Samoa -- AML/CFT Compliance Regulatory Overview

**Money Laundering Prevention Act 2007 (MLPA 2007):** This is the principal AML/CFT legislation. It mandates reporting entities (which typically include VASPs, even if not explicitly named, under broader definitions of financial institutions or through specific guidance/regulations) to implement measures to prevent money laundering and terrorist financing. This includes identifying and freezing assets of designated persons and entities.

**Money Laundering Prevention Amendment Act 2021:** This crucial amendment specifically expanded the scope of the MLPA 2007 to include Virtual Asset Service Providers (VASPs) as "financial institutions" or "reporting entities," bringing them under the AML/CFT obligations. This aligns Samoa with FATF Recommendation 15 on new technologies.

**Money Laundering Prevention Regulations 2008:** These regulations provide more detailed rules and procedures for implementing the MLPA.

**Financial Intelligence Unit Act 2007:** Establishes the Financial Intelligence Unit (FIU) and outlines its powers and functions.

**Prevention and Suppression of Terrorism Act 2002 (PSTA 2002):** This Act provides the legal basis for preventing and suppressing terrorism financing, including the freezing of assets of designated terrorist individuals and entities as mandated by UN Security Council Resolutions.

Exchange between virtual assets and fiat currencies.

Exchange between one or more forms of virtual assets.

Safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets.

Participation in and provision of financial services related to an issuer’s offer and/or sale of a virtual asset.

**For Individuals:** Obtaining and verifying name, residential address, date of birth, nationality, and a unique identification number (e.g., passport, national ID card). Verification typically requires independent, reliable source documents.

**For Legal Entities/Arrangements (e.g., companies, trusts):** Obtaining and verifying the name, legal form, proof of existence, powers that bind the entity, and the identity of relevant persons (e.g., directors, senior managing officials).

**Beneficial Ownership:** Identifying and verifying the identity of the beneficial owner(s) of the customer, and taking reasonable measures to understand the ownership and control structure of legal persons and arrangements.

**Purpose and Intended Nature of the Business Relationship:** Understanding the purpose and intended nature of the business relationship or occasional transaction.

**Ongoing Monitoring:** Continuously monitoring the business relationship, including scrutiny of transactions undertaken throughout the course of that relationship, to ensure that the transactions are consistent with the VASP’s knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.

**Enhanced Due Diligence (EDD):** Applying EDD for higher-risk customers, business relationships, and transactions. This includes situations involving:

Complex, unusually large transactions, or unusual patterns of transactions.

Business relationships and transactions with no apparent economic or lawful purpose.

**Simplified Due Diligence (SDD):** Permitted in specified low-risk situations, as defined by regulations or FIU guidance, where adequate measures exist to mitigate the risk.

**Reporting Obligation:** If a VASP knows, suspects, or has reasonable grounds to suspect that funds or transactions (regardless of amount) are linked to money laundering, terrorism financing, or other criminal activity, it must report these suspicions to the FIU without delay.

**No Tipping-Off:** VASPs and their employees are prohibited from disclosing to the customer or any third party that a STR has been or will be made, or that an investigation is being conducted.

**CDD Records:** All records obtained through CDD procedures (e.g., identification documents, verification data).

**Transaction Records:** Records of all domestic and international transactions, including the amount, currency, date, and details of the parties involved.

**Business Correspondence:** Records of correspondence relating to customer accounts and business relationships.

**Duration:** These records must generally be kept for a period of at least **seven (7) years** after the business relationship has ended or after the date of an occasional transaction.

**Risk Assessment:** Conducting a comprehensive institutional risk assessment to identify and evaluate the specific AML/CFT risks they face.

**Internal Policies and Procedures:** Developing and implementing written AML/CFT policies and procedures, including those for CDD, STR, record-keeping, and internal reporting.

**Compliance Officer:** Appointing a designated compliance officer at a management level responsible for overseeing AML/CFT compliance.

