AML Compliance in Cabo Verde: 2026 Guide for Fintechs and Regulated Businesses

Cabo Verde's AML framework has the legal infrastructure most jurisdictions at its income level aspire to — but effectiveness has been the persistent gap. The country's 2019 GIABA Mutual Evaluation rated it low or moderate on the majority of immediate outcomes, and a 2025 follow-up report confirmed it remains in enhanced follow-up with significant technical compliance shortcomings unresolved. For regulated institutions operating in the archipelago, this matters: BCV's supervisory posture is becoming more active, and the sectoral risk profile — driven by tourism, remittances, the offshore IFI segment, and a real estate market with limited DNFBP oversight — creates specific ML/TF exposure that a generic compliance programme won't adequately address. VOVE ID supports financial institutions building audit-ready AML programmes with sanctions screening, biometric customer verification, and KYB workflows across markets with regulatory development gaps.

This guide covers Cabo Verde's AML framework in 2026, including primary legislation, supervisory structure, reporting obligations, FATF/GIABA status, sector ML risks, and what a compliant programme looks like under current BCV expectations. For the broader AML framework architecture, see our AML Requirements Explained: 2026.

Primary Legislation

The core AML/CFT statute in Cabo Verde is Law No. 57/VIII/2013, which establishes:

• Customer due diligence (CDD) and enhanced due diligence (EDD) obligations
• Suspicious transaction reporting (STR) requirements
• Record retention obligations
• Beneficial ownership identification requirements
• Obligations on designated non-financial businesses and professions (DNFBPs)
• Penalties for non-compliance

This law replaced the earlier Law No. 17/VI/2002, which had been assessed as deficient across multiple FATF recommendations — in particular around criminalization of terrorism financing and FIU institutional arrangements.

Law No. 58/VIII/2013 addresses beneficial ownership disclosure, requiring identification of natural persons controlling more than 25% of a legal entity.

On the terrorism financing side, Cabo Verde passed criminalization legislation but the 2019 evaluation found that the legal framework still presented gaps — notably that certain aspects of the financing of terrorism were not fully aligned with FATF Recommendation 5. This remains an area where the country has been working to address through legislative amendment.

Decree-Law No. 57/2010 of 6 December governs certain financial activities and intersects with AML supervisory requirements for specific sectors.

Supervisory Structure

Banco de Cabo Verde (BCV) — the central bank — is the primary AML supervisory authority for financial institutions. BCV conducts on-site and off-site examinations, issues guidance notices, and has sanctioning powers for non-compliance. BCV's supervisory framework has historically been rule-based rather than risk-based, meaning examination programmes did not systematically allocate resources according to ML/TF risk assessments of individual institutions. The 2019 GIABA evaluation identified this as a significant weakness. BCV has been working with IMF technical assistance to strengthen its supervisory methodology.

CENTIF (Centro de Informação e Segurança Financeira) is the financial intelligence unit. It receives STRs and currency transaction reports (CTRs), analyses them for ML/TF patterns, and refers actionable intelligence to the Attorney General's office. CENTIF is also the entity that overseas beneficial ownership declarations filed as part of entity formation.

The persistent challenge for CENTIF has been resource constraints. The 2009 ROSC, the 2019 GIABA MER, and subsequent follow-up reports have all identified that CENTIF lacks adequate human and financial resources to fulfil its full mandate. The unit is a member of the Egmont Group — the international network of FIUs — which provides access to secure intelligence-sharing infrastructure, but domestic analytical capacity remains limited.

DNFBP supervision is fragmented: the Bar Association supervises lawyers, the General Directorate of Registries, Notaries and Identification supervises notaries and registrars, and the Order of Professional Auditors and Certified Accountants supervises accountants and auditors. In practice, none of these bodies have issued substantial AML-specific guidance comparable to BCV's notices, and enforcement activity outside the banking sector has been minimal.

STR and CTR Obligations

Under Law No. 57/VIII/2013, financial institutions and DNFBPs are required to file a Suspicious Transaction Report (STR) with CENTIF whenever there are reasonable grounds to suspect that a transaction or customer relationship involves money laundering or terrorist financing. There is no minimum transaction value threshold for STRs — the obligation is triggered by suspicion, not amount.

Currency Transaction Reports (CTRs) apply to cash transactions above applicable thresholds. Cabo Verde's legislation requires reporting of cash transactions that meet defined criteria, though the specific CVE threshold should be verified against BCV's current notices, which are the operative instruments for financial institutions.

A structural problem identified repeatedly in assessments is that CTRs and STRs have not been consistently differentiated in CENTIF's statistical reporting. This makes it difficult to assess the quality and accuracy of the reporting pipeline. Of 100 STRs received by CENTIF in 2012, only five were processed and referred to the Attorney General — illustrating the gap between report receipt and actionable output.

More than 90% of STRs historically originate from commercial banks, predominantly in Santiago (the island where the capital Praia is located). DNFBPs across real estate, legal services, and accounting have filed at near-zero rates, despite formal obligations. This is not primarily a legal problem — the obligation exists — but an awareness and enforcement problem.

FATF and GIABA Status

Cabo Verde is not on the FATF Grey List (Jurisdictions under Increased Monitoring). It is, however, under GIABA enhanced follow-up, the regional FATF-style body's designation for countries that have completed a mutual evaluation but have significant compliance shortcomings that require continued monitoring.

