AML/CFT Compliance in Anjouan: AOFA Regulations, International Standards, and Practical Guidance

Scrutiny from global banks has turned Anjouan's offshore finance sector into a flashpoint for regulatory reform. The island’s ambition to attract international capital clashes with mounting pressure from the European Union, the Eastern and Southern African Anti-Money Laundering Group (ESAAMLG), and major correspondent banks that demand tighter safeguards against money-laundering and terrorist-financing flows. As the Anjouan Offshore Finance Authority (AOFA) tightens licensing conditions and aligns its rules with Law 12-001/AU, institutions must adapt quickly or risk losing access to the global financial system.

The Regulatory Landscape

The Offshore Finance Authority Act of 2005 created the AOFA as the sole licensing and supervisory body for offshore activities on Anjouan. Subsequent amendments in 2025 and 2026 introduced a tiered licensing regime that distinguishes between full-service banks (Class A), restricted banks (Class B), and non-bank financial service providers. The Act also mandates that all licence holders adopt the AML/CFT provisions of Law 12-001/AU, which was enacted on 2 June 2012 to bring the Union of the Comoros into conformity with the FATF Recommendations.

Section 2 of Law 12-001/AU enumerates the “obliged entities” - a list that now exceeds 120 categories, ranging from credit institutions and insurance undertakings to online gaming operators and virtual-asset service providers. The same provision obliges each entity to retain transaction records for at least five years and to submit periodic compliance reports to the AOFA.

Among the eight AOFA licence classes, the International Banking licences (Class A full and Class B restricted) are the most heavily scrutinised. Class A licences require a minimum paid-in capital of US$10 million, a resident compliance officer, and a physical office in Mutsamudu. Class B licences, introduced in 2023, permit lower capital (US$2 million) and allow remote compliance officers, but they are subject to quarterly supervisory reviews. Trust-service licences, insurance licences, and the newer Crypto/VASP licences each carry bespoke AML obligations that mirror the risk profile of the activity.

Established in 2014, the Service de Renseignement Financier (SRF) - also referred to as the Cellule de Renseignements Financiers (CTAF) - functions as the Union’s Financial Intelligence Unit. The SRF operates a goAML-compatible portal for the electronic filing of suspicious activity reports (SARs) and receives direct referrals from the AOFA’s supervisory unit. Although the SRF’s staffing levels remain modest, it has signed data-exchange agreements with the FIU of Kenya and the French TRACFIN to enhance cross-border intelligence sharing.

When ESAAMLG released its 2018 mutual evaluation of Comoros, the report assigned the Union a “moderate” risk rating for money-laundering and a “high” rating for terrorist-financing vulnerabilities. The evaluation highlighted gaps in the implementation of customer-due-diligence (CDD) procedures, limited analytical capacity at the SRF, and insufficient follow-up on SARs. The report also recommended that the AOFA adopt a risk-based supervisory model and publish detailed guidance on beneficial-ownership verification.

European Union lists have repeatedly flagged Anjouan as a higher-risk jurisdiction for source-of-funds verification. In the EU’s 2023 “High-Risk Third Country List”, Anjouan appeared under the “enhanced due-diligence” category, prompting correspondent banks to request additional documentation from Anjouan-licensed entities before establishing or maintaining payment corridors.

Customer Due Diligence and KYC

For natural persons, Section 7 of Law 12-001/AU requires the collection of full name, date and place of birth, nationality, residential address, and a government-issued identification document before any business relationship commences. The AOFA’s 2025 CDD guidance adds that electronic verification of passports or national ID cards must be performed through a recognised e-identity provider, and that the verification result be stored for a minimum of three years.

Corporate clients face verification under Section 8, which mandates the submission of a recent extract from the commercial register of the jurisdiction of incorporation, the entity’s articles of association, and a declaration of the ultimate beneficial owners (UBOs). The law defines a UBO as any natural person holding at least 25 % of the voting rights or the economic interest. If no individual meets the 25 % threshold, the senior managing official is recorded as the “notional” UBO, as clarified in the AOFA’s 2024 guidance note.

