The Central Bank of Nigeria (CBN) has ordered all financial institutions to deploy automated anti-money laundering systems, warning that sanctions for non-compliance could extend to individual executives.
In a circular dated March 10, 2026, the CBN set an 18-month deadline for Deposit Money Banks and a 24-month window for other financial institutions to achieve full compliance with its newly issued Baseline Standards for Automated Anti-Money Laundering Solutions.
The directive, addressed to banks, mobile money operators, international money transfer operators, payment service providers, and other financial institutions, signals that Nigeria’s apex bank is done tolerating the patchwork of manual controls that have long characterized compliance culture across the sector.
“Manual controls are no longer sufficient,” the CBN stated plainly in the circular, a declaration that, for many compliance officers, amounts to an existential wake-up call.
The timelines, while significant, represent something of a concession from the CBN’s original position. When the guidelines were first proposed, the regulator had floated a 12-month window. The extension to 18 and 24 months, respectively, was welcomed by industry stakeholders, who had argued that the complexity and cost of overhauling legacy systems, particularly for smaller institutions, made the original timeline unrealistic.
But any sense of relief may be short-lived. Buried in the circular is a critical near-term obligation: all institutions must submit detailed implementation roadmaps to the CBN’s Compliance Department within just three months of the March 10 issuance date. That means banks have until mid-June 2026 to put pen to paper and demonstrate a credible path to compliance, a timeline that compliance teams will find anything but comfortable.
The scope of the CBN’s requirements is sweeping. At their core, the Baseline Standards demand that every regulated institution operate an automated AML system capable of real-time suspicious transaction detection and reporting. But the details go considerably further.
Institutions must implement systems that cover the full spectrum of financial crime risk management, from customer due diligence and Know Your Customer (KYC) processes to sanctions screening, politically exposed persons (PEP) monitoring, case management, audit trails, and data protection in line with Nigeria’s Data Protection Act.
High-risk sectors face an even higher bar, with a requirement for enhanced monitoring capabilities and full integration between AML systems and KYC repositories. The CBN also explicitly encouraged the deployment of artificial intelligence, machine learning, and advanced analytics, though it insisted on independent annual validation, fairness audits, and bias testing for any algorithmic tools deployed, a nod to the risks of automation running unchecked.
The standards are anchored in the CBN Act of 2007 and the Banks and Other Financial Institutions Act of 2020 and align with recommendations from the Financial Action Task Force, the global standard-setter on anti-money laundering and counter-terrorism financing.
The framework also extends to combating the financing of terrorism (CFT) and countering proliferation financing (CPF), reflecting Nigeria’s ongoing efforts to exit grey-listing pressures from the international financial community.
For many banks, the road to compliance will run through technology vendors. The CBN has not overlooked this. Institutions are required to maintain robust third-party and vendor management policies covering the full lifecycle of any AML solution from procurement and implementation through to incident handling and, critically, exit strategies. In effect, the CBN is holding banks accountable not just for their own compliance but for the reliability of the technology partners they choose.
New institutions seeking operating licenses from the CBN will be required to demonstrate compliance with the standards or present credible plans to meet them before authorization is granted, effectively raising the bar for market entry.
CBN warned that failure to meet the standards could result in remedial directives, administrative sanctions, and financial penalties under existing laws and, crucially, that both institutions and accountable individuals could be held liable.
For bank executives and compliance officers, that last point is not a footnote. It is a personal risk that transforms this directive from a corporate compliance matter into a matter of individual professional and legal exposure.
Compliance will be monitored through a combination of off-site surveillance, on-site examinations, and thematic reviews, the CBN said, signalling that the regulator intends to actively police implementation rather than simply wait for self-reporting.
The circular is the latest in a series of aggressive regulatory moves by the CBN to shore up the integrity of Nigeria’s financial system—one that has faced persistent scrutiny over its vulnerability to illicit financial flows, terrorism financing, and proliferation risks. Nigeria’s 2025 removal from the FATF grey list had been a hard-won diplomatic and regulatory achievement, and the CBN appears determined to cement those gains rather than allow compliance fatigue to erode them.
For the banking sector, the message from Abuja is unmistakable: the era of manual AML processes, checkbox compliance, and under-resourced monitoring functions is over. The clock, as of March 10, has already started ticking.
WHAT YOU SHOULD KNOW
The CBN has drawn a firm line in the sand: Nigeria’s financial institutions must fully automate their anti-money laundering systems or face serious consequences. With an 18-month deadline for banks and 24 months for other institutions—and a three-month window to submit implementation roadmaps—the pressure is immediate.
What makes this directive particularly significant is that liability extends beyond institutions to individual executives, meaning non-compliance is no longer just a corporate risk but a personal one.
At its core, this is Nigeria signalling to the world that it is serious about financial integrity—and it is not taking no for an answer.
