The Central Bank of Nigeria (CBN) has granted Deposit Money Banks 18 months to fully implement new, mandatory automated anti-money laundering (AML) solutions, while other financial institutions have 24 months. The directives, issued in a circular dated March 10, 2026, extend the previously reported 12-month compliance window first proposed by the regulator.
The circular, titled “Issuance of Baseline Standards for Automated Anti-Money Laundering Solution for Financial Institutions in Nigeria,” was signed by the Directors of the Banking Supervision and Compliance Departments. It applies to all banks, mobile money operators, payment service providers, and other licensed financial entities.
Implementation of the standards must commence immediately, with full compliance required within the specified periods. Institutions are directed to submit detailed implementation roadmaps to their Compliance Departments within three months, accelerating the transition to the new regime.
The standards mandate that all supervised institutions operate automated AML systems, with sophistication calibrated to each institution’s size, risk profile, and transaction volume. The framework, which supplements existing laws like the CBN Act 2007 and the Banks and Other Financial Institutions Act 2020, explicitly states that manual controls are insufficient in Nigeria’s digitising financial landscape.
Systems must support risk-based customer due diligence, real-time suspicious activity detection, and accurate reporting to the CBN and the Nigerian Financial Intelligence Unit. The CBN stated the standards aim to bolster financial system integrity and align with Financial Action Task Force (FATF) recommendations.
Key requirements cover transaction monitoring, customer and business due diligence (KYC/KYB), sanctions and politically exposed persons (PEP) screening, case management, audit trails, data security, and vendor management. High-risk sectors must deploy enhanced monitoring, integrating AML systems with customer risk profiles and identification repositories.
The framework encourages the use of artificial intelligence and machine learning, subject to independent validation, accuracy checks, and bias testing. Strict data protection compliance with the Nigeria Data Protection Act and tamper-proof audit trails are also required.
New institutions seeking authorisation must demonstrate compliance or present credible plans. The CBN will monitor adherence via off-site surveillance, on-site examinations, and thematic reviews. Failure to comply may lead to remedial directives, administrative sanctions, and penalties against both institutions and accountable individuals.
The CBN emphasised that all stakeholders must ensure strict compliance, with the regulator reserving the right to issue further guidance as needed. The move represents a significant step in modernising Nigeria’s financial crime defences and meeting international standards.
