Checklist de conformité KYC, KYB et AML
Mozambique KYC, KYB & AML
Operational evidence prompts for Mozambique's amended AML/CFT/CPF framework, GIFiM reporting, customer and beneficial-owner due diligence, CREL declarations, sanctions, payments, e-money, agents, VASPs and the current privacy and FATF position.
- Revue le
- 15 July 2026
- Version
- 1.8
- domaines de contrôle
- 11
- contrôles d’implémentation
- 48
Réponse directe
Que couvre la checklist de conformité pour Mozambique ?
La checklist pour Mozambique traduit les principales règles KYC, KYB et AML en 11 domaines de contrôle et 48 contrôles d’implémentation, avec les autorités, obligations de déclaration et preuves à conserver.
Faits réglementaires clés
- Financial intelligence unit
- GIFiM
- Principal AML law
- Law 14/2023, as amended by Law 3/2024
- STR timing and method
- Electronic filing under GIFiM procedures within 24 hours of detection or execution; if impossible, no later than 3 working days; physical only exceptionally where technical conditions are unavailable
- Threshold reports
- Cash at or above MZN 250,000; other transactions at or above MZN 750,000; aggregate fractionation daily, weekly and monthly and report on the aggregate
- Occasional-transaction CDD
- At or above MZN 900,000, plus every statutory non-value trigger
- Beneficial-owner indicator
- Law 14/KYB/CREL: at least 10%; Decree 53 Article 13 indicator: more than 10%; always test other control and use fallback only after exhausting all possible means with no suspicion
- General AML retention
- 10 years after account closure or end of the relationship
- Targeted sanctions
- Freeze immediately, no later than 24 hours after dissemination, and report to GIFiM within the same 24-hour period
- FATF status
- Not under increased monitoring or a call for action at 15 July 2026; removed 24 October 2025
Détail d’implémentation
Exigences et actions de conformité pour Mozambique
Ouvrez chaque domaine pour consulter l’exigence, l’action recommandée, les preuves à conserver et la source primaire utilisée.
01Scope, authorities and licensingStart with the regulated activity, reporting-entity category and responsible supervisor. AML duties do not replace market-entry authorization.4 éléments+
Classify the entity and activity under the AML law
- Action d’implémentation
- Map every product and service to the financial-entity or designated non-financial category in Articles 4-5, including real estate, casinos, precious metals/stones, vehicles, legal/accounting and trust/company services where applicable.
- Preuves à conserver
- Perimeter memorandum, product inventory, legal-entity chart, reporting-entity classification and approval record.
- Source primaire
- Law 14/2023, Articles 4-5
Map GIFiM and the competent supervisor
- Action d’implémentation
- Treat GIFiM as the FIU and identify the Article 55 supervisor: Banco de Moçambique for its financial sectors, the insurance supervisor, Inspecção-Geral de Jogos, a professional order, responsible ministry, or GIFiM where no other supervisor exists.
- Preuves à conserver
- Supervisor map, registrations, regulatory contacts, filing credentials and inspection correspondence.
- Source primaire
- Law 14/2023, Articles 55-60; Law 2/2018; GIFiM official mandate
Obtain authorization before regulated financial or payment activity
- Action d’implémentation
- Classify banking, credit, e-money, funds-transfer and payment-aggregation models and obtain Banco authorization before incorporation or operation as required.
- Preuves à conserver
- License or authorization, application pack, Banco correspondence, approved business plan and conditions register.
- Source primaire
- Law 20/2020, Article 16; Decree 50/2024, Articles 52-59; Banco licensing portal
Separate sandbox testing from production authorization
- Action d’implémentation
- Use Banco's regulatory sandbox only within approved test conditions and establish an authorized-partner or licensing route before production launch.
- Preuves à conserver
- Sandbox approval, test scope, participant safeguards, exit plan, partner license or production authorization.
- Source primaire
- Banco de Moçambique regulatory sandbox official pages
02Governance and risk-based controlsControls must reflect documented ML, TF and PF risk rather than a threshold-only compliance model.4 éléments+
Maintain an enterprise ML/TF/PF risk assessment
- Action d’implémentation
- Assess customers, products, services, transactions, channels, technology and geographies; document inherent risk, controls, residual risk and mitigation.
