What are the KYC requirements in Turkey?

Turkish KYC requirements are set by Law No. 5549 and MASAK. All obliged entities must verify customer identity, conduct CDD, apply risk-based monitoring and retain records for eight years. KYC Turkey compliance requires documents including TC Kimlik Kartı, Turkish national ID alternatives, passport and foreigner ID card for non-citizens. eKYC Turkey solutions using NFC chip verification accelerate identity verification while meeting BDDK and MASAK standards.

What is MASAK and what does AML compliance Turkey require?

MASAK is Turkey's Financial Intelligence Unit under the Ministry of Treasury and Finance. AML compliance Turkey obligations require financial institutions to conduct CDD, submit suspicious transaction reports via the MASAK Online system, maintain eight-year records and appoint a compliance officer at senior management level. MASAK compliance applies to banks, payment providers, crypto platforms and all obliged entities.

How does KVKK compliance affect KYC data handling in Turkey?

KVKK (Law No. 6698) requires all data controllers to register with VERBIS before processing personal data. KYC data is classified as personal data and must be encrypted, purpose-limited and subject to data subject access rights. KVKK compliance means cross-border transfers require equivalent protection standards. Turkish identity verification Turkey must align with both KVKK data protection and AML compliance requirements.

What documents are accepted for Turkish national ID KYC verification?

Primary documents for Turkish national ID KYC include TC Kimlik Kartı and Turkish Passport. Secondary documents include Sürücü Belgesi, Yabancı Kimlik Kartı and İkamet İzni for foreign nationals. Chip-based national ID cards with NFC receive preference. eKYC Turkey solutions support all 26 Turkish document types including biometric verification.

What are the KYB requirements for verifying Turkish businesses?

Turkish KYB verification requires Ticaret Sicil Gazetesi, Faaliyet Belgesi and Articles of Association for entity identity. Tax identity uses VKN. UBO identification is mandatory under Law No. 5549, requiring Ortaklık Yapısı, Pay Defteri and Gerçek Faydalanıcı Bildirimi documentation. KYB Turkey compliance includes verification of all beneficial owners at 25% ownership thresholds.

How does Shufti support crypto KYC Turkey compliance under CMB regulations?

Crypto KYC Turkey compliance is governed by CMB Law No. 7518, which requires platforms to obtain Capital Markets Board licences by June 2026. Shufti provides full KYC onboarding, jurisdiction verification for Travel Rule compliance, sanctions screening and eight-year record retention. Our crypto KYC Turkey solutions support CMB licence applications and post-licensing MASAK reporting obligations.

What is the data retention requirement for AML records in Turkey?

Law No. 5549 mandates eight-year retention of all AML records from the end of the business relationship. This covers KYC files, transaction records and STR documentation. AML compliance Turkey requires automated retention schedules and maintains audit-ready records for MASAK examinations and regulatory inspections.

How does Turkey's FATF membership affect AML compliance Turkey obligations?

Turkey has been a FATF member since 1991 and was removed from the grey list in June 2024 after addressing compliance gaps. Post-greylisting, MASAK and BDDK enforce heightened AML standards. FATF's 40 Recommendations guide Turkish AML policy and international correspondent banking expectations. AML compliance Turkey now requires demonstrable controls exceeding minimum standards.

What are the penalties for non-compliance with Turkish KYC and AML regulations?

Non-compliance with Turkish KYC and Law No. 5549 AML obligations results in administrative penalties and potential criminal sanctions. MASAK compliance violations attract fines; failure to maintain eight-year records, conduct proper KYC Turkey verification, or submit STRs results in enforcement action. Crypto platforms failing to obtain CMB licences by June 2026 face liquidation. Enhanced penalties apply to repeat violations.

Morocco

Identity Verification & KYC For Morocco

Shufti delivers Law 43-05 compliant KYC, KYB, and AML screening. Verify CNIE identities, passports, and beneficial ownership for individual and business onboarding.

Operational performance for Morocco KYC

Our Numbers Speak Volumes

98.05%

Pass Rates

100%

NFC
Verification

< 5 sec

Verification
Time

Evidence-Ready Checks Across People & Businesses in Morocco

Individual Documents We Verify

Shufti supports 11 Moroccan document types.

View All Supported Documents

Carte Nationale d'Identité Électronique (CNIE)

Biometric identity document mandatory for Moroccan citizens from age 16. Primary KYC document for banks and regulated businesses with NFC chip and fingerprint data.

Passeport Marocain

Official travel and identity document accepted for KYC verification across banking. MRZ structure enables automated field extraction and consistency checks.

