Crypto Crackdowns: How to Prepare for New AML Rules in Indonesia, Kenya, Nigeria — and Beyond

Written By Justin Pemberton
Modern Jakarta trading floor at golden hour. Young Indonesian traders in business casual working on multiple screens showing blurred crypto charts. Through floor-to-ceiling windows: sprawling cityscape with traditional markets visible below.

Why Crypto AML Enforcement Is Heating Up

Across emerging markets, crypto regulation is moving from advisory to enforcement. What used to be grey zones are quickly becoming high-risk blind spots — especially for exchanges, wallet apps, agent networks, and crypto-adjacent remittance services.

In Kenya, four U.S.-based remittance operators were blacklisted in early 2025 for AML violations — a strong signal that enforcement will not be limited to local players. New legislation now also requires crypto firms to disclose their beneficial ownership, part of a broader push for transparency and accountability in digital financial services. This goes beyond customer screening — it speaks to who controls platforms, and how they’re regulated.

In Indonesia, where crypto trading is legal but tightly monitored, the government is beginning to push beyond exchange licensing and toward broader AML compliance for fintechs and alternative payment systems.

In Nigeria, despite past central bank restrictions, regulators are now actively licensing crypto companies under the Securities and Exchange Commission (SEC), with mandatory risk assessments and screening requirements.

Even in countries with less defined frameworks — like Senegal, Benin, Burkina Faso, and Ghana — the direction of travel is clear:

  • Greater alignment with FATF and GIABA/APG recommendations

  • More scrutiny on customer onboarding and source of funds

  • Increasing pressure on banks and FIUs to enforce AML expectations, even informally

Put simply: if your platform touches crypto flows, you’re likely already in scope — even if no one’s sent the memo yet.

What Regulators Are Really Looking For

While every jurisdiction phrases it differently, the AML expectations for crypto-related businesses are becoming more consistent.

Here’s what’s now expected (or coming soon) in markets like Indonesia, Kenya, Nigeria, and beyond:

Know Your Customer (KYC)

  • Identity verification during onboarding

  • Risk profiling (e.g. high-risk customers, transaction limits)

  • Enhanced checks for certain client types or geographies

Sanctions and Watchlist Screening

  • Real-time name screening against OFAC, UN, EU, and national lists

  • Screening of both senders and recipients, including wallet addresses where required

  • Ongoing monitoring for flagged activity

Source of Funds / Source of Wealth Checks

  • Understanding where money comes from — especially for large, unusual, or offshore transfers

  • Increasingly relevant for P2P platforms, OTC desks, and high-volume agents

Internal Risk Assessment

  • Mapping your customer types, jurisdictions, products, and exposure

  • Required by regulators in Nigeria and Malaysia, encouraged in Kenya and Indonesia

  • Becoming an informal expectation across West Africa (especially GIABA member states)

 Beneficial Ownership Disclosure

  • Knowing who ultimately controls or benefits from a crypto business

  • Now mandatory in Kenya — and under discussion in other markets as regulators follow FATF guidance

  • Key for building trust with regulators, banks, and cross-border partners

 Record Keeping & Audit Trails

  • Clear logs of onboarding, screening, and transaction approvals

  • Ability to generate reports on request by regulators or partner banks

Even in countries where crypto regulation is still evolving, regulators are using AML as a proxy — asking institutions to show basic controls before licensing, renewing bank accounts, or approving new corridors.

Key Challenges for Smaller Platforms

For global exchanges or VC-backed fintechs, meeting AML expectations is often a matter of adding headcount or upgrading vendors. But for smaller players — especially in Kenya, Nigeria, Indonesia, Ethiopia, and much of West Africa — the reality is different.

Many platforms are built lean, operate across informal agent networks, or straddle remittance and crypto functionality without fitting neatly into either regulatory box.

Here’s what makes compliance difficult for many local players:

Unclear or shifting local laws

In many countries, crypto regulation is still a work in progress. Some operators don’t know whether they fall under the central bank, the securities regulator, or a digital services authority — and formal AML guidance may be incomplete, contradictory, or buried in circulars.

The absence of clarity doesn’t mean absence of risk.

Enforcement often arrives before regulation does.

Limited internal resources

Small teams — sometimes just two or three people — are expected to build onboarding flows, manage fraud, interface with banks, and now handle sanctions checks, risk scoring, and audit trails. Hiring a compliance officer may not be realistic in early stages.

This is where low-code or zero-integration tools become essential.

Informal structures or hybrid models

Some services combine crypto transfers with cash-in/cash-out agents, mobile money integration, or cross-border remittance. These hybrid models don’t always map to traditional compliance tools, and the risks (e.g. anonymity, layering) can be harder to monitor.

Risk assessments need to reflect the actual flow of funds, not just licensing status.

Lack of affordable tools built for their scale

Many AML platforms are designed for banks — with price points, onboarding requirements, and features to match. This leaves smaller operators stuck between:

  • Expensive systems they can’t justify

  • Manual processes they can’t scale

  • A rising tide of regulatory expectation

💡 This is where platforms like Anqa — designed specifically for smaller financial institutions — can fill the gap.

