KYC, KYB & AML compliance checklist
Senegal KYC, KYB & AML
An implementation-focused checklist for fintechs, payment institutions, financial institutions and other regulated businesses operating in Senegal. It translates Senegal's 2024 AML/CFT/CPF law, BCEAO payment-services rules and data-protection framework into controls, actions and audit evidence.
- Reviewed
- 15 July 2026
- Version
- 1.2
- control areas
- 11
- implementation checks
- 57
Direct answer
What does the Senegal compliance checklist cover?
The Senegal checklist translates primary KYC, KYB and AML rules into 11 control areas and 57 implementation checks. It identifies the relevant authorities, customer and beneficial-owner controls, reporting duties, recordkeeping expectations and evidence teams should retain.
Key regulatory facts
- Primary AML law
- Law No. 2024-08
- FIU
- CENTIF Senegal
- Payments authority
- BCEAO
- Privacy authority
- CDP
- Core record period
- 10 years
- FATF status
- Not under increased monitoring
Implementation detail
Senegal compliance requirements and actions
Open each control area to review the requirement, recommended implementation action, evidence to retain and the primary-source citation used by the research team.
01Confirm scope, authorities and permissionsMap every Senegal-facing activity to the applicable reporting-person category, sector supervisor and licensing perimeter before onboarding customers.5 items+
Document why the business is or is not a reporting person under Law No. 2024-08.
- Implementation action
- Map each legal entity, product and customer journey to the law's financial or designated non-financial categories; record the accountable supervisor and CENTIF reporting route.
- Evidence to retain
- Signed regulatory perimeter memo; entity-product matrix; counsel or compliance approval.
- Primary citation
- Law No. 2024-08, scope and reporting-person provisions
Obtain the required BCEAO permission before providing regulated payment services.
- Implementation action
- Classify account, transfer, acquiring, issuance, remittance and initiation activities against Instruction No. 001-01-2024; do not rely on a technology or agency label to bypass authorisation.
- Evidence to retain
- Licence, approval or documented exemption; product-to-permission mapping.
- Primary citation
- BCEAO Instruction No. 001-01-2024, arts. 4, 9 and 17
Stop unlicensed payment activity where the transition period has expired.
- Implementation action
- Confirm that the operating entity and any payment partner appear within the current authorised perimeter. BCEAO Notice No. 006-05-2025 extended the transition through 31 August 2025; from 1 September 2025, only authorised payment service providers could operate within the regulated perimeter.
- Evidence to retain
- Current BCEAO register check; partner due-diligence file; documented confirmation of authorisation before operation from 1 September 2025; board launch gate.
- Primary citation
- BCEAO Notice No. 006-05-2025
Treat virtual-asset services as approval-dependent and AML-regulated.
- Implementation action
- Identify custody, exchange, transfer, issuance-support or other virtual-asset functions and obtain prior approval where applicable before service begins.
- Evidence to retain
- Virtual-asset perimeter assessment; approval correspondence; AML control mapping.
- Primary citation
- Law No. 2024-08, arts. 58–59
Assign named owners for CENTIF, BCEAO, sector-supervisor and CDP obligations.
- Implementation action
- Maintain a responsibility matrix covering regulatory filings, suspicious transaction reporting, payment safeguarding, privacy formalities and incident escalation.
- Evidence to retain
- RACI; appointment letters; committee terms; regulatory calendar.
- Primary citation
- Law No. 2024-08, arts. 12–15; BCEAO Instruction No. 001-01-2024, art. 32
02Build the AML/CFT/CPF control frameworkThe programme should be proportionate to documented risks and embedded in governance, people, systems and assurance.5 items+
Maintain a documented enterprise-wide risk assessment.
- Implementation action
- Assess customers, countries, products, services, transactions, delivery channels and new technologies; define methodology, data inputs, residual-risk logic and refresh triggers.
- Evidence to retain
- Approved risk assessment; methodology; risk appetite; change log.
