Nigeria’s Terra Industries, a startup manufacturing autonomous drones, is opening its first overseas factory in Ghana, in a strategic pivot that highlights the startup’s determination to scale faster outside its home market rather than wait for local policies to catch up.

The 34,000-square-foot drone manufacturing facility in Accra, named Pax-2, will become Africa’s largest such plant when it begins operations in June 2026, more than doubling the footprint of Terra’s Abuja factory.

The company, founded in 2024 by Nathan Nwachukwu and Maxwell Maduka, and now backed by USD 34 M from investors including Palantir co-founder Joe Lonsdale’s 8VC and Lux Capital, has already secured contracts protecting some USD 11 B worth of critical infrastructure across eight African nations, including hydropower plants, lithium mines and oil facilities.

But for a startup positioning itself as Africa’s first “defence prime” – a vertically integrated manufacturer of autonomous surveillance systems – the choice of Ghana raises a pointed question: Why not Nigeria?

Ghana’s incentives appear to be the decisive factor. The country’s free zones regime offers a 10-year corporate tax holiday followed by a reduced 15% rate, along with duty exemptions on imported machinery and raw materials.

Meanwhile, Nigeria’s Defence Industries Corporation (DICON) Act 2023, intended to encourage local military manufacturing, has yet to produce tangible results for Terra beyond a memorandum of understanding signed in February.

With over 80% of Terra’s components already sourced locally, the company’s CEO, Nwachuku, cited Ghana’s “political will to become a serious defense exporter” as a key reason for the expansion.

Yet the move carries commercial risk. Terra has generated over USD 2.5 M in revenue since its founding, but its new Ghana facility is projected to produce 50,000 units annually by 2028, a leap in production that will require a massive expansion of its customer base beyond the USD 50 M in contracts the company has already signed. The company’s primary market remains Nigeria, where the vast majority of its existing clients are based.

Ghana is betting that Terra’s arrival will do more than fill government coffers. The government has already committed to distributing 272,000 metric tonnes of fertiliser nationwide and allocating GHC 2.7 B (~USD 243 M) for cocoa farmer support in 2026, part of a broader agricultural transformation agenda. A local drone industry could complement these efforts, particularly in precision agriculture and infrastructure monitoring.

But it’s becoming apparent that Terra’s ambition to build “sovereign defense” capabilities for Africa is running ahead of the regulatory frameworks needed to support it at home. Until Nigeria matches Ghana’s incentives, the continent’s most-funded defense-tech startup will keep building its future on more welcoming ground.

Call Airtel Nigeria’s customer service line today, and, before anything else, a recorded message plays: “The Xtratime service is currently not available.”

That automated notice is the first sign of a sudden freeze on a multi-billion-naira fintech engine. MTN Nigeria and Airtel Nigeria have suspended their airtime and data lending services to comply with new digital lending regulations, a move that cuts off a revenue stream that has quietly become one of the telecoms’ most lucrative fintech businesses.

In the first nine months of 2025, MTN Nigeria’s fintech arm generated NGN 131.62 B (USD 91.64 M) in revenue, a 72.5% year-on-year surge, with its Xtratime airtime lending product as the primary driver.

For perspective, MTN’s “core fintech” operations excluding airtime lending yielded just NGN 6.8 B during the same period, meaning the vast majority of its fintech revenue is tied directly to these microloans. In the first half of 2025 alone, fintech revenue hit NGN 83 B, up 71.8%, driven largely by Xtratime.

Airtel has followed a similar playbook. Between 2021 and 2025, Airtel Nigeria reported earnings of approximately USD 36 M from its “Buy Now, Pay Later” services for airtime and data, reflecting a roughly 70% year-over-year growth.

Across Nigeria’s telecom sector, analysts estimate operators collectively earn over NGN 400 B annually from airtime lending, with fees ranging from 10% to 15%. Between 2019 and 2023, MTN alone advanced NGN 5.6 T in airtime and data loans.

Yet when MTN announced the suspension on April 16, it told investors that “given the scale of Xtratime within the overall MTN Nigeria revenue mix, we do not expect the temporary suspension to have a material impact on financial performance”. Airtel echoed the sentiment, saying the halt was unlikely to materially affect earnings.

It does seem a bit of a contradiction that a service driving the majority of a NGN 131 B fintech segment, and generating billions more across the industry, is simultaneously deemed immaterial. What the telecoms appear to be signalling is that airtime lending, while massive in absolute terms, remains dwarfed by their core voice and data businesses.

