Gibraltar
Detailed Assessment Report on Anti-Money Laundering and Combating the Financing of Terrorism

Gibraltar’s Detailed Assessment Report on Anti-Money Laundering (AML) and Combating the Financing of Terrorism is reviewed. The principal AML risk to Gibraltar is lodged in its professional sector, which is likely to be involved in the layering and integration of proceeds of crime. There is also some risk to Gibraltar at the placement stage, in connection with drug trafficking, migrant smuggling, and organized crime in southern Spain. The Financial Services Commission in Gibraltar has established a strong, risk-based framework for financial institutions for AML.

Abstract

Gibraltar’s Detailed Assessment Report on Anti-Money Laundering (AML) and Combating the Financing of Terrorism is reviewed. The principal AML risk to Gibraltar is lodged in its professional sector, which is likely to be involved in the layering and integration of proceeds of crime. There is also some risk to Gibraltar at the placement stage, in connection with drug trafficking, migrant smuggling, and organized crime in southern Spain. The Financial Services Commission in Gibraltar has established a strong, risk-based framework for financial institutions for AML.

Executive Summary

4. The Gibraltar authorities have done a good job of implementing improvements to Gibraltar’s AML/CFT regime in the main financial sector area of banking to keep abreast of evolving standards in AML/CFT. In other sectors of financial intermediation, the FSC is making considerable progress in enhancing the effectiveness of existing preventative measures. This is in common with many other jurisdictions where the regulation and supervision of the banking sector has been in existence for a longer period of time and where the focus of AML/CFT measures has been concentrated. Though relatively small in absolute terms, Gibraltar’s financial center is important to the overall economy, and Gibraltarians universally place a high priority on maintaining Gibraltar’s reputation as a well regulated center. Gibraltar has welcomed multiple external reviews of its system by the Offshore Group of Banking Supervisors (OGB S), the IMF, and the UK. Authorities take a practical approach to implementing AML/CFT controls, and they have focused much of their resources and attention on providing effective international cooperation.

5. The principal AML risk to Gibraltar is lodged in its professional sector, which is likely to be involved—wittingly or not—in the layering and integration of proceeds of crime. There is also some risk to Gibraltar at the placement stage, in connection with drug trafficking, migrant smuggling, and organized crime in southern Spain. Most money-laundering cases involving Gibraltar arise out of investigations into international fraud schemes. Traditional organized crime and drug related cases, though important, comprise a minority of criminal investigations that touch Gibraltar’s financial center. The professional sector of lawyers and accountants often introduces their clients to the financial sector institutions in Gibraltar.

6. Gibraltar needs to take a number of steps to move its legal and regulatory regime forward to reflect the revised FATF 40 plus 9 Recommendations. The criminal laws on money laundering should be consolidated, and powers presently available only in drug-related money-laundering cases should be extended to money-laundering cases involving the proceeds of other crimes. Prosecutors and police should pursue cases as they arise to create a deterrent against misfeasance by professional service providers. Proposed legislation on mutual legal assistance should be enacted. The Financial Service Commission’s Anti-Money Laundering Guidance Notes need to be updated, inter alia, to reflect risks associated with terrorist financing, and some of the key provisions currently in the Guidance Notes need to be reflected in law or regulation. Bureaux de change and money transmitters (non-bank) need to be supervised for AML/CFT compliance. Finally, the government needs to conduct risk assessments of those designated non-financial businesses and professions that are not supervised by the FSC or GRA and, as appropriate, extend authority for monitoring for compliance with AML/CFT requirements to them as well.

Legal systems and related institutional measures

7. The Gibraltar legal framework for money laundering is divided into two fundamental statutes—the Drug Trafficking Offenses Ordinance and the Criminal Justice Ordinance. These statutes, along with a terrorism ordinance, articulate criminal prohibitions against money laundering from a wide range of offenses and against various types of support to terrorists. These statutes also require financial institutions and others to report suspicious transactions in line with the FATF Recommendations. After the decision by the House of Lords in Montilla (2005), which required proof that the predicate offense was either drug trafficking or another serious crime, and unfortunate local rulings in two significant cases in Gibraltar, however, the attorney general has concluded that he cannot go forward with domestic money-laundering prosecutions without clear and convincing proof (although not necessarily a conviction) of the underlying offense. Since most predicates occur abroad, the attorney general has not been able to pursue effectively in Gibraltar cases that have been brought to his attention. This is a serious weakness in the AML/CFT regime.

8. Prosecutors’ powers could be enhanced by consolidating the provisions of the CJO and the DTOO into a single statute that extends powers currently available to authorities only in drug-related money-laundering cases. The money-laundering risk in Gibraltar is lodged principally in the professional sector, and a few Gibraltarian professionals have been previously implicated in foreign fraud and money-laundering prosecutions. With consolidated statutes, Gibraltar authorities would be better positioned to follow up on credible suspicions or intelligence and aggressively pursue cases of money laundering by professional advisors if and when they arise. A consolidation of the two offenses would be appropriate so that there is one offense which then would have a series of indictable proceeds generating predicate offences. This would obviate the need for prosecutors to determine if the predicate offence stems from criminal conduct or drugs. Given the two money-laundering cases from Gibraltar that were overturned on appeal, it may also be advisable to arrange for a training session for the bench and bar on international developments in the criminal law of money laundering.

9. Following September 11, 2001 and the subsequent United Nations Security Council Resolution 1373, the United Kingdom extended (to Gibraltar) terrorism legislation by Order in Council. This has included implementing targeted freeze action against particular terrorist financing suspects. In addition, Gibraltar has enacted its own domestic Terrorism Ordinance 2005, which gives authorities broad powers to prosecute suspected supporters of terrorism and to confiscate their assets.

