The Bank Verification Number (“BVN”) has become a core layer of financial identity in Nigeria, and the phone number linked to it now does much more than enable communication. It is used for one-time passwords, transactions, alerts, account recovery, and authentication across digital channels.
In March 2026, it was widely reported that the Central Bank of Nigeria (“CBN”) introduced an addendum to the BVN framework, effective 1 May 2026, under which a customer may amend the phone number linked to a BVN only once.
The regulatory objective is understandable, given the security risks associated with BVN-linked phone numbers, including fraud, SIM compromise, SIM-swap fraud, social engineering, and account takeover. The challenge, however, is that a phone number is inherently mutable personal data rather than a fixed identifier. It may change through theft, loss of access, deactivation, number recycling, number porting, migration between service providers, or compromise. The real question is therefore not whether the CBN may regulate BVN-linked phone number amendments, but whether a once-only amendment restriction is proportionate and compatible with the statutory right of rectification where the relevant phone number later becomes inaccurate, obsolete, inaccessible, or unsafe.