KYC in Libya: Regulatory Reality in 2026

For institutions operating in Libya or onboarding Libyan customers, KYC compliance in 2026 requires more than formal document collection. The regulatory framework exists, supervisory scrutiny is increasing, and operational expectations are gradually rising. In this environment, structured onboarding systems such as VOVE ID are increasingly used to standardise processes and reduce compliance exposure.

Libya’s AML/CFT regime is formally aligned with international standards, but implementation remains uneven. Understanding both the legal structure and the institutional reality is critical.

Legal and Supervisory Framework

Libya’s AML/CFT regime is primarily based on:

• Law No. 2 of 2005 on Combating Money Laundering (as amended)
• Subsequent amendments covering terrorist financing
• Regulatory instructions issued by the Central Bank of Libya

The Central Bank acts as the principal supervisory authority for banks and many financial institutions. The Financial Intelligence Unit operates within the Central Bank structure and is responsible for STR analysis and intelligence dissemination.

Libya is a member of the Middle East and North Africa Financial Action Task Force, and its AML system is assessed against FATF-aligned standards.

Increased Monitoring and Legislative Reform

Libya remains subject to enhanced international AML monitoring. In 2025, authorities discussed a draft AML/CFT law aimed at addressing deficiencies identified in international assessments and strengthening the framework.

The Central Bank encouraged adoption of the draft as part of efforts to improve compliance standing. However, as of February 2026, the new law has not been formally enacted. The existing legal framework therefore remains the primary source of KYC obligations.

For compliance teams, this means operational discipline matters more than anticipated legislative change.

Suspicious Transaction Reporting and goAML

In 2025, Libya launched the goAML platform for electronic submission of Suspicious Transaction Reports. The Financial Intelligence Unit within the Central Bank now receives STRs through this UNODC-supported system.

This represents a procedural improvement, increasing reporting traceability and standardisation. However, infrastructure upgrades alone do not guarantee effectiveness. Institutions must still demonstrate:

• Clear internal escalation processes
• Documented rationale for suspicion
• Proper record retention

Without structured case management and audit trails, electronic submission alone is insufficient. This is where integrated compliance systems, including platforms like VOVE ID, can support internal documentation consistency and defensibility.

Core KYC Obligations

Reporting entities must conduct Customer Due Diligence before establishing business relationships or executing qualifying transactions.

Individuals

• Full legal name
• Date and place of birth
• National ID or passport
• Residential address
• Source of funds where risk warrants

Legal Entities

• Registration documentation
• Articles of association
• Identification of directors
• Identification and verification of Ultimate Beneficial Owners

Beneficial ownership transparency remains a vulnerability area, particularly in cases involving layered ownership or cross-border structures.

Sanctions Exposure

Libya remains subject to UN sanctions frameworks linked to the United Nations Security Council resolutions concerning asset freezes and designated individuals.

Financial institutions must maintain:

• Ongoing sanctions screening
• Immediate freezing capabilities
• Internal escalation procedures

Correspondent banking relationships are particularly sensitive to sanctions compliance failures.

Practical Compliance Realities in 2026

Despite formal alignment with FATF standards and the introduction of goAML, structural challenges remain:

• Documentation authenticity concerns
• Fragmented institutional oversight
• Limited digitisation of public registries
• Uneven enforcement intensity

Supervisors increasingly focus on operational effectiveness rather than written policies. Institutions must demonstrate:

• A documented risk-based approach
• Consistent enhanced due diligence
• Properly justified risk scoring
• Senior management oversight

Digital onboarding infrastructure helps institutions standardise customer data capture, structure beneficial ownership information, and maintain defensible audit logs across branches and jurisdictions.

Conclusion

Libya’s AML/CFT framework in 2026 reflects incremental progress rather than structural overhaul. The launch of goAML and ongoing legislative discussions indicate movement, but the core legal framework remains unchanged.

For financial institutions, the priority is not waiting for reform. It is building consistent, risk-based KYC processes under the current regime.

In jurisdictions subject to increased monitoring, credibility depends on demonstrable operational control. Platforms like VOVE ID support institutions in maintaining structured documentation, consistent due diligence application, and audit-ready compliance frameworks in a challenging regulatory environment.