Anti-Money Laundering Regulations

ANTI-MONEY LAUNDERING PUBLISHING DETAILS Revised under the authority of the Law Revision Act (2020 Revision). The Anti-Money Laundering Regulations, 2017 made 19th September, 2017 amended by the Civil Partnership Law, 2020 [Law 35 of 2020] and the Citation of Acts of Parliament Act, 2020 [Act 56 of 2020]. Consolidated with — Anti-Money Laundering (Amendment) Regulations, 2017 made 1st November, Anti-Money Laundering (Designated Non-Financial Business and Professions) (Amendment) (No. 2) Regulations, 2017 made 12th December, 2017 Anti-Money Laundering (Amendment) Regulations, 2019 made 4th June, 2019 Anti-Money Laundering (Amendment) (No. 2) Regulations, 2019 made 16th July, Anti-Money Laundering (Amendment) Regulations, 2020 made 4th February, 2020 Anti-Money Laundering (Amendment) (No. 2) Regulations, 2020 made 22nd May, Anti-Money Laundering (Amendment) (No. 3) Regulations, 2020 made 10th November, 2020 Anti-Money Laundering (Amendment)) Regulations, 2024 made 9th April, 2024. Consolidated and revised this 31st day of December, 2024. Note (not forming part of these Regulations): This Revision replaces the 2023 Revision which should now be discarded. Regulation PART 1 - Introductory PART 2 - Compliance Programme, Systems and Training Obligations Systems and training to prevent money laundering, terrorist financing and proliferation PART 3 - Assessing Risk and Applying a Risk-Based Approach 8A. PART 4 - Customer Due Diligence PART 5 - Simplified Customer Due Diligence PART 6 - Enhanced Customer Due Diligence PART 7 - Politically Exposed Persons PART 8 - Record-Keeping Procedures PART 9 - Money Laundering Reporting Officer PART 10 - Identification and record-keeping requirements relating to Wire Transfers PART 10A - Identification and record-keeping requirements relating to transfers of virtual assets PART 11 - Shell Banks and Correspondent Banks PART 11A - Disclosure and sharing of information 53AA. PART 11B – Reporting requirements of Supervisory Authorities PART 12 - Disclosure Obligations of Supervisory Authorities Part 12A - Designated Non-Financial Businesses and Professions Designation of DNFBPs and Supervisory Authorities DNFBP Register Obligations of DNFBPs Restrictions on the Disclosure of Information by Supervisory Authorities Administrative Fines Discretionary fine criteria General Imposing a fine Internal review of minor fines by a Supervisory Authority designated for a DNFBP 55ZH.Application to relevant person or body within the Supervisory Authority designated for a Appeal against discretionary fines to Grand Court Fine is a debt to the Crown Miscellaneous PART 13 - Offences, Repeal, Savings and Transitional SCHEDULE 1 CLASSES OF LONG-TERM BUSINESS SCHEDULE 2 PRESCRIBED PROVISIONS AND BREACH CATEGORIES Regulation 1 PART 1 - Introductory Citation These Regulations may be cited as the Anti-Money Laundering Regulations (2025 Definitions (1) In these Regulations — “Act” means the Proceeds of Crime Act (2025 Revision); “Anti-Money Laundering Compliance Officer” means the person designated in accordance with regulation 3(1); “appeal” means an appeal for which leave is granted by the Grand Court under regulation 55ZK and any further appeals relating to the decision on such an appeal; “applicant for business” means a person seeking to form a business relationship, or carry out a one-off transaction, with a person who is carrying out relevant financial business in the Islands; “banking business” has the meaning assigned in the Banks and Trust Companies Act (2025 Revision); “batch file transfer” means several individual transfers of funds which are bundled together for transmission; “beneficial owner” means the natural person who ultimately owns or controls the customer or on whose behalf a transaction or activity is being conducted and includes but is not restricted to — (a) in the case of a legal person other than a company whose securities are listed on a recognised stock exchange, a natural person who ultimately owns or controls, whether through direct or indirect ownership or control, 10% or more of the shares or voting rights in the legal person; (b) in the case of any legal person, a natural person who otherwise exercises ultimate effective control over the management of the legal person; or in the case of a legal arrangement, the trustee or other person who exercises ultimate effective control over the legal arrangement; “beneficiary or beneficiaries” means — (a) in relation to a wire transfer, the natural or legal person or legal arrangement who is identified by the originator as the receiver of the requested wire transfer; and (b) in relation to life insurance or another investment linked insurance policy, a natural or legal person, or a legal arrangement, or category of persons, who will be paid the policy proceeds when or if an insured event occurs, which is covered by the policy. “breach notice” means a notice under regulation 55ZC, of a Supervisory Authority’s intention to impose a fine, issued by a Supervisory Authority, to a party that a Supervisory Authority believes has breached a prescribed provision; “business relationship” means any arrangement between two or more persons where — (a) the purpose of the arrangement is to facilitate the carrying out of transactions between the persons concerned on a frequent, habitual or regular basis; and (b) the total amount of any payment or payments to be made by any person to any other in the course of that arrangement is not known or capable of being ascertained at the time the arrangement is made. “close associate” means any natural person who is known to hold the ownership or control of a legal instrument or person jointly with a politically exposed person, or who maintains some other kind of close business or personal relationship with a politically exposed person, or who holds the ownership or control of a legal instrument or person which is known to have been established to the benefit of a politically exposed person; “competent authority” means a public body in the Islands charged with responsibility for combating money laundering, terrorist financing and proliferation financing including — (a) the Financial Reporting Authority and any authority charged with the responsibility for investigating and prosecuting money laundering, associated predicate offences, terrorist financing and proliferation financing, and seizing or freezing and confiscating criminal assets; (b) any authority receiving reports on cross-border transportation of currency and bearer negotiable instruments; and any authority having anti-money laundering, counter terrorist financing financing or counter proliferation financing supervisory or monitoring responsibility aimed at ensuring compliance by a relevant financial business with anti-money laundering, counter terrorist financing or counter proliferation financing requirements; “connected person” means, in relation to a person carrying out relevant financial business where the person is a body corporate, partnership or unincorporated body — (a) a manager of the body corporate, partnership or unincorporated body; (b) a director, secretary or senior executive of the body corporate, partnership or unincorporated body, regardless of job title; or the natural person who ultimately owns or controls the body corporate, partnership or unincorporated body and includes — (i) in the case of a legal person, other than a company whose securities are listed on a recognised stock exchange, a natural person who ultimately owns or controls, whether through direct or indirect ownership or control, ten per cent or more of the shares or voting rights in the legal person; (ii) in the case of a legal person, a natural person who otherwise exercises ultimate effective control over the management of the legal person; or (iii) in the case of a legal arrangement, the trustee or other person who exercises ultimate effective control over the legal arrangement; “cross-border wire transfer” in relation to the transfer of money, means a single wire transfer in which the ordering financial institution and beneficiary financial institution are located in different countries or any chain of such transfers; “customer” means a person who is in a business relationship, or is carrying out a one-off transaction, with a person who is carrying out relevant financial business in the Islands; “designated non-financial business and profession” or “DNFBP” means a natural or legal person designated under regulation 55A; “discount agreement” means an agreement in principle between a Supervisory Authority and a party that has breached a prescribed provision about the amount of a proposed discretionary fine; “discretionary fine” means — (a) a proposed fine for which a Supervisory Authority has fine discretions; or (b) a fine in respect of which a Supervisory Authority exercised fine discretions; “domestic wire transfer” in relation to the transfer of money, means any wire transfer in which the ordering financial institution and beneficiary financial institution are located in the Islands; “established business relationship” is a business relationship where a person providing a relevant financial service has obtained, under procedures maintained by that person in accordance with Part 4, satisfactory evidence of the identity of an applicant for business; “family member” includes the spouse, civil partner, parent, sibling or child of a politically exposed person; “Financial Action Task Force” means the task force established by the Group of Seven, to develop and promote national and international policies to combat money laundering, terrorist financing and proliferation financing; “Financial Action Task Force - style regional body” means an associate member of the Financial Action Task Force comprised of states or territories which have collectively agreed to implement common counter-measures against money laundering, terrorist financing and the proliferation of weapons of mass destruction, based on the policies developed and promoted by the Financial Action Task Force; “financial group” means a group that consists of a parent company or any other type of legal person, exercising control and coordinating functions over the rest of the group for the application of group supervision together with branches or subsidiaries that are subject to anti-money laundering, counter terrorist financing and counter proliferation financing policies and procedures at the group level; “fine discretion” means a Supervisory Authority’s discretion under regulation 55S(5) to decide whether to impose a fine and the amount of the fine; “fine notice” means a notice issued by a Supervisory Authority under regulation 55ZG; “firm” means — (a) in respect of attorneys at law — (i) a body corporate, association, partnership or limited liability partnership of attorneys who are admitted to practice law in the Islands; or (ii) an attorney admitted to practice law in the Islands who is in independent practice as a sole proprietor or who provides legal services to an employer other than the Government; and (b) in respect of accountants, a body corporate, association, partnership, limited liability partnership or sole practitioner — (i) engaging in public practice, as defined in the Accountants Act (2024 Revision); or (ii) providing an accountancy service of recording, reviewing, analysing, calculating and reporting on financial information, in the course of business, which includes the following — (A) bookkeeping services; (B) payroll services; (C) accounts preparation; or (D) providing tax advisory or tax compliance services; “former DNFBP” means a person who at any time has been carrying on business as a DNFBP, but who has ceased to carry on the DNFBP. “give”, in relation to a notice or information, means to deliver, provide, send or transmit the notice or information; “government body” means — (a) a government company; (b) an entity within the public service; or a statutory authority, within the Islands; “government company” means — (a) a company in which the Government has a controlling interest; and (b) in respect of each such company, includes all subsidiary entities of the company; “interest” means interest accrued or accruing on a fine under regulation 55ZQ; “insurance business” means business of any of the classes of business specified in Schedule 1; “intermediary payment service provider” means a payment service provider, neither of the payer nor of the payee, that participates in the execution of transfers of funds; “legal arrangement” means a trust or partnership or other entity created between parties which lacks separate legal personality; “legal person” means a company or other entity created by operation of law with separate legal personality; “minor fine” means a fine under regulation 55S(1); “minor fine (continuing)” means a fine under regulation 55S(2); “Monetary Authority” has the meaning assigned under the Act; “money laundering” means doing any act which constitutes an offence under sections 19 to 22 of the Terrorism Act (2018 Revision) or section 144(10) of the Act or, in the case of an act done otherwise than in the Islands, would constitute such an offence if done in the Islands; “Money Laundering Reporting Officer” means the “nominated officer” as defined in the Act and “Deputy Money Laundering Reporting Officer” shall be construed accordingly; “natural person” means a human being, as distinguished from a company or other entity created by operation of law with separate legal personality; “notice” means written information given, or to be given in hard copy, electronically, by hand, by post or by any other mode of communication; “one-off transaction” means any transaction other than a transaction carried out in the course of an established business relationship formed by a person carrying out relevant financial business; “original decision” means a Supervisory Authority’s decision — (a) in relation to a minor fine or minor fine (continuing), to impose the fine; (b) in relation to a discretionary fine, to impose a fine of a specified amount; or in relation to both (a) and (b); “originator” means a person whether natural or legal who places an order with the relevant financial business for the transmission of a wire transfer; “overseas regulatory authority” means an authority which — (a) is located in a country other than the Islands that is a member of the Financial Action Task Force or a member of a Financial Action Task Force-style regional body; and (b) exercises a function corresponding to a statutory function of a Supervisory Authority in relation to relevant financial business in the Islands; “party”, in relation to a provision under these Regulations dealing with a breach, fine or proposed fine, means the person on whom the fine has been imposed or is being proposed or considered to be imposed; “payable-through account” means a correspondent account that is used directly by third parties to transact business on their own behalf; “payee” means a person or legal arrangement that is the intended final recipient of transferred funds; “payer” means either a person who holds an account and allows a transfer of funds from that account, or, where there is no account, a natural or legal person who places an order for a transfer of funds; “payment service provider” means a person whose business includes the provision of transfer of funds services; “politically exposed person” includes — (a) a person who is or has been entrusted with prominent public functions by a foreign country, for example a Head of State or of government, senior politician, senior government, judicial or military official, senior executive of a state owned corporation, and important political party official; (b) a person who is or has been entrusted domestically with prominent public functions, for example a Head of State or of government, senior politician, senior government, judicial or military official, senior executives of a state owned corporation and important political party official; and a person who is or has been entrusted with a prominent function by an international organisation like a member of senior management, such as a director, a deputy director and a member of the board or equivalent functions; “proliferation” means the development or production, or the facilitation of the development or production, of nuclear, radiological, biological or chemical weapons or systems for their delivery; “proliferation financing risk” means the potential breach, nonimplementation or evasion of targeted financial sanctions obligations related to proliferation financing that are imposed or applied by United Nations Security Council Resolutions; “public service” includes Ministries, Portfolios, departments, agencies reporting directly to the Cayman Islands Parliament, Governmental committees, statutory authorities and Government companies; “rectification notice” means a notice to a Supervisory Authority by a party who has breached a prescribed provision stating that the breach was rectified within thirty days after the party received the breach notice; “relevant account” means an account from which a payment may be made by any means to a person other than the applicant for business, whether such a payment — (a) may be made directly to such a person from the account by or on behalf of the applicant for business; or (b) may be made to such a person indirectly as a result of — (i) a direct transfer of funds from an account from which no such direct payment may be made to another account; or (ii) a change in any of the characteristics of the account; “reply” means a notice to a Supervisory Authority by a party who has received a breach notice, making representations opposing the Supervisory Authority’s proposed action to impose a fine; “reply period” means the period stated in a breach notice, within which the recipient of the breach notice may give a reply to the Supervisory Authority; “shell bank” means any institution that accepts currency for deposit and that — (a) has no physical presence in the jurisdiction in which it is incorporated or in which it is operating, as the case may be; and (b) is unaffiliated with a regulated financial group that is subject to consolidated supervision. “statutory authority” means an entity established by an Act to carry out functions which are capable under that Act, of being funded, partly or entirely, by money provided by Cabinet, and for which the Governor or the Cabinet has the power to appoint or dismiss the majority of the Board or other governing body; “straight-through processing” means payment transactions that are conducted electronically without the need for manual intervention; “stayed”, in relation to a fine, means that the fine may not be imposed because of the operation of an order under regulation 55ZN(2); “Supervisory Authority” means the Monetary Authority or other body that may be assigned the responsibility of monitoring compliance with money laundering regulations made under the Act in relation to persons carrying out “relevant financial business” who are not otherwise subject to such monitoring by the Monetary Authority; “supervisory or regulatory guidance” means guidance issued, adopted or approved by a Supervisory Authority or contained in Regulations issued under the Act; “terrorist financing” means doing any act which constitutes an offence under sections 19 to 22 of the Terrorism Act (2018 Revision) or, in the case of an act done otherwise than in the Islands, would constitute such an offence if done in “transfer of funds” means any transaction carried out on behalf of a payer through a payment service provider by electronic means, with a view to making funds available to a payee at a payment service provider, irrespective of whether the payer and the payee are the same person; “unique identifier” means a combination of letters, numbers or symbols, determined by the payment service provider, in accordance with the protocols Regulation 3 of the payment and settlement system or messaging system used to effect the transfer of funds; “virtual asset service provider” has the meaning assigned under section 3 of the Virtual Asset (Service Providers) Act (2025 Revision); “winding up notice” means a demand under section 93(a) of the Companies Act (2025 Revision); and “wire transfer” means any transaction carried out on behalf of an originator, who may be either a person or legal arrangement by electronic means, through a financial institution, with a view to making money available to a beneficiary at another relevant financial business. (2) The reference, in the definition of “money laundering”, to doing any act which would constitute an offence under the Act shall, for the purpose of these regulations, be construed as a reference to doing any act which would constitute an offence under the Act if, for section 144(2) of the Act, there were substituted — “(2) In this Act “criminal conduct” is conduct which — (a) constitutes an offence to which this Act applies; or (b) would constitute such an offence if it had occurred in the Islands and contravenes the Act of the country in which it occurred.”. PART 2 - Compliance Programme, Systems and Training Obligations Compliance programme, systems and training obligations (1) A person carrying out relevant financial business shall for the purpose of ensuring compliance with the requirements set out in these Regulations, designate a person at the managerial level as the Anti-Money Laundering Compliance Officer. (2) To satisfy the requirements of these Regulations, a person carrying out relevant financial business may — (a) delegate the performance of any function to a person; or (b) rely on a person to perform any function required to be performed. (3) Notwithstanding paragraphs (1) and (2) the responsibility for compliance with the requirements of these Regulations is that of the person carrying out relevant financial business. Duties of the Anti-Money Laundering Compliance Officer The Anti-Money Laundering Compliance Officer shall — Regulation 5 (a) ensure that measures set out in these Regulations are adopted by the person carrying out relevant financial business who designated that Anti-Money Laundering Compliance Officer; and (b) function as the point of contact with competent authorities for the purpose of these Regulations. Systems and training to prevent money laundering, terrorist financing and A person carrying out relevant financial business shall not, in the course of the relevant financial business carried out by the person in or from the Islands, form a business relationship, or carry out a one-off transaction, with or for another person unless that person — (a) maintains as appropriate, having regard to the money laundering risks, terrorist financing risks and proliferation financing risks and the size of that business, the following procedures in relation to that business — (i) identification and verification procedures in accordance with Part 4; (ii) adoption of a risk-based approach as set out in Part 3 to monitor financial activities, which would include categories of activities that are considered to be of a high risk; (iii) procedures to screen employees to ensure high standards when hiring; (iv) record-keeping procedures in accordance with Part 8 ; (v) adequate systems to identify risk in relation to persons, countries and activities which shall include checks against all applicable sanctions lists; (vi) adoption of risk-management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification; (vii) observance of the list of countries, published by any competent authority, which are non-compliant, or do not sufficiently comply with the recommendations of the Financial Action Task Force; (viii) internal reporting procedures in accordance with regulation 34 except where the person concerned is an individual who in the course of relevant financial business does not employ or act in association with any other person; (viiia) procedures for the assessment of one-off transactions and the ongoing monitoring of business relationships for the purposes of preventing, countering and reporting money laundering, terrorist financing and proliferation financing and such procedures allowing Regulation 6 for the identification of assets subject to targeted financial sanctions applicable in the Islands; (viiib) procedures to ensure compliance with targeted financial sanctions obligations applicable in the Islands; and (ix) such other procedures of internal control, including an appropriate effective risk-based independent audit function and communication as may be appropriate for the ongoing monitoring of business relationships or one-off transactions for the purpose of forestalling and preventing money laundering, terrorist financing and (b) complies with the identification and record-keeping requirements of Parts 4 and 8; takes appropriate measures from time to time for the purpose of making employees aware of — (i) the procedures under paragraph (a) which are maintained by the person and which relate to the relevant financial business in question; and (ii) the enactments relating to money laundering, terrorist financing, proliferation financing and targeted financial sanctions; (d) provides employees from time to time with training in the recognition and treatment of transactions carried out by, or on behalf of, any person who is, or appears to be, engaged in money laundering, terrorist financing or proliferation financing, or whose assets are subject to targeted financial sanctions applicable in the Islands; and (e) designates an Anti-Money Laundering Compliance Officer. Group-wide programmes (1) A financial group or other person carrying out relevant financial business through a similar financial group arrangement shall implement group-wide programmes against money laundering, terrorist financing and proliferation financing, which are applicable, and appropriate to, all branches and majorityowned subsidiaries of the financial group and these programmes shall include — (a) the procedures set out in regulation 5; (b) policies and procedures for sharing information required for the purpose of customer due diligence and the managing of money laundering risks, terrorist financing risks and proliferation financing risks; group-level compliance, audit, anti-money laundering, counter terrorist financing and counter proliferation financing functions being provided with customer, account and transaction information from branches and Regulation 7 subsidiaries when necessary for anti-money laundering, counter terrorist financing or counter proliferation financing purposes, including information and analysis, if analysis was done, of transactions or activities which appear unusual; and (d) adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off. (2) The information required to be provided under paragraph (1)(c) may include suspicious activity reports and their underlying information and the fact that a suspicious activity report has been filed. (3) Branches and subsidiaries of the financial group shall receive information provided under paragraph (1)(c), where relevant and appropriate to money laundering and terrorist financing risk management. Application of measures extraterritorially (1) A person carrying out relevant financial business shall ensure that the foreign branches and majority-owned subsidiaries of the person, apply anti-money laundering, counter terrorist financing and counter proliferation financing measures consistent with those required by the Islands, where the minimum anti-money laundering, counter terrorist financing and counter proliferation financing requirements of the country in which the foreign branches and majority-owned subsidiaries of the person are located, are less strict than those of the Islands, to the extent that laws and regulations of that country permit. (2) Where the country, in which the foreign branches and majority-owned subsidiaries of the person carrying out relevant financial business are located, does not permit the proper implementation of anti-money laundering, counter terrorist financing and counter proliferation financing measures consistent with those required by the Islands, financial groups shall — (a) apply appropriate additional measures to money laundering risks, terrorist financing risks and proliferation financing risks; and (b) inform the relevant Supervisory Authority of the improper implementation of anti-money laundering, counter terrorist financing and counter proliferation financing measures. PART 3 - Assessing Risk and Applying a Risk-Based Approach Assessment of risk (1) A person carrying out relevant financial business shall take steps appropriate to the nature and size of the business to identify, assess and understand its money laundering risks, terrorist financing risks and proliferation financing risks in relation to — Regulation 8 (a) a customer of the person; (b) the country or geographic area in which the customer of the person resides or operates; the products, services and transactions of the person; and (d) the delivery channels of the person. (2) A person carrying out relevant financial business shall — (a) document and keep up to date the assessment required under paragraph (1) of its money laundering risks, terrorist financing risks and proliferation financing risks; (b) consider all relevant risk factors before determining what is the level of overall risk and the appropriate level and type of mitigation to be applied; maintain appropriate mechanisms to provide information to competent authorities and self-regulatory bodies about the assessment of risk required under paragraph (1); (d) implement policies, controls and procedures, that are approved by senior management and consistent with national requirements and guidance from competent authorities and self regulatory bodies, to enable the person to manage and mitigate the money laundering risks, terrorist financing risks and proliferation financing risks that have been identified by the country or by the relevant financial business; (e) monitor the implementation of the controls referred to in subparagraph (d) and enhance the controls where necessary; (f) identify and assess the money laundering risks and terrorist financing risks that may arise in relation to the development of new products and new business practices, including new delivery mechanisms and the use of new or developing technologies for both new and pre-existing products; (g) where higher money laundering risks or terrorist financing risks are identified, take enhanced customer due diligence to manage and mitigate the identified risks; (h) where higher proliferation financing risks are identified, take measures to mitigate the identified risks, including applying enhanced due diligence measures aimed at detecting possible breaches, the non-implementation, or evasion of targeted financial sanctions; and (i) where lower proliferation financing risks are identified, ensure that — (i) measures to manage the risks are commensurate with the level of risks; and (ii) the person complies with targeted financial sanctions applicable in Regulation 8A 8A. Risk assessment of a country or geographic area 8A. (1) When assessing the money laundering risk, terrorist financing risk or proliferation financing risk of a particular country or geographic area and the extent of the measures which should be taken to manage and mitigate that risk, a person carrying out relevant financial business shall take account of credible sources related to — (a) money laundering; (b) terrorist financing; (c) proliferation financing; (d) corruption; and (e) any other criminal activity. (2) When conducting a risk assessment, a person carrying out relevant financial business shall not assess a country or geographic area as having a low money laundering risk, low terrorist financing risk or low proliferation financing risk where any of the following factors are present — (a) the country or geographic area has been identified by credible sources as not having effective systems to counter money laundering, terrorist financing and proliferation financing; (b) the country or geographic area has been identified by credible sources as having significant levels of corruption, terrorism, money laundering, terrorist financing, or proliferation financing ; (c) the country or geographic area is subject to sanctions related to its risk of money laundering, terrorist financing or proliferation financing by — (i) the United Kingdom; or (ii) the United Nations; (d) the country or geographic area has been identified by the Financial Action Task Force as a country or geographic area to which counter-measures or enhanced due diligence measures proportionate to the risks arising from the country or geographic area should be applied; and (e) the country or geographic area is subject to an Order made under section 201(3) of the Act. (3) In this regulation, “credible sources” includes evaluations, detailed assessment reports or follow-up reports published by — (a) the Financial Action Task Force; (b) the International Monetary Fund; (c) the World Bank; (d) the Organisation for Economic Co-operation and Development; (e) the United Nations; or Regulation 9 (f) any competent authority or government body designated in writing by the Cabinet. New products, business, delivery mechanisms and new or developing technologies A person carrying out relevant financial business in respect of new products and business practices, new delivery mechanisms and new or developing technologies shall — (a) undertake assessment of risk prior to the launch or use of the new products and business practices, new delivery mechanisms and new or developing technologies; and (b) take appropriate measures to manage and mitigate risks. PART 4 - Customer Due Diligence Anonymous accounts

