Title: Iceland’s Financial Crimes Legislation: strengthening Anti-Money Laundering and Counter-Terrorist Financing Measures

Subtitle: New Regulations for Customer Due Diligence and Reporting Requirements

With the global focus on countering financial crimes such as money laundering and terrorist financing intensifying, the Icelandic Parliament has passed new legislations under Act No. 140/2018 to reinforce the existing regulatory framework for reporting requirements and customer due diligence measures.

Section I: Scope and Objectives

The legislation aims to ensure that various financial and non-financial entities comply with customer due diligence (CDD) requirements and report any suspected financial crimes to the competent authorities. Covered entities include:

• Financial undertakings
• Insurance companies
• Payment service providers
• Currency exchange services
• Exchanges between virtual currencies
• Accountants
• Lawyers
• Real estate agencies
• Art dealers
• Rent agents
• Senior managers in those institutions, among others.

The main objectives of the Act are:

1. Making parties engaged in specified activities aware of their customers’ identities and the nature of their transactions.
2. Obligating entities to report any knowledge or suspicion of financial crimes to the Icelandic Financial Supervisory Authority (FME) and/or the Directorate of Internal Revenue.

Section II: Risk Assessment and Mitigation

The National Commissioner of the Icelandic Police is tasked with conducting a biannual risk assessment, taking into account factors such as:

• International recommendations
• Information from public authorities
• Relevant sources

The assessment would serve several purposes including:

1. Improving and updating anti-money laundering (AML) and counter-terrorist financing (CTF) measures.
2. Identifying sectors with lower or higher risk of financial crimes.
3. Addressing the structure and framework of AML/CTF measures.
4. Allocating and prioritizing funding, equipment, and human resources.
5. Guiding supervisors in their risk-based supervision.
6. Sharing relevant information with obliged entities.
7. Making the risk assessment public, in whole or in part.

Regional, European, and international regulatory bodies, such as the European Commission, European supervisory authorities, EFTA Surveillance Authority, and competent authorities from other member states, are to receive copies of the risk assessment.

Section III: Customer Due Diligence and Identification

Entities under the Act are required to:

1. Demand proof of identity from natural persons using approved identification documents and ensure legal entities, trusts, or similar arrangements submit valid certificates containing their official registration number.
2. Acquire information about the beneficial owner and maintain up-to-date information about the customer and their transactions.
3. Assess the origin of funds used in transactions and take reasonable measures to verify relevant information.
4. Update customer information regularly and obtain further information when necessary.
5. Verify the identity of third parties when acting on their behalf.

Licensed acquirers must only approve anonymous prepaid cards issued outside Member States if they meet the AML/CTF requirements set out in the Act.

Conclusion

The Act strengthens Iceland’s regulatory framework against money laundering and terrorist financing by enforcing stricter customer due diligence measures and enhanced reporting requirements for various financial and non-financial entities.