Transaction monitoring is the automated process of reviewing customer transactions in real time or near-real time to detect patterns associated with money laundering, fraud, or terrorism financing. The CBN's 2026 baseline standards (Circular BSD/DIR/PUB/LAB/019/002) make real-time transaction monitoring with dynamic risk scoring a mandatory requirement for all CBN-licensed institutions.
CBN Circular BSD/DIR/PUB/LAB/019/002, issued March 2026, specifies that all regulated institutions must deploy automated systems capable of real-time transaction monitoring. The circular moves away from end-of-day batch monitoring, which was the norm in many Nigerian institutions, toward continuous monitoring that can flag suspicious activity as it occurs.
The required capabilities include: rule-based monitoring against defined thresholds and patterns, behavioural analytics that compare current activity to a customer's historical baseline, dynamic risk scoring that updates as new transaction data arrives, and case management that links related alerts into a single investigation workflow.
| Approach | How it works | Limitation |
|---|---|---|
| Rule-based monitoring | Triggers alerts when transactions match predefined conditions — e.g. cash deposit above NGN 5M, or three or more international transfers in 24 hours | High false positive rate; criminals adapt to known thresholds; misses novel typologies |
| Behavioural / anomaly detection | Establishes a baseline of normal behaviour for each customer and flags deviations — e.g. a customer who normally receives NGN 200K/month suddenly receiving NGN 5M | Requires sufficient transaction history to build accurate baselines; more complex to tune |
| Combined approach | Rules capture known typologies; behavioural analytics surface unknown patterns. Case management links alerts from both into unified investigations | Requires more sophisticated technology — which is why the CBN mandates automated systems |
Dynamic risk scoring means a customer's risk rating is not fixed at onboarding — it updates continuously as new transaction data arrives. A customer onboarded as low-risk who subsequently starts receiving large cash deposits, conducting rapid fund movements, or transacting with high-risk counterparties should automatically be escalated to medium or high risk. This triggers enhanced monitoring, potential EDD review, and — if the activity meets the STR threshold — a regulatory filing.
The CBN's 2026 standards explicitly require dynamic risk scoring rather than static customer risk profiles. Static profiles that are only reviewed annually are not compliant with the circular.
A transaction monitoring system generates alerts. An alert management process reviews those alerts, dismisses false positives, and escalates genuine suspicions to case management. A case management system groups related alerts — for example, multiple small deposits from the same customer across different branches — into a single investigation, preserving the full evidence trail that would be needed for an STR or law enforcement referral.
The CBN 2026 circular requires that institutions maintain complete audit trails of all monitoring decisions — including why an alert was dismissed. This is specifically because the CBN examines alert disposition records during on-site AML examinations.
Transaction monitoring systems must also identify when cash transactions approach or exceed CTR thresholds (NGN 5M for individuals, NGN 10M for corporates) and when international transfers exceed the FTR threshold (USD 10,000 equivalent). These are separate from the suspicion-based STR monitoring — they are automatic reporting obligations that do not require analyst judgment, only timely identification and filing.
Free resource for Nigerian compliance teams
The NFIU STR/CTR Rejection Codes Reference Guide — every common goAML rejection explained with root causes and fixes.
Download the free guide