KYC, KYB & AML compliance checklist
Cameroon KYC, KYB & AML
An implementation-focused checklist for fintechs, payment institutions, financial institutions and other regulated businesses operating in Cameroon. It maps the current 2024 CEMAC AML/CFT/CPF and targeted-financial-sanctions frameworks, ANIF reporting, COBAC and BEAC payment rules, Cameroon company, tax and beneficial-ownership requirements, and Law No. 2024/017 on personal data protection into controls, actions and audit evidence.
- Reviewed
- 15 July 2026
- Version
- 1.1
- control areas
- 11
- implementation checks
- 44
Direct answer
What does the Cameroon compliance checklist cover?
The Cameroon checklist translates primary KYC, KYB and AML rules into 11 control areas and 44 implementation checks. It identifies the relevant authorities, customer and beneficial-owner controls, reporting duties, recordkeeping expectations and evidence teams should retain.
Key regulatory facts
- Primary AML rule
- CEMAC Regulation No. 02/24
- FIU
- ANIF Cameroon
- Banking supervisor
- COBAC
- Payments authority
- BEAC / COBAC
- Core record period
- 10 years
- FATF status
- Under increased monitoring
Implementation detail
Cameroon compliance requirements and actions
Open each control area to review the requirement, recommended implementation action, evidence to retain and the primary-source citation used by the research team.
01Confirm scope, authorities and permissionsMap every Cameroon-facing activity to its reporting-person status, sector supervisor and licensing perimeter before customer onboarding or launch.4 items+
Determine whether the business is a CEMAC reporting person.
- Implementation action
- Map each entity, product, distribution channel and agent to the financial-institution and designated non-financial business or profession categories in the current CEMAC AML/CFT/CPF Regulation; identify ANIF and the competent supervisor. Treat the repealed 2016 Regulation as historical only.
- Evidence to retain
- Approved regulatory-perimeter memo; entity-product matrix; accountable-owner register.
- Primary citation
- CEMAC Regulation No. 02/24, scope and Article 184; ANIF Cameroon
Obtain authorisation before providing regulated payment services.
- Implementation action
- Classify account, transfer, acquiring, card, electronic-money and other payment activities under Regulation No. 04/18. The competent Monetary Authority grants a payment-service provider's initial approval after COBAC's conforming opinion. A service outside an existing approval requires COBAC's prior authorisation; a new technical solution requires prior notification to COBAC and its non-objection.
- Evidence to retain
- Licence or approval; service-to-permission mapping; launch-gate approval.
- Primary citation
- Regulation No. 04/18/CEMAC/UMAC/COBAC, Articles 23 and 29
Verify the exact licensed entity and any material change approval.
- Implementation action
- Confirm the legal entity, authorisation scope, management and ownership conditions against the current COBAC framework. Escalate restructuring, control change, outsourcing or material new activity for regulatory assessment before implementation.
- Evidence to retain
- COBAC authorisation file; change-control assessment; regulator correspondence.
- Primary citation
- COBAC R-2019/01 on licensing and changes affecting payment-service providers; BEAC payment-services regulations
Assign named owners for ANIF, COBAC, BEAC and privacy duties.
- Implementation action
- Maintain a responsibility matrix for AML governance, suspicious transaction reporting, sanctions, payment controls, customer complaints, tax and registry checks, privacy compliance and regulator communications.
- Evidence to retain
- RACI; appointment letters; regulatory calendar; management reporting.
- Primary citation
- CEMAC Regulation No. 02/24; Regulation No. 04/18; Law No. 2024/017
02Build the AML/CFT/CPF control frameworkThe programme should be risk-based, documented and embedded across governance, people, systems and independent assurance.4 items+
Maintain an enterprise-wide financial-crime risk assessment.
- Implementation action
- Assess customer, product, service, delivery-channel, geography, transaction, agent, new-technology and proliferation-financing risks; record methodology, risk appetite, mitigants and refresh triggers.
- Evidence to retain
- Board-approved risk assessment; methodology; risk register; version history.
- Primary citation
- CEMAC Regulation No. 02/24, risk-based internal-control requirements; GABAC Cameroon enhanced follow-up report
Adopt written internal policies and procedures.