But for their fintech ambitions, the suspension is a significant blow. MTN’s active wallet base stood at just 2.9 million as of September 2025, a fraction of its 89 million subscribers, leaving airtime lending as the main bridge between its telecom and financial services offerings.

It follows that the gap between the telcos’ public statements and their own financials suggests that what’s “temporary” may be more painful than they let on.

***

The country’s two largest telecom operators suspended their airtime and data lending services in mid-April, leaving an estimated 156 million combined subscribers without access to small emergency loans of airtime and data.

The suspension follows intensified regulatory oversight by Nigeria’s Federal Competition and Consumer Protection Commission (FCCPC), which introduced the Digital, Electronic, Online or Non-Traditional Consumer Lending Regulations (DEON) in July 2025. The framework requires all digital lenders, including telecom operators offering airtime advances, to register with the commission and meet stricter consumer protection and transparency standards.

MTN Nigeria announced the suspension in a corporate filing to the Nigerian Exchange, stating its Xtratime service was paused to align with the new compliance and licensing requirements. Airtel followed within 24 hours, with marketing director Ismail Adeshina describing the move as a “necessary and responsible step” toward regulatory alignment.

The FCCPC has denied issuing any ban, instead blaming the operators for failing to comply with repeated deadlines. Operators were initially given a 90-day compliance window from July 2025, later extended to January 5, 2026, and then to April 2026.

“Any temporary suspension introduced by service providers should be understood as a business or compliance decision by those operators, not a ban imposed by the FCCPC,” the commission said in a statement.

The disruption has hit hardest among Nigeria’s low-income earners, who rely on the service for emergency communication and daily business operations. A Lagos banker told local media the service helped manage urgent communication when cash was limited, while a Port Harcourt trader described the suspension as a sudden removal of a “lifesaver” without alternatives. Airtel’s director of marketing acknowledged the halt could disrupt “short-term usage patterns among low-income subscribers”.

At the moment, legal processes are ongoing. The Wireless Application Service Providers Association of Nigeria (WASPA) secured an interim injunction from a Lagos Federal High Court on April 14, restraining the FCCPC from enforcing the DEON regulations. The court adjourned the case to April 27, 2026.

Despite the court order, neither operator has restored services, citing ongoing compliance processes. Both companies have assured customers they can still purchase airtime through banking apps and other existing recharge channels.

For now, the recorded message remains. And millions of Nigerians remain cut off from the credit line they depended on.

For now, the automated notice remains. But the gap between the telcos’ public statements and their own financials suggests that what’s “temporary” may be more painful than they let on.

For the better part of a decade, Kenya has been promoted as a model for ethical outsourcing among global tech firms, and particularly in the jostling for artificial intelligence supremacy. The draw was a young, English-speaking, cost-competitive workforce, ideal for the tedious work of labelling data to train AI models.

Sama, a US-based firm that calls itself an “impact employer,” built its Nairobi office around that pitch. It secured contracts with some of the world’s largest technology companies and employed thousands of Kenyans.

On April 16, that model hit a wall. Sama announced it was laying off 1,108 employees after Meta, its single biggest client, terminated a major engagement. Despite attempts to negotiate, the contract loss stuck. The redundancy notice, issued under Kenya’s Employment Act, will take effect later this month.

The layoffs expose the risk of over-reliance on a small number of large international clients, a vulnerability few outsourcing firms in Kenya openly discuss. It’s often the case that when one of those clients leaves, the entire operation buckles.

Meta was the anchor

Sama’s client list includes Google, Microsoft, GM, and Ford. But industry insiders have long known that Meta was the anchor. The two companies began working together around 2017, with Sama providing content moderation and data annotation for Meta’s platforms.

The relationship grew large enough that a significant portion of Sama’s Nairobi headcount was dedicated solely to Meta work. When Meta decided to end that engagement, no other client was waiting to absorb the affected staff.

Meta has spent the past two years shifting its content moderation strategy. The company has invested more in automated filtering and has moved some contracts to lower-cost providers. For Sama, that shift was always a threat. But like many outsourcing firms, it had no diversified revenue stream to cushion the blow.

A troubled history

The Sama-Meta partnership has been marked by repeated controversies. In 2022, an investigation by Time Magazine found that Sama content moderators in Nairobi earned as little as USD 1.46 per hour after taxes.