A person carrying out relevant financial business shall not keep anonymous accounts or accounts in fictitious names. When customer due diligence is required

(1) A person carrying out relevant financial business shall undertake customer due diligence measures when — (a) establishing a business relationship; (b) carrying out a one-off transaction valued in excess of ten thousand dollars, including a transaction carried out in a single operation or in several operations of smaller value that appear to be linked; carrying out a one-off transaction that is a wire transfer; (d) there is a suspicion of money laundering, terrorist financing or proliferation financing; or (e) the person has doubts about the veracity or adequacy of previously obtained customer identification data. (2) Notwithstanding paragraph (1)(b), a virtual asset service provider shall undertake customer due diligence measures in respect of each one-off transaction it carries out. Obligation to identify customer

(1) A person carrying out relevant financial business shall — (a) identify a customer, whether a customer in an established business relationship or a one-off transaction, and whether natural, legal person or Regulation 12 legal arrangement and shall verify the customer’s identity using reliable, independent source documents, data or information; (b) verify that a person purporting to act on behalf of a customer is properly authorised and identify and verify the identity of the person; identify a beneficial owner and take reasonable measures to verify the identity of the beneficial owner, using the relevant information or data obtained from reliable sources, so as to be satisfied that the person knows the identity of the beneficial owner; (d) understand and obtain information on, the purpose and intended nature of a business relationship; and (e) conduct ongoing due diligence on a business relationship including — (i) scrutinising transactions undertaken throughout the course of the business relationship to ensure that transactions being conducted are consistent with the person’s knowledge of the customer, the customer’s business and risk profile, including where necessary, the customer’s source of funds; and (ii) ensuring that documents, data or information collected under the customer due diligence process is kept current and relevant to customer due diligence, by reviewing existing records at appropriate times, taking into account whether and when customer due diligence measures have been previously undertaken, particularly for higher risk categories of customers. (2) In addition to the requirements of paragraph (1)(a), for customers that are legal persons or legal arrangements, a person carrying out relevant financial business shall — (a) understand the ownership and control structure of the customer and the nature of the customer’s business; (b) identify the customer and verify its identity by means of the following (i) name, legal form and proof of existence; (ii) the constitutional documents that regulate and bind the legal person or arrangement, as well as satisfactory evidence of the identity of the director, manager, general partner, president, chief executive officer or such other person who is in an equivalent senior management position in the legal person or arrangement; and (iii) the address of the registered office and, if different, a principal place of business. (3) For the purpose of paragraph (1)(c), for customers that are legal persons, a person carrying out relevant financial business shall — Regulation 13 (a) identify and verify the identity of the natural person, if any, who is the beneficial owner; (b) to the extent that there is doubt under paragraph (a) as to whether the person with the controlling ownership interest is the beneficial owner or where no natural person exerts control through ownership interests, identify the natural person exercising control of the legal person or arrangement customer through other means; or where no natural person is identified under (a) or (b), identify the relevant natural person who is the senior managing official. (4) In addition to the requirements of paragraph (1)(c) and further to paragraph (2), for customers that are legal arrangements, a person carrying out relevant financial business, where applicable, shall identify and take reasonable measures to verify the identity of beneficial owners by means of the following (a) for trusts, the identity of the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other natural person exercising ultimate effective control over the trust (including through a chain of control or ownership); or (b) for other types of legal arrangements, the identity of persons in equivalent or similar positions. (5) Information collected and held under paragraph (4) shall be kept accurate and up to date and shall be updated on a timely basis. Customer due diligence re - beneficiary of life insurance

In addition to the customer due diligence measures required for the customer and the beneficial owner, a person carrying out relevant financial business shall conduct the following customer due diligence measures on the beneficiary of life insurance and other investment related insurance policies, as soon as the beneficiary is identified or designated and shall do so no later than at the time of the pay out — (a) for a beneficiary that is identified as a specifically named natural or legal person or legal arrangement, taking the name of the person; and (b) for a beneficiary that is designated by characteristics or by class or by other means, obtaining sufficient information concerning the beneficiary to satisfy the person carrying out relevant financial business that it will be able to establish the identity of the beneficiary at the time of the pay out; and for a beneficiary under paragraph (a) or (b), verifying the identity of the beneficiary. Regulation 14 Beneficiary as risk factor

A person carrying out relevant financial business shall include the beneficiary of a life insurance policy as a relevant risk factor in determining whether enhanced customer due diligence measures are applicable pursuant to Part 6. Verification of identity of customer and beneficial owner

