CBN Issues Baseline Standards for Automated AML Solutions [2026]: What Every Nigerian Financial Institution Needs to Know

On 10 March 2026, the Central Bank of Nigeria issued Circular BSD/DIR/PUB/LAB/019/002, establishing mandatory baseline standards for automated Anti-Money Laundering, Combating the Financing of Terrorism, and Countering Proliferation Financing (AML/CFT/CPF) solutions across the Nigerian financial sector. All banks, fintechs, mobile money operators, and payment service providers now have a hard deadline to act.

Why the CBN Acted Now

Nigeria's financial sector has undergone rapid digitisation over the past decade. The volume and complexity of transactions processed across mobile money platforms, payment gateways, digital banks, and international remittance corridors have grown to a point where manual compliance processes are no longer viable. The CBN acknowledged this directly in the circular, stating that manual AML/CFT/CPF controls are no longer sufficient to manage the evolving risks associated with an increasingly digital financial system.

The directive also aligns Nigeria more closely with the recommendations of the Financial Action Task Force (FATF), the global standard-setter for AML/CFT compliance. Nigeria's improving but still closely watched FATF standing makes this a strategically significant moment for the CBN to act, and the message to institutions is clear: automated, technology-driven compliance infrastructure is no longer optional.

The standards were developed following a comprehensive assessment of AML solutions currently deployed across the industry. They represent the minimum compliance threshold, institutions with more complex risk profiles or operating in higher-risk subsectors will be expected to implement controls that go beyond the baseline.

Who Is Affected

The circular applies to every institution operating under CBN supervision:

Deposit Money Banks (DMBs), commercial banks and other licensed deposit-taking institutions.

Fintechs and Payment Service Providers (PSPs), including switching companies, payment solution service providers, and super agents.

Mobile Money Operators (MMOs), telco-led and standalone mobile money services.

International Money Transfer Operators (IMTOs), all licensed remittance providers.

Other financial institutions, microfinance banks, mortgage institutions, finance companies, and any other entity regulated by the CBN.

The standards also apply to institutions seeking fresh authorisation. New licence applicants must demonstrate compliance with the Baseline Standards or present a credible implementation plan as part of the authorisation process, meaning the regulatory bar for new entrants has also effectively risen.

The Three Deadlines You Must Know

The circular establishes a three-tier timeline beginning from the date of issuance, 10 March 2026.

The first deadline, the roadmap submission on 10 June 2026, is the most immediately pressing. It is less than three months away, and institutions that have not yet begun assessing their current AML infrastructure against the Baseline Standards are already behind the optimal preparation curve.

To help institutions prepare a compliant submission, VOVEID has built a free, professionally structured implementation roadmap template that covers all requirements set out in the circular. Download it at voveid.com/en/nigeria-cbn-aml.

What the Baseline Standards Actually Require

The circular is detailed in its technical requirements. Every regulated institution's AML system must support the following ten core capabilities.

Customer Identification & Verification. Integration with BVN, NIN, and other national identity databases to support KYC and KYB processes.

Risk-Based Customer Profiling. Dynamic risk scoring based on the full customer profile, not solely raw transaction data. The CBN was explicit on this distinction.

Sanctions Screening. Real-time screening against domestic and international sanctions lists (CBN, OFAC, UN, EU). Where a confirmed match occurs, the system must automatically block onboarding or the transaction.

PEP Screening & Adverse Media Monitoring. Continuous screening against politically exposed persons registers and adverse media sources, with automated alert generation.

Transaction Monitoring. Real-time or near-real-time monitoring across all applicable channels: cards, e-channels, deposits, and lending. Pattern detection for unusual activity indicative of fraud or financial crime.

Case Management. Enterprise case management tools capable of automatically generating, assigning, and tracking investigations arising from suspicious activity alerts.

Regulatory Reporting. Automated generation and submission of Suspicious Transaction Reports (STRs) and Cash Transaction Reports (CTRs) to the CBN and the Nigerian Financial Intelligence Unit (NFIU).

Audit Trails & Governance. Tamper-proof audit logs, role-based access control, multi-factor authentication, and secure data transmission compliant with the Nigeria Data Protection Act (NDPA).

AI / ML Model Governance. Where AI or machine learning is used, institutions must conduct independent model validation at least annually, covering accuracy, performance drift, fairness audits, bias testing, and human review where relevant.

Vendor Management. Institutions using third-party vendors must maintain documented policies covering procurement, onboarding, ongoing oversight, incident management, and exit strategies.

For high-risk institutions, those operating in cross-border remittances, virtual asset services, correspondent banking, or with high-value merchant exposure, the CBN requires enhanced monitoring capabilities and explicit integration of the AML system with KYC/KYB repositories and customer risk profiles.

