Most Nigerian fintechs already know they are expected to report suspicious activity. The requirement appears in AML policies and regulatory guidelines. But when a transaction or customer behaviour raises concerns, deciding whether it meets the reporting threshold and what happens next is not always straightforward.

For many compliance teams, the difficulty is in having a clear process for investigating suspicious activity, deciding when a report should be filed, and making sure it reaches the NFIU within the required timeline. As fintech operations grow, those decisions become harder to manage through informal workflows or case-by-case judgement calls.

This is where regulators are paying closer attention. As the CBN and NFIU continue to tighten expectations around AML reporting quality, fintechs are finding that the 2026 enforcement leaves less room for process gaps than it once did. This article breaks down what suspicious activity reporting means under the updated Nigerian AML regulations and how to get it right for your platform.

What Suspicious Activity Reporting Actually Is

Under Nigeria's AML framework, fintechs and payment service providers are required to report transactions they know, or suspect, are linked to financial crime. The key threshold is reasonable suspicion, not proof. If your compliance team has reasonable grounds to suspect a connection to money laundering or any related offence, that is enough. 

You may see both Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs) used in compliance discussions. Under Nigerian law, STR obligations relating to money laundering are covered under Section 6 of the Money Laundering (Prevention and Prohibition) Act 2022, while terrorism financing reporting obligations are covered under Section 14 of the Terrorism (Prevention and Prohibition) Act. 

These are different from Currency Transaction Reports (CTRs) under Sections 2 and 10 of the MLPA, which are triggered by transaction thresholds rather than suspicion.

Here are some key things you should know about suspicious activity reporting:

1. Reports are submitted to the NFIU

 Suspicious activity reports are submitted to the Nigerian Financial Intelligence Unit (NFIU), which receives and analyses financial intelligence reports from reporting institutions. Filing accurately and within the required timeline is part of meeting an institution's AML obligations.

2. Filing a report does not automatically mean freezing an account

 Reporting suspicious activity and restricting an account are not the same thing. A fintech may decide to take account action separately, but the reporting obligation exists regardless.

3. Tipping off is prohibited

 Once a filing decision is being considered, institutions and their staff must not inform the customer or any connected party. This restriction continues after a report is filed and forms part of Nigeria's AML compliance requirements.

Which Transactions and Behaviours Trigger a SAR Filing Obligation

Knowing you have a reporting obligation is one thing. Knowing what actually creates that obligation is another. These are the transaction patterns and behaviours that give a compliance professional reasonable grounds to suspect financial crime under Nigerian AML law:

1. Structuring and threshold avoidance

 A customer making multiple smaller transfers in a short window that collectively exceed a threshold they appear to be avoiding. This includes activity spread across multiple accounts linked to the same beneficial owner. The pattern matters more than any individual transaction amount.

2. Transactions inconsistent with customer profile

 A personal account receiving high-volume commercial transfers. A small business account processing volumes that do not match its registration category. These mismatches do not confirm wrongdoing but they are enough to meet the reasonable suspicion threshold and warrant a closer look.

3. Unusual counterparty patterns 

Transfers to or from sanctioned counterparties, PEP-linked accounts, or accounts flagged in previous investigations. Also includes funds moving through an account rapidly to multiple destinations with no clear commercial purpose, a pattern commonly associated with layering.

4. Account activity following a dormancy period

 An account sits quiet for months, then suddenly processes high-value or high-volume transactions. The shift in behaviour itself is a risk signal, independent of what the transaction amounts actually are.

5. Customer behaviour during onboarding or account review

 A customer provides inconsistent information during onboarding, refuses enhanced due diligence documentation, or closes their account immediately after being asked for additional information. The behaviour alone can be enough, even if no suspicious transaction has occurred yet.

6. Third-party funding patterns

 Account funding that consistently comes from third parties with no apparent relationship to the account holder, particularly in lending or wallet products. If there is no clear explanation for who is funding the account and why, that gap is worth documenting.

SAR filing is not just about confirmed transactions above a fixed amount, but patterns and behaviours that give your compliance team reasonable grounds to suspect financial crime.

The NFIU Reporting Timeline and What Fintechs Are Required to Submit

Meeting your SAR obligation means more than knowing you should file. It means filing on time, through the right channel, with the right information inside the report. Here is what that looks like under the NFIU reporting guidelines: 

The timeline for filing depends on the nature of the suspicious activity. Filing outside of deadlines creates direct regulatory risk regardless of whether the report itself is otherwise complete.

Where reports are submitted

NFIU reports are submitted through goAML, the UNODC-developed platform the NFIU uses to receive and process financial intelligence reports from reporting entities. If your team has not registered on goAML and tested your submission workflow, that is a process gap that will show up at the worst possible time.

What the report must contain

A SAR submitted to the NFIU should include:

• The identity of the customer or customers involved, including all available KYC data
• A description of the transaction or activity that generated the suspicion
• The basis for the suspicion, documented in enough detail to be useful to an investigator with no prior knowledge of the account
• The date the suspicion was formed
• The date the report is being filed
• The identity of the compliance officer making the filing

Incomplete reports are a compliance failure even when filed on time.

