In July 2020, the Central Bank of Nigeria released operational guidelines on the Global Standing Instruction. The GSI framework, designed to reduce non-performing loans, empowers commercial banks to trigger a recovery process for overdue loans.
But a ruling at a Lagos High Court this month puts the GSI’s application in sharp focus.
On Thursday, February 12, 2026, a High Court in Lagos State, Nigeria, ruled against Fidelity Bank in a civil suit filed by Esther Agboola. In the suit filed in April 2025, Agboola alleged that Fidelity Bank breached her fundamental right to data privacy by processing her account details to offset an unverified loan.
A student at the time, Agboola, reported that she had saved money for her upkeep with the bank, only to notice that her account balance of ₦11,922.41 had been depleted by an ‘unauthorised’ debit. Upon inquiry, Fidelity’s customer care informed her that the debit was due to an automatic loan recovery process.
However, Agboola maintained that she had never obtained a loan from the financial institution in question. Despite her protests, the bank declined to refund the amount debited, forcing her to file a lawsuit.
Fidelity Bank’s defence
In its defence, Fidelity Bank’s legal counsel, David Etim, argued that the institution acted in accordance with applicable banking laws and regulations. Under the GSI framework, commercial banks are empowered to recover overdue loans by automatically debiting any account linked to a defaulter’s Bank Verification Number (BVN).
However, the regulation only permits the recovery of the principal and accrued interest. Any outstanding fees arising from a default cannot be retrieved using the GSI. In this case, Fidelity Bank stated that they received a GSI trigger via the Nigeria Inter-Bank Settlement System (NIBSS), indicating an outstanding debt to NIRSAL Microfinance Bank.
The court ruled that the bank’s defence faltered on its inability to produce a GSI mandate signed by Agboola or any loan agreement linking her to the microfinance bank. Consequently, the court awarded her damages to the tune of ₦2,000,000 ($1,488.6) and ₦300,000 ($223) to cover costs — a significant victory, but a far cry from the ₦50,000,000 in damages she had sued for.
The implications for Nigeria’s financial system
The ruling highlights the tension between the CBN’s GSI guidelines and existing laws.
Victoria Fakiya – Senior Writer
Techpoint Digest
Stop struggling to find your tech career path
Discover in-demand tech skills and build a standout portfolio in this FREE 5-day email course
The crux of the dispute lies in an alleged breach of data privacy between a bank and its customer. Under the GSI framework, the GSI mandate is a non-negotiable component. This is a document that a borrower must sign alongside a loan agreement that permits financial institutions to initiate a loan recovery process.
Crucially, the guidelines state that this mandate must be signed upon receipt of the loan and understood by the customer. Without its existence, a bank cannot pursue loan recovery using the GSI; any attempts to do so attract stiff penalties from the CBN.
“The gravamen of Esther’s complaint is straightforward yet fundamental,” Olumide Babalola, her counsel, explains. “While the Global Standing Instruction (GSI) framework may not impose on participating institutions a duty to investigate the substantive accuracy of every lender’s claim, it undoubtedly presupposes the existence of a valid and enforceable GSI mandate executed by the customer.
“In the present case, no such mandate existed. There was no executed GSI authorisation by Esther empowering any lender or financial institution to invoke the GSI mechanism against her accounts. Consequently, the activation of the process against her account was without legal basis.”
While Agboola’s suit largely rests on the allegation that Fidelity Bank shared her data with a third party — an allegation the bank appears to have rather curiously conceded — the incident raises significant legal and regulatory questions.
For starters, the framework mandates that PFIs honour every GSI trigger they receive. A failure to do this means they face penalties, including a ₦100,000 fine per incident, for either failing to grant the GSI permission to perform an account status enquiry check or debiting the account.
This blind compliance leaves no room for a bank to verify the credibility of a trigger, although the GSI framework protects both NIBSS and PFIs, as the creditor bank effectively indemnifies them against any liabilities arising from an inappropriate use of the GSI.
Babalola argues that this requirement leaves the GSI process open to abuse and account holders vulnerable to unlawful debits.
“If the GSI system does not incorporate adequate safeguards to verify the existence of a valid mandate before activation, then the process is susceptible to error, abuse, and wrongful triggering against innocent account holders. Such a lacuna exposes customers to unwarranted financial and reputational harm.”
While the ruling in Agboola v. Fidelity Bank suggests that the GSI indemnity clause does not provide absolute protection, it underscores a critical principle in the guidelines: financial institutions cannot rely on the GSI as a shield against their own errors or operational failures.
Adedeji Olowe, Founder and CEO of Lendsqr, asserts that the case and judgment do not undermine the GSI’s credibility but rather are crucial to strengthening its governance in subsequent use cases.
“The GSI is lawful, and this judgment does not invalidate it, and what the court has done is draw a bright line between lawful use of the GSI and misuse of the GSI. The judgment confirms that banks cannot hide behind automation; they must prove the debit was lawful, and they can be held accountable where they get it wrong.”
Beyond Fidelity Bank’s stated obligation to comply with a regulatory directive, the case’s outcome points to possible complicity on its part—a factor that could invalidate the indemnity clause under the GSI framework.
One potential area of complicity lies in the bank’s duty to ensure that the correct customer data is queried during the process.
“The bank has the responsibility of tagging all accounts with the correct BVN on the NIBSS system,” Yvonne-Faith Elaigwu, Head, Operations at OnePipe, notes. “If Fidelity Bank incorrectly tagged her [Agboola] account to the wrong BVN, which led to the debit, then the bank is surely liable.”
Secondly, the incident may point to the possibility of internal fraud. In recent years, employees at several major banks have been arrested and prosecuted for engaging in fraudulent activities.
On the other hand, the debit error could have originated from the loan disbursement process.
The loan in question was part of the COVID-19 Targeted Credit Facility Intervention Scheme for households adversely affected by the pandemic. At the time, Agboola was 21 and claims she could not have accessed such a loan.
Because these were government-backed emergency interventions, where due diligence is often rushed or completely absent, it is highly likely that NIRSAL Microfinance Bank (the lender), which served as a vehicle for disbursing federal government loans, failed to secure proper GSI mandates during disbursement, making recovery attempts illegal.
“There are several people who got loans during the pandemic. The process was so simple and they did not sign a GSI mandate. Now, they are being debited based on a GSI framework that they did not consent to,” Elaigwu notes.
Additionally, the ease with which some financial institutions offer no-collateral loans using only a BVN and a phone number creates a massive window for fraud. It is equally possible that Agboola’s identity was used by a third party to secure the credit. If the lender’s system didn’t require stronger identity verification processes, the GSI system would automatically tie the debt to any account associated with that BVN, regardless of who actually requested the loan.
While some may interpret the ruling as a setback to the GSI’s effectiveness, Olowe takes a different view.
“For the GSI framework, this is a positive development, not a threat, because it reinforces that the GSI must be used correctly, and it pushes banks to maintain stronger controls, audit trails, and dispute processes.”
