قائمة امتثال KYC وKYB وAML
المغرب KYC, KYB & AML
A practical implementation checklist for regulated businesses operating in Morocco, with a focused overlay for banks, payment institutions and other entities supervised by Bank Al-Maghrib. It converts customer due diligence, beneficial ownership, remote onboarding, suspicious reporting, sanctions, monitoring, records and data-protection duties into operational controls and audit evidence.
- تاريخ المراجعة
- 15 July 2026
- الإصدار
- 1.0
- مجالات رقابية
- 7
- فحوص تنفيذ
- 42
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ المغرب؟
تحوّل قائمة المغرب قواعد KYC وKYB وAML الأساسية إلى 7 مجالات رقابية و42 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Financial intelligence unit
- Autorite Nationale du Renseignement Financier (ANRF)
- Banking and payments supervisor
- Bank Al-Maghrib
- BAM beneficial-owner threshold
- More than 25%, plus effective control
- Suspicion reporting
- Immediately once suspicion exists
- Record retention
- 10 years under the AML framework
- FATF public list
- Not listed as of 19 June 2026
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في المغرب
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Applicability and governanceMap every regulated activity, assign accountable governance and operate an appropriately resourced AML/CFT control framework.6 عناصر+
Map the national and sector perimeter
- إجراء التنفيذ
- Document every reporting entity and activity subject to Law No. 43-05. Map credit institutions, assimilated bodies and supervised financial conglomerates to Bank Al-Maghrib; currency-exchange companies to the Office des Changes; capital-market entities to AMMC; and insurance, reinsurance, insurance intermediaries, qualifying pension institutions and supervised financial conglomerates to ACAPS. Map lawyers, notaries and adouls to the governmental authority responsible for justice; offshore holding companies, chartered and accredited accountants to the governmental authority responsible for finance; casinos and gambling establishments jointly to the governmental authorities responsible for interior and finance; real-estate agents to the governmental authority responsible for housing; and dealers in precious metals, stones, antiquities and art to Customs and Indirect Tax Administration. ANRF supervises entities for which no other authority is designated. Apply Article 5's activity-specific DNFBP scope and its MAD 30,000 casino and MAD 150,000 cash-dealer thresholds.
- الأدلة الواجب الاحتفاظ بها
- Entity-perimeter memo, licence inventory, activity and threshold matrix, supervisor mapping and named obligations owner
- المصدر الأساسي
- Law 43-05, arts. 5 and 13.1, as amended by Law 12-18
Apply the correct Bank Al-Maghrib overlay
- إجراء التنفيذ
- For a Bank Al-Maghrib-supervised institution, map Circular 5/W/2017, Directive 2/W/2019 on customer and beneficial-owner identification, Directive 3/W/2019 on the risk-based approach and applicable product, agent, outsourcing, control and reporting rules.
- الأدلة الواجب الاحتفاظ بها
- BAM obligations register, control mapping, legal-change process and implementation owners
- المصدر الأساسي
- BAM Circular 5/W/2017; Directives 2/W/2019 and 3/W/2019
Make governance responsible for effectiveness
- إجراء التنفيذ
- Require the governing and executive bodies to approve the AML/CFT framework, risk appetite, customer-acceptance rules and material remediation; receive meaningful management information; and ensure the control function has sufficient authority, independence, people, systems and access.
- الأدلة الواجب الاحتفاظ بها
- Approved framework, committee terms, minutes, resource assessment, dashboards and remediation log
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017; BAM/ANRF AML/CFT Guide
Maintain an independent vigilance structure
- إجراء التنفيذ
- For a Bank Al-Maghrib-supervised institution, maintain an independent structure with sufficient qualified resources to administer vigilance and internal monitoring. It must centralise agency reports, examine unusual or complex transactions within a reasonable period, maintain enhanced monitoring of suspicious and higher-risk relationships, keep executive management continuously informed, liaise with ANRF and have timely access to all required customer and transaction information. Communicate to ANRF the directors and employees authorised to liaise and submit reports, together with the required description of the internal vigilance framework.
