قائمة امتثال KYC وKYB وAML
تونس KYC, KYB & AML
An implementation-focused checklist for fintechs, banks, financial institutions, payment institutions and other reporting persons operating in Tunisia. It translates the amended Organic Law No. 2015-26, current BCT sector rules, the National Register of Enterprises framework, targeted-financial-sanctions procedures and INPDP privacy formalities into operational controls and audit evidence.
- تاريخ المراجعة
- 15 July 2026
- الإصدار
- 1.2
- مجالات رقابية
- 11
- فحوص تنفيذ
- 59
إجابة مباشرة
ما الذي تغطيه قائمة الامتثال الخاصة بـ تونس؟
تحوّل قائمة تونس قواعد KYC وKYB وAML الأساسية إلى 11 مجالات رقابية و59 فحوص تنفيذ، وتشمل الجهات المختصة وواجبات الإبلاغ والأدلة الواجب الاحتفاظ بها.
حقائق تنظيمية أساسية
- Primary AML law
- Organic Law No. 2015-26, as amended
- Financial intelligence unit
- CTAF
- Banking and payments authority
- BCT
- Privacy authority
- INPDP
- Core AML record period
- At least 10 years
- FATF status
- Not under increased monitoring
تفاصيل التنفيذ
متطلبات وإجراءات الامتثال في تونس
افتح كل مجال لمراجعة المتطلب وإجراء التنفيذ المقترح والأدلة الواجب الاحتفاظ بها والمصدر الأساسي.
01Confirm scope, authorities and permissionsDetermine first whether each activity falls within the general reporting-person perimeter and then add the rules of the competent sector supervisor.6 عناصر+
Document whether each entity and activity is within Article 107's reporting-person perimeter.
- إجراء التنفيذ
- Map products and legal entities to banks and financial institutions, microfinance institutions, the National Post Office, securities intermediaries and portfolio managers, exchange offices, insurance businesses, or the specified designated non-financial businesses and professions. Do not assume that every commercial business is an Article 107 reporting person.
- الأدلة الواجب الاحتفاظ بها
- Signed perimeter memorandum; entity-product matrix; accountable supervisor mapping.
- المصدر الأساسي
- Organic Law No. 2015-26, as amended, art. 107
Recognise CTAF as the national FIU and reporting authority.
- إجراء التنفيذ
- Maintain a controlled route for reports, information requests and freeze instructions. CTAF is established at BCT under Article 118 and receives and analyses suspicious reports under Article 120.
- الأدلة الواجب الاحتفاظ بها
- CTAF reporting procedure; nominated contacts; secure access register.
- المصدر الأساسي
- Organic Law No. 2015-26, as amended, arts. 118 and 120
Obtain BCT approval before conducting regulated banking, financial or payment-institution activity.
- إجراء التنفيذ
- Classify the proposed service under the licensing provisions of Law No. 2016-48 and the Commission d'agrement approval procedure in Decision No. 2017-04, as amended by Decision No. 2019-20. A technology, agent or outsourcing label does not remove the licensed institution's responsibility or create an exemption.
- الأدلة الواجب الاحتفاظ بها
- Licence or approval; legal perimeter opinion; service-to-permission mapping; approval-procedure file.
- المصدر الأساسي
- Law No. 2016-48, licensing provisions; Commission d'agrement Decision No. 2017-04, as amended by Decision No. 2019-20
Apply payment rules only to entities and services within their stated scope.
- إجراء التنفيذ
- For payment institutions, map accounts, cash services, transfers, remote payments and prepaid electronic-money distribution to BCT Circular No. 2018-61. The official BCT PDF filename says Cir_2018_16_fr.pdf, but the instrument's cover and operative text identify it as Circular No. 2018-61. Separately map domestic mobile-payment roles under Circular No. 2020-11.
- الأدلة الواجب الاحتفاظ بها
- Payment-service inventory; role map; licence conditions; mobile-payment scheme assessment.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 1-4; BCT Circular No. 2020-11, arts. 1-3
Apply the current exchange-office AML/CFT/CPF framework only to bureaux de change within its scope.
- إجراء التنفيذ
- Exchange offices must map BCT Circular No. 2026-02 into their sector programme, including customer due diligence, beneficial-owner and PEP controls, AML/CFT/CPF governance, immediate suspicious reporting through goAML and applicable supervisory sanctions. Do not present this exchange-office circular as a universal rule for all Article 107 reporting persons.
- الأدلة الواجب الاحتفاظ بها
- Exchange-office licence; Circular No. 2026-02 control map; CDD and PEP procedures; goAML access; sanctions register.
