Tonga -- AML/CFT Compliance Regulatory Overview

**Money Laundering and Terrorist Financing Act 2018 (as amended):** This is the foundational law establishing the AML/CFT framework, defining offenses, setting out reporting obligations, and granting powers to authorities. It likely includes definitions that capture VASPs or their activities.

**Proceeds of Crime Act 2018 (as amended):** This Act deals with the identification, tracing, freezing, and forfeiture of proceeds of crime, including those generated from money laundering and terrorist financing.

**Identification and Verification of Customer Identity:**

**For natural persons:** Obtaining and verifying name, date of birth, residential address, and national identification number or passport details using reliable, independent source documents, data, or information.

**For legal entities (e.g., companies):** Obtaining and verifying the entity's name, legal form, proof of incorporation/existence, registered address, names of directors/partners, and proof of authority of persons acting on its behalf.

**Identification and Verification of Beneficial Owners (UBOs):** Taking reasonable measures to identify and verify the identity of the ultimate beneficial owners of the customer, especially for legal entities and trusts.

**Understanding the Purpose and Intended Nature of the Business Relationship:** Gathering information about the customer's intended activities and the purpose for which the VASP's services will be used.

**Ongoing Monitoring:** Continuously monitoring the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

**Enhanced Due Diligence (EDD):** Applying enhanced measures for higher-risk situations, such as:

Transactions or relationships involving Politically Exposed Persons (PEPs).

Complex, unusually large transactions, or unusual patterns of transactions that have no apparent economic or lawful purpose.

Cross-border correspondent relationships (if applicable).

**No Monetary Threshold:** STRs must be filed regardless of the amount of the transaction.

**"Tipping Off" Prohibition:** VASPs and their employees are prohibited from disclosing to the customer or a third party that an STR has been or will be filed.

**Customer Due Diligence Records:** All identification and verification data, beneficial ownership information, and supporting documents.

**Transaction Records:** Details of all transactions, including the amount, currency (both fiat and virtual assets), date, type of transaction, and the identity of the sender and receiver (including information required by the FATF "Travel Rule" for virtual asset transfers).

**Business Relationship Records:** Records pertaining to the business relationship and ongoing monitoring.

**Internal Reports and STRs:** Copies of all internal suspicious activity reports and STRs submitted to the TFIU.

**Duration:** Records must generally be kept for a period of **at least five (5) years** after the business relationship has ended or after the date of an occasional transaction.

**Tonga Financial Intelligence Unit (TFIU)**

**FATF Standards:** Tonga, as a member of the Asia/Pacific Group on Money Laundering (APG) (a FATF-style regional body), is expected to implement FATF Recommendations, including Recommendation 15 (New Technologies) and its interpretative note, which specifically addresses VASPs and the "Travel Rule" (requiring VASPs to obtain and transmit originator and beneficiary information for virtual asset transfers above a certain threshold).

**Evolving Landscape:** The regulatory landscape for virtual assets is rapidly evolving globally. VASPs should regularly check the TFIU's website for updated guidance, regulations, or amendments to existing laws that may specifically address virtual assets.

**Risk Assessment:** Implementing a thorough institutional risk assessment to identify and mitigate ML/TF risks specific to their VASP operations is crucial.

**Internal Controls:** Developing and implementing robust internal controls, policies, procedures, and training programs for staff are essential for compliance.

**Binding Nature:** As a UN member state, Tonga is legally obligated to implement sanctions imposed by the UN Security Council (UNSC). These resolutions target specific individuals, entities, and sometimes entire regimes (e.g., related to terrorism, proliferation of weapons of mass destruction, or human rights abuses).

**Crypto Application:** Although UN sanctions resolutions do not explicitly mention "cryptocurrency," they mandate the freezing of assets belonging to designated individuals and entities. This implicitly includes virtual assets. VASPs must identify and freeze any virtual assets linked to UN-designated persons or entities and report such findings to the Tonga Financial Intelligence Unit (FIU).

**UNSCR 1267 (1999) and successor resolutions:** Target Al-Qaida and ISIL (Da'esh) and their affiliates.

**UNSCR 1373 (2001):** Calls on all states to prevent and suppress the financing of terrorism.

**UNSCR 1718 (2006) and successor resolutions:** Target North Korea's nuclear and ballistic missile programs.

**UNSCR 2231 (2015):** Related to Iran's nuclear program.

**UN Security Council Resolutions:** https://www.un.org/securitycouncil/content/resolutions

**Extraterritorial Reach:** Sanctions imposed by the U.S. Office of Foreign Assets Control (OFAC) have significant extraterritorial reach. They apply to:

U.S. persons (citizens, residents, and entities wherever located).

Transactions that touch the U.S. financial system (e.g., using USD-pegged stablecoins, or routing through U.S.-based exchanges/service providers).

Foreign entities that facilitate significant transactions for sanctioned persons or in sanctioned jurisdictions, potentially incurring "secondary sanctions."

**Crypto Application:** OFAC has explicitly stated that its sanctions programs apply to virtual currency transactions. It has sanctioned specific cryptocurrency addresses, mixers, and VASPs for facilitating illicit transactions or sanctions evasion.

**Impact on Tongan VASPs:** A VASP operating in Tonga that deals with U.S. persons, uses USD-denominated virtual assets, or engages in transactions with OFAC-sanctioned entities/individuals (regardless of their location) would be subject to OFAC regulations.

