Sao Tome and Principe -- AML/CFT Compliance Regulatory Overview

Sao Tome and Principe (STP), like many jurisdictions, is still developing its specific regulatory framework for Virtual Asset Service Providers (VASPs). In the absence of a dedicated, comprehensive law specifically for VASPs, these entities are generally expected to comply with the existing national Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) legislation, which is largely aligned with the recommendations of the Financial Action Task Force (FATF).

FATF Recommendation 15 specifically calls for virtual assets and VASPs to be subject to AML/CFT regulations, requiring them to be licensed or registered and to be subject to effective systems for monitoring and ensuring compliance with the relevant FATF Recommendations.

Here's a breakdown based on the current understanding of STP's AML/CFT framework:

AML/CFT Legislation

The primary AML/CFT legislation in Sao Tome and Principe includes:

1. Lei n.º 10/2012, de 23 de Agosto (Law No. 10/2012, of August 23): This is the foundational law for the Prevention and Combat of Money Laundering and Terrorism Financing. It establishes the general framework for AML/CFT obligations for financial and non-financial institutions.
2. Lei n.º 7/2020, de 16 de Julho (Law No. 7/2020, of July 16): This law amended and republished Law No. 10/2012. Amendments typically reflect updated FATF recommendations and often broaden the scope of obliged entities or strengthen specific requirements (like beneficial ownership or risk-based approaches), which would implicitly apply to emerging sectors like virtual assets.

While these laws don't explicitly name "Virtual Asset Service Providers," the scope of "financial institutions" or "designated non-financial businesses and professions" (DNFBPs) under the law is often interpreted broadly by regulatory authorities to include entities engaged in activities that fall within the spirit of the law, especially when dealing with financial flows. The Central Bank of São Tomé and Príncipe (BCSTP) or the Financial Intelligence Unit (UIF) would typically issue specific regulations or guidance to clarify the application of these laws to VASPs.

Customer Due Diligence (CDD) Requirements

Under the general AML/CFT framework, VASPs would be expected to implement robust CDD measures, similar to traditional financial institutions. These include:

• Identification and Verification of Customers:
  • For individuals: Obtaining name, address, date of birth, nationality, and a unique identification number (e.g., passport, national ID) and verifying this information using reliable, independent source documents or data.
  • For legal entities/arrangements: Obtaining name, legal form, proof of existence, powers that regulate and bind the entity, and the names of relevant persons having senior management positions.
• Beneficial Ownership: Identifying and taking reasonable measures to verify the identity of the beneficial owner(s) of the customer, including natural persons who ultimately own or control the customer, or the natural person on whose behalf a transaction is being conducted.
• Purpose and Intended Nature of the Business Relationship: Understanding the purpose and intended nature of the business relationship.
• Ongoing Monitoring: Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions are consistent with the obliged entity’s knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.
• Enhanced Due Diligence (EDD): Applying enhanced measures for higher-risk customers, relationships, or transactions, such as:
  • Politically Exposed Persons (PEPs).
  • Customers from high-risk jurisdictions identified by FATF or national authorities.
  • Complex or unusually large transactions.
  • Transactions with no apparent economic or lawful purpose.
• Simplified Due Diligence (SDD): Permitted in specific, low-risk circumstances, provided that the obliged entity has determined the relationship or transaction presents a low risk of money laundering or terrorist financing.

Suspicious Transaction Reporting (STR)

VASPs, as obliged entities under the AML/CFT framework, are required to:

• Report Suspicious Transactions: Report to the Financial Intelligence Unit (UIF) any transaction, attempted transaction, or activity that they know, suspect, or have reasonable grounds to suspect involves funds derived from criminal activity or is related to terrorism financing, regardless of the amount.
• Timeliness: Reports must be made promptly.
• No Tipping-Off: Obliged entities, their directors, officers, and employees are prohibited from disclosing to the customer or to third parties that an STR is being or has been submitted.

Record-Keeping Obligations

VASPs must maintain records for a specified period to assist in investigations and analysis. These typically include:

• Customer Identification Data: All records obtained through CDD procedures (e.g., copies of identification documents, verification data).
• Transaction Records: Details of all domestic and international transactions, including the amount, currency, date, and parties involved (originator and beneficiary information).
• Business Correspondence: Relevant correspondence regarding business relationships.

The usual retention period is at least five (5) years after the business relationship has ended or after the date of the occasional transaction.

Authority Overseeing Compliance

The primary authorities responsible for overseeing AML/CFT compliance in Sao Tome and Principe are:

1. Unidade de Informação Financeira (UIF) – Financial Intelligence Unit:

   • The central national authority responsible for receiving, analyzing, and disseminating suspicious transaction reports (STRs) and other relevant information concerning potential money laundering and terrorist financing. It provides operational intelligence to law enforcement agencies.
   • URL: http://uif.gov.st/ (Note: The website is primarily in Portuguese).

2. Banco Central de São Tomé e Príncipe (BCSTP) – Central Bank of São Tomé and Príncipe:

   • As the primary financial regulator, the BCSTP is responsible for licensing, regulating, and supervising financial institutions, including the implementation and enforcement of AML/CFT requirements within its purview. While there might not be specific VASP licensing yet, any entity providing financial services or related activities with virtual assets would likely fall under the BCSTP's oversight as a broader financial services provider. The BCSTP would also be instrumental in issuing specific regulations or guidelines related to VASPs.
   • URL: https://www.bcstp.st/ (Note: The website is primarily in Portuguese).

It is crucial for any VASP operating or intending to operate in Sao Tome and Principe to directly consult the relevant authorities and seek local legal advice to ensure full compliance with the most current laws and any specific interpretations or forthcoming regulations for virtual assets. The regulatory landscape for virtual assets is rapidly evolving globally, and national approaches can change.