10. Like the Gibraltar criminal prohibition on money laundering, the domestic confiscation regime is split between drugs-related and non-drugs related schemes. The authorities for drugs-related confiscation are very broad and include reversals of the burden of proof, the ability to enforce external confiscation orders, and the ability to seize cash suspected of being proceeds of drug trafficking. Conversely, in cases involving other criminal proceeds, the authorities have more limited powers. This split causes practical difficulties for the authorities. For example, when suspect cash is detected at the border, authorities are not able to detain it unless they can prove that it represents the proceeds of a specific offense. Similarly, after a conviction on a non-drug related, proceeds generating crime, the government—not the defendant—bears the burden of proving that the defendant’s property is derived from illicit proceeds.

11. Gibraltar has a small FIU embedded in its joint police/customs Gibraltar Coordinating Centre for Criminal Intelligence and Drugs (GCID). The FIU is a member of the Egmont Group and functions effectively within the Gibraltar system. The FIU should, however, provide a clearer public statement of its authority and functions, including with respect to suspicious transaction reports. The government should also consider, in light of the questionable legal basis for the practice of freezing accounts on the basis of “non-consent” letters, whether to promulgate explicit freezing authority to the GFIU and/or GCID.

Preventive measures—financial institutions

12. The FSC in Gibraltar has established a strong, risk-based framework for financial institutions for AML. Since the last assessment in 2001, there has been continued progress in the systems and controls implemented in the financial industry. The FSC has taken the lead in this area. It has issued the key document for AML compliance, namely the Anti-Money Laundering Guidance Notes (AMLGNs). These AMLGNs amplify broad provisions set out in the CJO. The authorities have agreed that certain provisions in the CJO on customer due diligence and record keeping need revision as they are now contrary to the preferred provisions set out in the AMLGNs. The AMLGNs require customer due diligence, ongoing monitoring, designation of a money laundering reporting officer, and reporting of suspicious transactions. The AMLGNs will be further strengthened when they are extended to better capture considerations related to the financing of terrorism which were largely absent at the time of the assessment. In addition to issuing the AMLGNs, the FSC conducts on-site inspections and off-site analysis, it can compel production of any record to assist in its supervisory efforts, and it can impose sanctions in the case of non-compliance with the standards. The FSC has a maximum 3 year cycle of on-site inspections with a number of institutions on a shorter cycle, depending on the FSC’s risk-based assessment of the financial institution. The FSC closely follows up with financial institutions on shortcomings found in the assessments.

13. The FSC is responsible for supervising banks and building societies, investment businesses, insurance companies, and controlled activities, which include investment services, company management, professional trusteeship, insurance management and insurance intermediation. The Gibraltar Savings bank, the only state-owned financial institution, bureaux de change, and (non-bank) money transmitters operate outside the scope of the FSC’s authorities. The Gibraltar Savings Bank is subject to reasonable oversight and regulation by the Treasury and supported by the government’s auditors, who review controls and systems, as well as the accounts.

14. The current weaknesses in Gibraltar’s supervisory and regulatory structure stem from the limited and ineffective oversight of bureaux de change and the complete lack of oversight of its stand-alone money transmitters. The bureaux de change are licensed by a government committee, the Bureaux de Change Committee, headed by the Financial and Development Secretary. There is an “investigating officer,” from customs, who currently provides the only oversight on bureaux de change. He does not have a remit to conduct supervision. While the bureaux de change are subject to the AMLGNs issued by the FSC, authorities have only a limited ability to audit compliance and ensure corrective action where necessary, because remediation mechanisms, including sanctions, are also limited. The Bureaux de Change Committee can only suspend or cancel a license; it cannot impose conditions or directions that would ensure corrective action of identified deficiencies. These weaknesses were identified during an AML review conducted by the Offshore Group of Banking Supervision (OCBS) in 2001, and several bureaux de change were closed in connection with a money-laundering investigation in the UK 1998, yet authorities still have not addressed this risk. There is currently also one (non-bank) money transmitter that was subject to no licensing until it was registered under the Bureaux de Change license in December 2005, but it has not been subject to supervision or oversight. The total turnover from the licensed Bureaux de Change was £ 89 million for the year ending March 2006.

15. Overall, the financial sector receives strong supervision from the FSC but weaknesses in the supervision by the government of Gibraltar of the non-bank Bureaux de Change and the money transmission agent need to be addressed. The government of Gibraltar recognizes the issues and risks associated with the bureaux de change and the money transmission agent. A draft Money Services Business Ordinance has been developed and the government is urged to move it rapidly toward finalization. Bureaux de change and money transmitters will be captured under this new Ordinance and will be subject to oversight by a government committee. The current proposal that the FSC Commissioner would head this Committee seems reasonable, as the FSC has demonstrated that it has the skills, abilities, and resources to provide appropriate oversight of the rest of the financial system.

Preventive measures—designated non-financial businesses and professions and non-profit organizations

16. Gibraltar has established a strong AML control environment for trust and company service providers, which is not matched for the other categories of DNFBP. The TCSP are licensed, regulated, and supervised by the FSC and are subject to regular inspections and significant regulatory requirements. The current oversight for the gambling industry is limited and in the process of transition to an entirely new system. The new system, which is being developed in response to the Gambling Ordinance (GO) 2005 (enacted but yet to be placed into effect),F1 will comprise a ministerial-level licensing authority, a regulatory authority and an ombudsman. Currently, both the TCSP and the internet based gambling sector are subject to the AMLGNs, but only the TCSP are actually supervised against them. Given the emerging importance of the internet gambling sector to Gibraltar’s economy, authorities should move quickly to impose AML/CFT supervision.

