Trinidad and Tobago -- AML/CFT Compliance Regulatory Overview

Trinidad and Tobago has made significant strides in aligning its anti-money laundering and countering the financing of terrorism (AML/CFT) framework with international standards set by the Financial Action Task Force (FATF), extending these requirements to Virtual Asset Service Providers (VASPs).

The primary legislation governing virtual assets and VASPs in Trinidad and Tobago is the Virtual Asset Business Act, 2022 (VABA, 2022). This Act explicitly brings VASPs under regulatory oversight as "financial institutions" for AML/CFT purposes.

Here's a breakdown of the AML/KYC requirements:

AML/CFT Legislation in Trinidad and Tobago

1. Virtual Asset Business Act, 2022 (VABA, 2022): This is the foundational law for virtual assets and VASPs, defining what constitutes a "virtual asset" and "virtual asset business" and establishing the regulatory framework. It mandates licensing and compliance with AML/CFT obligations for VASPs.
2. Anti-Money Laundering and Countering the Financing of Terrorism Act, Chap 11:13: This is the overarching AML/CFT legislation that applies to all financial institutions, including VASPs under the VABA. It sets out the general requirements for AML/CFT compliance, including CDD, STRs, and record-keeping.
3. Anti-Money Laundering and Countering the Financing of Terrorism (FATF Recommendations) Regulations, 2021: These Regulations provide more granular detail on the implementation of the AML/CFT Act, specifically incorporating many of the FATF Recommendations. They are crucial for understanding the practical application of AML/CFT measures.
4. Proceeds of Crime Act, Chap 11:27: This Act criminalizes money laundering and the financing of terrorism, providing the legal basis for prosecuting such offenses and seizing assets.
5. Financial Intelligence Unit Act, Chap 72:01: This Act establishes the Financial Intelligence Unit (FIU) as the central national agency for receiving, analyzing, and disseminating suspicious transaction reports and other financial intelligence.

Customer Due Diligence (CDD) Requirements for VASPs

VASPs in Trinidad and Tobago are required to implement a risk-based approach to CDD, meaning the intensity of CDD should be commensurate with the assessed ML/FT risk of the customer relationship or transaction. Key CDD requirements include:

1. Identification and Verification of Customers:
   • For Individuals: Obtain and verify the customer's full legal name, date of birth, residential address, nationality, and a unique identification number (e.g., passport number, national ID card number). Verification must be done using reliable, independent source documents, data or information.
   • For Legal Persons/Arrangements (e.g., companies, trusts): Obtain and verify the legal name, principal place of business, registration number, articles of incorporation, bylaws, and other relevant constitutional documents.
2. Beneficial Ownership: VASPs must identify and take reasonable measures to verify the identity of the beneficial owner(s) of the customer, including for legal persons and arrangements. This involves understanding the ownership and control structure of the customer.
3. Purpose and Intended Nature of Business Relationship: Understand the purpose and intended nature of the business relationship or transaction (e.g., why is the customer using VASP services, what types of virtual assets will be involved, expected transaction volumes).
4. Ongoing Monitoring: Continuously monitor the business relationship and transactions to ensure they are consistent with the VASP's knowledge of the customer, their business, and risk profile. This includes keeping customer information and beneficial ownership up-to-date.
5. Politically Exposed Persons (PEPs): Implement enhanced scrutiny for customers who are PEPs (domestic or foreign) or their family members or close associates. This includes obtaining senior management approval for establishing business relationships with PEPs and taking reasonable measures to establish the source of wealth and source of funds.
6. Enhanced Due Diligence (EDD): Apply EDD in situations identified as high-risk, such as:
   • Relationships with PEPs.
   • Cross-border correspondent relationships.
   • Complex, unusually large transactions, and all unusual patterns of transactions that have no apparent economic or lawful purpose.
   • Customers residing in or transactions involving high-risk jurisdictions identified by the FATF or other relevant bodies.
   • Transactions involving anonymity-enhancing virtual assets.

Suspicious Transaction Reporting (STR) Obligations

VASPs, like other financial institutions, have a legal obligation to report suspicious transactions to the Financial Intelligence Unit (FIU) of Trinidad and Tobago.

• Trigger: Any VASP that knows, suspects, or has reasonable grounds to suspect that a transaction (attempted or completed), virtual asset, or funds are linked to money laundering, terrorist financing, or other criminal activity, must file an STR.
• Reporting Body: Financial Intelligence Unit (FIU) of Trinidad and Tobago.
• Timeline: Reports must be submitted promptly, typically within a few working days of forming the suspicion, and in accordance with FIU guidelines.
• No Tipping-Off: VASPs and their employees are prohibited from disclosing to the customer or any third party that an STR has been or will be filed, or that an investigation is being conducted.

Record-Keeping Obligations

VASPs must maintain comprehensive records to support their AML/CFT compliance, including:

• Customer Records: All records obtained during CDD, including identification documents, verification data, beneficial ownership information, and the assessment of the purpose and nature of the business relationship.

• Transaction Records: Detailed records of all virtual asset transactions, including the amount, type of virtual asset, date, time, originating and beneficiary addresses (or equivalent identifiers), and any other relevant transaction data. These records must be sufficient to reconstruct individual transactions.

• Analysis Records: Records of any analysis undertaken concerning complex, unusual, or large transactions, and the findings of such analysis.

• STRs: Copies of all suspicious transaction reports filed, along with supporting documentation.

• Internal Policies and Procedures: Records of internal AML/CFT policies, procedures, and training materials.

• Retention Period: Records must generally be kept for a minimum of five (5) years after the business relationship has ended or after the date of the transaction, and must be readily accessible by the supervisory authority or the FIU upon request.

Authority Overseeing Compliance

The Central Bank of Trinidad and Tobago (CBTT) is the primary regulatory and supervisory authority for Virtual Asset Service Providers (VASPs) under the Virtual Asset Business Act, 2022 (VABA). The CBTT is responsible for:

• Licensing and registration of VASPs.
• Issuing regulations, guidelines, and directives related to VASP operations, including AML/CFT.
• Conducting onsite and offsite supervision and examinations of VASPs to ensure compliance with the VABA and other relevant AML/CFT legislation.
• Imposing administrative penalties for non-compliance.

Regulatory Body URLs:

• Central Bank of Trinidad and Tobago (CBTT): https://www.central-bank.org.tt/
• Financial Intelligence Unit (FIU) of Trinidad and Tobago: https://www.fiutt.gov.tt/ (The FIU is responsible for receiving and analyzing STRs and providing AML/CFT guidance.)

While the Trinidad and Tobago Securities and Exchange Commission (TTSEC) (URL: https://www.ttsec.org.tt/) may have jurisdiction over virtual assets that qualify as "securities" under the Securities Act, the VABA 2022 explicitly designates the Central Bank as the supervisor for businesses dealing in virtual assets generally.