BY SEUN TIMI-KOLEOLU AND ENIOLA SOGBESAN

Introduction

The fight against money laundering and terrorist financing remains a critical priority for global financial systems. As financial transactions have become increasingly digitized, the importance of robust and automated Anti-Money Laundering (AML) solutions have become imperative. To this end, the Central Bank of Nigeria (CBN) in pursuance of its regulatory powers on May 20, 2025, issued a draft regulatory framework on Baseline Standards for Automated Anti-Money Laundering Solutions (the “Standards”). This newsletter examines the scope, objectives and specific baseline standards to be adopted by financial institutions in compliance with their AML/CFT/CPF reporting obligations.

1. SCOPE

The Standards are applicable to all Nigerian financial institutions such as Deposit Money Banks, Microfinance Banks, FinTech’s (“Financial Institutions”) and other financial institutions that are subject to AML/CFT/CPF regulations. The Standards require all Financial Institutions to put in place automated AML/CFT/CPF reporting systems within 12 months of the issuance of the Standards. The Standards set out in detail, the minimum expectations of such automated reporting systems particularly in relation system integration; transaction monitoring; customer due-diligence; data protection amongst others.

2. OBJECTIVES

At its core, the primary objectives of the Standards are:

  • ensuring effective implementation of automated AML solutions;
  • promoting interoperability and integration;
  • enhancing detection accuracy and the reduction of false positives;
  • facilitating compliance with local and international regulations;
  • providing a framework for continuous improvement.

Without a doubt, the effective adoption and implementation of these objectives by Financial Institutions will serve the dual purpose of reducing the inefficiencies that accompany manual AML/CFT/CPF reporting procedures and strengthen the AML/CFT/CPF reporting procedures of Nigerian Financial Institutions by the adoption of automated processes.

3. MINIMUM BASELINE STANDARDS

All Financial Institutions in developing their respective AML/CFT/CPF solutions, must at a minimum make provision for customer identification and verification; client risk assessment and profiling; identification of politically exposed persons; identification of individuals on sanction lists; customer transaction monitoring and regulatory reporting.

Furthermore, Financial Institutions must ensure that their AML/CFT/CPF solutions consider the following:

i. User Interface & Customization

In deploying their AML/CFT/CPF solutions, Financial Institutions are required to adopt solutions with a user-friendly and intuitive interface. There is an additional requirement for Tier 1 banks with international authorization to adopt multi-language and multi-currency support to aid the solution’s usability across multiple geographical regions and subsidiaries.

ii. System Integration & Scalability

The Standards require Financial Institutions to develop solutions that facilitate real-time data exchange and seamless integration with other key financial systems including core banking applications, customer onboarding systems etc. This requirement is an important feature of any AML/CFT/CPF solution developed by Financial Institutions.

iii. Customer Due Diligence (CDD) & Know Your Customer (KYC).

In matters related to the CDD and KYC components of AML/CFT/CPF reporting, the AML/CFT/CPF solution is expected to provide real-time access to customer due-diligence information. This is achieved by integrating the customer’s onboarding process within the existing framework of Bank Verification Number (BVN) and/or National Identity Number (NIN) databases.

iv. Regulatory Reporting

The solutions developed by Financial Institutions under the Standards are required to integrate the reporting and escalation of suspicious transactions to the appropriate regulatory agencies. The AML/CFT/CPF solution is also expected to generate real time detailed compliance reports for use by internal and external stakeholders.

v. Data Protection and Security

Any solution developed by Financial Institutions under the Standards, is required to comply strictly with Nigerian Data Protection Laws. More specifically, the data protection principles of collecting only essential data and data security are integral requirements of any AML/CFT/CPF solution that may be developed by Financial Institutions.

vi. Additional Requirements and Compliance

In fulfilling their responsibilities under the Standards, Financial Institutions are required to report to the CBN all AML/CFT/CPF solutions in use by distinguishing between primary and supporting roles; maintain adequate vendor management policies and ensuring that third-party service providers where engaged comply with all applicable provisions of these Standards.

Conclusion

While the Standards have been issued as a draft, this regulatory framework will represent a transition from a largely manual reporting process to a real-time reporting process.

Upon a review of the draft, we encourage the craftsmen to consider the following in finalising the framework:

  • given the provision on real time data exchange, we suggest that the Data Protection Commission plays a key role in ensuring data is protected by Financial Institutions subject to the framework;
  • we note that the consequence for failing to adhere to the framework is not clearly set out. We expect this will be set out in the finalised Standards;
  • while the Standards mandate real-time insights, it also states that reporting should be carried out within stipulated time frames. We suggest that the finalised Standards clearly set out the expected timeline for reporting to avoid confusion.

In summary, the Standards highlight the evolving role of technology in AML/CFT/CPF reporting, signalling a future where automation is not just beneficial—but necessary.