17. The remainder of the DNFBP, including lawyers, notaries, accountants, high value goods dealers, and real estate agents are also subject to the Criminal Justice Ordinance. No further rules or regulations on AML/CFT have been promulgated in Gibraltar for DNFBPs, although the government has issued guidance to high value goods dealers on an information-only basis. In addition, there is no oversight by competent authorities in these industries to ensure that systems and controls are in place to combat money laundering and the financing of terrorism. Lawyers are required by local law to comply with English AML regulations, but there is no local monitoring of compliance with these requirements.

18. Overall, the Charities Ordinance (CO) provides a solid framework for the supervision of charities by the Charities Board (the “Board”). The requirements for registration of charities with the Board after an appropriate application and disclosure of material information by the applicant indicates that the Board is fulfilling its gatekeeper role with regard to the registration of charities. The blanket exception granted to religious charities under Section 6(4) of the CO should be reviewed, however. Adequate legal provisions are in place for ongoing supervision of, investigation of and intervention regarding charities to prevent abuse. In practice, all charities are required to file annual audited accounts with the Supreme Court registry and these accounts are reviewed by the Board. Should clandestine diversion of funds be discovered, adequate legal provisions exist for the Board to undertake immediate and effective actions to halt terrorist financing.

Legal persons and arrangements

19. Gibraltar has been a pioneer in the supervision and regulation of Professional Trusteeship and Company Management service providers. Only persons licensed under the Financial Services Ordinance can form and manage companies in Gibraltar, and they are subject to the full panoply of preventive measures and oversight on the same terms as banks and other prudentially supervised financial service providers. The FSC has applied its risk-based supervisory system to the fiduciary services industry, and industry appears generally to be compliant. Nevertheless, the government should repeal legislation allowing share warrants to bearer, as it promised to do four years ago in negotiations with the OECD, and ensure that Companies House’s data base is searchable by all relevant fields. It should also abolish asset protection trusts and limit the operability of flee clauses.

National and international cooperation

20. Domestic co operation on AML/CFT issues is facilitated by the on-going forum of the Enforcement Committee. The Committee brings together representatives of the law enforcement, intelligence, regulatory, policy and financial development authorities. It appears to be an effective mechanism for sharing information on trends and vulnerabilities in money laundering and terrorist financing and other areas of criminal activity. Protecting Gibraltar’s reputation is a key motivating factor for the Committee. Gibraltar’s small size allows for operational efficiencies, and appropriate gateways exist for information sharing between relevant authorities.

21. The United Kingdom has not extended to Gibraltar the Vienna Convention or the International Convention for the Suppression of the Financing of Terrorism (ICSFT). The Gibraltar government has, however, legislated a number of key provisions which mirror many of those in the Conventions. The Transnational Organized Crime Ordinance (2006) implementing the provisions of the Palermo Convention came into operation on April 20, 2006. The mission recommends that the Vienna and ICSFT Conventions are also swiftly extended to Gibraltar.

22. Gibraltar authorities are to be commended for the resources they have devoted to international cooperation on money laundering and terrorist financing cases. As a member of the EU, they are able to provide full cooperation at the investigative stage to other EU member states. Last year, they enacted legislation that extends the same privileges to non-EU member states, provided such states agree to reciprocity. Further, recently published draft legislation would extend such privileges automatically to all states that have ratified the UN Transnational Organized Crime Convention. The draft legislation would also solve another limitation in Gibraltar’s current law, namely that in non-drug related money laundering cases foreign states are not permitted to obtain restraint orders or register and enforce their confiscation orders in Gibraltar.

23. The FIU has also played an important role in national and international cooperation. Since being admitted to the Egmont Group in 2004, the GFIU regularly shares information with other FIUs through the Egmont secure web system. It has responded to the 46 requests received, and has initiated ten requests. In several cases, the GFIU has been able to contribute to overseas investigations by taking the initiative to cooperate closely with other Egmont Group members.

24. The Financial Services Commission regularly shares information with other international competent authorities. In the case of the Queen (on the application of a Gibraltar company, X, Y, and Z and other respondents) (2003), the FSC was challenged on legal authority to provide information to a foreign supervisor. The court found that, in order for the commissioner to share information with foreign counterparts, he must satisfy himself that the requesting body performs a function similar to his own, the disclosure is necessary to assist the requesting body, and it is in the interests of the public of Gibraltar that he should disclose it to the requesting body. The mission was advised by several foreign supervisors that the FSC has in fact shared information.

General

Background information on Gibraltar

25. Gibraltar is an overseas territory of the United Kingdom. A reform of the Constitution to transfer further powers exercised by the U.K. government to Gibraltar was approved by referendum on 30 November, 2006. Gibraltar has been a constituent of the European Union (EU) since 1973 under the U.K. Treaty of Accession. However, it is excluded from the common external tariff, the common agricultural policy, and the requirement to levy value added tax (VAT).

26. Gibraltar’s economy is dominated by three sectors—tourism, ports and shipping, and financial services. Over the past two decades the economy has transformed significantly—in the early 1980s the provision of services to the Ministry of Defense accounted for approximately 60 percent of the economic activity and its contribution is now estimated to be about 5 percent. Recently internet gambling firms have established operations in Gibraltar providing further employment opportunities. Gibraltar has a population of about 30,000 with per capita GDP of some £18,000 in 2002-2003.

