Timor-Leste -- Sanctions Compliance Regulatory Overview

Timor-Leste, like many developing nations, does not have specific standalone legislation addressing cryptocurrency sanctions. Instead, its obligations primarily derive from its status as a member of the United Nations, its efforts to comply with international Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) standards set by bodies like the Financial Action Task Force (FATF) and the Asia/Pacific Group on Money Laundering (APG), and the extraterritorial reach of major international sanctions regimes.

Therefore, for Virtual Asset Service Providers (VASPs) operating in or interacting with Timor-Leste, the compliance requirements are largely an amalgamation of these international frameworks.

Timor-Leste's General Regulatory Framework Relevant to Sanctions

Timor-Leste's financial sector is regulated by the Banco Central de Timor-Leste (BCTL). While there isn't specific crypto legislation, the BCTL has issued warnings about the risks of cryptocurrencies. The primary legal framework for financial crime, which underpins sanctions compliance, is:

• Law No. 7/2011 on the Prevention and Combating of Money Laundering and Financing of Terrorism (and subsequent regulations/amendments): This law establishes the legal framework for AML/CTF in Timor-Leste and requires financial institutions (which VASPs are increasingly treated as under international standards) to implement measures to prevent and detect money laundering and terrorist financing, including compliance with international sanctions.

Timor-Leste is also a member of the Asia/Pacific Group on Money Laundering (APG), an FATF-style regional body, committing it to implement the FATF Recommendations. Recommendation 6 specifically requires countries to implement targeted financial sanctions related to proliferation financing and terrorism.

OFAC/EU/UN Sanctions Compliance Requirements for VASPs

For VASPs in Timor-Leste, compliance with international sanctions regimes is critical:

1. UN Sanctions (Directly Binding):

   • Requirement: As a UN member state, Timor-Leste is legally obligated to implement sanctions resolutions adopted by the UN Security Council. This means any VASP operating in or connected to Timor-Leste must comply with these sanctions.
   • Obligations for VASPs:
     • Freezing Assets: Immediately freeze funds and other assets of individuals and entities designated by the UN Security Council as terrorists, proliferators, or subject to other sanctions.
     • Prohibition of Services: Refrain from making funds or economic resources available, directly or indirectly, to sanctioned individuals or entities.
     • Reporting: Report any frozen assets or attempted transactions involving sanctioned parties to the relevant authorities (likely the BCTL and/or the national financial intelligence unit).
     • Sanctioned Entity Screening: Screen all customers and transactions against the UN Security Council Consolidated List.
   • Legal Reference: UN Security Council Resolutions, accessible at: https://www.un.org/securitycouncil/sanctions/information

2. OFAC (U.S.) Sanctions (Extraterritorial Reach):

   • Requirement: The U.S. Office of Foreign Assets Control (OFAC) administers and enforces U.S. economic and trade sanctions programs. These sanctions have significant extraterritorial reach, meaning they can apply to non-U.S. persons and entities if they:
     • Deal in U.S. dollars.
     • Use U.S.-origin technology or software.
     • Involve U.S. persons or entities (e.g., U.S.-based crypto exchanges, stablecoin issuers).
     • Touch the U.S. financial system in any way.
   • Obligations for VASPs: VASPs in Timor-Leste dealing with any U.S. nexus must:
     • Sanctioned Entity Screening: Screen all customers, counterparties, and transactions against OFAC's Specially Designated Nationals and Blocked Persons (SDN) List and other relevant sanctions lists (e.g., Sectoral Sanctions Identifications List).
     • Geographic Restrictions: Prohibit transactions with sanctioned countries/regions (e.g., Iran, North Korea, Cuba, Syria, specific regions of Ukraine/Russia).
     • Prohibition of Services: Not facilitate transactions or provide services to OFAC-sanctioned individuals, entities, or jurisdictions.
   • Legal Reference: OFAC's website and compliance guidance: https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions

3. EU Sanctions (Extraterritorial Reach):

   • Requirement: The European Union implements its own autonomous sanctions regimes. These can apply to VASPs in Timor-Leste if they:
     • Deal with EU persons or entities.
     • Use EU-based services or infrastructure.
     • Involve EU-regulated stablecoins or virtual assets.
   • Obligations for VASPs: Similar to OFAC, VASPs must:
     • Sanctioned Entity Screening: Screen against the EU Sanctions Map and the consolidated list of persons, groups, and entities subject to EU financial sanctions.
     • Geographic Restrictions: Adhere to restrictions concerning sanctioned countries/regions.
   • Legal Reference: EU Sanctions Map and relevant legal acts: https://www.sanctionsmap.eu/

Sanctioned Entity Screening Obligations

All VASPs operating with any international nexus (which most crypto operations inherently have) are expected to implement robust sanctioned entity screening programs. This includes:

• Customer Due Diligence (CDD) / Know Your Customer (KYC): Screening all new and existing customers against relevant sanctions lists upon onboarding and on an ongoing basis.
• Transaction Monitoring: Monitoring transactions for patterns or beneficiaries that might indicate a sanctions violation.
• Ultimate Beneficial Ownership (UBO) Screening: Identifying and screening the true owners of legal entities.
• Source of Funds/Wealth: Investigating the origin of assets, especially for high-risk customers or transactions.

Key Lists to Screen Against:

• UN Security Council Consolidated List: https://www.un.org/securitycouncil/sanctions/information
• OFAC Specially Designated Nationals (SDN) List: https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists
• EU Consolidated Financial Sanctions List: https://www.sanctionsmap.eu/ (searchable database)

Geographic Restrictions

Geographic restrictions are dictated by the international sanctioning bodies (UN, OFAC, EU). VASPs must prevent transactions with, to, or from individuals, entities, or IP addresses located in sanctioned jurisdictions. This applies to countries like:

• North Korea
• Iran
• Cuba
• Syria
• Venezuela (certain individuals/entities)
• Russia (specific entities, individuals, and sectors, particularly in relation to Ukraine)
• Belarus (certain individuals/entities)
• Designated regions like Crimea, Donetsk, Luhansk, Zaporizhzhia, and Kherson (Ukraine).

Penalties for Violations

1. Under Timor-Leste Law:

   • Violations of Timor-Leste's Law No. 7/2011 on the Prevention and Combating of Money Laundering and Financing of Terrorism (which would include failure to implement UN sanctions) can result in:
     • Fines: Significant monetary penalties for institutions.
     • Imprisonment: For individuals involved in serious breaches.
     • Loss of License/Operating Authority: For financial entities.
   • Specific penalty details would be outlined in the law itself or its implementing regulations, which are generally aligned with international AML/CTF standards.

2. Under OFAC/EU Sanctions (Extraterritorial):

   • Non-compliance with OFAC or EU sanctions, even by entities outside their direct jurisdiction, can lead to severe consequences:
     • Blocking/Designation: The VASP itself could be placed on the SDN list or an EU sanctions list, effectively cutting it off from the global financial system.
     • Financial Penalties: Massive fines levied by U.S. or EU authorities.
     • Reputational Damage: Significant harm to the VASP's brand and trustworthiness.
     • Loss of Access: Inability to access crucial services, banking relationships, stablecoin issuers, and international crypto exchanges that comply with OFAC/EU rules.

Country-Specific Sanctions Lists for Crypto

Timor-Leste does not have its own country-specific sanctions lists that apply to crypto. It relies on the implementation of international lists, primarily those from the UN, and indirectly adheres to OFAC and EU sanctions due to the global interconnectedness of the financial and virtual asset ecosystems.

Conclusion

While Timor-Leste does not have unique, crypto-specific sanctions laws, VASPs operating within or interacting with Timor-Leste are subject to a complex web of international sanctions obligations. Compliance primarily involves adhering to UN Security Council Resolutions as mandated by Timor-Leste's AML/CTF framework, and proactively managing the extraterritorial risks associated with OFAC and EU sanctions to avoid severe penalties and disruption to their operations.

It is highly recommended that any VASP seeking to operate in or with Timor-Leste obtain specific legal advice tailored to their business model and the evolving regulatory landscape.