قائمة امتثال KYC وKYB وAML
الكونغو - كينشاسا KYC, KYB & AML
A source-backed 2026 implementation dataset for customer and business verification in the Democratic Republic of the Congo. It incorporates Law No. 22/068, BCC Instruction No. 15 modification No. 3, the statutory beneficial-owner regime and its pending central register, CENAREF reporting, CONASAFIC sanctions procedures, payment and transfer controls and the Digital Code's personal-data rules.
- تاريخ المراجعة
- 16 July 2026
- الإصدار
- 1.0
- مجالات رقابية
- 11
- فحوص تنفيذ
- 50
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ الكونغو - كينشاسا؟
تحوّل قائمة الكونغو - كينشاسا قواعد KYC وKYB وAML الأساسية إلى 11 مجالات رقابية و50 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Primary AML/CFT/CPF law
- Law No. 22/068 of 27 December 2022
- Financial intelligence unit
- Cellule nationale des renseignements financiers (CENAREF)
- STR timing
- Without delay once knowledge, suspicion or reasonable grounds exist; attempted transactions are included
- STR method
- Written, digital, electronic or telephone submission to CENAREF; telephone reports require prompt written confirmation
- Core AML retention
- 10 years from relationship end or transaction execution, by record class; specified intermediary wire data at least 5 years
- Beneficial-owner test
- More than 25% direct or indirect ownership or voting rights, other control, then the statutory management or legal-representative fallback
- Central BO register
- Required by Law No. 22/068 but the implementing Justice Ministry order was still a draft in April 2026
- BCC occasional CDD trigger
- Above USD 15,000 for the transactions and institutions covered by Instruction No. 15 modification No. 3, including linked transactions
- Cash and bearer instruments
- USD 10,000 equivalent statutory restriction, subject to stated exceptions and BCC derogations
- Cross-border cash declaration
- USD 10,000 equivalent or more on entry to or exit from the DRC
- Targeted sanctions
- Use CONASAFIC/Sentinelle and current UN and national lists; freeze without delay and without prior notice
- FATF status
- Substantially completed action plan in June 2026; still under increased monitoring pending on-site assessment
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في الكونغو - كينشاسا
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Scope, authorities and regulated activitiesBegin with the legal entity, activity and supervisor perimeter. The 2022 statute is broad; BCC instructions and other sector instruments apply only within their stated scopes.4 عناصر+
Law No. 22/068 applies broadly and identifies financial institutions and specified non-financial businesses and professions, including casinos, real-estate agents, precious-metals and stones dealers, accountants, lawyers, notaries and bailiffs.
- إجراء التنفيذ
- Map every entity, product, profession and customer-facing activity to the statutory reporting-person category and competent supervisor before configuring controls.
- الأدلة الواجب الاحتفاظ بها
- Signed perimeter memorandum, entity-product matrix, licence records and supervisor map.
- المصدر الأساسي
- Law No. 22/068, arts. 2-3
CENAREF is the financial-intelligence unit and recipient of suspicious transaction reports. BCC supervises regulated financial intermediaries and issues operational AML/CFT/CPF instructions for its sectors.
- إجراء التنفيذ
- Assign authority contacts, reporting ownership, BCC reporting obligations and escalation coverage, with controlled credentials and alternates.
- الأدلة الواجب الاحتفاظ بها
- Authority map, appointments, CENAREF procedure, BCC reporting calendar and access register.
- المصدر الأساسي
- Law No. 22/068, arts. 92-113; BCC Instruction No. 15 modification No. 3
Professional funds or value transfer and transport activity requires BCC approval, and payment, e-money, card and connected-service activity is subject to the applicable BCC licensing or authorisation perimeter.
- إجراء التنفيذ
- Do not launch regulated transfer, e-money, payment-instrument, aggregation or related infrastructure activity until BCC confirms the classification and grants every required approval.
- الأدلة الواجب الاحتفاظ بها
- Legal classification, BCC approval, licensed-service map, agent register and conditions tracker.
- المصدر الأساسي
- Law No. 22/068, arts. 69-70; Law No. 22/069; BCC Instructions Nos. 24 and 42
The statute treats virtual-asset service providers as reporting persons, but statutory AML coverage is not itself evidence of a current VASP licence.
- إجراء التنفيذ
- Block any virtual-asset product launch until the competent authority confirms the licensing basis, permitted services and AML, custody, technology and reporting conditions in writing.
- الأدلة الواجب الاحتفاظ بها
- Authority correspondence, legal opinion, licence or refusal, product restriction and control assessment.
- المصدر الأساسي
- Law No. 22/068, arts. 2-3 and 92
02Governance, risk assessment and control ownershipControls must follow documented ML, TF and proliferation-financing risk and be owned, resourced, tested and updated.4 عناصر+
Reporting persons identify, assess, understand and mitigate their exposure to ML, TF and proliferation-financing risk, proportionate to their nature, size and transaction volume.
