DLT Provider Guidance Notes. Financial Crime

Similar documents
DLT Provider Guidance Notes. Protection of Clients Assets and Money

Anti Money Laundering - Financial Crime Compliance

This course is presented in London on: March 2018, October The Banking and Corporate Finance Training Specialist

Note on the application of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017

Policy on Anti Money Laundering and Countering Terrorist Financing

Re: Compliance with the Criminal Justice (Money Laundering and Terrorist Financing) Act 2010 ( CJA 2010 )

STEP CERTIFICATE IN ANTI-MONEY LAUNDERING. Syllabus

Insurance Distribution Directive. Product Governance and Distribution channels Examples of good and poor practice

NOTICE TO BANKS MONETARY AUTHORITY OF SINGAPORE ACT, CAP. 186

Cuprum Token AML/KYC POLICY. Last updated:

Anti Money Laundering - Financial Crime Compliance

GENERAL TERMS OF BOOMSTARTER PTE. LTD AML/KYC POLICY VERIFICATION PROCEDURES

Are you ready for an AML monitoring review?

Anti-Money Laundering Policy June 2017

The Gibraltar Financial Services Commission. Consultation Paper Regulation of personal pension schemes

DLT Application Process and Fee Structure

CONSULTATION PAPER NO JUNE 2016 PROPOSED CHANGES TO THE ANTI MONEY LAUNDERING, COUNTER- TERRORIST FINANCING AND SANCTIONS MODULE

gamevy Anti- Money Laundering Detecting and Preventing Financial Crime Training for Gamevy

Financial Crime update. 12 September 2017

Introduction What is electronic money? 3.1. Under the Electronic Money Regulations 2011 (Reg. 2(1)), electronic money is defined as:

ANTI-MONEY LAUNDERING AND COUNTERING THE FINANCING OF TERRORISM HANDBOOK JANUARY 2018

FIU G3: Anti-Money Laundering and Combating the Financing of Terrorism Guideline for Insurance Companies 2014

Enhancing the confirmations provided by Statutory Auditors and Audit firms for the Capitalisation of Licenced Companies

June Background

Anti-Money Laundering in e-banking and Fintech. Roland Guennou OSACO Financial

ANNEX III Sector-Specific Guidance Notes for Investment Business Providers, Investment Funds and Fund Administrators

CLIENTS ACCEPTANCE POLICY

4th Anti-Money Laundering Directive and 2d Fund Transfers Regulation- General overview and impact on payments

Anti-Money Laundering Policy

1. ENTITY & OWNERSHIP 1 Full Legal Name

Redline (4AMLD 5AMLD)

Settlement Agreement between the Central Bank of Ireland and Ulster Bank Ireland DAC (formerly Ulster Bank Ireland Limited)

Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) Digital Currencies (Sector 6) Exposure Draft

AML / CFT Anti-money laundering and countering financing of terrorism. Designated Business Group Scope Guideline Updated in December 2017

G20 High-Level Principles on Beneficial Owner Transparency (SPAIN)

Money Laundering and Terrorist Financing Risks in the E-Money Sector

Subject: Written comments consultation on the Draft Law for the implementation of the Fourth Anti-Money Laundering Directive

FSC's Response to IMF Report's Recommendations

Banco General, S.A. Panama, Republic of Panama. Banco General, S.A.

1. ENTITY & OWNERSHIP 1 Full Legal Name

INSURANCE ACT 1986 INSURANCE (ANTI-MONEY LAUNDERING) REGULATIONS 2008

ANTI-MONEY LAUNDERING AND COUNTER TERRORISM FINANCING PROCEDURE MANUAL. Fcorp Services Ltd

Money Laundering And The Proceeds Of Crime

CYPRUS BAR ASSOCIATION

1. ENTITY & OWNERSHIP 1 Full Legal name

Introduction to AML/CFT in New Zealand

BY GRACE OF THE GOD ALMIGHTY THE GOVERNOR OF BANK INDONESIA,

Anti-Money Laundering Policy

GUIDANCE NOTE NO 4 OF 2017 GUIDANCE NOTE ON THE 15-DAY REPORTING PERIOD OF SUSPICIOUS TRANSACTIONS AND ACTIVITIES

Annual Report on Audit Supervision

JOINT RESOLUTION OF THE GOVERNOR OF BANK OF MONGOLIA AND CHAIR OF THE FINANCIAL REGULATORY COMMISSION

Country Risk Updates. GFSC Newsletter No.3/2017.

Anti-Money Laundering - A Practical Guide 27th September Doug Hopton Director DTH Associates Limited

SFC consultation paper on proposed anti-money laundering and counterterrorist

Ministerial Regulation on Customer Due Diligence B.E (2013)

Comments to the report from the Commission on the application of Directive 2005/60/EC.

