UBA wins 2026 ‘Banker Technology’ award for AI innovation, launches upgraded app

Abstract
United Bank for Africa (UBA) Plc's recent recognition with the 2026 ‘Banker Technology’ award for AI innovation and the launch of its upgraded app underscore the accelerating integration of artificial intelligence within Nigeria's financial sector. This development highlights critical legal and regulatory considerations for financial institutions leveraging AI, particularly concerning data protection, cybersecurity, consumer rights, and cross-border data transfers. As AI systems become more sophisticated and integral to banking operations, compliance with Nigeria's evolving legal framework, including the Nigeria Data Protection Act 2023 and recent Central Bank of Nigeria directives on AI in anti-money laundering and data localisation, becomes paramount for mitigating risks and ensuring sustainable innovation across UBA's extensive African network.
Introduction
The recent announcement of United Bank for Africa (UBA) Plc as the winner of the African category at the 2026 Banker Technology Awards, coupled with the launch of its upgraded application, signals a significant milestone in the digital transformation of Nigeria's financial services industry. UBA's recognition for innovations in digital payments, e-business, and the strategic use of artificial intelligence (AI) to facilitate seamless cross-border banking across over 20 African markets, places a spotlight on the profound impact of advanced technology on modern finance. This achievement is not merely a testament to UBA's technological prowess but also a critical indicator of the increasing reliance on AI within the banking sector, presenting both immense opportunities and complex legal challenges.
Background
The Nigerian financial technology (fintech) landscape operates within a dynamic and evolving regulatory framework, primarily overseen by the Central Bank of Nigeria (CBN), the Nigeria Data Protection Commission (NDPC), and the Federal Competition and Consumer Protection Commission (FCCPC). The foundational legislation governing banking operations is the Banks and Other Financial Institutions Act (BOFIA) 2020, which repealed previous enactments and expanded the CBN's regulatory purview to include various financial institutions, including fintech companies. This Act empowers the CBN to license and supervise these entities, ensuring financial system stability and consumer protection.
Data protection in Nigeria is primarily governed by the Nigeria Data Protection Act (NDPA) 2023, which replaced the Nigeria Data Protection Regulation (NDPR) 2019 and established the NDPC as the apex regulatory authority. The NDPA provides a comprehensive framework for the processing and protection of personal data, aligning Nigeria with international data privacy standards. Complementing this, the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 provides a legal and institutional framework for combating cybercrimes, promoting cybersecurity, and protecting critical national information infrastructure, electronic communications, data, and privacy rights.
Recognising the need to foster innovation while maintaining regulatory oversight, the CBN introduced the Regulatory Framework for Sandbox Operations in 2021, providing a controlled environment for firms to test innovative products and services. Furthermore, consumer protection in digital financial services is addressed by the CBN Consumer Protection Regulations 2019, which mandates fair treatment, transparency, and ethical practices by financial institutions. These legislative and regulatory instruments form the bedrock upon which AI innovation in Nigerian banking must be built, ensuring compliance and safeguarding stakeholder interests.
Analysis
The deployment of AI by financial institutions like UBA introduces multifaceted legal and regulatory considerations. Central to these is compliance with the Nigeria Data Protection Act (NDPA) 2023. AI systems, by their nature, process vast quantities of personal data, necessitating strict adherence to NDPA principles such as lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, and confidentiality. The NDPA also sets out specific criteria for processing sensitive personal data and introduces protections against decisions based solely on automated processing, including profiling, that have legal or significant effects on individuals. Financial institutions classified as Data Controllers of Major Importance are required to designate Data Protection Officers (DPOs) to ensure internal compliance and serve as a liaison with the NDPC.
Cybersecurity is another critical area. The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 provides a framework for preventing and punishing cybercrimes, which is highly relevant given the increased attack surface presented by AI-driven digital platforms. Financial institutions have obligations to report cyber threats, and the Act aims to protect critical national information infrastructure. The CBN has also recently (March 2026) formally embedded AI and machine learning into its Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) framework, mandating financial institutions to deploy automated systems for real-time fraud detection and reporting. While encouraging AI for anomaly detection and risk scoring, the CBN emphasizes transparency, governance oversight, and annual independent validation of AI models to ensure accuracy and prevent bias.
Consumer protection is paramount in the context of AI-powered banking applications. The CBN Consumer Protection Regulations 2019 mandates fair treatment, ethical practices, and clear terms and conditions for consumers. The Federal Competition and Consumer Protection Commission (FCCPC) also holds concurrent jurisdiction over consumer protection matters. Recent CBN rules on instant payments (March 2026) aim to curb electronic fraud and empower customers with greater control over their accounts, underscoring the regulator's focus on safeguarding consumer interests in the digital space.
UBA's extensive pan-African operations necessitate careful consideration of cross-border data transfer regulations. Section 43 of the NDPA 2023 restricts the transfer of personal data outside Nigeria unless the recipient country ensures an adequate level of data protection, or appropriate safeguards, such as Standard Contractual Clauses, are in place. While explicit consent from data subjects can serve as an exception, it is generally impractical for routine, high-volume transfers. Significantly, the CBN introduced a mandatory data localisation policy in June 2026, requiring all payment transaction data generated within Nigeria to be stored and processed locally by January 1, 2027. This directive will have substantial implications for UBA and other financial institutions with cross-border operations, necessitating a review of their data architecture and compliance strategies. Furthermore, the CBN recently directed banks and fintechs to disclose ultimate beneficial owners and introduced market structure rules to prevent excessive dominance, reflecting an intensified focus on transparency and competition within the payments ecosystem.
Conclusion
UBA's recognition for AI innovation highlights the transformative potential of artificial intelligence in reshaping the African financial landscape. However, for legal practitioners advising financial institutions, this innovation comes with a complex web of regulatory obligations and risks. Navigating the Nigerian legal framework, encompassing the NDPA 2023, the Cybercrimes Act 2015, and the extensive directives from the Central Bank of Nigeria on digital banking, AI in AML, and data localisation, requires a proactive and meticulous approach.
Practitioners must guide their clients in establishing robust data governance frameworks, ensuring algorithmic transparency, mitigating biases, and implementing stringent cybersecurity measures. The recent CBN directives on data localisation and beneficial ownership disclosure, effective by early 2027, demand immediate attention and strategic re-evaluation of operational models, especially for institutions with pan-African footprints. As regulators continue to adapt to rapid technological advancements, staying abreast of these evolving legal requirements and fostering a culture of compliance will be critical for financial institutions to harness the full potential of AI while safeguarding consumer trust and maintaining financial system stability.
Citations
- 1.Banks and Other Financial Institutions Act 2020
- 2.Central Bank of Nigeria Consumer Protection Regulations 2019
- 3.Central Bank of Nigeria Framework for Regulatory Sandbox Operations (2021)
- 4.Central Bank of Nigeria Circular on Instant Payment Services (March 12, 2026)
- 5.Central Bank of Nigeria Circular on Disclosure of Ultimate Beneficial Ownership and Data Localisation (June 15, 2026)
- 6.Central Bank of Nigeria Baseline Standards for Automated Anti-Money Laundering (AML) Solutions for Financial Institutions in Nigeria (March 10, 2026)
- 7.Cybercrimes (Prohibition, Prevention, etc.) Act 2015
- 8.Nigeria Data Protection Act 2023
How does this affect your business?
Get an AI analysis of this article grounded in your jurisdictions, practice areas, and any policy documents you've uploaded to Wansom.
