South Africans talked more on their phones in 2025 than ever before, but their mobile providers made less money out of it.

National voice traffic surged 21.5% to 88.6 billion minutes, according to Icasa’s latest State of the ICT Sector report. Yet mobile services revenue fell ZAR 10.4 B (USD 635 M). Total mobile revenue dropped nearly 8% to ZAR 122 B (USD 7.4 B). Every major category took a hit. Voice revenue down 2%. Data revenue down 3%. Roaming revenue down 12%, and text messaging saw a 38% collapse in a single year.

The culprit is WhatsApp. South Africans have migrated their calls, their chats and their group banter to Meta’s platform. They are talking more, just not paying for the privilege. “Declines in SMS and voice revenue are consistent with long-term substitution towards OTT messaging and calling applications,” Icasa said in the report.

Generally, though, total telecoms revenue still edged up 1.6% to ZAR 236 B. This growth happened elsewhere.

Fixed broadband is booming. Fibre-to-the-home subscriptions crossed three million for the first time, up 22%. Fixed internet revenue jumped 16% to ZAR 41 B. Telcos poured 12% more into fixed‑line infrastructure while slashing mobile investment by 21%. They appear to be following the money, and the money is following the fibre.

The industry now faces a regulatory reckoning. Icasa has recommended a “comprehensive market enquiry into OTT communication and streaming services”.

The draft white paper on audio and audiovisual media services already proposes licensing obligations for global streaming platforms once they hit revenue thresholds. In other words, WhatsApp, Netflix and YouTube may soon face bills for using South African networks. The mobile operators would welcome that. But the numbers suggest they are already adapting.

Feature Image Credits: MyBroadband

He calls South Africa’s black empowerment laws “viciously racist.” His own regulatory team has formally and repeatedly endorsed them.

That contradiction lies at the heart of the Starlink impasse, which escalated dramatically over the weekend when Elon Musk called a senior South African diplomat “a fucking racist” and an “asshole” in a profanity-laced exchange on X.

The outburst came after Clayson Monyela, head of public diplomacy at the Department of International Relations, pointed out that more than 600 US companies operate in the country without incident. Musk’s reply was swift and vulgar.

Yet the world’s richest man has since added a new, explosive allegation, claiming his company was repeatedly offered the chance to “bribe our way to a license by pretending that a black guy runs Starlink SA.” He says he refused “on principle.”

Behind the name-calling is a policy standoff with billions in potential investment at stake. South Africa’s telecoms licensing rules require companies to cede 30% equity to historically disadvantaged group, a condition SpaceX says it does not meet anywhere in the world.

But a workaround exists. Equity Equivalent Investment Programmes (EEIPs) allow multinationals to meet empowerment targets through infrastructure or skills investment instead of ownership dilution.

Starlink has proposed channelling close to ZAR 2 B (~USD 121 M) into local infrastructure under such a framework, including ZAR 500 M (USD 30 M) to connect 5,000 rural schools to high-speed internet. The company even launched a dedicated webpage arguing that EEIPs are “a lawful and well-established B-BBEE mechanism.”

So why the stalemate?

Communications minister Solly Malatsi issued a final policy directive in December, instructing regulator Icasa to recognise EEIPs as a legitimate alternative. But Icasa has yet to act, telling ITWeb recently that “the matter is still being attended to internally.”

The directive has faced fierce political pushback, with the ANC-led parliamentary communications committee calling for its withdrawal. Meanwhile, the Broad-Based Black Economic Empowerment (B-BBEE) ICT Sector Council announced a full review of the 2016 ICT Sector Code last week, with public comments due by 20 May.

The government insists it won’t bend. “BEE in South Africa is non-negotiable,” Minister in the Presidency Khumbudzo Ntshavheni said earlier this month. “There will not be accommodations of individual businesses at the expense of South Africa.”

Presidency spokesperson Vincent Magwenya put it more bluntly on Sunday: “There are currently 193 member states in the UN. Surely there’s good money to be made out of 192 markets. It’s OK to move on.”

Musk has shown no intention of moving on. In a post on X following the exchange, he doubled down: “Racism should not be rewarded no matter to which race it is applied. Shame on the racist politicians in South Africa. They should be shown no respect whatsoever anywhere in the world and shunned for being unashamedly RACISTS!”

