Palau -- AML/CFT Compliance Regulatory Overview

**Anti-Money Laundering and Countering the Financing of Terrorism Act of 2017 (AML/CFT Act 2017):** This is the overarching legislation that defines money laundering and terrorist financing offenses, establishes reporting obligations, and outlines customer due diligence requirements for financial institutions and DNFBPs. While it may not explicitly mention "virtual assets" in all its original definitions, the broad scope of "funds" or "property" and the country's commitment to FATF recommendations mean it's interpreted to cover virtual assets.

**Financial Intelligence Unit Act, 2014:** This Act establishes the Palau Financial Intelligence Unit (FIU) and outlines its powers and functions, including receiving and analyzing suspicious transaction reports.

**National Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) Policy of the Republic of Palau:** This policy document provides the overarching strategic framework for Palau's AML/CFT regime, emphasizing adherence to international standards.

Implementing **FATF Recommendation 15** (New Technologies) and its Interpretive Note, which mandates countries to regulate and supervise VASPs for AML/CFT purposes, including licensing or registration.

The **Digital Residency Act**, passed in 2023, while focused on digital ID, signals Palau's broader move into the digital economy, and often accompanies efforts to regulate digital assets.

**Identification and Verification of Customers:**

**Individuals:** Obtain and verify the customer's full legal name, date of birth, residential address, and national identification number or passport details. Verification usually involves reliable, independent source documents, data, or information.

**Legal Persons/Entities:** Obtain and verify the entity's legal name, legal form, proof of existence (e.g., certificate of incorporation), registered address, names of directors/partners, and proof of authority of persons acting on behalf of the entity.

**Beneficial Ownership Identification and Verification:**

Identify and take reasonable measures to verify the identity of the natural person(s) who ultimately own or control the customer, or the natural person(s) on whose behalf a transaction is being conducted. This typically refers to individuals holding 25% or more of the shares or voting rights, or otherwise exercising control.

**Purpose and Intended Nature of Business Relationship:**

Understand the purpose and intended nature of the business relationship or transaction (e.g., why the customer is using the VASP's services, what types of virtual assets they intend to transact).

Conduct ongoing monitoring of the business relationship, scrutinizing transactions undertaken throughout the course of the relationship to ensure that they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

Keep customer identification data up-to-date.

For higher-risk customers, business relationships, or transactions (e.g., Politically Exposed Persons (PEPs), customers from high-risk jurisdictions, complex or unusually large transactions, transactions involving new technologies and payment methods, or certain types of virtual asset transactions), VASPs must apply enhanced measures. This may include obtaining additional information on the customer, beneficial owner, source of funds/wealth, and increased ongoing monitoring.

**Risk-Based Approach to Virtual Asset Transactions:**

VASPs must assess the specific risks associated with different types of virtual assets, transaction volumes, counterparty wallets (e.g., known addresses linked to illicit activities), and the geographical locations involved.

**Reporting Threshold:** There is no minimum monetary threshold for reporting. Any transaction (or attempted transaction), regardless of amount, where the VASP has reasonable grounds to suspect it is linked to money laundering, terrorist financing, or other criminal activity, must be reported.

**Content of Report:** STRs must contain all relevant information, including the identity of the customer, details of the transaction, the grounds for suspicion, and any supporting documentation.

**No Tipping-Off:** VASPs and their employees are strictly prohibited from "tipping off" or disclosing to the customer or any third party that an STR is being or has been submitted.

**Protection for Reporters:** Employees who report suspicious transactions in good faith are protected from civil or criminal liability.

**Customer Records:** All records obtained through CDD procedures (identification documents, verification records, beneficial ownership information, business relationship purpose).

**Transaction Records:** Details of all transactions, including amounts, types of virtual assets, dates, and parties involved (including originating and beneficiary wallet addresses).

**Correspondences:** Records of any inquiries or communications related to CDD, risk assessments, or suspicious activities.

**Duration:** Typically, these records must be maintained for a minimum of **five (5) years** after the business relationship is terminated or after the date of the occasional transaction. Records must be easily accessible to the Palau FIU and other relevant authorities upon request.

**Palau Financial Intelligence Unit (FIU):** The FIU is responsible for receiving, analyzing, and disseminating financial intelligence related to suspected money laundering, terrorist financing, and other predicate offenses. It also plays a key role in providing guidance and monitoring compliance with AML/CFT obligations.

**Ministry of Finance:** Has overall responsibility for financial sector policy and oversight.

**Financial Institutions Commission (FIC):** While traditionally overseeing banks and other licensed financial institutions, as VASP regulation matures, the FIC's mandate may expand or it may work in conjunction with the FIU for licensing and ongoing prudential supervision.

**Financial Intelligence Unit Act, 2014**

**Palau Financial Intelligence Unit (FIU):**

*General Government Entry Point (where FIU info might be linked):* The Office of the Attorney General of Palau sometimes hosts AML/CFT related information: https://palauoag.org/ (You would typically navigate from here to find FIU related publications or contact info).

