On March 10, 2026, the Central Bank of Nigeria (CBN) issued Circular BSD/DIR/PUB/LAB/019/002, titled “Issuance of Baseline Standards for Automated Anti-Money Laundering (AML) Solution for Financial Institutions in Nigeria.”
Signed by Akinwunmi Olubukola (Director, Banking Supervision Department) and Olubunmi Ayodele-Oni (for Director, Compliance Department), the circular ends an era of manual AML compliance and mandates that every financial institution in Nigeria deploy automated, AI-powered systems to detect and prevent:
- Money laundering (ML)
- Terrorism financing (TF)
- Proliferation financing (PF)
The timelines are non-negotiable:
- June 10, 2026 (3 months): All institutions must submit implementation roadmaps to CBN Compliance Department
- September 10, 2027 (18 months): Deposit Money Banks must achieve full compliance
- March 10, 2028 (24 months): All other financial institutions (microfinance banks, fintechs, mobile money operators, payment providers) must achieve full compliance
Who this applies to:
- Deposit Money Banks (GTBank, Access, First Bank, Zenith, UBA, etc.)
- Microfinance Banks (MFBs) including Moniepoint MFB
- Mobile Money Operators (MTN MoMo, Airtel Money, Opay, PalmPay)
- International Money Transfer Operators (IMTOs)
- Payment Service Providers (PSPs) including fintechs (Flutterwave, Paystack, Interswitch)
- Finance companies, mortgage institutions, and any CBN-regulated entity
What institutions must deploy: AI-driven systems that automatically:
- Monitor transactions in real time
- Screen customers against sanctions lists (UN, OFAC, domestic)
- Detect politically exposed persons (PEPs)
- Flag suspicious activity patterns
- Generate and file Suspicious Transaction Reports (STRs) to NFIU
- Block transactions when sanctions matches occur
- Maintain full audit trails with maker-checker workflows
What happens if you don’t comply: “Regulatory sanctions” via off-site surveillance, on-site examinations, and thematic reviews.
Translation: CBN can fine, restrict, or shut you down.
This isn’t aspirational. It’s mandatory. And it fundamentally reshapes Nigeria’s financial compliance landscape.
Why CBN Did This Now: Nigeria’s FATF Exit and the Digital Compliance Gap
CBN’s timing isn’t accidental. It follows two major developments:
1. Nigeria Exited the FATF Grey List (2025)
In 2025, Nigeria was removed from the Financial Action Task Force (FATF) grey list after strengthening anti-money laundering regimes and improving financial transparency.
Being on the FATF grey list meant:
- International banks treated Nigerian transactions with heightened scrutiny
- Correspondent banking relationships were harder to maintain
- FX flows faced additional compliance checks
- Nigeria’s financial system was labeled “high-risk”
Exiting the grey list was a major victory. But it came with ongoing obligations: Nigeria must maintain and improve its AML/CFT/CPF infrastructure or risk being re-listed.
The automated AML mandate ensures Nigeria stays off the grey list by demonstrating that its financial institutions use world-class detection systems, not manual spreadsheets.
2. Manual Compliance Can’t Handle Nigeria’s Transaction Volumes
Nigeria’s financial system has undergone explosive digitization:
- Mobile money transactions grew from millions to billions annually
- Fintechs process trillions in payment volume
- Cross-border payments via IMTOs expanded massively
- Real-time payments via NIBSS Instant Payment (NIP) hit record volumes
According to CBN: “Manual AML controls are no longer sufficient in an increasingly digital and complex financial environment.”
The reality:
- A single bank processes millions of transactions daily
- Compliance teams manually reviewing alerts can’t keep up
- Terrorists, money launderers, and sanctions evaders exploit the lag
- By the time manual reviews catch suspicious activity, funds are already moved
Automated systems using AI, machine learning, and behavioral analytics can:
- Monitor billions of transactions in real time
- Flag anomalies instantly (unusual patterns, rapid fund movements, structuring)
- Screen every customer against sanctions lists automatically
- Generate STRs/SARs without human delays
CBN is betting that automation + AI > manual processes for financial crime detection. And they’re right.