- Implementation action
- Cover CDD, beneficial ownership, PEPs, sanctions, monitoring, reporting, recordkeeping, outsourcing, agents, data protection, escalation and testing. Approve them at the appropriate management level and keep local procedures accessible to staff.
- Evidence to retain
- Policy suite; approval minutes; control library; annual-review record.
- Primary citation
- CEMAC Regulation No. 02/24, internal-organisation and vigilance provisions
Appoint and empower the AML control function.
- Implementation action
- Give the responsible compliance function direct access to senior management, adequate resources, confidentiality controls and authority to stop or escalate high-risk activity.
- Evidence to retain
- Appointment decision; job description; budget; escalation log; committee terms.
- Primary citation
- CEMAC Regulation No. 02/24; GABAC Mutual Evaluation Report of Cameroon 2022
Train personnel and test controls continuously.
- Implementation action
- Train the board, operations, investigators, product, engineering, sales and agents on their roles, red flags, STR confidentiality and sanctions escalation; independently test control design and operation.
- Evidence to retain
- Training curriculum; attendance; assessment results; monitoring plan; audit reports and remediation log.
- Primary citation
- CEMAC Regulation No. 02/24; ANIF Cameroon, declaration guide
03Identify and verify customersCDD should establish the customer, any representative, the purpose of the relationship and the beneficial owner before the relationship or covered transaction proceeds, subject only to legally permitted exceptions.4 items+
Identify and verify the customer using reliable evidence.
- Implementation action
- Identify and verify habitual and occasional customers, their representatives and beneficial owners before the relevant transaction using reliable and independent evidence. The current Regulation does not establish a general monetary exemption for occasional-customer identification.
- Evidence to retain
- CDD file; document images or source results; verification provenance; exception log.
- Primary citation
- CEMAC Regulation No. 02/24, Articles 18 and 29
Verify persons acting on the customer's behalf.
- Implementation action
- Identify the representative, verify authority and mandate, link the representative to the customer, and apply applicable screening and ongoing-monitoring controls to both.
- Evidence to retain
- Power of attorney or mandate; representative ID; authority verification; screening record.
- Primary citation
- CEMAC Regulation No. 02/24, customer-vigilance provisions
Understand the relationship's purpose and expected activity.
- Implementation action
- Capture expected products, volumes, counterparties, geographies, business rationale and source-of-funds information sufficient to set a defensible risk rating and monitoring profile.
- Evidence to retain
- Customer profile; expected-activity baseline; risk score and rationale.
- Primary citation
- CEMAC Regulation No. 02/24, ongoing-vigilance provisions
Refuse or exit where required CDD cannot be completed.
- Implementation action
- Where mandatory CDD cannot be completed, do not open the account or execute the occasional transaction, or terminate the relationship, and file an STR with ANIF. Restrict the report and related assessment to authorised personnel.
- Evidence to retain
- Decline or exit decision; investigation file; restricted STR case record.
- Primary citation
- CEMAC Regulation No. 02/24, Article 37
04Verify businesses, registries and beneficial ownersKYB should establish legal existence, authority, activity, tax identity, ownership and natural-person control, and reconcile that information against reliable records.4 items+
Verify legal existence, registration and tax identity.
- Implementation action
- Obtain current RCCM and constitutional records, registered and operating address, directors, activity, relevant sector permissions and the Cameroon unique tax identifier (NIU). Verify status through appropriate official sources where available.
- Evidence to retain
- RCCM extract; statutes; address proof; NIU verification; sector-licence file.
- Primary citation
- OHADA Uniform Act on General Commercial Law; Cameroon DGI taxpayer-registration guidance
Understand ownership and control through every layer.
- Implementation action
- Map shareholders, members, directors, intermediate entities, voting rights, contractual control and nominees to the natural persons who ultimately own or control the customer. Record the source and date of every conclusion.
- Evidence to retain
- Ownership chart; shareholder and director records; control analysis; source documents.
- Primary citation
- CEMAC Regulation No. 02/24, beneficial-owner requirements; OHADA Uniform Act on Commercial Companies and EIGs
Apply a documented beneficial-owner cascade.