- Primary citation
- Law No. 2024-08, arts. 12–15
Adopt written policies, controls and procedures aligned to identified risk.
- Implementation action
- Cover onboarding, beneficial ownership, PEPs, sanctions, monitoring, reporting, recordkeeping, outsourcing and control testing, with board or senior-management approval.
- Evidence to retain
- Policy suite; approval minutes; control library; annual review record.
- Primary citation
- Law No. 2024-08, arts. 12–15
Screen integrity and competence of relevant personnel.
- Implementation action
- Apply risk-based pre-employment checks, conflict declarations and role-specific suitability requirements for compliance-sensitive positions.
- Evidence to retain
- Screening standard; completed checks; conflict register.
- Primary citation
- Law No. 2024-08, arts. 12–15
Provide continuing, role-specific training.
- Implementation action
- Train the board, customer operations, investigators, product, engineering, sales and agents on their controls, escalation paths and tipping-off restrictions.
- Evidence to retain
- Curriculum; attendance; assessment scores; remediation log.
- Primary citation
- Law No. 2024-08, arts. 12–15 and 63
Evaluate new products and technologies before launch.
- Implementation action
- Complete AML, fraud, sanctions and privacy risk assessments before introducing material technology, channel or product changes and implement mitigating controls.
- Evidence to retain
- Pre-launch risk assessment; architecture review; control acceptance; launch approval.
- Primary citation
- Law No. 2024-08, arts. 12–15
03Identify and verify customersCDD must establish who the customer is, who acts for them, who ultimately benefits and why the relationship is being opened.6 items+
Identify and verify the customer and beneficial owner using reliable, independent sources.
- Implementation action
- Capture identity attributes and verify them against appropriate documents, data or trusted digital sources before the relationship or transaction, subject only to the law's narrow deferral conditions.
- Evidence to retain
- CDD record; verification results; source provenance; exception log.
- Primary citation
- Law No. 2024-08, arts. 16–18
Identify any person acting on behalf of the customer and verify authority.
- Implementation action
- Verify the representative, mandate and power to act; link the representative to the customer and screen both under the applicable risk rules.
- Evidence to retain
- Mandate or power of attorney; representative ID; verification and screening record.
- Primary citation
- Law No. 2024-08, arts. 17–18
Establish the purpose and intended nature of the relationship.
- Implementation action
- Collect expected activity, products, counterparties, geographies, source of funds and business rationale sufficient to set a risk rating and monitoring profile.
- Evidence to retain
- Customer profile; expected-activity baseline; risk score and rationale.
- Primary citation
- Law No. 2024-08, arts. 16 and 19–20
Apply CDD at all statutory triggers, including suspicion and relevant occasional transactions.
- Implementation action
- Configure onboarding and transaction workflows to trigger CDD for relationships, account or custody services, domestic or international transfers, linked cash activity, threshold events and any suspicion regardless of amount.
- Evidence to retain
- Trigger matrix; workflow rules; linked-transaction logic; test results.
- Primary citation
- Law No. 2024-08, art. 17
Use deferred verification only where every legal condition is satisfied.
- Implementation action
- Complete verification as soon as possible and before the first transaction; document why delay is essential not to interrupt normal business and how risks are effectively controlled under pre-approved procedures.
- Evidence to retain
- Deferral policy; case approval; no-transaction control; completion timestamps.
- Primary citation
- Law No. 2024-08, art. 18
Do not proceed when required CDD cannot be completed and file the mandatory suspicious transaction report.
- Implementation action
- Do not open the relationship, refuse the occasional transaction or terminate the relationship as applicable; submit a suspicious transaction report to CENTIF as required by article 25 without tipping off the customer.
- Evidence to retain
- Decline or exit record; investigation decision; STR filing receipt and restricted case record.
- Primary citation
- Law No. 2024-08, arts. 22 and 25
04Verify businesses and beneficial ownersKYB must establish legal existence, authority, ownership and the natural persons who ultimately own or control the customer.5 items+
Verify legal name, form, constitutive documents, powers and addresses.