- Preuves à conserver
- Approved risk assessment, methodology, source data, risk appetite, action plan and review minutes.
- Source primaire
- Law 14/2023, Articles 12-13; Decree 53/2023, Articles 4-9
Maintain governance, compliance and independent review
- Action d’implémentation
- Assign accountable senior management and compliance responsibility, maintain proportionate internal controls and test their design and operation independently.
- Preuves à conserver
- Governance charter, appointments, management reports, compliance plan, independent-review reports and remediation evidence.
- Source primaire
- Law 14/2023, Articles 46-50; Notice 10/GBM/2024 for Banco-supervised institutions
Train relevant personnel and agents
- Action d’implémentation
- Deliver role-based training on CDD, beneficial ownership, PEPs, monitoring, reporting, sanctions and confidentiality, with sector-specific agent controls.
- Preuves à conserver
- Curriculum, attendance, assessments, role matrix, refresher calendar and agent training records.
- Source primaire
- Law 14/2023, Article 51; Notice 10/GBM/2024, Articles 121-126
Apply the Banco sector overlay only where applicable
- Action d’implémentation
- For Banco-supervised institutions, map Notice 10/GBM/2024 requirements to controls, including governance, annual reporting, transfers, agents, e-money and VASPs.
- Preuves à conserver
- Obligations register, Notice-to-control mapping, annual return and supervisory submissions.
- Source primaire
- Notice 10/GBM/2024, which repealed Notice 5/GBM/2022
03Natural-person customer due diligenceCDD is event-driven. Values below a threshold do not override suspicion, transfer, relationship or data-quality triggers.4 éléments+
Trigger CDD at every statutory event
- Action d’implémentation
- Complete CDD when establishing a relationship; for an occasional transaction at or above MZN 900,000; for any domestic or international transfer; on suspicion regardless of value; or where prior identification data are doubtful.
- Preuves à conserver
- Trigger matrix, system rules, linked-transaction aggregation, onboarding record and exception logs.
- Source primaire
- Law 14/2023, Article 15(1)-(2)
Collect prescribed natural-person data
- Action d’implémentation
- Capture name/signature, birth details, nationality, sex, marital status/regime, physical address, contacts, parentage, employment/profession and income, identity-document details, NUIT and the nature and amount of income.
- Preuves à conserver
- Completed customer profile, source documents, NUIT, address and occupation/income evidence.
- Source primaire
- Decree 53/2023, Article 10(1)
Verify identity using valid authoritative evidence
- Action d’implémentation
- Verify with a valid document issued by a competent authority and containing a current photograph where applicable; authenticate documents and resolve inconsistencies.
- Preuves à conserver
- Document image, authenticity result, issuer/expiry data, discrepancy resolution and reviewer audit trail.
- Source primaire
- Decree 53/2023, Article 11(1)-(2)
Control any low-risk alternative identification
- Action d’implémentation
- Use the two-witness/community-authority alternative only where Article 11's low-risk conditions are satisfied and the rationale is documented; never use it to bypass suspicion or higher risk.
- Preuves à conserver
- Low-risk assessment, witness identities and standing, authority confirmation, approval and enhanced follow-up where needed.
- Source primaire
- Decree 53/2023, Article 11(2)(a)(xi)
04KYB, CREL and beneficial ownershipThe customer file must explain the entity's existence, purpose, authority, ownership and ultimate natural-person control and reconcile that analysis with CREL.4 éléments+
Identify and verify the legal person
- Action d’implémentation
- Obtain name, seat/main establishment, contacts, senior managers, NUIT, purpose, activity/group, holders of at least 10% of capital or voting rights, representatives and powers; verify through CREL/public and constitutive records.
- Preuves à conserver
- Current CREL certificate, statutes/formation instrument, NUIT, licenses, management record, mandates and foreign-document authentication where applicable.
- Source primaire
- Law 14/2023, Article 15(2)(f), as amended; Decree 53/2023, Articles 10(3) and 11(3)-(5)
Identify the ultimate beneficial owner
- Action d’implémentation
- Apply Law 14's at-least-10% direct/indirect ownership or control test, including collective-investment units, and control by other means. Separately record Decree 53 Article 13's more-than-10% ownership indicator. Current official CREL implementation guidance uses at least 10%. For trusts, identify settlor, trustee, protector if any, beneficiaries/classes and other ultimate controllers.
