Checklist de conformité KYC, KYB et AML
Angola KYC, KYB & AML
A source-backed 2026 implementation dataset for customer and business verification in Angola. It separates the cross-sector duties in Lei n.o 5/20, as amended by Lei n.o 11/24, from BNA financial-sector rules, UIF reporting instructions, payments and e-money regulation, sanctions controls, company-registration evidence and APD privacy requirements.
- Revue le
- 16 July 2026
- Version
- 1.7
- domaines de contrôle
- 11
- contrôles d’implémentation
- 40
Réponse directe
Que couvre la checklist de conformité pour Angola ?
La checklist pour Angola traduit les principales règles KYC, KYB et AML en 11 domaines de contrôle et 40 contrôles d’implémentation, avec les autorités, obligations de déclaration et preuves à conserver.
Faits réglementaires clés
- Primary AML/CFT/CPF law
- Lei n.o 5/20, amended by Lei n.o 11/24
- Financial intelligence unit
- Unidade de Informacao Financeira (UIF)
- STR timing
- Immediately once knowledge or reasonable suspicion is formed
- STR method
- UIF public instructions conflict between goAML-first and direct email; verify the live channel with UIF without delaying an immediate report
- Core record retention
- 10 years from the transaction or end of the relationship
- Beneficial-owner threshold
- No universal percentage in the reviewed statute; identify ultimate ownership or control
- BNA sector details
- Confirm current review, deferral, BO, CDD, refresh, wire, payment and e-money requirements directly with BNA
- Targeted financial sanctions freeze
- Freeze immediately and without prior notice. Monitor applicable sanctions-list updates continuously. On a confirmed or potential match, apply the required freezing measures without delay and notify UIF immediately. Do not treat any period as a waiting time.
- UIF cash reports
- Daily, transaction-specific DTN rules at USD 15,000 or USD 5,000 equivalent; confirm the live UIF channel because current instructions conflict
- DIPD
- DIPD means Declaração de Identificação de Pessoas Designadas. It is used to communicate identified designated persons, groups or entities to UIF and is not titled as a property form. Preserve documentary screening records and supporting reports for UIF or supervisory review.
- FATF status
- Increased monitoring as at 16 July 2026
Détail d’implémentation
Exigences et actions de conformité pour Angola
Ouvrez chaque domaine pour consulter l’exigence, l’action recommandée, les preuves à conserver et la source primaire utilisée.
01Scope, authorities and regulated activitiesStart by classifying the entity, service and supervisor. The AML statute is cross-sector, while detailed BNA, payments, insurance, securities and professional rules apply only within their perimeter.4 éléments+
Lei 5/20 covers financial institutions and listed non-financial businesses and professions. Supervisory responsibility is allocated among BNA, ARSEG, CMC, ISJ, commercial inspection, OAA, OCPCA, INH and UIF according to activity.
- Action d’implémentation
- Document the legal-entity type, every product and channel, reporting-entity category and competent supervisor before designing controls.
- Preuves à conserver
- Perimeter memorandum, licence or registration records, product inventory and dated regulator correspondence.
- Source primaire
- Lei n.o 5/20, arts. 2-3, as amended: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Reporting entities and competent authorities register with UIF. A new reporting entity must register within 90 days after starting activity; goAML is the normal route and manual registration is exceptional.
- Action d’implémentation
- Register the entity, nominate controlled users and keep UIF account ownership current.
- Preuves à conserver
- goAML registration confirmation, administrator approval and active-user review.
- Source primaire
- UIF registration instruction: https://www.uif.ao/conteudo?id=43&menu=Registo
Direct primary copies of Lei 40/20, Aviso 2/22 and Aviso 4/25 were not retrieved. No operative payment-service, payment-system or e-money authorisation, registration, account-type or filing mechanic is asserted from LEX.AO alone.
- Action d’implémentation
- Before launch, obtain written BNA confirmation for the perimeter, authorisation, registration, product classification, account controls and filing method for payment, acquiring, wallet, e-money and remittance functions.
- Preuves à conserver
- BNA written confirmation, regulatory classification, licence or registration evidence where required and approved product perimeter.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; BNA payment-law catalogue: https://www.bna.ao/#/pt/legislacao-e-normas/legislacao-financeira/lei-sistema-pagamentos; LEX.AO convenience reproductions only
Lei 11/24 assigns virtual-currency VASP supervision to BNA and other virtual assets to CMC and requires licensing or registration. A complete public implementation route was not verified in this review.
- Action d’implémentation
- Do not launch a virtual-asset service until BNA or CMC has confirmed the perimeter, application path and transfer-information controls in writing.
- Preuves à conserver
- Legal opinion, supervisor correspondence, licence or registration and approved virtual-asset control design.
