The Central Bank of Nigeria (CBN) has issued new minimum standards governing the deployment, operations, maintenance, and security of Automated Teller Machines in Nigeria. The directives, contained in a circular titled Exposure of the Draft Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria, supersede all previous ATM regulations and introduce a binding deployment ratio tied directly to card issuance.
Under the new framework, all card issuers are required to deploy at least one ATM for every 5,000 payment cards issued, with full compliance mandated within three years, reaching 100 percent by 2028, beginning with a 30 percent threshold in 2026.
DECISION HIGHLIGHT
Decision authority: Central Bank of Nigeria
Policy instrument: Draft Guidelines on ATM Operations in Nigeria
Core requirement: Minimum of 1 ATM per 5,000 payment cards
Compliance timeline: 30% by 2026, full compliance by 2028
Scope: Deployment, security, refunds, downtime, reporting, penalties
Regulatory posture: Mandatory approval, audit-backed enforcement
DECISION MEMO
On paper, the new ATM deployment ratio is framed as a consumer protection and access policy. In practice, it represents a recalibration of responsibility within Nigeria’s payments ecosystem, one that shifts operational burden squarely onto banks and card issuers at a time when physical banking infrastructure is under economic pressure.
By pegging ATM deployment to card issuance, the CBN is implicitly discouraging indiscriminate card expansion without corresponding physical access points. The logic is defensible. Millions of cards exist in circulation, yet access to cash remains uneven, particularly outside commercial centers. However, the policy also assumes that ATM proliferation remains the most efficient response to cash access challenges, an assumption that sits uneasily with the growth of agent banking, mobile transfers, and merchant-led cash-out models.
The guidelines go far beyond deployment ratios. They tighten control over where ATMs may be located, how they are secured, how quickly failed transactions must be reversed, and how long machines may remain offline. Banks are no longer permitted to treat ATM downtime or refund delays as operational inconveniences. Instant reversals are mandated for on-us transactions, while interbank refunds must not exceed 48 hours. Automatic refunds for non-dispense errors are now compulsory, removing discretion from issuers and acquirers.
The security provisions are equally prescriptive. Cameras must record all ATM activity without capturing customer keystrokes. Anti-skimming devices are compulsory. Encryption standards must meet PCI DSS benchmarks. Physical keys must be changed annually, not reused across machines, and customers must be allowed to change PINs at no cost.
What is less explicitly stated, but structurally embedded, is the reallocation of accountability. Where non-bank institutions deploy ATMs, the partnering bank bears sole responsibility for cash provisioning. Independent ATM Deployers must secure prior written approval from the CBN and demonstrate formal banking partnerships, effectively limiting informal or lightly regulated participation.
This framework signals a regulator intent on restoring order and predictability to a channel that has suffered from neglect, fraud exposure, and uneven service quality. Yet it also raises a hard question. Are banks being asked to scale physical infrastructure in an ecosystem that is otherwise being nudged toward digital substitution?
DATA BOX
Minimum deployment ratio: 1 ATM per 5,000 cards
Phase-in schedule:
– 2026: 30% compliance
– 2028: 100% compliance
On-us failed transaction reversal: Instant, max 24 hours if manual
Not-on-us refund timeline: Maximum 48 hours
Maximum ATM downtime: 72 consecutive hours
Reporting deadline: Monthly returns by the 5th of the following month
Security standards: PCI DSS, anti-skimming devices, CCTV coverage
WHO WINS / WHO LOSES
Consumers benefit from faster refunds, improved security standards, and potentially wider access to ATMs, particularly in underserved locations.
Large banks with existing ATM networks gain relative advantage, as compliance costs are incremental rather than structural. Smaller banks and aggressive card issuers face higher capital and operational expenditure, with limited room to pass costs to customers.
Independent ATM deployers operate under tighter gatekeeping, reducing flexibility and raising entry barriers.
POLICY SIGNALS
The CBN is signaling renewed seriousness about physical payment infrastructure, despite the broader digital finance narrative. The regulator is asserting that cash access remains a public-interest obligation, not merely a commercial choice.
At the same time, the insistence on prior approvals, audits, and penalties suggests diminishing tolerance for self-regulation or informal arrangements in retail payments.
INVESTOR SIGNAL
For investors in banking and payments infrastructure, the policy introduces higher compliance costs but also reduces regulatory ambiguity. ATM-heavy banks may see margin pressure, while firms positioned in ATM manufacturing, security technology, and maintenance services could benefit from mandated upgrades.
The directive also hints at slower, more disciplined card issuance growth, tying expansion to infrastructure readiness rather than marketing ambition.
RISK RADAR
Execution risk is material. Banks may struggle to meet deployment targets within the stipulated timeline, particularly in low-traffic or high-risk locations. Cost recovery remains uncertain in a fee-sensitive environment. There is also the risk that forced ATM expansion crowds out investment in more scalable digital alternatives.
Ultimately, the new ATM ratio is less about machines and more about control. The CBN is reasserting regulatory discipline over a channel it considers too important to fail quietly, even if the economics of physical cash access are becoming increasingly complex.
Discover more from StakeBridge Media
Subscribe to get the latest posts sent to your email.