Starlink operates in roughly 25 African countries, including all of South Africa’s neighbours except Namibia, which rejected its licence application in March. Industry analysts suggest that even if the policy directive survives legal and political challenges, the regulatory process could take 18 to 24 months, putting a realistic launch no earlier than late 2027.

The irony is inescapable. Musk’s company is ready to comply. His regulatory team is ready to comply. But the man himself appears determined to burn every bridge.

When an actor known in underground cybercrime groups by the name ByteToBreach wanted to demonstrate how deep they had burrowed into Sterling Bank Plc’s systems recently, they did not pick an anonymous account or a low-level employee. They went straight to the top, exposing sensitive details of Abubakar Suleiman, the bank’s own Managing Director and Chief Executive Officer.

What they pulled back was everything. His bank account number. His Bank Verification Number, the 11-digit identifier that links every Nigerian to every account they hold across the entire banking system. His home address, pulled directly from the bank’s core banking profile. His date of birth. His personal email.

Then came the financials: multiple active secured loans at his own bank, including one with a credit limit of NGN 51 M and an outstanding balance exceeding NGN 205 M. His total loan exposure across all Sterling Bank facilities, totaling more than NGN 290 M. His credit score, compiled from ten separate entries across Nigeria’s credit bureau system.

And finally, the granular detail of his recent transactions. Web purchases from Temu Lagos. OneBank transfers to named individuals. Stamp duty charges from the days immediately before the breach.

To underscore the totality of the intrusion, the hacker used the CEO’s home address to locate his residence on Google Street View, capturing a screenshot with a Lagos police car visible in the frame. The caption posted alongside the image read: “Home sweet home!”

The point, according to the materials published by ByteToBreach, was not to single out Suleiman, but to demonstrate that if the chief executive’s data was laid bare in its entirety, then so too was the data of every single customer at Sterling Bank.

“The Temenos integration did not distinguish between the CEO and a market trader in Enugu with a savings account,” the published materials stated. “The access was total.”

A Breach That Crawled From One System to Another

The Sterling Bank breach, first claimed by ByteToBreach in dark web forum posts on March 27, 2026, did not stop at one institution. According to findings by cybersecurity experts, once inside the systems of Sterling Bank, a prominent lender, they pivoted laterally and gained access to Remita, the payment platform that processes government salaries, tax payments, and a significant portion of Nigeria’s public-sector financial transactions.

The combined haul, the hacker claims, amounts to roughly three terabytes of data extracted from a misconfigured Amazon cloud storage bucket. The contents include over 800 gigabytes of Know Your Customer documents, such as passports, driver’s licences, national ID cards, utility bills, alongside databases, transaction logs, internal source code, API keys, and password hashes.

For Sterling Bank, specifically, the alleged exposure includes approximately 900,000 customer accounts and more than 3,000 employee records, complete with names, roles, branch locations, and contact information. The employee data alone creates a secondary vulnerability as criminals armed with internal staff details can launch highly targeted phishing attacks against bank personnel, potentially opening new doors into the institution’s systems.

ByteToBreach’s posts also named more than 30 additional Nigerian entities as potential targets, including Zenith Bank, the Oyo State Government, insurance firm Leadway Assurance, fintech company GetBumpa, and Ahmadu Bello University Zaria. None of these organisations has confirmed or denied the claims.

What Makes This Breach Different, and Worse

The Sterling Bank incident is especially alarming for the specific combination of data points allegedly stolen, which together form what security researchers call a “complete financial identity package” for each affected customer.

The Bank Verification Number is particularly dangerous. Because it is the universal biometric identifier that links an individual to every bank account they hold across Nigeria’s entire financial system, a compromised BVN enables fraud that can cascade across multiple institutions simultaneously.

When paired with NUBAN account numbers, transaction histories, loan records, and physical identity documents, the data gives criminals everything they need to impersonate customers with precision.

A fraudster armed with this information could call a Sterling Bank customer, recite their exact outstanding loan balance and last three transactions, and convincingly demand a one-time password. This, as it turns out, is not only possible but a documented playbook of Nigerian financial cybercrime.

Who Is Behind This?

ByteToBreach is not an amateur. Intelligence researchers at KELA Cyber, a global threat intelligence firm, have tracked this actor since at least June 2025 and documented a sophisticated, cross-platform criminal operation spanning multiple continents and industries.

