KYC, KYB & AML compliance checklist
Tanzania KYC, KYB & AML
A territory-aware implementation checklist for regulated fintechs and reporting persons operating in Mainland Tanzania, Tanzania Zanzibar, or both.
- Reviewed
- 15 July 2026
- Version
- 1.3
- control areas
- 10
- implementation checks
- 40
Direct answer
What does the Tanzania compliance checklist cover?
The Tanzania checklist translates primary KYC, KYB and AML rules into 10 control areas and 40 implementation checks. It identifies the relevant authorities, customer and beneficial-owner controls, reporting duties, recordkeeping expectations and evidence teams should retain.
Key regulatory facts
- AML authorities
- FIU Tanzania; Zanzibar FIU functions under the Zanzibar framework
- Payments authority
- Bank of Tanzania; NPS Act applies in Mainland and Zanzibar
- Company registries
- BRELA (Mainland); BPRA (Zanzibar)
- STR channel
- FIU goAML / prescribed FIU channel
- Mainland threshold reports
- Cash >= USD 10,000; EFT >= USD 1,000; file within 5 working days
- AML retention
- Generally 10 years, measured from the applicable statutory trigger
- Data protection
- PDPA 2022; in Zanzibar only for Union matters
- FATF status
- Not under increased monitoring since June 2025
Implementation detail
Tanzania compliance requirements and actions
Open each control area to review the requirement, recommended implementation action, evidence to retain and the primary-source citation used by the research team.
01Scope, licensing and accountabilityMap the legal entity, territory, regulated activity and reporting-person category before configuring controls. Mainland and Zanzibar do not share one company or general AML statute.4 items+
Document territorial and regulatory scope
- Implementation action
- For each entity and product, record whether operations, incorporation, customers and regulated activities fall in Mainland Tanzania, Tanzania Zanzibar, or both. Map the applicable AML statute, sector regulator, FIU reporting route and registry.
- Evidence to retain
- Approved scope memorandum; entity-product-territory matrix; legal advice and regulatory correspondence.
- Primary citation
- AMLA Cap. 423 R.E. 2023; AMLPOCA No. 10 of 2009 as amended [01][02][03]
Confirm licences before launch
- Implementation action
- Do not operate a payment system, issue a payment instrument or issue electronic money without the licence or approval required by the Bank of Tanzania. Map licence conditions, renewals, agents, outsourcing and material-change approvals.
- Evidence to retain
- BoT licence or approval; regulatory-perimeter analysis; conditions register; renewal calendar.
- Primary citation
- National Payment Systems Act 2015 ss. 5, 15 and 24; Licensing and Approval Regulations 2015 [12][13][14]
Maintain a risk-based AML/CFT/CPF programme
- Implementation action
- Approve an enterprise risk assessment and proportionate controls covering customers, beneficial owners, products, channels, geography, transactions, agents and new technology. Refresh after material change and when risk intelligence changes.
- Evidence to retain
- Board-approved risk assessment; methodology; residual-risk decisions; control map; review log.
- Primary citation
- AMLA Cap. 423 R.E. 2023; AML Regulations 2022 as amended [01][04][05]
Appoint accountable compliance leadership
- Implementation action
- Appoint an eligible, sufficiently senior and independent compliance officer or MLRO; define direct escalation, access to records, reporting authority, training, independent testing and board oversight.
- Evidence to retain
- Appointment and FIU/regulator filing where required; role profile; board minutes; training and audit plans.
- Primary citation
- AMLA and applicable AML regulations [01][04][05]
02Customer due diligence and enhanced due diligenceCDD must establish who the customer and ultimate beneficial owner are, why the relationship exists and whether activity remains consistent with the known risk profile.6 items+
Apply CDD at every statutory trigger
- Implementation action
- Identify and verify the customer and ultimate beneficial owner before establishing a relationship or carrying out a covered occasional transaction, and again where ML/TF/PF is suspected, prior information is doubtful, or risk materiality requires it.
- Evidence to retain
- Trigger matrix; identity records; verification results; customer and beneficial-owner profiles; refresh log.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 16 [01]
Understand purpose, ownership and control
- Implementation action
- For natural persons capture reliable identity, address, occupation, source-of-funds context and purpose. For legal persons and arrangements verify legal existence, powers, directors or equivalent controllers, ownership chain and the natural persons who ultimately own or control them.
