Mali -- AML/CFT Compliance Regulatory Overview

**Full Name:** *Directive relative à la lutte contre le blanchiment de capitaux et le financement du terrorisme dans les États membres de l’UEMOA.* (Directive on the fight against money laundering and terrorist financing in UEMOA member states).

**Purpose:** This regional directive sets the foundational AML/CFT standards for all UEMOA member states, including Mali, aligning with FATF recommendations.

**Law N°2018-024 of August 21, 2018**, *amending Ordinance N°2015-032/P-RM of June 19, 2015, relating to the fight against money laundering and terrorist financing.*

**Purpose:** This is Mali's national legislation implementing the UEMOA directives. While it doesn't explicitly mention "virtual assets" or "VASPs" (as it largely predates comprehensive FATF VASP guidance), the broad definitions of "financial institutions," "financial activities," and "transfer of funds" could potentially be interpreted to include certain VASP activities.

For natural persons: Collecting and verifying identity (e.g., name, address, date of birth, nationality, unique identification number via official documents like passport or national ID card).

For legal entities: Collecting and verifying legal name, registered address, legal form, proof of incorporation, names of directors/authorized signatories, and identification of beneficial owners.

**Beneficial Ownership Identification:** Identifying and verifying the natural persons who ultimately own or control the customer, or the natural person on whose behalf a transaction is being conducted.

**Purpose and Nature of Business Relationship:** Understanding the purpose and intended nature of the business relationship or occasional transaction.

**Ongoing Monitoring:** Conducting ongoing due diligence on the business relationship and scrutinizing transactions undertaken throughout the course of that relationship to ensure consistency with the institution’s knowledge of the customer, their business, and risk profile.

**Risk-Based Approach:** Applying enhanced due diligence (EDD) for higher-risk customers (e.g., politically exposed persons - PEPs, customers from high-risk jurisdictions, or those engaged in complex/unusual transactions) and simplified due diligence (SDD) for lower-risk scenarios.

**Obligation:** Any transaction (regardless of amount) that an institution knows, suspects, or has reasonable grounds to suspect is related to money laundering or terrorist financing must be reported.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or third parties that an STR has been filed or that a money laundering or terrorist financing investigation is being conducted.

**Transaction Records:** All transaction data, including the amount, currency, date, and details of the parties involved (originator and beneficiary), should be kept.

**Customer Identification Records:** Records obtained through CDD measures (copies of identification documents, account files, business correspondence) must be retained.

**Retention Period:** Generally, these records must be kept for **at least five (5) years** after the business relationship ends or after the date of an occasional transaction.

**Cellule Nationale de Traitement des Informations Financières (CENTIF):** Mali's FIU, responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs).

**Role:** This is Mali's Financial Intelligence Unit (FIU). It is the primary body responsible for receiving, analyzing, and disseminating suspicious transaction reports to law enforcement agencies. CENAREF plays a central role in the fight against money laundering and terrorist financing.

**URL:** Official government websites often link to CENAREF. While a dedicated, stable public website specifically for CENAREF Mali can be elusive, its information is typically found through the Ministry of Economy and Finance or the UEMOA regional bodies. *A direct, stable public URL specifically for CENAREF Mali is not consistently available, but information may be found via the Ministry of Economy and Finance of Mali.*

**Central Bank of West African States (BCEAO):**

**Role:** The BCEAO is the central bank for the eight UEMOA member states, including Mali. It is the primary regulator and supervisor for banks and traditional financial institutions. While it has expressed caution regarding virtual assets (as per Communiqué N°18/2021), it would likely play a significant role in any future licensing or prudential supervision of VASPs in the UEMOA zone.

**Ministry of Economy and Finance (Mali):**

**Role:** Responsible for overall economic and financial policy, including the transposition and enforcement of AML/CFT legislation.

**Lack of Specific VASP Licensing:** Currently, there is no explicit licensing regime for VASPs in Mali. This means that while they might be implicitly covered by general AML/CFT laws, the specifics of their operation, authorization, and prudential regulation remain largely undefined.

**FATF Standards:** As a country within a region subject to FATF scrutiny, Mali is under pressure to implement FATF Recommendation 15 (which specifically addresses virtual assets and VASPs) and its interpretive note, including the "Travel Rule" (FATF Recommendation 16 for wire transfers, extended to VASPs). This means that even without explicit national VASP legislation, VASPs are generally expected to adhere to these international best practices.

**Risk and Uncertainty:** Operating as a VASP in Mali carries regulatory uncertainty due to the evolving framework. It is crucial for any entity considering VASP activities to seek specific legal counsel in Mali to understand the current interpretations of existing laws and any new directives that may emerge.