(1) A person carrying out relevant financial business shall verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for one-off customers. (2) If permitted by these Regulations, the person may complete verification after the establishment of the business relationship, provided that — (a) this occurs as soon as reasonably practicable; (b) this is essential not to interrupt the normal conduct of business; and the money laundering risks, terrorist financing risks and proliferation financing risk sare effectively managed. Adoption of risk management procedures

A person carrying out relevant financial business shall adopt risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification. Duty to perform enhanced due diligence

A person carrying out relevant financial business shall perform enhanced due diligence where the money laundering risks, terrorist financing risks or proliferation financing risksare higher pursuant to Part 6. 17A. Considerations for applying customer due diligence 17A. A person carrying out relevant financial business shall apply customer due diligence requirements to existing customers on the basis of materiality and risk, and conduct due diligence on such existing relationships at appropriate times, taking into account whether and when customer due diligence measures have been previously undertaken and the adequacy of the data obtained. Obligation where unable to comply with customer due diligence

Where a person carrying out relevant financial business is unable to obtain information required by these Regulations to satisfy relevant customer due diligence measures — (a) the person shall — (i) not open the account, commence business relations or perform the transaction; or (ii) terminate the business relationship; and Regulation 19 (b) the person shall consider making a suspicious activity report in relation to the customer. When to file suspicious activity report

Where a person carrying out relevant financial business — (a) forms a suspicion of money laundering, terrorist financing or proliferation financing; and (b) reasonably believes that satisfying ongoing customer due diligence requirements of these Regulations for a customer or customer due diligence requirements of these Regulations for an applicant for business will tip off a customer or an applicant for business, the person shall not complete the customer due diligence requirements of these Regulations but shall file a suspicious activity report. Identification procedures - supplementary provisions

(1) For the purpose of these Regulations, evidence of the identity of an applicant for business is satisfactory if — (a) the evidence is reasonably capable of establishing that the applicant for business is the person the applicant for business claims to be; and (b) the person who obtains the evidence is satisfied, in accordance with the procedures maintained under these Regulations in relation to the relevant financial business concerned, that it does establish that fact. (2) Where a person who is required to comply with regulation 5 is dissatisfied as to the veracity or accuracy of any evidence of identity, the person shall obtain such additional evidence of identity as shall ensure that that person is satisfied or that the evidence collected meets the requirements of these Regulations. (3) Where a person carrying out relevant financial business is determining whether the evidence of identity in relation to a customer or applicant for business is satisfactory for a business relationship or a one-off transaction the person shall consider — (a) the nature of the business relationship or one-off transaction concerned; (b) the geographical locations of the parties to the business relationship or oneoff transaction; whether it is practical to obtain the evidence of identity before commitments are entered into between the parties to the business relationship or the one-off transaction or before money is exchanged between the parties to the business relationship or one-off transaction; and (d) the earliest stage before the business relationship is formed or the one-off transaction is completed at which there are reasonable grounds for Regulation 21 believing that the total amount payable by a customer or an applicant for business is ten thousand dollars or more where — (i) in respect of any one-off transaction, payment is to be made by or to the customer or applicant for business of the amount of ten thousand dollars or more; (ii) in respect of two or more transactions that appear to be one-off transactions it appears at the outset to the person — (A) that the transactions are linked; and (B) that the total amount, in respect of all of the transactions, which is payable by or to the customer or applicant for business is ten thousand dollars or more; or (iii) at any later stage, it comes to the attention of the person that subparagraphs (i) and (ii) of paragraph (d) are satisfied. (4) The simplified customer due diligence measures permitted in Part 5 shall not be applied to any business relationship or one-off transaction where a person required to comply with regulation 5(a) has reasonable grounds to believe that the business relationship or one-off transaction presents a higher money laundering risk, terrorist financing risk or proliferation financing risk. PART 5 - Simplified Customer Due Diligence Simplified customer due diligence application

(1) Notwithstanding Part 4, a person carrying out relevant financial business may apply simplified customer due diligence measures under this Part where it has identified and assessed a low level of risk in accordance with regulation 8. (1A) The simplified customer due diligence measures applied under paragraph (1) shall be commensurate with the lower risk factors identified in the risk assessment carried out in accordance with regulation 8. (2) Where a person carrying out relevant financial business finds that there is a low level of risk, the person’s finding as to risk is only valid if the finding is consistent with the findings of the national risk assessment or the Supervisory Authority, whichever is most recently issued. (3) Nothing in this Part applies where, a person carrying out relevant financial business knows, suspects, or has reasonable grounds for knowing or suspecting that a customer or an applicant for business is engaged in money laundering, terrorist financing or proliferation financing or that the transaction being conducted by the customer or applicant for business is being carried out on behalf of another person engaged in money laundering, terrorist financing or Regulation 22 (4) For the purpose of this regulation “national risk assessment” means the report by the Anti-Money Laundering Steering Group or any other body designated in writing by the Cabinet in accordance with the Act, which examines money laundering, terrorist financing and proliferation financing in the Islands. Acceptable applicants

(1) Customer due diligence procedures under Part 4 regarding verification of the identity of a customer or an applicant for business are not required where — (a) the identity of the customer or applicant for business is known to the person carrying out relevant financial business; (b) the person carrying out relevant financial business knows the nature and intended purpose of the business relationship or one-off transaction; the person carrying out relevant financial business has not identified any suspicious activity; and (d) the customer or applicant for business is a person who is — (i) required to comply with regulation 5 or is a majority-owned subsidiary of the relevant financial business; (ii) a central or local government organisation, statutory body or agency of government, in a country assessed by the person carrying out relevant financial business as having a low degree of money laundering risk, terrorist financing risk and proliferation financing risk; (iii) acting in the course of a business or is a majority-owned subsidiary of the business in relation to which an overseas regulatory authority exercises regulatory functions and is based or incorporated in, or formed under the Act of, a country assessed by the person carrying out relevant financial business as having a low degree of money laundering risk, terrorist financing risk and proliferation financing risk; (iv) a company, that is listed on a recognised stock exchange and subject to disclosure requirements which impose requirements to ensure adequate transparency of beneficial ownership, or majority-owned subsidiary of such a company; or (v) a pension fund for a professional association, trade union or is acting on behalf of employees of an entity referred to in sub-paragraphs (i) to (iv). (2) A person carrying out relevant financial business shall evidence in writing the basis for its determination of the applicability of paragraph (1) to the customer or applicant for business. Regulation 23 Payments delivered in person or electronically

(1) Where a person carrying out relevant financial business has assessed a low level of risk and has identified a customer or an applicant for business and the beneficial owner, where applicable and has no reason to doubt those identities, and — (a) the circumstances are such that payment is to be made by the customer or applicant for business; and (b) it is reasonable in all the circumstances — (i) for payment to be delivered by post or in person or by electronic means to transfer funds; or (ii) for the details of the payment to be delivered by post or in person, to be confirmed via telephone or other electronic means, then subject to paragraph (2) verification of the identity of a customer or an applicant for business is not required at the time of receipt of payment if the payment is debited from an account held in the name of the customer or applicant for business at a licensee under the Banks and Trust Companies Act (2025 Revision) or at a bank that is regulated in and either based or incorporated in or formed under the laws of, a country assessed by the person carrying out relevant financial business as having a low degree of money laundering risk, terrorist financing risk and proliferation financing risk, whether the account is held by the customer or the applicant for business solely or jointly. (2) Paragraph (1) shall not apply — (a) if the circumstances of the payment give rise to knowledge, suspicion, or reasonable grounds for knowing or suspecting that the customer or the applicant for business is engaged in money laundering or terrorist financing or that the transaction is carried out on behalf of another person engaged in money laundering, terrorist financing or proliferation financing; (b) if the payment is made by a person for the purpose of opening a relevant account with a licensee under the Banks and Trust Companies Act (2025 Revision); and in relation to a customer or an applicant for business when onward payment is to be made to the customer or the applicant for business or any other person, and the verification of the identity of the customer or the applicant for business is required to be obtained before payment of any proceeds, unless by operation of law payment of the proceeds is to be made to a person for whom a court is required to adjudicate payment. (3) For the purpose of paragraph (l)(b), it is immaterial whether the payment or the details of the payment are delivered by post or in person to a person who is Regulation 24 required to comply with regulation 5 or to another person acting on that person’s behalf. Identification procedures - transactions on behalf of another

(1) This regulation applies where in relation to a person who is required to comply with regulation 5, an applicant for business is or appears to be acting as an agent or nominee for a principal. (2) A person carrying out relevant financial business is required to satisfy the customer due diligence requirements under Part 4 in respect of the verification of the identity of an applicant for business unless — (a) the applicant for business falls within one of the categories under regulation 22(1)(d); and (b) a written assurance has been provided by the applicant for business which confirms — (i) that the applicant for business has identified and verified the identity of the principal, and the beneficial owner, where applicable, on whose behalf the applicant for business acts and under procedures maintained by the applicant for business; (ii) the nature and intended purpose of the business relationship; (iii) that the applicant for business has identified the source of funds of the principal; and (iv) that the applicant for business shall make available on request and without delay copies of any identification and verification data or information and relevant documents obtained by the applicant for business after satisfying the requirements of customer due diligence in respect of the principal and the beneficial owner. (3) A person who is required to comply with regulation 5 and who relies on a written assurance under paragraph (2) is liable for any failure of the applicant for business to obtain and record satisfactory evidence of the identity of the principal or beneficial owner or to make the same available on request and without delay. Eligible introducer

(1) A person carrying out relevant financial business is not required to verify the identity of an applicant for business, or the beneficial owner, if applicable, in accordance with Part 4 where a business relationship is formed or a one-off transaction is carried out with or for an applicant for business pursuant to an introduction effected by a person who falls within one of the categories under regulation 22(1)(d) and who, upon that introduction, provides a written assurance to the person carrying out relevant financial business which confirms — Regulation 26 (a) the identity of the applicant for business, and the identity of the beneficial owner, if applicable, of the applicant for business; (b) the nature and intended purpose of the business relationship; that the introducer has identified and verified the identity of the applicant for business, and, where required, the beneficial owner of the applicant for business, under procedures maintained by the introducer in accordance with applicable laws; (d) that the introducer has identified the source of the funds of the applicant for business; (da) that the introducer — (i) is supervised or monitored by a Supervisory Authority or overseas regulatory authority; and (ii) has measures in place, for compliance with customer due diligence and record keeping requirements; and (e) that the introducer shall make available on request and without delay copies of identification and verification data and any other relevant documentation relating to customer due diligence requirements in respect of the applicant for business and, where applicable, the beneficial owner of the applicant for business. (2) A person carrying out relevant financial business who relies on an introduction effected under paragraph (1) in respect of an applicant for business, is liable for any failure of the introducer to obtain and record satisfactory identification and verification documentation, or to make the same available on request and without delay. (3) In this regulation, the ultimate responsibility for compliance with the customer due diligence requirements set out under Part 4 is that of the person carrying out relevant financial business who relies on an introduction effected under paragraph (1). Verification not required

(1) A person carrying out relevant financial business is not required to satisfy the requirements of Part 4 regarding the verification of the identity of an applicant for business where, in relation to insurance business — (a) a policy of insurance in connection with a pension scheme taken out by virtue of a contract of employment or occupation — (i) contains no surrender clause; and (ii) may not be used as collateral for a loan; Regulation 27 (b) a premium is payable, in relation to a policy of insurance, in one instalment of an amount not exceeding two thousand dollars; or a periodic premium is payable in respect of a policy of insurance where the total payable in respect of any calendar year does not exceed eight hundred dollars. (2) In this regulation — “calendar year” means a period of twelve months beginning on the 1st January. PART 6 - Enhanced Customer Due Diligence Application of enhanced customer due diligence

Subject to regulation 19, a person carrying out relevant financial business shall perform enhanced customer due diligence — (a) where a higher money laundering risk, terrorist financing risk or proliferation financing risk has been identified pursuant to Part 3; (b) where through supervisory guidance a high risk of money laundering or terrorist financing has been identified; where a customer or an applicant for business is from a foreign country that has been identified by credible sources as having serious deficiencies in its anti-money laundering, counter terrorist financing or counter proliferation financing regime or a prevalence of corruption; (d) in relation to correspondent banking relationships, pursuant to Part 11; (e) where the customer or the applicant for business is a politically exposed person; (f) in the event of any unusual or suspicious activity; or (g) in relation to business relationships and transactions with persons, including financial institutions, from countries for which this is requested by the Financial Action Task Force, and in each case, the enhanced customer due diligence shall be proportionate to the risk. Enhanced customer due diligence required

Where enhanced customer due diligence is unable to be performed where it is required, a person carrying out relevant financial business shall follow the procedures in regulation 18. Regulation 29 Enhanced customer due diligence at payout

In relation to insurance business, where a person carrying out relevant financial business determines that carrying out relevant financial business with a beneficiary presents a higher risk, the person shall perform enhanced customer due diligence including reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, where applicable, at the time of pay out. PART 7 - Politically Exposed Persons Additional requirements - politically exposed persons

(1) A person carrying out relevant financial business shall in addition to satisfying customer due diligence requirements shall under these Regulations — (a) put in place risk management systems to determine whether a person or beneficial owner with whom that person has a business relationship is a politically exposed person, family member or close associate; (b) ensure that the risk management procedures under subparagraph (a) — (i) contain as a component, procedures for requiring that senior management approval be obtained before establishing or continuing a business relationship with a politically exposed person or a family member or close associate; (ii) take reasonable measures to establish the source of wealth and the source of funds of a person involved in a business relationship and a beneficial owner identified as a politically exposed person or a family member or close associate; and (iii) contain as a component, monitoring of the business relationship with the politically exposed person or a family member or close associate. (2) In the case of a life insurance policy, a person carrying out relevant financial business shall take reasonable measures, no later than at the time of payout — (a) to determine whether the beneficiary and where applicable the beneficial owner of the beneficiary is a politically exposed person; (b) that senior management is informed before pay-out of the policy proceeds; and to conduct enhanced scrutiny on the whole business relationship with the policy holder and if necessary, to consider making a suspicious activity report. Regulation 31 PART 8 - Record-Keeping Procedures Record-keeping procedures

