Financial Crime World

Anti-Money Laundering (AML) and Know Your Customer (KYC) Regulations in Gibraltar

Identity Verification

Identity verification is a critical component of Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations in Gibraltar. It’s not a one-time process, but rather an ongoing requirement that must be performed multiple times as per regulations.

  • Multiple instances: Identity verification is required at various stages, including:
    • Onboarding new customers
    • Dealing with transaction data
    • Facing higher risks from customers
  • Continuous monitoring: It’s essential to continuously monitor and verify customer identities to ensure compliance with AML/KYC regulations.

Politically Exposed Persons (PEPs) and Enhanced Due Diligence (EDD) Measures

Gibraltar’s regulations require businesses to determine if a customer is a Politically Exposed Person (PEP), holds a public office, or exhibits a higher risk profile. This is because PEPs pose a higher risk of money laundering and other financial crimes.

  • Identifying PEPs: Shufti Pro provides AML Screening services to help identify PEPs based on their selected ID attributes, such as name and date of birth.
  • Enhanced due diligence measures: Businesses must perform enhanced due diligence measures on PEPs, including:
    • Verifying identity
    • Conducting background checks
    • Monitoring transactions

Reliance on External Services

Gibraltar’s regulations allow businesses to seek third-party services for due diligence measures. However, it’s essential to ensure that these services are reputable and meet the necessary standards.

  • Using external services: When using external services, you must collect all necessary data (Diligence Information) without undue delay.
  • Liability: You remain liable for maintaining compliance and fulfilling AML/KYC obligations, even when using external services.

Record Retention

Record retention is a critical aspect of AML/KYC regulations in Gibraltar. Businesses are required to retain data for at least 5 years as part of their AML and KYC obligations.

  • Minimum retention period: The minimum retention period for records is 5 years.
  • Liability: If the information is processed, collected, or managed by a third-party, you’re liable to collect all necessary Due Diligence Data without undue delay.