Brunei -- AML/CFT Compliance Regulatory Overview

Brunei Darussalam Central Bank (BDCB), formerly known as the Monetary Authority of Brunei Darussalam (AMBD), is Brunei’s central bank and main financial regulator, responsible for monetary policy, currency issuance, and supervision/regulation of financial institutions; the claim should not state that AMBD is the current name or that it clearly already supervises virtual asset service providers as a fully established regime unless separately supported.

**AMBD AML/CFT Guidelines for Financial Institutions**: While often general, AMBD has clarified that these guidelines, issued under the AMLO 2011, apply to VASPs. These guidelines provide detailed instructions on implementing the requirements of the AMLO 2011.

**AMBD's Statement/Circulars on Virtual Assets**: AMBD has issued public statements (e.g., "Statement on Virtual Assets") clarifying that virtual asset activities and VASPs fall within the scope of regulated financial activities for AML/CFT purposes. These statements emphasize compliance with the AMLO 2011 and FATF Recommendations, specifically Recommendation 15 concerning virtual assets.

**Identification and Verification (ID&V) of Customers**:

Collecting and verifying the identity of natural persons (name, address, date of birth, nationality, unique identification number from an official document like passport or national identity card).

Collecting and verifying the identity of legal entities (name, legal form, proof of existence, powers that regulate the entity, address of registered office, directors, and beneficial owners).

Using reliable, independent source documents, data, or information to verify identity.

**Beneficial Ownership**: Identifying and taking reasonable measures to verify the identity of the beneficial owner(s) of customers, including understanding the ownership and control structure of legal persons and arrangements.

**Purpose and Intended Nature of Business Relationship**: Understanding the purpose and intended nature of the business relationship.

**Risk-Based Approach**: Applying a risk-based approach to CDD. This means:

**Simplified CDD (SCDD)**: Permissible for low-risk customers/transactions, but never when there's a suspicion of ML/TF.

**Enhanced CDD (EDD)**: Required for higher-risk customers, business relationships, or transactions (e.g., Politically Exposed Persons (PEPs), cross-border correspondent relationships, complex transactions, transactions with high-risk jurisdictions). EDD measures might include obtaining additional information on the customer, beneficial owner, source of funds/wealth, and the reasons for intended transactions.

**Ongoing Monitoring**: Regularly monitoring transactions and business relationships to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes keeping customer information up-to-date.

**Obligation to Report**: VASPs are obligated to report any transaction (or attempted transaction) that they know, suspect, or have reasonable grounds to suspect is related to money laundering or terrorist financing.

**Reporting Body**: Reports must be submitted to the Brunei Financial Intelligence Unit (FIU), which operates within AMBD.

**No Tipping-Off**: VASPs and their employees are prohibited from disclosing to the customer or any third party that a STR has been, or will be, made.

**Customer Identification Records**: Copies of identity documents, verification data, and any information obtained during the CDD process.

**Transaction Records**: Details of all transactions, including sender and receiver information, virtual asset types, amounts, dates, and transaction identifiers (e.g., blockchain hashes).

**Business Correspondence**: Relevant correspondence with customers, including records relating to STRs submitted.

**Duration**: Records must be retained for at least **five (5) years** after the business relationship ends or after the date of the transaction. This ensures that records are available for audit, investigation, and analysis by competent authorities.

Implement robust internal AML/CFT policies, procedures, and controls.

Appoint a qualified Money Laundering Reporting Officer (MLRO).

Provide ongoing AML/CFT training to relevant employees.

Conduct independent audits of their AML/CFT programs.

Comply with the **"Travel Rule"** (FATF Recommendation 16 for wire transfers, extended to virtual assets), meaning they must obtain and retain required originator and beneficiary information for virtual asset transfers above a de minimis threshold, and transmit this information to the beneficiary institution.

**Anti-Money Laundering and Anti-Terrorism Financing Act (AMLAFTA), 2010 (as amended):** This is the cornerstone legislation. It imposes obligations on financial institutions (which, by definition or interpretation, would include VASPs once formally regulated or under general AML/CFT principles) to:

Conduct customer due diligence (CDD) and know-your-customer (KYC) procedures.

Monitor transactions for suspicious activities.

Report suspicious transactions (STRs) to the Financial Intelligence Unit (FIU) within the Autoriti Monetari Brunei Darussalam (AMBD).

Implement internal controls, policies, and training programs.

**Comply with UN Security Council Resolutions on targeted financial sanctions.**

Freeze assets of designated persons and entities.

*General reference for AMBD's regulatory oversight:* Autoriti Monetari Brunei Darussalam (AMBD)

**Anti-Terrorism Order (ATO), 2011:** This order provides the legal basis for identifying and freezing assets of individuals and entities involved in terrorism and terrorist financing, including those designated by the UN Security Council.

