Loan App Nightmare? Know Your Rights in Nigeria’s Digital Lending Space

Nigeria’s mobile loan apps promise quick cash, but many users and regulators warn that some operate outside the law. Complaints range from aggressive harassment to secret data grabs.

The Federal Competition and Consumer Protection Commission (FCCPC) and others have flagged dozens of apps for unethical debt collection and privacy breaches.

In 2024–25 alone, FCCPC reports removing nearly 50 abusive loan apps from Google Play and listing hundreds of unapproved lenders under review.  As a fintech founder or business user, you need to know the rules.

Key Rules for Digital Lenders

Several agencies oversee online lenders in Nigeria. The FCCPC enforces consumer protection laws. In 2022 it rolled out digital lending guidelines requiring all loan apps to register with the FCCPC and follow fair-practice rules.
The Central Bank of Nigeria (CBN) requires any firm taking deposits or lending money to have a valid banking or microfinance license. CBN’s consumer-protection framework (Section 5.5) bans threats, harassment, or shaming of borrowers, and even prohibits calling people’s relatives or contacts without consent.

Meanwhile, NITDA enforces the Nigeria Data Protection Regulation (NDPR). NDPR says apps must get clear user consent to collect personal data and must secure it. NDIC (Deposit Insurance) also reminds fintechs that customer data belongs to the customer, you cannot share someone’s financial status without permission. In practice, this means licensed digital banks (whose deposits are insured by NDIC) must follow strict privacy and security rules too.

How Apps Are Violating These Rules

In the rush to grab market share, many loan apps have flouted these laws. A common complaint is harassment: lenders bombarding borrowers and even their contacts with calls, texts, and social media messages. Some apps have even publicly shamed defaulters by sending embarrassing messages or photos to friends and family. The FCCPC explicitly forbids such intimidation.

Under CBN rules, a collector must not call a customer’s friends or neighbors for any reason (unless they guaranteed the loan) or threaten them at odd hours. Yet reports show some licensed apps still use “loan shark” tactics, threats, and insults to get people to pay. One borrower even said a debt agent threatened to “destroy” him via his contact list.  These practices violate consumer protection laws.

Privacy violations are also rampant. Many apps demand access to your phone contacts, camera, photos, and location when you apply for a loan. Then they abuse that data. NITDA fined at least one app ₦10 million in 2023 for stalking users’ contacts and sharing private info.

Under NDPR, lenders must get specific, informed consent for data use and keep it secure. Publishing a defaulter’s image or financial status without permission is illegal. In short, using or revealing user data outside agreed terms can land a fintech in hot water with NITDA.

Another violation is operating without registration or license. By law, all digital lenders must register with FCCPC. As of early 2025, only about 380 apps were approved nationwide, meaning thousands more may be unregistered.

The FCCPC warns that unapproved apps will face bans and fines. Likewise, lending institutions must hold a CBN license (for example as a microfinance bank or finance company) if they take deposits or issue loans broadly. Apps that present themselves like banks without CBN approval could be breaking banking laws.

High interest rates and hidden fees can also breach the rules. FCCPC’s digital lending framework was partly motivated by consumer complaints about exorbitant charges. Clear disclosure of rates and penalties in plain language is now mandatory. Sneaking in extra charges or suddenly increasing a loan amount (some users report getting 10× the cash they requested!) violates these transparency requirements.

In summary, if an app is harassing you with threats or rude messages, snooping through your phone without consent, acting unregistered, or springing hidden fees on you, it is likely breaking Nigerian law. FCCPC repeatedly says, “No consumer should live in fear” of loan apps. Victims of harassment are urged to report the offending app to FCCPC or NITDA (for data abuse).

Regulators Cracking Down

Realizing the problem, regulators and platforms are taking action. FCCPC has set up a task force to monitor loan apps. In late 2023 and 2024, it delisted dozens of predatory lenders from app stores and put others on notice.

Google now requires Nigerian loan apps to prove regulatory approval before listing. NITDA says it has received hundreds of data abuse complaints and is coordinating with FCCPC to enforce the NDPR. Even law enforcement (ICPC, EFCC) and the National Human Rights Commission have joined a joint task force with FCCPC and NITDA to curb loan-app abuses.

Businesses and entrepreneurs should heed these signals. The rules are not “nice-to-have”, they’re enforceable. Tech founders building lending apps must make compliance a priority or risk shutdown, fines, or even jail. Many successful fintechs (like FairMoney or PalmPay) have partnered with licensed institutions to stay legit, and that’s a model for others.

Checklist: Compliance Steps for Digital Lenders

• Register and License: Make sure your app and business are registered with the FCCPC and have any required CBN license (e.g. as an MFB or finance company). Only FCCPC-approved apps should be promoted.
• Follow NDPR Data Rules: Treat customer data carefully. Appoint a Data Protection Officer, post a clear privacy policy, obtain explicit consent before collecting contacts or media, and allow users to withdraw consent.
• No Harassment: Train your team to communicate respectfully. Never threaten insult, or publicly shame borrowers. Do not call friends or colleagues of debtors (CBN forbids this unless they guarantee the loan). Avoid late-night or repeated calls without consent.
• Clear Terms and Fair Rates: Display all interest rates and fees upfront in simple language. Follow FCCPC guidelines on maximum rates and penalties. Never increase a borrower’s loan amount without approval.
• Secure & Transparent Tech: Use compliant APIs and data security measures as required by CBN guidelines. Provide easy opt-in/out for data sharing. Keep audit trails in case regulators ask.

By following these steps, fintechs can both protect consumers and stay on the right side of the law. For Nigerian entrepreneurs, compliance is not just a legal duty, it’s a way to build trust and a sustainable lending business.