The Central Bank of Nigeria enforces AML/CFT compliance through BOFIA 2020, the MLPPA 2022, and circulars including the 2026 Baseline Standards for Automated AML Solutions. All CBN-licensed institutions must maintain active, technology-driven compliance programmes.
The CBN derives its AML/CFT enforcement authority from three sources. Section 66 of the Banks and Other Financial Institutions Act 2020 (BOFIA) requires all licensed institutions to comply with AML/CFT obligations. The Money Laundering (Prevention and Prohibition) Act 2022 (MLPPA) sets out the substantive requirements. CBN circulars and guidelines implement the detailed standards.
Nigeria is a member of the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA), the FATF-style regional body for West Africa, and is assessed against FATF's 40 Recommendations. CBN requirements are aligned with FATF standards.
CBN Circular BSD/DIR/PUB/LAB/019/002, issued 10 March 2026, identifies 12 categories of mandatory minimum standards for automated AML solutions. These build on the core requirements that have been in place since the CBN's earlier AML/CFT guidelines:
The CBN's 2026 circular represents a structural shift from manual to automated compliance. Institutions are required to deploy systems that can perform real-time transaction monitoring, dynamic risk scoring, automated PEP and sanctions screening, case management, audit trail maintenance, and direct integration with goAML for regulatory reporting.
| Institution type | Full compliance deadline |
|---|---|
| Deposit money banks (DMBs) | September 2027 (18 months from March 2026) |
| Fintechs, PSPs, mobile money operators | March 2028 (24 months from March 2026) |
| Implementation roadmap submission | 10 June 2026 (all institutions) |
The CBN has substantially increased enforcement activity since 2024. Zenith Bank was fined NGN 15.42 billion in 2025. Access Bank was fined NGN 35 million in 2026. The 2026 circular explicitly states that penalties apply to both the institution and accountable individuals, meaning compliance officers and senior management carry personal regulatory exposure.
Free resource for Nigerian compliance teams
The NFIU STR/CTR Rejection Codes Reference Guide — every common goAML rejection explained with root causes and fixes.
Download the free guide