Nigeria’s New AML Standards Demand More Than Box-Ticking  

A practical checklist to meet the Central Bank of Nigeria’s tech-driven AML compliance standards. 

In recent years, Nigeria has intensified its campaign against financial crime, aligning more closely with global standards to fortify the integrity of its financial system. With the Central Bank of Nigeria (CBN) issuing its Exposure Draft on Baseline Standards for Automated AML Solutions in 2025, banks and fintechs operating within or in connection with Nigeria’s financial ecosystem now face a new operational imperative: meeting clear expectations for automation, transparency, and risk mitigation in AML frameworks.

These standards emphasize strengthening Anti-Money Laundering (AML) /Counter Financing of Terroristm (CFT) / Counter-Proliferation Financing (CPF) capabilities through technology-driven approaches—encouraging financial institutions to adopt emerging tools that detect and report suspicious activity in real time, while also reducing the operational inefficiencies of manual processes.

This isn’t just regulatory housekeeping. For institutions navigating this market—whether directly through licenses or indirectly via partnerships or correspondent relationships—compliance is now a litmus test for operational readiness and reputational resilience.

The CBN outlines a comprehensive set of AML functions that must be supported by automated solutions, including:

• Customer risk profiling and PEP/high-risk categorization
  
• Enterprise-wide risk assessments
  
• Identity verification and sanctions screening
  
• Transaction monitoring
  
• Automated regulatory reporting
  

Institutions must not only deploy these capabilities but also ensure they are adaptable, explainable, and integrated into a robust governance framework.

Below is our checklist for risk leaders of Nigerian financial institution to keep at the center of their AML strategy: 

1. Has your AML solution been independently validated?

Under the new CBN standards, the days of relying solely on vendor promises are over. The regulator explicitly requires that institutions conduct independent model validations for their AML tools, ensuring that automation outputs are explainable, consistent, and auditable.

This echoes a broader global trend. According to a 2024 FATF consultation, “explainability” and “traceability” are fast becoming non-negotiables in AI-enabled compliance systems.

☑️ Checklist item: Ensure that your AML platform—especially if AI-powered—has undergone independent validation with documentation available for regulatory review.

2. Is your risk scoring system dynamic and localized?

A generic scoring model trained on data from Western economies will no longer suffice. The CBN mandates the use of locally relevant typologies, multilingual support and risk indicators, calibrated to Nigerian financial behavior patterns, including informal economies and mobile money.

☑️ Checklist item: Audit your risk profiling, PEP screening and customer risk scoring models to ensure they are tailored to Nigerian-specific typologies and dynamically updated as new threats emerge. 

3. Do you have clear governance over automated decisions?

The CBN framework places heavy emphasis on governance and accountability around AML technology. This includes having defined policies for override controls, escalation protocols, and human-in-the-loop mechanisms.

Institutions must be able to explain not only how a decision was made, but also who is responsible for ensuring its accuracy and appropriateness.

☑️ Checklist item: Establish formal governance structures, with documented responsibilities for the oversight of your automated AML systems.

4. Are you logging and retaining every decision and alert?

Regulatory scrutiny now extends to data lineage and audit trails. Financial institutions must maintain comprehensive logs detailing alert generation, case management decisions, and overrides—stamped with time, user, and system context.

With Nigeria under increasing pressure from international bodies like the International Monetary Fund (IMF) and the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA) to bolster its AML transparency, such traceability is crucial not only for internal review, but also for cross-border regulatory cooperation.

☑️ Checklist item: Confirm your AML system logs every alert, decision, and user interaction with sufficient granularity and retention period. Use metrics to monitor system performance—particularly how automation is helping reduce inefficiencies of manual reviews and increasing the speed of suspicious transaction detection. 

5. Can you prove the effectiveness of your system?

CBN’s standards emphasize performance metrics and effectiveness testing. Financial institutions must demonstrate that their AML systems don’t just work—but work well. This includes monitoring false positives, missed alerts, and model drift over time. Moreover, track feedback from regulatory reporting of cases submitted, to understand the quality of reports and if actual financial crime is being detected. 

A 2023 McKinsey survey showed that up to 90% of alerts in legacy AML systems are false positives, burdening compliance teams and eroding effectiveness. Modern systems must balance precision with coverage.

☑️ Checklist item: Implement regular performance testing, including scenario-based testing, to measure detection rates and reduce false positives. 

6. Have you factored in real-time capabilities?

The Nigerian ecosystem is increasingly digital and fast-moving. The draft standards encourage institutions to incorporate real-time monitoring capabilities, especially for high-risk transactions and instant payment systems like Nigeria Interbank Settlement System (NIBSS) Instant Payments (NIP). 

While not yet mandatory, the direction is clear: proactive detection is becoming the norm, not the exception.

☑️ Checklist item: Evaluate whether your AML systems can screen and flag transactions in real-time or near real-time, in line with the CBN’s goal of enhancing detection and reporting of suspicious transactions using emerging technologies, particularly across mobile and cross-border channels.

7. Is your technology scalable and future-proof?

The CBN standards are part of a living framework that will evolve. Institutions need systems that are not only compliant today, but agile enough to adapt to future typologies, data sources, and regulatory expectations.

This means prioritizing modular architectures, API integrations, and AI models that don’t require heavy manual retraining and can be deployed with minimal friction.

☑️ Checklist item: Review your AML architecture’s readiness to support evolving regulatory expectations, including both domestic reforms and tightening international AML/CFT/CPF standards. Check your tech stack for scalability, configurability, and update readiness in anticipation of future regulatory evolution.

Why this matters now

The push from CBN is not isolated. Nigeria is responding to a broader continental and international call to action. With the EU, UK, and US tightening AML expectations for correspondent relationships, banks tied to Nigerian entities may find themselves under second-hand scrutiny. A 2024 SWIFT report indicated a 12% drop in correspondent banking corridors in Sub-Saharan Africa—a sign that de-risking remains a clear threat.

For Chief Risk Officers and Heads of Compliance, meeting CBN’s automated AML expectations is no longer just about checking regulatory boxes. It’s about safeguarding market access, maintaining global credibility, and protecting operational viability.

In a time when financial crime adapts faster than most regulatory frameworks, automation isn’t optional—it’s essential. But it must be governed, validated, and localized. Nigeria’s CBN has laid down a marker. It’s now up to institutions to match it with rigor, not rhetoric.

For those who get it right, the reward is more than compliance—it’s building operational resilience, a competitive edge, and long-term regulatory trust.