- إجراء التنفيذ
- Maintain enterprise, customer, product, geographic, transaction and delivery-channel assessments and link the results to acceptance, CDD, monitoring, EDD and sanctions rules.
- الأدلة الواجب الاحتفاظ بها
- Risk methodology, assessment, data inputs, mitigation plan and governing-body approval.
- المصدر الأساسي
- Law No. 22/068, arts. 20-22; BCC Instruction No. 15 modification No. 3, arts. 6-8
A reporting person must maintain a risk-appropriate AML/CFT/CPF programme with compliance leadership, centralised information, independent audit, staff integrity checks, training, internal control and suspicious-reporting arrangements.
- إجراء التنفيذ
- Appoint accountable management and compliance owners, approve policies, protect independence and resources and test design and operating effectiveness.
- الأدلة الواجب الاحتفاظ بها
- Appointments, charter, policies, training logs, monitoring plan, audit reports and remediation tracker.
- المصدر الأساسي
- Law No. 22/068, arts. 44-45; BCC Instruction No. 15 modification No. 3, arts. 75-87
New products, business practices, channels and technologies require risk assessment before launch and proportionate mitigation.
- إجراء التنفيذ
- Assess identity fraud, impersonation, cyber, privacy, sanctions and transaction risks before production and gate launch on accepted residual risk.
- الأدلة الواجب الاحتفاظ بها
- Pre-launch assessment, threat model, vendor due diligence, tests and release approval.
- المصدر الأساسي
- Law No. 22/068, art. 22
Groups apply equivalent AML/CFT/CPF controls and information-sharing arrangements to branches and subsidiaries, subject to local-law conflicts; reliance on a third party does not transfer final responsibility.
- إجراء التنفيذ
- Set group minimums, document local-law gaps, obtain customer evidence immediately from relied-on parties and preserve audit and exit rights.
- الأدلة الواجب الاحتفاظ بها
- Group standard, conflict analysis, reliance contract, retrieval test and remediation record.
- المصدر الأساسي
- Law No. 22/068, arts. 27-30; BCC Instruction No. 15 modification No. 3, arts. 26 and 46-47
03Natural-person CDD and failed verificationIdentity is verified from reliable independent evidence at every applicable trigger, with a controlled outcome when verification cannot be completed.4 عناصر+
CDD applies before a relationship or qualifying occasional transaction, to linked operations, qualifying electronic transfers, whenever suspicion exists and whenever earlier identity information is doubtful. For institutions within BCC Instruction No. 15's scope, the listed occasional-transaction trigger is above USD 15,000.
- إجراء التنفيذ
- Configure relationship, aggregation, transfer, suspicion and refresh triggers; keep sector thresholds and exceptions in a governed register.
- الأدلة الواجب الاحتفاظ بها
- CDD trigger matrix, threshold register, aggregation tests, workflow configuration and exception report.
- المصدر الأساسي
- Law No. 22/068, arts. 31-32; BCC Instruction No. 15 modification No. 3, art. 10
Identify and verify a natural person using current official photo identification and reliable independent sources; verify address and any representative's authority.
- إجراء التنفيذ
- Validate the identity document, authenticity, identity attributes, address and mandate before activation, subject only to a documented lawful low-risk deferral.
- الأدلة الواجب الاحتفاظ بها
- Identity copy, authenticity result, source provenance, address evidence, mandate and completion timestamp.
- المصدر الأساسي
- Law No. 22/068, arts. 31 and 33; BCC Instruction No. 15 modification No. 3, arts. 10-16
Understand the purpose and intended nature of the relationship, expected activity, source of funds where appropriate and the customer's risk profile; anonymous, fictitious and pseudonymous accounts are prohibited.
- إجراء التنفيذ
- Capture expected products, flows, counterparties, countries and funding and compare later activity to the approved profile.
- الأدلة الواجب الاحتفاظ بها
- Purpose statement, expected-activity baseline, source evidence, risk score and account-opening controls.
- المصدر الأساسي
- Law No. 22/068, arts. 26 and 47; BCC Instruction No. 15 modification No. 3, arts. 9 and 27-31
If identity or beneficial ownership cannot be established, do not execute or begin the relationship; for an existing relationship, end it where required and assess an STR. If further CDD would tip off a suspected customer, stop the verification and report without delay.
- إجراء التنفيذ
- Route failed, doubtful or overdue CDD to decline, restriction or exit with a confidential CENAREF-reporting decision.
- الأدلة الواجب الاحتفاظ بها
- Failure reason, decline or restriction, exit record, STR decision and access log.
