KYC, KYB & AML compliance checklist
Ethiopia KYC, KYB & AML
An implementation-focused checklist for banks, microfinance institutions, payment instrument issuers, payment system operators, remittance providers and other reporting persons operating in Ethiopia. It translates Ethiopia's AML/CFT/CPF, banking, payment, foreign-exchange, company-registration, digital-ID and personal-data rules into controls, actions and audit evidence.
- Reviewed
- 15 July 2026
- Version
- 1.3
- control areas
- 11
- implementation checks
- 48
Direct answer
What does the Ethiopia compliance checklist cover?
The Ethiopia checklist translates primary KYC, KYB and AML rules into 11 control areas and 48 implementation checks. It identifies the relevant authorities, customer and beneficial-owner controls, reporting duties, recordkeeping expectations and evidence teams should retain.
Key regulatory facts
- Primary AML law
- Proclamation No. 780/2013
- FIU
- Financial Intelligence Service (FIS)
- Financial supervisor
- National Bank of Ethiopia (NBE)
- Privacy authority
- Ethiopian Communications Authority (ECA)
- Financial-institution STR deadline
- No later than 24 hours
- AML record retention
- Minimum 10 years
- FATF status
- Not under increased monitoring
Implementation detail
Ethiopia compliance requirements and actions
Open each control area to review the requirement, recommended implementation action, evidence to retain and the primary-source citation used by the research team.
01Confirm scope, regulator and licence perimeterClassify every entity, product and channel before launch. AML/CFT reporting-person status, NBE permission and ECA data-protection duties are separate questions.4 items+
Determine reporting-person and supervisory status.
- Implementation action
- Map each Ethiopia-facing legal entity, branch, product, agent, merchant and outsourced function against Proclamation No. 780/2013 and the relevant FIS and NBE rules. Assign accountable owners for FIS reporting, prudential or payment supervision, foreign exchange and data protection.
- Evidence to retain
- Regulatory-perimeter memo; entity-product matrix; reporting-person classification; RACI.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014; NBE directive indexes
Apply Banking Business Proclamation No. 1360/2025 to banking activity.
- Implementation action
- Do not conduct banking business or present a fintech product as a bank without the licence and approvals required by the current Banking Business Proclamation. Map ownership, governance, management, outsourcing and product conditions to the NBE approval file.
- Evidence to retain
- NBE banking licence or legal perimeter analysis; approval correspondence; governance file; product-permission matrix.
- Primary citation
- Banking Business Proclamation No. 1360/2025
Distinguish payment-system operation from payment-instrument issuance.
- Implementation action
- Classify switching, clearing, settlement and other system-operation functions under PSO Directive ONPS/02/2020. Classify wallets, electronic money and other payment instruments under PII Directive ONPS/06/2022, as amended by ONPS/09/2023 and ONPS/10/2025. Obtain the permission applicable to each function before launch.
- Evidence to retain
- PSO/PII classification; NBE licence or authorisation; application file; current register check.
- Primary citation
- National Payment System Proclamation No. 718/2011, as amended; ONPS/02/2020; ONPS/06/2022; ONPS/09/2023; ONPS/10/2025; NBE payment-system directive index
Use authorised remittance and money-transfer arrangements.
- Implementation action
- Verify the current NBE status of every money-transfer operator, Ethiopian representative, settlement bank and corridor partner. Obtain NBE approval where required and do not treat a technology or agency agreement as a substitute for regulatory permission.
- Evidence to retain
- NBE MTA-list check; approval; partner due diligence; remittance agreement; funds-flow map.
- Primary citation
- NBE licensed money-transfer agents list; Foreign Exchange Directive No. FXD/01/2024, as amended
02Establish risk-based AML/CFT/CPF governanceThe compliance programme should cover money laundering, terrorist financing and proliferation financing across customers, products, channels, agents, countries and technologies.4 items+
Maintain a documented enterprise risk assessment.
- Implementation action
- Assess customer, ownership, cash, remittance, agent, geography, product, channel, technology, sanctions and proliferation-financing exposure. Define inherent and residual risk, risk appetite, refresh cycles and event triggers.
- Evidence to retain
- Board-approved risk assessment; methodology; risk appetite; source inventory; change log.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014; Proclamation No. 1132/2019
Maintain written controls and an empowered compliance function.
- Implementation action
- Cover CDD, KYB, beneficial ownership, PEPs, sanctions, transaction monitoring, STR and cash reporting, wire transfers, records, agents, outsourcing, privacy, training and independent testing. Give compliance staff access, authority and a direct escalation route to senior management or the board.
- Evidence to retain
- Policy suite; appointments; committee terms; control library; board minutes.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Train personnel and relevant agents by role.
- Implementation action
- Provide initial and periodic training to directors, management, onboarding, operations, investigators, product, engineering, fraud, privacy and agent personnel. Test understanding of the 24-hour STR clock, confidentiality and no-tipping-off requirements.
- Evidence to retain
- Training curriculum; attendance; assessments; agent records; remediation log.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Assess new products and material changes before release.
- Implementation action
- Require AML/CFT/CPF, sanctions, fraud, privacy and operational-risk approval before deploying new wallet tiers, remote onboarding, APIs, biometric flows, agent models, payment corridors or material rules changes.
- Evidence to retain
- Pre-launch assessment; approvals; control acceptance; implementation plan.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014; applicable NBE payment directives; Proclamation No. 1321/2024
03Identify and verify individual customersFinancial institutions must apply CDD at relationship and specified occasional-transaction triggers, as well as whenever suspicion arises or prior identity data are doubtful.5 items+
Identify and independently verify each customer and representative.
- Implementation action
- Collect the prescribed identity, address or contact and identity-document information; verify it using reliable and independent documents, data or information; and verify the authority of anyone acting for the customer.
- Evidence to retain
- CDD record; verification response; source document; representative mandate; timestamp and reviewer.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Apply financial-institution CDD to occasional cash transactions exceeding ETB 300,000 or USD 15,000.
- Implementation action
- Block completion of a single or linked occasional cash transaction above the applicable ETB 300,000 or USD 15,000 threshold until required CDD is complete. Aggregate linked transactions and apply CDD irrespective of value where suspicion or identity-data doubt exists.
- Evidence to retain
- Threshold configuration; linked-transaction logic; CDD record; blocked-case log; legal-source register.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Apply the ETB 20,000 or USD 1,000 wire-transfer threshold.
- Implementation action
- Configure originator and beneficiary information, verification and record controls for wire transfers at or above ETB 20,000 or USD 1,000, while applying any broader relationship, suspicion and payment-system requirements that operate regardless of value.
- Evidence to retain
- Wire-rule configuration; message fields; verification record; exception and rejection logs.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
Understand purpose, expected activity and source-of-funds context.
- Implementation action
- Record the relationship purpose, expected transaction size and frequency, counterparties, channels, geographies and source of funds. Establish a documented risk rating and monitoring baseline and keep it current.
- Evidence to retain
- Customer profile; expected-activity baseline; source-of-funds information; risk score; approval.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Do not proceed when required CDD cannot be completed.
- Implementation action
- Do not open the relationship or perform the transaction; for an existing relationship, terminate it in accordance with law and controlled exit procedures. Consider whether the failed or evasive CDD gives rise to an STR and preserve the no-tipping-off boundary.
- Evidence to retain
- CDD-failure case; blocked or closure record; STR consideration; approval and communication controls.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
04Verify businesses, beneficial ownership and controlKYB should establish legal existence, authority, ownership and the natural persons who ultimately own or control a customer. Registry evidence does not replace a complete beneficial-owner inquiry.4 items+
Verify legal identity, registration, licence and authority.
- Implementation action
- Obtain current commercial-registration and business-licence information, constitutional documents, tax or sector identifiers, registered and operating addresses, directors and signing powers from reliable sources.
- Evidence to retain
- Registry extract; business licence; constitutional documents; tax record; board authority; independent checks.
- Primary citation
- Commercial Registration and Business Licensing Proclamation No. 980/2016, as amended by No. 1150/2019; Commercial Code Proclamation No. 1243/2021; FIS AML/CFT CDD Directive No. 01/2014
Identify and verify every relevant natural-person beneficial owner.
- Implementation action
- Build the ownership and control chain through all legal entities and arrangements. Resolve natural persons with controlling ownership or control by other means and use any permitted senior-manager fallback only after documenting why no natural person could be identified through the preceding tests.
- Evidence to retain
- Ownership chart; shareholder and control records; verified BO files; control analysis; fallback rationale.
