KYC, KYB & AML compliance checklist
Côte d'Ivoire KYC, KYB & AML
A practical implementation checklist for fintechs, payment institutions and other reporting persons operating in Côte d'Ivoire. It translates Ordinance No. 2023-875, the 2022-2024 supervision and targeted-financial-sanctions framework, the BCEAO's 2024 payment-services rules and 2025 AML/KYC instructions, beneficial-ownership requirements and ARTCI personal-data rules into operational controls and reviewable evidence.
- Reviewed
- 15 July 2026
- Version
- 1.3
- control areas
- 11
- implementation checks
- 62
Direct answer
What does the Côte d'Ivoire compliance checklist cover?
The Côte d'Ivoire checklist translates primary KYC, KYB and AML rules into 11 control areas and 62 implementation checks. It identifies the relevant authorities, customer and beneficial-owner controls, reporting duties, recordkeeping expectations and evidence teams should retain.
Key regulatory facts
- Financial intelligence unit
- CENTIF-CI
- Current AML law
- Ordinance No. 2023-875 of 23 November 2023
- Suspicion reporting
- Immediately to CENTIF-CI
- Record retention
- 10 years
- Payment institutions
- 9 authorised in Côte d'Ivoire at 28 February 2026
- FATF public list
- Under increased monitoring as of 19 June 2026
Implementation detail
Côte d'Ivoire compliance requirements and actions
Open each control area to review the requirement, recommended implementation action, evidence to retain and the primary-source citation used by the research team.
01Scope, authorities and regulatory perimeterMap every regulated activity, reporting-person category and competent authority before onboarding customers or launching a financial product.5 items+
Confirm reporting-person status for every entity and activity
- Implementation action
- Document whether each entity is a financial institution, fintech, payment institution, electronic-money institution, money-transfer provider, foreign-exchange operator, virtual-asset service provider or designated non-financial business or profession. Apply the AML/CFT/CPF duties to all in-scope activities, including activities performed through mandated intermediaries, agents and distributors.
- Evidence to retain
- Legal-perimeter memo, entity chart, product inventory, reporting-person analysis and accountable owner
- Primary citation
- Ordinance 2023-875, arts. 2-4; BCEAO Instructions 001-03-2025 and 003-03-2025, art. 3
Map each competent regulator and supervisor
- Implementation action
- Record CENTIF-CI as the financial intelligence unit and identify the sector supervisor for each activity, including the BCEAO and UMOA Banking Commission for relevant financial institutions and payment services and ARTCI for personal-data processing. Apply Ordinance No. 2022-237 only after checking its Article 3 exclusions for specified financial-sector categories; Decree No. 2024-58 designates particular EPNFD (DNFBP), non-profit organisation, manual foreign-exchange and decentralised financial-system supervisors.
- Evidence to retain
- Supervisor matrix, Article 3 exclusion analysis, licence register, regulator contacts, filing inventory and escalation route
- Primary citation
- Ordinance 2023-875, arts. 95-100 and 107; Ordinance 2022-237, art. 3; Decree 2024-58
Obtain the correct financial-services authorisation
- Implementation action
- Do not treat company registration as permission to provide regulated financial services. Obtain the BCEAO or other competent authorisation for the actual service, verify the authorised scope and conditions, and reconcile the entity against the current official register before launch and periodically thereafter.
- Evidence to retain
- Licence or approval, permitted-services schedule, official-register extract, renewal calendar and regulatory correspondence
- Primary citation
- BCEAO Instruction 001-01-2024, arts. 2, 4 and 17; BCEAO authorised-payment register
Stop unauthorised payment activity
- Implementation action
- Ensure any structure providing payment services is authorised under Instruction No. 001-01-2024. The BCEAO required non-compliant structures to cease providing payment services from 1 May 2025; do not onboard an unlicensed provider merely because it has a commercial registration or technology contract.
- Evidence to retain
- Counterparty licence check, launch gate, provider inventory, cessation controls and legal sign-off
- Primary citation
- BCEAO Instruction 001-01-2024; BCEAO Notice 004-03-2025
Treat virtual-asset activity as a separately regulated perimeter
- Implementation action
- Identify any custody, exchange, transfer, issuance support or other virtual-asset service. Obtain the prior approval required by the competent authority and apply the AML/CFT/CPF framework; do not assume a payment or fintech authorisation covers virtual-asset services.
- Evidence to retain
- Virtual-asset perimeter analysis, approval, wallet and product map, control assessment and launch decision
- Primary citation
- Ordinance 2023-875, arts. 58-59
02Governance, risk and independent assuranceBuild a senior-owned, risk-based programme with capable systems, trained staff, independent testing and regulator-ready reporting.6 items+
Approve a complete AML/CFT/CPF control framework
- Implementation action
- Maintain formal, regularly updated policies, procedures and controls covering customer and beneficial-owner identification, risk management, CDD, monitoring, records, internal control, compliance, data protection, recruitment and continuing staff training. Obtain senior-management approval and apply the framework across relevant branches, subsidiaries and agents.
