Nigeria's Central Bank Writes AI Model Validation Into Its New Automated AML Standards
Regulatory summary: The Central Bank of Nigeria has issued Baseline Standards for automated anti-money laundering systems that, for the first time, require any AI or machine learning model used in AML/CFT/CPF work to be explainable, governed, and independently validated at least once a year. The compliance clock started on March 10, 2026.
By Anthony Guerriero, Founder, The Leveraged Years · Reviewed by The Leveraged Years Editorial Desk · Published July 9, 2026 · Last updated July 9, 2026
The Leveraged Years AI Regulation Tracker
Key takeaways
The CBN moved AML technology from general expectation to a documented minimum standard, and it wrote AI and machine learning governance into that standard for the first time. Institutions must run automated, real-time monitoring, profiling, screening, and case management rather than relying on manual or batch processes, and where they use AI or ML models to do that work they must ensure the models are explainable, governed, and independently validated at least annually. The standards also require documented change control over monitoring logic and restrict automated closure of alerts to narrowly defined conditions.
Chief compliance officers, money laundering reporting officers, and heads of financial crime at Nigerian banks and payment institutions; model risk and validation teams; internal audit; and the RegTech and AML software vendors that sell monitoring, screening, and case management systems into Nigeria. Boutique and mid-tier institutions that outsourced this work to a single platform are affected as directly as large banks, because the validation and governance duties sit with the supervised institution, not the vendor.
Status: In force and running.
Inventory every automated AML component and flag which ones rely on AI or machine learning models. For each flagged model, stand up the three artifacts the standard names: an explainability record a supervisor could read, a governance and ownership document, and a scheduled independent validation. Confirm your submitted implementation roadmap maps to the 18 or 24 month deadline that applies to your institution type.
Date
Jurisdiction
Rule
Affected professionals
Status or effective date
2026-07-09
Nigeria
The CBN moved AML technology from general expectation to a documented minimum standard, and it wrote AI and machine learning governance into that standard for the first time. Institutions must run automated, real-time monitoring, profiling, screening, and case management rather than relying on manual or batch processes, and where they use AI or ML models to do that work they must ensure the models are explainable, governed, and independently validated at least annually. The standards also require documented change control over monitoring logic and restrict automated closure of alerts to narrowly defined conditions.
Chief compliance officers, money laundering reporting officers, and heads of financial crime at Nigerian banks and payment institutions; model risk and validation teams; internal audit; and the RegTech and AML software vendors that sell monitoring, screening, and case management systems into Nigeria. Boutique and mid-tier institutions that outsourced this work to a single platform are affected as directly as large banks, because the validation and governance duties sit with the supervised institution, not the vendor.
In force and running. Implementation started on the issuance date of March 10, 2026. The three month roadmap window closed around June 10, 2026. Institutions are now inside the multi-year build period toward full compliance.
Frequently Asked Questions
Are the CBN Baseline Standards binding, or just guidance?
They are binding. Circular BSD/DIR/PUB/LAB/019/002, issued March 10, 2026, sets mandatory minimum requirements for supervised institutions. A separate Guidance Note dated March 31, 2026 clarifies expectations. Non-compliance can draw remedial directives, administrative sanctions, and penalties.
Do the standards require institutions to use AI?
No. Institutions may use rules-based systems, machine learning models, or hybrid approaches, as long as the solution demonstrably meets the regulatory expectation. The AI-specific duties apply only where AI or ML models are actually deployed.
What exactly must institutions do about AI or ML models?
Where AI or machine learning models are deployed, institutions must ensure explainability, model governance, and independent validation of those models on at least an annual basis.
When do institutions have to be fully compliant?
Implementation began on March 10, 2026. An implementation roadmap was due within three months. Full compliance is due within 18 months for Deposit Money Banks and within 24 months for other financial institutions.
Who is covered by the standards?
CBN-supervised financial institutions, including Deposit Money Banks, mobile money operators, international money transfer operators, other financial institutions, and payment service providers. Technology vendors are drawn in through their clients' contractual and validation obligations.