- Source primaire
- Lei n.o 11/24, arts. 10-A and 10-B: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf
02Governance, risk assessment and control ownershipControls must follow the institution's actual ML/TF/PF risk. BNA adds specific review cycles and governance expectations for supervised institutions.3 éléments+
Reporting entities must identify, assess, understand and mitigate ML/TF/PF risk across customers, geography, products, services, transactions and delivery channels.
- Action d’implémentation
- Maintain an enterprise and product risk methodology linked to onboarding, monitoring, EDD, sanctions and reporting controls.
- Preuves à conserver
- Risk methodology, data inputs, risk assessment, mitigation plan and board or senior-management approval.
- Source primaire
- Lei n.o 5/20, risk-based obligations: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Apply documented, risk-based institutional review cycles. No BNA-specific 12-month or 24-month period is asserted pending a direct primary copy of Aviso 2/24.
- Action d’implémentation
- Obtain written BNA confirmation of the current review cycle and configure accountable due dates and change triggers accordingly.
- Preuves à conserver
- BNA confirmation, dated assessment, change log, rationale and approval.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Aviso 2/24 convenience reproduction only: https://lex.ao/docs/banco-nacional-de-angola/2024/aviso-n-o-2-24-de-22-de-marco/
Maintain accountable governance, risk-based internal controls, training and independent assurance. Confirm any additional BNA-sector governance or testing requirements directly with BNA because no direct primary Aviso 2/24 copy was retrieved.
- Action d’implémentation
- Assign accountable governance, protect compliance independence, obtain BNA confirmation and remediate control-test findings.
- Preuves à conserver
- BNA confirmation, appointment records, charter, training logs, testing report, issue register and closure evidence.
- Source primaire
- Lei n.o 5/20: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf; BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
03Natural-person CDD and failed verificationCDD is event-driven and risk-based. Identity, authority, purpose and ongoing consistency must be demonstrable rather than merely collected.4 éléments+
CDD is required when a relationship begins, for qualifying occasional or linked transactions and transfers, when suspicion exists, and when prior identity information is doubtful.
- Action d’implémentation
- Implement trigger rules across onboarding, one-off activity, linked transactions, transfers and existing-customer refresh.
- Preuves à conserver
- CDD trigger matrix, aggregation logs, refresh alerts and exception reports.
- Source primaire
- Lei n.o 5/20, art. 11, as amended: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf
Identify and verify the customer and representative from reliable evidence, verify authority to act, understand purpose and nature, and obtain source and destination information where risk requires it.
- Action d’implémentation
- Capture valid identity evidence, verification results, mandates, expected activity and a documented risk rating.
- Preuves à conserver
- Document images and checks, representative mandate, purpose statement, source evidence and reviewer decision.
- Source primaire
- Lei n.o 5/20, arts. 11-12: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Verification normally precedes the relationship or transaction. Narrow low-risk deferral is allowed only under Lei 5/20 controls. No BNA-specific completion period or account-blocking mechanic is asserted pending a direct primary Aviso 2/24 copy.
- Action d’implémentation
- Default to pre-activation verification and obtain written BNA confirmation before configuring a sector-specific deferral, block or expiry rule.
- Preuves à conserver
- Statutory deferral rationale, BNA confirmation, completion timestamp and exception report.
- Source primaire
- Lei n.o 5/20, art. 12: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf; BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
If required CDD cannot be completed, do not open the account, start the relationship or execute the transaction, or terminate the relationship, and assess whether to report suspicion.
- Action d’implémentation
- Route failed verification to decline, restriction or exit and require a recorded STR decision without alerting the customer.
- Preuves à conserver
- Failed-CDD reason, restriction or exit record, suspicion assessment and STR reference where filed.
- Source primaire
- Lei n.o 5/20, art. 15: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
04KYB, commercial registry and beneficial ownershipRegistry documents establish legal existence and authority but do not by themselves prove ultimate ownership or control.4 éléments+
KYB identifies and verifies the legal name, form, object or activity, registered office, tax number, commercial registration, licence, governing persons and authority of representatives using reliable documents or foreign equivalents.
- Action d’implémentation
- Obtain current registry and constitutional evidence, verify signatories and independently reconcile key data.
- Preuves à conserver
- Commercial certificate, statutes, NIF, licence, board list, mandate and discrepancy log.
- Source primaire
- Lei n.o 5/20, art. 11, as amended: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf
Identify the natural persons who ultimately own or control through direct or indirect ownership, votes, significant influence or other means. The reviewed statute does not prescribe one universal percentage. No BNA-specific cascade or senior-manager fallback is asserted pending a direct primary Aviso 2/24 copy.
- Action d’implémentation
- Trace the full ownership and control chain, test non-ownership control and obtain BNA confirmation before applying any sector-specific fallback.
- Preuves à conserver
- Ownership chart, registry/share evidence, control analysis, identity verification and BNA confirmation where needed.
