Nigeria's data regulator probes Sterling Bank, Remita over breach

LAGOS, Nigeria (AP). Nigeria's National Data Protection Commission has opened formal investigations into Sterling Bank Plc and payment processor Remita following allegations of unauthorized data processing affecting millions of customers. The NDPC confirmed Sunday it is examining whether the institutions violated Nigeria's 2023 Data Protection Act regarding consent mechanisms and cross-border data transfers. The probe stems from complaints that customer financial data was shared with third-party fintech partners without explicit authorization. Sterling Bank, one of Nigeria's tier-2 commercial lenders with approximately 6 million customers, said it is cooperating with regulators. Remita, which processes payments for government agencies and utilities, handles transaction data for an estimated 50 million Nigerian accounts. The investigation signals heightened enforcement of Africa's most comprehensive data protection framework, with potential fines reaching 4% of annual revenue. Industry observers said the case could establish precedent for bank-fintech data sharing arrangements across the continent's largest economy.