قائمة امتثال KYC وKYB وAML
موزمبيق KYC, KYB & AML
Operational evidence prompts for Mozambique's amended AML/CFT/CPF framework, GIFiM reporting, customer and beneficial-owner due diligence, CREL declarations, sanctions, payments, e-money, agents, VASPs and the current privacy and FATF position.
- تاريخ المراجعة
- 15 July 2026
- الإصدار
- 1.8
- مجالات رقابية
- 11
- فحوص تنفيذ
- 48
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ موزمبيق؟
تحوّل قائمة موزمبيق قواعد KYC وKYB وAML الأساسية إلى 11 مجالات رقابية و48 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Financial intelligence unit
- GIFiM
- Principal AML law
- Law 14/2023, as amended by Law 3/2024
- STR timing and method
- Electronic filing under GIFiM procedures within 24 hours of detection or execution; if impossible, no later than 3 working days; physical only exceptionally where technical conditions are unavailable
- Threshold reports
- Cash at or above MZN 250,000; other transactions at or above MZN 750,000; aggregate fractionation daily, weekly and monthly and report on the aggregate
- Occasional-transaction CDD
- At or above MZN 900,000, plus every statutory non-value trigger
- Beneficial-owner indicator
- Law 14/KYB/CREL: at least 10%; Decree 53 Article 13 indicator: more than 10%; always test other control and use fallback only after exhausting all possible means with no suspicion
- General AML retention
- 10 years after account closure or end of the relationship
- Targeted sanctions
- Freeze immediately, no later than 24 hours after dissemination, and report to GIFiM within the same 24-hour period
- FATF status
- Not under increased monitoring or a call for action at 15 July 2026; removed 24 October 2025
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في موزمبيق
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Scope, authorities and licensingStart with the regulated activity, reporting-entity category and responsible supervisor. AML duties do not replace market-entry authorization.4 عناصر+
Classify the entity and activity under the AML law
- إجراء التنفيذ
- Map every product and service to the financial-entity or designated non-financial category in Articles 4-5, including real estate, casinos, precious metals/stones, vehicles, legal/accounting and trust/company services where applicable.
- الأدلة الواجب الاحتفاظ بها
- Perimeter memorandum, product inventory, legal-entity chart, reporting-entity classification and approval record.
- المصدر الأساسي
- Law 14/2023, Articles 4-5
Map GIFiM and the competent supervisor
- إجراء التنفيذ
- Treat GIFiM as the FIU and identify the Article 55 supervisor: Banco de Moçambique for its financial sectors, the insurance supervisor, Inspecção-Geral de Jogos, a professional order, responsible ministry, or GIFiM where no other supervisor exists.
- الأدلة الواجب الاحتفاظ بها
- Supervisor map, registrations, regulatory contacts, filing credentials and inspection correspondence.
- المصدر الأساسي
- Law 14/2023, Articles 55-60; Law 2/2018; GIFiM official mandate
Obtain authorization before regulated financial or payment activity
- إجراء التنفيذ
- Classify banking, credit, e-money, funds-transfer and payment-aggregation models and obtain Banco authorization before incorporation or operation as required.
- الأدلة الواجب الاحتفاظ بها
- License or authorization, application pack, Banco correspondence, approved business plan and conditions register.
- المصدر الأساسي
- Law 20/2020, Article 16; Decree 50/2024, Articles 52-59; Banco licensing portal
Separate sandbox testing from production authorization
- إجراء التنفيذ
- Use Banco's regulatory sandbox only within approved test conditions and establish an authorized-partner or licensing route before production launch.
- الأدلة الواجب الاحتفاظ بها
- Sandbox approval, test scope, participant safeguards, exit plan, partner license or production authorization.
- المصدر الأساسي
- Banco de Moçambique regulatory sandbox official pages
02Governance and risk-based controlsControls must reflect documented ML, TF and PF risk rather than a threshold-only compliance model.4 عناصر+
Maintain an enterprise ML/TF/PF risk assessment
- إجراء التنفيذ
- Assess customers, products, services, transactions, channels, technology and geographies; document inherent risk, controls, residual risk and mitigation.
- الأدلة الواجب الاحتفاظ بها
- Approved risk assessment, methodology, source data, risk appetite, action plan and review minutes.
