Why KYC/AML compliance decides a fintech's survival
A fintech that starts with a sloppy KYC setup takes two major risks. First, regulatory: BCEAO can suspend the license, CENTIF can refer the case to the prosecutor, and fines can reach 100 million FCFA per serious breach. Second, business: without a credible setup, no banking partner will sign, and without a settlement bank, you don't operate.
The Senegalese framework rests on Law n°2018-03 on anti-money laundering and counter-terrorist financing (AML/CFT), itself a transposition of WAEMU directives and FATF standards. Obligations apply to all financial entities — banks, EME, EP, microfinance, manual exchange — from the very first client.
The three pillars of the setup
A credible KYC/AML setup rests on three pillars that BCEAO and CENTIF systematically check.
First, customer identification (strict KYC). You must collect and verify at minimum: official ID document, proof of address under 3 months old, selfie photo with liveness detection, and for legal entities the registry extract, articles of association, and identification of beneficial owners (any individual holding more than 25%).
Second, transaction monitoring (strict AML). Each operation must be scored in real time according to rules: amount, frequency, geography, counterparty type, customer's habitual behavior. Atypical transactions trigger an alert that must be handled by a compliance analyst within 48 to 72 hours.
Third, suspicious activity reporting to CENTIF. Any operation raising reasonable doubt must be formally reported within 48 hours via the CENTIF portal. It's non-negotiable, and it's traced.
| Component | Typical 2026 tools | Annual cost for 50k clients |
|---|---|---|
| Identity verification (KYC) | Smile Identity, Onfido, Veriff | 8-15 M FCFA |
| Sanctions/PEP screening | ComplyAdvantage, Refinitiv, Dow Jones | 6-12 M FCFA |
| Transaction monitoring (TMS) | ComplyAdvantage, Hawk:AI, custom | 10-25 M FCFA |
| Case management & reporting | In-house build or ComplyAdvantage | 5-10 M FCFA |
| Compliance officer (1 FTE) | Salary + charges | 18-30 M FCFA |
The recommended tech stack to get started
Across the Senegalese and Ivorian fintechs we support, one combination has emerged as the optimal quality/cost/timeline trade-off in 2026.
Smile Identity for identity verification — their SDK covers 50+ African countries, handles OCR of varied documents (national ID, passport, license), selfie liveness, and matching with national databases when available. Pricing: around 200 to 400 FCFA per verification, with volume discounts.
Onfido as a complement or alternative when you have heavy international clientele — more expensive but better coverage outside Africa.
ComplyAdvantage for sanctions and PEP (politically exposed persons) screening and transaction monitoring. SaaS platform, API integration in 2-4 weeks, data refreshed daily.
For case management, either build in-house on Notion/Airtable at the start (acceptable up to ~20k clients), or take a dedicated tool from day one. Beyond 50k active clients, the dedicated tool becomes indispensable.
The most frequent pitfalls
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
Three mistakes recur in the audits we run.
First, under-sizing the compliance team. One compliance officer doesn't cut it beyond 30-50k active clients. You need at least two FTEs, ideally separating KYC (onboarding) and AML (transactions).
Second, neglecting operational team training. Customer service handles early weak signals: if the agent talking to a client can't recognize a suspicious request, the alert never escalates.
Third, not archiving evidence. BCEAO and CENTIF can ask to reconstruct a client file up to 10 years later. Without rigorous archiving of documents, initial KYC scores, and decisions made, you can't justify — and that's sanctioned.
FAQ
At what volume do you need a dedicated monitoring tool?
In practice, from 5,000 transactions per day, manual monitoring becomes impossible. At that stage, a TMS (Transaction Monitoring System) like ComplyAdvantage or Hawk:AI becomes mandatory to meet investigation deadlines.
Is simplified KYC possible for small amounts?
Yes, the WAEMU framework allows "light KYC" for wallets capped at 200,000 FCFA cumulative monthly. ID document + selfie are enough, no proof of address. Beyond the cap, full KYC is mandatory before any further operation.
How long to deploy a complete KYC/AML setup?
On the projects we've run: 8 to 12 weeks to reach a BCEAO-auditable level, integrating Smile Identity + ComplyAdvantage and drafting procedures. Shorter if you accept a minimal validated setup to start, to be strengthened over time.
Who can be appointed compliance officer?
BCEAO requires an experienced profile (5+ years in banking or fintech compliance), resident in the licensing country, reporting directly to the CEO (not product or tech). It's a senior role, scarce on the market — anticipate hiring 4 to 6 months before the license application.
---
Building a KYC/AML setup or want to audit the existing one? WhatsApp +221 77 596 93 33 or free quote — we map your risks, select the tools and draft BCEAO-ready procedures.
Mohamed Bah
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.