If a client is identified as a politically exposed person (PEP) under Section 9, the AOFA requires enhanced due diligence (EDD). The EDD checklist includes source-of-wealth documentation, senior-management approval for the relationship, and continuous transaction monitoring with a lower tolerance for anomalies. The AOFA’s 2025 risk-matrix assigns a “high” risk rating to PEPs originating from jurisdictions identified by the FATF as non-cooperative.

Ongoing monitoring is codified in Section 10, which obliges entities to review the risk profile of each client at least annually, or whenever a material change occurs. The AOFA’s 2026 supervisory manual specifies that high-risk clients must be re-verified every six months, and that any deviation from the expected transaction pattern trigger a SAR within 24 hours of detection.

Suspicious Activity Reporting

Section 24 obliges all obliged entities to submit a SAR to the SRF whenever a transaction appears to be linked to money-laundering, terrorist financing, or a breach of sanctions. The SAR must contain a concise narrative, the amounts involved, the parties’ identifiers, and any supporting documentation. The AOFA’s 2025 SAR template, available on the SRF portal, includes mandatory fields for risk rating, typology code, and the officer’s signature.

Section 25 provides that the SRF must acknowledge receipt of a SAR within one working day and forward the report to the Public Prosecutor’s Office if the suspicion meets the threshold for criminal investigation. The SRF also retains the authority to issue a “stand-still” notice, prohibiting the continuation of a transaction until the investigation concludes. Failure to file a SAR within the prescribed timeframe can result in a monetary penalty of up to 2 % of the entity’s annual turnover, as set out in Section 43 of the law.

Risk-Based Approach and Supervisory Oversight

The AOFA has embedded a risk-based approach throughout its supervisory framework. Section 5 requires each licence holder to produce an institution-wide risk assessment that distinguishes between money-laundering (ML) and terrorist-financing (TF) risks, updates the assessment annually, and documents the mitigation measures applied. The 2024 AOFA supervisory handbook lists 12 risk factors, ranging from client geography to product complexity, and assigns a numerical score that determines the frequency of supervisory visits.

If a risk assessment identifies a “critical” risk - for example, a crypto-VASP dealing with unhosted wallets - the AOFA may impose additional controls such as mandatory blockchain-analytics software, real-time transaction screening, and quarterly reporting to the SRF. The authority also reserves the right to conduct on-site inspections without prior notice for entities classified as “high-risk” under the 2025 risk matrix.

Sanctions Screening

Although Anjouan is not a member of the EU, the AOFA has incorporated EU, UN, and UK sanctions lists into its screening obligations. Section 11 of Law 12-001/AU mandates that entities maintain an up-to-date sanctions database and apply “real-time” screening on both onboarding and ongoing transactions. The AOFA’s 2025 technical specification requires that false-positive rates be kept below 5 % and that any match be reviewed by a designated compliance officer within eight hours.

In practice, several correspondent banks have terminated relationships with Anjouan-licensed banks that failed to demonstrate documented sanctions-screening procedures. In March 2024, a major European correspondent bank issued a de-risking notice to all Anjouan banks, demanding proof of compliance with EU sanctions regimes or face termination of the payment corridor.

Recent Enforcement Activity

Enforcement activity by AOFA is sparsely reported publicly; the jurisdiction’s supervisory record is instead visible through international correspondent-banking decisions and ESAAMLG assessments. Nevertheless, a handful of enforcement actions have been documented since 2022.

The 2025 ESAAMLG follow-up report noted that the AOFA had increased the frequency of supervisory visits from an average of one per year to two per year for high-risk licence classes. The report also praised the 2024 amendment to Section 43, which introduced a tiered penalty structure based on turnover, but warned that enforcement transparency remained limited.

Practical Compliance Checklist for Anjouan Institutions

How RegMantle Helps

RegMantle produces jurisdiction-specific AML/CFT documentation for Anjouan licence holders, referencing Law 12-001/AU, AOFA licence-class requirements, and SRF reporting templates. Outputs include a bilingual (French/English) AML manual, a CDD policy aligned with Sections 7-10, a sanctions-screening framework that incorporates EU, UN, and UK lists, a SAR filing guide using the SRF goAML portal, and a risk-assessment workbook calibrated to the AOFA’s 2025 risk matrix. All documents are exportable as branded DOCX files ready for board approval and AOFA inspection.