Free download · 2026 edition

Bangladesh KYC & AML compliance checklist

42 concrete checks covering Bangladesh Bank CDD, BFIU circulars, BTRC SIM KYC, IDRA guidance, and PDPA 2023. Written by practitioners, not lawyers.

What's inside

  • Bangladesh Bank CDD: name, DOB, address, occupation, source of funds — all fields present
  • NID verified against NID Wing (source of truth), not just against the card artefact
  • Consent captured, timestamped, and retained for the mandated retention period
  • AML screen against UN, OFAC, EU, and BFIU lists at onboarding
  • PEP + adverse-media screen at onboarding and quarterly re-screen
  • Liveness meets ISO/IEC 30107-3 PAD level 2 (or documented compensating control)
  • Audit trail is tamper-evident, hash-chained, and independently exportable
  • PDPA 2023: purpose limitation, minimisation, and subject-access request workflow
  • Data residency: personal data of BD residents processed and stored in BD
  • Vendor DPA signed with every third-party sub-processor touching PII
  • Retention schedule documented per data class with automatic deletion jobs
  • Incident response runbook with 72-hour regulator notification path
  • …plus 30 more checks across governance, technical controls, and inspection-readiness.