The Central Bank of Nigeria (CBN) is proposing sweeping regulatory reforms mandating the use of artificial intelligence (AI), machine learning (ML), and other digital tools by banks and financial institutions to detect and combat financial crimes.
The apex bank, in a May 2025 draft regulation titled “Baseline Standards for Automated AML Solutions”, seen and reviewed by Technology Times, apart from integrating AI, the document outlines a new set of baseline requirements that financial institutions must integrate into their anti-money laundering (AML) systems.
The CBN says the proposed standards are designed to “promote operational efficiency and regulatory compliance” in combating money laundering and terrorism financing, aligning with global best practices and the recommendations of the Financial Action Task Force (FATF). Nigeria has remained under enhanced monitoring by FATF since 2022.
CBN mandates AI use in anti-money laundering drive, unveils draft standards for Nigerian banks
According to the draft regulation, Nigerian financial institutions must deploy automated AML solutions embedded with AI/ML capabilities for anomaly detection, behavioural pattern recognition, automated risk scoring, and adaptive learning to improve detection accuracy and reduce false positives.
“The standards are informed by a comprehensive assessment of existing solutions within the industry,” the CBN says, noting they aim to reshape how banks fight money laundering in line with international regulatory frameworks.
Mandatory AML system components
Under section 4.1 of the draft, all AML systems must include seven core components:
- Customer risk profiling
- PEP and high-risk individual checks
- Continuous risk assessment
- KYC/CIP tools
- Sanction list screening
- Transaction monitoring
- Automated regulatory reporting
These form the foundation for all digital AML frameworks that financial institutions must adopt.
Interface, integration and scalability
The CBN also mandates that platforms be user-friendly, adaptable to each institution’s peculiarities, and compliant with all relevant AML, CFT (countering the financing of terrorism), and CPF (counter-proliferation financing) laws. A centralised dashboard offering real-time reporting, case tracking, and trend analysis is required, with multi-language and multi-currency support for international operations.
Automated AML solutions must also feature standard-based APIs (e.g., RESTful APIs) to facilitate real-time data exchange and support integration with both legacy and core banking systems.
Enhanced screening and monitoring
The regulatory draft compels institutions to use AI-driven fuzzy matching algorithms for screening customers against both domestic and international sanction lists. PEP screening must be integrated with adverse media monitoring and internal watchlist support.
Advanced monitoring must generate real-time alerts for transactions involving cross-border transfers, cryptocurrency dealings, or large cash deposits. False positive rates must remain below predefined thresholds set by each institution.
Strengthened due diligence and risk assessment
For Know Your Customer (KYC) and Know Your Customer’s Business (KYB) processes, the draft prescribes real-time access to verification data from BVN and NIN databases. Risk profiling must dynamically adjust based on customer behaviour, transaction history, business type, and location.
“Adaptive learning and automated scenario calibration (ASC)” are to be implemented in all systems to continuously refine fraud detection capabilities.
Automation of reporting and case management
The CBN requires institutions to automate suspicious activity reporting to the Nigerian Financial Intelligence Unit (NFIU) within the statutory timelines. Reports must include Suspicious Transaction Reports (STRs), Currency Transaction Reports (CTRs), and Foreign Currency Transaction Reports (FTRs).
A mandatory Enterprise Case Management (ECM) system must support case prioritisation using risk-based scoring, assignment through maker-checker workflows, and maintain full audit trails for compliance.
Data protection and security
Institutions are required to implement end-to-end encryption, Multi-Factor Authentication (MFA), and strict role-based access controls. All AML systems must comply with Nigerian data protection laws.
The apex bank warns that institutions failing to meet these standards will face sanctions, and that compliance inspections and system validation exercises will be conducted periodically.
Financial institutions have 12 months to align with the new requirements and must provide regular training for AML compliance teams.
The CBN is currently soliciting stakeholder input on the draft standards, with public comments due by 13 June 2025.
Home