- المصدر الأساسي
- BCT Circular No. 2026-02
Assign owners for AML, payments, registry, sanctions and privacy obligations.
- إجراء التنفيذ
- Maintain a responsibility matrix covering CTAF reporting, BCT filings, RNE checks, targeted freezes, INPDP formalities, outsourcing and regulatory change. Treat Article 115 as a direction to supervisory authorities to establish risk-based programmes and practical measures; ground each institution's policy, appointments, audit and training duties in the sector instrument applicable to that institution.
- الأدلة الواجب الاحتفاظ بها
- RACI; appointment records; committee terms; regulatory calendar; sector-obligation map.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 115 and 120; applicable BCT or other sector instrument
02Build a risk-based AML/CFT/CPF programmeThe programme must join governance, risk assessment, controls, training and assurance while preserving sector-specific requirements.5 عناصر+
Maintain written AML/CFT policies, monitoring and internal controls under the applicable sector instrument.
- إجراء التنفيذ
- Cover customer due diligence, beneficial ownership, PEPs, sanctions, transaction monitoring, reporting, records, new products, non-face-to-face relationships, groups and outsourcing. Article 115 directs supervisory authorities to establish risk-based programmes and practical measures; it is not, by itself, the institution-level source for every policy control.
- الأدلة الواجب الاحتفاظ بها
- Approved policy suite; control library; procedure owners; review log; sector-rule mapping.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 108-115; BCT Circular No. 2017-08 as amended by No. 2025-17, or other applicable sector instrument
Designate responsible staff, assure controls and provide continuing training under the applicable sector instrument.
- إجراء التنفيذ
- Create a suspicious-activity monitoring and escalation system, appoint reporting personnel, test control effectiveness and provide role-specific continuing training to the extent required by the BCT or other sector rules governing the institution. Do not attribute these institution-level duties solely to Article 115.
- الأدلة الواجب الاحتفاظ بها
- Appointment letters; training records; monitoring plan; control-test results; applicable-sector analysis.
- المصدر الأساسي
- BCT Circular No. 2017-08 as amended by No. 2025-17; BCT Circular No. 2026-02 for exchange offices; other applicable sector instruments; Organic Law No. 2015-26, art. 115
For BCT institutions within scope, assess money-laundering, terrorist-financing and proliferation-financing risk under the current circular.
- إجراء التنفيذ
- Assess customers, products, services, delivery technologies and geographies, using national assessments and reliable external information. Document risk treatment and make the report available to BCT.
- الأدلة الواجب الاحتفاظ بها
- Institutional risk assessment; methodology; mitigation plan; BCT submission record.
- المصدر الأساسي
- BCT Circular No. 2017-08, art. 4, as replaced by BCT Circular No. 2025-17, art. 2
Apply the three-year assessment update rule only to institutions covered by BCT Circular No. 2025-17.
- إجراء التنفيذ
- Update the documented BCT risk assessment at least every three years and sooner after a significant event, relevant regulatory change, new authority information or updated national risk assessment. Do not present this sector interval as a universal Article 107 rule.
- الأدلة الواجب الاحتفاظ بها
- Dated assessment cycle; event-trigger log; change analysis; governance approval.
- المصدر الأساسي
- BCT Circular No. 2025-17, art. 2 replacing Circular No. 2017-08, art. 4
Assess new technology and remote-delivery risks before use.
- إجراء التنفيذ
- Evaluate impersonation, fraud, cyber, data, channel and AML risks before launching new products, practices, technology or delivery methods and implement proportionate mitigating controls.
- الأدلة الواجب الاحتفاظ بها
- Pre-launch risk assessment; threat model; control acceptance; launch decision.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 112
03Identify and verify individual customersCDD must establish the customer, any representative, the beneficial owner and the purpose of the relationship using reliable evidence.6 عناصر+
Do not open or maintain clearly anonymous or fictitious-name accounts.
- إجراء التنفيذ
- Configure onboarding and account controls to require a verified legal identity and detect placeholder, fabricated or materially inconsistent identity data.
- الأدلة الواجب الاحتفاظ بها
- Account-opening rules; blocked test cases; exception log.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(1)
Identify and verify regular and occasional customers from official documents and reliable independent sources.
- إجراء التنفيذ
- Collect the identity data needed to identify the person and verify it against valid official documents and other reliable independent information appropriate to the risk and channel.
- الأدلة الواجب الاحتفاظ بها
- Customer file; document and database checks; verification provenance.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(1)
Identify the person for whose benefit a transaction is conducted and verify representatives and authority.
- إجراء التنفيذ
- Identify the beneficiary of the operation, verify any person managing rights for that beneficiary, and verify the identity and authority of anyone acting for the customer.
