What the CBN Now Requires
The Central Bank of Nigeria has progressively tightened its transaction monitoring requirements for licensed financial institutions. The current framework requires institutions to maintain automated transaction monitoring systems that can detect and report suspicious activity within defined timeframes. Understanding exactly what is required, and what the CBN expects to see during an examination, is essential for any compliance team.
The CBN expects institutions to have documented monitoring scenarios that correspond to the specific risk profile of their business. A payment switch with high transaction volumes has different monitoring obligations than a microfinance bank serving rural customers. The one-size-fits-all approach that was common in earlier compliance implementations is no longer acceptable.
Monitoring Scenarios the CBN Looks For
During an examination, CBN examiners typically look for evidence that an institution's monitoring system covers a core set of typologies. These include structuring, where customers break large transactions into smaller ones to avoid reporting thresholds. They include rapid movement of funds, where money enters and exits an account within a short window without a clear business purpose. They include dormant account activation, where accounts that have been inactive suddenly begin transacting at high volumes.
The CBN has provided specific guidance on mobile money monitoring in the context of its AML directive. We have covered the key requirements in our detailed breakdown of what financial institutions must do now.
Record-Keeping and Audit Trail Requirements
Transaction monitoring is not just about generating alerts. It is about maintaining an audit trail that demonstrates the institution's monitoring program is operating as intended. This means keeping records of every alert generated, the decision made on each alert, the rationale for closing or escalating it, and the outcome of any escalated investigation.
CBN examiners have the authority to request these records going back up to five years. Institutions that cannot produce complete alert disposition records will face criticism during examinations, even if the underlying monitoring system is sound.
SAR Filing Timelines
When a transaction monitoring alert is escalated and an investigation concludes that suspicious activity has occurred, the institution is required to file a Suspicious Activity Report with the NFIU within 24 hours of the decision to file. This timeline is strict. Institutions that take weeks to decide whether to file, or that batch file SARs at month end, are not complying with the requirement.
The 24-hour clock starts when the institution's designated compliance officer makes the determination that a report is required. This means the investigation and triage process needs to be completed before the clock starts, not after.
Calibration and Tuning Obligations
The CBN also expects institutions to demonstrate that their monitoring systems are calibrated to their specific risk profile and are reviewed periodically. Remllo's WatchTower platform includes built-in calibration workflows that help compliance teams keep their monitoring rules current.
