Introduction

1. Nigeria’s financial system has undergone a period of significant regulatory transformation. Following its successful removal from the Financial Action Task Force (FATF) grey list in October 2025, a milestone that signalled meaningful progress in the country’s anti-money laundering, counter-terrorism financing and counter-proliferation financing (“AML/CFT/CPF”) framework, the Central Bank of Nigeria (“CBN”) has moved swiftly to consolidate and institutionalise that progress. On 10 March 2026, the CBN issued Circular No. BSD/DIR/PUB/LAB/019/002, titled “Issuance of Baseline Standards for Automated Anti-Money Laundering Solutions for Financial Institutions in Nigeria” (hereinafter referred to as the “Baseline Standards” or the “Circular”).
2. The Circular mandates all banks, mobile money operators, international money transfer operators, payment service providers, and other regulated financial institutions to deploy automated, technology-driven AML systems capable of detecting and reporting suspicious transactions in real time. This article examines the key requirements of the Baseline Standards, considers their implications for financial institutions and the broader investment climate in Nigeria, and highlights the legal and compliance obligations that arise for regulated entities under this new framework.

Background and Regulatory Context

1. Nigeria’s AML/CFT legislative framework is anchored by the Money Laundering (Prevention and Prohibition) Act 2022 (“MLPPA”), the Terrorism (Prevention and Prohibition) Act 2022, and the Nigerian Financial Intelligence Unit (“NFIU”) Act 2018. These statutes, taken together, impose comprehensive obligations on financial institutions to identify, assess, and mitigate financial crime risks. However, a persistent gap between regulatory prescription and operational implementation, driven in part by the continued reliance on manual and fragmented compliance processes, has historically undermined the effectiveness of Nigeria's AML/CFT regime.
2. The CBN's issuance of the Circular represents a direct and deliberate response to this gap. The Baseline Standards were developed in response to the increasing inadequacy of manual AML/CFT/CPF controls in managing evolving financial crime risks, driven by the rapid digitalisation and growing complexity of the financial services sector. 
3. Critically, the Circular must be read within the context of Nigeria’s post-FATF grey list obligations. The FATF's continued scrutiny of jurisdictions that exit its enhanced monitoring framework means that Nigeria must demonstrate sustained, substantive progress in its AML/CFT controls. The Circular is, in this sense, both a domestic regulatory instrument and an international confidence-building measure.

Key Requirements of the Baseline Standards

Scope of Application

The Circular applies to all CBN-regulated entities, including Deposit Money Banks (DMBs), microfinance banks, mortgage institutions, finance companies, mobile money operators, international money transfer operators, payment service providers, and other financial institutions. Notably, institutions seeking fresh authorisation from the CBN must demonstrate compliance with the Circular or present a credible implementation plan as part of the licensing process, effectively raising the regulatory bar for new market entrants.

Core Technical Requirements

The Baseline Standards establish mandatory minimum requirements for automated AML/CFT/CPF systems. At a minimum, regulated institutions are required to deploy automated solutions capable of supporting the following functions:

1. Customer identification, verification (including remote/onboarding channels);
2. Customer risk assessment and profiling;
3. Sanction and watchlist screening;
4. Politically Exposed Persons (“PEPs”) and high-risk customer screening;
5. Transaction monitoring for money laundering/terrorism financing and proliferation financing risk;
6. Case management and investigation;
7. Regulatory and internal reporting;
8. Audit and governance (including logs and configuration trails); and
9. Data protection and security controls relevant to AML/CFT/CPF activities.

Where an AML solution is also used to monitor fraud, the institution has a duty to segregate, govern and tune the platform’s fraud-related capabilities so as not to dilute AML/CFT/CPF detection effectiveness.

Technology and Vendor Management

The Baseline Standards encourage the adoption of emerging technologies, including artificial intelligence (“AI”), machine learning and advanced analytics, to enhance detection capabilities and improve the overall effectiveness of financial crime risk management. Where institutions deploy third-party or vendor AML solutions, they are required to maintain a comprehensive Vendor/Third-Party Management Policy covering procurement, implementation, support, change management, incident handling and exit strategies for AML solutions.

