Table of contents
Editor's note:
This blog post is a part of an ebook we wrote on Compliance and Regulations 101. If you want to read the full ebook with all the insights on dealing with regulators and staying compliant, download the full ebook here.
Regulators.
Love them or hate them, you can't do without them.
In South Africa, over half of all reported crimes were financial crimes (KPMG / FATF). In East Africa, 63% of East African organisations experienced at least one type of fraud (NASDAQ). In 2023 alone, Nigerian banks lost $11.2 million to fraud (NIBSS). The reality of financial crimes in Africa is grim. But if regulators didn’t do their jobs, the reality would be a lot grimmer.
To build a pan-African fintech, you will deal with overlapping regulatory bodies across 54 countries. The stakes are high; non-compliance can result in hefty fines, licence revocation, a complete shutdown of operations, or, in extreme cases, legal consequences, including jail time.
Understanding regulations is an essential ongoing responsibility as long as your company remains operational.
This blog post provides a general overview of fintech regulation in Africa. Whether you're a citizen of an African nation or a foreign entrepreneur looking to expand, you'll gain insights into how regulators operate across the continent.
The fundamentals of compliance and regulation
Regulators play different roles in the fintech ecosystem.
They define business practices, protect both fintechs and consumers, ensure currency stability, safeguard customer data, and drive specialised programs like financial inclusion in some countries.
The role a regulator plays depends on the country.
Regulators act as guardians in the ecosystem. They set the rules, enforce them, and penalise defaulters. This oversight is necessary; if no one does it, bad actors in the financial space would defraud and exploit consumers.
Enforcement serves two purposes. One is to punish the behaviour that regulators do not want to see.
The second reason is that it is a deterrent against other players in the industry that would want to participate in that behaviour. So once you understand the objectives and principles of a regulator. Their processes start to make a lot of sense to you.
Marietta Gachegu, Global Head of Licensing, Chipper Cash
Licensing is one key way regulators safeguard consumers.
Licences allow regulators to assess whether you as a fintech can provide the services you claim to offer. For instance, obtaining a Payment Service Provider (PSP) or banking licence in most African countries requires meeting specific capital requirements. These requirements ensure that the company has sufficient liquidity to manage fund movements.
While regulators establish the rules and standards for business operations, compliance ensures adherence. Great companies turn compliance into a culture. Putting compliance first will save you a lot of trouble and money.
So, if you’re building in Africa, which regulators should you speak to?
We’ll talk about regulators in five major countries. There are different types of compliance but in this blog post, we’ll focus on financial crimes compliance.
Major regulatory bodies in Nigeria, Kenya, Egypt, Ghana and South Africa
The regulators you’ll engage with in any of these countries depend on the type of solution you’re building.
However, this is a general overview of the fintech regulators in each country.

5 common regulatory compliance mistakes and how to avoid them
1. Deprioritising compliance
When it comes to compliance, ignorance isn’t bliss. It is huge fines.
This knowledge gap is a significant problem, especially for early-stage startups.
One common mistake early-stage fintechs face is knowledge gap. A lot of people have ideas of what compliance is, or what compliance should be, rather than what it actually is.
Sydney Okparaeke, Lead, Compliance, Kora
Early-stage startups usually want to stay lean due to a limited financial runway. As a result, they sometimes deprioritize compliance when, in fact, it should be a leading consideration when building a product.
Sydney further explains:
There's this misconception that compliance is as simple as getting a Lawyer on the team, but that's typically wrong, and it causes a lot of problems as you scale. Also, there is a misconception that compliance is solely a cost centre so it’s better to avoid it. However, compliance can be a cost-saving centre if done well.
Compliance and regulations can be tricky for first-time startups and founders. Instead of figuring it out yourself, it's often best to bring in an expert to help. These experts can:
- Interpret regulations
- Guide you on how to follow them
- Advise on which licences to obtain
- Identify the appropriate regulatory bodies to engage with
2. Not staying up to date with regulations
One reason regulations change fast is that they have to keep up with the speed of innovation in the African tech ecosystem.
This means all players have to keep up too.
In some cases, regulators release new regulations and give fintechs a short time to comply, especially for sensitive issues. It is important to build your product flexible enough to accommodate any changes from the regulators.
For instance, in September 2024, the Central Bank of Nigeria announced that all fintech processing POS transactions must route their transactions through Payment Terminal Service Aggregators. The regulator gave all players 30 days to comply.
Your technology, operations, and overall business strategy must be agile enough to adapt to such sudden regulatory changes.
3. Becoming rigid
Sometimes, middle and late-stage startups become more rigid because they are more regulated, they become less innovative. In these companies, you now tend to see much more compliance which reduces how you innovate. Due to experience and the fear of the punishment that comes with non-compliance, they don't innovate the way they should.
Nelson Ochonogor, Head, BaaS product integrations, FCMB
At this stage, everyone watches you. Smaller fintechs want to emulate your strategy because you’re a market leader, and regulators watch you because of your impact on consumers and the ecosystem in general.
If you grow big enough, you become the standard of what others want to build.
This shouldn’t make you less innovative.
The irony is that you scaled because you were innovative, and growth can only continue if you keep innovating within the boundaries of what regulators allow.