**OFAC's Virtual Currency Guidance:** https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20211015_virtual_currency.pdf

**OFAC Frequently Asked Questions (Virtual Currency):** https://ofac.treasury.gov/faqs/topic/1561

**OFAC Specially Designated Nationals (SDN) List:** https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists

**Jurisdictional Scope:** EU sanctions primarily apply to EU persons (citizens, residents, and entities) and entities operating within the EU.

**Crypto Application:** The EU has also clarified that its sanctions apply to virtual assets. Recent sanctions packages against Russia, for example, have explicitly included prohibitions on providing crypto-asset services to Russian persons.

**Impact on Tongan VASPs:** While less direct than OFAC, a Tongan VASP interacting with EU persons or entities, or otherwise facilitating transactions that would violate EU sanctions (e.g., providing services to an EU-sanctioned entity), could face compliance challenges or be de-risked by EU financial institutions.

**Council Regulation (EU) 2022/328 (example for Russia):** Check relevant EU Council Regulations and Decisions via the Official Journal of the EU.

**FATF Standards:** As a member of the APG (a FATF-style regional body), Tonga is committed to implementing the Financial Action Task Force (FATF) Recommendations.

**Recommendation 15 (New Technologies):** Mandates that countries apply AML/CFT requirements to virtual assets and VASPs.

**FATF Guidance for VASPs:** Provides detailed guidance on how countries and VASPs should implement these recommendations, including licensing/registration, risk assessment, customer due diligence (CDD), transaction monitoring, suspicious transaction reporting (STR), record-keeping, and the "Travel Rule" (information sharing for crypto transfers).

**Tonga's Money Laundering and Terrorist Financing Act:** Tonga has an AML/CFT legal framework, which would be the primary domestic mechanism for enforcing sanctions and AML/CFT rules. This Act (and its associated regulations) would likely designate the Tonga FIU and/or the National Reserve Bank of Tonga as the supervisory bodies for VASPs.

**Obligations for VASPs:** VASPs operating in Tonga (or serving Tongan customers) are expected to:

Obtain any required licenses or registrations from Tongan authorities.

Implement robust AML/CFT programs, including risk-based CDD.

Monitor transactions for suspicious activity.

Report suspicious transactions to the Tonga FIU.

Implement targeted financial sanctions screening.

**FATF Guidance for a Risk-Based Approach to Virtual Assets and VASPs:** https://www.fatf-gafi.org/media/fatf/documents/guidance-rba-virtual-assets-vasps.pdf

**Tonga Financial Intelligence Unit (FIU):** While specific links to Tonga's current MLTFA and VASP regulations are difficult to pinpoint without direct access to Tongan legal databases, the FIU would be the key authority. (General information on FIUs: https://www.tonga.gov.to/ministries-departments/ministry-of-finance might link to relevant financial regulations, but specific VASP laws often reside under a central bank or financial services authority.)

**UN Consolidated List:** For individuals and entities designated by the UN Security Council.

**EU Consolidated List:** For persons and entities subject to EU financial sanctions.

Any domestic lists published by the Tonga FIU or National Reserve Bank of Tonga that implement these international designations.

**Methodology:** Screening should be conducted at onboarding, before transactions, and on an ongoing basis (e.g., daily) against all relevant sanctions lists. This often requires automated solutions due to the dynamic nature and volume of these lists.

**OFAC Sanctioned Jurisdictions:** U.S. sanctions programs broadly prohibit dealings with comprehensive-sanctioned jurisdictions such as Cuba, Iran, North Korea, Syria, and regions like Crimea, Donetsk, and Luhansk.

**UN/EU Sanctioned Jurisdictions:** While less comprehensive than OFAC's list, UN and EU sanctions also target specific entities or sectors in countries like Myanmar, Libya, Sudan, Yemen, Afghanistan (Taliban), and Russia/Belarus (due to the war in Ukraine).

**Impact:** VASPs must ensure they do not facilitate transactions originating from, destined for, or involving individuals/entities in these sanctioned geographies.

**OFAC Penalties:** For U.S. persons or those subject to U.S. jurisdiction, penalties can range from significant civil monetary penalties (millions of USD) to criminal charges with multi-year imprisonment.

**EU Penalties:** Member states are required to establish effective, proportionate, and dissuasive penalties for breaches of EU sanctions, which can include substantial fines and imprisonment.

**Tongan Domestic Penalties:** Tonga's Money Laundering and Terrorist Financing Act and any VASP-specific regulations would outline penalties for non-compliance, including fines, imprisonment, and revocation of licenses or registrations. These penalties would apply to institutions and individuals found in violation.

**Reputational Damage and De-risking:** Beyond legal penalties, VASPs in Tonga found in violation of international sanctions face severe reputational damage, potential loss of correspondent banking relationships, and exclusion from the international financial system.

It is highly unlikely that Tonga maintains its own unique "crypto-specific" sanctions list independent of its broader AML/CFT framework.

Instead, Tonga's domestic laws and regulations for financial institutions (including VASPs) would likely mandate compliance with the UN Consolidated List and potentially other major international lists (like OFAC's SDN list, given its extraterritorial reach). The Tonga FIU would be the authority responsible for disseminating any domestic targeted financial sanctions lists, which would primarily mirror or implement UN designations.