GUIDELINES ON THE OPERATIONS OF AUTOMATED TELLER MACHINES (ATMs) IN NIGERIA

March 2026

Table of Contents

1.0 PREAMBLE....................................................................................................................3 2.0 OBJECTIVES..................................................................................................................3 3.0 APPLICATION................................................................................................................3 4.0 ATMS TECHNOLOGY STANDARDS AND SPECIFICATION...........................................4 5.0 ATM DEPLOYMENT......................................................................................................4 6.0 DENSITY REQUIREMENTS FOR ATMS DEPLOYMENT................................................5 7.0 ATM OPERATIONS.......................................................................................................6 8.0 ATM MAINTENANCE....................................................................................................7 9.0 ATM SECURITY............................................................................................................7 10. ACCESSIBILITY AND INCLUSIVITY..............................................................................8 11. RESOLUTION OF FAILED TRANSACTIONS................................................................8 12. COMPLIANCE MONITORING.......................................................................................9 13. REPORTING REQUIREMENTS.....................................................................................9 14. PENALTIES..................................................................................................................9 Appendix............................................................................................................................9 DEFINITION OF TERMS.....................................................................................................9

1.0 PREAMBLE

In exercise of the powers conferred on the Central Bank of Nigeria (CBN) by Sections 2 (d) and 47 (2) of the CBN Act, 2007, to promote and facilitate the development of efficient and effective systems for the settlement of transactions, including the development of electronic payment systems; the CBN in June 2020, issued the Guidelines on Operations of Electronic Payment Channels in Nigeria. The Regulation contained the Guidelines for the operation of Automated Teller Machines (ATMs), Point of Sale (POS) Card Acceptance Services, Mobile Point of Sale (MPOS) Acceptance Services and Web Acceptance Services.

Since the issuance of the above referred Guidelines, the payment ecosystem has witnessed developments such as increased sophistication in digital finance, cyber threats and financial inclusion amongst others. In view of these developments, the CBN reviewed the section of the Guidelines on the operations of Automated Teller Machines (ATM) herein referred to as “Guidelines on the Operations of Automated Teller Machines in Nigeria”.

This Guidelines supersedes the requirements on the operations of Automated Teller Machines as contained in the Guidelines for the Operations of Electronic Payment Channels in Nigeria, issued by the CBN in 2020 and all previous regulation on ATM.

2.0 OBJECTIVES

The objectives of the Guidelines are to:

a. provide additional guidance on the operation of ATMs. b. guide ATM deployers on ATM density deployment requirements. c. provide clarity on security requirements of the ATMs. d. enable secure biometric authentication at ATMs under clear privacy, security, and consumer protection safeguard; and e. promote customer protection, fraud prevention, uptime performance,

3.0 APPLICATION

The Guidelines on the Operations of Automated Teller Machines shall apply to all deposit money banks, other financial institutions, independent ATM deployers and any card-issuing institutions in Nigeria.

Any Independent ATM Deployer (IAD) must obtain prior written approval from the Central Bank before commencing deployment activities. The licensing/registration process shall include submission of corporate information, technical and operational capacity assessment, evidence of partnership agreement with a bank for cash provisioning, and compliance with extant payment systems regulations.

4.0 ATMS TECHNOLOGY STANDARDS AND SPECIFICATION

a. All ATM deployers/acquirers shall comply with Payment Card Industry Data Security Standards (PCI DSS). b. All ATM systems shall have audit trail and logs capabilities including CCTV, detailed enough to facilitate investigations, reconciliation and dispute resolution. c. Card readers shall be identified by a symbol that: I. represents the card. II. identifies the direction for which the card should be inserted into the reader; and III. All ATMs shall accept card inserted horizontally with the chip facing upwards and to the right. d. Two percent of ATMs deployed by each acquirer shall have tactile graphic symbol for the use of visually impaired customers. Locations of such ATMs are to be visibly publicized on their corporate website at the minimum. e. Where ATMs implement biometric authentication, deployers/acquirers shall: I. implement Presentation Attack Detection (PAD) compliant with ISO/IEC 30107. II. Provide evidence of biometric system performance (False Match/Non-Match Rates and p95 decision latency) using ISO/IEC 19795 testing. III. protect biometric reference data per ISO/IEC24745 (template protection); if any template is stored off device, it must be encrypted at rest and in transit with keys managed in certified modules. IV. Ensure secure boot/firmware integrity on biometric modules; and V. Publish device models/firmware in a conformance register.

