Checklist de conformité KYC, KYB et AML
Sénégal KYC, KYB & AML
An implementation-focused checklist for fintechs, payment institutions, financial institutions and other regulated businesses operating in Senegal. It translates Senegal's 2024 AML/CFT/CPF law, BCEAO payment-services rules and data-protection framework into controls, actions and audit evidence.
- Revue le
- 15 July 2026
- Version
- 1.2
- domaines de contrôle
- 11
- contrôles d’implémentation
- 57
Réponse directe
Que couvre la checklist de conformité pour Sénégal ?
La checklist pour Sénégal traduit les principales règles KYC, KYB et AML en 11 domaines de contrôle et 57 contrôles d’implémentation, avec les autorités, obligations de déclaration et preuves à conserver.
Faits réglementaires clés
- Primary AML law
- Law No. 2024-08
- FIU
- CENTIF Senegal
- Payments authority
- BCEAO
- Privacy authority
- CDP
- Core record period
- 10 years
- FATF status
- Not under increased monitoring
Détail d’implémentation
Exigences et actions de conformité pour Sénégal
Ouvrez chaque domaine pour consulter l’exigence, l’action recommandée, les preuves à conserver et la source primaire utilisée.
01Confirm scope, authorities and permissionsMap every Senegal-facing activity to the applicable reporting-person category, sector supervisor and licensing perimeter before onboarding customers.5 éléments+
Document why the business is or is not a reporting person under Law No. 2024-08.
- Action d’implémentation
- Map each legal entity, product and customer journey to the law's financial or designated non-financial categories; record the accountable supervisor and CENTIF reporting route.
- Preuves à conserver
- Signed regulatory perimeter memo; entity-product matrix; counsel or compliance approval.
- Source primaire
- Law No. 2024-08, scope and reporting-person provisions
Obtain the required BCEAO permission before providing regulated payment services.
- Action d’implémentation
- Classify account, transfer, acquiring, issuance, remittance and initiation activities against Instruction No. 001-01-2024; do not rely on a technology or agency label to bypass authorisation.
- Preuves à conserver
- Licence, approval or documented exemption; product-to-permission mapping.
- Source primaire
- BCEAO Instruction No. 001-01-2024, arts. 4, 9 and 17
Stop unlicensed payment activity where the transition period has expired.
- Action d’implémentation
- Confirm that the operating entity and any payment partner appear within the current authorised perimeter. BCEAO Notice No. 006-05-2025 extended the transition through 31 August 2025; from 1 September 2025, only authorised payment service providers could operate within the regulated perimeter.
- Preuves à conserver
- Current BCEAO register check; partner due-diligence file; documented confirmation of authorisation before operation from 1 September 2025; board launch gate.
- Source primaire
- BCEAO Notice No. 006-05-2025
Treat virtual-asset services as approval-dependent and AML-regulated.
- Action d’implémentation
- Identify custody, exchange, transfer, issuance-support or other virtual-asset functions and obtain prior approval where applicable before service begins.
- Preuves à conserver
- Virtual-asset perimeter assessment; approval correspondence; AML control mapping.
- Source primaire
- Law No. 2024-08, arts. 58–59
Assign named owners for CENTIF, BCEAO, sector-supervisor and CDP obligations.
- Action d’implémentation
- Maintain a responsibility matrix covering regulatory filings, suspicious transaction reporting, payment safeguarding, privacy formalities and incident escalation.
- Preuves à conserver
- RACI; appointment letters; committee terms; regulatory calendar.
- Source primaire
- Law No. 2024-08, arts. 12–15; BCEAO Instruction No. 001-01-2024, art. 32
02Build the AML/CFT/CPF control frameworkThe programme should be proportionate to documented risks and embedded in governance, people, systems and assurance.5 éléments+
Maintain a documented enterprise-wide risk assessment.
- Action d’implémentation
- Assess customers, countries, products, services, transactions, delivery channels and new technologies; define methodology, data inputs, residual-risk logic and refresh triggers.
- Preuves à conserver
- Approved risk assessment; methodology; risk appetite; change log.