The actor’s previous confirmed targets include Uzbekistan Airways (passenger data that included records of U.S. government employees), Seychelles Commercial Bank (customer banking data and attempted extortion), and Viking Line (traveller payment transaction records). Targets have also been identified in Ukraine, Kazakhstan, Cyprus, Poland, Chile, and the United States.

The hacker’s method, according to threat intelligence reports, is to exploit weaknesses in cloud infrastructure, harvest login credentials from malware-infected devices, and conduct large-scale data theft for sale on criminal marketplaces. Several of ByteToBreach’s past claims have been independently verified.

The Silence From Lagos

As of this writing, Sterling Bank has yet to issue a public statement confirming or denying the breach. Remita, in a communication to banking partners, acknowledged an “incident” but described it as “limited to unauthorised access to certain non-financial data” with “no impact on payment systems or transactions”.

The company asked partners to regenerate API credentials and update integrations, a tacit acknowledgement that something went wrong, even as it insisted its core infrastructure remains secure.

Nigeria’s banking regulators have been similarly quiet. The Central Bank of Nigeria has made no public comment on the claims.

The Nigeria Data Protection Commission, however, has moved. On April 1, 2026, the regulator served formal notices of investigation on both Remita and Sterling Bank.

The inquiry, according to a statement from the commission’s head of legal, enforcement and regulations, Babatunde Bamigboye, will assess “the types of personal data involved, the nature and scope of the alleged breach, the risk to data subjects, and the mitigation measures taken where a breach is confirmed.”

Under the Nigeria Data Protection Act 2023, organisations found to have violated data protection requirements face penalties of up to NGN 10 M or 2% of their annual gross revenue, whichever is higher.

A Crisis of Trust in Nigeria’s Digital Banking Boom

The breach arrives at an awkward moment for Nigeria’s financial sector. The country has been aggressively pushing digital payments and financial inclusion, with millions of Nigerians now conducting their daily transactions through mobile apps and online platforms. Trust in that digital infrastructure, which is the foundation on which the entire system rests, now comes under threat.

Nigeria already ranks third in Sub-Saharan Africa for total data breaches since 2004, with 23.2 million compromised accounts, according to a 2025 report from cybersecurity firm Surfshark. Electronic fraud losses in the banking sector have surged past NGN 1 T annually. The Central Bank has been under pressure to upgrade its decade-old authentication standards from two-factor to three-factor verification.

The Sterling Bank case, if confirmed, would represent a new order of magnitude, especially because of the symbolic weight of seeing a bank CEO’s entire financial life exposed alongside 900,000 of his own customers.

For Suleiman, the breach is personal in ways that extend far beyond his role as chief executive. His home address is now in the hands of unknown actors. His transaction history—who he pays, how he spends, where he shops—is no longer private. His loan exposures, credit score, and banking behaviour are available to anyone willing to pay the right price on an underground forum.

For the 900,000 customers whose data may have been swept up alongside his, it’s anything but reassuring that the man running the bank could not be protected by its security systems. “If that could happen to the CEO, what chance did anyone else have?” lingers as a troubling question.

What Comes Next

The NDPC investigation is expected to take weeks, if not months. In the meantime, cybersecurity experts have advised Sterling Bank and Remita customers to monitor their accounts vigilantly, enable two-factor authentication on all financial applications, and treat any unsolicited phone calls or messages requesting personal information with extreme suspicion.

The broader question of whether Nigeria’s financial institutions are adequately secured against a global threat landscape that has become increasingly hostile is unlikely to be answered by any single investigation. But the image of a bank CEO’s home, pulled from his own employer’s systems and displayed on the internet with a police car in the frame, will linger long after this particular breach fades from the headlines.

It is, as the hacker put it, home sweet home; except it is not sweet, and it is no longer secure.

Renew Capital, a pan-African investment firm with over a decade of venture activity on the continent, has announced the launch of Renew Venture Lab: The EmFi Series, a virtual accelerator program aimed at African founders building embedded finance infrastructure. The program was unveiled this morning at GITEX Africa 2026 in Marrakech.

Applications for the program opened today and will close on April 30 for early consideration. The firm stated that its investment team will be actively engaged in the selection process, with the program serving as a pipeline for potential Renew Capital deal flow.

