KYC for Fintech in Bangladesh (BFIU and Bangladesh Bank)
Comprehensive guide to KYC, e-KYC and regulatory compliance for fintechs in Bangladesh under BFIU, Bangladesh Bank, MLPA 2012 and the e-KYC directive updated in 2026.
Regulatory Framework for KYC in Bangladesh
Bangladesh has built one of the most advanced digital identity regimes in South Asia. A national biometric register, an active financial intelligence unit and an aggressive regulatory roadmap have turned the country into a regional benchmark for digital financial inclusion. Fintechs operating in Bangladesh must navigate a framework that balances open digital onboarding with strict anti-money laundering (AML) and counter-terrorism financing (CFT) requirements.
Bangladesh Bank, the country's central bank, is the supreme regulator of the financial system. Within its structure operates the BFIU (Bangladesh Financial Intelligence Unit), the financial intelligence unit responsible for issuing KYC guidelines, receiving suspicious transaction reports and coordinating the fight against money laundering. BFIU is a member of the Egmont Group and applies FATF standards.
Primary Legal Basis
- Money Laundering Prevention Act (MLPA), 2012: Section 25 requires every financial institution to collect and verify the customer's full identity before initiating any business relationship.
- Anti-Terrorism Act, 2009: Defines screening obligations against proscribed lists and reporting of suspicious activity linked to terrorism.
- Bangladesh Bank Order, 1972 and Banking Companies Act, 1991: General banking supervision framework.
- BFIU Master Circulars and Guidelines on Electronic KYC (e-KYC): Operational directives, originally published in January 2020 and updated in March 2026.
BFIU e-KYC Directive (2026 Update)
In March 2026 BFIU issued a revised version of the Guidelines on Electronic Know Your Customer (e-KYC), significantly expanding the scope of digital onboarding. The update sets 31 December 2026 as the mandatory implementation deadline for non-bank entities.
Covered Entities
The directive applies to:
- Commercial banks and specialised banks.
- Non-Bank Financial Institutions (NBFIs).
- Insurance companies (life and general).
- Capital market intermediaries (brokers, dealers, asset managers, custodians).
- Mobile Financial Services (MFS) such as bKash, Nagad and Rocket.
- Digital Financial Services (DFS) and other entities licensed by Bangladesh Bank.
Two Tiers of e-KYC
BFIU classifies e-KYC into two categories:
1. Simplified e-KYC
Applicable to low-risk products with strict limits:
- NBFIs: products up to BDT 10 lakh (≈ EUR 7,500).
- Life insurance: sum assured up to BDT 20 lakh.
- Capital market BO (Beneficial Owner) account deposits: up to BDT 15 lakh.
Allows automated verification against the NID database, selfie capture and basic face-match, without requiring detailed risk assessment.
2. Regular e-KYC
Mandatory for products above the previous thresholds and for customers classified as high risk. Requires:
- Expanded collection of socio-economic data and source of funds.
- Digital risk grading of the customer (low / medium / high).
- Full validation against NID + AML/CFT screening.
- Additional documentation for politically exposed persons (PEPs) and complex transactions.
Verification against the NID (National Identity)
The National Identity Card (NID), issued by the Election Commission of Bangladesh, is the cornerstone of the KYC system. The NID is a plastic chip card containing all-finger biometrics, a digital photograph and biographic data.
Key Obligations
- e-KYC is only applicable to natural persons with a valid NID.
- Verification must be performed via direct query to the NID database managed by the Election Commission.
- Accepted methods: biometric validation via fingerprint or face-match against the official NID photograph.
- The customer may complete the process via self-onboarding from a smartphone or assisted by an agent.
Foreign individuals and corporate clients follow parallel processes based on passports, Trade Licenses and physical forms where applicable, since e-KYC is limited to the NID ecosystem.
Legal Person Identification
For corporate clients, fintechs must collect:
- Valid Trade License and certificate of incorporation (RJSC).
- TIN (Tax Identification Number) and BIN (Business Identification Number).
- Articles of association and board resolutions.
- Full identification of partners, directors and authorised signatories (each with their NID).
- Identification of the Ultimate Beneficial Owner (UBO) with direct or indirect ownership above 25%.
Enhanced Due Diligence and Risk Grading
BFIU requires continuous risk grading of every customer. High-risk situations triggering Enhanced Due Diligence (EDD) include:
- Domestic and foreign PEPs and their close family members and associates.
- Customers linked to high-risk jurisdictions identified by FATF.
