Council for the Financial Market

Council of the Financial Market Regulation dated January 23, 2026, setting forth practical measures for combating money laundering, countering terrorism financing and proliferation of weapons.

The Council of the Financial Market,

Having regard to Organic Law No. 2015-26 of August 7, 2015 on combating terrorism and money laundering, as amended and supplemented by Organic Law No. 2019-9 of January 23, 2019 and notably its Articles 107 and 115,

Having regard to Law No. 94-117 of November 14, 1994 reorganizing the financial market, as amended and supplemented by subsequent texts, including the most recent Law No. 2019-47 of May 29, 2019 on improving the investment climate and notably its Articles 28, 29, 31, 40, 42, 48 and 52,

Having regard to Law No. 2020-37 of August 6, 2020 on "Crowdfunding",

Having regard to Decree No. 99-2478 of November 1, 1999 on the status of stockbrokers, as amended and supplemented by Decree No. 2007-1678 of July 5, 2007 and notably its Articles 50 bis, 65 bis, 86 new and 86 bis,

Having regard to Decree No. 2006-1294 of May 8, 2006 implementing Article 23 of Law No. 2005-96 of October 18, 2005 on strengthening the security of financial relations, as amended and supplemented by Decree No. 2009-1502 of May 18, 2009 and notably its Articles 6 and 6 ter,

Having regard to Governmental Decree No. 2019-54 of January 21, 2019 on the procedures and criteria for establishing beneficial owners,

Having regard to Governmental Decree No. 2019-419 of May 17, 2019 on the procedures for implementing resolutions adopted by competent UN bodies related to combating terrorism financing and proliferation of weapons of mass destruction, as amended and supplemented by Governmental Decree No. 2019-457 of May 31, 2019,

Having regard to Decree No. 2022-765 of October 19, 2022 regulating "Crowdfunding" activity in securities investment,

Having regard to the Council for the Financial Market Regulation on collective investment schemes in securities and portfolio management companies for third parties, as referred to by the Minister of Finance Order of April 29, 2010 and as amended by the Regulation referred to by the Minister of Finance Order of February 15, 2013 and notably its Articles 82, 84 and 152,

Having regard to the Council for the Financial Market Regulation of November 11, 2024 on the conditions for exercising securities investment crowdfunding activity and notably its Article 37,

Having regard to the Tunisian Financial Analysis Commission Decision No. 2017-03 of March 2, 2017 on beneficial owners, as amended by Decision No. 2018-10 of June 8, 2018,

Having regard to the Tunisian Financial Analysis Commission Decision No. 2024-01 of June 27, 2024 setting out guiding principles on the reporting of suspicious operations and transactions.

Enacts the regulation as follows:

Chapter One

General Provisions

Article 1 – This regulation sets forth application measures based on the risk-based approach to be applied, for combating money laundering, countering terrorism financing and proliferation of weapons, by stockbrokers, securities portfolio management companies for third parties, and crowdfunding service providers investing in securities, hereinafter referred to as "establishments".

---

Art. 2 - The definitions provided by Organic Law No. 2015-26 of August 7, 2015 cited above apply to the following terms:

• Money laundering,
• Terrorism financing,
• Risk-based approach,
• Beneficial owner,
• Risk-related politically exposed persons,
• Suspicious transactions or operations,
• Organization,
• Legal structure,
• Assets,
• Freezing.

Art. 3 - For the purposes of this regulation, the following terms mean:

• Proliferation of weapons: the spread, manufacture, acquisition, possession, transfer or unauthorized use of weapons, in particular weapons of mass destruction (nuclear, biological, chemical, etc.), as well as their delivery systems (missiles, launch technologies, etc.).
• Client: clients of establishments, whether regular or occasional, natural persons, legal entities or legal structures. An occasional client is any person who approaches establishments with the aim of preparing or executing a one-off transaction or operation. A one-off transaction or operation is one that does not give rise to the establishment of an account opening or management agreement.
• Legal entity: any entity with autonomous assets, distinct from those of its members or partners, even if legal personality has not been granted to it under a special statutory provision.
• Multidimensional approach regarding beneficial owner identification: a methodology based on using multiple sources and criteria to determine who truly controls a company or entity. It is not limited to identifying who holds the most shares, but also takes into account other forms of control, such as influence over decisions or agreements between persons.
• Reliable and independent sources: central or local official authorities or financial institutions established in countries applying international standards for combating money laundering, countering terrorism financing and proliferation of weapons sufficiently.
• Electronic transfer: any fund transfer operation by electronic means within the meaning of Law No. 2005-51 of June 27, 2005 on electronic fund transfers.
• Risk mapping: a document prepared internally by each establishment, containing an assessment of inherent risks related to money laundering, terrorism financing and proliferation of weapons, as well as the policies and procedures put in place to mitigate these risks, plus an assessment of corresponding residual risks after applying mitigation measures.
• Fictitious foreign correspondent: any foreign bank or financial institution that does not have a fixed registered office for conducting its activities and is not subject to the supervision of a regulatory authority. This definition does not apply to establishments affiliated with an authorized bank or financial institution subject to the supervision of a regulatory authority established in countries applying international standards for combating money laundering, countering terrorism financing and proliferation of weapons sufficiently.
• Designated person or entity: any natural or legal person or entity designated for the application of targeted financial sanctions related to countering the proliferation of weapons of mass destruction under resolutions of the United Nations Security Council, and whose names appear on the list established by the competent national authority with legal authority to implement and enforce targeted financial sanctions.