More than 140 workers were diagnosed with post-traumatic stress disorder from reviewing graphic content, including beheadings, child abuse, and violent deaths, for Meta’s platforms. When some workers attempted to unionise and demand better conditions, they were fired. In 2023, Sama announced it was quitting content moderation work for Facebook to focus on computer vision annotation

Meanwhile, a group of 185 former moderators is currently suing Sama and Meta. The lawsuit alleges illegal dismissal and blacklisting from similar roles with other contractors. The moderators are seeking USD 1.6 B in damages.

Just weeks before the April 16 redundancy notice, a Kenyan Court of Appeal ruled that Meta could be sued locally over the dismissals. The court dismissed Meta’s appeal as “devoid of merit.” Mercy Mutemi, a lawyer representing the sacked moderators, called the ruling a wake-up call for Big Tech companies operating through contractors in Africa.

Automation is accelerating the risk

The Meta contract termination is not an isolated event. Across the industry, large technology companies are reducing their reliance on human content moderators and data labellers. Automation tools, machine learning models that can flag or classify content without human review, have become more capable and cheaper to run.

Even where humans are still needed, tech firms are pushing costs down. Outsourcing contracts are getting shorter, margins are shrinking, and suppliers like Sama have little leverage.

Kenya has positioned itself as a key node in what is often called the “global AI value chain.” The selling point is lower labour costs relative to Europe or North America, combined with high English proficiency and reliable internet infrastructure. But that value chain is only as stable as the next contract renewal.

When a major client like Meta decides to automate or move elsewhere, the jobs disappear almost overnight.

Today’s mass layoffs, combined with the ongoing legal battles and repeated allegations of exploitation, paint a troubling picture of an industry built on a fragile foundation.

What happens to the workers

Sama has said it will provide wellness resources, full medical benefits, and on-site counselling to affected employees. The company’s country lead, Annepeace Alwala, said in the redundancy notice: “Our immediate priority is supporting our employees through this change and ensuring continuity across our broader operations.”

No severance details have been disclosed. Under Kenyan law, employers issuing redundancies are required to pay severance at a rate of at least 15 days’ pay per completed year of service, along with notice or pay in lieu of notice.

For the 1,108 workers losing their jobs, the immediate concern is income. The longer-term concern is whether other tech companies will follow Meta’s lead, and whether Kenya’s outsourcing industry can survive a future where automation replaces the very jobs it was built on.

Feature Image Credits: BBC

A Ugandan HR specialist with 20 years of experience in the Gulf has built a free tool that could give African workers a clearer picture of how artificial intelligence (AI) might reshape their careers.

Kim Kiyingi, who runs InspireAmbitions and is the author of “From Campus to Career,” launched an AI Job Risk Calculator that does not just score job titles but analyses a user’s actual daily tasks to generate a personalised risk score, a protection score, and an estimated year of displacement.

The calculator, which draws on research from the World Economic Forum, McKinsey, Goldman Sachs, and Oxford University, applies three scoring dimensions: AI technical capability, economic incentive for automation, and regulatory or social barriers in a specific country and industry. It then generates a risk score, a protection score, and an estimated timeline for when the majority of high-risk tasks could realistically be automated.

Kiyingi, who says he currently leads people operations across multiple hospitality properties in the UAE, covering over 600 employees across more than 40 nationalities, built the tool after watching companies make automation decisions from the inside for years.

“Most existing tools just score job titles, which tells you nothing useful,” he told WT. “A marketing manager in Lagos does completely different work than one in London. I wanted to give people a way to see which specific parts of their role are at risk and which parts protect them, so they can make smart moves instead of panicking.”

In Africa, where the conversation about AI and jobs has often been framed by macro-level projections, the calculator offers a different view. The tool has dedicated parameters for Nigeria, Kenya, South Africa, and Egypt, the continent’s largest and most digitally active economies.

For other countries, it applies a generalised developing-economy framework adjusted for local infrastructure and regulatory context.

What roles are at risk, and which ones are not (for now)?

Perhaps the most striking pattern revealed by the calculator is the vulnerability of entry-level digital roles, which were previously seen as pathways to prosperity.

The tool scores a junior software developer in Nigeria at roughly 49 to 55 percent risk, exclusive roles analysis shared with WT shows.

The tasks driving that score include code generation from specifications, debugging standard errors, writing unit tests, and documentation, all functions that GitHub Copilot and similar tools already perform at production quality. Senior developers who architect systems and manage stakeholders score much lower at 21 to 27 percent.