- Evidence to retain
- Approved policy suite, regulatory mapping, version history, group standard, local addenda and staff attestations
- Primary citation
- Ordinance 2023-875, arts. 12-14
Complete and maintain a documented enterprise risk assessment
- Implementation action
- Assess customer, country, geographic, product, service, transaction and delivery-channel risks, including new products, business practices and technologies before launch. Document inherent risk, control effectiveness, residual risk, mitigation and acceptance, and align the assessment with national and regional risk information.
- Evidence to retain
- Risk methodology, data inputs, approved assessment, pre-launch assessments, residual-risk decisions and remediation plan
- Primary citation
- Ordinance 2023-875, art. 15
Give the AML function authority and independence
- Implementation action
- Designate the internal AML/CFT/CPF function and its responsible officer, ensure direct access to the deliberative body, operational independence, adequate people and tools, and continuity. Communicate authorised CENTIF declarants and relevant changes to CENTIF-CI and the supervisor without delay.
- Evidence to retain
- Appointment, organisation chart, direct-access protocol, resources, deputy arrangements and regulator notifications
- Primary citation
- Ordinance 2023-875, arts. 12 and 100; BCEAO Instruction 001-03-2025, arts. 4-8
Operate capable monitoring and screening systems
- Implementation action
- For institutions within the 2025 BCEAO instruction, support customer and account profiling, real-time customer and transaction screening, account-movement monitoring, alert generation, aggregation of all accounts and transactions for the same customer, and detection of unusual or suspicious activity. Incorporate risk-profile changes within one month and targeted-sanctions changes without delay.
- Evidence to retain
- System architecture, data lineage, scenario inventory, sanctions-update log, one-month profile-change samples and effectiveness review
- Primary citation
- BCEAO Instruction 001-03-2025, art. 6
Train annually and audit at least annually
- Implementation action
- Deliver a documented AML/CFT/CPF training and awareness programme at least annually to relevant staff, governance bodies and mandated intermediaries. Independently audit the programme according to risk and at least once each year; submit findings to the deliberative body and track remediation to verified closure.
- Evidence to retain
- Annual curriculum, attendance, effectiveness results, audit plan, report, board review and closure proof
- Primary citation
- BCEAO Instruction 001-03-2025, arts. 9-11
Submit the annual BCEAO control report on time
- Implementation action
- Prepare the annual report on the internal AML/CFT/CPF framework, including organisation, resources, training, controls, customer identification, retention, detection, suspicious reporting, weaknesses, statistics, audit conclusions and the next-year plan. Submit it to the BCEAO and competent supervisor within two months after financial year-end.
- Evidence to retain
- Approved annual report, data reconciliation, submission receipts and regulator follow-up
- Primary citation
- BCEAO Instruction 001-03-2025, art. 12
03Customer due diligence and onboardingIdentify customers, representatives and beneficial owners from reliable independent sources before service and maintain the file throughout the relationship.6 items+
Identify and verify before the relationship
- Implementation action
- Before establishing a relationship or assisting with a transaction, identify permanent and occasional customers and beneficial owners, verify collected identifiers from reliable and independent documents, data or information, and understand the purpose and intended nature of the relationship.
- Evidence to retain
- Identity record, verification response, source provenance, purpose profile, expected activity and reviewer approval
- Primary citation
- Ordinance 2023-875, arts. 16-17
Apply every statutory CDD trigger
- Implementation action
- Apply identification and verification at account opening, custody of securities or valuables, safe-deposit allocation, establishment of a business relationship, occasional transactions, domestic or international funds transfers, whenever suspicion exists, for linked manual-exchange or multiple-cash activity when the competent threshold is met, and when a person claims to act for the customer. Configure thresholds only from the current controlling UMOA decisions.
- Evidence to retain
- CDD-trigger matrix, linked-transaction logic, threshold source register, completed cases and quality testing
- Primary citation
- Ordinance 2023-875, art. 17; UMOA Decisions 021/21/12/2023 and 003/28/03/2024
Collect the BCEAO-prescribed individual identifiers
- Implementation action
- For an individual, collect name, given names, date and place of birth, nationality, home address and identity-document number. Verify against a valid official photographic identity document, using a combination of official documents where necessary, and use sufficiently recent address evidence under the BCEAO instruction.
- Evidence to retain
- Identity fields, valid document image, authenticity result, address evidence, expiry control and exception decision
- Primary citation
- BCEAO Instruction 003-03-2025, arts. 5-6
Verify authority to act
- Implementation action
- Identify and verify any representative as a customer and obtain certified evidence of the mandate. Confirm that the proposed relationship and transactions are within the representative's delegated powers and screen both representative and principal.
- Evidence to retain
- Representative identity, certified mandate, power comparison, principal record and screening results
- Primary citation
- Ordinance 2023-875, art. 17(j); BCEAO Instruction 003-03-2025, art. 11
Use deferred verification only within the narrow exception
- Implementation action
- Complete verification before the relationship, throughout it and at the occasional transaction. Defer completion only when it is completed as soon as possible and no later than before the first transaction, is essential not to interrupt normal business and the risks are effectively managed; adopt specific controls for any access before verification.