- المصدر الأساسي
- Law No. 22/068, arts. 36-38; BCC Instruction No. 15 modification No. 3, arts. 24 and 40
04KYB, commercial registry and beneficial ownershipLegal existence, authority and ultimate ownership or control are separate tests. The statutory central register is not a substitute for independent KYB.5 عناصر+
For a legal person or legal arrangement, verify constitution and existence, understand purpose, activity, ownership and control and identify directors and representatives.
- إجراء التنفيذ
- Collect a current RCCM or other official registry extract, constitutional documents, tax and licence evidence, registered address, directors and signatory mandates; reconcile material discrepancies.
- الأدلة الواجب الاحتفاظ بها
- Registry extract, statutes, tax evidence, licence, management list, mandate and discrepancy log.
- المصدر الأساسي
- Law No. 22/068, art. 34; BCC Instruction No. 15 modification No. 3, arts. 17-22
Identify the natural person who directly or indirectly owns more than 25% of capital or voting rights, then test control by other means and use the applicable statutory management or legal-representative fallback only if no natural person is otherwise identified.
- إجراء التنفيذ
- Trace every ownership layer, calculate direct and indirect interests, test factual and legal control and document any fallback.
- الأدلة الواجب الاحتفاظ بها
- Ownership chart, percentage calculations, control analysis, source records and verified BO files.
- المصدر الأساسي
- Law No. 22/068, arts. 35 and 39
Specified persons must declare and update beneficial-owner identity through GUCE or the National Cooperatives Service. Reporting persons collect and retain accurate current BO information and transmit information to GUCE under the implementing mechanism.
- إجراء التنفيذ
- Maintain an internal BO register and change trigger, prepare the statutory data set and preserve proof of any filing accepted by the competent registry.
- الأدلة الواجب الاحتفاظ بها
- Internal BO register, change log, filing package, registry receipt and reconciliation.
- المصدر الأساسي
- Law No. 22/068, arts. 39 and 46
The Justice Minister's order must establish the central BO register and its access, protection and retention mechanics. An official ITIE-RDC workshop on 9 April 2026 still described that order as a draft awaiting adoption and operationalisation.
- إجراء التنفيذ
- Do not invent a portal, form or deadline. Confirm the current order and GUCE workflow before automating central filing, while continuing statutory collection, verification and update controls.
- الأدلة الواجب الاحتفاظ بها
- Dated legal check, authority correspondence, current order, filing procedure and implementation ticket.
- المصدر الأساسي
- Law No. 22/068, arts. 40-43; ITIE-RDC, 9 April 2026
Reporting persons and supervisors report discrepancies in registered BO information to GUCE; if the legal person does not regularise within one month after GUCE's request, GUCE informs CENAREF.
- إجراء التنفيذ
- Maintain a discrepancy workflow that separates customer remediation, registry notification and any independent suspicious-reporting decision.
- الأدلة الواجب الاحتفاظ بها
- Discrepancy notice, customer evidence, GUCE correspondence, one-month timer and STR assessment.
- المصدر الأساسي
- Law No. 22/068, art. 42
05PEPs, enhanced due diligence and remote onboardingHigher-risk, politically exposed and non-face-to-face relationships require additional evidence, accountable approval and closer monitoring.5 عناصر+
Determine whether a customer or beneficial owner is a domestic, foreign or international-organisation PEP and cover statutory family members and close associates. The statutory definition looks back 36 months, subject to continuing risk-based enhanced measures.
- إجراء التنفيذ
- Screen before activation and continuously, resolve matches using reliable role and relationship evidence and record any decision to cease PEP treatment.
- الأدلة الواجب الاحتفاظ بها
- Screening result, match disposition, role evidence, relationship analysis and risk rationale.
- المصدر الأساسي
- Law No. 22/068, art. 3 definition 40 and arts. 53 and 56
A PEP relationship requires appropriate management approval, reasonable measures to establish source of wealth and source of funds and enhanced continuous monitoring.
- إجراء التنفيذ
- Collect and corroborate wealth and funds evidence, obtain approval before starting or maintaining the relationship and configure enhanced review.
- الأدلة الواجب الاحتفاظ بها
- Source-of-wealth and source-of-funds file, approval, monitoring plan and review history.
- المصدر الأساسي
- Law No. 22/068, art. 56; BCC Instruction No. 15 modification No. 3, arts. 41 and 64
Financial intermediaries within Instruction No. 15's scope inform CENAREF of an identified PEP at onboarding even where no suspicious indicator exists.
- إجراء التنفيذ
- Keep this PEP notification separate from an STR, confirm CENAREF's current submission channel and preserve the acknowledgement.
- الأدلة الواجب الاحتفاظ بها
- PEP notice, submission record, receipt and separate STR decision where applicable.
- المصدر الأساسي
- BCC Instruction No. 15 modification No. 3, art. 65
Complex, unusually large, unjustified or apparently non-economic activity requires enhanced examination. Instruction No. 15 requires enhanced review of cash or bearer activity at USD 10,000 equivalent or more for its covered institutions.
