AML Compliance in Morocco (2026): What Fintechs and Regulated Businesses Need to Operationalize

Morocco's AML story over the last five years is one of deliberate reform under pressure. The country spent two years on the FATF grey list, completed a 15-point action plan, and exited in February 2023. That exit didn't relax enforcement — it raised the bar. Regulators now operate with expanded authority, inter-agency coordination is tighter, and the volume of enforcement actions has increased year over year.

For fintechs and payment platforms, this means AML compliance in Morocco is no longer a background checkbox. It's an operational requirement with real consequences for licensing, banking partnerships, and market access.

For the underlying AML system architecture — identity ingestion, risk engine, monitoring and enforcement layers — see our AML Requirements guide.

The Legal Framework

Morocco's AML regime is anchored in Law No. 43-05, originally enacted in 2007 and significantly amended by Law No. 12-18 in 2021. The 2021 update is what shaped the current compliance environment:

• Broadened the definition of money laundering offences
• Made risk-based customer due diligence mandatory rather than optional
• Strengthened beneficial ownership transparency requirements
• Extended AML/CFT obligations to a wider set of designated non-financial businesses (DNFBPs)

In March 2025, Bank Al-Maghrib and the ANRF jointly released a detailed AML/CFT operational guide — the most current reference document for KYC procedures, transaction monitoring standards, and red flag classification.

Regulatory Authorities

ANRF (Autorité Nationale du Renseignement Financier) is Morocco's Financial Intelligence Unit. It receives and processes suspicious transaction reports, coordinates with law enforcement, and drives national AML strategy. Since the grey list exit, ANRF's authority has expanded significantly — in 2024 it handled over 340 cross-border data-sharing requests through Egmont Group and Interpol.

Bank Al-Maghrib (BAM) supervises banks, payment institutions, and credit providers. It is the primary regulator for most fintechs operating in Morocco and conducts AML/CFT inspections of supervised entities.

ACAPS and AMMC regulate insurance and capital markets respectively, both operating under the same Law 43-05 framework.

Ministry of Justice and Public Prosecutor leads criminal investigations and prosecutions. Money laundering convictions reached 134 in 2024, up from 74 in 2021 — a near-doubling that reflects both stronger enforcement coordination and the effect of expanded ANRF powers.

FATF Status and MENAFATF Assessment

Morocco exited the FATF grey list in February 2023 after completing all items on its 15-point action plan. Key reforms included expanding ANRF authority, improving beneficial ownership transparency, and strengthening sanctions implementation.

The MENAFATF mutual evaluation published in May 2024 rated Morocco:

• Largely Compliant with 28 of FATF's 40 Recommendations
• Partially Compliant with 10, including burden of proof standards, corporate criminal liability, and asset recovery mechanisms

These partial compliance ratings indicate where future regulatory tightening is likely — particularly around corporate structures and asset tracing.

Morocco-Specific AML Requirements

Reporting Obligations

Suspicious transactions must be reported to the ANRF. Beyond suspicion-based reporting, cash transactions exceeding MAD 200,000 (~$20,000) trigger mandatory reporting regardless of whether the transaction appears suspicious.

Cross-border transactions showing unusual patterns are a separate reporting trigger — particularly relevant for remittance platforms and payment corridors through Morocco.

Beneficial Ownership

Under Law 12-18, entities must identify, verify, and maintain current data on ultimate beneficial owners (UBOs) controlling 25% or more of a legal entity — directly or indirectly. This data must be updated on an ongoing basis and be available for ANRF or BAM requests. The full KYB workflow for business verification in Morocco, including OMPIC registry checks and UBO mapping, is covered in our KYB in Morocco guide.

Record-Keeping

Transaction records and identity documentation must be retained for a minimum of 10 years.

Third-Party Relationships

Vendors, payment processors, and KYC providers used by regulated entities must themselves meet Morocco's AML/CFT standards. Contracts must specify compliance responsibilities, and periodic audits of third-party compliance are expected.

Sector-Specific Developments

Real estate. Since Decree 2.21.708 (late 2023), real estate agents are fully subject to AML/CFT obligations. This closed a supervisory gap that FATF had flagged during Morocco's grey list period. Platforms serving or partnering with real estate businesses now need to treat them as regulated counterparties.

Crypto. Cryptocurrencies remain domestically banned in Morocco. A draft regulatory framework with AML/CFT requirements for digital assets was anticipated by Q4 2025 — check current BAM guidance for the latest status. Until legislation passes, any crypto-adjacent product or partnership sits in legal grey zone territory.

Cross-border payments and remittances. Morocco is a major remittance corridor — the country receives significant inflows from Moroccan diaspora in Europe. ANRF has specifically increased scrutiny on cross-border transaction patterns, and the 2025 operational guide addresses remittance-specific red flags explicitly.

What Increased Enforcement Looks Like in Practice

The shift since 2023 isn't just about more rules — it's about more active supervision. Inter-agency cooperation between BAM, ANRF, and the Ministry of Justice has tightened, with joint inspections and real-time data sharing becoming standard rather than exceptional.

For fintechs, this translates into a few practical realities:

• Onboarding gaps that were previously tolerated are now inspection findings
• Third-party relationships are scrutinized as part of the regulated entity's own compliance posture
• Documentation quality matters — audit trails need to hold up under BAM review, not just exist

VOVE ID is used by fintechs operating in Morocco to build onboarding and monitoring workflows that meet this standard — identity verification, sanctions screening, and audit logging structured for BAM scrutiny. If you're building or reviewing your AML infrastructure for the Moroccan market, talk to our team.