AML Compliance in Seychelles: A 2026 Guide for Fintechs and Regulated Businesses

Seychelles is not on the FATF grey list. It is also not out of enhanced scrutiny. The country has been under ESAAMLG's Enhanced Follow-up Process since its 2018 Mutual Evaluation Report, filing bi-annual progress reports and receiving re-ratings against technical compliance deficiencies. The 12th enhanced follow-up report, issued in August 2025, recorded further upgrades. A third mutual evaluation cycle started in June 2025.

For financial institutions operating in Seychelles or dealing with Seychelles-incorporated entities, the AML framework is substantive and has been significantly updated since 2020. VOVE ID works with regulated firms across jurisdictions that frequently encounter Seychelles-domiciled counterparties — IBCs, VASPs, fiduciary structures, and funds.

This guide covers the AML/CFT obligations in force in 2026, the key enforcement mechanisms, and the sector-specific ML risks that determine where programs fail in practice. For the underlying AML framework and monitoring methodology, see our AML Requirements Explained 2026: Compliance Operating System for Regulated Financial Institutions.

The AML/CFT Legal Framework

The Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020 is the primary AML statute. It came into force on 28 August 2020, replacing earlier AML legislation and consolidating obligations for reporting entities. A consolidated version incorporating amendments through January 2025 is available from the FIU.

The Act is supported by the AML/CFT Regulations 2020, which provide detail on CDD procedures, record-keeping, and the mechanics of threshold reporting. The Prevention of Terrorism Act 2004 (amended in 2022, 2023, and 2024) operates alongside the AML/CFT Act for CFT obligations.

Key implementing instruments include:

• FIU Guidelines on CDD and Ongoing Monitoring
• Guidelines for Suspicious Transaction Reporting
• Guidelines for Submission of Cash Transaction Threshold Reports (CTTR)
• Guidelines for Submission of Wire Transfer Threshold Reports (WTTR)
• AML-CFT Institutional Risk Assessment Guidelines
• CBS Directive No. 3 of 2025 (covering CBS-supervised institutions)

Regulators and Their Supervisory Roles

FIU (Financial Intelligence Unit): Central authority for STR receipt, analysis, and dissemination. Maintains the Beneficial Ownership database. Issues guidelines and circulars. All reporting entities must register with the FIU.

CBS (Central Bank of Seychelles): Supervises banking institutions, credit unions, payment service providers, and leasing companies for AML/CFT compliance. Issues its own directives — Directive No. 3 of 2025 is the most recent CBS-level AML instrument.

FSA (Financial Services Authority): Supervises non-banking financial institutions including securities dealers, insurance companies, fund administrators, fiduciary service providers, and — since September 2024 — VASPs.

NAMLATFC / NAC: The inter-agency National AML/CFT Committee coordinates national policy across FIU, CBS, FSA, law enforcement, and other bodies.

Seychelles Police Force and law enforcement agencies handle investigation and prosecution of predicate offences and ML crimes.

STR Reporting Obligations

Under Section 48 of the AML/CFT Act, reporting entities must submit a Suspicious Transaction Report (STR) to the FIU where there are reasonable grounds to suspect that a transaction or service is related to money laundering or terrorist financing. The obligation applies regardless of the amount involved.

The FIU's STR guidelines specify the information to be included, the submission process, and confidentiality protections for reporting entities. Tipping off a customer that an STR has been filed is a criminal offence.

A transaction can be both above the CTTR/WTTR threshold and suspicious. In that case, both a threshold report and an STR must be filed. The two are not interchangeable.

Threshold Reporting: SCR 50,000

Cash Transaction Threshold Reports (CTTR): required for individual cash transactions of SCR 50,000 or above, or aggregated cash transactions by the same customer that total SCR 50,000 within a period covered by the FIU's guidelines. The reporting obligation covers deposits, withdrawals, and physical cash movements.

Wire Transfer Threshold Reports (WTTR): required for any wire transfer of SCR 50,000 or more sent cross-border or received, and for domestic wire transfers at the same threshold. Financial institutions executing electronic fund transfers are subject to this requirement. Bureaux de change have a parallel WTTR obligation for forex transactions.

Cross-border cash declarations: under Section 75(1) of the AML/CFT Act, any person physically transporting SCR 50,000 or more into or out of Seychelles must declare to Customs. The Customs Department provides these declarations to the FIU.

FIU Circular No. 4 of 2021 updated the reporting thresholds and templates, superseding earlier threshold reporting requirements that had been in place since 2020.

Record Retention: 7 Years

Reporting entities must retain records of customer identification, transactions, and due diligence measures for a period sufficient to reconstruct transactions and demonstrate compliance. The AML/CFT Act and the Beneficial Ownership Act 2020 both establish a 7-year retention floor for the relevant records. For BO data specifically, Section 5 of the BO Act requires NPOs and legal entities to retain financial records and member information for at least seven years.

The Beneficial Ownership Enforcement Gap

The Beneficial Ownership Act 2020 requires all Seychelles legal persons and legal arrangements — including IBCs — to maintain a Register of Beneficial Owners and submit data to the private FIU BO database through their resident agent. The submission deadline was 1 May 2021.

