Guernsey -- AML/CFT Compliance Regulatory Overview

**The Proceeds of Crime (Bailiwick of Guernsey) Law, 1999 (as amended)**

**The Terrorism and Crime (Bailiwick of Guernsey) Law, 2002 (as amended):** This law addresses terrorist financing and associated offences.

**The Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Regulations, 2017 (as amended):** These Regulations provide the detailed requirements for financial services businesses (which include VASPs for AML/CFT purposes) concerning customer due diligence, record-keeping, and internal controls.

**The Handbook for Financial Services Businesses on Countering Financial Crime and Terrorist Financing (the AML/CFT Handbook):** Issued by the GFSC, this handbook provides detailed guidance and specific requirements for regulated entities, including a dedicated section on Virtual Assets and VASPs (typically Section 11). This is where the operational details of the Travel Rule are explained.

**Risk-Based Approach (RBA):** VASPs must assess the money laundering and terrorist financing risks associated with their business, customers, products, services, and geographic areas. This assessment dictates the level of CDD applied. Virtual assets and related services are generally considered to carry higher inherent risks.

**Standard CDD:** For all customers, VASPs must:

**Identify the Customer:** Obtain proof of identity (e.g., passport, national ID card for individuals; incorporation documents, registers for legal entities).

**Verify the Customer's Identity:** Use reliable, independent source documents, data, or information. For individuals, this often involves documentary evidence and potentially non-documentary methods. For legal entities, verification of existence and legal form.

**Identify the Beneficial Owner (BO):** For legal persons or arrangements, identify and verify the identity of the natural person(s) who ultimately own or control the customer (typically 25% ownership threshold, or control via other means).

**Understand the Purpose and Intended Nature of the Business Relationship:** Gather information about why the customer wants to use the VASP's services and the expected activity levels.

**Collect Source of Funds/Wealth Information:** Understand where the customer's funds/virtual assets originate from.

**Enhanced Due Diligence (EDD):** EDD is required in situations where there is a higher risk of ML/TF. This includes, but is not limited to:

Complex or unusually large transactions.

Transactions with no obvious economic or lawful purpose.

Non-face-to-face business relationships without additional safeguards.

Specific virtual asset activities or types that inherently carry higher risk.

EDD measures may involve obtaining additional information, increased monitoring, requiring senior management approval, or independently verifying information.

**Simplified Due Diligence (SDD):** SDD may be applied in specific, clearly defined low-risk scenarios (e.g., certain regulated financial institutions), but VASPs must be cautious and justify its application.

**Ongoing Monitoring:** VASPs must continuously monitor customer relationships and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. Any significant changes in customer behaviour or circumstances must trigger a review of CDD.

**Sanctions Screening:** All customers and transactions must be screened against applicable sanctions lists (e.g., UN, UK, EU, Guernsey).

**Obligation to Report:** VASPs have a legal obligation to report any knowledge, suspicion, or reasonable grounds for suspicion of money laundering or terrorist financing to the Financial Intelligence Unit (FIU). This includes attempts to launder money or finance terrorism.

**No Tipping-Off:** It is an offence to "tip-off" a customer or any third party that a suspicious transaction report has been or will be made.

**Internal Reporting:** VASPs must have internal procedures for employees to report suspicions to a designated Money Laundering Reporting Officer (MLRO) or Deputy MLRO. The MLRO is then responsible for evaluating the internal report and deciding whether to file an STR with the FIU.

**CDD Records:** Copies of all identification and verification data obtained for customers and beneficial owners, as well as the results of any risk assessments.

**Transaction Records:** Records of all transactions undertaken, including the amount, currency, date, and details of the parties involved (senders and receivers of virtual assets).

**Correspondence:** All relevant correspondence with customers.

**Internal and External Reports:** Records of internal suspicious activity reports and external suspicious transaction reports made to the FIU.

The end of the business relationship for customer identification data.

The date of the transaction for transaction records.