- الأدلة الواجب الاحتفاظ بها
- Appointment, organisation chart, mandate, resources, access profile, ANRF liaison notifications, framework description and filing authority
- المصدر الأساسي
- Law 43-05, art. 9; BAM Circular 5/W/2017, arts. 7-8
Maintain current policies and procedures
- إجراء التنفيذ
- Document customer acceptance, identification, beneficial ownership, customer risk, EDD, PEPs, sanctions, unusual activity, ANRF reporting, wires, agents, outsourcing, records, training, assurance and CNDP controls. Update them after legal, product, technology or risk change.
- الأدلة الواجب الاحتفاظ بها
- Policy suite, approvals, regulatory mapping, version history and staff attestations
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017
Train, test and remediate
- إجراء التنفيذ
- Provide continuous, role-appropriate AML/CFT training and regularly assess its effectiveness. For a Bank Al-Maghrib-supervised institution, perform the permanent and periodic controls required over the vigilance framework, policies, procedures, systems and staff implementation, and submit results and remediation plans to the audit committee. Apply independent assurance where required by the institution's control framework or another binding sector rule; otherwise treat independent testing as a recommended control rather than a universal statutory duty.
- الأدلة الواجب الاحتفاظ بها
- Training plan and effectiveness results, permanent and periodic control reports, audit-committee reporting, issue register and closure proof
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 9-11
02KYC and remote onboardingIdentify customers and representatives from reliable sources, understand the relationship and make remote onboarding equivalent to physical presence.6 عناصر+
Identify and verify every relationship
- إجراء التنفيذ
- Before establishing a relationship, identify and verify the customer, representative and persons acting on the customer's behalf using current, reliable and independent documents, data or information. Prohibit anonymous or manifestly fictitious accounts.
- الأدلة الواجب الاحتفاظ بها
- Identity record, document and database checks, representative authority, verification result and quality review
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017, arts. 14-15 and 25
Apply the occasional-customer rule
- إجراء التنفيذ
- For a Bank Al-Maghrib-supervised institution, identify and verify an occasional customer and the beneficial owner of the transaction regardless of transaction amount, as required by the amended circular. Do not substitute an unsupported general threshold.
- الأدلة الواجب الاحتفاظ بها
- Occasional-customer workflow, identity and beneficial-owner checks, transaction record and exception report
- المصدر الأساسي
- BAM Circular 5/W/2017, art. 14, as amended
Understand purpose and expected activity
- إجراء التنفيذ
- Record the purpose and intended nature of the relationship, occupation or business, products, expected volumes, channels, counterparties, geographies and source of funds where risk requires. Use the profile as the baseline for monitoring.
- الأدلة الواجب الاحتفاظ بها
- Customer profile, expected-activity fields, source evidence, risk rationale and review triggers
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017; Directive 2/W/2019
Stop and report failed CDD
- إجراء التنفيذ
- When identification data are incomplete or manifestly fictitious, do not establish the relationship or execute the operation and immediately submit a suspicion report. If appropriate vigilance cannot be completed for an existing relationship, stop operations, terminate the relationship and immediately report to ANRF.
- الأدلة الواجب الاحتفاظ بها
- Rejected or restricted case, reason code, closure decision, ANRF report and non-tipping-off controls
- المصدر الأساسي
- BAM Circular 5/W/2017, art. 26
Make remote identification equivalent to presence
- إجراء التنفيذ
- Before a bank or payment institution opens accounts remotely, deploy reliable and secure technology that provides risk-based equivalence to physical presence, verifies the authenticity of identity documents, mitigates impersonation and fraud and protects personal data.
- الأدلة الواجب الاحتفاظ بها
- Remote-onboarding design, document-authenticity result, biometric or equivalent control, fraud signals, security testing and privacy assessment
- المصدر الأساسي
- BAM Letter Circular 1/DSB/2020, arts. 1-3
Document remote-onboarding compliance
- إجراء التنفيذ
- Maintain a formal demonstration that the remote-account-opening system complies with Law No. 43-05, Letter Circular 1/DSB/2020 and the relevant FATF new-technology and CDD principles. Reassess after material technology, vendor or fraud-pattern change.
