The Central Bank of Nigeria (CBN) has introduced a draft regulatory framework designed to enhance the country’s anti-money laundering (AML) efforts by incorporating artificial intelligence (AI) and machine learning (ML) technologies. In a circular dated May 20, 2025, and directed to all regulated financial institutions, the CBN stated that the proposed guidelines are a response to the rapid digitalisation of the financial sector and the increasing complexity of financial transactions.
Stakeholders have until June 13, 2025, to submit feedback on the draft. Once finalised, financial institutions will be required to fully comply within 12 months of the framework’s official release.
“Financial institutions shall align their AML solutions with these baseline standards within 12 months of the issuance of these standards,” the CBN stated.
The standards will apply to a wide range of institutions, including commercial banks, microfinance banks, mortgage banks, digital payment providers, and other entities under the CBN’s AML/CFT/CPF oversight.
Key Features of the Draft Framework
Under the proposed guidelines, financial institutions must deploy intelligent AML platforms capable of:
- Real-time transaction monitoring and anomaly detection
- Behavioural pattern analysis and adaptive learning
- Risk scoring and continuous customer profiling
- Automated reporting to the Nigerian Financial Intelligence Unit (NFIU)
These systems must be integrated with existing banking platforms and provide real-time dashboards for compliance monitoring, trend analysis, and case management. Scalability and flexibility are also key, allowing institutions to tailor solutions to their specific risk profiles and transaction volumes.
Customer Due Diligence and Risk Assessment
The framework mandates integration with national identity infrastructure, including the Bank Verification Number (BVN) and National Identification Number (NIN) systems, to verify customer identities during onboarding. Institutions will also be required to perform ongoing risk assessments and reclassify customers based on evolving behavioural and transactional data.
Enhanced due diligence measures must be applied to high-risk individuals or entities, with systems capable of flagging large cash movements, cross-border transfers, and cryptocurrency transactions.
Sanctions Screening and Compliance
Financial institutions must integrate their systems with both domestic and international watchlists, including sanctions databases and lists of politically exposed persons (PEPs). The use of fuzzy matching algorithms is required to detect potential risks that may be overlooked by standard screening methods.
Other compliance requirements include:
- Adverse media screening
- Real-time updates of third-party lists
- Internal watchlist maintenance
- Role-based access control and audit trail tracking
- Enterprise case management with automated escalation and resolution workflows
Cybersecurity and Vendor Oversight
To safeguard sensitive data, institutions must implement strong cybersecurity measures, including end-to-end encryption, multi-factor authentication, and detailed user activity logs. The framework also outlines vendor management obligations, requiring financial institutions to ensure that third-party service providers meet all stipulated requirements, supported by formal service level agreements.
Enforcement and Monitoring
The CBN has indicated that it will conduct regular inspections and validation exercises to monitor compliance. Institutions that fail to implement the new standards within the specified timeframe will face regulatory sanctions.
Financial institutions are encouraged to start aligning their operations and infrastructure with the suggested standards before the final implementation date, even if the framework is still in draft form.
