NDPA for the licensed stack.
From neobanks to lendtech, ASIRI runs the privacy program alongside your CBN and NDPC obligations — without four spreadsheets and a panicked Friday.
Two regulators, one program.
The real fintech pain points.
CBN + NDPC overlap
Risk registers, incident logs and DSR queues that satisfy both regulators without duplicating work.
PCI-DSS adjacencies
Card data, BVN, NIN — separate lawful-basis tracks, scoped retention and consent capture by purpose.
High-volume DSRs
Account-closure, data-export and erasure requests handled with SLA countdowns and KYC-aware verification.
Cross-border processors
AWS, Stripe, Twilio, Mambu — pre-built transfer registers with SCC templates and country risk classification.
The modules tuned for licensed lenders.
Consent + lawful basis
Per-purpose capture for marketing, credit scoring, fraud analytics and BVN lookups.
DPIA library
Pre-scored DPIAs for credit underwriting, BNPL, agency banking and AML monitoring.
Breach 72-hr clock
On-call playbook with NDPC Article 40 form pre-filled from your incident log.
RoPA + cross-border
Live processing register that reconciles against your cloud and SaaS vendor list.
Your first 30 days.
- Appoint DPO and file with NDPC
- Map processing for KYC, credit, marketing and fraud
- Publish NDPA-aligned privacy notice and cookie consent
- Stand up DSR portal with 30-day SLA
- Document SCCs for every non-Nigerian processor
- Run annual CAR with signed evidence pack
What the fintech evaluation covers.
- CBN and NDPC obligation map.
- KYC, fraud, marketing, and credit-scoring flows.
- Security pack, DPA, and rollout owner list.
Run your fintech on a calmer privacy program.
14-day pilot. Approved production tenant on day one. No procurement gymnastics.