The initiative is centred on the underwriting potential of alternative data. Renew Capital cites a USD 330 B credit gap affecting small and medium-sized enterprises (SMEs) across the continent, noting that fewer than one in five sub-Saharan African businesses can access traditional bank loans.

The EmFi Series is designed to support startups leveraging AI and transactional data footprints to build credit models for their existing merchant or consumer bases.

“Africa’s most important financial story is not being written by banks,” Renew Capital Co-CEO Matthew Davis said in a statement. “It’s being written by tech founders who know their small business customers better than traditional lenders.”

The program structure will blend self-paced modules with live sessions led by practitioners experienced in scaling lending books and credit models. The firm emphasised a continued focus on operational discipline as a core curriculum metric.

The initiative is backed by government partners, including Morocco’s Tamwilcom, Global Affairs Canada, and Norway’s NORAD.

Nigeria’s lending market has a long history of flaunting numbers that make headlines almost always because of size. It’s often a continuous reel of billions deployed, trillions projected, and ambitious targets announced at press conferences. But a new partnership between fintech firm Nomba and Globus Bank is trying to shift the conversation from how much money goes out the door to how much actually comes back.

The two companies today announced a sub‑1% non‑performing loan (NPL) ratio on a NGN 21.3 B (~USD 15.5 M) credit portfolio, a figure that stands in contrast to industry benchmarks where business‑lending NPLs routinely climb past 5% and 10%.

The portfolio spans wholesale and retail (39%), professional services (28%), food and hospitality (11%), oil and gas (11%), and FMCG (8%). And the partners are not stopping there. Nomba’s ambition is a NGN 500 B (USD 365 M) credit book, with plans to build a pipeline of institutional credit partnerships and expand into logistics, healthcare, and manufacturing.

What makes the sub‑1% NPL possible is a fundamentally different approach to underwriting. Nomba sits at the centre of its merchants’ daily transaction activity, capturing sales, settlements, and cash‑flow patterns in real time. When a merchant applies for credit, the facility is sized against live transaction revenue rather than historical documents. When risk needs to be managed, it is managed against what is actually happening in the business today, the company explains.

The second and more consequential difference is collateral. Most Nigerian businesses cannot offer the physical assets traditional lenders require. Nomba’s response is a digitised collateral framework that ties a borrower’s access to the company’s broader platform ecosystem, which includes payments, settlement flows, and business‑continuity tools, directly to their credit behaviour. This way, repayment is structurally embedded in how the business operates day to day, not merely a financial obligation sitting outside the business.

“What distinguishes this facility is not its size but the quality of the underlying credit decisions,” said Elias Igbinakenzua, managing director and chief executive officer of Globus Bank. “The NPL performance of this portfolio is clear evidence of what can be achieved when capital is deployed based on verified transaction data.”

Nomba CEO Yinka Adewale added, “The Nigerian credit conversation has been driven by how much has been disbursed. We believe the more important question is how much has been repaid and why.”

The announcement lands at a moment when the broader lending environment in Nigeria is under significant strain. Bank impairment charges have surged, with eight of the country’s largest banks booking a combined NGN 1.96 T (USD 1.4 B) in the first nine months of 2025 alone.

Meanwhile, the total stock of NPLs in the banking system surpassed NGN 1.57 T (USD 1.14 B) in early 2025. High‑profile defaults have also rattled the ecosystem; Moniepoint has taken Alerzo to court over a NGN 4.3 B working‑capital facility, while top lender, Access Bank, has pursued recovery of NGN 4.6 B lost to a staff‑assisted asset‑finance scheme.

These events underline the reality that in lending, disbursement is the easy part, and repayment is where models are tested. As one analysis of Nigeria’s credit landscape put it, “payment data improves underwriting, but it does not cancel human behaviour.”

Nomba and Globus Bank are betting that a model built on live transaction data and a digital‑collateral framework can produce a different outcome. The sub‑1% NPL on NGN 21.3 B is the first piece of evidence. Whether the model can hold at NGN 500 B is the next big test.

After a decade of powering business payments across Africa, Nigeria’s famous rival fintech duo is finally making their play for the average person on the street. But getting there has meant burying a string of failed consumer experiments first.

For years, Flutterwave and Paystack built their reputations on the merchant side of the economy. Flutterwave processes payments for Uber, Netflix and Microsoft. Paystack powers checkout for thousands of Nigerian online stores. Both companies have thrived without ever needing a consumer to download their app.