- Evidence to retain
- CDD/KYB file; registry extracts; constitutional documents; ownership chart; control analysis; source-of-funds evidence.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 16; AML Regulations 2022 as amended [01][04][05]
Apply PEP and high-risk controls
- Implementation action
- Use risk-management systems to identify domestic, foreign and international-organisation PEPs, family members and close associates. Obtain senior-management approval, establish source of wealth and funds, apply enhanced monitoring, and use enhanced measures for other high-risk relationships.
- Evidence to retain
- PEP screening; approval; source-of-wealth/funds assessment; enhanced-review and monitoring records.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 16 [01]
Constrain deferred verification
- Implementation action
- Allow commencement before verification completes only for proven low-risk customers and under adopted risk-management procedures governing use before verification. Statutorily permitted activity includes opening an account and allowing an initial deposit, or depositing funds for new or existing low-risk services. As additional risk controls, set a short completion deadline, prevent withdrawals or higher-risk use, and stop the relationship if verification fails.
- Evidence to retain
- Proven low-risk assessment; adopted pre-verification procedure; permitted-activity rules; deadline and stop controls; exception log.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s.16; GN 853E of 2023 reg.8(3) [01][05]
Stop and report failed CDD
- Implementation action
- Where CDD cannot be completed, do not commence the relationship or transaction, or terminate an existing relationship as applicable, and submit an STR to the FIU. This refusal-or-termination and reporting outcome is mandatory.
- Evidence to retain
- Rejected or exited case; mandatory STR decision and receipt; access-controlled audit trail.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s.16 [01]
Apply the tipping-off safeguard as FATF guidance
- Implementation action
- Where there is suspicion and the firm reasonably believes continuing CDD would tip off the customer, use the FATF Recommendation 10 interpretive guidance to stop that CDD process and file an STR. Label this as international guidance rather than a separate rule attributed solely to AMLA section 16.
- Evidence to retain
- Tipping-off assessment; MLRO approval; STR receipt; restricted case record.
- Primary citation
- FATF Recommendation 10 Interpretive Note [21]
03Business verification and beneficial ownershipRegistry duties are territorial. BRELA requirements below apply to companies incorporated or registered in Mainland Tanzania; Zanzibar entities use BPRA and the Zanzibar Companies Act.4 items+
Verify the business independently
- Implementation action
- Obtain a current registry extract, legal name, number, status, registered office, constitutional documents, business activity, licences, directors and authorised signatories from BRELA for Mainland entities or BPRA for Zanzibar entities. Reconcile discrepancies before approval.
- Evidence to retain
- Dated registry extract; licence checks; constitutional documents; authority matrix; discrepancy resolution.
- Primary citation
- Companies Act Cap. 212 and BRELA rules (Mainland); Zanzibar Companies Act No. 15 of 2013 and BPRA (Zanzibar) [06][07][08]
Identify every ultimate natural-person owner or controller
- Implementation action
- Trace direct and indirect ownership and control through each layer. Record natural persons who ultimately own, exercise substantial control or influence, receive substantial economic benefit, or on whose behalf an arrangement is conducted. Do not stop at a nominee or corporate shareholder.
- Evidence to retain
- Ownership chart; declarations; shareholder and control records; corroborating registry or source documents.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 16; Companies (Beneficial Ownership) Regulations 2021 (Mainland) [01][07]
Maintain and file Mainland BO information
- Implementation action
- For a Mainland company, maintain the statutory BO register and file Form 14b particulars as required. Apply the Regulations' 30-day periods to the specific events they cover: cessation notices, declarations of beneficial interest and changes, company returns after receiving declarations, and changes of beneficial owners. Do not treat every initial submission as subject to one generic 30-day clock.
- Evidence to retain
- BO register; Form 14b and event-specific forms; filed acknowledgements; event/deadline matrix; reconciliation record.
- Primary citation
- Companies (Beneficial Ownership) Regulations 2021 regs.3-5 (Mainland only) [07]
Apply Zanzibar company rules separately
- Implementation action
- For a Zanzibar company, obtain and maintain company and ownership information under the Zanzibar Companies Act and BPRA process. Do not treat the Mainland BRELA beneficial-ownership forms or 30-day filing rule as automatically applicable.
- Evidence to retain
- BPRA extract and filings; Zanzibar legal analysis; ownership records; periodic refresh.