The 10 Core Requirements Every Institution Must Meet
The Baseline Standards establish 10 mandatory technical and governance requirements:
1. Real-Time Transaction Monitoring
- Systems must flag suspicious patterns as they occur
- Detect structuring (breaking large transactions into smaller ones to avoid detection)
- Identify unusual velocity (rapid fund movements)
- Monitor cross-border flows
2. Customer Due Diligence (CDD) & Risk Profiling
- Automated Know Your Customer (KYC) and Know Your Business (KYB) checks
- Risk-based profiling (high-risk customers get enhanced monitoring)
- Integration with BVN (Bank Verification Number) and NIN (National Identification Number)
3. Sanctions & PEP Screening
- Screen customers and transactions against:
- UN sanctions lists
- OFAC (Office of Foreign Assets Control) lists
- Domestic watchlists
- Politically Exposed Persons (PEP) registers
- Adverse media sources
- Fuzzy matching logic to catch name variations
- Near real-time updates when lists change
- Automatic blocking of onboarding or transactions upon confirmed match
4. Automated STR/SAR Reporting
- Generate Suspicious Transaction Reports (STRs) and Suspicious Activity Reports (SARs)
- Submit to Nigerian Financial Intelligence Unit (NFIU) in required formats
- Maintain compliance with AML/CFT/CPF laws
5. Fraud Detection Integration
- CBN encourages unified financial crime architecture
- AML and fraud systems can operate separately, but:
- High-risk institutions should build shared data lakes
- Seamless exchange of risk signals between AML and fraud teams
- Unified case management
6. Maker-Checker Workflows
- Full audit trails for every system action
- Segregation of duties (one person initiates, another approves)
- Data integrity and confidentiality protections
7. Automated Alert Closure (with Constraints)
- Low-risk alerts can be auto-closed only if clearly justified
- Back-testing required to prove suspicious activity isn’t being masked
- High-risk alerts require human review
8. API Integration Requirements
- Systems must integrate with:
- Domestic sanctions lists (NFIU, CBN)
- International sanctions lists (UN, OFAC, others)
- National identity databases (BVN, NIN)
- Third-party vendors (compliance software, RegTech platforms)
9. Proportionality Principle
- Large banks (high transaction volumes): Must deploy sophisticated AI-driven systems
- Smaller institutions (lower volumes): Can calibrate based on risk profile, but must meet baseline functional requirements
10. Data Protection & Confidentiality
- Robust data security measures
- Compliance with Nigeria Data Protection Act (NDPA) 2023
- Ensure confidentiality and integrity of customer data
The Three-Month Roadmap Deadline (June 10, 2026)
The first major deadline is June 10, 2026—less than 90 days from the circular’s issuance.
What institutions must submit: A detailed implementation roadmap to CBN Compliance Department covering:
- Gap Analysis: Compare current AML systems against 2026 Baseline Standards
- Current State Assessment: What systems are already in place? What gaps exist?
- Vendor Review: Do third-party AML vendors meet new requirements?
- Implementation Timeline: Phased rollout plan with milestones
- Budget & Resources: Estimated costs, staffing needs
- Governance Framework: Who’s accountable? How will compliance be monitored?
Why this matters: Institutions that miss the June 10 deadline signal to CBN that they’re not serious about compliance. That invites regulatory scrutiny, potential sanctions, and reputational risk.
According to VOVEID, a Nigerian identity verification and AML compliance platform:
“Institutions that move decisively will build compliance infrastructure that is more resilient, more efficient, and better positioned for the next wave of regulatory expectations. Those that wait will find themselves compressed between tightening deadlines and a vendor market under significant demand pressure as June 2026 approaches.”
Translation: Get your roadmap in early, or face a scramble as vendors get overwhelmed.
The Vendor Gold Rush: RegTech, AI, and Compliance Software
CBN just created a ₦500 billion+ market opportunity overnight.
Every Nigerian financial institution—over 1,000 entities including banks, MFBs, fintechs, mobile money operators—must deploy automated AML systems. Most don’t have in-house AI/ML capacity. They’ll need third-party vendors.
Who’s positioning to win:
1. Global AML/Compliance Vendors:
- Actico (Germany-based AML/fraud platform)
- NICE Actimize (financial crime detection)
- FICO (fraud and AML analytics)
- SAS (AI-powered compliance)
- Oracle Financial Crime and Compliance Management
2. African RegTech Startups:
- VOVEID (Nigeria) — Identity verification, KYC/KYB, transaction monitoring, sanctions/PEP screening
- Youverify (Nigeria) — KYC, AML, identity verification
- Smile Identity (Pan-African) — Identity verification, KYC
- Dojah (Nigeria) — Identity verification APIs
- Indicina (Nigeria) — Financial data infrastructure, fraud detection
3. International Payment Processors Expanding into Compliance:
- Flutterwave, Paystack — May build in-house or partner with vendors
4. Banks Building In-House:
- Large Tier-1 banks (GTBank, Access, Zenith) may build proprietary AI-driven AML systems
- Smaller banks will buy SaaS solutions
The opportunity:
- 1,000+ institutions × ₦50-500M per implementation = ₦50B-₦500B total market
- Recurring revenue from annual licensing, updates, maintenance
- Integration services, training, consulting
VOVEID is already offering free implementation roadmap templates to help institutions prepare for the June 10 deadline—smart positioning to capture early adopters.