- Preuves à conserver
- Dated ownership chart, registry/share records, voting/control agreements, separate threshold calculations, identity verification and trust instrument.
- Source primaire
- Law 14/2023, Article 3 and annexed glossary definition of ‘beneficiário efectivo,’ plus Article 22; Decree 53/2023, Articles 10 and 13; official CREL beneficial-owner implementation guidance, pending primary full-text confirmation for the registry element
Use the senior-manager fallback correctly
- Action d’implémentation
- Record a senior managing official only after exhausting all possible means, where there is no suspicion, and no natural person has been identified or doubts remain that an identified person is the beneficial owner.
- Preuves à conserver
- Exhaustive search steps, negative or doubtful findings, no-suspicion conclusion, control analysis, escalation approval and senior-manager identity verification.
- Source primaire
- Decree 53/2023, Article 13(1)(d)
Follow and reconcile current CREL beneficial-owner implementation guidance
- Action d’implémentation
- Current official registry guidance instructs filing at incorporation, annually in the month of incorporation and within 30 days of a change. Treat the annual and 30-day periods as implementation guidance pending confirmation from a working official primary full-text copy, not as independently verified statutory deadlines. Capture the requested identity, NUIT, contact, percentage/type of control, effective date and supporting documents.
- Preuves à conserver
- CREL declaration and receipt, guidance-based calendar, change log, beneficial-owner register, primary-source confirmation tracker and reconciliation to the KYC file.
- Source primaire
- Official CREL beneficial-owner implementation guide; article-level Decree-Law 1/2024 confirmation pending
05PEPs, enhanced due diligence and remote onboardingHigher-risk relationships require a reasoned escalation, not merely a screening flag.5 éléments+
Identify PEP exposure across the relationship
- Action d’implémentation
- Screen customers, representatives and beneficial owners for domestic, foreign and international-organization PEP status, including family members and close associates.
- Preuves à conserver
- List sources, screening timestamps, match adjudication, relationship mapping and review history.
- Source primaire
- Law 14/2023, Articles 23-24; Decree 53/2023, Article 44
Apply PEP approval, source and monitoring controls
- Action d’implémentation
- Obtain senior-management approval before starting or continuing the relationship, establish and evidence source of wealth and source of funds, and apply permanent enhanced monitoring.
- Preuves à conserver
- Approval, wealth/funds evidence, plausibility assessment, EDD plan, alerts and periodic review.
- Source primaire
- Law 14/2023, Article 23, as amended by Law 3/2024
Do not auto-expire PEP controls
- Action d’implémentation
- Recognize the statutory 2-year formal post-office period, then continue proportionate measures while residual PEP risk remains.
- Preuves à conserver
- Office-leaving date, 2-year review, residual-risk assessment, approval to retain or reduce controls.
- Source primaire
- Law 14/2023, Article 23(3)-(4)
Control non-face-to-face onboarding
- Action d’implémentation
- For financial institutions, complete all statutory CDD remotely using permitted secure identification/authentication methods, assess channel risk and require in-person identification where a discrepancy arises.
- Preuves à conserver
- Remote CDD policy, consent where applicable, identity/liveness results, device/channel data, discrepancy and in-person resolution record.
- Source primaire
- Decree 53/2023, Article 48
Apply documented EDD to higher risk
- Action d’implémentation
- Investigate purpose, frequency, complexity, economic rationale, amounts, source/destination, geography, payment means and profile; obtain additional verification, higher approval, intensified monitoring and shorter refresh where required.
- Preuves à conserver
- EDD questionnaire, source evidence, transaction rationale, approval, review frequency and enhanced-monitoring results.
- Source primaire
- Law 14/2023, Article 21; Decree 53/2023, Article 18
06Monitoring, failed CDD and GIFiM reportingMonitoring must join customer context, threshold aggregation, suspicious-activity escalation and confidential reporting.5 éléments+
Monitor the relationship and refresh CDD
- Action d’implémentation
- Compare activity with known business, risk and source of funds; update immediately on doubt or suspicion and at intervals not exceeding 1 year for high-risk and 3 years for low-risk customers.
