KYC Compliance in Seychelles: A 2026 Guide for Fintechs and Regulated Businesses

Seychelles runs an outsized financial sector for a country of 100,000 people. The offshore IBC regime, a growing VASP population, and an established international financial services industry mean that a disproportionate number of fintech and compliance teams end up dealing with Seychelles-incorporated entities — often as counterparties rather than as the regulated firm itself. VOVE ID works with financial institutions onboarding customers across both jurisdictions that host such structures and those that are asked to accept them.

This guide covers the KYC (customer due diligence) framework in Seychelles as it stands in 2026. For the underlying CDD methodology and verification framework, see our KYC Requirements Explained 2026: Identity Verification Framework for Fintech and Regulated Platforms.

The Regulatory Architecture

Seychelles does not have a standalone KYC law. Customer due diligence obligations sit within the Anti-Money Laundering and Countering the Financing of Terrorism Act, 2020 (AML/CFT Act), which came into force on 28 August 2020 and consolidated and replaced prior AML legislation. The AML/CFT Act is supplemented by the AML/CFT Regulations 2020 and a series of FIU guidelines covering CDD, STR submission, and threshold reporting.

Three regulators share supervision of reporting entities:

The Financial Intelligence Unit (FIU) is the central authority for receiving and analysing STRs and threshold reports, maintaining the Beneficial Ownership database, and issuing compliance guidance. All reporting entities must register with the FIU.

The Central Bank of Seychelles (CBS) supervises banking institutions, credit unions, payment service providers, and other licensed financial institutions under the Financial Institutions Act.

The Financial Services Authority (FSA) regulates non-banking financial institutions, including securities dealers, fund administrators, insurance companies, fiduciary service providers, and — since September 2024 — virtual asset service providers under the VASP Act 2024.

The National Anti-Money Laundering and Countering the Financing of Terrorism Committee (NAMLATFC / NAC) coordinates national AML/CFT policy across agencies.

Who Is a Reporting Entity

The AML/CFT Act applies to a defined set of reporting entities. The list covers banks and credit institutions, payment service providers, bureaux de change, securities dealers, fund managers, insurance companies, fiduciary service providers, lawyers, accountants, notaries, real estate agents, and gambling operators. VASPs were added to the supervised population through the VASP Act 2024, effective 1 September 2024.

All reporting entities must register with the FIU, appoint a Compliance Officer and an Alternate Compliance Officer, and maintain a documented AML/CFT programme aligned to an institutional risk assessment.

CDD: What the Law Requires

The AML/CFT Act uses the term "customer due diligence" rather than KYC, but the content is the same. Reporting entities must verify the identity of customers at the point of establishing a business relationship, when executing an occasional transaction above the threshold, and when there are grounds for suspicion regardless of amount.

Standard CDD requires collecting and verifying:

For natural persons: full legal name, date of birth, address, and a government-issued identity document with a photograph.

For legal persons: registered name, registration number, legal form, registered address, and identity of the persons controlling or owning the entity (see the KYB section below for entity-level requirements).

The FIU's CDD guidelines state that documents issued by reputable government sources should be required, and copies or reference numbers retained as part of the customer file.

Accepted Identity Documents

The primary identity document in Seychelles is the national ID card issued by Immigration and Civil Status. For Seychellois nationals, this is the standard CDD document. Passports — issued by the Immigration and Civil Service Department — are also accepted and are the practical fallback for foreign nationals.

For foreign customers, any national identity document or passport from a jurisdiction subject to equivalent AML/CFT supervision is generally acceptable. The FIU's guidelines allow reporting entities to rely on documents from foreign jurisdictions where those jurisdictions meet FATF standards.

There is no national eID or biometric database for CDD verification purposes. Document verification relies on the physical document or a scanned copy, and liveness checks are not mandated by law — though regulated entities operating digitally are expected to maintain verification standards appropriate to their risk exposure.

VOVE ID covers Seychelles documents including the national ID card and passport, with OCR extraction, face matching against the document photo, and biometric liveness detection — the combination that closes the gap between document acceptance policy and actual verification quality for remote onboarding.

Enhanced Due Diligence Triggers

The AML/CFT Act and FIU guidelines require enhanced due diligence in a number of defined circumstances:

Politically Exposed Persons (PEPs). Seychelles follows the FATF definition. Foreign PEPs trigger EDD automatically. Domestic PEPs and international organisation PEPs require a risk-based assessment. For any PEP, the firm must obtain senior management approval, establish the source of wealth and source of funds, and apply enhanced ongoing monitoring.

