QU OF NT AT A FE RU

BERMUDA

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

BR 77 / 2008

PART 1PRELIMINARY

Citation and commencement

1 These Regulations may be cited as the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing) Regulations 2008 and shall come into operation on such day as the Minister may appoint by notice published in the Gazette and the Minister may appoint different days for different provisions.

2. Interpretation

(1) In these Regulations—

“AML” means anti-money laundering;

“AML/ATF regulated financial institution” has the meaning given in section 42A(1) of the Proceeds of Crime Act 1997;

“ATF” means anti-terrorist financing;

“appointed stock exchange” means a stock exchange appointed by the Minister of Finance under section 2 (9) of the Companies Act 1981;

“banking institution” means a person carrying on deposit-taking business within the meaning of section 4 of the Banks and Deposit Companies Act 1999;

“beneficial owner” has the meaning given in regulation 3;

“Bermuda Gaming Commission” has the meaning given in section 6 of the Gaming Act 2014;

“betting” has the same meaning as in section 2(1) of the Gaming Act 2014;

“business relationship” means a business, professional or commercial relationship between a relevant person and a customer, which is expected by the relevant person when contact is first made between them to have an element of duration;

“casino” has the meaning given in section 2 of the Gaming Act 2014;

“casino operator” has the meaning given in section 2 of the Gaming Act 2014;

“chief executive” means a person who, either alone or jointly with one or more persons, is responsible under the immediate authority of the directors for the conduct of the business of a legal entity or legal arrangement;

“Compliance Officer” has the meaning given in regulation 18A;

“customer due diligence measures” has the meaning given by regulation 5;

“dealers in high value goods” shall have the same meaning as in section 2(1) of the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008;

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

“digital asset” and “digital asset business” have the meanings given in section 2(1) of the Digital Asset Business Act 2018;

“eGaming” has the same meaning as in section 2(1) of the Gaming Act 2014;

“financial group” has the meaning given in section 42A(1) of the Proceeds of Crime Act 1997;

“firm” means any entity, whether or not a legal person, that is not an individual and includes a body corporate and a partnership or other unincorporated association;

“independent professional” means a professional legal adviser or accountant being a firm or sole practitioner in independent practice who by way of business provides legal or accountancy services to other persons when participating in financial or real property transactions concerning—

(a) buying and selling real property;

(b) managing of client monies, securities and other assets;

(c) management of bank, savings or securities accounts;

(d) organisation of contributions for the creation, operation or management of companies;

(e) creation, operation or management of legal persons or arrangements, and buying and selling business entities and, for this purpose, a person participates in a transaction by assisting in the planning or execution of the transaction or otherwise acting for or on behalf of a client in the transaction;

“International Organisation” means an organisation—

(a) that is established by formal political agreement between its member countries, where such agreement has the status of international treaty;

(b) whose existence is recognised by law in its member countries; and

(c) that is not treated as a resident institutional unit of the country in which it is located;

“money laundering” has the meaning given in section 7(1) of the Proceeds of Crime Act 1997;

“occasional transaction” means—

(a) a transaction (carried out other than as part of a business relationship) amounting to $15,000 or more, whether the transaction is carried out in a single operation or several operations which appear to be linked;

(b) in the case of a dealer in high value goods who is registered with the Registrar, a transaction or series of linked transactions where a total

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

cash payment (in any currency) that is equivalent to BMD $7,500 is accepted;

(c) in the case of a casino operator, a transaction or series of linked transactions where a total cash payment is received from or distributed by the operator of a casino to a patron of a casino (in any currency) that is equivalent to—

(i) in the case of gaming, BMD$3,000; or

(ii) in the case of betting, BMD$1,000;

(d) in the case of a digital asset business, a transaction or series of linked transactions, where a transfer (in any form of currency or digital asset) equivalent to BMD $1,000 or more is made, and includes any transaction where no account is used to process the transaction; or

(e) in the case of a transfer of funds, any transfer where no account is used to process the transaction;

“patron” has the meaning given in section 2 of the Gaming Act 2014;

“patron account” has the same meaning as in section 2(1) of the Gaming Act 2014;

“professional accountant” has the meaning given in section 42A of the Proceeds of Crime Act 1997;

“professional legal adviser” has the meaning given in section 42A of the Proceeds of Crime Act 1997;

“real estate agent” means a person licensed under the Real Estate Brokers’ Licensing Act 2017 as an agent;

“real estate broker” means a person licensed under the Real Estate Brokers’ Licensing Act 2017 as a broker;

“Registrar” means the Registrar of Companies appointed under section 3 of the Companies Act 1981;

“relevant person” means the person to whom in accordance with regulation 4, these Regulations apply;

“Reporting Officer” means a person designated to carry out the functions set out in regulation 17;

“supervisory authority” means—

(a) the Bermuda Monetary Authority in relation to relevant persons that are AML/ATF regulated financial institutions;

(aa) the Registrar as a supervisory authority in relation to relevant persons that are dealers in high value goods;

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(ab) the Superintendent of Real Estate in relation to relevant persons that are real estate brokers and real estate agents;

(b) a professional body designated by the Minister under any enactment in relation to relevant persons regulated by it; or

(c) the Bermuda Gaming Commission, in relation to relevant persons that are casino operators;

“terrorist financing” means an offence under section 5, 6, 7 or 8 of the Anti- Terrorism (Financial and Other Measures) Act 2004;

(2) [Revoked by 2018 : 49 s. 4]

(3) For the purposes of these Regulations, a reference to a customer shall be construed as a reference to a patron in relation to a casino or casino operator. [Regulation 2 amended by 2008:49 s.39(4) effective 1 January 2009; Regulation 2(2) amended by

2012 : 35 s. 67 effective 1 January 2013; paragraph (1) definitions "Bermuda Casino Gaming Commission", "casino", "casino operator" and "patron" inserted, "supervisory authority" revoked and substituted and paragraph (3) inserted by 2015 : 35 s. 18 effective 6 November 2015; paragraph (1) definitions "AML", "ATF", "chief executive", "Compliance Officer", "International Organisation" and

"Reporting Officer" inserted and paragraph (2) amended by 2015 : 53 s. 27 effective 1 January 2016;

"dealers in high value goods" and "real estate agent" inserted and "supervisory authority" amended by

2016 : 45 s. 13 effective 5 August 2016; “occasional transaction” deleted and substituted by 2016 : 51 s. 3 effective 1 December 2016; *Regulation 2(2)(f) amended by 2016 : 36 by deleting “section 20AA of the Bermuda Monetary Authority Act 1969” and replacing with “section 2(2) of the Money Service Business Act 2016” as a result of an amendment that should have been included in Schedule 2 of the Money Service Business Act 2016 effective 31 January 2017; paragraph (2) "AML/ATF regulated financial institution" amended by 2017 : 10 s. 5 effective 24 March 2017; regulation 2 definitions “real estate agent” and “supervisory authority” amended and “real estate broker” inserted by 2017 : 28 s.

55 & Sch. 3 effective 2 October 2017; paragraph (1) amended and definitions "betting", "eGaming" and

"patron account" inserted by 2017 : 35 s. 8 effective 3 November 2017; regulation 2(2) paragraph (g) definition "AML/ATF regulated financial institution" amended by 2018 : 5 s. 12 effective 21 March 2018; regulation 2(1) definition "financial group" inserted by 2018 : 51 s. 4 effective 10 August 2018; regulation 2(1) definition "AML/ATF regulated financial institution" deleted and substituted, and paragraph (2) revoked by 2018 : 49 s. 4 effective 7 September 2018; regulation 2 paragraph (1) definitions "occasional transaction" and "supervisory authority" amended, and definition "Registrar" inserted by 2020 : 36 s. 9 effective 1 November 2020; regulation 2 paragraph (1) definitions "Bermuda Casino Gaming Commission", "betting", "casino", "casino operator", "e-Gaming", "patron", "patron account" and "supervisory authority" amended by 2021 : 23 s. 54 effective 1 August 2021; Regulation

2 paragraph (1) definitions "digital asset" and "digital asset business" inserted, and definition

"occasional transaction" amended by 2022 : 2 s. 3(2) effective 27 February 2022]

3. Meaning of beneficial owner

(1) In the case of a body corporate, “beneficial owner” means any individual who—

(a) as respects any body other than a company whose securities are listed on an appointed stock exchange, ultimately owns or controls (whether through direct or indirect ownership or control, including through bearer share holdings) 25% or more of the shares or voting rights in the body; or

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(b) as respects any body corporate, otherwise exercises control over the management of the body.

(2) In the case of a partnership, “beneficial owner” means any individual who—

(a) ultimately is entitled to or controls (whether the entitlement or control is direct or indirect) more than a 25% share of the capital or profits of the partnership or 25% or more of the voting rights in the partnership; or

(b) otherwise exercises control over the management of the partnership.

(3) In the case of a trust, “beneficial owner” means—

(a) any individual who is entitled to a specified interest in the trust property;

(b) as respects any trust other than one which is set up or operates entirely for the benefit of individuals falling within sub-paragraph (a), the class of persons in whose main interest the trust is set up or operates;

(c) any individual who has control over the trust;

(d) the settlor of the trust.

(4) In paragraph (3)—

“specified interest” means a vested interest which is—

(a) in possession or in remainder or reversion; and

(b) defeasible or indefeasible;

“control” means a power (whether exercisable alone, jointly with another person or with the consent of another person) under the trust instrument or by law to—

(a) dispose of, advance, lend, invest, pay or apply trust property;

(b) vary the trust;

(c) add or remove a person as a beneficiary or to or from a class of beneficiaries;

(d) appoint or remove trustees;

(e) direct, withhold consent to or veto the exercise of a power such as is mentioned in subparagraph (a), (b), (c) or (d).

