Guyana -- AML/CFT Compliance Regulatory Overview

**Financial Intelligence Unit (FIU) of Guyana**

**Anti-Money Laundering and Countering the Financing of Terrorism Act 2009 (as amended)** (AMLCFTA). This Act, enforced by the Financial Intelligence Unit (FIU) Guyana, serves as the cornerstone for financial institutions and designated non-financial businesses and professions (DNFBPs), which now explicitly include VASPs.

This is the principal Act establishing the AML/CFT framework.

This amendment, along with others, updated the original Act to address evolving FATF standards and typically broadened the scope of "reporting entities" or "financial institutions" to include new types of services, implicitly or explicitly bringing VASPs under its ambit.

These regulations provide detailed rules and procedures for implementing the provisions of the AML/CFT Act.

**Various FIU Guidance Notes:** The FIU often issues specific guidance notes, advisories, and directives to reporting entities, including those relevant to virtual assets, to clarify obligations.

For individuals: Name, address, date of birth, national identification number (e.g., National ID card, passport number), and obtaining a copy of the verifying document.

For legal entities (companies, trusts, etc.): Name, legal form, address, names of directors/partners, proof of incorporation/establishment, and details of the registered office.

**Verifying the Customer's Identity:** Using reliable, independent source documents, data, or information. This often involves comparing documents against official databases or using digital verification tools.

**Identifying and Verifying the Beneficial Owner:** Determining the natural person(s) who ultimately own or control the customer, or on whose behalf a transaction is being conducted.

The concept of 'understanding the purpose and intended nature of the business relationship' in Guyana's AML/KYC framework has been significantly altered by the rapid automation of due diligence through AI-driven seismic analysis and the heightened sovereign risk from the Venezuela border dispute, changing how business relationships are assessed.

**Ongoing Monitoring:** Continuously scrutinizing transactions made throughout the course of the relationship to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

**Enhanced Due Diligence (EDD):** Applying more stringent measures for higher-risk situations, such as:

Customers with complex or opaque ownership structures.

Politically Exposed Persons (PEPs) and their family members/close associates.

Customers from high-risk geographic locations (e.g., countries subject to FATF countermeasures or known for high corruption/crime rates).

Transactions involving high amounts or unusual patterns.

New and complex technologies (like certain virtual assets) where anonymity concerns are higher.

**"Travel Rule" (FATF Recommendation 16):** While specific domestic legislation implementing the travel rule for VASPs might still be evolving, FATF standards require VASPs to obtain, hold, and transmit originator and beneficiary information for virtual asset transfers above a certain threshold (typically equivalent to USD/EUR 1,000). VASPs in Guyana should be preparing for or already implementing this where feasible, especially for cross-border transactions.

**Screening for Sanctions:** Customers and transactions must be screened against national and international sanctions lists (e.g., UN Security Council sanctions, OFAC sanctions).

**Obligation to Report:** VASPs are legally obligated to report any suspicious transaction or activity to the FIU, regardless of the amount. A transaction is suspicious if the VASP has reasonable grounds to suspect that it may be related to money laundering or terrorist financing, or if it deviates from the client's usual activity or financial profile.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a report has been or will be made to the FIU (i.e., "tipping-off").

**Timing:** Reports must be made promptly, usually within a few working days of forming the suspicion.

**Customer Identification Records:** Copies of identification documents, verification data, beneficial ownership information.

**Transaction Records:** All details of virtual asset transactions, including dates, amounts, types of virtual assets, wallets/addresses involved, and any associated messages.

**Business Correspondence:** Relevant internal and external communications.

**STRs and Internal Reports:** Copies of all suspicious transaction reports submitted to the FIU and any internal reports or analyses leading to such reports.

**Retention Period:** Records must generally be kept for a minimum of **seven (7) years** following the completion of a transaction or the termination of a business relationship.

**Internal Controls:** Development and implementation of internal policies, procedures, and controls to mitigate ML/TF risks. This includes a robust compliance framework.

**Appointment of a Compliance Officer:** Designating a senior staff member with sufficient authority and resources to be responsible for overseeing AML/CFT compliance.

**Employee Training:** Providing ongoing training to relevant employees on AML/CFT laws, regulations, internal policies, and how to identify and report suspicious activities.

**Independent Audit:** Conducting independent reviews of the VASP's AML/CFT program to assess its effectiveness.

**Payment Systems Regulation:** The **National Payment System Act 2018** (NPSA 2018) gives the Bank of Guyana (BOG) the mandate to regulate payment systems and service providers. While not explicitly designed for crypto custody, any entity offering crypto-related services that resemble payment services (e.g., transfers, exchange for fiat) could potentially fall under the BOG's purview. The NPSA 2018 defines "virtual asset" and "virtual asset service provider" (VASP), bringing them within the scope of potential regulation, but it does not specify custody rules.

