Lesotho -- AML/CFT Compliance Regulatory Overview

**Money Laundering and Proceeds of Crime Act (MLPCA) 2008 (as amended):** This is the foundational legislation that defines money laundering offenses, establishes reporting obligations, and sets out the framework for combating financial crime. VASPs are expected to comply with the obligations outlined in this Act, particularly if they are classified as financial institutions or DNFBPs under its scope.

**Financial Intelligence Act 2011 (as amended):** This Act establishes the Financial Intelligence Unit (FIU) of Lesotho, defines its powers, and details the requirements for reporting suspicious transactions.

**For Individuals:** Obtaining and verifying name, residential address, date of birth, nationality, and a unique identification number (e.g., national ID, passport). Verification should be done using reliable, independent source documents or data.

**For Legal Entities:** Obtaining and verifying company name, legal form, proof of incorporation/registration, address of principal place of business, directors' names, and beneficial ownership information.

**Understanding the Nature of Business/Purpose of Relationship:** VASPs must understand the nature and purpose of the business relationship or occasional transaction.

**Ongoing Monitoring:** Continuously monitoring the business relationship, including scrutiny of transactions undertaken throughout the course of the relationship, to ensure that the transactions are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

**Source of Funds/Wealth:** Given the inherent risks of virtual assets, VASPs are expected to obtain information on the source of funds or source of wealth, especially for large transactions or high-risk customers.

**Enhanced Due Diligence (EDD):** Required for high-risk situations, which typically include:

Customers from high-risk geographic areas (as identified by FATF, national authorities, or the VASP's own risk assessment)

Transactions involving new technologies or products where the risks have not been fully assessed (which can include certain crypto activities).

**Simplified Due Diligence (SDD):** Permitted in strictly defined low-risk scenarios, but this is less common for VASP activities due to the inherent risks.

**Report Suspicious Transactions:** Report to the FIU any transaction (or attempted transaction) where they have reasonable grounds to suspect that it may involve the proceeds of criminal activity, or relates to money laundering or terrorist financing. This includes suspicious activities in virtual assets.

**No Tipping-Off:** Prohibit informing the customer or third parties that an STR has been made (no "tipping-off").

**Prompt Reporting:** Reports must be made promptly, usually within a few days of the suspicion arising.

**Customer Identification Data:** Copies of identity documents, verification records.

**Transaction Records:** All transaction data, including dates, amounts, types of virtual assets, originators, beneficiaries, and payment methods.

**Business Correspondence:** Relevant correspondence with customers regarding their transactions and relationships.

**Analysis of Complex/Unusual Transactions:** Records of the background and purpose of any complex, unusual large transactions, and all unusual patterns of transactions.

**Duration:** Records must typically be kept for a minimum period of **five (5) years** after the business relationship is terminated or after an occasional transaction is completed.

**Financial Intelligence Unit (FIU) of Lesotho:** The FIU is the central national agency responsible for receiving, analysing, and disseminating suspicious transaction reports. It also provides guidance and exercises oversight on AML/CFT compliance across various sectors, including those that might encompass VASPs.

**Central Bank of Lesotho Website:** https://www.centralbank.org.ls/

**Partial/Cautionary:** Lesotho does not have a comprehensive, dedicated legal framework for regulating cryptocurrencies or virtual assets. There is no explicit ban on owning or trading them, but neither is there a licensing regime for Virtual Asset Service Providers (VASPs) or exchanges.

**AML/CFT Focus:** The primary regulatory attention comes from the perspective of combating financial crime, aligning with international standards set by the Financial Action Task Force (FATF). This means that while crypto activities aren't explicitly regulated as financial services, they would be scrutinized for money laundering or terrorism financing risks.

**Public Warnings:** The central bank has issued warnings to the public regarding the risks associated with cryptocurrencies.

**Role:** The central bank and primary financial regulator. It is responsible for monetary policy, financial stability, and the oversight of traditional financial institutions. The BOL has issued public warnings about the risks of cryptocurrencies, emphasizing that they are not legal tender and are unregulated within Lesotho.

**Financial Intelligence Unit (FIU Lesotho):**

**Role:** Responsible for receiving, analyzing, and disseminating suspicious transaction reports to combat money laundering and the financing of terrorism. While there may not be specific crypto legislation, the FIU would likely interpret its mandate to cover financial flows involving virtual assets for AML/CFT purposes.

**Anti-Money Laundering and Combating of Financing of Terrorism Act, 2011 (as amended):**

**Date:** 2011 (with potential subsequent amendments).

**Relevance:** This is the foundational law for AML/CFT efforts in Lesotho. While it may not explicitly mention "virtual assets" in its original form, any financial activity that could facilitate money laundering or terrorism financing would fall under its purview. The FIU's powers derive from this Act, and they would be expected to monitor suspicious transactions involving cryptocurrencies as per international standards.

**URL (General Legislation Section):** The Act itself may not be directly linked as a PDF on public sites, but information regarding AML/CFT efforts and the FIU's mandate would be under the FIU's legislation section. https://www.fiulesotho.org.ls/legislation/

**Central Bank of Lesotho Act:**

**Relevance:** This Act establishes the powers and functions of the Bank of Lesotho, providing the legal basis for its role in maintaining financial stability and issuing warnings regarding unregulated financial activities.

