand name.

3. Loan products, pricing and terms

A clear description of your loan products, interest, fees and repayment terms, so pricing transparency can be assessed.

4. Data-protection arrangements

Your privacy policy and data-protection posture — what data you collect, why, how it is stored, and how it aligns with the NDPR/NDPA (covered below).

5. Fair-collection commitments

Written commitments to lawful, fair debt-recovery practices — no harassment, no debt-shaming, no broadcasting to a borrower's contacts. The FCCPC takes these commitments seriously and enforces them.

The exact document list and process evolve, and the FCCPC has signalled moves between an interim and a more permanent regime. Treat the above as orientation and confirm the live checklist with the FCCPC and your counsel. For a build-focused companion to this page, see how to build a CBN/FCCPC-compliant loan app in Nigeria.

NDPR / NDPA: Data-Protection Compliance Is Not Optional

A loan app is, by its nature, a personal-data machine. It collects names, phone numbers, bank details, identity documents, BVN and NIN, and often device and transaction data. That puts you squarely under the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act (NDPA), supervised by the Nigeria Data Protection Commission. Compliance is both a legal requirement and a prerequisite for FCCPC registration.

Ethical Collections: The Line You Must Not Cross

This is the single most important section on the page, and the area where Nigerian loan apps have done the most damage to borrowers and to themselves. The FCCPC explicitly prohibits the abusive recovery tactics that defined the first wave of digital lenders:

No debt-shaming

No threatening, abusive or shaming messages designed to humiliate a borrower into paying. Recovery communication must be lawful, proportionate and professional.

No contact harvesting

You may not harvest a borrower's phone contacts and message them about the debt. Pulling the contact list to chase repayment is prohibited and is a primary reason apps get delisted and sanctioned.

No defamatory broadcasts

Broadcasting a borrower's name, photo or alleged default to their network — or to anyone — is prohibited and exposes operators to legal and regulatory liability.

The responsible alternative is a consent-bound, contained collections workflow. Recovery stays between you and the borrower, through channels the borrower agreed to, with a documented hardship and dispute process. Technically, this starts at the permissions layer: a compliant app never requests access to contacts or the photo gallery in the first place, so there is no harvested data to misuse. Musskart designs collections as in-app reminders, SMS/email to the borrower's own verified number, structured repayment plans and an escalation path that never touches third parties. Building it this way is not just ethical — it is what keeps you registered and on the app stores.

Google Play & App Store Personal-Loan Policies

Even with the right licence, your app will be rejected or removed if it breaks the app stores' personal-loan policies. Google Play and the Apple App Store both enforce strict rules for personal-loan apps, and Nigeria has been a focus market. Pages get pulled without these in place:

No access to contacts or photos

Google Play's personal-loans policy prohibits loan apps from accessing sensitive data such as a user's contacts and photos/media. If your manifest even requests these permissions, expect rejection. Design for least-privilege from the start.

Maximum APR and full cost disclosure

You must clearly disclose maximum APR, repayment period, fees and a representative example. Apps are required to keep effective rates within policy limits and to make pricing unambiguous to the borrower before they accept.

Required documentation

The stores ask for proof that you are licensed and authorised to offer lending in Nigeria — which is exactly why your money-lender licence and FCCPC registration matter before you publish, not after. Have your developer-account country, business details and supporting documents ready.

A transparent privacy policy

A clear, accessible privacy policy describing what you collect and why, consistent with NDPR/NDPA. Inconsistencies between your declared data use and your actual permissions are a fast track to takedown.

Credit-Bureau & KYC Requirements

Responsible lending and Nigerian regulatory expectations both point to proper identity verification and credit reporting. These are core to a compliant build.

For the financial-grade engineering behind this — audit trails, idempotent transactions and reconciliation — see our Elite Creed vehicle-lending case study, and harden the whole stack with cybersecurity and penetration testing before launch.

Loan App Requirements Checklist (Nigeria, 2026)

Use this as a starting checklist with your lawyer and engineering team. It is not exhaustive, and it is not legal advice — but it covers the requirements we see come up on every compliant Nigerian loan app build.

CAC company registration State money-lender's licence CBN licence (if taking deposits) FCCPC digital-lending registration NDPR / NDPA compliance Lawful basis & consent Designated DPO Data-protection audit Encrypted BVN/NIN storage BVN & NIN verification CRC / FirstCentral integration No contacts permission No photos/media permission Max APR disclosure Transparent fees & terms Consent-bound collections Hardship & dispute process Public privacy policy Audit trails Nigerian fintech lawyer

Frequently Asked Questions About Loan App Requirements in Nigeria

It depends on your model. Many consumer digital lenders operate under a state money-lender's licence combined with FCCPC registration under the 2022 digital-lending framework, rather than a CBN licence. A CBN licence (such as a microfinance bank or finance-company licence) is required if you intend to take deposits or operate as a regulated finance company. This is general guidance, not legal advice — your model, products and funding structure determine which route applies, so engage a Nigerian fintech lawyer before you build.

Under the FCCPC Limited Interim Regulatory/Registration Framework and Guidelines for Digital Lending (2022), registration typically requires your company incorporation documents, details and identification of directors and shareholders, your loan products and pricing, your privacy and data-protection arrangements, and written commitments to fair, lawful debt collection. The list and process can change, so confirm the current requirements with the FCCPC and your lawyer.

Yes. A loan app processes personal and financial data — names, BVN, NIN, bank details, identity documents — so the Nigeria Data Protection Regulation (NDPR) and the Nigeria Data Protection Act apply. You need a lawful basis for processing, clear consent, a designated data-protection officer or contact, a data-protection audit where required, and secure, access-controlled storage of sensitive identifiers like BVN and NIN.

Google Play and the App Store enforce personal-loan policies that prohibit apps from accessing a borrower's contacts or photos, require clear disclosure of maximum APR, repayment terms and fees, and require valid licensing documents. Apps that harvest contacts, send debt-shaming messages, hide pricing or lack the required documentation get rejected or removed. A compliant app must be designed to never request those permissions in the first place.

Yes. The FCCPC framework and its enforcement actions explicitly prohibit debt-shaming, harvesting and messaging a borrower's phone contacts, and defamatory broadcasts about borrowers. Recovery must stay contained to the borrower and to channels the borrower consented to. Apps that broadcast to contacts have been delisted and sanctioned, so collections must be designed as consent-bound and contained from day one.

Yes, on the technical side. Musskart builds loan apps with consent capture and logging, least-privilege permissions (no contact or photo harvesting), encrypted storage of BVN/NIN, credit-bureau and BVN/NIN verification integrations, audit trails and a contained, consent-bound collections workflow that aligns with FCCPC and NDPR expectations. We are software engineers, not lawyers — we build the controls, and you obtain the licences and registrations with your own Nigerian fintech counsel.

Build a Compliant Loan App With Musskart

We engineer the compliance controls — consent logging, least-privilege permissions, encrypted BVN/NIN, credit-bureau integration and contained collections — so your app is built to pass FCCPC, NDPR and app-store scrutiny. Start at the loan app development hub.

WhatsApp Us Call +234 813 168 6721 Loan App Development Hub Get a Quote

Related Musskart Guides

WhatsApp