- Source primaire
- Lei n.o 11/24: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf; BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
Lei 11/24 requires reporting entities to identify, manage, record and verify beneficial owners and keep a written record of the steps taken. It anticipates a Central Beneficial Owner Registry to be regulated by specific legislation.
- Action d’implémentation
- Maintain an internal BO register now, but do not invent a central-register percentage, portal or filing deadline; confirm new implementing law before filing.
- Preuves à conserver
- BO register, verification and search log, periodic refresh, discrepancy escalation and legal-update check.
- Source primaire
- Lei n.o 11/24, art. 12-A: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf; UIF legislative status: https://www.uif.ao/
GUE supports company constitution and changes and requires identity, registry, tax and authorisation evidence according to shareholder type. GUE evidence remains subject to independent CDD and BO verification.
- Action d’implémentation
- Use current GUE/commercial-registry evidence as one source and resolve conflicts against customer-supplied structure information.
- Preuves à conserver
- Current certificate, formation documents, NIF, resolutions, reconciliation and escalation record.
- Source primaire
- GUE company formation: https://gue.gov.ao/portal/empresas-e-negocio-constituicao; GUE leaflet: https://gue.gov.ao/portal/public/assets/pdf/folheto_informativo_2025.pdf
05PEPs, enhanced due diligence and remote onboardingHigher-risk relationships require additional evidence, accountable approval and closer monitoring. Remote onboarding is a risk factor, not an exemption from verification.3 éléments+
Determine whether the customer, representative or beneficial owner is a PEP. Obtain senior-management approval, establish source of wealth and source of funds, and apply enhanced ongoing monitoring. Continue former-PEP controls where risk remains.
- Action d’implémentation
- Screen before activation and continuously, resolve matches with reliable evidence and prohibit self-approval.
- Preuves à conserver
- Screen result, PEP classification, approval, wealth/funds evidence and review history.
- Source primaire
- Lei n.o 5/20, art. 14: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
EDD applies to higher-risk, complex, unusually large, unexplained or economically irrational activity, remote/anonymity risk, PEPs and third-country correspondent relationships. Simplified CDD is unavailable where suspicion or EDD applies.
- Action d’implémentation
- Define EDD triggers and collect evidence proportionate to the identified risk rather than using one generic checklist.
- Preuves à conserver
- Trigger, additional checks, source evidence, rationale, approval and enhanced-monitoring plan.
- Source primaire
- Lei n.o 5/20, arts. 13-14: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Treat non-face-to-face relationships and higher-risk customers with enhanced, risk-based controls. No BNA-specific annual review interval or remote-onboarding mechanic is asserted pending a direct primary Aviso 2/24 copy.
- Action d’implémentation
- Use robust document/authenticity checks, impersonation controls and channel analytics, and obtain written BNA confirmation of current review and remote-onboarding requirements.
- Preuves à conserver
- BNA confirmation, remote-verification result, device and fraud checks, exception review and dated reassessment.
- Source primaire
- Lei n.o 5/20, art. 14: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf; BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
06Ongoing monitoring, STRs and prohibited disclosureMonitoring must connect expected activity to actual behaviour. Reporting is immediate once suspicion is formed, with restricted access and a preserved decision trail.4 éléments+
Continuously monitor transactions and the relationship against customer activity, business, risk, source of funds and updated identity information.
- Action d’implémentation
- Risk-tier scenarios, aggregate related activity, investigate alerts and refresh profiles when facts or risk change.
- Preuves à conserver
- Scenario inventory, alert case, linked-activity view, analyst rationale and profile-change history.
- Source primaire
- Lei n.o 5/20, art. 11: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf; confirm additional sector detail at https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
Report immediately when knowledge or reasonable suspicion is formed about completed, attempted or ongoing activity connected with ML, TF, PF or another crime. The law does not provide a routine multi-day filing window.
- Action d’implémentation
- Timestamp suspicion formation and verify UIF's live instructed channel before submission without waiting for a complete criminal case. Circular 5/2026 names goAML with email fallback, while UIF's current reporting and forms pages direct DOS to comunicacoes@uif.ao. Do not let the channel conflict delay an immediate report.
- Preuves à conserver
- Case chronology, suspicion decision, dated UIF channel check, submission receipt, attachments and escalation record for any channel failure.
- Source primaire
- Lei n.o 11/24 amendment to art. 17: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf; UIF Circular 5/2026: https://www.uif.ao/upload_media/upload/sancoes/onu-20260507000847.pdf; UIF reporting page: https://www.uif.ao/conteudo?id=26&menu=Como_Comunicar_uma_Operacao_Suspeita; UIF forms: https://www.uif.ao/conteudo?id=16&menu=Formularios
Where possible, abstain from a suspicious operation and immediately request UIF confirmation of suspension. UIF has up to three working days to confirm. If abstention is impossible or would prejudice prevention, execute and immediately inform UIF.