- المصدر الأساسي
- Law 14/2023, Articles 12-13; Decree 53/2023, Articles 4-9
Maintain governance, compliance and independent review
- إجراء التنفيذ
- Assign accountable senior management and compliance responsibility, maintain proportionate internal controls and test their design and operation independently.
- الأدلة الواجب الاحتفاظ بها
- Governance charter, appointments, management reports, compliance plan, independent-review reports and remediation evidence.
- المصدر الأساسي
- Law 14/2023, Articles 46-50; Notice 10/GBM/2024 for Banco-supervised institutions
Train relevant personnel and agents
- إجراء التنفيذ
- Deliver role-based training on CDD, beneficial ownership, PEPs, monitoring, reporting, sanctions and confidentiality, with sector-specific agent controls.
- الأدلة الواجب الاحتفاظ بها
- Curriculum, attendance, assessments, role matrix, refresher calendar and agent training records.
- المصدر الأساسي
- Law 14/2023, Article 51; Notice 10/GBM/2024, Articles 121-126
Apply the Banco sector overlay only where applicable
- إجراء التنفيذ
- For Banco-supervised institutions, map Notice 10/GBM/2024 requirements to controls, including governance, annual reporting, transfers, agents, e-money and VASPs.
- الأدلة الواجب الاحتفاظ بها
- Obligations register, Notice-to-control mapping, annual return and supervisory submissions.
- المصدر الأساسي
- Notice 10/GBM/2024, which repealed Notice 5/GBM/2022
03Natural-person customer due diligenceCDD is event-driven. Values below a threshold do not override suspicion, transfer, relationship or data-quality triggers.4 عناصر+
Trigger CDD at every statutory event
- إجراء التنفيذ
- Complete CDD when establishing a relationship; for an occasional transaction at or above MZN 900,000; for any domestic or international transfer; on suspicion regardless of value; or where prior identification data are doubtful.
- الأدلة الواجب الاحتفاظ بها
- Trigger matrix, system rules, linked-transaction aggregation, onboarding record and exception logs.
- المصدر الأساسي
- Law 14/2023, Article 15(1)-(2)
Collect prescribed natural-person data
- إجراء التنفيذ
- Capture name/signature, birth details, nationality, sex, marital status/regime, physical address, contacts, parentage, employment/profession and income, identity-document details, NUIT and the nature and amount of income.
- الأدلة الواجب الاحتفاظ بها
- Completed customer profile, source documents, NUIT, address and occupation/income evidence.
- المصدر الأساسي
- Decree 53/2023, Article 10(1)
Verify identity using valid authoritative evidence
- إجراء التنفيذ
- Verify with a valid document issued by a competent authority and containing a current photograph where applicable; authenticate documents and resolve inconsistencies.
- الأدلة الواجب الاحتفاظ بها
- Document image, authenticity result, issuer/expiry data, discrepancy resolution and reviewer audit trail.
- المصدر الأساسي
- Decree 53/2023, Article 11(1)-(2)
Control any low-risk alternative identification
- إجراء التنفيذ
- Use the two-witness/community-authority alternative only where Article 11's low-risk conditions are satisfied and the rationale is documented; never use it to bypass suspicion or higher risk.
- الأدلة الواجب الاحتفاظ بها
- Low-risk assessment, witness identities and standing, authority confirmation, approval and enhanced follow-up where needed.
- المصدر الأساسي
- Decree 53/2023, Article 11(2)(a)(xi)
04KYB, CREL and beneficial ownershipThe customer file must explain the entity's existence, purpose, authority, ownership and ultimate natural-person control and reconcile that analysis with CREL.4 عناصر+
Identify and verify the legal person
- إجراء التنفيذ
- Obtain name, seat/main establishment, contacts, senior managers, NUIT, purpose, activity/group, holders of at least 10% of capital or voting rights, representatives and powers; verify through CREL/public and constitutive records.
- الأدلة الواجب الاحتفاظ بها
- Current CREL certificate, statutes/formation instrument, NUIT, licenses, management record, mandates and foreign-document authentication where applicable.
