Learning Objectives

By the end of this lesson, you should be able to:

Identify and categorise risk factors in real estate transactions, including geographical, payment channel, client type, and product type risks.

Apply a risk-based approach to AML compliance, calibrating your efforts to the actual risk level each transaction presents.

Carry out KYC identity verification, including BVN/NIN collection and beneficial ownership identification.

Distinguish between Standard CDD, Simplified CDD, and Enhanced CDD and determine which applies to a given client or transaction.

Recognise red flags specific to Nigerian real estate transactions and respond appropriately.

Implement proper record-keeping and ongoing monitoring procedures consistent with NFIU requirements.

The risk-based approach is not a licence to be selective about compliance. It means you put the most effort where the most risk is.

You can’t treat every transaction the same. A retiree buying a modest home in Ibadan with a bank transfer from a salary account is not the same risk as a cash purchase of a five-bedroom waterfront property in Banana Island by a company registered in the British Virgin Islands.

The EFCC AML/CFT/CPF Regulations 2024 require DNFBPs to calibrate due diligence to the risk profile of the customer and transaction.

Uniform, box-ticking compliance generates paperwork that nobody reads. When you go through the motions on every transaction regardless of risk, you stop actually thinking about risk.

A risk-based approach forces you to actually look at the transaction in front of you.

Geographical risk. Where is the property, and where is the buyer from? Lagos and Abuja high-value property markets carry higher inherent risk. Transactions involving buyers in high-risk FATF jurisdictions are a red flag.

Payment channel risk. Bank transfers are lower risk than cash. Cash is always high risk. Cryptocurrency payments are high risk. Payments from third parties who are not the buyer are very high risk.

Client type risk. A PEP or their family member requires Enhanced Due Diligence by law. A company with complex ownership structures or registered in an offshore jurisdiction is higher risk than an individual. A diaspora buyer you can’t meet face-to-face adds uncertainty.

Product type risk. High-value luxury properties carry higher risk than mid-market residential. Off-plan purchases carry higher risk than completed property sales. Rapid resale after acquisition is a major red flag for layering.

Before any transaction proceeds, document your risk assessment. A structured checklist capturing the key risk factors, rating each as low, medium, or high, and producing an overall rating is enough.

The overall rating drives your CDD level. Low risk can qualify for Simplified CDD. Standard risk gets Standard CDD. High risk mandates Enhanced CDD.

You can’t launder money through a transaction if the professional handling the deal knows who you actually are.

SCUML registration is your prerequisite as a real estate professional. Before you can file STRs or interact with the NFIU, you need to be SCUML-registered.

Tier 1: basic accounts with low transaction limits. Name, address, phone number.

Tier 2: requires a government-issued photo ID.

Tier 3: full KYC including proof of address, BVN, and in-person or video-based verification.

For real estate transactions, you should be working to Tier 2 or Tier 3 standards on virtually every deal.

The CBN CDD Regulations 2023 made it mandatory: from April 2024, BVN or NIN is required for all account and wallet openings.

This links your client to a verified identity in a government database. Don’t just collect the number. Verify it. NIBSS provides BVN verification. The NIMC portal covers NIN.

The CBN CDD Regulations 2023 require collection of social media handles as part of KYC. Why? Because social media provides corroborating evidence of identity and lifestyle. A client claiming modest income but whose public profiles show an extravagant lifestyle is worth a second look.

For individual clients, at minimum a valid government-issued photo ID: International Passport, National Identity Card, Voters Card, or valid Nigerian Driver’s Licence.

Proof of address is required for Tier 3 and higher-risk clients: a recent utility bill, bank statement, or similar document.

For diaspora clients transacting remotely, require notarised copies of documents and use video verification.

When your client is a company, trust, or any non-individual entity, you must identify the beneficial owners. A beneficial owner is any individual who ultimately owns or controls 5% or more of the entity, or who exercises effective control.

The EFCC AML/CFT/CPF Regulations 2024 require this explicitly. Request the company’s Certificate of Incorporation, Memorandum and Articles of Association, and a current register of members and directors from the CAC. For each director and significant shareholder, run individual KYC.

A PEP is any individual who holds or has held a prominent public function: current or former ministers, governors, legislators, senior military officers, judges, senior executives of state-owned enterprises, senior political party officials.