- Implementation action
- Obtain current registry and constitutional records, registered and principal office, governing documents, tax or sector identifiers and proof of operating status from reliable sources.
- Evidence to retain
- Registry extract; statutes; address proof; independent-source checks.
- Primary citation
- Law No. 2024-08, art. 26
Understand the customer's activity, ownership and control structure.
- Implementation action
- Map legal and economic activity, directors or equivalent controllers, shareholders, members, intermediate entities and control rights through every layer.
- Evidence to retain
- Ownership chart; director register; corporate profile; analyst notes.
- Primary citation
- Law No. 2024-08, art. 26
Apply the beneficial-owner cascade to natural persons.
- Implementation action
- Identify the natural person exercising controlling ownership; if none is identified, determine control through other means; only then identify the relevant senior managing official and document why.
- Evidence to retain
- BO calculation; control analysis; fallback rationale; verified BO files.
- Primary citation
- Law No. 2024-08, art. 26
Keep shareholder, member and beneficial-ownership information accurate and current.
- Implementation action
- Require event-driven notifications, periodic refresh and discrepancy escalation; reconcile customer information against available registries and reliable sources.
- Evidence to retain
- Registers; refresh schedule; change alerts; discrepancy cases.
- Primary citation
- Law No. 2024-08, arts. 76–79
Detect bearer, nominee, trust and similar opacity risks.
- Implementation action
- Identify nominee arrangements, bearer instruments, trusts and comparable legal arrangements; establish the relevant parties, control and purpose and apply enhanced measures where risk is elevated.
- Evidence to retain
- Legal-arrangement questionnaire; party verification; enhanced review.
- Primary citation
- Law No. 2024-08, arts. 80–83
05Apply enhanced and remote due diligenceHigher-risk relationships require deeper evidence, approval and monitoring; lower-risk treatment must be justified rather than assumed.5 items+
Identify domestic, foreign and international organisation PEPs and relevant connected persons.
- Implementation action
- Use risk-based systems to identify PEP status and apply the statutory treatment to family members and close associates where required.
- Evidence to retain
- PEP screening record; relationship analysis; match disposition.
- Primary citation
- Law No. 2024-08, art. 29
Obtain senior approval and establish source of wealth and source of funds for PEP relationships.
- Implementation action
- Complete corroborated wealth and funds analysis before onboarding or continuing the relationship and obtain approval at the prescribed senior level.
- Evidence to retain
- Source analysis; corroborating records; signed approval.
- Primary citation
- Law No. 2024-08, art. 29
Apply enhanced, ongoing monitoring and periodically reassess former PEP risk.
- Implementation action
- Set tighter scenarios and review frequency, and reevaluate PEP profiles at least every three years while retaining risk-based treatment after public functions end.
- Evidence to retain
- Monitoring plan; review diary; three-year reassessment record.
- Primary citation
- Law No. 2024-08, art. 29
Control non-face-to-face identity and impersonation risk.
- Implementation action
- Use layered document, biometric or equivalent verification, device and fraud signals, liveness where proportionate, channel limits and manual escalation calibrated to risk.
- Evidence to retain
- Remote-onboarding standard; vendor assessment; model tests; exception cases.
- Primary citation
- Law No. 2024-08, art. 22
Document the basis for enhanced or simplified measures.
- Implementation action
- Apply enhanced controls to higher risks and simplified measures only where lower risk is demonstrated and no suspicion or mandatory enhanced-treatment condition applies.
- Evidence to retain
- Risk decision; control variation; approval and review date.
- Primary citation
- Law No. 2024-08, arts. 84–85
06Monitor activity and report suspicionMonitoring must compare actual behaviour with the known customer and promptly escalate suspicion to CENTIF.6 items+
Keep CDD and risk profiles current throughout the relationship.
- Implementation action
- Refresh on risk-based cycles and events such as ownership change, unusual activity, document expiry, adverse information or material product change.
- Evidence to retain
- Refresh rules; event triggers; completed reviews; overdue dashboard.