- المصدر الأساسي
- Law 14/2023, Article 15(2)(f), as amended; Decree 53/2023, Articles 10(3) and 11(3)-(5)
Identify the ultimate beneficial owner
- إجراء التنفيذ
- Apply Law 14's at-least-10% direct/indirect ownership or control test, including collective-investment units, and control by other means. Separately record Decree 53 Article 13's more-than-10% ownership indicator. Current official CREL implementation guidance uses at least 10%. For trusts, identify settlor, trustee, protector if any, beneficiaries/classes and other ultimate controllers.
- الأدلة الواجب الاحتفاظ بها
- Dated ownership chart, registry/share records, voting/control agreements, separate threshold calculations, identity verification and trust instrument.
- المصدر الأساسي
- Law 14/2023, Article 3 and annexed glossary definition of ‘beneficiário efectivo,’ plus Article 22; Decree 53/2023, Articles 10 and 13; official CREL beneficial-owner implementation guidance, pending primary full-text confirmation for the registry element
Use the senior-manager fallback correctly
- إجراء التنفيذ
- Record a senior managing official only after exhausting all possible means, where there is no suspicion, and no natural person has been identified or doubts remain that an identified person is the beneficial owner.
- الأدلة الواجب الاحتفاظ بها
- Exhaustive search steps, negative or doubtful findings, no-suspicion conclusion, control analysis, escalation approval and senior-manager identity verification.
- المصدر الأساسي
- Decree 53/2023, Article 13(1)(d)
Follow and reconcile current CREL beneficial-owner implementation guidance
- إجراء التنفيذ
- Current official registry guidance instructs filing at incorporation, annually in the month of incorporation and within 30 days of a change. Treat the annual and 30-day periods as implementation guidance pending confirmation from a working official primary full-text copy, not as independently verified statutory deadlines. Capture the requested identity, NUIT, contact, percentage/type of control, effective date and supporting documents.
- الأدلة الواجب الاحتفاظ بها
- CREL declaration and receipt, guidance-based calendar, change log, beneficial-owner register, primary-source confirmation tracker and reconciliation to the KYC file.
- المصدر الأساسي
- Official CREL beneficial-owner implementation guide; article-level Decree-Law 1/2024 confirmation pending
05PEPs, enhanced due diligence and remote onboardingHigher-risk relationships require a reasoned escalation, not merely a screening flag.5 عناصر+
Identify PEP exposure across the relationship
- إجراء التنفيذ
- Screen customers, representatives and beneficial owners for domestic, foreign and international-organization PEP status, including family members and close associates.
- الأدلة الواجب الاحتفاظ بها
- List sources, screening timestamps, match adjudication, relationship mapping and review history.
- المصدر الأساسي
- Law 14/2023, Articles 23-24; Decree 53/2023, Article 44
Apply PEP approval, source and monitoring controls
- إجراء التنفيذ
- Obtain senior-management approval before starting or continuing the relationship, establish and evidence source of wealth and source of funds, and apply permanent enhanced monitoring.
- الأدلة الواجب الاحتفاظ بها
- Approval, wealth/funds evidence, plausibility assessment, EDD plan, alerts and periodic review.
- المصدر الأساسي
- Law 14/2023, Article 23, as amended by Law 3/2024
Do not auto-expire PEP controls
- إجراء التنفيذ
- Recognize the statutory 2-year formal post-office period, then continue proportionate measures while residual PEP risk remains.
- الأدلة الواجب الاحتفاظ بها
- Office-leaving date, 2-year review, residual-risk assessment, approval to retain or reduce controls.
- المصدر الأساسي
- Law 14/2023, Article 23(3)-(4)
Control non-face-to-face onboarding
- إجراء التنفيذ
- For financial institutions, complete all statutory CDD remotely using permitted secure identification/authentication methods, assess channel risk and require in-person identification where a discrepancy arises.
- الأدلة الواجب الاحتفاظ بها
- Remote CDD policy, consent where applicable, identity/liveness results, device/channel data, discrepancy and in-person resolution record.
- المصدر الأساسي
- Decree 53/2023, Article 48
Apply documented EDD to higher risk
- إجراء التنفيذ
- Investigate purpose, frequency, complexity, economic rationale, amounts, source/destination, geography, payment means and profile; obtain additional verification, higher approval, intensified monitoring and shorter refresh where required.
- الأدلة الواجب الاحتفاظ بها
- EDD questionnaire, source evidence, transaction rationale, approval, review frequency and enhanced-monitoring results.
