Checklist de conformité KYC, KYB et AML
Botswana KYC, KYB & AML
A practical implementation checklist for fintechs, payment providers, financial institutions, virtual asset businesses and other specified parties operating in Botswana.
- Revue le
- 15 July 2026
- Version
- 1.0
- domaines de contrôle
- 11
- contrôles d’implémentation
- 66
Réponse directe
Que couvre la checklist de conformité pour Botswana ?
La checklist pour Botswana traduit les principales règles KYC, KYB et AML en 11 domaines de contrôle et 66 contrôles d’implémentation, avec les autorités, obligations de déclaration et preuves à conserver.
Faits réglementaires clés
- Financial intelligence unit
- Financial Intelligence Agency (FIA)
- CDD transaction threshold
- P10,000 or more for an occasional transaction; other statutory CDD triggers apply regardless of value
- Cash transaction reporting
- P10,000 or more; as soon as possible and no later than five working days after conclusion
- Suspicious transaction reporting
- As soon as possible and no later than five working days after suspicion arises
- Beneficial ownership threshold for CDD
- Natural persons holding more than 10% directly or indirectly, plus control-through-other-means and senior-managing-official fallbacks
- Record retention
- 20 years from the statutory transaction or relationship trigger; longer if required in writing by an investigatory authority
- UN targeted financial sanctions
- Identify and freeze without delay and no later than eight hours after receipt of the circulated UN list
- FATF public list
- Not under increased monitoring as at 15 July 2026
Détail d’implémentation
Exigences et actions de conformité pour Botswana
Ouvrez chaque domaine pour consulter l’exigence, l’action recommandée, les preuves à conserver et la source primaire utilisée.
01Regulatory perimeter and governanceDetermine specified-party status, licensing and supervisory responsibility before offering a product or onboarding customers.6 éléments+
Map the Financial Intelligence Act perimeter
- Action d’implémentation
- Classify each legal entity, product, customer type and delivery channel against Schedule I specified parties and Schedule III accountable institutions. Record the applicable Schedule II supervisory authority; where no supervisor is assigned, the FIA acts as supervisor.
- Preuves à conserver
- Approved perimeter memo, legal-entity map, product inventory, Schedule mapping and legal sign-off
- Source primaire
- Financial Intelligence Act 2022, s.2 and Schedules I-III, as amended [01][04]
Identify the correct financial-sector regulator
- Action d’implémentation
- Map banks and payment activities to the Bank of Botswana, non-bank financial institutions and virtual asset activities to NBFIRA, and other regulated professions to their statutory supervisor. Treat FIA reporting as separate from prudential or conduct reporting.
- Preuves à conserver
- Regulatory responsibility matrix, licence register and reporting calendar
- Source primaire
- Financial Intelligence Act 2022, Schedule II; Bank of Botswana and NBFIRA mandates [01][10][13]
Maintain an institution-level risk assessment
- Action d’implémentation
- Identify, assess and understand ML/TF/PF and other financial-offence risks arising from customers, countries, products, services, transactions and delivery channels. Keep the assessment current and use it to allocate controls and resources.
- Preuves à conserver
- Board-approved methodology, enterprise risk assessment, risk register, action plan and review record
- Source primaire
- Financial Intelligence Act 2022, s.13 [01]
Implement a documented compliance programme
- Action d’implémentation
- Adopt internal policies, controls and procedures for CDD, risk rating, monitoring, reporting, records, employee screening, training, independent audit and management responsibility. Review and update the programme regularly.
- Preuves à conserver
- Policy suite, board approval, named control owners, staff screening, training plan and independent review
- Source primaire
- Financial Intelligence Act 2022, s.14; Financial Intelligence Regulations 2022, regs. 29-32 [01][02]
Apply group-wide controls
- Action d’implémentation
- For a financial group, implement group-wide AML/CFT/CPF policies, information-sharing and protections across branches and majority-owned subsidiaries. Apply Botswana measures abroad where they are stricter and legally permitted; notify the supervisor and add controls where foreign law prevents application.
- Preuves à conserver
- Group policy, entity coverage map, information-sharing protocol, foreign-law assessment and supervisor notices
- Source primaire
- Financial Intelligence Act 2022, s.15 [01]
Keep regulatory changes under active review
- Action d’implémentation
- Track the 2025 amendment package, FIA notices, sector guidance and licence conditions. The 2025 amendment established the National Coordination Office, strengthened FIA independence and updated prominent-influential-person alignment; do not operate solely from the unamended 2022 PDF.
- Preuves à conserver
- Legal register, change log, impact assessments and implementation approvals
- Source primaire
- Financial Intelligence (Amendment) Act 2025; Bank of Botswana Financial Stability Report May 2025 [04][05]
02Enterprise, customer and product riskUse the statutory risk-based approach to determine the extent of CDD, enhanced measures and monitoring.4 éléments+
Risk-rate every relationship
- Action d’implémentation
- Assess customer and beneficial-owner profile, purpose, expected value and frequency, products, delivery channel, geography, ownership complexity, PEP exposure, sanctions and adverse information. Record the rationale for the rating and any override.