27. Fiscal policy, and in particular tax policy, has helped to diversify the economy away from its reliance on government (Ministry of Defense) spending. Since 1967 an exempt company regime has applied to corporate taxation. Exempt companies are those that are not owned by Gibraltarians and do not do business domestically, and are thus exempt from paying corporate taxes. Otherwise effective corporate tax rates range from 20 to 35 percent. There is no capital gain tax, wealth tax, inheritance tax, estate duty, VAT, or sales tax. There are no exchange controls but there is a customs duty of 12 percent with some exemptions (e.g., computer equipments and food items). Personal income tax contributes the bulk of fiscal revenue. The government plans to reform the tax regime to comply with the European Union’s state aid rules. A new tax regime is expected to be in place by July 2007.2 The exempt tax regime is to be phased out by 2010 and starting July 2006 no new entities will be given an exempt status.

28. The authorities don’t expect the reforms to the tax regime to have significant adverse affects on the financial service sector. One important reason for this is the access to EU market, through “passporting” that is made available to financial service providers domiciled in Gibraltar.3 The number of entities seeking to passport out of Gibraltar has been increasing in recent years, particularly in the insurance sector. Another important reason is the development of a skilled pool of labor and expertise in the financial services sector.

General situation of money laundering and financing of terrorism

29. Gibraltar is an important international financial centre with strong ties to London, the Channel Islands, Israel, Cyprus and other financial centers. Located at the southern tip of Spain, near the north coast of Africa, Gibraltar is proximate to known drug trafficking and human smuggling routes. It is also a retail banking centre for northern European expatriates with property in southern Spain. Southern Spain has experienced a recent influx of criminal elements from Eastern Europe who are known to engage in a wide range of proceeds generating crimes. These factors all contribute to money laundering and terrorist financing risks in Gibraltar.

Financial services sector and DNFBPs in Gibraltar

30. Gibraltar’s financial sector consists primarily of branches or subsidiaries of international firms. Given the limited size of the domestic market, most of the firms have established themselves in Gibraltar to provide services to nonresidents. While there is competition among these firms for nonresident clients, most have identified a niche market or product (see below).

31. All except one of the 18 banks are branches or subsidiaries of international banks. Seven banks provide retail services to the very small domestic market, and for only two of these does this constitute a significant part of the business. The remainder focuses almost entirely on nonresident clients.

32. The provision of investment services to nonresident clients is the most important function (in terms of value added) conducted by the banks in Gibraltar. The banks provide various related services for wealth/asset management. The business may be directed to the banks through independent asset managers either located in Gibraltar or overseas, or through the parent offices, or acquired through Gibraltar based marketing efforts. Fiduciary deposits from parent banks are also a common feature of the banking industry in Gibraltar.

33. The client base is made up mostly of Swiss-based investors and of U.K. or Western European nationals (excluding nationals of Spain and Portugal) who now reside in this region for at least part of the year, because they own property there. In theory, the Gibraltar-based banks compete with Spanish banks, but at present the banks in Spain do not appear to be interested in offering private banking facilities such as those offered by Gibraltar based banks. One of the main types of nonresident service provided by some of the banks, in addition to asset management functions, is mortgage lending for properties located in southern Spain and Portugal. However, banking statistics may not accurately reflect the size of such activity because primarily for various tax reasons some of the banks book such activity out of their parent offices (e.g., in the U.K.).4 Nevertheless, the banks in Gibraltar provide all the administrative services associated with such lending activity and it remains an important source of revenue for the Gibraltar banks.

34. The insurance sector has been growing in recent years. A key reason for this is the ability of firms licensed in Gibraltar to passport their services to EU member states. As of mid-March 2006, there were 49 insurance companies licensed in Gibraltar. Of these, seven had notified that they would be passporting their services by establishing a branch in other EEA states. Twenty-six of the Gibraltar companies had notified that they would provide services to other EEA states and three companies licensed in other EU states provide services in Gibraltar. There are two locally incorporated firms that provide insurance service to Gibraltar residents. Gibraltar residents can however purchase insurance through branches or agencies of EEA companies. There are 14 captive insurance companies.

35. There are also six insurance managers who manage many of the companies licensed in Gibraltar. These managers provide head office functions while the products are marketed to nonresidents. Some of the managers also provide some brokering and accounting services. Most of the companies managed are general insurance companies and captives. In addition, there are 34 insurance intermediaries—17 provide both life and non life insurance products; six provide only life insurance products; and the rest (11) provide general insurance products.

36. While most of the investment services are provided by banks there are 23 non-bank firms that provide investment services (as of mid-March 2006). Of these, 19 provide portfolio management service either on a discretionary or non discretionary basis, and three serve as securities brokers (investment dealers). In addition, there are two investment dealers who buy and sell securities for their own account. There are also 48 collective investment schemes (CIS) registered of which only five are domiciled in Gibraltar. Forty-three are recognized as UCITS or by the U.K. FSA. Under the recent Financial Services (experienced investor funds) Regulations (2005), six experienced investor funds have been established.

37. There has been small, but steady growth in the number of company and trust service providers in recent years. There are 82 groups authorized by the FSC to provide company management and/or professional trusteeship services in or from within Gibraltar. The sector is made up of large international firms and domestic firms with a mix of professional accountant firms, legal firms, and pure company management firms. Gibraltar has bureaux de changes, which are licensed by a committee chaired by the Financial and Development Secretary. The number of bureaux de change has been steadily decreasing from 26 in 1998 to 14 currently. Money transmission services are primarily conducted by the banks, but there is one stand-alone money transfer business.