What Institutions Must Do Right Now (March-June 2026)
If you’re a compliance officer, CTO, or executive at a Nigerian financial institution, here’s your 90-day action plan:
Week 1-2 (March 10-24):
1. Perform Gap Analysis
- Inventory current AML systems
- Compare against CBN Baseline Standards
- Identify gaps (transaction monitoring, sanctions screening, PEP checks, STR automation)
2. Assemble Compliance Task Force
- Compliance, IT, Legal, Operations, Finance
- Assign clear ownership
3. Engage Vendors
- Request demos from RegTech providers
- Evaluate solutions against CBN requirements
- Get pricing, timelines, integration requirements
Week 3-6 (March 25 – April 14):
4. Develop Implementation Roadmap
- Phased rollout plan (pilot → full deployment)
- Milestones with dates
- Budget estimates
- Risk mitigation strategies
5. Secure Budget Approval
- Board/Executive sign-off
- Allocate capital for software, integration, training
Week 7-10 (April 15 – May 12):
6. Finalize Vendor Selection
- Sign contracts
- Begin integration planning
7. Draft Compliance Documentation
- Policies, procedures, governance frameworks
- Maker-checker workflows
- Audit trail protocols
Week 11-12 (May 13 – June 10):
8. Submit Roadmap to CBN
- Final review
- Submit via CBN Compliance Department portal
- Confirm receipt
9. Begin Pilot Deployment
- Start testing systems internally
- Train compliance teams
The Risks: What Happens if Institutions Fail
CBN’s circular is clear: “Financial institutions that fail to comply with the new standards or operate ineffective AML systems could face regulatory sanctions.”
Enforcement mechanisms:
- Off-site surveillance (CBN monitors data remotely)
- On-site examinations (physical audits)
- Thematic regulatory reviews (sector-wide assessments)
Potential sanctions:
- Fines (₦millions to ₦billions depending on severity)
- Operational restrictions (limits on new customer onboarding, transaction caps)
- License suspension or revocation (for egregious violations)
- Reputational damage (publicly named as non-compliant)
- Criminal liability (if AML failures enable money laundering, terrorism financing)
Precedent: CBN has historically been aggressive in enforcing compliance:
- 2024: Instructed NIBSS to debit accounts of banks that receive fraud proceeds
- 2023: Strengthened KYC rules requiring BVN/NIN for account opening
- 2015: Mandated banks to establish dedicated fraud desks
- 2011: Created Nigeria Electronic Fraud Forum (NeFF) for fraud intelligence sharing
CBN doesn’t issue guidelines and walk away. It monitors, examines, and sanctions.
The Verdict: Manual Compliance Is Dead—And That’s Good for Nigeria
CBN’s automated AML mandate is the most significant financial compliance shift in Nigerian history.
For 15 years, Nigeria’s financial system relied on manual AML processes:
- Compliance officers reviewing spreadsheets
- Alert backlogs measured in weeks
- Sanctions screening via Ctrl+F
- STRs filed on paper
That era is over.
By March 2028, every Nigerian financial institution will operate:
- AI-powered transaction monitoring
- Real-time sanctions screening
- Automated STR/SAR filing
- Integrated fraud detection
Winners:
- Financial institutions that move early (compliance infrastructure becomes competitive advantage)
- RegTech vendors (₦500B+ market opportunity)
- Nigerian economy (cleaner financial system, maintained FATF compliance, stronger correspondent banking relationships)
Losers:
- Money launderers, terrorists, sanctions evaders (much harder to hide)
- Institutions that delay (scrambling to meet deadlines, vendor shortages, regulatory risk)
- Manual compliance processes (officially obsolete)
The message to financial institutions is clear:
- June 10, 2026: Submit your roadmap
- September 10, 2027 (banks) / March 10, 2028 (others): Full compliance
- Or face sanctions
For Nigeria’s financial system, this is structural modernization disguised as regulatory compliance. And for once, the timeline is realistic, the requirements are clear, and the alternative (manual processes) is genuinely obsolete.
Manual compliance is dead. Long live automated AML.
CBN Circular BSD/DIR/PUB/LAB/019/002 was issued March 10, 2026. Deposit Money Banks have 18 months to comply. Other financial institutions have 24 months. All institutions must submit implementation roadmaps by June 10, 2026.