- الأدلة الواجب الاحتفاظ بها
- Beneficiary record; representative ID; mandate or power; verification result.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(2)
Establish the purpose and intended nature of the business relationship.
- إجراء التنفيذ
- Record expected products, activity, source and destination patterns, counterparties and business rationale sufficient to set a customer-risk and monitoring profile.
- الأدلة الواجب الاحتفاظ بها
- Customer profile; expected-activity baseline; risk score and rationale.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(4)
Apply CDD at the statutory triggers without inventing a universal monetary threshold.
- إجراء التنفيذ
- Trigger CDD when establishing a relationship, for occasional transactions at or above the amount set by the Finance Minister or involving electronic transfers, whenever ML/TF is suspected, and whenever existing identity data appears unreliable or insufficient. Maintain the currently applicable threshold in a controlled register.
- الأدلة الواجب الاحتفاظ بها
- Trigger matrix; current-threshold register; workflow rules; test results.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108
Refuse or end activity when required identity data cannot be trusted or completed.
- إجراء التنفيذ
- Do not open or continue an account or relationship and do not execute the transaction where identity data cannot be verified, are insufficient or are manifestly fictitious; consider filing a suspicious report.
- الأدلة الواجب الاحتفاظ بها
- Decline or exit record; investigation decision; STR consideration log.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108, final paragraph
04Verify businesses and beneficial ownersKYB must establish legal existence, management, ownership, control and the natural persons who ultimately own or control the customer.6 عناصر+
Verify the legal person or arrangement and its operating identity.
- إجراء التنفيذ
- Obtain reliable evidence of legal form, registered office, capital distribution, managers and persons responsible for the entity, together with constitutional, registry and authority records appropriate to the customer.
- الأدلة الواجب الاحتفاظ بها
- Current RNE extract; constitutive documents; management list; address and authority checks.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(2)
Identify the beneficial owner and take reasonable measures to verify that identity.
- إجراء التنفيذ
- Trace ownership and control through every layer to natural persons, use reliable information and record why the analysis supports the identified beneficial owner.
- الأدلة الواجب الاحتفاظ بها
- Ownership chart; control analysis; source records; verified BO files.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 3 and 108(3)
Apply the CTAF beneficial-owner cascade and threshold accurately.
- إجراء التنفيذ
- Under CTAF Decision No. 2018-10, identify natural persons holding directly or indirectly at least 20% of capital or voting rights; if identity remains doubtful or no one is identified, identify control by other means; if still unresolved, identify the natural person holding the senior management position. Apply the decision's separate party-based analysis for trusts and similar arrangements.
- الأدلة الواجب الاحتفاظ بها
- Percentage calculation; other-control analysis; senior-manager fallback rationale; trust-party file.
- المصدر الأساسي
- CTAF Decision No. 2017-03, as amended by Decision No. 2018-10, arts. 6-8
Reconcile the applicable sector definition rather than silently merging thresholds.
- إجراء التنفيذ
- BCT Circular No. 2017-08 defines a beneficial owner for covered BCT institutions using more than 20% of capital or voting rights together with ultimate ownership or effective-control concepts. Record which legal and sector text governs the case and apply the stricter control where necessary.
- الأدلة الواجب الاحتفاظ بها
- Threshold mapping; sector legal analysis; approved KYB rule configuration.
- المصدر الأساسي
- BCT Circular No. 2017-08, art. 2, as amended; CTAF Decision No. 2018-10
Apply the National Register of Enterprises beneficial-owner cascade.
- إجراء التنفيذ
- For the NRE framework, identify natural persons who directly or indirectly hold at least 20% of capital or voting rights. If no person is identified through ownership, identify control by other means; if the analysis still identifies no natural person, record the senior-manager fallback under Government Decree No. 2019-54.
- الأدلة الواجب الاحتفاظ بها
- NRE threshold calculation; layered ownership chart; other-control analysis; senior-manager fallback rationale.
- المصدر الأساسي
- Law No. 2018-52; Government Decree No. 2019-54
Use the National Register of Enterprises without treating it as conclusive CDD.
- إجراء التنفيذ
- Verify registration, filings and beneficial-owner declarations under Law No. 2018-52, Government Decree No. 2019-54 and current RNE procedures; reconcile discrepancies with customer evidence and investigate rather than relying solely on a registry extract.
- الأدلة الواجب الاحتفاظ بها
- RNE extract; BO declaration or non-filing certificate; discrepancy case; independent corroboration.