- Evidence to retain
- Deferral rationale, approval, product restrictions, completion deadline, verification timestamp and overdue block
- Primary citation
- Ordinance 2023-875, art. 18
Reject or exit when CDD cannot be completed
- Implementation action
- If required CDD cannot be completed, do not open the account, refuse the occasional transaction or terminate the existing relationship, as applicable, and file a suspicious transaction report concerning the customer. If completing CDD would alert a suspected customer, the ordinance permits stopping those CDD steps and requires a report to CENTIF-CI.
- Evidence to retain
- Rejected or exited case, reason, account restrictions, STR decision, filing receipt and non-tipping-off controls
- Primary citation
- Ordinance 2023-875, art. 25
04KYB and beneficial ownershipVerify legal existence and authority, trace ultimate natural-person ownership and control, and reconcile customer evidence with the official beneficial-ownership register.6 items+
Verify legal-person identity and operating reality
- Implementation action
- Collect and independently verify legal name, legal form, constitutional documents, registered and principal business address, directors, shareholders or members, relevant managers, registration, tax identifiers, licences and authorised representatives. Compare registry information with the entity's actual business, website, accounts and transaction footprint.
- Evidence to retain
- Recent registry extract, constitutional documents, director and shareholder lists, licence checks, operating evidence and discrepancy log
- Primary citation
- Ordinance 2023-875, art. 26; BCEAO Instruction 003-03-2025, arts. 7-8
Apply the natural-person ownership and control cascade
- Implementation action
- Identify and reasonably verify the natural persons who ultimately hold a controlling ownership interest. If ownership does not reveal the beneficial owner or creates doubt, identify control by other means; only when no natural person is identified through either step, record the relevant senior managing official as the statutory fallback and document why.
- Evidence to retain
- Ownership chart to natural persons, control analysis, identity verification, fallback rationale and compliance approval
- Primary citation
- Ordinance 2023-875, art. 26
Apply the current more-than-25% operational definition correctly
- Implementation action
- For institutions subject to BCEAO Instruction No. 003-03-2025, identify natural persons who directly or indirectly hold more than 25% of a company's capital or voting rights, or more than 25% of interests in a collective-investment structure, together with the instruction's other-control and legal-arrangement tests. Do not use the percentage as a safe harbour where another person exercises ultimate control; preserve the ownership, other-control and senior-managing-official cascade.
- Evidence to retain
- Capital and voting analysis, more-than-25% test, collective-investment analysis, other-control assessment, legal-arrangement analysis and sign-off
- Primary citation
- BCEAO Instruction 003-03-2025, art. 2
Identify every relevant legal-arrangement party
- Implementation action
- For a trust or comparable legal arrangement, identify and verify the settlor, trustee, protector where applicable, beneficiaries or class of beneficiaries and every other natural person exercising ultimate effective control, including through a chain of ownership or control.
- Evidence to retain
- Trust deed or equivalent, party register, identity verification, control map and beneficiary-class record
- Primary citation
- Ordinance 2023-875, art. 26; BCEAO Instruction 003-03-2025, arts. 9-10
Reconcile the customer file with the beneficial-ownership register
- Implementation action
- Maintain an internal beneficial-owner file with names, ownership, voting and control percentages. Check the official register, notify its competent authority of a divergence or reasonable doubt, and use other reliable risk-based means if the register cannot verify the customer's list. Treat registry data as evidence, not as a substitute for analysis.
- Evidence to retain
- Internal BO file, register extract, reconciliation, divergence notification, alternate-source checks and resolution
- Primary citation
- BCEAO Instruction 003-03-2025, art. 12; Law 2024-362; Decree 2024-583
Keep corporate and ownership information accurate and retrievable
- Implementation action
- Ensure legal persons maintain accurate, current basic and beneficial-ownership information and controls against misuse of bearer and nominee arrangements. Preserve the required ownership information for at least ten years following dissolution or the end of the relevant professional relationship.
- Evidence to retain
- Corporate register, change triggers, periodic review, nominee declarations, dissolution archive and retrieval test
- Primary citation
- Ordinance 2023-875, arts. 76-83
05Remote onboarding and identity technologyMake non-face-to-face onboarding demonstrably reliable, risk-assessed and compliant with both BCEAO identity rules and ARTCI data requirements.6 items+
Use reliable electronic-identification schemes
- Implementation action
- For a customer not physically present or represented, use reliable electronic-identification schemes and means under the institution's responsibility while preserving the identification and verification requirements applicable to that customer type.
- Evidence to retain
- Scheme assessment, vendor due diligence, assurance mapping, verification output, exceptions and approval
- Primary citation
- Ordinance 2023-875, art. 22; BCEAO Instruction 003-03-2025, art. 13
Document the full remote-onboarding control design
- Implementation action
- Maintain a detailed customer journey, reliability measures, authentication and retention procedures, cybersecurity and personal-data compliance, and an internal-control gate ensuring the first transaction occurs only after verification of the customer and, where applicable, the beneficial owner.