- Source primaire
- Law No. 2024-08, arts. 12–15
Adopt written policies, controls and procedures aligned to identified risk.
- Action d’implémentation
- Cover onboarding, beneficial ownership, PEPs, sanctions, monitoring, reporting, recordkeeping, outsourcing and control testing, with board or senior-management approval.
- Preuves à conserver
- Policy suite; approval minutes; control library; annual review record.
- Source primaire
- Law No. 2024-08, arts. 12–15
Screen integrity and competence of relevant personnel.
- Action d’implémentation
- Apply risk-based pre-employment checks, conflict declarations and role-specific suitability requirements for compliance-sensitive positions.
- Preuves à conserver
- Screening standard; completed checks; conflict register.
- Source primaire
- Law No. 2024-08, arts. 12–15
Provide continuing, role-specific training.
- Action d’implémentation
- Train the board, customer operations, investigators, product, engineering, sales and agents on their controls, escalation paths and tipping-off restrictions.
- Preuves à conserver
- Curriculum; attendance; assessment scores; remediation log.
- Source primaire
- Law No. 2024-08, arts. 12–15 and 63
Evaluate new products and technologies before launch.
- Action d’implémentation
- Complete AML, fraud, sanctions and privacy risk assessments before introducing material technology, channel or product changes and implement mitigating controls.
- Preuves à conserver
- Pre-launch risk assessment; architecture review; control acceptance; launch approval.
- Source primaire
- Law No. 2024-08, arts. 12–15
03Identify and verify customersCDD must establish who the customer is, who acts for them, who ultimately benefits and why the relationship is being opened.6 éléments+
Identify and verify the customer and beneficial owner using reliable, independent sources.
- Action d’implémentation
- Capture identity attributes and verify them against appropriate documents, data or trusted digital sources before the relationship or transaction, subject only to the law's narrow deferral conditions.
- Preuves à conserver
- CDD record; verification results; source provenance; exception log.
- Source primaire
- Law No. 2024-08, arts. 16–18
Identify any person acting on behalf of the customer and verify authority.
- Action d’implémentation
- Verify the representative, mandate and power to act; link the representative to the customer and screen both under the applicable risk rules.
- Preuves à conserver
- Mandate or power of attorney; representative ID; verification and screening record.
- Source primaire
- Law No. 2024-08, arts. 17–18
Establish the purpose and intended nature of the relationship.
- Action d’implémentation
- Collect expected activity, products, counterparties, geographies, source of funds and business rationale sufficient to set a risk rating and monitoring profile.
- Preuves à conserver
- Customer profile; expected-activity baseline; risk score and rationale.
- Source primaire
- Law No. 2024-08, arts. 16 and 19–20
Apply CDD at all statutory triggers, including suspicion and relevant occasional transactions.
- Action d’implémentation
- Configure onboarding and transaction workflows to trigger CDD for relationships, account or custody services, domestic or international transfers, linked cash activity, threshold events and any suspicion regardless of amount.
- Preuves à conserver
- Trigger matrix; workflow rules; linked-transaction logic; test results.
- Source primaire
- Law No. 2024-08, art. 17
Use deferred verification only where every legal condition is satisfied.
- Action d’implémentation
- Complete verification as soon as possible and before the first transaction; document why delay is essential not to interrupt normal business and how risks are effectively controlled under pre-approved procedures.
- Preuves à conserver
- Deferral policy; case approval; no-transaction control; completion timestamps.
- Source primaire
- Law No. 2024-08, art. 18
Do not proceed when required CDD cannot be completed and file the mandatory suspicious transaction report.
- Action d’implémentation
- Do not open the relationship, refuse the occasional transaction or terminate the relationship as applicable; submit a suspicious transaction report to CENTIF as required by article 25 without tipping off the customer.
- Preuves à conserver
- Decline or exit record; investigation decision; STR filing receipt and restricted case record.
- Source primaire
- Law No. 2024-08, arts. 22 and 25
04Verify businesses and beneficial ownersKYB must establish legal existence, authority, ownership and the natural persons who ultimately own or control the customer.5 éléments+
Verify legal name, form, constitutive documents, powers and addresses.