(5) For the purposes of paragraph (3)—

(a) where an individual is the beneficial owner of a body corporate which is entitled to a specified interest in the trust property or which has control over the trust, the individual is to be regarded as entitled to the interest or having control over the trust; and

(b) an individual does not have control solely as a result of—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(i) his consent being required in accordance with section 24(1) (c) of the Trustee Act 1975 (power of advancement); or

(ii) the power exercisable collectively at common law to vary or extinguish a trust where the beneficiaries under the trust are of full age and capacity and (taken together) absolutely entitled to the property subject to the trust.

(6) In the case of a legal entity or legal arrangement which does not fall within paragraph (1), (2) or (3), “beneficial owner” means—

(a) where the individuals who benefit from the entity or arrangement have been determined, any individual who benefits from at least 25% of the property of the entity or arrangement;

(b) where the individuals who benefit from the entity or arrangement have yet to be determined, the class of persons in whose main interest the entity or arrangement is set up or operates;

(c) any individual who exercises control over at least 25% of the property of the entity or arrangement.

(7) For the purposes of paragraph (6), where an individual is the beneficial owner of a body corporate which benefits from or exercises control over the property of the entity or arrangement, the individual is to be regarded as benefiting from or exercising control over the property of the entity or arrangement.

(8) In the case of an estate of a deceased person in the course of administration,

“beneficial owner” means the executor, original or by representation, or administrator for the time being of a deceased person.

(9) In any other case, “beneficial owner” means the individual who ultimately owns or controls the customer or on whose behalf a transaction is being conducted.

(10) In this regulation—

“arrangement”, “entity” and “trust” means an arrangement, entity or trust which administers and distributes funds or digital assets.

(11) In the application of this regulation to an AML/ATF regulated financial institution falling within regulation 2(2)(i) (person carrying on corporate service provider business), in each place where “25%” occurs in paragraph (1)(a), (2)(a), (3)(a), (6)(a) and

(c), it shall be read as a reference to 10%. [Regulation 3 paragraph (11) inserted by BR 16 / 2013 reg. 2 effective 28 March 2013; paragraph (3) amended by 2015 : 53 s. 28 effective 1 January 2016; Regulation 3 amended by 2018 : 5 s. 5 effective

21 March 2018; Regulation 3 paragraph (10) amended by 2022 : 2 s. 3(3) effective 27 February 2022; Regulation 3 amended by BR 100 / 2025 para. 14 effective 3 November 2025]

Application of Regulations

4 These Regulations apply to the following persons acting in the course of business carried on by them in or from Bermuda—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(a) AML/ATF regulated financial institutions;

(b) independent professionals;

(c) casino operators;

(d) dealers in high value goods, who are registered with the Registrar;

(e) real estate brokers and real estate agents;

(f) as required by regulation 12A, members of financial groups. [Regulation 4 amended by 2008:49 s.39(5) effective 1 January 2009; Regulation 4(b) effective 15 August 2012 by BR 63/ 2012; paragraph (c) inserted by 2015 : 35 s. 18 effective 6 November 2015; paragraph (e) inserted by 2016 : 45 s. 14 effective 1 September 2016; paragraph (d) inserted by 2016 :

45 s. 14 effective 1 December 2016; paragraph (d) amended by 2016 : 51 s. 2 effective 1 December 2016; regulation 4(e) amended by 2017 : 28 s. 55 & Sch. 3 effective 2 October 2017; regulation 4 amended by 2018 : 51 s. 4 effective 10 August 2018; regulation 4 amended by 2020 : 36 s. 9 effective

1 November 2020]

PART 2CUSTOMER DUE DILIGENCE

Meaning of customer due diligence measures

5 “customer due diligence measures” means—

(a) identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source;

(b) identifying, where there is a beneficial owner who is not the customer, the beneficial owner and taking adequate measures, on a risk-sensitive basis, to verify his identity so that the relevant person is satisfied that he knows who the beneficial owner is, including, in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership and control structure of the person, trust or arrangement;

(c) in the case of a legal entity or legal arrangement, identifying the name and verifying the identity of the relevant natural person having the position of chief executive or a person of equivalent or similar position;

(d) in the case of a legal entity, identifying and verifying the identity of a natural person (either customer, beneficial owner, person of control or ownership) by some means and, where no natural person has been identified, identifying a relevant natural person holding the position of—

(i) a chief executive; or

(ii) a person of equivalent or similar position to the official under subparagraph (i);

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(e) obtaining information on and taking steps to understand the purpose and intended nature of the business relationship, and the nature of the customer’s business; and

(f) in the case of a person purporting to act on behalf of a customer, verifying that the person is in fact so authorised and identifying and verifying the identity of that person. [Regulation 5 paragraph (c) deleted and substituted and paragraphs (d) and (e) inserted by 2015 : 53 s. 29 effective 1 January 2016; Regulation 5(f) inserted by 2017 : 35 s. 8 effective 3 November 2017; Regulation 5 paragraph (e) revoked and substituted by 2018 : 50 s. 9 effective 10 August 2018]

6. Application of customer due diligence measures

(1) Subject to regulations 7, 10, 11, 13(4) and 14, a relevant person must apply customer due diligence measures when he—

(a) establishes a business relationship;

(b) carries out an occasional transaction;

(c) suspects money laundering or terrorist financing; or

(d) doubts the veracity or adequacy of documents, data or information previously obtained for the purpose of identification or verification.

(1A) Subject to paragraph (1), in the case of a trust or life insurance policy, a relevant person shall apply customer due diligence measures on a beneficiary as soon as the beneficiary is designated—

(a) for a beneficiary that is identified as a specifically named natural person, legal entity or legal arrangement, taking the name of the person, entity or arrangement;

(b) for a beneficiary that is designated by characteristics or by class, obtaining sufficient information concerning the beneficiary to satisfy the relevant person that it will be able to establish the identity of the beneficiary at the time of payout.

(1B) The customer due diligence legal requirements for legal persons or legal arrangements shall include—

(a) full name and trade name;

(b) date and place of incorporation, registration or establishment;

(c) registered office address and, if different, mailing address;

(d) address of the principal place of business;

(e) whether and where listed on a stockexchange;

(f) official identification number (where applicable);

(g) name of regulator (where applicable);

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(h) legal form, nature and purpose (e.g. discretionary, testamentary, bare);

(i) control and ownership;

(j) nature of business; and

(k) an obligation to collect information about the legal powers that regulate and bind a legal person or legal arrangement.

(2) A relevant person must apply customer due diligence measures at appropriate times to existing customers on a risk-sensitive basis.

(3) A relevant person must—

(a) determine the extent of customer due diligence measures on a risk- sensitive basis depending on the type of customer, business relationship, geographic areas, services, delivery channels, product or transaction; and

(b) be able to demonstrate to its supervisory authority that the extent of customer due diligence measures is appropriate in view of the risks of money laundering and terrorist financing.

(3A) Where a relevant person is required to apply customer due diligence measures in the case of a trust or life insurance policy, the relevant person must include the beneficiary as a risk factor in determining the extent of customer due diligence measures required in accordance with paragraph (3).

(4) Where—

(a) a relevant person is required to apply customer due diligence measures in the case of a trust, legal entity (other than a body corporate) or a legal arrangement (other than a trust); and

(b) the class of persons in whose main interest the trust, entity or arrangement is set up or operates is identified as a beneficial owner, the relevant person is not required to identify all the members of the class.

(5) Where a relevant person suspects that a transaction relates to money laundering or terrorist financing and he believes that performing customer due diligence measures may tip-off the customer or potential customer to that suspicion, he shall not perform the customer due diligence measures.

(6) Where a relevant person is unable to perform customer due diligence in accordance with paragraph (5) he shall, in lieu, file the necessary disclosure with the FIA.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(7) For the purpose of paragraph (1A), “beneficiary” means the person named as beneficiary in a life insurance policy or a trust instrument. [Regulation 6 paragraph (1A) inserted, paragraph (3)(a) amended and paragraphs (5) - (7) inserted by

2015 : 53 s. 30 effective 1 January 2016; Regulation 6 paragraph (1B) inserted and paragraph (5) amended by 2017 : 35 s. 8 effective 3 November 2017; Regulation 6 paragraph (1B) amended by

2018 : 5 s. 5 effective 21 March 2018; Regulation 6 paragraph (1A) inserted, paragraph (3)(a) amended and paragraphs (5) - (7) inserted by 2015 : 53 s. 30 effective 1 January 2016; Regulation 6 paragraph

(1B) inserted and paragraph (5) amended by 2017 : 35 s. 8 effective 3 November 2017; Regulation 6 paragraph (1B) amended by 2018 : 5 s. 5 effective 21 March 2018; Regulation 6 paragraph (3A) inserted by 2018 : 51 s. 4 effective 10 August 2018]

7. Ongoing monitoring

(1) A relevant person must conduct ongoing monitoring of a business relationship.

(2) “Ongoing monitoring” of a business relationship means─

(a) an investigation of transactions undertaken throughout the course of the relationship (including, where necessary, the source of funds or digital assets) to ensure that the transactions are consistent with the relevant person’s knowledge of the customer, his business and risk profile;

(b) an investigation into the background and purpose of all complex, unusually large transactions, or unusual patters of transactions which have no apparent economic or lawful purpose and record the findings in writing; and

(c) so far as practicable keeping the documents, data, and information obtained (including the findings of paragraph (b) of this paragraph), for the purpose of applying customer due diligence measures up-to-date.