- Preuves à conserver
- Expected-activity profile, monitoring rules, alert/case history, refresh calendar, updated documents and reviewer sign-off.
- Source primaire
- Law 14/2023, Article 15; Decree 53/2023, Articles 15 and 41
Stop or exit when CDD cannot be completed
- Action d’implémentation
- Where identification or verification duties cannot be completed, refuse to establish the business relationship or carry out the occasional transaction or operation; terminate an existing relationship where the identified risk cannot otherwise be managed; record the written conclusions; and submit an STR to GIFiM. Consult the competent judicial or police authorities before termination where it could prejudice an investigation. Stop further CDD where continuing would risk tipping off the customer.
- Preuves à conserver
- System stop, refusal/exit decision, written conclusions, declined-operation log, authority-consultation record and STR receipt.
- Source primaire
- Law 14/2023, Articles 15(6) and 41; Decree 53/2023, Article 21
Submit STRs electronically under GIFiM procedures
- Action d’implémentation
- Escalate immediately and submit through the registered goAML channel within 24 hours of detecting suspicion or executing the transaction. If that is impossible, submit no later than 3 working days from detection or execution. Use physical documents only exceptionally where electronic technical conditions are unavailable and follow GIFiM procedures.
- Preuves à conserver
- Detection/execution time, internal escalation, case analysis, goAML receipt/reference, impossibility rationale and exceptional physical-submission evidence where used.
- Source primaire
- Law 14/2023, Article 44(1)-(2); Decree 53/2023, Articles 26-27; GIFiM goAML portal
Submit statutory threshold reports
- Action d’implémentation
- Report cash transactions at or above MZN 250,000 and other transactions at or above MZN 750,000, whether single or fractionated. Detect and aggregate fractionation daily, weekly and monthly and report when the aggregate reaches the threshold. Use an extended arrangement only with supervisor authorization after GIFiM consultation and never beyond 6 months.
- Preuves à conserver
- Daily/weekly/monthly aggregation logic, completeness reconciliation, submitted report and receipt, plus supervisor authorization, GIFiM consultation and duration where extended.
- Source primaire
- Law 14/2023, Article 44(3); Decree 53/2023, Article 24(3)-(5)
Preserve abstention and tipping-off controls
- Action d’implémentation
- Where founded suspicion requires abstention, stop execution and notify the Public Prosecutor and GIFiM immediately. Never reveal an STR, related communication or consideration to the customer or a third party.
- Preuves à conserver
- Confidential abstention log, authority communication, suspension instruction, role-based access and neutral customer communication.
- Source primaire
- Law 14/2023, Articles 42 and 53; Decree 53/2023, Articles 22-23
07Payments, wires, thresholds, agents and VASPsPayment architecture changes both licensing and transaction-data obligations. Sector rules are additional to general AML duties.6 éléments+
Carry exact international wire-transfer information
- Action d’implémentation
- Include originator name, account if used, address, national-ID or customer-ID number, date and place of birth; beneficiary name and account if used; beneficiary bank; and transaction value. Use a unique traceable reference where no account exists and keep the message attached through the chain.
- Preuves à conserver
- Exact-field message mapping, required-field validation, unique-reference logic, intermediary preservation and sampled transfer record.
- Source primaire
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Constrain the reduced-information wire rule
- Action d’implémentation
- For cross-border transfers below MZN 30,000, retain the originator and beneficiary names plus both account numbers, or a unique transaction reference where no account exists. At MZN 30,000 or more, apply the full Article 50 information requirements and verify the beneficiary where required. Suspicion overrides reduced-information treatment.
- Preuves à conserver
- Below-MZN-30,000 boundary rule, minimum-field test, full-information boundary, beneficiary verification, suspicion override and transfer record.
- Source primaire
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Treat missing wire information by institution role
- Action d’implémentation
- The originating bank must abstain from execution where required information is absent. Intermediary and beneficiary banks must detect missing information and use effective risk-based rules to execute, reject or suspend and determine follow-up. At MZN 30,000 or more, the beneficiary bank verifies the beneficiary if not previously verified and retains the information.
