Bank, Fintechs face scrutiny as CBN sets June deadline on AML systems

Nigerian banks, fintechs and payment operators are under fresh regulatory pressure after the Central Bank of Nigeria (CBN) ordered all financial institutions to submit detailed plans for upgrading their anti-money laundering systems by June 10, 2026, in a move that signals tighter scrutiny of compliance frameworks across the industry.

 

 

In a directive signed by Olubunmi Ayodele-Oni for the director of the Compliance Department, the CBN said banks, mobile money operators, international money transfer operators and other financial institutions must present comprehensive implementation plans for its newly introduced Baseline Standards for Automated AML/CFT/CPF solutions within three months of issuance, warning that submissions will form the basis for supervisory assessments.

Read also: Crypto shakeout deepens as dozens of blockchain projects shut down

The regulator said it had observed growing industry engagement following the rollout of the standards, including feedback from technology providers, but cautioned that there is a rising risk of misinterpreting its expectations, particularly where compliance is reduced to software features or vendor capabilities.

 

To address this, the CBN issued a guidance note clarifying that compliance will be assessed at the level of each financial institution, not outsourced to third-party providers, reinforcing a shift toward accountability, governance and end-to-end control of anti-financial crime systems.

 

Under the new requirements, lenders and payment firms must outline their current state of compliance, define target operating models, and provide clear timelines, ownership structures and governance arrangements for closing gaps. The plans must also demonstrate how institutions will ensure effectiveness, integration across systems and the ability to defend their frameworks under regulatory scrutiny.

 

“The implementation plan must cover all requirements set out in the Baseline Standards, clearly identify the current state, target state and actions required, include defined timelines, ownership and governance arrangements, and demonstrate how effectiveness, integration and defensibility will be achieved,”the CBN said in the circular.

 

The CBN said submissions must follow a prescribed template and be delivered in both editable and final formats, adding that incomplete or inconsistent filings could attract supervisory action, underscoring the tougher stance regulators are taking on financial crime risks.

 

The directive marks a shift from a largely technology-led compliance approach to one that prioritises institutional responsibility, as regulators seek to ensure that automated AML systems are fully embedded within broader risk management frameworks rather than treated as standalone tools.

 

The move could trigger increased compliance costs for banks and fintechs, particularly smaller operators that may need to overhaul legacy systems or strengthen governance structures to meet the new standards. It also raises the bar for integration, as institutions will be required to show that AML controls are embedded across customer onboarding, transaction monitoring and reporting processes.

Read also: CBN gives banks three weeks to deploy cybersecurity self-assessment tools

The June deadline sets up a critical test for the industry, with the CBN expected to use the submitted plans to evaluate the robustness of firms’ compliance strategies and their readiness to manage evolving financial crime risks in an increasingly digital financial system.

 

The Central Bank said it will continue to engage with institutions during the implementation period, but made clear that ultimate responsibility for compliance rests with each firm, reinforcing its message that strong governance, not just technology will determine regulatory outcomes.