The CBN Baseline Standards
for Automated AML Solutions

Sets the minimum functional footprint every AML system must cover.

• Customer ID & verification, risk profiling, sanctions screening
• Transaction monitoring, case management, regulatory reporting
• Audit trails, governance logs, and data protection controls
• Fraud on the same platform must be clearly segregated

Automated due diligence that stays live; even post-onboarding.

• Automated risk profiling for individuals and entities
• Continuous sync between KYC records, risk profiles & transactions
• Integration with BVN & NIN systems where available
• Institutions must notify CBN of all AML Solutions in use

Real-time screening that goes well beyond simple name matching.

• Integrated with domestic & global sanctions lists and PEP registers
• AI/fuzzy-matching for name variations and transliterations
• Adverse media and negative news monitoring included
• Automated transaction block on confirmed sanctions matches

Dynamic scoring that reflects how risk actually evolves over time.

• Configurable to the institution's documented risk appetite
• Dynamic customer risk profile updates as behaviour changes
• Enterprise-level risk measurement across products & channels
• AI/ML models require documented governance with human oversight

The most requirement-dense section; 13 requirements in total.

• Multi-scenario monitoring using KYC/KYB attributes, not just raw data
• Related-party mapping, network analysis & peer-group comparisons
• Annual independent AI/ML model validation (accuracy, bias, drift)
• Automated alert closure requires CBN notification & strict governance

Applies where your AML system also handles fraud.

• Real-time / near-real-time monitoring across cards, e-channels & deposits
• Clear AML/fraud separation of responsibilities in all workflows
• High/Above-Average risk institutions must roadmap unified architecture
• Material fraud indicators must feed into ML/TF/PF risk profiles

Every alert must be tracked, reviewed, and documented.

• Enterprise Case Management (ECM) with automated case creation
• Maker-Checker functionality and role-based escalation paths
• Full audit trail: user, timestamp, decision, and rationale
• Management reports on volumes, ageing & outcomes for the Board

Automated, structured reporting to regulators and internal stakeholders.

• Auto-generation of STRs, SARs, CTRs & FTRs in CBN-prescribed formats
• Internal MI reporting to CCO, senior management & Board
• External reports go only to regulators with a lawful mandate
• Internal governance required for review & approval before submission

Tamper-proof records that can withstand regulatory scrutiny.

• Immutable audit trail of all system & user activities incl. config changes
• End-to-end search & retrieval without disrupting live operations
• Forensic linkages: customer data, alerts, user actions & returns
• Documented governance framework with segregated access rights

Your AML system cannot be an island; it must connect to everything.

• Bidirectional integration with core banking & KYC systems in real time
• Well-documented, standards-based APIs and standardised data formats
• High/Above-Average risk institutions cannot use standalone transaction feeds
• Shared AML arrangements require prior CBN approval

Data security that meets NDPA and CBN cybersecurity requirements.

• Encryption at rest, in use, and in transit for all AML data
• Role-based access controls and Multi-Factor Authentication (MFA)
• NDPA compliance and Nigerian data sovereignty obligations
• Defined RTO & RPO based on a Business Impact Analysis

The system must support the people who use it, not hinder them.

• Real-time dashboards showing key metrics, alerts & case status
• User-friendly interface for compliance, monitoring & investigation teams
• Multi-entity, multi-currency & multi-jurisdiction configurations
• Documented processes for updating rules, thresholds & workflows