Introduction
In 2023, a fintech payment platform operating across three West African markets was fined and had its cross-border processing licence temporarily suspended after regulators discovered it had failed to file suspicious transaction reports on a series of structuring transactions each just below the reporting threshold executed over a four-month period. The platform's transaction monitoring system was not calibrated for the structuring typology. The failure cost far more in lost business and regulatory remediation than any compliance investment would have.
This scenario plays out across African markets with increasing frequency. AML compliance for payment service providers in Africa is no longer a back-office formality it is an operational requirement enforced with real sanctions by the CBN, FSCA, BCEAO, and, indirectly, through FATF's grey-listing mechanism.
This guide explains the full scope of AML compliance obligations applying to African payment service providers in 2026, covering regulatory requirements by jurisdiction, practical compliance programme components, key transaction monitoring typologies, and the penalties for non-compliance.
Why AML Compliance Is a Core Operating Requirement for African PSPs
Payment service providers sit at a structurally sensitive position in the financial system. Unlike traditional banks, PSPs onboard customers at high velocity, process enormous transaction volumes across multiple channels, and serve a broad range of customer segments including underbanked populations with limited documentation. This combination creates significant money laundering exposure.
African regulators have responded by extending AML obligations previously concentrated in the banking sector to the full range of PSPs, including mobile money operators, payment switching and processing companies, fintech payment platforms, digital wallet providers, and cross-border remittance services.
Enforcement is intensifying at every level. The CBN revoked the licences of over 4,000 Bureau de Change operators in 2021 and has since issued significant fines to PSPs for AML programme deficiencies. The Financial Intelligence Centre in South Africa has expanded its AML scrutiny of PSPs under the extended scope of the FIC Act. BCEAO member state regulators have imposed sanctions on payment operators across Côte d'Ivoire, Senegal, and Mali.
For PSPs operating across African markets in 2026, building and maintaining a robust AML programme is a prerequisite for licensing, banking relationships, and commercial sustainability.
INTERESTING READ: AML Compliance Program: Elements and Requirements
CBN AML Requirements for Payment Service Providers in Nigeria
The Central Bank of Nigeria regulates PSPs under a layered framework of AML obligations. The primary instrument is the CBN AML/CFT/CPF Regulations 2022, which applies to all CBN-licensed financial institutions without exception. Additional obligations arise from the CBN Regulatory Framework for BVN, the CBN Guidelines on Electronic Payment Channels 2020, and NFIU reporting guidelines.
1. Customer Due Diligence and Tiered KYC in Nigeria
The CBN applies a tiered KYC framework to wallet and account products. Tier 1 wallets capped at a ₦50,000 balance and ₦300,000 in monthly transactions require BVN or NIN verification only. Tier 2 wallets require BVN or NIN plus additional documentation. Tier 3 accounts require full bank-grade CDD, including document verification and source of funds assessment for high-risk customers.
PSPs must ensure their onboarding infrastructure is capable of verifying NIN and BVN data in real time. Youverify's KYC verification platform provides instant NIN, BVN, and document verification across all three wallet tiers, with biometric liveness checks for Tier 2 and above.
2. Transaction Monitoring Obligations
CBN-licensed PSPs must implement automated transaction monitoring systems capable of identifying suspicious activity patterns, including round-tripping transactions, structuring designed to stay below reporting thresholds, rapid fund movement through multiple accounts, and transactions inconsistent with the customer's verified profile. Manual monitoring is not sufficient for a high-volume PSP the CBN expects technology-enabled detection.
3. STR Filing and CTR Obligations
Suspicious transactions must be reported to the Nigerian Financial Intelligence Unit (NFIU) within 24 hours of detection. Currency Transaction Reports are required for all cash transactions above ₦5 million for individuals and ₦10 million for corporate customers. Record-keeping must cover a minimum of five years from the end of the business relationship.
Under the Money Laundering (Prevention and Prohibition) Act 2022, failure to report a suspicious transaction is a criminal offence. Institutions face fines of up to ₦25 million. Individual officers responsible for compliance face fines of up to ₦10 million and imprisonment for up to three years. Regulatory sanctions including suspension and revocation of licences may apply in addition to criminal penalties.
FSCA AML Requirements for Payment Service Providers in South Africa
In South Africa, PSPs are classified as Accountable Institutions under Schedule 1 of the Financial Intelligence Centre Act, 2001 (as amended). This places them under the full scope of South Africa's AML/CFT framework, overseen jointly by the Financial Intelligence Centre (FIC) and the Financial Sector Conduct Authority (FSCA).
