Regulatory Enforcement

Nigeria AML penalties and fines

AML non-compliance in Nigeria carries consequences at three levels: CBN administrative sanctions, criminal prosecution under the MLPPA 2022, and personal liability for compliance officers and senior management. The CBN significantly increased enforcement activity from 2024, with fines reaching NGN 15 billion for a single institution. The 2026 automated AML circular extended personal liability to individuals.

Recent CBN enforcement actions

InstitutionFineYearContext
Zenith BankNGN 15.42 billion2025AML/CFT violations identified during CBN examination
Access BankNGN 35 million2026AML/CFT compliance breaches

The Zenith Bank fine is one of the largest AML-related penalties ever imposed on a Nigerian financial institution and signals a material shift in CBN enforcement posture. Prior enforcement actions were typically smaller and considered manageable operational costs. At NGN 15 billion, the compliance risk calculus has changed entirely for Nigerian banks.

CBN administrative sanctions

The CBN's enforcement authority under BOFIA 2020 and the MLPPA 2022 includes a range of administrative sanctions beyond monetary fines:

  • Monetary fines — levied on the institution for specific breaches
  • Directed remediation — mandatory remediation plans with CBN oversight and set deadlines
  • Enhanced supervision — increased frequency of CBN examinations and reporting requirements
  • Suspension of specific business activities — e.g. suspension of international transfer processing pending AML remediation
  • Licence conditions — CBN can impose conditions on a licence renewal relating to AML programme standards
  • Licence revocation — the most severe sanction, reserved for systemic failures

Criminal liability under the MLPPA 2022

The MLPPA 2022 is a criminal statute, not merely a regulatory framework. It creates criminal liability at two levels:

  • Institutional liability: A financial institution that fails to file an STR, files a materially incomplete report, or fails to maintain adequate AML controls commits an offence. Corporate conviction can result in substantial fines and operational restrictions.
  • Individual liability: The MLPPA 2022 holds compliance officers, directors, and senior managers personally liable where a breach occurs as a result of their negligence, connivance, or consent. An individual convicted under the Act faces imprisonment of up to 7 years and personal fines.

Individual liability under the CBN 2026 circular

CBN Circular BSD/DIR/PUB/LAB/019/002 (March 2026) explicitly states that penalties apply to both the institution and accountable individuals. This extends personal regulatory exposure beyond what was previously understood to be primarily institutional risk. Compliance officers and chief executives who cannot demonstrate that their institution has a compliant automated AML programme risk personal sanctions in addition to institutional fines.

FATF grey-listing risk

Nigeria was placed on the FATF grey list (the list of jurisdictions under increased monitoring) between February 2023 and October 2023. The grey listing created significant pressure on correspondent banking relationships and cross-border payment processing. While Nigeria was removed from the grey list in October 2023 following remedial actions, the risk of re-listing remains real if the country's overall AML/CFT effectiveness deteriorates. Individual institution compliance contributes to Nigeria's aggregate FATF assessment.

Frequently asked questions

Can a compliance officer go to prison for AML failures in Nigeria?
Yes. The MLPPA 2022 provides for imprisonment of up to 7 years for individuals convicted of money laundering offences where the person consented to, connived in, or was negligent in their oversight of the institution's AML controls. The CBN 2026 circular additionally establishes personal regulatory liability for accountable individuals. Compliance officers carry genuine personal risk, not just institutional risk, for material AML programme failures.
What does the CBN look for during an AML examination?
CBN examiners assess whether the institution's AML programme is effective — not merely whether it exists on paper. Key areas include: whether a written compliance programme is board-approved and current; whether transaction monitoring is operating in real time with appropriate rules; whether STR and CTR filing volumes are plausible for the institution's transaction profile; whether alert disposition records show genuine investigation; and — post-2026 — whether automated systems meet the baseline standards.
Are fintechs subject to the same penalties as banks?
Yes. All CBN-licensed institutions are subject to the same penalty regime under the MLPPA 2022 and BOFIA 2020. The CBN applies proportionality in setting the quantum of fines, taking into account the institution's size and transaction volumes. However, fintechs with significant customer bases and transaction volumes face material penalty exposure in the same way banks do — the regulatory framework does not provide a lighter-touch penalty regime for technology-driven financial services.

Free resource for Nigerian compliance teams

The NFIU STR/CTR Rejection Codes Reference Guide — every common goAML rejection explained with root causes and fixes.

Download the free guide