- الأدلة الواجب الاحتفاظ بها
- Compliance assessment, control mapping, approval, test results, change review and vendor oversight
- المصدر الأساسي
- BAM Letter Circular 1/DSB/2020, art. 3
03KYB and beneficial ownershipVerify legal existence, authority, ownership and effective control, and reconcile institution-held information with official records.6 عناصر+
Verify the legal person and representatives
- إجراء التنفيذ
- Verify legal name, form, registration, registered office, principal activity, tax identifiers, licences, constitutional documents, directors or managers, authorised representatives and each representative's authority using reliable independent sources, including OMPIC records where available.
- الأدلة الواجب الاحتفاظ بها
- Registry extract, constitutional records, tax and licence checks, representative authority and discrepancy log
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017, art. 15; OMPIC services
Identify natural-person beneficial owners
- إجراء التنفيذ
- For a company under the Bank Al-Maghrib circular, identify and verify every natural person who directly or indirectly holds more than 25% of capital or voting rights, or exercises effective control by any other means over management, direction, administration or the general meeting. Identify the natural person for whose account an activity or transaction is conducted.
- الأدلة الواجب الاحتفاظ بها
- Ownership chart to natural persons, percentages, control analysis, identity verification and account-beneficiary assessment
- المصدر الأساسي
- BAM Circular 5/W/2017, art. 1, as amended
Apply ownership tests beyond companies
- إجراء التنفيذ
- For another legal person or legal arrangement, identify the natural persons with rights over more than 25% of assets, those expected to acquire such rights under a legal instrument, and every person who ultimately controls the structure. Apply the trust or arrangement-party requirements relevant to the legal form.
- الأدلة الواجب الاحتفاظ بها
- Legal-form analysis, constitutional or trust instruments, asset-rights map, controllers and verification records
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 1 and 15
Use the beneficial-owner register as a source, not a substitute
- إجراء التنفيذ
- Obtain available beneficial-owner information through the OMPIC-managed register and compare it with the customer's declaration and ownership evidence. Resolve missing, stale or inconsistent information before approval and do not treat registry access as replacing independent AML verification.
- الأدلة الواجب الاحتفاظ بها
- RBE request or result, customer declaration, reconciliation, supporting ownership documents and resolved discrepancy
- المصدر الأساسي
- Law 43-05 transparency framework; OMPIC Beneficial Owners Register
Verify the licensed business and operating reality
- إجراء التنفيذ
- Confirm each required licence and compare the stated business to websites, premises, contracts, settlement accounts, customers, counterparties and transaction activity. Escalate shell characteristics, nominee control, unexplained ownership layers and inconsistent revenue or payment flows.
- الأدلة الواجب الاحتفاظ بها
- Regulator and licence check, operating-footprint evidence, website review, account match and escalation decision
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017; applicable sector licence
Keep corporate CDD current
- إجراء التنفيذ
- Refresh registration, ownership, control, representative, licence and business-profile information periodically according to risk and immediately after a material trigger. Re-screen new owners and controllers and recalculate the risk rating.
- الأدلة الواجب الاحتفاظ بها
- Review calendar, registry-change alerts, updated chart, screening, risk decision and overdue restrictions
- المصدر الأساسي
- BAM Circular 5/W/2017; Directive 2/W/2019
04Risk, PEPs and targeted financial sanctionsOperate documented institutional and customer risk assessment, enhanced PEP controls and immediate CNASNU sanctions implementation.6 عناصر+
Assess institutional ML/TF risk
- إجراء التنفيذ
- For a Bank Al-Maghrib-supervised institution, analyse and evaluate ML/TF risk at least annually across customer categories, countries and geographic areas, products, services, operations and distribution channels. Document results, present them to the governing body and implement proportionate limits and controls by product, service, period, transaction, channel and geography. Update sooner after a material risk, product, technology or business change.