(3) Regulation 6(3) applies to the duty to conduct ongoing monitoring under paragraph (1) as it applies to customer due diligence measures. [Regulation 7 amended by 2013 : 30 s.19 effective 8 November 2013; paragraph (2) deleted and substituted by BR 61 / 2014 reg. 2 effective 30 July 2014; Regulation 7 paragraph (2)(a) amended by

2022 : 2 s. 3(4) effective 27 February 2022]

8. Timing of verification

(1) This regulation applies in respect of the duty under regulations 6(1)(a) and (b) and regulation 6(1A) to apply the customer due diligence measures referred to in regulation 5.

(2) Subject to paragraphs (3) to (5), a relevant person must verify the identity of the customer (and any beneficial owner) before the establishment of a business relationship or the carrying out of an occasional transaction.

(3) Such verification may be completed during the establishment of a business relationship or after the establishment of a business relationship or an account has been opened as provided under paragraphs (4) and (5) if—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(a) this is necessary not to interrupt the normal conduct of business; and

(b) there is little risk of money laundering or terrorist financing occurring, provided that the verification is completed as soon as practicable after contact is first established; and

(c) any money laundering or terrorist financing risks that may arise are effectively managed.

(4) The verification of the identity of the beneficiary under a life insurance policy or a trust may, subject to paragraph (3), take place after the business relationship has been established provided that it takes place at or before the time of payout or at or before the time the beneficiary exercises a right vested under the policy or trust.

(5) The verification of the identity of an account holder may, subject to paragraph

(3), take place after the account has been opened provided that there are adequate safeguards in place to ensure that—

(a) the account is not closed; and

(b) transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder), before verification has been completed. [Regulation 8 paragraphs (1), (3) and (4) amended by 2015 : 53 s. 31 effective 1 January 2016; Regulation 8 amended by 2018 : 50 s. 10 effective 10 August 2018]

8A. Casinos: timing of verification of identity of patrons

(1) This regulation applies in respect of the duty under regulation 6(1)(a) and (b) to apply the customer due diligence measures referred to in regulation 5(a) and (b).

(2) A casino operator shall establish and verify the identity of—

(a) all patrons to whom the casino operator makes facilities for, eGaming is available; and

(b) all patrons who, in the course of any period of 24 hours—

(i) purchase from, or exchange with, the casino operator, chips with a total value of $3,000 or more; or

(ii) pay the casino operator $3,000 or more for the use of gaming machines.

(3) [Revoked by 2017 : 35 s. 8]

(4) In this regulation—

“casino premises” has the meaning given in section 2 of the Gaming Act 2014;

“gaming machine” has the meaning given in section 2 of the Gaming Act 2014. [Regulation 8A inserted by 2015 : 35 s. 18 effective 6 November 2015; Regulation 8A amended by

2017 : 35 s. 8 effective 3 November 2017; Regulation 8A amended by 2021 : 23 s. 54 effective 1 August 2021]

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

8B. Casinos: patron accounts

(1) A casino operator shall not open or maintain any anonymous patron account or any patron account in the name of a person other than the patron (whether such name is of a person living or dead or of a fictitious person).

(1A) A patron account may only be opened by and in the name of a natural person.

(2) A casino operator shall establish and verify using reliable and independent sources the identity of each patron who opens a patron account with the casino operator, in accordance with this regulation and its system of internal controls.

(3) Paragraphs (4), (5) and (6) apply in respect of the duty under regulation 6(1)

(a) and (b) to apply the customer due diligence measures referred to in regulation 5(a) and

(b).

(4) Before opening a patron account, a special employee authorised by the casino operator to do so, shall obtain and record, at the minimum, all of the following information─

(a) the patron’s identifying information and signature;

(b) the date the patron account is opened;

(c) the amount of the initial deposit into the patron account (including the type of foreign currency and conversion rate, if applicable);

(d) the type and purpose of the patron account;

(e) the name and signature of the special employee who approved the opening of the patron account.

(5) A casino operator shall not permit any person other than the patron to deposit funds into his patron account and shall verify the identity of any person making such a deposit to ensure compliance with this paragraph.

(6) [Revoked by 2017 : 35 s. 8]

(7) The casino operator shall, in addition, keep the following records in respect of every deposit referred to in paragraph (5)—

(a) the date of the deposit;

(b) the amount of the deposit;

(c) the details of the patron account into which the deposit was made;

(d) the identifying information of the patron;

(e) the type of instrument by which the deposit is made, or whether the deposit is made in cash or chips;

(f) the name of the issuer of the instrument, if any;

(g) all reference numbers (including the number of any cheque, bank draft, money order or other instrument); and

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(h) the name and special employee licence number of the authorised employee who carried out the transaction. [Regulation 8B inserted by 2015 : 35 s. 18 effective 6 November 2015; Regulation 8B amended by

2017 : 35 s. 8 effective 3 November 2017]

8C. Casinos: prohibited transactions

(1) For the purpose of preventing any transaction which may be connected with or may facilitate money laundering, the financing of terrorism or the financing of proliferation of weapons of mass destruction, the following transactions shall be prohibited—

(a) any transaction by a casino operator with a patron involving the conversion of money from one form to another without being used for gaming, including—

(i) the receipt of cash for transmittal of all or part of that sum through telegraphic transfer for or on behalf of a patron;

(ii) cash payments made to or on behalf of a patron of funds received through electronic transfers;

(iii) the cashing of cheques or other negotiable instruments;

(iv) the offer of foreign currency exchange services; and

(v) the exchange of small denomination notes for larger denominations including, to the greatest extent possible, preventing self-service kiosks being used for such a purpose.

(b) any receipt or payment by a casino operator of funds from or to an account otherwise than in the name of the patron;

(ba) any issuance of a receipt of a cheque or other negotiable instrument other than in the name of the patron;

(c) any transaction, including the opening of a patron account, which the casino operator has reasonable grounds to suspect—

(i) is for the purpose of dealing in the proceeds of any relevant offence;

(ii) is a cash transaction that uses the proceeds of any relevant offence; or

(iii) involves the custody or control of any funds or other assets that are the proceeds of any relevant offence;

(d) the placing of a bet, whether by way of gaming, eGaming or betting, on behalf of a third party;

(e) the placing of a bet, whether by way of gaming, eGaming or betting, by a patron where that patron has failed within a reasonable time to provide proof of identity;

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(f) the placing of a bet or a series of bets with the bookmaker in cash in a sum greater than $1,000;

(g) the structuring of transactions in order to avoid any of the requirements or prohibitions set out in these Regulations;

(h) the use of cash in any game in which the operator does not have a stake in the outcome of the game;

(i) the use of safety deposit facilities or credit facilities by any patron who does not have a valid patron account;

(j) the acceptance by a slot machine or kiosk of more than one currency in any single transaction;

(k) the payment by a slot machine or kiosk in a currency other than the single currency used during the transaction;

(l) the exchange of casino chips for currency other than Bermuda dollars, unless the patron provides a valid passport and proof of residential address satisfactory to the casino operator to establish that the patron is resident in a jurisdiction other than Bermuda.

(2) In this regulation, “relevant offence” has the meaning given in section 3 of the Proceeds of Crime Act 1997.

(3) Paragraphs (1)(b) and (1)(ba) shall not apply where the Commission has provided a written waiver of the prohibition in accordance with approved casino marketing agent agreements. [Regulation 8C inserted by 2015 : 35 s. 18 effective 6 November 2015; Regulation 8C amended by

2017 : 35 s. 8 effective 3 November 2017]

9. Requirement to cease transactions, etc.

(1) Where in relation to any customer, a relevant person is unable to apply customer due diligence measures in accordance with the provisions of these Regulations he—

(a) shall not open an account or carry out a transaction for the customer;

(b) shall not establish a business relationship or carry out an occasional transaction with the customer;

(c) shall terminate any existing business relationship with the customer; and

(ca) in the case of a patron in a casino, shall not permit that patron to place any bet, or to undertake any further transactions of any nature, until such time as he has been able to apply the customer due diligence measures;

(d) shall consider whether he is required to make a disclosure by section 46(2) of the Proceeds of Crime Act 1997 or paragraph 1 of Part I of

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

Schedule — I of the Anti-Terrorism (Financial and Other Measures) Act

2004.

(2) Paragraph (1) does not apply where a professional legal adviser is in the course of ascertaining the legal position for his client or performing his task of defending or representing that client in, or concerning, legal proceedings, including advice on instituting or avoiding proceedings. [Regulation 9 paragraph (1)(ca) inserted by 2017 : 35 s. 8 effective 3 November 2017; Regulation 9 paragraph (1)(a) revoked and replaced by 2018 : 5 s. 5 effective 21 March 2018]

10. Simplified due diligence

(1) Subject to paragraph (1A), a relevant person is not required to apply the full customer due diligence measures referred to in regulation 5 in the circumstances mentioned in regulation 6(1)(a) or (b), or regulation 6(1A) where he has reasonable grounds for believing that the customer, product or transaction related to such product, falls within paragraph (2), (3), (4), (5), (6) or (7).

(1A) Paragraph (1) applies only if—

(a) after assessing the risk, the relevant person has reasonable grounds for believing that there is a low risk of money laundering and of terrorist financing; and

(b) the relevant person has no suspicion of money laundering or of terrorist financing, and the relevant person shall record its assessment.