That is changing fast. In the span of just four months, the two fintech pioneers have each acquired a microfinance banking license in Nigeria, a move that positions them to finally compete for the accounts and wallets of ordinary Nigerians.

Flutterwave announced its license last week, a defining step after a decade of building payment rails across the continent. Chief executive Olugbenga Agboola described it as a shift “from enabling transactions to managing them end to end.”

The company will now use its remittance product SendApp, already used by over one million people, as the entry point for a full consumer banking experience, including personal account numbers and instant transfers.

Paystack moved first in January when the Stripe-owned company quietly acquired Ladder Microfinance Bank, rebranding it as Paystack Microfinance Bank, and unveiled a new corporate structure soon after. The acquisition followed the launch of Zap, its first consumer-facing payments app, in March 2025.

The Zap rollout was, however, far from smooth as the Central Bank of Nigeria (CBN) fined Paystack NGN 250 M (about UD 190 K) in April 2025 for allegedly operating Zap as a wallet in violation of its regulatory license. The fine was a warning that consumer finance comes with a different set of rules.

***

In early 2026, the CBN upgraded several fintechs, including Moniepoint, OPay and PalmPay, to national banking licenses, cementing their dominance in the consumer space. OPay reportedly serves an estimated 40 to 50 million registered customers in Nigeria, while PalmPay has around 35 million users. Flutterwave and Paystack, for all their merchant power, have been late to this party.

That lateness is rooted in a history of failed consumer bets, as Emeka Ajene, Founder & CEO of Afridigest, pointed out in a recent analysis.

Flutterwave shut down three consumer-facing products between 2024 and 2025. Barter, its virtual card app launched with Visa in 2017, ceased operations in March 2024. Disha, a no-code platform for creators that it acquired in 2021, was paused indefinitely on March 31, 2024. Afritickets, an event ticketing service, also faded. The company laid off about 30 employees, roughly 3% of its workforce, as it retreated from these experiments.

“The decision to sunset Barter stems from evolving customer needs and market trends,” Flutterwave said at the time, noting the product represented only 1% of its business.

What remains is SendApp, a thriving remittance product launched in 2023 for Africans abroad sending money home. That single survivor is now the foundation for Flutterwave’s entire consumer banking strategy.

Paystack’s path has been more deliberate but not without its own learning curve. The company spent ten years purely on business payments before launching Zap. The microfinance bank license now gives it a regulated foundation to offer deposit-taking and lending; services that Zap alone could not legally provide.

This is against the backdrop of a regulatory environment that increasingly forces fintechs to choose. The CBN has made it clear that payments-only licenses are no longer enough for companies that want to hold customer funds. The national license upgrades for Moniepoint and OPay set a new baseline. Flutterwave and Paystack, having secured their own microfinance licenses, are now racing to catch up.

The effect is that SendApp will soon function as a full digital bank account, and Zap will offer fast local transfers with Apple Pay support. Both companies will be able to lend money and offer savings products directly, cutting out the partner banks they previously relied on.

The two fintechs that unlocked business payments for a continent are now belatedly turning their attention to the consumer. It appears that after years of watching from the sidelines, both fintech champions have decided that the real prize is not just moving money for businesses but holding it for everyone else.

South Africa’s pay-TV industry has slipped below a critical threshold, losing nearly a fifth of its audience in just five years.

The number of pay-TV subscribers in the continent’s most advanced media market fell to 6.7 million in the year to September 2025, down 9.6% from the previous year, according to the latest State of the ICT Sector report from the Independent Communications Authority of South Africa (Icasa).

It is the first time subscriptions have dropped below seven million in at least half a decade. Over the five-year period from 2021 to 2025, the industry lost 1.6 million subscribers, a compound annual decline of 5.2%.

The trend is now bleeding into broadcaster finances. Total broadcasting revenue fell 4.6% to ZAR 33 B (USD 1.95 B) in 2024, driven by a 5.1% drop in subscription income to ZAR 26.2 B (USD 1.55 B). Yet programme expenditure climbed 7.6% to ZAR 17.2 B (USD 1.01 B) over the same period, meaning operators are paying more for content while earning less from viewers.

