Nigerian financial institutions now face the most technically specific transaction monitoring requirements the Central Bank of Nigeria has ever issued.
 

On 10 March 2026, the CBN published Circular BSD/DIR/PUB/LAB/019/002, establishing mandatory minimum standards for automated AML solutions across every CBN-supervised institution. This is not guidance. It is a binding compliance obligation with firm deadlines and significant penalties for non-compliance.
 

This guide covers everything Nigerian banks, fintechs, payment service providers, and mobile money operators need to know: the specific CBN requirements, reporting thresholds, BVN watchlist obligations, the SAR filing process, and a step-by-step path to building a compliant monitoring programme.
 

Read also: CBN KYC/AML Requirements 2026: Full Compliance Guide

 

Why Did the CBN Tighten Transaction Monitoring Rules in 2026?

Manual AML controls can no longer keep up with Nigeria's digital financial system.
 

The CBN states explicitly in the Baseline Standards: "As financial services become increasingly digitised and complex, manual AML/CFT/CPF controls are no longer sufficient to manage evolving risks." 
 

Nigeria exited the FATF grey list in October 2025 after a multi-year reform effort. That exit came with conditions including demonstrating sustained progress in automated transaction monitoring. The March 2026 Baseline Standards are the CBN's response to a specific weakness identified in Nigeria's FATF Mutual Evaluation Report: the inconsistency of automated AML systems across the financial sector.
 

Tier-1 banks had sophisticated platforms. Many fintechs, PSPs, and smaller banks were still running manual or semi-automated processes that were inadequate for their transaction volumes. The new standards close that gap for good.
 

The stakes are not abstract. In 2024, the CBN fined 29 banks a combined N15 billion ($9.3 million) for AML and counter-terrorism financing violations. The announcement was made by the CBN Governor, Olayemi Cardoso, during the 2024 Bankers’ Night organized by the Chartered Institute of Bankers of Nigeria (CIBN) in Lagos in November 2024. With stricter automated monitoring standards now in force, the 2026 enforcement cycle is expected to be more aggressive. 

 

Who Does CBN Circular BSD/DIR/PUB/LAB/019/002 Apply To?

Every CBN-supervised institution is covered. No exceptions.

The March 2026 Baseline Standards apply to:

  • Deposit Money Banks (DMBs)
  • Merchant Banks
  • Microfinance Banks
  • Finance Companies
  • Fintechs and startups holding CBN licences
  • Payment Service Providers (PSPs)
  • Mobile Money Operators (MMOs)
  • Mortgage Banks
  • Primary Mortgage Institutions
     

The specific technical requirements scale with each institution's size, transaction volume, risk profile, and operational complexity. But the baseline itself applies universally.

 

What Are the Core CBN Transaction Monitoring Requirements?

To be in line with the CBN transaction monitoring requirements, be aware of this:

The CBN's Baseline Standards mandate a unified, automated approach that integrates AML (Anti-Money Laundering), CFT (Combating the Financing of Terrorism), and CPF (Combating Proliferation Financing) into a single compliance framework. 
 

Compliance is built around six mandatory pillars:

1. Real-Time Transaction Monitoring

Overnight batch processing alone is no longer compliant. Institutions must implement real-time alert capabilities for high-risk transaction categories including:

  • Significant cash deposits (see thresholds below)
  • Cross-border wire transfers
  • Cryptocurrency-related activity and crypto-fiat conversions
  • Rapid fund movements through multiple accounts (structuring indicators)
  • Transactions flagged under existing CBN AML/CFT regulations

High-risk institutions specifically must implement bidirectional real-time integration between their transaction monitoring systems and core banking/KYC systems. Standalone monitoring systems that do not feed back into customer risk profiles are non-compliant under the new standards.
 

2. Unified Customer View (360-Degree Profile)

Your AML system must maintain a consolidated view of each customer's activity across all accounts, products, and channels. A customer who deliberately splits transactions across five accounts at the same bank to stay below reporting thresholds must be identifiable as a single risk entity. Monitoring each account in isolation is a compliance failure. 
 

3. Risk-Based Customer Profiling

Risk-based monitoring must go beyond transaction volume. Customer segmentation must incorporate specific attributes including:

  • Occupation and industry
  • Geographic location and exposure
  • Product type and usage patterns
  • Historical transaction behaviour
     

4. Automated STR/SAR Generation and Reporting

Systems must support automated generation of Suspicious Transaction Reports (STRs) for submission to the Nigeria Financial Intelligence Unit (NFIU) via the goAML reporting platform. The circular requires SARs to be automated and transmitted in real time where possible, not compiled manually at the end of a review cycle.
 

5. Beneficiary and Sanctions Screening

Automated systems must screen transaction beneficiaries against:

  • United Nations sanctions lists
  • OFAC (US Treasury) sanctions lists
  • NFIU watchlists
  • PEP (Politically Exposed Persons) databases
  • Adverse media sources

This screening must happen in real time, not as a separate post-transaction process.
 

6. AI and Machine Learning Governance

Where institutions use AI or machine learning in their monitoring systems, the CBN requires documented model governance including:

  • Annual independent model validation
  • Performance monitoring and audit trails for model decisions
  • Procedures for model review when performance degrades
  • Explainable AI (XAI) capability so models can show why a transaction was flagged during regulatory audits

This is a direct response to concerns from CBN examiners about "black box" AI systems that compliance teams could not explain to regulators.
 

Read also: CBN Issues Baseline Standards for Automated AML Solutions

 

The BVN Fraudulent Transaction Watchlist: What You Need to Know

From 1 May 2026, the CBN mandated a BVN-linked watchlist for institutions to act on immediately.

This is a separate but related requirement. The CBN has mandated a temporary watchlist linking Bank Verification Numbers (BVNs) implicated in fraudulent transactions. Institutions must:

- Screen customers and transaction counterparties against the BVN watchlist in real time

- Take immediate action on flagged BVNs, including account restriction, enhanced monitoring, or STR filing
 

Integrate watchlist updates into their core transaction monitoring workflow as updates are published

This measure targets account takeover fraud and money mule networks, which have been a persistent pattern in CBN enforcement actions. Any transaction monitoring system that does not include BVN watchlist screening as of 1 May 2026 is already behind.

 

CBN Transaction Monitoring Thresholds: The Key Numbers

These are the specific figures that trigger mandatory reporting obligations under CBN AML/CFT Regulations 2022 and NFIU guidelines.
 

Transaction Type

Threshold

Reporting Obligation

Cash transaction (individual)₦5 million and aboveCash-Based Transaction Report
Cash transaction (business)₦10 million and aboveCash transaction report to NFIU
Suspicious transactionAny amountSTR to NFIU within 5 working days
International wire (inbound)$10,000 and aboveEnhanced due diligence and monitoring
International wire (outbound)$10,000 and aboveEnhanced due diligence and monitoring
Crypto-related transactionsAny significant amountEnhanced monitoring under CBN AI standards


 

 

 

 

 

 

 

 

 

 

 

Any transaction that a compliance officer reasonably suspects is connected to money laundering, terrorism financing, or proliferation financing must be reported to the NFIU regardless of the amount. A ₦500 transfer that shows structuring indicators must be reported. A ₦50,000 transaction from a PEP that does not match their profile must be reported.
 

Also note: the most common financial crime pattern flagged in Nigerian enforcement actions is structuring, which is the deliberate splitting of transactions below the ₦5 million and ₦10 million CTR thresholds across multiple branches or accounts. Your monitoring system must detect cumulative patterns across accounts, not just single-transaction breaches.

 

Compliance Deadlines: What Must Happen and When?

 

Deadline

Action Required

Who

1 May 2026BVN Fraudulent Transaction Watchlist mandatoryAll regulated institutions
10 June 2026Submit implementation roadmap to CBNAll regulated institutions
September 2027Full compliance with Baseline StandardsDeposit Money Banks
March 2028Full compliance with Baseline StandardsFintechs, PSPs, MMOs


 

 

 

 

 

 

 

 

The 10 June 2026 roadmap submission is the immediate priority. Failure to submit triggers regulatory sanctions under BOFIA 2020, which empowers the CBN to impose administrative penalties of up to ₦2 billion on financial institutions for AML/CFT compliance failures. Missing this deadline is not a grace period. It is the start of enforcement exposure.

 

What Data Retention Rules Apply?

The CBN requires 5-year retention for transactions and risk assessments.

Specifically:

  • All transaction records must be retained for a minimum of 5 years.
  • Risk assessments and customer due diligence records must be retained for 5 years.
  • Audit logs must be producible within 72 hours of a regulatory request.
     

This means your monitoring system must not only generate compliant alerts, it must store the complete audit trail of every alert investigation, every escalation decision, and every STR filing in a format that can be retrieved quickly. CBN examiners routinely find that institutions cannot produce contemporaneous documentation of alert investigation decisions, which is itself treated as a compliance failure even when the underlying monitoring was adequate.

 

How to Build a CBN-Compliant Transaction Monitoring Programme

Here is the step-by-step path to compliance, whether you are starting from scratch or upgrading an existing system.
 

Step 1: Conduct an Institutional Risk Assessment

Before selecting or configuring any platform, document your institution's specific financial crime risks: customer types, product risk profiles, geographic exposure, and transaction channels.
 

A microfinance bank serving rural agricultural communities will have different monitoring configurations than a tier-1 bank processing high-volume cross-border payments. The CBN's risk-based approach requires your system to reflect your actual risk profile, not a generic template.
 

Step 2: Map Your Monitoring Scope

Every transaction type your institution processes must be mapped to a monitoring rule. At minimum, your framework must cover:

  • Cash transaction monitoring against CTR thresholds
  • Wire transfer monitoring (inbound and outbound) against $10,000 thresholds
  • Unusual transaction pattern detection (velocity, structuring, dormant account activation)
  • High-risk customer monitoring (PEPs, correspondent banks, high-risk jurisdictions)
  • Crypto-related activity monitoring
  • Cross-product pattern detection using the unified customer view
  • BVN watchlist screening
     

Step 3: Select and Configure a Compliant Technology Platform

Your monitoring platform must meet the technical requirements of CBN BSD/DIR/PUB/LAB/019/002. 

The key criteria for the Nigerian market are:

  • Pre-configured CBN rule libraries, avoid building from scratch
  • NFIU goAML integration for automated STR/CTR submission
  • Real-time processing capability , not batch-only architecture
  • API integration with Nigerian core banking systems 
  • Multi-channel data ingestion covering NIBSS, NIP, USSD, mobile banking, and agent networks
  • BVN watchlist screening capability
  • Explainable AI (XAI) to support regulatory audits
     

Step 4: Implement, Test, and Benchmark

Run the new system in parallel with existing processes before decommissioning legacy approaches. Key benchmarks to track:

  • Alert-to-SAR conversion rate: a well-tuned system targeting Nigerian retail banking typically produces actionable alerts on 5 to 15% of all generated alerts.
  • False positive rate: high false positive rates waste compliance team capacity and can cause genuine threats to be missed through alert fatigue.
  • Structuring detection accuracy: test specifically for split transactions across multiple accounts and branches.

 

Step 5: Embed STR Filing Procedures

The NFIU requires STRs to be filed within 5 working days of a suspicious transaction being identified. Your programme must include:

 

Step 6: Implement Model Governance and Ongoing Tuning

The CBN's AI governance requirements mean deployment is not the end of the process. You must:

  • Document rule rationale and all model parameters at deployment
  • Review alert disposition rates at least quarterly
  • Conduct independent model validation at least once per year
  • Update rules when the CBN or NFIU publishes new typology guidance which happens routinely
  • Maintain audit logs that can demonstrate explainable AI decisions to regulators.
     

What Are the Most Common Compliance Failures at Nigerian Banks and Financial Institutions?

CBN examination findings and NFIU enforcement actions reveal the same weaknesses repeatedly.

1. Over-reliance on manual monitoring: Some fintechs and microfinance banks still rely primarily on manual transaction reviews, which fails the March 2026 standards outright

2. No unified customer view: Customers split activity across accounts at the same institution without triggering monitoring because the system treats each account independently

3. Batch processing replacing real-time alerting: Overnight batch runs mean suspicious transactions are only identified the next day, by which point funds may have already left the financial system

4. Poor STR quality: The NFIU regularly returns STRs for insufficient detail. Quality matters as much as quantity

5. Inadequate documentation: CBN examiners routinely find that institutions cannot produce contemporaneous documentation of alert investigation decisions

6. Standalone monitoring systems: Systems that do not feed back into KYC and customer risk profiles are non-compliant under the bidirectional integration requirement

7. Missing BVN watchlist screening: Institutions that have not integrated BVN watchlist checks into their real-time monitoring workflow are already behind the 1 May 2026 requirement
 

How Does AI Improve Transaction Monitoring Compliance?

AI is not just a feature. Under the CBN's 2026 standards, it is part of the compliance requirement.

Key AI capabilities relevant to CBN compliance:

1. Behavioural analytics: Detect when a customer's transaction pattern deviates significantly from their historical baseline. A strong indicator of account compromise or money mule activity.

2. Structuring detection: ML models identify cumulative patterns just below CTR thresholds that rule-based systems miss.

3.Network analytics: Map relationships between customers, beneficiaries, and counterparties to detect layering and interconnected suspicious accounts.

4. Natural language processing: Screen transaction narratives and payment references for suspicious keywords and patterns.

5. Velocity anomaly detection: Flag unusual increases in transaction frequency or geographic spread that do not match a customer's established behaviour.

6. Explainable AI outputs: Generate human-readable explanations of why a transaction was flagged, satisfying the CBN's model governance requirements.

The CBN explicitly requires that AI models can be explained to regulators. Implementing XAI from the start is significantly easier than retrofitting it later.

 

Meeting CBN's 2026 Transaction Monitoring Requirements with Youverify

CBN Circular BSD/DIR/PUB/LAB/019/002 is the clearest compliance standard the Nigerian financial sector has ever produced. The requirements are specific, the deadlines are firm, and the penalties under BOFIA 2020 are substantial.

The path forward is clear:

  • Conduct your institutional risk assessment now
  • Map your full monitoring scope against the six-pillar framework
  • Select a platform with CBN-native capabilities and NFIU goAML integration
  • Integrate BVN watchlist screening before 1 May 2026
  • Submit your implementation roadmap to the CBN by 10 June 2026
     

Youverify is an AI-powered compliance platform that enables real-time transaction monitoring, delivers a 360° view of customer profiles, and uses intelligent risk scoring to detect suspicious activity instantly. 

With audit-ready reporting and seamless regulatory alignment, it helps institutions stay compliant without slowing operations. Trusted by two-thirds of commercial banks in Nigeria and approved by key regulators, Youverify is built for the realities of modern financial compliance.
 

Youverify's KYT solution provides CBN-specific compliance logic, pre-configured Nigerian rule libraries, NFIU goAML integration, BVN watchlist screening, and an Africa-native compliance team that understands Nigerian regulatory requirements from the inside.
 

To kickstart your compliance journey, book a free demo today.