- Primary citation
- Law No. 2024-08, arts. 16 and 19–20
Monitor transactions against customer knowledge and expected activity.
- Implementation action
- Implement scenarios and investigations covering size, frequency, velocity, counterparties, geography, channels, source of funds and unexplained changes.
- Evidence to retain
- Scenario inventory; tuning rationale; alerts; investigation files.
- Primary citation
- Law No. 2024-08, arts. 19–21
Examine complex, unusual or apparently purposeless activity and preserve a written analysis.
- Implementation action
- Investigate origin, destination, purpose and beneficial owner; create a confidential written report even where suspicion is not ultimately established.
- Evidence to retain
- Special-examination report; supporting data; reviewer sign-off.
- Primary citation
- Law No. 2024-08, art. 21
Report suspected, attempted and relevant proposed activity to CENTIF immediately.
- Implementation action
- File when there is suspicion or reasonable ground to suspect money laundering, terrorist financing, proliferation financing, a predicate offence or other statutory reporting circumstance; send supplementary information without delay.
- Evidence to retain
- STR decision record; filing receipt; supplement log; restricted case file.
- Primary citation
- Law No. 2024-08, art. 60
Refrain from execution before reporting unless a statutory exception applies.
- Implementation action
- Pause the transaction where required. If execution cannot be deferred, deferral would obstruct investigation, or suspicion arises afterward, notify CENTIF without delay and document the reason.
- Evidence to retain
- Hold decision; exception rationale; filing timestamp; release approval.
- Primary citation
- Law No. 2024-08, art. 61
Prevent tipping off and implement CENTIF opposition instructions.
- Implementation action
- Restrict knowledge of filings and inquiries. Operationalise CENTIF's opposition period of up to four days and escalation for judicial extension or provisional seizure.
- Evidence to retain
- Confidentiality controls; access logs; hold workflow; legal escalation record.
- Primary citation
- Law No. 2024-08, arts. 63 and 65
07Control payments, transfers and cash riskPayment and transfer controls should preserve required originator and beneficiary information and identify linked or unusual activity.5 items+
Capture and transmit required originator and beneficiary information.
- Implementation action
- Map mandatory data fields across domestic, cross-border and intermediary payment flows; reject, suspend or investigate missing or unreliable information according to documented rules.
- Evidence to retain
- Data dictionary; message samples; missing-data rules; QA results.
- Primary citation
- Law No. 2024-08, transfer provisions, arts. 39–46
Detect linked transactions and threshold avoidance.
- Implementation action
- Aggregate related cash and occasional transactions across channels, accounts, devices, agents and the statutory time window; maintain configurable thresholds set by competent authority.
- Evidence to retain
- Aggregation logic; threshold register; scenario tests; cases.
- Primary citation
- Law No. 2024-08, arts. 17 and 72
Apply enhanced monitoring to unusual or unrelated deposits and cash activity.
- Implementation action
- Escalate activity inconsistent with the customer's profile, stated business or economic purpose and document source-of-funds inquiries.
- Evidence to retain
- Cash-risk rules; source evidence; analyst disposition.
- Primary citation
- Law No. 2024-08, arts. 21 and 72
Maintain agent and partner controls across the payment chain.
- Implementation action
- Conduct due diligence, contract for AML and data obligations, train relevant personnel, monitor performance and preserve audit and termination rights.
- Evidence to retain
- Partner file; contract clauses; training; monitoring dashboard.
- Primary citation
- BCEAO Instruction No. 001-01-2024, governance and risk-control requirements
Reconstruct the full payment trail.
- Implementation action
- Retain identifiers, timestamps, amounts, currencies, channels, account or wallet references, parties, screening results and decision history in an exportable format.
- Evidence to retain
- Sample reconstruction; lineage map; retention and access test.
- Primary citation
- Law No. 2024-08, art. 23
08Implement targeted financial sanctionsFreezing measures must operate immediately, without prior notice, and cover funds and economic resources linked to designated persons and entities.5 items+
Screen customers, beneficial owners, controllers and transactions against applicable designations.