38. There has been significant growth in the online gaming industry in Gibraltar since 2001. Fifteen licenses have been issued and employment in this sector has increased from 550 to about 1,350. These firms provide online gambling and sports betting services. Several of the firms are listed on the London Stock Exchange and two firms are very large global players. There is also a land-based casino located in Gibraltar. It has an annual turnover of about £6 million per year. The new Gambling Ordinance will extend coverage of the AML/CFT provisions to all forms of remote gambling, not just casinos.

39. There are 250 lawyers in Gibraltar, and 100 auditors/accountants registered with the Auditors Registration Board. Lawyers are subject to the practice rules of the Law Society of England and Wales, and to discipline by the Supreme Court. Auditors, but not accountants, are subject to a minimal level scrutiny under the Auditors Registration Board.

40. The real estate industry has been experiencing a boom in recent years and the level of home ownership and price levels have increased significantly. A level of price control exists in the market as non residents and high net worth individuals are restricted in the range of property they can purchase. The vast majority of purchases are still from the United Kingdom and expatriate community. Real estate agents do not have to be licensed to practice in Gibraltar.

Enforceability of the Anti-Money Laundering Guidance Notes

41. For the purposes of this assessment, the mission determined that the Anti-Money Laundering Guidance Notes (AMLGNs) are considered to be “other enforceable means” for the purposes of this assessment. This was the subject of significant discussion with the authorities while the mission was on-site because the AMLGNs were initially issued improperly.

42. The AMLGNs were issued by the Financial Services Commission (FSC). While the FSC is listed as a supervisory authority in Section 19(2) of the CJO and is mandated by Section 20 of the CJO to report evidence of money laundering that it obtains, the CJO contains no authority for the FSC to issue guidance. While Section 9(3) of the CJO indicates that a court may take account of any relevant supervisory or regulatory guidance which applies to a person required to comply with identification, internal controls and record keeping requirements, it does not, in itself, grant the authority to the FSC to issue such guidance.

43. Authority to issue regulations is granted to the government of Gibraltar by Section 45 of the CJO, but none have been issued to date. Within the FSC Ordinance, the mission could not locate a provision which authorizes the FSC to issue guidelines, circulars or any such other documents. Section 6 of the FSC Ordinance 1989 sets out the duties of the Commission. Section 6(2)(b) allows the commission “in respect of financial services in those areas where Community law applies, to monitor the extent to which Gibraltar legislation and supervision of licensed institutions comply with community obligations, and establish and implement standards which match those required by legislation and supervisory practice governing the provision of financial services within the United Kingdom.” This is a monitoring power only, however, and not an authority to actually issue guidance. Section 7(2)(f) allows the Commission to “compile, prepare, print, publish, issue, circulate and distribute, whether for payment or otherwise, such papers, leaflets, magazines, periodicals, books and other literary matter as may be conductive to the attainment of the objects of the commission or the advancement of its functions.” The assessors concluded that the Commission has no authority to issue the AMLGNs.

44. In contrast, Section 8(2) of the FSC Ordinance grants the commissioner the power to “supervise institutions to be licensed to provide any financial services with a view to ensuring that such supervision complies with any applicable Community obligates and, where these obligations apply, establish and implement standards which match those required by legislation and supervisory practice governing the provision of financial services with the United Kingdom.” Community directives have been issued on anti-money laundering and combating the financing of terrorism.

45. Thus, the commissioner has authority to issue the AMLGNs, but they were issued initially by the Commission instead. When the mission brought this issue to the Gibraltar authorities, they agreed with the mission’s analysis, and indicated that the issuance of the AMLGNs by the Commission was a mistake.

46. During the mission, the commissioner jointly re-issued the AMLGNs with the government (to cover bureaux de change) so that the AMLGNs are now validly issued. Furthermore, pursuant to Section 9(3) of the CJO, the AMLGNs may be issued and may be taken into account by a court of law. In the introduction to the AMLGN, the FSC links the issuance of the AMLGNs to the CJO with clear language and a lengthy discussion of the FSC’s belief that compliance with the AMLGN is mandatory.

47. It is important to note that the government has also issued guidance notes to the high value cash dealers on AML/CFT. However, these were issued on an information-only basis, are not enforceable, and are not, therefore considered “other enforceable means” for the purposes of this assessment.

48. The FSC has the authority to use a range of mechanisms to enforce the AMLGNs. These include letters of agreement, use of reporting accountants and the issuance of directions or conditions. Most recently the FSC required firms to employ reporting accountants to audit their AML systems and controls when the FSC identified a breach of AML/CFT controls from their onsite examinations. The reporting accountants or “commissioned auditors” are required to fully assess the issue which has been discovered by the FSC. The Reporting Accountants report will include systems of control improvements to which management is accountable to the FSC. An action plan for remediation, together with target dates for completion has been agreed between the senior management and the FSC. The Reporting Accountants may then be further engaged by the FSC to monitor the effectiveness of the remediation program and its attainment. Thirteen financial institutions have been required to undertake a remediation program on CDD for AML purposes. These financial institutions have been required to implement the remediation program and give regular follow up reports to the FSC on their progress.

49. The FSC may also impose conditions or directions on firms for failure to comply with the AMLGNs. No such condition or direction has been imposed on a financial institution for failure of AML/CFT systems.

50. Section 9(3) of the CJO allows a court to take into account guidelines issued by industry bodies in determining where there has been a violation of the CJO by a financial institution. The FSC in the introduction to the AMLGNs indicates that it has drawn up the AMLGNs in light of Section 9(3) of the CJO and the AMLGNs are intended to interpret the CJO in a practical manner.