High-risk jurisdictions. The AML/CFT Act explicitly references FATF high-risk country designations. Circular No. 10 of 2021 formalised obligations on reporting entities in respect of high-risk jurisdictions, and subsequent circulars (2022, ongoing) update the list as FATF statements are issued.

Non-face-to-face customers. Remote onboarding requires compensating measures. The FIU's guidelines do not prescribe the specific technology, but expect the verification standard to be equivalent to in-person CDD.

Nominee arrangements. This is an area of specific risk in Seychelles given the IBC sector. Where nominee directors or shareholders are used, the reporting entity must look through to the actual beneficial owner. This applies both when onboarding the entity itself and when the entity is the customer of a financial institution.

Threshold Reporting: The SCR 50,000 Line

Under Section 5 of the AML/CFT Act, reporting entities must file reports with the FIU for cash transactions and wire transfers above defined thresholds.

Cash Transaction Threshold Reports (CTTR): required for any cash transaction of SCR 50,000 or more. Aggregated transactions by the same customer that together exceed SCR 50,000 must also be reported. The reporting obligation covers deposits, withdrawals, currency exchanges, and physical cash movements.

Wire Transfer Threshold Reports (WTTR): required for any wire transfer of SCR 50,000 or more (or equivalent in foreign currency) sent or received cross-border, or sent domestically. Bureaux de change have a separate reporting obligation for forex transactions above the threshold.

Cross-border cash declarations: under Section 75(1) of the AML/CFT Act, any person transporting cash of SCR 50,000 or more into or out of Seychelles must declare to Customs. Customs forwards declarations to the FIU.

Threshold reports are separate from STRs. Where a transaction is both above the threshold and suspicious, both a CTTR/WTTR and an STR must be filed. The FIU emphasises that STR obligations apply regardless of amount wherever there are reasonable grounds to suspect money laundering or terrorist financing.

Record Retention

Reporting entities in Seychelles must retain records sufficient to reconstruct transactions and demonstrate compliance with CDD obligations. The AML/CFT Act and the Beneficial Ownership Act 2020 require retention of beneficial ownership records for at least 7 years. CDD and transaction records are subject to equivalent retention periods under the AML/CFT framework.

Where CDD Onboarding Breaks in Practice

Foreign nationals. The Seychelles population includes a significant number of foreign workers, particularly in tourism and hospitality. These customers often cannot present a Seychelles national ID. Foreign passports are accepted, but the variety of document formats — particularly from African, South Asian, and Southeast Asian jurisdictions — creates practical friction for operations not equipped to handle diverse document types.

IBC nominee layers. A standard Seychelles IBC may have a registered agent, a nominee director, and a nominee shareholder sitting between the financial institution and the actual beneficial owner. CDD on the IBC requires identifying and verifying the natural persons behind these structures, which the nominee layer is specifically designed not to make easy.

VASP customers. Since September 2024, VASPs must hold FSA licences and meet CDD requirements as both regulated entities and in respect of their own customers. For financial institutions dealing with VASPs as clients, the onboarding requirements include understanding the VASP's own AML programme and customer base — a layer of business-level due diligence that runs in parallel with individual CDD.

High-risk jurisdiction customers. Given Seychelles' position in the international financial system, institutions regularly encounter customers with connections to FATF-listed jurisdictions. Each of these triggers an EDD obligation with senior management sign-off, which creates operational bottlenecks when not built into the onboarding workflow from the start.

The VASP Act 2024 and Its CDD Implications

The Virtual Asset Service Providers Act 2024 came into force on 1 September 2024, bringing crypto exchanges, wallet providers, brokers, and related operators under FSA supervision for the first time. The Act requires VASPs to apply CDD and AML/CFT obligations consistent with the AML/CFT Act 2020 and FATF Recommendation 15.

Around 20% of global crypto exchanges have at various points held Seychelles IBC structures. The VASP Act ended the prior no-licence regime: existing operators had to apply for a VASP licence by 31 December 2024. By November 2025, the FSA's Circular 14 made clear that transitional status carried no reduction in AML/CFT obligations and that application quality to date had been inadequate.

For institutions that bank or provide correspondent services to Seychelles-incorporated crypto entities, this has compliance implications in both directions: the VASP must now meet documented CDD standards, and the correspondent institution must assess whether it is satisfied with the VASP's AML programme as part of its own onboarding process.

Data Protection

Seychelles' data protection framework is the Data Protection Act 2002 (Act 9 of 2003). Institutions collecting personal data for CDD purposes must obtain customer consent, process data only for defined purposes, and allow customers to request erasure. In practice, AML obligations and data protection obligations create tension around retention requirements: the 7-year retention period under the AML/CFT framework takes precedence over data minimisation requests related to AML records.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC/KYB/AML requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.