---

• Targeted financial sanctions: include both the freezing of funds and other assets of a designated person or entity, as well as prohibitions aimed at preventing funds and other assets from being made available, directly or indirectly, to or for the benefit of that person or entity.

Art. 4 - Establishments must identify, assess and understand the specific risks related to money laundering, terrorism financing and proliferation of weapons to which they are exposed based on their clients, products, services, distribution channels and geographical areas of activity. Based on this assessment, they must apply necessary due diligence, monitoring and control measures proportionate to the identified risk level.

Establishments must also document the risk assessment and make available to controllers of the Council for the Financial Market all documents, studies and statistics used in developing this assessment.

Chapter Two

Customer Due Diligence Measures

Art. 5 - Establishments must refrain from opening or holding secret accounts, whose origin is unknown or under fictitious names.

They must, when establishing the business relationship, verify by means of official documents and other documents emanating from independent and reliable sources, the complete identity of the client, their activity, address as well as the purpose and nature of the business relationship, and record all necessary data capable of identifying them.

When the client designates a person to represent them, establishments must verify that the authorized representative is duly authorized to act on behalf of the client and verify their complete identity, obtaining data proving the relationship linking them to the client, even when such designation occurs after the business relationship has been established.

The identity verification obligation applies to occasional clients when they execute occasional financial transactions or operations with a value equal to or greater than the amount set by current legislative and regulatory texts, or in the form of electronic transfers, whether executed in a single operation or several linked operations.

Establishments must also comply with the identity verification obligation when there is:

• A suspicion of money laundering, terrorism financing or proliferation of weapons,
• Doubts regarding the accuracy or relevance of previously obtained client identification data.

The client identity verification obligation does not apply to companies listed on the Tunis Stock Exchange and public enterprises.

Art. 6 - If circumstances of the transaction or operation indicate that it is performed or may be performed for the benefit of a third party, the identity verification obligation on establishments extends to the beneficial owner of the transaction or operation.

Art. 7 - Subject to account opening procedures for clients provided by regulatory texts governing the financial market, establishments must adopt a multidimensional approach regarding client identification, their representative and beneficial owner by combining different information sources to ensure transparency of effective ownership, and collect at least the following data as part of identification:

When it concerns a natural person:

• Full name, date and place of birth as well as nationality,
• Identity card or passport number, issue date and validity period,
• Effective residence address including postal code, telephone number and, where applicable, electronic address,
• Profession and business address,

---

• Purpose of the business relationship and its nature,
• A specimen signature.

The aforementioned data are verified notably based on the national identity card for Tunisians and an official recognized identification document bearing a photo, address and holder's activity for foreigners.

When it concerns a legal entity or legal structure:

• Date of incorporation, trade name or denomination, legal form and corporate purpose,
• Unique identifier and commercial register number as well as tax identification number,
• Registered office address including postal code, telephone and fax numbers and electronic address. When main activities are not exercised at the registered office, the effective business address must be indicated,
• Capital distribution,
• Identity of its directors and persons having the authority to bind it as well as documents proving their capacity to do so, with the obligation to collect regarding them the data relating to natural persons provided by this article,
• Identities and addresses of major shareholders whose participation in the company's capital amounts to at least 20% and persons who control it when it is a company, or if it is an entity other than a company or legal structure, the identity of founders and persons exercising effective control or who are beneficial owners, with the obligation to collect regarding them the data relating to natural persons provided by this article,
• Purpose of the business relationship and its nature.

The aforementioned data are verified notably based on articles of association, a commercial register extract or an extract from the National Business Register, a deed of incorporation and any equivalent official document or other document emanating from reliable and independent sources, when the legal entity or legal structure is registered abroad.

Establishments must consult the original documents on which the data provided by this article were verified and obtain copies that must be recorded in a dedicated file for each client.

Art. 8 - Establishments must take necessary measures to verify, when establishing the business relationship or executing an occasional transaction or operation and subsequently on a periodic basis, that the client or beneficial owner does not appear on the list of persons or organizations whose link to terrorist crimes is established by competent international bodies or by the National Commission for Combating Terrorism.

They must also proceed to freeze assets belonging to persons or organizations referred to in the first paragraph of this article and make the corresponding declaration, in accordance with Article 103 of Organic Law No. 2015-26 of August 7, 2015 cited above.

Art. 9 - Establishments must take necessary measures to verify, when establishing the business relationship or executing an occasional transaction or operation and subsequently on a periodic basis, that the client or beneficial owner is not registered on the list of persons or entities subject to targeted financial sanctions related to preventing, combating and interrupting the proliferation of weapons of mass destruction and its financing as established by the competent national authority with legal authority to implement and enforce targeted financial sanctions in accordance with prevailing legislation.

