Introduction
African payment service providers are now required by law to monitor not just their own transactions, but the behavior of every merchant they acquire. In 2026, transaction monitoring for merchant acquiring and payment processing in Africa is a non-negotiable regulatory obligation, and the consequences of getting it wrong range from license suspension to criminal referral.
The CBN, BCEAO, and South Africa's Financial Intelligence Centre have all tightened their requirements for PSPs in recent years. A PSP that onboards merchants without merchant-level monitoring controls is not merely operationally exposed; it is non-compliant. This guide explains exactly what African PSPs must do, why merchant monitoring matters, and how to build a system that meets regulatory standards across Nigeria, West Africa, and South Africa.
Why PSPs Are AML Frontline Actors in Africa
The merchant acquiring model places the PSP at the center of every payment transaction. The PSP processes the transaction, accepts the settlement risk, and remits clean funds to the merchant's bank account. That position is precisely where illicit funds can be introduced into the financial system.
A shell merchant can receive payments from colluding payers, generating apparent trading income. A legitimate merchant's account can be taken over by fraudsters running false card transactions. An unlicensed money transfer operator can operate behind a legitimate merchant category code, using the payment network to process transactions that should sit under separate AML oversight.
FATF's 2023 guidance on payment service providers explicitly identifies merchant acquiring as a high-risk activity requiring continuous monitoring. African regulators have aligned with this position, as reflected in the updated frameworks from the CBN, BCEAO, and South African FIC.
READ ALSO: 6 steps: How to perform a KYB verification check.
Regulatory Requirements by Market
1. Nigeria: CBN AML Requirements for PSPs
The CBN's Circular BSD/DIR/PUB/LAB/019/002, issued 10 March 2026, is the most significant AML technology mandate ever issued to Nigerian PSPs. Every CBN-licensed PSP, including Payment Solution Service Providers (PSSPs), Mobile Money Operators, and Super Agents, must:
1. Deploy an automated AML/CFT solution capable of real-time transaction monitoring.
2. Monitor transactions at the individual merchant level, not only at the aggregate PSP level.
3. Generate and investigate alerts for suspicious patterns across the merchant portfolio.
4. Submit implementation roadmaps to the CBN Compliance Department by 10 June 2026.
All PSPs are classified as Other Financial Institutions (OFIs) under the Money Laundering (Prevention and Prohibition) Act 2022 and subject to the same AML/CFT obligations as banks. Know Your Business (KYB) due diligence on all merchants is mandatory at onboarding, covering CAC registration verification, UBO identification, and business activity confirmation.
Under CBN Circular BSD/DIR/PUB/LAB/019/002, Nigerian PSPs must deploy automated transaction monitoring at the merchant level, with full compliance required by 10 March 2028. Implementation roadmaps were due with the CBN by 10 June 2026.
2. South Africa: FICA Requirements for Payment Processors
In South Africa, PSPs operate under the oversight of the Financial Sector Conduct Authority (FSCA) and the South African Reserve Bank (SARB). PSPs classified as accountable institutions under the Financial Intelligence Centre Act (FICA) must:
1. Conduct customer due diligence on all merchants and corporate clients.
2. Implement a Risk Management and Compliance Program (RMCP) approved by senior management.
3. Monitor transactions on an ongoing basis and report suspicious activity to the Financial Intelligence Centre (FIC).
5. File Cash Threshold Reports for cash transactions exceeding ZAR 24,999.99.
3. West Africa (UEMOA): BCEAO Requirements
The BCEAO's Electronic Money Issuer Directive and its March 2025 updates require PSPs operating across the UEMOA zone to maintain continuous monitoring of all e-payment channels, conduct merchant CDD at onboarding, and report suspicious transactions to the national CENTIF without delay.
Key AML Typologies in Merchant Acquiring
Effective transaction monitoring for PSPs requires detection capability across specific typologies. Here are the four that matter most in the African context.
1. Merchant Money Laundering
A complicit or compromised merchant receives payments from colluding payers to generate apparent trading income representing illicit funds. The PSP then settles clean funds to the merchant account. Detection depends on spotting transaction volumes dramatically above the onboarding profile, low cardholder diversity, and MCC mismatches.
