Safeguarding Ethiopia’s Capital Market: A Detailed Examination of ECMA’s AML/CFT Guideline

The Ethiopian Capital Market Authority (ECMA) released comprehensive guidance in November 2025 to address money laundering (ML) and terrorist financing (TF) risks in the securities sector. This guidance reflects international best practice and tailors it to Ethiopia’s emerging capital market.

Regulatory Context and Objectives

Money laundering techniques in securities markets often involve complex layering, making illicit transactions appear legitimate. ECMA notes that the securities industry can both launder illicit funds obtained elsewhere and generate illicit profits through activities like market manipulation and insider trading. Yet, this sector has historically seen fewer suspicious transaction reports (STRs) than the broader financial sector. In response, ECMA’s guideline aims to strengthen surveillance and risk management across capital-market participants.

Grounded in Proclamation 1248/2021 and referencing international standards—including the Financial Action Task Force’s risk‑based approach and IOSCO’s principles—ECMA’s guidance emphasises that intermediaries and service providers must adopt a systematically documented risk-based approach. This means identifying potential ML/TF risks by customer type, product, service or transaction, reviewing assessments periodically, and focusing scrutiny on those posing higher risks. The guidance also clarifies that it supplements existing laws rather than replacing them, urging firms to seek legal advice where necessary.

Detailed Customer Due Diligence Requirements

Tiered KYC and Prohibitions

Investors—whether individuals, businesses or other legal entities—must undergo customer due diligence (CDD) when opening accounts with brokers, portfolio managers or other capital-market service providers (CMSPs). The guideline explicitly prohibits funding trading accounts with cash deposits to prevent anonymous or untraceable inflows.

CMSPs are instructed to calibrate due diligence to the risk level. For small individual investors with deposits below ETB 50,000, simplified due diligence applies. This includes verifying identity through the national FAYDA digital ID or a passport for foreign investors, collecting basic personal data (name, address, date of birth, occupation, nationality) and ensuring the consolidated deposit threshold is observed across brokers through the Central Securities Depository. The guideline stresses that self-declared income and risk tolerance, though primarily used for product suitability, may highlight behaviours that warrant enhanced monitoring.

Investors must declare their source of funds and wealth, and CMSPs may rely on self-declarations unless they suspect falsehood, in which case documentation from relevant authorities is required. A Level‑2 (standard) due diligence must be initiated after one year of activity, when transferring securities or funds to another broker, when adding funds beyond the initial threshold or when suspicious conduct emerges. The guideline also permits electronic KYC (e-KYC) provided CMSPs have the infrastructure and access to the FAYDA database.

Identifying Individuals and Professionals

For standard due diligence, CMSPs must collect and verify the customer’s identity and understand the purpose of the business relationship. This involves confirming the customer’s address, occupation, revenue and wealth, product preferences and tax identification numbers. Checks against international sanctions and politically exposed person (PEP) lists are mandatory. Simplified due diligence may rely on FAYDA ID and a tax identification number, with fewer additional requirements.

Supporting documents must meet several standards. Identity documents (FAYDA ID or foreign passport) must be valid and verifiable. Proof of residential address may include national digital IDs, driving licences or utility bills. If the customer resides in rented accommodation, CMSPs must collect a landlord’s certification, the landlord’s identity document and proof of the landlord’s address. Financial information is primarily self-declared; wealth documentation becomes necessary if there are doubts about the origin of funds.

For legal persons, CMSPs must obtain certified incorporation documents issued within the past three months that detail the company’s name, legal form, registered address and the identities of directors and partners. These documents should be authenticated by the Document Authentication and Registration Service (DARS).

Red Flags and Suspicious Behaviour

The guideline offers an extensive list of red flags. Customers—natural or legal—who resist providing essential information, avoid personal contact, insist on using intermediaries without justification, or cannot explain their business activities or source of funds warrant closer scrutiny. Further indicators include PEP status, inconsistencies between declared wealth and observed transactions, or prior involvement in serious crimes.

For legal entities, warning signs include dormant companies that suddenly become active, names that misrepresent business activity, use of free email domains, implausible addresses, uncontactable directors, nominee shareholders, and complex structures without clear business rationale. Frequent transfers to foreign intermediaries, multiple bank accounts without clear economic purpose, aggressive tax-minimisation schemes, and unusual trading in illiquid securities also trigger suspicion. These signals necessitate enhanced due diligence and, where justified, filing an STR.

