Laos -- AML/CFT Compliance Regulatory Overview

Laos has been actively developing its regulatory framework for virtual assets (VAs) and virtual asset service providers (VASPs), moving from an initial cautious stance to a more structured, albeit controlled, approach. The regulatory landscape is evolving, with the Bank of Lao PDR (BOL) playing a central role.

It's crucial to note that as of late 2023/early 2024, the operation of VASPs in Laos is primarily governed under a government-approved pilot program. This means that only specifically authorized entities are permitted to conduct virtual asset activities, and these entities are subject to stringent oversight and AML/KYC requirements.

Here's a breakdown of the AML/KYC requirements for authorized VASPs in Laos:

AML/CFT Legal Framework

The primary legal instruments governing AML/CFT in Laos, which extend to authorized VASPs, include:

1. Law on Anti-Money Laundering and Combating the Financing of Terrorism (Law No. 67/NA, dated 17 November 2022): This is the foundational AML/CFT law in Laos, superseding previous versions. It establishes the general obligations for reporting entities, including financial institutions, and covers key aspects of AML/CFT compliance.
2. Decree on the Implementation of the Law on Anti-Money Laundering and Combating the Financing of Terrorism (Decree No. 37/GOV, dated 10 February 2020): This decree provides detailed guidance and procedures for implementing the provisions of the AML/CFT Law.
3. Instruction on the Management and Supervision of Virtual Assets (Instruction No. 001/BOL, dated 28 January 2022): Issued by the Bank of Lao PDR, this instruction is highly specific to the pilot program for virtual assets. It outlines the regulatory framework, licensing requirements, and ongoing obligations (including AML/KYC) for entities authorized to engage in virtual asset activities (mining, trading platforms, exchanges, etc.). It designates authorized VASPs as reporting entities for AML/CFT purposes.

Customer Due Diligence (CDD) Requirements

Authorized VASPs in Laos are subject to comprehensive CDD obligations, consistent with international standards set by the Financial Action Task Force (FATF). These include:

• Identification and Verification:
  • Obtain and verify the identity of the customer (individual or legal entity) using reliable, independent source documents, data, or information. For individuals, this includes full name, date of birth, nationality, residential address, and official identification document details (e.g., passport, national ID card).
  • For legal entities, this includes legal name, registered address, registration number, articles of association, and details of directors/senior management.
• Beneficial Ownership: Identify and take reasonable measures to verify the identity of the beneficial owner(s) of the customer, including for legal entities and arrangements.
• Purpose and Nature of Relationship: Understand and, where appropriate, obtain information on the purpose and intended nature of the business relationship or transaction.
• Ongoing Monitoring: Conduct ongoing monitoring of the business relationship, including scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions are consistent with the VASP's knowledge of the customer, their business, and risk profile.
• Risk-Based Approach: Apply a risk-based approach to CDD, meaning enhanced due diligence (EDD) must be applied to higher-risk customers, business relationships, or transactions (e.g., politically exposed persons (PEPs), customers from high-risk jurisdictions, complex or unusual transactions, or transactions involving high-value virtual assets). Simplified due diligence (SDD) may be applied in lower-risk situations.
• "Travel Rule" (FATF Recommendation 16): While specific detailed local regulations on the "Travel Rule" for VASPs may be further developed, authorized VASPs are generally expected to collect and transmit required originator and beneficiary information for virtual asset transfers above a certain threshold, in line with FATF recommendations, especially when transacting with other VASPs.

Suspicious Transaction Reporting (STR)

Authorized VASPs have a legal obligation to report suspicious transactions to the Financial Intelligence Unit (FIU) of Laos:

• Reporting Obligation: Any transaction (regardless of amount) that the VASP knows, suspects, or has reasonable grounds to suspect involves money laundering, financing of terrorism, or other illicit activities, must be reported.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or third parties that a suspicious transaction report has been or will be submitted.
• Timeliness: Reports must be submitted to the FIU promptly, as soon as the suspicion is formed.

Record-Keeping Obligations

VASPs are required to maintain comprehensive records for a specified period:

• Customer Identification Records: All documents and information obtained during the CDD process, including copies of identification documents, beneficial ownership information, and risk assessments.
• Transaction Records: Records of all transactions, including the amount, currency (both fiat and virtual asset), date, type of transaction, and the parties involved (originator and beneficiary information).
• STR Records: Copies of all suspicious transaction reports submitted to the FIU and any internal analysis leading to those reports.
• Retention Period: Records must generally be kept for a minimum of five (5) years after the business relationship has ended or after the date of the transaction.

Oversight and Enforcement Authority

The primary authority overseeing compliance for authorized VASPs in Laos is:

• Bank of Lao PDR (BOL): The BOL is the central bank and the primary financial regulator in Laos. It is responsible for issuing licenses/authorizations for VASPs under the pilot program, developing specific regulations (like Instruction No. 001/BOL), and conducting ongoing supervision and examinations to ensure compliance with AML/CFT and other prudential requirements.

  • URL: https://www.bol.gov.la/

• Financial Intelligence Unit (FIU) of Laos: Operating under the Bank of Lao PDR, the FIU is the central agency for receiving, analyzing, and disseminating suspicious transaction reports to law enforcement agencies.

  • The FIU's information is integrated within the BOL structure.

Important Note: The regulatory environment for virtual assets in Laos is still developing and subject to change. The pilot program allows the government to assess and refine its approach. Any entity planning to operate as a VASP in Laos must seek explicit authorization from the Bank of Lao PDR and adhere strictly to all current and future regulations. It is highly recommended to consult with legal and compliance professionals specializing in Lao financial regulations.