Solomon Islands -- AML/CFT Compliance Regulatory Overview

**Solomon Islands Financial Intelligence Unit (SIFIU)**

**Role:** SIFIU is responsible for receiving, analysing, and disseminating financial intelligence related to suspected money laundering and terrorist financing. It also provides guidance to reporting entities and monitors their compliance with AML/CFT obligations.

**Financial Intelligence Unit Act 2021:** This Act establishes the SIFIU and defines its powers and functions.

**Anti-Money Laundering and Counter-Terrorist Financing Act 2021 (the AML/CFT Act):** This comprehensive legislation aligns the Solomon Islands with international FATF standards, covering customer due diligence, reporting obligations, and broader AML/CFT requirements for financial institutions, which increasingly include VASPs.

**Financial Transactions Reporting Act 2010:** This Act also contributes to the framework, particularly regarding the reporting of certain transactions.

**Identification and Verification of Identity:**

**Natural Persons:** Obtain full name, date of birth, residential address, nationality, and unique identification number (e.g., passport, national ID). Verify this information using reliable, independent source documents, data, or information.

**Legal Persons/Entities (e.g., Companies):** Obtain name, legal form, proof of existence, powers that regulate and bind the legal person, and the names of relevant persons holding senior management positions.

**Beneficial Ownership:** Identify and verify the identity of the natural person(s) who ultimately own or control the customer (typically 25% or more ownership/control threshold for legal entities).

**Purpose and Intended Nature of the Business Relationship:** Understand the reason for the customer establishing the relationship and the expected nature of their virtual asset activities.

**Ongoing Monitoring:** Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes monitoring for unusual or suspicious activities.

**Enhanced Due Diligence (EDD):** Apply EDD measures in higher-risk situations, including:

When dealing with Politically Exposed Persons (PEPs).

Complex, unusually large transactions, or unusual patterns of transactions that have no apparent economic or lawful purpose.

Anonymity-enhancing virtual assets or technologies.

**Simplified Due Diligence (SDD):** May be applied in very limited, low-risk circumstances, but these are rare for VASPs given the inherent risks.

**Reporting Obligation:** Reports must be submitted to the SIFIU promptly. SIFIU guidance usually specifies a timeframe (e.g., within 24-48 hours of forming suspicion).

**Content of Report:** STRs must contain comprehensive information about the customer, the transaction(s), the grounds for suspicion, and any other relevant details.

**No Tipping-Off:** VASPs and their employees are strictly prohibited from informing the customer or any third party that an STR has been or will be submitted.

Copies of documents used for CDD (identification, verification).

Records of all transactions, including amounts, types of virtual assets, dates, and parties involved (including "Travel Rule" information if applicable).

Business correspondence related to the customer.

Records of suspicious transaction reports submitted.

Records of internal risk assessments and training.

**Retention Period:** Records must be retained for at least **five (5) years** after the business relationship has ended or after the date of an occasional transaction.

**Accessibility:** Records must be readily accessible to SIFIU or other competent authorities upon request.

**Appointment of a Compliance Officer/MLRO:** A designated person responsible for overseeing AML/CFT compliance, including receiving internal suspicious activity reports and acting as the primary liaison with SIFIU.

**Risk Assessments:** Regularly conduct institutional and customer risk assessments to identify, assess, and understand their ML/TF risks.

**Internal Policies and Procedures:** Develop and implement written policies, procedures, and controls to mitigate identified risks and ensure compliance with AML/CFT laws.

**Training:** Provide ongoing AML/CFT training to all relevant employees, ensuring they understand their obligations and can identify suspicious activities.

**Independent Audit/Review:** Periodically subject their AML/CFT program to independent audit or review to assess its effectiveness.

**Licensing/Registration:** VASPs are expected to register or be licensed by a competent authority. Even if a specific VASP license doesn't exist yet, they fall under the "reporting entity" definition which often implies a registration requirement with SIFIU.

**"Travel Rule":** VASPs should collect and transmit required originator and beneficiary information (name, account number/wallet address, physical address, national ID, customer number, date and place of birth) for virtual asset transfers above a de minimis threshold. This is a crucial FATF recommendation for VASPs.

**Sanctions Screening:** Implement controls to screen customers and transactions against national and international sanctions lists (e.g., UN Security Council sanctions lists).

**New Technologies and Products:** Assess and mitigate the ML/TF risks associated with new technologies or products they offer before launching them.

**United Nations Financial Sanctions Act 2017:** This Act provides the legal framework for implementing UN Security Council resolutions related to financial sanctions, particularly concerning terrorism and proliferation financing.

**Asset Freezing:** VASPs must immediately freeze any funds or other assets (including virtual assets) belonging to, or controlled by, designated persons or entities appearing on UN sanctions lists. This includes funds derived from or generated by such assets.

