Back to Home
Guides & Resources

How KYC works in Sierra Leone

Short reads on the questions teams ask most: how tiered KYC works, what an NCRA check actually proves, what makes an evidence trail stand up in an audit, and more.

Free to read — no sign-up About 5 minutes each
What's inside
7 guides · ~5 min read each
KYC tiers explainedGuide 1
What NCRA checksGuide 2
Audit-ready evidenceGuide 3
Educational reference
Guides

Common KYC & KYB questions

General background, not legal advice — rules change, so confirm the current requirements with the Bank of Sierra Leone and your own compliance team.

Tiered (or "risk-based") KYC means the identity evidence you collect rises in step with the risk and the limits you grant. Lower-value, lower-risk accounts can typically open with lighter checks; higher limits and business accounts call for fuller verification. The aim is financial inclusion at the entry level without weakening controls where money movement is larger.

In general, Sierra Leone tiers tend to follow this shape — though the exact limits and required documents are set by regulation and can change, so treat these as the idea rather than fixed thresholds:

  • Tier 1 — basic / entry. Minimal information (typically name, phone number, and basic details) with the lowest transaction and balance limits. Often used for simple mobile-money wallets.
  • Tier 2 — verified. Adds a recognised identity document and verification of the holder, unlocking higher limits. This is where document and identity checks usually become mandatory.
  • Tier 3 — full KYC. Full identity evidence, and for businesses, registry and owner/director checks — supporting the highest limits and business or agent activity.

Before configuring any tier, confirm the current Bank of Sierra Leone guidance and your institution's own policy, since limits, accepted documents, and re-verification rules are periodically updated.

Where MiProof fits: you decide which checks each tier needs, and MiProof runs them — a phone check to open an entry-level wallet, document and face matching once a tier needs real verification, registry and owner checks for full business KYB. Whatever the tier, the evidence ends up in one place.

Read the full guide →

The National Civil Registration Authority (NCRA) is the body responsible for civil registration and Sierra Leone's National ID, issuing a National Identification Number (NIN) to registered individuals. "NCRA verification" generally means checking a presented identity against that source registry, rather than judging a photo by eye.

Checking against the source registry typically helps confirm two things:

  • The number is genuine and issued — that the NIN exists in the registry rather than being fabricated or mistyped.
  • The holder's details match — that the name, date of birth, and similar fields on the document line up with the registry record for that number.

This matters because a document photo alone has limits. A clear photo can show a card looks plausible and let you read the details, but on its own it generally cannot prove the number was ever issued, that the record is still valid, or that the details have not been altered. Pairing a document read with a registry check, and a face match to confirm the person presenting it, closes much of that gap.

For businesses, the equivalent source is the company registry. Exact data fields, availability, and coverage of any registry check can vary, so confirm current capabilities and any access requirements before relying on them in policy.

Read the full guide →

When a regulator or internal auditor reviews a KYC decision, the question is rarely "did you collect an ID?" — it is "can you show what was checked, when, by whom, and on what basis you decided?" That kind of record is what lets you answer that for any case, months later.

In general, a defensible evidence trail keeps the following together for each customer or business:

  • Consent record — evidence the individual agreed to verification before their data was processed.
  • Source images — the actual document and selfie captures, not just a "pass" flag.
  • Extracted fields — the details read from the document, so results can be re-checked.
  • Check results — document, face match, duplicate, and any registry or policy outcomes, each with a reason.
  • Reviewer notes and decision history — who reviewed it, what they decided, and any overrides.
  • Timestamps — when each step happened, in order.

This is why scattered review fails an audit. When evidence lives across WhatsApp threads, shared drives, and spreadsheets, it is hard to prove a record is complete, unaltered, or tied to the right customer — and reconstructing a decision after the fact becomes guesswork. The standard your team should aim for is a single, time-stamped record per case.

This is the record MiProof keeps for you. Every case holds the consent, the images, the results, the reviewer's notes, and the timestamps in one place. Your team still makes the call — compliance can just open the case and show what happened. Retention and access terms are set in your agreement.

Read the full guide →

AML, PEP, and sanctions screening checks a person or business against watchlists — known sanctioned parties, politically exposed people, and adverse-media flags — so you can apply the right level of due diligence. It does not decide for you; it surfaces who needs a closer look and why.

It's a separate job from identity verification: MiProof confirms a person is who they say they are, while sanctions, PEP, and adverse-media screening is a distinct check — so confirm what's in scope for your setup.

Read the full guide →

KYB (Know Your Business) goes a step beyond checking one person. You confirm the business is genuinely registered, then verify the people behind it — owners, directors, and anyone with real control — usually with their own identity checks.

Done well, KYB ties a registry record, the business details, and the verified people into one file, so you can show who you onboarded and on what basis.

Read the full guide →

Activating mobile-money agents usually means collecting identity, business, and location evidence in the field — often the messiest part of onboarding, with photos and details scattered across messages and spreadsheets.

The goal is an activation-ready file per agent: identity verified, business confirmed, and the supporting evidence kept together, so approvals do not stall on missing or mismatched paperwork.

Read the full guide →

A face match is only as good as its defence against fakes — a printed photo, a face held up on another screen, or a re-photographed selfie. Screen-recapture and basic spoofing are the common attempts, and a check that ignores them gives false confidence.

This guide walks through what those attacks look like, why a plain photo comparison is not enough on its own, and how layering capture quality and screen-recapture signals makes a face check harder to game.

Read the full guide →

Free download

Get the audit-ready KYC evidence checklist

A one-page checklist of what to keep on file for each case so a KYC decision stands up in an audit. Enter your email and we'll send the PDF.

One-page PDF · No sign-up · We'll only use your email to follow up

Want these checks mapped to your own KYC tiers?

In a free 30-minute review, we go through your Tier 1, 2, and 3 requirements, mark which checks each one needs, and flag any evidence gaps. Built for compliance and onboarding leads. You'll usually hear back within 1 business day.

Try it — 2 min
Educational guidance only — always confirm current rules with the Bank of Sierra Leone