Bahrain -- AML/CFT Compliance Regulatory Overview

Bahraini law and Central Bank of Bahrain (CBB) regulations require financial institutions, including VASPs, to comply with UN Security Council sanctions *and* with Bahrain’s own AML/CFT and terrorism‑financing measures, which include domestic designations and restrictions. This framework obliges institutions to freeze assets and prohibit transactions involving individuals and entities designated under applicable UN resolutions and corresponding Bahraini laws, ministerial orders, and CBB directives, not just UN lists alone.

Under the Central Bank of Bahrain Rulebook, Volume 6 (Capital Markets), the relevant sanctions/terrorism‑financing obligation is contained in Module AML: Anti‑Money Laundering & Combating of Financial Crime, not in a separate Module FC. The Module AML imposes requirements on Capital Market Service Providers to implement effective AML/CFT measures in line with FATF recommendations, including compliance with applicable UN Security Council resolutions on terrorism, proliferation, and related asset freezing; however, there is no Section FC‑1.1.1 (UN Sanctions) in a Volume 6 'Module FC (Financial Crime)' as cited.

The Central Bank of Bahrain’s crypto‑asset regulations are set out in Volume 6 (Capital Markets) of the CBB Rulebook, primarily in the Crypto‑Asset (CRA) Module, and are now complemented by an additional Stablecoin Issuance and Offering (SIO) Module in the same volume for stablecoin‑specific activities.

OFAC (the U.S. Department of the Treasury’s Office of Foreign Assets Control) and the European Union each operate their own, separate sanctions regimes; there is no dedicated OFAC sanctions program targeting Bosnia and Herzegovina, and EU sanctions are adopted and enforced under EU law rather than by OFAC.

While Bahraini law does not *directly* mandate compliance with OFAC or EU sanctions for entities purely operating within Bahrain and not involving US or EU persons/funds, in practice, due to the global nature of financial services and cryptocurrencies, most VASPs operating internationally or dealing with international partners will screen against these lists.

Non-compliance with OFAC sanctions can lead to secondary sanctions, loss of access to the USD clearing system, and reputational damage for any entity (including a VASP) facilitating transactions with sanctioned parties, regardless of its location. Similarly, EU sanctions have extraterritorial reach in certain circumstances.

**VASP Best Practice:** Given the interconnectedness of the crypto ecosystem and the potential for severe penalties, prudent VASPs in Bahrain handling international transactions or onboarding international clients will incorporate OFAC, EU, and other major international sanctions lists into their screening processes.

**Mandatory Screening:** Licensed VASPs must screen all customers (initial onboarding and ongoing), beneficial owners, and transactions against:

**UN Sanctions Lists:** Specifically the Consolidated List maintained by the UNSC 1267/1989/2253 ISIL (Da'esh) & Al-Qaida Sanctions Committee and the UNSC 1988 Taliban Sanctions Committee List, as well as other relevant UN sanctions lists.

**National Sanctions Lists of Bahrain:** This includes lists of designated terrorists and terrorist organizations issued by the Kingdom of Bahrain's competent authorities.

**Ongoing Monitoring:** Screening is not a one-time event. VASPs must conduct ongoing monitoring to identify if existing clients or parties to transactions subsequently appear on sanctions lists.

**Technology Solutions:** VASPs are expected to use reliable technology solutions for efficient and accurate screening.

**Sanctions Compliance:** Transactions involving jurisdictions subject to comprehensive UN (and implicitly, OFAC/EU) sanctions (e.g., Iran, North Korea, Syria, certain regions of Russia) are effectively prohibited due to sanctions regimes. VASPs must block or reject such transactions and report them.

**Risk-Based Approach (FATF Recommendations):** VASPs must implement a risk-based approach to customer due diligence (CDD). Higher-risk jurisdictions (e.g., those identified by FATF as having strategic AML/CFT deficiencies) will trigger enhanced due diligence measures. If the risks cannot be mitigated, the VASP may choose to restrict or prohibit business relationships with customers or transactions originating from/destined for such regions.

**Travel Rule:** The CBB has implemented the FATF's "Travel Rule," requiring VASPs to obtain and transmit originator and beneficiary information for crypto transfers above a certain threshold. This enhances the ability to identify cross-border transactions involving high-risk jurisdictions or sanctioned entities.

Imposition of specific conditions on the VASP's license.

Suspension or revocation of the VASP's license.

Imprisonment for individuals found responsible for serious AML/CFT breaches, including facilitating sanctioned transactions.

**CBB Law (Law No. 64 of 2006):** Grants the CBB powers to impose administrative sanctions and refer criminal offenses to the Public Prosecution.

**Law No. 4 of 2001 (as amended) concerning the Prevention and Prohibition of the Laundering of Money and Financing of Terrorism:** Defines criminal offenses and associated penalties.

