AML Compliance

AML compliance in Nigeria

Anti-money laundering (AML) compliance in Nigeria is governed by the Money Laundering (Prevention and Prohibition) Act 2022, CBN regulations, and FATF standards. All licensed banks, fintechs, and payment service providers are legally required to maintain active AML programmes.

Legal framework

Nigeria's AML regime is built on three primary laws. The Money Laundering (Prevention and Prohibition) Act 2022 (MLPPA) is the core statute, replacing the 2011 Act with stricter obligations. The Terrorism (Prevention and Prohibition) Act 2022 covers counter-terrorism financing (CFT). The Banks and Other Financial Institutions Act 2020 (BOFIA), under Section 66, mandates all CBN-licensed institutions to comply with AML/CFT requirements.

The Central Bank of Nigeria (CBN) enforces compliance through circulars, guidelines, and on-site examinations. The Nigerian Financial Intelligence Unit (NFIU) receives and analyses suspicious transaction reports (STRs), currency transaction reports (CTRs), and foreign transfer reports (FTRs) submitted via the goAML platform.

Core compliance obligations

  • Maintain a written AML/CFT compliance programme approved at board level
  • Designate a compliance officer at management level at headquarters and every branch
  • Conduct customer due diligence (CDD) and enhanced due diligence (EDD) for high-risk customers
  • Apply the CBN three-tier KYC framework to all accounts
  • Screen customers against PEP lists, sanctions lists, and adverse media
  • Monitor transactions in real time and file reports with the NFIU via goAML
  • Conduct regular AML training for all staff
  • Maintain records for a minimum of five years

Reporting thresholds

Report typeTriggerDeadline
Suspicious Transaction Report (STR)Any transaction that raises suspicion of money laundering or terrorism financing — no minimum amount24 hours from detection
Currency Transaction Report (CTR)Cash transactions above NGN 5 million (individuals) or NGN 10 million (corporates)Within 7 days
Foreign Transfer Report (FTR)International transfers above USD 10,000 or equivalentWithin 1 day

2026 CBN automated AML standards

On 10 March 2026, the CBN issued Circular BSD/DIR/PUB/LAB/019/002, establishing mandatory baseline standards for automated AML solutions. All deposit money banks must achieve full compliance within 18 months (by September 2027). Fintechs, payment service providers, and mobile money operators have 24 months (by March 2028). All regulated institutions were required to submit implementation roadmaps to the CBN by 10 June 2026.

The circular mandates real-time transaction monitoring, dynamic risk scoring, automated sanctions and PEP screening, and direct integration with goAML for regulatory reporting.

Penalties for non-compliance

The CBN has significantly increased enforcement activity. Zenith Bank was fined NGN 15.42 billion in 2025 for AML/CFT violations. Access Bank was fined NGN 35 million in 2026. The MLPPA 2022 provides for criminal prosecution of individuals, including compliance officers, in addition to institutional fines. Senior management carry personal regulatory exposure under the 2026 circular — penalties apply to both the institution and accountable individuals.

Frequently asked questions

Which institutions must comply with AML regulations in Nigeria?
All CBN-licensed financial institutions, including commercial banks, microfinance banks, fintechs, payment service providers, mobile money operators, mortgage banks, and international money transfer operators. Designated non-financial businesses and professions (DNFBPs) such as lawyers, accountants, and real estate agents are also covered under the MLPPA 2022.
What is the goAML platform?
goAML is the NFIU's official web-based platform for receiving STR, CTR, and FTR filings from regulated institutions. It is developed by the United Nations Office on Drugs and Crime (UNODC) and used by financial intelligence units in over 60 countries. All Nigerian financial institutions must file regulatory reports through goAML.
What does the CBN three-tier KYC framework require?
Tier 1 requires BVN or NIN linkage with a NGN 30,000 daily transaction limit. Tier 2 requires a verified government-issued ID and address verification, with a NGN 500,000 daily limit. Tier 3 requires full beneficial ownership verification and liveness checks, with no transaction limit. Since December 2023, all Tier 2 and Tier 3 accounts must have both BVN and NIN.
What does the CBN 2026 automated AML circular require?
CBN Circular BSD/DIR/PUB/LAB/019/002 requires all regulated institutions to deploy automated systems capable of real-time transaction monitoring, dynamic customer risk scoring, automated PEP and sanctions screening, case management, audit trails, and regulatory reporting via goAML. Institutions must have submitted an implementation roadmap to the CBN by 10 June 2026.

Free resource for Nigerian compliance teams

The NFIU STR/CTR Rejection Codes Reference Guide — every common goAML rejection explained with root causes and fixes.

Download the free guide