AML Compliance in Mozambique: 2025 Guide for Fintechs and Digital Platforms

Mozambique has gone through a major transformation of its financial integrity framework. Regulatory expectations are higher, supervisory inspections are more structured, and digital finance continues to expand faster than traditional compliance teams can grow. A key milestone arrived in October 2025, when the FATF removed Mozambique from the “grey list”, recognizing significant progress in AML/CFT reforms. This eased some international restrictions, yet domestic regulators maintain strict oversight.

For fintechs, wallets, payment operators, gig-economy apps, FX platforms, and digital marketplaces, 2025 is the year when effectiveness, not just documentation, defines good compliance. Many early-stage teams now rely on modern onboarding and verification tools like VOVE ID to maintain accurate customer data and support risk-based controls from day one. This guide explains how AML supervision in Mozambique works today, what regulators expect, and where early-stage companies normally struggle.

The Evolving AML Environment

Mozambique’s AML/CFT framework was modernized through a series of reforms between 2023 and 2025. Key elements include:

• Amendments to the AML/CFT Act under Law 3/2024
• New supervisory expectations and risk assessments by Banco de Moçambique
• Updated national guidelines under Notice 10/GBM/2024
• Sector-specific tightening for mobile money under Notice 7/GBM/2024
• The 2025 Sectoral Assessment Report, which shifted the country’s risk perception and refined focus sectors for oversight

The removal from the FATF grey list marked a turning point. Mozambique now ranks as medium-risk internationally, not high-risk. This reduces automatic EDD requirements for cross-border partners and improves integration with larger payment networks. But the domestic supervisors did not loosen their expectations: they intensified them, emphasizing measurable outcomes.

Mozambique’s Risk Profile in 2025

The country’s risk environment is shaped by several structural factors:

• Persistent reliance on cash for daily commerce
• Rapid expansion of digital finance ecosystems
• Large agent networks and cash-in/cash-out points with varied AML maturity
• Growth of informal FX and cross-border remittance channels
• Increased global connectivity through digital wallets and mobile payments
• Limited availability of unified corporate datasets for risk evaluation
• High exposure to NPO misuse and crypto-linked typologies noted in 2025 inspections

These characteristics require digital platforms to design AML frameworks tailored to local realities, not generic templates.

Strategic Supervisory Priorities After 2025

Regulators have made it clear that their supervision will focus on effectiveness, specifically:

1. Demonstrated risk mitigation

Institutions must move beyond formal compliance documents and show tangible results: timely escalations, well-founded SARs, well-explained risk ratings.

2. High-risk corridors and agent networks

Mobile money products, cash-heavy models, and agent-based distribution are under intensified supervision. In 2025 several providers received multi-million metical penalties for weak oversight of agents.

3. Cross-border flows and crypto-linked activity

Institutions must segment these customer types with dedicated risk classifications.

4. NPO exposure

Authorities identified suspicious flows through non-profit organizations in 2025. Fintechs must apply specific controls for NPO onboarding and payouts.

5. Annual institutional risk assessments

Regulators now expect a full update at least once per year, supported by data and case examples.

What AML Compliance Looks Like in Practice

AML in Mozambique is not only about identifying customers. It is about understanding how they behave, where risks originate, and how the institution reacts.

Institutional Risk Assessment

Supervisors expect a clear methodology, consistent scoring, and evidence that updates were made when risk profiles changed.

Governance and Accountability

Boards and senior management must demonstrate direct involvement. Compliance leadership cannot be symbolic or subordinate to commercial pressure.

High-Risk Scenarios

Fintechs should define stricter controls for cross-border payment pathways, cash-intensive segments, crypto-adjacent activity, unregistered merchants, and large agent networks.

Auditability and Documentation

Inspections in 2025 emphasised traceability, regulators want to see how decisions were made, not just that a policy exists.

Common Gaps Identified in 2025 Inspections

Based on supervisory findings, the most frequent weaknesses among digital-first companies include:

• Poor risk segmentation for crypto-linked or FX-heavy customers
• Weak justification for SAR filings or internal escalations
• Inconsistent onboarding controls across agent networks
• Annual risk assessments not updated or lacking data inputs
• Generic policies with no reflection of business reality
• Boards unable to demonstrate AML oversight in practice
• Limited investigation quality and insufficient evidence trails

Many of these gaps stem from the rapid growth of fintech products outpacing internal compliance capacity.

Sector-Specific Considerations

Mobile Money and Digital Wallets

Operators must prove they understand high-risk corridors, manage agent-level exposure, and maintain clear thresholds or triggers for internal review. Notice 7/GBM/2024 introduced stricter controls on transaction types and limits.

Gig-Platform and Marketplace Payouts

Irregular income patterns and fragmented seller networks require adaptive risk scoring.

FX, Remittances and Cross-Border Services

These segments face the strongest expectations for governance, risk classification and escalation documentation.

NPOs

NPOs must be treated as a distinct risk class due to 2025 findings highlighting vulnerabilities in this sector.

Building an Effective AML Program in 2025–2026

Here is a practical checklist for early-stage companies:

1. Define governance early
   Ensure compliance leadership is independent and reports to the board.
2. Update risk assessment annually
   Incorporate product-specific data, SAR trends, agent network behaviour and external sectoral risks.
3. Use clear escalation paths
   Define what triggers review, who evaluates cases and what evidence must be collected.
4. Document decisions rigorously
   Every escalation or denial should be traceable during supervisory review.
5. Develop effectiveness metrics
   Examples: speed of red-flag response, number and quality of SARs, investigative depth.
6. Train staff with local examples
   Avoid generic international templates. Use Mozambique-specific patterns and typologies.

What Changed After October 2025: Quick Checklist

• Mozambique is now medium-risk internationally
• Global partners reduce automatic EDD requirements
• Domestic supervision intensifies, with focus on effectiveness
• Annual reviews of AML risk assessments required
• Higher scrutiny of crypto-linked activity, NPOs, agent networks
• More emphasis on measurable outcomes: SAR quality, escalation logic, audit trails

Preparing for Supervisory Engagement

Institutions should be ready to demonstrate:

• Real case studies of SAR investigations
• How effectiveness metrics are tracked
• How risk classifications were created and reviewed
• How the board oversees AML in practice
• How policies translate into daily operations
• How high-risk scenarios are escalated

Regulators increasingly expect companies to present concrete evidence of risk mitigation, not theoretical frameworks.

Conclusion

Mozambique’s AML environment is entering a new era: internationally recognized reforms, stronger supervisory expectations, and deeper focus on measurable outcomes. For fintechs and digital platforms, this means that compliance must evolve from a formality into a proven risk-management function. Companies that invest early in governance, clear escalation processes, strong documentation culture and evidence-driven decision-making will scale faster and withstand the supervisory tightening that continues into 2026.