- الأدلة الواجب الاحتفاظ بها
- Approved methodology, annual assessment, governing-body record, limits, residual-risk decisions, update log and remediation plan
- المصدر الأساسي
- BAM Circular 5/W/2017, art. 5; Directive 3/W/2019
Assign and explain customer risk
- إجراء التنفيذ
- Classify every relationship using documented factors and defensible data. Ensure higher-risk ratings drive senior approval, deeper source checks, stronger monitoring and more frequent review; control and document overrides.
- الأدلة الواجب الاحتفاظ بها
- Scoring methodology, input data, risk rating, override record, approver and next review date
- المصدر الأساسي
- BAM Circular 5/W/2017; Directive 3/W/2019
Identify politically exposed persons
- إجراء التنفيذ
- Screen customers, beneficial owners, representatives, family members and close associates to determine whether PEP risk applies under the current national and sector definitions. Repeat screening throughout the relationship and after ownership change.
- الأدلة الواجب الاحتفاظ بها
- PEP screening, relationship map, source data, alert decision and periodic rescreening
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017
Apply mandatory PEP measures
- إجراء التنفيذ
- Before establishing or continuing a PEP relationship, obtain the required senior-management approval, take reasonable measures to establish source of wealth and source of funds and apply enhanced ongoing monitoring proportionate to risk.
- الأدلة الواجب الاحتفاظ بها
- Senior approval, source-of-wealth and source-of-funds corroboration, EDD file and monitoring plan
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017
Screen current CNASNU and UN lists
- إجراء التنفيذ
- Register the institution and its permanent correspondents for the applicable CNASNU platform, list-update and notification services. Permanently and systematically screen prospective, existing and occasional customers, beneficial owners, controllers, representatives and every transaction party before onboarding, before executing a transaction and immediately after each CNASNU or UN list update.
- الأدلة الواجب الاحتفاظ بها
- CNASNU registration, correspondent appointments, authoritative-list inventory, update log, screening results, alert decisions and quality assurance
- المصدر الأساسي
- Law 43-05, art. 32; Decree 2-21-484; CNASNU Practical Guide
Freeze, prohibit and report without delay
- إجراء التنفيذ
- For a confirmed or unresolved suspected match, act immediately and without prior notice. Freeze all funds, assets and economic resources owned or controlled directly or indirectly, wholly or jointly, including generated income and assets held through an entity owned or controlled by the designated person or by a person acting on that person's behalf or direction. Prohibit transfer, conversion, disposition, movement, access, establishment of a relationship and direct or indirect provision or availability of funds, assets, economic resources, financial services or related services. Notify CNASNU concomitantly through its prescribed platform of the analysis and measures; maintain them until CNASNU issues the applicable confirmation, exemption, delisting or unfreezing decision. Record attempted transactions and make any separate ANRF suspicion report required by the facts.
- الأدلة الواجب الاحتفاظ بها
- Match validation, freeze and prohibition record, attempted activity, concomitant CNASNU notification, asset-scope analysis, ANRF decision and release authority
- المصدر الأساسي
- Law 43-05, art. 32; Decree 2-21-484; CNASNU Practical Guide
05Enhanced due diligenceApply proportionate additional measures to higher-risk customers, products, structures, geographies and counterparties.5 عناصر+
Apply EDD to higher-risk relationships
- إجراء التنفيذ
- Collect additional identity, ownership, business, purpose, source-of-funds and source-of-wealth information; obtain management approval; increase the frequency and depth of monitoring; and document why residual risk is acceptable.
- الأدلة الواجب الاحتفاظ بها
- EDD checklist, corroborating records, approval, monitoring plan and review date
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017, art. 40; Directive 3/W/2019
Control correspondent banking
- إجراء التنفيذ
- Before opening a foreign correspondent relationship, understand the institution's activities, reputation, quality of supervision, ownership and AML controls; establish responsibilities; obtain required approval; and prohibit shell-bank relationships and uncontrolled payable-through access.
- الأدلة الواجب الاحتفاظ بها
- Correspondent questionnaire, public-source checks, control assessment, approval, agreement and periodic review
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 41-44
Control non-face-to-face and anonymity risk
- إجراء التنفيذ
- Apply dedicated policies and additional safeguards to products, practices or technologies that do not involve physical presence or may facilitate anonymity. Tie control strength to documented impersonation, fraud, laundering and evasion risk.
