Primary source company intelligence via Know Your Business (KYB) Solution

PAY-AS-YOU-GO (PAYG) SERVICE
GLOBAL COVERAGE
COMPREHENSIVE DATASETS
INFORMED DUE DILIGENCE
ONLINE PLATFORM
Learn More

Gibraltar’s AML/CTF supervisors

Supervisor
Gibraltar Financial Intelligence Unit (GFIU)

In accordance with the Proceeds of Crime Act 2015, the Terrorism Act 2018, and the Drug Trafficking Act 1995, the Gibraltar Financial Intelligence Unit (GFIU) collects, stores, analyses, and disseminates intelligence relating to criminal conduct (including but not limited to money laundering, the terrorism financing, and the proliferation of weapons of mass destruction), transacted or attempted to be transacted through relevant financial businesses.

The Financial Services Commission (GFSC)

The Financial Services Commission is one of several regulatory agencies named under the Proceeds of Crime Act 2015 (POCA).

How do you comply with AML/CTF regulations in Gibraltar?

Some of the obligations that obliged entities have under POCA are as follows.

Customer due diligence is required, and this includes the following elements.

  1. Identifying the customer
  2. Making a list of all beneficial owners
  3. Recognising the customer's ownership and control structure
  4. Dealers or issuers of travellers' cheques
  5. Knowing the objective and planned nature of the business relationship or occasional transaction and gathering information on it
  6. Utilising documents, data, or other information collected from a reputable and independent source to verify the identification of the customer and all beneficial owners in a risk-based manner
  7. Using a risk-based method to check the customer's and the beneficial owners' sources of wealth
  8. Using a risk-based method to check the customer's and the beneficial owners' sources of wealth
  9. Identifying the political exposure of the consumer or its beneficial owner
  10. Carrying out continual observation
  11. Recording all activities conducted in accordance with due diligence procedures

If the obliged party engages in the following acts, the aforementioned actions must be taken.

  1. Creates a commercial connection
  2. Carries out a transaction every now and then totalling at least 15,000 euros, whether the transaction is completed in a single operation or a series of connected transactions
  3. People who trade goods may occasionally conduct cash transactions of 10,000 euros or more, whether they are completed in a single operation or a series of linked activities
  4. Suspicions of terrorism financing, money laundering, or nuclear proliferation
  5. Questions the validity of documents, data, or information that have already been gathered for the sake of identification or verification
  6. Constitutes a transfer of more than 1,000 euros in value
  7. Occasionally engages in transactions involving virtual assets with a value of at least 1,000 euros, whether the transaction is completed in a single operation or a series of linked operations that are connected

Due diligence measures may be strengthened if there is a high risk of money laundering and terrorism financing.

Customers who are politically exposed persons (PEPs) demand further due diligence from the obliged entity than those who are not PEPs, including:

  1. Obtain top management's consent before beginning or maintaining a business engagement with that person
  2. Take the necessary steps to determine the wealth and funding sources engaged in the business partnership or sporadic transaction
  3. Enhance continual relationship monitoring wherever the commercial relationship is established

It is your responsibility to conduct ongoing monitoring throughout the business relationship, which includes keeping customer due diligence records and up-to-date data and carefully reviewing transactions to ensure they are consistent with what you know about the customer, their business, and their risk profile, including, if necessary, the source of funds.

Keeping records required for:

  1. Documents and data collected during client due diligence, for a period of 5 years following the completion of a single transaction or the termination of the business relationship.
  2. Supporting documentation and 5 years' worth of transactional records:
    1. From the date the transaction is completed if the records pertain to a specific transaction
    2. From the day the business relationship terminates, for all other records

Requirement to conduct a risk assessment to determine and evaluate the ML/TF hazards.

Establishing and upholding suitable and risk-sensitive policies, controls, and processes regarding:

  1. Customer due diligence procedures and ongoing supervision
  2. Reporting
  3. Recordkeeping
  4. Internal regulation
  5. Appointing a compliance officer
  6. Employer evaluation

Employers have the responsibility to train employees on AML/CTF regulations, as well as how to identify and handle transactions that may be related to ML/TF.

Establishing internal reporting processes is required to collect information about knowledge or suspects of ML/TF.

What are my AML/CTF reporting obligations?

When obligated entities learn or believe that someone is involved in money laundering, terrorism financing, or the spread of weapons of mass destruction, they must notify the GFIU.

Obligations