Djibouti -- AML/CFT Compliance Regulatory Overview

**Law No. 128/AN/18/8ème L of July 18, 2018, modifying and completing Law No. 136/AN/07/5ème L on Money Laundering, Terrorist Financing and Proliferation Financing.**

**Be subject to the same AML/CFT obligations as traditional financial institutions.** This means adhering to the principles outlined in Law No. 128/AN/18/8ème L.

**Implement a risk-based approach** to identify, assess, and mitigate money laundering and terrorist financing risks associated with their virtual asset products, services, customers, and delivery channels.

**Comply with the FATF Travel Rule**, which requires VASPs to obtain and transmit originator and beneficiary information for virtual asset transfers above a certain threshold.

**Identifying and Verifying the Identity of the Customer:**

**For individuals:** Obtaining name, address, date of birth, nationality, and a unique identification number (e.g., national ID card, passport). Verification typically requires official, independent documents.

**For legal entities (companies, trusts, foundations):** Obtaining legal name, legal form, proof of existence, powers that regulate the entity and bind it, address of registered office, and names of individuals who are authorized to act on behalf of the entity. Verification requires official registration documents.

**Identifying and Verifying the Ultimate Beneficial Owner (UBO):** Taking reasonable measures to understand the ownership and control structure of the customer and identify the natural persons who ultimately own or control the customer. This often applies for entities where control is 25% or more.

**Understanding the Purpose and Intended Nature of the Business Relationship:** Collecting information about the customer's anticipated activity, source of funds, and source of wealth (especially for high-risk customers or large transactions).

**Ongoing Monitoring:** Continuously monitoring the business relationship and transactions undertaken by the customer to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile.

**Enhanced Due Diligence (EDD):** Required for higher-risk scenarios, including:

Customers from high-risk jurisdictions (as identified by FATF or national authorities)

Complex, unusually large, or unusual transaction patterns

Customers involved in new technologies or products that favor anonymity.

**Simplified Due Diligence (SDD):** Permitted for lower-risk scenarios, as defined by the VASP's risk assessment and regulator's guidance.

**Report any suspicious transaction** (including attempted transactions) where they know, suspect, or have reasonable grounds to suspect that funds are the proceeds of a criminal activity or are related to terrorist financing.

**Submit STRs promptly** to the Financial Intelligence Unit (FIU).

**Refrain from "tipping off"** the customer or any third party that an STR has been filed.

**Identity records:** All records obtained through CDD procedures (copies of identification documents, account files, business correspondence) for **at least five (5) years** after the business relationship is terminated.

**Transaction records:** Records of transactions, including the amounts, currencies, and names/addresses of participants, for **at least five (5) years** from the date of the transaction.

**STRs and related internal documentation:** Must also be kept for a similar period.

**Banque Centrale de Djibouti (BCD) - The Central Bank of Djibouti:**

The BCD is the main prudential regulator for financial institutions and is responsible for supervising their adherence to AML/CFT requirements. It issues regulations and guidance for the financial sector.

**Cellule de Traitement des Renseignements Financiers (CTRF) - The Financial Intelligence Unit (FIU):**

The CTRF is the central national agency responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) to relevant law enforcement agencies.

While a dedicated, standalone website for the CTRF is not commonly publicized, its operations fall under the broader government AML/CFT framework, with the BCD being a key stakeholder and supervisor of reporting entities.

**Loi n° 171/AN/18/8ème L portant révision de la loi n° 202/AN/07/5ème L relative à la lutte contre le blanchiment d'argent, le financement du terrorisme et de la prolifération des armes de destruction massive (Law No. 171/AN/18/8th L revising Law No. 202/AN/07/5th L relating to the fight against money laundering, the financing of terrorism, and the proliferation of weapons of mass destruction).**

This is Djibouti's primary AML/CFT law. It mandates financial institutions and designated non-financial businesses and professions (DNFBPs) to implement various measures, including customer due diligence, suspicious transaction reporting, and sanctions screening. Although virtual asset service providers (VASPs) are not explicitly defined or licensed under this law, the spirit of FATF Recommendation 15 (which extends AML/CFT obligations to VASPs) implies that activities facilitating value transfer could fall under its scope, especially as Djibouti is a member of the Eastern and Southern Africa Anti-Money Laundering Group (ESAAMLG), an FATF-style regional body.

*Reference:* While an official government gazette URL is often difficult to find online for older laws, the law is widely referenced in FATF/ESAAMLG reports and legal databases. An example of reference can be found in the ESAAMLG Mutual Evaluation Report of Djibouti.

**Obligation:** As a member state of the United Nations, Djibouti is legally bound to implement all resolutions passed by the UN Security Council (UNSC) under Chapter VII of the UN Charter. This includes sanctions regimes targeting individuals, entities, and regions involved in terrorism, proliferation of weapons of mass destruction, and other threats to international peace and security.