- الأدلة الواجب الاحتفاظ بها
- Channel risk assessment, fraud and liveness controls, transaction limits, monitoring and exception review
- المصدر الأساسي
- BAM Circular 5/W/2017, art. 37; BAM Letter Circular 1/DSB/2020
Govern agents and outsourced providers
- إجراء التنفيذ
- Perform pre-appointment due diligence; contract for AML, security, confidentiality, records, incident reporting and audit rights; include agents in the institution's AML/CFT system; monitor compliance; and retain accountability for outsourced controls.
- الأدلة الواجب الاحتفاظ بها
- Due diligence, contract, agent register, training, monitoring, audit results and termination process
- المصدر الأساسي
- BAM Circular 5/W/2017, as amended; applicable outsourcing and agent rules
Investigate unusual or complex activity
- إجراء التنفيذ
- Promptly examine complex, unusually large, linked or otherwise unusual transactions and patterns with no apparent lawful or economic purpose. Document the background and purpose, escalate to the responsible structure and immediately report when suspicion exists.
- الأدلة الواجب الاحتفاظ بها
- Alert, investigation chronology, customer explanation, independent corroboration, decision and ANRF receipt where filed
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017, art. 39
06Ongoing monitoring, payments and fintech controlsKeep customer knowledge current, monitor behaviour and preserve complete payment information across the transaction chain.6 عناصر+
Monitor throughout the relationship
- إجراء التنفيذ
- Monitor transactions against the customer's purpose, expected activity, business, risk and source-of-funds profile. Use scenarios suited to products and channels, link related activity and provide investigators with complete data and case context.
- الأدلة الواجب الاحتفاظ بها
- Monitoring coverage, data lineage, scenario inventory, alerts, tuning, quality assurance and management metrics
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017; BAM/ANRF AML/CFT Guide
Refresh on schedule and trigger
- إجراء التنفيذ
- Update identity, beneficial ownership, business, expected activity, PEP, sanctions and risk information regularly according to risk and after a material trigger, including unusual behaviour, ownership change, new product use, adverse information or document expiry.
- الأدلة الواجب الاحتفاظ بها
- Risk-based review schedule, trigger feed, updated CDD, rescreening, risk decision and overdue dashboard
- المصدر الأساسي
- BAM Circular 5/W/2017; Directive 2/W/2019
Carry complete cross-border and domestic transfer information
- إجراء التنفيذ
- For every cross-border wire or funds transfer sent or received in a relationship or for an occasional customer, regardless of amount, include the required names or legal names of the originator and beneficiary and, where applicable, the beneficial owner; account numbers or traceable unique reference; originator address, customer identifier or date and place of birth; and transaction purpose. Intermediaries must preserve all accompanying information and detect missing fields. Domestic transfers must carry the same information unless it can be made available to the beneficiary institution or competent authority by another method within three business days after request; at minimum carry the originator account or unique reference permitting retrieval.
- الأدلة الواجب الاحتفاظ بها
- Payment-message fields, validation rules, sample domestic and cross-border transfers, three-business-day retrieval test, batch traceability and exception report
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 27-29, as amended
Control incomplete payment information
- إجراء التنفيذ
- Beneficiary and intermediary institutions must apply risk-based procedures to transfers received without required information. Suspend and request repair within a reasonable period; reject where information is not received within the permitted period; and terminate a correspondent relationship where the originating institution cannot comply. Submit an immediate suspicion report when missing information or surrounding facts create suspicion.
- الأدلة الواجب الاحتفاظ بها
- Repair and reject rules, exception queue, counterparty escalation, termination decision, ANRF report and response-time logs
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 28-29, as amended
Assess new products and technology before use
- إجراء التنفيذ
- Before launch or material change, assess customer-identification, fraud, cyber, anonymity, sanctions, monitoring, outsourcing, privacy and record risks. Approve proportionate controls and test that compliance evidence is complete and retrievable.