In practice, compliance has been uneven. The FIU issued Circular No. 2 of 2024 as a final notice for compliance with the BO Act, indicating that enforcement was being stepped up. The CBS issued a parallel directive to CBS-supervised entities. Penalties for resident agents failing to comply with BO disclosure requirements reach SCR 50,000 per violation.

For AML purposes, the UBO gap is material. An entity without an accurate, current BO register entry is an entity whose beneficial ownership cannot be independently confirmed through the government database. This is not a theoretical risk in Seychelles — it is the acknowledged state of play that led to the 2024 enforcement notice.

The VASP Act 2024: AML Implications

Before September 2024, Seychelles had no VASP licensing regime. Hundreds of entities operated as crypto exchanges, wallet providers, and related services using IBC structures without any specific AML supervision. The FIU's own National Risk Assessment identified this as a significant ML/TF vulnerability — unlicensed VASPs exploiting the offshore infrastructure had effectively created a shadow virtual asset financial system.

The VASP Act 2024 came into force on 1 September 2024. All VASPs must now hold FSA licences. AML/CFT obligations for VASPs include CDD on customers, STR reporting, transaction monitoring, and application of Travel Rule requirements for transfers above the applicable threshold. The FSA is the prudential and conduct regulator.

Transition was required by 31 December 2024. By November 2025, the FSA's Circular 14 signalled that enforcement expectations had not been met — the quality of transitional applications was below standard, and AML obligations applied in full throughout the transition period. The Code of Corporate Governance effective 1 January 2026 introduced additional governance requirements: board oversight of AML controls, documented risk assessments, and a compliance function with direct board reporting.

OKX, Bybit, KuCoin, eToro, HTX, BitMEX, and MEXC have all operated from Seychelles at various points. The concentration of major crypto platforms in the jurisdiction means that correspondent banking relationships and payment service arrangements with Seychelles VASPs are a compliance consideration for institutions across Europe, MENA, and Africa.

Sector ML Risks

Offshore IBC sector. The volume of IBC incorporations in Seychelles — combined with nominee director and shareholder norms — creates a structural ML risk around the offshore corporate sector. Shell company abuse, layering through corporate accounts, and the use of IBCs as counterparties in trade finance and payment transactions have all been identified in the ESAAMLG follow-up process.

Virtual assets. The pre-VASP Act period produced a large population of unregistered or under-supervised virtual asset operators. Even with the new licensing regime, the transition period and the mixed quality of AML programmes across smaller operators remain a risk factor through 2026.

Real estate. Tourism-driven real estate investment in Seychelles — particularly by non-residents — has been flagged as an ML exposure. High-value transactions, cash-adjacent payment structures, and limited AML supervision of the real estate sector are consistent risk factors across island jurisdictions.

Tourism and hospitality. Seychelles' economy is heavily tourism-dependent. The sector generates substantial cash flows and involves a large number of short-term international visitors, creating exposure to trade-based ML and integration of funds from external predicate offences.

Correspondent banking. Seychelles banks maintain correspondent relationships with international banks to facilitate international transactions. Correspondent banks face scrutiny of Seychelles as a jurisdiction, particularly for transactions involving IBC counterparties or VASP-related flows.

ESAAMLG Follow-up Process: Where Seychelles Stands

Seychelles has been in the ESAAMLG Enhanced Follow-up Process since the 2018 Mutual Evaluation Report found significant technical compliance deficiencies: 10 Recommendations rated Compliant, 10 Largely Compliant, 16 Partially Compliant, and 4 Non-Compliant.

The subsequent 12 follow-up reports record progressive improvement:

The 8th FUR (March 2023) noted upgrades on five recommendations, including R.19 (high-risk countries, upgraded to Compliant) and R.5, R.25, R.28, R.34 (upgraded to Largely Compliant).

The 10th enhanced FUR (April 2024) continued the re-rating process.

The 12th enhanced FUR (August 2025) recorded further progress. Among the areas covered: the VASP sector now has both legislative coverage and FIU/FSA coordination through a dedicated VASP working group under the NAC; NPO bank account requirements have been strengthened, with 106 of 173 FATF-defined NPOs now holding active bank accounts; and record retention obligations for NPOs were reinforced under Section 5 of the BO Act at 7 years.

A third round of mutual evaluations is scheduled to begin in June 2025. Seychelles' sequencing within that cycle has not been publicly confirmed, but the enhanced follow-up process continues until the new evaluation is completed.

Compliance Programme Requirements for Reporting Entities

All reporting entities must maintain:

A documented institutional risk assessment covering customer risk, product and service risk, geographic risk, and delivery channel risk.

A written AML/CFT policy aligned to the risk assessment.

A Compliance Officer (CO) and Alternate Compliance Officer (ACO) approved by the relevant supervisory authority (CBS or FSA depending on entity type). The CO must be notified to the FIU.

Staff training on AML/CFT obligations and red flags appropriate to the entity's business.

Independent audit and review of the AML/CFT programme.

Ongoing monitoring of the business relationship with each customer, including transaction monitoring against the risk profile.

For VASPs, the Code of Corporate Governance effective January 2026 adds a board-level AML oversight requirement and mandates documented governance around the compliance function.

VOVE ID supports the operational AML layer: sanctions screening against the major lists (OFAC, UN, EU, UAE, and others), transaction monitoring, and the biometric identity checks needed to verify UBO individuals behind IBC structures — particularly where the BO database cannot be independently queried.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC/KYB/AML requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.