The Central Bank of Nigeria has set an 18-month deadline for Deposit Money Banks (DMBs) to fully comply with its new baseline standards for automated anti-money laundering (AML) solutions.
In a circular dated March 10, 2026, the CBN also directed other financial institutions to meet the requirements within 24 months, extending the previous 12-month timeline initially proposed for the guidelines.
The circular, titled “Issuance of Baseline Standards for Automated Anti-Money Laundering Solution for Financial Institutions in Nigeria,” was signed by Akinwunmi Olubukola, Director of the Banking Supervision Department, and Olubunmi Ayodele-Oni for the Director of Compliance. It applies to banks, mobile money operators, international money transfer operators, payment service providers, and other financial institutions.
Implementation timelines require that DMBs achieve full compliance within 18 months, while other financial institutions have 24 months. Institutions are also expected to submit implementation roadmaps within three months of the circular’s issuance.
The CBN emphasized that manual AML controls are no longer sufficient in an increasingly digital and complex financial sector. Institutions must deploy automated systems that support risk-based customer due diligence, real-time detection of suspicious activities, and accurate and timely reporting to the CBN, the Nigerian Financial Intelligence Unit, and other authorities.
The standards, anchored in the CBN Act 2007 and Banks and Other Financial Institutions Act 2020, are intended to complement existing legal obligations and promote financial system stability and integrity.
Key elements of the standards include transaction monitoring, case management, reporting, Know-Your-Customer (KYC) and Know-Your-Business (KYB) processes, sanctions and Politically Exposed Persons (PEP) screening, audit trails, data security, and vendor management. The guidelines also encourage the integration of artificial intelligence, machine learning, and advanced analytics, with independent annual validation, accuracy checks, and bias testing, while requiring enhanced monitoring for high-risk sectors.
Institutions seeking fresh authorization must demonstrate compliance or present credible plans to meet the standards. The CBN will monitor compliance through off-site surveillance, on-site examinations, thematic reviews, and other supervisory mechanisms.
The circular further requires tamper-proof audit trails, role-based workflows, secure authentication systems, full compliance with the Nigeria Data Protection Act, and comprehensive third-party and vendor management, covering procurement, implementation, support, incident handling, and exit strategies.
Failure to comply could result in remedial directives, administrative sanctions, and penalties affecting both institutions and accountable individuals.
The CBN concluded: “All stakeholders are required to ensure strict compliance with the guidelines and all other regulations, as the CBN continues to monitor developments and issue further guidance as may be appropriate.”