(1) Record-keeping procedures maintained by a person carrying out relevant financial business are in accordance with this regulation if the procedures require the following records to be kept as follows — (a) in relation to a business relationship that is formed or one-off transaction that is carried out, a record that indicates the nature of evidence of customer due diligence obtained under procedures maintained in accordance with Part 4 — (i) comprises a copy of the evidence; (ii) provides such information as would enable a copy of it to be obtained; or (iii) where it is not reasonably practicable to comply with subsubparagraph (i) or (ii), that provides sufficient information to enable the details of a person’s identity contained in the relevant evidence to be re-obtained; (b) a record comprising account files and business correspondence, and results of any analysis undertaken, for at least five years following the termination of the business relationship or after the date of the one-off transaction; and a record containing details relating to all transactions carried out by the person carrying out relevant financial business, which should be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity. (2) A person carrying out relevant financial business shall ensure that all customer due diligence information and transaction records are available without delay upon request by competent authorities. (3) For the purpose of paragraph (1) and subject to paragraph (4), the period for which the records prescribed shall be kept is at least five years commencing with — (a) in relation to the records described in paragraph (1)(a), the date on which the relevant business was completed within the meaning of paragraph (5); (b) in relation to the records described in paragraph (1)(b), either the date on which the relevant business was completed within the meaning of paragraph (5) or the date on which all activities taking place in the course of the transaction in question were completed; and in relation to the records described in paragraph (1)(c), the date on which all activities taking place in the course of the transaction in question were completed. (4) Where a person who is required to comply with regulation 5 — Regulation 31 (a) forms a business relationship or carries out a one-off transaction with another person; (b) has reasonable grounds for believing that a person under paragraph (a) has become insolvent; and after forming a belief under paragraph (b), makes an attempt to recover all or part of the amount of any debt payable to the person which has fallen due by the person under paragraph (b), the period for which records under paragraph (1) are to be kept is at least five years commencing with the date on which the first attempt is made. (5) For the purpose of paragraph (3)(a) or (b), the date on which relevant financial business is completed is — (a) the date of the ending of the business relationship in respect of whose formation the record under paragraph (l)(a) or (b) was compiled; (b) the date of completion of all activities taking place in the course of the oneoff transaction in respect of which the record under paragraph (1)(a) or (b) was compiled where — (i) in respect of any one-off transaction, a person carrying out relevant financial business knows, suspects, or has reasonable grounds for knowing or suspecting that the customer is engaged in money laundering, terrorist financing or proliferation financing or that the transaction is carried out on behalf of another person engaged in money laundering, terrorist financing or proliferation financing; or (ii) in respect of any one-off transaction, payment is to be made by or to the applicant for business of the amount of ten thousand dollars or more; or the date of the completion of all activities taking place in the course of the last one-off transaction in respect of which the record under paragraph (l)(a) or (b) was compiled where — (i) in respect of two or more one-off transactions — (aa) it appears at the outset to a person carrying out relevant financial business — (i) that the transactions are linked; and (ii) that the total amount, in respect of all of the transactions, which is payable by or to the applicant for business is ten thousand dollars or more; or (bb) at any later stage, it comes to the attention of such a person that subparagraphs (aa)(i) and (ii) are satisfied. Regulation 32 Record-keeping procedures - supplementary provisions

(1) For the purpose of regulation 31(4)(b), a person is considered insolvent if — (a) the person has been adjudged bankrupt or has made a composition or arrangement with that person’s creditors; (b) the person has died and the person’s estate falls to be administered in accordance with an order under section 66 of the Bankruptcy Act (1997 Revision); or a winding up order or an administration order has been made or a resolution for voluntary winding up has been passed with respect to the person, or a receiver or manager of the person’s undertaking has been duly appointed, or possession has been taken, by or on behalf of the holders of any debentures secured by a floating charge, of any property of the person comprised in or subject to the charge, or a voluntary arrangement has been sanctioned under section 86 of the Companies Act (2025 Revision). (2) Where a person required to comply with regulation 5 — (a) is an appointed representative; and (b) is not — (i) a licensee under the Banks and Trust Companies Act (2025 Revision); (ii) a licensee under the Insurance Act, 2010 [Law 32 of 2010]; (iii) a licensed mutual fund administrator under the Mutual Funds Act (2025 Revision); or (iv) the holder of a licence under the Companies Management Act (2025 it is the responsibility of the principal of the person to ensure that record-keeping procedures in accordance with regulation 31 are maintained in respect of any relevant financial business carried out by the appointed representative which is investment business carried on by the person for which the principal has accepted responsibility. (3) In this regulation — “appointed representative” means a person — (a) who is employed by another person under a contract for services which — (i) requires or permits the person to carry out relevant financial business and either prohibits the person from giving advice about entering into investment agreements with persons other than the person’s principal, or enables the person’s principal to impose such a restriction or to restrict or prohibit the kinds of advice which the person may give; or Regulation 33 (ii) either prohibits the person from procuring persons to enter into investment agreements with persons other than the person’s principal, or enables the person’s principal to impose such a prohibition or to restrict the kinds of investment to which the agreements may relate or the other persons with whom they may be entered into; and (b) who has accepted responsibility in writing for carrying on the whole or part of a relevant financial business. PART 9 - Money Laundering Reporting Officer Appointment of the Money Laundering Reporting Officer

(1) A person carrying out relevant financial business shall for the purpose of securing compliance with any requirement set out in Part 4 of the Act, designate a person employed at managerial level as the Money Laundering Reporting Officer. (2) A person carrying out relevant financial business shall designate a manager or official employed at managerial level as an alternate for the Money Laundering Reporting Officer who shall be referred to as the Deputy Money Laundering Reporting Officer and who shall in the absence of the Money Laundering Reporting Officer, discharge the functions of the Money Laundering Reporting Officer. Internal reporting procedures

Internal reporting procedures maintained by a person are in accordance with this regulation if the procedures include provisions — (a) identifying the Money Laundering Reporting Officer and specifying that the Money Laundering Reporting Officer is the person to whom a report is to be made of any information or other matter which comes to the attention of a person carrying out relevant financial business and which, in the opinion of the person, gives rise to — (i) a knowledge or suspicion or reasonable grounds for knowing or suspecting that another person is engaged in money laundering, terrorist financing or proliferation financing; or (ii) a knowledge or suspicion or reasonable grounds for knowing or suspecting that the transaction or attempted transaction relates to money laundering or terrorist financing; (b) requiring that a report under subparagraph (a) be considered in light of all other relevant information by the Money Laundering Reporting Officer, or by the Deputy Money Laundering Reporting Officer, for the purpose of Regulation 35 determining whether or not the information or other matter contained in the report gives rise to such a knowledge or suspicion; for a person charged with considering a report in accordance with subparagraph (b) to have access to other information which may be of assistance to the person and which is available to the person who is responsible for maintaining the internal reporting procedures concerned; and (d) for ensuring that any information or other matter contained in a report is disclosed to the Financial Reporting Authority where the person who has considered the report under subparagraph (b) knows or suspects or has reasonable grounds for knowing or suspecting that another person is engaged in money laundering, terrorist financing or proliferation financing. PART 10 - Identification and record-keeping requirements relating to Wire Transfers Application of this Part

(1) This Part applies to transfers of funds, in any currency, which are sent or received by a payment service provider carrying on business in or from within (2) Notwithstanding paragraph (1) — (a) this Part does not apply to transfers of funds carried out using a credit or debit card, if — (i) the payee has an agreement with the payment service provider permitting payment for the provision of goods and services; and (ii) a unique identifier, allowing the transaction to be traced back to the payer, accompanies such transfer of funds; and (b) this Part does not apply to transfers of funds — (i) where the payer withdraws cash from the payer’s own account; (ii) where there is a debit transfer authorisation between two parties permitting payments between them through accounts, if a unique identifier accompanies the transfer of funds, enabling the person to be traced back; (iii) where truncated cheques are used; (iv) for fines, duties or other levies within the Islands; or (v) where both the payer and the payee are payment service providers acting on their own behalf. Regulation 36 (3) This Part does not apply to transfers of virtual assets. Information accompanying transfers of funds and record-keeping

(1) Subject to regulation 37, a payment service provider of a payer shall ensure that transfers of funds are accompanied by complete information on the payer. (2) For the purpose of this Part, complete information on a payer shall include — (a) the payer’s name; (b) the payer’s account number, or where the account number is not available, a unique identifier which allows the transaction to be traced back to the payer; and (c) one of the following — (i) the payer’s address; (ii) the number of a Government-issued document evidencing the payer’s identity; (iii) the payer’s customer identification number; or (iv) the payer’s date and place of birth. (3) The payment service provider of the payer shall, before transferring the funds, verify the complete information on the payer on the basis of documents, data or information that meet the requirements of regulation 20(1). (4) A payment service provider of the payer shall collect beneficiary or payee information including the name and account number or unique transaction reference in order to facilitate the traceability of the transaction. (5) In the case of transfers of funds from an account, verification may be deemed to have taken place if — (a) the payer’s account is held at a licensee under the Banks and Trust Companies Act (2025 Revision); or (b) the payer is a person who is required to comply with regulation 5. (6) The payment service provider of the payer shall, for five years, keep records of complete information on the payer and payee which accompanies transfers of funds. Transfers of funds within the Islands

Where both the payment service provider of the payer and the payment service provider of the payee are situated in the Islands, transfers of funds shall be required to be accompanied only by the account number of the payer or a unique identifier allowing the transaction to be traced back to the payer; but, if requested by the payment service provider of the payee, the payment service provider of the payer shall make available to the payment service provider of the payee complete information on the payer, within three working days of receiving that request. Regulation 38 Batch file transfers

(1) For batch file transfers from a single payer where the payment service providers of the payees are situated outside the Islands, regulation 36(1) shall not apply to the individual transfers bundled together, if the batch file contains that information about the payer and the individual transfers carry the account number of the payer or a unique identifier. (2) A batch file shall contain the name, account number or unique identifier number of a payee or beneficiary that is traceable in the payee country. Obligations of payment service provider of payee

The payment service provider of a payee shall have effective procedures in place in order to detect whether, in the messaging or payment and settlement system used to effect a transfer of funds, the information required under regulations 37, 38 and 47 is obtained in accordance with these Regulations. Transfers of funds with missing or incomplete information about the payer

(1) The payment service provider of a payer shall not execute wire transfers where the payment service provider is unable to collect and maintain information on the payer and payee as required under regulations 36, 37 and 38(1). (2) A payment service provider of the payee shall have effective systems in place to detect missing required information on both the payer and payee. (3) Where the payment service provider of the payee detects, when receiving transfers of funds, that information on the payer required under this Part is missing or incomplete the payment service provider shall either reject the transfer or request complete information on the payer; and, in any event, the payment service provider of the payee shall comply with the Act, the Terrorism Act (2018 Revision) and these Regulations. (4) A beneficiary or payee financial institution shall verify the identity of payee information and shall, for five years, keep records of the information. (5) A payment service provider of a payee shall adopt risk-based policies and procedures for determining when to execute, reject or suspend a wire transfer where the required payer or payee information is incomplete and the resulting procedures to be applied. (6) Where a payment service provider regularly fails to supply the required information on the payer, the payment service provider of the payee shall adopt reasonable measures to rectify non-compliance with these Regulations, before — (a) rejecting any future transfers of funds from that payment service provider; (b) restricting its business relationship with that payment service provider; or terminating its business relationship with that payment service provider, Regulation 41 and the payment service provider of the payee shall report to the Financial Reporting Authority and to the relevant Supervisory Authority any such decision to restrict or terminate its business relationship with that payment service provider. Risk-based assessment

The payment service provider of the payee shall consider incomplete information about the payer as a factor in assessing whether the transfer of funds, or any related transaction, is suspicious, and whether the suspicion should be reported to the Financial Reporting Authority, in accordance with the Act and these Regulations. Record-keeping by payment service provider of payee

The payment service provider of the payee shall, for five years, keep records of any information received on the payer. Information accompanying a transfer of funds

Intermediary payment service providers shall ensure that all information received on the payer and the payee that accompanies a transfer of funds is kept with the transfer. Straight-through processing

An intermediary payment service provider shall take reasonable measures, which are consistent with straight-through processing, to identify cross-border transfers that lack required payer or payee information and shall adopt risk-based policies and procedures for determining when to execute, reject or suspend a wire transfer where the required payer or payee information is incomplete and the resulting procedures to be applied. Obligation to comply with requirements

A money services licensee shall comply with all of the relevant requirements under this Part in the countries in which they operate, directly or through the agents of the licensee. Obligation to file suspicious activity report

A money services licensee, that controls both the ordering institution and the beneficiary institution, shall — (a) consider the information from both the ordering institution and the beneficiary institution to determine whether a suspicious activity report should be filed; and (b) further to subparagraph (a) file the suspicious activity report in the country from or to which the suspicious wire transfer originated or was destined, respectively and make relevant transaction information available to the Financial Reporting Authority and the relevant authorities in the country. Regulation 47 Technical limitations

(1) This regulation applies where the payment service provider of the payer is situated outside the Islands and the intermediary payment service provider is situated within the Islands, in respect of transfers of funds by the intermediary payment service provider within the Islands. (2) Subject to paragraph (3), the intermediary payment service provider may use a payment system with technical limitations which prevent information on the payer from accompanying the transfer of funds to send transfers of funds to the payment service provider of the payee. (3) Where the intermediary payment service provider receives a transfer of funds with incomplete information about the payer as required under this Part, the intermediary payment service provider shall only use a payment system with technical limitations if the intermediary payment service provider is able to provide the payment service provider of the payee, with the information about the payer, using a manner of communication accepted by, or agreed between, both payment service providers. (4) Where the intermediary payment service provider uses a payment system with technical limitations, the intermediary payment service provider shall, upon request from the payment service provider of the payee, make available to the payment service provider of the payee all the information on the payer which the intermediary payment service provider has received, irrespective of whether the information is complete or not, within three working days of the date of receiving that request. (5) In the cases referred to in paragraphs (2) and (3), the intermediary payment service provider shall, for five years, keep records of all information received. Cooperation

A payment service provider shall respond fully and without delay to enquiries from the Reporting Authority concerning the information about the payer accompanying transfers of funds and corresponding records. Conflict between Parts