That junior-senior gap may be the most important insight the calculator provides, and it aligns with recent findings elsewhere. A Stanford University analysis found that workers aged 22 to 25 in AI-exposed fields experienced a 13 percent relative decline in employment, even as older colleagues saw gains in the same sectors. The research suggests AI is starting to have a significant and disproportionate impact on entry-level workers.

In Africa, the contrast between global projections and on-the-ground realities is particularly sharp. The International Labour Organisation found that only 0.4 percent of employment in low-income countries is currently exposed to direct AI automation, compared with 5.5 percent in high-income countries.

But, as Kiyingi notes, that is an economy-wide aggregate figure. A bank teller in Lagos faces a 74 percent personal risk even though the national aggregate remains low, his analysis shows, because most Nigerian workers are in agriculture and informal sectors that AI does not yet touch. Both figures are accurate, Kiyingi points out, but measure different things.

AI versus Jobs

Some roles that might seem obvious candidates for automation turn out to be surprisingly protected. The calculator scores a mobile money agent in Kenya at roughly 36 to 42 percent risk.

Mobile money agents operate where trust, physical cash handling in areas without reliable internet, personal identity verification, and navigating informal economic networks are central. In London or Dubai, this role would be mostly automated already. In rural Kenya, it is protected by the very conditions that make the work necessary.

The calculator also points to broader trends that African economies cannot ignore. McKinsey projects that generative AI could unlock USD 61 B to USD 103 B in annual economic value across Africa if deployed at scale, with telecom and retail capturing the biggest shares. The calculator reflects this as telecom and retail roles with routine task profiles score highest, which is where businesses have the strongest economic incentive to automate.

But the tool is not designed to cause panic. Kiyingi shared an early example of a marketing professional in West Africa who ran her role through the calculator and found that over 60 percent of her daily tasks, including social media scheduling, basic copywriting, and campaign reporting, scored above 70 percent risk.

Her strategy and client relationship work, however, scored below 20 percent. He told WT that she has since redirected her development time toward strategic planning and stakeholder management.

“That’s the shift I wanted the tool to create,” Kiyingi said. “Less panic, more clarity on what to do next.”

South Africans talked more on their phones in 2025 than ever before, but their mobile providers made less money out of it.

National voice traffic surged 21.5% to 88.6 billion minutes, according to Icasa’s latest State of the ICT Sector report. Yet mobile services revenue fell ZAR 10.4 B (USD 635 M). Total mobile revenue dropped nearly 8% to ZAR 122 B (USD 7.4 B). Every major category took a hit. Voice revenue down 2%. Data revenue down 3%. Roaming revenue down 12%, and text messaging saw a 38% collapse in a single year.

The culprit is WhatsApp. South Africans have migrated their calls, their chats and their group banter to Meta’s platform. They are talking more, just not paying for the privilege. “Declines in SMS and voice revenue are consistent with long-term substitution towards OTT messaging and calling applications,” Icasa said in the report.

Generally, though, total telecoms revenue still edged up 1.6% to ZAR 236 B. This growth happened elsewhere.

Fixed broadband is booming. Fibre-to-the-home subscriptions crossed three million for the first time, up 22%. Fixed internet revenue jumped 16% to ZAR 41 B. Telcos poured 12% more into fixed‑line infrastructure while slashing mobile investment by 21%. They appear to be following the money, and the money is following the fibre.

The industry now faces a regulatory reckoning. Icasa has recommended a “comprehensive market enquiry into OTT communication and streaming services”.

The draft white paper on audio and audiovisual media services already proposes licensing obligations for global streaming platforms once they hit revenue thresholds. In other words, WhatsApp, Netflix and YouTube may soon face bills for using South African networks. The mobile operators would welcome that. But the numbers suggest they are already adapting.

Feature Image Credits: MyBroadband

He calls South Africa’s black empowerment laws “viciously racist.” His own regulatory team has formally and repeatedly endorsed them.

That contradiction lies at the heart of the Starlink impasse, which escalated dramatically over the weekend when Elon Musk called a senior South African diplomat “a fucking racist” and an “asshole” in a profanity-laced exchange on X.

The outburst came after Clayson Monyela, head of public diplomacy at the Department of International Relations, pointed out that more than 600 US companies operate in the country without incident. Musk’s reply was swift and vulgar.

Yet the world’s richest man has since added a new, explosive allegation, claiming his company was repeatedly offered the chance to “bribe our way to a license by pretending that a black guy runs Starlink SA.” He says he refused “on principle.”

Behind the name-calling is a policy standoff with billions in potential investment at stake. South Africa’s telecoms licensing rules require companies to cede 30% equity to historically disadvantaged group, a condition SpaceX says it does not meet anywhere in the world.