- المصدر الأساسي
- Law 14/2023, Article 21; Decree 53/2023, Article 18
06Monitoring, failed CDD and GIFiM reportingMonitoring must join customer context, threshold aggregation, suspicious-activity escalation and confidential reporting.5 عناصر+
Monitor the relationship and refresh CDD
- إجراء التنفيذ
- Compare activity with known business, risk and source of funds; update immediately on doubt or suspicion and at intervals not exceeding 1 year for high-risk and 3 years for low-risk customers.
- الأدلة الواجب الاحتفاظ بها
- Expected-activity profile, monitoring rules, alert/case history, refresh calendar, updated documents and reviewer sign-off.
- المصدر الأساسي
- Law 14/2023, Article 15; Decree 53/2023, Articles 15 and 41
Stop or exit when CDD cannot be completed
- إجراء التنفيذ
- Where identification or verification duties cannot be completed, refuse to establish the business relationship or carry out the occasional transaction or operation; terminate an existing relationship where the identified risk cannot otherwise be managed; record the written conclusions; and submit an STR to GIFiM. Consult the competent judicial or police authorities before termination where it could prejudice an investigation. Stop further CDD where continuing would risk tipping off the customer.
- الأدلة الواجب الاحتفاظ بها
- System stop, refusal/exit decision, written conclusions, declined-operation log, authority-consultation record and STR receipt.
- المصدر الأساسي
- Law 14/2023, Articles 15(6) and 41; Decree 53/2023, Article 21
Submit STRs electronically under GIFiM procedures
- إجراء التنفيذ
- Escalate immediately and submit through the registered goAML channel within 24 hours of detecting suspicion or executing the transaction. If that is impossible, submit no later than 3 working days from detection or execution. Use physical documents only exceptionally where electronic technical conditions are unavailable and follow GIFiM procedures.
- الأدلة الواجب الاحتفاظ بها
- Detection/execution time, internal escalation, case analysis, goAML receipt/reference, impossibility rationale and exceptional physical-submission evidence where used.
- المصدر الأساسي
- Law 14/2023, Article 44(1)-(2); Decree 53/2023, Articles 26-27; GIFiM goAML portal
Submit statutory threshold reports
- إجراء التنفيذ
- Report cash transactions at or above MZN 250,000 and other transactions at or above MZN 750,000, whether single or fractionated. Detect and aggregate fractionation daily, weekly and monthly and report when the aggregate reaches the threshold. Use an extended arrangement only with supervisor authorization after GIFiM consultation and never beyond 6 months.
- الأدلة الواجب الاحتفاظ بها
- Daily/weekly/monthly aggregation logic, completeness reconciliation, submitted report and receipt, plus supervisor authorization, GIFiM consultation and duration where extended.
- المصدر الأساسي
- Law 14/2023, Article 44(3); Decree 53/2023, Article 24(3)-(5)
Preserve abstention and tipping-off controls
- إجراء التنفيذ
- Where founded suspicion requires abstention, stop execution and notify the Public Prosecutor and GIFiM immediately. Never reveal an STR, related communication or consideration to the customer or a third party.
- الأدلة الواجب الاحتفاظ بها
- Confidential abstention log, authority communication, suspension instruction, role-based access and neutral customer communication.
- المصدر الأساسي
- Law 14/2023, Articles 42 and 53; Decree 53/2023, Articles 22-23
07Payments, wires, thresholds, agents and VASPsPayment architecture changes both licensing and transaction-data obligations. Sector rules are additional to general AML duties.6 عناصر+
Carry exact international wire-transfer information
- إجراء التنفيذ
- Include originator name, account if used, address, national-ID or customer-ID number, date and place of birth; beneficiary name and account if used; beneficiary bank; and transaction value. Use a unique traceable reference where no account exists and keep the message attached through the chain.
- الأدلة الواجب الاحتفاظ بها
- Exact-field message mapping, required-field validation, unique-reference logic, intermediary preservation and sampled transfer record.
- المصدر الأساسي
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Constrain the reduced-information wire rule
- إجراء التنفيذ
- For cross-border transfers below MZN 30,000, retain the originator and beneficiary names plus both account numbers, or a unique transaction reference where no account exists. At MZN 30,000 or more, apply the full Article 50 information requirements and verify the beneficiary where required. Suspicion overrides reduced-information treatment.