Icasa attributed the slump to the rapid growth of over-the-top streaming services, which offer on-demand content with greater flexibility, as well as rising costs and economic pressure on households.

The regulatory data helps explain the strategic upheaval at MultiChoice, the dominant operator behind DStv. MultiChoice lost 589,000 South African subscribers in its latest financial year, with declines across premium, mid-market and mass segments.

After completing its acquisition of MultiChoice, Canal+ has moved to stabilise the business. It scrapped DStv’s annual price increase and decided to shut down Showmax, the in-house streaming platform that struggled to compete with Netflix and Amazon Prime Video.

Canal+execs have described Showmax as unsuccessful, noting that the difficult transition to online streaming, combined with currency devaluation in Nigeria and power cuts, had hurt MultiChoice’s profitability. MultiChoice ended 2025 with 14.4 million subscribers across Africa, down from 14.9 million a year earlier, while revenue declined 6% to EUR 2.4 B (USD 2.7 B).

Not all TV viewing in South Africa is shrinking. eMedia’s Openview, a free-to-view satellite service, added over 300,000 subscribers in 2025 and surpassed 3.8 million activations by February 2026. Industry observers note viewers aren’t abandoning television but, rather, choosing cheaper, more flexible options.

On its part, the mandate from MultiChoice’s new leadership, at this point, is to “stop the bleeding and get back to growth,” according to CEO David Mignot.

For years, Africa’s biggest fintech companies have built thriving businesses by finding smarter ways to move money around broken banking systems. Now they are deciding that working around the banks is not enough. They want to become the banks themselves.

Flutterwave, the continent’s most valuable fintech, announced on Thursday that it has secured a microfinance banking license from the Central Bank of Nigeria. The move allows the payments giant to hold customer deposits, offer bank accounts and lend directly, functions it previously had to rely on partner banks to perform.

“We can now build, innovate and solve customer problems faster than before because we now control the value chain of payments in Nigeria,” chief executive Olugbenga Agboola said in a post on X.

The license transforms Flutterwave from a payment processor into a deposit-taking lender. It also pits it as a direct competitor to operators like OPay, FairMoney and Moniepoint, which themselves received upgraded national licenses.

Flutterwave’s strategic pivot is not happening in isolation. Paystack, the Stripe-owned payments company valued at USD 500 M, acquired Ladder Microfinance Bank in January, rebranding it as Paystack Microfinance Bank. Chief operating officer Amadine Lobelle said the bank would initially focus on lending to businesses, capabilities Paystack could not offer under its payments-only license.

This license rush has also taken hold elsewhere on the continent, where notable regional fintech player, such as Fawry, Wave, and Rank (formerly Moni), have secured strategic setups enabling them to directly offer financial products without relying entirely on partner banks.

The shift towards banking licenses marks a maturation point for Nigerian fintech. After a decade of processing payments, these companies have realised that transaction fees alone do not give them enough control. Without deposit-taking licenses, they remained middlemen, dependent on banks for settlement speed and product flexibility. “Our destiny is now in our hands,” Agboola said.

***

Flutterwave arrives at this moment with significant scale but also notable scars. The company has processed over USD 40 B in transactions for over 2 million businesses and claims to be the most licensed non-bank entity in the world, holding more than 50 licenses globally.

Yet its path has been bumpy, having been rocked by internal scandals, regulatory clashes, and a string of C-suite departures. Most recently, in September 2025, the Bank of Ghana suspended Flutterwave from entering new remittance partnerships for one month, citing unauthorised transactions and breaches of foreign-exchange reporting rules.

The suspension affected its SendApp remittance service, though other operations remained active. A number of high-profile security breaches have also created some unease in recent years.

The new license does not erase those compliance issues, but it forces a higher standard. A banking license is a powerful tool, but it is also a magnifying glass. Every compliance failure from now on will carry more weight. Agboola acknowledged as much in his announcement blog post, writing that “operating at this level requires a higher standard. Stronger governance. Deeper oversight. More rigorous compliance.”

***

For the average Nigerian business owner or consumer, the practical change is that Flutterwave’s SendApp, already used by more than 1 million people, will now offer a full banking experience with instant settlements, account numbers and tap-to-pay features.

Small businesses that already use Flutterwave to accept payments can now run payroll, manage vendor payouts and access working capital loans from the same platform, powered by real transaction data rather than paper applications.