- إجراء التنفيذ
- Document origin and destination of funds, purpose, actors, corroboration and the final reporting decision in a confidential report.
- الأدلة الواجب الاحتفاظ بها
- Enhanced-review report, transaction data, source evidence, decision and reviewer sign-off.
- المصدر الأساسي
- Law No. 22/068, arts. 54-55; BCC Instruction No. 15 modification No. 3, arts. 61-63
Remote onboarding remains subject to full identity, beneficial-owner, sanctions and PEP controls, with adapted safeguards such as document authentication and independent verification.
- إجراء التنفيذ
- Use risk-based document integrity, liveness or presence, device, fraud and manual-escalation controls and validate them before production.
- الأدلة الواجب الاحتفاظ بها
- Remote-onboarding standard, vendor review, performance tests, fraud cases and exception log.
- المصدر الأساسي
- BCC Instruction No. 15 modification No. 3, arts. 23 and 25
06Ongoing monitoring, STRs and prohibited disclosureMonitoring must detect activity inconsistent with the known profile and route suspicion promptly and confidentially to CENAREF.5 عناصر+
Conduct ongoing monitoring, keep customer and BO information current and review BCC-sector customer risk profiles at least semi-annually under Instruction No. 15.
- إجراء التنفيذ
- Compare activity to purpose, expected behaviour, business and source of funds; trigger refresh after material identity, ownership, activity or risk changes.
- الأدلة الواجب الاحتفاظ بها
- Monitoring scenarios, alert decisions, profile review, change log and governance metrics.
- المصدر الأساسي
- Law No. 22/068, arts. 26 and 47; BCC Instruction No. 15 modification No. 3, arts. 27-31
Report without delay to CENAREF where there is knowledge, suspicion or reasonable grounds to suspect criminal proceeds or ML, TF or PF; attempted transactions and later information that changes an STR are included.
- إجراء التنفيذ
- Timestamp suspicion formation, submit immediately through the confirmed CENAREF route and send supplements without delay.
- الأدلة الواجب الاحتفاظ بها
- Suspicion timestamp, STR, submission proof, case reference and supplemental reports.
- المصدر الأساسي
- Law No. 22/068, art. 92; BCC Instruction No. 15 modification No. 3, arts. 88-90
Unresolved uncertainty about an originator, beneficial owner, trust settlor or similar arrangement is independently reportable. A separate threshold report for qualifying cash or e-money funds transmissions depends on an implementing Finance Minister order.
- إجراء التنفيذ
- File on unresolved identity uncertainty and keep any automatic threshold report disabled until the current ministerial amount and procedure are verified.
- الأدلة الواجب الاحتفاظ بها
- Identity-escalation decision, STR, controlled threshold register and authority confirmation.
- المصدر الأساسي
- Law No. 22/068, art. 92
An STR may be sent in writing, digitally, electronically or by telephone; a telephone report is confirmed in writing promptly. No authoritative public CENAREF self-service filing portal was verified at the review date.
- إجراء التنفيذ
- Confirm the current secure operational channel directly with CENAREF, maintain tested primary and contingency routes and preserve acknowledgements without delaying urgent reporting.
- الأدلة الواجب الاحتفاظ بها
- CENAREF confirmation, channel test, controlled contact list, submission and receipt.
- المصدر الأساسي
- Law No. 22/068, art. 94; BCC Instruction No. 15 modification No. 3, arts. 93-94
Do not disclose an STR, its content or its outcome to the customer or unauthorised third parties. CENAREF may oppose execution for up to seven days; the public prosecutor may extend or seize for up to eight additional days.
- إجراء التنفيذ
- Restrict case access, use approved customer communications and implement holds, extensions, releases and seizures exactly as instructed.
- الأدلة الواجب الاحتفاظ بها
- Access log, confidentiality script, hold timeline, CENAREF notice, judicial order and release record.
- المصدر الأساسي
- Law No. 22/068, arts. 93 and 96
07Cash, payments, wires and agentsCash restrictions, cross-border declarations, payment licensing and wire information are distinct controls and should not be collapsed into one threshold rule.5 عناصر+
Transactions at USD 10,000 equivalent or more generally may not be settled in cash or bearer instruments, subject to statutory exceptions and BCC derogations. This is a payment restriction, not a universal automatic STR threshold.
- إجراء التنفيذ
- Enforce the cashless rule, document any lawful exception or Instruction No. 15 bis derogation and separately assess unusual or suspicious activity.
- الأدلة الواجب الاحتفاظ بها
- Payment control, exception basis, BCC derogation, enhanced review and STR decision.
- المصدر الأساسي
- Law No. 22/068, art. 23; BCC Instruction No. 15 bis modification No. 4
A person entering or leaving the DRC declares cash or bearer negotiable instruments at USD 10,000 equivalent or more at the point of entry or exit.