(2) The customer is—

(a) an AML/ATF regulated financial institution which is subject to the requirements of these Regulations; or

(b) an AML/ATF regulated financial institution (or equivalent institution) which—

(i) is situated in a country or territory other than Bermuda which imposes requirements equivalent to those laid down in these Regulations;

(ii) has effectively implemented those requirements; and

(iii) is supervised for compliance with those requirements.

(3) The customer is a company whose securities are listed on an appointed stock exchange.

(4) The customer is an independent professional (or similar professional) and the product is an account into which monies are pooled, provided that—

(a) where the pooled account is held in a country or territory other than Bermuda—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(i) that country or territory imposes requirements to combat money laundering and terrorist financing which are equivalent to those laid down in these Regulations;

(ii) the independent professional has effectively implemented those requirements; and

(iii) the independent professional is supervised in that country or territory for compliance with those requirements; and

(b) information on the identity of the persons on whose behalf monies are held in the pooled account is available, on request, to the institution which acts as a custodian for the account.

(5) The customer is a public authority in Bermuda.

(6) The product is—

(a) a life insurance contract where the annual premium is no more than $1,000 or where a single premium of no more than $2,500 is paid for a single policy;

(b) an insurance contract for the purpose of a pension scheme where the contract contains no surrender clause and cannot be used as collateral; or

(c) a pension, superannuation or similar scheme which provides retirement benefits to employees, where contributions are made by an employer or by way of deduction from an employee’s wages and the scheme rules do not permit the assignment of a member’s interest under the scheme.

(7) The product and any transaction related to such product fulfils all the conditions set out in paragraph 1 of the Schedule. [Regulation 10 amended by 2008:49 s.39(6) effective 1 January 2009; paragraphs (1), (2)(b) and (4)(a) amended by 2015 : 53 s. 32 effective 1 January 2016; Regulation 10 paragraph (1) amended, and paragraph (1A) inserted by 2018 : 51 s. 4 effective 10 August 2018]

11. Enhanced due diligence

(1) A relevant person must apply on a risk-sensitive basis enhanced customer due diligence measures to business relationships with customers—

(a) in accordance with paragraphs (2) to (4);

(aa) in instances where a person or a transaction is from or in a country that has been identified as having a higher risk by the Financial Action Task Force or the Caribbean Financial Action Task Force;

(ab) in instances where a person or a transaction is from or in a country which represents a higher risk of money laundering, corruption, terrorist financing or being subject to international sanctions;

(b) in any other situation which by its nature may present a higher risk of money laundering or terrorist financing.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(2) Where the customer has not been physically present for identification purposes, a relevant person must take specific and adequate measures to compensate for the higher risk, for example by applying one or more of the following measures—

(a) ensuring that the customer’s identity is established by additional documents, data or information;

(b) supplementary measures to verify or certify the documents supplied, or requiring confirmatory certification by an AML/ATF regulated financial institution (or equivalent institution) which is subject to equivalent Regulations;

(c) ensuring that the first payment is carried out through an account opened in the customer’s name with a banking institution.

(3) An AML/ATF regulated financial institution (the “correspondent”) which has or proposes to have a correspondent relationship with a respondent institution (the

“respondent”) must—

(a) gather sufficient information about the respondent to understand fully the nature of its business;

(b) determine from publicly-available information the reputation of the respondent and the quality of its supervision;

(c) assess the respondent’s controls relating to anti-money laundering control and anti-terrorism financing controls;

(d) obtain approval from senior management before establishing a new correspondent relationship;

(e) document the respective responsibilities of the respondent and correspondent;

(f) be satisfied that, in respect of those of the respondent’s customers who have direct access to accounts of the correspondent, the respondent—

(i) has verified the identity of, and performs ongoing due diligence on, such customers; and

(ii) is able upon request to provide relevant customer due diligence data to the correspondent.

(3A) Where a casino operator knows or has reason to suspect that the patron—

(a) has fiduciary obligations that may create a risk of the misappropriation of funds;

(b) is associated with individuals or entities known to be connected to the illicit generation of funds or the laundering of such funds;

(c) has sources of wealth or income incommensurate with his gaming activity;

(d) has been bankrupt; or

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(e) has a prior history of criminal or dishonest conduct, the casino operator must apply on a risk-sensitive basis enhanced customer due diligence measures as set out in paragraph (3B). (3AA) For the purposes of regulation 11(3), a “correspondent relationship” shall mean a business arrangement between two institutions, wherein one entity (the correspondent) provides financial or similar services to or facilitates such transactions on behalf of the other entity (the respondent) that allows the respondent to access financial markets, payment systems, or services that it cannot directly provide or access on its own.

(3B) Enhanced customer due diligence required under paragraph (3A) must compensate for the higher risk posed on a case by case basis, and such measures may include, but not be limited to, one or more of the following—

(a) assessing whether the patron is the beneficial owner of all funds proposed for use in gaming;

(b) establishing the source of funds proposed for use in gaming;

(c) ensuring that the patron has no prior history associated with AML/ATF offences;

(d) increasing the frequency of the monitoring of the patron’s gaming activity.

(4) Subject to paragraph (6B), a relevant person who proposes and continues to have a business relationship or carry out an occasional transaction with a politically exposed person must—

(a) have approval from senior management for establishing and continuing a business relationship with that person;

(b) take adequate measures to establish the source of wealth and source of funds or digital assets which are involved in the business relationship or occasional transaction;

(c) conduct enhanced ongoing monitoring of the business relationship; and

(d) inform senior management of a pending payout to a politically exposed person of a long-term insurance or other investment-related insurance policy, before proceeding to pay out the policy.

(5) In paragraph (4), “a politically exposed person” means a person to whom paragraphs (6) and (6A) applies.

(6) This paragraph applies to a person who is in or from any country or territory outside Bermuda—

(a) an individual who is or has, at any time in the preceding year, been entrusted with prominent public functions or a prominent function by an international organisation;

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(b) a person who falls in any of the categories listed in paragraph 2(1)(a) of the Schedule;

(c) an immediate family member of a person referred to in sub-paragraph (a) including a person who falls in any of the categories listed in paragraph 2(1)(d) of the Schedule; or

(d) a known close associate of a person referred to in sub-paragraph (a) including a person who falls in either of the categories listed in paragraph 2(1)(e) of the Schedule.

(6A) This paragraph applies to any of the following persons who are in or from Bermuda—

(a) an individual who is or has, at any time in the preceding year, been entrusted with prominent public functions or a prominent function by an international organisation;

(b) a person who falls into any of the categories listed in paragraph 2(3)(a) of the Schedule;

(c) an immediate family member of a person referred to in subparagraph (a), including a person who falls into any of the categories listed in paragraph 2(3)(d) of the Schedule; or

(d) a known close associate of a person referred to in subparagraph (a), including a person who falls into either of the categories listed in paragraph 2(3)(e) of the Schedule.

(6B) In relation to a person described in paragraph (6A), where a relevant person determines that the business relationship or occasional transaction with that person is a higher risk, then the relevant person must carry out the enhanced due diligence measures set out in paragraph (4).

(7) For the purpose of deciding whether a person is a known close associate of a person referred to in paragraph (6) (a), a relevant person need only have regard to information which is in his possession or is publicly known. [Regulation 11 headnote and paragraph (1) amended by 2013 : 30 s. 20 effective 8 November 2013; paragraphs (1), (4), (5) and (6) amended and paragraphs (6A) and (6B) inserted by 2015 : 53 s. 33 effective 1 January 2016; Regulation 11 amended by 2017 : 35 effective 3 November 2017; Regulation

11 amended by 2018 : 5 s. 5 effective 21 March 2018; Regulation 11 paragraph (3) amended by 2018 :

51 s. 4 effective 10 August 2018; Regulation 11 paragraph (1) amended by 2018 : 49 s. 4 effective 7 September 2018; Regulation 11 paragraph (4) amended by 2022 : 2 s. 3(5) effective 27 February 2022; Regulation 11 amended by 2025 : 20 s. 4 effective 20 October 2025]

12. Branches and subsidiaries

(1) A relevant person must require its branches and subsidiary undertakings which are located in a country or territory other than Bermuda—

(a) to adopt group-wide policies and procedures that—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(i) facilitate the sharing of customer due diligence and transaction information; and

(ii) ensure adequate safeguards on the confidentiality and use of information exchanged, in order to manage the risk of money laundering and terrorist financing through the application of AML/ATF compliance functions; and

(b) to apply, to the extent permitted by the law of that country or territory, measures at least equivalent to those set out in these Regulations with regard to customer due diligence measures, ongoing monitoring and record-keeping.

(2) Where the law of such a country or territory does not permit the application of such equivalent measures by the branch or subsidiary undertaking located in that country or territory, the relevant person shall—

(a) inform the Bermuda Monetary Authority accordingly; and

(b) take additional measures to handle effectively the risk of money laundering and terrorist financing.

(3) In this regulation “subsidiary undertaking” except in relation to an incorporated friendly society, has the meaning given by section 86 of the Companies Act (‘parent and subsidiary undertakings’) and, in relation to a body corporate in or formed under the law of a country or territory other than Bermuda, includes an undertaking which is a subsidiary undertaking within the meaning of any rule of law in force in that country or territory.