- Action d’implémentation
- Obtain current registry and constitutional records, registered and principal office, governing documents, tax or sector identifiers and proof of operating status from reliable sources.
- Preuves à conserver
- Registry extract; statutes; address proof; independent-source checks.
- Source primaire
- Law No. 2024-08, art. 26
Understand the customer's activity, ownership and control structure.
- Action d’implémentation
- Map legal and economic activity, directors or equivalent controllers, shareholders, members, intermediate entities and control rights through every layer.
- Preuves à conserver
- Ownership chart; director register; corporate profile; analyst notes.
- Source primaire
- Law No. 2024-08, art. 26
Apply the beneficial-owner cascade to natural persons.
- Action d’implémentation
- Identify the natural person exercising controlling ownership; if none is identified, determine control through other means; only then identify the relevant senior managing official and document why.
- Preuves à conserver
- BO calculation; control analysis; fallback rationale; verified BO files.
- Source primaire
- Law No. 2024-08, art. 26
Keep shareholder, member and beneficial-ownership information accurate and current.
- Action d’implémentation
- Require event-driven notifications, periodic refresh and discrepancy escalation; reconcile customer information against available registries and reliable sources.
- Preuves à conserver
- Registers; refresh schedule; change alerts; discrepancy cases.
- Source primaire
- Law No. 2024-08, arts. 76–79
Detect bearer, nominee, trust and similar opacity risks.
- Action d’implémentation
- Identify nominee arrangements, bearer instruments, trusts and comparable legal arrangements; establish the relevant parties, control and purpose and apply enhanced measures where risk is elevated.
- Preuves à conserver
- Legal-arrangement questionnaire; party verification; enhanced review.
- Source primaire
- Law No. 2024-08, arts. 80–83
05Apply enhanced and remote due diligenceHigher-risk relationships require deeper evidence, approval and monitoring; lower-risk treatment must be justified rather than assumed.5 éléments+
Identify domestic, foreign and international organisation PEPs and relevant connected persons.
- Action d’implémentation
- Use risk-based systems to identify PEP status and apply the statutory treatment to family members and close associates where required.
- Preuves à conserver
- PEP screening record; relationship analysis; match disposition.
- Source primaire
- Law No. 2024-08, art. 29
Obtain senior approval and establish source of wealth and source of funds for PEP relationships.
- Action d’implémentation
- Complete corroborated wealth and funds analysis before onboarding or continuing the relationship and obtain approval at the prescribed senior level.
- Preuves à conserver
- Source analysis; corroborating records; signed approval.
- Source primaire
- Law No. 2024-08, art. 29
Apply enhanced, ongoing monitoring and periodically reassess former PEP risk.
- Action d’implémentation
- Set tighter scenarios and review frequency, and reevaluate PEP profiles at least every three years while retaining risk-based treatment after public functions end.
- Preuves à conserver
- Monitoring plan; review diary; three-year reassessment record.
- Source primaire
- Law No. 2024-08, art. 29
Control non-face-to-face identity and impersonation risk.
- Action d’implémentation
- Use layered document, biometric or equivalent verification, device and fraud signals, liveness where proportionate, channel limits and manual escalation calibrated to risk.
- Preuves à conserver
- Remote-onboarding standard; vendor assessment; model tests; exception cases.
- Source primaire
- Law No. 2024-08, art. 22
Document the basis for enhanced or simplified measures.
- Action d’implémentation
- Apply enhanced controls to higher risks and simplified measures only where lower risk is demonstrated and no suspicion or mandatory enhanced-treatment condition applies.
- Preuves à conserver
- Risk decision; control variation; approval and review date.
- Source primaire
- Law No. 2024-08, arts. 84–85
06Monitor activity and report suspicionMonitoring must compare actual behaviour with the known customer and promptly escalate suspicion to CENTIF.6 éléments+
Keep CDD and risk profiles current throughout the relationship.
- Action d’implémentation
- Refresh on risk-based cycles and events such as ownership change, unusual activity, document expiry, adverse information or material product change.
- Preuves à conserver
- Refresh rules; event triggers; completed reviews; overdue dashboard.
