If you work at a bank, fintech, mobile money operator, or any business handling financial transactions in Nigeria, the new CBN AML update is critical.

On March 10, 2026, the Central Bank of Nigeria (CBN) released its Baseline Standards for Automated Anti-Money Laundering (AML) Solutions, introducing mandatory compliance requirements for all Nigerian financial institutions.

Under the new framework, Deposit Money Banks have 18 months to comply, while other financial institutions have 24 months. But there’s an earlier milestone many may miss: within three months of the announcement, every regulated institution must submit an implementation roadmap to the CBN’s Compliance Department.

With the June 2026 deadline approaching, it’s essential that your institution starts planning now and takes the right steps to stay ahead.

What the New CBN AML Regulations Actually Mean

The core message is simple: manual AML controls are no longer enough, and automated systems that only look at transactions in isolation won’t meet compliance.

The CBN is clear that your AML solution must be linked to KYC data and customer risk assessments. Whether you’re a large bank or a growing fintech platform, there are no exceptions to this rule.

In practice, this means you cannot keep KYC data in one system, transaction monitoring in another, and risk scores somewhere else. The regulator expects a connected view of every customer, showing who they are, their risk profile, how they transact, which alerts have been triggered, and how those alerts were handled.

Key Requirements in the 2026 CBN Automated AML Framework

Here’s a breakdown of what the new CBN AML requirements entail:

1. Automated Customer Due Diligence

KYC and identity verification must be automated or semi-automated, with real-time checks against BVN and NIN databases during onboarding. Records should be updated continuously within a defined period, not just reviewed annually. BVN and NIN checks are explicitly described as one layer of a broader framework, not a complete verification on their own.

2. Real-Time Sanctions and PEP Screening

Sanctions and politically exposed person (PEP) checks must happen in real time before onboarding or transaction approval. Systems should cover domestic and global watchlists, internal risk registers, and adverse media monitoring. If there’s a match, the system must automatically block onboarding or hold transactions to prevent compliance violations.

3. Advanced Transaction Monitoring

Transaction monitoring cannot rely solely on simple rules anymore. The CBN expects platforms to use customer segmentation, peer-group analysis, behavioural insights, and, where appropriate, AI/ML models. Alerts should present a consolidated view of the customer, allowing compliance teams to make decisions efficiently without switching between multiple systems. AI and ML models must also be validated at least once a year to ensure accuracy and minimise bias.

4.  Dynamic Customer Risk Scoring

Customer risk profiles must update automatically as behaviour changes or new data arrives. Static annual reviews are no longer sufficient. Risk intelligence should be adaptive, reflecting real-time changes so that your compliance team can respond immediately to emerging risks rather than waiting for scheduled reviews.

5. Fraud Monitoring

Fraud monitoring should feed directly into each customer’s overall risk profile. Institutions classified as high or above-average risk must have a clear plan for integrating AML and fraud monitoring within a shared analytics framework. This ensures that fraud signals, transaction anomalies, and suspicious activities are immediately reflected in risk scores and compliance workflows.

6. Comprehensive Audit Trails

Every configuration change, alert, case decision, and report must be logged in a tamper-proof and retrievable manner without disrupting operations. The full governance framework should also undergo independent review by internal audit at least once a year, providing transparency and accountability across all compliance activities.

Preparing Your CBN AML Roadmap: Critical Questions for Compliance Teams

Before submitting your implementation roadmap to the CBN, your compliance team should have clear answers to these questions:

• Is your KYC data fully connected to your transaction monitoring system, or are they still separate silos that your team manually bridges?
• Is your customer risk scoring truly dynamic, or are you still relying on annual reviews and treating those results as current?
• Do sanctions and PEP screening happen in real time before onboarding, or does it run in batch overnight?
• When a compliance analyst opens an alert, can they see the complete customer picture in a single view, or do they have to open multiple tabs and make phone calls?
• When was the last time your AI or ML models were independently validated—not just tuned, but formally validated?
• Do you have documented governance covering your AML configurations, thresholds, and model changes, or is this knowledge held by only one or two people?

If any of these questions made you pause, that’s a clear signal to take action. It’s far better to identify and close gaps now than to be caught off guard during a CBN examination.

How Dojah Helps Institutions Meet CBN AML Requirements

Dojah was built to solve these exact challenges—helping institutions keep up with updated AML requirements while automating verification and risk management. From day one, our focus has been on making compliance seamless and efficient for financial institutions.

The standards the CBN published on March 10 align closely with our product stack. Here’s how we make compliance practical:

Real-Time Identity Verification and KYC/KYB

Our Identity Hub automates onboarding with real-time BVN, NIN, and document verification. KYC records remain live and linked to risk profiles throughout the customer lifecycle. Government ID verification gives institutions instant access to trusted data from Nigerian and pan-African databases, as part of a layered verification framework, not just a standalone check.

Dynamic Customer Risk Scoring

ProfiledRisk, Dojah’s risk intelligence tool,  continuously updates customer risk scores using identity signals, transaction behaviour, and third-party data. When a customer’s behaviour changes, the risk score updates automatically, so compliance teams catch issues in real time rather than waiting for the next annual review.

Real-Time Fraud and AML Monitoring

Our Fraud Management suite monitors transactions in real time, analysing telco signals, geo mismatches, device anomalies, velocity patterns, and custom rules. AML/PEP screening, watchlist checks, and suspicious transaction detection are built in. Compliance teams get automated alerts, configurable rules, account-level controls, and SAR-ready reporting—helping them stay ahead instead of reacting after fraud occurs.

A Unified Customer View

Customer360 brings identity data, risk scores, transaction history, alerts, and case outcomes into a single compliance view. Analysts can see everything in one place without tab switching or manual data pulls. This unified view goes beyond a dashboard feature, boosting efficiency and ensuring decisions are informed and timely.

If you are working on your implementation roadmap and you want to see exactly how Dojah maps to the CBN requirements, talk to our team. We will walk through the gap analysis with you and help you build a plan that holds up under scrutiny.

The Bottom Line: What Financial Institutions Need to Do Next

The CBN's Baseline Standards reflect the natural evolution of a digital financial system that is becoming increasingly digital, interconnected, and targeted by sophisticated financial crime networks. 

Institutions that treat compliance as a system integration challenge rather than a checklist exercise will be better positioned to meet both regulatory expectations and operational risk realities.

The regulator expects connected, continuously improving infrastructure, and building this takes time. 

Get your implementation roadmap in order now and make sure the systems you build actually address the challenges the CBN has highlighted, not just meet the minimum requirements.

FAQs on CBN’s 2026 Updated AML Rules

1. What do Nigerian banks need to do for the new CBN AML rules?
   Update systems for automated AML, link KYC data with risk scoring, and submit a compliance roadmap within 3 months.
2. Who is affected by the 2026 CBN AML framework?
   All Deposit Money Banks, fintechs, mobile money operators, and regulated financial institutions in Nigeria.
3. What are the deadlines for compliance?
   Deposit Money Banks: 18 months. Other institutions: 24 months. A roadmap must be submitted to the CBN within 3 months.
4. Can BVN and NIN checks alone satisfy the new AML requirements?
   No. They are part of a larger compliance framework and must integrate with dynamic risk assessments and transaction monitoring.
5. How can financial institutions prepare effectively?
   Start now by automating verification, connecting all systems, monitoring risks in real time, and building a roadmap that meets CBN standards.