PEP status is not a disqualification. But it is an automatic trigger for Enhanced Due Diligence. You must also consider PEP status for family members and close associates.

Standard CDD, Simplified CDD, and Enhanced CDD. Your risk assessment determines which level applies.

CDD is not a one-time event. It applies at onboarding, when the transaction structure changes materially, and on a periodic basis throughout an ongoing client relationship.

Identify the client using reliable, independent source documents.

Verify identity before or during the establishment of the business relationship.

Identify the beneficial owner.

Understand the purpose and intended nature of the business relationship.

Conduct ongoing due diligence and scrutiny of transactions.

Applies where the risk assessment produces a low-risk determination. Low-risk indicators: the client is a regulated Nigerian financial institution, the product is a standard residential mortgage with a well-documented institutional lender, or the transaction value is modest with payment entirely through a verified bank account.

Even with Simplified CDD, you still need to identify the client and understand the transaction.

Mandatory triggers: client is a PEP or family member; transaction involves a high-risk jurisdiction; client is a shell company or has complex ownership; transaction involves unusual payment patterns; risk assessment produces a high-risk rating.

For PEPs, you must establish source of funds and source of wealth, not just the source of the specific payment.

The Regulations require particular scrutiny of complex transactions: unusual or complex patterns, no apparent economic purpose, unusually large transactions.

If a transaction structure makes you wonder why anyone would do it this way, that’s a signal. Document your analysis.

If you cannot complete the required CDD, you must not proceed. Full stop.

You may also need to file an STR if the failure to provide documents is itself suspicious.

Watch for clients who insist on cash when a bank transfer would be simpler. Multiple instalments sized to stay under reporting thresholds. Cash payments from third parties who are not the buyer.

A property bought and resold within a short window is a classic layering technique. Ask about the seller’s history with the property.

Properties priced dramatically below market value can indicate distressed sellers or a scheme where the documented price is lower than actual consideration.

Overvaluation may be part of a mortgage fraud scheme.

Get independent valuations for high-value transactions.

Whenever funds come from a third party, you must KYC that third party as well.

When a company appears to have no genuine business activity, its ownership structure is obscured, and the directors are nominees who don’t control the entity, that’s a problem.

A client who refuses to provide identity documents, avoids face-to-face meetings, can’t explain source of funds, or becomes hostile when you ask routine compliance questions is telling you something.

For diaspora clients, require notarised identity documents, use video calls, and take extra care with source of funds verification.

The NFIU requires records for a minimum of five years after the transaction ends.

Client identity documents.

Risk assessment.

Source of funds documentation.

Beneficial ownership records.

Transaction records.

STRs filed.

CDD decisions (including refusals to proceed).

Physical records securely. Digital records backed up and protected. Use a business system with proper access controls.

If you have an ongoing relationship with a client, you need to continue monitoring. Periodic reviews of the client’s risk profile, especially if circumstances change.

Review frequency should match risk level. Document every review.

Enhanced scrutiny for complex or unusual transactions throughout a relationship, not just at onboarding.

Case Study: The Lagos Developer, the BVI Company, and the Broker Who Said No

An IMBLN-registered mortgage broker in Lagos was approached to facilitate the purchase of three luxury apartments in Victoria Island. Total transaction value: N750 million. The buyer was a company registered in the British Virgin Islands. The sole contact was a Nigerian solicitor who refused to disclose beneficial owners, citing client confidentiality.

The broker ran a risk assessment. Every dimension came up high. BVI jurisdiction. Cash installments. High-value luxury. Company with undisclosed beneficial owners. Stonewalling intermediary.

She applied Enhanced CDD. She requested CAC equivalent documentation, full beneficial ownership chain, source of funds evidence, and the identity of the instructing principal. The solicitor refused.

The broker refused to proceed and filed a Suspicious Transaction Report with the NFIU, documenting each red flag. She retained copies of all correspondence.

Six months later, the EFCC contacted her as a cooperative witness. The BVI company was under investigation for receiving proceeds of a major infrastructure contract fraud. Her records were complete. She faced no liability.

The broker lost a commission on a N750 million deal. But she avoided becoming complicit and protected herself completely. That’s what the risk-based approach buys you.

KEY TAKEAWAYS

The risk-based approach means calibrating your due diligence effort to actual risk. Low-risk transactions can qualify for Simplified CDD. High-risk transactions demand Enhanced CDD.