- المصدر الأساسي
- Law No. 2018-52; Government Decree No. 2019-54; RNE beneficial-owner services; Order of the Head of Government dated 13 January 2026
05Apply PEP, enhanced and remote due diligenceHigher-risk relationships require stronger approval, source and monitoring controls; sector-specific digital onboarding rules must remain distinct.5 عناصر+
Identify domestic, foreign and international-organisation PEPs, including relevant relatives and connected persons.
- إجراء التنفيذ
- Use risk-based systems capable of determining whether the customer or beneficial owner currently or formerly holds the covered public, political or international-organisation function and assess the connected-person relationship.
- الأدلة الواجب الاحتفاظ بها
- PEP screening record; relationship analysis; match disposition.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 110
Obtain senior approval and establish source of funds for PEP relationships.
- إجراء التنفيذ
- Obtain approval from the legal entity's manager before starting or continuing the relationship, apply tight continuous monitoring and take reasonable measures to identify source of funds.
- الأدلة الواجب الاحتفاظ بها
- Source-of-funds review; corroborating records; senior approval; monitoring plan.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 110
Apply enhanced attention to higher-risk countries and relationships.
- إجراء التنفيذ
- Identify customers and relationships connected to countries that do not or insufficiently apply international AML/CFT standards and apply documented measures proportionate to the identified risk.
- الأدلة الواجب الاحتفاظ بها
- Country-risk methodology; enhanced review; approval and monitoring settings.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 112
Control non-face-to-face relationship risk.
- إجراء التنفيذ
- Maintain systems specifically designed to manage relationships conducted without physical presence, including document integrity, impersonation, device, fraud and escalation controls.
- الأدلة الواجب الاحتفاظ بها
- Remote-onboarding standard; vendor assessment; control tests; exception cases.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 112
For banks, meet the current electronic-enrollment standard.
- إجراء التنفيذ
- Where a bank enrolls customers electronically, implement board-approved procedures, risk mapping, proportionate authentication, reliable document verification, real-presence or liveness controls, biometric matching where used, screening, performance monitoring and incident management. Achieve identity assurance at least equivalent to physical presence.
- الأدلة الواجب الاحتفاظ بها
- Board approval; end-to-end process map; liveness and matching tests; performance register; incident log.
- المصدر الأساسي
- BCT Circular No. 2025-06, arts. 1-7
06Monitor activity and report suspicionMonitoring must remain aligned with current customer information and route suspicion immediately and confidentially to CTAF.5 عناصر+
Keep customer identity information current and conduct ongoing vigilance.
- إجراء التنفيذ
- Refresh data on risk-based and event-driven triggers, then examine transactions for consistency with known activity, risk profile and, where necessary, source of funds.
- الأدلة الواجب الاحتفاظ بها
- Refresh rules; event triggers; completed reviews; overdue dashboard.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 109
Examine complex, unusually large or apparently purposeless activity and record the result.
- إجراء التنفيذ
- Investigate the context and purpose of complex operations, unusually high amounts and unusual transactions lacking an apparent economic or lawful purpose; record findings in writing and make them available to supervisors and auditors.
- الأدلة الواجب الاحتفاظ بها
- Written special-examination report; supporting data; reviewer sign-off.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 126
Report covered suspicion and attempted activity immediately in writing to CTAF.
- إجراء التنفيذ
- File when an operation or transaction, including an attempt, is suspected of direct or indirect connection to proceeds of an unlawful act classified as an offence or crime, or to financing persons, organisations or activities connected with terrorist offences. File after execution as well if new information creates the suspicion.
- الأدلة الواجب الاحتفاظ بها
- STR decision; filing receipt; chronology; restricted case file.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 125
For institutions within BCT Circular No. 2025-17, submit immediate reports through goAML.
- إجراء التنفيذ
- Use the CTAF goAML platform and its current technical procedures. Do not use the unsupported ten-day timing stated in some secondary materials; the governing law and current BCT rule require immediate reporting.
- الأدلة الواجب الاحتفاظ بها
- goAML access; filing procedure; receipt; timing audit.
- المصدر الأساسي
- BCT Circular No. 2025-17, art. 6; Organic Law No. 2015-26, art. 125
Prevent tipping off and implement CTAF temporary-freeze instructions.
- إجراء التنفيذ
- Do not tell the affected party about the report or resulting measures. On written CTAF instruction, temporarily freeze the assets linked to the report and place them in a suspense account until the legally prescribed outcome.
- الأدلة الواجب الاحتفاظ بها
- Confidentiality controls; access logs; freeze workflow; regulator correspondence.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 127-132
07Implement targeted financial sanctionsUN and national designations require immediate operational controls distinct from ordinary suspicious-transaction investigations.5 عناصر+
Screen customers, beneficial owners, controllers and transactions against applicable UN and national designations.
