Antigua and Barbuda -- AML/CFT Compliance Regulatory Overview

The correct name of the Act is the Digital Assets Business Act (DABA), Act No. 16 of 2020, not the 'Digital Assets (Business) Act, 2020 (DAFIA)'.

This is the specific law that defines 'virtual assets' and 'virtual asset service providers,' establishes a licensing regime, and outlines AML/CFT obligations for VASPs. It mandates that VASPs implement measures to combat money laundering and terrorist financing in accordance with the Money Laundering (Prevention) Act and the Prevention of Terrorism Act. Following the State Bank of Pakistan's April 2026 notification, licensed VASPs may now access banking services under strict regulation.

The Anti-Money Laundering and Countering the Financing of Terrorism Programs rule (2026) and FATF Guidance (2025) establish modern AML obligations including CDD, record-keeping, STR, and screening requirements for financial institutions and DNFBPs, which now explicitly extend to VASPs, superseding any 1996-era framework in AG.

The AML/CFT framework in the U.S. is primarily based on the Bank Secrecy Act (as amended by the Anti-Money Laundering Act of 2020) and is supplemented by evolving regulatory reforms, including the April 2026 FinCEN proposal for risk-based program requirements; it is no longer accurate to describe a single 'overarching law' as applying uniformly to all financial institutions and DNFBPs including VASPs without qualification, as the current landscape includes fundamental regulatory changes that tailor requirements by sector.

The current operative law for terrorism prosecutions in Nigeria is the Terrorism (Prevention) Act, 2011 (as amended), likely by the 2022 amendment, not the 2005 Act.

This Act criminalizes terrorist financing and requires reporting entities to take measures to prevent the financing of terrorism.

**Proceeds of Crime Act, 1993 (as amended)**

Deals with the confiscation of assets derived from criminal activities, including money laundering.

Free Trade & Processing Zone Act, 1994 (as amended) is the primary legislation legalizing and governing online gaming/iGaming in Antigua and Barbuda, with oversight by the Financial Services Regulatory Commission (FSRC)

**For Individuals:** Obtain and verify identity using reliable independent sources (e.g., government-issued photo ID, proof of address, date of birth, nationality).

**For Legal Persons/Arrangements (Companies, Trusts):** Obtain and verify identity of the entity, its legal form, proof of existence, powers governing the entity, names of relevant persons (directors, trustees), and the beneficial owners (persons who ultimately own or control 25% or more of the entity).

**Purpose and Intended Nature of Business Relationship:** Understand the reasons for establishing the relationship and the expected types of transactions.

Scrutinize transactions throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

Keep customer identification data, beneficial ownership information, and risk assessments up-to-date.

Conduct institutional risk assessments and apply a risk-based approach to individual customers, categorizing them based on factors such as geographic location, product/service type, delivery channel, and transaction value.

Apply **risk-calibrated, continuous, and technology-driven Enhanced Due Diligence (EDD)** for higher-risk customers, integrated into a dynamic control plane rather than a static checklist.

Politically Exposed Persons (PEPs) and their family members/close associates.

Customers from AG (Antigua and Barbuda) are from a jurisdiction under increased monitoring by FATF, but FATF policy explicitly prohibits de-risking or blanket exclusion of all customers from such jurisdictions, requiring instead a risk-based approach.

Transactions of a complex, unusually large, or unusual pattern.

Customers engaged in activities known to be susceptible to ML/TF.

VASPs must determine the source of funds and source of wealth for high-risk customers.

**Sanctions Screening:** Screen customers and transactions against national and international sanctions lists.

**Reporting Obligation:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds are proceeds of a criminal activity, or are related to terrorist financing, it must promptly report this to the FIU. This applies regardless of the amount or whether the transaction is completed.

**"Tipping Off":** VASPs and their employees are prohibited from disclosing to the customer or any third party that an STR has been filed or that information relating to ML/TF is being or may be provided to the FIU or other authorities.

