Jamaica -- AML/CFT Compliance Regulatory Overview

**No specific, standalone "crypto custody license" currently exists.**

**Existing Frameworks & Future Licensing:**

**FinTech Regulatory Sandbox:** The Bank of Jamaica (BOJ) has established a FinTech Regulatory Sandbox which allows innovative financial services, including those involving digital assets (and potentially custody), to be tested under regulatory supervision for a limited period. Firms operating within the sandbox may receive temporary exemptions or waivers from certain regulatory requirements, allowing them to iterate and gain insights. Successful participants may then transition to a full regulatory regime once developed.

**Reference:** Bank of Jamaica - FinTech Regulatory Sandbox Framework

**Existing Financial Services Licenses:** Entities providing custody services that fall under the existing definitions of regulated activities (e.g., trust services, securities custody) might be required to obtain licenses from the FSC or BOJ under their respective mandates. However, the application of these traditional licenses to novel digital asset custody models is often ambiguous.

**Future VASP Licensing:** Jamaica is expected to introduce specific licensing requirements for Virtual Asset Service Providers (VASPs) in line with FATF recommendations. Under FATF definitions, "safeguarding or administering virtual assets or instruments enabling control over virtual assets" is a VASP activity. Therefore, a future VASP licensing regime will likely encompass dedicated requirements for digital asset custodians.

**No explicit, dedicated rules for digital asset segregation:** There are no specific regulations exclusively mandating the segregation of client digital assets for crypto custodians.

**General Financial Principles:** However, the principle of client asset segregation is a fundamental pillar of sound financial practice for regulated entities in Jamaica (e.g., banks, trust companies, securities brokers). Any firm operating under a BOJ or FSC license, or within the FinTech Sandbox, would be expected to demonstrate robust operational controls, including the segregation of client funds/assets from proprietary assets, to mitigate risks like commingling, insolvency, and fraud. This would be assessed as part of their operational risk management framework.

**No explicit requirements for digital asset custodians:** There are no specific regulations mandating insurance or bonding for digital asset custody providers.

**Best Practice & Future Consideration:** In a highly volatile and high-risk environment like digital assets, robust insurance (e.g., crime insurance, cyber insurance, professional indemnity) and/or bonding is considered a best practice by institutional custodians globally. It is highly probable that any future comprehensive VASP regulatory framework would consider requiring such protections.

**No explicit regulatory mandate for cold storage:** Jamaican regulations do not currently explicitly mandate the use of cold storage for digital assets held in custody.

**Industry Best Practice & Security Assessment:** Like insurance, the use of cold storage (offline storage) is an industry-standard best practice for securing a significant portion of digital assets to mitigate the risk of cyber theft. Any entity seeking to operate a digital asset custody service, especially within the BOJ's FinTech Sandbox, would be expected to demonstrate robust cybersecurity measures, which would almost certainly include the strategic use of cold storage and multi-signature technologies for asset protection. This falls under general operational security and risk management.

**No specific definition for a "Qualified Custodian" in the digital asset context.**

**Implied Qualification:** In the absence of a specific definition, a "qualified custodian" would generally be interpreted as an entity that is appropriately licensed and regulated by a relevant authority (e.g., BOJ for banking/payment services, FSC for securities or trust services) to hold assets on behalf of others, or an entity that has been approved to operate in the FinTech Sandbox for such activities. The intent is to ensure that assets are held by a reputable and supervised entity.

**Development of VASP Framework:** Jamaica is actively working towards establishing a comprehensive regulatory framework for Virtual Asset Service Providers (VASPs). Both the Bank of Jamaica and the Financial Services Commission have acknowledged the need for specific legislation to regulate the burgeoning digital asset space.

**FATF Influence:** As a member of the CFATF, Jamaica is committed to implementing FATF Recommendations, which require the regulation and supervision of VASPs, including those involved in virtual asset custody. This commitment strongly suggests that future legislation will define VASPs, require their licensing, and set out specific rules for their operation, which *will* cover custody services.

**Ongoing Consultation:** The BOJ and FSC have engaged in discussions and consultations regarding the future of digital asset regulation, which will likely lead to amendments to existing legislation or the introduction of new acts to address virtual assets comprehensively. While a specific "custody bill" may not be publicly identified, the broader VASP legislation is expected to address all aspects of VASP activities, including custody.

**Proceeds of Crime Act (POCA):** This is the foundational legislation for anti-money laundering.

**Terrorism Prevention Act (TPA):** This addresses the financing of terrorism and the implementation of UN Security Council resolutions related to terrorism.

