Turks and Caicos -- AML/CFT Compliance Regulatory Overview

**Virtual Asset Service Providers Act 2023 (VASP Act 2023):** This is the cornerstone legislation specifically regulating VASPs. It defines what constitutes a VASP, sets out licensing and registration requirements, and crucially, brings VASPs under the existing AML/CFT framework, making them "financial institutions" for AML/CFT purposes.

**Proceeds of Crime Ordinance 2017 (as amended):** This ordinance defines money laundering offenses, establishes the framework for investigation, seizure, and confiscation of assets derived from criminal activity.

**Anti-Money Laundering Regulations 2023:** These regulations provide the detailed operational requirements for AML/CFT compliance, including customer due diligence, record-keeping, internal controls, and suspicious transaction reporting.

**Terrorism (Prevention) Ordinance 2011 (as amended):** This ordinance addresses terrorist financing, defining offenses and establishing mechanisms for freezing assets and reporting suspicious activities related to terrorism.

**Financial Services Commission Ordinance 2019 (as amended):** This ordinance establishes the Turks and Caicos Islands Financial Services Commission (TCIFSC) and outlines its powers and responsibilities, including supervision of financial institutions and VASPs.

When establishing a business relationship.

When conducting occasional transactions above a specified threshold (e.g., USD 1,000 for wire transfers, or as otherwise prescribed by regulation).

When there is a suspicion of money laundering or terrorist financing.

When the VASP has doubts about the veracity or adequacy of previously obtained identification data.

**Key Information to Obtain (for Individuals):**

Unique identification number (e.g., passport number, national ID card number, driver's license number).

Purpose and nature of the business relationship.

Source of funds and source of wealth, especially for high-risk customers or large transactions.

**Key Information to Obtain (for Legal Entities/Corporations):**

Registered address and principal place of business.

Legal form (e.g., company, partnership, trust).

Governing law and proof of existence (e.g., certificate of incorporation, partnership agreement).

Names and addresses of all directors, partners, or trustees.

**Beneficial Ownership:** Identification and verification of natural persons who ultimately own or control the customer (typically 10% or 25% ownership threshold, but VASPs must identify anyone who exerts ultimate control).

Source of funds and source of wealth for the entity and its beneficial owners.

Information must be verified using reliable, independent source documents, data, or information. This could include government-issued identification, utility bills, public databases, or credit reports.

For legal entities, verification might involve corporate registries, financial statements, and reputable public sources.

Continuously monitor the business relationship, including scrutiny of transactions undertaken throughout the course of that relationship, to ensure that the transactions are consistent with the VASP’s knowledge of the customer, their business, and risk profile.

Keep customer information up-to-date and conduct periodic reviews.

Implement a robust risk assessment methodology to identify, assess, and understand the ML/TF risks associated with different customers, products, services, delivery channels, and geographic areas.

Apply **Enhanced Due Diligence (EDD)** measures for higher-risk scenarios, such as:

Customers from high-risk geographic areas (FATF grey/black listed countries).

Complex or unusually large transactions.

Non-face-to-face business relationships (with specific verification measures).

**Simplified Due Diligence (SDD)** may be applied in strictly defined low-risk situations, where explicitly permitted by the regulations and with adequate justification.

**Obligation to Report:** VASPs are legally obligated to report any transaction (or attempted transaction) where they know, suspect, or have reasonable grounds to suspect that funds are the proceeds of criminal activity or are linked to terrorism financing.

**Reporting Authority:** All STRs must be submitted to the **Financial Intelligence Agency (FIA)** of Turks and Caicos.

**Internal Procedures:** VASPs must appoint a Money Laundering Reporting Officer (MLRO) and establish internal procedures for staff to report suspicions to the MLRO.

**No Tipping Off:** It is prohibited to "tip off" a customer or any third party that an STR has been filed or that an investigation is underway.

**Timeliness:** STRs must be filed promptly after the suspicion arises.

**Duration:** All records must be kept for a minimum of **five (5) years** after the business relationship has ended or after the date of an occasional transaction.

Copies of all customer identification and verification documents (e.g., passports, utility bills, corporate documents).

All transaction records, including details of the amount, currency, date, and parties involved in both fiat and virtual asset transactions.

Records of customer due diligence reviews and ongoing monitoring activities.

Business correspondence relating to customer accounts and transactions.

Records of all suspicious transaction reports filed.

Records of internal risk assessments and policies.

**Accessibility:** Records must be maintained in a manner that allows for rapid retrieval and access by the competent authorities (TCIFSC, FIA, law enforcement).

**Turks and Caicos Islands Financial Services Commission (TCIFSC)**

Licensing and registering VASPs under the VASP Act 2023.

Supervising VASPs to ensure ongoing compliance with AML/CFT legislation and regulations.

Issuing guidance notes and directives.

Imposing administrative penalties for non-compliance.

**Proceeds of Crime Ordinance (POCA), 2007 (as amended):** This is the principal AML/CFT legislation in TCI.

**Anti-Money Laundering and Counter-Terrorist Financing Regulations, 2010 (as amended):** These regulations provide detailed requirements for compliance. Significant amendments, particularly in **April 2021**, brought VASPs fully within the scope of AML/CFT obligations.

**FSC AML/CFT Supervisory Guidance for Virtual Asset Service Providers (VASPs):** The Financial Services Commission (FSC), as the primary regulator, has issued specific guidance to assist VASPs in understanding and complying with their obligations, including the Travel Rule.

**Cross-border transfers:** US$1,000 or EUR 1,000 or more.

**Domestic transfers:** US$3,000 or EUR 3,000 or more.

Exchanges between virtual assets and fiat currencies.

Exchanges between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

Name (of the customer who initiated the transfer).

Virtual asset wallet address (or other unique identifier) used for the transaction.

Geographical address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the originating VASP, or date and place of birth.

**Transmit Information:** The originating VASP must transmit this information to the beneficiary VASP immediately and securely, along with the virtual asset transfer.

**Receive and Maintain Information:** The beneficiary VASP must receive and maintain this information.

**Record Keeping:** All VASPs must maintain records of the collected and transmitted information for a minimum of five (5) years.

**Risk-Based Approach:** VASPs must implement a risk-based approach to identify and mitigate money laundering and terrorist financing risks, which includes screening for suspicious transactions and reporting them to the Financial Intelligence Agency (FIA).

**Administrative Penalties:** The FSC has powers to impose significant administrative fines on institutions and individuals, issue public statements, directives, and operational restrictions.

**Civil Penalties:** Orders to cease and desist, freezing of assets.

Substantial monetary fines (e.g., up to hundreds of thousands of dollars for institutions, and tens of thousands for individuals).

Imprisonment for individuals (e.g., up to 7 years) for serious offenses such as failure to report suspicious transactions, falsifying records, or obstruction.

Revocation or suspension of licenses to operate as a VASP.

**Proceeds of Crime Ordinance, 2007 (as amended):** Usually available on the Attorney General's Chambers website or through legal research databases.