Standard 2.4. Customer due diligence - Prevention of money laundering and terrorist financing. Regulations and guidelines

Registry General September 2015

1. ENTITY & OWNERSHIP 1 Full Legal Name Sparkasse Ulm

1. ENTITY & OWNERSHIP 1 Full Legal name

Information page Alternative Investment Fund Managers Directive Organisational requirements - Valuation

Current developments related to AML legislation in the in the EU Dr. Katharina Lasota Heller HütteLaw

AML/CTF and Sanctions Policy

Risk-based approach and the risk management and compliance programme. Presented by Ashleigh Mooij 11 September 2018

CLIENT ACCEPTANCE POLICY

NOTICE. Proposed Amendments to the Guidelines on the Prevention of Money Laundering & Countering the Financing of Terrorism

FINAL NOTICE. Ground Floor, 10 Chiswell Street, London, EC1Y 4UQ

THEMED EXAMINATION PROGRAMME 2011: ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM

ANTI-MONEY LAUNDERING POLICY

B L.N. 372 of 2017 PREVENTION OF MONEY LAUNDERING ACT (CAP. 373) Prevention of Money Laundering and Funding of Terrorism Regulations, 2017

Due Diligence Policy. 1. Money Laundering Risk

Financial Crime Risk Return

SUBSIDIARY LEGISLATION PREVENTION OF MONEY LAUNDERING AND FUNDING OF TERRORISM REGULATIONS

TRUST COMPANY BUSINESS

INSURANCE. Forensic services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY. kpmg.com/in

ANTI-MONEY LAUNDERING GUIDANCE FOR THE ACCOUNTANCY SECTOR

Council of the European Union Brussels, 12 January 2015 (OR. en)

QUESTION & ANSWERS ANTI MONEY LAUNDERING, COUNTER-TERRORIST FINANCING, AND SANCTIONS REGIME

The Wolfsberg Correspondent Banking Due Diligence Questionnaire (CBDDQ) Completion Guidance 22 February 2018

Introduction to FATF THE FINANCIAL ACTION TASK FORCE AND THE ROLE OF LAWYERS IN COMBATING MONEY LAUNDERING AND TERRORIST FINANCING

GP Global Ltd Tel.: Fax:

SFC reprimands and fines A One Investment Company Limited $1.2 million and suspends its responsible officer for internal control failures

1. ENTITY & OWNERSHIP 1 Full Legal name

GENERAL SCHEME OF A CRIMINAL JUSTICE (MONEY LAUNDERING AND TERRORIST FINANCING) (AMENDMENT) BILL

1. ENTITY & OWNERSHIP 1 Full Legal Name

Anti-Money Laundering. How to set up a strong Compliance Program

A brief Introduction to Gibraltar and its DLT and ITO Proposition

ANTI-MONEY LAUNDERING POLICIES, CONTROLS AND PROCEDURES

Attachment: References for formulating a list of countries/regions with higher risks of money

1. ENTITY & OWNERSHIP 1 Full Legal name

United Republic of Tanzania Financial Intelligence Unit Anti Money Laundering and Counter Terrorist Financing Guidelines to Insurers

TRUST COMPANY BUSINESS

(Revised: 7 December 2016)

GUIDANCE NOTE NO 01 OF 2018 GUIDANCE NOTE ON CUSTOMER DUE DILLIGENCE PERTAINING TO INTERMEDIARIES AND RELATED PARTIES: SUB-ACCOUNTS & POOL ACCOUNTS

EAA issues guidelines on compliance of anti-money laundering and counter-terrorist financing requirements for the estate agency sector

Accountants and Tax Advisors

PCM Brokers DMCC. Anti-Money Laundering Policy

To whom it may concern. Implementation of the 4th EU Anti Money Laundering Directive

JC/GL/2017/16 16/01/2018. Final Guidelines

Assessment of international and domestic risks of money laundering and terrorist financing affecting Scottish solicitors (May 2017)

Transcription:

DLT Provider Guidance Notes Financial Crime

Introduction The purpose of this guidance note is to provide a DLT Provider, as defined in the Financial Services (Distributed Ledger Technology Providers) Regulations 2017 (the DLT Regulations), with guidance as to the operational, technical and organisational standards expected and in some circumstances required by the GFSC. This guidance note is specifically in respect of the regulatory principle under paragraph 8 of Schedule 2 of the DLT Regulations (the Regulatory Principle). The Regulatory Principle states that A DLT Provider must have systems in place to prevent, detect and disclose financial crime risks such as money laundering and terrorist financing. This document should be read as interpretative guidance for a DLT Provider and the examples contained in this document should be noted as indicative of good practice by a DLT Provider in connection with the Regulatory Principle. A DLT Provider should note that the GFSC will take this document into account when reviewing a DLT Provider s practices. The operational standards expected and required by the GFSC of a DLT Provider will vary depending on the size, particular nature, scale or complexity of the DLT Provider s business. Scope and Applicability A DLT Provider is defined as providing a Controlled Activity under the Financial Services (Investment and Fiduciary Services) Act and is therefore caught as a relevant financial business under the Proceeds of Crime Act (POCA). The GFSC s Guidance Notes on Systems of control to prevent the financial system from being used for Money Laundering or Terrorist Financing activities (AMLGNs) also apply to a DLT Provider. These additional notes provide sector specific guidance on mitigating measures and provides the risk context for this sector. Risk and Context Recent analysis of the threats and risks posed by virtual currencies in the European Union point to vulnerabilities due to the anonymity in the exchange between fiat currencies and virtual currencies and the holding of virtual currencies in an unregulated environment. By subjecting a DLT Provider to regulation and supervision and applying POCA to their activities, Gibraltar seeks to mitigate these risks considerably. 2