**FATF Recommendation 15** specifically addresses new technologies, including virtual assets and VASPs, requiring them to be regulated for AML/CFT purposes, licensed or registered, and subject to effective monitoring. This includes compliance with targeted financial sanctions.

**FATF Recommendation 6** mandates countries to implement targeted financial sanctions related to terrorism and terrorist financing, and **Recommendation 7** for proliferation financing, in line with UN Security Council resolutions.

**Compliance Requirement:** Palau's national laws, particularly its Anti-Money Laundering and Counter-Terrorist Financing (AML/CFT) Act, incorporate and enforce UNSC resolutions. VASPs operating in or with Palau are legally obligated to comply with these sanctions.

**Asset Freezing:** Immediately freeze funds and other assets belonging to individuals and entities designated by the UNSC.

**Prohibition of Services:** Prevent financial and non-financial services, including virtual asset transfers, from being made available, directly or indirectly, to or for the benefit of sanctioned parties.

**Reporting:** Report any assets frozen or attempted transactions involving sanctioned parties to Palau's Financial Intelligence Unit (FIU).

**Sanctioned Entity Screening:** Continuously screen their customer base (KYC data) and transactions against the UN Consolidated List.

**Republic of Palau, Title 11 (Financial Institutions, Anti-Money Laundering and Counter-Terrorist Financing):** This primary legislation would contain provisions for implementing UN sanctions. Specific sections related to asset freezing and reporting would apply.

While a direct URL to the specific sections for sanctions isn't always easily available online for all small nations, the *Palau National Code* (Title 11) is the governing document. PacLII (Pacific Legal Information Institute) often hosts such legislation: https://www.paclii.org/pg/legis/consol_act/amlact2006327/ (This link is for Papua New Guinea's Act, but serves as an example of how such acts are structured. A specific Palau search would be needed.)

**UN Security Council Consolidated Sanctions List:** https://www.un.org/securitycouncil/sanctions/information

**Global Financial System:** Due to the interconnectedness of the global financial system, any VASP or financial institution (FI) in Palau that deals in USD, EUR, or interacts with US/EU counterparties, software providers, or customers, *must* comply with OFAC and EU sanctions. Failure to do so can result in:

Loss of correspondent banking relationships.

Inability to process international transactions.

Being cut off from major payment rails and stablecoins (e.g., USDT, USDC are typically issued by US entities and are subject to OFAC).

Reputational damage and potential secondary sanctions.

**Obligations for VASPs (Best Practice):**

**Prohibited Transactions:** Avoid facilitating any transactions (including virtual asset transfers) directly or indirectly involving individuals, entities, or jurisdictions sanctioned by OFAC or the EU.

**Geographic Restrictions:** Prohibit services to users in comprehensively sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria for OFAC).

**Sanctioned Entity Screening:** Robustly screen all customers and counterparties against OFAC's Specially Designated Nationals (SDN) and Blocked Persons List, other OFAC lists, and the EU Consolidated List.

**IP Address Blocking:** Implement technical controls to block access from comprehensively sanctioned jurisdictions.

**Transaction Monitoring:** Monitor virtual asset transactions for patterns indicative of sanctions evasion.

**OFAC Sanctions Programs and Lists:** https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information

**EU Financial Sanctions Database (Consolidated List):** https://sanctionsmap.eu/

**Best Practice/Practical Necessity:** For OFAC and EU sanctions.

All new and existing customers (KYC/CDD records).

Transaction counterparties (originator and beneficiary information as per FATF Travel Rule).

Payment messages and blockchain addresses, where feasible and proportionate.

**Lists:** UN Consolidated List, OFAC SDN List and other relevant lists (e.g., Non-SDN Palestinian Legislative Council List), EU Consolidated List.

**Prohibited Jurisdictions:** VASPs should not facilitate virtual asset services to or from individuals or entities located in jurisdictions subject to comprehensive international sanctions (e.g., North Korea, Iran, Cuba, Syria, and specific regions in Ukraine like Crimea, Donetsk, Luhansk as per various sanctions regimes).

**High-Risk Jurisdictions:** Beyond sanctioned areas, VASPs should apply enhanced due diligence to transactions involving jurisdictions identified by FATF as High-Risk or under Increased Monitoring (e.g., the FATF grey list). While not sanctions, these pose heightened AML/CFT risks.

**Palau's Anti-Money Laundering and Counter-Terrorist Financing Act** would specify the penalties. These typically include:

**Fines:** Substantial monetary penalties for individuals and corporate entities.

**Imprisonment:** For individuals involved in serious breaches or deliberate evasion.

**Loss of License/Registration:** VASPs failing to comply may have their operating license or registration revoked by the relevant Palauan authorities (e.g., Financial Supervisory Commission or FIU).

**Asset Forfeiture:** Assets involved in or derived from illicit activities, including sanctions evasion, may be subject to forfeiture.