5.0 ATM DEPLOYMENT

a. All ATM transactions in Nigeria shall be processed by a company operating in Nigeria as acquirer-processor. b. No card or payment scheme shall compel any issuer or acquirer to send any transaction outside the country for processing, authorization or switching. This is where the transaction is at an ATM or at any acceptance device in Nigeria and the issuer is a Nigerian bank or any other issuer licensed by the CBN. c. All ATM transactions in Nigeria shall, where the card issuer is a Nigerian bank or any other issuer licensed by the CBN be settled under a domestic settlement arrangement operated by a Nigerian Company. All collaterals for such transactions shall be in Naira and deposited within the country. d. No card scheme shall discriminate against any ATM owner or acquirer. Similarly, no ATM owner or acquirer shall discriminate against any card scheme or issuer. e. Every card-scheme must publish for the benefit of all ATM owners, acquirer and the Central Bank of Nigeria, the requirements for acquiring ATM transactions under the card scheme. f. Deployment of stand-alone or closed ATM networks are not allowed. All ATM networks are required to be interoperable. g. ATMs should be located in areas that provide easy access at reasonable times. Access to these ATMs should be controlled and secured so that customers can safely use them. h. Proper lighting should be adequate for safe access and good visibility in areas where ATMs are deployed. It should provide a consistent distribution and level of illumination, particularly in the absence of natural light. i. ATMs should be sited in such a way that direct or reflected sunlight or other bright lighting is prevented from striking the ATM display, for example, through the use of overhead sun shelter. j. The design and installation features of ATMs shall have privacy so that in normal use the cardholder does not have to conspicuously take any protective action. k. All ATMs shall accept all cards issued in Nigeria by authorised issuers.

6.0 DENSITY REQUIREMENTS FOR ATMS DEPLOYMENT

a. All card issuers shall deploy ATMs, of at least 1 ATM per every 7,500 payment cards issued. This level shall be achieved over a period of three years, of which compliance levels are staggered as follows 30% (1st Year - 2026), 60% (2nd Year - 2027), (3rd year 100% - Year 2028). b. ATMs shall be located within a reasonable distance from each other in both urban and rural areas. c. Any card issuer must deploy ATM in line with the requirements of Section 5 (a and b) above. d. ATM deployment, redeployment and decommissioning shall be with the prior-written approval of the CBN.

7.0 ATM OPERATIONS

All ATM deployers shall ensure that:

a. The ATM downtime (due to technical fault) shall not exceed seventy-two (72) consecutive hours. Where this is not practicable, customers shall be duly informed by the deployer. b. For biometric-enabled ATMs, acquirers shall meet the following Service Level Objectives (to be reviewed annually): I. Authentication success rate ≥ 98% (monthly corridor average). II. Approvaltimep95 ≤ 1.2 seconds. III. Uptime ≥ 99.5% excluding scheduled maintenance. IV. Refund turnaround time per Section 10, with automated initiation where feasible c. Helpdesk contacts are adequately displayed at the ATM terminals which shall be functional. d. All ATM charges and fees are fully disclosed to customers. e. The ATMs issue receipts for all transactions, where requested by a customer, except for balance enquiry. Such receipts should at a minimum state, the amount withdrawn/deposited, the terminal identity, date and time of the transaction. f. Printed receipts and screen displays are legible. g. Dispensing/deposit and recycling components of the machine are in proper condition. Cash retraction functionality is disabled on all ATMs. h. There is appropriate monitoring mechanism to determine reasons for transaction failure. i. There is online monitoring mechanism to determine ATM vault cash levels. j. ATM vault replenishment is carried out as often as necessary to avoid cash-out. k. ATMs are not stocked with unfit notes. l. Cash shall be made available in the ATMs at all times. The funding and operations of the ATM deployed by non-bank institutions should be the sole responsibility of the bank or institutions that entered into agreement with them for cash provisioning. In this regard, the Service Level Agreement (SLA) should specify the responsibilities of each party. m. Change of Personal Identification Number (PIN) functionality is provided to customers, free of charge. n. Acquirers monitor suspicious transactions and report same to CBN, based on the agreed format and timeframe. o. Back-up power (inverter) is made available at all ATM locations, to ensure uninterrupted power supply. p. Paper disposal waste basket is provided at all ATM locations. q. A register of all their ATMs in Nigeria with location, identification, serial number of the machines, etc is maintained. The list must clearly indicate the locations of ATMs equipped with accessibility features for the visually impaired r. Provision is made for extending the time needed to perform a specific step, by presenting a question, such as,