KYC Compliance in Cabo Verde: 2026 Guide for Regulated Businesses

Cabo Verde sits at an unusual intersection for compliance teams: a small island economy with a diaspora three times larger than its resident population, a financial intelligence unit (CENTIF) that has been under-resourced for years, and a data protection framework that predates the GDPR by two decades. For regulated businesses operating in the archipelago — or onboarding Cabo Verdean nationals from abroad — KYC is not a simple checklist exercise. VOVE ID helps teams operating in markets like this build document verification programmes that work across the full range of national ID formats, including the biometric CNI issued under Decree-Law No. 19/2014.

This guide covers the current KYC framework in Cabo Verde, including the primary legislation, supervisory structure, acceptable documents, digital infrastructure, diaspora friction points, and data protection obligations. For the underlying verification framework, see our KYC Requirements Explained: 2026.

The Legal Framework: Law No. 57/VIII/2013

The primary legislation governing KYC obligations in Cabo Verde is Law No. 57/VIII/2013, the country's main anti-money laundering and counter-terrorism financing statute. This law establishes CDD requirements for financial institutions and designated non-financial businesses and professions (DNFBPs), including obligations around customer identification, beneficial ownership, ongoing monitoring, and record-keeping.

The law was preceded by Law No. 17/VI/2002, the earlier AML statute, which established initial CDD requirements but was assessed as insufficient across several FATF recommendations. Law No. 57/VIII/2013 represents a significant update, introducing risk-based CDD, enhanced due diligence for higher-risk relationships, and more formal beneficial ownership requirements.

Supplementing this framework, Law No. 58/VIII/2013 addresses beneficial ownership disclosure specifically, requiring that the natural persons ultimately owning or controlling more than 25% of an entity be identified and documented.

Supervisory Structure: BCV and CENTIF

Customer due diligence in Cabo Verde is supervised through two main bodies.

The Banco de Cabo Verde (BCV) — the central bank — acts as the primary supervisory authority for banks and non-bank financial institutions. BCV issues notices, circular notes, and technical instructions with compliance obligations attached. Its supervisory mandate covers CDD practices, suspicious transaction monitoring, and AML programme adequacy across the financial sector.

CENTIF (Centro de Informação e Segurança Financeira) is Cabo Verde's financial intelligence unit, responsible for receiving and analysing suspicious transaction reports (STRs). CENTIF also oversees beneficial ownership disclosure compliance as part of the entity formation process. The 2019 GIABA Mutual Evaluation Report identified significant resource constraints at CENTIF — both human and financial — that limited its capacity to process and act on reports received. A 2025 follow-up noted some progress in technical compliance but the country remains in enhanced follow-up.

For DNFBPs — lawyers, notaries, accountants, real estate agents, and others — supervisory responsibility is fragmented: the Bar Association oversees lawyers, the General Directorate of Registries, Notaries and Identification supervises notaries and registrars, and the Order of Professional Auditors and Certified Accountants covers the accounting profession. This sector-by-sector split, combined with limited AML capacity outside the banking system, means that KYC coverage varies materially across obliged entities.

Acceptable Identity Documents

For individual KYC in Cabo Verde, the primary accepted identity document is the Cartão Nacional de Identificação (CNI), the national identity card introduced by Decree-Law No. 19/2014 of March 17 and officially launched in January 2018. The CNI is a biometric document containing an embedded chip with the holder's facial photo in JPEG2000 format, two digital fingerprints, and digital certificates for authentication and electronic signature. The card is valid for five years and is compulsory for all Cabo Verdean citizens from age four.

The CNI contains a machine-readable zone (MRZ) consistent with ICAO standards, a 13-digit Civil Identification Number (NIF — structured as YYYYMMDDSAAAC), surname, given names, date of birth, sex, height, nationality, and expiry date. From a document OCR perspective, it is a well-structured credential. The chip supports digital authentication via the Autentika platform (portal-autentika.gov.cv), the state eID system, enabling remote identification for Cape Verdean public administration portals and services.

The passport remains an acceptable alternative, particularly for foreign nationals and diaspora members who may not have renewed their CNI through consular channels. Cabo Verde maintains a consular presence in Portugal, the US, France, Luxembourg, the Netherlands, Italy, the Netherlands Antilles, Senegal, and Angola — the primary diaspora corridors.

For foreign nationals residing in Cabo Verde, a Residence Permit (Autorização de Residência) issued by the Serviço de Estrangeiros e Fronteiras (SEF) serves as the accepted identity document.

Digital Infrastructure: SNIAC and Autentika

The Sistema Nacional de Identificação e Autenticação Civil (SNIAC) is the civil identification infrastructure managed by the Ministry of Justice. SNIAC coordinates CNI issuance, biometric data collection, and the civil registration system. The CNI's embedded chip enables authentication via smart card readers in conjunction with the Autentika portal — the government's digital identity gateway.

In practice, this digital stack covers public administration interactions but does not yet constitute a national KYC platform accessible to private sector obliged entities. Banks and financial institutions still rely primarily on in-person document presentation or document scan/OCR workflows for customer identification. There is no publicly accessible identity verification API linked to the national registry that regulated firms can query directly.

This matters operationally: a fintech or payment provider onboarding Cabo Verdean customers digitally must build its own document verification layer rather than leverage a government verification oracle. For teams onboarding both resident nationals (CNI) and diaspora members (passports, foreign-issued IDs), document variety is the core challenge.