- Primary citation
- Zanzibar Companies Act No.15 of 2013; Companies Regulations 2017; BPRA [08][20]
04Ongoing monitoring and suspicious transaction reportingMonitoring must use the customer’s expected profile and all available information. STR obligations are separate from automatic threshold-reporting rules.4 items+
Monitor relationships continuously
- Implementation action
- Scrutinise transactions throughout the relationship for consistency with customer knowledge, business, risk profile and source of funds where necessary. Keep CDD data current, with more frequent reviews for higher-risk customers.
- Evidence to retain
- Monitoring scenarios; expected-activity profile; alerts and investigations; periodic and event-driven reviews.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 16; AML amendment regulations 2023 reg. 8A [01][05]
File STRs through the prescribed FIU channel
- Implementation action
- After forming suspicion, submit the STR to the FIU within 24 hours and, wherever possible, before the transaction is carried out. Cover proposed and attempted transactions as well as completed activity. Ascertain the purpose of the funds, property, transaction, or proposed or attempted transaction; the origin and ultimate destination; and the identity and address of every ultimate beneficiary, without tipping off the customer, and retain the findings.
- Evidence to retain
- Suspicion timestamp; inquiry record; proposed, attempted or completed transaction details; goAML filing and receipt; 24-hour SLA evidence.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s.18 [01]
Prevent tipping off and preserve confidentiality
- Implementation action
- Restrict STR and investigation information to authorised personnel, suppress customer-facing signals, and train staff not to disclose that an STR is contemplated or filed.
- Evidence to retain
- Role-based access; confidentiality policy; training; communication controls; audit logs.
- Primary citation
- AMLA Cap. 423 R.E. 2023 and applicable regulations [01][04]
Keep decision quality auditable
- Implementation action
- Record facts considered, typologies, linked activity, customer explanation, risk indicators, decision-maker, timing and follow-up for both filed and closed alerts.
- Evidence to retain
- Investigation file; rationale template; QA review; management information and escalation record.
- Primary citation
- AMLA ss. 16-18; AML Regulations 2022 as amended [01][04][05]
05Mainland reporting and wire controlsThis section implements the 2019 Electronic Funds Transfer and Cash Transaction Reporting Regulations, which expressly apply to Mainland Tanzania.5 items+
Report Mainland threshold transactions
- Implementation action
- Report a single currency transaction of USD 10,000 equivalent or more and a single electronic funds transfer of USD 1,000 equivalent or more, using the official BoT exchange rate at transaction time. Submit no later than five working days after the transaction.
- Evidence to retain
- Threshold engine; exchange-rate snapshot; report file and FIU receipt; exception log.
- Primary citation
- EFT and Cash Transaction Reporting Regulations 2019 regs. 2, 5 and 12 (Mainland only) [09]
Aggregate related activity precisely
- Implementation action
- Treat two or more currency transactions or EFTs within 24 hours as one reportable transaction when they total at least USD 10,000 equivalent and are conducted by or on behalf of the same person or entity, or are destined to the same recipient. Do not aggregate different originators solely because they send to the same recipient.
- Evidence to retain
- 24-hour aggregation logic; originator and recipient linkage; exception tests; filed reports.
- Primary citation
- EFT and Cash Transaction Reporting Regulations 2019 reg. 11 (Mainland only) [09]
Preserve ordering-institution information
- Implementation action
- Ensure every EFT carries the required originator and beneficiary information. An ordering institution must retain it for ten years and must not execute a transfer that lacks the required information.
- Evidence to retain
- Payment-message schema; completeness validation; rejected-transfer logs; ten-year archive.
- Primary citation
- EFT and Cash Transaction Reporting Regulations 2019 regs. 4 and 9 (Mainland only) [09]
Apply intermediary-institution controls
- Implementation action
- As an intermediary, retain accompanying originator and beneficiary information, keep information received from upstream institutions for at least ten years, identify deficient transfers, and use risk-based rules to execute, reject or suspend them and determine follow-up.
- Evidence to retain
- Intermediary rules; payment records; deficiency alerts; execute/reject/suspend decisions; follow-up cases.
- Primary citation
- EFT and Cash Transaction Reporting Regulations 2019 reg. 10 (Mainland only) [09]
Assess Zanzibar payment-reporting duties separately
- Implementation action
- Do not extend the Mainland 2019 threshold and wire-transfer regulation to Zanzibar by assumption. Map Zanzibar AMLPOCA rules, FIU directions and any BoT payment-system licence conditions that apply to the Zanzibar operation.
