KYC Compliance in Mauritania (2026): Identity Verification Requirements for Fintechs and Regulated Businesses

KYC obligations in Mauritania derive primarily from Ordinance No. 2007-006 on the prevention and repression of money laundering and terrorism financing, which established the core customer due diligence (CDD) requirements for financial institutions. The BCM operationalizes these obligations through regulatory circulars directed at banks, microfinance institutions, and payment service providers.

Mauritania is a GIABA member state, which means its AML/CFT framework is subject to periodic mutual evaluation against FATF standards — assessed through GIABA's evaluation process rather than direct FATF membership. The country underwent a mutual evaluation in 2020, with results identifying specific gaps in the effectiveness of the AML/CFT regime, particularly around financial intelligence unit (FIU) capacity and cross-sector supervision.

The financial sector regulator is the BCM. Insurance and some non-bank financial institutions fall under additional oversight, but for most fintech and payments compliance purposes, BCM circulars and the 2007 Ordinance form the operative legal basis.

Customer Due Diligence Requirements

Standard CDD applies to all new customers before establishing a business relationship. For individual customers, Mauritanian regulations require:

• Full legal name
• Date and place of birth
• Nationality
• Residential address
• Tax identification (where applicable)
• Purpose and intended nature of the business relationship
• Source of funds for higher-risk profiles

Enhanced due diligence (EDD) applies to:

• Politically exposed persons (PEPs) and their family members or close associates
• Non-resident customers
• Customers from jurisdictions with weak AML/CFT frameworks
• High-value or unusual transactions without clear economic rationale
• Correspondent banking relationships

The PEP definition under Mauritanian law covers domestic PEPs as well as foreign nationals holding prominent public functions. Given the structure of the Mauritanian economy — where state-owned entities are active across the fishing, mining, and energy sectors — PEP screening against domestic lists requires attention beyond standard international sanctions databases.

Accepted Identity Documents

For Mauritanian nationals, the primary accepted document is the Carte Nationale d'Identité Biométrique (national biometric identity card), issued by the Agence Nationale du Registre des Populations et des Titres Sécurisés (ANRPTS). ANRPTS manages the civil registry and biometric enrollment system — it is not a real-time verification API that financial institutions can query directly, but ANRPTS-issued documents carry machine-readable data that supports automated OCR.

For KYC purposes:

• Nationals: Biometric national ID card (primary), passport
• Foreign residents: Residence permit (carte de séjour) combined with a valid foreign passport
• Non-residents: Foreign passport; additional documentation may be required depending on the transaction type and risk classification

Mauritania issues documents with Arabic as the primary script, with some bilingual (Arabic/French) formatting. This is a practical consideration for any verification system that needs to extract fields from ID documents — Arabic OCR capability is required for reliable automated processing.

VOVE ID supports Arabic-language OCR and biometric liveness detection for Mauritanian document verification workflows.

Verification in Practice: Where Onboarding Breaks

The legal requirements are reasonably clear. The operational challenge is what happens when those requirements meet the actual document base in the field.

Mauritania's biometric national ID rollout through ANRPTS has been ongoing, but coverage across rural areas remains uneven. A portion of the population — particularly older residents and those in remote regions — still holds older non-biometric documents. For regulated institutions, this creates a gap: the BCM-required CDD standard expects reliable identity verification, but the document presented may be a legacy card with lower machine-readability.

A second friction point involves address verification. Mauritania lacks a comprehensive postal address system in practice, and many residents — particularly in Nouakchott's peripheral neighborhoods — cannot provide a formal street address. Regulated entities typically accept utility bills, attestations from local authorities, or similar secondary evidence. Building this into an automated onboarding flow is non-trivial.

For mobile money onboarding specifically, BCM has issued tiered KYC guidelines that allow lighter-touch verification at lower transaction limits, with full CDD required above defined thresholds. This risk-based tiering is common across West African mobile money frameworks, but the specific thresholds and document requirements under BCM rules apply here.

For a full breakdown of the identity verification framework and how risk-based KYC tiers work across jurisdictions, see our KYC Requirements Explained 2026: Identity Verification Framework for Fintech and Regulated Platforms.

Record Retention

Under Ordinance No. 2007-006, financial institutions are required to retain:

• Customer identification records and supporting documents: minimum 5 years from the date the business relationship ends
• Transaction records: minimum 5 years from the date of the transaction

These records must be available to the FIU (Cellule de Traitement du Renseignement Financier — CTRF) and other competent authorities upon request.

Non-Resident and Cross-Border Onboarding

Mauritania has an active diaspora, particularly in Senegal, Mali, France, and Spain. Financial institutions and remittance platforms onboarding non-resident Mauritanians need to account for:

• Verification of foreign-issued documents combined with proof of Mauritanian nationality
• Enhanced scrutiny for clients with source-of-funds in higher-risk jurisdictions
• GIABA-aligned obligations on cross-border transactions

For platforms operating remittance corridors into Mauritania, the BCM has specific requirements for money transfer operators that sit alongside the general KYC framework.

Digital KYC and the Infrastructure Gap

Mobile money penetration in Mauritania has grown, with operators including Mattel and Mauritel running mobile financial services. BCM oversight applies to these platforms, and tiered mobile KYC thresholds affect how onboarding is structured.

The absence of a national eID verification API means regulated institutions cannot perform real-time registry lookups against the ANRPTS database. Document verification relies on OCR and biometric matching against the presented document itself — not against a central registry. This makes liveness detection and face matching against the document photo the operative verification layer.

VOVE ID provides biometric liveness detection and face matching for exactly this use case — where the document is the verification anchor rather than a live registry query.

What This Means for Compliance Teams

If you're onboarding Mauritanian customers or operating in the country, the practical checklist looks like this:

• BCM-aligned CDD documentation with ANRPTS biometric ID as the primary document type
• Arabic-capable OCR for field extraction from national ID cards
• PEP screening that includes domestic Mauritanian PEP lists, not just international databases
• Tiered KYC thresholds for mobile money and lower-risk transaction types
• 5-year record retention from end of relationship or transaction date
• EDD applied to non-residents, PEPs, and high-value accounts
• CTRF reporting obligations for suspicious transactions

Mauritania isn't a high-volume market for most international fintechs, but it sits on remittance corridors and corridor payments flows that matter — and BCM's regulatory posture has been moving toward closer examination of compliance programs rather than just policy documentation.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC/KYB/AML requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.