Licensing Status
We are pursuing dedicated licences in our three primary markets. In jurisdictions where we don't yet hold a direct licence, we operate through licensed payment service provider partners under formal commercial agreements.
| Country | Regulator | Licence type | Status | Reference / Notes |
|---|---|---|---|---|
| 🇬🇭 Ghana | Bank of Ghana (BOG) | Payment Service Provider (Enhanced Tier) | Application submitted | Filed November 2025. PSP Enhanced covers mobile payments, remittances, and e-money issuance. |
| 🇳🇬 Nigeria | Central Bank of Nigeria (CBN) | Payment Solution Service Provider (PSSP) | Application in review | Filed September 2025. Operating under Paystack's PSSP licence during review period per regulatory guidance. |
| 🇰🇪 Kenya | Central Bank of Kenya (CBK) | National Payment System (NPS) Licence | Application pending | Preparing submission Q2 2026. Operating via M-Pesa Business API (Safaricom licence) for Kenya corridors. |
| 🇷🇼 Rwanda | National Bank of Rwanda (NBR) | Payment Services Provider | Planned H2 2026 | Operating via MTN Rwanda MoMo API under their licence. Own licence application planned post-Series A. |
| 🇹🇿 Tanzania | Bank of Tanzania (BOT) | Payment System Operator | Planned H2 2026 | Operating via Vodacom M-Pesa Tanzania's licensed infrastructure. |
| 🇸🇳 Senegal / ECOWAS | BCEAO (West African Central Bank) | Electronic Money Institution (EMI) | Research phase | BCEAO provides a single EMI licence valid across all 8 WAEMU member states. Significant opportunity. |
Anti-Money Laundering (AML) & Know Your Customer (KYC)
AfriLink Pay operates a risk-based AML/KYC programme consistent with FATF Recommendations and local legal requirements. Our programme includes customer due diligence, enhanced due diligence for high-risk customers, ongoing transaction monitoring, and mandatory Suspicious Activity Report (SAR) filing.
Customer verification tiers
Phone verified
Phone number ownership verified via OTP. Allows low-value transfers. No document upload required.
ID verified
Government-issued ID (national ID, passport, or driver's licence) verified via automated document scan. Full name, date of birth, and ID number recorded and screened against sanctions lists.
Full KYC
Tier 2 plus proof of address (utility bill or bank statement less than 3 months old). Biometric liveness check. Required for high-value transfers and business accounts.
Sanctions screening
All customer registrations and transactions are screened against OFAC SDN, UN Consolidated Sanctions List, EU Consolidated List, and UK HMT sanctions lists. Screening is performed in real time before transfer execution. Positive hits are blocked and referred to our compliance team within 1 hour.
Transaction monitoring
Our real-time transaction monitoring system (TMS) uses rule-based alerts and machine learning to detect structuring, rapid succession transfers, dormant account reactivation, and high-risk corridor patterns. Suspicious activity is escalated to our compliance officer for SAR determination within 24 hours.
Data Protection
NDPR (Nigeria)
We comply with the Nigeria Data Protection Regulation 2019 and the Nigeria Data Protection Act 2023. We maintain a designated Data Protection Officer, conduct annual Data Protection Audits (DPAs), and file DPA reports with the Nigeria Data Protection Commission (NDPC).
GDPR (EU/UK users)
For users in EU or UK who initiate transfers, we apply GDPR and UK GDPR standards. Legal bases for processing include contract performance and legitimate interest. Data portability, right to erasure, and right to restrict processing are all supported.
Ghana DPA 2012
We adhere to Ghana's Data Protection Act 2012 and are registered with the Data Protection Commission. Our Privacy Notice is accessible at all registration touchpoints as required under Section 18 of the Act.
Kenya DPA 2019
We comply with Kenya's Data Protection Act 2019. Our data practices have been designed to meet the requirements of the Data Protection (General) Regulations 2021, including data minimisation, storage limitation, and purpose limitation principles.
Regulator Contacts
If you are a regulatory authority and need to contact AfriLink Pay's compliance team, please reach us at the dedicated contact below. We aim to respond to all regulator enquiries within 4 business hours.
Compliance & Legal
Email: compliance@afrilinkpay.com
For AML, KYC, SAR, and regulatory correspondence.
Data Protection Officer
Email: dpo@afrilinkpay.com
For data subject access requests, GDPR/NDPR enquiries.