1. Risk-Based Approach
South African PSPs must implement a documented risk-based approach to AML compliance. The level of due diligence applied to any customer or transaction must be proportional to the assessed risk. This requires a written risk assessment updated at regular intervals, and CDD procedures that escalate appropriately when a customer's risk profile increases.
2. FICA CDD Requirements
PSPs must verify natural persons using a South African national ID or valid passport, and verify legal entities through CIPC registration documents. Ultimate Beneficial Owners must be identified and verified for all corporate accounts.
3. PEP and Enhanced Due Diligence
The FIC Act requires Enhanced Due Diligence for all customers identified as domestic or foreign PEPs. This includes understanding the source of the PEP's wealth, obtaining senior management approval for the business relationship, and implementing enhanced monitoring on all related accounts and transactions. Youverify's PEP and sanctions screening provides real-time matching against domestic and international PEP databases, including historical PEPs and close associates.
4. Compliance Officer Requirement
Every South African PSP must appoint a designated compliance officer responsible for AML programme oversight, FIC reporting, and regulatory liaison. The compliance officer must be an appropriately senior and knowledgeable individual the appointment of a junior staff member without AML expertise does not satisfy the regulatory requirement.
READ ALSO: AML Regulations in Banking and How to Stay Compliant
BCEAO AML Requirements in Francophone West Africa
The Banque Centrale des États de l'Afrique de l'Ouest (BCEAO) regulates payment service providers across the eight-member UEMOA zone: Côte d'Ivoire, Senegal, Mali, Burkina Faso, Guinea-Bissau, Niger, Togo, and Benin. The primary AML framework is the UEMOA Uniform Law on AML/CFT, transposed into national legislation in each member state.
1. Electronic Money Issuer Licensing
PSPs issuing electronic money in the UEMOA zone must hold an EMI licence from BCEAO. Simplified CDD applies to accounts below FCFA 150,000. Full CDD including identity verification and source of funds assessment applies to accounts above this threshold.
2. CENTIF Reporting
Suspicious transactions must be reported to the national financial intelligence unit the Cellule Nationale de Traitement des Informations Financières (CENTIF) in each member state. Côte d'Ivoire's CENTIF-CI is the primary reporting authority for the largest UEMOA economy. Reporting timelines and procedures vary by country but are generally required within 48 hours of detection.
3. Record-Keeping: A Critical Difference
BCEAO's UEMOA framework requires a minimum 10-year retention period for AML-related records. This is double the five-year standard applied by the CBN in Nigeria. PSPs operating across the UEMOA zone must ensure their data retention infrastructure meets the higher standard this has direct implications for data storage architecture and technology vendor selection.
READ ALSO: AML Transaction Monitoring in Côte d'Ivoire: BCEAO and CENTIF Compliance for Banks
FATF Standards That Apply to African PSPs
The Financial Action Task Force sets the global AML baseline. African PSPs are subject to FATF standards either as financial institutions or as Designated Non-Financial Businesses and Professions, depending on the activity and jurisdiction.
The most operationally significant FATF standards for African PSPs are the following.
1. Recommendation 10 covers Customer Due Diligence, including beneficial ownership identification for corporate accounts.
2. Recommendation 11 establishes a minimum five-year record-keeping period.
3. Recommendation 16, the Travel Rule, requires PSPs processing wire transfers above USD 1,000 to include originator and beneficiary information name, account number, and address throughout the transaction chain. This is particularly relevant for cross-border payment providers and is increasingly enforced through bilateral agreements between African regulators and international payment partners.
4. Recommendation 20 mandates suspicious transaction reporting.
5. Recommendation 26 establishes that financial institutions including PSPs must be subject to regulation and supervision by a competent authority.
Transaction Monitoring: Key Money Laundering Typologies for African PSPs
An African PSP's transaction monitoring system must be explicitly calibrated for the following typologies, which are the patterns most frequently identified in enforcement actions across the region.
1. Structuring (Smurfing): Multiple transactions executed just below reporting thresholds for example, repeated ₦4.9 million transfers to avoid Currency Transaction Report obligations. This requires monitoring for aggregated transaction volumes across accounts linked by common identifiers.
2. Round-Tripping: Funds transmitted from Account A to Account B and returned to Account A through a series of intermediate steps, creating a false audit trail. This requires session-level and relationship-level pattern analysis, not just single-transaction review.
3. Pass-Through Accounts: Wallets or accounts functioning as conduits, with funds received and immediately forwarded to multiple recipient accounts. This is a high-frequency typology in mobile money environments.
4. Merchant Fraud: Legitimate-looking merchant accounts used to process fabricated sales transactions, creating an apparently clean revenue trail for criminal proceeds.