(4) For the avoidance of doubt, the provisions of this regulation apply to branches and subsidiaries located inside and outside of Bermuda. [Regulation 12 amended by 2008:49 s.39(6) effective 1 January 2009; paragraph (1) amended by

2015 : 53 s. 34 effective 1 January 2016; Regulation 12 amended by 2017 : 35 s. 8 effective 3 November 2017]

Financial groups

12A A financial group shall implement group-wide policies and procedures against money laundering and terrorist financing which are applicable and appropriate to all members of the financial group, and these policies and procedures shall include—

(a) procedures and requirements set out in Part 2 (Customer Due Diligence),

PART 3(Record-keeping, Systems, Training etc.) and Part 4 (Transfer of

Funds), as applicable, of these Regulations;

(b) policies and procedures for sharing information required for the purposes of customer due diligence and money laundering and terrorist financing risk management, including information on transactions which appear unusual and have generated a suspicious transaction report;

(c) the provision at group level of compliance, audit and anti-money laundering and anti-terrorist financing functions, of customer,

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

transaction and account information from branches and subsidiaries when necessary for anti-money laundering or anti-terrorist financing purposes; and

(d) adequate safeguards on the confidentiality and use of information exchanged. [Regulation 12A inserted by 2018 : 51 s. 4 effective 10 August 2018; Regulation 12A paragraph (a) amended by 2022 : 2 s. 3(6) effective 27 February 2022]

13. Shell banks, anonymous accounts etc.

(1) An AML/ATF regulated financial institution shall not enter into, or continue, a correspondent banking relationship with a shell bank.

(2) An AML/ATF regulated financial institution must take appropriate measures to ensure that it does not enter into, or continue, a correspondent banking relationship with a bank which is known to permit its accounts to be used by a shell bank.

(3) An AML/ATF regulated financial institution must not set up an anonymous account, an anonymous pass book or an account obviously in a fictitious name for any new or existing customer.

(4) As soon as possible after the commencement of these Regulations all AML/ATF regulated financial institutions must apply customer due diligence measures to, and conduct ongoing monitoring of, all anonymous accounts and passbooks in existence on that date and in any event before such accounts or passbooks are used in any way.

(5) A “shell bank” means a banking institution, or an institution engaged in equivalent activities, incorporated in a jurisdiction in which it has no physical presence involving meaningful decision making and management, and which is unaffiliated with a regulated financial group. [Regulation 13 amended by 2008:49 s.39(6) effective 1 January 2009; Regulation 13 paragraph (3) amended by 2018 : 5 s. 5 effective 21 March 2018; Regulation 13 paragraphs (1) and (2) amended by

2025 : 20 s. 4 effective 20 October 2025]

14. Reliance on third parties

(1) A relevant person may rely on a person who falls within paragraph (2) [or who the relevant person has reasonable grounds to believe falls within paragraph (2)] to apply any customer due diligence measures provided that—

(a) the other person consents to being relied on; and

(b) notwithstanding the relevant person’s reliance on the other person, the relevant person—

(i) must immediately obtain information sufficient to identify customers;

(ii) must satisfy itself that reliance is appropriate given the level of risk for the jurisdiction in which the party to be relied upon is usually resident; and

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(iii) will remain liable for any failure to apply such measures.

(1A) A real estate broker licensed under the Real Estate Brokers’ Licensing Act

2017 may rely on the customer due diligence measures undertaken by another real estate broker licensed in Bermuda under that Act, if the relevant conditions set forth in paragraph (1)(a) and (b) are complied with.

(2) The persons are—

(a) an AML/ATF regulated financial institution;

(b) a relevant person who is—

(i) an independent professional; and

(ii) supervised for the purposes of these Regulations by a designated professional body in accordance with section 4 of the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008;

(c) a person who carries on business in a country or territory other than Bermuda who is—

(i) an institution that carries on business corresponding to the business of AML/ATF regulated financial institution or independent professional;

(ii) in the case of an independent professional, subject to mandatory professional registration recognised by law;

(iii) subject to requirements equivalent to those laid down in these Regulations; and

(iv) supervised for compliance with requirements equivalent to supervision by his supervisory authority.

(3) Nothing in this regulation prevents a relevant person applying customer due diligence measures by means of an outsourcing service provider or agent provided that the relevant person remains liable for any failure to apply such measures. [Regulation 14 paragraph (1)(b) deleted and substituted by 2013 : 30 s. 21 effective 8 November 2013; amended by 2014 : 8 s. 16 effective 11 April 2014; paragraph (1) amended by 2015 : 53 s. 35 effective

1 January 2016; paragraph (2)(b)(ii) revoked and substituted by 2017 : 35 s. 8 effective 3 November 2017; paragraph (1A) inserted by 2018 : 50 s. 11 effective 10 August 2018]

14A. Outsourcing

(1) Where a relevant person delegates its AML/ATF compliance function to another entity (outsourcing), the relevant person shall retain ultimate responsibility for the AML/ATF compliance function.

(2) In this regulation, ultimate responsibility includes the obligation to—

(a) ensure that the provider of the outsourced AML/ATF compliance function has in place—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(i) AML/ATF systems;

(ii) AML/ATF controls; and

(iii) AML/ATF procedures, that are in compliance with the Bermuda AML/ATF requirements;

(b) consider the effect that outsourcing compliance functions has on the money laundering and terrorist financing risk;

(c) assess the money laundering and terrorist financing risk associated with outsourced functions and record its assessment; and

(d) monitor any perceived risk on an ongoing basis and, where the compliance functions (Compliance Officer or Reporting Officer) are involved to—

(i) ensure that the roles, responsibilities and respective duties are clearly defined and documented; and

(ii) ensure that the Compliance Officer or Reporting Officer and all employees understand the roles, responsibilities and the respective duties of all parties.

(3) Where a relevant person delegates its compliance function to another entity (outsourcing), the relevant person shall adopt policies and procedures to monitor and manage the service provider carrying out those compliance functions.

(4) In this regulation, “outsourcing” and “outsourced” means—

(a) AML/ATF systems;

(b) AML/ATF controls; and

(c) AML/ATF procedures, obtained outside of a relevant person.

[Regulation 14A inserted by 2015 : 53 s. 36 effective 1 January 2016]

PART 3RECORD-KEEPING, SYSTEMS, TRAINING ETC.

15. Record-keeping

(1) A relevant person must keep the records specified in paragraph (2) for at least the period specified in paragraph (3).

(2) In respect of a business relationship or an occasional transaction, the records are—

(a) a copy of, or the references to the evidence of the customer’s identity obtained pursuant to regulation 6, 8B(7), 11, 13(4), or 14, together with

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

account files, business correspondence and the results of any analysis undertaken in relation to that customer; and

(b) the supporting evidence and records of transactions (consisting of the original documents or copies admissible in court proceedings), provided that such records must be sufficient to permit the reconstruction of individual transactions.

(3) In this regulation, the period is—

(a) in the case of records in paragraph 2(a), for the duration of the business relationship and five years beginning on the date on which the business relationship ends or five years beginning on the date the occasional transaction is completed;

(b) in the case of records in paragraph 2(b), five years beginning on the date the transaction is completed.

(4) A relevant person who is relied on by another person must keep the records specified in paragraph (2)(a) for five years beginning on the date on which he is relied on for the purposes of regulation 6, 8B(7), 11 or 13(4) in relation to any business relationship or occasional transaction.

(5) But in any case where a police officer has notified a relevant person in writing that particular records are or may be relevant to an investigation which is being carried out, the relevant person must keep the records pending the outcome of the investigation.

(5A) For the avoidance of doubt, all documents and findings related to the investigations of—

(a) complex transactions;

(b) unusually large transactions; or

(c) unusual patterns of transactions, in relation to regulation 7, must be recorded and kept for a minimum period of five years to be available for competent authorities and auditors.

(6) A person referred to in regulation 14(2) (a) or (b) who is relied on by a relevant person must, if requested by the person relying on him within the period referred to in paragraph (4)—

(a) immediately make available to the person who is relying on him any information about the customer (and any beneficial owner) which he obtained when applying customer due diligence measures; and

(b) without delay forward to the person who is relying on him copies of any identification and verification data and other relevant documents on the identity of the customer (and any beneficial owner) which he obtained when applying those measures.

(7) A relevant person who relies on a person referred to in regulation 14(2)(c) (a

“third party”) to apply customer due diligence measures must take steps to ensure that

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

the third party will, if requested by the relevant person within the period referred to in paragraph (4)—

(a) as soon as reasonably practicable make available to him any information about the customer (and any beneficial owner) which the third party obtained when applying customer due diligence measures; and

(b) as soon as reasonably practicable forward to him copies of any identification and verification data and other relevant documents on the identity of the customer (and any beneficial owner) which the third party obtained when applying those measures.

(7A) A relevant person must not rely on a person referred to in regulation 14(2)(c) (a third party) or enter into outsourcing arrangements, referred to in regulation 14A, where access to records specified under this regulation in paragraphs (2) and (5A) without delay is likely to be impeded by confidentiality or data protection restrictions.

(8) Subparagraphs (6) and (7) do not apply where a relevant person applies customer due diligence measures by means of an outsourcing service provider or agent.