- Evidence to retain
- Journey map, control specification, first-transaction gate test, security review, privacy approval and retention design
- Primary citation
- BCEAO Instruction 003-03-2025, art. 14
Risk-assess the remote channel before and during use
- Implementation action
- Assess the channel's ML/TF/PF, impersonation, document, synthetic-identity, account-takeover and wider operational risks before deployment and after material change. Define human-review levels for categories of legal persons and retain all KYB information required by the instruction.
- Evidence to retain
- Channel risk assessment, legal-person typology, human-review matrix, change review and control testing
- Primary citation
- BCEAO Instruction 003-03-2025, arts. 15-16
Match the person to the identity evidence
- Implementation action
- Ensure the technology compares the customer's physical characteristics with the submitted identity evidence. Where biometrics are used, ensure they can be linked unambiguously to the customer and apply presentation-attack, duplicate and exception controls proportionate to risk.
- Evidence to retain
- Face or biometric match result, liveness or equivalent test, duplicate check, thresholds, manual review and QA
- Primary citation
- BCEAO Instruction 003-03-2025, art. 17
Route ambiguous remote evidence to in-person verification
- Implementation action
- Where identification evidence is insufficient, ambiguous or uncertain and affects reliability, stop remote completion and route the customer to physical verification. Do not override this rule merely to preserve conversion.
- Evidence to retain
- Quality rules, failed cases, in-person referral, completion evidence, override prohibition and monitoring
- Primary citation
- BCEAO Instruction 003-03-2025, art. 18
Obtain ARTCI authorisation before biometric processing
- Implementation action
- Treat facial, fingerprint, voice or other biometric identity processing as sensitive and obtain the required prior authorisation from ARTCI before production use. Align the authorised purpose, dataset, retention, processors and transfers with the deployed workflow.
- Evidence to retain
- ARTCI authorisation, approved processing description, biometric data map, vendor contract, retention and deletion test
- Primary citation
- Law 2013-450, art. 7; ARTCI biometric-processing guidance
06Customer risk, PEPs and enhanced due diligenceUse documented risk classification to drive approvals, information depth, monitoring and review frequency without indiscriminate exclusion.4 items+
Apply enhanced controls to politically exposed persons
- Implementation action
- Use systems and current authoritative lists to identify domestic, foreign and international-organisation PEPs, their family members and close associates. Under Article 29 of Ordinance No. 2023-875, obtain executive approval before establishing or continuing the relationship, establish source of wealth and source of funds, apply enhanced ongoing monitoring, and reassess every PEP customer's profile every three years. Apply periodic and event-driven CDD updates as additional controls, including the sector controls required by BCEAO Instructions No. 001-03-2025 and No. 003-03-2025.
- Evidence to retain
- PEP and associate screening, list-validation record, executive approval, source-of-wealth and source-of-funds evidence, enhanced-monitoring review, documented three-year profile reassessment under Ordinance Article 29, and additional periodic or event-driven CDD refresh under applicable BCEAO sector controls
- Primary citation
- Ordinance 2023-875, art. 29; BCEAO Instructions 001-03-2025 and 003-03-2025
Apply enhanced or simplified measures only on evidence
- Implementation action
- Apply enhanced diligence where risk is higher and preserve written results. Use simplified measures only where a documented lower-risk assessment supports them; stop simplification whenever suspicion or a specific higher-risk condition exists.
- Evidence to retain
- Risk decision, EDD or SDD checklist, corroborating records, written outcome, approval and monitoring
- Primary citation
- Ordinance 2023-875, arts. 84-85
Use FATF status as a risk input, not an automatic exit rule
- Implementation action
- Record Côte d'Ivoire's increased-monitoring status in country and institutional risk assessments and track FATF updates. Do not interpret grey-list status as a FATF call for blanket EDD, automatic rejection or de-risking; apply proportionate controls based on actual customer and transaction risk.
- Evidence to retain
- Country-risk entry, dated FATF source, customer-specific assessment, proportionality rationale and update log
- Primary citation
- FATF Increased Monitoring statements, 13 February and 19 June 2026; Ordinance 2023-875, arts. 15 and 30
Control correspondent and shell-bank exposure
- Implementation action
- Before a cross-border correspondent relationship, understand the respondent's business, reputation, supervision and AML controls, obtain prior senior approval, define responsibilities in writing and test any payable-through access. Do not establish or maintain relationships with shell banks or respondents permitting shell-bank use.
- Evidence to retain
- Correspondent questionnaire, public checks, control assessment, approval, agreement and shell-bank attestation
- Primary citation
- Ordinance 2023-875, arts. 31-32; BCEAO Instruction 001-03-2025, art. 13
07Ongoing monitoring, unusual activity and transfersKeep profiles current, monitor actual activity against expected behaviour and preserve complete payment-chain information.5 items+
Monitor the relationship continuously
- Implementation action
- Scrutinise transactions throughout the relationship to ensure consistency with the customer's identity, business, risk profile, source of funds and expected activity. Keep customer and beneficial-owner information current whenever prior information is no longer accurate or relevant.