- Evidence to retain
- Zanzibar reporting matrix; legal advice; regulator instructions; configured jurisdictional rules.
- Primary citation
- AMLPOCA framework and scope of GN 420 of 2019 [02][03][09]
06Targeted financial sanctionsUse the 2022 Prevention of Terrorism (General) Regulations together with both the 2023 and 2024 amendments. Screening alone is not compliance: matching, freezing and reporting must be operational.4 items+
Ingest and screen current designations
- Implementation action
- For a UN Security Council designation or update, ensure FIU circulation occurs within 12 hours. Implement the communicated measure within 12 hours of receipt and, in every case, within 24 hours of the UN designation or update. Keep automated intake, escalation and timestamp evidence.
- Evidence to retain
- UN/FIU source inventory; circulation receipt; ingestion and implementation timestamps; customer, BO and transaction screening logs; SLA tests.
- Primary citation
- POTA General Regulations 2022 reg.4 as amended in 2023 and 2024 [10][11][11B]
Freeze without delay and without prior notice
- Implementation action
- On a confirmed match, prohibit dealing, block availability of funds, assets and related services, and freeze all covered directly or indirectly owned, jointly owned, controlled, derived or directed assets without delay and without notifying the designated party in advance.
- Evidence to retain
- Match decision; asset map; freeze timestamp; blocked transactions; legal and compliance approvals.
- Primary citation
- Prevention of Terrorism (General) Regulations 2022 regs. 19-20 [10]
Complete the prescribed reporting chain
- Implementation action
- When a funds or asset freeze is effected, notify the Minister and copy the Police Force and FIU within 24 hours of implementation. Separately, under amended regulation 20(4), report without delay any freeze effected, attempted or other transaction, and action taken to comply with the prohibition. For domestic designations, report covered funds or assets to the Committee without delay under regulation 12.
- Evidence to retain
- Minister, Police and FIU notices and receipts; Committee report; freeze and attempted-transaction report; complete timeline.
- Primary citation
- POTA General Regulations 2022 regs.12 and 20, as amended in 2023 and 2024 [10][11][11B]
Control false positives, delisting and authorised access
- Implementation action
- Use documented match-resolution criteria, keep assets frozen while a true match remains designated, and implement variation, mistaken-identity and delisting decisions only through the competent process.
- Evidence to retain
- False-positive rationale; escalation; variation or delisting authority; unfreeze approval and timestamp.
- Primary citation
- Prevention of Terrorism (General) Regulations 2022 regs. 15, 21 and 24 [10]
07Record keeping and retrievabilityRetention clocks differ by record type. A single generic 'ten years from creation' rule is not sufficient.3 items+
Apply statutory ten-year trigger dates
- Implementation action
- Retain transaction and linked-series records for ten years from completion or last activity; relationship and CDD records for ten years from formal termination; and analysis or risk-assessment records for ten years from completion. Extend retention where a report, investigation or authority requires it.
- Evidence to retain
- Retention schedule by record class; trigger-date fields; legal holds; deletion approvals.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 17 [01]
Keep records complete and rapidly retrievable
- Implementation action
- Preserve identity and beneficial-owner evidence, account files, correspondence, transaction data, payment messages, monitoring and investigation records, reports and training evidence in a form sufficient to reconstruct activity and respond promptly to lawful requests.
- Evidence to retain
- Indexed archive; reconstruction test; access controls; authority-request log; backup and integrity evidence.
- Primary citation
- AMLA Cap. 423 R.E. 2023 s. 17; applicable AML regulations [01][04]
Reconcile overlapping payment retention
- Implementation action
- For Mainland EFTs, also preserve ordering and intermediary originator/beneficiary information for the specific ten-year periods required by the 2019 regulation. Apply the longer or more specific lawful rule where obligations overlap.
- Evidence to retain
- Payment retention map; message archive; tested retrieval; conflict-resolution record.
- Primary citation
- EFT and Cash Transaction Reporting Regulations 2019 regs. 9-10 (Mainland only) [09]
08Payment-system and electronic-money controlsThe National Payment Systems Act applies to Mainland Tanzania and Tanzania Zanzibar. Detailed licence conditions and later BoT instruments must be checked for the specific service.3 items+
Map each payment activity to BoT permission
- Implementation action
- Classify payment-system operation, payment instruments, switching or processing, money transfer, e-money issuance and agent activity. Obtain the corresponding licence or approval and do not rely on a partner's permission unless the structure is expressly authorised.