51. The commissioner of the FSC provided the Mission with a copy of a proposed amendment to the FSCO which would amend the powers of the commissioner to specifically include both rule making and guidance issuance powers. The commissioner would also have the power to petition the court directly for an order of winding up without having to rely upon other authorities. These will be helpful tools to enhance the commissioners powers.

52. In summary, the AMLGNs have now been validly issued by the commissioner of the FSC under Section 8(2) of the FSC Ordinance. They reflect the broad requirements of the CJO. The supervisory regime in Gibraltar closely follows that of the FSA in the UK. Financial institutions are supervised through onsite examinations, reports are issued and follow up actions are required to be taken as set out in the follow up reports issued by the FSC. The hiring of reporting accountants by firms has been mandated for thirteen separate firms for remediation of AML/CFT CDD matters which are also considered breaches of internal controls as required by the CJO. The use of such reporting accountants is an expensive and extensive sanction requiring both the payment of accounts fees by the financial institution as well as the implementation of the remediation plan which can sometimes take considerable time to implement.

53. Imposition of conditions and directions are also possible although no such conditions or directions have been issued for failure to comply with the AMLGNs. Revocation of authorization remains the ultimate sanction. No revocation of licenses have occurred for failure of AML/CFT controls. Fines are not part of the FSC’s arsenal of sanctions. In the view of the mission, this would be a useful addition for the FSC but the lack of the ability to issue fines per se does not adversely affect the conclusion that the AMLGNs are “other enforceable means” for the purposes of this assessment. While sanctions have only been used sparingly, there is a clear ability for the FSC to sanction regarding failure to comply with the AMLGNs which are an amplification of the general requirements of the CJO.

Overview of commercial laws and mechanisms governing legal persons and arrangements

54. Companies. Gibraltar generally provides for the incorporation of public companies limited by shares or guarantee and private companies limited by shares or guarantee. It is also possible in Gibraltar to incorporate an unlimited company with share capital, a European Economic Interest Grouping, and a protected cell company (limited to insurance companies with permission from the FSC). The vast majority of the approximately 25,000 active companies in Gibraltar are private companies, defined as having not more than 50 shareholders. The number of active companies in Gibraltar has declined by approximately 5,000 since 2001.

55. All companies incorporated in Gibraltar must be registered. Companies House Gibraltar has a staff of 20 people (including several experienced company formation lawyers) and serves as the Registrar of Companies. Companies House is obliged to keep a public record of the ownership of the shares of all companies. This information is updated annually or whenever a change of ownership of the shares takes place. Gibraltar companies also have to file annual returns, which include the names, nationality, profession, and address of shareholders. If a company does not file an annual return it may be struck off the register and its property confiscated.

56. Gibraltar’s Companies Ordinance law allows for nominee shareholders and corporate directors. Directors do not have to be residents of Gibraltar. Bearer shares are not permissible, but “share warrants” to bearer (which allow shares to be redeemed to their holder) are. As part of its commitment to the OECD in connection with the harmful tax competition initiative,5 the government intends to repeal the legislation relating to share warrants to bearer.

57. All Gibraltar companies must have a registered office in Gibraltar. Foreign companies doing business in Gibraltar or with a place of business in Gibraltar must register with the Registrar and comply with the same disclosure requirements as apply to Gibraltar companies. All companies must maintain in their registered office a Register of Members that includes the name, address, nationality and profession of all shareholders. This Register of Members is open to public inspection.

58. Companies are required to maintain accounts that give a true and fair view of companies’ assets, liabilities, financial position, and profit and loss. Companies must file accounts with the Registrar in accordance with Gibraltar legislation transposing relevant EU Directives, but filings vary in complexity based on the type and size of the company.

59. Partnerships. Limited Partnerships are required to register their name, nature of business, place, name of partners, terms of partnership, statement of limitations, and sums contributed, and to update this information if and as it changes. Companies limited by shares may—if the Registrar is satisfied that they qualify as a limited partnership—register as a limited partnership. Limited partnerships are required to file annual accounts with the Registrar, as well. Simple partnerships are not required to register.

60. Trusts. There are currently over 2000 trusts under administration in or from within Gibraltar by a variety of licensed service providers. Types of trusts in Gibraltar include accumulation and maintenance settlements, non-interest in possession settlements, interest in possession settlements, bare trusts, discretionary trusts, and charitable trusts. Trust legislation in Gibraltar does not significantly differ from trust legislation in other common law jurisdictions, including the U.K., with English equitable principles being applied through the English Law (Application) Ordinance.

61. Resident trustees of domestic and foreign trusts are obliged to have information regarding the identity of settlors, protectors and enforcers, and beneficiaries under the relevant trust law and anti-money laundering legislation. Trustees are required to maintain trust deeds/declarations of trust, letters of wishes, records of trust assets and general correspondence files with regard to all trusts for which they act as trustees. Except for so-called “asset protection” trusts, trusts are not required to be registered in Gibraltar.

62. Asset Protection Trusts. Gibraltar law provides for so-called asset protection trusts under Section 42A of the Bankruptcy (Registry of Dispositions) Ordinance. This provision explicitly exempts certain trusts from the Fraudulent Conveyances Act of 1571, which otherwise forms a basic pillar of the common law of trusts. As a condition for this exemption, trusts must be registered pursuant to regulations issued by the Financial and Development Secretary, with the FSC. Approximately 70 such trusts are registered. The application for registration must disclose the following information: the name and address of the trustee, the name of the disposition, the date of making of the disposition and the duration thereof, and the country of ordinary residence of the settlor. There is no requirement by law or regulation to disclose the beneficiaries although under AML/CFT requirements such information must be maintained by a licensed Trust or Company Service Provider.