But a workaround exists. Equity Equivalent Investment Programmes (EEIPs) allow multinationals to meet empowerment targets through infrastructure or skills investment instead of ownership dilution.

Starlink has proposed channelling close to ZAR 2 B (~USD 121 M) into local infrastructure under such a framework, including ZAR 500 M (USD 30 M) to connect 5,000 rural schools to high-speed internet. The company even launched a dedicated webpage arguing that EEIPs are “a lawful and well-established B-BBEE mechanism.”

So why the stalemate?

Communications minister Solly Malatsi issued a final policy directive in December, instructing regulator Icasa to recognise EEIPs as a legitimate alternative. But Icasa has yet to act, telling ITWeb recently that “the matter is still being attended to internally.”

The directive has faced fierce political pushback, with the ANC-led parliamentary communications committee calling for its withdrawal. Meanwhile, the Broad-Based Black Economic Empowerment (B-BBEE) ICT Sector Council announced a full review of the 2016 ICT Sector Code last week, with public comments due by 20 May.

The government insists it won’t bend. “BEE in South Africa is non-negotiable,” Minister in the Presidency Khumbudzo Ntshavheni said earlier this month. “There will not be accommodations of individual businesses at the expense of South Africa.”

Presidency spokesperson Vincent Magwenya put it more bluntly on Sunday: “There are currently 193 member states in the UN. Surely there’s good money to be made out of 192 markets. It’s OK to move on.”

Musk has shown no intention of moving on. In a post on X following the exchange, he doubled down: “Racism should not be rewarded no matter to which race it is applied. Shame on the racist politicians in South Africa. They should be shown no respect whatsoever anywhere in the world and shunned for being unashamedly RACISTS!”

Starlink operates in roughly 25 African countries, including all of South Africa’s neighbours except Namibia, which rejected its licence application in March. Industry analysts suggest that even if the policy directive survives legal and political challenges, the regulatory process could take 18 to 24 months, putting a realistic launch no earlier than late 2027.

The irony is inescapable. Musk’s company is ready to comply. His regulatory team is ready to comply. But the man himself appears determined to burn every bridge.

When an actor known in underground cybercrime groups by the name ByteToBreach wanted to demonstrate how deep they had burrowed into Sterling Bank Plc’s systems recently, they did not pick an anonymous account or a low-level employee. They went straight to the top, exposing sensitive details of Abubakar Suleiman, the bank’s own Managing Director and Chief Executive Officer.

What they pulled back was everything. His bank account number. His Bank Verification Number, the 11-digit identifier that links every Nigerian to every account they hold across the entire banking system. His home address, pulled directly from the bank’s core banking profile. His date of birth. His personal email.

Then came the financials: multiple active secured loans at his own bank, including one with a credit limit of NGN 51 M and an outstanding balance exceeding NGN 205 M. His total loan exposure across all Sterling Bank facilities, totaling more than NGN 290 M. His credit score, compiled from ten separate entries across Nigeria’s credit bureau system.

And finally, the granular detail of his recent transactions. Web purchases from Temu Lagos. OneBank transfers to named individuals. Stamp duty charges from the days immediately before the breach.

To underscore the totality of the intrusion, the hacker used the CEO’s home address to locate his residence on Google Street View, capturing a screenshot with a Lagos police car visible in the frame. The caption posted alongside the image read: “Home sweet home!”

The point, according to the materials published by ByteToBreach, was not to single out Suleiman, but to demonstrate that if the chief executive’s data was laid bare in its entirety, then so too was the data of every single customer at Sterling Bank.

“The Temenos integration did not distinguish between the CEO and a market trader in Enugu with a savings account,” the published materials stated. “The access was total.”

A Breach That Crawled From One System to Another

The Sterling Bank breach, first claimed by ByteToBreach in dark web forum posts on March 27, 2026, did not stop at one institution. According to findings by cybersecurity experts, once inside the systems of Sterling Bank, a prominent lender, they pivoted laterally and gained access to Remita, the payment platform that processes government salaries, tax payments, and a significant portion of Nigeria’s public-sector financial transactions.

The combined haul, the hacker claims, amounts to roughly three terabytes of data extracted from a misconfigured Amazon cloud storage bucket. The contents include over 800 gigabytes of Know Your Customer documents, such as passports, driver’s licences, national ID cards, utility bills, alongside databases, transaction logs, internal source code, API keys, and password hashes.