- إجراء التنفيذ
- For relevant customer journeys and own-cash movements, provide the declaration requirement and retain customs evidence; do not treat the border rule as an account-monitoring report.
- الأدلة الواجب الاحتفاظ بها
- Procedure, declaration copy, customs receipt and exception or seizure record.
- المصدر الأساسي
- Law No. 22/068, art. 25
Wire messages carry required originator and beneficiary data. Missing or inaccurate information must be obtained and verified; if it remains unavailable, do not execute and inform CENAREF where applicable.
- إجراء التنفيذ
- Validate required fields before release, preserve unique references and route incomplete transfers to repair, rejection and suspicious-reporting assessment.
- الأدلة الواجب الاحتفاظ بها
- Field matrix, message sample, repair queue, rejection test and STR decision.
- المصدر الأساسي
- Law No. 22/068, arts. 57-61; BCC Instruction No. 15 modification No. 3, arts. 45 and 66-69
Instruction No. 15 article 67 provides narrowly framed online-payment verification relief only where no suspicion exists, funds move between qualifying named accounts and the transaction and rolling limits remain below USD 2,500 and USD 30,000 respectively.
- إجراء التنفيذ
- Apply the relief only after confirming the drafting and sector scope with BCC; configure both unit and rolling limits and full CDD on any exception or suspicion.
- الأدلة الواجب الاحتفاظ بها
- BCC confirmation, eligibility rules, threshold tests, named-account evidence and exception log.
- المصدر الأساسي
- BCC Instruction No. 15 modification No. 3, art. 67
Funds or value transfer providers using agents must notify the competent authority of agents, include them in the AML programme, monitor them and retain relevant operational information for CENAREF.
- إجراء التنفيذ
- Maintain an approved agent register, due diligence, training, transaction oversight, audit rights and termination controls.
- الأدلة الواجب الاحتفاظ بها
- Agent list, approval, contract, training, monitoring report and issue closure.
- المصدر الأساسي
- Law No. 22/068, arts. 69-70
08Sanctions, freezing and proliferation financingTargeted financial sanctions are implemented through current CONASAFIC, UN and national-list procedures and are operationally separate from suspicious reporting.4 عناصر+
Screen current UN and national designations disseminated by CONASAFIC, including names, aliases, identifiers and ownership or control; subscribe a monitored address to CONASAFIC alerts and use the Sentinelle platform.
- إجراء التنفيذ
- Automate list updates where reliable, test ingestion and matching, monitor alert delivery and preserve list-version evidence for every decision.
- الأدلة الواجب الاحتفاظ بها
- List inventory, Sentinelle access, alert subscription, update log, test results and match file.
- المصدر الأساسي
- Decrees Nos. 24/24 and 24/25; CONASAFIC list-diffusion procedure
Freeze designated funds, other assets and economic resources without delay and without prior notice, prevent any direct or indirect availability or service and prohibit circumvention.
- إجراء التنفيذ
- Execute the freeze immediately, secure all affected products and benefits and do not wait for an STR decision or customer contact.
- الأدلة الواجب الاحتفاظ بها
- Freeze timestamp, asset inventory, system blocks, decision record and no-notice control.
- المصدر الأساسي
- Law No. 22/068, arts. 152-163; Decree No. 24/24
Notify CENAREF and CONASAFIC without delay and report the measures and attempted transactions under the current procedure; follow authority instructions for false positives, exemptions, delisting and release.
- إجراء التنفيذ
- Use a controlled notification and case-management matrix and release property only on a valid authority instruction.
- الأدلة الواجب الاحتفاظ بها
- Notification, receipt, authority correspondence, false-positive analysis and release instruction.
- المصدر الأساسي
- Law No. 22/068, arts. 162-163; CONASAFIC guidelines and Sentinelle
A sanctions match, freeze and STR are separate decisions that may arise from the same facts.
- إجراء التنفيذ
- Link but do not merge the cases; record legal basis, decision owner, timing, confidentiality and communications for each track.
- الأدلة الواجب الاحتفاظ بها
- Linked case records, freeze action, separate STR assessment, access controls and audit trail.
- المصدر الأساسي
- Law No. 22/068, arts. 92 and 152-163
09Records, retention and authority accessRecords must support full reconstruction and prompt authorised access while protecting confidential reporting and personal data.4 عناصر+
Keep customer and beneficial-owner identity, account books, business correspondence and analysis for 10 years from account closure or relationship end, and transaction and enhanced-examination records for 10 years after execution.
- إجراء التنفيذ
- Map every AML record class to the correct event, preserve legal holds and prevent premature deletion.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule, lifecycle configuration, legal-hold procedure and deletion test.
- المصدر الأساسي
- Law No. 22/068, art. 48; BCC Instruction No. 15 modification No. 3, art. 48
An intermediary institution keeps received wire data for at least five years where technical constraints prevent it remaining attached to the corresponding domestic transfer.