(9) For the purposes of this regulation, a person relies on another person where he does so in accordance with regulation 14(1). [Regulation 15 paragraph (5A) inserted by 2013 : 30 s. 22 effective 8 November 2013; paragraph (5A) amended by BR 61 / 2014 reg. 3 effective 30 July 2014; paragraphs (2)(a) and (4) amended by 2015 :

35 s. 18 effective 6 November 2015; paragraph (7A) inserted by 2015 : 53 s. 37 effective 1 January 2016; Regulation 15 paragraph (6) amended by 2018 : 5 s. 5 effective 21 March 2018]

16. Systems

(1) A relevant person must establish and maintain appropriate and risk-sensitive policies and procedures, approved by its governing body, relating to—

(a) customer due diligence measures and ongoing monitoring;

(b) reporting;

(c) record-keeping;

(d) internal control;

(e) the performance and documentation of any products or services (prior to launch) and the continual documentation of risk assessment and management of such products and services, in a form available to share with the supervisory authority;

(ea) risk mitigation mechanisms which include—

(i) consideration of the national or of the relevant person’s risk assessment results or conclusions;

(ii) the ability to effectively supply information to the supervisory authority; and

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(iii) the application of enhanced measures where the relevant person’s risk assessments identify a higher risk;

(f) the monitoring and management of compliance with and the internal communication of such policies and procedures in order to prevent activities related to money laundering and terrorist financing.

(1A) Where a relevant person intends to introduce a new product, practice or technology, the relevant person must perform and document a risk assessment prior to the launch of such product, practice or technology.

(2) The policies and procedures referred to in paragraph (1) include policies and procedures—

(a) which provide for the identification and scrutiny of—

(i) complex or unusually large transactions;

(ii) unusual patterns of transactions which have no apparent economic or visible lawful purpose; and

(iii) any other activity which the relevant person regards as particularly likely by its nature to be related to money laundering or terrorist financing;

(b) which specify the taking of additional measures, where appropriate, to prevent the use for money laundering or terrorist financing of products and transactions which might favour anonymity;

(c) to determine whether a new or existing customer is a politically exposed person;

(d) under which—

(i) anyone in the organisation to whom information or other matter comes in the course of the business as a result of which he knows or suspects or has reasonable grounds to suspect that a person is engaged in money laundering or terrorist financing is required to comply with sections 46(5) of the Proceeds of Crime Act 1997 or, as the case may be, section 9 or paragraph 1 of Part 1 of Schedule 1 to the Anti-Terrorism (Financial and Other Measures) Act 2004; and

(ii) where a disclosure is made to the nominated officer, he must consider it in the light of any relevant information which is available to the relevant person and determine whether it gives rise to knowledge or suspicion that a person is engaged in money laundering or terrorist financing.

(3) A relevant person must communicate where relevant the policies and procedures which it establishes and maintains in accordance with this regulation to its branches and subsidiaries which are located outside Bermuda.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(4) A relevant person must have systems in place enabling it to respond promptly to enquiries from a supervisory authority (in respect of a relevant person under the authority's supervision), the Financial Intelligence Agency or a police officer—

(a) whether it maintains, or has maintained during the previous five years, a business relationship with any person; and

(b) the nature of that relationship.

(5) A relevant person shall take appropriate steps (including the use of risk mitigation mechanisms referred to in paragraph (1)(ea)) to identify, assess and understand its money laundering and terrorist financing risks (depending on the type of customers, business relationships, countries or geographic areas, services, delivery channels, products or transactions), and shall document the risk assessments and keep them updated. [Regulation 16 amended by 2008:49 s.39(6) effective 1 January 2009; paragraph (1) amended and paragraph (1A) inserted by 2015 : 53 s. 38 effective 1 January 2016; paragraph (2) amended by

2017 : 10 s. 5 effective 24 March 2017; Regulation 16 paragraphs (3) and (4) amended by 2017 : 35 s.

8 effective 3 November 2017; Regulation 16 paragraph (2)(c) amended by 2018 : 5 s. 5 effective 21 March 2018; Regulation 16 paragraph (4) amended, and paragraph (5) inserted by 2018 : 51 s. 4 effective 10 August 2018]

17. Internal reporting procedures

(1) A relevant person must appoint a Reporting Officer and maintain internal reporting procedures which require that—

(a) a report is to be made to the Reporting Officer of any information or other matter which comes to the attention of an employee and which in the opinion of that employee gives rise to a knowledge or suspicion that another person is engaged in money laundering or terrorist financing;

(b) any such report be considered by the Reporting Officer in the light of all other relevant information for the purpose of determining whether or not the information or other matter contained in the report does give rise to such a knowledge or suspicion;

(c) the Reporting Officer be given access to any other information which may be of assistance to him in considering the report; and

(d) the Reporting Officer disclose to the Financial Intelligence Agency the information or other matter contained in a report, where the reporting officer knows or suspects or has reasonable grounds to suspect that a person is engaged in money laundering or terrorist financing.

(2) Paragraph (1) does not apply where the relevant person is an individual who neither employs nor acts in association with any other person.

(3) The relevant person shall be responsible for ensuring its Reporting Officer is adequately trained to carry out the role. [Regulation 17 paragraph (1) amended and paragraph (3) inserted by 2015 : 53 s. 39 effective 1 January 2016; paragraph (1) amended by 2017 : 10 s. 5 effective 24 March 2017]

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

17A. Independent audit function

(1) A relevant person must maintain an independent audit function to be conducted by a qualified independent third party or internally by persons independent of any other function, the lines of business over which the function has audit responsibilities, and financial operations.

(2) An independent audit function must provide and document an independent and objective evaluation of the robustness of the AML/ATF framework, and the reliability, integrity and completeness of the design and effectiveness of the AML/ATF risk management function and AML/ATF internal controls framework, and the AML/ATF compliance.

[Regulation 17A inserted by 2015 : 53 s. 40 effective 1 January 2016]

18. Training etc.

(1) A relevant person must take appropriate measures so that all relevant employees of his are—

(a) made aware of the law relating to money laundering and terrorist financing;

(b) regularly given training in how to recognise and deal with transactions which may be related to money laundering or terrorist financing; and

(c) screened prior to hiring to ensure high standards.

(2) For the purposes of this paragraph, an employee is a relevant employee if—

(a) at any time in the course of his duties, he has, or may have, access to any information which may be relevant in determining whether any person is engaged in money laundering or terrorist financing;

(b) at any time plays a role in implementing and monitoring compliance with anti-money laundering or anti-terrorist financing requirements.

(3) For the purposes of paragraph (1), the relevant employee includes an individual working on a temporary basis whether under a contract of employment, contract for services or otherwise. [Regulation 18 paragraph (1)(c) inserted and paragraph (2) deleted and substituted by 2013 : 30 s. 23 effective 8 November 2013; paragraph (3) inserted by 2015 : 53 s. 41 effective 1 January 2016]

18A. Compliance officer

(1) A relevant person shall designate a person employed at managerial level as the Compliance Officer of that relevant person.

(2) The relevant person shall be responsible for ensuring its Compliance Officer is adequately trained to carry out the role.

(3) The Compliance Officer shall—

(a) ensure that the necessary compliance programme procedures and controls required by these Regulations are in place; and

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(b) coordinate and monitor the compliance programme to ensure continuous compliance with these Regulations.

(4) A Compliance Officer may also be appointed as a Reporting Officer. [Regulation 18A inserted by 2015 : 53 s. 42 effective 1 January 2016; Regulation 18A amended by

2018 : 50 s. 12 effective 10 August 2018]

19. Offences

(1) A person who fails to comply with any requirement in regulations 6(1), (2) and

(3), 7(1) and (3), 8(2), 9(1)(a), (b) and (c), 11(1), 12(1) and (2), 13(1), (2), (3) and (4), 14(1), 15(1), (4), (5), (6) and (7), 16(1), (3) and (4), 17(1) and 18(1) is guilty of an offence and liable—

(a) on summary conviction, to a fine of $50,000;

(b) on conviction on indictment to a fine of $750, 000 or to imprisonment for a term of two years or to both.

(2) In deciding whether a person has committed an offence under paragraph (1), the court must consider whether he followed any relevant guidance which was at the time—

(a) issued by a supervisory authority;

(b) approved by the Minister; and

(c) published in a manner approved by the Minister as appropriate in his opinion to bring the guidance to the attention of persons likely to be affected by it.

(3) A person is not guilty of an offence under this regulation if he took all reasonable steps and exercised all due diligence to avoid committing the offence.

(4) Where a person is convicted of an offence under this regulation, he shall not also be liable to a civil fine imposed by or under any statutory provision in relation to the same matter.

[Regulation 19 paragraph (1) amended by 2013 : 30 s. 24 effective 8 November 2013]

BR 9/1998 revoked

20 The Proceeds of Crime (Money Laundering) Regulations 1998 are revoked.

PART 4TRANSFER OF FUNDS (INCLUDING WIRE TRANSFERS)

Introduction and application

Interpretation of Part 4

21 In this Part—

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

“batch file transfer” means several individual transfers of funds that are bundled together for transmission, being transferred to the same PSP, but may or may not be ultimately intended for different payees;

“complete information on the payee” means information consisting of the payee’s name and account number, but where the payee does not have an account number, the payee’s PSP shall substitute it with a unique identifier that allows the transaction to be traced to the payee;

“complete information on the payer” means information consisting of the payer’s name, address and account number, but—

(a) in the case of a natural person, the address may be substituted with the date and place of birth of the payer, his customer identification number or national identity number; and

(b) where the payer does not have an account number, the payer’s PSP shall substitute it with a unique identifier that allows the transaction to be traced back to the payer;

“intermediary PSP” means a PSP, neither of the payer nor of the payee, who participates in the execution of transfers of funds;

“money laundering” has the meaning given in section 7(1) of the Proceeds of Crime Act 1997;

“payee” means a person who is the intended final recipient of transferred funds;

“payer” means either—

(a) a person who holds an account and allows a transfer of funds from that account, or

(b) where there is no account, a person who places an order for a transfer of funds;

“payee’s PSP” means the PSP of the payee;

“payer’s PSP” means the PSP of the payer;

“PSP” (payment service provider) means a person whose business includes the provision of services for the transfer of funds;

“transfer of funds” means any transaction carried out on behalf of a payer through a PSP by electronic means, with a view to making funds available to a payee through a PSP, irrespective of whether the payer and the payee are the same person and includes the transfer of digital assets;

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

“unique identifier” means a combination of letters, numbers or symbols, determined by the PSP, in accordance with the protocols of the payment and settlement system or messaging system used to effect the transfer of funds. [Regulation 21 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; definition "complete information on the payee" inserted by 2015 : 53 s. 43 effective 1 January 2016; Regulation 21 definition "batch file transfer" amended by 2018 : 51 s. 4 effective 10 August 2018; Regulation 21 definition "transfer of funds" amended by 2022 : 2 s. 3(8) effective 27 February 2022]

22. Application of Part 4

(1) This Part applies to transfers of funds, in any currency, that are sent or received by a PSP in Bermuda.