 No safe channel for proactive engagement

Even when smaller crypto platforms want to be compliant, they often don’t know where to start — and fear reaching out to regulators might trigger scrutiny, not support. This leads to hesitation and delay, until enforcement forces the issue.

Starting to document your risk processes, screening users, and keeping records is one way to show good faith — even before formal registration is required.

What practical steps to take now

Even if your business isn’t yet regulated as a crypto provider, enforcement pressure is rising — and expectations are spreading fast. You don’t need a licence in hand to start building basic AML controls.

Here are some steps that small platforms across Africa and Asia are taking now to stay ahead of enforcement, build trust with partners, and protect their operations.

Start with basic KYC and sanctions screening

Even if it’s not yet required in your jurisdiction, performing customer due diligence is increasingly a baseline expectation. That means:

  • Verifying user identity during onboarding

  • Checking names against updated sanctions and watchlists

  • Flagging incomplete or suspicious profiles before transactions are approved

This can be done with lightweight tools — no need to build an entire onboarding pipeline from scratch.

Create a basic risk register

You don’t need a consultant or 40-page policy to meet this requirement. Just documenting:

  • What kinds of customers you serve

  • What products/services you offer

  • Where your risk exposure might be (e.g. high-risk corridors, cash agents, large transfers)

…is already a step forward. Many regulators, including in Nigeria and Malaysia, now expect this kind of internal AML mapping — even if they haven’t issued formal templates.

Document your onboarding and transfer flows

If your service connects mobile money, remittance, and crypto rails, it’s important to show how funds enter, move, and exit your system. This doesn’t have to be complex — even a diagram and a few bullet points can demonstrate that you’re thinking about risks at each stage.

This becomes especially helpful if you’re ever asked:

  • “Who are your customers?”

  • “How do you know they’re legitimate?”

  • “Where does the money go, and how is it controlled?”

Begin beneficial ownership checks (if applicable)

If you’re facilitating crypto-to-cash, running a wallet product, or operating across borders, you may be asked not just who your customers are — but who controls or benefits from your business.

Kenya now mandates beneficial ownership disclosure for crypto firms. Other countries may follow. Getting your documentation in order early — and knowing who’s listed on your corporate registry — reduces future friction.

Keep auditable records

Whether it’s onboarding logs, screening results, or decision notes, keeping basic records is crucial. You don’t need a full back-office system — even structured spreadsheets or automated email logs can make a difference.

This is what banks and regulators increasingly look for before extending relationships, opening accounts, or granting licensing.

Why early compliance can become your advantage

Most crypto platforms approach compliance as something they “have to do” to avoid fines or shutdowns. But for smaller, regional firms — especially in East Africa, Southeast Asia, and parts of West Africa — getting AML right early can be a strategic edge.

Here’s why:

It helps you build lasting relationships with banks

Banks are under pressure to manage their own AML risks — and that means tightening relationships with fintechs, remittance providers, and crypto firms. The more clarity you can offer about your customers, processes, and controls, the more likely a bank is to onboard or retain you.

Even informal or agent-based models benefit from having screening tools and documented workflows.

It positions you for future licensing

In countries like Nigeria, Indonesia, and Malaysia, licensing regimes for crypto or payment platforms now include AML and risk management requirements. If you’ve already started this journey, you’re in a better position when frameworks become formalised.

And in countries where regulation is still forming — like Senegal, Ethiopia, or Ghana — early action can put you ahead of the curve.

It lowers your cost of doing business

Regulatory risk costs money. That could be through lost partners, frozen accounts, blocked corridors — or simply the time and stress spent dealing with enforcement.

On the flip side, solid compliance helps lower barriers:

  • It builds trust with global partners

  • It reduces friction when scaling

  • It can even help lower the cost of capital — lenders view compliant businesses as safer bets

In compliant economies, borrowing is cheaper. Transparency pays off.

It builds trust with customers

In a crowded market of apps and agents, trust matters. Letting customers know you’re screening for fraud, following AML safeguards, and securing their transactions builds your brand — and differentiates you from grey-market competitors.

The bigger picture: Compliance shouldn’t exclude

Too often, compliance frameworks are built for big banks — with expensive systems, complex reporting tools, and training requirements that leave smaller firms behind. But financial inclusion can’t happen without compliance inclusion.

That means building systems that work for real people in real markets — not just checking boxes, but creating trust, transparency, and safe access to financial services for everyone.

And the truth is: when compliance tools work for everyone, everyone wins.

Customers feel safer. Platforms grow faster. Regulators get clarity. And global trust increases.

If you’re a crypto or remittance business operating in Kenya, Nigeria, Indonesia, Ethiopia, or across West Africa and Asia — we’re here to help make that path achievable.

Want to talk through your options?

Let’s chat.

Justin Pemberton
Next

AML for Remittance Firms: Tools to Stay Compliant and Competitive