Identity verification in Sri Lanka
Last updated: 2026-04-15 · Framework: research/identity-verification/framework/research-framework.md · Country code: LK
Documents supported
(Government IDs from 220+ countries)
Average verification time
Countries covered
(Government-issued IDs validated)
Market overview
Sri Lanka's AML/CFT regime rests on three acts of Parliament: - Convention on the Suppression of Terrorist Financing Act, No. 25 of 2005 (CSTFA) — criminalizes terrorist financing and underpins UN 1373 and 1267 sanctions implementation. - Prevention of Money Laundering Act, No. 5 of 2006 (PMLA) — enacted 6 March 2006; criminalizes money laundering, sets out property tracking, freezing, and forfeiture; amended by Act No. 40 of 2011. - Financial Transactions Reporting Act, No. 6 of 2006 (FTRA) — establishes the FIU, defines "institution" (reporting entities), and imposes record-keeping, STR, and cash transaction reporting obligations.
Supported documents
Didit templates cover national IDs, passports, residence permits and regional documents — plus 14,000+ documents globally for cross-border flows.
Regulators
AML supervisor
Ministry of Public Administration
regulated
Manages NIC (National Identity Card). NIC number assigned to all citizens 16+. Electronic verification available for authorized entities. eNIC (electronic NIC) with chip being rolled out.
Ministry of Public Administration
restricted
Civil registry for births, deaths, marriages. Some online services available.
Government & regulated databases
Compliance framework
AML framework
Supervised by Financial Transactions Reporting Act
CBSL is the monetary authority and the host institution of the FIU. Its Bank Supervision, Non-Bank Financial Institutions Supervision, and Payments and Settlements Departments implement prudential oversight over licensed commercial banks (LCBs), licensed specialised banks (LSBs), licensed finance companies (LFCs), and payment service providers. CBSL publishes press notices on ongoing customer due diligence and coordinates with FIU-SL on enforcement. FIU-SL has imposed monetary penalties on repor
Data protection
Supervised by National DPA
Penalties for non-compliance
- Licensed casinos and new GRA-licensed online operators — DNFBPs; need robust age, sanctions, and identity checks.
Use cases
Neobanks, EMIs, payment institutions, lenders, brokerages.
Sri Lanka is a member of the Asia/Pacific Group on Money Laundering (APG). It underwent its 1st Mutual Evaluation in 2006 and its 2nd in 2014–2015, which led to FATF grey-listing and subsequent removal after Sri Lanka cleared its action plan. In the latest APG follow-up report (October 2021), Sri La
Exchanges, custodians, wallets, on/off-ramps.
The SEC operates under the Securities and Exchange Commission of Sri Lanka Act, No. 19 of 2021, which replaced the original 1987 Act. The SEC licenses stockbrokers, stock dealers, investment managers, margin providers, and market infrastructure, and enforces investor onboarding rules for accounts on
Sports betting, online casinos, age-gated platforms.
Sri Lanka was the first South Asian country to enact a comprehensive data protection statute. The PDPA was passed by Parliament on 19 March 2022, certified shortly thereafter, and is being brought into force in phases:
Gig platforms, delivery, creator economy, e-commerce.
The NIC is issued by the Department for Registration of Persons (DRP) under the Ministry of Public Administration to all Sri Lankan citizens from age 16. Since 27 October 2017, the DRP has issued a polycarbonate smart card with ICAO photo laser-printing in Sinhala, Tamil, and English trilingual form
Biometric liveness
Sri Lanka has several in-production eKYC touchpoints: - eRL (electronic Revenue Licence) for motor vehicles. - Inland Revenue Department (IRD) TIN registration online. - Colombo Stock Exchange eIPO and eConnect CDS account opening for stockbrokers. - Bank-specific remote account opening, in some cases relying on NIC number + video selfie + document scan.
CERTIFICATIONS
Our platform meets the highest international standards for information security, data privacy, and biometric accuracy.
Full EU data protection compliance
Information security management
PAD (liveness + face match)
TRUSTED WORLDWIDE
Join thousands of companies that trust Didit for their verification needs
Didit’s NFC + active biometrics technology blocks the most advanced fraud scenarios, offering a level of security equivalent to or superior to in-person verification.
Spanish Financial Sandbox
CNMV, SEPBLAC & Spanish Treasury — Conclusions Report
Didit is an exceptionally valuable partner, delivering a stable and highly adaptable solution”.
Vuk Adžić
Head of the E-Business Department at Crnogorski Telekom
Didit offered us a robust technology with a simple implementation and adaptability to different markets”.
Fernando Pinto
CEO & CoFounder at TucanPay
Thanks to Didit we have been able to reduce manual processes and improve data extraction accuracy”.
Diana Garcia
Trust & Safety Executive at Shiply
Didit’s integration slashed verification times and costs, freeing resources for other projects”.
Guillem Medina
COO at GBTC Finance
Didit removed KYC costs, enabling faster scaling with high verification standards and less fraud.”
Paul Martin
VP Marketing & Growth at Bondex
Didit’s secure, user-friendly verification boosts customer trust and optimizes our process.”
Cristofer Montenegro
Executive assistant to the CEO at Adelantos
Didit ensures a precise, secure digital onboarding without slowing negotiations or client time.”
Ernesto Betancourth
Gerente de riesgos at CrediDemo
FAQ
Yes. Sri Lanka permits remote KYC onboarding under its national AML framework, including document verification, biometric liveness and video identification where required by regulation.
Didit verifies all major national IDs, passports and residence permits issued in Sri Lanka, plus 14,000+ document types globally for cross-border flows.
Didit charges $0.30 per verification with 500 free checks per month. No contracts, no minimums. Competitors typically charge $1.00–$2.50+ per verification.
Yes. Didit screens against 1,000+ global watchlists including PEP databases, sanctions lists (EU, UN, OFAC, OFSI), and adverse media — covering all AML obligations in Sri Lanka.
Most regulated sectors in Sri Lanka require or strongly recommend biometric liveness detection for remote onboarding. Didit provides ISO 30107-3 PAD Level 2 certified liveness.
Yes. Didit supports document verification, liveness, AML screening and ongoing monitoring aligned with Sri Lanka’s crypto regulatory framework, including EU Travel Rule compliance where applicable.
Yes. Didit provides document-based age verification and identity confirmation suitable for Sri Lanka’s iGaming regulatory requirements.
500 free verifications per month. No contracts, no minimums. $0.30 per verification after the free tier.