- الأدلة الواجب الاحتفاظ بها
- Pre-launch risk assessment, control design, approval, test results, monitoring plan and post-launch review
- المصدر الأساسي
- Law 43-05; BAM Circular 5/W/2017, art. 37; Directive 3/W/2019
Do not infer permission for virtual-asset activity
- إجراء التنفيذ
- Do not treat draft Law No. 42.25 or announced reform as present authorisation. The 5 April 2022 joint warning by Bank Al-Maghrib, AMMC and the Office des Changes states that use of virtual currencies remains unauthorised in Morocco and may violate current foreign-exchange rules. Do not offer, facilitate or accept virtual-currency activity unless the competent authority confirms the proposed activity is lawful under an enacted and effective framework. Reassess immediately if Law No. 42.25 or another binding framework is enacted and published.
- الأدلة الواجب الاحتفاظ بها
- Current legal opinion, regulator confirmation, product restriction, regulatory-change trigger and monitoring rules
- المصدر الأساسي
- Joint Moroccan Financial Authorities Warning, 5 April 2022
07Reporting, records, privacy and assuranceReport suspicion immediately, preserve reconstructable records and obtain the required CNDP clearance before processing personal data.7 عناصر+
Report suspicion immediately
- إجراء التنفيذ
- Submit a suspicion report to ANRF immediately when the institution knows, suspects or has reasonable grounds under the applicable rule, including linked or attempted activity where reportable. Do not wait for a monetary threshold or proof of predicate crime.
- الأدلة الواجب الاحتفاظ بها
- Case chronology, responsible-person decision time, ANRF report, submission receipt and escalation record
- المصدر الأساسي
- Law 43-05, arts. 9-11; BAM Circular 5/W/2017
Prevent tipping off and protect confidentiality
- إجراء التنفيذ
- Restrict access to reporting information and prevent disclosure to the customer or third parties that a suspicion report or related information has been submitted or is being considered. Use controlled customer communications during holds, exits and information requests.
- الأدلة الواجب الاحتفاظ بها
- Access controls, confidentiality procedure, communication templates, audit log and training
- المصدر الأساسي
- Law 43-05, art. 29
Retain AML records for ten years
- إجراء التنفيذ
- Keep customer and beneficial-owner identity records, transaction data, correspondence, analyses, reports, governance, training and control evidence for the applicable ten-year AML period, measured from the relationship end or transaction as required, and longer under a lawful hold.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule, repository controls, sample retrieval, legal-hold process and deletion evidence
- المصدر الأساسي
- Law 43-05 recordkeeping provisions; BAM Circular 5/W/2017
Obtain CNDP processing and transfer clearance
- إجراء التنفيذ
- Before implementing processing, submit the applicable CNDP prior declaration unless excluded, exempt or subject to prior authorisation. Obtain prior authorisation for sensitive data, change of purpose, offence or conviction data, use of the CIN number and interconnection of files having different purposes. Obtain the CNDP receipt or authorisation for the underlying processing before a foreign-transfer request. Before transferring or hosting data abroad, submit the required transfer filing and document the applicable route: an adequate destination, a specific Article 44 exception, an international agreement, or express reasoned CNDP authorisation supported by appropriate contractual or intra-group safeguards. Do not treat consent alone as a blanket solution for routine or systematic international KYC hosting.
- الأدلة الواجب الاحتفاظ بها
- Processing inventory, CNDP declaration, receipt or authorisation, CIN and sensitive-data assessment, transfer filing, legal route and safeguards
- المصدر الأساسي
- Law 09-08, arts. 12 and 43-44; CNDP Conditions and Notification Procedures
Apply purpose, proportionality and transparency
- إجراء التنفيذ
- Give the required collection notice, specify legitimate purposes, collect only necessary and proportionate data, keep it accurate and current, define retention, support access, rectification and opposition rights and document any AML-law restriction on ordinary rights handling.
- الأدلة الواجب الاحتفاظ بها
- Privacy notices, lawful-purpose register, field minimisation, rights log, retention mapping and AML exception decision
- المصدر الأساسي
- Law 09-08; CNDP Conditions
Secure data and govern processors
- إجراء التنفيذ
- Apply appropriate physical and logical security, confidentiality, access, audit and incident controls. Use contracts and audits to ensure processors and recipients comply with Law 09-08 and the approved purpose, security and transfer conditions.