Internal sign-off before filing

Before a SAR goes to the NFIU, it should clear an internal escalation and sign-off process. The analyst documents their findings, the compliance officer reviews and approves the filing decision, and the report is logged in the institution's case management system with a full audit trail. This process should be documented and consistently followed, not figured out each time an alert comes in.

The quality of what gets filed and the internal process that produces it carry equal weight when a regulator comes to examine your AML function.

Common SAR Filing Mistakes and What Non-Filing Looks Like Under CBN's 2026 AML Rules

Most SAR filing failures come from gaps that only become visible when a regulator starts asking questions. These are the most common ones:

1. Filing too late because the escalation process has too many steps 

When a flagged transaction has to move through multiple informal discussions before anything is documented, the filing window closes before the report goes out. Fintechs with no documented escalation workflow consistently miss statutory timelines.

2. Filing incomplete reports because the data is not ready 

If KYC data lives in one system, transaction history in another, and sanctions screening results in a third, the analyst building the SAR has to manually compile everything before writing a report with enough detail to be useful. Reports filed with partial information because the data was hard to pull together are a common examination finding.

3. Not filing because the threshold felt uncertain

 Reasonable suspicion is deliberately not a fixed standard. Compliance teams who are not confident in their own interpretation will sometimes sit on a finding rather than file, particularly when the transaction amount is low or the pattern is ambiguous. Failure to file when reasonable suspicion exists is a legal exposure regardless of transaction size.

4. Filing directly from automated alerts without genuine investigation 

Some fintechs have managed volume pressure by filing SARs straight from monitoring alerts without conducting and documenting a real investigation. This fails on two counts: it does not meet the NFIU's quality standard, and it does not protect the institution when a regulator looks closely at whether the reports show any real investigative work.

5. No audit trail connecting the alert to the report

 If a regulator asks your institution to show how a suspicious activity was identified, escalated, investigated, and reported, and you cannot produce a clear chain from alert to filed SAR, the gap is visible regardless of whether the report was actually submitted.

What this looks like under CBN's 2026 enforcement posture

These gaps have real consequences. The CBN's March 2026 circular requires all regulated financial institutions to deploy automated AML systems, with a deadline to submit implementation roadmaps by June 2026. The circular is direct about what is expected:

• Automated AML systems are now mandatory across all regulated financial institutions
• Suspicious transactions, large cash transactions, and international transfers must be reported to the NFIU within 24 hours of detection
• Institutions that cannot demonstrate their systems are capable of identifying suspicious activity are non-compliant, not just those that failed to file

The CBN is no longer just asking whether you filed. It is asking whether your systems are even capable of identifying what needs to be filed.

How Dojah’s Easy Detect Supports the SAR Process End to End

Easy Detect is Dojah's real-time fraud detection engine that enables businesses to identify suspicious activity throughout the user journey. It analyses every user event, from transactions to loan applications to signups, and returns a verdict: Approve, Block, or Review.  

For Nigerian fintechs managing SAR obligations, here is where it makes a difference.

• At detection: Easy Detect monitors transactions in real time using configurable rules, ML-based risk scoring, and behavioural analytics. It flags any abnormal activity that warrants closer inspection. 
• At investigation: When a flagged event escalates into a case, everything an analyst needs is already in one place: the reason it was flagged, full user history and associated accounts. No need to pull data from multiple systems under tight filing deadlines.
• At documentation: Every decision and triggered rule is automatically logged inside the case management panel as the investigation happens. So when a regulator asks how a suspicious activity was identified and reported, the answer is already documented and ready.
• At reporting: When an investigation reaches the reporting stage, compliance teams already have the customer data, transaction history, investigation notes, and alert trail required to support SAR preparation and internal review. 

A SAR process that holds up under examination starts long before the report is submitted. Easy Detect gives your compliance team the infrastructure to get there.

 Ready to build a SAR process your fintech can stand behind? See how Easy Detect supports your SAR workflow from detection to documentation. 

FAQs on Suspicious Activity Reporting for Fintechs

1. What is the difference between an STR and a SAR in Nigerian AML compliance? Both refer to reports filed with the NFIU when a financial institution suspects a transaction is linked to financial crime. The NFIU tracks them separately but for most fintechs the filing obligation and process is the same.
2. What is the filing deadline for a suspicious transaction report in Nigeria? Transactions connected to terrorism financing must be reported within 24 hours of forming suspicion. All other suspicious activity carries a 7-day filing window. These are statutory deadlines, not guidelines.
3. Does filing a SAR mean a fintech must freeze the customer's account? No. The obligation to report and the decision to restrict an account are separate. A fintech may choose to take account action, but that decision is independent of the reporting obligation.
4. What happens if a Nigerian fintech fails to file a SAR when required? Under the CBN's March 2026 circular, failure to file carries financial penalties and can result in licence revocation. Inadequate filing is treated the same as non-filing.
5. Do all Nigerian fintechs have to file SARs?

Registered financial institutions and reporting entities subject to Nigeria's AML regulations are required to identify and report suspicious activity to the NFIU in accordance with applicable laws and regulatory guidance.