- Action d’implémentation
- Provide a controlled hold workflow with legal/compliance escalation and automatic release only under the statutory decision path.
- Preuves à conserver
- Hold request, three-working-day timer, UIF response, execution rationale and subsequent chronology.
- Source primaire
- Lei n.o 5/20, art. 18: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Do not disclose to a customer or third party that an STR was filed or an investigation is underway.
- Action d’implémentation
- Restrict case access, use approved customer communications and suppress reporting details from ordinary support tooling.
- Preuves à conserver
- Access-control list, audit log, communication template and training record.
- Source primaire
- Lei n.o 5/20, art. 20: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
07Payments, wires, cash reports, agents and virtual assetsCDD, cash reporting, traveller declarations and wire-transfer information have different triggers. Preserve those distinctions in product rules and customer communications.5 éléments+
UIF requires daily DTN reporting for cash deposits and withdrawals at or above USD 15,000 equivalent. At or above USD 5,000 equivalent, the categories are low-to-high denomination exchange, currency exchange, purchase or liquidation of cheques, traveller cheques or similar instruments, and securities. Point 2.6 applies only when at least two indicators coexist: uncounted funds, foreign currency, not deposited to the person's own account, or transfer to an account abroad. Point 2.7 separately covers qualifying electronic transfers abroad by non-account holders.
- Action d’implémentation
- Implement each UIF category separately, require two coexisting point 2.6 indicators, keep point 2.7 separate and prepare the daily Excel map described by the UIF manual. Verify the live submission channel with UIF: Circular 5/2026 says goAML with UIF_DTN@bna.ao on unavailability, while the current reporting page directs DTN to that email. Do not encode an unverified hierarchy.
- Preuves à conserver
- Daily category map, two-indicator test, separate non-account-holder transfer rule, dated UIF channel check, Excel submission file and receipt.
- Source primaire
- UIF cash manual: https://www.uif.ao/upload_media/upload/documentos/legislacao/MANUAL_DE_PROCEDIMENTOS_ACTUAL.pdf; UIF Circular 5/2026: https://www.uif.ao/upload_media/upload/sancoes/onu-20260507000847.pdf; UIF reporting page: https://www.uif.ao/conteudo?id=26&menu=Como_Comunicar_uma_Operacao_Suspeita; UIF forms: https://www.uif.ao/conteudo?id=16&menu=Formularios
Confirm directly with BNA whether and how Aviso 2/24 creates sector-specific occasional-transaction CDD or aggregation thresholds. No BNA amount is asserted from LEX.AO alone.
- Action d’implémentation
- Obtain written BNA confirmation before configuring a sector-specific amount or linked-transaction rule.
- Preuves à conserver
- BNA confirmation, approved trigger, aggregation logic and override report.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Aviso 2/24 convenience reproduction only: https://lex.ao/docs/banco-nacional-de-angola/2024/aviso-n-o-2-24-de-22-de-marco/
Before enabling wire transfers, obtain written BNA confirmation of required originator and beneficiary data, value scope, missing-information treatment, screening, rejection, suspension and recordkeeping. No Aviso 2/24 wire rule is asserted from LEX.AO alone.
- Action d’implémentation
- Configure payment fields and exception handling only after written BNA confirmation.
- Preuves à conserver
- BNA confirmation, approved payment-field matrix, screening result, exception correspondence and disposition.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Aviso 2/24 convenience reproduction only: https://lex.ao/docs/banco-nacional-de-angola/2024/aviso-n-o-2-24-de-22-de-marco/
Before appointing or activating a payment agent, obtain written BNA confirmation of the applicable registration, notification, oversight, training, monitoring, supervisory-access, commencement, deadline and filing requirements. No operative deadline, commencement treatment or tacit-approval rule is asserted pending a direct BNA or official Diario da Republica copy of Aviso 4/22.
- Action d’implémentation
- Obtain written BNA confirmation before appointment or activation and implement the confirmed contract, training, monitoring, access and filing controls.
- Preuves à conserver
- BNA written confirmation, registration or notification evidence, contract, agent register, training, monitoring and supervisory-access evidence.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Aviso 4/22 convenience reproduction, LEX.AO, not sole authority: https://lex.ao/docs/banco-nacional-de-angola/2022/aviso-n-o-4-22-de-03-de-fevereiro/
Cross-border carriage of currency is regulated by BNA Aviso n.º 6/22. Confirm the current declaration thresholds, resident and non-resident limits, minor limits, and documentary requirements directly with BNA before implementation. No numeric threshold is asserted pending a complete official Diário da República or BNA-hosted copy.
- Action d’implémentation
- Obtain written BNA confirmation of the operative thresholds, limits and documentary requirements before configuring traveller-currency controls.