- Evidence to retain
- Customer profile, monitoring coverage, alert cases, trigger reviews, refreshed CDD and quality testing
- Primary citation
- Ordinance 2023-875, arts. 16 and 19-20
Investigate complex, unusual and apparently purposeless activity
- Implementation action
- Specially examine unusually complex, high-value or otherwise atypical operations and cash or bearer-instrument activity meeting the competent threshold. Establish origin and destination of funds, transaction purpose and beneficial owners; prepare a confidential written report and retain it for ten years.
- Evidence to retain
- Alert, customer inquiry, corroborating evidence, written analysis, disposition and retention record
- Primary citation
- Ordinance 2023-875, arts. 21 and 23
Aggregate related cash activity without inventing thresholds
- Implementation action
- Detect single and linked cash transactions for the reports required by Article 72 and apply enhanced attention to unusual or activity-inconsistent deposits. Configure monetary values and comparison operators only from current competent-authority decisions and preserve the source and effective date in the rules register.
- Evidence to retain
- Linked-transaction logic, threshold register, rule tests, cash reports, unusual-deposit cases and filing receipts
- Primary citation
- Ordinance 2023-875, art. 72; UMOA Decisions 021/21/12/2023 and 003/28/03/2024
Carry complete originator and beneficiary information
- Implementation action
- For domestic and cross-border wire transfers, collect, verify where required, transmit and retain the prescribed originator and beneficiary information. Apply ordering, intermediary and beneficiary-institution controls for missing or incomplete data and decide whether to execute, reject, suspend, monitor or report.
- Evidence to retain
- Payment-message specification, validation rules, role matrix, sample transfers, repair and reject queue and STR decisions
- Primary citation
- Ordinance 2023-875, arts. 39-47
Control agents, distributors and outsourced monitoring
- Implementation action
- Apply the programme to operations performed under the institution's responsibility by mandated intermediaries, transfer sub-agents, foreign-exchange sub-delegates and electronic-money distributors. Contract for CDD, screening, records, training, audit and incident rights and monitor effective performance.
- Evidence to retain
- Agent and provider register, due diligence, contract, training, monitoring results, issues and termination controls
- Primary citation
- Ordinance 2023-875, arts. 12-14 and 33; BCEAO Instructions 001-03-2025 and 003-03-2025, art. 3
08Suspicious transaction reporting and confidentialityEscalate and report suspicion immediately, preserve the pre-transaction rule and prevent tipping off.6 items+
Report suspicion immediately to CENTIF-CI
- Implementation action
- Immediately report funds recorded in the books and completed or attempted operations where there is suspicion or reasonable grounds to suspect ML, TF, PF or a predicate offence. Apply the rule regardless of amount and include tax-fraud suspicion where the regulatory criterion is present.
- Evidence to retain
- Case chronology, suspicion rationale, report, immediate-submission timestamp and CENTIF receipt
- Primary citation
- Ordinance 2023-875, art. 60
Report unresolved identity doubt and supplements
- Implementation action
- Report any operation where the originator, beneficial owner, trust settlor or equivalent asset-arrangement party remains doubtful after diligence. Send without delay any information that negates, reinforces or modifies an earlier report.
- Evidence to retain
- CDD investigation, unresolved-doubt decision, initial report, supplemental report and timestamps
- Primary citation
- Ordinance 2023-875, art. 60
Report before executing where possible
- Implementation action
- Refrain from executing suspect operations until the report has been made. If an operation was already executed because delay was impossible, would have frustrated an investigation or suspicion arose only afterward, inform CENTIF-CI without delay and preserve the reason execution occurred.
- Evidence to retain
- Hold decision, filing timestamp, execution chronology, exception rationale and post-execution notice
- Primary citation
- Ordinance 2023-875, art. 61
Protect report confidentiality and prevent tipping off
- Implementation action
- Restrict access to suspicious transaction reports, related analysis and CENTIF follow-up. Do not tell the customer, transaction owner or unauthorised third party that a report exists, what it contains or what action followed; train customer-facing staff on safe communications.
- Evidence to retain
- Access controls, need-to-know list, communication scripts, training, audit logs and incident response
- Primary citation
- Ordinance 2023-875, art. 63
Operationalise CENTIF opposition orders
- Implementation action
- Capture the declared execution deadline and ensure operations can be stopped when CENTIF-CI issues a written opposition. Maintain the hold for the statutory period of no more than four days and implement only a competent judicial extension or provisional seizure; do not release early without authority.
- Evidence to retain
- Opposition order, hold timestamp, four-day calculation, judicial decision, release approval and audit trail
- Primary citation
- Ordinance 2023-875, arts. 64-65
Keep the authorised declarant function continuously available
- Implementation action
- Notify CENTIF-CI and the supervisor of the identity and role of authorised declarants and changes without delay. Separate the declarant role from the director-general role, preserve emergency escalation and ensure the function can answer CENTIF requests within required deadlines.