**Employee Training:** Providing ongoing AML/CFT training to all relevant employees to ensure they understand their obligations and can identify suspicious activities.

**Independent Audit:** Establishing an independent audit function to test the effectiveness of the AML/CFT program.

**Screening Procedures:** Implementing appropriate screening procedures for hiring employees to ensure high standards of integrity.

**Financial Intelligence Unit (FIU) of Samoa**

Identify and verify the identity of their customers (KYC).

Monitor transactions for suspicious activity.

Report suspicious transactions to the FIU.

Samoa does not have a specific, dedicated "crypto custody license."

However, entities operating as virtual asset service providers (VASPs) that provide custody services are generally subject to the AML/CFT obligations outlined in the **Money Laundering Prevention Act 2007**.

A VASP engaging in custody would need to be registered as a business entity with the FSRA and comply with the AML/CFT requirements applicable to reporting institutions. The exact nature of the registration would depend on the specific business model and the interpretation by the FSRA of existing financial services laws.

**Financial Services Regulatory Authority (FSRA) Website:** While not providing specific VASP licensing forms, it outlines the general regulatory landscape.

There are **no specific, explicit regulatory rules or mandates** in Samoan law that require crypto custodians to segregate client digital assets from their proprietary assets.

While good industry practice and general fiduciary principles would strongly recommend asset segregation, it is not a direct regulatory requirement under Samoa's current AML/CFT-focused framework for VASPs.

There are **no specific, explicit regulatory requirements** for crypto custodians in Samoa to hold insurance or bonding against theft, loss, or other operational risks related to digital asset custody.

General business insurance might be required for any company operating in Samoa, but specific crypto-related fidelity bonds or insurance are not mandated by regulation.

There are **no specific, explicit regulatory mandates** in Samoan law dictating the use of cold storage (offline storage) or any other specific technological security measures for safeguarding client digital assets.

The AML/CFT framework focuses on preventing illicit financial activities rather than dictating technical operational security protocols for asset protection.

The concept of a "Qualified Custodian," which is primarily a term used in U.S. securities law (e.g., under the SEC's Custody Rule), **does not exist** within Samoa's current regulatory framework for virtual assets.

Samoan law focuses on the definition and regulation of Virtual Asset Service Providers (VASPs) as a general category for AML/CFT purposes, rather than establishing a specific "qualified custodian" designation.

As of early 2024, there are **no publicly announced or readily discoverable proposals or drafts for specific, dedicated crypto custody legislation** in Samoa beyond the existing AML/CFT framework.

Samoa, like other jurisdictions, is generally influenced by the recommendations of the Financial Action Task Force (FATF). Any future legislative changes are most likely to stem from updates to FATF guidelines on virtual assets and VASPs, which might lead to broader amendments to the Money Laundering Prevention Act, but not necessarily a standalone "custody law."

Mandates for specific storage technologies (like cold storage)

A definition or concept of a "Qualified Custodian"

**Legal Reference:** Money Laundering Prevention Act 2007 (as amended)

**Money Laundering Prevention Regulations 2017:** These regulations provide more detailed requirements for reporting entities, including obligations related to targeted financial sanctions. They specify how entities must implement measures to comply with UN sanctions.

**Legal Reference:** Money Laundering Prevention Regulations 2017

**Legal Reference:** Prevention and Suppression of Terrorism Act 2002 (as amended)

**Extraterritorial Reach:** OFAC (U.S. Office of Foreign Assets Control), EU, and UK sanctions have significant extraterritorial reach. Transactions involving U.S. persons or the U.S. financial system, EU/UK persons, or entities subject to their jurisdiction can trigger compliance obligations, regardless of where the VASP is based. Given the borderless nature of crypto, such connections are common.

**Correspondent Banking:** VASPs often rely on traditional financial institutions for fiat on/off-ramps, which themselves are subject to global sanctions regimes. Non-compliance with major sanctions by a VASP can jeopardize these crucial banking relationships.