- Preuves à conserver
- Written BNA confirmation, current procedure and retained traveller documentation where applicable.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Ministry-hosted PDF as publication evidence only, not article authority: https://www.ucm.minfin.gov.ao/cs/groups/public/documents/document/aw4y/otc4/~edisp/minfin2978433.pdf
08Targeted financial sanctionsApply sanctions screening continuously, implement required freezing measures without delay and communicate identified designated persons, groups or entities to UIF with a complete documentary record.2 éléments+
Freeze immediately and without prior notice. Monitor applicable sanctions-list updates continuously. On a confirmed or potential match, apply the required freezing measures without delay and notify UIF immediately. Do not treat any period as a waiting time.
- Action d’implémentation
- Monitor applicable sanctions-list updates continuously, screen relevant persons and entities, apply required freezing measures without delay on a confirmed or potential match, and notify UIF immediately.
- Preuves à conserver
- Continuous list-monitoring record, screening result, match assessment, freezing record and UIF notification evidence.
- Source primaire
- UIF Circular 5/2026: https://www.uif.ao/upload_media/upload/sancoes/onu-20260507000847.pdf
DIPD means Declaração de Identificação de Pessoas Designadas. It is used to communicate identified designated persons, groups or entities to UIF and is not titled as a property form. Preserve documentary screening records and supporting reports for UIF or supervisory review.
- Action d’implémentation
- Communicate identified designated persons, groups or entities to UIF and retain the documentary screening record and supporting report.
- Preuves à conserver
- DIPD communication record, documentary screening records and supporting reports retained for UIF or supervisory review.
- Source primaire
- UIF Circular 5/2026: https://www.uif.ao/upload_media/upload/sancoes/onu-20260507000847.pdf; UIF reporting forms: https://www.uif.ao/conteudo?id=16&menu=Formularios
09Records, retention and authority accessRecords must permit reconstruction of onboarding, ownership, risk, transactions and reporting decisions and must remain promptly retrievable.3 éléments+
Retain CDD, beneficial-owner, transaction, correspondence, STR and internal-analysis records for 10 years from the transaction or end of the relationship.
- Action d’implémentation
- Apply a legal retention schedule across source documents, structured data, case notes and communication channels.
- Preuves à conserver
- Retention schedule, system configuration, sample lifecycle and deletion/legal-hold report.
- Source primaire
- Lei n.o 5/20, art. 16, as amended by Lei n.o 11/24: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf
Records must be accessible to UIF and other competent authorities and sufficient to reconstruct transactions and decisions.
- Action d’implémentation
- Index records by customer, beneficial owner, transaction and case and test retrieval under controlled authority-request procedures.
- Preuves à conserver
- Retrieval test, authority-request register, export record, access approval and chain of custody.
- Source primaire
- Lei n.o 5/20, art. 16: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf
Use risk-based and event-driven customer refresh. No BNA-specific five-year or other numeric refresh maximum is asserted pending a direct primary Aviso 2/24 copy.
- Action d’implémentation
- Obtain written BNA confirmation of current refresh requirements and configure risk-based and event-driven review dates.
- Preuves à conserver
- BNA confirmation, refresh schedule, change trigger, updated evidence and overdue dashboard.
- Source primaire
- BNA legislation portal: https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas; Aviso 2/24 convenience reproduction only: https://lex.ao/docs/banco-nacional-de-angola/2024/aviso-n-o-2-24-de-22-de-marco/
10Privacy, biometrics and international transfersAML legal obligations support necessary processing and retention, but purpose limitation, transparency, security, filing and transfer controls continue to apply.4 éléments+
Lei 22/11 requires a lawful basis, transparency, specified purpose, proportionality, accuracy, security and retention limited to the applicable purpose or legal duty.
- Action d’implémentation
- Map every KYC data field and use to a legal basis, notice, recipient, location, access role and retention rule.
- Preuves à conserver
- Processing register, privacy notice, field-level data map, access matrix and retention schedule.
- Source primaire
- Lei n.o 22/11: https://apd.ao/fotos/frontend_1/editor2/110617_lei_22-11_de_17_junho-proteccao_dados_pessoais.pdf
Customer-processing notification or authorisation requirements must be assessed under Lei 22/11. Determine with APD whether proposed biometric customer KYC requires notification or prior authorisation. The cited APD biometric form is worker-only and is not a general customer-KYC filing route.
- Action d’implémentation
- Classify the customer biometric processing, seek APD confirmation, use the customer-applicable filing route and contractually govern vendors and template handling.
- Preuves à conserver
- Customer-processing analysis, APD correspondence, applicable filing or authorisation, biometric architecture, lawful-basis record, vendor assessment and deletion test.
