Legal

Regulatory Compliance

Last updated: May 2026

1. Our Commitment to Regulatory Compliance

Bridgenetic Modern Payment Infrastructure ("Bridgenetic") operates within a comprehensive regulatory framework designed to ensure the safety, security, and integrity of our payment services. As a payment infrastructure provider serving businesses across Nigeria and Africa, we are committed to maintaining the highest standards of regulatory compliance and corporate governance.

This page outlines our regulatory obligations, certifications, and the frameworks we adhere to in delivering secure, reliable payment infrastructure services.

2. Central Bank of Nigeria (CBN) Licensing and Oversight

Bridgenetic operates under the regulatory oversight of the Central Bank of Nigeria, the primary regulator of payment systems and financial services in Nigeria. Our compliance with CBN regulations includes:

  • Payment Service Provider Licensing: We operate in accordance with the CBN's regulatory framework for payment service providers, ensuring all our services meet the prescribed standards.
  • Regulatory Reporting: We submit regular reports to the CBN as required, including transaction volumes, system availability metrics, and incident reports.
  • Capital Requirements: We maintain the minimum capital requirements as prescribed by the CBN for our category of payment service provider.
  • Operational Standards: Our infrastructure, processes, and controls meet the operational standards set by the CBN for electronic payment platforms.
  • Consumer Protection: We adhere to CBN consumer protection guidelines, ensuring fair treatment of merchants and their customers.

3. Data Protection Compliance (NDPR/NDPA)

We are fully committed to protecting personal and business data in compliance with Nigerian data protection legislation:

3.1 Nigeria Data Protection Act (NDPA) 2023

  • Appointment of a qualified Data Protection Officer (DPO) to oversee compliance.
  • Implementation of data protection impact assessments (DPIAs) for high-risk processing activities.
  • Maintenance of comprehensive records of processing activities.
  • Ensuring lawful basis for all personal data processing.
  • Facilitating data subject rights including access, rectification, erasure, and portability.
  • Implementing appropriate technical and organizational security measures.
  • Compliance with cross-border data transfer requirements.

3.2 Nigeria Data Protection Regulation (NDPR) 2019

  • Annual data protection audit conducted by licensed Data Protection Compliance Organizations (DPCOs).
  • Filing of annual compliance reports with the Nigeria Data Protection Commission (NDPC).
  • Implementation of privacy-by-design principles in all platform development.
  • Maintaining transparency in data collection and processing through clear privacy notices.

4. Payment Card Industry Data Security Standard (PCI DSS)

Although Bridgenetic primarily processes bank transfer payments through virtual accounts, we maintain PCI DSS compliance standards to ensure the highest level of data security:

  • Network Security: Implementation of firewalls, network segmentation, and secure configurations to protect payment data.
  • Data Encryption: All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256) using industry-standard cryptographic protocols.
  • Access Control: Role-based access controls with the principle of least privilege applied across all systems.
  • Monitoring and Testing: Continuous monitoring of network resources, regular vulnerability scanning, and annual penetration testing.
  • Security Policies: Comprehensive information security policies reviewed and updated annually.
  • Incident Response: Documented incident response procedures with defined roles, communication plans, and recovery processes.

5. Anti-Money Laundering and Counter-Terrorism Financing (AML/CFT)

Our AML/CFT compliance framework is comprehensive and aligned with both Nigerian regulations and international standards:

  • Money Laundering (Prohibition) Act 2011 (as amended): Full compliance with Nigeria's primary anti-money laundering legislation.
  • CBN AML/CFT Regulations: Adherence to all CBN directives on anti-money laundering for payment service providers.
  • FATF Recommendations: Alignment with the Financial Action Task Force's 40 Recommendations on combating money laundering and terrorist financing.
  • Customer Due Diligence: Rigorous KYC procedures including identity verification, beneficial ownership identification, and ongoing monitoring.
  • Transaction Monitoring: Automated and manual monitoring systems to detect suspicious patterns and activities.
  • Suspicious Transaction Reporting: Timely filing of STRs with the Nigeria Financial Intelligence Unit (NFIU).
  • Sanctions Compliance: Real-time screening against UN, OFAC, EU, and Nigerian sanctions lists.

For detailed information, please refer to our Anti-Money Laundering Policy.

6. Know Your Customer (KYC) Requirements

Our KYC framework ensures we properly identify and verify all merchants using our platform:

  • Identity Verification: Verification of individual identity using government-issued identification documents and Bank Verification Number (BVN).
  • Business Verification: Confirmation of business registration with the Corporate Affairs Commission (CAC) and verification of business address.
  • Beneficial Ownership: Identification and verification of ultimate beneficial owners with significant control or ownership stakes.
  • Risk Profiling: Assessment of each merchant's risk level based on business type, expected transaction volumes, and other relevant factors.
  • Ongoing Monitoring: Continuous review of merchant activities and periodic re-verification of KYC information.
  • Enhanced Due Diligence: Additional verification measures for high-risk merchants, PEPs, and complex business structures.