- Evidence to retain
- Declarant appointment, regulator notifications, incompatibility check, deputy coverage, request log and response evidence
- Primary citation
- Ordinance 2023-875, art. 100
09Targeted financial sanctionsScreen current UN and national designations, freeze immediately without notice and report assets, attempted transactions and implementation measures.5 items+
Maintain a without-delay sanctions operating model
- Implementation action
- Maintain documented organisation and procedures to implement asset freezes and prohibitions on making funds, property or other economic resources available or usable without delay, including across group entities where applicable.
- Evidence to retain
- TFS policy, authoritative-list inventory, roles, decision tree, group deployment and simulation results
- Primary citation
- Ordinance 2023-875, art. 89; Decree 2024-216 as amended by Decree 2024-997
Apply UN and national designations on the correct legal basis
- Implementation action
- Subscribe to the official CENTIF-CI and competent-authority distribution channels. Treat relevant UN Security Council designations as immediately applicable under the amended decree and implement national administrative-freeze decisions ordered by the Minister responsible for Finance.
- Evidence to retain
- Subscription, designation source, receipt timestamp, legal-basis record, list update and screening completion
- Primary citation
- Ordinance 2023-875, art. 124; Decree 2024-216 as amended by Decree 2024-997
Freeze immediately and without prior notice
- Implementation action
- Immediately freeze funds, property and other economic resources belonging to designated persons and entities upon official notification, without informing the holder in advance. Include directly or indirectly owned or controlled assets and assets of persons acting on behalf of or at the direction of designated parties as required by the amended framework.
- Evidence to retain
- Match analysis, ownership and control map, freeze timestamp, asset inventory, no-notice record and approval
- Primary citation
- Ordinance 2023-875, art. 89; Decree 2024-216 as amended by Decree 2024-997
Prohibit availability, use and circumvention
- Implementation action
- Prevent direct or indirect availability or use of frozen assets for designated persons, controlled entities, agents or instructed parties, and prevent transactions designed to evade or circumvent the measure. Continue the freeze until a competent delisting, release or other lawful decision applies.
- Evidence to retain
- Payment blocks, connected-party analysis, circumvention scenarios, continuing-freeze review and release authority
- Primary citation
- Ordinance 2023-875, art. 89; Decree 2024-216 as amended by Decree 2024-997
Report frozen assets, matches and attempted transactions
- Implementation action
- Immediately notify CENTIF-CI of funds linked to listed TF or PF persons, entities and associated terrorists. Report to the competent authority all frozen assets and measures taken under UN prohibitions, including attempted transactions, and suspend any customer order benefiting a frozen target while informing the authority without delay.
- Evidence to retain
- CENTIF notice, competent-authority report, frozen-asset schedule, attempted-transaction report, suspended order and timestamps
- Primary citation
- Ordinance 2023-875, arts. 90-91; Decree 2024-216 as amended by Decree 2024-997
10Payment-service complianceOverlay the national AML framework with the BCEAO's authorisation, governance, safeguarding and operational requirements for UMOA payment services.5 items+
Classify every payment service under Article 4
- Implementation action
- Map account operation, cash placement or withdrawal, payment execution, payment-instrument issuance or acquisition, money remittance, payment initiation and account-information functionality to the service categories in the instruction. Confirm which entity performs each regulated role.
- Evidence to retain
- Product-to-service map, funds-flow diagram, role allocation, legal opinion and authorised-scope comparison
- Primary citation
- BCEAO Instruction 001-01-2024, arts. 2-4
Meet legal-form and establishment requirements
- Implementation action
- Ensure an applicant payment institution uses a permitted legal form and has its registered office in an UMOA member state. Align governance, shareholding, management, operational programme and controls with the authorisation dossier and notify material changes as required.
- Evidence to retain
- Constitutional documents, registered-office proof, ownership file, governance records, application and change log
- Primary citation
- BCEAO Instruction 001-01-2024, arts. 13-17
Operate payment governance and risk controls
- Implementation action
- Maintain governance, internal control, risk and security management, personal-data protection, incident handling and customer-complaint arrangements proportionate to the services. Integrate AML ownership, monitoring, sanctions and reporting into those arrangements rather than treating them as a separate paper policy.
- Evidence to retain
- Governance framework, control map, risk register, security and privacy assessments, incident log and complaints register
- Primary citation
- BCEAO Instruction 001-01-2024, art. 16; BCEAO Instruction 001-03-2025, arts. 4-12
Safeguard customer funds
- Implementation action
- Identify all funds received from payment-service users or through another provider and apply the instruction's separation and safeguarding requirements. Reconcile protected balances, settlement accounts and user liabilities and prevent use for the institution's own account.
- Evidence to retain
- Safeguarding structure, designated accounts, daily reconciliation, exception log, insolvency analysis and management review
- Primary citation
- BCEAO Instruction 001-01-2024, art. 48
Verify counterparties against the current register
- Implementation action
- Before partnering with a payment institution, verify its name, jurisdiction and authorisation against the latest BCEAO register. As of 28 February 2026, the BCEAO reported nine authorised payment institutions in Côte d'Ivoire; treat the count as dated information and verify the named entity, not only the total.
