Nigeria’s Central Bank has drawn a hard line on financial crime compliance, issuing a sweeping directive that requires every bank, fintech operator, and payment service provider in the country to deploy automated anti-money laundering technology. The move signals a decisive shift away from manual monitoring in a financial system that processed nearly 11 billion instant payment transactions in 2024 alone.
The circular, issued on March 10, 2026, and signed by the directors of the CBN’s Banking Supervision and Compliance departments, introduces what the regulator calls “Baseline Standards for Automated Anti-Money Laundering Solutions.” It applies to deposit money banks, mobile money operators, international money transfer operators, and all other financial institutions under the CBN’s regulatory umbrella. At its core is a straightforward demand: every covered institution must implement automated AML systems capable of monitoring transactions, flagging suspicious activity, and generating regulatory reports in real time. These systems must integrate customer identification, transaction monitoring, sanctions screening, and risk assessment into a single automated pipeline.
Deposit money banks have been given 18 months to reach full compliance, while other financial institutions have 24 months, both timelines running from the date of the circular. The 18-month window for banks is notably an extension from the 12-month deadline the CBN initially proposed when the guidelines were first floated in May 2025. But there is one tight deadline nobody gets to negotiate: all institutions must submit detailed implementation roadmaps to the CBN’s Compliance Department within three months.
The timing is not coincidental. Nigeria’s financial landscape has changed dramatically over the past decade. The country now hosts one of Africa’s largest fintech ecosystems, with cross-border financial transactions reaching $20.93 billion in 2024. Digital payments, mobile wallets, and real-time transfers have become the norm rather than the exception, and that rapid digitisation has widened the attack surface for financial criminals. Money laundering, terrorism financing, and digital fraud have grown more sophisticated alongside the very systems they exploit. The CBN’s own Fintech Report 2025, published in February, revealed that 87.5% of Nigerian fintechs already use AI for fraud detection, but the regulator clearly wants that adoption to be universal, standardised, and enforceable. Nigeria’s recent exit from the Financial Action Task Force grey list also looms in the background. Staying off that list demands sustained improvements in anti-money laundering infrastructure, and this directive positions the CBN to demonstrate exactly that on the global stage.
The technical requirements are extensive. Automated AML systems must support risk-based customer due diligence, integrate with domestic and international sanctions databases, screen for politically exposed persons, and connect seamlessly with core banking platforms and regulatory reporting frameworks. The CBN is also explicitly encouraging the use of artificial intelligence, machine learning, and advanced analytics, but with guardrails. Any AI models deployed must undergo independent annual validation, accuracy assessments, fairness reviews, and bias testing. That last point is significant, signalling the CBN is thinking beyond just functionality and into the ethical dimensions of algorithmic decision-making in financial surveillance. Data governance features prominently as well. Institutions must maintain tamper-proof audit trails, implement role-based access controls, use secure authentication protocols, and comply with Nigeria’s Data Protection Act. Vendor management policies must cover everything from procurement to exit strategies for third-party technology providers.
None of this is advisory. The CBN made clear that compliance will be monitored through off-site surveillance, on-site examinations, and thematic regulatory reviews. Institutions that fail to meet the standards or operate ineffective AML systems face remedial directives, administrative sanctions, and penalties that can extend to accountable individuals within those organisations. For institutions applying for new licences, the bar is already set: demonstrate compliance or present credible plans to meet the standards before approval is even considered.
The directive will likely accelerate demand for RegTech solutions across Nigeria’s banking and fintech sectors. Smaller institutions, particularly mobile money operators and payment service providers with limited technical capacity, face the steepest climb. The 24-month compliance window for non-bank institutions reflects that reality, but the three-month roadmap deadline ensures no one can afford to sit on their hands. For larger banks, many of which already run some form of automated transaction monitoring, the challenge is less about building from scratch and more about meeting the CBN’s specific baseline. Integration with KYC repositories, real-time sanctions screening, and the AI validation requirements will demand meaningful investment even from well-resourced institutions.
The broader signal is unmistakable: the CBN views manual AML controls as a relic of a simpler era. In a financial system moving billions of dollars annually through digital channels, the regulator has decided that technology-driven compliance is no longer optional. It is the floor.