- Preuves à conserver
- Customer risk score, input data, rationale, approver, override log and next-review date
- Source primaire
- Financial Intelligence Act 2022, ss.13 and 16(2)-(3) [01]
Assess new products and technologies before launch
- Action d’implémentation
- Complete financial-crime, fraud, sanctions, operational and privacy risk assessments before launching a new product, business practice, delivery mechanism or material technology. Address non-face-to-face and anonymity risks with proportionate safeguards.
- Preuves à conserver
- Product risk assessment, DPIA where required, control design, test plan and launch approval
- Source primaire
- Financial Intelligence Regulations 2022, reg. 11; Data Protection Act 2024, ss.52 and 65-68 [02][15]
Use simplified CDD only for demonstrated lower risk
- Action d’implémentation
- Document the low-risk factors before reducing the extent, timing or frequency of measures. Do not use simplified CDD where suspicion exists, the customer or transaction is high risk, or enhanced due diligence is required.
- Preuves à conserver
- Low-risk assessment, approved simplified-measures standard and exception testing
- Source primaire
- Financial Intelligence Act 2022, s.28; Financial Intelligence Regulations 2022, reg. 13 [01][02]
Escalate high-risk indicators
- Action d’implémentation
- Treat unusual or excessively complex corporate structures, nominee or bearer-share features, cash-intensive businesses, non-face-to-face relationships without safeguards, third-party funding and products favouring anonymity as heightened-risk indicators.
- Preuves à conserver
- Indicator library, alert rules, case records and EDD decisions
- Source primaire
- Financial Intelligence Regulations 2022, reg. 11 [02]
03KYC and customer due diligenceIdentify and verify the customer, representatives and beneficial owner before establishing the relationship or conducting a covered transaction.7 éléments+
Apply every statutory CDD trigger
- Action d’implémentation
- Conduct CDD when establishing a business relationship; for an occasional or linked transaction of P10,000 or more; for domestic or international wire transfers; when prior identification data is doubtful; and whenever a financial offence is suspected.
- Preuves à conserver
- CDD trigger matrix, linked-transaction logic, wire workflow and completed customer files
- Source primaire
- Financial Intelligence Act 2022, s.16; Financial Intelligence Regulations 2022, reg. 4 [01][02]
Verify natural persons using the applicable official document
- Action d’implémentation
- Establish and independently verify identity. For Botswana citizens use the national identity card (Omang); for non-citizens use a passport; for recognised refugees use the refugee identity card. Capture the prescribed personal particulars and retain verification evidence.
- Preuves à conserver
- Identity image or certified copy, document-authenticity result, identity data, verification source and operator audit trail
- Source primaire
- Financial Intelligence Act 2022, s.20(6) and (9); Financial Intelligence Regulations 2022, regs. 5-6 and 14-16 [01][02]
Identify representatives and verify authority
- Action d’implémentation
- Identify and verify anyone acting for the customer, confirm the customer's identity, and verify the mandate, resolution, power of attorney or other authority connecting the representative to the customer.
- Preuves à conserver
- Representative KYC, signed mandate, resolution or power of attorney and verification record
- Source primaire
- Financial Intelligence Act 2022, ss.20(1), 20(4) and 31; Financial Intelligence Regulations 2022, reg. 5 and Form A [01][02]
Understand purpose, intended nature and expected activity
- Action d’implémentation
- Record the purpose and intended nature of the relationship or transaction, expected products, values, volumes, counterparties, geographies and source of funds. Use this baseline for ongoing monitoring.
- Preuves à conserver
- Customer profile, expected-activity statement, source-of-funds information and risk assessment
- Source primaire
- Financial Intelligence Act 2022, ss.19(2) and 20(1)(c) [01]
Conduct ongoing CDD
- Action d’implémentation
- Scrutinise transactions for consistency with the known customer, business and risk profile; periodically review accounts; keep customer and beneficial-owner information current; and refresh promptly after a material change, doubt or suspicion.
- Preuves à conserver
- Review schedule, event triggers, monitoring results, refreshed documents and approval history
- Source primaire
- Financial Intelligence Act 2022, s.19 and s.31(3) [01]
Control remote onboarding
- Action d’implémentation
- For non-face-to-face onboarding, use controls proportionate to impersonation and document fraud risk, such as document authenticity checks, face comparison, liveness, device intelligence and manual escalation. Technology controls support but do not replace the statutory duty to establish and verify identity from reliable sources.
- Preuves à conserver
- Remote-onboarding standard, vendor assessment, model tests, exception queue and audit logs
- Source primaire
- Financial Intelligence Regulations 2022, regs. 11(1)(b), 14 and 15; Data Protection Act 2024 [02][15]
Stop safely when CDD cannot be completed
- Action d’implémentation
- Do not open an account, start a relationship or perform a transaction where required identity information is unsatisfactory. Consider an STR. If continuing CDD would tip off a customer after suspicion forms, discontinue CDD and report instead.
- Preuves à conserver
- Decline or exit record, failed-verification reason, escalation and STR decision
- Source primaire
- Financial Intelligence Act 2022, ss.20(10) and 30; Financial Intelligence Regulations 2022, reg. 5(2)-(3) [01][02]
04KYB, company registration and beneficial ownershipVerify legal existence, authority, ownership and control using CIPA and reliable independent evidence.7 éléments+
Verify the legal person and current status
- Action d’implémentation
- Obtain and verify registered name and number, legal form, certificate of incorporation or registration, constitution, registered and operating addresses, nature of business, tax and VAT numbers where issued, trading licence where applicable, directors or manager and current CIPA status.