**Guernsey Financial Services Commission (GFSC)**

The GFSC is the integrated regulator for the Bailiwick of Guernsey's financial services industry. It supervises businesses for compliance with financial crime legislation and issues guidance, including the AML/CFT Handbook.

**Guernsey Financial Intelligence Unit (FIU)**

The FIU is the central agency for receiving, analysing, and disseminating suspicious transaction reports to law enforcement agencies.

**Integration:** Rather than creating entirely new legislation for DLT/virtual assets, Guernsey primarily applies its existing financial services and AML/CFT laws to entities and activities involving virtual assets where they fall within the scope of those laws.

**Risk-Based:** The GFSC adopts a risk-based approach, focusing on the specific risks posed by virtual asset activities, particularly concerning financial crime.

**Innovation-Friendly within Regulation:** Guernsey aims to foster innovation in the DLT space while ensuring regulatory integrity and protecting its reputation. They encourage businesses to engage with the regulator early to discuss potential DLT-based propositions.

The GFSC is the sole regulator of the financial services industry in Guernsey and is responsible for supervising entities involved with virtual assets that fall within its remit.

This is the cornerstone of Guernsey's AML framework. Entities dealing with virtual assets, particularly VASPs, fall under the scope of this law and its associated regulations.

**URL (GFSC page referencing it):** https://www.gfsc.gg/commission/financial-crime/proceeds-crime-laws

**The Terrorist Financing (Bailiwick of Guernsey) Law, 2020 (as amended)**

This law addresses CFT obligations, complementing the Proceeds of Crime Law.

**The Handbook on Countering Financial Crime and Terrorist Financing**

**Date:** Periodically updated (most recent major revision typically available on GFSC site). This handbook provides detailed guidance for regulated entities, including those involved with virtual assets, on how to comply with AML/CFT laws. It specifically addresses "virtual asset service providers" (VASPs).

**The Regulation of Fiduciaries, Administration Businesses and Company Directors, etc. (Bailiwick of Guernsey) Law, 2000 (as amended)**

If a virtual asset business provides fiduciary services, trust administration, or company administration in relation to virtual assets, it would likely fall under this law and require licensing.

**URL (GFSC list of laws):** https://www.gfsc.gg/commission/laws-regulations/regulation-fiduciaries-administration-businesses-and-company-directors-etc

**The Protection of Investors (Bailiwick of Guernsey) Law, 1987 (as amended)**

If virtual assets are considered "investments" or if an entity is providing "investment business" (e.g., advising on, dealing in, managing investments) in relation to virtual assets, then this law would apply, requiring licensing and adherence to investor protection rules.

**GFSC Guidance for Virtual Asset Service Providers (VASPs)**

The GFSC has issued specific guidance to help entities understand their obligations, particularly concerning AML/CFT requirements, when operating as a VASP.

**URL (often integrated into general AML guidance, or specific policy statements on DLT):** While a single standalone "VASP Guidance" document might evolve, the core principles are enshrined in the AML Handbook and policy statements on DLT. GFSC publishes news and policy updates on DLT, for example: https://www.gfsc.gg/news/gfsc-revises-its-policy-statement-regulation-distributed-ledger-technology-dlt

**Not Banned:** Guernsey does not ban crypto trading or the operation of crypto exchanges.

**Licensing Required for Regulated Activities:**

**Exchanges:** If an entity operates an exchange that facilitates trading in virtual assets, it will likely be subject to GFSC regulation, especially if it offers services that fall under the scope of existing financial services laws (e.g., acting as a broker, custodian, or providing investment advice).

**AML/CFT Obligations:** All entities acting as Virtual Asset Service Providers (VASPs), which include crypto exchanges, custodians, and firms engaged in virtual asset transfers, are subject to robust AML/CFT requirements as outlined in the Proceeds of Crime Law and the Terrorist Financing Law, and detailed in the GFSC Handbook. This includes customer due diligence (CDD), ongoing monitoring, record-keeping, and suspicious activity reporting.