**Indirect Penalties (from OFAC/EU):** A Palauan VASP found in violation of OFAC or EU sanctions, even if not directly legally bound, could face:

Being designated on a sanctions list (e.g., OFAC's SDN list).

Exclusion from the global financial system.

Criminal prosecution in US/EU courts if they have a nexus to those jurisdictions (e.g., using US dollar stablecoins, having US customers).

**Palau's AML/CFT Act** (implementing UN sanctions and FATF recommendations).

The necessity to comply with **OFAC** and **EU** sanctions to function within the global financial ecosystem.

**AML/CFT Integration:** Virtual assets are largely brought under existing financial crime legislation to address risks related to money laundering and terrorist financing, following international standards (e.g., FATF recommendations).

**Government-Led Innovation:** A key distinctive feature is Palau's pioneering of a central bank digital currency (CBDC) in the form of a government-backed stablecoin, which implies a direct regulatory involvement in a specific virtual asset.

**No Explicit Ban:** There is no outright ban on cryptocurrencies or virtual asset activities, but the regulatory environment for private Virtual Asset Service Providers (VASPs) is less developed and relies more on general financial oversight.

**Role:** The primary financial regulator in Palau, responsible for licensing and supervising financial institutions, and ensuring compliance with financial laws, including AML/CFT. It would be the key body for overseeing any virtual asset activities that fall under traditional financial services definitions or that require specific registration/licensing.

*(Note: A highly specific, direct URL for the FIC's virtual asset section is not readily available publicly, as their primary focus is broader financial regulation. Their general mandate covers financial crime oversight for any regulated entity).*

An official reference is often found in legal documents related to financial crime, such as the Financial Crimes Act.

**Role:** Directly involved in the development and implementation of the Palau Stablecoin (PSDC) project, given its nature as a government-backed digital currency. This ministry would be instrumental in policy-making and oversight for such initiatives.

**Financial Crimes Act (Palau National Code, Title 11, Chapter 16):**

**Date:** Enacted over time with amendments to reflect international standards. While the core Act predates the widespread use of virtual assets, amendments would be expected to incorporate virtual assets under AML/CFT scope, especially given Palau's commitment to FATF standards.

**Relevance:** This is the primary legislation for combating money laundering and terrorist financing. It provides the legal framework under which the FIC operates and applies to any financial activity that could be used for illicit purposes. Virtual Asset Service Providers (VASPs) operating in Palau would be expected to comply with its provisions, including customer due diligence, suspicious transaction reporting, and record-keeping.

**URL:** Access to the full, updated Palau National Code online can be challenging for many small island nations without dedicated legal databases. However, the title and chapter are consistently referenced.

*(General reference for Palau National Code, often found on legal research sites or government archives, but a direct, always-up-to-date link for Title 11, Chapter 16, is difficult to provide universally accessible).*

**Example reference (often cited in international reports):** *Palau National Code, Title 11, Chapter 16: Financial Crimes Act.*

**Legislation/Policy Related to the Palau Stablecoin (PSDC):**

**Date:** The pilot program for the PSDC officially launched in **late 2022 / early 2023**. Specific legislative acts or executive orders would have been issued by the government to authorize and govern this initiative. These are likely to be specific directives rather than broad crypto laws.

**Relevance:** This initiative by the Republic of Palau, in partnership with Ripple, aims to pilot a USD-backed stablecoin as a potential digital currency for retail payments. While not a general crypto regulation, it represents the government's direct involvement and regulatory approach to a specific type of virtual asset.

**URL:** Information on the PSDC project is usually found in official government announcements, press releases from partners (like Ripple), and news reports.

**Example reference:** *Republic of Palau Government announcements regarding the Stablecoin Pilot (various dates 2022-2023).*

**News coverage:** https://ripple.com/news/republic-of-palau-launches-stablecoin-pilot-program-with-ripple-cbdc-platform/ (Ripple's announcement, dated July 28, 2023, confirming the launch)

**No Explicit Ban:** There is no specific legislation banning the trading or exchange of cryptocurrencies by individuals or private entities in Palau.

**Regulatory Gap for Private VASPs:** While the **Financial Crimes Act** provides a framework for AML/CFT compliance, there isn't a comprehensive, dedicated licensing or regulatory regime specifically for *private* Virtual Asset Service Providers (VASPs) such as cryptocurrency exchanges, custodians, or issuers beyond the general financial sector oversight by the FIC.

**AML/CFT Obligations:** Any entity facilitating virtual asset transactions that could be classified as a financial institution or money service business would likely fall under the purview of the FIC and be subject to the AML/CFT requirements of the Financial Crimes Act. This implies obligations for customer identification (KYC), transaction monitoring, and reporting suspicious activities.

**Government-Controlled Stablecoin:** The Palau Stablecoin (PSDC) is a government-controlled initiative, not a private cryptocurrency exchange. Its use and distribution are managed by the government as part of its pilot program.