To meet CBN KYC/AML requirements in 2026, Nigerian banks, fintechs, and payment service providers must implement a three-tier KYC system, operate automated transaction monitoring, maintain real-time sanctions screening, and submit an implementation roadmap for their automated AML solution by 10 June 2026, the deadline set in CBN Circular BSD/DIR/PUB/LAB/019/002. Non-compliance is no longer a theoretical risk.

 

In 2024, the CBN fined 29 banks a combined N15 billion ($9.3 million) for AML and counter-terrorism financing (CTF) violations. With stricter automated monitoring standards now in force, the 2026 enforcement
cycle is expected to be more aggressive.
 

This guide explains every CBN KYC/AML requirement currently in force, what the March 2026 baseline standards demand technically, and the specific steps compliance teams, technology leaders, and senior management must take to achieve and maintain full compliance.

 

What the CBN Requires: The Regulatory Framework at a Glance

 

Nigeria’s AML/CFT compliance framework for financial institutions is governed by four primary instruments.

 

1. Money Laundering (Prevention and Prohibition) Act, 2022 (MLPPA 2022)


The primary statute. It establishes the offence of money laundering, defines the obligations of financial institutions, and empowers the CBN and NFIU to supervise, investigate, and penalise violations.

 

2. CBN AML/CFT/CPF Regulations, 2022


The CBN’s core regulatory instrument. It sets out obligations for customer due diligence, transaction monitoring, record keeping, suspicious transaction reporting, and correspondent banking controls. It also incorporates countering proliferation financing (CPF), the funding of weapons of mass destruction, as a new compliance pillar.

 

3. CBN Customer Due Diligence (CDD) Regulations, 2023

 

Issued in 2023, these regulations operationalise the three-tier KYC framework, define when enhanced due diligence is mandatory, set requirements for beneficial ownership verification, and establish rules for politically exposed persons (PEPs) and high-risk jurisdictions.


 

4.  CBN Baseline Standards for Automated AML Solutions, 2026

Issued via Circular BSD/DIR/PUB/LAB/019/002 on 10 March 2026, this is the newest and most technically demanding regulation. It mandates that all covered institutions deploy automated systems capable of real-time transaction monitoring, dynamic risk scoring, sanctions screening, and regulatory reporting, with an implementation roadmap due by 10 June 2026.

 

All four instruments apply simultaneously. Compliance with one does not substitute for compliance with another.


 

The Three-Tier KYC System: Key Requirements of the CBN AML Guidelines (2026)

 

The CBN’s risk-based KYC framework assigns all customers to one of three tiers. Each tier carries distinct documentation requirements, transaction limits, and due diligence obligations.


 

Tier 1 — Basic KYC (Low Risk, Financial Inclusion Accounts)

 

Who qualifies:

Individuals opening low-activity accounts or mobile wallets, primarily for financial inclusion purposes.

 

Documentation required:

  • Full name and date of birth (self-declared or BVN-validated)
  • Bank Verification Number (BVN) or National Identity Number (NIN)
  • Residential address (self-declared acceptable at this tier)

 

Limits:

  • Maximum daily transaction: ₦30,000
  • Maximum cumulative balance: ₦300,000

 

Compliance note:

The CBN tightened Tier 1 rules in 2023, requiring mandatory BVN or NIN linkage even for basic wallets. Institutions that onboarded Tier 1 customers without BVN/NIN linkage before the 2023 CDD Regulations must retrospectively remediate those records.


 

Tier 2 — Standard KYC (Moderate Risk)

 

Who qualifies: 

Individual customers with verified identity and moderate transaction activity.

 

Documentation required:

  • BVN or NIN (verified against NIBSS database, not self-declared)
  • One government-issued photo ID (National ID card, international passport, driver’s licence, or voter’s card)
  • Proof of residential address dated within three months (utility bill, tenancy agreement, or bank statement).
     

Limits

  • Maximum daily transaction: ₦500,000
  • Maximum cumulative balance: ₦500,000

 

Tier 3 — Enhanced KYC (Full Verification)


Who qualifies: 

High-value individual accounts, all corporate customers, and any customer whose transaction profile warrants elevated scrutiny.
 

