In a strategic effort to combat money laundering and ensure compliance with relevant laws and regulations, the Central Bank of Nigeria (CBN) has introduced measures to support Financial Institutions (FIs) in implementing effective customer due diligence practices. These measures include Customer Due Diligence Regulation 2023 and the Guidance Notes on Politically Exposed Persons (PEPs). The legal basis for the formulation of these regulations are the Money Laundering (Prevention and Prohibition) Act 2022 and the Central Bank of Nigeria (CBN) AML/CFT/CPF Regulations 2022, aim to enhance transparency and integrity in the financial sector.  In this editorial, we examine the aims of these measures and their implications for financial institutions in Nigeria.


On 20th June 2023, the Customer Due Diligence (CDD) Regulation 2023 was formulated by the CBN, marking a significant milestone in bolstering the integrity of the financial sector. This regulation provides comprehensive guidelines and regulations to aid financial institutions, particularly banks, in implementing and ensuring compliance with customer due diligence practices. Customer due diligence is a crucial process through which financial institutions verify customer identities, assess risks, and gather vital information to mitigate the involvement of customers in illicit activities, such as money laundering and terrorist financing.

At its core, the CDD Regulation serves as a powerful tool to promote compliance and the adoption of best practices within financial institutions. It offers clear instructions and guidance on the effective execution of customer due diligence procedures, covering various stages of customer onboarding and ongoing monitoring.

Know-your-Customer (KYC) Requirements

The information required by Banks and other Financial Institutions for customer identification for individuals, to fulfil the KYC requirements are as follows:

i. Legal name and any other names used (such as maiden name)
ii. Permanent address
iii. Residential address
iv. Telephone number, e-mail, and social media handle
v. Date and place of birth
vi. Bank Verification Number (BVN)
vii. Tax Identification Number (TIN)
viii. Nationality
ix. Occupation (The public position held and name of the employer).
x. Type of account and nature of the banking relationship
xi. Signature
xii. An official personal identification number or other unique identifier contained in an unexpired document issued by a government agency, that bears a name, photograph, and signature of the customer such as passport, national identification card, resident permit, social security records, or driver’s license.
xiii. Politically exposed persons (PEPs) status

Where the customers are corporate bodies, the details to be obtained to fulfil the KYC requirement include:

i. Name of institution
ii. Mailing address
iii. Email and social media address
iv. Phone number
v. Registration number
vi. Registered address
vii. Business address
viii. Valid identification such as tax identification number
ix. Nature and purpose of business or activities
x. Certified true copy of documentary evidence confirming legal existence such as certificate of incorporation.
xi. Certified true copy of memorandum and articles of association or other similar documents
xii. Certified true copy of the list of directors and shareholders or similar documents
xiii. Board resolution to open the account.
xiv. Identification of those who have the authority to operate the account.
xv. Legal documentation indicating persons exercising control or significant influence over the legal persons and legal arrangements assets.
xvi. Valid means of identification of persons mentioned in the subparagraph.
xvii. Names and identification documents of the relevant persons having a senior management position in the legal persons and legal arrangements.

Providing these specific details enables FIs to identify and verify their customers’ identities. By collecting this data, institutions can ensure transparency, traceability, and accountability in their interactions with customers.

Other Obligations of Financial Institutions under the CDD Regulation

a) Obtaining information about the nature and purpose of a customer’s business: FIs are also required to obtain sufficient information about the nature and purpose of a customer’s business, including expected transaction patterns. They are also expected to be on alert for any significant changes in a business or its ownership. FIs must understand the source of funds deposited into a customer’s account and gather details about the customer’s occupation, employment, business activities, sources of wealth and income, as well as the expected origin of funds to be used. Ongoing due diligence is necessary to ensure that transactions align with the customer’s profile, business, and risk level. FIs are also expected to keep the information up-to-date, especially when an existing customer opens a new account.
b) Risk-based approach to customer verification: The regulation also introduces a risk-based approach to customer verification. FIs need to assess the risks associated with each customer, transaction, or product. Depending on the risks, they can use various levels of verification measures. For customers with low risks, simpler checks may be enough, but they still need to monitor their activities. Customers with higher risks, like non-residents or politically exposed persons, require more extensive checks. This includes getting more information, closely monitoring their transactions, and getting approval from higher-level management.
c) Confidentiality: A notable aspect of the regulation is the importance of keeping suspicious activities confidential and reporting them without tipping off the suspected individuals. FIs can rely on previous checks unless they have doubts about the information’s accuracy or if there have been significant changes in the customer’s situation. In such cases, they need to do more checks.
d) Record-keeping: FIs are required to keep records obtained through CDD measures, account files, business correspondence, and analysis results for at least five years following the termination of a business relationship or after an occasional transaction. Regular reviews of customer records should be conducted, with frequency depending on the customer’s risk level.

A key focus of the CDD Regulation 2023 lies in meticulous verification and validation of customer identities and an understanding of the nature and purpose of their business relationships. Through thorough identity verification and risk assessments, institutions can identify and mitigate potential risks associated with customers involved in illicit activities, ensuring the stability of the financial landscape. The regulation sets out stringent requirements for various aspects, including blind trusts, nominee directors and shareholders, refugees or asylum seekers, foreign students, minors, non-face-to-face customers, introductions from authorized financial intermediaries, corporate group introductions, acquisition of financial institutions and businesses, domiciliary accounts, safe custody and safety deposit boxes, retirement benefit programs, non-profit organizations (NPOs), and professional intermediaries. However, while the CDD Regulation 2023 represents progress in risk mitigation, it presents challenges for financial institutions. Compliance requires a significant allocation of resources, both in technology and manpower, to establish robust systems for identity verification, risk assessment, and ongoing monitoring. Striking the balance between regulatory compliance and operational efficiency continues to be a continuous test for financial institutions.


The CDD Regulation represents a significant milestone in enhancing the integrity of the financial sector and combating money laundering. The regulation provides comprehensive guidelines for FIs to implement effective customer due diligence practices, ensuring compliance with KYC requirements and promoting transparency in business relationships. By collecting detailed information about customers, conducting risk assessments, and adopting a risk-based approach to verification, FIs can mitigate the risks associated with illicit activities. However, compliance with the CDD Regulation poses challenges for institutions, necessitating substantial resources for technology, manpower, and operational efficiency. Despite these challenges, adherence to the regulation is crucial for maintaining a robust financial landscape and upholding regulatory standards in Nigeria.

Examining the Implications of the CDD Regulation and PEPs Guidance Notes (Thought Leadership) (1)