The Central Bank of Nigeria (CBN) has introduced new minimum standards for the deployment, operations, maintenance, and security of Automated Teller Machines (ATMs) across the country, effectively replacing all previous ATM-related regulations.
The apex bank disclosed this in a circular titled “Exposure of the Draft Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria”, released over the weekend. A major highlight of the new guidelines is a revised deployment ratio, which mandates all card issuers to deploy at least one ATM for every 5,000 payment cards issued.
According to the CBN, full compliance with the new ratio must be achieved within three years, with 30 per cent implementation required in 2026 and 100 per cent compliance expected by 2028.
The guidelines also place strong emphasis on customer safety and transaction security. ATMs must be located in secure areas that guarantee user safety and confidentiality of transactions. Machines are not to be installed outside buildings unless they are firmly bolted to the floor.
The CBN further directed that ATM deployment, redeployment, and decommissioning must receive prior written approval from the Bank. Independent ATM Deployers (IADs) are also required to obtain CBN approval and meet licensing or registration requirements, including proof of partnership with a bank for cash provisioning.
On failed transactions, the apex bank mandated instant reversal for failed “on-us” transactions—where customers use their own bank’s ATMs. Where instant reversal is not possible due to technical issues, manual refunds must be completed within 24 hours. For “not-on-us” transactions involving other banks’ ATMs, refunds must not exceed 48 hours.
Additional provisions of the directive include automatic refunds for non-dispense errors without customer prompting, compulsory installation of cameras on all ATMs (excluding keystroke recording), and the deployment of anti-skimming devices to combat fraud. ATM keys must be changed annually, with unique keys for each machine, while customers are allowed to change their PINs free of charge.
All ATM deployers and acquirers are required to comply with Payment Card Industry Data Security Standards (PCI DSS). The guidelines also stipulate that ATM downtime must not exceed 72 consecutive hours, and customers must be informed if this threshold cannot be met.
The CBN further mandated continuous cash availability at all ATMs, with banks retaining full responsibility for cash provisioning, even where deployment is handled by non-bank institutions. Institutions must clearly display helpdesk contacts, charges, and fees, and ATMs must issue receipts for all transactions except balance enquiries.
To ensure compliance, the CBN will conduct periodic audits and onsite inspections. Financial institutions are also required to submit monthly returns detailing new ATM deployments by the 5th day of the following month. The Bank warned that appropriate penalties would be imposed on institutions that fail to comply with the new guidelines.
Leave a comment