Documentation required — individuals:
 

• BVN and NIN (both mandatory)
• Two government-issued IDs
• Verified residential address with physical visit or third-party address confirmation
• Source of funds declaration for large initial deposits
 

Documentation required — corporate customers:

 

  • Certificate of Incorporation (CAC-certified)
  • Memorandum and Articles of Association
  • Board resolution authorising account opening
  • Tax Identification Number (TIN)
  • Full beneficial ownership register (all individuals owning ≥5% equity)
  • Identity verification for all beneficial owners, directors, and authorised signatories
  • Source of funds documentation
     

No transaction limits apply at Tier 3, but all activity is subject to ongoing monitoring.

 

The CBN KYC/AML Compliance Checklist for 2026

 

Use this checklist across your KYC/AML compliance, technology, and senior management teams.

 

1. Governance and Policy

 

  • Board-approved AML/CFT/CPF Policy updated to reflect MLPPA 2022 and CBN Regulations 2022
  • Designated Money Laundering Reporting Officer (MLRO) appointed with direct board access
  • AML compliance function independent of business lines
  • Annual AML/CFT risk assessment completed and documented
  • Senior management review and sign-off on AML programme at least annually
  • AML training completed by all customer-facing and compliance staff (documented and dated)


 

2. KYC and Customer Onboarding

 

  • Three-tier KYC framework implemented and documented
  • BVN/NIN verification mandatory at Tier 1 and above (automated integration with NIBSS/NIMC)
  • Biometric verification in place for face-to-face and remote onboarding
  • Beneficial ownership identification for all corporate customers (≥5% threshold)
  • EDD procedures documented and triggered automatically for PEPs, high-risk jurisdictions, and complex structures
  • Legacy customer records remediated for BVN/NIN linkage


 

3. Transaction Monitoring

 

  • Automated transaction monitoring system deployed
  • Real-time alerting active for structuring, large cash, crypto flows, and rapid fund movement
  • Dynamic rule engine in place (AI-powered anomaly detection, not static rules only)
  • Alert investigation and escalation workflow documented and operating
  • Monitoring calibration reviewed and updated at least quarterly


 

4. Sanctions Screening

 

  • Automated screening against NFIU, UN, OFAC, and EU lists
  • Real-time screening at onboarding and on list updates
  • Match-scoring configured to reduce false positives while maintaining sensitivity
  • PEP screening with senior management approval workflow active


 

5. Regulatory Reporting

 

  • STR filing within 24 hours of suspicion (automated or documented manual process)
  • CTR filing for ₦5M+ individual / ₦10M+ corporate cash transactions within 24 hours
  • ITR filing for $10,000+ international transfers within 24 hours
  • NFIU reporting portal access confirmed and tested


 

6. Record Keeping

 

  • All customer records retained for minimum 5 years
  • All transaction records retained for minimum 5 years
  • Records retrievable within timeframes required by CBN/NFIU on demand


 

7. 2026 Baseline Standards

 

  • Automated AML solution assessed against Baseline Standards functional requirements
  • Gap analysis completed
  • Implementation roadmap prepared with milestones and senior management sign-off
  • Implementation roadmap submitted to CBN by 10 June 2026
  • NDPA 2023 / NDPR data protection controls integrated into AML systems


The Cost of Non-Compliance with CBN's KYC/AML Requirements: What CBN Enforcement Looks Like

 

This is not hypothetical risk. CBN enforcement data from 2024 makes the financial and reputational stakes clear.

 

In its 2024 enforcement cycle, the CBN imposed N15 billion ($9.3 million) in penalties across 29 banks for AML and CTF violations. The specific failures cited included:
 

  • Inadequate KYC documentation and incomplete customer due diligence records
  • Failure to file Suspicious Transaction Reports within the mandated 24-hour window
  • Inadequate transaction monitoring controls — either absent or not operating effectively
  • Incomplete beneficial ownership records for corporate accounts
  • Failure to screen customers against updated sanctions lists


 

Zenith Bank :

 

Nigeria’s largest bank by market capitalisation, was the single worst-hit institution, incurring fines totalling $9.6 million from the CBN and other regulators combined in 2024.
 