- Implementation action
- For entities within scope, identify every natural person who directly or indirectly, alone or jointly, ultimately owns at least 20% of shares or voting rights. Also identify persons exercising control by other means and, if no such person is identified without doubt, the relevant senior manager. Document the calculation, control analysis and evidence.
- Evidence to retain
- 20% ownership calculation; ownership chart; control analysis; senior-manager fallback rationale; verified BO files.
- Primary citation
- Cameroon tax procedures framework, Article M8d; Decree No. 2023/06801/CAB/PM; Order No. 00000761/A/MINFI/DGI; CEMAC Regulation No. 02/24
Keep company and ownership information accurate.
- Implementation action
- Maintain accurate physical and electronic internal beneficial-owner registers, appoint a responsible person, and update within 30 days of a change or awareness of one. File BO information in the DGI central register upon tax registration and at the applicable annual DSF deadline; legal arrangements file within 30 days of formation and supplementary declarations within 45 days of a reportable change. Keep the register throughout the entity's existence and supporting documents at least five years after BO status ends; after dissolution, retain both in Cameroon for at least five years.
- Evidence to retain
- Internal BO register; responsible-person appointment; DGI filing receipts; change log; retention schedule; discrepancy remediation.
- Primary citation
- Cameroon tax procedures framework, Article M8d; Decree No. 2023/06801/CAB/PM; Order No. 00000761/A/MINFI/DGI
05Apply PEP, higher-risk and remote due diligenceHigher-risk relationships need corroborated evidence, appropriate senior approval and more frequent ongoing monitoring. Lower-risk treatment must be justified and must never override a suspicion or a mandatory enhanced measure.4 items+
Identify PEPs and relevant connected persons.
- Implementation action
- Screen customers, beneficial owners, controllers and authorised representatives for domestic, foreign and international-organisation PEP exposure, and assess family-member and close-associate relationships where relevant.
- Evidence to retain
- PEP screening record; relationship analysis; match disposition; refresh log.
- Primary citation
- CEMAC Regulation No. 02/24, politically exposed person provisions
Apply enhanced measures to PEP relationships.
- Implementation action
- Obtain the required senior-management approval, establish source of wealth and source of funds using corroborated evidence, and apply enhanced ongoing monitoring. Continue risk-based treatment after a person leaves public office.
- Evidence to retain
- Source-of-wealth analysis; source-of-funds records; approval; enhanced-monitoring plan.
- Primary citation
- CEMAC Regulation No. 02/24, politically exposed person provisions
Control non-face-to-face and impersonation risk.
- Implementation action
- Use layered document, biometric or equivalent verification, liveness and fraud controls where proportionate, device and behavioural signals, channel limits and manual escalation for exceptions.
- Evidence to retain
- Remote-onboarding standard; vendor due diligence; configuration record; exception cases.
- Primary citation
- CEMAC Regulation No. 02/24, higher-risk and customer-vigilance provisions; Law No. 2024/017
Assess high-risk countries, products and structures.
- Implementation action
- Maintain a risk-based country and product framework that incorporates FATF public statements, UN sanctions and internal risk evidence; apply enhanced review to opaque structures, unusually complex arrangements and elevated-risk transactions.
- Evidence to retain
- Country-risk methodology; high-risk case reviews; approval record; monitoring rules.
- Primary citation
- CEMAC Regulation No. 02/24, enhanced-vigilance provisions; FATF increased monitoring statement, 19 June 2026
06Monitor activity and report suspicion to ANIFMonitoring must compare actual activity with what is known about the customer and promptly escalate a suspicion to ANIF. A threshold is not a safe harbour from suspicion reporting.4 items+
Maintain ongoing monitoring and current customer profiles.
- Implementation action
- Refresh CDD on risk-based cycles and on events such as ownership changes, document expiry, material product change, adverse information, unusual activity or a discrepancy in supplied data.
- Evidence to retain
- Refresh rules; event triggers; completed reviews; overdue dashboard.
- Primary citation
- CEMAC Regulation No. 02/24, ongoing-vigilance provisions
Examine unusual, complex or apparently purposeless activity.