The Integration Requirement: More Than a Software Upgrade

One aspect of the circular that deserves particular attention is its emphasis on system integration. The CBN does not simply require institutions to have an AML platform in place, it requires that the platform integrate with core banking systems and other operational infrastructure to enable monitoring across all customers, products, and transaction channels simultaneously.

This is a meaningful technical requirement. Institutions that currently operate AML controls through standalone tools, periodic batch processes, or manual review workflows will need to consider not just what platform to procure, but how to connect it meaningfully to their existing technology stack. The CBN's standard is an integrated, real-time compliance infrastructure, not a compliance module bolted on at the edges.

VOVEID's platform is built with this integration architecture in mind. Our KYC/KYB identity verification, transaction monitoring, and sanctions screening modules are designed to connect directly with core banking platforms and payment infrastructure. Learn more at voveid.com.

Free CBN AML Implementation Roadmap Template A professionally structured Word document aligned to every requirement in Circular BSD/DIR/PUB/LAB/019/002, ready to complete and submit to the CBN by 10 June 2026. Download at voveid.com/en/nigeria-cbn-aml →

Consequences of Non-Compliance

The CBN has been direct about enforcement. Institutions that fail to meet the Baseline Standards, or that operate AML solutions in a manner resulting in ineffective AML/CFT/CPF control, are explicitly subject to remedial directives, administrative sanctions, and financial penalties under existing laws and regulations. Critically, the circular states that these consequences may affect both the institution and accountable individuals, meaning senior management and compliance officers carry personal regulatory exposure, not just the organisation.

Compliance will be monitored through off-site surveillance, on-site examinations, and thematic reviews. The CBN has signalled that this is an active supervision priority. Institutions should treat the 10 June 2026 roadmap deadline as a hard regulatory commitment.

How to Prepare: A Practical Starting Point

With under three months until the first deadline, institutions need to move quickly on three parallel workstreams.

First, conduct an honest gap assessment. Map your current AML controls against each of the ten capability areas in the CBN's framework. Be specific: does your transaction monitoring cover cards, e-channels, deposits, and lending individually? Does your sanctions screening trigger automatic blocking? Is your customer risk profiling based on the full customer profile or primarily transaction behaviour? The answers determine the scope and urgency of your implementation plan.

Second, determine your compliance tier. The CBN explicitly calibrates expectations to an institution's risk profile, business model, size, and transaction volumes. High-risk institutions, particularly those in cross-border payments, virtual assets, or correspondent banking, will face a higher implementation bar. Define your risk tier early, as it shapes both the sophistication required of your platform and the proportionality argument you can make in your roadmap submission.

Third, prepare and submit your roadmap. The implementation roadmap submitted to the CBN Compliance Department by 10 June 2026 should cover your current state assessment and gap analysis, the AML solution architecture you intend to deploy, a phased implementation timeline with named milestones and responsible owners, your governance and oversight framework, and a resource and budget commitment. This is a formal regulatory document, it should be Board-authorised and signed by both the CEO and the Chief Compliance Officer.

VOVEID has developed a free implementation roadmap template that covers all of these requirements in a structured, CBN-aligned format. It includes pre-built sections for the gap analysis, module coverage checklist, phased timeline, milestone tracker, governance framework, AI/ML model governance, sanctions auto-blocking protocol, and the formal declaration block.

The Broader Significance

This circular represents one of the most substantive upgrades to Nigeria's AML regulatory framework in years. It does not simply tighten existing rules, it sets a new technological floor for compliance, one that will require meaningful investment in systems, integration, and governance for the majority of regulated institutions.

That is also an opportunity. Institutions that move decisively will build compliance infrastructure that is more resilient, more efficient, and better positioned for the next wave of regulatory expectations. Those that wait will find themselves compressed between tightening deadlines and a vendor market under significant demand pressure as June 2026 approaches.

VOVEID is working with financial institutions across Nigeria to accelerate compliant implementation. Our platform covers identity verification (KYC/KYB), transaction monitoring, sanctions and PEP screening, and full CBN baseline compliance. Speak with our compliance team to discuss your institution's requirements, or download the free roadmap template to begin your preparation today.

This article is published for informational purposes and does not constitute legal or regulatory advice.

Source: Central Bank of Nigeria, Circular BSD/DIR/PUB/LAB/019/002, "Issuance of Baseline Standards for Automated Anti-Money Laundering (AML) Solution for Financial Institutions in Nigeria", dated 10 March 2026. Signed by Akinwunmi A. Olubukola, Director, Banking Supervision Department, and Olubunmi Ayodele-Oni, for Director, Compliance Department.