- إجراء التنفيذ
- Preserve detached message data with a reliable link to the transaction and test retrieval and reconstruction.
- الأدلة الواجب الاحتفاظ بها
- Wire archive, linkage key, retention configuration and reconstruction test.
- المصدر الأساسي
- Law No. 22/068, art. 48; BCC Instruction No. 15 modification No. 3, art. 49
Provide required CDD and transaction records without delay to authorised judicial, investigative, supervisory and CENAREF authorities; professional secrecy cannot defeat a lawful request.
- إجراء التنفيذ
- Authenticate each request, apply least-privilege disclosure, log the response and maintain rapid searchable retrieval.
- الأدلة الواجب الاحتفاظ بها
- Authority-request register, authentication, response package, access log and retrieval test.
- المصدر الأساسي
- Law No. 22/068, arts. 49 and 97
STR and sanctions files require restricted access and tamper-evident auditability throughout retention.
- إجراء التنفيذ
- Separate confidential-case roles from ordinary customer service, preserve immutable event history and test unauthorised-access prevention.
- الأدلة الواجب الاحتفاظ بها
- Access matrix, immutable log, access review, incident record and audit result.
- المصدر الأساسي
- Law No. 22/068, arts. 93-105
10Privacy, biometrics and international transfersAML necessity does not displace the Digital Code. Identity and biometric processing require purpose, authority formalities, security, data-subject rights and transfer controls.6 عناصر+
Personal-data processing is generally subject to prior APD declaration; biometric, national-identifier, criminal, medical and foreign-transfer processing requires prior authorisation unless a specific exemption applies.
- إجراء التنفيذ
- Map every identity, biometric, screening, transaction and investigation purpose and determine the declaration, authorisation or documented exemption before production.
- الأدلة الواجب الاحتفاظ بها
- Processing inventory, legal-basis register, APD filing or decision, exemption analysis and privacy notice.
- المصدر الأساسي
- Ordinance-Law No. 23/010, arts. 183-191
Process data lawfully, fairly, transparently and for specified purposes; minimise it, keep it accurate, limit storage to necessity and apply appropriate technical and organisational security.
- إجراء التنفيذ
- Publish clear notices, define purpose and retention, restrict collection and access and implement backup, recovery, encryption and monitoring proportionate to risk.
- الأدلة الواجب الاحتفاظ بها
- Notice, data map, minimisation review, retention rules, security design and test results.
- المصدر الأساسي
- Ordinance-Law No. 23/010, arts. 192-195 and 220-224
Appoint an independent DPO and maintain processing records where required. The SME and startup exception does not apply to risky, non-occasional, special-category or criminal-data processing.
- إجراء التنفيذ
- Document whether the exception is available; for KYC and biometric operations, appoint the DPO, publish contact details and maintain controller and processor registers.
- الأدلة الواجب الاحتفاظ بها
- Applicability analysis, DPO appointment, contact notice, registers and management reporting.
- المصدر الأساسي
- Ordinance-Law No. 23/010, arts. 222 and 225-231
Notify the APD and affected person without delay of a personal-data breach, subject to the statutory exceptions for individual communication; processors alert controllers without delay.
- إجراء التنفيذ
- Maintain a tested incident plan, assess every security event promptly and document authority and individual notifications or the legal reason not to notify an individual.
- الأدلة الواجب الاحتفاظ بها
- Incident log, risk assessment, APD notice, individual communication and processor alert.
- المصدر الأساسي
- Ordinance-Law No. 23/010, art. 244
High-risk processing, including large-scale biometric identification and significant automated profiling, requires a data-protection impact assessment and may require prior APD consultation.
- إجراء التنفيذ
- Complete a DPIA before launch, involve the DPO and consult the APD if residual high risk remains.
- الأدلة الواجب الاحتفاظ بها
- DPIA, DPO advice, mitigation tests, APD consultation and launch decision.
- المصدر الأساسي
- Ordinance-Law No. 23/010, arts. 245-246
A foreign transfer requires prior APD authorisation and adequate protection or a documented statutory derogation. The APD was created by statute, but a fully operational public filing route was not verified at the review date.
- إجراء التنفيذ
- Map hosting and support locations, document the transfer basis and safeguards and obtain written current filing instructions before transferring KYC data abroad.
- الأدلة الواجب الاحتفاظ بها
- Transfer map, adequacy or derogation analysis, APD authorisation or correspondence, contract and access controls.
- المصدر الأساسي
- Ordinance-Law No. 23/010, arts. 187 and 201-202 and 262-263
11Implementation and audit evidence packA defensible programme links every rule to configuration, ownership, testing, dated source evidence and a controlled residual-risk decision.4 عناصر+
Run a documented pre-launch regulatory gate covering perimeter, licensing, CDD, BO, PEP, sanctions, monitoring, CENAREF reporting, records, privacy and payments.