**Bank of Jamaica (BOJ) Guidance Note on Virtual Asset Service Providers (VASPs) for Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Purposes:** This is the most crucial document specifically addressing VASPs' obligations.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

**Risk-Based Approach:** VASPs must conduct comprehensive risk assessments of their business, customers, products, services, and geographic exposure.

**Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD):** Implementing robust KYC procedures, verifying customer identities, understanding the nature of their business, and conducting ongoing monitoring. EDD is required for higher-risk customers and transactions.

**Transaction Monitoring:** Monitoring transactions for suspicious patterns, unusual activities, and attempting to identify the source and destination of funds/virtual assets.

**Record-Keeping:** Maintaining records of customer identification data and transaction details for at least five years.

**Internal Controls and Training:** Developing and implementing internal AML/CFT policies, procedures, and controls, and providing ongoing training to staff.

**Reporting Obligations:** Reporting suspicious transactions (STRs) and suspicious activities (SARs) to the Financial Investigations Division (FID).

"**Screen their customers and transactions against relevant national and international sanctions lists.**" (Section 5.1.3(d) of the BOJ Guidance Note).

"**Implement a robust sanctions screening programme** to ensure that they are not dealing with sanctioned individuals, entities, or jurisdictions." (Implied through the overall risk-based approach and general financial sector obligations).

**Bank of Jamaica Guidance Note on Virtual Asset Service Providers (VASPs) for Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Purposes (Revised June 2021):**

(Example search link for legal acts: https://moj.gov.jm/laws/)

Similar to POCA, available through government legal portals.

**UN Sanctions Lists:** As a member state of the United Nations, Jamaica is legally obligated to implement sanctions imposed by the UN Security Council. These typically target individuals, entities, and groups involved in terrorism, proliferation of weapons of mass destruction, and other threats to international peace and security.

**UN Security Council Consolidated List:**

**OFAC Sanctions Lists (U.S. Department of the Treasury's Office of Foreign Assets Control):** While OFAC sanctions primarily apply to U.S. persons (citizens, residents, companies, or those conducting business in or with the U.S.), their extraterritorial reach and the interconnectedness of the global financial system mean that Jamaican VASPs effectively *must* screen against OFAC lists. This is a practical necessity to maintain correspondent banking relationships, access U.S. dollar clearing, and avoid being cut off from major financial markets.

**Specially Designated Nationals (SDN) and Blocked Persons List:**

Other OFAC lists (e.g., Sectoral Sanctions Identifications List) are also relevant depending on the nature of the transaction.

**EU Sanctions Lists (European Union):** Similar to OFAC, while EU sanctions directly apply to EU persons and entities, global financial institutions and VASPs often screen against EU lists (e.g., the Consolidated Financial Sanctions List) as a best practice to mitigate risk and ensure compliance with international financial partners.

**EU Consolidated Financial Sanctions List:**

**Country-Specific Sanctions Lists:** Jamaica does not maintain its own *independent* international sanctions list targeting specific countries or entities beyond its implementation of UN sanctions. Any "country-specific" restrictions would stem from its adoption of UN resolutions and the practical necessity to comply with major international regimes like OFAC and EU.

**High-Risk Jurisdictions:** Countries identified by the FATF or other credible sources as having strategic AML/CFT deficiencies (e.g., those on the FATF "grey list" or "black list").

**Sanctioned Jurisdictions:** Countries subject to comprehensive sanctions regimes (e.g., Iran, North Korea, Cuba, Syria, parts of Ukraine/Russia under specific sanctions) by the UN, OFAC, or EU.

**Jurisdictions known for illicit activities:** Countries with a high prevalence of cybercrime, fraud, or other financial crimes.

**Fines:** Significant monetary penalties for both individuals and corporate entities.

**Imprisonment:** Individuals found guilty of money laundering or terrorist financing offenses, or aiding and abetting such activities, can face substantial prison sentences.

**Asset Forfeiture:** Proceeds of crime and assets used in criminal activities can be seized and forfeited.

**Regulatory Sanctions:** The Bank of Jamaica (for regulated entities) or the Financial Services Commission (FSC) can impose administrative penalties, issue directives, restrict operations, or revoke licenses of non-compliant VASPs.

**Reputational Damage:** Non-compliance can lead to severe reputational harm, loss of business, and de-risking by correspondent banks and other financial partners.

**Bank of Jamaica (BOJ):** The central bank, which issues the AML/CFT guidance for VASPs.

**Financial Investigations Division (FID):** The national agency responsible for receiving, analyzing, and disseminating financial intelligence (e.g., STRs/SARs) to law enforcement and other relevant agencies.