In April 2025, the CBN issued an additional circular reminding all institutions of their ongoing sanctions compliance obligations and warning that further enforcement action would follow where obligations are not met.

 

The 2026 baseline standards introduce a new category of compliance failure: institutions that cannot demonstrate automated monitoring capability now face sanctions for technical non-compliance with the automation mandate itself, even if no underlying AML violation has occurred.


 

How the Right KYC/AML Technology Platform Makes KYC/AML Compliance Achievable

 

Meeting every requirement above manually is not operationally viable at scale, and the CBN’s 2026 Baseline Standards make that explicit. The question for CTOs, CIOs, CCOs, and senior management is no longer whether to automate, but which platform delivers full coverage against the CBN’s specific technical requirements.


A compliant KYC/AML platform for the Nigerian market must deliver the following six capabilities:


 

1.  Identity verification at onboarding

Real-time BVN and NIN lookups via NIBSS and NIMC APIs, biometric liveness detection to counter deepfakes and spoofing attacks, and document verification for government-issued IDs. Manual verification creates bottlenecks and compliance gaps simultaneously.
 

2.  Automated customer risk scoring

Dynamic risk models that update as transaction behaviour changes, not static ratings locked at onboarding. Every high-risk event, a new PEP relationship, a transaction involving a FATF-listed jurisdiction, a change of beneficial ownership, should trigger an automatic risk reassessment.
 

3.  Real-time transaction monitoring

Configurable rule engines covering CBN-specific red flags combined with machine learning anomaly detection for patterns no static rule would catch.
 

4.  Integrated sanctions and PEP screening

Continuous screening against all required lists, with automated list updates, configurable match-scoring, and full audit trails for every screening decision and override.

 

5.  One-click regulatory reporting

Automated STR, CTR, and ITR generation pre-formatted to NFIU specifications, with timestamp logging to demonstrate the 24-hour filing requirement was met.
 

6.  NDPA-compliant data architecture

Data minimisation by design, end-to-end encryption, role-based access controls, and full audit logging to satisfy both CBN and NDPA requirements simultaneously.

 

Institutions that attempt to meet the 2026 Baseline Standards by patching together multiple point solutions consistently report higher compliance costs, more regulatory gaps, and longer investigation timelines than those running an integrated platform.

 

Meet CBN's KYC/AML Requirements in 2026 with Youverify Cowork

 

Youverify Cowork is built to deliver all six of these capabilities from a single unified platform, not as a patchwork of integrated tools, but as one AI-native compliance infrastructure designed specifically for the Nigerian regulatory environment. 

 

From real-time BVN and NIN verification at onboarding to automated STR generation formatted to NFIU specifications, every requirement of the CBN's 2026 Baseline Standards is addressed within one workspace. At the centre of it is Vera AI, Youverify's proprietary compliance co-pilot, which works alongside your compliance team to run risk assessments, monitor transactions in real time, screen against sanctions and PEP lists continuously, and generate audit-ready reports instantly. 

 

For CTOs, CIOs, and CCOs navigating the June 10 roadmap deadline, Youverify Cowork removes the single biggest implementation risk: the gap between what a platform promises and what it actually delivers against the CBN's twelve specific technical requirements. 

 

Trusted by 70% of commercial banks across West Africa and operating across 140+ countries, Youverify brings both the regulatory depth and the proven infrastructure that Nigerian financial institutions need, not just to meet the 2026 Baseline Standards, but to build a compliance operation that remains audit-ready every single day.

 

Start Your Path to Full CBN Compliance Today

 

The June 10, 2026 roadmap deadline is weeks away. The N15 billion in fines issued in 2024 made clear that the CBN treats AML/KYC compliance as a non-negotiable obligation. The 2026 Baseline Standards now extend that enforcement risk to institutions that lack automated systems.

 

Youverify helps African banks, fintechs, and payment service providers meet CBN KYC/AML requirements end-to-end, from automated BVN/NIN verification and real-time liveness checks, to dynamic transaction monitoring, integrated sanctions screening, and one-click NFIU-formatted regulatory reporting.

 

Book a free compliance assessment call,  we will review your current setup against the 2026 Baseline Standards, identify your specific gaps, and show you exactly how our platform closes them before your June 10 deadline.