Botswana -- AML/CFT Compliance Regulatory Overview

**Proceeds of Serious Crime Act (POCA), Cap 08:06:** This is the overarching legislation that criminalizes money laundering and terrorist financing, and provides for the confiscation of proceeds of crime.

**Financial Intelligence Act (FIA), No. 17 of 2019:** This Act establishes the Financial Intelligence Agency (FIA) and outlines the obligations of accountable institutions (which now explicitly include VASPs) regarding customer due diligence, record-keeping, and suspicious transaction reporting. It replaced the 2009 Act.

**Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Guidelines:** Issued by the FIA and NBFIRA, these guidelines provide specific instructions for regulated entities, including VASPs, on how to implement their AML/CFT obligations, including sanctions compliance.

The Non-Bank Financial Institutions Regulatory Authority (NBFIRA) Act, 2006 establishes NBFIRA as the prudential regulator for non-bank financial institutions in Botswana. There is no Botswana-specific evidence that VASPs are explicitly included under NBFIRA’s purview.

**NBFIRA's Virtual Assets Business Regulatory Framework and Guidance Notes:** NBFIRA has issued a comprehensive framework and specific guidance notes, such as the "Guidance Notes on Anti-Money Laundering and Combating the Financing of Terrorism for Virtual Asset Service Providers" (e.g., published in November 2022), which directly detail AML/CFT obligations for VASPs. These are crucial for specific requirements.

**Identification and Verification of Customers:**

National identity number (e.g., Omang for citizens), passport number, or other official identification document number.

Residential address (verified with utility bills, bank statements, or other official documents).

Source of funds and source of wealth (especially for high-risk customers or large transactions).

Purpose and intended nature of the business relationship.

**Legal Entities/Arrangements (e.g., companies, trusts):**

Full legal name and trading name.

Registration number and legal form.

Principal place of business and, if different, operational address.

Names of directors, partners, or trustees.

Memorandum and Articles of Association (or similar constitutive documents).

Verification that the entity has not been dissolved, wound up, or struck off.

Identification of individuals authorized to act on behalf of the entity.

VASPs must identify and verify the identity of the beneficial owner(s) of customers, including for legal persons and legal arrangements.

For legal persons, this typically means identifying individuals who ultimately own or control **25% or more** of the shares or voting rights, or otherwise exercise control over the entity.

For trusts or other legal arrangements, identifying the settlors, trustees, protectors, beneficiaries, or any other person exercising ultimate effective control.

**Ongoing Due Diligence and Monitoring:**

Monitoring the business relationship and transactions undertaken throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, risk profile, and, where necessary, the source of funds.

Keeping customer information up-to-date and verifying it periodically.

**Simplified Due Diligence (SDD):** May be applied in low-risk scenarios (e.g., government entities, publicly listed companies) where the risk of money laundering or terrorist financing is minimal.

**Enhanced Due Diligence (EDD):** Required for higher-risk scenarios, including:

Politically Exposed Persons (PEPs) and their family members/close associates.

Customers from high-risk geographic locations (e.g., countries under FATF monitoring or sanctions).

Customers involved in high-risk activities or complex structures.

Transactions involving large amounts of virtual assets or unusual patterns.

Specific measures for EDD may include obtaining additional information on the customer, beneficial owner, source of funds/wealth, purpose of transactions, and senior management approval for establishing or continuing the relationship.

**"Travel Rule" (FATF Recommendation 16, extended to VASPs by R.15):**

VASPs are generally required to obtain and transmit certain originator and beneficiary information for virtual asset transfers above a de minimis threshold (often equivalent to USD/EUR 1,000).

**Originator Information:** Name, account number (or unique transaction identifier), physical address, or national ID number, or customer identification number, or date and place of birth.

**Beneficiary Information:** Name, account number (or unique transaction identifier), and physical address, or national ID number, or customer identification number, or date and place of birth.

Botswana's Data Protection Act 2024 sets specific conditions on storage and disclosure of personal data to authorities, replacing any prior blanket requirement to store and make information available upon request.

**Reporting Obligation:** A VASP must immediately report any transaction (or attempted transaction) where they know, suspect, or have reasonable grounds to suspect that:

The transaction involves funds derived from criminal activity (money laundering).

The transaction is linked to terrorist financing.

The transaction is otherwise suspicious based on customer behavior, transaction patterns, or other red flags.

**No Tipping-Off:** It is prohibited to inform the customer or any third party that a report has been or will be made to the FIA.

**Protection for Reporters:** VASPs and their employees are protected from criminal or civil liability for reporting suspicious transactions in good faith.