- Preuves à conserver
- Originator hard stop, intermediary and beneficiary exception queues, risk disposition, follow-up, beneficiary verification and retained record.
- Source primaire
- Decree 53/2023, Articles 49(6), 50, 52 and 54.
Control payment and e-money agents
- Action d’implémentation
- Perform fit-and-proper and risk assessment, impose contractual controls, train and monitor agents, maintain a current list and report suspension/termination as required; terminate transfer/e-money agent contracts where AML/CFT/CPF training has not occurred for more than 1 year; retain principal responsibility for agent activity.
- Preuves à conserver
- Agent due diligence, contract, risk score, training, monitoring, current list, annual assessment and termination/report record.
- Source primaire
- Decree 50/2024, Article 53; Notice 10/GBM/2024, Articles 121-126, specifically Article 122(2) for the training termination rule
Obtain VASP authorization and registration
- Action d’implémentation
- Before providing exchange, transfer, custody/administration or covered issuer-related virtual-asset services, obtain Banco authorization/registration and assess local scope for foreign services offered to residents.
- Preuves à conserver
- Perimeter analysis, Notice 4 application, registration/authorization, controller and governance files, local representation and product inventory.
- Source primaire
- Law 14/2023, Articles 25-26; Notice 4/GBM/2023; Notice 10/GBM/2024, Articles 143 onward
Keep cross-border cash rules distinct
- Action d’implémentation
- For travellers or logistics, check the current exchange/customs declaration law. AT's portal currently displays values above MZN 10,000 national currency and USD 10,000 foreign currency; do not use these as customer-reporting thresholds.
- Preuves à conserver
- Current AT check, declaration, currency/value record and customs receipt where applicable.
- Source primaire
- Law 14/2023, Article 45; Autoridade Tributária e-Viajante portal
08Targeted financial sanctionsTargeted financial sanctions require immediate list ingestion, screening, freezing and reporting, independent of ordinary transaction monitoring.4 éléments+
Screen current UN and national designations
- Action d’implémentation
- Screen customers, beneficial owners, representatives, counterparties and transactions using current UN consolidated and nationally disseminated lists, including change-triggered rescreening.
- Preuves à conserver
- List source/version/time, ingestion log, population coverage, screening results and match decisions.
- Source primaire
- Law 15/2023, as amended by Law 4/2024; Decree 54/2023; GIFiM TFS pages
Freeze immediately and without prior authorization
- Action d’implémentation
- Freeze designated funds and other assets without delay and without prior notice or authorization; complete the statutory process within 24 hours after communication of an international list or dissemination of a national list.
- Preuves à conserver
- International-list communication or national-dissemination time, alert time, asset block time, asset inventory and decision record.
- Source primaire
- Law 15/2023, Articles 39-40, as amended by Law 4/2024; Decree 54/2023
Notify all required authorities and report freeze details
- Action d’implémentation
- On identifying linked assets, notify the Procurador-Geral da República, competent supervisor and GIFiM immediately. Within 24 hours of freezing or unfreezing, report to GIFiM the amount, asset type, date and time, including measures involving transactions or attempts.
- Preuves à conserver
- Notices to PGR, supervisor and GIFiM; GIFiM receipt; amount/type/date/time schedule; attempted-transaction details and follow-up correspondence.
- Source primaire
- Law 14/2023, Article 63; Law 15/2023, Articles 39-40; Law 4/2024; Decree 54/2023
Control false positives and unfreezing
- Action d’implémentation
- Keep assets blocked while the match is unresolved and unfreeze only through the prescribed verification/authority process, retaining the full rationale and authorization.
- Preuves à conserver
- Match analysis, identifiers compared, authority contact, unfreeze authorization, time stamps and customer communication review.
- Source primaire
- Law 15/2023, Articles 30 and 39-42, as amended by Law 4/2024; Decree 54/2023
09Retention and regulator accessRecords must be complete, reconstructable, confidential and promptly retrievable for competent authorities.4 éléments+
Retain the general AML file for 10 years
- Action d’implémentation
- Keep customer, representative and beneficial-owner identification, risk assessments, reconstructable transactions, correspondence, reports and analyses for 10 years after account closure or relationship end.