**Custody Services:** Businesses offering custodial services for virtual assets are generally viewed as performing a regulated activity and would typically require licensing under the Fiduciaries Law, or potentially the Protection of Investors Law depending on the precise nature of the service.

**Innovation Hub:** Guernsey positions itself as a place where DLT and virtual asset businesses can establish and grow, provided they operate within a clearly defined and regulated framework. Early engagement with the GFSC is encouraged for innovative propositions.

**Adopted:** Yes, the FATF Travel Rule requirements for virtual assets and VASPs have been incorporated into Guernsey's AML/CFT regulatory framework.

**Effective Date:** The regulatory framework for VASPs, including the principles of the Travel Rule, became effective from **31 January 2021** when the GFSC updated its AML/CFT Handbook to extend its scope to VASPs. Subsequent updates and revisions to the Handbook have further refined and clarified the requirements to ensure full alignment with FATF guidance. The latest Handbook reflects the current operational requirements.

Guernsey largely aligns with the FATF's recommended thresholds. VASPs must obtain and transmit required originator and beneficiary information for virtual asset transfers where the value is equal to or exceeds **€1,000 / £1,000**.

For transfers below this threshold, VASPs are still required to collect and retain certain basic originator information (e.g., name and account number) but are not necessarily required to transmit full beneficiary information, subject to their risk assessment.

Exchanging between virtual assets and fiat currencies.

Exchanging between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

**Collect Required Information:** For transfers exceeding the threshold, VASPs must obtain accurate and complete originator information (name, account number, physical address, unique identification number/date and place of birth, if a natural person; or registration number/principal place of business, if a legal entity) and beneficiary information (name, account number).

**Transmit Information:** This information must be securely transmitted to the beneficiary VASP immediately and securely with the virtual asset transfer, or as close to the transfer as technologically feasible.

**Verify Information:** VASPs are expected to take reasonable steps to verify the identity of their customers (originators and beneficiaries, where applicable).

**Secure Data Handling:** Implement robust data protection and security measures to safeguard the collected information in transit and at rest.

**Record Keeping:** Maintain records of all required information and transactions for at least five years.

**Risk-Based Approach:** Apply a risk-based approach to identify, assess, and mitigate money laundering and terrorist financing risks, which may involve enhanced due diligence for higher-risk transfers or parties.

**Interoperability:** While no specific technology is mandated, VASPs are expected to adopt solutions that enable them to exchange the required information with other VASPs, implying the use of compatible Travel Rule messaging protocols (e.g., TRISA, OpenVASP, IVMS 101).

**Administrative Fines:** Substantial monetary penalties levied by the GFSC.

**Public Censure:** The GFSC can issue public statements detailing regulatory breaches.

**License Suspension or Revocation:** The VASP's license to operate in Guernsey can be suspended or permanently revoked.

**Disqualification:** Individuals found responsible for serious breaches may be disqualified from holding management positions within regulated entities.

**Criminal Prosecution:** In severe cases involving willful non-compliance or facilitating financial crime, individuals may face criminal charges, leading to imprisonment.

**The Money Laundering (Bailiwick of Guernsey) Law, 2007 (as amended):** This is the overarching legislative framework for AML/CFT in Guernsey.

**URL:** https://www.guernseylegalresources.gg/ccm/legal-resources/money-laundering/money-laundering-bailiwick-of-guernsey-law-2007.en (Note: Always check the Guernsey Legal Resources site for the latest consolidated version of the law).

**GFSC AML/CFT Handbook Page:** https://www.gfsc.gg/regulation/anti-money-laundering-and-combating-terrorist-financing/amlcft-handbook

(As of my last update, a direct link to the latest PDF might look something like this, but this link *will change* with updates: `https://www.gfsc.gg/sites/default/files/2023-11/Handbook%20for%20Financial%20Services%20Businesses%20on%20Countering%20Financial%20Crime%20and%20Terrorist%20Financing%20%28October%202023%20update%29.pdf`) - **Always navigate via the main GFSC page to ensure you have the most current version.**