- within Real Estate and Construction topic(s)
Introduction
The Central Bank of Nigeria (CBN) is pressing forward with regulatory reforms to modernise antimoney laundering compliance. On 20 May 2025, it released the Exposure Draft on Baseline Standards for Automated Anti Money Laundering (AML) Solutions ("Exposure Draft"). The Exposure Draft is aimed at combating the financing of terrorism, and countering proliferation financing solutions leveraging technologies such as artificial intelligence (AI), machine learning, and big data analytics.
This is a deliberate move to reposition Nigeria's financial ecosystem in line with global compliance trends. As financial crime grows in complexity and volume, manual compliance systems have become both inefficient and risk prone. The CBN is signaling a shift towards intelligent, technology enabled systems that are globally interoperable and locally effective.
For financial institutions, the implication is clear. Traditional AML frameworks will no longer suffice. The future of compliance is digital, dynamic, and data driven.
What the CBN is Proposing and Why It Matters
The Exposure Draft sets minimum standards for deploying automated AML solutions across banks, fintechs, payment service providers, and other regulated entities. The core objectives are:
- Replacing fragmented and manual practices with scalable and integrated platforms
- Driving adoption of AI, machine learning, and behavioural analytics within compliance systems
- Aligning Nigeria's AML regime with Financial Action Task Force principles and comparable international frameworks
The CBN's concern is that existing compliance infrastructure remains too manual, undermining its capacity to detect increasingly sophisticated transactions. The Exposure Draft prioritises interoperability, explainability, and operational resilience. These would bring the AML regulatory regime in Nigeria in line with leading AML regimes in other jurisdictions such as Singapore, the United Kingdom, and the United States.
Key Technical and Compliance Requirements in the Exposure Draft
1. User Experience and Customisation
Institutions are expected to deploy platforms that are intuitive, multilingual, and multi currency capable. These platforms must support real time analytics, case management, and dashboard visualisation for regulatory reporting. A critical shift is the requirement for institutions to configure detection rules internally without excessive dependence on vendors. This aligns with global expectations around model ownership and reflects FATF Recommendation 15, which encourages accountable governance in the deployment of new technologies.
2. System Integration and Scalability
AML systems must be capable of seamless integration with internal banking infrastructure, national identity systems such as BVN and NIN, and external data pipelines including the Nigerian Financial Intelligence Unit. The Exposure Draft mandates the use of standardised APIs particularly RESTful APIs for both real time and batch data exchanges.
This directly supports FATF Recommendations 10 and 11 on record keeping and customer due diligence so as to ensure that institutions can access and retain relevant identity and transaction data in an auditable format.
Given that scalability is nonnegotiable, institutions must ensure that their platforms can handle high volume data ingestion and maintain operational performance under load, particularly where legacy systems remain in use.
3. Sanctions and PEP Screening
Institutions are required to integrate international and domestic watchlists including the United States' Office of Foreign Assets Control (OFAC), the United Nations, and the European Union sanctions lists. The Exposure Draft encourages AI enabled fuzzy matching to improve the precision of name screening while reducing false positives
These expectations reflect FATF Recommendations 6 and 7, which address targeted financial sanctions relating to terrorism and proliferation. The CBN's emphasis on adverse media and internal watchlists brings Nigeria's regime in line with the enhanced due diligence obligations found in jurisdictions such as Singapore and the United Kingdom.
4. Transaction Monitoring and Risk Based Controls
AML platforms must use behavioural analytics and machine learning to detect anomalous patterns, adapt thresholds in real time, and reduce false alerts. This is line with the CBN prioritization of dynamic and risk-based transaction monitoring.
The use of transaction monitoring and risked based controls directly operationalises FATF Recommendation 1 on adopting a risk-based approach. Institutions are expected to pay particular attention to transactions involving virtual assets, cross border flows, and large cash volumes. The AML systems must be capable of triggering real time alerts and routing them for internal escalation.
The CBN's position mirrors that of the UK Financial Conduct Authority, which requires that institutions be able to justify automated decisions and ensure that models do not introduce bias or opacity into compliance processes.
5. Customer Due Diligence and Identity Verification
AML platforms must support seamless onboarding, continuous monitoring, and dynamic customer profiling. Integration with BVN and NIN systems is mandatory, with a clear requirement to enable both standard and enhanced due diligence.
These provisions align closely with FATF Recommendation 10 on customer due diligence and Recommendation 17 on reliance on third parties. The emphasis on digital identity and audit trails brings Nigeria into alignment with the compliance architectures seen in the EU and Singapore, where real time verification is now standard.
6. Regulatory Reporting and Case Management
Institutions must automate the generation and submission of Suspicious Transaction Reports, Currency Transaction Reports, and Foreign Currency Transaction Reports to the Nigerian Financial Intelligence Unit. AML platforms must also provide comprehensive case management tools, internal review features, and real time compliance dashboards.
This aligns with FATF Recommendation 20, which obliges institutions to report suspicious activity promptly. The move to automation reflects a broader global trend, including guidance from FinCEN in the United States, which emphasises the role of digital infrastructure in improving the timeliness and quality of reporting.
7. Shared Services and Compliance Models
Recognising the resource limitations of smaller institutions, the CBN permits shared services arrangements subject to supervisory approval. Institutions may adopt modular solutions or connect to external tools, provided these meet the minimum technical and compliance thresholds.
This reflects a pragmatic approach and is broadly consistent with FATF's recognition that countries may adopt flexible models in line with their risk environment and market structure. It also signals regulatory openness to industry innovation, such as the development of utility-based screening services or compliance sandboxes.
8. Security and Data Protection
Compliance platforms must conform to Nigeria's data protection laws and demonstrate robust security controls. This includes encryption, access limitation, and secure communication protocols. The CBN expects institutions to maintain full traceability of compliance activities and ensure lawful processing of personal data.
While not directly mandated by FATF, these requirements echo global best practices in data governance and mirror the General Data Protection Regulation frameworks adopted in the European Union.
Strategic Considerations for Financial Institutions
The Exposure Draft may read as a technical document, but it raises important commercial questions. Compliance is no longer an administrative function. It is a source of operational resilience and a potential competitive differentiator. Key considerations include:
- Gap Assessment and Readiness: Institutions should undertake an immediate audit of current AML infrastructure. This should inform a phased compliance roadmap with defined timelines and executive oversight.
- Investment in Talent and Tools: AML technology cannot operate in isolation. Institutions will require skilled data scientists, product engineers, compliance professionals, and a structured approach to vendor selection.
- AI Governance: Automated compliance introduces new regulatory risks. Institutions must be prepared to establish governance structures to monitor model performance, manage data drift, and ensure explainability.
- Industry Collaboration: There is a growing opportunity to develop shared compliance infrastructure such as adverse media databases and sanctions screening utilities through collaborative partnerships.
- Stakeholder Engagement: With the consultation period for review of the Exposure Draft by stakeholders now closed as of 13 June 2025, in our view, we expect the feedback is likely to have focused on factors such as cost of compliance, technical feasibility, and transitional arrangements for legacy systems.
Conclusion
The Exposure Draft on the Baseline Standard for Automated AML Solutions signals a decisive shift in Nigeria's AML regulation. By embedding automation, intelligence, and alignment with international standards, the CBN is challenging institutions to modernise or be left behind. These measures represent a positive step in strengthening Nigeria's compliance with global standards, especially following the country's recent removal from the grey list.
The next year will separate those institutions that view compliance as a strategic imperative from those that treat it as a box ticking exercise. For forward thinking players, this is a chance to build agile, robust, and globally credible compliance systems. The choice is now clear. Lead the transition or be regulated by it.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
