Compliance Technology

Automated AML solutions for Nigerian financial institutions

The CBN's March 2026 circular (BSD/DIR/PUB/LAB/019/002) establishes mandatory baseline standards for automated AML/CFT/CPF solutions. All CBN-licensed institutions must deploy compliant automated systems — deposit money banks by September 2027, fintechs and PSPs by March 2028. Manual or spreadsheet-based compliance programmes no longer satisfy regulatory requirements.

What the CBN 2026 circular requires

Circular BSD/DIR/PUB/LAB/019/002 identifies twelve categories of mandatory minimum standards for automated AML solutions. These are not aspirational guidelines — they are minimum requirements. An institution whose system cannot demonstrate each capability will be found non-compliant during CBN examination.

  • Real-time transaction monitoring with configurable rule sets
  • Dynamic customer risk scoring that updates based on transaction behaviour
  • Automated PEP screening against domestic and international PEP lists
  • Real-time sanctions screening against UN, OFAC, EU, and Nigerian terrorism designation lists
  • Beneficial ownership identification and verification
  • Customer due diligence (CDD) and enhanced due diligence (EDD) workflow management
  • Case management with full audit trail from alert to resolution
  • Direct integration with the NFIU's goAML platform for STR, CTR, and FTR filing
  • Regulatory reporting and management information system (MIS) reporting
  • Staff training records and compliance programme documentation management
  • Adverse media screening
  • System availability and audit log integrity (the system must maintain tamper-evident records)

Compliance deadlines

Institution typeDeadlineStatus
All regulated institutions — implementation roadmap submission10 June 2026Passed
Deposit money banks (DMBs)September 202718 months from circular date
Fintechs, PSPs, mobile money operators, microfinance banksMarch 202824 months from circular date

Why manual compliance no longer works

Before the 2026 circular, many Nigerian financial institutions — particularly smaller banks, microfinance institutions, and fintechs — managed AML compliance through spreadsheets, manual transaction reviews, and periodic batch reports. The regulatory landscape has moved decisively away from this model for three reasons.

  • The STR filing window requires suspicious activity to be detected and reported within 96 hours. Manual review of transaction logs cannot reliably achieve this at scale
  • The FTR filing window is 24 hours — impossible to meet manually for institutions processing significant international payment volumes
  • The CBN 2026 circular explicitly mandates real-time monitoring and automated goAML submission, which by definition cannot be manual

What to look for in an automated AML solution

When evaluating an automated AML platform for compliance with the CBN 2026 standards, Nigerian institutions should assess the following:

  • Nigerian regulatory alignment: does the platform support goAML integration natively, or does it require custom middleware?
  • Real-time vs batch processing: does the platform monitor transactions in real time or in end-of-day batches?
  • KYC tier support: does the platform support the CBN three-tier KYC framework including BVN and NIN verification?
  • Sanctions list coverage: does it screen against all four required lists (UN, OFAC, EU, and the Nigerian terrorism designation list)?
  • Audit trail completeness: does every alert, case, and filing decision produce an immutable audit record?
  • Implementation timeline: can the institution achieve full compliance within the CBN deadline from the date of procurement?

Frequently asked questions

Can a Nigerian fintech use a global AML platform not built for Nigeria?
A global platform can be used if it meets all CBN requirements, but there are practical challenges. Most global platforms do not support goAML integration natively, do not screen against the Nigerian terrorism designation list, and are not configured for the CBN three-tier KYC framework. Significant customisation is typically required, which adds cost, implementation risk, and time. A platform built specifically for the Nigerian regulatory environment removes these obstacles.
What does a CBN AML examination look for?
CBN examiners assess whether the institution's AML programme meets the requirements of the MLPPA 2022 and the CBN guidelines. Following the 2026 circular, this includes verifying that automated systems are in place, reviewing audit trails for alert dispositions, checking STR and CTR filing volumes and timeliness, and testing whether dynamic risk scoring is operational. Personal liability of the compliance officer is assessed where systemic failures are identified.
Is there a CBN-approved list of AML software vendors?
The CBN does not maintain a published approved vendor list. The circular specifies the capabilities that a compliant system must have — institutions are responsible for procuring solutions that meet those specifications and demonstrating compliance through their implementation roadmap and subsequent examination. Vendor selection is the institution's responsibility.

Free resource for Nigerian compliance teams

The NFIU STR/CTR Rejection Codes Reference Guide — every common goAML rejection explained with root causes and fixes.

Download the free guide