KYC Compliance in Tanzania (2026): Identity Verification Requirements for Fintechs and Regulated Businesses

Tanzania removed itself from the FATF grey list in June 2025 — a milestone that reflects genuine regulatory progress but also raises the compliance bar for every regulated entity operating in the market. Bank of Tanzania supervision is more active, FIU enforcement expectations are higher, and the standard for "adequate" KYC has shifted accordingly.

At the same time, Tanzania's financial landscape creates real operational complexity: 63 million mobile money accounts, 70% of adults with formal ID, 36% smartphone penetration, and a predominantly cash-based economy outside major cities. KYC that works in Dar es Salaam needs to work in Mwanza and Dodoma too.

For fintechs and regulated businesses navigating this environment, VOVE ID provides identity verification built for African markets — biometric liveness, document OCR across Tanzanian ID formats, and audit-ready logging that meets BoT evidentiary standards.

This guide covers the Tanzania-specific KYC layer: the legal framework, accepted documents, digital identity infrastructure, risk classification, and where onboarding breaks in practice. For the underlying KYC system architecture, see our KYC Requirements guide.

The Legal Framework

KYC obligations in Tanzania are anchored in the Anti-Money Laundering Act (Cap. 423, Revised Edition 2023) and operationalised through the AML Regulations 2022. Together these establish:

• Mandatory customer due diligence for all regulated entities
• Risk-based verification depth — not a uniform checklist
• Record-keeping obligations of 10 years after the end of the business relationship
• Suspicious transaction reporting to the FIU within 24 working hours of confirmed suspicion

The Personal Data Protection Act 2022, in effect since May 2023, adds a consent and data handling layer: explicit customer consent is required for collecting and processing personal data, with fines up to TZS 100 million (~$38,000) for violations. This applies directly to KYC data collection workflows.

Who Must Comply

KYC obligations apply to:

• Banks and financial institutions
• Payment service providers, mobile money operators, and licensed fintechs
• Insurance companies
• Capital markets participants
• DNFBPs: lawyers, accountants, real estate agents, casinos

Bank of Tanzania (BoT) supervises banks, payment institutions, and fintechs. FIU (Financial Intelligence Unit) receives and analyses Suspicious Transaction Reports. BRELA manages business registrations relevant to KYB components of corporate onboarding.

Accepted Identity Documents

Tanzanian nationals: The National ID issued by NIDA (National Identification Authority) is the primary document. NIDA maintains a centralised biometric database — the most reliable identity source in the country for financial institutions conducting due diligence.

Voter cards are accepted as a secondary document with additional checks. Driver's licences are also accepted but carry higher fraud risk and require additional verification steps.

Foreign nationals: Passport is the standard document. For residents, a valid work or residence permit may be required for higher-risk or longer-term relationships.

Additional documentation for EDD: Utility bills no older than three months, proof of address, source of funds documentation. For senior management approval cases, the full evidence file must be documented.

Tanzania's Digital Identity Infrastructure

NIDA is the central identity authority. It maintains a biometric database of Tanzanian citizens and provides verification services for organisations integrating identity validation. For KYC purposes, NIDA is the most authoritative identity source available — financial institutions that can query NIDA data get a significantly stronger verification signal than document capture alone.

As of December 2024, approximately 70% of Tanzanian adults hold a NIDA national ID. The remaining 30% — disproportionately rural, elderly, and lower-income — present a real operational gap for platforms trying to reach the unbanked population.

Mobile infrastructure: Internet penetration reached 72% by March 2025, largely driven by mobile networks. Smartphone penetration stood at 36%. For eKYC purposes, this means mobile-first verification flows are essential, but must be designed for low-bandwidth environments and intermittent connectivity.

This is where platforms like VOVE ID close the gap — biometric liveness and document OCR that works in low-bandwidth conditions, with audit logging aligned with BoT standards. Tanzania's identity infrastructure is growing, but verification systems cannot assume clean connectivity or uniform document quality across all markets.

Risk Classification Under AMLA and AML Regulations 2022

Tanzania's KYC framework mandates risk-based due diligence — explicitly required under the AML Regulations 2022, not optional tiering:

Standard CDD applies to typical low-to-medium risk individual clients. Identity verification, document check, and basic screening are the baseline.

Enhanced Due Diligence (EDD) is mandatory for:

• Politically Exposed Persons (PEPs) and their close associates
• Cross-border customers and non-residents
• High-value transactions or accounts with unusual funding patterns
• Clients from high-risk jurisdictions
• Complex ownership structures or opaque beneficial ownership

For EDD cases, senior management approval is required before activation under BoT guidelines.

Simplified due diligence is permitted for clearly low-risk relationships but must be documented and defensible under BoT review.

Risk classification is not a one-time onboarding decision — it must be updated throughout the relationship when client circumstances change.

Cash Transaction Reporting

KYC connects directly to AML reporting obligations through cash transaction thresholds:

• Cash transactions of TZS 20 million (~USD 7,500) or above trigger mandatory monitoring and reporting
• Electronic transfers of USD 1,000 or above have separate reporting requirements
• Suspicious transactions must be reported to the FIU within 24 working hours of confirmed suspicion

For the full AML monitoring and reporting framework in Tanzania, see our AML Compliance in Tanzania guide.

Where KYC Breaks in Practice

NIDA coverage gap. 30% of adults without formal ID creates a systematic onboarding challenge — particularly for platforms targeting rural populations or the unbanked. Fallback verification flows and alternative document handling are not optional features for platforms with financial inclusion mandates.

Document diversity. Tanzania has multiple accepted ID types — NIDA national ID, voter card, driver's licence, passport — each with different fraud risk profiles and varying document quality. Verification systems must handle all formats, not just the cleanest case.

Low-bandwidth environments. eKYC designed for urban connectivity fails in rural markets. Mobile money platforms with agent networks extending into rural Tanzania need verification that works under real infrastructure conditions, not idealised ones.

Personal Data Protection Act compliance. The 2022 Act adds consent management requirements on top of identity verification. KYC workflows that collect data without explicit, documented consent are non-compliant — a gap that many platforms built before May 2023 have not fully remediated.

FATF grey list exit — higher scrutiny, not lower. Tanzania's June 2025 exit from the FATF grey list means international partners and correspondent banks apply less automatic additional scrutiny — but domestic BoT and FIU enforcement has actually increased as regulators demonstrate they can maintain the standard. Compliance gaps that were tolerated in 2024 are less likely to be overlooked in 2026.

Agent network KYC consistency. With over 1.4 million mobile money agents, KYC enforcement at the agent level is a systemic challenge. Agent-collected identity data varies in quality, and platforms bear responsibility for the verification standards applied at their agent touchpoints. For the compliance system architecture that connects agent risk to central monitoring, see our Tanzania Fintech Compliance guide.

Getting KYC Right in Tanzania

Tanzania's KYC environment in 2026 rewards platforms that design for the actual market: NIDA as the primary identity anchor, mobile-first verification for low-bandwidth environments, consent management under the 2022 Data Protection Act, and ongoing monitoring that connects back to onboarding data.

VOVE ID is used by fintechs operating in Tanzania to build KYC workflows that meet this standard — biometric verification, document OCR across Tanzanian ID formats, PEP and sanctions screening, and audit-ready logging aligned with BoT and FIU requirements.

Building KYC for Tanzania? See how it works — we'll walk you through it.

This article is intended for general informational purposes only and does not constitute legal, financial, or regulatory advice. KYC requirements may vary depending on jurisdiction, industry, and specific business circumstances. For up-to-date and binding compliance obligations, readers should refer to the relevant regulatory authorities or consult qualified professionals.