Specific Measures In addition to the provisions of the AMLGNs, the following additional measures should be applied when a DLT Provider is establishing a business relationship or executing a one-off transaction. These additional mitigation measures are designed to be technology neutral. B2B versus B2C A DLT Provider may be providing services and products to both Business to Business (B2B) and/or Business to Consumer (B2C) segments. Whilst the know your customer (KYC) requirements of POCA apply, it is important to differentiate on a risk-based approach, between the risks presented by both of these in the context of money laundering and terrorist financing risks. A DLT Provider must document its risk tolerance and assessment carefully for each of the products or services it offers in accordance with Chapter 6 of the AMLGNs. Irrespective of the type of product or service provided, if there is a knowledge or suspicion of money laundering or terrorist financing, the obligation to submit a Suspicious Activity Report (SAR) under POCA applies. B2B In respect of B2B, it is very important for a DLT Provider to know the nature of its client s business, the managers and business owners and the manner in which they operate. A DLT Provider providing services or products on a B2B basis, which does not offer conversion of fiat currencies to any type of stored value and vice-versa, need not apply the transaction monitoring requirements of the AMLGNs to the B2B s underlying customers. However, the legal requirements contained in POCA shall continue to apply. DLT Providers are not expected to have access to data relating to the customers of their B2B clients or request the same for money laundering or terrorist financing purposes. However, monitoring of B2B clients should include monitoring to ensure that the transactions are consistent with the relevant financial business s or person s knowledge of the customer, his business and risk profile, including where necessary the source of funds and keeping the documents, data or information obtained for the purpose of applying customer due diligence measures up-to-date, as set out in Section 12(2) of POCA. B2C Where the product or service has an element of storage and/or remittance of value, which can be converted to, or from fiat currencies, be this in cash or via more traditional transfer mechanisms, the AMLGNs will apply. 3

Customer Due Diligence and Know Your Customer The customer due diligence measures (CDD) and KYC requirements of POCA apply to a DLT Provider. However, the GFSC is keen to support new technologies and the emerging use of information and data to carry out due diligence (and not just reliance on documents) that enable easier management of CDD (see further below). The GFSC will take a view on the adequacy of any new technologies used to support a DLT Provider to comply with its CDD and/or KYC obligations as part of the application process and in the context of a DLT Provider s business, product(s) and/or service(s). A DLT Provider will be required to comply with CDD as set out in Part III of POCA. The GFSC will only expect firms to apply simplified due diligence for transactions under 150, or equivalent. The GFSC will consider representations made on a case by case basis, to allow simplified due diligence for transactions greater than 150, only if a DLT Provider has: made a comprehensive risk assessment that determines that the transaction, product or service is deemed to be low risk; and it considers that it has sufficiently robust systems of controls. Nonetheless, the traceability principles below need to be complied with in order to determine if one or more transactions are linked and this limit would be breached. Similarly, if money laundering or terrorist financing is known or suspected, full KYC and SAR requirements apply. eid for Verification of CDD Measures The objective of CDD is to properly identify and verify parties (whether natural or legal persons) to a transaction or payment. Therefore, electronic identification and trust services (governed by the eidas Regulation - EU Regulation no 910/2014) are relevant when opening a business relationship with a DLT Provider. Currently the eidas framework is one of the cornerstones of the Digital Single Market covering all elements of an electronic identification and authentication. A list of designated bodies, certified qualified signature creation devices, and certified qualified seal creation devices can be found here. Where POCA refers to identifying and verifying a customer s identity on the basis of documents, data or information obtained from a reliable source, this should be read as also including electronic identification and relevant trust services as set out in Regulation 910/2014. Traceability A DLT Provider must know the identity of each and every customer and not process transactions where it does not know the customer s identity. A DLT Provider must keep records of customer details and transactions including those on a distributed ledger so that holdings and transactions can be traced to each customer. These records must form part of the document retention processes of the DLT Provider and must be retained for a minimum of five years after the end of the business relationship or one-off transaction. 4

A DLT Provider should capture, record and retain unique identifiers of devices and network connections used by customers in communicating with the DLT Provider. Unique identifiers include (without limitation) IP address, MAC address, IMEI, ICCID, MEID, SEID and UUID. Recorded unique identifiers should form part of the document retention processes of the DLT Provider. A DLT Provider should have systems to detect attempts by customers to circumvent CDD requirements or to obfuscate the nature and purpose of transactions. As part of its transaction monitoring processes, a DLT Provider should have systems to detect incongruity between information known about or provided by customers and information gathered during transactions. Incongruities and anomalies should be flagged, investigated and risk assessed for financial crime purposes. 5

Published by: Gibraltar Financial Services Commission PO Box 940 Suite 3, Ground Floor Atlantic Suites Europort Avenue Gibraltar www.gfsc.gi 2017 Gibraltar Financial Services Commission

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback