Tanzania FIU goAML Reporting: A Practical Guide for Banks

June 10, 2026

Tanzania's AML/CFT regime has just come through its most intense period of international scrutiny. Placed on the FATF grey list in October 2022, the country worked through a five-point action plan — risk-based supervision, money laundering investigations, asset confiscation, terrorism financing risk assessment, and targeted financial sanctions awareness — and was removed from the list on 13 June 2025 at the FATF Plenary in Strasbourg. Tanzania remains in ESAAMLG enhanced follow-up, and the Financial Intelligence Unit (FIU) has made clear through its supervisory activity that the standards built during the grey-list period are here to stay.

For compliance officers at Tanzanian banks, microfinance providers, mobile money channels, bureaux de change, and the long list of other "reporting persons" under the Anti-Money Laundering Act, the practical question is operational: how do you meet a 24-hour STR deadline and USD-denominated cash reporting thresholds, file schema-valid XML through the FIU's goAML portal, and keep the audit trail to prove it?

This guide is a practical reference for reporting entities in Tanzania. It covers the legal framework, the FIU's goAML portal, CTR and EFT reporting thresholds, the STR deadline, Tanzania-specific data requirements, the Zanzibar dimension — and how to deploy a reporting platform that handles Tanzania's rules alongside the rest of your regional footprint.

For regional context, see our companion guides: Kenya FRC goAML Reporting: Complete Guide and Zambia FIC goAML Compliance.

Tanzania's AML Legal Framework

The Anti-Money Laundering Act, Cap. 423

Tanzania's core AML statute is the Anti-Money Laundering Act (Cap. 423), enacted as Act No. 12 of 2006 and amended repeatedly since — most significantly by the AML (Amendment) Act No. 1 of 2012 and the AML (Amendment) Act No. 2 of 2022, which came into force on 8 March 2022. The 2022 amendment modernised the regime substantially: it added proliferation financing, expanded customer due diligence requirements, broadened the list of reporting persons, addressed virtual assets, and introduced administrative sanctions under a new section 19A.

Section 4 of the Act establishes the Financial Intelligence Unit as an extra-ministerial department under the Ministry responsible for finance, with operational and budgetary independence and a Commissioner appointed by the President. The FIU's mandate covers receiving, analysing, and disseminating suspicious transaction reports, currency transaction reports, cross-border currency reports, and electronic funds transfer reports.

The Act is supported by subsidiary legislation that compliance teams must know in detail: the Anti-Money Laundering Regulations, 2022 (GN No. 397 of 2022, amended in November 2023 by GN No. 853E), and the Anti-Money Laundering (Electronic Funds Transfer and Cash Transaction Reporting) Regulations, 2019 (GN No. 420 of 2019), which set the CTR and EFT reporting thresholds.

FATF Grey List Exit and ESAAMLG Follow-Up

Tanzania's second-round ESAAMLG mutual evaluation report was published in June 2021. On suspicious transaction reporting (FATF Recommendation 20), Tanzania was rated Largely Compliant — but the assessors' effectiveness findings were pointed: STRs came mainly from the banking sector, very few were filed by mobile money operators, money transfer providers, and DNFBPs, and the overall level of reporting remained low given Tanzania's risk profile and the size of its economy. Assessors also flagged inconsistencies between the STR statistics reported by institutions and those held by the FIU.

Those findings translated into the FATF action plan, the October 2022 grey listing, and a sustained domestic enforcement push. Successive follow-up reports re-rated multiple Recommendations upward (the September 2023 and September 2024 follow-ups moved several to Compliant), and the June 2025 grey-list exit confirmed the progress. The compliance message for reporting institutions is unambiguous: report volume and report quality from non-bank sectors are under continued scrutiny, and the FIU has the administrative sanction powers — and the recent practice — to enforce them.

The FIU and the goAML Portal

How FIU Tanzania Uses goAML

The FIU operates a UNODC goAML portal as its electronic reporting platform, publicly accessible at goaml.fiu.go.tz. Reporting persons must register as an organisation on the portal before they can file. Through goAML, the FIU receives the report types specified in the Act and regulations: STRs, currency transaction reports, electronic funds transfer reports, and cross-border currency reports.

FIU analysts use the goAML environment to run link analysis across reports, identify common subjects, and generate intelligence for dissemination to law enforcement. As in every goAML jurisdiction, the quality of that analysis depends entirely on the quality of submissions — complete subject identification, accurate transaction data, and substantive narratives.

