AML compliance Nigeria has become a strategic priority for banks, fintechs, insurers, virtual asset service providers, and designated non-financial businesses. As regulatory expectations continue to increase, institutions must implement robust AML compliance frameworks aligned with CBN regulations, NFIU reporting requirements, and international FATF standards
Nigeria’s anti money laundering landscape has undergone a dramatic transformation. With the country’s removal from the FATF Grey List, upgraded legislation, and billion-naira enforcement actions against major banks, the message from regulators is clear: compliance on paper is no longer enough. This guide breaks down everything Nigerian banks, fintechs, insurers, capital markets firms, and DNFBPs need to know to build and maintain a defensible AML program.
Overview of AML Compliance Nigeria
AML compliance in Nigeria encompasses the legal, regulatory, and operational framework designed to prevent the exploitation of Nigeria’s financial system for illicit financial activities such as corruption, fraud, drug trafficking, cybercrime, terrorism financing, and proliferation financing. It applies to a broad range of reporting entities, from commercial banks and payment service banks to real estate agents and dealers in precious metals.
The stakes are high. AML compliance is a strict legal necessity for businesses in Nigeria, not a voluntary best practice. Nigerian businesses must implement AML measures to attract foreign investment and ensure global financial partnerships. Rightsizing AML compliance frameworks is critical for navigating international banking relationships, especially as global correspondent banks increasingly de-risk counterparties with weak controls.
Nigeria was removed from the Financial Action Task Force Grey List in October 2025 after completing its action plan. Nigeria collaborates with FATF to strengthen its AML framework, and this removal reflects real progress in supervision, enforcement, and inter-agency coordination. However, exit from the Grey List has raised high regulatory expectations. Regulators now demand operational effectiveness: quality suspicious transaction reports, accurate risk assessments, and demonstrable outcomes from compliance processes.
The core laws driving this regime include the Money Laundering (Prevention and Prohibition) Act 2022, the Terrorism (Prevention and Prohibition) Act 2022, and regulations issued by the Central Bank of Nigeria. Together, these AML/CFT rules protect the integrity of Nigeria’s financial system and help combat financial crimes. The Central Bank of Nigeria regulates financial institutions’ AML compliance, while enforcement sits with the Economic and Financial Crimes Commission and intelligence analysis with the Nigerian Financial Intelligence Unit.
For institutions seeking to operationalize compliance at scale, ZIGRAM offers “The Complete AML System,” a RegTech platform combining name screening, transaction monitoring, entity risk assessment, due diligence, adverse media monitoring, and sanctions screening into a single, audit-ready solution for Nigerian compliance teams.
Nigeria's AML/CFT Legal and Regulatory Framework
Compliance in Nigeria is anchored in statute, CBN regulations, and international standards. The legal framework draws from FATF Recommendations, GIABA (the West African regional FATF-style body), UN conventions, and domestically enacted legislation. International organizations like FATF and GIABA play a critical role in shaping Nigerian regulatory directives.
The regulatory landscape has evolved considerably since 2011, when foundational laws were first enacted. Today, sectoral regulators-the Central Bank, the Securities and Exchange Commission, NAICOM, and SCUML-issue binding regulations that implement these statutes across banks, capital markets firms, insurers, and designated non-financial businesses.
The Money Laundering (Prevention and Prohibition) Act 2022
The Money Laundering (Prohibition) Act was enacted in 2011 as Nigeria’s original anti money laundering aml statute. It was repealed and replaced by the Money Laundering (Prevention and Prohibition) Act 2022, which introduced broader definitions, stricter obligations, and updated penalties.
Key features of the 2022 Act include:
Cash transaction limits: Cash transactions exceeding ₦5 million for individuals must be reported to the NFIU. Corporate bodies face a ₦10 million threshold. Splitting transactions to evade these limits is prohibited.
Customer due diligence: Financial institutions must verify customer identities under CDD, including beneficial owners and legal persons. Enhanced due diligence is required for high-risk customers such as PEPs, virtual asset users, and cross-border fund flows.
Record-keeping: AML compliance requires maintaining records for at least five years after the end of the business relationship or transaction, ensuring traceability.
Reporting duties: Financial institutions must report suspicious transactions within seven days. International transfers over $10,000 must be reported to relevant authorities in Nigeria within one day.
Penalties: Non-compliance can lead to hefty fines and license revocation. Money laundering convictions carry a minimum of four years’ imprisonment or a fine of at least five times the value of illicit proceeds, or both.
Virtual asset service providers are now explicitly classified as reporting entities under the Act, with mandatory reporting for transactions exceeding prescribed thresholds.
The Terrorism (Prevention and Prohibition) Act 2022
The Terrorism (Prevention) Act was also established in 2011 and subsequently overhauled in 2022. The Terrorism (Prevention and Prohibition) Act 2022 criminalizes terrorist financing, proliferation financing, and material support to designated terrorist organizations. It empowers regulators and courts to freeze, seize, and forfeit terrorist property.
Financial institutions must identify and freeze assets linked to domestic or foreign terrorist persons and entities appearing on UN-designated lists. They must report suspicious transactions related to terrorism to NFIU within 24 hours.
Here is a concrete example: if a bank’s screening system flags a customer matching a name on the UN Consolidated List, the bank must immediately freeze the account, block all pending financial transactions, report to NFIU and its sector regulator, and maintain compliance procedures with senior management oversight. Failure to act triggers severe penalties.
The Act directly shapes targeted financial sanctions-related obligations and interacts with CBN directives on sanctions screening, making it a core component of any institution’s AML compliance program.
Central Bank of Nigeria (CBN) AML/CFT Regulations and Guidelines
The Central Bank of Nigeria (CBN) serves as both a prudential regulator and an AML/CFT supervisor for banks, microfinance banks, payment service providers, and other financial institutions. The Central Bank of Nigeria issues AML/CFT regulations for financial institutions, as well as AML guidelines covering KYC, beneficial ownership, digital onboarding, and sanctions screening.
The CBN AML/CFT/CPF Regulations 2022 require institutions to adopt a risk-based approach, conduct enterprise-wide risk assessments, classify customers by risk level, and monitor transactions continuously. They mandate the designation of a Compliance Officer at the senior management level with direct board access.
CBN circulars shape practical expectations for Nigeria’s growing fintech sector, covering e-KYC, beneficial ownership declarations, and verification through national identity systems (NIN, BVN). CBN conducts both onsite and offsite inspections and can impose administrative sanctions, including monetary fines, suspension, or revocation of licenses for compliance failings.
Key AML/CFT Regulators and Their Roles
Nigeria’s anti money laundering regime involves multiple agencies with distinct but complementary mandates. Compliance is monitored by the Nigerian Financial Intelligence Unit (NFIU) and the Economic and Financial Crimes Commission (EFCC), alongside sector-specific supervisors. Regulators have the authority to investigate and prosecute non-compliant entities. Regulatory bodies impose penalties for non-compliance with AML laws.
These bodies collaborate with regional and global organizations such as FATF and GIABA to strengthen anti money laundering and counter-terrorist financing frameworks across Nigeria’s financial system.
Central Bank of Nigeria (CBN)
CBN holds a statutory mandate over banks, OFIs, and payment service providers regarding AML/CFT compliance. It falls within CBN’s regulatory purview to supervise how regulated entities implement measures for customer due diligence, sanctions screening, transaction monitoring, and reporting suspicious transactions.
Supervision methods include risk-based examinations, prudential returns, and AML/CFT returns templates. Recent enforcement underscores CBN’s posture: Access Bank was fined N35 million in May 2026 for AML/CFT/CPF compliance lapses identified during a one-year risk-based examination. Zenith Bank received a N15.42 billion fine in 2025 covering money laundering failures, cybersecurity breaches, and FX violations.
Economic and Financial Crimes Commission (EFCC)
The Financial Crimes Commission serves as Nigeria’s lead agency for investigating and prosecuting money laundering cases, corruption, cyber fraud, and other related financial crimes. The Economic and Financial Crimes Commission investigates financial crimes in Nigeria by leveraging financial intelligence from NFIU and information obtained from banks and DNFBPs.
EFCC has been involved in high-profile prosecutions and confiscation of proceeds of crime. It can recommend or trigger penalties for institutions with systemic AML compliance failures. Compliance teams should expect cooperation requests from EFCC and maintain documentation standards that support rapid response to investigative inquiries.
Nigerian Financial Intelligence Unit (NFIU)
The Financial Intelligence Unit (NFIU) operates as Nigeria’s independent FIU, established under the NFIU Act 2018. Previously housed within EFCC, it now functions autonomously. The Nigerian Financial Intelligence Unit analyzes suspicious transaction reports, currency transaction reports, and international transfer reports submitted by reporting entities.