- Implementation action
- Screen at onboarding, list updates, material profile changes and before relevant transactions; include aliases, transliteration and ownership or control analysis.
- Evidence to retain
- List inventory; screening configuration; update logs; match files.
- Primary citation
- Law No. 2024-08, arts. 89–90
Freeze designated funds and economic resources immediately and without prior notice.
- Implementation action
- Create a 24/7 decision and technical-control path that blocks movement, alteration, use or access once the legal condition is met.
- Evidence to retain
- Freeze procedure; system test; incident timeline; approvals.
- Primary citation
- Law No. 2024-08, art. 89
Prevent funds or economic resources from being made available.
- Implementation action
- Control direct and indirect availability, including through owned or controlled entities, intermediaries, cards, wallets, agents and refunds.
- Evidence to retain
- Control mapping; ownership analysis; blocked-payment tests.
- Primary citation
- Law No. 2024-08, art. 89
Notify CENTIF and the competent authority immediately.
- Implementation action
- Maintain a controlled reporting workflow for frozen assets, attempted activity, false positives and subsequent directions.
- Evidence to retain
- Notification template; filing receipt; regulator correspondence.
- Primary citation
- Law No. 2024-08, art. 90
Apply sanctions controls consistently across the group.
- Implementation action
- Define group-wide minimums, local legal escalation and information-sharing safeguards so Senegal operations receive and implement designations without delay.
- Evidence to retain
- Group standard; local annex; update SLA; assurance results.
- Primary citation
- Law No. 2024-08, art. 89
09Retain records and support assuranceRecords should allow authorities and auditors to reconstruct decisions, relationships and transactions over the statutory period.5 items+
Keep identity, KYC, profile and analysis records for 10 years after closure or cessation.
- Implementation action
- Start the retention clock from account closure or the end of the business relationship and preserve documents, data, decisions and special examinations.
- Evidence to retain
- Retention schedule; lifecycle rules; sampled archived files.
- Primary citation
- Law No. 2024-08, art. 23
Keep transaction, accounting and correspondence records for 10 years after the transaction.
- Implementation action
- Apply transaction-based clocks and preserve sufficient detail for complete reconstruction and evidential use.
- Evidence to retain
- Storage configuration; transaction sample; retrieval test.
- Primary citation
- Law No. 2024-08, art. 23
Preserve corporate and beneficial-ownership records after dissolution.
- Implementation action
- Contractually and operationally ensure relevant parties keep required company and BO information for at least 10 years after dissolution or the end of the applicable relationship.
- Evidence to retain
- Dissolution checklist; archive owner; retention proof.
- Primary citation
- Law No. 2024-08, arts. 76–79
Protect confidentiality while enabling timely authority access.
- Implementation action
- Use least privilege, immutable logs, legal holds and controlled exports; separate STR and sanctions files from ordinary customer-service access.
- Evidence to retain
- Access matrix; audit logs; legal-hold test; disclosure register.
- Primary citation
- Law No. 2024-08, arts. 23 and 63
Test control design and operating effectiveness independently.
- Implementation action
- Set a risk-based compliance monitoring and independent audit plan; track findings to accountable owners and board-visible closure.
- Evidence to retain
- Monitoring plan; audit reports; issue register; closure evidence.
- Primary citation
- Law No. 2024-08, arts. 12–15
10Protect personal and biometric dataIdentity verification creates high-risk personal-data processing that must be lawful, proportionate, secure and subject to CDP formalities.5 items+
Map identity, biometric, corporate and monitoring data to a lawful and defined purpose.
- Implementation action
- Maintain records of processing covering source, purpose, fields, recipients, location, retention, security and rights handling; separate legal obligations from optional analytics or marketing.
- Evidence to retain
- Data inventory; processing register; purpose and legal-basis assessment.
- Primary citation
- Law No. 2008-12 on personal data protection
Complete applicable declarations or prior authorisations with CDP.