- Evidence to retain
- Activity-permission matrix; licence or approval; partner responsibility map; launch gate.
- Primary citation
- National Payment Systems Act 2015 ss. 2, 5, 15 and 24; Licensing Regulations 2015 [12][13]
Protect e-money and customer funds
- Implementation action
- Where issuing e-money, implement the required eligible entity structure, trust or special-account arrangements, safeguarding, redemption, reconciliation, liquidity, agent, reporting and governance controls.
- Evidence to retain
- E-money approval; trust documents; daily reconciliations; safeguarding and redemption tests; returns.
- Primary citation
- National Payment Systems Act 2015 Part VI-VII; Electronic Money Regulations 2015 [12][14]
Maintain operational, security and consumer controls
- Implementation action
- Implement secure and resilient systems, incident management, records, customer-information protection, complaint handling, transparent terms and charges, agent oversight, business continuity and regulatory returns required by the Act, regulations, licence and current BoT instruments.
- Evidence to retain
- Security and continuity tests; incident register; complaints MI; disclosures; agent monitoring; returns.
- Primary citation
- National Payment Systems Act 2015 ss. 43-53; Licensing Regulations 2015; current BoT publications [12][13][15]
09Personal data protectionThe Personal Data Protection Act 2022 applies in Mainland Tanzania and, in Tanzania Zanzibar, only to Union matters. Confirm whether each Zanzibar processing activity is a Union matter before relying on this framework.4 items+
Register and assign privacy accountability where required
- Implementation action
- Determine controller or processor status, complete PDPC registration and renewals where applicable, appoint privacy responsibility, and keep an inventory that labels Zanzibar Union-matter scope.
- Evidence to retain
- Registration certificate; renewal calendar; DPO or privacy appointment; processing inventory and scope analysis.
- Primary citation
- Personal Data Protection Act 2022 ss. 2 and 14; 2023 Regulations [16][17]
Use a lawful, fair and purpose-limited basis
- Implementation action
- Document the lawful basis, purpose, necessity, proportionality, transparency, accuracy, minimisation, security and retention for KYC, screening, biometrics, monitoring and regulatory reporting. In Zanzibar, apply this statutory control only where the processing concerns a Union matter, while assessing other Zanzibar law separately.
- Evidence to retain
- Privacy notice; lawful-basis register; data map; DPIA for high-risk processing; retention decision.
- Primary citation
- Personal Data Protection Act 2022, including territorial scope in s. 2 [16]
Enable rights and processor governance
- Implementation action
- Operate authenticated workflows for applicable data-subject rights and complaints. Bind processors by written instructions, confidentiality, security, assistance, deletion or return, audit and subprocessor terms.
- Evidence to retain
- Rights procedure and request log; processor agreements; due diligence; complaint records.
- Primary citation
- Personal Data Protection Act 2022 and 2023 Regulations [16][17]
Control security incidents and cross-border transfers
- Implementation action
- Maintain proportionate technical and organisational security, breach detection and the applicable notification process. Before an international transfer, document the statutory transfer ground, safeguards and PDPC process. Apply the Zanzibar Union-matter qualification.
- Evidence to retain
- Security controls; incident plan; breach register and notices; transfer assessment; contracts and approvals.
- Primary citation
- Personal Data Protection Act 2022 and 2023 Regulations [16][17]
10Launch and assurance gateTranslate legal requirements into tested evidence before onboarding customers or moving funds.3 items+
Complete pre-launch control testing
- Implementation action
- Test identity and business verification, beneficial-owner tracing, PEP and sanctions screening, deferred-verification restrictions, monitoring, STR escalation, Mainland threshold reporting, wire information, retention, privacy and payment licence gates with positive and negative cases.
- Evidence to retain
- Signed test plan; test data and results; defects and remediation; compliance launch approval.
- Primary citation
- Implementation synthesis [01]-[18]
Schedule independent assurance
- Implementation action
- Use independent compliance and technical testing proportionate to risk. Report findings, owners and deadlines to senior management or the board and verify closure.
- Evidence to retain
- Assurance report; board pack; remediation tracker; closure evidence.