**Financial Services Commission (FSC):** Regulates non-deposit-taking financial institutions. While the BOJ leads on VASP guidance currently, the FSC may have a role for certain types of VASPs or related financial services.

**No Legal Tender Status for Private Crypto:** The Bank of Jamaica (BOJ) has consistently stated that private cryptocurrencies are not legal tender in Jamaica.

**AML/CFT Focus:** Virtual Asset Service Providers (VASPs) are expected to comply with existing AML/CFT laws, though a specific VASP licensing regime is not yet fully defined or implemented beyond these general obligations.

**Consumer Protection:** Regulatory bodies issue warnings about the risks associated with private cryptocurrencies, including volatility, scams, and lack of recourse.

**CBDC Adoption:** Active development and rollout of JAM-DEX, which *is* legal tender.

**Role:** The central bank is the primary regulator for financial institutions, payment systems, and monetary policy. It has been at the forefront of warning the public about the risks of private cryptocurrencies and leading the development of JAM-DEX. Its remit covers the legal tender status and broad financial system stability.

**Role:** Regulates non-deposit-taking financial institutions (securities, insurance, pensions). Virtual assets that qualify as "securities" or investment instruments could fall under the FSC's jurisdiction, though specific guidelines for such classification in the crypto space are still emerging.

**Role:** The lead agency for investigating financial crimes, including money laundering and terrorist financing. The FID plays a crucial role in enforcing the Proceeds of Crime Act (POCA) for any entity (including VASPs) involved in financial transactions.

**Proceeds of Crime Act (POCA), 2007 (as amended)**

**Relevance:** This is the primary legislation addressing Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT). Virtual Asset Service Providers (VASPs) are expected to comply with POCA, particularly its provisions requiring reporting of suspicious transactions and implementing KYC/CDD measures, even without specific VASP licensing legislation.

**Date:** Original Act 2007, with subsequent amendments.

**Bank of Jamaica Act (as amended, particularly the Amendment Act of 2022)**

**Relevance:** This foundational act for the BOJ was amended to formally establish JAM-DEX as legal tender. While it specifically enables the CBDC, it also solidifies the BOJ's authority over currency issuance and implicitly differentiates official digital currency from private cryptocurrencies.

**Date:** The **Bank of Jamaica (Amendment) Act, 2022** was passed to give JAM-DEX legal tender status.

BOJ Press Release on JAM-DEX Legal Tender: https://www.boj.org.jm/jamaicas-central-bank-digital-currency-jam-dex-becomes-legal-tender/

The actual Act would be found in the Jamaica Gazette.

**Guidance Notes/Statements from BOJ and FID:**

While not primary legislation, regulatory guidance from the BOJ (e.g., on risks, or expected AML/CFT compliance for financial entities potentially dealing with crypto) and the FID are crucial for understanding current expectations.

**No Endorsement as Legal Tender:** The Bank of Jamaica has repeatedly warned that private cryptocurrencies are **not legal tender** in Jamaica. This means they are not generally accepted as a medium of exchange for goods and services or for the settlement of debts by law.

**Risk Warnings:** The BOJ issues frequent warnings to the public about the inherent risks of trading and investing in private cryptocurrencies, including price volatility, cybersecurity risks, fraud, and the lack of regulatory recourse.

**Reference:** BOJ statements and advisories often feature on their news page. For example, search for "cryptocurrency advisory" on their site.

**AML/CFT Obligations for VASPs:** While a specific licensing regime for Virtual Asset Service Providers (VASPs) (like crypto exchanges or custodial wallet providers) for *private* cryptocurrencies has not been fully established, any entity operating in this space is expected to comply with the existing AML/CFT framework under the **Proceeds of Crime Act (POCA)**. This includes implementing robust Know Your Customer (KYC) and Customer Due Diligence (CDD) procedures and reporting suspicious transactions to the FID.

**Unregulated Market:** Without a dedicated licensing and supervisory framework for private crypto exchanges, the market for private cryptocurrency trading operates in a largely unregulated space, subject only to general financial crime laws. This means there's a higher degree of risk for both operators and users.

**JAM-DEX (CBDC) - A Different Category:** Trading of the BOJ's CBDC, JAM-DEX, is a regulated activity. It is issued by the BOJ, distributed by deposit-taking institutions (banks and payment service providers), and is legal tender. This is fundamentally different from the unregulated market for private cryptocurrencies.