Barbados -- AML/CFT Compliance Regulatory Overview

Barbados has established a comprehensive Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) framework that specifically addresses virtual assets (VAs) and virtual asset service providers (VASPs), largely driven by its commitment to complying with the Financial Action Task Force (FATF) Recommendations.

The primary authority and legislation governing VASPs in Barbados are:

I. Legislative and Regulatory Framework

1. Virtual Asset Business Act, 2022 (VABA, 2022): This is the cornerstone legislation specifically designed to regulate VASPs in Barbados. It provides for the registration, licensing, supervision, and regulation of virtual asset businesses, bringing them squarely under the AML/CFT regime. It aligns Barbados's regulatory framework with FATF Recommendation 15 on new technologies.
2. Prevention of Money Laundering and Financing of Terrorism Act, 2011 (PMLFTA, as amended): This is Barbados's overarching AML/CFT legislation. The VABA mandates that VASPs comply with the requirements of the PMLFTA, which sets out the general obligations for all financial institutions and designated non-financial businesses and professions (DNFBPs) regarding AML/CFT.
3. Anti-Terrorism Act (ATA), Chapter 151: This Act provides the legal basis for combating the financing of terrorism and is integral to the broader CFT framework that VASPs must adhere to.
4. Proliferation Financing (Prevention) Act, 2019: Addresses financing for weapons of mass destruction, further strengthening the CFT regime.
5. FSC Guidelines: The Financial Services Commission (FSC) issues various guidelines, directives, and prudential statements to clarify and elaborate on the requirements of the VABA and PMLFTA, including specific AML/CFT compliance expectations for VASPs.

II. Authority Overseeing Compliance

The primary authority responsible for licensing, supervising, and enforcing AML/CFT compliance for VASPs in Barbados is the:

• Financial Services Commission (FSC)
  • URL: https://www.fsc.gov.bb/

The Financial Intelligence Unit (FIU) of Barbados is the central national agency responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other financial information related to suspected money laundering, terrorist financing, and proliferation financing.

III. Key AML/KYC Requirements for Cryptocurrency/Virtual Asset Service Providers (VASPs)

Under the VABA, PMLFTA, and associated regulations, VASPs in Barbados are subject to stringent AML/KYC requirements, mirroring those applied to traditional financial institutions.

1. Licensing and Registration

• VASPs must be licensed or registered by the FSC to operate legally in Barbados. This process involves demonstrating robust internal controls, governance structures, and adequate financial resources, including a sound AML/CFT compliance program.

2. Customer Due Diligence (CDD) / Know Your Customer (KYC)

VASPs must implement robust CDD procedures for all customers, which include:

• Identity Verification: Obtaining and verifying the identity of the customer (individual or legal entity) using reliable, independent source documents, data, or information.
  • For Individuals: Name, residential address, date of birth, nationality, unique identification number (e.g., passport, national ID).
  • For Legal Entities: Name, legal form, proof of existence, registered address, principal place of business, board of directors, and verification of individuals authorized to act on behalf of the entity.
• Beneficial Ownership Identification: Identifying and taking reasonable measures to verify the identity of the beneficial owner(s) of the customer, especially for legal persons and arrangements. This includes understanding the ownership and control structure.
• Purpose and Intended Nature of Business Relationship: Understanding the purpose and intended nature of the business relationship or occasional transaction.
• Ongoing Monitoring: Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of the relationship to ensure that the transactions are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds or virtual assets.
• Enhanced Due Diligence (EDD): Applying enhanced measures for higher-risk situations, including:
  • Politically Exposed Persons (PEPs)
  • Customers from high-risk jurisdictions (as identified by FATF or national assessments)
  • Complex or unusual transactions or business structures
  • Non-face-to-face relationships
  • Transactions involving high value or specific types of virtual assets deemed higher risk.
  • VASPs must determine the source of funds and source of wealth for high-risk customers.
• Simplified Due Diligence (SDD): Permitted in low-risk scenarios, as defined by the FSC.

3. Suspicious Transaction Reporting (STR)

• Obligation to Report: VASPs are legally obligated to report any suspicious transactions, including attempted transactions, to the Financial Intelligence Unit (FIU) of Barbados.
• Grounds for Suspicion: This includes suspicion of money laundering, terrorist financing, proliferation financing, or any other criminal activity, regardless of the amount or value involved.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or any third party that a report has been made or that a money laundering/terrorist financing investigation is being conducted.

4. Record-Keeping Obligations

VASPs must maintain comprehensive records for a minimum period of seven (7) years, which includes:

• CDD Records: Copies of identification documents, verification data, beneficial ownership information, and records of analysis performed.
• Transaction Records: All transaction data, including dates, amounts, types of virtual assets, sender and recipient information, and any associated messages or instructions.
• STRs: Copies of all suspicious transaction reports submitted to the FIU and any internal inquiries or decisions related to those reports.
• Risk Assessments: Records of institutional and customer risk assessments.

5. Internal AML/CFT Program

VASPs must establish and maintain an effective internal AML/CFT program tailored to their specific risks, including:

• Risk Assessment: Conducting regular institutional risk assessments to identify, assess, and understand their ML/TF risks.
• Internal Policies, Procedures, and Controls: Developing and implementing written policies, procedures, and internal controls to mitigate identified risks and ensure compliance with AML/CFT obligations.
• Designated Compliance Officer: Appointing a qualified AML/CFT Compliance Officer at the management level, responsible for overseeing the AML/CFT program.
• Employee Training: Providing ongoing training to all relevant employees on AML/CFT laws, regulations, internal policies, and methods of identifying suspicious activities.
• Independent Audit: Establishing an independent audit function to test the effectiveness of the AML/CFT program.
• Sanctions Compliance: Screening customers and transactions against relevant international (e.g., UN) and national sanctions lists.

6. Travel Rule

Consistent with FATF Recommendations, the VABA, 2022, is expected to incorporate requirements for VASPs to share originator and beneficiary information for virtual asset transfers, similar to the "Travel Rule" in traditional finance. This means:

• Originating VASP: Must obtain and hold required originator and beneficiary information.
• Beneficiary VASP: Must obtain and hold required originator information.
• Information Sharing: This information must be submitted to the beneficiary VASP during or before the transaction.

By implementing these robust requirements, Barbados aims to prevent the misuse of virtual assets for illicit activities and maintain the integrity of its financial system.