Key Highlights of the NCC’s 2025 Guidelines for Corporate Governance in the Telecoms Industry

The Nigerian Communications Commission (NCC) has issued sweeping new corporate governance rules for the country’s telecoms sector, aimed at raising transparency, tightening oversight, and aligning the industry with global best practices. The Corporate Governance Guidelines for the Communications Industry 2025 replace the 2016 code and build on the Nigerian Code of Corporate Governance 2018.

In his keynote, the Executive Vice Chairman and CEO Dr. Aminu Maida, emphasized that the guidelines are not merely a regulatory obligation. Instead, they are designed “for the sustainability of networks and businesses; sustainability of investment and innovation; and sustainability of customer trust and national development”

Here are 7 key highlights of the Corporate Governance Guidelines for the Communications Industry

Stronger Board Oversight

Under the new rules, all qualifying telecoms operators must maintain a Board of Directors that includes the Chairman, Chief Executive Officer (CEO), Executive Directors (EDs), Non-Executive Directors (NEDs), and Independent Non-Executive Directors (INEDs). Non-executive members must outnumber executives, with at least one-third of the board being independent.

The roles of Chairman and CEO must be held by different individuals, and former chairs or NEDs are barred from taking up executive positions within the same company for five years after leaving the board. At least two NEDs, including one INED, must have expertise in ICT and/or cybersecurity, and no more than two members of the same family can serve on the board at the same time.

Mandatory Board Committees

The guidelines make it compulsory for boards to set up Audit, Governance/Remuneration/Nomination, and Risk Management committees, though smaller boards may merge Audit and Risk into a single unit. Each committee must have at least three directors with relevant skills and operate under a board-approved charter.

Audit Committees must consist entirely of NEDs, with at least one INED and one member with professional financial qualifications, and must meet at least twice a year. The Risk Management Committee, which must have a majority of NEDs, will oversee enterprise-wide risk management, while the Governance/Remuneration/Nomination Committee, chaired by an INED, will be responsible for director appointments, diversity, and fair pay policies.

Performance and Accountability

Boards are now required to undergo independent evaluations every year, conducted by external consultants before board elections. These assessments will examine competence, meeting attendance, governance practices, and overall effectiveness, with results submitted to the NCC and used in deciding reappointments.

Directors face tenure limits of ten years, while INEDs are capped at eight years, after which a three-year cooling-off period applies. To qualify for re-election, directors must attend at least two-thirds of board and committee meetings, and all directors are required to take part in continuing education every two years to stay informed about industry trends and governance standards.

Ethics, Transparency, and Stakeholders

The NCC is requiring licensees to adopt a comprehensive Code of Ethics and Business, reviewed annually, that sets professional conduct standards and promotes compliance and trust. Each company must have a whistleblowing policy with strict protections for whistleblowers, including a confidential process that can be used against board members or the CEO.

Operators will also need to produce annual Sustainability and Corporate Social Responsibility (CSR) reports detailing environmental, social, and governance (ESG) goals, repayment of debts to industry partners, and steps toward renewable energy adoption. Stakeholder engagement policies must ensure open communication with shareholders, regulators, and customers, supported by transparent reporting.

Risk Management and Internal Controls

The new framework places the responsibility for risk governance squarely on the board, requiring it to set the company’s risk appetite and ensure constant monitoring of financial, operational, and strategic risks. Internal control systems must combine internal and external assurance to safeguard assets, ensure compliance, and address interconnect debts in the sector.

Each company must establish an Internal Audit function led by a qualified professional with at least three years’ relevant experience. The head of Internal Audit will report to the CEO on administrative matters but have direct access to the board chair and audit committee chair. While internal audit services can be outsourced, they cannot be handled by the same firm that serves as external auditor.

Shareholder and Stakeholder Rights

The guidelines strengthen shareholder rights by requiring companies to provide detailed background information on board nominees, including qualifications, experience, and shareholdings. Shareholders are prohibited from holding a controlling interest in more than one company in the same licence category.

Notices of general meetings must be sent at least 21 days in advance, and hybrid or virtual AGMs are permitted with adequate notice. Boards must also adopt formal stakeholder management policies, covering customer service standards, regulatory compliance, and the efficient handling of complaints.

Reporting Obligations

Telecoms operators covered by the guidelines must submit mid-year compliance reports to the NCC by July 31 and annual compliance reports by January 31. Reports must follow the NCC’s template, be certified by the board, and accurately reflect the company’s adherence to the rules.

The Commission reserves the right to seek clarifications or carry out compliance inspections, with penalties for breaches ranging from fines to management changes, licence suspension, or outright revocation for persistent non-compliance.

Sanctions and Enforcement

The NCC will actively monitor compliance through both on-site and off-site inspections. Where violations are detected, the Commission will issue a formal notice to the licensee, detailing the breach, the corrective steps required, and the deadlines for implementation. For serious breaches, operators have up to four months from the date of notification to remedy the situation. Failure to comply within this period can result in the suspension of the company’s licence, with continued non-compliance potentially leading to full revocation.

In addition to these measures, the NCC may impose fines or other penalties under the Nigerian Communications Act, the 2019 Enforcement Regulations, or other applicable laws. In cases of persistent non-compliance, the Commission also reserves the right to demand changes in the company’s leadership, ensuring that governance failures are addressed at the highest level.

Why It Matters

The NCC says these measures will curb unethical practices, strengthen investor confidence, and bring corporate governance in Nigeria’s telecoms industry up to par with international standards. While enforcement will be phased for some licence categories, the Commission has made it clear that transparency, accountability, and ethical conduct will now be non-negotiable pillars of the sector.

Key Differences from the 2016 Code

The 2025 guidelines introduce several changes from the 2016 Corporate Governance Code for the telecom sector. First, they significantly expand board composition requirements, mandating more independent directors and specific ICT/cybersecurity expertise.

Second, the scope of mandatory committees has been broadened, with clearer mandates, meeting frequency requirements, and minimum skill qualifications for members.

Third, the guidelines introduce stricter tenure limits, mandatory annual board evaluations by independent consultants, and compulsory continuing education. Fourth, the rules on ethics and transparency are now more detailed, requiring annual CSR/ESG reporting, whistleblowing protections, and explicit environmental compliance.

Fifth, risk management and internal control provisions are more robust, with defined qualifications for internal auditors and stronger oversight of enterprise risk.

Finally, the sanctions framework is sharper, with a clear four-month compliance window before licence suspension, and the unprecedented power for NCC to demand management changes in cases of persistent non-compliance.