- Source primaire
- Law No. 2024-08, arts. 16 and 19–20
Monitor transactions against customer knowledge and expected activity.
- Action d’implémentation
- Implement scenarios and investigations covering size, frequency, velocity, counterparties, geography, channels, source of funds and unexplained changes.
- Preuves à conserver
- Scenario inventory; tuning rationale; alerts; investigation files.
- Source primaire
- Law No. 2024-08, arts. 19–21
Examine complex, unusual or apparently purposeless activity and preserve a written analysis.
- Action d’implémentation
- Investigate origin, destination, purpose and beneficial owner; create a confidential written report even where suspicion is not ultimately established.
- Preuves à conserver
- Special-examination report; supporting data; reviewer sign-off.
- Source primaire
- Law No. 2024-08, art. 21
Report suspected, attempted and relevant proposed activity to CENTIF immediately.
- Action d’implémentation
- File when there is suspicion or reasonable ground to suspect money laundering, terrorist financing, proliferation financing, a predicate offence or other statutory reporting circumstance; send supplementary information without delay.
- Preuves à conserver
- STR decision record; filing receipt; supplement log; restricted case file.
- Source primaire
- Law No. 2024-08, art. 60
Refrain from execution before reporting unless a statutory exception applies.
- Action d’implémentation
- Pause the transaction where required. If execution cannot be deferred, deferral would obstruct investigation, or suspicion arises afterward, notify CENTIF without delay and document the reason.
- Preuves à conserver
- Hold decision; exception rationale; filing timestamp; release approval.
- Source primaire
- Law No. 2024-08, art. 61
Prevent tipping off and implement CENTIF opposition instructions.
- Action d’implémentation
- Restrict knowledge of filings and inquiries. Operationalise CENTIF's opposition period of up to four days and escalation for judicial extension or provisional seizure.
- Preuves à conserver
- Confidentiality controls; access logs; hold workflow; legal escalation record.
- Source primaire
- Law No. 2024-08, arts. 63 and 65
07Control payments, transfers and cash riskPayment and transfer controls should preserve required originator and beneficiary information and identify linked or unusual activity.5 éléments+
Capture and transmit required originator and beneficiary information.
- Action d’implémentation
- Map mandatory data fields across domestic, cross-border and intermediary payment flows; reject, suspend or investigate missing or unreliable information according to documented rules.
- Preuves à conserver
- Data dictionary; message samples; missing-data rules; QA results.
- Source primaire
- Law No. 2024-08, transfer provisions, arts. 39–46
Detect linked transactions and threshold avoidance.
- Action d’implémentation
- Aggregate related cash and occasional transactions across channels, accounts, devices, agents and the statutory time window; maintain configurable thresholds set by competent authority.
- Preuves à conserver
- Aggregation logic; threshold register; scenario tests; cases.
- Source primaire
- Law No. 2024-08, arts. 17 and 72
Apply enhanced monitoring to unusual or unrelated deposits and cash activity.
- Action d’implémentation
- Escalate activity inconsistent with the customer's profile, stated business or economic purpose and document source-of-funds inquiries.
- Preuves à conserver
- Cash-risk rules; source evidence; analyst disposition.
- Source primaire
- Law No. 2024-08, arts. 21 and 72
Maintain agent and partner controls across the payment chain.
- Action d’implémentation
- Conduct due diligence, contract for AML and data obligations, train relevant personnel, monitor performance and preserve audit and termination rights.
- Preuves à conserver
- Partner file; contract clauses; training; monitoring dashboard.
- Source primaire
- BCEAO Instruction No. 001-01-2024, governance and risk-control requirements
Reconstruct the full payment trail.
- Action d’implémentation
- Retain identifiers, timestamps, amounts, currencies, channels, account or wallet references, parties, screening results and decision history in an exportable format.
- Preuves à conserver
- Sample reconstruction; lineage map; retention and access test.
- Source primaire
- Law No. 2024-08, art. 23
08Implement targeted financial sanctionsFreezing measures must operate immediately, without prior notice, and cover funds and economic resources linked to designated persons and entities.5 éléments+
Screen customers, beneficial owners, controllers and transactions against applicable designations.