- Preuves à conserver
- CIPA extract, certificate, constitution, address evidence, BURS tax evidence, trade licence and director register
- Source primaire
- Financial Intelligence Act 2022, s.20(6)(d); Financial Intelligence Regulations 2022, reg. 7; CIPA OBRS notice [01][02][08]
Identify natural-person beneficial owners
- Action d’implémentation
- Trace every ownership layer and identify natural persons who directly or indirectly hold more than 10% of shares, voting rights or other ownership interests. Also identify natural persons exercising control through other means; where none is identified after reasonable measures, identify the senior managing official. Do not stop at a nominee, trust or corporate shareholder.
- Preuves à conserver
- Ownership chart, shareholder registers, CIPA BO declaration, trust or nominee documents, control analysis and identity evidence
- Source primaire
- Financial Intelligence Act 2022, s.2 definition of beneficial owner and s.20(1)(b); Financial Intelligence Regulations 2022, regs. 5(7), 7(1)(h)(iii) and 8(e) [01][02]
Confirm CIPA beneficial-ownership declarations
- Action d’implémentation
- Require evidence that new and existing companies have declared every natural person having ultimate ownership or control through CIPA's Online Business Registration System, including the nature of each interest. Resolve discrepancies before onboarding and refresh after change.
- Preuves à conserver
- CIPA BO filing or public-search evidence, declaration date, discrepancy log and remediation
- Source primaire
- Companies Act, as amended; Companies (Amendment) Act 2025; CIPA OBRS upgrade notice [08][09]
Identify nominee and alternate arrangements
- Action d’implémentation
- Establish whether nominee or alternate directors or shareholders are used, identify the nominator and ultimate natural person, understand the purpose of the arrangement and verify that the arrangement is declared to CIPA.
- Preuves à conserver
- Nominee declaration, agreement, nominator KYC, CIPA filing and risk assessment
- Source primaire
- Companies Act, as amended; CIPA OBRS upgrade notice [08][09]
Verify corporate authority
- Action d’implémentation
- Obtain the board resolution authorising the relationship and signatories, powers of attorney and mandates. Verify directors, the manager, authorised persons and relevant senior management.
- Preuves à conserver
- Board resolution, mandate matrix, powers of attorney, officer KYC and specimen signatures
- Source primaire
- Financial Intelligence Regulations 2022, reg. 7(1)(h)-(j) [02]
Apply trust and partnership KYB
- Action d’implémentation
- For trusts identify and verify the settlor, trustees, protector if any, beneficiaries or class, and any natural person with ultimate effective control. For partnerships identify the partnership and every partner, including silent partners, plus authorised persons.
- Preuves à conserver
- Trust deed or partnership instrument, registry evidence, role map, authority records and natural-person KYC
- Source primaire
- Financial Intelligence Act 2022, s.2 beneficial-owner definition; Financial Intelligence Regulations 2022, regs. 9-10 [01][02]
Understand the business and source of funds
- Action d’implémentation
- Corroborate operating activity, licences, customers, suppliers, expected transactions and source of funds. For elevated risk, establish source of wealth and obtain financial, contractual or tax evidence proportionate to risk.
- Preuves à conserver
- Business profile, licence checks, bank statements, financial statements, contracts, invoices and source evidence
- Source primaire
- Financial Intelligence Act 2022, ss.16, 19, 21 and 22 [01]
05PEPs and enhanced due diligenceBotswana uses the statutory term prominent influential person. Apply the current definition as amended in 2025 and enhanced controls to customers and beneficial owners who fall within it.4 éléments+
Identify prominent influential persons
- Action d’implémentation
- Use risk-management systems to determine whether a customer or beneficial owner is a domestic, foreign or international-organisation prominent influential person, including relevant immediate family members and close associates under the current statutory definition.
- Preuves à conserver
- Screening result, public-function record, relationship map, match analysis and review date
- Source primaire
- Financial Intelligence Act 2022, ss.2 and 22, as amended by Act No. 1 of 2025 [01][04][05]
Apply mandatory PEP controls
- Action d’implémentation
- Before establishing the relationship obtain senior-management approval, take reasonable measures to establish source of wealth and source of funds, and apply enhanced ongoing monitoring. Apply the same controls when a customer or beneficial owner becomes a PEP during the relationship.
- Preuves à conserver
- Senior approval, source-of-wealth file, source-of-funds file and enhanced monitoring plan
- Source primaire
- Financial Intelligence Act 2022, s.22 [01]
Apply EDD to all prescribed higher-risk cases
- Action d’implémentation
- Apply EDD to high-risk customers, businesses and jurisdictions; complex or unusually large transactions; unusual patterns; transactions without apparent economic or legal purpose; relevant insurance beneficiaries; correspondent banking; and countries subject to FATF or FIA heightened measures.
- Preuves à conserver
- EDD checklist, additional documents, rationale, approvals and monitoring controls
- Source primaire
- Financial Intelligence Act 2022, s.21 [01]
Examine unusual transactions
- Action d’implémentation
- Examine and document the background and purpose of complex, unusual, high-risk or apparently purposeless transactions. Increase the degree and nature of monitoring and preserve written findings for regulator access.