**Anti-Money Laundering/Counter-Terrorism Financing (AML/CFT):** The **Prevention of Money Laundering and Terrorist Financing Act** (PMLTFA) and related regulations, overseen by the Financial Intelligence Unit (FIU) of Guyana, extend to "virtual asset service providers." This means VASPs, including those that might custody assets as part of their services, are subject to AML/CFT obligations such as Know Your Customer (KYC), suspicious transaction reporting, and record-keeping.

**No specific "crypto custody license" exists.**

However, if a firm's activities involve operating a "payment system" or providing "payment services" using virtual assets, it *may* be required to obtain a license or authorization from the **Bank of Guyana** under the **National Payment System Act 2018**. The Act grants the BOG broad powers to oversee and regulate payment systems and related service providers.

**National Payment System Act 2018, No. 16 of 2018.** (While an official government website link for the full text can be elusive, legal databases often host it. It can typically be found via search on the Parliament of Guyana's website or Attorney General's Chambers publications, though direct stable URLs are hard to provide for all legislation.) A good starting point for official documents is often the Parliament of Guyana website: https://parliament.gov.gy/ or searching for "Guyana Laws Online."

**Bank of Guyana Official Website:** https://www.bankofguyana.org.gy/ (for general regulatory information and any future updates).

**Segregation of Client Assets Rules:**

**No specific rules identified** for the segregation of client digital assets from proprietary assets of the custodian. This level of detail is typically found in dedicated custody or securities legislation, which Guyana has not yet enacted for digital assets.

General principles of good corporate governance and financial integrity might encourage such practices, but they are not mandated by specific crypto custody regulations.

**No specific insurance or bonding requirements identified** for digital asset custodians.

Financial institutions regulated under traditional banking or financial services laws in Guyana are subject to various capital and reserve requirements, but these have not been specifically extended to cover the unique risks of digital asset custody.

**No specific mandates identified** regarding the use of cold storage (offline storage) for digital assets.

Best practices within the digital asset industry strongly recommend cold storage for a significant portion of assets to mitigate cybersecurity risks, but this is not a regulatory mandate in Guyana.

**No specific definition of a "qualified custodian" for digital assets exists.**

The concept of a qualified custodian is typically linked to robust regulatory frameworks (e.g., the U.S. Securities and Exchange Commission's custody rule) that designate specific types of regulated financial institutions as eligible to hold client assets. Guyana has not developed such a designation for virtual assets.

As of the latest available information, there is **no publicly known specific pending legislation dedicated to digital asset custody** in Guyana.

However, the global trend, driven by FATF recommendations and the increasing adoption of digital assets, suggests that Guyana (like many other nations) will likely continue to develop its regulatory framework for virtual assets. This could eventually include more specific rules for custody, but it is not currently at a legislative proposal stage that is publicly accessible.

The **Bank of Guyana** and the **FIU** are actively involved in monitoring developments and implementing FATF standards. Future legislative efforts would likely originate from these bodies.

**Financial Intelligence Unit (FIU) Guyana:** http://fiu.gov.gy/

**VASP Definition:** VASPs are defined in line with FATF standards, including exchanges, custodians, transfer services, and initial coin offering (ICO) facilitators. They are typically considered "financial institutions" or a new category of "reporting entities" under the amended AMLCFTA.

**Risk-Based Approach:** VASPs must adopt a risk-based approach to AML/CFT, assessing and mitigating risks associated with their customers, products, services, delivery channels, and geographic areas of operation.

**Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):**

Identifying and verifying the identity of customers (including beneficial owners).

Understanding the purpose and intended nature of the business relationship.

Applying EDD for high-risk customers, relationships, or transactions (e.g., politically exposed persons, complex transactions, transactions involving high-risk jurisdictions).

**Sanctions Screening:** A critical component of CDD and ongoing monitoring is screening customers, beneficial owners, and transactions against relevant sanctions lists.

**Transaction Monitoring:** Implementing systems to monitor transactions for unusual or suspicious patterns.

**Suspicious Transaction Reports (STRs)/Suspicious Activity Reports (SARs):** Mandatory reporting to the FIU of any suspicious activity, including potential money laundering, terrorist financing, or sanctions evasion attempts.

**Asset Freezing Reports:** Immediate reporting to the FIU and relevant authorities upon identifying a match with a sanctioned individual or entity, and promptly freezing the assets.

**Record-Keeping:** Maintaining all necessary records of customer identification, transactions, and suspicious activity reports for a prescribed period (typically 5-7 years).

**Internal Controls:** Developing and implementing robust internal AML/CFT policies, procedures, and controls, including a designated Compliance Officer, independent audit functions, and ongoing employee training.

**Compliance Requirement:** As a UN member state, Guyana is obligated to implement sanctions resolutions adopted by the UN Security Council. These resolutions impose financial sanctions, travel bans, and arms embargoes on individuals, entities, and countries involved in terrorism, proliferation of weapons of mass destruction, and other threats to international peace and security.