Carte de Séjour

Residence permit required for non-Moroccan citizens and foreigners in Morocco. Accepted for KYC identification and beneficial ownership evidence in businesses.

Permis de Conduire

Driver's licence serves as supplemental identity document for citizens and residents. Useful for address verification and identity checks in KYC processes.

Business Entity Identity

Registre de Commerce (RC)

Central business identifier issued by OMPIC via Central Commercial Register. Contains company name, registration number, incorporation date, and legal status.

Certificat Négatif

Certificate from OMPIC confirming no conflicting trade name exists in Morocco. Verifies exclusive business name rights during company registration.

Statuts de la Société

Company bylaws and articles of association serve as founding corporate documents. Evidence of governance structure, management roles, and ownership distribution.

Business Tax Identity

Identifiant Fiscal (IF)

Unique tax ID assigned by Direction Générale des Impôts (DGI) to each business. Validates business tax compliance and financial legitimacy effectively.

Identifiant Commun de l'Entreprise (ICE)

15-digit universal business identifier introduced in Morocco in 2016. Mandatory on all invoices since 2019 for regulatory identification.

Taxe Professionnelle

Business tax certificate documenting professional tax obligation compliance. Confirms active business status and good standing with authorities.

Ownership & Control (UBO)

Registre des Bénéficiaires Effectifs (RBE)

Public beneficial ownership register hosted at rbe.ompic.ma, launched 2022. Mandatory for all legal entities established in Morocco for UBO verification.

Liste des Actionnaires

Shareholder register providing documentary evidence of beneficial ownership and control structure. Required for complete UBO chain identification.

Statuts Actualisés

Updated corporate bylaws reflecting current ownership structure and governance. Essential for verifying beneficial owner changes over time.

Languages We Cover

Arabic and French Bilingual Document Handling

Official documents carry Arabic and French text with potential transliteration ambiguity. Shufti applies dual-language verification across both scripts.

Name Matching Controls for Arabic Transliteration

Arabic names appear under multiple Latin spellings; diacritics and variants complicate matching. Shufti uses transliteration-aware protocols for accuracy.

Evidence Consistency Across Steps

Dual-language documents require verification that extracted data and matched results align correctly. Shufti preserves both for compliance review and audit.

GOVERNANCE & CONTROLS

Audit-Ready Decisions, Lower Operational Drag

CNIE Capture Quality

Reduce re-submissions with CNIE capture guidance and visibility checks. Prevent blurred uploads before extraction begins.

Cleaner Audit Trails

Generate decision outputs with reason codes and timestamps aligned to BAM and ANRF expectations. Maintain reviewable evidence trails.

Better Name Matching

Arabic-to-French transliteration variants create false mismatches in standard systems. Transliteration-aware rules cut manual review.

One Workflow

Consolidate identity verification, KYB, and AML screening into single operational view. Manage all verification types from one system.

CNIE-First Design

Structured CNIE extraction and repeatable checks enable evidence-led decisions. Fallback to passports when needed without user abandonment.

Enterprise-grade compliance infrastructure

Morocco IDV/KYC Challenges

Dual-Language Ambiguity

CNIE and official documents contain Arabic and French text with different underlying data. Script mismatches require reliable extraction controls.

Informal Sector Risk

Morocco's substantial informal economy with high-volume cash creates AML/CFT vulnerabilities. DNFBPs show low compliance with reporting.

Fragmented Ownership Records

RBE is now mandatory, but legacy structures lack complete beneficial ownership documentation. Shell company risks demand enhanced verification.

Low Reporting Volume

Financial institutions historically file low suspicious transaction volumes relative to activity. DNFBPs underreport despite obligations.

Shufti's IDV/KYC Solutions for Morocco

KYC Solutions

Face Verification

Prevents CNIE impersonation and mule sign-ups using liveness checks and facial matching. Reduces manual exceptions in remote onboarding workflows effectively.

Age Verification

Estimates age from selfie biometric analysis; falls back to CNIE/passport document verification when required. Frictionless access control enforcement.

Address Verification

Verifies CNIE addresses, utility bills (ONEE, LYDEC, REDAL, AMENDIS), and bank statements. Accepts documents bearing current address information reliably.

Document Verification

Detects tampered CNIE, passports, and residence permits with high confidence. Extracts fields across Arabic and French language variations consistently.

KYB Solutions

Business Verification

Verifies businesses via Registre de Commerce, OMPIC registration certificates, and ICE identifiers. Reduces shell company and fraud risk effectively.

Enhanced Due Diligence (EDD)

Addresses informal sector exposure, fragmented beneficial ownership, and DNFBP compliance gaps. Generates audit-ready evidence for high-risk entities.