Who Must Register and Report

The Act's definition of "reporting person" (section 3, as amended in 2022) is broad. It covers:

Banks and financial institutions
"Cash dealers" — a defined term that includes insurers and insurance brokers, securities dealers and brokers, dealers in gold bullion, issuers and redeemers of traveller's cheques and money orders, persons collecting, holding, delivering or transmitting money (which captures money remitters), operators of gaming activity, collective investment scheme trustees and managers, and bureau de change operators
Accountants, auditors, tax advisers, real estate agents, and dealers in precious stones, works of art or metals
Trust and company service providers
Motor vehicle dealers and clearing and forwarding agents
Advocates, notaries, and independent legal professionals when handling client funds, real estate, or company transactions
Pension fund managers, securities market intermediaries, financial leasing entities, microfinance service providers (other than Tier-4 community microfinance groups), and housing financing companies
Auctioneers, and any other category the Minister specifies by Gazette notice

Mobile money flows are captured through the financial institution and money transmission categories, and the mutual evaluation discusses STR filing by mobile money operators directly — if your institution moves money through mobile channels, the reporting obligation applies in practice.

Differences from Kenya FRC in Practice

Tanzania and Kenya both run UNODC goAML, but the configurations differ in ways that matter to a compliance team operating in both markets:

Threshold currency: Tanzania's cash and EFT reporting thresholds are denominated in US dollars (USD 10,000 / USD 1,000 equivalents), while Kenya's CTR threshold is denominated differently — so threshold logic cannot be copied between country deployments.
STR clock: Tanzania's STR deadline is 24 hours from forming suspicion — significantly tighter than Kenya's window. Compliance workflows tuned for Kenya will miss Tanzanian deadlines.
Identifiers: Tanzania uses the NIDA National Identification Number (a 20-digit number) as the primary individual identifier, BRELA registration numbers for companies, and TRA-issued TINs — different formats and validation rules from Kenya's National ID and company registry numbers.
Reporting cadence for CTRs: Tanzania's CTR filing window is set in working days from the transaction (see below) rather than a weekly batch convention.

CTR and EFT Thresholds in Tanzania

The USD 10,000 Cash Threshold

Under regulation 5(1)(a) of the Anti-Money Laundering (Electronic Funds Transfer and Cash Transaction Reporting) Regulations, 2019 (GN No. 420 of 2019), a reporting person must file a currency transaction report for any cash transaction of USD 10,000 or more, or its equivalent in Tanzanian shillings or any foreign currency, in a single transaction.

Two features of this rule deserve attention. First, the threshold is dollar-denominated: institutions must convert shilling and other-currency cash transactions to USD using the Bank of Tanzania official rate at the time of the transaction (regulation 5(4)) to test the threshold. Second, aggregation is explicit: under regulation 11, two or more related cash transactions within 24 hours that together total USD 10,000 or more are treated as a single transaction and must be reported.

The USD 1,000 EFT Threshold

Tanzania goes further than many peers: under regulation 5(1)(b), electronic funds transfers of USD 1,000 or more (or equivalent) in a single transaction are reportable to the FIU as EFT reports. For banks and payment providers this is a high-volume reporting obligation that is effectively impossible to discharge manually — automated extraction from core banking and payment switches, with built-in currency conversion and validation, is the only sustainable approach.

Filing Window and Sector Carve-Outs

CTR and EFT reports must be submitted to the FIU not later than five working days after the date of the transaction (regulation 12), electronically or as otherwise required by the FIU. The regulations also contain tailored provisions for DNFBPs: advocates and notaries (regulation 6) and accountants (regulation 7) file CTRs when conducting specified activities, and gaming operators report specified cash movements (regulation 8).

Failure to comply carries administrative sanctions under regulation 13 — including fines of TZS 1 million to 5 million per day of default, restriction of business activities, licence suspension, and removal of staff.

STR Filing Requirements

The 24-Hour Deadline

Section 17(1) of the Act requires a reporting person who suspects, or has grounds to suspect, that funds or property are proceeds of crime — or linked to money laundering, terrorism financing, or related offences — to act within twenty-four hours after forming that suspicion and, wherever possible, before the transaction is carried out: ascertain the details, prepare a report, and submit it to the FIU by secure means.

The 2022 AML Regulations phrase the deadline as "as soon as possible but not later than twenty-four working hours" after the reporting person becomes aware of the suspicious transaction (regulation 21). Prudent compliance teams should build their process to the stricter reading: a 24-hour clock that starts when suspicion is formed. Either way, this is among the tightest STR windows in the region — there is no realistic margin for manual data assembly, narrative drafting from scratch, and multi-day internal review cycles.