- Evidence to retain
- Dated register extract, entity match, permitted-services check, periodic rescreening and discrepancy escalation
- Primary citation
- BCEAO list of authorised payment institutions in the UMOA, 28 February 2026
11Records, privacy and regulatory readinessPreserve reconstructable ten-year evidence while meeting ARTCI formalities, purpose, rights, security and transfer controls.8 items+
Retain AML and transaction evidence for ten years
- Implementation action
- Keep customer identity, customer knowledge, risk profile, CDD analyses and other relevant information for ten years after account closure or the end of the permanent or occasional relationship. Keep transaction records, account books and business correspondence for ten years after execution and ensure individual transactions can be reconstructed.
- Evidence to retain
- Retention schedule, immutable archive, relationship-end triggers, transaction samples, retrieval test and deletion controls
- Primary citation
- Ordinance 2023-875, arts. 23-24
Complete the correct ARTCI prior formality
- Implementation action
- Inventory every personal-data processing activity and determine whether it requires declaration, prior authorisation or another ARTCI formality before use. Obtain ARTCI prior authorisation for biometric processing under Article 7 and for other processing where the law requires it, and keep the authorised purpose and design aligned with production.
- Evidence to retain
- Processing inventory, formality assessment, declaration or authorisation, change review and ARTCI correspondence
- Primary citation
- Law 2013-450, art. 7; Decree 2015-79; ARTCI biometric guidance
Process lawfully, fairly and for defined purposes
- Implementation action
- Define the legal basis and explicit legitimate purposes for KYC, screening, monitoring, fraud and reporting data; collect only adequate and relevant data, maintain accuracy, provide required notices and do not repurpose or retain identifiable data incompatibly with the declared purpose.
- Evidence to retain
- Lawful-basis register, privacy notices, purpose map, minimisation review, accuracy controls and retention rationale
- Primary citation
- Law 2013-450, arts. 15-18
Enable data-subject rights without compromising AML law
- Implementation action
- Provide operational channels for information, access, rectification, update, opposition and other applicable rights. Document any restriction required to protect suspicious-report confidentiality, sanctions implementation, investigations or another legal obligation rather than disclosing protected compliance activity.
- Evidence to retain
- Rights procedure, request log, identity checks, response records, exemption rationale and legal review
- Primary citation
- Law 2013-450, arts. 28-36; Ordinance 2023-875, art. 63
Secure data and govern processors
- Implementation action
- Apply technical and organisational measures appropriate to identity, biometric, financial and screening data so records are not altered, damaged or accessed by unauthorised persons. Contractually limit processors, control access, encrypt sensitive data, test recovery and deletion, and document incidents and remediation.
- Evidence to retain
- Security risk assessment, access review, encryption evidence, processor agreement, test results, incident log and remediation
- Primary citation
- Law 2013-450, arts. 39-41
Control interconnection and cross-border transfers
- Implementation action
- Map every API, shared database, cloud region and overseas support access. Obtain ARTCI authorisation where interconnection or transfer requires it, document destination safeguards and recipients, and ensure transfers remain within the notified or authorised purpose and security design.
- Evidence to retain
- Data-flow map, interconnection approval, transfer authorisation, destination assessment, contracts and transfer register
- Primary citation
- Law 2013-450, arts. 14 and 26-27
Maintain annual privacy accountability evidence
- Implementation action
- Where the statutory controller and correspondent reporting duties apply, prepare the annual compliance report and submit it to ARTCI. Keep a personal-data protection correspondent with appropriate independence and records of advice, controls and escalations.
- Evidence to retain
- Correspondent appointment, annual report, submission receipt, activity log, findings and remediation
- Primary citation
- Law 2013-450, arts. 41-42
Stay inspection- and sanction-ready
- Implementation action
- Maintain a single evidence index connecting each legal duty to policy, owner, system control, sample, issue and remediation. Support on-site and off-site supervision and respond fully to lawful requests. Before applying the 2022 administrative-sanctions regime, check the exclusions for specified financial-sector categories in Article 3; Decree No. 2024-58 designates particular EPNFD (DNFBP), non-profit organisation, manual foreign-exchange and decentralised financial-system supervisors.
- Evidence to retain
- Obligations register, Article 3 exclusion analysis, evidence library, inspection protocol, request log, issue register and closure proof
- Primary citation
- Ordinance 2022-237, art. 3; Decree 2024-58; Ordinance 2023-875, arts. 107 and 113

11 control areas and 62 implementation checks, with direct regulatory sources.
Download the Côte d’Ivoire KYC, KYB & AML checklist
Share your work details for immediate access to the source-linked Côte d’Ivoire implementation checklist. Regulatory review date: 15 July 2026.
Get the PDF immediately
Submit your details and the download starts automatically
Reviewed and source-linked
Version 1.3, reviewed 15 July 2026
Trusted by leading compliance teams
Primary-source register
22 sources used for this checklist
Use these links to verify the underlying legislation, regulator guidance, reporting procedures and international status statements.
- Ordinance No. 2023-875 of 23 November 2023 on AML/CFT/CPFCENTIF-CI · primary
- Côte d'Ivoire AML/CFT/CPF legislation and regulation portalCENTIF-CI · primary
- Ordinance No. 2022-237 on administrative sanctions and supervisionCENTIF-CI · primary
- Decree No. 2024-58 implementing Ordinance No. 2022-237CENTIF-CI · primary
- Decree No. 2024-216 on targeted financial sanctionsCENTIF-CI · primary
- Decree No. 2024-997 amending Decree No. 2024-216CENTIF-CI · primary
- Official targeted-financial-sanctions lists and customer checkCENTIF-CI · primary
- Law No. 2024-362 establishing the beneficial-ownership registerCENTIF-CI · primary
- Decree No. 2024-583 on access to beneficial-ownership informationCENTIF-CI · primary
- UMOA Decision No. 021 of 21 December 2023 on AML/CFT/CPF thresholdsBCEAO · primary
- UMOA Decision No. 003 of 28 March 2024 on complementary thresholdsBCEAO · primary
- BCEAO Instruction No. 001-01-2024 on payment services in the UMOABCEAO · primary
- BCEAO Notice No. 004-03-2025 ending the payment-services transitionBCEAO · primary
- BCEAO Instruction No. 001-03-2025 on AML/CFT/CPF organisation, internal control and complianceBCEAO · primary
- BCEAO Instruction No. 003-03-2025 on customer identification, verification and knowledgeBCEAO · primary
- Authorised payment institutions in the UMOA at 28 February 2026BCEAO · primary
- Law No. 2013-450 of 19 June 2013 on personal-data protectionARTCI · primary
- ARTCI biometric-processing guidanceARTCI · primary
- ARTCI personal-data protection decisionsARTCI · primary
- FATF jurisdictions under increased monitoring, 13 February 2026FATF · primary
- FATF jurisdictions under increased monitoring, 19 June 2026FATF · primary
- KYC and AML Compliance in Ivory Coast 2026VOVE ID · contextual
Direct answers
Côte d'Ivoire KYC, KYB and AML questions
What is the current AML law in Côte d'Ivoire?+
Ordinance No. 2023-875 of 23 November 2023 is the current national AML/CFT/CPF baseline. It was ratified by Law No. 2024-363 of 11 June 2024 and displaced contrary provisions of former Law No. 2016-992.
How quickly must a suspicious transaction be reported?+
Article 60 of Ordinance No. 2023-875 requires reporting immediately to CENTIF-CI. The obligation covers relevant funds, completed operations and attempted operations, and Article 61 generally requires reporting before execution where possible.
What beneficial-owner threshold applies to financial institutions?+
BCEAO Instruction No. 003-03-2025 Article 2 uses a more-than-25% test for company capital or voting rights and for interests in collective-investment structures, together with other-control and legal-arrangement tests. The percentage is not a safe harbour: institutions must still identify any natural person exercising ultimate control and use the senior-managing-official fallback only when no natural person is identified through ownership or other control.
Can a fintech onboard customers fully remotely?+
Yes, when it uses reliable electronic-identification means and satisfies BCEAO Instruction No. 003-03-2025. The first transaction must not occur before customer and applicable beneficial-owner verification, ambiguous evidence must be routed to in-person verification, and biometric processing requires prior ARTCI authorisation.
Is Côte d'Ivoire on the FATF grey list?+
Yes. Côte d'Ivoire was under increased monitoring in FATF's 13 February 2026 statement and remained listed on 19 June 2026. FATF then determined that the action plan was substantially completed and an on-site assessment was warranted, but formal removal had not yet been announced. FATF does not call for blanket EDD or de-risking solely because a jurisdiction is on this list.
How long must AML records be kept?+
Article 23 of Ordinance No. 2023-875 requires ten years for customer, KYC, risk and analysis records after account closure or relationship cessation, and ten years for transaction records after the transaction. Records must permit reconstruction of individual transactions.
Does company registration authorise payment services?+
No. Payment services require the applicable BCEAO authorisation under Instruction No. 001-01-2024. The BCEAO required unauthorised providers to cease from 1 May 2025, and its register reported nine authorised payment institutions in Côte d'Ivoire at 28 February 2026.
Research and review method
VOVE ID Compliance Research maps the regulatory perimeter, translates obligations into operational controls, links each material claim to a source and records the date and version of every review.
VOVE ID Compliance Research · Reviewed 15 July 2026 · Version 1.3
This checklist is general compliance information, not legal advice. Ordinance No. 2023-875 is the current AML/CFT/CPF baseline; it displaced contrary provisions of former Law No. 2016-992 and this checklist does not use that superseded law as authority. Confirm sector-specific rules, applicable UMOA threshold decisions, reporting forms, supervisory directions and licence conditions directly with CENTIF-CI, the BCEAO, the UMOA Banking Commission, ARTCI and the competent national authority before implementation.