**URL for CBB Law:** CBB Law No. 64 of 2006 (See Part 5, Offences and Penalties)

*Note: Finding an official, up-to-date English translation of Law No. 4 of 2001 online can be challenging; its provisions are incorporated into the CBB Rulebook's requirements.*

**United Nations Security Council Consolidated List:** This list is universally applied by Bahrain.

**URL:** UN Security Council Consolidated List

**Kingdom of Bahrain's National Terrorism Lists:** Bahrain maintains national lists of individuals and entities designated as terrorists or terrorist organizations, in accordance with **Law No. 54 of 2006 regarding the Proscription of Terrorist and Terrorist Entities**. Financial institutions, including VASPs, are required to screen against these lists. These lists are typically disseminated to regulated entities through CBB circulars.

*Note: These lists are not publicly published online in a single consolidated database for easy public access, but rather communicated confidentially to licensed institutions by the CBB or other competent authorities.*

**Adopted:** Yes, the principles of the FATF Travel Rule are adopted and integrated into Bahrain's regulatory framework for Crypto-Asset Service Providers (CASPs) licensed by the CBB. While not explicitly termed "Travel Rule" in every section, the requirements for originator and beneficiary information collection and transmission are mandated.

**Legislation/Guidance:** The primary regulatory framework is the **CBB Rulebook, Volume 6 – Capital Markets, Crypto-assets (CA) Module**.

**URL:** CBB Rulebook Volume 6 (Capital Markets) (Navigate to the Crypto-assets (CA) Module within this volume).

The CBB issues a range of regulatory instruments—including binding directives, circulars, guidance notes and other measures such as institution‑specific liquidity add‑ons—that complement and implement its rulebook within a broader, multi‑tiered supervisory framework.

The CBB's comprehensive regulatory framework for crypto-assets came into effect in **2019**. This framework included stringent AML/CFT obligations for CASPs, encompassing requirements aligned with the Travel Rule principles.

The CBB's AML/CFT requirements generally align with international standards. For the FATF Travel Rule, the general threshold is typically **USD/EUR 1,000** or equivalent for transactions involving at least one unhosted wallet, or in jurisdictions where such a threshold is applied.

For VASP-to-VASP transfers, the expectation is generally that required originator and beneficiary information must accompany the transfer regardless of amount, with CBB applying a risk-based framework for additional checks and handling of higher-risk cases.

The CBB's CA Module requires CASPs to conduct Customer Due Diligence (CDD) and ongoing monitoring, which would necessitate collecting originator and beneficiary information for virtually all transactions processed by a licensed VASP.

The CBB's framework covers all entities licensed as **Crypto-Asset Service Providers (CASPs)**. The CA Module defines various regulated crypto-asset activities, including:

Dealing in crypto-assets as a principal

Dealing in crypto-assets as an agent

Acting as a crypto-asset custodian

Any entity performing these activities and licensed by the CBB is subject to the AML/CFT requirements, including those aligning with the Travel Rule.

**Collect Information:** Obtain and hold accurate and meaningful originator and beneficiary information for all crypto-asset transfers. This includes:

Originator Information: Name, physical address, national identity number (or customer identification number), and the crypto-asset wallet address or account identifier.

Beneficiary Information: Name, physical address, and the crypto-asset wallet address or account identifier.

**Transmit Information:** Ensure that the collected information "travels" with the transaction to the beneficiary VASP, or is made available upon request. This implies secure and reliable methods for data transfer between CASPs.

**Verify Information:** Implement measures to verify the identity of their customers (both originators and beneficiaries) in accordance with CDD requirements.

Store Records: Maintain records of all transactions and the associated originator/beneficiary information for at least five years, as per CBB AML/CFT requirements.

**Monitor and Report:** Implement robust transaction monitoring systems to identify suspicious transactions and report them to the Financial Intelligence Directorate (FID) of Bahrain.

**Risk-Based Approach:** CASPs must have a comprehensive risk assessment framework to identify, assess, and mitigate AML/CFT risks, which informs the level of due diligence and information collection required.

Monetary Fines: Substantial financial penalties imposed on the CASP and/or its senior management.

Administrative Sanctions: Public reprimands, warnings, and specific directives to rectify deficiencies.

Restrictions on Operations: Imposing limitations on business activities or specific transactions.

**Suspension or Revocation of License:** For serious or repeated breaches, the CBB can suspend or revoke a CASP's operating license, effectively forcing them to cease operations.

**Individual Accountability:** Senior management and board members can be held personally accountable and face individual sanctions, including disqualification from holding similar positions.

**Referral for Criminal Prosecution:** In cases of severe AML/CFT breaches or suspected criminal activity, the CBB can refer cases to the Public Prosecution for criminal investigation and prosecution under Bahrain's AML/CFT laws (e.g., Law No. (4) of 2001 with respect to the prevention and combating of money laundering and terrorism financing, as amended).