AML Screening

Business AML Screening

Screens entities and controlling persons (directors/UBOs) against ANRF, sanctions, and PEP lists. Identifies risk before customer activation reliably.

Transaction Screening

Monitors transaction flows for structuring patterns and high-risk counterparty behaviour. Supports continuous AML controls with defensible evidence logs.

REGULATORY ALIGNMENT

Built to Fit Morocco's Compliance Landscape

Bank Al-Maghrib (BAM)

BAM supervises all 24 licensed banks and sets banking sector KYC standards. Shufti evidences customer due diligence steps with audit-ready evidence trails. Official Website: https://www.bkam.ma/

Autorité Marocaine du Marché des Capitaux (AMMC)

AMMC regulates capital markets and securities trading for investor protection. Shufti structures KYB and UBO evidence aligned to governance expectations. Official Website: https://www.ammc.ma/en

Autorité Nationale du Renseignement Financier (ANRF)

ANRF (restructured from UTRF in 2021) processes suspicious transaction reports and financial intelligence. Shufti preserves investigation-grade evidence packs. Official Website: https://www.cg.gov.ma/en/anrf

Office des Changes (OC)

OC oversees foreign exchange operations, currency conversion and trade statistics. Shufti enables repeatable counterparty screening and compliance controls. Official Website: https://www.oc.gov.ma/en

Commission Nationale de Contrôle de la Protection des Données (CNDP)

CNDP enforces Law 09-08 data protection and personal data processing compliance. Shufti applies encryption and retention controls for regulatory alignment. Official Website: https://www.cndp.ma/en/

Autorité de Contrôle des Assurances et de la Prévoyance Sociale (ACAPS)

ACAPS supervises insurance companies and social welfare organisations for AML/CFT. Shufti supports insurance sector compliance with defensible evidence trails. Official Website: https://www.acaps.ma/en

Office Marocain de la Propriété Industrielle et Commerciale (OMPIC)

OMPIC maintains the Central Commercial Register and beneficial ownership registration. Shufti integrates OMPIC evidence trails into KYB workflows for compliance. Official Website: http://www.ompic.ma/en

Direction Générale des Impôts (DGI)

DGI collects taxes and administers tax identifiers (IF, ICE) for Morocco. Shufti validates tax identity during KYB compliance checks and verification. Official Website: https://www.finances.gov.ma/en

Deployment Choice

No in-country cloud regions exist in Morocco. AWS, Azure, and GCP deploy to European regions. On-premise deployment options available for regulated entities.

Regulatory Alignment

Law 09-08 data protection (enforced by CNDP) requires appropriate technical safeguards. Law 43-05 AML recordkeeping mandates 10-year minimum retention.

Retention Controls

Law 43-05 requires 10-year minimum retention for transaction records, customer identification, and beneficial ownership data throughout customer relationships.

Encryption Posture

Law 09-08 requires appropriate technical and organisational safeguards including encryption. DGSSI sets cryptographic standards for industry compliance.

Data and Privacy Controls in Morocco

BUILT FOR COMPLIANCE TEAMS

Morocco AML Sources That Strengthen Decision

Parliament of Morocco

Justice and Development Party (PJD)

Moroccan Capital Market Authority

Morocco World News

Le Matin

Hespress

Frequently Asked Questions

What is CNIE and how is it used for KYC verification in Morocco?

The CNIE (Carte Nationale d'Identité Électronique) is Morocco's biometric smart card identity document, mandatory from age 16 with 10-year validity. It is the primary KYC document for banks, fintechs, and regulated businesses, containing an NFC chip with fingerprint data.

What are Morocco's main KYC compliance requirements under Law 43-05?

Law 43-05 (amended by Law 12-18 in 2021) requires: customer due diligence with risk-based assessment; identity verification using government-issued documents (CNIE, passport, residence permit); beneficial ownership identification for business entities; and 10-year record retention post-relationship termination.

What documents does Morocco require for business KYC (KYB)?

For business KYC in Morocco, required documents include: Trade Register Certificate (RC) from OMPIC; company bylaws (statuts); beneficial ownership information (now mandated in Registre des Bénéficiaires Effectifs/RBE); tax ID (IF or ICE); and identity documents for signatories and beneficial owners.

Who is responsible for KYC enforcement and AML compliance in Morocco?

Multiple regulators oversee KYC and AML: Bank Al-Maghrib (BAM) supervises banks and payment institutions; the Autorité Nationale du Renseignement Financier (ANRF) processes suspicious transaction reports; AMMC oversees capital markets; ACAPS supervises insurance; and CNDP enforces data protection.

