AML in Mali: Regulatory Framework, Key Risks, and Compliance Expectations

Anti–Money Laundering (AML) requirements in Mali form part of a broader regional effort to strengthen financial integrity across the West African Economic and Monetary Union (WAEMU). AML obligations focus on risk management, internal controls, reporting, and governance, and apply continuously throughout the business relationship.

For banks, fintechs, payment institutions, and other regulated entities operating in or connected to Mali, understanding the AML framework is essential to mitigating financial crime risk and maintaining trust with regulators and international partners. Tools such as VOVE ID are increasingly used by compliance teams to structure and operationalise these obligations across jurisdictions.

AML regulatory framework in Mali

Mali’s AML regime is shaped primarily by regional harmonisation under WAEMU. The applicable framework is based on:

• The WAEMU Uniform Law on AML/CFT/CPF, adopted by the WAEMU Council of Ministers in 2023, transposing updated FATF standards across all member states;
• National implementing measures, adopted progressively as part of the transposition of the 2023 Uniform Law into Malian law, a process that was largely completed by 2025 in line with WAEMU timelines;
• Supervisory regulations, instructions, and guidance issued by the Central Bank of West African States (BCEAO).

Financial intelligence and coordination functions are carried out by CENTIF-Mali, which receives and analyses reports from obligated entities and cooperates with national and regional authorities.

In June 2025, Mali was removed from the Financial Action Task Force (FATF) list of jurisdictions under increased monitoring. As a result, supervisory focus has shifted from formal legal alignment toward the effectiveness of AML controls, quality of supervision, and practical use of financial intelligence.

Scope of AML obligations

AML compliance in Mali requires institutions to be able to detect, prevent, and report suspicious activity on an ongoing basis. Core obligations typically include:

• Establishing internal AML policies, procedures, and control frameworks;
• Defining clear compliance responsibilities and governance structures;
• Monitoring activity for unusual or suspicious patterns;
• Reporting suspicious activity to the competent authority;
• Maintaining adequate documentation and audit trails.

These obligations are subject to supervisory review and enforcement at both national and WAEMU levels.

Suspicious Transaction Reporting (STR)

When an institution identifies activity that may be linked to money laundering, terrorist financing, or proliferation financing, it must submit a Suspicious Transaction Report (STR) to CENTIF-Mali.

STRs are generally filed electronically via the CENTIF-Mali reporting platform, in line with FIU practices across the WAEMU region. In accordance with BCEAO instructions and national AML rules, reports are expected to be submitted within 24 hours of identifying the suspicion.

Any form of tipping-off (informing the customer or a third party that a report has been filed or is being considered) is strictly prohibited and is a frequent focus during regulatory inspections.

AML risk areas relevant to Mali

Certain risk factors are particularly relevant in the Malian context and should be reflected in institutional risk assessments, including:

• Cash-intensive economic activity, which can limit transaction traceability;
• Gold and extractive sectors, including artisanal mining and informal trade;
• Humanitarian aid and donor-funded flows, often involving complex operational structures;
• Cross-border trade within WAEMU and with higher-risk jurisdictions;
• Exposure to politically exposed persons (PEPs) and public-sector-linked activity.

Following Mali’s exit from the FATF grey list, regulators have placed greater emphasis on how institutions identify, assess, and mitigate these risks in practice, rather than solely on the existence of policies.

Internal controls and governance

Effective AML compliance in Mali requires more than formal policies. Supervisory authorities expect institutions to demonstrate:

• Clear segregation of duties and compliance oversight;
• Ongoing AML training for relevant staff;
• Defined escalation and decision-making procedures;
• Independent testing or internal audit of AML controls.

Weak governance or insufficient resourcing is commonly treated as a compliance deficiency.

Record-keeping obligations

AML-related records (including internal assessments, STR documentation, and supporting evidence) must generally be retained for at least 10 years after the end of a business relationship or the completion of a transaction.

Where an investigation, supervisory action, or legal proceeding is ongoing, record-keeping obligations may be extended beyond the standard retention period.

Sanctions and supervisory consequences

Failure to comply with AML obligations in Mali may result in:

• Administrative sanctions and financial penalties;
• Corrective or remedial measures imposed by supervisors;
• Suspension or withdrawal of licenses in serious cases;
• Criminal liability for intentional or systemic violations.

In addition to national enforcement, the BCEAO may impose sanctions at the WAEMU level, meaning AML deficiencies can have regional consequences, including reputational damage and restrictions imposed by international correspondent banks.

Conclusion

AML compliance in Mali is a continuous, risk-driven process that extends well beyond onboarding. Strong governance, timely reporting, and controls aligned with WAEMU standards are essential to reducing financial crime risk and sustaining cross-border operations in 2026 and beyond.

For compliance teams operating across Africa and MENA, platforms such as VOVE ID help standardise AML processes, documentation, and risk frameworks across multiple jurisdictions, supporting operational efficiency without compromising regulatory expectations.