KYC.bd

Guide · BD-local · 11 min read

AML Compliance in Bangladesh: Regulator's View

BFIU master circulars, Bangladesh Bank expectations, STR/SAR filing, and risk-based AML programmes — explained for fintech and banking practitioners.

AML compliance in Bangladesh is governed by the Money Laundering Prevention Act 2012, the Anti-Terrorism Act 2009, and operationalized through the Bangladesh Financial Intelligence Unit (BFIU) master circulars. Every reporting organisation — banks, NBFIs, insurers, MFS providers, capital markets intermediaries, money changers — is required to maintain a risk-based AML programme.

What the law requires

  1. A written AML policy approved by the Board.
  2. A designated AML Compliance Officer (CAMLCO) at head office and a Branch Anti-Money Laundering Compliance Officer (BAMLCO) at every branch.
  3. Customer due diligence proportionate to risk tier.
  4. Ongoing transaction monitoring against the customer's expected profile.
  5. Suspicious Transaction Reports (STRs) filed with BFIU within the required timeline.
  6. Cash Transaction Reports (CTRs) for transactions above the threshold.
  7. Annual training for all staff in customer-facing or transaction-processing roles.
  8. Independent audit of the AML programme at least annually.

STR filing in practice

An STR is filed when there is reasonable ground to suspect a transaction (or attempt) is related to money laundering or terrorist financing. STRs are submitted to BFIU via goAML. The filing is confidential — the customer must not be tipped off. Records of every STR, and the analysis leading to it, must be retained for at least 5 years.

Risk-based programme design

A risk-based programme allocates effort proportionate to risk. Low-risk customers (small retail accounts in low-risk geographies, transparent occupations) get simplified due diligence. Medium-risk customers get standard CDD. High-risk customers (PEPs, high-risk jurisdictions, cash-intensive businesses) get EDD and senior-management sign-off. The tiering must be documented, reviewable, and updated when risk factors change.

How technology fits

The three highest-leverage technology investments are: (1) automated sanctions and PEP screening with continuous monitoring, (2) transaction-pattern monitoring with explainable alerts, (3) audit-grade record-keeping with signed verification receipts. KYC.bd covers (1) and (3) directly; (2) is typically a separate transaction-monitoring system that consumes our identity and screening output.

See the AML screening API and the banking solution. For the underlying identity layer, start with what is KYC.

Ready to verify Bangladeshi users in seconds?

Talk to our team about a sandbox account, pricing, or a compliance-focused walkthrough.

Related reading