KYC and AML Requirements for Crypto in Bahrain (CBB Regulations)

Bahrain as a MENA Crypto Hub

The Kingdom of Bahrain has established itself as one of the most forward-thinking jurisdictions in the Middle East and North Africa (MENA) region for cryptocurrency and digital asset regulation. By creating a comprehensive, clear regulatory framework early on, Bahrain has attracted crypto exchanges, blockchain companies, and digital asset service providers seeking a well-regulated environment from which to serve the broader MENA market.

The Central Bank of Bahrain (CBB) has been the driving force behind this regulatory clarity, issuing detailed rules that provide legal certainty while maintaining strong compliance standards aligned with international best practices.

CBB Crypto-Asset Regulatory Framework

Volume 6: Capital Markets Regulation

The CBB's crypto-asset regulations are housed within Volume 6 of the CBB Rulebook, which covers capital markets. The crypto-asset module was introduced in 2019 and has been progressively updated to address evolving market dynamics. It establishes a comprehensive licensing and supervisory framework for entities dealing in crypto assets within or from Bahrain.

Scope of Regulation

The CBB's crypto-asset regulations cover:

• Crypto-asset exchanges: Platforms that facilitate the buying, selling, and trading of crypto assets.
• Crypto-asset trading services: Entities that deal in crypto assets on behalf of clients.
• Crypto-asset advisory services: Companies providing investment advice related to crypto assets.
• Crypto-asset portfolio management: Entities managing portfolios of crypto assets for clients.
• Crypto-asset custodial services: Companies providing secure storage and safekeeping of crypto assets.

Licensing Categories

The CBB offers several licensing categories for crypto-asset service providers:

• Category 1: Exchanges operating an organized marketplace for crypto assets.
• Category 2: Entities dealing in crypto assets as principal or agent.
• Category 3: Advisory and portfolio management services.
• Category 4: Custodial services for crypto assets.

Each category carries specific capital requirements, governance obligations, and operational standards. All categories require comprehensive KYC and AML compliance programs.

KYC Requirements Under CBB Rules

Individual Customer Verification

Crypto-asset licensees must collect and verify:

• CPR (Central Population Register) number: For Bahraini nationals and residents, this is the primary identification number.
• National ID card or passport: Government-issued photo identification.
• Full legal name, date of birth, and nationality.
• Residential address with supporting documentation such as utility bills or bank statements.
• Source of funds and source of wealth declarations, particularly for significant transactions.
• Employment and income information.
• Purpose of the crypto asset relationship and expected transaction patterns.

Legal Entity Verification

For corporate customers:

• Commercial registration (CR) from the Ministry of Industry and Commerce
• Memorandum and articles of association
• Identification and verification of all beneficial owners holding 10% or more
• Identification of authorized signatories and directors
• Audited financial statements for the most recent fiscal year
• Corporate resolution authorizing the crypto-asset account opening
• Group organizational structure where applicable

Enhanced Due Diligence

The CBB requires enhanced due diligence for:

• Politically Exposed Persons (PEPs) and their family members and close associates
• Non-resident customers
• Customers from jurisdictions identified as high-risk by FATF or the CBB
• Unusually large or complex transactions without clear economic purpose
• Correspondent relationships with foreign crypto-asset service providers
• Transactions involving privacy coins or mixing services

Joinble's AI-powered identity verification enables Bahraini crypto licensees to implement these tiered due diligence requirements efficiently, automating document validation, biometric checks, and risk-based screening in a unified platform. For KYC essentials, see our guide on what is KYC.

AML/CFT Rulebook Compliance

The CBB's AML/CFT Rulebook applies to all licensed financial institutions, including crypto-asset service providers. Key compliance requirements include:

Compliance Program

Every crypto licensee must establish:

• A board-approved AML/CFT policy that reflects the institution's risk appetite
• A designated Money Laundering Reporting Officer (MLRO) who is senior, experienced, and has direct access to the board
• Written procedures covering customer identification, transaction monitoring, suspicious activity reporting, and record keeping
• Regular risk assessments at both the institutional and customer levels
• Employee training programs covering AML obligations, typologies, and red flag indicators
• Independent audit of the AML program at least annually

Transaction Monitoring

Crypto-asset service providers must implement automated systems to monitor transactions for suspicious patterns, including:

• Transactions that are inconsistent with the customer's declared profile
• Rapid conversion between crypto assets and fiat currencies
• Transfers to or from wallets associated with sanctioned entities or darknet marketplaces
• Structuring of transactions to avoid reporting thresholds
• Use of multiple accounts or identities by the same beneficial owner
• Unusual patterns in trading volume or frequency

Suspicious Transaction Reporting

When suspicious activity is detected, licensees must file a Suspicious Transaction Report (STR) with the CBB's Financial Intelligence Directorate. Reports must be filed promptly, and the tipping-off prohibition prevents licensees from informing the customer that a report has been made.