For Sterling Bank, specifically, the alleged exposure includes approximately 900,000 customer accounts and more than 3,000 employee records, complete with names, roles, branch locations, and contact information. The employee data alone creates a secondary vulnerability as criminals armed with internal staff details can launch highly targeted phishing attacks against bank personnel, potentially opening new doors into the institution’s systems.

ByteToBreach’s posts also named more than 30 additional Nigerian entities as potential targets, including Zenith Bank, the Oyo State Government, insurance firm Leadway Assurance, fintech company GetBumpa, and Ahmadu Bello University Zaria. None of these organisations has confirmed or denied the claims.

What Makes This Breach Different, and Worse

The Sterling Bank incident is especially alarming for the specific combination of data points allegedly stolen, which together form what security researchers call a “complete financial identity package” for each affected customer.

The Bank Verification Number is particularly dangerous. Because it is the universal biometric identifier that links an individual to every bank account they hold across Nigeria’s entire financial system, a compromised BVN enables fraud that can cascade across multiple institutions simultaneously.

When paired with NUBAN account numbers, transaction histories, loan records, and physical identity documents, the data gives criminals everything they need to impersonate customers with precision.

A fraudster armed with this information could call a Sterling Bank customer, recite their exact outstanding loan balance and last three transactions, and convincingly demand a one-time password. This, as it turns out, is not only possible but a documented playbook of Nigerian financial cybercrime.

Who Is Behind This?

ByteToBreach is not an amateur. Intelligence researchers at KELA Cyber, a global threat intelligence firm, have tracked this actor since at least June 2025 and documented a sophisticated, cross-platform criminal operation spanning multiple continents and industries.

The actor’s previous confirmed targets include Uzbekistan Airways (passenger data that included records of U.S. government employees), Seychelles Commercial Bank (customer banking data and attempted extortion), and Viking Line (traveller payment transaction records). Targets have also been identified in Ukraine, Kazakhstan, Cyprus, Poland, Chile, and the United States.

The hacker’s method, according to threat intelligence reports, is to exploit weaknesses in cloud infrastructure, harvest login credentials from malware-infected devices, and conduct large-scale data theft for sale on criminal marketplaces. Several of ByteToBreach’s past claims have been independently verified.

The Silence From Lagos

As of this writing, Sterling Bank has yet to issue a public statement confirming or denying the breach. Remita, in a communication to banking partners, acknowledged an “incident” but described it as “limited to unauthorised access to certain non-financial data” with “no impact on payment systems or transactions”.

The company asked partners to regenerate API credentials and update integrations, a tacit acknowledgement that something went wrong, even as it insisted its core infrastructure remains secure.

Nigeria’s banking regulators have been similarly quiet. The Central Bank of Nigeria has made no public comment on the claims.

The Nigeria Data Protection Commission, however, has moved. On April 1, 2026, the regulator served formal notices of investigation on both Remita and Sterling Bank.

The inquiry, according to a statement from the commission’s head of legal, enforcement and regulations, Babatunde Bamigboye, will assess “the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures taken where a breach is confirmed.”

Under the Nigeria Data Protection Act 2023, organisations found to have violated data protection requirements face penalties of up to NGN 10 M or 2% of their annual gross revenue, whichever is higher.

A Crisis of Trust in Nigeria’s Digital Banking Boom

The breach arrives at an awkward moment for Nigeria’s financial sector. The country has been aggressively pushing digital payments and financial inclusion, with millions of Nigerians now conducting their daily transactions through mobile apps and online platforms. Trust in that digital infrastructure, which is the foundation on which the entire system rests, now comes under threat.

Nigeria already ranks third in Sub-Saharan Africa for total data breaches since 2004, with 23.2 million compromised accounts, according to a 2025 report from cybersecurity firm Surfshark. Electronic fraud losses in the banking sector have surged past NGN 1 T annually. The Central Bank has been under pressure to upgrade its decade-old authentication standards from two-factor to three-factor verification.

The Sterling Bank case, if confirmed, would represent a new order of magnitude, especially because of the symbolic weight of seeing a bank CEO’s entire financial life exposed alongside 900,000 of his own customers.

For Suleiman, the breach is personal in ways that extend far beyond his role as chief executive. His home address is now in the hands of unknown actors. His transaction history—who he pays, how he spends, where he shops—is no longer private. His loan exposures, credit score, and banking behaviour are available to anyone willing to pay the right price on an underground forum.