- الأدلة الواجب الاحتفاظ بها
- Below-MZN-30,000 boundary rule, minimum-field test, full-information boundary, beneficiary verification, suspicion override and transfer record.
- المصدر الأساسي
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Treat missing wire information by institution role
- إجراء التنفيذ
- The originating bank must abstain from execution where required information is absent. Intermediary and beneficiary banks must detect missing information and use effective risk-based rules to execute, reject or suspend and determine follow-up. At MZN 30,000 or more, the beneficiary bank verifies the beneficiary if not previously verified and retains the information.
- الأدلة الواجب الاحتفاظ بها
- Originator hard stop, intermediary and beneficiary exception queues, risk disposition, follow-up, beneficiary verification and retained record.
- المصدر الأساسي
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Control payment and e-money agents
- إجراء التنفيذ
- Perform fit-and-proper and risk assessment, impose contractual controls, train and monitor agents, maintain a current list and report suspension/termination as required; terminate transfer/e-money agent contracts where AML/CFT/CPF training has not occurred for more than 1 year; retain principal responsibility for agent activity.
- الأدلة الواجب الاحتفاظ بها
- Agent due diligence, contract, risk score, training, monitoring, current list, annual assessment and termination/report record.
- المصدر الأساسي
- Decree 50/2024, Article 53; Notice 10/GBM/2024, Articles 121-126, specifically Article 122(2) for the training termination rule
Obtain VASP authorization and registration
- إجراء التنفيذ
- Before providing exchange, transfer, custody/administration or covered issuer-related virtual-asset services, obtain Banco authorization/registration and assess local scope for foreign services offered to residents.
- الأدلة الواجب الاحتفاظ بها
- Perimeter analysis, Notice 4 application, registration/authorization, controller and governance files, local representation and product inventory.
- المصدر الأساسي
- Law 14/2023, Articles 25-26; Notice 4/GBM/2023; Notice 10/GBM/2024, Articles 143 onward
Keep cross-border cash rules distinct
- إجراء التنفيذ
- For travellers or logistics, check the current exchange/customs declaration law. AT's portal currently displays values above MZN 10,000 national currency and USD 10,000 foreign currency; do not use these as customer-reporting thresholds.
- الأدلة الواجب الاحتفاظ بها
- Current AT check, declaration, currency/value record and customs receipt where applicable.
- المصدر الأساسي
- Law 14/2023, Article 45; Autoridade Tributária e-Viajante portal
08Targeted financial sanctionsTargeted financial sanctions require immediate list ingestion, screening, freezing and reporting, independent of ordinary transaction monitoring.4 عناصر+
Screen current UN and national designations
- إجراء التنفيذ
- Screen customers, beneficial owners, representatives, counterparties and transactions using current UN consolidated and nationally disseminated lists, including change-triggered rescreening.
- الأدلة الواجب الاحتفاظ بها
- List source/version/time, ingestion log, population coverage, screening results and match decisions.
- المصدر الأساسي
- Law 15/2023, as amended by Law 4/2024; Decree 54/2023; GIFiM TFS pages
Freeze immediately and without prior authorization
- إجراء التنفيذ
- Freeze designated funds and other assets without delay and without prior notice or authorization; complete the statutory process within 24 hours after communication of an international list or dissemination of a national list.
- الأدلة الواجب الاحتفاظ بها
- International-list communication or national-dissemination time, alert time, asset block time, asset inventory and decision record.
- المصدر الأساسي
- Law 15/2023, Articles 39-40, as amended by Law 4/2024; Decree 54/2023
Notify all required authorities and report freeze details
- إجراء التنفيذ
- On identifying linked assets, notify the Procurador-Geral da República, competent supervisor and GIFiM immediately. Within 24 hours of freezing or unfreezing, report to GIFiM the amount, asset type, date and time, including measures involving transactions or attempts.
- الأدلة الواجب الاحتفاظ بها
- Notices to PGR, supervisor and GIFiM; GIFiM receipt; amount/type/date/time schedule; attempted-transaction details and follow-up correspondence.
- المصدر الأساسي
- Law 14/2023, Article 63; Law 15/2023, Articles 39-40; Law 4/2024; Decree 54/2023
Control false positives and unfreezing
- إجراء التنفيذ
- Keep assets blocked while the match is unresolved and unfreeze only through the prescribed verification/authority process, retaining the full rationale and authorization.