Real-world scenario: A Lagos-based e-commerce merchant onboarded with a projected monthly volume of ₦2 million begins processing ₦18 million per month within 60 days, almost entirely from five recurring payers. An automated monitoring system flags the velocity anomaly and merchant concentration ratio, triggering an MLRO review that leads to an STR filing with the NFIU via GoAML.
2. Refund Abuse
A fraudster makes purchases with a compromised payment method, then requests refunds to a different account. This converts stolen card value into legitimate bank transfers. Monitoring must track refund-to-revenue ratios and flag refund destinations that differ from the original payment source.
3. Payment Facilitation for Unlicensed Entities
A merchant acquirer unknowingly processes transactions on behalf of an unlicensed money transfer operator or crypto exchange using a legitimate merchant's account. Indicators include transaction descriptions inconsistent with the merchant's stated business and payer countries inconsistent with the merchant's typical customer geography.
4. Card-Present Fraud Conversion
Fraudsters use counterfeit or stolen cards at complicit merchants to generate false revenue settled to the merchant account. High chargeback rates from specific terminals and transactions at unusual hours for the business type are the primary monitoring signals.
Designing a Compliant Transaction Monitoring System
A compliant AML transaction monitoring system for an African PSP must cover four monitoring layers.
Monitoring Layer | What It Covers | Key Alert Types |
| Merchant Portfolio | Risk-rated monitoring per merchant | Drift from onboarding baseline |
| Transaction Level | Real-time alert on suspicious patterns | Velocity, amount, geolocation rules |
| Settlement | Disproportionate settlement vs trading volume | Pre-emptive settlement abuse |
| Agent Network | Individual agent cash-out patterns | Peer group anomaly detection |
Each merchant should carry an individual risk rating that drives monitoring intensity. High-risk MCCs, including gambling (7995), money transfer (4829), and crypto exchange (6051), require tighter thresholds and more frequent review.
Youverify's transaction monitoring solution provides configurable rule engines with pre-built merchant acquiring typologies, covering refund abuse, MCC mismatches, velocity alerts, and cross-border monitoring, all calibrated to CBN, BCEAO, and FICA requirements.
STR Filing Process for African PSPs
When a suspicious pattern is identified, the compliance process must follow a documented sequence:
1. Automated alert generation flags the transaction or merchant behaviour.
2. Level 1 analyst reviews the alert in the context of the merchant's full profile.
3. If suspicion is confirmed, the alert is escalated to the MLRO.
4. The MLRO documents the basis for suspicion and makes the reporting decision.
5. The STR is filed with the relevant FIU, NFIU GoAML for Nigeria, FIC for South Africa, or the national CENTIF for UEMOA member states.
6. All documentation is retained for a minimum of five years.
Learn how Youverify supports suspicious activity reporting from alert to filing, with jurisdiction-specific STR templates for Nigeria, South Africa, and UEMOA.
Conclusion
Transaction monitoring for merchant acquiring and payment processing in Africa is no longer a discretionary best practice; it is a regulatory requirement with documented deadlines and enforcement consequences. The CBN's March 2026 Baseline Standards, the BCEAO's EMI framework, and South Africa's FICA obligations all demand continuous, automated, merchant-level monitoring supported by documented STR filing processes.
PSPs that invest in robust, technology-driven transaction monitoring protect their licenses, their banking partnerships, and the merchants they serve. Those that delay risk regulatory sanction, reputational damage, and, in the worst cases, unwitting facilitation of the financial crimes they are legally obligated to prevent.
If you are building or upgrading your PSP's AML program, speak to Youverify's compliance team to see how African payment processors are meeting the 2026 monitoring requirements with automated, configurable, and multi-jurisdiction-ready solutions. To get started, Book a free demo today
See also: Merchant Onboarding: Meaning, How it Works | AML Compliance Software for Banks 2026
About The Author
Victoria Okere is a compliance and regulatory writer specializing in African financial markets, payment systems regulation, and AML/CFT frameworks. She writes for compliance teams, PSP operators, and fintech executives navigating regulatory requirements across Nigeria, South Africa, and the West African sub-region.