In situations where you build something outside the confines of regulation, engage the right bodies after building. In cases where you're building new technology without clear regulatory oversight, Adefere Adeyemo, Legal Associate at Kora advises;
It's always advisable that you go with international best practices. At the base level, you would often find that our regulators are very attuned to international best practices and the basis for their regulation is often maybe fine-tuning international regulations.
Later, you can engage local regulators and adapt your product to the regulator’s needs.
Instead of becoming rigid, innovate as you've always done while staying mindful of regulatory requirements and international best practices.
4. Misunderstanding the policy objectives of regulators in each country
Regulators across countries have different objectives per time.
Sometimes, regulators want to drive financial inclusion and other times, they want to promote a particular payment channel in the country like Kenya did for mobile money.
I have dealt with multiple regulators in different countries, and I have seen commonalities in their approaches. Sometimes, their policy objectives may be different, but their general objectives are generally the same. They want to safeguard consumers because financial services are sensitive, they want to stabilise the financial ecosystem, and they want to promote competition. In other words, they want to deter monopolies from developing because monopolies impact the efficiency of the market.
Marietta Gachegu, Global Head of Licensing, Chipper Cash
As a player in a particular market, it’s important to align your business and your products with the objectives of the regulators at all times. This alignment can lead to significant growth opportunities.
According to the World Bank, one of the reasons for M-PESA’s growth in Kenya was the freedom the regulators gave Safaricom to experiment with different business models and distribution channels.
Also, in 2012, the CBN released a National Financial Inclusion Strategy in Nigeria that outlined its plans to boost financial inclusion at the time. Some of their key initiatives included a tiered KYC framework, establishing regulations for agency banking, and pursuing mobile payment and cashless policies, among other policies.
Over the years, fintechs, banks, and OFIs that built solutions aligned with this policy's goals benefitted and got the support of the CBN. It’s a given if you align with a regulator’s vision, you’ll have their support.
5. Not mapping out the compliance risks before building
KYC is one of the most common regulatory requirements across different markets. It mitigates fraud and identifies bad actors in your system. KYC requirements usually differ across African countries. In Nigeria, the NIN and BVN are two important details you have to collect during customer onboarding and KYC verification.
What kind of risk element is the regulator trying to address? Sometimes, as a startup trying to get into the market, we are eager to get into the market quickly, and sometimes, our eyes are not open to some of the risks that we should see. Compliance sometimes mandates certain KYC requirements, and it’s important to plan for this when building your product so that when fraud happens or when certain issues happen and you have been asked to provide certain information about certain things, that is when you begin to understand that compliance is very key.
Nelson Ochonogor, Head, BaaS product integrations, FCMB
On the other hand, in South Africa, you have to verify your South African ID number (SAID).
Generally, when you're onboarding your customers, you have to collect the information that is required so that you can create a customer profile and start to understand the behaviour that you should anticipate from this customer.
Marietta Gachegu, Global Head of Licensing, Chipper Cash
In other instances, if you plan to build a product to onboard a certain number of customers, you have to build a compliance program that scales with it.
At an early stage, you might say, I'm expecting 10 or maybe 100 merchants per year, and I’ll build a compliance infrastructure that would accommodate that exact number. But by the time you get to the late stage, you’ll realise that it's much harder to reconfigure than to build from scratch.
Sydney Okparaeke, Lead, Compliance, Kora
The many shades of cross-border compliance in Africa
Understanding regulation in one country is one thing, and understanding it in other countries is another game.
So, how should you deal with cross-border regulators?
How Ghana regulates payment services is not exactly the same as how Nigeria or Kenya regulates it. So essentially, what it requires is a thorough understanding of the financial service you’re building, the impact of that particular service within that jurisdiction and the policy objectives of the regulator.
Marietta Gachegu, Global Head of Licensing, Chipper Cash
Regulation is often very contextual and requires the expertise of a local specialist.
For instance, if you want to expand to Egypt, hiring someone who understands the country's layout and knows who to talk to makes sense. Never underestimate local expertise.
For example, if you want to operate in Ghana, get a specialist compliance officer based there. He or she should have experience in Ghana. The specialist should not be someone who is just starting out but someone who has experience with fintech. This person would help you tailor your compliance strategy to your products.
When you're moving outside your comfort zone—let's say Nigeria is your comfort zone—your adherence to all laws should be heightened.
Regulators can vary in terms of the severity of fines. Maybe you’re in a country where regulators will typically understand and are less stringent with fintechs. But when you move across the border, you really don't know unless an expert guides you.
Sydney Okparaeke, Lead, Compliance, Kora
In certain African countries, regulations sometimes require major changes to your company’s management structure.
For example, foreign founders establishing a digital lending company in Rwanda must appoint a resident director. This director needs to be a Rwandan citizen or a foreigner with a valid resident or work permit.
If you plan to build or expand to other African countries, factor in such country-specific requirements. Always seek local expertise and be prepared to adapt your business structure to comply with local regulations.
Conclusion
This blog post is a part of an ebook we wrote on Compliance and Regulations 101. You'll find answers to some of your questions in this blog post. But if you want to read the full ebook with all the insights on dealing with regulators and staying compliant, download the full ebook here.
--
At Kora, our goal is to connect Africa to the world and connect the world to Africa via payments.
For startups and businesses working in Africa, we provide All The Support You Need ™️ to start, scale and thrive on the continent. Sign up to see all the ways you can thrive with Kora.