Transaction limits are one of the most universally deployed controls in Nigerian fintech, and also one of the most frequently poorly designed. They are set too low for legitimate high-value customers, applied uniformly regardless of customer risk profile, and rarely reviewed after initial deployment. The result is a control that frustrates good customers while doing little to stop sophisticated fraudsters who understand the limits and work around them through structuring.
Why Transaction Limits Exist and What They Actually Do
Transaction limits serve several distinct purposes that are often conflated. Fraud containment limits reduce the maximum loss from a single account compromise event. AML controls use limits to force transactions above certain thresholds into a monitoring and reporting regime. Regulatory compliance uses limits to enforce CBN-mandated thresholds tied to KYC tier levels. These three purposes suggest different optimal limit designs, and a single limit structure that tries to serve all three simultaneously will typically do none of them well.
Risk-Based Limit Structures
A risk-based approach to transaction limits means that the limit a customer experiences is a function of their risk profile, not a uniform default applied to everyone. High-value customers with long account tenure, consistent transaction history, fully verified KYC, and low behavioral risk scores should be able to transact at higher limits with less friction than new accounts with thin history and elevated risk indicators. This is not preferential treatment; it is appropriate calibration. Treating a verified corporate customer with years of transaction history the same as a newly opened account is both a commercial error and a misallocation of compliance scrutiny.
Dynamic Limits Versus Static Limits
Static limits are set once and applied until someone manually changes them. Dynamic limits adjust in real time based on the risk context of a specific transaction. A customer attempting a transfer to a new beneficiary late at night from a new device might face a temporarily reduced limit and a step-up authentication requirement, while the same customer transferring their regular salary to a registered payee during business hours from their usual device faces no additional friction. Remllo Watchtower applies dynamic limit logic as part of transaction risk scoring, so the effective limit for any given transaction reflects the full risk context rather than a fixed threshold that applies regardless of circumstances.
Regulatory Limit Requirements in Nigeria
The CBN has mandated specific transaction limits tied to KYC tier levels for mobile money and payment service bank accounts. Tier 1 accounts, which require only a phone number and BVN for opening, face the lowest limits. Tier 2 and Tier 3 accounts with progressively more complete KYC documentation can access higher limits. These regulatory floors are not optional, but fintechs have discretion to set limits lower than the regulatory maximum if their risk assessment supports it. Setting limits significantly below the regulatory maximum for standard accounts is a legitimate risk management decision, but should be documented as such rather than left as an unexplained product configuration.
Communicating Limits to Customers Without Helping Fraudsters
Publishing exact transaction limits in your product documentation helps legitimate customers plan their financial activity. But publishing the precise thresholds that trigger enhanced monitoring or step-up authentication gives fraudsters a roadmap for structuring transactions to stay just below those thresholds. The solution is to publish standard product limits clearly while keeping monitoring thresholds and dynamic adjustment parameters confidential. This distinction, between the limit a customer is told they have and the thresholds that trigger internal risk actions, is a well-established practice in compliance design. For context on how limits fit within a broader AML architecture, see the discussion of rethinking the Nigerian fintech AML stack and the approach to building an AML risk assessment that connects product risk to control design.