Suspicious Transaction Reports must be filed with the NFIU for transactions lacking lawful origin. Filing of Currency Transaction Reports is mandatory for large cash transactions. Reporting timelines vary: STRs generally within seven days, though terrorism-related reports require submission within 24 hours. NFIU engages with the Egmont Group and international FIUs to exchange financial intelligence on cross-border money laundering.
NFIU increasingly scrutinizes data quality and completeness. Poorly constructed reports-missing party details, vague narratives, or inconsistent amounts-undermine the system’s ability to combat money laundering effectively.
Other Key Supervisors: SEC, NAICOM, and SCUML
The Securities and Exchange Commission oversees capital market operators and collective investment schemes for AML/CFT compliance, issuing sector-specific AML regulations.
NAICOM (National Insurance Commission) supervises insurers, brokers, and micro-insurers regarding AML requirements, ensuring insurance products are not used to layer illicit funds.
SCUML (Special Control Unit against Money Laundering) holds the mandate for designated non-financial businesses and professions. Designated Non-Financial Businesses and Professions (DNFBPs) must register with the Special Control Unit Against Money Laundering (SCUML). Failure to register is itself a criminal offense. SCUML monitors compliance for real estate agents, casinos, dealers in precious metals, accountants, and lawyers.
Who Must Comply: Regulated Sectors and Reporting Entities
Nigerian law defines reporting entities broadly. Core financial institutions subject to AML obligations include commercial banks, non-interest banks, microfinance banks, mortgage banks, payment service banks, fintechs, mobile money operators, bureau de change, finance companies, virtual asset service providers, securities brokers, asset managers, insurers, and pension administrators.
Key DNFBPs include real estate developers and agents, casinos and gaming companies, dealers in luxury goods and precious stones, lawyers, notaries, accountants, auditors, and trust and company service providers. These sectors face elevated risk of potential money laundering due to cash intensity, opacity of transactions, cross-border flows, and complex ownership structures.
Both categories of other entities must develop tailored AML programs: risk-based customer categories, heightened due diligence for high-risk segments, monitoring of complex transactions, and verification of beneficial ownership and source of funds. Many businesses still lack awareness of AML compliance requirements, which creates exposure across the sector.
Core AML Requirements for Nigerian Institutions
Nigeria’s AML requirements are risk-based and aligned with FATF Recommendations. Institutions must build programs around several interconnected obligations: customer due diligence, enhanced due diligence, record-keeping, transaction monitoring, suspicious transaction reporting, and internal controls.
These requirements apply at onboarding (KYC/KYB) and throughout the customer lifecycle via ongoing monitoring. Every institution must maintain a documented AML/CFT program approved at the board level and overseen by a designated AML Compliance Officer.
Customer Due Diligence (CDD) and Know Your Customer (KYC)
Customer Due Diligence is essential for AML compliance in Nigeria and CDD is a fundamental component of Nigeria’s AML compliance framework. CDD is mandatory for all new customers and for occasional transactions above prescribed thresholds.
What must be collected and verified:
Individuals: Full legal name, date of birth, address, occupation, valid identification (NIN, BVN, international passport)
Entities: CAC incorporation documents, beneficial ownership declarations, identification of beneficial owners and legal persons controlling the entity
CDD involves assessing risks associated with customer transactions to determine the appropriate level of scrutiny
Enhanced due diligence is required for PEPs, customers from high-risk countries, and complex structures. This includes source-of-funds and source-of-wealth checks, senior management approval, and ongoing monitoring. Customer identification must be robust whether conducted in person or via digital onboarding channels that comply with CBN and NIMC expectations for remote identity verification.
Ongoing Monitoring and Transaction Surveillance
Monitoring customer relationships is a continuous obligation, not a one-time onboarding exercise. Transaction monitoring should be risk-based, focusing on unusual patterns, structuring, cross-border flows, and high-risk products such as virtual assets and correspondent banking. Complex financial transactions challenge detection of money laundering, making automated systems essential.
Employing advanced technology can enhance transaction monitoring and due diligence processes in financial institutions. Solutions like ZIGRAM’s Transact Comply module within “The Complete AML System” help detect anomalies, reduce false positives, and improve operational efficiency.
Consider a common red-flag scenario in Nigeria: a customer opens multiple accounts at different branches, receives a series of small international wire transfers just below reporting thresholds, then consolidates and moves funds rapidly through trade-based invoicing arrangements. Without automated surveillance, this pattern is nearly impossible to catch manually across siloed systems.