The penalty provisions concentrate the mind. Failure to file an STR exposes an individual to a fine of up to TZS 5 million or imprisonment of up to five years, and a body corporate to a fine of up to TZS 10 million or three times the market value of the property involved, whichever is greater (section 17(4)). Tipping off is treated even more severely: fines from TZS 100 million to 500 million or five to ten years' imprisonment for individuals (section 20(2)).

Typologies the FIU Expects You to Detect

Tanzania's national risk assessment (first published in 2016 and revised in June 2022) and the mutual evaluation identify the main domestic proceeds-generating crimes as corruption, tax evasion, drug trafficking, counterfeiting, illegal mining and illegal trading in precious metals and stones, and poaching and unlawful dealing in government trophies. Foreign-origin threats include smuggling, drug transit flows, and human trafficking, with proceeds suspected to be channelled through the hospitality industry and the real estate sector.

Monitoring rules in a Tanzanian deployment should therefore be calibrated to, among others:

Mining and precious metals: cash-intensive activity around mining regions, transactions referencing gold or gemstone trading by unlicensed parties, and export-adjacent flows inconsistent with declared business
Wildlife crime: payment patterns connected to trophy and ivory trafficking networks
Real estate and hospitality: large or structured cash payments into property and hospitality businesses without a consistent economic profile
Cash economy and informal value transfer: structuring below the USD 10,000 threshold, and hawala-style transfers — the risk assessment work flags hawala operators and mobile channels as terrorism financing vulnerabilities
Tax evasion and trade: invoicing patterns and cash deposits inconsistent with declared turnover

Narrative Quality

The mutual evaluation's criticism of Tanzanian reporting was not only about volume — it was about usable intelligence. STR narratives should state what was observed (amounts, dates, counterparties), why it is inconsistent with the customer's known profile, what the customer's explanation was and why it did not resolve the suspicion, and which typology the activity matches. Templates that produce "transaction appears suspicious" boilerplate create regulatory risk in both directions: they fail FIU quality expectations and they document a weak compliance process for the next inspection.

Tanzania-Specific Data and Validation Rules

NIDA National ID as Primary Identifier

Under regulation 8 of the AML Regulations 2022, the national identity card is the primary identification document for customer due diligence. The NIDA-issued National Identification Number (NIN) is a 20-digit number, and it is the identifier your goAML XML subject records should carry for Tanzanian nationals. Other identity documents are acceptable only in defined exceptional cases — including non-citizens, who are identified by passport with nationality, number, country of issue, and expiry.

The 2022 Regulations add an operational rule that surprises many institutions: accounts of customers whose identity documents have expired must be suspended — limited to deposits and narrowly defined debits — until the document is renewed. Your KYC data pipeline therefore needs expiry tracking that feeds both account status and reporting data quality.

Entity Identifiers

For legal entities, the BRELA (Business Registrations and Licensing Agency) registration number is the company identifier, and TRA-issued Taxpayer Identification Numbers (TINs) identify taxpayers. Capture both at onboarding and carry them through to goAML XML entity records, formatted exactly as issued.

Penalties Snapshot

Obligation	Provision	Exposure
STR filing failure	AMLA s.17(4)	Individual: fine up to TZS 5M or up to 5 years; corporate: up to TZS 10M or 3× property value
CTR/EFT non-reporting	GN 420/2019 reg 13	TZS 1–5M per day of default; business restrictions; licence suspension
Tipping off	AMLA s.20(2)	Individual: TZS 100–500M or 5–10 years; corporate: TZS 500M–1B or 3× property value
Internal controls breaches	AMLA s.19(2)	Individual: TZS 500K–5M or 12 months; corporate: TZS 5–10M
General compliance failures	AMLA s.19A	Administrative sanctions: warnings, directives, business restrictions

The Zanzibar Dimension

Tanzania is a union, and AML law reflects it. The Anti-Money Laundering Act applies to Mainland Tanzania; only Part II — which establishes the FIU and the National Multidisciplinary Committee — extends to Zanzibar (section 2). Substantive obligations for Zanzibar-licensed institutions come from Zanzibar's own statute: the Anti-Money Laundering and Proceeds of Crime Act, No. 10 of 2009 (AMLPOCA), amended in 2022 and 2023, with detailed rules in the AMLPOC Regulations, 2022 (Legal Notice No. 110 of 2022).