- Source primaire
- Lei n.o 22/11, art. 35: https://apd.ao/fotos/frontend_1/editor2/110617_lei_22-11_de_17_junho-proteccao_dados_pessoais.pdf; APD online desk: https://apd.ao/ao/balcao-online/; worker-only APD biometric form: https://apd.ao/fotos/frontend_1/editor2/formularios/tratamento_dados_biometria_form_v03.pdf
Transfers to countries with adequate protection are notified to APD, with adequacy assessed case by case because APD publishes no adequacy list. Transfers to a non-adequate country require prior APD authorisation and a statutory condition.
- Action d’implémentation
- Map hosting, support and vendor access outside Angola and obtain the required APD notification or prior authorisation before transfer.
- Preuves à conserver
- Transfer map, destination assessment, APD receipt or approval, safeguards and recipient contract.
- Source primaire
- Lei n.o 22/11, arts. 33-34: https://apd.ao/fotos/frontend_1/editor2/110617_lei_22-11_de_17_junho-proteccao_dados_pessoais.pdf; APD FAQ: https://apd.ao/ao/perguntas-frequentes/questoes-sobre-proteccao-de-dados/
Public and private data controllers must notify APD of IT accidents and incidents involving a breach of security measures without unjustified delay. No fixed hour-based deadline is stated in the reviewed official notice.
- Action d’implémentation
- Maintain incident detection, containment, evidence-preservation and APD-notification procedures. Notify APD without unjustified delay, retain the submission and receipt, and document the timing, scope and remediation.
- Preuves à conserver
- Incident record, preserved evidence, APD notification submission and receipt, timing log, scope assessment and remediation record.
- Source primaire
- Lei n.º 22/11, Articles 30–31; Lei n.º 23/11, Article 55(5)–(7); APD Circular n.º 02/APD/2024. Official APD notice: https://apd.ao/ao/noticias/obrigatoriedade-de-entidades-publicas-e-privadas-notificarem-a-agencia-de-proteccao-de-dados-sobre-os-acidentes-e-incidentes-informaticos/
11Implementation and audit evidence packA defensible programme proves what was known, checked, decided and reported at the relevant time. Tooling supports, but does not replace, accountable judgement.4 éléments+
Controls must remain aligned with legal, regulator and FATF changes, including the unresolved beneficial-owner registry and VASP implementation points noted at this review date.
- Action d’implémentation
- Operate a quarterly legal-change watch and event-driven review for gazettes, UIF, BNA, CMC, APD, GUE and FATF updates.
- Preuves à conserver
- Source register, dated change review, impact assessment, owner and implementation ticket.
- Source primaire
- UIF legislation: https://www.uif.ao/legislacao?id=15&menu=Legislacao_e_Normas; FATF June 2026: https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/increased-monitoring-june-2026.html
The FATF increased-monitoring status is a country-risk input, not an automatic reason to reject Angolan customers or apply blanket EDD.
- Action d’implémentation
- Combine country status with customer, product, transaction, delivery and ownership risks and record the resulting decision.
- Preuves à conserver
- Risk-model version, factor values, rationale, approval and override monitoring.
- Source primaire
- FATF statement of 19 June 2026: https://www.fatf-gafi.org/en/publications/High-risk-and-other-monitored-jurisdictions/increased-monitoring-june-2026.html
Outsourcing identity, screening or monitoring technology does not transfer the reporting entity's legal accountability.
- Action d’implémentation
- Define decision ownership, data lineage, service levels, access, testing, incident response, exit and authority-access rights in every provider arrangement.
- Preuves à conserver
- Due diligence, contract, control matrix, performance report, test results and exit plan.
- Source primaire
- Lei n.o 5/20 control obligations: https://www.uif.ao/upload_media/upload/documentos/legislacao/lei%205%2020%20Prevencao%20e%20Combate%20ao%20Branqueamento%20de%20Capitais.pdf; confirm payment-sector detail at https://www.bna.ao/#/pt/legislacao-e-normas/pesquisar-normas/todas
An audit-ready customer file must preserve source evidence, verification results, ownership reasoning, screening, risk, approvals, monitoring and reporting chronology.
- Action d’implémentation
- Generate a tamper-evident case export with source timestamps and human decisions. Use VOVE ID contextually as evidence infrastructure, not as legal advice or an autonomous compliance decision-maker.
- Preuves à conserver
- Case export, hashes or integrity controls, source timestamps, reviewer identities, decision and report receipts.
- Source primaire
- Lei n.o 5/20, arts. 11, 16-20, as amended: https://www.uif.ao/upload_media/upload/documentos/legislacao/Lei%20n.%C2%BA%2011_24%20-%20Altera%20a%20Lei%20n.%C2%BA%205-20_de%20PCBC-FT-PADM.pdf

11 domaines de contrôle et 40 vérifications d'implémentation avec sources réglementaires directes.
