Fintech Regulation in Morocco: Laws, Licenses and Compliance 2026

Introduction: Morocco's Evolving Fintech Regulatory Landscape

Morocco has established itself in recent years as a major fintech hub in North Africa. With a young population, a mobile penetration rate exceeding 130%, and strong political commitment to promoting financial inclusion, the Kingdom offers fertile ground for financial innovation. But operating in this space demands a thorough understanding of the regulatory framework.

In 2026, the Moroccan fintech ecosystem is governed by multiple legislative texts, supervised by rigorous authorities, and in constant evolution. This guide provides a comprehensive analysis of fintech regulation in Morocco, from foundational laws to Open Banking prospects, covering compliance obligations and innovation support mechanisms.

Whether you are a fintech founder, investor, legal director, or compliance officer, this article gives you the keys to navigate the Moroccan regulatory landscape with confidence.

Foundational Laws for Fintech in Morocco

Law 103-12: The Regulatory Cornerstone

Law 103-12 on credit institutions and similar bodies is the cornerstone of financial regulation in Morocco. Enacted in 2014, it modernized the banking framework by introducing the payment institution status, opening the door to non-bank players.

This law defines the categories of institutions authorized to operate, the services they can provide, and the licensing conditions. For fintechs, it represents the essential regulatory entry point: any entity wishing to offer payment services, electronic money issuance, or money transfers must obtain a license under this framework.

Key provisions of Law 103-12 for fintechs include the definition of authorized payment services, minimum capital requirements, governance and internal control obligations, and the supervisory framework under Bank Al-Maghrib.

Law 15-18: Collaborative Financing

Adopted in 2021, Law 15-18 on collaborative financing (crowdfunding) filled an important regulatory gap. It defines three types of collaborative financing: donation, lending, and investment. The Moroccan Capital Markets Authority (AMMC) supervises crowdfunding platforms, while Bank Al-Maghrib intervenes on the lending component.

This law enabled the emergence of local platforms and provides a secure framework for investors and project owners. It imposes collection caps, transparency obligations, and contributor protection rules.

Law 31-08: Consumer Protection

Law 31-08 on consumer protection measures applies fully to digital financial services. It requires fintechs to comply with pricing transparency, withdrawal rights, prior information, and complaint handling obligations. Any fintech operating in Morocco must integrate these requirements into its product design and customer journey.

The Role of Bank Al-Maghrib

Licensing and Supervisory Authority

Bank Al-Maghrib (BAM) is the central authority regulating the financial sector. It issues licenses to payment institutions, supervises their activities, and holds sanctioning power. BAM has adopted a proactive approach toward fintechs, combining regulatory rigor with openness to innovation.

BAM's supervision covers multiple dimensions: the financial soundness of institutions, compliance with prudential rules, governance quality, customer protection, and anti-money laundering efforts.

The Credit Institutions Committee

The Credit Institutions Committee (CEC), chaired by the Governor of Bank Al-Maghrib, reviews license applications and issues opinions. This committee brings together representatives from the Ministry of Finance, BAM, and other authorities. Its opinion is decisive in the licensing process.

Payment Institution License: Process and Requirements

Prerequisites

To obtain a payment institution license in Morocco, a fintech must satisfy several conditions. The minimum required capital varies according to the planned activities, from 5 million dirhams for basic payment services to higher amounts for electronic money issuance.

Requirements also include a detailed and viable business plan, directors with the required integrity and competence, a governance framework compliant with BAM standards, a secure technical infrastructure, and a robust compliance and internal control framework.

The Licensing Process

The licensing process follows several stages. It begins with the preparation of the application file, followed by submission to Bank Al-Maghrib. The file is then reviewed by BAM's departments, before being submitted to the Credit Institutions Committee for opinion. Finally, Bank Al-Maghrib renders its decision.

The total duration of the process is generally 6 to 12 months, but may vary depending on the complexity of the file and the applicant's responsiveness. Meticulous preparation of the application is essential to maximize the chances of success and shorten timelines.

The BaaS Alternative

For fintechs wishing to launch their services quickly without going through the full licensing process, the Banking as a Service (BaaS) model offers a strategic alternative. By leveraging the infrastructure of an already licensed institution, a fintech can offer payment services under its partner's regulatory coverage. This is the model that ChariBaaS offers, enabling reduced time-to-market while guaranteeing regulatory compliance.

KYC/AML Obligations

Law 43-05 and Anti-Money Laundering

Law 43-05 on combating money laundering is Morocco's legal framework for preventing money laundering and terrorist financing. It applies to all financial institutions, including licensed fintechs.

Key obligations include identifying and verifying customer identity (KYC), continuous transaction monitoring, suspicious activity reporting to the UTRF (Financial Intelligence Processing Unit), document retention for at least 10 years, and regular staff training.

Due Diligence Levels

The Moroccan framework distinguishes three levels of due diligence. Simplified due diligence applies to low-value, low-risk transactions. Standard due diligence covers the majority of business relationships. Enhanced due diligence is required for high-risk clients, politically exposed persons (PEPs), and cross-border relationships.

Fintechs must implement KYC/KYB processes adapted to each level, integrating technological solutions for remote identification while meeting regulatory requirements.

Reporting to the UTRF

The Financial Intelligence Processing Unit (UTRF) is the Moroccan authority responsible for receiving and processing suspicious activity reports. Every financial institution is required to report any suspicious transaction without delay. Failure to comply with this obligation exposes institutions to severe criminal and administrative sanctions.