- Implementation action
- Classify each processing operation under CDP formalities, including sensitive or biometric processing, interconnected files and transfers to third countries, before production use where authorisation is required.
- Evidence to retain
- CDP filing; receipt or authorisation; processing-to-formality matrix.
- Primary citation
- CDP, Formalities; Law No. 2008-12 and Decree No. 2008-721
Provide clear notices and operationalise individual rights.
- Implementation action
- Explain controller identity, purposes, required fields, recipients, transfers, retention and rights; authenticate and log access, correction, objection or deletion requests subject to legal retention duties.
- Evidence to retain
- Privacy notice; request workflow; response log; exemption rationale.
- Primary citation
- CDP, Understanding your rights; Law No. 2008-12
Minimise collection and secure identity evidence.
- Implementation action
- Limit data to what is necessary, encrypt in transit and at rest, restrict access, test vendors and deletion, and maintain incident detection and response appropriate to identity and biometric risk.
- Evidence to retain
- Data-minimisation review; security architecture; access logs; incident plan.
- Primary citation
- CDP, Business obligations; Law No. 2008-12
Control processors, vendors and international transfers.
- Implementation action
- Perform due diligence, document instructions, confidentiality, security, sub-processing, audit, return or deletion and transfer safeguards; verify actual data locations.
- Evidence to retain
- Vendor assessment; data-processing terms; transfer map; audit record.
- Primary citation
- Law No. 2008-12; CDP formalities
11Operate BCEAO payment-service controlsLicensed payment operations require governance, safeguarding, operational resilience and customer-protection controls in addition to AML compliance.5 items+
Maintain governance, internal control and risk-management arrangements proportionate to payment activity.
- Implementation action
- Document decision rights, control functions, risk and security frameworks, outsourcing, continuity, incident response, data protection and complaint management, and maintain the ongoing governance arrangements required for authorised payment institutions.
- Evidence to retain
- Governance framework; risk register; continuity tests; complaint reports; periodic governance review.
- Primary citation
- BCEAO Instruction No. 001-01-2024, art. 32
Safeguard and segregate customer funds.
- Implementation action
- Deposit undelivered customer funds no later than the next business day into cantonnement accounts that are separate and distinct from operating accounts and held at a bank or microfinance institution; reconcile safeguarded balances daily and ensure the funds are protected from claims in the payment institution's insolvency.
- Evidence to retain
- Cantonnement account agreements and bank or microfinance institution confirmations; next-business-day deposit records; daily reconciliations; insolvency-protection terms; shortfall escalation records.
- Primary citation
- BCEAO Instruction No. 001-01-2024, art. 48
Use only authorised institutions and partners.
- Implementation action
- Check the current BCEAO register at onboarding and periodically; verify the exact licensed entity, services, jurisdictions and restrictions rather than relying on a trading name.
- Evidence to retain
- Register extracts; partner licence file; periodic recheck log.
- Primary citation
- BCEAO list of authorised payment institutions, 28 February 2026
Integrate security, fraud and AML controls.
- Implementation action
- Share governed signals between fraud, cybersecurity and AML teams; define escalation for account takeover, mule activity, agent abuse and payment anomalies without weakening STR confidentiality.
- Evidence to retain
- Integrated scenario map; escalation SLA; incident and case samples.
- Primary citation
- BCEAO Instruction No. 001-01-2024, art. 32; Law No. 2024-08
Run a documented launch and periodic compliance gate.
- Implementation action
- Before launch and material changes, confirm licence, AML, safeguarding, privacy, outsourcing, customer terms, complaints, resilience and reporting readiness; repeat on a defined cycle.
- Evidence to retain
- Launch checklist; accountable approvals; periodic certification; open-risk log.
- Primary citation
- BCEAO Instruction No. 001-01-2024; Law No. 2024-08

11 control areas and 57 implementation checks, with direct regulatory sources.
Download the Senegal KYC, KYB & AML checklist
Share your work details for immediate access to the source-linked Senegal implementation checklist. Regulatory review date: 15 July 2026.