63. Flee clauses. Gibraltar legislation does not proscribe the inclusion of “flee clauses” in the trust instrument, so trusts in Gibraltar may include such clauses.

Overview of strategy to prevent money laundering and terrorist financing

64. The government of Gibraltar is very conscious of the reputational risk to Gibraltar posed by money laundering and the financing of terrorism. Public officials and the private sector alike realize that unreputable business that could lead to investigations and negative press would be damaging for Gibraltar.

65. Domestic cooperation on AML/CFT issues is facilitated by the on-going forum of the Enforcement Committee. The Committee brings together representatives of the law enforcement, intelligence, regulatory, policy and financial development authorities, and appears to provide effective mechanism for information sharing on trends and vulnerabilities in money laundering and terrorist financing and other areas of criminal activity. Operationally, the smallness of the jurisdiction greatly provides operational efficiencies, and appropriate gateways exist for information sharing between relevant authorities

Approach concerning risk

66. Although the government of Gibraltar does not conduct a formal or comprehensive inter-agency risk assessment program, the FSC and the GCID assess the risks that various forms of criminality pose to Gibraltar generally and to Gibraltar’s financial system.

67. The Financial Services Commission has adopted a risk-based approach to supervision of its licensees. Risk assessments are conducted on all licensees and the results of these assessments impact directly on the supervisory program established for all financial institutions. The program was updated in 2005 to permit more accurate identification of the risks in each institution. The focus of the program is on ensuring consistency of the supervisory program, while allowing for flexibility and supervisory judgment.

68. The current risk based approach used by the FSC enables the FSC to carry out the responsibilities placed on it by the various Ordinances and Regulations in a targeted manner “at the areas and firms where there is a higher probability of a risk crystallizing and its impact having repercussions for consumers as well as the stability and reputation of the jurisdiction.”

69. The FSC assesses six evaluation factors known as risk groups. These include financial soundness and capital, environment, business plan, controls, organization and management. AML/CFT risk is incorporated into the controls, organization and management groups. Each risk group for each financial institution is graded as either a material risk, a perceptible risk or a negligible risk. The FSC uses both onsite assessments and information gathered offsite from required filings to assess the risk groups.

70. The main risk in the financial sector comes from the professions such as accountants and lawyers as well as from the trust and company service providers both within and outside Gibraltar who refer clients to the financial institutions as part of their services on advising clients regarding wealth management and transactional business. Gibraltar has therefore enacted fairly strict requirements regarding introduced business. Many times, however, the “mind and management” of clients are not based in Gibraltar but transactions are executed locally as part of a wider scheme or deal. These are the most risky transactions undertaken; for while the financial institution in Gibraltar will likely have all the appropriate customer due diligence on file, they may not always have a complete understanding of the purposes of all of the transactions. This may also limit the ability to conduct ongoing monitoring and due diligence which, in turn, may affect the identification and reporting of suspicions.

Progress since the last IMF/WB assessment or mutual evaluation

71. The authorities have undertaken a number of steps to address the recommendations of the last IMF assessment. The status of specific recommendations is maintained on the FSC’s Website as part of on going commitment to transparency of process.

72. Generally speaking the recommendations relevant to AML/CFT have been addressed, especially in terms of strengthening the language of the FSC’s AMLGNs, eliminating the all purpose exemption from KYC requirements available through senior management override, integrating AML assessments as part of the FSC’s risk based on going supervisory program together with a more robust and focused on and off site program, increasing supervisory resources, extending licensing requirements to all professional trustees and company service providers and addressing the issue of intermediaries in the KYC process within the AMLGNs.

Detailed Assessment

1. LEGAL SYSTEM AND RELATED INSTITUTIONAL MEASURES

Laws and Regulations

1.1. Criminalization of Money Laundering (R.1, 2 & 32)

Description and analysis

Overview: The money-laundering offence is found in both the Criminal Justice Ordinance 1995 (CJO) and the Drug Trafficking Offenses Ordinance 1995 (DTOO). Prosecutors’ powers could be enhanced by replacing the CJO and DTOO with a proceeds of crime act. Firstly, a consolidation of the two offences would be appropriate so that there is one offence which then would have a series of indictable proceeds generating predicate offences. This would obviate the need for prosecutors to prove the predicate offence between criminal conduct and drugs. A consolidated offence would therefore be preferable. There have also been very few prosecutions for money laundering in Gibraltar. Given the two money-laundering cases from Gibraltar that were overturned on appeal, it may also be advisable to arrange for a training session for the bench and bar on international developments in the criminal law of money laundering.

Ratification of conventions. The United Kingdom has not extended either the Vienna Convention or the Palermo Convention to Gibraltar. On April 20, 2006, the Transnational Organised Crime Ordinance came into operation bringing into effect the Palermo Convention.

Definition and scope of ML offences. The statutory framework is divided into two distinct regimes:

(A) Money laundering with regard to the proceeds of drug trafficking;

(B) Money laundering with regard to the proceeds of criminal conduct, excluding drug trafficking;

(A) Money laundering with regard to proceeds of drug trafficking: Sections 54-56 of DTOO create criminal offences in respect of the laundering of proceeds of drug trafficking. Although neither the Vienna Convention nor the Palermo Convention have been extended to Gibraltar the DTOO reflects the government’s policy position to adopt the provisions of the Vienna and Palermo Conventions and the elements of the money-laundering offenses for drug proceeds are consistent with both conventions. Section 54 covers concealing, disguising, converting or transferring the proceeds of drug trafficking with the intent of avoiding prosecution. Section 56 covers acquisition, possession or use of such proceeds. Section 55 covers assisting another person in the retention of the proceeds of drug trafficking by retaining or controlling such proceeds.