**Anti-Terrorism Order, 2011.** (Similar to AMLAFTA, official consolidated versions might be in government gazettes or legal databases not publicly accessible online in a single link, but its existence and principles are widely recognized in AMBD's regulatory guidance).

**Autoriti Monetari Brunei Darussalam (AMBD) Guidelines:** AMBD, as the central bank and financial regulator, issues directives, guidelines, and circulars to financial institutions concerning AML/CFT compliance, including sanctions. These often detail the implementation of the AMLAFTA and ATO.

AMBD regularly updates its **AML/CFT/PF Guidelines** and publishes circulars. These are usually found under the "Publications" or "Regulations" section of the AMBD website. As of now, specific crypto-focused AML/CFT guidelines are still emerging, but the general financial institution guidelines apply by extension.

AMBD Publications & Reports (Check here for current circulars and guidelines).

**Compliance Requirement:** Brunei, as a member of the United Nations, has a legal obligation to implement all UN Security Council Resolutions (UNSCRs) related to sanctions. This is domestically enforced through the AMLAFTA and ATO.

**Obligations for VASPs (and any financial entity):**

**Screening:** Regularly screen all customers (KYC) and transactions against UN sanctions lists (e.g., ISIL (Da'esh) and Al-Qaeda Sanctions List, DPRK Sanctions List, Iran Sanctions List, etc.).

**Asset Freezing:** Immediately freeze funds and other assets of individuals or entities designated by the UN Security Council.

**Prohibition:** Prohibit providing funds or economic resources, directly or indirectly, to designated persons or entities.

**Reporting:** Report any matches or attempts to circumvent sanctions to the FIU/AMBD.

UN sanctions committees maintain and update regime-specific listings, while the UN Security Council Consolidated List is the authoritative official list published by the UN Secretariat and updated based on committee decisions.

UN Security Council Sanctions Committees

**OFAC (U.S.) and EU Sanctions:**

**Compliance Requirement:** Brunei law does *not* directly mandate compliance with OFAC or EU sanctions for its domestic entities.

U.S. and EU sanctions have significant extraterritorial effects, and for VASPs that operate globally, interact with U.S. or EU persons/entities, or rely on U.S./EU financial infrastructure (even indirectly), aligning with OFAC and EU sanctions is generally a major commercial and risk‑management imperative. However, it is not an absolute ‘critical business necessity’ in every case: some VASPs that are primarily focused on non‑U.S./non‑EU markets and are subject to anti‑blocking or blocking regulations may face conflicting legal obligations, making full OFAC/EU alignment a strategic choice involving trade‑offs rather than a universal requirement.

**Secondary Sanctions:** Being cut off from the global financial system, including correspondent banking relationships.

**Reputational Damage:** Significant harm to credibility and trust.

**Legal Action:** Potential legal action in jurisdictions that enforce these sanctions if there is a nexus.

**Obligations for Global VASPs:** Prudent VASPs in Brunei, especially those aiming for international reach, will integrate OFAC's Specially Designated Nationals (SDN) list and EU sanctions lists into their screening processes, in addition to UN lists.

U.S. Department of the Treasury – OFAC

European External Action Service – Sanctions

**Mandatory Screening:** Against all UN Security Council Consolidated List and specific UN sanctions committee lists.

**Recommended Screening (for international operations):** Against OFAC's SDN List, EU Consolidated List of persons, groups and entities subject to EU financial sanctions, and potentially other significant national sanctions lists (e.g., UK's HM Treasury).

**Technology:** Utilizing robust blockchain analytics and sanctions screening software to identify addresses and entities linked to sanctioned individuals, organizations, or jurisdictions.

**Implicit Restrictions via Sanctions:** Transactions involving crypto assets to, from, or through sanctioned countries (e.g., North Korea, Iran, specific regions in Russia, Syria, Cuba, Venezuela - depending on the specific sanctions regime) or designated high-risk jurisdictions are restricted or prohibited.

**FATF High-Risk Jurisdictions:** Brunei's AML/CFT framework, aligning with FATF recommendations, requires enhanced due diligence for transactions involving jurisdictions identified by FATF as high-risk or under increased monitoring.

**AMBD's Risk Appetite:** The AMBD, like many regulators, has a cautious stance towards crypto. Transactions involving crypto, especially with certain high-risk geographies, would likely be scrutinized.

**Fines:** Substantial monetary penalties for both individuals and corporate bodies.

**Imprisonment:** Individuals found guilty of offences can face lengthy prison sentences.

**Loss of Licenses/Business:** Regulated entities (once VASPs are fully regulated) may face suspension or revocation of their operating licenses.

**Reputational Damage:** Significant harm to business reputation, making it difficult to operate locally and internationally.