Intermediary Relationships and Licensing Checks

CMSPs and market intermediaries often transact with other licensed entities—exchanges, depositories, clearing houses, brokers, investment banks or robo‑advisers. ECMA requires that each party verify the other’s licence and obtain a recent “No-Objection Letter” from the regulator or relevant authority. This streamlined check acknowledges that licensed entities have already undergone comprehensive vetting, preventing duplication but ensuring each party operates within its authorised scope.

Business introducers, agents and distributors pose additional risks. If these intermediaries are regulated and considered low risk, CMSPs may rely on questionnaires to confirm the robustness of their AML/CFT systems. Unregulated or high‑risk intermediaries, however, require full enhanced due diligence—including PEP screening and sanction-list checks.

Strengthening Internal Governance and Controls

Tailored Internal Controls

The guideline stresses that AML/CFT systems must be scaled to the institution’s size, activities and identified risks. Effective systems require qualified staff, training, appropriate technological tools and documented procedures. Specific policies should define the recruitment and training of compliance personnel, outsourcing conditions, roles of internal control committees, and requirements for permanent and periodic audits.

Anti-Corruption, Anti-Bribery and Conflicts of Interest

Given the connection between corruption, bribery and money laundering, CMSPs must assess business partners’ anti-corruption frameworks. Risk mapping should identify corruption risks by assessing how intermediaries secure clients, such as through external agents or distributors. Firms should verify the existence of codes of conduct, training, whistle-blowing procedures and appropriate governance structures. The guideline emphasises proportionality: firms may prioritise assessing the most significant partners and update assessments annually or when significant changes occur.

Conflict-of-interest management is also required. Firms must map potential conflicts, develop prevention policies, train employees to recognise conflicts, and require declarations of personal or business interests. Due diligence on third parties should detect conflicts between introducers, clients and firm employees.

Asset Freezing Obligations

Distinct from other provisions, asset freezing is not risk-based. Under Proclamation 780/2013, once the Ethiopian Council of Ministers designates individuals or entities under UN Security Council sanctions, financial institutions—including CMSPs—must freeze related funds and report them to the FIS. This obligation underscores the seriousness of terrorist-financing risks and the need for immediate action.

Responsibilities of Securities Issuers

Issuers of securities remain ultimately responsible for AML/CFT compliance. Even when intermediaries—investment banks, crowdfunding platforms or independent sponsors—handle issuance operations, issuers must ensure these agents are “fit and proper” and capable of fulfilling AML/CFT obligations. In private placements restricted to professional or qualified investors, intermediaries must verify investor eligibility and perform enhanced due diligence. For crowdfunding intermediaries dealing with retail investors, due diligence remains their responsibility.

Comprehensive Reporting Obligations

Suspicious Transaction Reports

CMSPs and market infrastructures must report suspicious transactions to the FIS. Failure to submit STRs leads to legal consequences under Ethiopia’s AML/CFT laws. ECMA examines compliance with this obligation during its inspections, reinforcing the sector’s accountability.

Annual AML/CFT Report

One of ECMA’s key supervisory tools is the annual AML/CFT control report, due after each calendar year and signed by the CEO or general manager. The report must present detailed information on the business, including company type, legal form, capital and shareholders, products and services, customer segmentation and distribution channels. It should describe the firm’s AML/CFT organisation—human resources, technology, internal controls and outsourced tasks—and outline risk assessments, mitigation measures and remaining risks.

Quantitative data are crucial. ECMA requires counts of customers by type, PEPs, dormant accounts, risk-level revisions and decisions not to enter relationships for AML/CFT reasons. The report must also include statistics on STRs submitted and their outcomes. ECMA recognises that nascent markets may lack resources to produce exhaustive reports; thus, the guideline provides minimum content requirements with the expectation of expanding over time.

Structure of Suspicious Transaction Reports

Appendix 2 details the content of a STR. The report must identify the declarant and their professional role, provide the customer’s identification (including beneficial owners), describe the nature and purpose of the business relationship, and explain the transaction(s) that triggered suspicion. Essential elements include reasons for suspicion, period of events, total amount involved, number of entities involved, financial instruments used, number of transactions and their status. This structured approach ensures FIS receives the necessary information to investigate potential offences.

Conclusion

ECMA’s November 2025 guideline represents a comprehensive blueprint for combating money laundering and terrorist financing within Ethiopia’s capital market. By insisting on a risk-based approach, detailed customer due diligence, stringent checks on intermediaries, robust internal governance, and comprehensive reporting, ECMA aims to raise the integrity and transparency of the sector. Firms should review their policies and procedures to ensure alignment with these requirements. Effective implementation will not only mitigate ML/TF risks but also enhance investor confidence and support the sustainable growth of Ethiopia’s capital market.