**Mechanism:** The AMLCFTA and related regulations empower Guyanese authorities (e.g., Minister of Finance, FIU) to freeze assets and prohibit transactions with individuals and entities listed by the UN Security Council (e.g., ISIL (Da'esh) & Al-Qaeda Sanctions List, DPRK Sanctions List, Iran Sanctions List, etc.).

**VASP Obligation:** VASPs *must* screen all customers and transactions against the **UNSC Consolidated Sanctions List** and immediately freeze any virtual assets belonging to or controlled by sanctioned parties, reporting the freezing action to the FIU.

**Legal Reference:** While specific regulations may vary, the *Anti-Money Laundering and Countering the Financing of Terrorism Act 2009 (as amended)* provides the framework for implementing these obligations. The UN Security Council website provides the lists:

UN Security Council Sanctions Committees

**Compliance Requirement:** While OFAC sanctions are extraterritorial U.S. laws, any Guyanese VASP that conducts transactions involving U.S. persons (citizens, residents, entities), uses U.S. dollar clearing, or operates with a U.S. nexus (e.g., servers, payment processors) is indirectly but *effectively* subject to OFAC sanctions. Many global financial institutions require their partners to comply with OFAC.

**VASP Obligation:** To avoid severe penalties, reputational damage, and loss of access to the global financial system, Guyanese VASPs are strongly advised, as a best practice, to screen customers and transactions against **OFAC's Specially Designated Nationals (SDN) and Blocked Persons List** and other OFAC sanctions lists (e.g., for specific countries like Cuba, Iran, North Korea, Syria, Venezuela, Russia/Ukraine-related).

**Legal Reference:** While no Guyanese law directly mandates OFAC compliance, the practical necessities for international financial interaction make it a de facto requirement.

OFAC Sanctions Programs and Country Information

**Compliance Requirement:** Similar to OFAC, EU sanctions have extraterritorial implications. Any Guyanese VASP dealing with EU persons, entities, or utilizing euro-denominated services will be subject to EU sanctions implicitly.

**VASP Obligation:** VASPs should, as a best practice, screen against the **EU Consolidated List of persons, groups, and entities subject to EU financial sanctions**.

**Legal Reference:** Like OFAC, no direct Guyanese legal mandate, but essential for international operations.

The UN Security Council Consolidated Sanctions List.

OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, and other relevant OFAC sanctions lists.

The EU Consolidated List of persons, groups, and entities subject to EU financial sanctions.

Any domestic lists of designated terrorists or sanctioned entities published by the Guyanese government or FIU (though these usually align with or are derived from UN lists).

On an ongoing basis for existing customers.

In real-time for transactions, especially high-value or cross-border ones.

**Prohibition or extreme caution:** VASPs must not facilitate transactions with, or provide services to, individuals or entities in comprehensively sanctioned jurisdictions (e.g., North Korea, Iran, specific regions in Syria, Cuba, Venezuela depending on the sanctions program) as designated by the UN, OFAC, and EU.

**Enhanced Due Diligence (EDD):** For transactions or customers linked to other high-risk jurisdictions, VASPs must apply EDD and heightened scrutiny as part of their risk-based approach. The FATF and CFATF regularly issue statements identifying jurisdictions with strategic AML/CFT deficiencies.

**Travel Rule:** For virtual asset transfers, VASPs are expected to implement the FATF's "Travel Rule," which requires originating and beneficiary VASP information to be collected and exchanged for transactions above a certain threshold, enhancing the ability to identify cross-border sanctions evasion.

**Financial Penalties:** Substantial fines for both institutions and individuals.

**Imprisonment:** Individuals found guilty of serious breaches (e.g., facilitating money laundering, terrorist financing, or knowingly evading sanctions) can face significant terms of imprisonment.

**Revocation of Licenses/Registration:** VASPs or financial institutions could lose their operating licenses or registrations.

**Reputational Damage:** Significant harm to the entity's reputation, making it difficult to operate locally or internationally.

**Loss of Correspondent Banking Relationships:** Banks and other financial institutions may cease relationships with non-compliant VASPs, effectively cutting them off from traditional finance.

**Legal Reference:** The AMLCFTA itself would detail these penalties. Access to the most recent consolidated version of the Act would be required for specifics. Often available through the Attorney General's Chambers or the Parliament of Guyana website.

**Implement UN Sanctions:** Domestically enforce the UNSC Consolidated Sanctions List and specific thematic sanctions lists.

**Adhere to International Best Practices:** Follow the guidance of FATF and CFATF, which emphasizes compliance with globally recognized sanctions lists (UN, OFAC, EU) for all financial activities, including virtual assets.

**Caribbean Financial Action Task Force (CFATF):** https://www.cfatf-fatf.org/ (for regional AML/CFT standards and mutual evaluation reports on Guyana)