For the 900,000 customers whose data may have been swept up alongside his, it’s anything but reassuring that the man running the bank could not be protected by its security systems. “If that could happen to the CEO, what chance did anyone else have?” lingers as a troubling question.

What Comes Next

The NDPC investigation is expected to take weeks, if not months. In the meantime, cybersecurity experts have advised Sterling Bank and Remita customers to monitor their accounts vigilantly, enable two-factor authentication on all financial applications, and treat any unsolicited phone calls or messages requesting personal information with extreme suspicion.

The broader question of whether Nigeria’s financial institutions are adequately secured against a global threat landscape that has become increasingly hostile is unlikely to be answered by any single investigation. But the image of a bank CEO’s home, pulled from his own employer’s systems and displayed on the internet with a police car in the frame, will linger long after this particular breach fades from the headlines.

It is, as the hacker put it, home sweet home; except it is not sweet, and it is no longer secure.

Renew Capital, a pan-African investment firm with over a decade of venture activity on the continent, has announced the launch of Renew Venture Lab: The EmFi Series, a virtual accelerator program aimed at African founders building embedded finance infrastructure. The program was unveiled this morning at GITEX Africa 2026 in Marrakech.

Applications for the program opened today and will close on April 30 for early consideration. The firm stated that its investment team will be actively engaged in the selection process, with the program serving as a pipeline for potential Renew Capital deal flow.

The initiative is centred on the underwriting potential of alternative data. Renew Capital cites a USD 330 B credit gap affecting small and medium-sized enterprises (SMEs) across the continent, noting that fewer than one in five sub-Saharan African businesses can access traditional bank loans.

The EmFi Series is designed to support startups leveraging AI and transactional data footprints to build credit models for their existing merchant or consumer bases.

“Africa’s most important financial story is not being written by banks,” Renew Capital Co-CEO Matthew Davis said in a statement. “It’s being written by tech founders who know their small business customers better than traditional lenders.”

The program structure will blend self-paced modules with live sessions led by practitioners experienced in scaling lending books and credit models. The firm emphasised a continued focus on operational discipline as a core curriculum metric.

The initiative is backed by government partners, including Morocco’s Tamwilcom, Global Affairs Canada, and Norway’s NORAD.

Nigeria’s lending market has a long history of flaunting numbers that make headlines almost always because of size. It’s often a continuous reel of billions deployed, trillions projected, and ambitious targets announced at press conferences. But a new partnership between fintech firm Nomba and Globus Bank is trying to shift the conversation from how much money goes out the door to how much actually comes back.

The two companies today announced a sub‑1% non‑performing loan (NPL) ratio on a NGN 21.3 B (~USD 15.5 M) credit portfolio, a figure that stands in contrast to industry benchmarks where business‑lending NPLs routinely climb past 5% and 10%.

The portfolio spans wholesale and retail (39%), professional services (28%), food and hospitality (11%), oil and gas (11%), and FMCG (8%). And the partners are not stopping there. Nomba’s ambition is a NGN 500 B (USD 365 M) credit book, with plans to build a pipeline of institutional credit partnerships and expand into logistics, healthcare, and manufacturing.

What makes the sub‑1% NPL possible is a fundamentally different approach to underwriting. Nomba sits at the centre of its merchants’ daily transaction activity, capturing sales, settlements, and cash‑flow patterns in real time. When a merchant applies for credit, the facility is sized against live transaction revenue rather than historical documents. When risk needs to be managed, it is managed against what is actually happening in the business today, the company explains.

The second and more consequential difference is collateral. Most Nigerian businesses cannot offer the physical assets traditional lenders require. Nomba’s response is a digitised collateral framework that ties a borrower’s access to the company’s broader platform ecosystem, which includes payments, settlement flows, and business‑continuity tools, directly to their credit behaviour. This way, repayment is structurally embedded in how the business operates day to day, not merely a financial obligation sitting outside the business.

“What distinguishes this facility is not its size but the quality of the underlying credit decisions,” said Elias Igbinakenzua, managing director and chief executive officer of Globus Bank. “The NPL performance of this portfolio is clear evidence of what can be achieved when capital is deployed based on verified transaction data.”

Nomba CEO Yinka Adewale added, “The Nigerian credit conversation has been driven by how much has been disbursed. We believe the more important question is how much has been repaid and why.”

The announcement lands at a moment when the broader lending environment in Nigeria is under significant strain. Bank impairment charges have surged, with eight of the country’s largest banks booking a combined NGN 1.96 T (USD 1.4 B) in the first nine months of 2025 alone.

