Tunisia -- AML/CFT Compliance Regulatory Overview

Tunisia has significantly updated its anti-money laundering and combating the financing of terrorism (AML/CFT) framework, particularly with the explicit inclusion of virtual assets and virtual asset service providers (VASPs) within its scope. This move aligns Tunisia with the recommendations of the Financial Action Task Force (FATF).

Here's a breakdown of the AML/KYC requirements for cryptocurrency/virtual asset service providers in Tunisia:

AML/CFT Legislation

The primary legislation governing AML/CFT in Tunisia, which now explicitly covers virtual assets and VASPs, is:

• Law No. 2022-77 of December 26, 2022, on Combating Money Laundering and Terrorist Financing (Loi n° 2022-77 du 26 décembre 2022, relative à la lutte contre le blanchiment d'argent et le financement du terrorisme).
  • This law repeals and replaces the previous AML/CFT law (Law No. 2015-26). It introduces crucial definitions and obligations for entities dealing with virtual assets.

Key Provisions of Law 2022-77 related to Virtual Assets:

• Definition of Virtual Assets: The law generally adopts a broad definition consistent with FATF standards, recognizing them as a digital representation of value that can be digitally traded or transferred and used for payment or investment purposes.
• Definition of Virtual Asset Service Providers (VASPs): It explicitly includes VASPs as "reporting entities" (or "obliged entities" / "personnes assujetties"). While the law itself may not define all types of VASPs exhaustively, it typically covers entities that conduct one or more of the following activities for or on behalf of another natural or legal person:
  • Exchange between virtual assets and fiat currencies.
  • Exchange between one or more forms of virtual assets.
  • Transfer of virtual assets.
  • Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.
  • Participation in and provision of financial services related to an issuer's offer and/or sale of a virtual asset.

Beyond the specific AML/CFT law, general financial regulations and foreign exchange control laws enforced by the Central Bank of Tunisia (BCT) also play a significant role, particularly regarding the legality of crypto-fiat conversions and international transfers.

Customer Due Diligence (CDD) Requirements

VASPs in Tunisia are required to implement robust CDD measures, consistent with international FATF standards. These include:

1. Identification and Verification of Customers:
   • Natural Persons: Obtain and verify the customer's identity using reliable, independent source documents (e.g., national ID card, passport). This includes name, address, date of birth, nationality, and unique identification numbers.
   • Legal Entities/Arrangements: Obtain and verify the legal entity's name, legal form, address, proof of incorporation/registration, and the identity of natural persons holding senior management positions.
2. Beneficial Ownership Identification: Identify and verify the identity of the beneficial owner(s) – the natural person(s) who ultimately own or control the customer, and/or the natural person on whose behalf a transaction is being conducted. For legal entities, this typically involves identifying individuals with 25% or more ownership/control.
3. Purpose and Intended Nature of Business Relationship: Understand the purpose and intended nature of the business relationship or the specific transaction.
4. Ongoing Monitoring: Continuously monitor the business relationship and transactions undertaken by the customer to ensure consistency with the VASP's knowledge of the customer, their business, risk profile, and, where necessary, the source of funds.
5. Source of Funds/Wealth: For high-risk customers or transactions, VASPs must take reasonable measures to establish the source of funds and the source of wealth.
6. Enhanced Due Diligence (EDD): Apply EDD in situations presenting a higher risk of money laundering or terrorist financing. This includes, but is not limited to:
   • Politically Exposed Persons (PEPs).
   • Customers from high-risk geographic locations (as identified by FATF or national authorities).
   • Unusual or complex transactions.
   • Non-face-to-face business relationships.
7. Simplified Due Diligence (SDD): May be applied in specific, well-defined lower-risk situations, provided the VASP has assessed the risk and is confident that the risk is genuinely low.

Suspicious Transaction Reporting (STR)

VASPs are considered "reporting entities" and have a legal obligation to report suspicious transactions and activities.

• Reporting Obligation: Any VASP that suspects or has reasonable grounds to suspect that funds, regardless of the amount, are the proceeds of a criminal activity, or are related to terrorist financing, must promptly report its suspicions to the Financial Analysis Committee (CTAF). This applies even if the underlying criminal activity is unknown or uncertain.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or to third parties that a suspicious transaction report has been or will be submitted, or that an investigation is underway.

Record-Keeping Obligations

VASPs must maintain records for a specified period to assist in investigations and demonstrate compliance. This typically includes:

• Customer Identification Data: All documents, data, and information obtained through CDD procedures (e.g., copies of identification documents, beneficial ownership information).
• Transaction Records: Records of all financial transactions, including the amount, currency (fiat or virtual asset), date, type of transaction, and parties involved. This must be sufficient to permit reconstruction of individual transactions.
• STRs and Related Communications: Copies of all suspicious transaction reports submitted, and any related internal or external communications.
• Retention Period: These records must generally be kept for a period of five (5) years from the date of the last transaction or the end of the business relationship, or as otherwise prescribed by regulation.

Overseeing Authority

The primary authority responsible for overseeing AML/CFT compliance for reporting entities, including VASPs, in Tunisia is:

• Tunisian Financial Analysis Committee (CTAF - Comité Tunisien des Analyses Financières)
  • The CTAF functions as Tunisia's Financial Intelligence Unit (FIU). It is an independent administrative authority responsible for receiving, analyzing, and disseminating suspicious transaction reports to judicial authorities when money laundering or terrorist financing is suspected. It also contributes to the development of AML/CFT policies.
  • URL: While the CTAF has an official presence, its website is often integrated with, or linked through, the Central Bank of Tunisia or the Ministry of Finance. An official direct link might be challenging to find in English, but information is typically available through:
    • Central Bank of Tunisia (Banque Centrale de Tunisie - BCT): https://www.bct.gov.tn/ (The BCT often publishes information related to financial regulations and the CTAF's activities).

While the CTAF oversees the AML/CFT framework, the Central Bank of Tunisia (BCT) is the primary financial regulator and would likely be involved in any future licensing or specific prudential regulations for VASPs if the market matures and a formal regulatory framework beyond just AML is established. Currently, the BCT maintains strict foreign exchange controls, which implicitly affect the operational environment for VASPs dealing with fiat conversions.

It is crucial for any VASP operating or intending to operate in Tunisia to seek specific legal advice to ensure full compliance with the evolving regulatory landscape, as subsidiary regulations or circulars may provide further detailed guidance on the implementation of Law 2022-77 for virtual asset services.