**Sanctioned Entity Screening:** VASPs in Djibouti must screen their customers (both senders and receivers), beneficial owners, and transaction counterparties against the UN Security Council Consolidated List. This list includes individuals and entities subject to asset freezes, travel bans, and arms embargoes.

**Asset Freezing:** Immediately freeze any virtual assets (and traditional assets) belonging to, or controlled by, individuals or entities on the UN sanctions list.

**Reporting:** Report any matches or attempts to circumvent sanctions to the Djiboutian Financial Intelligence Unit (Cellule de Traitement du Renseignement Financier - CTRF).

*Reference:* **UN Security Council Consolidated List:** https://www.un.org/securitycouncil/content/un-sc-consolidated-list

**Extra-territorial Reach:** The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) implements and enforces U.S. foreign policy and national security sanctions. OFAC sanctions have a broad extra-territorial reach. While Djibouti is not directly subject to OFAC sanctions, any VASP operating in Djibouti that:

Is owned or controlled by a U.S. person.

Engages in transactions that touch the U.S. financial system (e.g., using U.S.-based stablecoins, exchanges, or intermediaries).

Deals with U.S. persons (citizens, residents, or entities).

Facilitates transactions for, or on behalf of, OFAC-sanctioned individuals, entities, or jurisdictions.

**Must comply with OFAC regulations.**

**Sanctioned Entity Screening:** Screen all customers and transaction counterparties against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, as well as other relevant OFAC sanctions lists (e.g., Non-SDN Palestinian Legislative Council List, Sectoral Sanctions Identifications List).

**Geographic Restrictions:** Prohibit or restrict transactions involving virtual assets originating from, or destined for, sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria, certain regions of Ukraine/Russia).

**Asset Freezing:** Freeze virtual assets and other property of individuals and entities on OFAC lists.

**Prohibited Transactions:** Refrain from engaging in any transactions, directly or indirectly, with sanctioned parties or within sanctioned jurisdictions without specific authorization (e.S. an OFAC license).

*Reference:* **OFAC Sanctions Programs and Information:** https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information

**Extra-territorial Reach:** The European Union imposes restrictive measures (sanctions) to implement common foreign and security policy objectives. Similar to OFAC, EU sanctions can have an extra-territorial impact. VASPs in Djibouti that:

Are owned or controlled by EU persons or entities.

Conduct business within the EU.

Engage in transactions involving EU persons or entities.

Facilitate transactions for, or on behalf of, EU-sanctioned individuals, entities, or jurisdictions.

**Must comply with EU regulations.**

**Sanctioned Entity Screening:** Screen customers and counterparties against the EU Sanctions Map and lists, which include individuals and entities subject to asset freezes and other restrictions.

**Geographic Restrictions:** Adhere to restrictions on transactions involving virtual assets connected to sanctioned countries or regions designated by the EU (e.g., certain measures related to Russia, Belarus, Syria).

*Reference:* **EU Sanctions Map:** https://www.sanctionsmap.eu/

**Regular Screening:** Screen all new customers during onboarding and existing customers on an ongoing basis.

**Transaction Screening:** Screen all transaction counterparties (senders and receivers) in real-time or near real-time.

**Beneficial Ownership Screening:** Identify and screen ultimate beneficial owners (UBOs) of corporate entities.

**UN Security Council Consolidated List.**

**OFAC Specially Designated Nationals (SDN) List** and other OFAC sanctions lists.

Any other relevant international or national lists that may emerge.

**Sanctioned Countries/Regions:** Examples include North Korea, Iran, Syria, Cuba, Venezuela (certain entities), Russia (certain entities/sectors, and occupied Ukrainian territories), Belarus, and others depending on the specific sanctions program.

**High-Risk Jurisdictions:** While not strictly "sanctioned," FATF identifies "High-Risk Jurisdictions subject to a Call for Action" (e.g., North Korea, Iran) and "Jurisdictions under Increased Monitoring." VASPs should apply enhanced due diligence to transactions involving these jurisdictions.

*Reference:* **FATF High-Risk and other Monitored Jurisdictions:** https://www.fatf-gafi.org/countries/high-risk-and-other-monitored-jurisdictions.html

**Under Djiboutian Law:** Violations of Djibouti's AML/CFT Law (Loi n° 171/AN/18/8ème L) can result in:

**Fines:** Significant monetary penalties for institutions and individuals.

**Imprisonment:** For individuals found responsible for serious violations, including facilitating money laundering or terrorist financing.

**License Revocation:** If VASPs were to become regulated and licensed in the future, non-compliance could lead to license revocation.

**Reputational Damage:** Significant harm to the entity's standing and ability to operate.

Under OFAC Sanctions (if jurisdiction applies): Penalties can be severe:

Civil Penalties: Substantial monetary fines, potentially running into millions of dollars per violation, depending on the nature and extent of the violation.