- إجراء التنفيذ
- Screen at onboarding, on list changes, on material customer changes and before relevant transactions; include aliases, transliteration and ownership or control analysis.
- الأدلة الواجب الاحتفاظ بها
- List inventory; screening configuration; update logs; match files.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 103; Government Decree No. 2019-419 as amended by No. 2019-457
Freeze covered funds and assets without delay and prevent making resources available.
- إجراء التنفيذ
- Create an always-available legal and technical path to freeze funds and other assets and prevent direct or indirect availability to designated persons, organisations and entities under the applicable UN or national decision.
- الأدلة الواجب الاحتفاظ بها
- Freeze procedure; system tests; incident timeline; decision record.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 103; Government Decree No. 2019-419 as amended
Notify the National Counter-Terrorism Commission and provide useful implementation information.
- إجراء التنفيذ
- Follow the notification, information, delisting, unfreezing and false-positive procedures in the 2019 decree framework and current CNLCT instructions.
- الأدلة الواجب الاحتفاظ بها
- Notification template; filing record; authority correspondence; release decision.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 103; Government Decrees No. 2019-419 and No. 2019-457
For BCT-covered institutions, manage proliferation-financing risk and BCT sanctions reporting.
- إجراء التنفيذ
- Include UN targeted-financial-sanctions evasion in proliferation-financing risk. Submit the required quarterly frozen-assets statement to BCT within 20 working days after quarter-end, covering UN, national and proliferation-financing freezes.
- الأدلة الواجب الاحتفاظ بها
- PF risk controls; frozen-assets register; quarterly return; submission receipt.
- المصدر الأساسي
- BCT Circular No. 2025-17, arts. 2 and 8
Keep sanctions and STR decisions separate but coordinated.
- إجراء التنفيذ
- Execute a legally required freeze without waiting for an STR decision, then separately assess CTAF reporting and preserve confidentiality across both workflows.
- الأدلة الواجب الاحتفاظ بها
- Decision matrix; linked case records; role-based access; audit trail.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 103, 125 and 127
08Retain records and support reconstructionRecords must permit reconstruction of transactions, customer decisions and persons involved over the statutory period.5 عناصر+
Keep AML records for at least 10 years from transaction completion or account closure.
- إجراء التنفيذ
- Retain ledgers, books and other physical or electronic records so the stages of an operation or transaction can be reviewed, the parties identified and the reliability of the transaction assessed.
- الأدلة الواجب الاحتفاظ بها
- Retention schedule; lifecycle configuration; sample retrieval.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 113
Apply the correct retention event to each record class.
- إجراء التنفيذ
- Use transaction completion for transaction records and account closure for account-linked records; preserve legal holds and longer periods where another applicable law or authority instruction requires them.
- الأدلة الواجب الاحتفاظ بها
- Record-class matrix; clock rules; legal-hold procedure.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 113
For payment institutions, keep payment-operation registers for at least 10 years from execution.
- إجراء التنفيذ
- Preserve identifiers, amounts, dates, parties, account or wallet references, agent data, screening and decision history sufficient for full payment reconstruction.
- الأدلة الواجب الاحتفاظ بها
- Payment register; data-lineage map; reconstruction test.
- المصدر الأساسي
- BCT Circular No. 2018-61, art. 12
Preserve written unusual-transaction analysis and reporting evidence securely.
- إجراء التنفيذ
- Separate STR, sanctions and special-examination files from ordinary service access while keeping them retrievable for authorised CTAF, BCT, supervisory and audit requests.
- الأدلة الواجب الاحتفاظ بها
- Access matrix; immutable logs; disclosure register; retrieval test.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 113, 121, 124, 126 and 127
Test record completeness and recoverability.
- إجراء التنفيذ
- Periodically reconstruct selected onboarding, ownership, payment, alert and reporting cases from source data through final decision and remediate missing lineage.
- الأدلة الواجب الاحتفاظ بها
- Sample test results; defects; remediation evidence; management reporting.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 113 and 115
09Protect personal and biometric dataKYC and monitoring data remain subject to Tunisia's privacy law and INPDP formalities even when processing supports a regulatory obligation.5 عناصر+
Define a specific, lawful purpose for each personal-data processing operation.
- إجراء التنفيذ
- Map identity, biometric, contact, device, transaction, screening and investigation data to stated purposes, recipients, systems, retention and security controls; separate mandatory compliance use from optional analytics or marketing.
- الأدلة الواجب الاحتفاظ بها
- Data inventory; processing register; purpose and necessity assessment.
- المصدر الأساسي
- Organic Law No. 2004-63
Submit an INPDP declaration for each processing purpose before processing.