(2) This Part does not apply to transfers of funds carried out using a credit card, debit card or pre-paid card, if—

(a) the payee has an agreement with the PSP permitting payment for the provision of goods and services; and

(b) a unique identifier, allowing the transaction to be traced back to the payer, accompanies such transfer of funds, unless the card is used as a payment system to effect a person-to-person transfer of funds.

(3) This Part does not apply to transfers of funds carried out by means of a mobile telephone or any other digital or information technology (“IT”) device, when such transfers are pre-paid and do not exceed $150.

(4) This Part does not apply to transfers of funds carried out by means of a mobile telephone or any other digital or IT device, when such transfers are post-paid and meet all of the following conditions—

(a) the payee has an agreement with the PSP permitting payment for the provision of goods and services;

(b) a unique identifier, allowing the transaction to be traced back to the payer, accompanies the transfer of funds; and

(c) the payee’s PSP is an AML/ATF regulated financial institution.

(5) This Part does not apply to transfers of funds—

(a) where the payer withdraws cash from his own account;

(b) where there is a debit transfer authorisation between the payer and the payee permitting payments between them through accounts, provided that a unique identifier accompanies the transfer of funds, enabling the payer to be traced back;

(c) where truncated cheques are used;

(d) to public authorities for taxes, fines or other levies within Bermuda; or

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(e) where both the payer and the payee are PSPs acting on their own behalf. [Regulation 22 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; Regulation 22 paragraph (2) amended by 2018 : 51 s. 4 effective 10 August 2018]

Obligations on the Payment Service Provider of the Payer

23. Information accompanying transfers of funds and record keeping

(1) The payer’s PSP shall ensure that transfers of funds are accompanied by complete information on the payer and payee.

(2) The payer’s PSP shall, before transferring the funds, verify the complete information on the payer on the basis of documents, data or information obtained from a reliable and independent source.

(3) In the case of transfers of funds from an account, the complete information on a payer shall be deemed to have been verified if the payer’s PSP has complied with the requirements of customer due diligence under Part 2.

(4) In the case of transfers of funds not made from an account, the payer’s PSP shall verify the information on the payer only where the amount exceeds $1000, unless the transaction is carried out in several operations that appear to be linked and together exceed $1000.

(5) A payer’s PSP shall not allow the transfer of funds in accordance with this regulation if the required information for doing so is not available.

(6) The payer’s PSP shall for five years keep records of complete information on the payer and payee that accompanies transfers of funds. [Regulation 23 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; paragraph (1) amended and paragraphs (5) and (6) inserted by 2015 : 53 s. 44 effective 1 January 2016]

24. Transfers of funds within Bermuda

(1) Notwithstanding regulation 23(1), where both the payer’s PSP and the payee’s PSP are situated in Bermuda, it shall suffice if transfers of funds are accompanied by the account number of the payer or a unique identifier allowing the transaction to be traced back to the payer.

(2) But if the payee’s PSP or a competent authority so requests, the payer’s PSP shall make available to the payee’s PSP, or the competent authority, complete information on the payer, within three working days of receiving that request from—

(a) the payee’s PSP; or

(b) the competent authority.

(3) Where a police officer is investigating criminal conduct or the proceeds of criminal conduct, the police officer may compel the payer’s PSP to immediately produce the information referred to in paragraph (2) by way of search warrant or production order.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(4) For the purposes of this regulation—

(a) “competent authority”, shall have the same meaning as under section 2 of the Proceeds of Crime (Anti-Money Laundering and Anti-Terrorist Financing Supervision and Enforcement) Act 2008; and

(b) “criminal conduct”, shall have the same meaning as under section 3 of the Proceeds of Crime Act 1997. [Regulation 24 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; paragraph (2) deleted and substituted and paragraphs (3) and (4) inserted by 2017 : 10 s. 5 effective 24 March 2017]

Batch file transfers

25 In the case of a batch file transfer from a single payer where the payees’ PSP is situated outside Bermuda, regulation 23(1) does not apply to the individual transfers bundled together in the batch file transfer if—

(a) the batch file transfer contains complete information on the payer and on each of the payees for each individual transfer;

(b) the individual transfers of funds carry the account number of the payer or a unique identifier where an account number is not available; and

(c) the complete information provided on all payees is fully traceable within the beneficiary country. [Regulation 25 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; paragraphs (a) and (b) amended by 2015 : 53 s. 45 effective 1 January 2016; Regulation 25 revoked and substituted by

2018 : 51 s. 4 effective 10 August 2018]

Obligations on the Payment Service Provider of the Payee

26. Detection of missing or incomplete information on the payer or payee

(1) The payee’s PSP shall detect whether, in the messaging or payment and settlement system used to effect a transfer of funds, the fields relating to the information on the payer or payee have been completed using the characters or inputs admissible within the conventions of that messaging or payment and settlement system.

(2) The payee’s PSP shall have effective procedures in place, which includes post- event monitoring or real-time monitoring where feasible, in order to detect whether the following information on the payer or payee is missing—

(a) for transfers of funds where the payer’s PSP is situated in Bermuda, the information required under regulation 24;

(b) for transfers of funds where the payer’s PSP is situated outside Bermuda, complete information on the payer and payee or, where applicable, the information required under regulation 31; and

(c) for batch file transfers where the payer’s PSP is situated outside Bermuda, complete information on the payer and payee in the batch file

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

transfer only, but not in the individual transfers bundled together in the batch transfer. [Regulation 26 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; headnote and paragraphs (1) and (2) amended by 2015 : 53 s. 46 effective 1 January 2016; Regulation 26 paragraph (2) amended by 2018 : 51 s. 4 effective 10 August 2018]

27. Transfers with missing or incomplete information on the payer or payee

(1) If the payee’s PSP becomes aware, when receiving transfers of funds, that information on the payer or payee required under this Part is missing or incomplete, the payee’s PSP shall—

(a) reject the transfer; or

(b) ask for complete information on the payer.

(2) But a person is not required to comply with paragraph (1) if to do so would contravene any other provision of an enactment.

(3) If the payer’s PSP regularly fails to supply the information on the payer required by this Part, the payee’s PSP shall report that fact to the Bermuda Monetary Authority.

(4) If the payer’s PSP regularly fails to supply the information on the payer required by this Part, the payee’s PSP shall take steps to attempt to ensure that the payer’s PSP complies with the requirements as to the supply of information set out in this Part, which steps may include—

(a) issuing warnings to the payer’s PSP; and

(b) setting deadlines for the payer’s PSP to comply with the requirements as to the supply of information set out in this Part.

(5) If after the payee’s PSP has taken steps under paragraph (4) in relation to a payer’s PSP and the requirements as to the supply of information set out in this Part are still not regularly complied with by the payer’s PSP, the payee’s PSP shall either—

(a) reject any future transfers of funds from that PSP; or

(b) decide whether or not to restrict or terminate its business relationship with that provider, either with respect to services for the transfer of funds or with respect to any mutual supply of other services. [Regulation 27 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; headnote and paragraph (1) amended by 2015 : 53 s. 47 effective 1 January 2016]

Requirement to report where missing or incomplete information makes transaction suspicious

28 The payee’s PSP shall consider missing or incomplete information on the payer as a factor in assessing whether the transfer of funds, or any related transaction, is suspicious, and whether it must be reported, in accordance with the requirements of

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

section 46 of the Proceeds of Crime Act 1997 or paragraph 1 of Part 1 of Schedule 1 of the Anti-Terrorism (Financial and Other Measures) Act 2004.

[Regulation 28 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010]

29. Timing of verification and record keeping

(1) The payee’s PSP shall, before transferring funds, verify the complete information on the payee on the basis of documents, data or information obtained from a reliable and independent source.

(2) In the case of transfers of funds from an account, the complete information on a payee shall be deemed to have been verified if the payee’s PSP has complied with the requirements of customer due diligence under Part 2.

(3) In the case of transfers of funds not made from an account, the payee’s PSP shall verify the information on the payee only where the amount exceeds $1,000, unless the transaction is carried out in several operations that appear to be linked and together exceed $1,000.

(4) The payee’s PSP shall keep for five years records of any information received on the payer and payee. [Regulation 29 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; deleted and substituted by

2015 : 53 s. 48 effective 1 January 2016]

Obligations on intermediary payment service providers

30. Keeping information on the payer and payee with the transfer

(1) Intermediary PSPs shall ensure that all information received on the payer and payee that accompanies a transfer of funds is kept with the transfer.

(2) Intermediary PSPs shall take reasonable measures commensurate with their risk-based policies, procedures and controls and consistent with straight-through processing, to identify transfers of funds that lack complete information for the payer or payee.