- الأدلة الواجب الاحتفاظ بها
- Match analysis, identifiers compared, authority contact, unfreeze authorization, time stamps and customer communication review.
- المصدر الأساسي
- Law 15/2023, Articles 30 and 39-42, as amended by Law 4/2024; Decree 54/2023
09Retention and regulator accessRecords must be complete, reconstructable, confidential and promptly retrievable for competent authorities.4 عناصر+
Retain the general AML file for 10 years
- إجراء التنفيذ
- Keep customer, representative and beneficial-owner identification, risk assessments, reconstructable transactions, correspondence, reports and analyses for 10 years after account closure or relationship end.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule, closure/end date, immutable archive, sample retrieval and deletion hold.
- المصدر الأساسي
- Law 14/2023, Article 43; Decree 53/2023, Articles 29-30
Support extensions and legal holds
- إجراء التنفيذ
- Prevent deletion where a competent authority requires longer retention or an investigation, litigation or sanctions hold applies.
- الأدلة الواجب الاحتفاظ بها
- Legal-hold policy, authority request, affected-record inventory, release approval and audit log.
- المصدر الأساسي
- Law 14/2023, Article 43
Preserve separate statutory record classes
- إجراء التنفيذ
- Track sector-specific and document-specific clocks, including specified 5-year training/internal-review and trust-administration records, without shortening the general 10-year customer and transaction file.
- الأدلة الواجب الاحتفاظ بها
- Record-class inventory, legal mapping, minimum period, system rule and disposal approval.
- المصدر الأساسي
- Law 14/2023, Articles 43, 48 and 51; Decree 53/2023
Provide timely competent-authority access
- إجراء التنفيذ
- Index records so transactions, ownership/control, CDD decisions, reports and control operation can be produced promptly while restricting unauthorized access.
- الأدلة الواجب الاحتفاظ بها
- Retrieval test, regulator response pack, access logs, chain of custody and confidentiality approvals.
- المصدر الأساسي
- Law 14/2023, Articles 22, 43 and 55-60
10Personal data and privacy statusThe review found constitutional and electronic-transactions protections but no confirmed comprehensive personal-data protection act in force. The March 2026 instrument is a bill.4 عناصر+
Apply operative constitutional protections
- إجراء التنفيذ
- Respect Article 71 restrictions and access/rectification protections for personal data while documenting the statutory basis for AML collection, screening, retention and authority disclosure.
- الأدلة الواجب الاحتفاظ بها
- Data inventory, purpose/legal-basis mapping, notice, access/rectification workflow and disclosure register.
- المصدر الأساسي
- Constitution in force, Assembly of the Republic official page, Article 71
Secure electronic records and transactions
- إجراء التنفيذ
- Protect systems and data against unauthorized access and apply authentication, access control, logging, integrity and incident-response measures appropriate to the service.
- الأدلة الواجب الاحتفاظ بها
- Security policy, access matrix, authentication configuration, logs, vulnerability remediation and incident records.
- المصدر الأساسي
- Electronic Transactions Law 3/2017
Do not overstate unconfirmed general privacy duties
- إجراء التنفيذ
- Do not label GDPR-style controller registration, DPIA, breach-notification or international-transfer deadlines as generally enacted Mozambican requirements without a current sector-specific or enacted primary source.
- الأدلة الواجب الاحتفاظ بها
- Current-law check, sector mapping, legal advice where needed and product requirement traceability.
- المصدر الأساسي
- INTIC proposal updates dated 5 March, 28 May and 29 May 2026
Track the personal-data protection bill
- إجراء التنفيذ
- Monitor parliamentary passage, promulgation, gazette publication, commencement and transitional periods, then update controls only against the enacted text. INTIC's May updates still described the comprehensive measure as a proposal under parliamentary consideration.
- الأدلة الواجب الاحتفاظ بها
- Legislative tracker, official gazette check, impact assessment and approved implementation plan.
- المصدر الأساسي
- INTIC official March and May 2026 proposal-status updates
11Evidence packs and assuranceA defensible program links each legal obligation to a control, owner, record and tested outcome.4 عناصر+
Maintain a customer and KYB evidence pack
- إجراء التنفيذ
- Bundle verified identity, authority, purpose, expected activity, ownership/control, CREL reconciliation, risk rating, source evidence and approvals with timestamps and provenance.
