Key highlights of the Central Bank of Nigeria’s baseline standards for automated anti-money laundering solution

Introduction

On March 10, 2026, the Central Bank of Nigeria (“CBN”) issued The Baseline Standards for Automated Anti-Money Laundering (AML) Solution for Financial Institutions in Nigeria (“The Standards”). The Standards were issued pursuant to the powers conferred on the CBN by Section 2(d) of the CBN Act, 2007 and Section 66(2) of the Banks and Other Financial Institutions Act (BOFIA), 2020.

The issuance of the Standards comes at a critical time, as financial crimes are becoming increasingly sophisticated and regulatory authorities worldwide are intensifying efforts to combat illicit financial flows. In response, the CBN has taken a significant regulatory step to strengthen Nigeria’s financial system by introducing standardised, automated AML compliance requirements to reinforce Nigeria’s framework for combating money laundering, terrorist financing, and proliferation financing.

This article examines the key highlights of the Standards, focusing on their scope, core compliance requirements, and the potential impact on financial institutions operating in Nigeria.

Scope of Application and Enforcement

The Standards apply to all banks and financial institutions within the CBN’s regulatory purview. By virtue of the Standards, all financial institutions are required to operate an automated AML/CFT/CPF Solution, with the extent, configuration and sophistication calibrated to the institution’s size, risk profile, business model, transaction volumes and complexity.

The CBN, to facilitate proportionate implementation across specific subsectors or institutional types, may issue supplementary sector-specific guidance. Furthermore, to enhance comprehensive compliance, these Standards are to be interpreted and applied in conjunction with relevant existing laws.

The implementation of the standards shall start on the date of issuance, March 10, 2026, while full compliance shall be 18 months (for Deposit Money Banks (DMBs)) and 24 months (for Other Financial Institutions (OFIs) from the date of issuance. Therefore, DMB have till September 10, 2027, to comply, and OFIs have till March 10, 2028. Institutions are also required to submit implementation roadmaps to the Compliance Department of the CBN within 3-months from the date of issuance of the standards. Therefore, institutions must submit their implementation roadmaps to the CBN’s Compliance Department by June 10, 2026.

Financial institutions are required to comply with these Standards within the timelines prescribed by the CBN. The CBN will monitor and assess compliance with the standards through off-site surveillance and on-site examinations. Non-compliance will attract remedial directives, administrative sanctions, and penalties in line with extant laws and regulations, including sanctions on the institution and, where appropriate, accountable individuals, as provided for under applicable legal and regulatory frameworks.

Key Matters Arising

The CBN’s Standards are structured around several critical components, each designed to address specific facets of AML/CFT/CPF risk management:

1. AML Solution

Article 8 of the Baseline standards defines an AML Solution as an automated system with capabilities that include customer identification and verification, risk assessment, sanctions screening, transaction and fraud monitoring, case management, reporting, audit and governance, and data protection. Where the AML Solution is also deployed for fraud monitoring, its fraud-related functionalities must be clearly segregated and appropriately governed to ensure that the effectiveness of AML/CFT/CPF detection is not compromised.

2. Customer Due Diligence, Know Your Customer, and Know Your Business (CDD/KYC/KYB) and Risk Assessment

The Standards mandate that the AML solution shall enable an end-to-end support for CDD, EDD, KYC and KYB processes, and must possess robust capabilities for real-time customer identification and verification. This involves comprehensive screening against various watchlists, including sanctions lists, Politically Exposed Persons (PEPs) databases, and adverse media. The objective is to ensure that financial institutions have a clear and accurate understanding of their customers and beneficial owners, thereby mitigating the risks associated with onboarding high-risk individuals or entities. Financial institutions are also required to conduct and document periodic Money Laundering/Terrorism Financing/Proliferation Financing risk assessments at enterprise and business-line level ensuring that the AML Solution configuration reflects these assessments.

3. Transaction / Fraud Monitoring and Detection

Continuous transaction monitoring is a cornerstone of effective AML. The Standards require automated solutions to perform real-time or near real-time monitoring of all transactions. This capability is crucial for detecting unusual patterns, anomalies, and deviations from expected behaviour that could indicate money-laundering or terrorist-financing activities. Recognising the intricate link between fraud and money laundering, the Standards provide the standard to be employed when the AML Solution is to be used for fraud monitoring. The solution should be able to identify and flag suspicious activities across various channels, including cards, e-channels, deposits, and lending in real time or near real time.

4. Case Management

Effective case management is vital for streamlining the investigation and resolution of AML alerts. The Standards stipulate the need for an Enterprise Case Management (ECM) capability that automates the creation, assignment, prioritisation, and tracking of cases arising from AML/CFT/CPF alerts. This includes maintaining full audit trails of all actions taken on cases, ensuring transparency, accountability, and efficient workflow management.

5. Reporting

Timely and accurate submission of regulatory reports is a critical compliance obligation. The Standards require automated AML solutions to support the generation of various regulatory reports, including Suspicious Transaction Reports (STRs), Suspicious Activity Reports (SARs), Currency Transaction Reports (CTRs), and Foreign Currency Transaction Reports (FTRs). These reports must conform to the formats and channels prescribed by the CBN and other competent authorities, ensuring seamless information exchange and regulatory oversight.

6. Audit and Governance

To ensure the integrity and reliability of automated AML solutions, the Standards impose stringent audit and governance requirements. This includes maintaining a comprehensive, tamper-proof, and immutable audit trail of all system and user activities and establishing a documented governance framework for the AML solution. Periodic independent internal and external reviews are required to assess the solution’s effectiveness and ensure ongoing compliance.

7. System Integration and Scalability

The Standards underscore the importance of seamless and secure integration between the AML solution and other critical banking systems, such as core banking, customer information/KYC systems, and other relevant applications. This ensures a unified view of customer data and transaction information, facilitating comprehensive risk assessment. Furthermore, the solutions must be scalable to accommodate increasing transaction volumes and evolving business needs without compromising performance or detection quality.

8. Security and Data Protection

Given the sensitive nature of the data processed by AML solutions, robust security and data protection measures are paramount. The Standards require the implementation of strong security controls, and compliance with the Nigeria Data Protection Act (NDPA) and other privacy laws. This ensures the confidentiality and integrity of sensitive financial information.

Conclusion

The Central Bank of Nigeria’s Baseline Standards for Automated Anti-Money Laundering Solution mark a significant milestone in Nigeria’s fight against financial crime. By mandating the adoption of advanced technological solutions and setting clear operational and governance requirements, the CBN is not only strengthening the resilience of the financial sector but also aligning Nigeria with international best practices in AML/CFT/CPF. Financial institutions must prioritise implementing these Standards, recognising them as an essential investment in safeguarding the integrity of the financial system and fostering sustainable economic growth.

KENNA is a full-service law firm with a client-first approach, delivering bespoke legal solutions across diverse sectors, both locally and internationally.