7. Consumer Protection

We are committed to protecting the interests of merchants and their end customers:

  • Transparent Pricing: Clear disclosure of all fees and charges with no hidden costs.
  • Dispute Resolution: Fair and efficient dispute resolution mechanisms for transaction-related complaints.
  • Fund Safety: Merchant funds are held in segregated accounts with licensed banking partners, ensuring protection against operational risks.
  • Service Availability: Commitment to maintaining 99.9% platform uptime with transparent status reporting.
  • Data Privacy: Protection of merchant and customer data in accordance with NDPA/NDPR requirements.
  • Fair Treatment: Non-discriminatory access to services and fair treatment in all business dealings.

8. Cybersecurity Framework

Our cybersecurity posture is built on multiple layers of defense:

  • Infrastructure Security: Enterprise-grade cloud infrastructure with redundancy, failover capabilities, and geographic distribution.
  • Application Security: Secure software development lifecycle (SDLC) with code reviews, static analysis, and dynamic testing.
  • API Security: Bearer token authentication, request signing, rate limiting, and IP whitelisting for API access.
  • Monitoring and Detection: 24/7 security monitoring with automated alerting for anomalous activities.
  • Incident Response: Documented incident response plan with defined escalation procedures and communication protocols.
  • Business Continuity: Comprehensive disaster recovery and business continuity plans tested regularly.
  • Third-Party Security: Security assessments of all third-party vendors and service providers.

9. Reporting Obligations

Bridgenetic fulfills various reporting obligations to regulatory authorities:

  • CBN Returns: Regular submission of operational and financial returns as prescribed by the Central Bank of Nigeria.
  • NFIU Reports: Filing of Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs) with the Nigeria Financial Intelligence Unit.
  • NDPC Reports: Annual data protection compliance reports and breach notifications to the Nigeria Data Protection Commission.
  • Incident Reports: Timely reporting of security incidents, system outages, and fraud events to relevant authorities.
  • Audit Reports: Submission of internal and external audit reports as required by regulators.

10. Audit and Oversight

Our compliance program is subject to regular audit and oversight:

  • Internal Audit: Regular internal audits of compliance controls, processes, and procedures.
  • External Audit: Annual external audits by qualified, independent auditors.
  • Regulatory Examinations: Full cooperation with regulatory examinations and inspections by the CBN and other authorities.
  • Penetration Testing: Annual penetration testing by certified security professionals.
  • Compliance Reviews: Quarterly reviews of compliance program effectiveness with reporting to senior management and the Board.

11. Regulatory Partnerships

Bridgenetic maintains constructive relationships with key regulatory bodies:

  • Central Bank of Nigeria (CBN): Primary regulator for payment systems and financial services.
  • Nigeria Data Protection Commission (NDPC): Oversight of data protection compliance.
  • Nigeria Financial Intelligence Unit (NFIU): Financial intelligence and suspicious activity reporting.
  • Economic and Financial Crimes Commission (EFCC): Enforcement of financial crime legislation.
  • Nigeria Inter-Bank Settlement System (NIBSS): National payment infrastructure and settlement.
  • Corporate Affairs Commission (CAC): Business registration and corporate governance.

12. Industry Standards and Best Practices

Beyond regulatory requirements, we adhere to industry best practices:

  • ISO 27001: Information security management system standards for protecting information assets.
  • OWASP Guidelines: Application security best practices for web application development.
  • NIST Cybersecurity Framework: Comprehensive approach to managing cybersecurity risk.
  • SOC 2 Principles: Service organization controls for security, availability, and confidentiality.

13. Compliance Training

All Bridgenetic personnel receive regular compliance training covering:

  • AML/CFT awareness and suspicious activity identification.
  • Data protection principles and obligations under NDPA/NDPR.
  • Information security best practices and incident reporting.
  • Consumer protection requirements and fair treatment principles.
  • Regulatory updates and changes to compliance requirements.
  • Ethics, anti-bribery, and anti-corruption policies.

14. Whistleblowing and Reporting

We maintain channels for reporting compliance concerns:

  • Internal whistleblowing mechanisms for employees to report concerns without fear of retaliation.
  • External reporting channels for merchants and third parties to raise compliance-related issues.
  • Protection for whistleblowers in accordance with applicable Nigerian law.

15. Contact Our Compliance Team

For questions about our regulatory compliance, certifications, or to report compliance concerns:

Last updated: May 2026