- إجراء التنفيذ
- Block production until accountable owners approve control design and every material gap has a closed remediation or explicit lawful launch condition.
- الأدلة الواجب الاحتفاظ بها
- Launch checklist, approvals, test pack, gap register and release decision.
- المصدر الأساسي
- Law No. 22/068; applicable BCC, CONASAFIC and Digital Code instruments
Third-party verification, agents, cloud providers and outsourcing do not transfer the reporting entity's legal responsibility.
- إجراء التنفيذ
- Assess each provider, contract immediate evidence access and audit rights, test retrieval, monitor performance and maintain an exit plan.
- الأدلة الواجب الاحتفاظ بها
- Due-diligence file, contract, access test, monitoring report, issues and exit plan.
- المصدر الأساسي
- Law No. 22/068, arts. 29-30; BCC Instruction No. 15 modification No. 3, art. 26; Digital Code, arts. 224 and 229
Track official changes from the Gazette, CENAREF, BCC, GUCE, CONASAFIC, the Digital Ministry or APD, FATF and GABAC, especially the BO-register order, APD operating decree and threshold or filing orders.
- إجراء التنفيذ
- Assign source owners, review official updates on a controlled schedule and assess each change against policies, products and existing customers.
- الأدلة الواجب الاحتفاظ بها
- Legal inventory, dated monitoring log, impact assessment, implementation ticket and approval.
- المصدر الأساسي
- Official DRC authority and FATF publications
Independently test onboarding, BO, PEP, sanctions, payments, monitoring, STR, privacy and retention controls and preserve why each rule is configured as it is.
- إجراء التنفيذ
- Run risk-based monitoring and independent assurance, report material findings to governance and verify remediation to closure.
- الأدلة الواجب الاحتفاظ بها
- Control-to-law map, monitoring plan, audit report, issue register, closure evidence and release history.
- المصدر الأساسي
- Law No. 22/068, arts. 44-45; BCC Instruction No. 15 modification No. 3

11 مجال رقابي و50 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ الكونغو - كينشاسا
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ الكونغو - كينشاسا. تاريخ المراجعة التنظيمية: 16 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.0، تمت المراجعة في 16 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
25 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Law No. 22/068 of 27 December 2022 on AML/CFT/CPFRepublic of the DRC / ANAPI · Primary legislation
- Official company-creation and legal-document portalANAPI · Official government portal
- Banking regulatory register including Instruction No. 15 modification No. 3Banque Centrale du Congo · Official sector register
- Instruction No. 15 modification No. 3 on AML/CFT/CPF standardsBanque Centrale du Congo · Primary sector instruction
- Instruction No. 15 annexes on BCC reportingBanque Centrale du Congo · Primary sector reporting annex
- Instruction No. 15 bis modification No. 4 on cash and bearer derogationsBanque Centrale du Congo · Primary sector instruction
- Instruction No. 15 bis modification No. 4 PDFBanque Centrale du Congo · Primary sector instruction
- Payment-systems regulatory registerBanque Centrale du Congo · Official sector register
- Instruction No. 24 on e-money issuance and e-money institutionsBanque Centrale du Congo · Primary sector instruction
- Instruction No. 42 on card and electronic payment rulesBanque Centrale du Congo · Primary sector instruction
- BCC-authorised connected payment-service providersBanque Centrale du Congo · Official provider register
- Services attached to the Ministry of Finance, including CENAREFMinistry of Finance · Official authority directory
- CENAREF strategic activity report 2021-2023CENAREF · Official FIU report
- CONASAFIC official portalCONASAFIC / Ministry of Finance · Official sanctions portal
- CONASAFIC legal and procedure documentsCONASAFIC / Ministry of Finance · Official sanctions register
- Procedure for disseminating targeted-financial-sanctions listsCONASAFIC · Official sanctions procedure
- Sentinelle sanctions search, alert and compliance platformCONASAFIC · Official sanctions platform
- UN Security Council consolidated sanctions listUnited Nations · Official sanctions list
- Ordinance-Law No. 23/010 establishing the Digital CodeAutorite de Regulation du secteur de l'Electricite / Presidency of the DRC · Primary legislation
- Digital Code personal-data authority provisionsDroit-Numerique.cd · Legislation access and article index
- April 2026 workshop on the draft beneficial-owner-register orderITIE-RDC · Official implementation-status notice
- Jurisdictions under increased monitoring, 19 June 2026FATF · Official international status statement
- DRC mutual evaluation reportGABAC / FATF · Official historical assessment context
- Law No. 22/069 and current sanctions-framework documentsCONASAFIC · Official legislation and implementation register
- BCC regulatory publications and current contactsBanque Centrale du Congo · Official regulator portal
إجابات مباشرة
أسئلة KYC وKYB وAML في الكونغو - كينشاسا
What is the DRC's principal AML/CFT/CPF law?+
Law No. 22/068 of 27 December 2022 is the principal current statute. It replaced the 2004 AML/CFT law and covers money laundering, terrorist financing and proliferation financing.