Record Keeping

All KYC documentation, transaction records, and compliance-related communications must be retained for a minimum of five years from the end of the business relationship or the date of the transaction, whichever is later.

Sandbox Framework

The CBB operates a Regulatory Sandbox that has been instrumental in attracting crypto and blockchain startups to Bahrain. The sandbox allows companies to:

• Test innovative products and services with real customers under controlled conditions
• Benefit from temporary regulatory relief on certain operational requirements
• Receive guidance and feedback from CBB regulators throughout the testing period
• Transition to full licensing upon successful completion of the sandbox program

Sandbox participants must implement baseline KYC and AML measures appropriate to their risk profile. The CBB works with each participant to define proportionate requirements during the testing phase.

Several prominent crypto companies have successfully graduated from Bahrain's sandbox to full licensing, validating the program's effectiveness as a pathway to regulated operation.

Travel Rule Implementation

Bahrain has been proactive in implementing the FATF Travel Rule (Recommendation 16) for virtual asset transfers. The Travel Rule requires crypto-asset service providers to obtain, hold, and transmit originator and beneficiary information for crypto transfers above defined thresholds.

Key Requirements

• Originator information: Name, account number (wallet address), and physical address, national ID number, or date and place of birth.
• Beneficiary information: Name and account number (wallet address).
• Threshold: The CBB has aligned with FATF's recommended threshold, though it may apply the rule to transactions below the threshold on a risk-sensitive basis.
• Technology solutions: Licensees must implement technical solutions to transmit Travel Rule data between counterpart VASPs. Several industry protocols and platforms have emerged to facilitate this.

Compliance with the Travel Rule requires investment in technology infrastructure and counterparty due diligence processes. Crypto companies must verify that receiving institutions can accept and process Travel Rule data before executing transfers.

Bahrain's Strategic Position

Bahrain's approach to crypto regulation offers several strategic advantages:

• Regulatory clarity: Clear rules reduce legal uncertainty and attract institutional participation.
• Regional gateway: Licensed entities in Bahrain can access the broader GCC market from a well-regulated base.
• Government support: The Bahrain Economic Development Board (EDB) actively promotes the Kingdom as a fintech and crypto hub.
• Talent ecosystem: Growing pool of compliance and technology talent supported by government training initiatives.
• International recognition: Bahrain's regulatory framework is recognized by global institutions and facilitates cross-border partnerships.

Joinble's identity verification platform supports crypto companies establishing operations in Bahrain, providing the document verification, biometric matching, and compliance screening infrastructure needed to meet CBB standards from day one. Learn more about KYC fundamentals.

Penalties for Non-Compliance

The CBB has comprehensive enforcement powers:

• Financial penalties proportionate to the severity and duration of the violation
• License suspension or revocation for serious breaches
• Personal sanctions against directors and compliance officers
• Public disclosure of enforcement actions
• Referral to criminal authorities for suspected money laundering or terrorism financing

Frequently Asked Questions

What is the CBB's crypto-asset regulatory framework?

The CBB regulates crypto-asset service providers through Volume 6 of its Rulebook, which covers licensing categories for exchanges, trading services, advisory services, portfolio management, and custodial services. All licensees must comply with comprehensive KYC and AML requirements.

What licensing categories are available for crypto companies in Bahrain?

The CBB offers four main categories: exchanges (Category 1), dealing services (Category 2), advisory and portfolio management (Category 3), and custodial services (Category 4). Each has specific capital, governance, and compliance requirements.

What KYC documents must Bahraini crypto companies collect?

For individuals, the CPR number, national ID or passport, proof of address, source of funds, and employment information are required. Legal entities must provide commercial registration, beneficial ownership details, and audited financial statements.

How does Bahrain implement the FATF Travel Rule for crypto?

Bahrain requires crypto-asset service providers to obtain and transmit originator and beneficiary information for crypto transfers above FATF-recommended thresholds. Licensees must implement technical solutions for Travel Rule data transmission between counterpart VASPs.

Does Bahrain offer a regulatory sandbox for crypto companies?

Yes. The CBB operates a sandbox program that allows crypto and blockchain companies to test innovative services under supervised conditions. Participants must implement baseline KYC measures and can transition to full licensing upon successful completion.

Why is Bahrain considered a MENA crypto hub?

Bahrain offers regulatory clarity, government support, strategic regional positioning, and a comprehensive licensing framework that has attracted global crypto companies. The CBB's proactive approach to regulation and the sandbox program have been key factors in establishing this reputation.