Where there is an inconsistency between the provisions of this Part and any other provision of these Regulations, the provisions of this Part shall prevail, to the extent of the inconsistency. Regulation 49A PART 10A - Identification and record-keeping requirements relating to transfers of virtual assets 49A. Definitions under Part 10A 49A. In this Part — “batch file transfer of virtual assets” means several individual transfers of virtual assets which are bundled together by, or on behalf of, a virtual asset service provider for transmission; “beneficiary” has the meaning assigned under section 2 of the Virtual Asset (Service Providers) Act (2025 Revision); “beneficiary virtual asset service provider” means a virtual asset service provider which receives a transfer of virtual assets on behalf of a beneficiary; “intermediary virtual asset service provider” means a virtual asset service provider which — (a) participates in the execution of a transfer of virtual assets; and (b) is not the originating virtual asset service provider or the beneficiary virtual asset service provider; “obliged entity” has the meaning assigned under section 2 of the Virtual Asset (Service Providers) Act (2025 Revision); “originating virtual asset service provider” means a virtual asset service provider which conducts a transfer of virtual assets on behalf of an originator; “originator” has the meaning assigned under section 2 of the Virtual Asset (Service Providers) Act (2025 Revision); and “transfer of virtual asset” has the meaning assigned under section 2 of the Virtual Asset (Service Providers) Act (2025 Revision). 49B. Application of this Part 49B. This Part applies to transfers of virtual assets. 49C. Transfers of virtual assets to a beneficiary 49C. (1) An originating virtual asset service provider shall, when conducting a transfer of virtual assets to a beneficiary, collect and record the following (a) the name of the originator and the beneficiary; (b) where an account is used to process the transfer of virtual assets by — (i) the originator, the account number of the originator; or (ii) the beneficiary, the account number of the beneficiary; Regulation 49D (c) the address of the originator, the number of a Government-issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and (d) where an account is not used to process the transfer of virtual assets, the unique transaction reference number that permits traceability of the transaction. (2) An originating virtual asset service provider shall, before conducting the transfer of virtual assets, verify the information on the originator under paragraph (1) on the basis of documents, data or information that meet the requirements of regulation 20(1). (3) An originating virtual asset service provider shall provide the information under paragraph (1) to the beneficiary virtual asset service provider or obliged entity simultaneously or concurrently with the transfer of virtual assets. (4) An originating virtual asset service provider may provide the information under paragraph (1) to the beneficiary virtual asset service provider or obliged entity directly by attaching the information to the transfer of virtual assets or providing the information indirectly. (5) An originating virtual asset service provider shall ensure that transfers of virtual assets are conducted using a system which prevents the unauthorised disclosure of the information under paragraph (1) to a person other than the originating virtual asset service provider, the beneficiary virtual asset service provider or the obliged entity. (6) An originating virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets. 49D. Obligations of a beneficiary virtual asset service provider 49D. (1) A beneficiary virtual asset service provider shall, on receipt of a transfer of virtual assets, collect and record the following information — (a) the name of the originator and the beneficiary; (b) where an account is used to process the transfer of virtual assets by — (i) the originator, the account number of the originator; or (ii) the beneficiary, the account number of the beneficiary; (c) the address of the beneficiary, the number of a Government-issued document evidencing the beneficiary’s identity or the beneficiary’s customer identification number or date and place of birth; and (d) where an account is not used to process the transfer of virtual assets, the unique transaction reference number that permits traceability of the transaction. Regulation 49E (2) A beneficiary virtual asset service provider shall verify the accuracy of information on the beneficiary under paragraph (1) on the basis of documents, data or information that meets the requirements of regulation 20(1). (3) A beneficiary virtual asset service provider shall, for at least five years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets. 49E. Duty to produce information 49E. (1) A competent authority may, by notice in writing, require an originating virtual asset service provider or a beneficiary virtual asset service provider to provide information in respect of a transfer of virtual assets carried out under this Part. (2) An originating virtual asset service provider or a beneficiary virtual asset service provider which receives a notice under paragraph (1) shall comply with that notice within the period and in the manner specified in the notice. 49F. Batch file transfers of virtual assets 49F. (1) Where a batch file transfer of virtual assets consists entirely of transfers from one originator, regulation 49C(1) shall not apply to the individual transfers of virtual assets bundled together if — (a) the batch file contains the following information or if the following information is submitted with the batch file — (i) the name of the originator; (ii) where an account is used to process the transfer of virtual assets by the originator, the account number of the originator; (iii) the address of the originator, the number of a Government-issued document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and (b) the individual transfers of virtual assets carry the account number of the originator or a unique identifier. (2) A batch file or the information submitted along with a batch file shall contain the name, account number or unique identifier of each beneficiary that is traceable in the beneficiary country. 49G. Obligations of a beneficiary virtual asset service provider 49G. A beneficiary virtual asset service provider shall have effective procedures in place in order to detect whether, in the messaging or payment and settlement system or equivalent system used to effect a transfer of virtual assets, the information required under regulations 49C(1), 49F and 49N is obtained in accordance with these Regulation 49H 49H. Transfers of virtual assets with missing or incomplete information about the originator 49H. (1) An originating virtual asset service provider shall not execute transfers of virtual assets where the originating virtual asset service provider is unable to collect and maintain information on the originator and beneficiary as required under regulation 49C(1) and 49F. (2) A beneficiary virtual asset service provider shall have effective systems in place to detect missing required information on both the originator and beneficiary. (3) Where a beneficiary virtual asset service provider detects, when receiving transfers of virtual assets, that information on the originator required under this Part is missing or incomplete, the beneficiary virtual asset service provider shall either reject the transfer of virtual assets or request complete information on the originator. (4) A beneficiary virtual asset service provider shall adopt risk-based policies and procedures for determining — (a) whether to execute, reject or suspend a transfer of virtual assets; and (b) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete. (5) Where an originating virtual asset service provider regularly fails to supply the required information on the originator, the beneficiary virtual asset service provider shall adopt reasonable measures to rectify noncompliance with these Regulations before — (a) rejecting any future transfers of virtual assets from that originating virtual asset service provider; (b) restricting its business relationship with that originating virtual asset service provider; or terminating its business relationship with that originating virtual asset service provider, and the beneficiary virtual asset service provider shall report to the Financial Reporting Authority and to the relevant Supervisory Authority any such decision to restrict or terminate its business relationship with that originating virtual asset service provider. 49I. Assessment and reporting of suspicious transfers of virtual assets 49I. A beneficiary virtual asset service provider shall consider incomplete information about the originator as a factor in assessing whether a transfer of virtual assets, or any related transaction, is suspicious and where it is determined that the transaction is suspicious, the suspicious transaction shall be reported to the Financial Reporting Authority in accordance with the Act. Regulation 49J 49J. Information accompanying a transfer of virtual assets 49J. An intermediary virtual asset service provider which participates in a transfer of virtual assets shall ensure that all information received on the originator and the beneficiary that accompanies a transfer of virtual assets is kept with the transfer of virtual assets. 49K. Straight-through processing of transfers of virtual assets 49K. An intermediary virtual asset service provider shall — (a) take reasonable measures, which are consistent with straight-through processing, to identify transfers of virtual assets that lack required originator or beneficiary information; and (b) adopt risk-based policies and procedures for determining — (i) when to execute, reject or suspend a transfer of virtual assets; and (ii) the resulting procedures to be applied, where the required originator or beneficiary information is incomplete. 49L. Obligation of a virtual asset service provider to comply with requirements 49L. A virtual asset service provider shall comply with all of the relevant requirements under this Part in the countries in which they operate, either directly or through the agents of the virtual asset service provider. 49M. Obligation of a virtual asset service provider to file suspicious activity report 49M. A virtual asset service provider, that controls both the originating virtual asset service provider and the beneficiary virtual asset service provider, shall — (a) consider the information from both the originating virtual asset service provider and the beneficiary virtual asset service provider to determine whether a suspicious activity report should be filed; and (b) further to paragraph (a), file the suspicious activity report in the country from which the transfer of virtual assets originated or to which the transfer of virtual assets was destined and make relevant transaction information available to the Financial Reporting Authority and the relevant authorities in the country from which the transfer originated or to which it was destined. 49N. Technical limitations related to transfers of virtual assets 49N. Where technical limitations prevent an intermediary virtual asset service provider from sending the required originator or beneficiary information with the transfer of virtual assets, the intermediary virtual asset service provider shall keep a record of all the information received from the originating virtual asset service provider, obliged entity or other intermediary, for at least five years. Regulation 49O 49O. Obligation to have risk-based policies 49O. An intermediary virtual asset service provider shall have risk-based policies and procedures for determining — (a) when to execute, reject, or suspend a transfer of virtual assets lacking required originator or required beneficiary information; and (b) the appropriate follow-up action. 49P. Interpreting inconsistencies with other Parts 49P. Where there is an inconsistency between the provisions of this Part and any other provision of these Regulations, the provisions of this Part shall prevail to the extent of the inconsistency. PART 11 - Shell Banks and Correspondent Banks Shell banks

A person carrying out relevant financial business to which regulation 5 applies and which is carried on by the person in or from the Islands, shall not form a business relationship, or carry out a one-off transaction, with a shell bank. Correspondent banks

For the avoidance of doubt, a person carrying out relevant financial business shall not enter into or shall discontinue correspondent banking and other similar relationships with a shell bank and shall satisfy the person that respondent financial institutions do not permit their accounts to be used by shell banks. Cross-border correspondent banking

In relation to cross-border correspondent banking and other similar relationships, a person carrying out relevant business, in addition to conducting customer due diligence procedures pursuant to these Regulations shall — (a) collect information to understand the nature of a respondent institution’s business and determine from publicly available information the reputation of the institution and the quality of supervision, including whether the institution has been subject to money laundering, terrorist financing or proliferation financing investigation or regulatory action; (b) assess the respondent institution’s anti-money laundering and countering financing of terrorists and proliferation controls; obtain approval from senior management before establishing new correspondent relationships; and (d) clearly understand and document the respective responsibilities of each institution. Regulation 53 Payable-through accounts

With respect to payable-through accounts, a person carrying out relevant financial business shall be satisfied that the respondent bank — (a) has performed customer due diligence obligations on its customers that have direct access to the accounts of the correspondent bank; and (b) is able to provide relevant customer due diligence information to the correspondent bank upon request. PART 11A - Disclosure and sharing of information 53A. Duty to produce information 53A. (1) A Supervisory Authority may, by notice in writing, require a person carrying out relevant financial business to provide such documents, statements or any other information as the Supervisory Authority may reasonably require in connection with the exercise of its functions. (2) A person carrying out relevant financial business, who receives a notice under paragraph (1), shall comply with that notice within the period and in the manner specified in the notice. (3) A Supervisory Authority may, by notice in writing, require — (a) a person carrying out relevant financial business; (b) a connected person; or a person reasonably believed to have information relevant to an inquiry by the Supervisory Authority, to attend before the Supervisory Authority to answer such questions or provide such information as the Supervisory Authority may deem necessary in connection with its inquiry. (4) A person who is served a notice under paragraph (3) shall attend before the Supervisory Authority in accordance with the notice. (5) In relation to information recorded otherwise than in legible form, the notice may require a copy of the information in legible form or in a form from which it can readily be produced in visible and legible form. (6) Information required to be provided to the Supervisory Authority under this regulation shall be provided in the English language and any information required in a notice under this regulation which is not in the English language shall be translated into the English language before being provided to the (7) The production of a document does not affect any lien which a person has on the document. Regulation 53AA 53AA. Duty of DNFBPs to produce information 53AA.(1) A Supervisory Authority may, by notice in writing, require a DNFBP to provide documents, statements or any other information as the Supervisory Authority may reasonably require to determine if the DNFBP is carrying out relevant financial business. (2) A DNFBP which receives a notice under paragraph (1), shall comply with that notice within the period and in the manner specified in the notice. 53B. Failure to produce information 53B. (1) A person who fails to comply with a notice issued by a Supervisory Authority under regulation 53A or 53AA contravenes these Regulations and is liable to the penalty prescribed under regulation 56 or the administrative penalties under paragraph (2). (2) Where a person fails to comply with a notice issued by a Supervisory Authority under regulation 53A or 53AA — (a) the Monetary Authority may impose an administrative fine in accordance with the Monetary Authority Act (2020 Revision) or regulations made thereunder; or (b) a Supervisory Authority other than the Monetary Authority may impose an administrative fine in accordance with these regulations. 53C. Requirement to share information 53C. (1) A Supervisory Authority, competent authority or government body may of its own volition or upon request by any other Supervisory Authority, competent authority or government body, share or provide any information required for the purpose of — (a) assessing money laundering, terrorist financing and proliferation financing risks; or (b) discharging any function or exercising any power under the Act. (2) Where a request is made to a Supervisory Authority, competent authority or government body for information in accordance with paragraph (1), the information shall be provided within a reasonable time from the date of receipt of the request. (3) Where information is shared or provided in accordance with paragraph (1), the recipient of such information shall — (a) only use the information for the purpose for which it was shared or provided; Regulation 53D (b) only retain the information for as long as is necessary to carry out the purpose for which it was shared or provided; and not disclose the information for any purpose other than the purpose for which it was shared or provided, without the prior consent of the competent authority or government body which shared or provided the (4) Repealed by regulation 13 of the Anti-Money Laundering (Amendment) (No. 2) Regulations, 2019 (SL# 28 of 2019). PART 11B – Reporting requirements of Supervisory Authorities 53D. Supervisory authorities to submit annual report 53D. Every Supervisory Authority shall, no later than three months after the end of its financial year — (a) submit to the Steering Group an annual report on its activities; and (b) publish the annual report in such detail and manner as it thinks appropriate. 53E. Contents of annual report 53E. An annual report under regulation 53D shall contain information with respect to — (a) the number of persons under the supervision of the Supervisory Authority including the proportion of natural and legal persons; (b) the relevant financial business carried on by persons under the supervision of the Supervisory Authority and its methodology for risk-rating such persons; (c) the number of contraventions of the Regulations by persons under the supervision of the Supervisory Authority which the Supervisory Authority has identified; (d) the number of inspections of persons under its supervision for the purposes of the Regulations conducted by the Supervisory Authority; (e) the number and amount of fines imposed by the Supervisory Authority; (f) the number of times that the Supervisory Authority has exercised its enforcement powers; (g) the number of persons under the supervision of the Supervisory Authority who, following the exercise of enforcement powers by the Supervisory Authority, have contravened the requirements imposed by such enforcement measures; Regulation 54 (h) the activities that the Supervisory Authority has engaged in to educate persons under its supervision with respect to their responsibilities under the Regulations; (i) anti-money laundering, combating terrorist financing, and combating proliferation financing training and development undertaken within the (j) a summary of any money laundering, terrorist financing and proliferation financing risk assessments conducted for sectors under the supervision of the Supervisory Authority during the relevant period; and (k) any updates to the description of indications which may suggest that a transfer of criminal funds is taking place in the sectors under the supervision of the Supervisory Authority. PART 12 - Disclosure Obligations of Supervisory Authorities Disclosure - application of Part

(1) This Part applies to the Supervisory Authorities and to a minister or Official Member, in relation to any person carrying on relevant financial business, of the person’s statutory or official functions. (2) Notwithstanding paragraph (1) this Part does not apply to any disclosure of information to which Part 2 of Schedule 1 to the Terrorism Act (2018 Revision) relates. Disclosure obligation

