Legal Framework And Strategies For Anti-Money Laundering (AML) And Counter-Terrorist Financing (CTF) Compliance In Nigeria

Introduction

In today's globalised financial landscape, local and cross-border financial transactions have become integral components of business operations, extending beyond financial institutions. Remittances are at an all time high, businesses are increasingly seeking funds on an international scale and cross-border trades are carried out on a day-to-day basis, requiring adequate structures, procedures and policies to ensure that such transactions and fundraising efforts adhere to regulations on money laundering and counter-terrorist financing. Anti-money laundering and counter-terrorist financing systems are crucial to prevent any potential violations that could compromise the integrity of business operations and the broader financial landscape of the countries where these businesses operate.

The Money Laundering Act (Nigeria) 2022 describes Money Laundering as the intentional concealment, disguise of origin, conversion, transfer, removal from the jurisdiction, acquisition, use, retention, or taking possession or control of any fund or property. This applies to any person or corporate body, whether in or outside Nigeria, who directly or indirectly engages in such activities with the knowledge or with reasonable grounds to believe that such fund or property is, or forms part of, the proceeds of an unlawful act.¹

Terrorist financing encompasses the various means and methods utilised by terrorist organisations to procure funds for their activities. These funds may originate from both legitimate sources, such as business profits and charitable organisations, as well as illicit activities, including trafficking in weapons, drugs, or people, and ransom obtained from kidnapping.²

Money laundering and terrorist financing are financial crimes that undermine the integrity and stability of a country's financial sector and pose significant threats to its external stability. They can lead to ineffective revenue collection and governance deficiencies and expose the nation to reputational risks within the international financial community. Nigeria, like many other countries, contends with the economic ramifications of these crimes, which extend far beyond mere financial transactions. As a result, it has established comprehensive legal frameworks and implemented various strategies to enhance anti-money laundering and counter-terrorist financing compliance.

Regulatory Framework for AML and CTF in Nigeria

Anti-money laundering (AML) and Counter-Terrorist Financing (CTF) legal and regulatory framework are a network of laws, regulations, and procedures designed to uncover illicit financial activities, including the financing of terrorist acts and the disguise of illicit funds as legitimate income, and reduce the ease of hiding proceeds of crime. AML/CTF compliance is essential not only for safeguarding the nation's financial system but also for maintaining the integrity of the broader international financial network.

In Nigeria, a comprehensive framework of laws, regulations, and guidelines combats money laundering, terrorist financing, and other financial crimes. These legislative instruments include primarily the Money Laundering (Prohibition) Act 2022, the Terrorism (Prevention) Act 2022, and the Proceeds of Crime (Recovery and Management) Act 2022.

The regulatory bodies responsible for enforcing Anti-Money Laundering (AML) compliance and combating the financing of terrorism (CFT) in Nigeria include:

• The Central Bank of Nigeria (CBN): The CBN plays a central role in formulating and implementing AML/CFT regulations, particularly for banks and other financial institutions.
• The Economic and Financial Crimes Commission (EFCC): Tasked with investigating and prosecuting cases related to money laundering and other financial crimes.
• The Nigerian Financial Intelligence Unit (NFIU): Responsible for receiving, analysing, and disseminating reports on suspicious transactions and other pertinent financial information.

In addition to the above laws and regulations, the following laws also govern AML and CFT compliance in Nigeria:

• The Central Bank of Nigeria (Anti Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction in Financial Institutions) Regulations, 2022
• Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction for Designated Non-Financial Businesses and Professions, and Other Related Matters) Regulations, 2022
• Nigeria Financial Intelligence Unit Act, 2018
• Advance Fee Fraud and Other Related Offences Act (AFF) 2006
• Economic and Financial Crime Commission Act 2004
• Independent Corrupt Practices and Other Related Offences Commission (ICPC) Act, 2000.

In addition to the foregoing, Nigeria is an active member of various regional and international AML/CFT organisations, recognising the importance of global cooperation in combating financial crime. As a member of organisations such as the Inter-Governmental Action Group against Money Laundering in West Africa (GIABA), the Financial Action Task Force (FATF), and the Egmont Group of Financial Intelligence Units, Nigeria collaborates with other nations to develop and implement AML/CFT standards and best practices.