- Preuves à conserver
- Retention schedule, closure/end date, immutable archive, sample retrieval and deletion hold.
- Source primaire
- Law 14/2023, Article 43; Decree 53/2023, Articles 29-30
Support extensions and legal holds
- Action d’implémentation
- Prevent deletion where a competent authority requires longer retention or an investigation, litigation or sanctions hold applies.
- Preuves à conserver
- Legal-hold policy, authority request, affected-record inventory, release approval and audit log.
- Source primaire
- Law 14/2023, Article 43
Preserve separate statutory record classes
- Action d’implémentation
- Track sector-specific and document-specific clocks, including specified 5-year training/internal-review and trust-administration records, without shortening the general 10-year customer and transaction file.
- Preuves à conserver
- Record-class inventory, legal mapping, minimum period, system rule and disposal approval.
- Source primaire
- Law 14/2023, Articles 43, 48 and 51; Decree 53/2023
Provide timely competent-authority access
- Action d’implémentation
- Index records so transactions, ownership/control, CDD decisions, reports and control operation can be produced promptly while restricting unauthorized access.
- Preuves à conserver
- Retrieval test, regulator response pack, access logs, chain of custody and confidentiality approvals.
- Source primaire
- Law 14/2023, Articles 22, 43 and 55-60
10Personal data and privacy statusThe review found constitutional and electronic-transactions protections but no confirmed comprehensive personal-data protection act in force. The March 2026 instrument is a bill.4 éléments+
Apply operative constitutional protections
- Action d’implémentation
- Respect Article 71 restrictions and access/rectification protections for personal data while documenting the statutory basis for AML collection, screening, retention and authority disclosure.
- Preuves à conserver
- Data inventory, purpose/legal-basis mapping, notice, access/rectification workflow and disclosure register.
- Source primaire
- Constitution in force, Assembly of the Republic official page, Article 71
Secure electronic records and transactions
- Action d’implémentation
- Protect systems and data against unauthorized access and apply authentication, access control, logging, integrity and incident-response measures appropriate to the service.
- Preuves à conserver
- Security policy, access matrix, authentication configuration, logs, vulnerability remediation and incident records.
- Source primaire
- Electronic Transactions Law 3/2017
Do not overstate unconfirmed general privacy duties
- Action d’implémentation
- Do not label GDPR-style controller registration, DPIA, breach-notification or international-transfer deadlines as generally enacted Mozambican requirements without a current sector-specific or enacted primary source.
- Preuves à conserver
- Current-law check, sector mapping, legal advice where needed and product requirement traceability.
- Source primaire
- INTIC proposal updates dated 5 March, 28 May and 29 May 2026
Track the personal-data protection bill
- Action d’implémentation
- Monitor parliamentary passage, promulgation, gazette publication, commencement and transitional periods, then update controls only against the enacted text. INTIC's May updates still described the comprehensive measure as a proposal under parliamentary consideration.
- Preuves à conserver
- Legislative tracker, official gazette check, impact assessment and approved implementation plan.
- Source primaire
- INTIC official March and May 2026 proposal-status updates
11Evidence packs and assuranceA defensible program links each legal obligation to a control, owner, record and tested outcome.4 éléments+
Maintain a customer and KYB evidence pack
- Action d’implémentation
- Bundle verified identity, authority, purpose, expected activity, ownership/control, CREL reconciliation, risk rating, source evidence and approvals with timestamps and provenance.
- Preuves à conserver
- Indexed customer file and completeness checklist.
- Source primaire
- Law 14/2023, Articles 15 and 22; Decree 53/2023, Articles 10-18
Maintain reporting and sanctions evidence packs
- Action d’implémentation
- Preserve alert-to-decision timelines, STR and threshold receipts, non-report rationale, abstention records, list versions, freeze timestamps and GIFiM notifications.
- Preuves à conserver
- Case file, goAML receipt, threshold reconciliation, sanctions file and authority correspondence.