**Relevance:** This Act governs the licensing and supervision of traditional financial institutions. While not directly applicable to crypto, some crypto-related businesses might offer services that could, by interpretation, overlap with aspects covered by this Act (e.g., money transmission), though this is largely untested in Lesotho.

**No Explicit Ban, No Licensing:** There is **no explicit ban** on individuals trading or holding cryptocurrencies. However, there is also **no specific regulatory framework or licensing requirement** for cryptocurrency exchanges or other Virtual Asset Service Providers (VASPs) to operate within Lesotho.

**Unregulated Market:** This means that entities facilitating crypto trading and exchanges operate in a largely **unregulated environment**. This lack of specific oversight means there are no formal consumer protection mechanisms, capital requirements, or specific operational guidelines for crypto businesses.

**Bank of Lesotho Warnings:** The Bank of Lesotho has consistently issued warnings to the public, advising caution due to:

The volatile nature of cryptocurrencies.

The absence of regulatory oversight and consumer protection.

Their non-legal tender status (meaning they are not recognized as official currency).

The potential for fraud and illicit activities.

**AML/CFT Scrutiny:** Any entity or individual involved in significant crypto transactions, particularly those crossing borders or involving large sums, would likely fall under the scrutiny of the FIU Lesotho for potential AML/CFT violations, as per the Anti-Money Laundering and Combating of Financing of Terrorism Act. They would be expected to report suspicious transactions, even if there isn't specific VASP regulation.

**Adopted:** Yes, Lesotho has adopted the FATF Travel Rule by amending its principal AML/CFT legislation to include virtual assets and VASPs. The **Money Laundering and Proceeds of Crime (Amendment) Act, 2022** effectively brought VASPs under the regulatory scope of financial institutions, subjecting them to the same AML/CFT obligations, including those related to wire transfers which encompass the Travel Rule.

The **Central Bank of Lesotho** is the primary regulator for financial institutions and is responsible for overseeing compliance.

**Effective Date:** The Money Laundering and Proceeds of Crime (Amendment) Act, 2022, was assented to on **14th July 2022**. This is the date from which the provisions relating to virtual assets and VASPs became law.

Lesotho's AML/CFT framework, as updated, generally requires financial institutions (now including VASPs) to conduct Customer Due Diligence (CDD) and collect originator and beneficiary information for transactions above specific thresholds.

While the specific "Travel Rule" threshold (e.g., USD/EUR 1,000 for cross-border transfers as per FATF guidance) may not be explicitly stated in the *Amendment Act itself* for VA transfers, the general requirements for "wire transfers" and "electronic funds transfers" apply.

**For identifying information and CDD:** The principal **Money Laundering and Proceeds of Crime Act, 2008** (and its amendments) generally sets thresholds for identification and verification for transactions exceeding **M20,000 (approximately USD 1,000 - 1,100 depending on exchange rates)** or equivalent in foreign currency. This threshold is typically applied for triggering enhanced CDD and transaction monitoring requirements.

It's generally understood that for cross-border virtual asset transfers, the **FATF-recommended threshold of USD/EUR 1,000** (or local currency equivalent) for the collection of originator and beneficiary information would apply implicitly, as VASPs are now treated akin to other financial institutions involved in fund transfers.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

The legislation mandates that VASPs, as reporting institutions, must establish and maintain systems and controls to comply with AML/CFT obligations, including those related to the Travel Rule. This includes:

**Collecting required information:** Originator (sender) and beneficiary (receiver) information for VA transfers.

**Storing information:** Securely retaining this information for a specified period (typically 5-7 years).

**Transmitting information:** Ensuring the required information travels with the virtual asset transfer, or is made available to the beneficiary VASP upon request.

**Risk assessment:** Developing and implementing a risk-based approach to identify, assess, and mitigate ML/TF risks.

**Reporting:** Reporting suspicious transactions to the Financial Intelligence Unit (FIU) of Lesotho.

The Act itself does not specify particular technological solutions (e.g., specific protocols or software). Instead, it sets the *requirement* for VASPs to have systems in place that enable them to meet these obligations. VASPs are expected to adopt technology solutions that facilitate the secure, efficient, and compliant exchange of information.

**Individuals:** Imprisonment for a term of up to **10 years** and/or substantial fines.

**Body Corporates (VASPs):** Significant monetary penalties, which can run into **millions of Maloti**, and can also lead to the revocation of licenses or operating permits.

Specific offences related to failure to report suspicious transactions, failure to keep records, or failure to implement proper AML/CFT controls carry their own set of penalties as outlined in the Act.

**Money Laundering and Proceeds of Crime (Amendment) Act, 2022:** While a direct official government gazette URL can be difficult to maintain, the Act's full text can often be found through legal databases or by searching "Lesotho Money Laundering and Proceeds of Crime (Amendment) Act, 2022 pdf".

**Money Laundering and Proceeds of Crime Act, 2008 (Principal Act):** This act forms the basis of Lesotho's AML/CFT framework.

**Central Bank of Lesotho:** As the regulator, the CBL's website would be the primary source for any implementing regulations or guidance related to VASPs.

**Central Bank of Lesotho Official Website:** https://www.centralbank.org.ls/