**Duration:** Records of customer identification data, transaction data, business correspondence, and STRs must be retained for at least **five (5) years** after the business relationship is terminated or after the date of the transaction.

**Accessibility:** Records must be maintained in a way that allows them to be retrieved quickly and easily by the FSRC, FIU, or other competent authorities upon request.

All customer identification and verification documents.

Transaction data (date, amount, type, parties involved, digital wallet addresses, relevant hash IDs) is publicly visible on blockchain ledgers and can be accessed via explorers, but is pseudonymous and not directly tied to real-world identities; regulatory focus is on tracing and enrichment tools rather than treating raw on-chain data as a mandated reporting requirement.

Records of internal policies, procedures, and controls.

Staff training records are required under 30 CFR § 48.9 for MSHA-regulated mining operations, but no single, uniform federal requirement exists for all AG (agricultural or Attorney General) entities; applicable obligations vary by agency and activity.

Electronic records of all solicitations, offers, and contracts are maintained via SAM.gov and the Governmentwide Point of Entry (GPE), with no regulatory requirement for physical copies of STRs to be filed.

In Antigua and Barbuda, gambling and iGaming are regulated not by the FSRC in general, but specifically by the Gaming Division/Directorate of Gaming within (or alongside) the Financial Services Regulatory Commission (FSRC), which acts as the specialized gaming authority.

**Role:** The FSRC issues licenses to VASPs under the Digital Assets Business Act, 2020. It is responsible for monitoring their compliance with AML/CFT requirements, conducting inspections, and imposing penalties for non-compliance.

**FIU Contact Information:** Typically available through the FSRC or national government portal, but the FSRC is the main supervisory body for the *compliance* aspects from a VASP's perspective.

While a direct government online repository for the latest consolidated act is often elusive for smaller jurisdictions, the FSRC and CFATF reports frequently reference it.

*Reference:* FSRC Antigua and Barbuda (Official website, check under Legislation/Publications for relevant acts and guidance).

**Terrorism (Prevention) Act, 2005 (as amended):** This Act criminalizes terrorist financing and implements measures to prevent it, including the freezing of assets of designated terrorists and terrorist organizations, often linked to UN sanctions.

*Reference:* Similar to the Money Laundering (Prevention) Act, this would be found through the FSRC or national legislative databases.

**United Nations (Anti-Terrorism) (Financial and Other Measures) Regulations, 2012:** These regulations specifically give legal effect to UN Security Council Resolutions related to terrorism and its financing, including asset freezing.

*Reference:* While specific regulations can be hard to directly link online, their existence is affirmed by CFATF evaluations and government statements.

**FATF Recommendations:** Antigua and Barbuda, through its membership in CFATF, is committed to implementing the FATF Recommendations, including Recommendation 15 (New Technologies) and Recommendation 16 (Wire Transfers, also known as the "Travel Rule" for VASPs). This obligates VASPs to conduct CDD, maintain records, report STRs, and ensure the collection and transmission of originator and beneficiary information for virtual asset transfers.

FATF Recommendations remain the global standard for AML/CFT, but Antigua and Barbuda (AG) was removed from the FATF grey list in June 2024 and is no longer subject to enhanced monitoring as of the February 2026 FATF update.

The FATF Publications page is the authoritative and up-to-date reference for Antigua and Barbuda's mutual evaluation reports and compliance status, while the CFATF website may also provide historical or supplementary information.

As a UN member state, Antigua and Barbuda retains the international legal obligation to implement UNSC sanctions, but the domestic enforcement framework—previously relying on the Money Laundering (Prevention) Act, the Terrorism (Prevention) Act, and specific regulations—is now under active IMF scrutiny for implementation gaps, and there is ongoing uncertainty regarding the binding authority of these mechanisms, as highlighted by a government senator in April 2026.