Get the PDF immediately
Submit your details and the download starts automatically
Reviewed and source-linked
Version 1.2, reviewed 15 July 2026
Trusted by leading compliance teams
Primary-source register
14 sources used for this checklist
Use these links to verify the underlying legislation, regulator guidance, reporting procedures and international status statements.
- Law No. 2024-08 of 14 February 2024, Official Journal No. 7716Republic of Senegal / Vie-Publique.sn · Primary legislation
- Instruction No. 001-01-2024 on payment services in the WAMUBCEAO · Primary regulation
- Payment-services instruction landing pageBCEAO · Official guidance
- Notice No. 006-05-2025 extending the payment-institution transition period through 31 August 2025BCEAO · Official notice
- Authorised payment institutions as at 28 February 2026BCEAO · Official register
- Personal data protection legislationCommission de Protection des Données Personnelles · Official legislation portal
- Personal data protection regulationsCommission de Protection des Données Personnelles · Official regulation portal
- Processing declarations and prior authorisationsCommission de Protection des Données Personnelles · Official compliance guidance
- Business data-protection obligationsCommission de Protection des Données Personnelles · Official compliance guidance
- Jurisdictions under increased monitoring, October 2024FATF · Official FATF statement
- Jurisdictions under increased monitoring, 19 June 2026FATF · Official FATF statement
- CENTIF Senegal 2024 annual reportCENTIF Senegal / Vie-Publique.sn · Official report
- Senegal 2025 national risk assessmentCENTIF Senegal / Vie-Publique.sn · Official risk assessment
- Compliance in Senegal 2026: BCEAO guide for fintech startupsVOVE ID · Contextual implementation guide
Direct answers
Senegal KYC, KYB and AML questions
Who receives suspicious transaction reports in Senegal?+
Reporting persons submit suspicious transaction reports to CENTIF Senegal. Law No. 2024-08 requires immediate reporting of covered suspected, attempted and relevant proposed activity and supplementary information without delay.
Can customer verification be completed after onboarding?+
Only under the narrow conditions in article 18: completion as soon as possible and before the first transaction, necessity to avoid interrupting normal business, effective risk management and pre-established risk procedures. This is not a general grace period. If required CDD cannot be completed, article 25 requires the relationship or transaction to be refused or terminated as applicable and a suspicious transaction report to be submitted to CENTIF without tipping off the customer.
How long should AML records be kept?+
Core identity, KYC, profile and analysis records are retained for 10 years after account closure or the end of the relationship. Transaction, accounting and correspondence records are retained for 10 years after the transaction.
Do fintechs need BCEAO authorisation?+
A fintech providing a regulated payment service must operate within the applicable BCEAO authorisation framework. The exact requirement depends on the legal entity and service. BCEAO Notice No. 006-05-2025 extended the transition through 31 August 2025; from 1 September 2025, only authorised payment service providers could operate within the regulated perimeter.
Is Senegal currently on the FATF grey list?+
No. FATF removed Senegal from increased monitoring in October 2024, and its 19 June 2026 statement confirms that Senegal is not under increased monitoring. Firms must still apply the domestic risk-based framework and enhanced measures wherever their own risk assessment requires them.
Does KYC data require CDP formalities?+
Potentially. Organisations should classify each processing operation under Senegal's privacy framework. Sensitive or biometric processing, interconnected files and certain third-country transfers may require prior authorisation rather than a simple declaration.
Research and review method
VOVE ID Compliance Research maps the regulatory perimeter, translates obligations into operational controls, links each material claim to a source and records the date and version of every review.
VOVE ID Compliance Research · Reviewed 15 July 2026 · Version 1.2
This checklist is general information, not legal advice. It is based on official materials available on 15 July 2026. Thresholds, implementing decisions, sector rules and supervisory expectations may change. Confirm applicability with CENTIF, BCEAO, the competent sector supervisor, CDP and qualified Senegalese counsel before launch.