- الأدلة الواجب الاحتفاظ بها
- Indexed customer file and completeness checklist.
- المصدر الأساسي
- Law 14/2023, Articles 15 and 22; Decree 53/2023, Articles 10-18
Maintain reporting and sanctions evidence packs
- إجراء التنفيذ
- Preserve alert-to-decision timelines, STR and threshold receipts, non-report rationale, abstention records, list versions, freeze timestamps and GIFiM notifications.
- الأدلة الواجب الاحتفاظ بها
- Case file, goAML receipt, threshold reconciliation, sanctions file and authority correspondence.
- المصدر الأساسي
- Law 14/2023, Articles 42-45 and 53; Law 15/2023; Decrees 53/2023 and 54/2023
Test data and control completeness
- إجراء التنفيذ
- Sample onboarding, refresh, monitoring, wires, reporting, sanctions, retention and agent controls; reconcile source populations to processed and reported outcomes.
- الأدلة الواجب الاحتفاظ بها
- Test plan, samples, findings, root-cause analysis, action owner and closure proof.
- المصدر الأساسي
- Law 14/2023, Articles 46-51; Notice 10/GBM/2024 where applicable
Track date-sensitive legal transitions
- إجراء التنفيذ
- Recheck FATF statements, sanctions lists, National Payments System bill promulgation/commencement, privacy-bill enactment, sector notices and thresholds before launch and at periodic legal review.
- الأدلة الواجب الاحتفاظ بها
- Legal inventory, source URLs, last-check date, change assessment, approvals and dataset revision log.
- المصدر الأساسي
- FATF statements dated 24 October 2025 and 19 June 2026; Assembly and INTIC official status pages

11 مجال رقابي و48 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ موزمبيق
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ موزمبيق. تاريخ المراجعة التنظيمية: 15 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.8، تمت المراجعة في 15 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
26 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Law 14/2023 of 28 August: AML/CFT/CPF preventive lawBanco de Moçambique / Boletim da República · Primary legislation
- Law 3/2024 and Law 4/2024 amendmentsBanco de Moçambique / Boletim da República · Amending legislation
- Decree 53/2023 and Decree 54/2023 regulationsBanco de Moçambique / Boletim da República · Regulations
- Notice 10/GBM/2024 AML/CFT/CPF directivesBanco de Moçambique · Financial-sector notice
- GIFiM mandateGIFiM · Official authority page
- goAML reporting portalGIFiM · Official reporting channel
- Law 15/2023 on terrorism and targeted financial sanctionsBanco de Moçambique / Boletim da República · Primary legislation
- GIFiM targeted-financial-sanctions documentsGIFiM · Official sanctions resource
- United Nations Security Council consolidated sanctions listUnited Nations Security Council · Official sanctions list
- CREL beneficial-owner filing guideLegal Entities Registry service · Official registry guidance
- Banco de Moçambique institution licensingBanco de Moçambique · Official licensing page
- Decree 50/2024 regulating credit institutions and financial companiesBanco de Moçambique / Boletim da República · Prudential and licensing regulation
- Notice 4/GBM/2023: VASP registration requirementsBanco de Moçambique · Virtual-asset sector notice
- Banco de Moçambique regulatory sandboxBanco de Moçambique · Official fintech page
- National payments law proposal approved for submission to Parliament, 18 February 2026Government of Mozambique · Official legislative-status page
- Constitution of the Republic of MozambiqueInstituto Nacional de Segurança Social de Moçambique · Constitution
- Electronic Transactions Law 3/2017Instituto Nacional das Comunicações de Moçambique · Primary legislation
- Personal-data protection bill sent for parliamentary debateINTIC · Official legislative-status notice
- Personal-data protection proposal remains before Parliament, 28 May 2026INTIC · Official legislative-status update
- INTIC privacy-law status update, 29 May 2026INTIC · Official legislative-status update
- Law 20/2020 on credit institutions and financial companiesBanco de Moçambique / Boletim da República · Primary legislation
- Notice 1/GBM/2026 creating the Mozambique Instant Payments SystemBanco de Moçambique / Boletim da República · Payments regulation
- Autoridade Tributária e-Viajante currency declaration portalAutoridade Tributária de Moçambique · Official declaration portal
- FATF Mozambique removal from increased monitoring, 24 October 2025Financial Action Task Force · Official public statement
- FATF jurisdictions under increased monitoring, 19 June 2026Financial Action Task Force · Official public statement
- FATF high-risk jurisdictions subject to a call for action, 19 June 2026Financial Action Task Force · Official public statement
إجابات مباشرة
أسئلة KYC وKYB وAML في موزمبيق
Who receives suspicious transaction reports in Mozambique?+
GIFiM is Mozambique's financial intelligence unit. Reporting entities register and submit electronically through GIFiM's goAML channel.