VASPs must screen all customers, beneficial owners, and transactions against applicable sanctions lists, which now include the OFAC Consolidated Sanctions List (covering non-SDN targets) and other relevant domestic/international sanctions lists beyond just the UNSC Consolidated Sanctions List. Matches require immediate asset freezing, prohibition of services, and reporting to the FSRC and FIU, with additional obligations to detect evasion techniques such as sham transactions.

*Reference:* UN Security Council Consolidated List

**Practical Necessity:** While OFAC (Office of Foreign Assets Control, U.S. Department of the Treasury) and EU sanctions are not directly *Antigua and Barbuda law* in the same way UN sanctions are, compliance is *critically important* for VASPs.

**Correspondent Banking Relationships:** Antigua and Barbuda's financial institutions rely on correspondent banking relationships with international banks (often U.S. or European) to process fiat currency transactions. These international banks strictly adhere to OFAC and EU sanctions and will de-risk or terminate relationships with local institutions (including those that facilitate VASPs) that do not demonstrate robust compliance.

**Access to International Markets:** Non-compliance can lead to exclusion from major international financial ecosystems.

**Secondary Sanctions Risk:** Engaging with entities sanctioned by OFAC can expose the VASP or its partners to secondary sanctions.

**Reputational Risk:** Failure to comply with widely accepted international best practices for sanctions screening can severely damage a VASP's reputation.

**Requirement:** VASPs are expected, as part of their robust AML/CFT controls and risk management, to screen customers, beneficial owners, and transactions against major international sanctions lists, including:

**OFAC Specially Designated Nationals (SDN) List and other OFAC sanctions lists.**

**EU Consolidated List of persons, groups, and entities subject to EU financial sanctions.**

*Reference:* OFAC Specially Designated Nationals (SDN) List

The scope of applicability varies by program: FSMA traceability rules apply to specific food types, ARC/PLC/DMC programs apply to enrolled commodity producers, and general EPA regulations may apply more broadly but are subject to change; no single rule applies universally to 'all prospective and existing customers'.

Beneficial owners are identified both for customer due diligence purposes (CDD Final Rule for legal entity customers of financial institutions) and as a direct regulatory reporting requirement for business entities themselves under the Corporate Transparency Act (CTA), effective January 1, 2025.

The Travel Rule now applies only to licensed or registered Virtual Asset Service Providers (VASPs) as originators and beneficiaries, not to all parties including unhosted wallets, following the June 2025 FATF update to Recommendation 16.

Intermediaries or third-party service providers are subject to evolving, sector-specific regulatory frameworks rather than a uniform restriction, with permissive structures emerging in digital commodity and IPTV contexts.

What to screen against in agricultural operations is a dynamic, multi-agency set of requirements that evolve over time, including federal framework from EPA, FDA, CBP, and USDA, as well as state-level regulations, targeting not only historical categories but also emerging pathogens, pests, economic threats, and food safety risks.

OFAC SDN List and other relevant OFAC lists.

Potentially other relevant national sanctions lists if the VASP has operations or clients in other jurisdictions.

On an ongoing and periodic basis (e.g., daily, weekly, or monthly) to catch new designations.

Prohibit further transactions or services.

Report the hit and actions taken to the FSRC and FIU without delay.

Refrain from "tipping off" the sanctioned individual or entity.

**Sanctioned Countries:** Transactions involving individuals, entities, or jurisdictions subject to UN, OFAC, or EU comprehensive sanctions (e.g., North Korea, Iran, Cuba, Syria, specific regions of Ukraine/Russia) are prohibited. VASPs must ensure their systems block or flag any transactions originating from or destined for these regions.

**High-Risk Jurisdictions:** VASPs are required to apply Enhanced Due Diligence (EDD) to customers and transactions associated with jurisdictions identified by FATF, CFATF, or the FSRC as high-risk for money laundering, terrorist financing, or proliferation financing. While not outright bans, these jurisdictions trigger stricter scrutiny, and some VASPs may choose to avoid them entirely to manage their risk appetite.