These organisations play a crucial role in shaping Nigeria's domestic strategies towards addressing money laundering and terrorist financing.³

Components of an Effective AML/CFT Framework

In the fight against financial crime, the establishment of robust AML/CFT frameworks is paramount for both financial institutions and designated non-financial businesses and professions (DNFBPs). These frameworks serve as bulwarks against the proliferation of illicit financial activities, safeguarding the integrity of the financial system and protecting society from the harmful effects of money laundering and terrorist financing.

At the core of an effective AML/CFT framework lie several key components meticulously designed to address the multifaceted nature of financial crime. These components are often dictated by statute and global best practices and operate synergistically across financial institutions and DNFBPs, leveraging comprehensive risk assessments, due diligence measures, transaction monitoring systems, and stringent reporting obligations to detect, prevent, and mitigate the risks of illicit financial activities.

Components of an Effective AML/CFT Framework for Financial Institutions:

Risk Assessment:

• Conducting a comprehensive risk assessment to identify and understand the money laundering and terrorist financing risks associated with individual and business account customers
• Assessing customer demographics, occupations or product and services they offer, geographic locations, and other relevant factors to determine risk levels

Customer Due Diligence (CDD):

• Establishing customers' identities and verifying their identities through reliable and independent sources (such as government databases)
• Assessing the nature and purpose of customer relationships
• Conducting ongoing due diligence to update customer information and assess risk levels

Transaction Monitoring:

• Implementing transaction monitoring systems to detect and report suspicious activities, including unusual transaction patterns, large cash transactions, and transactions inconsistent with the customer's profile or expected behaviour
• Utilising advanced technology, such as artificial intelligence and machine learning, to enhance transaction monitoring capabilities and identify potential money laundering or terrorist financing activities

Enhanced Due Diligence (EDD):

• Implementing enhanced due diligence measures for higher-risk customers, including politically exposed persons (PEPs) and customers from high-risk jurisdictions⁴
• Conducting enhanced monitoring of transactions and scrutinising the source of funds for complex or unusual transactions

Suspicious Activity Reporting (SAR):

• Appointing competent money laundering reporting officers (MLROs)
• Establishing procedures for reporting suspicious transactions to the appropriate regulatory authorities, such as the Nigerian Financial Intelligence Units (NFIU), in a timely manner
• Providing staff with training on recognizing and reporting suspicious activities, ensuring that all relevant information is included in SARs to facilitate investigations

Compliance Policies and Procedures:

• Developing and implementing comprehensive AML/CTF policies and procedures tailored to the institution's risk profile and regulatory requirements
• Conducting regular reviews and updates of policies and procedures to address emerging risks and regulatory changes

Components of an Effective AML/CTF Framework for Designated Non-Financial Businesses and Professions (DNFBPs):

Risk Assessment:

• Conducting a comprehensive risk assessment to identify and understand the money laundering and terrorist financing risks associated with the business or profession
• Assessing customer demographics, product and service offerings, geographic locations, and other relevant factors to determine risk levels

Customer Due Diligence (CDD):

• Applying risk-based CDD measures to identify and verify the identity of customers, beneficial owners, and related parties
• Collecting and maintaining adequate records of customer information and transaction details to support ongoing monitoring, compliance and reporting obligations

Training and Awareness:

• Providing training and awareness programs to employees on AML/CFT requirements, including recognizing red flags and suspicious activities relevant to their roles
• Ensuring that employees understand their obligations and responsibilities under the AML/CFT framework and are equipped to comply effectively

Record-Keeping:

• Establishing record-keeping procedures to maintain accurate and up-to-date records of customer transactions, correspondence, and due diligence documentation
• Retaining records for the required period⁵ as prescribed by applicable regulations to facilitate audits, investigations, and regulatory examinations

Reporting Obligations:

• Establishing procedures for identifying and reporting suspicious transactions to the appropriate authorities, such as the NFIU or law enforcement agencies, in accordance with legal requirements
• Ensuring that employees understand their reporting obligations and are trained to recognize and escalate suspicious activities promptly

Determining Risk Profiles

An AML risk assessment involves determining the likelihood of a bad actor successfully exploiting a business' products, services, or platform for money laundering, terrorist financing, and other financial crimes.⁶ In Nigeria, businesses can choose to adopt a risk-based approach to mitigate financial crime risk, with the stringency of AML controls increasing in accordance with the level of risk (i.e. the higher the risk, the more stringent the AML controls). AML risk assessments help in identifying the specific types of money laundering risks a business faces, assessing the extent of this exposure, identifying appropriate measures to mitigate these risks, and evaluating their effectiveness to guide implementation. Collectively, these steps contribute to establishing a comprehensive understanding of a business' risk appetite.

What Are The Determinants of A Customer's Risk Profile?

Businesses can determine their customers' risk profiles based on the following primary risk indicators.

Type or nature of the customer

Customers with typically low-risk profiles are those with no adverse media and who are not PEPs. On the other hand, customers with high net worth, non-residents, and those with complex business structures would likely be considered medium-risk. Additionally, customers engaged with businesses in goods or services associated with money laundering, such as virtual asset service providers, gambling and cannabis products, can be deemed as higher risk.

Transactional Parameters

Where payments or financial transactions originate from a customer's personal bank account or cheque, they are typically considered safe and low-risk, especially if the transaction value is within the normal range for similar types of transactions and customers, taking into account the nature of the customer's business. Transactions involving cross-border transfers or frequent high-value transactions are generally categorised as medium risk. However, transactions involving unusually high values or full cash payments may pose a higher risk, particularly if they are conducted through an unrelated third-party account without any apparent business justification.

Jurisdiction of the customer

A customer originating from a country with stringent anti-financial crime regulations and transparent financial reporting standards is generally considered to present a lower AML/CFT risk to the business. Conversely, customers from jurisdictions with unclear financial reporting requirements, weak AML/CFT laws, tax havens, or countries known for bribery, corruption, or political instability are perceived to pose an elevated risk to the business.

Peculiarity of the customer's products or services

Goods or products with clear and easily traceable ownership are typically considered non-suspicious. This is because it is easy to ascertain ownership, making it easier to verify its legitimacy. Conversely, transactions related to luxurious items, especially if they are lacking or possessing weak documentation can raise suspicion. Lastly,dealing in goods with dual use (goods that can be used for both legal and illegal purposes) are generally deemed to have a higher risk profile. A ready example is that certain chemicals or technologies could have legitimate industrial uses but could also be used for illicit activities like drug production or weapons manufacturing.⁷

Delivery channels

Customers engaging in direct, regular, personal interactions with no agents and making payments from their own bank account are generally considered low-risk, while customers who avoid meeting in person or insist on involving third parties or intermediaries without any business justification can be classified as high-risk.

Compliance Strategies for Fintechs & Decentralised Finance Companies (DeFis)

Understanding that AML/CFT compliance is not just a legal requirement or a mere box-ticking exercise is essential. It is a fundamental pillar of a stable financial system and it is important for Fintechs and DeFis to implement AML/CFT frameworks like traditional banks, to monitor transactions, verify customer identities, and report suspicious activities.

By nature of the unique attributes of Fintechs and DeFis, compliance strategies must be agile, innovative, and robust to navigate the evolving regulatory landscape and mitigate the inherent risks associated with their business models. Here are tested and trusted compliance strategies tailored for Fintechs and DeFi companies:

Regulatory Navigation and Engagement

• It is paramount to stay abreast of regulatory developments and engage proactively with regulators to understand compliance requirements and avoid exposure to sanctions.
• Establish dedicated compliance teams or engage third-party compliance experts to interpret regulations, assess their impact, and implement appropriate measures.

Know Your Customer (KYC) and Anti-Money Laundering (AML) Measures

• Implement robust KYC and AML procedures to verify customer identities, assess risk levels, and monitor transactions for suspicious activities.
• Leverage advanced identity verification technologies or third-party identity verification firms with access to government databases, to streamline the onboarding process while enhancing compliance controls.

Transaction Monitoring and Surveillance

• Deploy sophisticated transaction monitoring and surveillance systems powered by artificial intelligence and machine learning algorithms to detect anomalies, unusual patterns, and potential money laundering activities.
• Implement real-time monitoring capabilities to enhance responsiveness and enable prompt detection and reporting of suspicious transactions.

Smart Contract Audits and Code Reviews:

• Conduct thorough audits and code reviews of smart contracts and decentralised applications (DApps) to identify vulnerabilities, mitigate risks, and ensure compliance with regulatory requirements.
• Engage reputable third-party auditing firms with expertise in blockchain technology and smart contract security to conduct independent assessments and provide assurance to stakeholders.

Compliance Automation and Reporting

• Automate compliance processes where feasible to improve efficiency, accuracy, and scalability while reducing operational costs and human error. This of course should be hand-in-hand with human monitoring and spot-checking.
• Implement reporting mechanisms to facilitate regulatory reporting requirements, including suspicious activity reporting (SAR) and regulatory filings, in a timely and compliant manner.

Education and Training

• Provide comprehensive and routine training programs to employees and stakeholders on AML/CFT obligations, regulatory compliance, and emerging risks specific to Fintechs and DeFi companies.
• Foster a top-down culture of compliance by promoting awareness, accountability, and ethical behaviour throughout the organisation.

Collaboration and Industry Engagement:

• Foster collaboration with industry peers, regulatory bodies, and law enforcement agencies to share best practices, exchange information, and address common challenges collectively.
• Participate in industry associations, working groups, and forums dedicated to Fintechs and DeFi to advocate for regulatory clarity, promote responsible innovation, and shape industry standards.

In conclusion, as the financial landscape continues to evolve, one thing remains certain: compliance is not just a checkbox; it is a strategic imperative. For traditional banks, Fintechs, DeFis, and DNFBPs, the journey towards regulatory compliance requires agility, innovation, and collaboration.

Traditional banks, with their deep-rooted expertise and established infrastructures, must embrace digital transformation and cultural change to remain competitive in an increasingly digitised world. Fintechs, the disruptors of the status quo, must balance innovation with regulatory responsibility, leveraging technology to enhance compliance while driving customer-centric solutions. DeFis, the pioneers of decentralised finance, must reconcile the promise of financial inclusion with the imperative of regulatory compliance, finding creative solutions that bridge the gap between innovation and oversight. Designated non-financial businesses and professions must recognise their pivotal role in the broader AML/CFT ecosystem, aligning with best practices and regulatory expectations to mitigate financial crime risks effectively. Together, these diverse stakeholders are a powerful force, working in tandem with regulators to swiftly resolve FATF deficiencies to get Nigeria off the grey list by 2025.

Footnotes

1. Money Laundering (Prevention and Prohibition) Act 2022, s.18(2)

2. The United Nations Office on Drugs and Crime "Countering the Financing of Terrorism" (https://www.unodc.org/unodc/en/terrorism/expertise/combating-terrorist-financing.html) assessed 7 March 2024"

3. https://www.fatf-gafi.org/en/countries/detail/Nigeria.html Nigeria was placed on the grey list in February 2023 and was given a 15-item Action Plan with deadlines spanning up till May 2025

4. "High risk jurisdictions are jurisdictions that have been assessed by the Financial Action Task Force (FATF) to have strategic deficiencies in their regimes to counter money laundering and terrorist financing.

5. For example, Section 8 (1)a of Money Laundering Act, 2022 prescribes a retention period of 5 years for financial institutions and DNFBPs.

6. Tim Stobierski, "AML risk assessments: What are they and how do they work?" (Persona) https://withpersona.com/blog/aml-risk-assessment) accessed 7 March 2024.

7. "Determining the Customer's Risk Profile" (AML UAE) (https://amluae.com/determining-the-customers-risk-profile/) accessed 7 March 2024.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.