- إجراء التنفيذ
- Classify each purpose and complete the declaration required by Article 7 using the procedure and supporting documents specified by INPDP and Decree No. 2007-3004.
- الأدلة الواجب الاحتفاظ بها
- INPDP declaration; receipt; purpose-to-filing matrix.
- المصدر الأساسي
- Organic Law No. 2004-63, art. 7; Decree No. 2007-3004; INPDP forms
Obtain additional INPDP authorisation where the processing category requires it.
- إجراء التنفيذ
- In addition to the declaration, seek prior authorisation for biometric processing, transfers abroad and the other categories identified by Articles 13 and 14 and current INPDP forms. Do not treat customer consent as a substitute for the authority filing.
- الأدلة الواجب الاحتفاظ بها
- Authorisation application and decision; data-flow map; production gate.
- المصدر الأساسي
- Organic Law No. 2004-63, arts. 13-14; Decree No. 2007-3004; INPDP forms
Minimise and secure identity evidence throughout its lifecycle.
- إجراء التنفيذ
- Collect only necessary data, restrict access, encrypt appropriately, log use, validate deletion, manage incidents and test processors in proportion to identity, biometric and financial-crime risk.
- الأدلة الواجب الاحتفاظ بها
- Data-minimisation review; security architecture; access logs; deletion and incident tests.
- المصدر الأساسي
- Organic Law No. 2004-63; Decree No. 2007-3004
Operationalise data-subject information and rights subject to lawful AML retention and confidentiality limits.
- إجراء التنفيذ
- Provide the required information, authenticate requests and document any lawful restriction arising from AML recordkeeping, STR confidentiality, investigations or sanctions controls.
- الأدلة الواجب الاحتفاظ بها
- Privacy notice; request workflow; response log; restriction rationale.
- المصدر الأساسي
- Organic Law No. 2004-63; Organic Law No. 2015-26, arts. 113, 124 and 127
10Operate payment and mobile-payment controlsLicensed payment operations add safeguarding, governance, security, agent and scheme controls to the general AML framework.6 عناصر+
Provide only the payment services and geographic-currency scope allowed by the licence and BCT rules.
- إجراء التنفيذ
- Map payment accounts, cash-in and cash-out, direct debits, payments, transfers, remote payments and prepaid electronic-money distribution to the approval. Circular No. 2018-61 limits covered payment-institution services to Tunisian dinars within Tunisia, subject to specific foreign-transfer authority where applicable.
- الأدلة الواجب الاحتفاظ بها
- Licence conditions; product map; currency and geography controls.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 2-4
Maintain payment-institution governance, control, traceability and resilience.
- إجراء التنفيذ
- Operate proportionate governance, audit and risk oversight, real-time transaction recording, fraud and intrusion prevention, personal-data controls, operational and cyber-risk management, a tested continuity plan and the prescribed security audit.
- الأدلة الواجب الاحتفاظ بها
- Governance records; system architecture; continuity test; security-audit report; incident file.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 5-10
Apply AML controls and the applicable customer-identification tier to every payment account.
- إجراء التنفيذ
- Treat payment institutions as subject to the BCT AML-control circular through Article 11, and configure each account level according to the identification and operating limits in Article 14. Maintain current regulatory values rather than copying thresholds into uncontrolled product code.
- الأدلة الواجب الاحتفاظ بها
- Account-tier matrix; AML control mapping; configuration approval; test cases.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 11 and 14; BCT Circular No. 2017-08 as amended
Safeguard customer funds in the separate global account and reconcile them.
- إجراء التنفيذ
- Keep the global account balance aligned with all customer payment-account balances, prohibit use for the institution's own operating needs, maintain holder-level allocation and perform the required reconciliation.
- الأدلة الواجب الاحتفاظ بها
- Depository agreement; global-account ledger; customer allocation; reconciliation and shortfall log.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 20-23
Control payment agents under the institution's continuing responsibility.
- إجراء التنفيذ
- Select, train and monitor agents, notify BCT as required, contract the permitted services, verify capacity and integrity, and ensure agents apply the same customer-identification standard. Do not use agents to open payment accounts remotely where the circular prohibits it.
- الأدلة الواجب الاحتفاظ بها
- Agent policy; due-diligence file; BCT notice; contract; training and monitoring records.
- المصدر الأساسي
- BCT Circular No. 2018-61, arts. 24-30
Map domestic mobile-payment roles and scheme obligations.
- إجراء التنفيذ
- Identify the wallet issuer, acquirer, participant, agent and mobile-switch roles and implement Circular No. 2020-11 controls for interoperability, security, customer protection, AML and operational responsibility.
- الأدلة الواجب الاحتفاظ بها
- Scheme role map; participant agreements; control matrix; operational tests.