- Primary citation
- Proclamation No. 780/2013, art. 5; FIS AML/CFT CDD Directive No. 01/2014
Obtain and maintain current legal-person beneficial-owner information.
- Implementation action
- Require the customer to provide accurate and current legal-person and beneficial-owner data, reconcile it with available official and independent information, and resolve material discrepancies before onboarding or continuation.
- Evidence to retain
- BO declaration; registry reconciliation; discrepancy case; customer clarification; decision record.
- Primary citation
- Proclamation No. 780/2013, art. 5; FIS AML/CFT CDD Directive No. 01/2014; Proclamation No. 980/2016 as amended; Commercial Code No. 1243/2021
Refresh KYB and beneficial ownership on risk and event triggers.
- Implementation action
- Re-verify after ownership, control, director, licence, legal-form, address, activity, sanctions or adverse-information changes and at risk-based intervals. Contractually require prompt notice of material changes.
- Evidence to retain
- Refresh schedule; customer terms; change alerts; re-verification file; overdue report.
- Primary citation
- Proclamation No. 780/2013, art. 5; FIS AML/CFT CDD Directive No. 01/2014
05Apply PEP and enhanced due diligence controlsEvery identified PEP relationship requires the prescribed enhanced measures; the controls are not optional merely because an internal score is otherwise low.4 items+
Identify PEPs, relevant family members and close associates.
- Implementation action
- Screen customers, beneficial owners, controllers and relevant representatives at onboarding and throughout the relationship for domestic, foreign and international-organisation PEP exposure. Investigate and document potential matches.
- Evidence to retain
- PEP-screening configuration; match disposition; relationship analysis; rescreening log.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
Obtain senior-management approval for every identified PEP relationship.
- Implementation action
- Do not establish or continue an identified PEP relationship without recorded approval from the required level of senior management. Re-escalate material changes and newly identified PEP status.
- Evidence to retain
- EDD case; senior approval; decision rationale; event-driven reapproval.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
Establish source of wealth and source of funds for every identified PEP relationship.
- Implementation action
- Obtain and corroborate information explaining the PEP's accumulated wealth and the funds used in the relationship or transaction. Resolve unexplained inconsistencies before proceeding.
- Evidence to retain
- Source-of-wealth analysis; source-of-funds evidence; corroboration; exception decision.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
Apply enhanced ongoing monitoring to every identified PEP relationship.
- Implementation action
- Set increased review frequency, lower escalation tolerance and focused transaction monitoring proportionate to the relationship, while retaining all mandatory PEP measures.
- Evidence to retain
- Enhanced monitoring plan; scenario assignment; periodic review; investigation outcomes.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014
06Monitor transactions and make FIS reportsFinancial institutions should compare activity with the customer profile, investigate unusual activity and file required reports through the FIS-prescribed channel within the legal deadline.4 items+
Monitor customers and transactions continuously.
- Implementation action
- Use risk-based scenarios for unusual size, frequency, velocity, cash, linked transactions, counterparties, geography, rapid movement, agent behaviour and activity inconsistent with the expected profile.
- Evidence to retain
- Scenario inventory; tuning rationale; alerts; investigations; quality-assurance results.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
File an STR no later than 24 hours after suspicion is formed.
- Implementation action
- Start the controlled reporting clock when facts meet the applicable suspicion standard, obtain required internal review without delaying the legal deadline, and submit through the FIS-prescribed channel no later than 24 hours. Protect confidentiality and prohibit tipping off.
- Evidence to retain
- Restricted STR case; suspicion timestamp; approval trail; FIS receipt; access log.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Report cash transactions above ETB 300,000 or USD 15,000.
- Implementation action
- Aggregate linked cash activity, generate the prescribed cash transaction report for amounts above ETB 300,000 or USD 15,000, submit it through the current FIS process and reconcile accepted reports to source transactions. Cash reporting does not replace STR analysis.
- Evidence to retain
- Cash-threshold configuration; aggregation logic; report file; receipt; reconciliation; exception log.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Document unusual-activity analysis and reporting decisions.
- Implementation action
- Examine origin, destination, purpose, parties, beneficial ownership and source of funds. Record the facts, analysis, decision maker, report rationale and any enhanced monitoring or exit action whether or not an STR is filed.