**Prohibition on Making Funds Available:** VASPs are prohibited from making any funds, financial assets, economic resources, or virtual assets available, directly or indirectly, for the benefit of designated persons or entities.

**Reporting Obligations:** Any VASP that identifies a designated person or entity as a customer, beneficial owner, or transaction party, or discovers assets belonging to such individuals/entities, must immediately report this to the SIFIU.

**Implementation of UN Lists:** The Solomon Islands, through the CBSI/SIFIU, regularly issues advisories or directives based on the UN Security Council's consolidated lists, which include individuals and entities associated with:

ISIL (Da'esh) and Al-Qaida (1267/1989/2253 Sanctions List)

The Taliban (1988 Sanctions List)

DPRK (North Korea) (1718 Sanctions List)

Other terrorism and proliferation financing related designations as determined by UNSC resolutions.

**United Nations Financial Sanctions Act 2017:** Accessible via the Pacific Islands Legal Information Institute (PacLII): https://www.paclii.org/sb/legis/num_act/unfsa2017326/

**US Persons and Nexus:** Any VASP that is a "US Person" (US citizen, resident, entity incorporated in the US or subject to US jurisdiction) *must* comply with all OFAC sanctions globally.

**US Financial System Interaction:** Even non-US VASPs risk penalties if their transactions involve a US nexus (e.g., using a US-based exchange, stablecoin issued by a US entity, US dollar-denominated transactions cleared through the US financial system).

**EU Persons and Nexus:** Similarly, VASPs that are "EU Persons" or have a nexus to the EU (e.g., serving EU customers, using EU-based infrastructure, dealing with euro-denominated virtual assets) must comply with EU sanctions.

**Correspondent Banking and De-risking:** Non-compliance with OFAC/EU sanctions by a Solomon Islands VASP can lead to de-risking by global financial institutions (including banks and larger crypto exchanges), effectively cutting off access to the international financial system.

**OFAC Sanctions Programs and Country Information:** https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information

**Implement Risk-Based Screening:** Conduct ongoing screening of their customers, beneficial owners, and transaction counterparties against the relevant sanctions lists (UN, and prudently, OFAC/EU lists).

**Know Your Customer (KYC) / Customer Due Diligence (CDD):** Integrate sanctions screening into their CDD processes for all new and existing customers.

**Transaction Monitoring:** Monitor transactions for patterns or attempts to circumvent sanctions.

**Record-Keeping:** Maintain records of all screening activities and any sanctions hits, including the actions taken.

**Internal Controls:** Establish robust internal policies, procedures, and training programs to ensure effective sanctions compliance.

**UN Sanctions Regimes:** These target specific countries or regions (e.g., North Korea, certain individuals/entities in Libya, Sudan, Yemen, Somalia) and prohibit or restrict transactions, trade, and financial services.

**OFAC/EU Comprehensive Sanctions:** These impose broad restrictions on dealings with specific jurisdictions (e.g., Cuba, Iran, North Korea, Syria, certain regions of Ukraine like Crimea, Donetsk, Luhansk). Even for a Solomon Islands VASP, conducting transactions with parties in these comprehensively sanctioned jurisdictions can expose them to US/EU enforcement actions.

**CBSI/SIFIU Directives:** The SIFIU may issue specific directives or guidance regarding transactions with high-risk jurisdictions or those subject to specific international measures.

**Fines:** Substantial monetary penalties. For example, the UN Financial Sanctions Act 2017 outlines penalties for breaching a financial sanction, which can be significant.

**Imprisonment:** Individuals found in violation of sanctions laws can face terms of imprisonment.

**Loss of License/Registration:** VASPs operating under a license or registration would risk revocation, effectively ending their ability to operate.

**Reputational Damage:** Significant harm to the entity's reputation, making it difficult to conduct business locally and internationally.

**United Nations Financial Sanctions Act 2017**, Part 4 (Offences and Penalties).

The **CBSI/SIFIU** would be responsible for disseminating any domestic lists of "designated persons" or "entities" which are derived directly from UN Security Council resolutions, rather than independently created country-specific lists unique to the Solomon Islands. VASPs are expected to monitor official CBSI/SIFIU communications for any such designations.

**Understand and implement the UN Financial Sanctions Act 2017 and the AML/CFT Act 2021.**

**Screen all customers, beneficial owners, and transaction counterparties against the UN Security Council Consolidated Lists.**

**Proactively screen against OFAC's SDN list and the EU Consolidated Financial Sanctions List** to mitigate extraterritorial risks, preserve correspondent banking relationships, and access global crypto liquidity.

**Implement robust KYC/CDD procedures and transaction monitoring systems** tailored to the risks associated with virtual assets.

**Report any hits or suspicious transactions to the SIFIU** promptly.

**Stay updated with advisories and guidance** issued by the CBSI and SIFIU.