- Preuves à conserver
- Investigation file, customer explanation, corroborating evidence, written conclusion and escalation decision
- Source primaire
- Financial Intelligence Act 2022, s.29; Financial Intelligence Regulations 2022, reg. 11(2) [01][02]
06Sanctions and targeted financial sanctionsScreen against current UN and national designations and execute Botswana's targeted financial sanctions process within the statutory clocks.5 éléments+
Maintain authoritative sanctions inputs
- Action d’implémentation
- Maintain current UN Security Council and Botswana national-list inputs and an auditable process for receiving lists and amendments circulated by the competent authorities. Screen customers, beneficial owners, controllers, authorised persons, counterparties and relevant transactions.
- Preuves à conserver
- List inventory, subscription and receipt logs, screening scope, timestamps and quality checks
- Source primaire
- Financial Intelligence (Implementation of UNSCR) Regulations 2022, regs. 6, 10 and 24-25 [03]
Freeze UN-designated property within eight hours
- Action d’implémentation
- On receipt of a circulated UN list, identify and freeze without prior notice and without delay, and in no case later than eight hours, all directly or indirectly owned or controlled property and economic resources, including jointly controlled property and property of persons acting on behalf or at the direction of the designee.
- Preuves à conserver
- List receipt time, screening completion, match decision, freeze timestamp, asset inventory and control-link analysis
- Source primaire
- Financial Intelligence (Implementation of UNSCR) Regulations 2022, reg. 11 [03]
Execute national-list freezing orders without delay
- Action d’implémentation
- On receipt of a national freezing order, freeze the listed person's property or economic resources without prior notification and prevent dealing or making property available except under lawful authorisation.
- Preuves à conserver
- Order receipt, legal validation, freeze record, blocked transaction and customer-communication control
- Source primaire
- Financial Intelligence (Implementation of UNSCR) Regulations 2022, regs. 6 and 20-21 [03]
File positive and nil returns
- Action d’implémentation
- Without delay report actions taken and full particulars of identified and frozen property, including attempted transactions. Where the required database search identifies no property, submit the prescribed written nil return.
- Preuves à conserver
- Positive or nil return, submission timestamp, asset details and acknowledgement
- Source primaire
- Financial Intelligence (Implementation of UNSCR) Regulations 2022, regs. 6(7)-(9) and 11 [03]
Control unfreezing and false positives
- Action d’implémentation
- Unfreeze only under a valid delisting notice, court process or other competent legal authority. Apply the statutory eight-hour unfreezing clock after receipt of a circulated delisting notice and preserve the basis for false-positive resolution.
- Preuves à conserver
- Delisting notice, authority check, unfreeze timestamp, return report and false-positive file
- Source primaire
- Financial Intelligence (Implementation of UNSCR) Regulations 2022, regs. 13 and 15-17 [03]
07Transaction monitoring and regulatory reportingMonitor continuously, escalate suspicion promptly and submit the prescribed reports through FIA channels without tipping off.8 éléments+
Monitor transactions and relationships continuously
- Action d’implémentation
- Use risk-calibrated rules and investigations to compare transactions with the customer's known business, expected activity, source of funds and risk profile. Cover cash, wires, rapid movement, third-party funding, structuring, unusual complexity and high-risk geographies.
- Preuves à conserver
- Scenario inventory, thresholds, tuning and validation, alert cases, dispositions and management reporting
- Source primaire
- Financial Intelligence Act 2022, ss.19 and 29; Financial Intelligence Regulations 2022, reg. 29 [01][02]
File STRs within five working days
- Action d’implémentation
- Report a suspicious transaction to the FIA as soon as possible and no later than five working days after suspicion arose. Apply the duty during establishment, throughout the relationship and to occasional, attempted or proposed transactions. Seek written FIA approval if reporting after the prescribed period.
- Preuves à conserver
- Suspicion timestamp, internal escalation, decision record, STR, FIA receipt and any extension approval
- Source primaire
- Financial Intelligence Act 2022, ss.2 and 38; Financial Intelligence Regulations 2022, reg. 22(1) [01][02]
Submit reports through the FIA portal
- Action d’implémentation
- Use the FIA internet-based reporting portal and current goAML process. If technically unable to report electronically, complete the prescribed form and use a fallback method authorised by the Regulations or FIA, retaining evidence of why the fallback was necessary.
- Preuves à conserver
- goAML registration, portal receipt, submitted form, fallback approval or delivery evidence and access-control log
- Source primaire
- Financial Intelligence Regulations 2022, regs. 20-21; FIA goAML STR web guide [02][06]
Prevent tipping off
- Action d’implémentation
- Do not disclose an STR, contemplated report or investigation to the customer or another unauthorised person. Restrict case access, communications and data-subject responses where disclosure would prejudice an investigation.
- Preuves à conserver
- Role-based access, confidentiality acknowledgements, scripts, training and disclosure-review log
- Source primaire
- Financial Intelligence Act 2022, ss.2 and 46; NBFIRA data-protection/AML guidance 2026 [01][16]
Report cash transactions of P10,000 or more
- Action d’implémentation
- Report a cash transaction concluded with a customer where the amount is P10,000 or more, or the foreign-currency equivalent. Submit as soon as possible and no later than five working days after conclusion through the FIA portal or permitted fallback. Do not treat the threshold report as a substitute for an STR.