5. Geographic Anomalies: Transactions originating from or flowing to FATF grey-listed or sanctioned jurisdictions, inconsistent with the customer's stated business profile and geographic focus.
The following table sets out recommended monitoring rules for African PSPs:
Rule | Threshold | Required Action |
| High-velocity outbound | More than 20 outbound transactions in 24 hours | Alert for review |
| Rapid fund movement | Funds in and out within 60 minutes | Alert for review |
| Round-amount structuring | Multiple rounded-amount transactions just below reporting threshold | Alert for review |
| New payee high value | First transaction to a new recipient exceeding ₦500,000 | Alert for review |
| Cross-border anomaly | International transaction to a FATF grey-listed country | Alert plus EDD trigger |
| Pass-through pattern | Incoming funds forwarded within 1 hour to 3 or more recipients | Alert for review |
Sanctions Screening Obligations by Jurisdiction
Sanctions screening is mandatory for all African PSPs at onboarding and on an ongoing basis. The specific lists that must be screened depend on the jurisdiction of operation and the currency of transactions.
Jurisdiction | Mandatory Screening Lists |
| Nigeria | CBN sanctions list, UN Consolidated Sanctions List, OFAC SDN List |
| South Africa | UNSCR lists, FATF-designated lists, domestic terrorism financing lists |
| UEMOA Zone | BCEAO sanctions list, UN Consolidated Sanctions List, INTERPOL lists |
| Kenya | CMA/CBK lists, UN Consolidated Sanctions List |
Best practice requires screening customers at onboarding and re-screening the entire active customer base immediately whenever new names are added to any monitored list. For high-volume PSPs, automated re-screening is operationally essential manual processes cannot achieve the speed required to remain compliant with real-time sanctions updates.
False positive management is equally important. A high false-positive rate creates operational bottlenecks, delays legitimate customer onboarding, and degrades the compliance team's capacity to investigate genuine alerts. Machine learning-assisted fuzzy matching with configurable confidence thresholds significantly reduces false positives while maintaining screening accuracy.
STR Reporting Obligations Across African Markets
The obligation to file a Suspicious Transaction Report is triggered by suspicion not by a specific transaction size. A small suspicious transaction must be reported with the same priority as a large one. This principle applies in every African jurisdiction reviewed.
Country | Reporting Body | Timeframe | Cash Threshold |
| Nigeria | NFIU | Within 24 hours of detection | No minimum all suspicious activity |
| South Africa | FIC | As soon as practicable | No minimum all unusual or suspicious activity |
| Côte d'Ivoire | CENTIF-CI | Within 48 hours | No minimum |
| Kenya | Financial Reporting Centre | Immediately | No minimum |
| Ghana | FIC Ghana | Within 3 days | GHS 10,000 for cash transactions |
The Tipping-Off Prohibition: Filing an STR is confidential in all jurisdictions covered by this guide. Informing the subject of a report that a suspicious transaction report has been filed is a criminal offence under AML legislation in every listed country. PSPs must establish internal information barriers to ensure that STR filings are not disclosed to relationship managers or customer-facing staff who could inadvertently reveal the filing.
How Youverify Helps African Payment Service Providers Meet AML Requirements
Youverify's AML compliance platform provides African payment service providers with a unified compliance infrastructure covering the full regulatory lifecycle across Nigeria, South Africa, Ghana, Kenya, and Francophone West Africa.
AML screening delivers real-time sanctions and PEP screening against global and African watchlists, with configurable matching thresholds. Our API enables PSPs to embed AML controls directly into payment processing flows with minimal latency impact, and a centralised compliance dashboard gives compliance officers real-time visibility across alerts, case management, audit trails, and regulatory reporting.
Conclusion
AML compliance for payment service providers in Africa is complex, jurisdiction-specific, and subject to active regulatory enforcement. The CBN, FSCA, BCEAO, and FATF frameworks impose comprehensive and overlapping obligations on transaction monitoring, tiered KYC, sanctions screening, and suspicious transaction reporting across every market where African PSPs operate.
The compliance burden is significant but it can be done right with the right infrastructure. PSPs that invest in automated identity verification, real-time transaction monitoring, and integrated STR filing workflows will be better equipped to meet regulatory expectations, maintain banking relationships, and scale their operations across African markets without the operational disruption and reputational damage that enforcement action causes.
Ready to build a compliant AML programme for your payment operation? Book a free demo today.
About The Author
Victoria Okere is a compliance research lead specialising in African financial regulation, AML frameworks, and KYC/KYB compliance for banks, fintechs, and payment service providers. She covers regulatory developments across Nigeria, South Africa, Kenya, Ghana, and Francophone West Africa.