Criminal Penalties: Imprisonment for individuals (up to 20 years) and even larger fines for entities, particularly in cases of willful violations.

**Blocking of Assets:** Assets linked to the violation or the violating entity/individual can be blocked and seized.

**Loss of Access to U.S. Financial System:** Blacklisting and inability to conduct business with U.S. entities or through the U.S. financial system.

**Under EU Sanctions (if jurisdiction applies):** Penalties vary by EU member state but generally include:

**Significant Fines:** Monetary penalties imposed by national authorities.

**Imprisonment:** For individuals involved in serious breaches.

**Reputational Damage and Business Restrictions:** Similar to OFAC, loss of access to EU markets and financial services.

**UN Security Council Sanctions Lists.**

**Relevant extra-territorial sanctions lists** (e.g., OFAC SDN, EU Consolidated List) if their operations involve U.S. or EU persons, financial systems, or jurisdictions.

**Primary AML/CFT Law:** Law No. 2020-009/PR/MDAN relating to the fight against money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction (LBC/FT/FP). This law provides the general framework for AML/CFT obligations in Djibouti.

**Central Bank:** The **Banque Centrale de Djibouti (BCD)** is the primary financial regulator and would likely be responsible for issuing specific regulations concerning virtual assets and VASPs.

**Financial Intelligence Unit (FIU):** The **CENTIF** receives and analyzes suspicious transaction reports (STRs) and other financial information.

**Indirect Adoption:** Djibouti, as a country that aims to comply with FATF standards, is *expected* to adopt Recommendation 15, which includes the Travel Rule. The general AML/CFT law (Law No. 2020-009/PR/MDAN) likely provides the legal basis for future specific regulations.

**Direct Adoption:** As of early 2024, there is no widely published, specific decree or circular from the Banque Centrale de Djibouti or the CENTIF that explicitly details the implementation of the FATF Travel Rule for VASPs. It is more probable that VASPs are expected to comply with general AML/CFT obligations under the 2020 law, and specific VASP regulations, including the Travel Rule, are either in development or pending.

Since explicit Travel Rule regulations are not publicly detailed, there isn't a specific effective date for its implementation in Djibouti. The general AML/CFT Law No. 2020-009/PR/MDAN became effective in 2020.

Without specific VASP regulations, no explicit Travel Rule threshold amounts have been publicly communicated by Djiboutian authorities. If and when implemented, it is highly likely they would align with the FATF standard:

**€1,000 / USD 1,000 equivalent** for transactions between VASPs, or when a VASP conducts a transaction with an unhosted wallet.

This applies to both fiat-to-crypto and crypto-to-crypto transfers.

The FATF defines VASPs broadly as any natural or legal person who, as a business, conducts one or more of the following activities or operations for or on behalf of another natural or legal person:

Exchange between virtual assets and fiat currencies

Exchange between one or more forms of virtual assets

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

In Djibouti, any entity conducting such activities would eventually fall under the purview of the AML/CFT law once specific VASP regulations are in place. Currently, if such entities exist and operate, they would likely be expected to register with the CENTIF and adhere to general AML/CFT obligations (e.g., customer due diligence, suspicious transaction reporting).

Specific technical implementation requirements (e.g., use of specific Travel Rule solutions like TRISA, OpenVASP, etc.) have not been publicly stipulated. When implemented, these would typically follow international best practices.

**Administrative sanctions:** Fines, suspension or revocation of licenses, prohibition from managing a financial institution.

**Criminal sanctions:** Imprisonment and substantial monetary fines for individuals and entities found guilty of money laundering, terrorist financing, or related offenses.

The exact penalties would depend on the nature and severity of the non-compliance and are detailed within the existing AML/CFT law.

**Banque Centrale de Djibouti (BCD):** https://www.banque-centrale.dj/ (Official site - often contains publications, circulars, and legislation, though specific VASP guidance might require direct inquiry or might not be readily available in English.)

**CENTIF (Cellule Nationale de Traitement des Informations Financières):** While the BCD website lists the CENTIF as part of the financial sector, a direct, dedicated public website for CENTIF Djibouti with detailed publications is not consistently available. Information is often found through government portals or regional AML/CFT bodies.

**Law No. 2020-009/PR/MDAN:** Finding a direct, publicly accessible URL for the full text of this law in English or French can be challenging for some jurisdictions. It is often referenced in reports by international bodies (like FATF or IMF) or local news.

*General reference for AML laws in Africa often points to resources like GIABA (Inter-Governmental Action Group against Money Laundering in West Africa) or ESAAMLG (Eastern and Southern Africa Anti-Money Laundering Group), though Djibouti primarily falls under general FATF guidance and potentially regional economic groupings like COMESA.*