- المصدر الأساسي
- BCT Circular No. 2020-11
11Launch, oversee and evidence complianceA publication-ready policy is not enough; each control needs an owner, system implementation and evidence that can survive supervisory review.5 عناصر+
Run a documented pre-launch regulatory gate.
- إجراء التنفيذ
- Confirm perimeter, licence, CTAF registration and reporting access, CDD and BO rules, PEP and sanctions controls, monitoring, records, RNE access, INPDP filings, safeguarding, agents, outsourcing and incident readiness before production.
- الأدلة الواجب الاحتفاظ بها
- Launch checklist; accountable approvals; unresolved-risk register.
- المصدر الأساسي
- Organic Law No. 2015-26; applicable BCT, RNE, CNLCT and INPDP instruments
Control reliance and outsourcing without transferring legal responsibility.
- إجراء التنفيذ
- Assess providers, obtain required customer data immediately, ensure prompt access to identity records, contract security and audit rights and maintain the reporting person's responsibility for verification.
- الأدلة الواجب الاحتفاظ بها
- Provider assessment; contract; data-access test; exit plan.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 108(5); applicable BCT outsourcing rules
Maintain regulatory-change monitoring with sector ownership.
- إجراء التنفيذ
- Track CTAF decisions, BCT circulars and notes, RNE procedures, CNLCT lists and decrees, INPDP formalities and FATF statements; assess each change against product configuration and customer files.
- الأدلة الواجب الاحتفاظ بها
- Legal inventory; change alerts; impact assessments; implementation tickets.
- المصدر الأساسي
- CTAF, BCT, RNE, CNLCT, INPDP and FATF official publications
Test controls independently and remediate findings.
- إجراء التنفيذ
- Use risk-based compliance monitoring and independent audit to test onboarding, BO, PEP, sanctions, payment, monitoring, STR, privacy and recordkeeping controls; report material issues to governance bodies.
- الأدلة الواجب الاحتفاظ بها
- Monitoring plan; audit reports; issue register; closure evidence.
- المصدر الأساسي
- Organic Law No. 2015-26, art. 115; applicable BCT internal-control circulars
Preserve a defensible implementation record.
- إجراء التنفيذ
- For each material rule, retain the source, interpretation, configuration, test, owner, approval and effective date so the organisation can explain not only what the control is, but why it is correctly implemented.
- الأدلة الواجب الاحتفاظ بها
- Obligations register; control-to-law map; approvals; release and test history.
- المصدر الأساسي
- Organic Law No. 2015-26, arts. 113 and 115; BCT Circular No. 2025-17

11 مجال رقابي و59 فحص تنفيذ مع روابط مباشرة للمصادر التنظيمية.
حمّل قائمة KYC وKYB وAML الخاصة بـ تونس
شارك بيانات العمل للوصول الفوري إلى قائمة التنفيذ الموثقة بالمصادر لـ تونس. تاريخ المراجعة التنظيمية: 15 July 2026.
احصل على ملف PDF فورًا
أرسل بياناتك ليبدأ التنزيل تلقائيًا
مراجعة وموثقة بالمصادر
الإصدار 1.2، تمت المراجعة في 15 July 2026
موثوق به من فرق الامتثال الرائدة
سجل المصادر الأساسية
24 مصدرًا مستخدمًا في هذه القائمة
استخدم هذه الروابط للتحقق من التشريعات وإرشادات الجهات الرقابية وإجراءات الإبلاغ والبيانات الدولية.
