CBN Mandates Automated AML Systems Across Nigerian Financial Institutions

In March 2026, the Central Bank of Nigeria (CBN)  issued the Baseline Standards for Automated Anti-Money Laundering (AML) Solutions, marking a major shift from largely manual compliance processes toward technology-driven monitoring. These standards require all financial institutions in Nigeria to implement automated systems capable of detecting and preventing money laundering, terrorism financing, and proliferation financing (ML/TF/PF). The policy emphasizes demonstrable effectiveness over feature-based compliance, requiring institutions to proactively identify suspicious activity in real time.

The CBN has established clear timelines for compliance. Financial institutions are expected to begin implementation immediately. Within three months, each institution must submit an implementation roadmap to the CBN Compliance Department. Deposit Money Banks are required to achieve full compliance within 18 months, while other financial institutions, including Microfinance Banks (MFBs) and Mobile Money Operators (MMOs), have up to 24 months to meet the baseline standards.

At the core of the standards are specific functional requirements for automated AML solutions. Systems must provide a unified customer view, linking Know Your Customer (KYC) and Know Your Business (KYB) information directly with transactional behavior. Investigators should be able to see a customer’s occupation, source of funds, and risk score alongside their transaction history in a single interface. Transaction monitoring must employ risk-based analysis with multiple scenarios to identify unusual patterns. While Artificial Intelligence (AI) and Machine Learning (ML) are encouraged for anomaly detection, they must be explainable, with annual independent validation to prevent bias or model drift. Systems should also generate pre-emptive alerts, allowing high-risk transactions to be temporarily held pending review.

Sanctions and Politically Exposed Person (PEP) screening is another key requirement. Systems must integrate with domestic and international sanctions lists, such as UN and OFAC, and update in near real-time. Fuzzy matching logic should detect variations in names, and the system must be able to automatically block onboarding or transactions upon a confirmed sanctions match. Although AML and fraud systems can operate separately, the CBN encourages institutions to develop a unified financial crime architecture, enabling seamless exchange of risk signals and, for high-risk organizations, a roadmap toward a shared data lake covering both AML and fraud detection.

Technical and governance requirements include maker-checker workflows with full audit trails, robust data protection measures to ensure confidentiality and integrity, and automated reporting of Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs) in the formats required by the Nigerian Financial Intelligence Unit (NFIU). Solutions must be scalable, using secure APIs for integration with core banking systems to handle growing transaction volumes.

The CBN enforces a proportionality principle. Large banks with high transaction volumes are expected to deploy sophisticated AI-driven systems, while smaller institutions may calibrate their solutions based on risk profile, provided they meet baseline functional requirements. Automated closure of alerts is allowed only for clearly low-risk scenarios, and any back-testing must demonstrate that suspicious activity is not being masked.

Financial institutions are advised to take immediate steps to comply. This includes performing a gap analysis to compare current AML software against the 2026 Baseline Standards, developing a three-month roadmap for submission to the Compliance Department, and reviewing third-party vendors to ensure their solutions meet new API and integration requirements.