Who receives suspicious transaction reports?+
CENAREF, the Cellule nationale des renseignements financiers, receives and analyses STRs. BCC receives separate supervisory reports from financial intermediaries within its scope.
When must an STR be filed?+
Without delay once the reporting person knows, suspects or has reasonable grounds to suspect criminal proceeds or links to ML, TF or PF. Attempted transactions and later information changing the suspicion are included.
How is an STR submitted?+
The law permits written, digital, electronic or telephone transmission to CENAREF, with prompt written confirmation of a telephone report. A public self-service CENAREF portal was not verified, so obtain the current secure operational channel directly from CENAREF.
Is every transaction over a fixed amount reported to CENAREF?+
No universal automatic transaction report should be inferred. Law No. 22/068 refers to a separate Finance Minister threshold for specified cash or e-money funds transmissions, but the current amount and procedure must be verified before automation.
What occasional CDD threshold applies to BCC-regulated institutions?+
BCC Instruction No. 15 modification No. 3 states a trigger above USD 15,000 for the transactions and institutions within its scope, including linked transactions. Suspicion and doubts about identity trigger CDD regardless of amount.
What beneficial-owner threshold applies?+
Law No. 22/068 uses more than 25% direct or indirect capital or voting rights, then control by other means and then the applicable statutory management or legal-representative fallback. Ownership percentage is not the only test.
Is the central beneficial-owner register operational?+
The law requires a GUCE-held register, but an official ITIE-RDC notice from 9 April 2026 described the establishing Justice Ministry order as a draft awaiting adoption and operationalisation. Confirm the current order and filing route before automating submission.
Can registry data replace independent KYB?+
No. Verify legal existence, authority, purpose, directors and every ownership or control layer using reliable evidence, and reconcile any registry discrepancy.
What happens when identity cannot be verified?+
Do not establish or execute the relationship or transaction, or end an existing relationship where required, and assess an STR without tipping off the customer. If further CDD itself would alert a suspected customer, stop and report without delay.
What rules apply to PEPs?+
Identify domestic, foreign and international-organisation PEPs, family and close associates; obtain appropriate approval; establish source of funds and wealth; and apply enhanced monitoring. BCC-covered institutions also notify CENAREF of identified PEPs under Instruction No. 15.
How long are AML records kept?+
Generally 10 years. Identity and relationship records run from closure or relationship end, while transaction and enhanced-review records run from execution. Specified detached intermediary wire information is retained at least five years.
What is the cash restriction?+
Transactions at USD 10,000 equivalent or more generally cannot be settled in cash or bearer instruments, subject to statutory exceptions and BCC derogations. That restriction is not itself a universal STR threshold.
When is a cross-border cash declaration required?+
A traveller entering or leaving the DRC declares cash or bearer negotiable instruments at USD 10,000 equivalent or more at the entry or exit point.
What happens on a sanctions match?+
Freeze covered funds, assets and economic resources without delay and without prior notice, prevent availability or services and notify CENAREF and CONASAFIC under the current procedure. Assess an STR separately.
Which sanctions lists should be screened?+
Use the current UN and national lists disseminated by CONASAFIC, subscribe to its secure alerts and use the Sentinelle platform. Preserve the exact list version and match decision.
Are virtual-asset services licensed?+
Law No. 22/068 places VASPs within the reporting perimeter, but this does not prove a current licensing route. Obtain written confirmation and any required approval before offering exchange, transfer, custody or related services.
Do biometrics and foreign cloud hosting require privacy approval?+
Yes. The Digital Code requires prior authorisation for biometric processing and contemplated foreign transfers unless a specific exception applies. Map purposes, security, DPIA and transfer safeguards and confirm the current APD filing process.
How quickly must a personal-data breach be notified?+
The Digital Code uses 'without delay' for controller notification to the APD and affected person and for a processor's alert to its controller, subject to statutory exceptions for individual communication.
Is the DRC on the FATF grey list?+
Yes, as of 16 July 2026. FATF determined in June 2026 that the DRC had substantially completed its action plan and warranted an on-site assessment, but it remained under increased monitoring pending that assessment.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 16 July 2026 · الإصدار 1.0
This checklist is general regulatory information, not legal advice or a licence determination. It reflects sources reviewed on 16 July 2026. Confirm current gazetted law, sector rules, thresholds, filing mechanics and supervisor expectations with Congolese counsel and the competent authority before launch. The statutory beneficial-owner register and the APD's operating procedures were not confirmed as fully operational public filing routes at the review date. VOVE ID can support evidence collection, screening and audit trails, but the reporting entity remains responsible for risk decisions, customer acceptance, reports, freezes and regulatory compliance.