Téléchargez la checklist KYC, KYB et AML pour Angola
Partagez vos coordonnées professionnelles pour accéder immédiatement à la checklist d'implémentation sourcée pour Angola. Date de revue réglementaire : 16 July 2026.
Recevez le PDF immédiatement
Envoyez vos coordonnées pour démarrer automatiquement le téléchargement
Revue et sourcée
Version 1.7, revue le 16 July 2026
Approuvé par des équipes conformité de premier plan
Registre des sources primaires
29 sources utilisées pour cette checklist
Utilisez ces liens pour vérifier la législation, les lignes directrices, les procédures de déclaration et les statuts internationaux.
- UIF legislation and standards indexUnidade de Informacao Financeira · Official authority index
- Lei n.o 5/20 - AML/CFT/CPFRepublica de Angola / UIF · Official legislation PDF
- Lei n.o 11/24 - amendment to Lei 5/20Republica de Angola / UIF · Official legislation PDF
- Lei n.o 5/20 accessible gazette textLEX.AO · Convenience reproduction after official UIF source
- Lei n.o 11/24 accessible gazette textLEX.AO · Convenience reproduction after official UIF source
- BNA Aviso n.o 2/24Banco Nacional de Angola / LEX.AO · Convenience reproduction only; operative detail requires direct BNA confirmation
- How to report a suspicious operationUnidade de Informacao Financeira · Official reporting instruction
- UIF Circular n.o 5/2026Unidade de Informacao Financeira · Official reporting and sanctions instruction
- UIF reporting formsUnidade de Informacao Financeira · Official forms
- UIF registrationUnidade de Informacao Financeira · Official registration instruction
- UIF cash-reporting procedure manualUnidade de Informacao Financeira · Official reporting procedure
- GUE company constitutionGuiche Unico da Empresa · Official registry service information
- GUE information leaflet 2025Guiche Unico da Empresa · Official service guide
- Lei n.o 1/12 - targeted financial sanctionsRepublica de Angola / LEX.AO · Convenience reproduction only; operational sanctions wording is sourced to UIF Circular 5/2026
- Parliamentary II Serie material concerning targeted financial sanctionsAssembleia Nacional de Angola · Background/proposal history only; not operative authority
- Lei n.o 9/24 - terrorism amendmentRepublica de Angola / LEX.AO · Convenience reproduction only; operational sanctions wording is sourced to UIF Circular 5/2026
- Lei n.o 40/20 - payment system lawRepublica de Angola / LEX.AO · Convenience reproduction only; direct instrument not retrieved
- BNA Aviso n.o 2/22 - payment service providersBanco Nacional de Angola / LEX.AO · Convenience reproduction only; operative detail requires direct BNA confirmation
- BNA Aviso n.o 4/22 - agentsBanco Nacional de Angola; accessible text via LEX.AO · Convenience reproduction only; BNA is the authority and must confirm current mechanics
- Banco Nacional de Angola portalBanco Nacional de Angola · Official authority portal
- BNA Aviso n.o 4/25 - electronic-money accountsBanco Nacional de Angola / LEX.AO · Convenience reproduction only; operative detail requires direct BNA confirmation
- BNA Aviso n.o 6/22 - cross-border currency publication evidenceMinistry of Finance host · Publication evidence only; not complete article authority
- Lei n.o 22/11 - personal data protectionRepublica de Angola / Agencia de Proteccao de Dados · Official legislation PDF
- APD data-protection FAQAgencia de Proteccao de Dados · Official authority guidance
- APD worker biometric-processing formAgencia de Proteccao de Dados · Official worker-only form; not a general customer-KYC route
- APD online deskAgencia de Proteccao de Dados · Official filing portal
- FATF jurisdictions under increased monitoring - 19 June 2026Financial Action Task Force · Authoritative international status statement
- FATF Angola country pageFinancial Action Task Force · Authoritative country status page
- APD Circular n.º 02/APD/2024 notice on IT accident and incident notificationAgência de Protecção de Dados · Official authority notice
Réponses directes
Questions KYC, KYB et AML pour Angola
What is Angola's principal AML/CFT/CPF law?+
Lei n.o 5/20 of 27 January is the principal preventive law. Lei n.o 11/24 of 4 July amended it, including rules on beneficial ownership, virtual assets, suspicious reporting and records. Sector regulations, especially BNA Aviso n.o 2/24, add obligations for supervised institutions.
Is there one statutory beneficial-owner percentage in Angola?+
No universal percentage was found in the reviewed Lei 5/20/Lei 11/24 text. Identify the natural persons who ultimately own or control through ownership, votes, significant influence or other means. No BNA-specific cascade or senior-manager fallback is asserted pending a direct primary Aviso 2/24 copy; confirm current sector detail directly with BNA.