**Customer Identification Records:** All documents and information obtained during the CDD process (e.g., copies of ID, proof of address, beneficial ownership information).

**Transaction Records:** Details of all virtual asset transactions, including:

Amount and value of the transaction.

Originator and beneficiary information (as per the Travel Rule).

Sending and receiving virtual asset addresses/identifiers.

Any other relevant information relating to the transaction.

**Business Correspondence:** Records of communications with customers.

**Suspicious Transaction Reports:** Copies of all STRs submitted to the FIA, along with any internal analyses or decisions made.

**Retention Period:** Records must be retained for a minimum of **five (5) years** after the business relationship has ended or after the date of the occasional transaction.

**Role:** NBFIRA is the prudential regulator responsible for the licensing, supervision, and enforcement of AML/CFT and other regulatory requirements for VASPs. They conduct inspections, issue directives, and impose sanctions for non-compliance.

**Role:** The FIA is Botswana's Financial Intelligence Unit (FIU). It is responsible for receiving, analyzing, and disseminating suspicious transaction reports to law enforcement agencies for investigation and prosecution. The FIA also provides guidance to accountable institutions on AML/CFT matters.

**The Virtual Assets Act, 2022:** This is the most specific legislation regulating virtual assets and VASPs in Botswana. It brings VASPs under the regulatory oversight of the Non-Bank Financial Institutions Regulatory Authority (NBFIRA) and mandates AML/CFT compliance.

**Legal Reference:** Virtual Assets Act, 2022. (Official Government Gazette link is often dynamic or paywalled, but the Act is publicly available through legal databases. A general search like "Botswana Virtual Assets Act 2022" will lead to reputable legal resources).

**The Financial Intelligence Act (FIA):** This Act establishes the Financial Intelligence Agency (FIA) as the central national agency responsible for receiving, analyzing, and disseminating financial intelligence to combat money laundering and terrorist financing. It sets out reporting obligations for financial institutions and designated non-financial businesses and professions (DNFBPs), which now explicitly include VASPs.

**Legal Reference:** Financial Intelligence Act, 2019 (as amended).

**Link:** Botswana Financial Intelligence Act 2019 (FIA Website)

**The Proceeds and Instruments of Crime Act (PICA):** This Act deals with the identification, tracing, freezing, and forfeiture of proceeds of crime, including those related to money laundering and terrorist financing.

**Legal Reference:** Proceeds and Instruments of Crime Act, 2014.

**Link:** Botswana Proceeds and Instruments of Crime Act 2014 (FIA Website)

**Link (FIA Guidance):** FIA Botswana Publications (look for relevant sector-specific guidelines, if available, or general AML/CFT guidance)

**Direct Obligation:** As a member state of the United Nations, Botswana is legally obligated to implement all UN Security Council Resolutions (UNSCRs), including those imposing targeted financial sanctions (TFS) related to terrorism, proliferation financing (e.g., WMD), and other threats to international peace and security.

**Mechanism:** The FIA and other relevant authorities issue directives to financial institutions (including VASPs) to freeze assets and prohibit transactions with individuals and entities designated by the UN Sanctions Committees (e.g., Al-Qaida, ISIS, Taliban, DPRK, Iran, etc.).

**VASP Requirement:** VASPs operating in Botswana must have systems and procedures in place to screen customers and transactions against the consolidated UN sanctions lists. Any match requires immediate freezing of funds/VAs and reporting to the FIA.

**Legal Basis:** This obligation is implicitly enforced through the FIA Act (mandating AML/CFT compliance) and the various regulations issued by the Ministry responsible for foreign affairs, which give effect to international obligations.

**OFAC (U.S.) and EU Sanctions:**

Extraterritorial Reach: OFAC (Office of Foreign Assets Control) sanctions from the United States and sanctions from the European Union apply extraterritorially. This means that even if a VASP is based solely in Botswana, it may fall under U.S. or EU jurisdiction if it:

Deals with U.S. persons or EU persons.

Processes transactions denominated in USD or EUR.

Uses U.S. or EU-based infrastructure (e.g., cloud servers, payment processors).

Engages in activities that transit through U.S. or EU financial systems.

**VASP Requirement (Best Practice/Risk Mitigation):** While not *directly* mandated by Botswana law for non-UN sanctions, a prudent VASP in Botswana will screen against OFAC (SDN List, SSIL, etc.) and EU sanctions lists as a crucial part of its risk management strategy. Failure to do so could lead to:

Loss of access to international financial services (e.g., correspondent banking, fiat on/off-ramps).

Potential enforcement actions by U.S. or EU authorities if a nexus is established.