The Diaspora Onboarding Problem

The diaspora dimension is not a secondary consideration in Cabo Verde — it defines the risk profile. With approximately 1.5 million people in the diaspora against a domestic population of around 500,000, and remittances reaching a record €278 million in 2024 (with Portugal at 32%, the US at 29%, and France at 19% of total flows), regulated entities face a customer base that is largely located outside the country.

This creates a specific set of KYC friction points:

First, diaspora Cabo Verdeans may hold documents issued in multiple jurisdictions — Portuguese national IDs, American passports, French residence permits — rather than Cabo Verdean CNIs. While the CNI is legally required for all Cabo Verdean nationals, renewal through consular channels is not universal. In practice, banks have to accept foreign government-issued documents for diaspora customers, requiring systems capable of processing a wide range of document formats and issuing jurisdictions.

Second, address verification for diaspora customers is non-trivial. Standard proof-of-address documents (utility bills, bank statements) may be issued in Portuguese, French, English, or Kriolu, and may reference non-local address formats that are harder to validate against a reliable database.

Third, the volume of low-value, high-frequency remittance flows creates a monitoring challenge: the pattern of regular small transfers from the diaspora is normal behaviour, but the same profile can mask layering through household networks. Calibrating transaction monitoring for a remittance-heavy customer base requires differentiated baseline profiling.

VOVE ID's Portuguese-language document OCR capability is directly relevant here: the CNI, older bilhete de identidade formats, and Portuguese-issued documents are all in the primary language of the Cabo Verdean population, and accuracy at the OCR layer determines downstream data quality for the entire CDD process.

CDD Requirements and Enhanced Due Diligence

Under Law No. 57/VIII/2013, obliged entities must:

Verify the identity of customers before establishing a business relationship or executing a transaction above applicable thresholds, using reliable and independent sources. For natural persons, this means full name, date of birth, nationality, and residential address, supported by a government-issued identity document.

Apply ongoing monitoring to existing relationships, updating customer information when circumstances change and reviewing transaction patterns for consistency with the declared purpose of the relationship.

Apply enhanced due diligence (EDD) to higher-risk customers, including politically exposed persons (PEPs), customers from high-risk jurisdictions, and relationships where the source of funds or purpose of the business relationship presents elevated risk indicators.

BCV has issued specific notices governing CDD procedures for financial institutions under its supervision, covering identification of beneficial owners of corporate customers (25% threshold) and timing requirements for completion of verification before a relationship becomes active.

Data Protection: CNPD and Law 133/V/2001

KYC processes generate significant volumes of personal data — identity documents, biometric data in some workflows, transaction histories, and source of funds documentation. In Cabo Verde, data protection is governed by Law No. 133/V/2001, which holds the distinction of being the first comprehensive data protection statute enacted on the African continent. The law has since been amended twice: by Law No. 41/VIII/2013 and by Law No. 121/IX/2021.

The 2021 amendment introduced GDPR-aligned rights including the right to data portability, the right to erasure, and explicit requirements around consent. It also extended the law's territorial scope to cover foreign controllers processing data of individuals in Cabo Verde.

The supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD), which became operational in 2015. Controllers are required to notify the CNPD before processing begins. Fines under the law range from CVE 1 million to CVE 100 million for standard violations, rising to CVE 300 million for repeat offences.

For financial institutions, the interplay between AML-mandated data retention and CNPD data minimisation principles requires explicit documentation: identity verification data held for compliance purposes falls under a legal obligation basis, not consent. Record retention obligations under AML law are generally set at ten years in Cabo Verde, consistent with FATF guidance — but this needs to be documented in the institution's data protection register.

Sector-Specific Considerations

Tourism sector: Cabo Verde welcomed over one million tourists in 2023, with projections moving toward 1.3 million by 2026. The accommodation sector, money exchange operators, and payment facilitators serving the tourism industry have CDD obligations but historically lower supervisory attention than banks. For any fintech targeting the tourism corridor — payments, currency exchange, travel wallets — a tourism-sector risk assessment is required.

Offshore financial institutions (IFIs): Cabo Verde maintains a separate licensing regime for international financial institutions operating in the offshore sector. The 2009 ROSC assessment noted material differences between onshore and offshore supervisory arrangements. The gap has narrowed, but IFIs with cross-border client bases still represent a higher-complexity onboarding environment.

Micro-finance sector: Several NGOs operate micro-lending programmes in Cabo Verde using public funds from European and North American cooperation. BCV has supervisory authority over licensed micro-finance institutions. CDD in this sector often involves customers with limited formal documentation, and simplified due diligence provisions may apply for low-value accounts.

What Breaks in Practice

The GIABA 2019 Mutual Evaluation identified several structural friction points that remain relevant to compliance teams operating in Cabo Verde today:

STR filing is heavily concentrated in commercial banks — historically, over 90% of reports came from bank branches, predominantly in Santiago. DNFBPs across real estate, legal services, and accountancy have had minimal engagement with CENTIF and limited awareness of their reporting obligations.

The UIF/CENTIF capacity gap means that even well-structured reports may receive limited follow-up at the FIU level, which reduces the deterrence effect of the STR framework and creates reputational uncertainty for institutions that file frequently relative to those that don't.

Document verification in branches often relies on physical inspection rather than systematic OCR or database checks. For digital-first onboarding, the absence of a government verification API means institutions must rely on their own document authentication layer, with no real-time link to the SNIAC registry.

Building an audit-ready KYC programme in Cabo Verde means designing for a supervisory environment where BCV examinations are the primary accountability mechanism. Audit logs, version-controlled customer files, and documented risk-assessment rationales are the operational foundation of a defensible compliance posture.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC/KYB/AML requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.