**Requirements:** VASPs operating in Mali must screen their customers (KYC/CDD) and transactions against the consolidated UN Security Council Sanctions List. This list includes individuals and entities designated under various regimes, such as:

Al-Qaeda and ISIL (Da'esh) Sanctions Committee

DPRK (North Korea) Sanctions Committee

Other country-specific sanctions (e.g., related to Libya, Somalia, Sudan, Yemen, etc.)

**Obligations:** If a VASP identifies a match (a customer or transaction linked to a sanctioned individual/entity), it must:

Immediately freeze all virtual assets and funds associated with the designated person/entity.

Prohibit making any virtual assets, funds, or economic resources available to, or for the benefit of, the designated person/entity.

Report the hit to Mali's Financial Intelligence Unit (FIU), the Cellule Nationale de Traitement des Informations Financières (CENTIF).

**UN Security Council Resolutions:** Various resolutions mandate sanctions.

UN Security Council Sanctions Committees

**Requirements:** VASPs in Mali should consider screening against the EU Sanctions Map/Database, especially if they have any operational nexus, customer base, or transaction flow involving EU jurisdictions or entities. This includes:

Freezing of funds and economic resources of designated persons/entities.

Prohibition on making funds or economic resources available to them.

**Obligations:** Similar to UN sanctions, any hits should lead to asset freezing and reporting to CENTIF.

**Council Regulations and Decisions:** Implement EU sanctions.

EU Sanctions Map (External Action Service)

Consolidated list of persons, groups and entities subject to EU financial sanctions (Council of the EU)

They process transactions through the U.S. financial system.

Their activities involve U.S. persons or U.S.-origin goods/services.

They facilitate transactions for OFAC-sanctioned entities or individuals.

They operate in a manner that "causes" a U.S. person to violate sanctions.

**Requirements:** VASPs must screen customers and transactions against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List and other sanctions lists (e.g., Sectoral Sanctions Identifications List, Non-SDN Palestinian Legislative Council List, etc.).

**Obligations:** If a VASP identifies a transaction or customer involving an OFAC-sanctioned entity or individual:

It must block (freeze) the funds and assets.

It must prohibit all dealings with the sanctioned party.

It must report the blocked property and rejected transactions to OFAC within specific timeframes.

OFAC Sanctions Programs and Information

OFAC Specially Designated Nationals (SDN) List

**Central Bank of West African States (BCEAO):** The regional central bank for WAEMU member states, including Mali, which oversees financial institutions and has issued warnings and guidelines regarding cryptocurrencies, often advising caution due to their unregulated nature and risks. While the BCEAO has generally warned against crypto, national laws still mandate AML/CFT compliance for any entities engaged in virtual asset activities.

**Law N°2014-047/AN-RM of 16 October 2014 relating to the fight against money laundering and the financing of terrorism in Mali.** This law is the primary legal instrument for AML/CFT in Mali and aligns with FATF recommendations. It obligates financial institutions (which, under FATF guidance, would include VASPs) to implement AML/CFT measures.

*While a direct online link to this specific law in English is challenging to find, it is consistently cited as the main AML/CFT law in Mali by international bodies like GIABA.*

**FATF Recommendations:** Mali, through its membership in GIABA, is expected to implement FATF standards, including Recommendation 15 on New Technologies, which specifically covers virtual assets and VASPs.

**Customer Due Diligence (CDD):** Identify and verify the identity of all customers (KYC) and beneficial owners. This includes collecting names, addresses, dates of birth, etc.

**Sanctions Screening:** Screen customer names, addresses, and other identifiers against the UN, EU, and OFAC sanctions lists at onboarding and on an ongoing basis. For crypto, this can extend to screening associated wallet addresses using blockchain analytics tools against lists of addresses known to be associated with sanctioned entities.

**Transaction Screening:** Monitor transactions in real-time or near real-time for links to sanctioned entities, high-risk jurisdictions, or suspicious patterns.

**Source of Funds/Wealth:** For high-risk customers or large transactions, inquire about the source of funds and source of wealth to ensure they are legitimate and not from sanctioned sources.

**OFAC-Sanctioned Jurisdictions:** Countries like Cuba, Iran, North Korea, Syria, and specific regions (e.g., Crimea, Donetsk, Luhansk regions of Ukraine).

**High-Risk Jurisdictions:** Countries identified by FATF or GIABA as having strategic AML/CFT deficiencies (e.g., those on the FATF 'grey list' or 'black list'). Transactions with such jurisdictions often require enhanced due diligence.

**Countries under UN/EU Embargoes:** Depending on the specific sanctions regime, certain transactions with or involving individuals/entities from embargoed countries may be prohibited.

