< Back

COVID-19: AML/CFT systems of controls

19 May 20

We are all facing an unprecedented set of circumstances as a result of the COVID19 pandemic.

The prevention of financial crime continues to be one of the main objectives of the GFSC. Therefore our expectation is that firms continue to apply robust systems of controls to ensure that money laundering (ML) and terrorist financing (TF) risks are identified and mitigated.

All regulated entities are reminded of their obligations under the Proceeds of Crime Act and the GFSC’s AML/CFT Guidance Notes.

Whilst we recognise that the current situation may give rise to operational challenges, firms should not seek to relax controls to mitigate ML/TF risks simply because of these operational challenges. We also acknowledge, however, that firms may need to reconsider their priorities and approach, which could result in delays in their processes and procedures e.g. the review of transaction monitoring alerts.

If a firm needs to amend its controls in response to the current circumstances, decisions should be comprehensively considered, risk assessed, and documented. 

TF risks remain a high priority, therefore firms should not relax their controls to identify and mitigate these.

Regulated entities are reminded that they should notify the GFSC immediately if they encounter any difficulties in their compliance with AML/CFT requirements.

Due diligence requirements

Travel and other restrictions imposed by countries may increase the risk of due diligence compliance  of regulated entities. 

Whilst we expect firms to continue to comply with their due diligence obligations, firms may make use of the provisions already available for conducting due diligence remotely for clients not met face to face. 

For example, firms can already use a combination of the following (where appropriate): 

  • accept scanned documentation;
  • accept digital photos or videos;
  • seek third-party verification of identity to corroborate that provided by the client, e.g. from their lawyer or accountant;
  • place reliance on due diligence carried out by eligible introducers;
  • use digital identity solutions and/or commercial providers to identify customers;
  • gather and analyse additional data to triangulate the evidence provided by the client, such as geolocation, IP addresses, or verifiable phone numbers; and
  • seek additional verification once restrictions on movement are lifted for the relevant client group.

The examples provided do not represent a relaxation of requirements. The level of due diligence conducted needs to continue to be in line with the firm’s risk assessment and the client’s risk profile.

Ongoing Monitoring

We are aware that criminals are already taking advantage of the COVID19 pandemic, and therefore firms need to remain vigilant to new types of fraud, exploitation scams, and other types of financial crime.   Firms should enhance their systems of controls to respond to these new threats, and ensure that any suspicious activities continue to be reported to the Gibraltar Financial Intelligence Unit (GFIU).