AML/CFT Supervisors in Gibraltar
The Gibraltar Financial Intelligence Unit (GFIU)
The Gibraltar Financial Intelligence Unit (GFIU) gathers, stores, analyses and disseminates intelligence related to criminal conduct (including but not limited to money laundering, the financing of terrorism and proliferation of weapons of mass destruction), transacted or attempted to be transacted through relevant financial businesses in accordance with the Proceeds of Crime Act 2015, the Terrorism Act 2018, and the Drug Trafficking Act 1995.
The Proceeds of Crime Act 2015 (POCA)
The Proceeds of Crime Act 2015 (POCA) designates a series of supervisory bodies, among which is the Financial Services Commission (GFSC).
How to comply with AML/CTF regulations in Gibraltar?
Obliged entities under the POCA, have various duties, among which are:
Duty to carry out customer due diligence, which includes:
- Identifying the customer
- Identifying all beneficial owners
- Understanding the ownership and control structure of the customer
- Understanding and obtaining information on the purpose and intended nature of the business relationship or occasional transaction
- Taking a risk-based approach to the verification of the identity of the customer and all beneficial owners, on the basis of documents, data or information obtained from a reliable and independent source
- Taking a risk-based approach to the verification of the source of funds and wealth of the customer and beneficial owners
- Determining whether the customer, or its beneficial owner, is a politically exposed person
- Conducting ongoing monitoring
- Keeping records of all actions taken under the due diligence
These measures must be applied when the obliged entity:
- Establishes a business relationship
- Carries out an occasional transaction amounting to 15,000 euro or more, whether the transaction is carried out in a single operation or in several linked operations
- In the case of people trading in goods, when carrying out occasional cash transactions that amount to 10,000 euro or more, whether the transaction is carried out in a single operation or in several linked operations
- Suspects money laundering, terrorist financing or proliferation financing
- Doubts the accuracy or adequacy of documents, data or information previously obtained for the purposes of identification or verification
- Constitutes a transfer of funds exceeding 1,000 euros
- Carries out an occasional transaction involving a virtual asset(s) with a value of 1,000 euros or more, whether the transaction is carried out in a single operation or in several linked operations which appear to be linked.
Simplified (or enhanced) due diligence measures may be carried out if the risk of money laundering and terrorism financing is high. [SS1]
In the case of customers which are politically exposed persons (PEPs), the obliged entity must, in addition to the customer due diligence requirements established:
- Have approval from senior management for establishing or continuing the business relationship with that person
- Take adequate measures to establish the source of wealth and source of funds involved in the business relationship or occasional transaction
- Where the business relationship is entered into, conduct enhanced ongoing monitoring of the relationship.
Duty to carry out ongoing monitoring during the business relationship, which involves: ensuring that customer due diligence documents and data are updated; and scrutinising transactions to ensure that they are consistent with the knowledge of the customer, their business and risk profile, including where necessary the source of funds.
Duty to keep records of:
- Documents and information obtained in the customer due diligence, for a period of 5 years from the date in which an occasional transaction is completed, or the business relationship ends
- Supporting evidence and records of all transactions for a period of 5 years:
- Where the records relate to a particular transaction, from the date on which the transaction is completed
- For all other records, from the date on which the business relationship ends
Duty to carry out a risk assessment to identify and assess the risks of ML/TF.
Duty to establish and maintain appropriate and risk-sensitive policies, controls, and procedures, relating to:
- Customer due diligence measures and ongoing monitoring
- Reporting
- Record-keeping
- Internal control
- Compliance management including the allocation of overall responsibility for the establishment and maintenance of effective systems of control to a compliance officer at management level
- Employee screening
Duty to train employees on AML/CTF legislation and on how to recognise and deal with transactions that may be related to ML/TF.
Duty to establish internal reporting procedures for the purposes of receiving disclosures about knowledge or suspicions of ML/TF.
What are my AML/CTF reporting obligations?
Obliged entities have the duty to report to the GFIU when they obtain information or suspect that any person has or may have been engaged in money laundering, the financing of terrorism or the proliferation of weapons of mass destruction.
How can MemberCheck Help?
Our clients are provided with a secure and simple solution in regard to scanning for politically exposed or high-risk individuals, as well as checking names against sanction, regulatory, law enforcement, and other official lists.
Use our sophisticated scan filters and due diligence workflow to minimise the amount of time you spend sorting through, false matches. Scan results and reporting sections allow you to access customer details, whenever and wherever required, as well as download reports, to customise for further investigation or to provide evidence of your AML program compliance for auditing purposes.
* This page is intended as general information only and should not be relied on as the sole source of information for your AML obligations and AML program. Please visit your local regulatory authority sites for the latest relevant and full information.
