CBN has set a new deadline for Banks and Fintechs to deploy Automated AML Systems.
NewsOnline Nigeria reports that the Central Bank of Nigeria (CBN) has given Deposit Money Banks 18 months to fully comply with its newly introduced baseline standards for automated anti-money laundering (AML) solutions, while other financial institutions have 24 months to meet the requirements.
In a circular issued on March 10, 2026, the apex bank stated that implementation of the guidelines would begin immediately, with full compliance expected within the stipulated timelines.
“The implementation of these guidelines shall start from the date of issuance, while full compliance shall be 18 months (for Deposit Money Banks) and 24 months (for Other Financial Institutions) from the date of issuance,” the CBN said.
ALSO: Tinubu’s Administration a ‘Historic Disaster,’ Says SDP’s Adewole Adebayo, Declares Readiness for 2027 Presidency
The directive represents an extension from the earlier 12-month compliance timeline initially proposed by the regulator.
The circular, titled “Issuance of Baseline Standards for Automated Anti-Money Laundering Solution for Financial Institutions in Nigeria,” was signed by the Director of the Banking Supervision Department, Akinwunmi Olubukola, alongside Olubunmi Ayodele-Oni for the Director of the Compliance Department.
It was addressed to banks, mobile money operators, international money transfer operators, payment service providers, and other financial institutions operating in Nigeria.
The CBN also instructed affected institutions to submit implementation roadmaps to its Compliance Department within three months from the date of the directive.
According to the regulator, the standards are designed to strengthen the stability and integrity of Nigeria’s financial system by improving the detection and reporting of suspicious financial activities.
“The Baseline Standards provide a framework for implementing automated solutions that strengthen the detection and reporting of suspicious transactions in real time and enhance compliance with applicable AML/CFT/CPF laws and regulations,” the bank stated.
Under the new guidelines, all financial institutions under the CBN’s supervision must operate automated AML systems. However, the level of sophistication required will depend on the institution’s size, transaction volume, risk profile, business model, and operational complexity.
The framework is anchored on the CBN Act 2007 and the Banks and Other Financial Institutions Act (BOFIA) 2020, and is intended to complement existing regulatory obligations.
The apex bank noted that manual compliance systems are no longer adequate as financial services become increasingly digital and complex.
As part of the requirements, financial institutions must deploy systems capable of supporting risk-based customer due diligence, detecting suspicious transactions in real time, and ensuring timely reporting to the CBN, the Nigerian Financial Intelligence Unit (NFIU), and other relevant authorities.
The standards align with global Financial Action Task Force (FATF) recommendations and include requirements for transaction monitoring, customer due diligence, know-your-customer and know-your-business processes, sanctions and politically exposed persons screening, reporting mechanisms, and case management.
Other key elements include fraud monitoring systems, unified customer risk profiles, audit trails, data security measures, vendor management policies, and scalable system integration.
Institutions operating in high-risk sectors are required to implement enhanced monitoring systems that integrate with KYC and KYB databases to strengthen risk assessment.
The guidelines also encourage the use of artificial intelligence, machine learning, and advanced analytics to improve financial crime detection. However, such technologies must undergo independent annual validation, accuracy checks, fairness audits, and bias testing.
Additionally, the CBN mandated tamper-proof audit trails, secure authentication processes, and role-based workflow controls, while ensuring full compliance with the Nigeria Data Protection Act.
Financial institutions relying on third-party vendors must also implement clear procurement, implementation, support, incident management, and exit policies.
According to the regulator, institutions seeking fresh licences or regulatory approval must demonstrate compliance with the new standards or present credible implementation plans.
The CBN warned that non-compliance could lead to regulatory actions, including administrative sanctions, remedial directives, and financial penalties against both institutions and responsible officials.
“All stakeholders are required to ensure strict compliance with the guidelines and all other regulations,” the bank said, adding that it would continue to monitor developments and issue further directives where necessary.