Data Protection

Law 09-08 and the CNDP

Law 09-08 on the protection of individuals with regard to the processing of personal data is Morocco's reference text on data protection. The National Commission for the Control of Personal Data Protection (CNDP) ensures its enforcement.

For fintechs, compliance with Law 09-08 involves declaring data processing to the CNDP, obtaining consent from data subjects, implementing adequate security measures, respecting access, rectification, and objection rights, and following strict rules on transferring data abroad.

Data Localization

The question of data localization is particularly sensitive for fintechs using cloud infrastructure. Law 09-08 imposes strict conditions on transferring personal data outside Morocco. Payment institutions are generally required to store sensitive data on national territory or in countries offering an adequate level of protection. This constraint directly impacts technical infrastructure choices.

Bank Al-Maghrib's Regulatory Sandbox

An Innovation Support Framework

Bank Al-Maghrib has established a regulatory sandbox to support innovative fintechs. This mechanism allows new financial products or services to be tested in a controlled environment, with lighter regulatory requirements during the testing phase.

Eligibility Criteria

To access the sandbox, a fintech must present a genuinely innovative project that addresses a need in the Moroccan market. The project must be sufficiently developed for testing, and the fintech must demonstrate its technical and financial capacity to conduct the experiment. Eligibility criteria include the innovative nature of the solution, potential benefit for consumers or the market, technological maturity of the project, and strength of the management team.

Process and Monitoring

The sandbox operates in defined periods, generally 12 to 24 months. During this phase, the fintech benefits from an adapted regulatory framework and close support from BAM. At the end of the testing period, several outcomes are possible: obtaining full licensing, extending the test phase, or ending the experiment. This framework has already enabled several innovative players to validate their model before scaling up.

Open Banking Outlook in Morocco

A Movement in Preparation

Open Banking, which involves enabling the secure sharing of banking data between institutions via APIs, is an advanced topic of discussion in Morocco. Inspired by the European PSD2 directive, Bank Al-Maghrib is working on a regulatory framework adapted to the Moroccan context.

Discussions focus on the standardization of banking APIs, conditions for third-party access to payment data, consent and security mechanisms, and interoperability between different players. The goal is to stimulate competition, innovation, and financial inclusion while ensuring data security and protection.

Expected Impact

The adoption of Open Banking in Morocco would profoundly transform the financial ecosystem. Fintechs could access banking data to offer account aggregation services, alternative credit scoring, or payment initiation. The comparison between BaaS vs Open Banking shows that these two models are complementary rather than competing.

For players preparing now, the opening to Open Banking will represent a considerable strategic opportunity. Institutions with robust API infrastructures, such as ChariBaaS, will be positioned to play a central role in this new ecosystem.

Compliance Challenges for Fintechs

The Cost of Compliance

Achieving compliance represents a significant investment for fintechs, particularly early-stage companies. Costs cover compliance tools and solutions (KYC, AML, transaction monitoring), recruitment of specialized profiles (compliance officers, lawyers), audits and certifications, continuous adaptation to regulatory changes, and staff training.

Regulatory Complexity

The Moroccan regulatory environment, while structured, requires simultaneous compliance with multiple texts and authorities. A fintech must comply with requirements from Bank Al-Maghrib, the CNDP, the UTRF, the AMMC (where applicable), and tax authorities. Understanding the difference between fintech and traditional banking is essential for properly positioning one's obligations.

Talent Shortage

Morocco faces a shortage of professionals specialized in fintech regulation, compliance, and financial cybersecurity. Fintechs must compete with traditional banks to attract these rare profiles, which increases pressure on compliance costs and timelines.

How ChariBaaS Supports Compliance

A Licensed, Compliant Infrastructure

ChariBaaS, as a payment institution licensed by Bank Al-Maghrib, offers a turnkey regulatory infrastructure. Companies building on the ChariBaaS platform automatically benefit from the institution's regulatory framework, significantly reducing the time and cost of achieving compliance.

Built-In Compliance Solutions

The ChariBaaS platform natively integrates KYC/KYB processes, transaction monitoring, regulatory report generation, and declarative obligation management. Partner companies do not need to develop these compliance building blocks internally, allowing them to focus on their value proposition.

Expert Guidance

The ChariBaaS team has deep expertise in Moroccan financial regulation. It supports its partners in understanding their obligations, structuring their offering, and obtaining the necessary authorizations. To start a partnership, contact our team.

FAQ

What law governs fintechs in Morocco?

Law 103-12 on credit institutions and similar bodies is the main framework. It was amended to include payment institutions, enabling fintechs to obtain a Bank Al-Maghrib license to operate legally.

How do I get a fintech license in Morocco?

You must file an application with Bank Al-Maghrib including: minimum capital (depending on activities), business plan, AML/KYC compliance framework, technical infrastructure, and governance. The process takes 6 to 12 months. The alternative is to leverage an already licensed institution through the BaaS model.

Is crowdfunding regulated in Morocco?

Yes, Law 15-18 regulates collaborative financing in Morocco since 2021. It defines three categories: donation, lending and investment. The AMMC (Moroccan Capital Markets Authority) is the supervisory authority for crowdfunding platforms.

What is Bank Al-Maghrib's regulatory sandbox?

Bank Al-Maghrib established a sandbox framework allowing innovative fintechs to test their solutions in a lighter, supervised regulatory environment before applying for full licensing. This fosters innovation while protecting consumers.