(1) Subject to paragraph (2), where a Supervisory Authority, a minister or Official Member — (a) obtains any information; and (b) is of the opinion that the information indicates that any person has or may have been engaged in money laundering, the Supervisory Authority, a minister or Official Member shall, as soon as is reasonably practicable, disclose that information to the Financial Reporting Authority. (2) Where any person is a secondary recipient of information obtained by a Supervisory Authority, a minister or Official Member, and that person forms such an opinion as is mentioned in paragraph (l)(b), that person may disclose the information to the Financial Reporting Authority. (3) Where any person employed by a Supervisory Authority, appointed by a Supervisory Authority to act as that Supervisory Authority’s agent, employed Regulation 55A by any such agent or employed by the Government in the ministry or portfolio of a minister or Official Member — (a) obtains any information whilst acting in the course of any investigation, or discharging any functions, to which the person’s appointment or authorisation relates; and (b) is of the opinion that the information indicates that a person has or may have been engaged in money laundering, that person shall, as soon as is reasonably practicable, either disclose that information to the Financial Reporting Authority or disclose that information to the Supervisory Authority, minister or Official Member by whom the person was appointed or authorised. (4) Any disclosure made by virtue of paragraphs (1) to (3) shall not be treated as a breach of any restriction imposed by statute or otherwise. (5) Any information — (a) which has been disclosed to the Financial Reporting Authority by virtue of paragraphs (1) to (4); and (b) which would, apart from paragraph (4), be subject to such a restriction as is mentioned in that paragraph, may be disclosed by the Financial Reporting Authority, or any person obtaining the information directly or indirectly from the Financial Reporting Authority, in connection with the investigation of any criminal offence or for the purpose of any criminal proceedings, but not otherwise. (6) In this regulation — “secondary recipient”, in relation to information obtained by a Supervisory Authority, a minister or Official Member, means any person to whom that information has been passed by the Supervisory Authority, a Minister or Official member. Part 12A - Designated Non-Financial Businesses and Professions Designation of DNFBPs and Supervisory Authorities 55A. Designated non-financial business and professions 55A. The following businesses and professions are designated as DNFBPs — (a) real estate agents and brokers; (b) dealers in precious metals; dealers in precious stones; Regulation 55B (d) firms of accountants; (e) firms of attorneys at law; and (f) any other business or profession for which a Supervisory Authority under regulation 55B is assigned, by Cabinet, under section 4(9) of the Act. 55B. Supervisory Authorities of DNFBPs 55B. The following bodies are designated by the Cabinet under section 4(9) of the Act as Supervisory Authorities of the following DNFBPs for the purposes of this Part — (a) the Department of Commerce and Investment - for real estate agents and brokers, dealers in precious metals, dealers in precious stones and any other business or profession for which it has been designated by the (b) the Cayman Islands Institute of Professional Accountants – for firms of accountants; and the Cayman Islands Legal Services Council or its delegate – for firms of attorneys at law that engage in or assist other persons in the planning or execution of relevant financial business, or otherwise act for or on behalf of such persons in relevant financial business 55C. Cooperation among Supervisory Authorities 55C. (1) Where there is more than one Supervisory Authority for a DNFBP, the Supervisory Authorities may agree that one of them will act as the Supervisory Authority for that DNFBP. (2) Where an agreement is made under paragraph (1), the Authority which has agreed to act as the Supervisory Authority shall notify the DNFBP or publish the agreement in such manner as it considers appropriate. (3) Where no agreement is made under paragraph (1), the Supervisory Authorities for a DNFBP shall cooperate in the performance of their functions under this Part. (4) Where natural or legal persons within a group structure are subject to supervision by different Supervisory Authorities, the Supervisory Authorities may cooperate with each other in the performance of their functions and shall consider any directives or recommendations of other authorities, made in relation to other persons in the group, in carrying out their supervisory responsibilities. 55D. Duties of Supervisory Authorities 55D. (1) A Supervisory Authority — (a) shall effectively monitor every DNFBP for which it is designated if the DNFBP is conducting relevant financial business; Regulation 55E (b) shall take necessary measures to ensure compliance by DNFBPs referred to in paragraph (a) with these Regulations; and may issue guidance, directives and procedures to be followed by DNFBPs referred to in paragraph (a) in order to promote compliance with these (2) Repealed by regulation 11 of the Anti-Money Laundering (Amendment) Regulations, 2020 (SL 2 of 2020). DNFBP Register 55E. Duty to maintain DNFBP register 55E. (1) A Supervisory Authority shall establish and maintain, in such form as it may determine to be appropriate, a DNFBP Register of all DNFBPs for which it is designated Supervisory Authority under this Part. (1A) A Supervisory Authority may impose registration fees for the purpose of defraying the cost of establishing and maintaining the DNFBP Register and discharging its responsibilities under these Regulations. (1B) The fees imposed under paragraph (1A) shall be subject to the approval of Cabinet and published in the Gazette. (2) The DNFBP Register shall contain the following information in respect of each DNFBP — (a) in the case of a body corporate, the name, country of incorporation, date of incorporation and registered office of the body corporate; (b) in the case of a partnership or limited liability partnership, the name, country of formation, date of formation and registered office of the partnership; in the case of a person that is not a corporate body, partnership or limited liability partnership, the name and address of the person; (d) the principal business address of the person in the Cayman Islands and the person’s telephone number and e-mail address, if any; (e) in the case of a DNFBP that is licensed or regulated — (i) the type of licence held by the DNFBP; and (ii) the name and address of the applicable licensing body or regulator; (f) the relevant business for which the person is registered or licensed; (fa) the name and date of appointment of — (i) the Anti-Money Laundering Compliance Officer; and (ii) the Money Laundering Reporting Officer and Deputy Money Laundering Reporting Officer, as applicable; Regulation 55F (g) the date of registration and, if applicable, de-registration of the DNFBP; and (h) such other information as the Supervisory Authority considers appropriate. (3) The DNFBP Register and the information contained in any document filed with the Supervisory Authority may be kept in such manner as the Supervisory Authority considers appropriate, including either wholly or partly, by means of a device or facility that — (a) records or stores information magnetically, electronically or by other means; and (b) permits the information recorded or stored to be inspected and reproduced in legible and usable form. 55F. Requirement for registration 55F. (1) A person who carries on or intends to carry on business as a DNFBP in or from within the Islands shall — (a) submit to the Supervisory Authority designated for that DNFBP — (i) a written declaration that the person carries on or intends to carry on business as a DNFBP; (ii) subject to paragraph (2), the registration information required under regulation 55E(2); (iii) information identifying the ownership and control structure of the DNFBP, including information on the beneficial owners of the DNFBP and all connected persons in relation to the DNFBP; and (iv) such other information as the Supervisory Authority reasonably considers appropriate in the exercise of its supervisory functions; and (b) where applicable, pay the registration fee imposed by the Supervisory Authority under regulation 55E(1A). (2) A person is not required to submit the registration information under paragraph (1)(a)(ii) if the person who carries on or intends to carry on business as a DNFBP provides written consent to the relevant government body or any other competent authority which holds such information, to provide the information to the Supervisory Authority designated for that DNFBP. 55G. Cancellation of registration 55G. (1) Subject to regulation 55I, a Supervisory Authority may cancel the registration of a DNFBP if — (a) the DNFBP contravenes or fails to comply with a provision of these Regulation 55H (b) the person carrying on business as a DNFBP or a connected person in relation to that DNFBP is not, in the opinion of the Supervisory Authority, a fit and proper person as described in regulation 55H; or the Supervisory Authority is satisfied that the DNFBP has ceased to carry on business or is a company which the Registrar has struck off the register of companies under section 156(1) of the Companies Act (2025 Revision). (2) A Supervisory Authority shall not cancel the registration of a DNFBP under paragraph (1)(a) unless, in the opinion of the Supervisory Authority — (a) the breach cannot be adequately sanctioned by imposing an administrative fine; or (b) the contravention or failure to comply is so serious, egregious or frequent as to preclude the DNFBP from being permitted to continue to carry on relevant financial business in the Islands. 55H. Fit and proper person test 55H. (1) In determining whether a person who carries on business as a DNFBP or a connected person is a fit and proper person, the Supervisory Authority designated for that DNFBP shall have regard to — (a) the person’s probity, competence and soundness of judgement for fulfilling the responsibilities of the position; (b) the diligence with which the person is fulfilling or likely to fulfil the responsibilities; and whether the interests of the DNFBP are, or are likely to be, in any way threatened by the person holding the position. (2) Without prejudice to the generality of paragraph (1), regard may be had to the previous conduct and activities in business or financial matters of the person in question and, in particular, to any evidence that the person has — (a) committed an offence involving fraud or other dishonesty or violence; (b) contravened any provision made by or under any enactment designed for protecting members of the public against financial loss due to — (i) dishonesty, incompetence or malpractice by persons concerned in the provision of services by the non-financial business or profession or the management of companies; or (ii) the conduct of discharged or undischarged bankrupts; engaged in any business practices appearing to be deceitful or oppressive or otherwise improper (whether lawful or not) or which discredit the person’s method of conducting business; and Regulation 55I (d) engaged in or has been associated with any other business practices or otherwise acted in such a way as to cast doubt on the person’s competence and soundness of judgement. 55I. Representations by DNFBP 55I. (1) Where a Supervisory Authority proposes to cancel the registration of a DNFBP, it shall give a warning notice to the DNFBP stating — (a) the proposed date from which the cancellation is to take effect; (b) the reasons for its decision; and the right of the DNFBP to make representations to the Supervisory Authority objecting to the cancellation, within a specified period of not less than thirty days. (2) After considering any representations made by the DNFBP, the Supervisory Authority shall decide within one month of the end of the period specified in paragraph (1)(c) whether to cancel the DNFBP’s registration. 55J. Notification of cancellation of registration 55J. (1) If the Supervisory Authority decides to cancel the registration of the DNFBP, it shall provide a notice of the decision, together with the reasons for the decision, to the person carrying on business as a DNFBP and to one of the following — (a) the Trade and Business Licensing Board, if the person holds a licence granted under section 21 of the Trade and Business Licensing Act (2021 Revision) for carrying on that business; (b) the Council of the Cayman Islands Institute of Professional Accountants, if the person holds a licence granted under section 11 or 12 of the Accountants Act (2024 Revision) for carrying on that business; or the Chief Justice, if the DNFBP is carried on by — (i) a natural person admitted to practice as an attorney at law under the Legal Practitioners Act (2022 Revision); or (ii) a firm or recognised body holding an annual operational licence issued under section 13 of the Legal Practitioners Act (2022 (2) The notice provided to a licensing body or other authority under paragraphs (1)(a), (b) or (c) shall include a recommendation from the Supervisory Authority that the body or authority suspend, revoke or limit the DNFBP’s licence in order to prevent it from carrying on relevant financial business in the Islands. Regulation 55K Obligations of DNFBPs 55K. Repealed 55K. Repealed by regulation 4 of the Anti-Money Laundering (Amendment) Regulations, 2019 (SL 25 of 2019). 55L. Limitation 55L. (1) A person is not required to provide information or documents or to answer questions under regulation 53A(1) or (3) unless — (a) the notice sets out the reasons why the Supervisory Authority requires the information; and (b) the information, documents or answers are reasonably required by the Supervisory Authority in the exercise of its responsibilities under this Part. (2) A person is not required under regulation 53A(1) or (3) to provide or produce information, or to answer questions, which the person would be entitled to refuse to provide, produce or answer on grounds of legal professional privilege in proceedings in the Grand Court, except that an attorney-at-law may be required to provide the name and address of the attorney’s client. (3) Section 170 of the Act applies with appropriate modifications to statements made by a person in compliance with a duty imposed under regulation 53A(4) as the section applies to statements made by a relevant institution in response to a customer information order. 55M. Duty to allow site visits by Supervisory Authority 55M. (1) A person carrying on business as a DNFBP or a connected person in relation to the DNFBP shall, on request by the Supervisory Authority designated for that DNFBP, allow an officer or employee of the Supervisory Authority, on producing evidence of authority, to have access at any reasonable time to any premises being used in connection with the business of the DNFBP and shall allow the officer or employee — (a) to enter and inspect the premises; (b) to observe the carrying on of business; to inspect any recorded information found on the premises and to take copies of, or extracts from, any such information; and (d) to ask any person on the premises for an explanation of any recorded information or to state where it may be found. (2) A person is not required to allow access to premises under paragraph (1) unless the information sought by the officer or employee of the Supervisory Authority is reasonably required by the Supervisory Authority in the exercise of its functions under this Part. Regulation 55MA 55MA.Duty to notify Supervisory Authority 55MA.(1) Subject to paragraph (4), a person who carries on business as a DNFBP which conducts relevant financial business shall notify the Supervisory Authority designated for that DNFBP, in writing, of any change in the assessment of the risk of the person after conducting an assessment of risk in accordance with regulation 8, no later than thirty days after the date on which the change occurs. (2) A person who carries on business as a DNFBP shall notify the Supervisory Authority designated for that DNFBP, in writing, of any change in — (a) information previously requested by the Supervisory Authority under regulation 53AA; and (b) the information required to be submitted under regulations 55E and 55F, no later than thirty days after the date on which the change occurs. (3) Subject to paragraph (4), a person who carries on business as a DNFBP to whom paragraph (1) or (2) applies, shall provide to the Supervisory Authority designated for that DNFBP — (a) all relevant information which relates to any change notified under paragraph (1) or (2); and (b) such other information as the Supervisory Authority may request from the person. (4) A person who carries on business as a DNFBP which conducts relevant financial business is not required to — (a) notify the Supervisory Authority designated for that DNFBP in accordance with paragraph (1); or (b) provide information to the Supervisory Authority designated for that DNFBP in accordance with paragraph (3), if that person provides written consent to the relevant government body or any other competent authority which holds such information, to provide the information to the Supervisory Authority designated for that DNFBP. 55N. Failure to comply with information requirements 55N. (1) If, on an application made by a Supervisory Authority, it appears to the Grand Court that a person has failed to do something that they were required to do under regulation 53A(2) or (4) or 55M(1) the Court may make an order under this regulation. (2) An order under this regulation may require the person referred to in paragraph (1) — (a) to do the thing that the person failed to do within such period as may be specified in the order; or Regulation 55O (b) otherwise to take such steps to remedy the consequences of the failure as may be specified by the Court. (3) If the person referred to in paragraph (1) is a body corporate, a partnership or an unincorporated body of persons which is not a partnership, the order may require any officer of the body corporate, partnership or unincorporated body, who is (wholly or partly) responsible for the failure to meet such costs of the application as are specified in the order. (4) In subsection (3), “officer” includes a director, secretary or senior executive of the body corporate, partnership or unincorporated body, regardless of job title. 55O. False or misleading information 55O. A person shall not, for any purpose of this Part — (a) provide any information, make any representation or submit any document to a Supervisory Authority that the person knows to be false or materially misleading or does not believe to be true; or (b) recklessly provide any information, make any representation or submit any document to a Supervisory Authority that is false or materially misleading. Restrictions on the Disclosure of Information by Supervisory Authorities 55P. Prohibition on disclosure of information 55P. (1) A person shall not disclose protected information without the consent of — (a) the person from whom the information was obtained; and (b) if different, the person to whom the information relates. (2) In this regulation “protected information” — (a) means information relating to the business or affairs of any person that is acquired by one of the following persons for the purposes of discharging the person’s functions under the Act — (i) the Supervisory Authority or one of its officers or employees; or (ii) a person acting under the authority of a DNFBP or an officer or employee of that person; but (b) does not include information that — (i) is or has been available to the public; or (ii) is disclosed in a summary or in statistics expressed in a manner that does not enable the identity of particular persons to whom the information relates to be determined. Regulation 55Q 55Q. Where disclosure is permitted 55Q. Regulation 55P does does not apply to a disclosure — (a) by a person specified in paragraph (1)(a) or (b) of that regulation if the disclosure is made for the purpose of discharging any function or exercising any power under the Act, whether the function or power is of the person disclosing the information or of the Supervisory Authority; (b) by any person where the disclosure is — (i) made to a competent authority or a Supervisory Authority; (ii) made in accordance with an order of any Court of competent jurisdiction in the Islands; or (iii) required or permitted by the Act or any other law; or (c) by a person other than the Supervisory Authority, where the disclosure is made with the written consent of the Supervisory Authority and could lawfully have been made by it. Administrative Fines 55R. Power to impose administrative fines 55R. (1) A Supervisory Authority designated for a DNFBP may impose an administrative fine, under regulation 55S, on the DNFBP if it contravenes a provision of these Regulations. (1A) A Supervisory Authority may impose an administrative fine on a director, manager, secretary, partner or other similar officer of a DNFBP or a person who was purporting to act in any such capacity (however designated) where the DNFBP contravenes these Regulations and it is proved that the contravention was — (a) committed with the consent or connivance of; or (b) attributable to any neglect on the part of, the director, manager, secretary, partner or other similar officer of the DNFBP or a person who was purporting to act in any such capacity (however designated). (2) Where a DNFBP contravenes a prescribed provision in Column 1 of the Table in Schedule 2, the categories of breach in Column 2 of the Table in Schedule 2, shall be prescribed as minor, serious or very serious and the breach may be proceeded with under regulation 55S. (3) A Supervisory Authority may issue guidance on the enforcement of administrative fines for a breach prescribed as minor under these regulations. Regulation 55S 55S. Fine amounts 55S. (1) For a breach prescribed as minor the fine is five thousand dollars. (1A) Notwithstanding section 43 of the Interpretation Act (1995 Revision), where the fine under paragraph (1) is imposed as an administrative fine by the Supervisory Authority, the fine is the exact amount stated in paragraph (1) and not the maximum amount. (2) For a breach prescribed as minor, a Supervisory Authority designated for a DNFBP may impose one or more continuing fines of five thousand dollars each, in addition to the fine already imposed for the breach (the “initial fine”), at intervals it decides, until the earliest of the following occurs — (a) the breach stops or is remedied; (b) payment of the initial fine and continuing fines imposed for the breach; or the total of the initial fine and continuing fines for the breach reaches twenty thousand dollars. (3) For a breach prescribed as serious, the fine is — (a) fifty thousand dollars for an individual; (b) one hundred thousand dollars for a body corporate; (c) one hundred thousand dollars for a partnership; or (d) one hundred thousand dollars for an unincorporated association other than a partnership. (4) For a breach prescribed as very serious, the fine is — (a) one hundred thousand dollars for an individual; (b) two hundred and fifty thousand dollars for a body corporate; (c) two hundred and fifty thousand dollars for a partnership; or (d) two hundred and fifty thousand dollars for an unincorporated association other than a partnership. (5) For breaches prescribed as serious or very serious the Supervisory Authority designated for a DNFBP has a discretion to decide whether to impose a fine and the amount of the fine, taking into consideration the criteria under regulations 55V, 55X and 55Y. 55T. Limitation period 55T. (1) A Supervisory Authority designated for a DNFBP shall not impose an administrative fine after the expiration of the following period from the date on which it became aware of the breach — (a) six months for a breach prescribed as minor; or (b) two years for a breach prescribed as serious or very serious. Regulation 55U (2) For the purposes of paragraph (1), a Supervisory Authority is deemed to have become aware of the breach when the Supervisory Authority first received information from which the breach could have reasonably been inferred. 