- Action d’implémentation
- Screen at onboarding, list updates, material profile changes and before relevant transactions; include aliases, transliteration and ownership or control analysis.
- Preuves à conserver
- List inventory; screening configuration; update logs; match files.
- Source primaire
- Law No. 2024-08, arts. 89–90
Freeze designated funds and economic resources immediately and without prior notice.
- Action d’implémentation
- Create a 24/7 decision and technical-control path that blocks movement, alteration, use or access once the legal condition is met.
- Preuves à conserver
- Freeze procedure; system test; incident timeline; approvals.
- Source primaire
- Law No. 2024-08, art. 89
Prevent funds or economic resources from being made available.
- Action d’implémentation
- Control direct and indirect availability, including through owned or controlled entities, intermediaries, cards, wallets, agents and refunds.
- Preuves à conserver
- Control mapping; ownership analysis; blocked-payment tests.
- Source primaire
- Law No. 2024-08, art. 89
Notify CENTIF and the competent authority immediately.
- Action d’implémentation
- Maintain a controlled reporting workflow for frozen assets, attempted activity, false positives and subsequent directions.
- Preuves à conserver
- Notification template; filing receipt; regulator correspondence.
- Source primaire
- Law No. 2024-08, art. 90
Apply sanctions controls consistently across the group.
- Action d’implémentation
- Define group-wide minimums, local legal escalation and information-sharing safeguards so Senegal operations receive and implement designations without delay.
- Preuves à conserver
- Group standard; local annex; update SLA; assurance results.
- Source primaire
- Law No. 2024-08, art. 89
09Retain records and support assuranceRecords should allow authorities and auditors to reconstruct decisions, relationships and transactions over the statutory period.5 éléments+
Keep identity, KYC, profile and analysis records for 10 years after closure or cessation.
- Action d’implémentation
- Start the retention clock from account closure or the end of the business relationship and preserve documents, data, decisions and special examinations.
- Preuves à conserver
- Retention schedule; lifecycle rules; sampled archived files.
- Source primaire
- Law No. 2024-08, art. 23
Keep transaction, accounting and correspondence records for 10 years after the transaction.
- Action d’implémentation
- Apply transaction-based clocks and preserve sufficient detail for complete reconstruction and evidential use.
- Preuves à conserver
- Storage configuration; transaction sample; retrieval test.
- Source primaire
- Law No. 2024-08, art. 23
Preserve corporate and beneficial-ownership records after dissolution.
- Action d’implémentation
- Contractually and operationally ensure relevant parties keep required company and BO information for at least 10 years after dissolution or the end of the applicable relationship.
- Preuves à conserver
- Dissolution checklist; archive owner; retention proof.
- Source primaire
- Law No. 2024-08, arts. 76–79
Protect confidentiality while enabling timely authority access.
- Action d’implémentation
- Use least privilege, immutable logs, legal holds and controlled exports; separate STR and sanctions files from ordinary customer-service access.
- Preuves à conserver
- Access matrix; audit logs; legal-hold test; disclosure register.
- Source primaire
- Law No. 2024-08, arts. 23 and 63
Test control design and operating effectiveness independently.
- Action d’implémentation
- Set a risk-based compliance monitoring and independent audit plan; track findings to accountable owners and board-visible closure.
- Preuves à conserver
- Monitoring plan; audit reports; issue register; closure evidence.
- Source primaire
- Law No. 2024-08, arts. 12–15
10Protect personal and biometric dataIdentity verification creates high-risk personal-data processing that must be lawful, proportionate, secure and subject to CDP formalities.5 éléments+
Map identity, biometric, corporate and monitoring data to a lawful and defined purpose.
- Action d’implémentation
- Maintain records of processing covering source, purpose, fields, recipients, location, retention, security and rights handling; separate legal obligations from optional analytics or marketing.
- Preuves à conserver
- Data inventory; processing register; purpose and legal-basis assessment.
- Source primaire
- Law No. 2008-12 on personal data protection
Complete applicable declarations or prior authorisations with CDP.