- Transactions unusual in amount, frequency or geographic pattern.
- Opaque or multi-jurisdictional corporate structures.
- Hawala / hundi and informal remittances.
Suspicious Transaction Reporting
Reporting entities must:
- Appoint a Chief Anti-Money Laundering Compliance Officer (CAMLCO) and Deputy CAMLCO.
- File STR (Suspicious Transaction Reports) and SAR (Suspicious Activity Reports) to BFIU without delay.
- Report cash transactions above BDT 10 lakh (CTR).
- Retain KYC and transaction records for a minimum of 5 years after the end of the relationship.
Sanctions for Non-Compliance
The Bangladeshi enforcement regime is severe:
- Significant administrative fines imposed by BFIU under MLPA 2012.
- Suspension or revocation of licences.
- Custodial sentences for executives in cases of wilful non-compliance.
- Inclusion in supervised-entity lists with operational restrictions.
Trends and Opportunities for Fintechs
Bangladesh runs a particularly dynamic fintech ecosystem in mobile payments (bKash, Nagad), digital microcredit and open banking. The 2026 update to the e-KYC directive has:
- Sharply reduced onboarding costs by enabling 100% remote verification.
- Unlocked financial-inclusion models for the unbanked population (around 35% per World Bank data).
- Opened new use cases for AI Agents in dynamic risk grading, ongoing monitoring and fraud detection.
Joinble integrates with Bangladesh's digital identity infrastructure, supporting NID verification via face-match, biometric fingerprint capture, automated risk grading and AML/CFT screening aligned with BFIU requirements. Our AI Agents help Bangladeshi fintechs meet the 2026 deadline while scaling operations frictionlessly.
Frequently Asked Questions
What is BFIU and what is its role in Bangladesh?
The Bangladesh Financial Intelligence Unit is the country's financial intelligence unit, embedded within Bangladesh Bank. It issues KYC and AML/CFT guidelines, receives suspicious transaction reports, coordinates with domestic and international authorities and supervises compliance among reporting entities. It is a member of the Egmont Group.
Is e-KYC mandatory in Bangladesh?
Yes. BFIU set 31 December 2026 as the mandatory deadline for insurers, capital market intermediaries and other non-bank financial institutions to implement e-KYC. Banks and MFS providers have already been applying it since the original 2020 directive.
What is the difference between Simplified and Regular e-KYC?
Simplified e-KYC applies to low-risk products with monetary limits (BDT 10 lakh for NBFIs, BDT 20 lakh for life insurance, BDT 15 lakh for BO deposits). Regular e-KYC is mandatory above those thresholds or for high-risk customers, and requires full digital risk grading and EDD for PEPs and complex transactions.
How does NID verification work?
Reporting entities query the NID database managed by the Election Commission. Verification is performed via fingerprint or face-match against the official NID photograph. It applies only to natural persons holding a valid NID; foreign individuals and legal persons follow alternative processes.
What sanctions does BFIU apply for non-compliance?
The MLPA 2012 provides for significant administrative fines, suspension or revocation of licences and custodial sentences for executives in cases of wilful non-compliance. BFIU runs on-site supervision programmes and periodic reviews of reporting entities.
How does Joinble help fintechs in Bangladesh?
Joinble provides NID verification, face-match, biometric capture, AI-Agent-driven automated risk grading and AML/CFT screening aligned with BFIU guidelines, allowing fintechs to meet the 31 December 2026 deadline with a fully digital onboarding experience.
Automate your compliance with AI Agents
Joinble's Agentic Identity platform reduces manual KYC reviews by up to 80%. Book a demo to see it in action.
Book a demoStay up to date on AI & KYC
Get the best articles on artificial intelligence, identity verification and compliance delivered straight to your inbox.
Related compliance guides
KYC and AML Compliance for Fintech in Argentina (UIF & CNV)
Detailed guide to KYC and AML compliance for fintech companies in Argentina, covering UIF regulations, CNV securities oversight, BCRA PSP licensing, and FATF grey list implications.
KYC & AML for Fintech in Canada (FINTRAC & PCMLTFA)
Complete guide to KYC, AML, and CTF compliance requirements for fintech and crypto companies operating in Canada under FINTRAC regulations.
KYC & AML for Fintech in Chile (Ley Fintech & CMF)
Complete guide to KYC and AML compliance for fintech companies in Chile under the Ley Fintech (Ley 21,521), CMF oversight, UAF reporting, and the open banking framework.