Meanwhile, the total stock of NPLs in the banking system surpassed NGN 1.57 T (USD 1.14 B) in early 2025. High‑profile defaults have also rattled the ecosystem; Moniepoint has taken Alerzo to court over a NGN 4.3 B working‑capital facility, while top lender, Access Bank, has pursued recovery of NGN 4.6 B lost to a staff‑assisted asset‑finance scheme.

These events underline the reality that in lending, disbursement is the easy part, and repayment is where models are tested. As one analysis of Nigeria’s credit landscape put it, “payment data improves underwriting, but it does not cancel human behaviour.”

Nomba and Globus Bank are betting that a model built on live transaction data and a digital‑collateral framework can produce a different outcome. The sub‑1% NPL on NGN 21.3 B is the first piece of evidence. Whether the model can hold at NGN 500 B is the next big test.

After a decade of powering business payments across Africa, Nigeria’s famous rival fintech duo is finally making their play for the average person on the street. But getting there has meant burying a string of failed consumer experiments first.

For years, Flutterwave and Paystack built their reputations on the merchant side of the economy. Flutterwave processes payments for Uber, Netflix and Microsoft. Paystack powers checkout for thousands of Nigerian online stores. Both companies have thrived without ever needing a consumer to download their app.

That is changing fast. In the span of just four months, the two fintech pioneers have each acquired a microfinance banking license in Nigeria, a move that positions them to finally compete for the accounts and wallets of ordinary Nigerians.

Flutterwave announced its license last week, a defining step after a decade of building payment rails across the continent. Chief executive Olugbenga Agboola described it as a shift “from enabling transactions to managing them end to end.”

The company will now use its remittance product SendApp, already used by over one million people, as the entry point for a full consumer banking experience, including personal account numbers and instant transfers.

Paystack moved first in January when the Stripe-owned company quietly acquired Ladder Microfinance Bank, rebranding it as Paystack Microfinance Bank, and unveiled a new corporate structure soon after. The acquisition followed the launch of Zap, its first consumer-facing payments app, in March 2025.

The Zap rollout was, however, far from smooth as the Central Bank of Nigeria (CBN) fined Paystack NGN 250 M (about UD 190 K) in April 2025 for allegedly operating Zap as a wallet in violation of its regulatory license. The fine was a warning that consumer finance comes with a different set of rules.

***

In early 2026, the CBN upgraded several fintechs, including Moniepoint, OPay and PalmPay, to national banking licenses, cementing their dominance in the consumer space. OPay reportedly serves an estimated 40 to 50 million registered customers in Nigeria, while PalmPay has around 35 million users. Flutterwave and Paystack, for all their merchant power, have been late to this party.

That lateness is rooted in a history of failed consumer bets, as Emeka Ajene, Founder & CEO of Afridigest, pointed out in a recent analysis.

Flutterwave shut down three consumer-facing products between 2024 and 2025. Barter, its virtual card app launched with Visa in 2017, ceased operations in March 2024. Disha, a no-code platform for creators that it acquired in 2021, was paused indefinitely on March 31, 2024. Afritickets, an event ticketing service, also faded. The company laid off about 30 employees, roughly 3% of its workforce, as it retreated from these experiments.

“The decision to sunset Barter stems from evolving customer needs and market trends,” Flutterwave said at the time, noting the product represented only 1% of its business.

What remains is SendApp, a thriving remittance product launched in 2023 for Africans abroad sending money home. That single survivor is now the foundation for Flutterwave’s entire consumer banking strategy.

Paystack’s path has been more deliberate but not without its own learning curve. The company spent ten years purely on business payments before launching Zap. The microfinance bank license now gives it a regulated foundation to offer deposit-taking and lending; services that Zap alone could not legally provide.

This is against the backdrop of a regulatory environment that increasingly forces fintechs to choose. The CBN has made it clear that payments-only licenses are no longer enough for companies that want to hold customer funds. The national license upgrades for Moniepoint and OPay set a new baseline. Flutterwave and Paystack, having secured their own microfinance licenses, are now racing to catch up.

The effect is that SendApp will soon function as a full digital bank account, and Zap will offer fast local transfers with Apple Pay support. Both companies will be able to lend money and offer savings products directly, cutting out the partner banks they previously relied on.

The two fintechs that unlocked business payments for a continent are now belatedly turning their attention to the consumer. It appears that after years of watching from the sidelines, both fintech champions have decided that the real prize is not just moving money for businesses but holding it for everyone else.