- الأدلة الواجب الاحتفاظ بها
- Security assessment, access review, processor contract, audit, incident register and remediation
- المصدر الأساسي
- Law 09-08; CNDP Conditions
Maintain evidence-led regulatory assurance
- إجراء التنفيذ
- For Bank Al-Maghrib-supervised institutions, operate the required permanent and periodic controls across onboarding, ownership, customer risk, PEPs, sanctions, remote verification, monitoring, wires, reporting, records, agents and outsourcing. Test CNDP status and privacy controls under the applicable governance framework. Report exceptions and remediation to the audit committee and verify closure; use independent assurance where separately required or adopted by the institution.
- الأدلة الواجب الاحتفاظ بها
- Control inventory, permanent and periodic test scripts, sampled files, metrics, audit-committee reporting and closure proof
- المصدر الأساسي
- BAM Circular 5/W/2017, arts. 9-11; Law 09-08

7 مجال رقابي و42 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ المغرب
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ المغرب. تاريخ المراجعة التنظيمية: 15 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.0، تمت المراجعة في 15 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
16 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Consolidated legislative and regulatory texts governing credit institutions, including Law 43-05 and Circular 5/W/2017Bank Al-Maghrib · primary
- AML/CFT public guide, March 2025Bank Al-Maghrib · primary
- Letter Circular No. 1/DSB/2020 on remote account openingBank Al-Maghrib · primary
- National Financial Intelligence Authority official pageMinistry of Economy and Finance · primary
- Beneficial Owners RegisterOMPIC · primary
- Law No. 09-08 on personal-data processingCNDP · primary
- Conditions for processing personal dataCNDP · primary
- Personal-data notification proceduresCNDP · primary
- Law No. 12-18 amending Law No. 43-05CNASNU / Ministry of Justice · primary
- CNASNU reference textsCNASNU · primary
- CNASNU Practical Implementation GuideCNASNU · primary
- Joint warning against use of virtual currencies, 5 April 2022Office des Changes · primary
- National Personal Data Protection RegisterCNDP · primary
- Jurisdictions under Increased Monitoring, 19 June 2026FATF · primary
- KYC Compliance in Morocco 2026VOVE ID · contextual
- Navigating KYB in MoroccoVOVE ID · contextual
إجابات مباشرة
أسئلة KYC وKYB وAML في المغرب
Who receives suspicious transaction reports in Morocco?+
The Autorite Nationale du Renseignement Financier, or ANRF, is Morocco's financial intelligence unit. Reports must follow its current prescribed channel and format.
What beneficial-owner threshold applies under Bank Al-Maghrib's circular?+
For a company, identify a natural person who directly or indirectly holds more than 25% of capital or voting rights, and anyone exercising effective control by other means. The control test applies even when no one crosses the percentage threshold.
Can banks and payment institutions onboard customers remotely?+
Yes, subject to Bank Al-Maghrib Letter Circular 1/DSB/2020. The technology must provide risk-based equivalence to physical presence, authenticate identity documents, mitigate fraud and protect personal data.
Must a business notify the CNDP before KYC processing?+
A controller must complete the applicable prior declaration or obtain written authorisation before implementing processing. The underlying processing must be cleared before a foreign-transfer request, which must rely on an adequate destination, Article 44 exception, international agreement or express reasoned CNDP authorisation with appropriate safeguards.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 15 July 2026 · الإصدار 1.0
This checklist is general compliance information, not legal advice. Law No. 43-05 provides the national baseline, while the Bank Al-Maghrib material used here applies specifically to credit institutions and assimilated bodies, including payment institutions. Capital-markets, insurance, real-estate, legal, accounting and other covered sectors must add the current AMMC, ACAPS or other competent-supervisor rules. Confirm amendments, forms, thresholds, reporting channels and CNASNU decisions against current official Arabic or French texts before implementation.