- Evidence to retain
- Investigation narrative; supporting data; decision; reviewer sign-off; monitoring plan.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
07Implement targeted financial sanctions and CPF controlsSanctions controls should address terrorism and proliferation financing and be capable of identifying, freezing and reporting relevant assets without making them available to designated persons.4 items+
Screen customers, beneficial owners and transactions against applicable designations.
- Implementation action
- Screen at onboarding, on list updates and before relevant transactions. Include aliases, identifiers, ownership and control, representatives, counterparties and payment data.
- Evidence to retain
- List inventory; screening configuration; update logs; test results; match files.
- Primary citation
- Proclamation No. 780/2013; Proclamation No. 1132/2019; FIS freezing procedures
Apply WMD proliferation-financing freezing requirements.
- Implementation action
- Implement Proclamation No. 1132/2019 and the applicable freezing order in sanctions governance and transaction interdiction. Prevent release or availability of property subject to a proliferation-financing freeze and follow the prescribed reporting and competent-authority process.
- Evidence to retain
- CPF procedure; current designation sources; freeze and reject workflow; notification records; legal escalation.
- Primary citation
- Prevention and Suppression of Financing the Proliferation of Weapons of Mass Destruction Proclamation No. 1132/2019 and applicable freezing order
Investigate ownership and control before clearing a potential match.
- Implementation action
- Do not clear a match solely because the named customer differs from the designated person. Assess direct and indirect ownership, control, agents, counterparties and available identifiers and obtain legal escalation where required.
- Evidence to retain
- Match investigation; ownership analysis; disposition approval; audit trail.
- Primary citation
- Proclamation No. 1132/2019; FIS freezing procedures
Test sanctions and CPF controls independently.
- Implementation action
- Test list ingestion, fuzzy matching, ownership scenarios, payment interdiction, freeze and report workflows, access restrictions and release controls. Track defects to closure.
- Evidence to retain
- Test scripts; results; issue register; remediation and retest evidence.
- Primary citation
- Proclamation No. 1132/2019; Proclamation No. 780/2013
08Control payments, wallets, agents and remittancesPayment businesses require both AML/CFT controls and the NBE permission, safeguarding, operational, security and consumer-protection framework applicable to their role.4 items+
Operate payment systems within ONPS/02/2020 permission.
- Implementation action
- For switching, clearing, settlement or other payment-system operation, map the operating model, governance, security, business continuity, outsourcing and reporting controls to the PSO licence and current conditions.
- Evidence to retain
- PSO licence; approved service map; operating manual; continuity tests; NBE correspondence.
- Primary citation
- PSO Directive ONPS/02/2020; National Payment System Proclamation No. 718/2011, as amended
Issue payment instruments within ONPS/06/2022, as amended by ONPS/09/2023 and ONPS/10/2025.
- Implementation action
- For wallets, electronic money and other payment instruments, implement current customer tiers, limits, safeguarding, governance, agent, security and reporting controls. Do not use the older joint PSO/PII framework as the current permission matrix.
- Evidence to retain
- PII licence; current directive matrix; product configuration; safeguarding reconciliation; NBE filings.
- Primary citation
- PII Directive ONPS/06/2022; Amendment Directives ONPS/09/2023 and ONPS/10/2025; NBE payment-system directive index
Apply KYC, KYB and monitoring to customers, merchants, agents and walk-in users.
- Implementation action
- Verify each party under the applicable FIS and NBE rules, enforce current product limits, aggregate linked activity, monitor agent and merchant behaviour and investigate structuring or misuse.
- Evidence to retain
- CDD/KYB files; current limit register; agent and merchant monitoring; investigations.
- Primary citation
- FIS AML/CFT CDD Directive No. 01/2014; ONPS/02/2020; ONPS/06/2022; ONPS/09/2023; ONPS/10/2025
Use current NBE-listed money-transfer partners.
- Implementation action
- Check the NBE MTA list before onboarding and periodically thereafter, verify each partner's permitted role and corridors, and suspend flows if authorisation lapses or no longer covers the service.
- Evidence to retain
- Dated MTA-list check; partner file; corridor matrix; periodic recertification; suspension procedure.
- Primary citation
- NBE licensed money-transfer agents list; FXD/01/2024 as amended
09Apply the complete foreign-exchange amendment chainForeign-exchange controls must be based on FXD/01/2024 together with all subsequent amendments, not on a single amendment or an outdated bank practice.5 items+
Use FXD/01/2024 as the consolidated baseline.
- Implementation action
- Map foreign-currency accounts, authorised dealers and bureaus, remittances, imports, exports, service payments, capital transactions and documentary requirements to the July 2024 market-based FX framework.
- Evidence to retain
- FX perimeter memo; product and transaction matrix; authorised-counterparty checks; baseline legal register.
- Primary citation
- Foreign Exchange Directive No. FXD/01/2024
Implement FXD/3/2025's operational relaxations and pricing changes.
- Implementation action
- Update travel and cash-purchase allowances, foreign-currency debit-card utilisation and applicable bank FX fee controls introduced in May 2025. Preserve evidence for customer eligibility, purpose, amount, pricing and the authorised-bank process.
- Evidence to retain
- FXD/3/2025 change assessment; customer rules; fee configuration; transaction sample; staff communication.
- Primary citation
- Foreign Exchange Directive No. FXD/3/2025; NBE Foreign Exchange Market Measures, May 2025
Implement FXD/04/2026's broader account, payment and market relaxations.
- Implementation action
- Update controls for service-export retention, foreign-currency accounts and cards, documented family service payments, outbound investment approvals, inbound currency treatment, private external-loan guarantees, dividend repatriation, forex-bureau operations and other amended permissions. Retain documentary checks and NBE approval where the amendment still requires it.
- Evidence to retain
- FXD/04/2026 change assessment; account and payment rules; approval matrix; forex-bureau controls; implementation evidence.
- Primary citation
- Foreign Exchange Directive No. FXD/04/2026
Implement FXD/05/2026 trade-payment changes without removing document verification.
- Implementation action
- Allow authorised banks to approve letters of credit and cash against documents on acceptance for qualifying foreign-currency and retention-account holders without prior NBE approval. Permit shipment initiation before bank approval where allowed, but process payment only after submission and verification of required documents.
- Evidence to retain
- FXD/05/2026 change assessment; LC/CAD workflow; account eligibility; document checklist; bank approval and payment trail.
- Primary citation
- Foreign Exchange Directive No. FXD/05/2026, sections 3.1-3.4
Monitor FX and remittance flows for AML/CFT and sanctions risk.
- Implementation action
- Detect transaction splitting, unsupported source of funds, unusual beneficiaries, cash conversion, agent concentration, trade-document inconsistency and activity outside the stated purpose. Escalate suspicion to the FIS reporting process within the applicable deadline.
- Evidence to retain
- FX scenarios; reconciliation; alerts; investigation; STR decision and timing record.
- Primary citation
- FXD/01/2024 as amended; Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
10Retain records and support audit and authority accessFinancial institutions must preserve CDD, transaction and correspondence records for at least ten years in a form that supports reconstruction, supervision and investigation.4 items+
Retain CDD and customer-account records for at least 10 years.
- Implementation action
- Preserve identity and verification data, customer profiles, KYB and beneficial-owner records, authority records and risk assessments for the minimum ten-year period measured from the applicable relationship or account trigger under the controlling rule.
- Evidence to retain
- Retention matrix; lifecycle configuration; sampled files; deletion controls; legal-hold process.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Retain transaction records and business correspondence for at least 10 years.
- Implementation action
- Store transaction identifiers, parties, amounts, currencies, dates, channels, wire data, source documents and relevant correspondence for at least ten years and in enough detail to reconstruct individual transactions.
- Evidence to retain
- Data dictionary; archived records; reconstruction test; retrieval log; destruction record.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014
Preserve investigation, STR, cash-reporting and sanctions evidence securely.
- Implementation action
- Keep alert analysis, decisions, reports, submission receipts, freeze actions and access logs in restricted systems. Apply legal holds and longer sector retention where required.
- Evidence to retain
- Restricted case archive; receipts; access review; legal-hold register; retrieval test.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014; Proclamation No. 1132/2019
Test control operation and remediate findings.
- Implementation action
- Perform compliance monitoring and independent audit over onboarding, PEPs, sanctions, transaction reporting, payment partners, FX, retention and privacy. Report significant issues to senior management or the board and verify closure.
- Evidence to retain
- Monitoring plan; audit reports; issue register; remediation; board dashboard.
- Primary citation
- Proclamation No. 780/2013; FIS AML/CFT CDD Directive No. 01/2014; applicable NBE directives
11Protect personal and biometric dataThe Ethiopian Communications Authority administers the 2024 personal-data framework. KYC, monitoring and biometric workflows should satisfy registration, governance, security, localisation, transfer and breach duties.6 items+
Register controllers and processors with the Ethiopian Communications Authority.
- Implementation action
- Determine the registration status required for each entity and processing role, submit the prescribed information and maintain current registration details as processing, contact or organisational information changes.
- Evidence to retain
- ECA registration; renewal or update record; controller-processor inventory; responsibility matrix.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024
Appoint a data protection officer when the statutory conditions apply.
- Implementation action
- Assess the nature, scale, monitoring and sensitive-data criteria that trigger a DPO. Where required, appoint an independent and adequately resourced DPO with access to senior management and publish or communicate the prescribed contact details.
- Evidence to retain
- DPO applicability assessment; appointment; mandate; conflict check; contact publication.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024
Maintain processing records and perform DPIAs for high-risk processing.
- Implementation action
- Inventory purposes, lawful bases, data categories, recipients, retention, security and transfers. Complete and approve a DPIA before high-risk biometric, large-scale monitoring, profiling, remote-onboarding or other processing identified by the proclamation or ECA.
- Evidence to retain
- Record of processing; lawful-basis analysis; DPIA; risk treatment; approval and review log.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024
Store personal data in Ethiopia as required and control transfers.
- Implementation action
- Map hosting, backups, support access and onward transfers. Use Ethiopian storage in accordance with the proclamation and obtain prior ECA approval before transferring sensitive personal data outside Ethiopia; document all other transfer conditions and safeguards.
- Evidence to retain
- Hosting architecture; data-location inventory; transfer assessment; ECA approval; vendor terms.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024
Notify qualifying breaches within 72 hours.
- Implementation action
- Detect, contain and assess incidents promptly. Notify the Ethiopian Communications Authority and affected data subjects within 72 hours where the proclamation requires notification, documenting content, timing, risk, delay reasons and remediation.
- Evidence to retain
- Incident plan; breach register; 72-hour timeline; ECA notice; data-subject communication; post-incident review.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024
Apply heightened controls to sensitive and biometric data.
- Implementation action
- Minimise collection, establish a valid legal condition, encrypt and segregate data, restrict access, test vendors and preserve an accessible alternative where appropriate. Fayda identity proofing does not remove financial-sector CDD or privacy duties.
- Evidence to retain
- Sensitive-data assessment; biometric policy; access logs; encryption design; vendor review; fallback process.
- Primary citation
- Personal Data Protection Proclamation No. 1321/2024; Ethiopian Digital ID Proclamation No. 1284/2023

11 control areas and 48 implementation checks, with direct regulatory sources.
Download the Ethiopia KYC, KYB & AML checklist
Share your work details for immediate access to the source-linked Ethiopia implementation checklist. Regulatory review date: 15 July 2026.
Get the PDF immediately
Submit your details and the download starts automatically
Reviewed and source-linked
Version 1.3, reviewed 15 July 2026
Trusted by leading compliance teams
Primary-source register
21 sources used for this checklist
Use these links to verify the underlying legislation, regulator guidance, reporting procedures and international status statements.