- Preuves à conserver
- Cash aggregation logic, cash report, transaction date, submission receipt and linked STR assessment
- Source primaire
- Financial Intelligence Act 2022, ss.39-40; Financial Intelligence Regulations 2022, regs. 20 and 22(2) [01][02]
Report covered cross-border wires
- Action d’implémentation
- A financial institution sending out of or receiving into Botswana a wire transfer of P10,000 or more on behalf or on instruction of a customer or other person must submit the prescribed report. Keep complete originator and beneficiary information with the transfer and apply repair, reject or suspend controls where information is missing.
- Preuves à conserver
- Wire report, message fields, verification results, repair or reject queue and FIA receipt
- Source primaire
- Financial Intelligence Act 2022, s.42; Financial Intelligence Regulations 2022, regs. 25-28 [01][02]
Escalate urgent transactions before execution
- Action d’implémentation
- Where executing a reported transaction could jeopardise an investigation or put proceeds beyond Botswana authorities, contact the FIA Director General or authorised officers as soon as reasonably possible for consultation and intervention. Preserve the legal basis for proceeding, delaying or stopping.
- Preuves à conserver
- Urgent escalation log, FIA contact, instruction, transaction status and legal approval
- Source primaire
- Financial Intelligence Act 2022, ss.44-45; Financial Intelligence Regulations 2022, reg. 23 [01][02]
Respond securely to FIA and supervisor requests
- Action d’implémentation
- Maintain search, legal-review and secure-production procedures so records can be made available swiftly to FIA, the supervisor and competent authorities under lawful authority.
- Preuves à conserver
- Request register, search record, production package, approvals and delivery receipt
- Source primaire
- Financial Intelligence Act 2022, ss.31(3), 36-37 and 49 [01]
08Records, assurance and trainingBotswana's 20-year AML retention rule is substantially longer than common international defaults and must be designed explicitly into systems.5 éléments+
Retain transaction records for 20 years
- Action d’implémentation
- Keep domestic and international transaction records for 20 years from the date each transaction is concluded. Preserve enough information to reconstruct the transaction, including amount, currency, accounts and parties.
- Preuves à conserver
- Retention schedule, transaction archive, immutable timestamps, reconstruction test and legal-hold controls
- Source primaire
- Financial Intelligence Act 2022, ss.31-32(1)(a) [01]
Retain CDD and relationship records for 20 years
- Action d’implémentation
- After termination of a business relationship or an occasional transaction, retain CDD records, account files, business correspondence and analysis results for 20 years. Keep STR and related reporting records for at least the corresponding prescribed period and protect confidentiality.
- Preuves à conserver
- Closure-date field, CDD archive, correspondence, analysis file, STR archive and deletion controls
- Source primaire
- Financial Intelligence Act 2022, s.32(1)(b); Financial Intelligence Regulations 2022, reg. 18 [01][02]
Apply longer investigatory holds
- Action d’implémentation
- Extend retention where an investigatory authority requires a longer period in writing. Suspend deletion immediately when a legal hold, examination, investigation or litigation applies.
- Preuves à conserver
- Written request, legal-hold register, affected-record inventory and release approval
- Source primaire
- Financial Intelligence Act 2022, s.32(2) [01]
Control outsourced record keeping
- Action d’implémentation
- Where a third party keeps records, notify the supervisor with prescribed particulars, maintain sufficient access without delay and recognise that the specified party remains liable for failure.
- Preuves à conserver
- Supervisor notice, processor details, contract, access test, retrieval SLA and oversight reviews
- Source primaire
- Financial Intelligence Act 2022, s.33; Financial Intelligence Regulations 2022, reg. 19 [01][02]
Train staff and test controls
- Action d’implémentation
- Train directors, employees, agents and relevant contractors on Botswana-specific CDD, cash and wire thresholds, five-working-day reporting, TFS clocks, privacy and tipping-off. Conduct independent testing proportionate to risk and remediate findings.
- Preuves à conserver
- Role-based curriculum, attendance, assessments, audit plan, findings, owners and closure evidence
- Source primaire
- Financial Intelligence Act 2022, s.14; Financial Intelligence Regulations 2022, reg. 29 [01][02]
09Payment services, banking, fintech and virtual assetsLicensing depends on the activity performed, not the technology or marketing label used.7 éléments+
Classify payment activities before launch
- Action d’implémentation
- Map account issuance, e-money, remittance, merchant acquiring or payment gateways, payment initiation, account information and related services against the current Bank of Botswana perimeter. Obtain written regulatory analysis before relying on an exclusion.
- Preuves à conserver
- Activity and funds-flow map, perimeter memo, Bank correspondence and product approval
- Source primaire
- Bank of Botswana Fintech Analytical Assessment Framework 2025; Electronic Payment Services Regulations 2019, as amended [10][11][12]
Obtain an electronic payment service licence
- Action d’implémentation
- Do not operate an electronic payment service without a Bank of Botswana licence unless a clear statutory exclusion applies. Submit the prescribed application, ownership and controller information, business plan, governance, risk, safeguarding and technology materials required for the service.
- Preuves à conserver
- Application pack, significant-shareholder and officer files, business plan, licence and approved service scope
- Source primaire
- Electronic Payment Services Regulations 2019, regs. 3-4, as amended through 2026; Bank of Botswana legislation page [10][11]
Obtain banking authorisation where applicable
- Action d’implémentation
- A deposit-taking or banking model must be assessed under the Banking Act 2023 and Banking Regulations 2025. Do not use an EPS licence to conduct banking business outside its scope.