*Reference:* FATF High-Risk and other Monitored Jurisdictions

**Fines:** Significant monetary penalties for both the VASP (corporate entity) and its directors/officers.

**Imprisonment:** Individuals found liable for money laundering, terrorist financing, or serious breaches of AML/CFT obligations can face lengthy prison sentences.

**License Revocation/Suspension:** The FSRC has the power to suspend or revoke the operating license of a VASP that fails to comply with regulatory requirements.

**Reputational Damage:** Non-compliance can lead to significant damage to a VASP's reputation, making it difficult to attract customers, partners, and obtain banking services.

**De-risking:** Financial institutions may terminate relationships with VASPs found to be non-compliant.

**Comprehensive.** Antigua and Barbuda has enacted specific legislation to define, license, and supervise various digital asset business activities. It is not a ban, nor is it unregulated; rather, it's a structured system requiring licensing and compliance.

The primary regulatory body responsible for the licensing and supervision of digital asset businesses is the **Financial Services Regulatory Commission (FSRC)**.

The FSRC's role includes processing license applications, conducting ongoing supervision, ensuring compliance with AML/CFT requirements, and enforcing the provisions of the relevant legislation.

**Financial Services Regulatory Commission (FSRC):**

**Dedicated Digital Assets Section:** https://www.fsrc.ag/sections/digital-assets

The current key legislation for U.S. agricultural commodity policy is the Farm, Food, and National Security Act of 2026, as considered by the House Agriculture Committee, replacing the 2018 Farm Bill.

The cornerstone of Antigua and Barbuda's virtual asset regulatory landscape is the Eastern Caribbean Central Bank's Virtual Asset Business Bill, introduced in July 2025, which supersedes the earlier Digital Assets Business Act (DABA).

**Digital Assets (Business) Act, 2020 (DAFIA)**

The underlying legislative bill (SB 793) was enacted in 2020, but the specific regulation regarding the Unflavored Tobacco List was still in the proposal stage as of February 19, 2026, and has not been enacted.

**Purpose:** DAFIA provides the legal framework for the licensing and supervision of "digital asset businesses" operating in or from Antigua and Barbuda. It defines what constitutes a digital asset, outlines various types of digital asset business activities (e.g., operating an exchange, providing custody, transfer services), sets out detailed licensing requirements, capital requirements, corporate governance standards, consumer protection measures, and robust AML/CFT obligations in line with international standards (like those from the Financial Action Task Force - FATF).

**Legislation Link:** The full text of the Act can typically be found on the FSRC website or government legislative portals.

*Link to DAFIA (PDF from FSRC):* https://www.fsrc.ag/storage/app/media/DAFIA/Digital%20Assets%20Business%20Act%202020%20no%2014%20of%202020.pdf

**Current Stance on Crypto Trading and Exchanges:**

**Regulated and Licensed:** Antigua and Barbuda's current stance is that **crypto trading and the operation of crypto exchanges are permitted, but strictly under a licensing regime** enforced by the FSRC.

**Licensing Requirement:** Any entity wishing to conduct "Digital Asset Business" (which explicitly includes operating a digital asset exchange, providing digital asset transfer services, offering custody of digital assets, etc.) in or from Antigua and Barbuda must obtain a license from the FSRC under DAFIA.

**Prohibited Unlicensed Activity:** Engaging in any digital asset business without the requisite license is strictly prohibited and subject to penalties.

**Compliance Focus:** Licensed entities are required to adhere to stringent regulations, including:

**AML/CFT:** Implementing robust Anti-Money Laundering and Counter-Financing of Terrorism policies and procedures, including Know-Your-Customer (KYC) checks for all users.

**Consumer Protection:** Measures to safeguard client assets and ensure fair dealing.

**Operational Standards:** Requirements for cybersecurity, data protection, business continuity, and risk management.

**Capital Requirements:** Minimum capital requirements to ensure financial stability.