- Implementation action
- Investigate size, frequency, velocity, counterparties, geography, channels, source of funds and consistency with the stated purpose. Preserve the analysis and decision, including cases that do not result in a filing.
- Evidence to retain
- Alert file; supporting data; investigation narrative; reviewer sign-off.
- Primary citation
- CEMAC Regulation No. 02/24, transaction-monitoring and examination provisions
File a suspicious transaction report without delay.
- Implementation action
- Report suspicious and attempted transactions to ANIF forthwith. A report initially made by telephone or electronic means must be confirmed in writing within 48 hours. Send requested supplementary information through the controlled ANIF channel and never use an internal threshold to delay reporting.
- Evidence to retain
- STR decision record; ANIF filing receipt; supplemental-information log; restricted case file.
- Primary citation
- CEMAC Regulation No. 02/24, Articles 105 and 109
Prevent tipping off and preserve report confidentiality.
- Implementation action
- Limit access to an STR, ANIF inquiry or related investigation to authorised personnel. Do not tell the customer or unauthorised third parties that a report was made or that ANIF is investigating.
- Evidence to retain
- Need-to-know access controls; case permissions; confidentiality training; audit log.
- Primary citation
- CEMAC Regulation No. 02/24, confidentiality provisions; ANIF Cameroon, declaration guide
07Control payments, transfers, agents and cash riskPayment controls should preserve the transaction trail, identify linked activity and manage the obligations of agents and outsourced providers without breaking the regulated-provider perimeter.4 items+
Preserve originator, beneficiary and transaction information.
- Implementation action
- Preserve required originator, beneficiary and transaction information across domestic, cross-border and intermediary flows. Obtain missing wire-transfer information within three days; otherwise do not execute the transfer and systematically inform ANIF.
- Evidence to retain
- Payment-data dictionary; message samples; exception rules; quality-assurance results.
- Primary citation
- CEMAC Regulation No. 02/24, Article 64; Regulation No. 04/18
Detect linked transactions and structuring.
- Implementation action
- Aggregate related activity across accounts, wallets, devices, agents and counterparties. Separately report cash transactions of CFA 5,000,000 or more, whether single or apparently linked, subject to statutory exceptions. Apply special monitoring to cash or bearer-instrument transactions of CFA 50,000,000 or more and to all unusually complex, unjustified or apparently purposeless transactions.
- Evidence to retain
- Aggregation logic; CFA 5,000,000 report controls; CFA 50,000,000 special-monitoring rules; scenario tests; filings and investigated cases.
- Primary citation
- CEMAC Regulation No. 02/24, Articles 34 and 41
Conduct due diligence and oversight of agents and partners.
- Implementation action
- Assess the agent or outsourced provider's licensing, ownership, AML controls, cybersecurity, data handling and operational resilience. Contract for audit, training, incident, data-access and termination rights, and monitor performance.
- Evidence to retain
- Partner due-diligence file; contract clauses; agent training; monitoring dashboard; audit reports.
- Primary citation
- Regulation No. 04/18; COBAC R-2019/02; Law No. 2024/017
Reconstruct the full payment trail on request.
- Implementation action
- Retain transaction identifiers, timestamps, amounts, currencies, channels, wallet or account references, parties, screening results, alerts and disposition history in an exportable format.
- Evidence to retain
- Sample reconstruction; data-lineage map; access procedure; retention configuration.
- Primary citation
- CEMAC Regulation No. 02/24, recordkeeping provisions; BEAC payment-services report 2024
08Implement targeted financial sanctionsApply the current CEMAC targeted-financial-sanctions framework immediately and without prior notice, with operational controls for freezing, reporting, attempted transactions and continuing quarterly updates.4 items+
Screen applicable UN, regional and national designations
- Implementation action
- Applicable UN designations take immediate effect without further domestic action. Screen customers, beneficial owners, controllers, authorised representatives and relevant transactions at onboarding, on list updates, at material changes and before relevant payments; include aliases, transliteration and ownership-or-control analysis.
- Evidence to retain
- List inventory; update logs; screening configuration; ownership-control analysis; match files.
- Primary citation
- CEMAC Regulation No. 04/24/CEMAC/UMAC/CM; UN Security Council Consolidated List
Freeze covered property without delay or prior notice
- Implementation action
- Freeze covered funds, property and economic resources without delay and without prior notice, including assets owned or controlled directly, indirectly or jointly and assets of persons acting on behalf or at the direction of a designated person. Prevent direct or indirect availability and circumvention.
- Evidence to retain
- 24/7 freeze procedure; asset-control map; decision record; blocked-payment evidence; legal escalation.
- Primary citation
- CEMAC Regulation No. 04/24/CEMAC/UMAC/CM
Report matches and frozen property within the statutory period
- Implementation action
- Report frozen assets, measures taken and attempted transactions to the competent authority and the State frozen-property manager within 24 hours. File an STR with ANIF for transactions involving a name match against national, regional or UN lists and submit updated frozen-property reports quarterly.
- Evidence to retain
- 24-hour reports; ANIF STR receipt; competent-authority notices; quarterly reports; reconciliation log.
- Primary citation
- CEMAC Regulation No. 04/24/CEMAC/UMAC/CM
Govern false positives, access and release
- Implementation action
- Maintain controlled match-resolution, licence, exemption, access and release procedures. Release property only under a documented lawful instruction or applicable delisting process; preserve confidentiality and a full audit trail.
- Evidence to retain
- Match rationale; legal advice; authority correspondence; licence or release record; audit log.
- Primary citation
- CEMAC Regulation No. 04/24/CEMAC/UMAC/CM
09Retain records and support supervisory accessRetention must allow authorities and auditors to reconstruct relationships, transactions, beneficial ownership and compliance decisions while protecting confidential data.4 items+
Keep CDD, beneficial-ownership and business-relationship records for 10 years.
- Implementation action
- Apply the statutory 10-year retention period from the end of the relationship or closure, as applicable, to identity, verification, ownership, profile, risk and analysis records. Hold records longer where a legal hold or authority direction requires it.
- Evidence to retain
- Retention schedule; lifecycle configuration; archived-file samples; legal-hold register.
- Primary citation
- CEMAC Regulation No. 02/24, recordkeeping provisions
Keep transaction records for 10 years.
- Implementation action
- Apply the statutory 10-year transaction-record period and retain enough detail to reconstruct the payment or other covered transaction, including communications and supporting evidence where required.
- Evidence to retain
- Storage configuration; transaction sample; retrieval procedure; audit log.
- Primary citation
- CEMAC Regulation No. 02/24, recordkeeping provisions
Make information available promptly to competent authorities.
- Implementation action
- Use least-privilege access, controlled exports, audit logs and an authority-request playbook so ANIF, COBAC, BEAC and lawful investigators can receive material promptly without exposing STR information unnecessarily.
- Evidence to retain
- Access matrix; request register; export log; response-time report.
- Primary citation
- CEMAC Regulation No. 02/24; ANIF Cameroon, About
Protect confidentiality and integrity of retained records.
- Implementation action
- Encrypt sensitive data, segregate STR and sanctions files, maintain immutable audit trails, test backup and restore, and delete records only when retention and legal-hold conditions permit.
- Evidence to retain
- Security architecture; access logs; backup test; deletion certificate; data-classification standard.
- Primary citation
- Law No. 2024/017; CEMAC Regulation No. 02/24
10Protect personal and biometric dataLaw No. 2024/017 is operative, and its 18-month transition period expired on 23 June 2026. Build AML and identity processing around the statutory authorisations, records, security and breach duties.4 items+
Obtain required prior processing authorisation
- Implementation action
- Processing of personal data is subject to prior authorisation by the Personal Data Protection Authority under Section 19. Maintain evidence of the applicable authorisation and do not use ANPDP as an established official name or acronym unless supported by the presidential implementing decree.
- Evidence to retain
- Processing inventory; authority submission and authorisation; legal-basis record; privacy notice.
- Primary citation
- Law No. 2024/017, Sections 19 and 53
Assess high-risk processing and sensitive data
- Implementation action
- Conduct a prior impact assessment for processing likely to create high risk to individual rights and freedoms. Apply the Act's specific prohibitions and authorisation conditions to biometric, genetic, health, banking and other sensitive data.
- Evidence to retain
- DPIA; necessity and proportionality analysis; sensitive-data authorisation; mitigations; approval.
- Primary citation
- Law No. 2024/017, Sections 22 and 27-29
Control international transfers
- Implementation action
- Obtain separate prior authorisation before an international transfer of personal data and document the transfer purpose, recipient, safeguards, security and retention.
- Evidence to retain
- Transfer register; authority authorisation; transfer assessment; processor clauses; security review.
- Primary citation
- Law No. 2024/017, Sections 32-33
Maintain records, annual reporting and breach response
- Implementation action
- Maintain the statutory processing register and submit the annual security-measures report. Immediately notify both the Authority and the data subject upon becoming aware of a personal-data breach, preserving the incident chronology and remediation evidence.
- Evidence to retain
- Processing register; annual security report; breach notices; incident log; remediation record.
- Primary citation
- Law No. 2024/017, Sections 48 and 73
11Operate BEAC and COBAC payment-service controlsA licensed payment operation requires continuing governance, prudential, customer-protection, security and resilience controls in addition to AML compliance.4 items+
Maintain payment-service governance and risk management.
- Implementation action
- Document decision rights, internal controls, risk management, security, outsourcing, business continuity, incident response, complaints and customer communications appropriate to the authorised payment activity.
- Evidence to retain
- Governance framework; risk register; continuity test; incident reports; complaints dashboard.
- Primary citation
- Regulation No. 04/18; COBAC R-2019/02; COBAC R-2024/01 on IT-risk management
Safeguard customer funds where the applicable rule requires it.
- Implementation action
- For payment institutions, place client funds in a dedicated ring-fenced account no later than the following day if they have not been delivered to the beneficiary, and reconcile those funds daily. COBAC supervises credit institutions, microfinance institutions and payment institutions within its perimeter; BEAC supervises payment systems and technical conformity.
- Evidence to retain
- Safeguarding analysis; account agreements; reconciliations; shortfall log; legal opinion.
- Primary citation
- Regulation No. 04/18/CEMAC/UMAC/COBAC, Articles 49 and 53
Manage operational and cyber risk for payment platforms.
- Implementation action
- Assess technology, data, access, fraud, third-party and concentration risks before launch and material change; test continuity, recovery and incident escalation and maintain auditable security logs.
- Evidence to retain
- Technology-risk assessment; third-party review; resilience-test report; incident playbook.
- Primary citation
- COBAC R-2024/01; BEAC payment-services report 2024
Run a documented launch and periodic compliance gate.
- Implementation action
- Before launch and material change, confirm licence scope, AML, sanctions, safeguarding, privacy, outsourcing, customer terms, complaints, resilience and reporting readiness. Repeat the certification on a defined schedule.
- Evidence to retain
- Launch checklist; accountable approvals; periodic certification; open-risk register.
- Primary citation
- Regulation No. 04/18; COBAC regulations catalogue; Law No. 2024/017

11 control areas and 44 implementation checks, with direct regulatory sources.
Download the Cameroon KYC, KYB & AML checklist
Share your work details for immediate access to the source-linked Cameroon implementation checklist. Regulatory review date: 15 July 2026.
Get the PDF immediately
Submit your details and the download starts automatically
Reviewed and source-linked
Version 1.1, reviewed 15 July 2026
Trusted by leading compliance teams
Primary-source register
23 sources used for this checklist
Use these links to verify the underlying legislation, regulator guidance, reporting procedures and international status statements.
- CEMAC Regulation No. 01/CEMAC/UMAC/CM of 11 April 2016 on AML/CFT/CPFCEMAC / Republic of the Congo Secretariat-General · Primary regional regulation
- ANIF Cameroon: mandate and institutional frameworkANIF Cameroon · Official FIU information
- ANIF Cameroon declaration guideANIF Cameroon · Official FIU guidance
- Cameroon Mutual Evaluation Report 2022GABAC · Official mutual evaluation
- Third enhanced follow-up report for CameroonGABAC · Official follow-up report
- Mutual evaluation reports portalGABAC · Official reports portal
- Regulation No. 04/18/CEMAC/UMAC/COBAC on payment servicesBEAC · Primary regional regulation
- Payment-system instructions, circulars and regulationsBEAC · Official regulatory portal
- COBAC regulations catalogueBEAC / COBAC · Official regulatory portal
- CEMAC payment-services report 2024BEAC · Official supervisory report
- Law No. 2024/017 of 23 December 2024 relating to personal data protection in CameroonPresidency of the Republic of Cameroon · Primary legislation
- Official legislation listing for Law No. 2024/017Presidency of the Republic of Cameroon · Official legislation portal
- Cameroon taxpayer registration and NIU guidanceCameroon Directorate General of Taxation · Official tax guidance
- Cameroon active taxpayer fileCameroon Directorate General of Taxation · Official tax register guidance
- OHADA Uniform Act on General Commercial LawOHADA · Primary regional commercial-law framework
- OHADA Uniform Act on Commercial Companies and Economic Interest GroupsOHADA · Primary regional company-law framework
- FATF June 2026Financial Action Task Force · Jurisdictions under increased monitoring, 19 June 2026
- Cameroon FATF action plan on entry to increased monitoringFATF · Official FATF statement
- FATF public-identification process for monitored jurisdictionsFATF · Official explanatory guidance
- UN Security Council Consolidated ListUnited Nations Security Council · Official sanctions list
- CEMAC Regulation No. 02/24GABAC / CEMAC · Current AML/CFT/CPF regulation of 20 December 2024
- CEMAC Regulation No. 04/24GABAC / CEMAC · Targeted financial sanctions regulation of 20 December 2024
- Cameroon DGI BO circularCameroon Directorate General of Taxation · Official beneficial-ownership obligations and filing guidance
Direct answers
Cameroon KYC, KYB and AML questions
Who receives suspicious transaction reports in Cameroon?+
Reports are submitted to ANIF Cameroon, the country's financial intelligence unit. The CEMAC Regulation requires reporting without delay when the relevant suspicion threshold is met; a monetary threshold is not a safe harbour from reporting.
Is there a fixed filing deadline for a suspicious transaction report?+
The applicable CEMAC AML/CFT/CPF framework uses an urgency standard rather than a universal fixed number of hours or days. Firms should therefore maintain an escalation and filing process that submits reports to ANIF without delay after the suspicion decision, while preserving evidence of the decision and submission.
How long must AML records be retained in Cameroon?+
The CEMAC Regulation provides a 10-year core retention period for CDD and relationship records and for transaction records, measured from the legally relevant end of the relationship or transaction. Apply a legal hold or authority direction where it requires longer preservation.
What beneficial-ownership checks are needed for a Cameroon company?+
Verify the company's RCCM, constitutional and tax-registration details, map ownership and control to natural persons, verify the result using reliable sources, and investigate discrepancies. FATF's current Cameroon action plan specifically calls for timely access to adequate and up-to-date beneficial-ownership information, so firms should not assume that a registry search alone completes KYB.
What PEP controls apply?+
CEMAC rules require PEP identification and enhanced treatment. For a PEP relationship, obtain the required senior approval, establish source of wealth and source of funds, apply enhanced ongoing monitoring, and continue risk-based treatment after the public function ends.
Is Cameroon currently on the FATF grey list?+
Yes. Cameroon remains under FATF increased monitoring in the FATF statement dated 19 June 2026. FATF does not call for blanket de-risking; regulated firms should apply a documented risk-based approach and account for the listed action-plan weaknesses in their own controls.
Research and review method
VOVE ID Compliance Research maps the regulatory perimeter, translates obligations into operational controls, links each material claim to a source and records the date and version of every review.
VOVE ID Compliance Research · Reviewed 15 July 2026 · Version 1.1
This checklist is general information, not legal advice. It is based on official and authoritative materials available on 15 July 2026. The CEMAC framework is supplemented by sector rules, supervisory practice and implementing measures that may change. Confirm applicability with ANIF, COBAC, BEAC, the Personal Data Protection Authority and qualified Cameroon counsel before launch.