Is Angola's central beneficial-owner registry fully operational?+
Lei 11/24 anticipates a Central Beneficial Owner Registry to be regulated by specific law. At the 16 July 2026 review, UIF still described a separate beneficial-owner regime as a legislative proposal and complete operative filing mechanics were not verified. Maintain internal BO records and obtain current local confirmation before any central filing.
When must an STR be filed in Angola?+
Immediately once the entity knows or has reasonable grounds to suspect that completed, attempted or ongoing activity is associated with ML, TF, PF or another crime. The reviewed law does not provide a routine multi-day filing window. Record the time suspicion was formed and the filing time.
How are suspicious operations reported to UIF?+
Use goAML under current UIF instructions. UIF identifies comunicacoes@uif.ao as the contingency channel for suspicious-operation reports. Cash-threshold reports use goAML, with UIF_DTN@bna.ao as the contingency address. Preserve the primary or contingency filing receipt.
What happens when required CDD cannot be completed?+
Do not open the account, begin the relationship or execute the transaction, or terminate an existing relationship, as applicable. Assess whether the circumstances are suspicious and should be reported, while avoiding prohibited disclosure to the customer.
What are the USD 15,000 and USD 5,000 amounts?+
UIF requires daily DTN reporting for cash deposits/withdrawals at or above USD 15,000. At or above USD 5,000, separate categories cover denomination or currency exchange, cheques/traveller cheques/similar instruments and securities; point 2.6 requires at least two listed indicators, while point 2.7 separately covers qualifying transfers abroad by non-account holders. No BNA Aviso 2/24 CDD amount is asserted pending a direct primary copy.
How long are AML records retained?+
Core CDD, beneficial-owner, transaction, correspondence, STR and internal-analysis records are retained for 10 years from the transaction or the end of the relationship under Lei 5/20 as amended.
Does FATF increased monitoring require blanket EDD for Angola?+
No. Angola remained under increased monitoring on 16 July 2026, but FATF expressly states that it does not call for blanket EDD or de-risking for listed jurisdictions. Use the status as one input in a documented risk-based assessment.
Can a fintech, e-money issuer or VASP operate without regulator approval?+
Before offering payment or e-money services, obtain written BNA confirmation of the applicable perimeter, authorisation, registration, account controls and filing method. No operative detail from Lei 40/20, Aviso 2/22 or Aviso 4/25 is asserted from convenience reproductions alone. Lei 11/24 requires VASP licensing or registration and divides supervision between BNA and CMC; obtain written regulator confirmation before launch.
Can Angola KYC data be hosted or accessed abroad?+
International transfer requirements must be assessed under Lei 22/11. APD states that adequacy is assessed case by case and publishes no adequacy list. Adequate-country transfers are notified to APD; non-adequate-country transfers require prior APD authorisation and a statutory condition. Map remote support and vendor access as transfers where applicable.
How quickly must sanctions freezing measures be applied?+
Freeze immediately and without prior notice. Monitor applicable sanctions-list updates continuously. On a confirmed or potential match, apply the required freezing measures without delay and notify UIF immediately. Do not treat any period as a waiting time.
What is a DIPD?+
DIPD means Declaração de Identificação de Pessoas Designadas. It is used to communicate identified designated persons, groups or entities to UIF and is not titled as a property form. Preserve documentary screening records and supporting reports for UIF or supervisory review.
Can the APD worker-biometric form be used for customer KYC?+
Do not assume so. The cited form is worker-only. Assess customer processing under Lei 22/11 and determine with APD whether biometric customer KYC requires notification or prior authorisation and which filing route applies.
What are the BNA registration timings for a payment agent?+
Before appointing or activating a payment agent, obtain written BNA confirmation of the applicable registration, notification, oversight, training, monitoring, supervisory-access, commencement, deadline and filing requirements. No operative deadline, commencement treatment or tacit-approval rule is asserted pending a direct BNA or official Diario da Republica copy of Aviso 4/22.
Does Angola impose a fixed personal-data breach notification deadline?+
Public and private data controllers must notify APD of IT accidents and incidents involving a breach of security measures without unjustified delay. No fixed hour-based deadline is stated in the reviewed official notice.
Méthode de recherche et de revue
VOVE ID Compliance Research cartographie le périmètre réglementaire, traduit les obligations en contrôles opérationnels, relie les affirmations importantes aux sources et date chaque revue.
VOVE ID Compliance Research · Revue le 16 July 2026 · Version 1.7
This checklist is general regulatory information, not legal advice or a licence determination. It reflects sources reviewed on 16 July 2026. Confirm current gazetted law, sector rules, supervisor expectations and filing mechanics with Angolan counsel and the competent authority before launch. Pending beneficial-owner registry and VASP implementation details are not represented as operative requirements unless supported by a reviewed instrument. VOVE ID can support evidence collection, screening and audit trails, but the reporting entity remains responsible for risk decisions, customer acceptance, reporting and regulatory compliance.