Suspicious Transaction Reporting and Threshold Reporting
STRs (suspicious transaction reports) and CTRs (currency transaction reports) serve different purposes under Nigerian law. STRs capture transactions where there is reason to suspect illicit origin, regardless of amount. CTRs capture cash transactions above statutory thresholds (₦5 million for individuals, ₦10 million for corporates). Nigerian law mandates reporting suspicious transactions within seven days. Operational compliance requires timely reporting of anomalies to regulatory bodies.
International transfers over $10,000 must be reported to relevant authorities in Nigeria within one day. Filing of Currency Transaction Reports is mandatory for large cash transactions.
Typical red flags requiring STRs include:
Unexplained high-value cash deposits inconsistent with customer profile
Mismatched customer profiles (e.g., a student account receiving large commercial payments)
Links to sanctioned jurisdictions or names on sanctions lists
Round-tripping of funds through multiple accounts with no clear business purpose
Confidentiality is paramount. Tipping-off-alerting the customer that a report has been or will be filed-is prohibited and can itself trigger criminal liability.
Record-Keeping and Data Retention
AML compliance requires maintaining records for at least five years after the business relationship ends or after the transaction date. This covers identification documents, transaction histories, due diligence records, and correspondence. Records must be adequate, accessible, and verifiable, with complete audit trails for both digital and paper formats.
Poor records can undermine defense against allegations of non-compliance and hinder investigations into financial crimes. Strong risk management tools, such as ZIGRAM’s “Risk App Ecosystem,” support quick retrieval during CBN and EFCC examinations.
Internal Controls, Governance, and AML Compliance Officer
Board-approved AML/CFT policies, clearly documented procedures, and independent audit functions form the governance backbone. Entities must designate a Chief Compliance Officer with authority to supervise AML programs. This officer (often titled MLRO) must have direct access to senior management and independence from business-line pressures.
Internal controls should include segregation of duties, access controls, quality assurance processes, and regular independent testing. Periodic reporting to the Board on AML/CFT risk, regulatory developments, and remediation status is expected. These controls help prevent financial crimes and enhance transparency across the organization.
Staff Training and Culture of Compliance
Regular staff training is critical for AML compliance. Regular training programs must be conducted to inform staff about money laundering red flags, reporting channels, and evolving typologies. Training programs should cover legal requirements and suspicious activity identification, including Nigerian statutes, CBN guidelines, and internal policies.
All staff members must receive AML training, especially in customer-facing roles. Inadequate training can lead to inadvertent violations of AML laws. A well-informed workforce enhances the effectiveness of AML programs.
Use real Nigerian case studies in training sessions-for example, the Access Bank or Zenith Bank enforcement actions-to make reputational risks and personal liability tangible. Foster a culture where employees escalate concerns without fear of retaliation.
Penalties, Enforcement, and Risks of Non-Compliance
Non-compliance with AML/CFT in Nigeria triggers administrative fines, criminal sanctions, civil liability, and reputational damage. The Central Bank of Nigeria, EFCC, and other regulators coordinate investigations and enforcement actions. Both individuals (directors, officers) and institutions can face severe penalties.
Enforcement of AML regulations in Nigeria is inconsistent, and corruption within regulatory bodies hinders AML enforcement effectiveness at times. Regulatory agencies face resource constraints limiting AML compliance monitoring. Yet the trend is unmistakably toward more visible, more punitive enforcement-making robust compliance non-negotiable.
Statutory Penalties and Regulatory Sanctions
Under the Money Laundering (Prevention and Prohibition) Act 2022, penalties include:
Violation | Penalty |
|---|---|
Money laundering conviction | Minimum 4 years imprisonment and/or fine ≥ 5x proceeds |
Failure to report suspicious transactions | Monetary fines, potential license revocation |
Breach of CDD/KYC rules | Administrative sanctions, per-day penalties |
Institutional non-compliance | CBN can suspend or revoke licenses, publish names |
CBN can impose per-day penalties for ongoing breaches. The N35 million fine against Access Bank (2026) and the N15.42 billion fine against Zenith Bank (2025) demonstrate that monetary fines are escalating rapidly across the sector.
Reputational, Legal, and Business Risks
AML failures lead to correspondent banking relationship closures, de-risking by foreign partners, and reduced access to international capital. Reputational risks include media exposure, loss of customer trust, and impact on share price or valuations. Civil litigation from customers, investors, or counterparties alleging inadequate controls adds another layer of exposure.