- Source primaire
- Law 14/2023, Articles 42-45 and 53; Law 15/2023; Decrees 53/2023 and 54/2023
Test data and control completeness
- Action d’implémentation
- Sample onboarding, refresh, monitoring, wires, reporting, sanctions, retention and agent controls; reconcile source populations to processed and reported outcomes.
- Preuves à conserver
- Test plan, samples, findings, root-cause analysis, action owner and closure proof.
- Source primaire
- Law 14/2023, Articles 46-51; Notice 10/GBM/2024 where applicable
Track date-sensitive legal transitions
- Action d’implémentation
- Recheck FATF statements, sanctions lists, National Payments System bill promulgation/commencement, privacy-bill enactment, sector notices and thresholds before launch and at periodic legal review.
- Preuves à conserver
- Legal inventory, source URLs, last-check date, change assessment, approvals and dataset revision log.
- Source primaire
- FATF statements dated 24 October 2025 and 19 June 2026; Assembly and INTIC official status pages

11 domaines de contrôle et 48 vérifications d'implémentation avec sources réglementaires directes.
Téléchargez la checklist KYC, KYB et AML pour Mozambique
Partagez vos coordonnées professionnelles pour accéder immédiatement à la checklist d'implémentation sourcée pour Mozambique. Date de revue réglementaire : 15 July 2026.
Recevez le PDF immédiatement
Envoyez vos coordonnées pour démarrer automatiquement le téléchargement
Revue et sourcée
Version 1.8, revue le 15 July 2026
Approuvé par des équipes conformité de premier plan
Registre des sources primaires
26 sources utilisées pour cette checklist
Utilisez ces liens pour vérifier la législation, les lignes directrices, les procédures de déclaration et les statuts internationaux.
- Law 14/2023 of 28 August: AML/CFT/CPF preventive lawBanco de Moçambique / Boletim da República · Primary legislation
- Law 3/2024 and Law 4/2024 amendmentsBanco de Moçambique / Boletim da República · Amending legislation
- Decree 53/2023 and Decree 54/2023 regulationsBanco de Moçambique / Boletim da República · Regulations
- Notice 10/GBM/2024 AML/CFT/CPF directivesBanco de Moçambique · Financial-sector notice
- GIFiM mandateGIFiM · Official authority page
- goAML reporting portalGIFiM · Official reporting channel
- Law 15/2023 on terrorism and targeted financial sanctionsBanco de Moçambique / Boletim da República · Primary legislation
- GIFiM targeted-financial-sanctions documentsGIFiM · Official sanctions resource
- United Nations Security Council consolidated sanctions listUnited Nations Security Council · Official sanctions list
- CREL beneficial-owner filing guideLegal Entities Registry service · Official registry guidance
- Banco de Moçambique institution licensingBanco de Moçambique · Official licensing page
- Decree 50/2024 regulating credit institutions and financial companiesBanco de Moçambique / Boletim da República · Prudential and licensing regulation
- Notice 4/GBM/2023: VASP registration requirementsBanco de Moçambique · Virtual-asset sector notice
- Banco de Moçambique regulatory sandboxBanco de Moçambique · Official fintech page
- National payments law proposal approved for submission to Parliament, 18 February 2026Government of Mozambique · Official legislative-status page
- Constitution of the Republic of MozambiqueInstituto Nacional de Segurança Social de Moçambique · Constitution
- Electronic Transactions Law 3/2017Instituto Nacional das Comunicações de Moçambique · Primary legislation
- Personal-data protection bill sent for parliamentary debateINTIC · Official legislative-status notice
- Personal-data protection proposal remains before Parliament, 28 May 2026INTIC · Official legislative-status update
- INTIC privacy-law status update, 29 May 2026INTIC · Official legislative-status update
- Law 20/2020 on credit institutions and financial companiesBanco de Moçambique / Boletim da República · Primary legislation
- Notice 1/GBM/2026 creating the Mozambique Instant Payments SystemBanco de Moçambique / Boletim da República · Payments regulation
- Autoridade Tributária e-Viajante currency declaration portalAutoridade Tributária de Moçambique · Official declaration portal
- FATF Mozambique removal from increased monitoring, 24 October 2025Financial Action Task Force · Official public statement
- FATF jurisdictions under increased monitoring, 19 June 2026Financial Action Task Force · Official public statement
- FATF high-risk jurisdictions subject to a call for action, 19 June 2026Financial Action Task Force · Official public statement
Réponses directes
Questions KYC, KYB et AML pour Mozambique
Who receives suspicious transaction reports in Mozambique?+
GIFiM is Mozambique's financial intelligence unit. Reporting entities register and submit electronically through GIFiM's goAML channel.