(3) Where an intermediary PSP becomes aware, when receiving a transfer of funds, that information on the payer or payee is incomplete or missing, regulation 27 shall apply as if references in that regulation to “the payee’s PSP” were references to the intermediary PSP.

(4) In paragraph (2), “straight-through processing” means payment transactions that are conducted electronically without the need for manual intervention. [Regulation 30 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; amended by 2015 : 53 s. 49 effective 1 January 2016; Regulation 30 amended by 2018 : 51 s. 4 effective 10 August 2018]

31. Duties of intermediary PSP in case of technical limitations

(1) This regulation applies where the payer’s PSP is situated outside Bermuda and the intermediary PSP is situated within Bermuda.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(2) Where technical limitations prevent the intermediary PSP from including all required payer or payee information accompanying the cross-border funds transfer in a related domestic funds transfer, the intermediary PSP shall keep a record, for at least five years, of all the information received from the payer’s PSP or another intermediary PSP.

(3) In any such case, the intermediary PSP shall, within three working days of receiving a request from the payee’s PSP to do so, make available to the payee’s PSP all the information on the payer or payee that it has received.

(4) [Revoked by 2018 : 51 s. 4]

(5) [Revoked by 2018 : 51 s. 4] [Regulation 31 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010; paragraphs (2) - (4) amended by 2015 : 53 s. 50 effective 1 January 2016; Regulation 31 amended by 2018 : 51 s. 4 effective 10 August 2018]

Obligations where a PSP controls both payee and payer side of a cross-border transfer of funds

31A In the case where the PSP controls both the payee and the payer side of a transfer of funds, the PSP shall—

(a) take into account all the information from both the payee’s and payer’s sides in order to determine whether to make a disclosure to the Financial Intelligence Agency in accordance with section 46 of the Proceeds of Crime Act 1997 or Schedule 1 to the Anti-Terrorism (Financial and Other Measures) Act 2004; and

(b) where a determination is made that a disclosure should be made to the Financial Intelligence Agency about a transfer of funds, also make a disclosure to the relevant financial intelligence unit in any country affected by that transfer of funds, and make relevant transaction information available to the Financial Intelligence Agency.

[Regulation 31A inserted by 2018 : 51 s. 4 effective 10 August 2018]

Offences and Penalties

32. Offences

(1) A payer’s PSP is guilty of an offence if he fails to comply with any requirements of—

(a) regulation 23(1) (read with regulations 24(1), 24(2) and 25 as the case requires);

(b) regulation 23(2) (read with regulations 23(3) or 23(4), as the case requires);

(c) regulation 23(5); or

(d) regulation 24(2).

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(2) A payee’s PSP is guilty of an offence if he fails to comply with any requirements of—

(a) regulation 26(1) (read with regulation 26(2));

(b) regulation 27(1) (read with regulation 27(2));

(c) regulation 27(3); or

(d) regulation 29.

(3) An intermediary PSP is guilty of an offence if he fails to comply with any requirements of—

(a) regulation 30;

(b) regulation 31(3);

(c) regulation 31(4); or

(d) regulation 31(5).

(4) A person guilty of an offence under paragraph (1), (2), or (3) is liable—

(a) on summary conviction, to a fine of $50,000;

(b) on conviction on indictment to a fine of $750,000 or to imprisonment for a term of two years or to both.

(5) In deciding whether a person has committed an offence under paragraph (1),

(2) or (3), the court must consider whether he followed any relevant guidance that was at the time—

(a) issued by the Bermuda Monetary Authority;

(b) approved by the Minister; and

(c) published in a manner approved by the Minister as appropriate in his opinion to bring the guidance to the attention of persons likely to be affected by it.

(6) A person is not guilty of an offence under this regulation if he took all reasonable steps and exercised all due diligence to avoid committing the offence.

(7) Where a person is convicted of an offence under this regulation, he shall not also be liable to a civil fine imposed by or under any statutory provision in relation to the same matter.

[Regulation 32 inserted by BR 2 / 2010 reg. 2 effective 13 January 2010]

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

SCHEDULE

(Regulation 10(7))

SIMPLIFIED DUE DILIGENCE AND POLITICALLY EXPOSED PERSONS

SIMPLIFIED DUE DILIGENCE

1 For the purposes of regulation 10(7), the conditions are—

(a) the product has a written contractual base;

(b) any related transaction is carried out through an account of the customer with a banking institution which is subject to these Regulations or a banking institution situated in a country or territory other than Bermuda which imposes requirements equivalent to those laid down in these Regulations;

(c) the product or related transaction is not anonymous and its nature is such that it allows for the timely application of customer due diligence measures where there is a suspicion of money laundering or terrorist financing;

(d) the product is within the following maximum threshold—

(i) in the case of insurance policies or savings products of a similar nature, the annual premium is no more than $1,000 or there is a single premium of no more than $ 2,500;

(ii) in the case of products which are related to the financing of physical assets where the legal and beneficial title of the assets is not transferred to the customer until the termination of the contractual relationship (whether the transaction is carried out in a single operation or in several operations which appear to be linked), the annual payments do not exceed $15,000;

(iii) in all other cases, the maximum threshold is $15,000.

(e) the benefits of the product or related transaction cannot be realised for the benefit of third parties, except in the case of death, disablement, survival to a predetermined advanced age, or similar events;

(f) in the case of products or related transactions allowing for the investment of funds in financial assets or digital assets or claims, including insurance or other kinds of contingent claims—

(i) the benefits of the product or related transaction are only realisable in the long term;

(ii) the product or related transaction cannot be used as collateral; and

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(iii) during the contractual relationship, no accelerated payments are made, surrender clauses used or early termination takes place.

2. Politically exposed persons

(1) For the purposes of regulation 11(6)—

(a) individuals who are or have been entrusted with prominent public functions include the following—

(i) heads of state, heads of government, ministers and deputy or assistant ministers;

(ii) members of parliaments;

(iii) members of supreme courts, of constitutional courts or of other high- level judicial bodies whose decisions are not generally subject to further appeal, except in exceptional circumstances;

(iv) members of courts of auditors or of the boards of central banks;

(v) ambassadors, chargés d’affaires and high-ranking officers in the armed forces; and

(vi) members of the administrative, management or supervisory bodies of State-owned enterprises;

(b) the categories set out in sub-paragraphs (i) to (vi) of paragraph (a) do not include middle-ranking or more junior officials;

(c) the categories set out in sub-paragraphs (i) to (v) of paragraph (a) include, where applicable, positions at domestic and international level;

(d) immediate family members include the following—

(i) a spouse;

(ii) a partner;

(iii) children and their spouses or partners; and

(iv) parents;

(e) persons known to be close associates include the following—

(i) any individual who is known to have joint beneficial ownership of a legal entity or legal arrangement, or any other close business relations, with a person referred to in regulation11(6)(a); and

(ii) any individual who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the benefit of a person referred to in regulation 11(6)(a).

(2) In paragraph (1) (d), “partner” means a person who is considered by his national law as equivalent.

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

(3) For the purposes of regulation 11(6A)—

(a) individuals who are or have been entrusted with prominent public functions include the following—

(i) the Governor, Premier, Ministers and Junior Ministers;

(ii) Members of the Legislature;

(iii) Permanent Secretaries;

(iv) Judges of the Supreme Court and Court of Appeal and Magistrates;

(v) members of the Board or senior management of the Bermuda Monetary Authority and the Bermuda Regulatory Authority;

(vi) commissioned officers in the Royal Bermuda Regiment and senior officers above the rank of Sergeant (which includes the Commissioner of Police) of the Bermuda Police Service; and

(vii) members of the Board of Directors and the Chief Executive Officer (by whatever name called) of the Bermuda Government owned or controlled enterprises or authorities, including but not limited to— West End Development Corporation; Bermuda Land Development Corporation; Bermuda Development Agency; Bermuda Tourism Authority; Bermuda Deposit Insurance Corporation; Bermuda Gaming Commission;

(b) the categories set out in subparagraphs (i) to (vi) of paragraph (a) do not include middle-ranking or more junior officials;

(c) the categories set out in subparagraphs (i) to (v) of paragraph (a) include, where applicable, positions at domestic and international levels;

(d) immediate family members include the following—

(i) a spouse;

(ii) children and their spouses; and

(iii) parents;

(e) persons known to be close associates include the following—

(i) any individual who is known to have joint beneficial ownership of a legal entity or legal arrangement, or any other close business relations, with a person referred to in regulation 11(6A)(a); and

(ii) any individual who has sole beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the benefit of a person referred to in regulation 11(6A)(a). [Schedule paragraph 2(3) inserted by 2015 : 53 s. 51 effective 1 January 2016; Schedule paragraph 2(3) amended by 2021 : 23 s. 54 effective 1 August 2021; Schedule paragraph 1(f) amended by 2022 :

2 s. 3(9) effective 27 February 2022]

PROCEEDS OF CRIME (ANTI-MONEY LAUNDERING AND ANTI-TERRORIST FINANCING) REGULATIONS 2008

Made this 24th day of November, 2008

Minister of Justice

[Amended by:

2008 : 49 BR 2 / 2010

2012 : 35 BR 16 / 2013

2013 : 30

2014 : 8 BR 61 / 2014

2015 : 35

2015 : 53

2016 : 36

2016 : 45

2016 : 51

2017 : 10

2017 : 28

2017 : 35

2018 : 5

2018 : 50

2018 : 51

2018 : 49

2020 : 36

2021 : 23

2022 : 2

2025 : 20 BR 100 / 2025]