**FATF Recommendations:** Samoa is a member of the Asia/Pacific Group on Money Laundering (APG), a FATF-style regional body. FATF Recommendation 6 (Terrorist Financing) and 7 (Proliferation Financing) require countries to implement targeted financial sanctions. Recommendation 15 specifically applies AML/CFT requirements to Virtual Assets (VAs) and VASPs. This means VASPs must adopt a risk-based approach that includes sanctions screening.

**Reputational Risk:** Associating with sanctioned entities or jurisdictions can severely damage a VASP's reputation and ability to operate internationally.

**Risk-Based Approach:** VASPs must conduct a comprehensive risk assessment of their business, customers, and transactions, identifying and mitigating sanctions risks.

**Customer Due Diligence (CDD) & Enhanced Due Diligence (EDD):** This includes identifying beneficial owners and understanding the purpose of transactions.

**Sanctions Screening:** Implementing robust real-time and ongoing screening of all customers, counterparties, and transactions against relevant sanctions lists (UN, OFAC SDN, EU Consolidated, UK HMT, etc.).

**Transaction Monitoring:** Monitoring transactions for patterns indicative of sanctions evasion or dealings with sanctioned entities/jurisdictions.

**Freezing of Funds/Assets:** Immediate freezing of funds/assets and prohibition of services if a match with a sanctioned entity is found.

**Reporting:** Prompt reporting of matches and frozen assets to the Central Bank of Samoa (CBS) or relevant authorities.

**Primary Obligation (Samoa Law):** Screening against the **UN Consolidated Sanctions List** (which includes individuals and entities designated under various UN resolutions, e.g., Al-Qaida, ISIL, Taliban, DPRK, Iran). This is directly mandated by Samoa's MLPA and PSTA.

**Best Practice / Indirect Obligation (Global Interoperability):** To effectively manage risk and comply with extraterritorial sanctions, VASPs should also screen against:

**OFAC Specially Designated Nationals (SDN) List and other OFAC lists.**

**EU Consolidated List of Persons, Groups, and Entities Subject to EU Financial Sanctions.**

**UK HM Treasury Consolidated List of Financial Sanctions Targets.**

Other relevant national sanctions lists depending on their global footprint and customer base.

All customers during onboarding (Know Your Customer - KYC).

Originators and beneficiaries of virtual asset transfers (in line with FATF's "Travel Rule").

Ongoing monitoring of existing customers and transactions.

**UN Sanctions Programs:** Restrictions on dealings with countries or entities subject to comprehensive UN sanctions (e.g., related to DPRK, Iran, etc.).

**OFAC/EU/UK Sanctions:** These regimes impose significant restrictions on dealings with comprehensively sanctioned jurisdictions (e.g., Cuba, Iran, North Korea, Syria, certain regions of Ukraine, and often specific individuals/entities in other countries). VASPs must ensure they do not facilitate transactions that directly or indirectly benefit these jurisdictions or their sanctioned entities.

**FATF High-Risk Jurisdictions:** While not a "sanction," the FATF identifies "high-risk jurisdictions" (e.g., on the FATF "black list" or "grey list"). VASPs are expected to apply enhanced due diligence to business relationships and transactions with persons and financial institutions from these countries.

**Money Laundering Prevention Act 2007:**

**Individuals:** Imprisonment for a term not exceeding 10 years or a fine not exceeding 500,000 Tala (WST), or both.

**Body Corporates:** Fines not exceeding 1,000,000 Tala (WST).

Specific penalties exist for failing to report suspicious transactions, failing to comply with freezing orders, or obstructing investigations.

**Legal Reference:** Sections 31-35 of the Money Laundering Prevention Act 2007

**Terrorism Financing:** Imprisonment for life or for a term not less than 10 years.

**Failure to Freeze Assets:** Imprisonment for a term not exceeding 10 years or a fine not exceeding 500,000 Tala (WST), or both.

**Legal Reference:** Sections 10-12 of the Prevention and Suppression of Terrorism Act 2002