Establishments must also:

• Freeze, without delay and without prior notification, the funds and other assets of the designated person and entity.

The freezing obligation extends to:

• All funds or other assets owned or controlled by them and not only those specifically linked to an act, conspiracy or threat of proliferation of weapons,

---

• Funds or other assets owned or controlled by them wholly or jointly, directly or indirectly,
• Funds or other assets originating from or generated by funds or other assets owned or controlled directly or indirectly,
• Funds or other assets of natural or legal persons acting on their behalf or under their instructions.
• Prohibit making available to the designated person or entity the frozen funds and other assets except with authorization from the competent national authority with legal authority to implement and enforce targeted financial sanctions,
• Declare to the competent national authority with legal authority to implement and enforce targeted financial sanctions all frozen funds or other assets and all measures taken in accordance with the prohibitions issued by it, including attempts at financial transactions.

Art. 10 - Establishments must designate among their directors or employees a contact point with the National Commission for Combating Terrorism and its deputy. They must communicate to the commission the decision designating the contact point and deputy, indicating their status, function as well as telephone and fax numbers and electronic address.

Designated persons must possess the adequate hierarchical level, competence and experience required to perform their duties independently and effectively.

The contact point with the commission is responsible for verifying that:

• The client or beneficial owner does not appear on the list of persons or organizations whose link to terrorist crimes is established by competent international bodies or by the National Commission for Combating Terrorism, and this at the time of establishing the business relationship or executing an occasional transaction or operation and subsequently on a periodic basis and upon any updates to the aforementioned lists;
• The client or beneficial owner is not registered on the list of persons or entities subject to targeted financial sanctions related to preventing, combating and interrupting the proliferation of weapons of mass destruction and its financing as established by the competent authority with legal authority to implement and enforce targeted financial sanctions, and this at the time of establishing the business relationship or executing an occasional transaction or operation and subsequently on a periodic basis and upon any updates to the aforementioned list.

Establishments must make available to the contact point all necessary data, documents and registers for performing their duties.

Art. 11 - Establishments must take enhanced measures when the risk level is high. They must notably exercise heightened vigilance regarding accounts of persons representing a high risk, business relationships and transactions with residents of countries and territories designated by the Financial Action Task Force as presenting high risk or non-cooperative, as well as clients conducting exclusively remote transactions.

Establishments may apply reduced due diligence measures for certain clients provided that the risks associated with them are identified and assessed as low, and that this assessment aligns with the national risk assessment for money laundering, terrorism financing and proliferation of weapons. They may also resort to simplified measures to manage and mitigate identified risks. However, it is prohibited to apply reduced measures when there is a suspicion of money laundering, terrorism financing or proliferation of weapons financing, or when the risk level is high.

---

Art. 12 - Establishments that rely on a third party to establish business relationships or execute transactions or occasional operations must:

• Ensure that the third party is subject to legislation, regulation and supervision related to combating money laundering and countering terrorism financing and proliferation of weapons,
• Assess the risk level in the countries where it operates,
• Specify in writing the procedures to be put in place to verify client identity in accordance with this regulation and ensure compliance,
• Immediately obtain from the third party client identification data as well as all other relevant information and documents, and verify their identities,
• Ensure that it is capable of providing, upon request and without delay, copies of the documents on which client identity was verified and other related documents.

Where establishments rely on a third party belonging to the same group, they must ensure that group entities apply due diligence measures and procedures regarding combating money laundering, countering terrorism financing and proliferation of weapons that cover the reliance on a third party to establish business relationships or execute transactions or occasional operations, and guarantee the exchange of information regarding necessary due diligence or unusual activity reports between them.

Where a contract is concluded with a third party, it must stipulate the obligations incumbent on the third party as provided in items 3 to 5 of the first paragraph of this article.

When establishments have not been able to take the due diligence measures provided in the first and second paragraphs of this article, they must refrain from relying on the third party.

In all cases, reliance on a third party does not exempt establishments from their responsibility regarding compliance with prevailing provisions related to combating money laundering and countering terrorism financing and proliferation of weapons, and more particularly their responsibility regarding client identity verification.

Art. 13 - Establishments must exercise particular vigilance regarding business relationships that do not involve the physical presence of the parties.

To this end, they must:

• Compare data collected from the client with other data emanating from reliable and independent sources,
• Take care, as soon as possible, to arrange a direct interview with the client,
• Require the client to execute their first financial transactions via a bank established in a country applying international standards sufficiently regarding combating money laundering, countering terrorism financing and proliferation of weapons in accordance with Financial Action Task Force decisions.

Art. 14 - Establishments must exercise particular vigilance regarding business relationships with risk-related politically exposed persons due to their functions and with their spouses, ascendants and descendants up to the first degree and with persons closely associated with them notably those maintaining close business ties with them.

To this end, establishments must:

• Put in place procedures to verify whether the client, their representative or beneficial owner belong to the category of persons referred to in the first paragraph of this article,
• Obtain authorization from administrative, management bodies or an authorized person to establish or continue a business relationship with persons referred to in the first paragraph of this article,
• Put in place procedures to determine the source of funds for persons referred to in the first paragraph of this article,

---

• Soum