Implementation Timeline

The CBN has established a tiered implementation timeline from the date of issuance of the Circular on 10 March 2026:

1. All regulated institutions shall submit implementation roadmaps to the CBN Compliance Department within 3 months of issuance;
2. Deposit Money Banks must achieve full compliance within 18 months of issuance; and 
3. Other financial institutions have 24 months to achieve full compliance.

Institutions that fail to meet the Baseline Standards or operate AML solutions in a manner that results in ineffective AML/CFT/CPF control, may be subject to remedial directives, administrative sanctions, and penalties under applicable laws with potential liability attaching to both the institution and accountable individuals within it.

Implications for Investor Confidence and the Nigerian Financial System

Strengthening Nigeria’s International Reputation

1. The most significant implication of the Baseline Standards is their potential to consolidate Nigeria’s hard-won removal from the FATF grey list. Foreign investors, multilateral development finance institutions (“DFIs”) and international banking partners assess countrylevel AML/CFT risk as a fundamental component of their due diligence and credit risk frameworks. A demonstrably robust and technology-enabled AML regime reduces the perceived risk of financial crime exposure, making Nigerian financial institutions more attractive to counterparties for cross-border transactions, trade finance and project finance transactions.
2. The explicit alignment of the Baseline Standards with the FATF Recommendations^[1] signals to the international community that Nigeria’s regulatory posture is not merely reactive but proactive.

Implications for Project Finance and M&A Transactions

1. In the context of project finance and merger and acquisition transactions, AML compliance is a prominent due diligence aspect. Lenders, particularly foreign commercial banks and DFIs, routinely require borrowers and their financial institution counterparts to demonstrate robust AML/CFT frameworks as a condition to financial close. The Baseline Standards provide a clear, codified benchmark against which Nigerian financial institutions can now be assessed, reducing ambiguity in cross-border due diligence processes and facilitating smoother transaction execution.
2. For M&A transactions involving Nigerian financial institutions as targets, acquirers will now be able to assess the target's AML system maturity against the CBN's published minimum standards — an important development that brings greater objectivity and consistency to financial sector M&A due diligence in Nigeria.

Data Protection Considerations

The Baseline Standards’ requirement for compliance with the Nigeria Data Protection Act (“NDPA”) 2023 introduces an important intersection between AML obligations and data privacy law. Institutions must ensure that the personal data processed through AML systems (e.g. biometric data and transaction histories) is handled in accordance with the NDPA’s lawfulness, purpose limitation and data minimisation principles. Where third-party vendors are engaged to operate AML systems, appropriate data processing agreements must be in place to ensure that vendor operations remain within the bounds of both the CBN’s requirements and the NDPA.

Key Legal Obligations and Recommended Actions for Regulated Institutions

Considering the foregoing, regulated institutions ought to consider taking the following steps to ensure compliance with the Baseline Standards and to position themselves advantageously in the eyes of investors, lenders and regulators:

1. Conduct a gap assessment of existing AML systems against the technical requirements of the Baseline Standards in order to inform a credible and realistic implementation roadmap;
2. Submit a comprehensive implementation roadmap to the CBN Compliance Department as stipulated in the Circular;
3. Engage the board and senior management in oversight of AML system implementation, given that the Baseline Standards expressly provides for individual liability of accountable persons in the event of non-compliance;
4. Review and update vendor management frameworks to ensure that third-party AML solution providers meet the CBN’s requirements with appropriate contractual protections covering performance standards, incident handling and exit strategies; and 
5. Engage legal and compliance counsel to review the adequacy of existing AML/CFT policies and procedures in light of the Baseline Standards and to advise on any consequential amendments required to internal governance frameworks.  

Conclusion

1. The CBN’s issuance of the Baseline Standards marks a defining moment in the evolution of Nigeria’s financial crime compliance framework and a clear signal that Nigeria is committed to sustaining the progress achieved through its exit from the FATF grey list.
2. For investors, lenders, and international counterparties, the Baseline Standards represent a tangible enhancement of Nigeria’s AML/CFT infrastructure which improves regulatory predictability and strengthens the foundation for cross-border financial relationships. For regulated institutions, the Baseline Standards impose real and immediate compliance obligations that require urgent attention and board-level engagement.
3. Ultimately, the success of this initiative will be measured not by the sophistication of the systems deployed, but by the demonstrable effectiveness of Nigeria's financial system in detecting, disrupting, and reporting financial crime. Institutions and regulators alike must rise to that standard.