When must an STR be filed?+
Law 14/2023 requires immediate reporting once suspicion or reasonable grounds arise, including attempts. Decree 53/2023 requires electronic submission under GIFiM procedures within 24 hours of detection or execution; if impossible, no later than 3 working days. Physical submission is exceptional where technical conditions are unavailable. A value threshold does not replace an STR.
What happens when identification or verification duties cannot be completed?+
Where identification or verification duties cannot be completed, refuse to establish the business relationship or carry out the occasional transaction or operation; terminate an existing relationship where the identified risk cannot otherwise be managed; record the written conclusions; and submit an STR to GIFiM. Consult the competent judicial or police authorities before termination where it could prejudice an investigation. Stop further CDD where continuing would risk tipping off the customer. Citation: Law 14/2023, Articles 15(6) and 41; Decree 53/2023, Article 21
What transaction thresholds are reportable?+
Article 44(3) requires reports for cash transactions at or above MZN 250,000 and other transactions at or above MZN 750,000, whether single or fractionated. Decree 53/2023 requires daily, weekly and monthly fractionation detection and reporting on the aggregate. Any extended arrangement requires supervisor authorization after GIFiM consultation and cannot exceed 6 months.
When is customer due diligence required for an occasional transaction?+
The general occasional-transaction trigger is MZN 900,000 or more. CDD is also required for a relationship, any domestic or international transfer, suspicion regardless of value, and doubts about prior identification data.
Who is a beneficial owner?+
Law 14 applies at least 10% direct or indirect ownership/control, including collective-investment units, and control by other means; Decree 53 Article 13 separately uses more than 10% as an ownership indicator; KYB collection and CREL use at least 10%. The senior managing official fallback is available only after all possible means are exhausted, no suspicion exists, and no natural person is identified or doubts remain.
When must CREL beneficial-owner information be updated?+
Current official CREL implementation guidance instructs covered entities to declare at incorporation, annually in the month of incorporation and within 30 days of a change. Pending confirmation against a working official primary full-text copy of Decree-Law 1/2024, the annual and 30-day periods are presented as registry guidance, not independently verified statutory deadlines.
How long must AML records be retained?+
The general customer, beneficial-owner, transaction, correspondence, report and analysis file is retained for 10 years after account closure or the end of the relationship, subject to a longer authority requirement or legal hold.
Do payment, e-money, agent and VASP businesses need Banco approval?+
Regulated financial, payment and virtual-asset activities require the applicable Banco de Moçambique authorization or registration. Agent and sandbox arrangements do not replace the principal's responsibility or production licensing.
Does Mozambique have a comprehensive personal-data protection act in force?+
No comprehensive act was confirmed in force at 15 July 2026. Constitutional Article 71 and the Electronic Transactions Law remain relevant. INTIC's March and 28-29 May 2026 updates still describe a proposal under parliamentary consideration, so proposal duties must not be stated as current law.
Is Mozambique on the FATF grey list?+
No at the review date. FATF removed Mozambique from increased monitoring on 24 October 2025, and Mozambique is absent from both FATF statements of 19 June 2026. Institutions must still apply a current risk-based approach and monitor later statements.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 15 July 2026 · الإصدار 1.8
Prepared and reviewed on 15 July 2026 for operational compliance planning. It is not legal advice. Confirm the current consolidated Portuguese legislation, sector directions, sanctions lists, licensing perimeter, gazette status of the proposed national payments law, status and transition terms of the personal-data protection bill, and FATF statements before implementation. Thresholds and procedures in this guide are scope-specific and must not be generalized across sectors.