Strong AML controls, empowered by RegTech solutions like ZIGRAM’s “The Complete AML System,” help mitigate risks and ensure compliance. Institutions that invest in robust compliance infrastructure protect not just against penalties but also against existential business threats.
Using Technology and RegTech to Strengthen AML in Nigeria
The trend toward AI- and data-driven AML compliance tools is accelerating across Nigeria. Manual name screening, spreadsheet-based transaction monitoring, and fragmented systems are no longer sufficient for large banks, fintechs, and crypto platforms handling high volumes of criminal activity risks.
Financial institutions must adopt automated solutions for AML compliance, including real-time data screening. Integrating name screening, transaction monitoring, adverse media, due diligence, and case management into a unified platform delivers measurable gains in accuracy, speed, and audit readiness.
“The Complete AML System” is ZIGRAM’s end-to-end AML compliance platform, combining software, data assets, and managed services for financial institutions and DNFBPs. Key modules relevant to Nigeria include:
PreScreening.io for KYC/name screening against global sanctions lists, PEP databases, and watchlists
Transact Comply for automated transaction monitoring with configurable rules
Entity Hero for entity risk assessment and scoring
Other Important AML Solutions Provided By ZIGRAM
DueDiliger for structured due diligence reports
Dragnet Alpha and SATOC for adverse media monitoring and real-time news scanning
The platform supports Nigerian-specific needs: CBN and NFIU reporting requirements, integration with local identity systems (NIN, BVN), and risk scoring calibrated to domestic risk typologies. Practical benefits include reduced false positives, faster onboarding, audit-ready logs for CBN and EFCC, and configurable rules that keep pace with regulatory changes.
Implementing a Risk-Based, Technology-Enabled AML Program
A phased approach works best for Nigerian institutions looking to ensure compliance:
Conduct an enterprise-wide AML/CFT risk assessment covering products, customers, geographies, delivery channels, and emerging risks (virtual assets, trade-based laundering, oil and gas sector exposures)
Map current controls against regulatory expectations and identify gaps through conducting risk assessments aligned with CBN and FATF standards
Deploy technology for name screening, adverse media, sanctions, and PEP screening-integrated into onboarding and periodic reviews
Design transaction monitoring rules and scenarios aligned with Nigeria-specific risk indicators, including cash-intensive businesses, cross-border trade flows, and politically exposed persons
Embed RegTech tools into daily workflows through collaboration between compliance, IT, and business teams, ensuring adoption and accountability
This approach follows international best practices while accounting for the realities of the Nigerian aml landscape.
Practical Steps to Achieve and Maintain AML Compliance in Nigeria
Over the next 12–24 months, Nigerian institutions should prioritize these actions to strengthen Nigeria AML compliance:
Update AML policies and procedures to reflect the Money Laundering (Prevention and Prohibition) Act 2022 and current CBN regulations
Conduct a thorough gap analysis against CBN AML/CFT Regulations and FATF standards, documenting findings
Refresh customer risk-rating models, especially for PEPs, virtual assets, and cross-border relationships
Establish clear governance: Board-level oversight, empowered MLRO, documented escalation procedures
Expand staff training programs to cover updated laws, red-flag scenarios, and reporting obligations
Document and test procedures for STR/CTR filing, sanctions screening, and regulatory engagement
Leverage ZIGRAM’s advisory and managed services alongside “The Complete AML System” to accelerate implementation, reduce manual burden, and maintain audit-ready records
A thorough understanding of both the legal framework and the operational tools available is what separates compliant institutions from those exposed to enforcement action.
Next Steps and How ZIGRAM Can Help
Now is the time to benchmark your current AML/CFT framework against Nigerian regulatory expectations and FATF standards. The institutions that invest in integrated, technology-enabled AML programs today will be the ones that maintain correspondent banking access, attract foreign capital, and prevent money laundering from undermining their operations.
ZIGRAM supports banks, fintechs, insurers, capital markets firms, and crypto platforms operating in Nigeria and other jurisdictions. Whether your use case involves correspondent banking, cross-border payments, virtual assets, or high-risk customer segments, “The Complete AML System” is built to adapt.
Book a demo of ZIGRAM’s “The Complete AML System” to see how integrated name screening, transaction monitoring, and risk assessment can be deployed in your environment. Schedule a discovery call with ZIGRAM’s team to discuss your specific compliance challenges and build a roadmap to operational resilience.