- Organic Law No. 2015-26 as amended by Organic Law No. 2019-9, English consolidationCTAF · Primary legislation
- CTAF mandate, Article 107 scope and Article 125 reporting guidanceCTAF · Official FIU portal
- BCT circulars and notes, including 2025 and 2026 instrumentsCentral Bank of Tunisia · Official regulatory register
- BCT Circular No. 2017-08 on AML/CFT internal controlsCentral Bank of Tunisia · Primary regulation
- BCT Circular No. 2025-17 on AML/CFT/CPF internal controlsCentral Bank of Tunisia · Primary regulation
- BCT Circular No. 2025-06 on electronic customer enrollmentCentral Bank of Tunisia · Primary regulation
- BCT Circular No. 2018-61 governing payment institutions (the official filename misleadingly reads Cir_2018_16_fr.pdf)Central Bank of Tunisia · Primary regulation
- Commission d'agrement Decision No. 2017-04 on approval procedures, as amended by Decision No. 2019-20Central Bank of Tunisia · Primary licensing procedure
- BCT Circular No. 2026-02 governing bureaux de changeCentral Bank of Tunisia · Primary sector regulation
- BCT Circular No. 2020-11 on domestic mobile-payment servicesCentral Bank of Tunisia · Primary regulation
- Law No. 2018-52 on the National Register of EnterprisesCTAF / Republic of Tunisia · Primary legislation
- Government Decree No. 2019-54 establishing the NRE beneficial-owner cascadeRepublic of Tunisia · Primary regulation
- National Register of Enterprises legal framework and beneficial-owner servicesNational Register of Enterprises · Official registry guidance
- Order of the Head of Government of 13 January 2026 on access to beneficial-owner informationNational Register of Enterprises / Republic of Tunisia · Primary regulation
- Government Decree No. 2019-419 as amended by No. 2019-457National Counter-Terrorism Commission · Primary sanctions framework
- Tunisian personal-data protection textsINPDP · Official legislation portal
- Organic Law No. 2004-63 on personal-data protectionINPDP · Primary legislation
- Decree No. 2007-3003 on the operation of INPDPINPDP · Primary regulation
- Decree No. 2007-3004 on declarations and authorisationsINPDP · Primary regulation
- Personal-data declarations and prior-authorisation formsINPDP · Official compliance procedure
- Jurisdictions under increased monitoring, 19 June 2026FATF · Official FATF statement
- Tunisia no longer subject to FATF monitoring, 18 October 2019FATF · Official FATF statement
- Tunisia country page and assessment historyFATF · Official country profile
- AML Compliance in Tunisia: A 2026 Guide for Fintechs and Regulated BusinessesVOVE ID · Contextual implementation guide; not legal authority
إجابات مباشرة
أسئلة KYC وKYB وAML في تونس
Who must report suspicious activity in Tunisia?+
The persons and professions listed in Article 107 of the amended Organic Law No. 2015-26 must report within their professional scope. The list includes specified financial institutions and designated non-financial businesses and professions; it does not automatically cover every business operating in Tunisia.
When must a suspicious report be filed?+
Article 125 requires an immediate written report to CTAF for covered suspected operations, transactions and attempts, including where new information creates suspicion after execution. Institutions covered by BCT Circular No. 2025-17 file immediately through goAML under CTAF procedures. A general ten-day filing period is not the governing rule.
What beneficial-owner threshold applies?+
CTAF Decision No. 2018-10 uses at least 20% of capital or voting rights, followed by control through other means and then the senior-management fallback. Government Decree No. 2019-54 establishes the same ownership-or-voting threshold, other-control test and senior-manager fallback for the NRE framework. The BCT Circular No. 2017-08 definition for covered BCT institutions uses more than 20% together with ultimate ownership and effective control. Firms should document the applicable instrument and must not treat the percentage test as the only route to beneficial ownership.
How long must AML records be retained?+
Article 113 requires at least 10 years from completion of the transaction or closure of the account. Payment institutions also retain payment-operation registers for at least 10 years from execution under BCT Circular No. 2018-61. The BCT-hosted official PDF has a misleading Cir_2018_16_fr.pdf filename, but the instrument's operative number is 2018-61.
Can customers be onboarded fully online?+
The general AML law requires systems that manage non-face-to-face risk. Banks using electronic enrollment must also comply with BCT Circular No. 2025-06, including board-approved procedures, proportionate authentication, document checks, real-presence or liveness controls, screening, performance oversight and incident management. Other sectors must confirm their own supervisory rules rather than assuming the bank circular applies.
Do KYC biometrics or foreign cloud hosting require INPDP approval?+
Potentially yes. INPDP states that each processing purpose requires a declaration and that biometric processing and transfers of personal data abroad require an additional authorisation process. Complete the applicable filing before production and verify actual data locations and processor flows.
Is Tunisia on the FATF grey list?+
No. FATF removed Tunisia from monitoring in October 2019, and Tunisia is not listed among jurisdictions under increased monitoring in FATF's 19 June 2026 statement. Domestic and risk-based enhanced controls still apply where warranted.
منهجية البحث والمراجعة
تحدد VOVE ID Compliance Research النطاق التنظيمي، وتحول الالتزامات إلى ضوابط تشغيلية، وتربط الادعاءات الجوهرية بالمصادر، وتسجل تاريخ وإصدار كل مراجعة.
VOVE ID Compliance Research · تاريخ المراجعة 15 July 2026 · الإصدار 1.2
This checklist is general information, not legal advice. It reflects official materials available on 15 July 2026. Applicability depends on the entity, licence, product and sector. Confirm current requirements, reporting procedures, thresholds and approvals with CTAF, BCT, the relevant sector supervisor, INPDP, the National Register of Enterprises, the National Counter-Terrorism Commission and qualified Tunisian counsel before launch.