**Financial Penalties:** Significant fines for institutions and individuals.

**Imprisonment:** For individuals found guilty of money laundering, terrorist financing, or serious breaches of compliance obligations.

**License Revocation/Suspension:** VASPs (if licensed or registered) could lose their operating authorization.

**Reputational Damage:** Significant harm to the business's standing and trust.

**Asset Forfeiture:** Proceeds of illicit activities may be confiscated.

Mali has a general AML/CFT law, **Loi n°2019-005 du 25 février 2019 relative à la lutte contre le blanchiment de capitaux et le financement du terrorisme** (Law No. 2019-005 of February 25, 2019, on the fight against money laundering and terrorist financing). This law forms the backbone of its AML/CFT framework.

However, the FATF's Recommendation 15 concerning virtual assets and VASPs, and the subsequent Travel Rule guidance, were significantly updated in June 2019. Mali's 2019 law *predates* these specific updates, and subsequent assessments have indicated a lack of specific regulation for virtual assets and VASPs.

According to the **GIABA (Inter-Governmental Action Group against Money Laundering in West Africa) Follow-Up Report on Mali (March 2023)**, Mali was rated as **partially compliant (PC)** for FATF Recommendation 15. The report noted that Mali had not yet conducted a risk assessment specific to virtual assets and had not developed the necessary legal and regulatory framework to supervise or monitor VASPs, nor to apply AML/CFT requirements to them.

**Therefore, the FATF Travel Rule has not been specifically adopted or implemented for VASPs in Mali through dedicated legislation.**

Since specific legislation for VASPs and the Travel Rule has not been adopted, there is **no specific effective date** for its implementation in Mali. The general AML/CFT Law (Loi n°2019-005) became effective upon its promulgation in February 2019.

As VASPs are not specifically regulated under the current AML/CFT framework for the Travel Rule, there are **no specific threshold amounts** defined for virtual asset transactions that would trigger Travel Rule requirements.

General AML/CFT obligations for traditional financial institutions typically involve thresholds for cash transactions (e.g., usually around XOF 500,000 to XOF 1,000,000 for customer due diligence or suspicious transaction reporting, though specifics would be in decrees related to the 2019 law). However, these do not directly apply to the Travel Rule for virtual assets without specific VASP regulation.

Given the absence of specific legislation targeting VASPs, there is **no clear definition or licensing framework for VASPs** in Mali.

Entities providing virtual asset services (e.g., exchanges, wallet providers) are currently not explicitly designated as "assujettis" (reporting entities) under the AML/CFT law in the same way traditional financial institutions are.

Any existing obligations would only apply if such an entity were also licensed as a traditional financial institution (e.g., a bank offering crypto services), which is rare.

Since there is no specific regulatory framework for the Travel Rule for VASPs, there are **no defined technical implementation requirements**.

For traditional financial institutions, the requirements typically involve maintaining records of transactions, conducting customer due diligence (CDD), and reporting suspicious transactions to the Cellule Nationale de Traitement des Informations Financières (CENTIF) – Mali's Financial Intelligence Unit.

The general AML/CFT Law (Loi n°2019-005) outlines penalties for non-compliance for designated reporting entities. These can include administrative sanctions (fines, revocation of license) and criminal penalties (imprisonment, heavier fines) for serious offenses related to money laundering or terrorist financing.

However, without VASPs being explicitly designated as reporting entities for Travel Rule purposes, applying these specific penalties directly for non-compliance with the Travel Rule would be difficult. Penalties would only apply if a VASP's actions were found to violate broader existing AML/CFT provisions that could be loosely interpreted to cover their activities (e.g., failure to report a suspicious transaction if they were somehow deemed a financial intermediary).

**Loi n°2019-005 du 25 février 2019 relative à la lutte contre le blanchiment de capitaux et le financement du terrorisme:**

This law can be found on the website of CENTIF Mali (Malian Financial Intelligence Unit).

**GIABA Follow-Up Report on Mali (March 2023):**

**URL (example, GIABA hosts these reports):** You would typically find this on the GIABA website under "Mutual Evaluations" or "Follow-Up Reports."

A direct link for the March 2023 report is usually in the format like: https://www.giaba.org/reports/Mutual_Evaluation/Mali_FUR_EN.pdf (Note: The exact URL might change, but searching "GIABA Mali Follow Up Report 2023" should yield it). The report consistently indicates that R.15 for VASPs is not yet implemented.

**Note:** The BCEAO issued Communiqué N°18/2021 in 2021, reiterating that virtual assets are not legal tender in the UEMOA zone and warning financial institutions against their involvement in certain virtual asset activities, pending a specific regulatory framework. This indicates a cautious approach and an acknowledgment of the sector, but not yet a full regulatory embrace for VASPs.