But the deeper story is about control. By holding its own banking license, Flutterwave no longer waits on partner banks to settle funds. It manages the entire payment lifecycle from start to finish.

That control also brings risk. As the CBN upgrades licenses for OPay, Moniepoint and others to national status, regulators are tightening oversight and raising capital requirements for microfinance banks. It’s a signal that the days of fintechs operating in regulatory grey zones are ending.

Moreover, Flutterwave’s acquisition of open-banking startup Mono in January, a deal valued between USD 25 M and USD 40 M, now makes more sense in this context. Mono’s APIs allow access to customer banking data, identity verification and account-to-account payments. Combined with a banking license, Flutterwave can offer the kind of vertically integrated financial stack that would have been impossible a year ago.

Thus, it becomes a question of whether control over the value chain will translate into better outcomes for customers or simply more revenue for Flutterwave. The company says settlement becomes faster and experiences become more seamless. But trust, as Agboola noted, must be earned continuously.

When Kenya’s Treasury proposed that stablecoin issuers put up KES 500 M (approximately USD 3.8 M) in paid-up capital to operate legally, the instinct was to ring the alarm bells. The crypto industry has spent years operating in a grey area, and now the bill was coming due. Startups would be priced out; innovation would stall. The usual complaints wrote themselves.

But Ifelade Ayodele, co-founder of cross-border payments company Blaaiz, sees it differently. He thinks the fixation on capital thresholds misses the point.

“I don’t think this is really about excluding smaller players,” he told WT in an interview. “It’s more about Kenya needing to put its house in order.”

Kenya has been on the global financial grey list for two years now. The Financial Action Task Force, the international watchdog, has kept the country under increased monitoring since February 2024, citing gaps in anti-money laundering controls.

The European Commission followed suit last June, adding Kenya to its list of high-risk third countries. For a country that has built its reputation as East Africa’s financial hub, it was a firm nudge to fix the system, or watch the consequences mount.

The draft Virtual Asset Service Providers Regulations 2026 [PDF], released last month, are Kenya’s answer. They set out capital requirements ranging from KES 2.5 M for investment advisers to KES 500 M for stablecoin issuers. They require physical offices, background checks for directors, and strict reserve rules. Public feedback is open until April 10.

For Ifelade, the capital thresholds are a signal, not a barrier. “Things like capital thresholds and licensing are part of that,” he said, referring to the broader push for credibility. “They help signal that the country understands the space and can manage it properly.” Once that foundation is laid, he argues, smaller players can find their way in. The bigger problem right now is the cost of regulatory ambiguity, a cost the market is already paying.

The tension in Kenya’s approach is that regulation doesn’t automatically create inclusion. Mobile money did that. M-Pesa pushed financial access to 91% of the adult population, not because someone wrote rules, but because the infrastructure worked. Regulation came later, he pointed out, and it was designed to protect what already existed.

“What actually drives inclusion is access to financial services, digital rails, credit, and broader policy decisions,” Ifelade said. “Regulation plays a different role. It protects consumers, keeps competition fair, and reduces risk.”

Then there is the capital flight argument. Treasury officials have warned that virtual assets could pressure the shilling, a concern that has shaped some of the tougher provisions in the draft rules. Ifelade acknowledges the risk but says stablecoins are not the root cause.

“If those problems exist, people will always find ways to move capital. Stablecoins just happen to be one of the easier ways to do it.” He describes them as instruments, not instigators. Fix the underlying economic issues, and the tools matter less.

What Kenya does next matters beyond its borders. The country ranks fifth globally in crypto adoption, according to the 2025 World Crypto Ranking report. With USD 19 B in crypto inflows recorded between mid-2024 and mid-2025, and more than six million Kenyans estimated to use digital assets, the regulatory framework being built now could influence how other African markets approach the same questions.

If Kenya gets it wrong, Ifelade said, the first people affected are the serious operators trying to build properly. After that, confidence takes a hit. “Investors and businesses start to look elsewhere,” he said. “Kenya is already a key financial hub in the region. If regulation pushes innovation away, the country loses out.”

The public consultation is still open, and the final rules could shift. But the debate is no longer about whether to regulate. That decision was made the moment Kenya landed on the grey list. What’s not certain is what emerges on the other side, one built for the established players or one that leaves the door open for the next generation of startups.