- Preuves à conserver
- Banking-perimeter analysis, application, licence, approved activities and conditions register
- Source primaire
- Banking Act 2023, s.8; Banking Regulations 2025; Bank of Botswana licensing requirements [11][12]
Address payment-system recognition and oversight
- Action d’implémentation
- Where the model operates or participates in a clearing, settlement or payment system, assess recognition or licensing under the National Clearance and Settlement Systems framework and current Bank oversight policy.
- Preuves à conserver
- System map, recognition analysis, application, approval and oversight reporting calendar
- Source primaire
- National Clearance and Settlement Systems Act Cap. 46:06 and Regulations 2005; Bank of Botswana oversight page [11][12]
Apply AML controls to agents and remittance networks
- Action d’implémentation
- For money or value transfer services, use only licensed or registered agents, maintain a current agent list accessible to competent authorities, include agents in the compliance programme and monitor their compliance.
- Preuves à conserver
- Agent due diligence, licence checks, agent register, contract, training, monitoring and termination records
- Source primaire
- Financial Intelligence Act 2022, s.18 [01]
Obtain a NBFIRA virtual-asset licence
- Action d’implémentation
- Do not provide regulated virtual-asset services or issue an initial token offering without the required NBFIRA authorisation. Apply the Virtual Assets Act 2025, Financial Intelligence Act obligations, Travel Rule controls, fit-and-proper requirements and current NBFIRA guidance.
- Preuves à conserver
- Activity classification, NBFIRA application, controller and beneficial-owner files, AML programme, licence and Travel Rule controls
- Source primaire
- Virtual Assets Act 2025; NBFIRA AML guidance and 2025 National Risk Assessment [13][14]
Maintain operational resilience and customer-fund controls
- Action d’implémentation
- Implement governance, safeguarding, reconciliation, cyber security, outsourcing, business continuity, incident response, complaints and regulatory reporting required by the relevant Bank or NBFIRA licence.
- Preuves à conserver
- Safeguarding account, daily reconciliation, resilience tests, vendor register, incidents, complaints and regulatory receipts
- Source primaire
- Electronic Payment Services Regulations 2019 and current Bank guidance; applicable NBFIRA licence conditions [10][11][13]
10Data protection and digital identity operationsThe Data Protection Act 2024 applies alongside AML duties. The Financial Intelligence Act prevails where there is a conflict concerning financial-offence controls, but this does not displace ordinary privacy compliance.7 éléments+
Document a lawful basis for KYC and AML data
- Action d’implémentation
- Map each processing purpose and legal basis. Compliance with Financial Intelligence Act duties forms a legal-obligation basis for collecting, verifying, monitoring, reporting and retaining relevant data; do not default to consent where processing is legally required.
- Preuves à conserver
- Processing inventory, lawful-basis register, privacy notice, purpose map and legal analysis
- Source primaire
- Data Protection Act 2024, ss.19-26; Financial Intelligence Act 2022, s.3; NBFIRA guidance 2026 [01][15][16]
Apply privacy principles and security
- Action d’implémentation
- Process personal data lawfully, fairly and transparently; limit purpose and collection; maintain accuracy; apply storage controls; and implement appropriate technical and organisational security. Restrict access to sensitive identity, biometric, sanctions and STR data.
- Preuves à conserver
- Privacy notices, data inventory, access matrix, encryption, retention rules, security tests and audit logs
- Source primaire
- Data Protection Act 2024, ss.19-25 and 62 [15]
Appoint a data protection officer where required
- Action d’implémentation
- Designate a qualified DPO where core activities involve large-scale regular and systematic monitoring, large-scale sensitive-data processing, criminal-offence data or another statutory trigger. Ensure independence, senior reporting and notification of contact details to the Commission.
- Preuves à conserver
- Applicability assessment, appointment, role description, independence safeguards and Commission notification
- Source primaire
- Data Protection Act 2024, ss.69-72; NBFIRA guidance 2026 [15][16]
Complete DPIAs for high-risk processing
- Action d’implémentation
- Before high-risk processing, complete a DPIA, including for large-scale sensitive or criminal-offence data and qualifying automated profiling. Consult the Commission before processing where residual high risk remains without adequate mitigation.
- Preuves à conserver
- DPIA, necessity and proportionality assessment, safeguards, DPO advice, residual-risk approval and consultation record
- Source primaire
- Data Protection Act 2024, ss.65-68 [15]
Notify qualifying personal-data breaches within 72 hours
- Action d’implémentation
- Notify the Information and Data Protection Commission without undue delay and, where feasible, within 72 hours after awareness unless the breach is unlikely to risk data-subject rights and freedoms. Give reasons for delay; processors must notify controllers without undue delay. Communicate to affected people where the Act requires.
- Preuves à conserver
- Incident timeline, risk assessment, Commission notice, delay reasons, processor notice, data-subject communication and remediation
- Source primaire
- Data Protection Act 2024, ss.63-64 [15]
Control cross-border transfers
- Action d’implémentation
- Before transferring or hosting personal data outside Botswana, document a Commission adequacy decision or appropriate safeguards and enforceable rights under the Act. Use binding instruments, approved clauses, binding corporate rules or other lawful mechanisms as applicable; obtain specific authorisation where required.