- Action d’implémentation
- Classify each processing operation under CDP formalities, including sensitive or biometric processing, interconnected files and transfers to third countries, before production use where authorisation is required.
- Preuves à conserver
- CDP filing; receipt or authorisation; processing-to-formality matrix.
- Source primaire
- CDP, Formalities; Law No. 2008-12 and Decree No. 2008-721
Provide clear notices and operationalise individual rights.
- Action d’implémentation
- Explain controller identity, purposes, required fields, recipients, transfers, retention and rights; authenticate and log access, correction, objection or deletion requests subject to legal retention duties.
- Preuves à conserver
- Privacy notice; request workflow; response log; exemption rationale.
- Source primaire
- CDP, Understanding your rights; Law No. 2008-12
Minimise collection and secure identity evidence.
- Action d’implémentation
- Limit data to what is necessary, encrypt in transit and at rest, restrict access, test vendors and deletion, and maintain incident detection and response appropriate to identity and biometric risk.
- Preuves à conserver
- Data-minimisation review; security architecture; access logs; incident plan.
- Source primaire
- CDP, Business obligations; Law No. 2008-12
Control processors, vendors and international transfers.
- Action d’implémentation
- Perform due diligence, document instructions, confidentiality, security, sub-processing, audit, return or deletion and transfer safeguards; verify actual data locations.
- Preuves à conserver
- Vendor assessment; data-processing terms; transfer map; audit record.
- Source primaire
- Law No. 2008-12; CDP formalities
11Operate BCEAO payment-service controlsLicensed payment operations require governance, safeguarding, operational resilience and customer-protection controls in addition to AML compliance.5 éléments+
Maintain governance, internal control and risk-management arrangements proportionate to payment activity.
- Action d’implémentation
- Document decision rights, control functions, risk and security frameworks, outsourcing, continuity, incident response, data protection and complaint management, and maintain the ongoing governance arrangements required for authorised payment institutions.
- Preuves à conserver
- Governance framework; risk register; continuity tests; complaint reports; periodic governance review.
- Source primaire
- BCEAO Instruction No. 001-01-2024, art. 32
Safeguard and segregate customer funds.
- Action d’implémentation
- Deposit undelivered customer funds no later than the next business day into cantonnement accounts that are separate and distinct from operating accounts and held at a bank or microfinance institution; reconcile safeguarded balances daily and ensure the funds are protected from claims in the payment institution's insolvency.
- Preuves à conserver
- Cantonnement account agreements and bank or microfinance institution confirmations; next-business-day deposit records; daily reconciliations; insolvency-protection terms; shortfall escalation records.
- Source primaire
- BCEAO Instruction No. 001-01-2024, art. 48
Use only authorised institutions and partners.
- Action d’implémentation
- Check the current BCEAO register at onboarding and periodically; verify the exact licensed entity, services, jurisdictions and restrictions rather than relying on a trading name.
- Preuves à conserver
- Register extracts; partner licence file; periodic recheck log.
- Source primaire
- BCEAO list of authorised payment institutions, 28 February 2026
Integrate security, fraud and AML controls.
- Action d’implémentation
- Share governed signals between fraud, cybersecurity and AML teams; define escalation for account takeover, mule activity, agent abuse and payment anomalies without weakening STR confidentiality.
- Preuves à conserver
- Integrated scenario map; escalation SLA; incident and case samples.
- Source primaire
- BCEAO Instruction No. 001-01-2024, art. 32; Law No. 2024-08
Run a documented launch and periodic compliance gate.
- Action d’implémentation
- Before launch and material changes, confirm licence, AML, safeguarding, privacy, outsourcing, customer terms, complaints, resilience and reporting readiness; repeat on a defined cycle.
- Preuves à conserver
- Launch checklist; accountable approvals; periodic certification; open-risk log.
- Source primaire
- BCEAO Instruction No. 001-01-2024; Law No. 2024-08

11 domaines de contrôle et 57 vérifications d'implémentation avec sources réglementaires directes.
Téléchargez la checklist KYC, KYB et AML pour Sénégal
Partagez vos coordonnées professionnelles pour accéder immédiatement à la checklist d'implémentation sourcée pour Sénégal. Date de revue réglementaire : 15 July 2026.