- Primary citation
- Risk-based programme and governance duties [01][04][12]
Maintain a legal-change register
- Implementation action
- Monitor FIU, BoT, BRELA, BPRA, PDPC, Gazette and FATF publications. Record territorial impact, effective date, owner, control change and re-test decision.
- Evidence to retain
- Source register; alerts; impact assessments; version history; retraining and retest records.
- Primary citation
- Official publication channels [03][08][15][18]

10 control areas and 40 implementation checks, with direct regulatory sources.
Download the Tanzania KYC, KYB & AML checklist
Share your work details for immediate access to the source-linked Tanzania implementation checklist. Regulatory review date: 15 July 2026.
Get the PDF immediately
Submit your details and the download starts automatically
Reviewed and source-linked
Version 1.3, reviewed 15 July 2026
Trusted by leading compliance teams
Primary-source register
22 sources used for this checklist
Use these links to verify the underlying legislation, regulator guidance, reporting procedures and international status statements.
- 01Tanzania FIU · Anti-Money Laundering Act, Cap.423 R.E.2023
- 02Tanzania FIU · Zanzibar primary legislation
- 03Tanzania FIU · Official legislation portal
- 04Tanzania FIU · AML regulations 2022
- 05Tanzania FIU · Mainland AML amendment regulations 2023 (GN 853E)
- 06BRELA · Mainland company legislation and registry
- 07BRELA · Companies (Beneficial Ownership) Regulations 2021
- 08Zanzibar BPRA · Zanzibar Companies Act and registry
- 09Tanzania FIU · Mainland EFT and Cash Transaction Reporting Regulations 2019
- 10Tanzania FIU · Prevention of Terrorism (General) Regulations 2022
- 11Tanzania FIU · Prevention of Terrorism (General) Amendment Regulations 2023
- 12Bank of Tanzania · National Payment Systems Act 2015
- 13Bank of Tanzania · Payment Systems Licensing and Approval Regulations 2015
- 14Bank of Tanzania · Electronic Money Regulations 2015
- 15Bank of Tanzania · Current acts, regulations, circulars and guidelines
- 16Personal Data Protection Commission · Personal Data Protection Act 2022
- 17Personal Data Protection Commission · Privacy regulations and official guidance
- 18Tanzania FIU · STR and goAML information
- 11BTanzania FIU · Prevention of Terrorism (General) Amendment Regulations 2024
- 19Financial Action Task Force · Tanzania removed from increased monitoring, 13 June 2025
- 20Zanzibar BPRA · Companies Regulations 2017
- 21Financial Action Task Force · Current FATF Recommendations and Interpretive Notes
Direct answers
Tanzania KYC, KYB and AML questions
Do the same AML and company laws apply across Tanzania?+
No. Mainland Tanzania and Tanzania Zanzibar have distinct general AML and company frameworks. The National Payment Systems Act applies to both, while each entity must map its territory, activity and regulator.
When is failed CDD reportable?+
Under Mainland AMLA section 16, if CDD cannot be completed, the business relationship must not start or must be terminated as applicable, and an STR must be considered and submitted where required. Separately, FATF Recommendation 10 interpretive guidance says that, where there is suspicion and continuing CDD would tip off the customer, the institution may stop the CDD process and file an STR; this is FATF guidance, not a separate rule attributed to AMLA section 16.
What are the Mainland automatic reporting thresholds?+
Under the 2019 Mainland regulation, report a single currency transaction of at least USD 10,000 equivalent and an EFT of at least USD 1,000 equivalent, generally within five working days. Related-transaction aggregation has a specific 24-hour and USD 10,000 rule.
Does the Tanzania privacy law apply in Zanzibar?+
The Personal Data Protection Act 2022 applies in Zanzibar only for Union matters. Non-Union processing requires a separate Zanzibar-law assessment.
Is Tanzania currently on the FATF grey list?+
No. FATF removed Tanzania from increased monitoring in June 2025, but firms must continue applying risk-based AML/CFT/CPF controls.
Research and review method
VOVE ID Compliance Research maps the regulatory perimeter, translates obligations into operational controls, links each material claim to a source and records the date and version of every review.
VOVE ID Compliance Research · Reviewed 15 July 2026 · Version 1.3
Educational implementation checklist, not legal advice. Tanzania has separate Mainland and Zanzibar company and AML frameworks. Confirm territorial scope, reporting-person status, sector rules, licence conditions, FIU instructions and later amendments with Tanzanian counsel and the relevant authority before launch.