- Preuves à conserver
- Transfer inventory, destination assessment, approved safeguard, processor contract, authorisation and security review
- Source primaire
- Data Protection Act 2024, ss.74-78 [15]
Reconcile erasure rights with AML retention and secrecy
- Action d’implémentation
- Do not erase records during the mandatory Financial Intelligence Act retention period where retention is a legal obligation. Restrict access or information where necessary to avoid tipping off or prejudicing an investigation, document the legal basis, and securely delete after all legal holds and retention periods expire.
- Preuves à conserver
- Rights-request log, restriction rationale, legal hold, retention calculation and deletion certificate
- Source primaire
- Financial Intelligence Act 2022, ss.3, 32 and 46; Data Protection Act 2024, ss.44 and 50; NBFIRA guidance 2026 [01][15][16]
11Practical onboarding and audit evidence packUse this evidence pack as a minimum operational starting point, then add sector- and risk-specific documents.6 éléments+
Natural-person KYC evidence pack
- Action d’implémentation
- Collect verified identity, prescribed personal particulars, contact and address information, purpose and intended nature, expected activity, source of funds, customer risk rating, PEP and sanctions results, representative authority where applicable, and review or exception approvals.
- Preuves à conserver
- Omang, passport or refugee ID as applicable; verification result; customer profile; source evidence; screening; risk score; consent or notice records where relevant; audit trail
- Source primaire
- Financial Intelligence Act 2022, ss.16, 19-22 and 31; Financial Intelligence Regulations 2022, regs. 4-6 and 14-17 [01][02]
Corporate KYB evidence pack
- Action d’implémentation
- Collect current CIPA and constitutional records, registered and operating addresses, tax and trade records, directors and manager, board authority, authorised signatories, full ownership and control chain, natural-person beneficial owners, nominee arrangements, business purpose, expected activity, licences, source of funds and risk screening.
- Preuves à conserver
- Certificate; CIPA extract; constitution; BURS evidence; trade or sector licence; registers; resolution; ownership chart; BO and nominee declarations; UBO KYC; financial and operating evidence; screening; risk approval
- Source primaire
- Financial Intelligence Act 2022, ss.2, 16, 20-22 and 31; Financial Intelligence Regulations 2022, reg. 7; CIPA notice [01][02][08]
Trust or partnership evidence pack
- Action d’implémentation
- Collect the constituting instrument, registry and address evidence, purpose and activities, persons authorised to act, every prescribed trust party or partner, ultimate controllers, beneficiaries or class, source of funds, screening and risk approval.
- Preuves à conserver
- Trust deed or partnership agreement; registration; role map; authority; settlor, trustee, protector, beneficiary, partner and controller KYC; source evidence; screening; risk record
- Source primaire
- Financial Intelligence Act 2022, s.2; Financial Intelligence Regulations 2022, regs. 9-10 [01][02]
High-risk and PEP evidence pack
- Action d’implémentation
- Add senior-management approval, source of wealth and funds, corroborating documents, adverse-information review, detailed purpose, enhanced monitoring scenarios and shorter review frequency.
- Preuves à conserver
- Approval, wealth narrative, bank and asset evidence, tax or financial records, investigation notes, monitoring plan and review calendar
- Source primaire
- Financial Intelligence Act 2022, ss.21-22 [01]
Transaction and reporting evidence pack
- Action d’implémentation
- Preserve alerts, investigation steps, customer explanations, transaction reconstruction, internal escalation, report decision, STR or threshold report, submission timestamp, FIA receipt, confidentiality controls and follow-up requests.
- Preuves à conserver
- Case file, transaction data, chronology, decision, goAML receipt, cash or wire report, access log and FIA correspondence
- Source primaire
- Financial Intelligence Act 2022, ss.31-46; Financial Intelligence Regulations 2022, regs. 18 and 20-28 [01][02]
Govern exceptions and auditability
- Action d’implémentation
- Record who performed each check, the source and time, discrepancies, overrides, approvals, refresh dates and final decision. Make the full case reconstructable without relying on undocumented analyst knowledge.
- Preuves à conserver
- Immutable case chronology, source references, reviewer and approver IDs, discrepancy resolution, override rationale and exportable audit report
- Source primaire
- Financial Intelligence Act 2022, ss.14, 31-36; Financial Intelligence Regulations 2022, regs. 18 and 29-32 [01][02]

11 domaines de contrôle et 66 vérifications d'implémentation avec sources réglementaires directes.
Téléchargez la checklist KYC, KYB et AML pour Botswana
Partagez vos coordonnées professionnelles pour accéder immédiatement à la checklist d'implémentation sourcée pour Botswana. Date de revue réglementaire : 15 July 2026.
Recevez le PDF immédiatement
Envoyez vos coordonnées pour démarrer automatiquement le téléchargement
Revue et sourcée
Version 1.0, revue le 15 July 2026
Approuvé par des équipes conformité de premier plan
Registre des sources primaires
18 sources utilisées pour cette checklist
Utilisez ces liens pour vérifier la législation, les lignes directrices, les procédures de déclaration et les statuts internationaux.