The 2019 GIABA Mutual Evaluation rated Cabo Verde:

• Low effectiveness on: ML/TF risk understanding and domestic coordination; international cooperation; use of financial intelligence by law enforcement; deprivation of proceeds of crime
• Moderate effectiveness on: Supervisory compliance monitoring; preventive measures by financial institutions; legal persons and legal arrangements transparency

On the technical compliance side, the 2025 follow-up report confirmed that Cabo Verde has 8 recommendations rated Compliant, 16 rated Largely Compliant, 15 rated Partially Compliant, and 1 rated Non-Compliant (Recommendation 15, which covers new technologies and virtual assets — a downgrade from partially compliant). The country will remain in enhanced follow-up.

The practical implication for regulated businesses is that Cabo Verde sits in a tier where:

1. Correspondent banks and international partners may apply heightened due diligence to Cabo Verdean counterparties (though not to the degree applied to grey-listed jurisdictions)
2. BCV examinations are increasingly focused on effectiveness metrics, not just policy documentation
3. Institutions that cannot demonstrate operational AML controls — transaction monitoring, STR processes, ongoing monitoring records — face real supervisory risk

Sector ML/TF Risk Profile

Diaspora remittances: With €278 million in remittances in 2024 and the bulk flowing through commercial banks and licensed money transfer operators from Portugal, the US, and France, the remittance corridor is the highest-volume financial flow in the economy. The ML risk profile here centres on structuring — breaking transfers below reporting thresholds — and on the use of household networks to layer informal value transfers. Calibrating transaction monitoring for a remittance-heavy customer base requires differentiated behavioural baselines.

Tourism: Over one million tourists visited Cabo Verde in 2023. The accommodation sector, currency exchange operators (cambistas), and payment intermediaries serving the tourism industry represent a placement-layer risk. High cash usage in tourist areas, combined with limited DNFBP supervision of hospitality businesses, creates monitoring gaps. The real estate market driven by tourism investment — particularly on the islands of Sal, Boa Vista, and São Vicente — involves significant capital flows with historically weak AML oversight.

Offshore financial institutions (IFIs): Thirteen entities were licensed as IFIs at the time of the 2009 assessment, with only seven active. The offshore sector has attracted scrutiny due to the material differences between onshore and offshore supervisory arrangements identified in multiple assessments. Structures using IFIs as conduits for cross-border flows require enhanced due diligence.

Informal sector: The informal economy represented approximately 12.1% of GDP in 2015 (down from 25% in 2009). The placement risk from informal businesses converting cash to formal financial instruments remains relevant, particularly in agricultural and fishing communities on smaller islands.

Real estate: Property investment linked to tourism development involves significant foreign capital flows, nominee arrangements, and corporate structures. Real estate agents are obliged entities under the AML law but have been outside effective supervisory reach. This mirrors a pattern seen across GIABA member states where the real estate sector is formally covered but practically ungoverned from an AML perspective.

Sanctions Screening

Cabo Verde has obligations under UN Security Council Resolutions, including UNSCR 1267 (Al-Qaeda/Taliban) and subsequent successor resolutions, as well as obligations to implement EU-designated sanctions to the extent they apply to Cabo Verdean entities and transactions.

BCV distributes the relevant UN sanctions list updates to supervised institutions. There is no publicly accessible national sanctions list that supplements the international lists. Financial institutions are required to screen customer databases and transactions against relevant international sanctions lists — OFAC, UN, EU, and HM Treasury — and to freeze assets of designated persons and entities.

For institutions using automated sanctions screening, the key operationalisation question is update frequency and false positive management. Cabo Verde's population and entity base is relatively small, but the diaspora dimension means that screening must cover Portuguese, French, English, and Kriolu name variants.

Record Retention

Under Cabo Verdean AML legislation, financial institutions are required to retain customer identification records and transaction documentation for ten years — consistent with FATF Recommendation 11 and the approach taken by most GIABA member states. The retention clock generally starts from the end of the business relationship or the date of the transaction for one-off dealings.

Records must be maintained in a form that enables reconstruction of individual transactions for the purposes of law enforcement investigation and regulatory examination. Digital record-keeping is permissible; the operative requirement is retrievability and integrity.

Under the data protection framework (Law 133/V/2001, as amended in 2021), the ten-year retention period for AML purposes must be documented in the institution's records as operating under a legal obligation basis — not consent — to maintain consistency between AML retention requirements and CNPD data minimisation principles.

What BCV Examiners Focus On

Based on the GIABA evaluation findings and BCV's evolving supervisory practice, AML examinations in Cabo Verde currently focus on:

Whether institutions have conducted and documented a risk assessment that reflects the specific ML/TF risks of their customer base and product range — not a generic risk matrix imported from a parent company template.

Whether STR processes are operational: who in the organisation has authority to file, what the internal escalation process looks like, and whether the number and pattern of reports filed is consistent with the institution's risk profile. An institution with a large remittance customer base filing zero STRs over a twelve-month period invites scrutiny.

Whether transaction monitoring produces actionable alerts and whether those alerts are investigated and resolved with documented rationales.

Whether PEP identification is systematic — not reliant on customer self-disclosure — and whether EDD is applied to PEP relationships with documented source of wealth and source of funds.

Whether the compliance function is independent, adequately resourced, and has direct access to senior management and the board.

For fintechs and payment institutions operating under BCV supervision, the expectations are the same as for banks — there is no lighter-touch fintech regime in Cabo Verde. Institutions entering the market should assume that BCV will eventually examine compliance programmes to the same standard it applies to the banking sector.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC/KYB/AML requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.