In practice the regimes are aligned where it matters operationally — and both report to the same union FIU:

STRs must be filed as soon as possible and not later than 24 hours after forming suspicion (regulation 22)
Cash transactions of USD 10,000 or more, and EFTs of USD 1,000 or more, are reportable (regulation 32), with Bank of Tanzania conversion rates
The Zanzibar resident identity card (ZanID) is an accepted identity document alongside the national identity card

For banking groups with branches on both sides of the union, the compliance architecture question is real: one reporting pipeline, two legal bases, one FIU. Your platform's country/jurisdiction profile needs to record the correct legal citation and document types per booking location while submitting through the same goAML channel.

Deploying an AML Platform for Tanzania

Country Profile Configuration, Not Custom Code

A well-architected reporting platform treats every FIU's specifics — thresholds, currencies, deadlines, identifier formats, document types, and XML validation rules — as configuration, not code. For Tanzania, the country profile stores: the USD 10,000 cash and USD 1,000 EFT thresholds with Bank of Tanzania rate conversion, 24-hour related-transaction aggregation, the five-working-day CTR window, the 24-hour STR clock, NIN/BRELA/TIN identifier handling, and the goAML portal submission target — plus the Zanzibar variations where applicable.

When the FIU updates a requirement — as it did with the 2023 amendment regulations — the vendor updates the country profile. No re-deployment, no code change, no project.

Multi-Country East African Operations

For groups operating across Tanzania, Kenya, Uganda, Zambia, and Rwanda, a single platform with per-country profiles gives regional compliance leadership one view of filing rates, rejection rates, and open cases across all markets, while each country team works against its own FIU's rules. Tanzania's tight 24-hour STR window and high-volume USD 1,000 EFT reporting make it the market where automation pays back fastest.

Creodata's goAML platform ships with a Tanzania (FIU) country profile maintained by our compliance technology team, alongside profiles for Kenya (FRC), Zambia (FIC), Uganda (FIA), and Rwanda.

Compliance Checklist for Tanzanian Reporting Persons

1. FIU Registration: Your institution is registered as an organisation on the FIU's goAML portal, and your compliance officer contact details are current.

2. CTR Detection: You detect cash transactions at or above USD 10,000 equivalent using Bank of Tanzania rates at transaction time, with 24-hour related-transaction aggregation across branches and channels.

3. EFT Reporting: Electronic funds transfers of USD 1,000 or more are extracted, converted, and reported automatically — manual handling at this volume is not feasible.

4. Five-Day CTR Window: CTR and EFT reports reach the FIU within five working days of the transaction, with submission acknowledgements retained.

5. 24-Hour STR Process: Your alert-to-filing workflow — escalation, review, narrative, approval, submission — completes within 24 hours of suspicion being formed, and the timestamps prove it.

6. Narrative Quality: STR narratives are factual, specific, typology-linked, and reviewed before submission; boilerplate language is rejected at QA.

7. Identity Data: NIDA NINs (20 digits) for nationals, passports for non-citizens, BRELA numbers and TINs for entities — captured at onboarding, validated, and flowing into goAML XML without manual re-keying. Expired-ID account suspension rules are enforced.

8. Typology Coverage: Monitoring rules cover Tanzania's risk profile: mining and precious metals, wildlife crime, real estate and hospitality, structuring, informal value transfer, and tax-evasion patterns.

9. Zanzibar Handling: If you operate in Zanzibar, your compliance documentation cites AMLPOCA 2009 and L.N. 110/2022, accepts ZanID where appropriate, and routes reports to the same FIU pipeline.

10. Audit Trail: Every report has an immutable record of who detected, reviewed, approved, and submitted it, and every rejection has a documented correction-and-resubmission trail.

Deploy Tanzania-Ready goAML Reporting with Creodata

Tanzania exited the FATF grey list by building real enforcement muscle — and the FIU's post-2025 supervisory posture, backed by per-day default fines and administrative sanctions, assumes institutions have automated their reporting obligations. A 24-hour STR window and USD 1,000 EFT reporting are not manual-process requirements.

Creodata's goAML AML Reporting Platform includes a fully configured Tanzania country profile: USD-denominated threshold monitoring with Bank of Tanzania rate conversion, NIN and BRELA identifier validation, 24-hour STR workflow with SLA tracking, EFT report automation, and goAML XML generation validated before submission. It is the same platform our customers use for Kenya, Zambia, and the wider region — one system, one audit trail, every jurisdiction.

See the Tanzania configuration in action — request your demo.