- 01Botswana Ministry of Finance, Financial Intelligence Agency · Financial Intelligence Act 2022, Act No. 2 of 2022
- 02Botswana Ministry of Finance, Financial Intelligence Agency · Financial Intelligence Regulations 2022, S.I. No. 14 of 2022
- 03Botswana Ministry of Finance, Financial Intelligence Agency · Financial Intelligence (Implementation of United Nations Security Council Resolutions) Regulations 2022, S.I. No. 13 of 2022
- 04Botswana e-Laws · Financial Intelligence (Amendment) Act 2025, Act No. 1 of 2025
- 05Bank of Botswana and Financial Stability Council · Financial Stability Report May 2025 confirming commencement and principal effects of the Financial Intelligence (Amendment) Act 2025
- 06Botswana Ministry of Finance, Financial Intelligence Agency · goAML suspicious transaction reporting web guide
- 07Botswana Ministry of Finance, Financial Intelligence Agency · Current FIA legislation, reporting guidance and publication hub
- 08Companies and Intellectual Property Authority Botswana · Official OBRS notice on mandatory constitutions, beneficial-owner declarations and nominee arrangements
- 09Botswana e-Laws · Companies (Amendment) Act 2025, Act No. 3 of 2025
- 10Bank of Botswana · Electronic Payment Services Regulations 2019
- 11Bank of Botswana · Current payment legislation and regulations hub, including the Electronic Payment Services (Amendment) Regulations 2026
- 12Bank of Botswana · Fintech Analytical Assessment Framework, 15 October 2025
- 13Non-Bank Financial Institutions Regulatory Authority Botswana · Current NBFIRA virtual-asset licensing and supervision guidance
- 14Botswana National Coordination Office and NBFIRA · Botswana Money Laundering and Terrorist Financing National Risk Assessment Report 2025, issued 2026
- 15Republic of Botswana Government Gazette · Data Protection Act 2024, Act No. 18 of 2024
- 16Non-Bank Financial Institutions Regulatory Authority Botswana · Guidance on reconciling Data Protection and AML/CFT obligations for NBFIs, June 2026
- 17Financial Action Task Force · Botswana removed from increased monitoring, October 2021
- 18Financial Action Task Force · Current FATF black and grey lists available as at 15 July 2026
Réponses directes
Questions KYC, KYB et AML pour Botswana
Who receives suspicious transaction reports in Botswana?+
The Financial Intelligence Agency is Botswana's central financial intelligence unit. Reports are submitted through its internet-based reporting portal and current goAML process, subject to the permitted fallback methods in the Regulations.
How quickly must a suspicious transaction be reported?+
As soon as possible and no later than five working days after the suspicion arose, unless the FIA approves later reporting in writing. Urgent cases that risk frustrating an investigation or moving proceeds beyond reach should also be escalated to the FIA as soon as reasonably possible.
Does Botswana require cash transaction reports?+
Yes. A cash transaction of P10,000 or more, or the foreign-currency equivalent, is reportable as soon as possible and no later than five working days after it is concluded. Suspicion must still be reported separately regardless of amount.
What is Botswana's beneficial-ownership threshold for customer due diligence?+
The 2022 Regulations require identification of a natural person who directly or indirectly holds more than 10% of shares, voting rights or other ownership interest. Ownership percentage is not the only test: control through other means and, if no natural person is identified after reasonable measures, the senior-managing-official fallback must also be considered.
Must Botswana companies declare beneficial owners to CIPA?+
Yes. CIPA states that all new and existing companies must declare natural persons with ultimate ownership or control, the nature of their interest, and nominee or alternate director and shareholder arrangements through the Online Business Registration System.
How long must AML records be kept?+
The Financial Intelligence Act requires 20 years: transaction records run from the transaction date, while CDD, account, correspondence and analysis records run after termination of the business relationship or occasional transaction. An investigatory authority may require longer retention in writing.
How quickly must UN sanctions matches be frozen?+
After receipt of a circulated UN Security Council list, covered persons must identify and freeze relevant property without delay, without prior notice and no later than eight hours, then report the action and property particulars without delay.
Is Botswana on the FATF grey list?+
No. FATF removed Botswana from increased monitoring in October 2021, and Botswana does not appear on FATF's current public lists available as at 15 July 2026. Firms must still monitor current FATF and FIA country-risk notices.
Do fintechs need a licence in Botswana?+
Licensing depends on activity. Electronic payment services generally require Bank of Botswana licensing; banking and deposit-taking require the relevant banking authorisation; payment-system operation may require recognition; and regulated virtual-asset services require NBFIRA authorisation under the 2025 regime.
How does Botswana data protection interact with AML record keeping?+
Financial Intelligence Act duties form a legal basis for necessary AML processing and 20-year retention. The Data Protection Act still requires transparency, minimisation, security, rights handling, DPIAs where triggered, breach notification and lawful transfer controls. The FI Act prevails only where a conflict concerns combating financial offences.
Méthode de recherche et de revue
VOVE ID Compliance Research cartographie le périmètre réglementaire, traduit les obligations en contrôles opérationnels, relie les affirmations importantes aux sources et date chaque revue.
VOVE ID Compliance Research · Revue le 15 July 2026 · Version 1.0
Operational guidance, not legal advice. Requirements vary by activity, licence and supervisory authority. Confirm the current consolidated legislation, FIA instructions, sector rules and licence conditions before implementation.