What is Morocco's FATF status and how does it affect KYC requirements?

Morocco was removed from the FATF grey list in February 2023 after implementing full AML/CFT measures. Current status: NOT on FATF grey list or blacklist. Morocco must maintain FATF 40 Recommendations compliance, reinforcing strict KYC requirements for banks, fintechs, and DNFBPs.

How long must KYC records be retained in Morocco?

Under Law 43-05 (as amended by Law 12-18), all KYC records including customer identification documents, transaction details, and suspicious transaction reports must be retained for a minimum of 10 years following the end of the customer business relationship.

How does goAML reporting work for Morocco?

goAML is the UN UNODC system used by Morocco for suspicious transaction reporting to ANRF. Programmes using goAML must maintain traceable decisions, review notes, and consistent evidence packaging to support STR/CTR submissions.

What data residency obligations apply under Law 09-08?

Law 09-08 requires appropriate technical and organisational safeguards for personal data processing. While Morocco lacks in-country cloud regions, standard contractual clauses and encryption controls support compliance when deploying to European infrastructure.

Build a Morocco-ready KYC, KYB & AML programme with Shufti

Check Pricing Request Demo

INDEPENDENTLY AUDITED. GLOBALLY CERTIFIED.

Certified to Global Standards

PROVEN WORKFLOWS

Use Cases for Regulated Growth in Morocco

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Marketplace

Banking

Crypto

Fintech

Forex

Gaming

Gig Economy

Reduce Fraud Without Blocking Growth

Shufti supports marketplace integrity by verifying seller and buyer identities, enabling age-gated journeys where needed, and preserving evidence to support investigations, disputes, and risk-led enforcement actions.

Learn More Try Now

Secure Trust at Every Transaction

Automate KYC and AML workflows to reduce manual onboarding costs. Strengthen residency checks while delivering the frictionless digital experience modern customers expect.

Learn More Try Now

Scale Your Exchange with Confidence

Balance anonymity with compliance. Instantly verify user jurisdiction to meet Travel Rule obligations and help stop abuse without slowing down legitimate trading volume.

Learn More Try Now

Accelerate Growth, Eliminate Friction

Onboard users in seconds, not days. Deploy tiered address verification flows that maximise completion rates for genuine users while filtering out synthetic fraud.

Learn More Try Now

Onboard Global Traders in Real-Time

Verify investors across 250+ countries & territories. Ensure compliance with international financial regulations while preventing identity theft and high-risk chargebacks.

Learn More Try Now

Power a Fair & Secure Player Experience

Reduce bonus abuse and multi-accounting rings at the door. Enforce location rules and trigger step-up checks without disrupting the player journey.

Learn More Try Now

Build a Trusted, Verified Workforce

Screen freelancers and drivers at scale. Verify residency and reduce onboarding friction while maintaining trust between users.

Learn More Try Now

Let’s Tailor your journey

Just a few quick questions to guide your Shufti experience.

Which products would you like to check out?

VideoIdent

Address Verification

eIDV (Docless)

KYB

AML Screening

Deepfake Detection

Face and ID Verification

Age Verification

Others

What is your expected yearly verification volume?

1 to 1,000

1,001 to 5,000

5,001 to 20,000

20,001 to 50,000

50,001 to 100,000

100,001 to 1,000,000

1,000,000+

Valid Invalid number

I agree that Shufti may use my email for marketing purposes, including to share updates about Shufti products & services, newsletters, invites to special events and free giveaways. You can unsubscribe at any time using the link from Shufti emails.

By clicking Submit, you accept our Privacy Policy and consent to marketing communications.

Shufti

Market Positioning and Commercial Assessment

Industry stands at 1.7rating

Best ID Verification Innovator

Explore Practical KYC & AML Resources

Explore Content library

16 August, 2025

5 minutes read

How Much of What You’ve Verified Is Actually Real?

Shufti’s Deepfake Blindspot Audit now runs fully inside your AWS environment, auditing historic KYC for manipulation signals without moving sensitive data off-prem.

whitepapers

16 August, 2025

5 minutes read

Prevent Account Takeover Fraud with a Multilayered Defense

This white paper highlights Shufti’s multilayered defense using verification, device fingerprinting, biometrics, and liveness detection to prevent ATO.

whitepapers

16 August, 2025

5 minutes read

An Enterprise Guide to Choose the Right Identity Verification Solution

Helps decision-makers select a platform that satisfies the requirements of risk, compliance, product, growth, and executive stakeholders simultaneously.

whitepapers

Explore Content library