The Virtual Assets Act and FIA Act require VASPs to implement "adequate and appropriate policies, procedures, and controls to mitigate money laundering and terrorist financing risks," which broadly supports the screening against all major sanctions lists as a best practice.

**Conduct Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):** This includes identifying the beneficial owners of accounts.

**Screen against Sanctions Lists:** Before onboarding new customers and on an ongoing basis, VASPs must screen their customers (including beneficial owners) and, where feasible, the counterparties to transactions, against:

**FATF Public Statement Lists:** These identify high-risk jurisdictions or those with strategic AML/CFT deficiencies (often referred to as "grey list" or "black list" countries). While not sanctions, they require enhanced due diligence.

**OFAC and EU Sanctions Lists:** Highly recommended as a risk management measure to avoid potential international repercussions.

**Real-time/Automated Screening:** For virtual assets, given the speed of transactions, effective screening often requires automated tools that can cross-reference names, addresses, and sometimes even wallet addresses (if publicly associated with sanctioned entities) against relevant sanctions databases.

**Reporting:** Any positive match must result in an immediate freeze of assets and a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) to the FIA.

**UN Sanctioned Jurisdictions:** Transactions with individuals, entities, or in some cases, entire sectors or regions within countries designated under UN sanctions (e.g., North Korea, Iran for certain activities) are prohibited or restricted.

**FATF High-Risk Jurisdictions:** While not outright prohibitions, the FIA and NBFIRA would expect VASPs to apply enhanced due diligence to transactions involving customers or jurisdictions identified by the FATF as high-risk (e.g., those on the FATF "black list" or "grey list"). This means increased scrutiny, robust record-keeping, and potentially refusing to onboard customers from such regions if risks cannot be sufficiently mitigated.

**Internal Risk Appetite:** Individual VASPs in Botswana may choose to impose their own geographic restrictions based on their internal risk assessments and compliance policies, opting to avoid certain jurisdictions deemed too risky, even if not directly sanctioned.

**Administrative Fines:** Significant monetary penalties can be imposed by NBFIRA and FIA for non-compliance with regulatory requirements, including failure to implement adequate AML/CFT controls or report suspicious transactions.

**Imprisonment:** Individuals (e.g., directors, compliance officers) can face terms of imprisonment for offenses such as money laundering, terrorist financing, or serious breaches of AML/CFT duties.

**Asset Forfeiture:** Proceeds of crime, including virtual assets involved in illicit activities or linked to sanctioned entities, are subject to freezing and forfeiture under PICA.

**License Revocation:** NBFIRA can suspend or revoke the license of a VASP that fails to comply with its legal and regulatory obligations, effectively preventing it from operating in Botswana.

**Reputational Damage:** Beyond legal penalties, non-compliance can severely damage a VASP's reputation and ability to attract customers or partners.

**The Consolidated United Nations Security Council Sanctions List:** This includes individuals and entities designated under various UN resolutions (e.g., Al-Qaida Sanctions Committee, ISIL (Da'esh) and Al-Qaida Sanctions Committee, 1988 Sanctions Committee (Taliban), DPRK, Iran, Libya, Mali, Somalia, South Sudan, Yemen, etc.).

**Link:** UN Security Council Sanctions List

**FATF Public Statements:** These identify jurisdictions with strategic deficiencies in their AML/CFT regimes.

**Link:** FATF High-Risk and other Monitored Jurisdictions

exchange between virtual assets and fiat currencies;

exchange between one or more forms of virtual assets;

safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and

participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

Establish and maintain **policies, controls, and procedures** to ensure compliance with the Travel Rule.

**Collect and maintain** the required originator and beneficiary information for all virtual asset transfers.

**Transmit** this information to the beneficiary VASP, or make it available upon request to relevant authorities.

Ensure that their **systems and processes** are capable of accurately capturing, storing, and transmitting the required data in a secure manner.

Originator’s account number used to process the transaction (or unique transaction identifier)

Originator’s physical address or national identification number or customer identification number (i.e., not a publicly available identifier) or date and place of birth

Beneficiary’s account number used to process the transaction (or unique transaction identifier)

**Administrative Penalties:** Fines imposed by NBFIRA for breaches of regulatory requirements. These can be substantial and aim to deter non-compliance.

**Suspension or Revocation of License:** NBFIRA has the power to suspend or revoke the license of a VASP that fails to comply with its obligations, effectively preventing them from operating in Botswana.

**Criminal Penalties:** For serious breaches, especially those related to money laundering or terrorist financing, individuals and corporate officers can face:

**Imprisonment:** Terms of imprisonment for individuals found guilty of offenses under the AML/CFT framework.