- Prevention and Suppression of Money Laundering and Financing of Terrorism Proclamation No. 780/2013National Bank of Ethiopia · Primary legislation
- AML/CFT CDD Directive No. 01/2014Financial Intelligence Service · Primary directive
- Financial Intelligence Service resource libraryFinancial Intelligence Service · Official AML/CFT resources
- Banking Business Proclamation No. 1360/2025National Bank of Ethiopia · Primary legislation
- National Payment System directivesNational Bank of Ethiopia · Official directives index
- Payment System Operator Directive ONPS/02/2020National Bank of Ethiopia · Primary regulation
- Payment Instrument Issuer Directive ONPS/06/2022National Bank of Ethiopia · Primary regulation
- Payment Instrument Issuer Amendment Directives ONPS/09/2023 and ONPS/10/2025National Bank of Ethiopia · Primary regulations
- Licensed money-transfer agentsNational Bank of Ethiopia · Official register
- Commercial Registration and Business Licensing Proclamation No. 980/2016 as amended by No. 1150/2019, and Commercial Code No. 1243/2021Ethiopian Ministry of Justice · Primary legislation collection
- Foreign Exchange Directive No. FXD/01/2024National Bank of Ethiopia · Primary regulation
- Foreign Exchange Directive No. FXD/3/2025National Bank of Ethiopia · Primary regulation
- Foreign Exchange Directive No. FXD/04/2026 - Amendment to Foreign Exchange Directive No. FXD/01/2024National Bank of Ethiopia · Primary regulation
- Foreign Exchange Directive No. FXD/05/2026National Bank of Ethiopia · Primary regulation
- Foreign Exchange Management directive indexNational Bank of Ethiopia · Official directives index
- Personal Data Protection Proclamation No. 1321/2024Ethiopian Communications Authority · Primary legislation
- Ethiopian Digital ID Proclamation No. 1284/2023 and Fayda informationNational ID Program · Primary framework and official programme information
- Prevention and Suppression of Financing the Proliferation of Weapons of Mass Destruction Proclamation No. 1132/2019Federal Justice and Law Institute · Primary legislation
- FATF jurisdictions under increased monitoring, 19 June 2026FATF · Official FATF statement
- FATF high-risk jurisdictions subject to a call for action, 19 June 2026FATF · Official FATF statement
- FATF statement removing Ethiopia from increased monitoring, 18 October 2019FATF · Official FATF statement
Direct answers
Ethiopia KYC, KYB and AML questions
Who receives suspicious transaction reports in Ethiopia?+
The Financial Intelligence Service is Ethiopia's financial intelligence unit. Financial institutions must submit through the prescribed FIS channel, protect report confidentiality and prevent tipping off.
What is the Ethiopia STR deadline for financial institutions?+
An STR must be submitted no later than 24 hours after suspicion is formed under the applicable AML/CFT framework and FIS Directive No. 01/2014. Internal review must not delay that legal deadline.
What occasional cash CDD threshold applies to financial institutions?+
CDD applies to an occasional cash transaction exceeding ETB 300,000 or USD 15,000, including linked transactions. CDD also applies irrespective of value when suspicion arises or existing identity information is doubtful.
What wire-transfer threshold applies?+
The financial-institution wire-transfer threshold is ETB 20,000 or USD 1,000 for the applicable information and verification controls. Relationship-based CDD, suspicion controls and any broader payment rule still apply.
What cash transactions must financial institutions report?+
Cash transactions above ETB 300,000 or USD 15,000 must be reported through the prescribed FIS process. Related cash transactions should be aggregated, and cash reporting does not replace STR analysis.
How long must AML and KYC records be retained?+
Financial institutions must retain CDD, transaction and relevant correspondence records for at least ten years under Proclamation No. 780/2013 and FIS Directive No. 01/2014. Apply a longer period where another law, licence condition or legal hold requires it.
What happens if required CDD cannot be completed?+
Do not open the relationship or perform the transaction. For an existing relationship, terminate it using a controlled process and consider whether the circumstances require an STR, without tipping off the customer.
Which authority administers Ethiopia's personal-data law?+
The Ethiopian Communications Authority is the statutory authority under Personal Data Protection Proclamation No. 1321/2024. The law includes controller and processor registration, conditional DPO, DPIA and record, Ethiopian-storage, transfer-approval and 72-hour breach-notification duties.
Can a fintech use Fayda for KYC?+
Fayda can support identity proofing through an authorised process, but it does not replace financial-sector CDD, KYB, beneficial-owner, PEP, sanctions, source-of-funds or monitoring obligations.
Is Ethiopia currently on the FATF grey list?+
No. Ethiopia is absent from FATF's 19 June 2026 increased-monitoring and call-for-action statements. After re-entering monitoring in 2017, Ethiopia completed its action plan and exited on 18 October 2019.
Research and review method
VOVE ID Compliance Research maps the regulatory perimeter, translates obligations into operational controls, links each material claim to a source and records the date and version of every review.
VOVE ID Compliance Research · Reviewed 15 July 2026 · Version 1.3
This checklist is general information, not legal advice. It reflects official materials available on 15 July 2026. The stated financial-institution thresholds, 24-hour STR deadline and ten-year minimum retention period are drawn from Proclamation No. 780/2013 and FIS AML/CFT CDD Directive No. 01/2014. Confirm whether additional sector rules, later amendments, reporting formats or licence conditions apply to the entity and product with FIS, NBE, the Ethiopian Communications Authority and qualified Ethiopian counsel before launch.