KYC in Nigeria requires BVN or NIN collection and verification for every client (mandatory since April 2024), valid photo ID, proof of address for higher-risk clients, and collection of social media handles.

Beneficial ownership identification is required for all non-individual clients. Trace ownership through every layer until you identify the human beings who ultimately own or control the entity.

PEPs and their family members automatically trigger Enhanced Due Diligence. You must verify source of funds AND source of wealth.

If you cannot complete the required CDD level, you must not proceed with the transaction. You may also need to file an STR.

NFIU record-keeping requirements mandate retention of all CDD records, transaction documents, and STRs for a minimum of five years.

Knowledge Check (10 Questions)

1. Under the CBN CDD Regulations 2023, which identifiers became mandatory for all account and wallet openings effective April 2024?

   1. Passport number and Tax Identification Number
   2. BVN or NIN
   3. Voters Card and utility bill
   4. SCUML registration number

2. Which regulation sets out CDD requirements for real estate professionals as DNFBPs?

   1. CBN CDD Regulations 2023
   2. NFIU AML Guidance Notes 2019
   3. EFCC AML/CFT/CPF Regulations 2024, Parts IV and V
   4. IMBL Act 2022, Section 41

3. A client is the spouse of a sitting Nigerian state governor. What level of CDD applies?

   1. Simplified CDD because the transaction is residential
   2. Standard CDD because the client is not personally a PEP
   3. Enhanced CDD because family members of PEPs are in scope
   4. No special CDD because the governor holds state rather than federal office

4. What does the NFIU require as the minimum record-retention period after a transaction ends?

   1. 2 years
   2. 3 years
   3. 5 years
   4. 10 years

5. A property buyer insists on paying in six separate cash instalments, each just below the mandatory reporting threshold. This is best described as:

   1. Legitimate instalment purchasing
   2. Structuring (smurfing), a money-laundering red flag
   3. A tax-efficient payment method
   4. An acceptable arrangement if disclosed in the sale agreement

6. You have completed onboarding for a client. Partway through the transaction, the client refuses to provide source-of-funds documentation. What must you do?

   1. Proceed but note the gap in your file
   2. Seek a waiver from the NFIU before proceeding
   3. Stop the transaction and consider filing an STR
   4. Complete the transaction and file the STR afterwards

7. Under the CBN CDD Regulations 2023, which of the following must be collected as part of the KYC process?

   1. Credit score from a licensed bureau
   2. Social media handles
   3. Professional references from two solicitors
   4. Certified copy of a marriage certificate where applicable

8. A company client has three layers of ownership, ultimately controlled by a director in the Cayman Islands whose identity the local contact refuses to disclose. What should you do?

   1. Accept the refusal and proceed on the basis of the local contact’s details
   2. Require disclosure of the ultimate beneficial owner and apply Enhanced CDD
   3. Apply Standard CDD since the company is the direct client
   4. Apply Simplified CDD if the property is standard residential

9. Which institution must Nigerian real estate professionals register with before they can file Suspicious Transaction Reports?

   1. CBN
   2. EFCC
   3. SCUML
   4. IMBLN

10. In the case study, what ultimately protected the broker from regulatory liability?

    1. She was introduced to the client by a regulated solicitor
    2. She completed the transaction within the prescribed time limit
    3. She applied Enhanced CDD, refused to proceed, filed an STR, and kept complete records
    4. She notified the EFCC before the NFIU had contacted her

Answers

Answers: 1. (b) 2. (c) 3. (c) 4. (c) 5. (b) 6. (c) 7. (b) 8. (b) 9. (c) 10. (c)

Further Reading

EFCC AML/CFT/CPF Regulations 2024, Parts IV and V

CBN Customer Due Diligence Regulations 2023

NFIU AML/CFT/CPF Risk-Based Supervision Guidelines for DNFBPs

FATF Guidance on Real Estate Sector

Money Laundering (Prevention and Prohibition) Act 2022, Sections 3-7

Investment and Mortgage Brokers’ Licensing Act 2022, Part V

Corporate Affairs Commission: Beneficial Ownership Search Framework

NIBSS BVN Verification Portal: https://www.nibss-plc.com.ng

NIMC NIN Verification Portal: https://www.nimc.gov.ng

SCUML Registration Guidelines: https://www.scuml.gov.ng

IMBL Nigeria Certification