55U. Relationship with penalties 55U. (1) Where a breach of a prescribed provision is an offence, a Supervisory Authority designated for a DNFBP may, subject to paragraphs (2) and (3) — (a) impose an administrative fine in accordance with these Regulations; or (b) recommend to the Director of Public Prosecutions that the contravention be prosecuted as an offence. (2) Where a breach of a prescribed provision is an offence, the imposition of an administrative fine for the breach shall not preclude a prosecution for the breach where the administrative fine remains unpaid after twenty-eight days of the issue of a fine notice. (3) Where a breach of a prescribed provision is prosecuted as an offence, the prosecution of the breach as an offence shall preclude a Supervisory Authority designated for a DNFBP from imposing an administrative fine in accordance with these Regulations. (4) Where a Supervisory Authority designated for a DNFBP commences proceedings for a breach of a prescribed provision by imposing an administrative fine, the payment of the administrative fine within twenty-eight days of the issue of a fine notice constitutes a discharge from liability for conviction for a breach of a prescribed provision that is an offence. 55V. Principles for making fine decision 55V. (1) In making a decision under regulation 55S(5), a Supervisory Authority designated for a DNFBP shall consider any relevant factors including the following criteria — (a) the criteria under regulations 55X and 55Y after applying any prescribed relative weight that must be given to the criteria; and (b) the following principles, in the following order of importance — (i) firstly, the disgorgement principle; (ii) secondly, the disciplinary principle; and (iii) thirdly, the deterrence principle. (2) In exercising a fine discretion under regulation 55S(5), the principles under paragraph (1)(b) shall prevail over the criteria prescribed under regulations 55X and 55Y. (3) Notwithstanding paragraph (2), a Supervisory Authority designated for a DNFBP may consider the criteria under regulation 55X or 55Y and reduce the amount of a fine. Regulation 55W (4) Notwithstanding paragraph (1)(a), a Supervisory Authority designated for a DNFBP may consider a particular criteria to the extent it considers the criteria relevant to making the decision. (5) In this regulation — “deterrence principle” means the principle applied to deter DNFBPs which carry out relevant financial business and connected persons from breaching prescribed provisions; “disciplinary principle” means the principle applied to punish intentional, reckless or negligent breaches of prescribed provisions; and “disgorgement principle” means the principle applied to ensure that — (a) DNFBPs which carry out relevant financial business and connected persons do not gain (including by avoiding losses) from breaching prescribed provisions; and (b) persons mentioned in paragraph (a) disgorge all such gains. Discretionary fine criteria 55W. Application of discretionary fine criteria 55W. For the purposes of regulation 55S(5) and 55V(1)(a), the criteria for exercising fine discretions shall apply when — (a) issuing breach notices; (b) considering or reconsidering matters under regulation 55ZD(2) or 55ZO(2)(b); and imposing discretionary fines. 55X. Criteria in relation to both fine and amount 55X. (1) The following are the criteria for exercising fine discretions under regulation 55W — (a) the nature and seriousness of the breach; (b) the degree of the party’s inadvertence, intent or negligence in committing the breach; where the breach is a continuing one, its duration; (d) the measures or precautions the party took to prevent the breach; (e) the measures or precautions that a reasonable person in the party’s position, acting prudently and exercising due diligence, would have taken to prevent the breach; (f) whether the breach was due to — (i) reasonable reliance on information given to the party; or Regulation 55Y (ii) a cause beyond the party’s control, including, for example, someone else’s act or default or an accident; (g) the degree of difficulty in detecting the breach; (h) evidence of intent by the party to conceal the breach or mislead the (i) the party’s conduct after becoming aware of the breach, including — (i) whether and how quickly the party brought the breach to the attention of the Supervisory Authority; and (ii) the party’s efforts to remedy the breach or prevent its reoccurrence; (j) any financial or other damage or loss or other harm done or caused by the breach, including, for example, to — (i) the party’s creditors, customers, investors, policyholders or shareholders; or (ii) the performance of the functions of the Supervisory Authority; (k) whether, before or after the breach, there was a change to the party’s business or affairs that affects or may affect the consequences of the breach for the party, including, for example, the party’s ability to pay a fine; where the Supervisory Authority previously imposed a fine on the party for a similar breach, the amount of that fine; and (m) the party’s history of compliance with these Regulations and similar laws in other jurisdictions in the five years before the breach. (2) A Supervisory Authority designated for a DNFBP shall only take into account the party’s compliance with and breaches of those laws in other jurisdictions of which it is aware or made aware by the party, when considering the criteria under paragraph (1)(m) . (3) Paragraph (2) applies even if no punishment was imposed or no other action relating to the breach was taken under those laws in other jurisdictions. 55Y. Additional criteria in relation to fine amount 55Y. In deciding the amount of a fine when exercising fine discretions, the criteria also include — (a) the following in relation to the party — (i) any circumstances of mitigation that may exist; (ii) resources and ability to pay; and (iii) financial hardship; (b) potential adverse financial consequences on third parties of imposing a fine in the amount proposed; and Regulation 55Z a circumstance that aggravates, or may tend to aggravate, the breach or its effects. 55Z. Power to discount usual fine to reflect agreement 55Z. (1) A Supervisory Authority designated for a DNFBP may negotiate with a party to attempt to reach a discount agreement with the party, whether or not it has given a breach notice. (2) Subject to paragraph (3), the Supervisory Authority may discount the usual fine to reflect the fact of the discount agreement and the stage in the fine process under regulations 55ZA, 55ZB, 55ZC, 55ZD, 55ZF and 55ZG at which the agreement was reached. (3) The Supervisory Authority shall not discount any component of the usual fine that represents the application of the disgorgement principle under regulation 55V. (4) In this regulation, “usual fine” means the amount of the fine the Supervisory Authority decided, or would otherwise have decided — (a) before taking into account the discount agreement; and (b) after considering — (i) any relevant criteria, including the criteria and principles under regulation 55V; and (ii) the criteria under regulation 55X or 55Y. General 55ZA. Steps required 55ZA.(1) A Supervisory Authority designated for a DNFBP may only impose a minor fine or discretionary fine by taking the following steps — (a) giving a party a breach notice; (b) where regulation 55ZD applies, complying with that regulation; and giving a party a fine notice. (2) The following exceptions apply in relation to the steps under paragraph (1) where a Supervisory Authority designated for a DNFBP decides to impose a discretionary fine — (a) where the party entered into a discount agreement for the breach and the fine is no more than the amount agreed under the agreement, a fine notice may be given without first giving a breach notice; and (b) where a fine is varied on appeal under regulation 55ZO(2), the steps do not apply to the fine as varied. Regulation 55ZB (3) A Supervisory Authority designated for a DNFBP may only impose a minor fine (continuing) — (a) by giving the party a fine notice; and (b) if the relevant minor fine is not stayed. (4) A decision in relation to the imposition of a minor fine, a minor fine (continuing) or a discretionary fine shall be made on the balance of probabilities. 55ZB. Notice containing an inaccuracy 55ZB. A breach notice, rectification notice or fine notice which contains an inaccuracy is only invalid because of the inaccuracy where a party establishes that — (a) the inaccuracy was material; and (b) the inaccuracy misled the party. 55ZC.Requirements for breach notice 55ZC.(1) A breach notice shall be dated and state the following — (a) the party’s name; (b) that the Supervisory Authority proposes to impose a fine on the party for a specified breach that the Supervisory Authority believes the party committed; the prescribed provision for which the fine is proposed to be imposed; (d) the nature of the specified breach; (e) a summary of the facts and circumstances that the Supervisory Authority believes constituted the specified breach; (f) whether the Supervisory Authority proposes to impose — (i) a minor fine; or (ii) a discretionary fine, for the specified breach and the amount of the fine; (g) that, for a discretionary fine, the party may give the Supervisory Authority a reply within the reply period under paragraph (2); (h) that, for a minor fine, the party shall rectify the breach and submit a rectification notice to the Supervisory Authority indicating that the breach has been rectified within thirty days of receipt of the notice. (2) The reply period shall end no less than thirty days after the giving of a breach notice. 55ZD.Duty to consider reply 55ZD.(1) A Supervisory Authority designated for a DNFBP shall act in accordance with paragraph (2) where — Regulation 55ZE (a) a breach notice is given for a discretionary fine; (b) the reply period ends; and a reply is given. (2) Where paragraph (1) applies, the Supervisory Authority under paragraph (1) shall — (a) reconsider whether it still holds the belief stated in the breach notice, in light of all the matters raised in the reply concerning that belief; and (b) where a breach notice was for a discretionary fine, consider the matters raised in the reply to the extent that the matters raised are relevant to exercising fine discretions. 55ZE. Imposition of a minor fine or minor fine (continuing) 55ZE.(1) A Supervisory Authority designated for a DNFBP which issues a breach notice for a minor fine shall impose a fine in accordance with regulation 55S(1). (2) Where a breach notice is issued for a minor fine and a Supervisory Authority is not satisfied that the breach was rectified within thirty days of receipt of the notice, the Supervisory Authority may impose a fine in accordance with regulation 55S (2). (3) Where a Supervisory Authority designated for a DNFBP imposes a minor fine or a minor fine (continuing), it may decide that the fine is payable immediately on the giving of a fine notice or within a particular period stated in the fine notice. Imposing a fine 55ZF. Decision about fine 55ZF.(1) This regulation applies at the end of the reply period in relation to a breach notice where — (a) no reply is given; or (b) a reply is given and a Supervisory Authority designated for a DNFBP has complied with regulation 55ZD. (2) Repealed by regulation 18(a) of the Anti-Money Laundering (Amendment) Regulations, 2020 (SL 2 of 2020). (3) Where a breach notice is issued for a discretionary fine, the Supervisory Authority may exercise fine discretions. (4) The amount of a discretionary fine shall not be more than the amount stated in the breach notice. Regulation 55ZG (5) Where a Supervisory Authority designated for a DNFBP imposes a fine, it may decide that the fine is payable immediately on the giving of a fine notice or within a particular period stated in the fine notice. (6) Where a Supervisory Authority designated for a DNFBP decides not to impose a fine, it shall give the party notice of the decision within fifteen days after the end of the reply period. 55ZG.Requirements for fine notice 55ZG.(1) A fine notice shall be dated and state the following — (a) the party’s name; (b) that the Supervisory Authority has imposed a specified fine on the party; the amount of the fine; and (d) when the fine shall be paid. (2) Where the specified fine is a minor fine, the fine notice under paragraph (1) shall also state — (a) the prescribed provision for which the fine is imposed; (b) a description of the breach; and (3) Where the specified fine is a minor fine (continuing), the fine notice under paragraph (1) shall also state — (a) the date of the fine notice given for the relevant minor fine; (b) if a rectification notice was given within thirty days of the issue of a breach notice for the relevant minor fine, the reasons why the Supervisory Authority is not satisfied that the breach was rectified within thirty days of the issue of the breach notice; and (c) that the party may, within thirty days after receiving the fine notice, apply to the relevant person or body within the Supervisory Authority to review the decision to impose the fine. (4) Where the specified fine is a discretionary fine, the fine notice under paragraph (1) shall also state — (a) the prescribed provision for which the fine is imposed; (b) a description of the breach; the reasons for the way in which fine discretions were exercised; and (d) that the party may, within thirty days after receiving the fine notice, apply to the Grand Court for leave to appeal against the decision to impose the fine, the amount of the fine or both. Regulation 55ZH Internal review of minor fines by a Supervisory Authority designated for a DNFBP 55ZH.Application to relevant person or body within the Supervisory Authority designated for a DNFBP for review 55ZH.(1) A party who has received a fine notice for a minor fine or minor fine (continuing) may apply to the Supervisory Authority designated for the DNFBP for the relevant person or body within the Supervisory Authority to review the original decision. (2) An application under paragraph (1) shall — (a) be made within thirty days from the date of receipt of the fine notice; and (b) shall contain — (i) in respect of the applicant — (A) the name of the applicant; (B) the physical address of the applicant; and (C) the email address of the applicant; and (ii) in respect of the particulars of the application — (A) the prescribed provision set out in the fine notice; (B) the grounds on which the applicant relies for the review; and (C) the facts and circumstances on which the applicant relies for the review. 55ZI. No stay of original decision 55ZI. An application for review under regulation 55ZH does not stay the operation of the original decision. 55ZJ. Decision by relevant person or body within the Supervisory Authority upon review 55ZJ.(1) The relevant person or body within a Supervisory Authority designated for a DNFBP shall, within twenty days after receiving an application for review under regulation 55ZH reconsider the original decision and decide whether to affirm or set aside the original decision. (2) The relevant person or body within the Supervisory Authority shall, within ten days after making a decision on the application, give the party notice of its decision. (3) Where the relevant person or body within the Supervisory Authority affirms the original decision, the notice of the decision on the application for review shall state — (a) the reasons for the decision; and Regulation 55ZK (b) that the party may apply to the Grand Court for judicial review of the decision. (4) Where the relevant person or body within the Supervisory Authority sets aside the original decision, the original decision is deemed to have never been made. (5) The appropriate person within the Supervisory Authority who made the original decision may make written representations to the relevant person or body within the Supervisory Authority concerning an application for review of the original decision, but shall not otherwise participate in any discussion, decision, debate or vote of the relevant person or body concerning the review. Appeal against discretionary fines to Grand Court 55ZK. Application to the Grand Court for leave to appeal 55ZK.(1) A party who receives a fine notice for a discretionary fine may apply to the Grand Court within thirty days after receiving the fine notice for leave to appeal against the original decision. (2) The Grand Court may only grant leave to appeal under this regulation where — (a) the party has grounds for seeking judicial review of the decision; or (b) the decision was made with a lack of proportionality or was not rational. (3) Notwithstanding paragraph (1), a party may not apply for leave to appeal against the original decision if the party entered into a discount agreement for the breach and the fine is no more than the amount agreed to in the discount agreement. 55ZL. Application of Grand Court Rules and practice directions on judicial review 55ZL.(1) The Grand Court Rules (2023 Revision) and the Court’s practice directions about judicial review apply to an appeal, with necessary changes, as if the appeal were an application for judicial review. (2) Notwithstanding paragraph (1), the Court’s rules about alternative dispute resolution do not apply to the appeal. 55ZM.Security for costs 55ZM. A Supervisory Authority designated for a DNFBP may apply to the Grand Court for — (a) an order that the appellant provide sufficient security for costs; and (b) a stay of the appeal proceedings until the security is provided. 55ZN. Stay of original decision only by application 55ZN.(1) An appeal does not stay the operation of an original decision. Regulation 55ZO (2) The Grand Court may, on an appellant’s application, order that the fine imposed by an original decision be stayed to secure the effectiveness of the appeal. (3) The stay ordered by the Grand Court under paragraph (2)— (a) may be given on conditions that the Grand Court considers appropriate; (b) operates for the period fixed by the Grand Court; and may be amended or revoked by the Grand Court. (4) The period of a stay shall not extend past when the Grand Court determines the appeal. 55ZO.Hearing and outcome 55ZO.(1) An appeal may only be determined on the evidence on which the Supervisory Authority exercised the relevant fine discretions. (2) After hearing an appeal, the Grand Court may — (a) affirm, set aside or vary the original decision; or (b) set aside the original decision and remit the matter to the Supervisory Authority for it to reconsider subject to such directions as the Court considers fit. (3) The following apply if the Grand Court’s decision is to affirm the original decision or to vary it in a way that a fine is still imposed — (a) the Grand Court’s decision is (other than in relation to regulations 55ZA, 55ZH and 55ZK) deemed to have been the original decision; (b) the Grand Court may, at the Supervisory Authority’s request, give judgment against the party for all or any part of the fine that continues to be owing, and for interest; and the request of the Supervisory Authority under subparagraph (b) may be made during the appeal, when the Grand Court’s decision is handed down or at any later time on the tendering of a certificate under regulation 55ZU(2)(d) about the amount owing. (4) Where the Grand Court sets aside the original decision and does not remit the matter to the Supervisory Authority for reconsideration — (a) both the fine and interest are deemed to have never been owing; and (b) any minor fine (continuing) imposed for the breach is deemed to have also been set aside and to have never been owed. Regulation 55ZP Fine is a debt to the Crown 55ZP. Fine is a debt to the Crown 55ZP.(1) Subject to paragraph (2), where a fine is not paid by the date stated in the relevant fine notice, the fine becomes a debt owing to the Crown. (2) The following factors affect whether the fine in the fine notice becomes a debt owing to the Crown under paragraph (1) — (a) whether the fine was set aside on review under regulation 55ZJ or on appeal under regulation 55ZO; and (b) whether the fine was varied on appeal under regulation 55ZO. (3) Where the fine under the fine notice was varied on appeal under regulation 55ZO, the varied fine becomes a debt owing to the Crown where the fine is not paid by the date stated in the order of the Grand Court. 55ZQ.Interest on fines 55ZQ.(1) Interest accrues at a rate of five per cent annually while all or any part of a fine continues to be owing, starting on the day immediately after the fine becomes a debt to the Crown and ending on the day the fine is paid in full. (2) Interest under paragraph (1) accrues daily and as compound interest. (3) Interest under paragraph (1) is a debt owing to the Crown. (4) The accruing of interest applies even while the fine is stayed. (5) Payments relating to the fine are to be applied to the interest first. (6) This regulation is subject to any setting aside or variation of the fine in a review applied for under regulation 55ZH or an appeal. 55ZR.Payment of more than one fine 55ZR.Where more than one fine is imposed on a party, payments for the fines are to be applied in the order in which the fines and interest became owing. 55ZS. Enforcement 55ZS.(1) The Crown may recover in a civil proceeding, as a debt owing to the Crown, the unpaid amount of a fine or interest, or both. (2) Paragraph (1) does not apply while the fine is stayed. (3) A proceeding to recover a debt under this regulation does not prevent — (a) interest continuing to accrue on the total owing; or (b) where the party is a body corporate, the Crown enforcing the fine by serving a winding up notice for the debt. Regulation 55ZT Miscellaneous 55ZT. Electronic notices by the Supervisory Authority 55ZT.(1) A Supervisory Authority designated for a DNFBP may give a party a notice for any purpose under these Regulations by sending it to — (a) the email address that the party last provided the Supervisory Authority with; (b) where the party is a body corporate (either in its own right or as a trustee of a trust), the email address that the body corporate last provided to the Supervisory Authority, of — (i) any of its directors or members; or (ii) its registered office provider; or where the party is a partnership, the email address that the partnership last provided to the Supervisory Authority of — (i) any of its partners; or (ii) its registered office provider (if the party has a registered office). (2) In this regulation — “partner” does not include a limited partner of a limited partnership; and “registered office provider” means the person who provides or maintains the party’s registered office as required by law. 55ZU.Evidentiary provisions 55ZU.(1) A signature purporting to be the signature of anyone acting on behalf of the Supervisory Authority designated for a DNFBP is evidence of the signature it purports to be, unless the contrary is proved. (2) A certificate signed, or purporting to be signed, by anyone acting on the Supervisory Authority’s behalf stating a matter as follows, is evidence — (a) that a stated document is a copy of a notice given under this Part; (b) that an email address stated in the copy was, when the notice was given to its stated recipient, the recipient’s email address under regulation 55ZT; that on a stated day the recipient was given the notice in a stated way; or (d) that a fine of a stated amount is owing by a stated person. PART 13 - Offences, Repeal, Savings and Transitional Offences