When must an STR be filed?+
Law 14/2023 requires immediate reporting once suspicion or reasonable grounds arise, including attempts. Decree 53/2023 requires electronic submission under GIFiM procedures within 24 hours of detection or execution; if impossible, no later than 3 working days. Physical submission is exceptional where technical conditions are unavailable. A value threshold does not replace an STR.
What happens when identification or verification duties cannot be completed?+
Where identification or verification duties cannot be completed, refuse to establish the business relationship or carry out the occasional transaction or operation; terminate an existing relationship where the identified risk cannot otherwise be managed; record the written conclusions; and submit an STR to GIFiM. Consult the competent judicial or police authorities before termination where it could prejudice an investigation. Stop further CDD where continuing would risk tipping off the customer. Citation: Law 14/2023, Articles 15(6) and 41; Decree 53/2023, Article 21
What transaction thresholds are reportable?+
Article 44(3) requires reports for cash transactions at or above MZN 250,000 and other transactions at or above MZN 750,000, whether single or fractionated. Decree 53/2023 requires daily, weekly and monthly fractionation detection and reporting on the aggregate. Any extended arrangement requires supervisor authorization after GIFiM consultation and cannot exceed 6 months.
When is customer due diligence required for an occasional transaction?+
The general occasional-transaction trigger is MZN 900,000 or more. CDD is also required for a relationship, any domestic or international transfer, suspicion regardless of value, and doubts about prior identification data.
Who is a beneficial owner?+
Law 14 applies at least 10% direct or indirect ownership/control, including collective-investment units, and control by other means; Decree 53 Article 13 separately uses more than 10% as an ownership indicator; KYB collection and CREL use at least 10%. The senior managing official fallback is available only after all possible means are exhausted, no suspicion exists, and no natural person is identified or doubts remain.
When must CREL beneficial-owner information be updated?+
Current official CREL implementation guidance instructs covered entities to declare at incorporation, annually in the month of incorporation and within 30 days of a change. Pending confirmation against a working official primary full-text copy of Decree-Law 1/2024, the annual and 30-day periods are presented as registry guidance, not independently verified statutory deadlines.
How long must AML records be retained?+
The general customer, beneficial-owner, transaction, correspondence, report and analysis file is retained for 10 years after account closure or the end of the relationship, subject to a longer authority requirement or legal hold.
Do payment, e-money, agent and VASP businesses need Banco approval?+
Regulated financial, payment and virtual-asset activities require the applicable Banco de Moçambique authorization or registration. Agent and sandbox arrangements do not replace the principal's responsibility or production licensing.
Does Mozambique have a comprehensive personal-data protection act in force?+
No comprehensive act was confirmed in force at 15 July 2026. Constitutional Article 71 and the Electronic Transactions Law remain relevant. INTIC's March and 28-29 May 2026 updates still describe a proposal under parliamentary consideration, so proposal duties must not be stated as current law.
Is Mozambique on the FATF grey list?+
No at the review date. FATF removed Mozambique from increased monitoring on 24 October 2025, and Mozambique is absent from both FATF statements of 19 June 2026. Institutions must still apply a current risk-based approach and monitor later statements.
Méthode de recherche et de revue
VOVE ID Compliance Research cartographie le périmètre réglementaire, traduit les obligations en contrôles opérationnels, relie les affirmations importantes aux sources et date chaque revue.
VOVE ID Compliance Research · Revue le 15 July 2026 · Version 1.8
Prepared and reviewed on 15 July 2026 for operational compliance planning. It is not legal advice. Confirm the current consolidated Portuguese legislation, sector directions, sanctions lists, licensing perimeter, gazette status of the proposed national payments law, status and transition terms of the personal-data protection bill, and FATF statements before implementation. Thresholds and procedures in this guide are scope-specific and must not be generalized across sectors.