Recevez le PDF immédiatement
Envoyez vos coordonnées pour démarrer automatiquement le téléchargement
Revue et sourcée
Version 1.2, revue le 15 July 2026
Approuvé par des équipes conformité de premier plan
Registre des sources primaires
14 sources utilisées pour cette checklist
Utilisez ces liens pour vérifier la législation, les lignes directrices, les procédures de déclaration et les statuts internationaux.
- Law No. 2024-08 of 14 February 2024, Official Journal No. 7716Republic of Senegal / Vie-Publique.sn · Primary legislation
- Instruction No. 001-01-2024 on payment services in the WAMUBCEAO · Primary regulation
- Payment-services instruction landing pageBCEAO · Official guidance
- Notice No. 006-05-2025 extending the payment-institution transition period through 31 August 2025BCEAO · Official notice
- Authorised payment institutions as at 28 February 2026BCEAO · Official register
- Personal data protection legislationCommission de Protection des Données Personnelles · Official legislation portal
- Personal data protection regulationsCommission de Protection des Données Personnelles · Official regulation portal
- Processing declarations and prior authorisationsCommission de Protection des Données Personnelles · Official compliance guidance
- Business data-protection obligationsCommission de Protection des Données Personnelles · Official compliance guidance
- Jurisdictions under increased monitoring, October 2024FATF · Official FATF statement
- Jurisdictions under increased monitoring, 19 June 2026FATF · Official FATF statement
- CENTIF Senegal 2024 annual reportCENTIF Senegal / Vie-Publique.sn · Official report
- Senegal 2025 national risk assessmentCENTIF Senegal / Vie-Publique.sn · Official risk assessment
- Compliance in Senegal 2026: BCEAO guide for fintech startupsVOVE ID · Contextual implementation guide
Réponses directes
Questions KYC, KYB et AML pour Sénégal
Who receives suspicious transaction reports in Senegal?+
Reporting persons submit suspicious transaction reports to CENTIF Senegal. Law No. 2024-08 requires immediate reporting of covered suspected, attempted and relevant proposed activity and supplementary information without delay.
Can customer verification be completed after onboarding?+
Only under the narrow conditions in article 18: completion as soon as possible and before the first transaction, necessity to avoid interrupting normal business, effective risk management and pre-established risk procedures. This is not a general grace period. If required CDD cannot be completed, article 25 requires the relationship or transaction to be refused or terminated as applicable and a suspicious transaction report to be submitted to CENTIF without tipping off the customer.
How long should AML records be kept?+
Core identity, KYC, profile and analysis records are retained for 10 years after account closure or the end of the relationship. Transaction, accounting and correspondence records are retained for 10 years after the transaction.
Do fintechs need BCEAO authorisation?+
A fintech providing a regulated payment service must operate within the applicable BCEAO authorisation framework. The exact requirement depends on the legal entity and service. BCEAO Notice No. 006-05-2025 extended the transition through 31 August 2025; from 1 September 2025, only authorised payment service providers could operate within the regulated perimeter.
Is Senegal currently on the FATF grey list?+
No. FATF removed Senegal from increased monitoring in October 2024, and its 19 June 2026 statement confirms that Senegal is not under increased monitoring. Firms must still apply the domestic risk-based framework and enhanced measures wherever their own risk assessment requires them.
Does KYC data require CDP formalities?+
Potentially. Organisations should classify each processing operation under Senegal's privacy framework. Sensitive or biometric processing, interconnected files and certain third-country transfers may require prior authorisation rather than a simple declaration.
Méthode de recherche et de revue
VOVE ID Compliance Research cartographie le périmètre réglementaire, traduit les obligations en contrôles opérationnels, relie les affirmations importantes aux sources et date chaque revue.
VOVE ID Compliance Research · Revue le 15 July 2026 · Version 1.2
This checklist is general information, not legal advice. It is based on official materials available on 15 July 2026. Thresholds, implementing decisions, sector rules and supervisory expectations may change. Confirm applicability with CENTIF, BCEAO, the competent sector supervisor, CDP and qualified Senegalese counsel before launch.