(1) A person who contravenes these Regulations commits an offence and is liable — Regulation 57 (a) on summary conviction, to a fine of five hundred thousand dollars; or (b) on conviction on indictment, to a fine and to imprisonment for two years. (2) In determining whether a person has complied with any of the requirements of these Regulations — (a) a court shall take into account any relevant supervisory or regulatory guidance which applies to that person; and (b) a court may take into account any other relevant guidance issued by a body in the Islands that regulates, or is representative of, any trade, profession, business or employment carried on by that person. (3) In proceedings against a person for an offence under these Regulations, it shall be a defence for the person to show that that person took all reasonable steps and exercised all due diligence to avoid committing the offence. (4) In determining whether to exercise any of its enforcement powers for a breach of these Regulations, the Supervisory Authority shall take into account — (a) these Regulations; and (b) any applicable supervisory or regulatory guidance. Offences by bodies corporate, partnerships and unincorporated associations

(1) Where an offence under these Regulations committed by a body corporate is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of, a director, manager, secretary or other similar officer of the body corporate or a person who was purporting to act in any such capacity, the person, as well as the body corporate, commits that offence and, subject to regulation 55U, is liable — (a) to the penalty under regulation 56; or (b) to an administrative fine imposed by — (i) the Monetary Authority in accordance with the Monetary Authority Act (2020 Revision) or regulations made under that Act; or (ii) a Supervisory Authority other than the Monetary Authority in accordance with these Regulations. (2) Where the affairs of a body corporate are managed by the members, paragraph (1) shall apply in relation to the acts and defaults of a member in connection with the member’s functions of management as if that member were a director of a body corporate. (3) Where an offence under these Regulations committed by a partnership, or by an unincorporated association other than a partnership, is proved to have been committed with the consent or connivance of, or is attributable to any neglect on the part of, a partner in the partnership or a person concerned in the Regulation 58 management or control of the association, the partner or person, as well as the partnership or association, commits that offence and subject to regulation 55U, is liable — (a) to the penalty under regulation 56; or (b) to an administrative fine imposed by — (i) the Monetary Authority in accordance with the Monetary Authority Act (2020 Revision) or regulations made under that Act; or (ii) a Supervisory Authority other than the Monetary Authority in accordance with these Regulations. Repeal and savings

(1) Subject to paragraph (2) the Money Laundering Regulations (2015 Revision) are repealed. (2) All proceedings in respect of offences committed against the Regulations repealed in paragraph (1) prior to the coming into force of these Regulations may be commenced or continued as if these Regulations had not come into force. Transitional

The Anti-Money Laundering (Amendment) Regulations, 2017 do not apply to a person carrying on relevant financial business, in relation to the activities described at items 19 and 20 of Schedule 6 of the Act, until 31st May, 2018. SCHEDULE 1 CLASSES OF LONG-TERM BUSINESS Number Description Nature of Business Life and annuity on human life or contracts to pay annuities on human life, but excluding (in each case) contracts within Class 3 below. Marriage and birth to provide a sum on marriage or on the birth of a child, being contracts expressed to be in effect for a period of more than one year. Linked long term on human life or contracts to pay annuities on human life where the benefits are wholly or partly to be determined by reference to the value of, or the income from, property of any description (whether or not specified in the contracts) or by reference to fluctuations in, or in an index of, the value of property of any description (whether or not so specified). Permanent health providing specified benefits against risks of persons becoming incapacitated in consequence of sustaining injury as a result of an accident, of an accident of a specified class or of sickness or infirmity, being contracts that — (a) are expressed to be in effect for a period of not less than five years for the persons concerned, or without limit of time; and (b) either are not expressed to be terminable by the insurer, or are expressed to be so terminable only in special circumstances mentioned in the contract. Tontines Effecting and carrying out tontines. Capital redemption Effecting and carrying out capital redemption contracts. Number Description Nature of Business Pension fund management Effecting and carrying out — (a) contracts to manage the investments of pension funds; or (b) contracts of the kind mentioned in paragraph (a) that are combined with contracts of insurance covering either conservation of capital or payment of a minimum interest. SCHEDULE 2 (regulation 55R) PRESCRIBED PROVISIONS AND BREACH CATEGORIES Column 1 Prescribed provision Column 2 Category of breach 5(a), (c), (d) or (e) 5(b) 40(1) to (5) 40(6) 47(3) to (5) 50 and 51 52 and 53 53A and 53AA 55F 55M 55O Publication in consolidated and revised form authorised by the Cabinet this 21st day of January, 2025. Kim Bullings Clerk of the Cabinet Table of Legislation History: SL# Act/Law # Legislation Commencement Gazette 8/2024 Anti-Money Laundering (Amendment) Regulations, 2024 19-Apr-2024 LG17/2024/s1 Anti-Money Laundering Regulations (2023 Revision) 12-Jan-2023 LG1/2023/s1 11/2022 Regulations, 2020 (Commencement of regulation 8) Order, 2022 30-Mar-2022 LG14/2022/s1 56/2020 Citation of Acts of Parliament Act, 2020 3-Dec-2020 LG89/2020/s1 35/2020 Civil Partnership Law, 2020 4-Sep-2020 LG64/2020/s1 140/2020 Anti-Money Laundering (Amendment) (No. 3) Regulations, 2020 12-Nov-2020 LG84/2020/s8 73/2020 Regulations, 2020 1-Jul-2022 LG39/2020/s2 2/2020 Anti-Money Laundering (Amendment) Regulations, 2020 5-Aug-2020 LG7/2020/s3 GN45/2019 Notice – Section 4(9) of the Proceeds of Crime – Attorneys 12-Jun-2019 GE45/2019/p41 GN26/2019 Notice – Section 4(9) of the Proceeds of Crime – Real Estate 10-Apr-2019 GE26/2019/p5 Anti-Money Laundering Regulations (2020 Revision) 9-Jan-2020 LG4/2020/s3 28/2019 Regulations, 2019 18-Jul-2019 LG26/2019/s1 25/2019 Anti-Money Laundering (Amendment) Regulations, 2019 5-Jun-2019 LG19/2019/s1 Anti-Money Laundering Regulations (2018 Revision) 16-Mar-2018 GE33/2018/s2 96/2017 Anti-Money Laundering (Designated Non-Financial Business and Professions) (Amendment) (No. 2) Regulations, 2017 13-Dec-2017 GE105/2017/s3 84/2017 Anti-Money Laundering (Amendment) Regulations, 2017 3-Nov-2017 GE93/2017/s1 77/2017 2-Oct-2017 GE79/2017/s1 (Price: $16.80)