The statutory regime established by the DTOO is supplemented by subsidiary legislation namely the Drug Trafficking (Detention and Forfeiture of Cash) Rules 1995, the Drug Trafficking (Prescribed Sum) Regulations 1995, and the Drug Trafficking Offenses Ordinance 1995 (Designated Countries and Territories) Order 1999.

(B) Money laundering with regard to proceeds of criminal conduct: Sections 2-5 of the CJO create criminal offenses in respect of the laundering of the proceeds of criminal conduct. Section 3 covers acquisition, possession or use of property which represents another person’s proceeds of criminal conduct. Section 4 covers concealing, disguising, converting or transferring his own or other people’s proceeds of crime. Criminal conduct is conduct which if committed in Gibraltar constitutes an indictable offense in Gibraltar, with the exception of drug trafficking. Indictable offenses are defined by Section 2(1) of the Criminal Procedure Ordinance (CPO) as “an offense which is triable on indictment, whether or not it is also triable by magistrates court….” Furthermore, offenses that are tried on indictment generally carry a penalty of more than one year imprisonment.

The CJO was amended in 2004 to enable the transposition of Directive 2001/97/EC of the European Parliament and of the Council of 4 December 2001 amending Council Directive 91/308/EEC on prevention of the use of the financial system for the purpose of money laundering and for related matters (the Second Money-Laundering Directive).

The 2004 amendment went beyond the requirements of the Second Money Laundering Directive in an important respect. Prior to 2004 there were two distinct definitions for ‘criminal conduct.’ In respect of offenses committed by relevant financial institutions under Part III of the CJO, Measures to Prevent the Use of the Financial System for purposes of money laundering, there was a requirement that the conduct constituted an indictable offence both in Gibraltar and in another state—the dual criminality test. The dual criminality test has now been abolished and the test to be applied is now the same for all persons. The test is whether the conduct would have constituted an offense in Gibraltar (in relation to DTOO) or an indictable offense in Gibraltar (in relation to CJO).

Definition of property and connection with the predicate offence. The money-laundering offenses in both the DTOO and the CJO extend to any property which in whole or in part directly or indirectly represent the proceeds of drug trafficking or criminal conduct respectively. Property is defined identically in both statutes (Section 2(17) of the DTOO and Section 44(1) of the CJO) as “money and all other property, real or personal, heritable or moveable, including things in action and other intangible or incorporeal property.”

In order to establish that the property involved in the ML offense is the proceeds of crime, Gibraltarian judicial practice, in reliance on UK judicial practice, interprets the law as requiring proof of a specific criminal act corresponding to a predicate offense under either the DTOO or the CJO. The authorities indicated that there is no legal requirement that a conviction must be obtained but the Crown would need to prove to a criminal standard that the property is either proceeds of a specific criminal conduct or of drug trafficking. While it would not be necessary to prove an exact predicate offense occurred on a specific date at a specific location, it would be necessary to prove that, for example, the exact juris of the funds and this would necessitate proving all elements of the offence. The prosecution have to prove that the property, which is the subject of the charge, is in fact the proceeds of criminal conduct or drug trafficking. This follows the precedent set down in the ruling in the UK of the House of Lords in the Montilla case (2005).

This seems to indicate that the current judicial practice considers, in general, the connection between a specific predicate offense and the ML offense as an essential element in ML prosecutions. By requiring proof with regard to a specific predicate offense, this interpretation seems to put another hurdle on prosecutors compared to some other jurisdictions that are moving towards general proceeds of crime predicate offense. This may ultimately lead to some reluctance to bring prosecutions for ML and rather focus on the predicate offense. Indeed, this is reflected in the very low rate of charges for money laundering versus charges for proceeds generating predicate offenses in Gibraltar. (See implementation discussion below.) Most Gibraltar predicate crimes are petty theft and smaller street offences where adding money laundering to the charge sheet is not appropriate. Any larger case usually has international aspects which raise time and resources implications.

Extraterritorial predicate offenses. Under both, the DTOO and CJO, where the proceeds of crime are derived from conduct that occurred in another country that is not an offense in that other country but that would have constituted a predicate offense had it occurred domestically, a money-laundering offense may be charged in Gibraltar. See Section 5(7) of the CJO and Section 57(7) of the DTOO.

Self laundering. The offense of money laundering applies to persons who also committed the predicate offense so that prosecution for self-laundering is possible. See Section 4 of the CJO and Section 54 of the DTOO.

Predicate offenses. Gibraltar has a drug trafficking offense predicate crime (either indictable or summary conviction) for money laundering under the DTOO and an indictable crime predicate offense under the CJO. In addition, as this is a threshold approach (1 year) all of the designated categories of offenses listed below must be indictable offenses. Note that offences that may be charged either by indictment or summary conviction (“either way”) have been considered as indictable for the purposes of the assessment:

Participation in an organized criminal group and racketeering: As is the case in the UK, conspiracy laws in Gibraltar are deemed to cover participation in an organized criminal group. Relevant provisions are found under Part IV of the Criminal Offenses Ordinance. In general terms, the penalty for conspiring to commit an offense is the same as that which applies to the commission of the actual offense (see in particular Section 11 Criminal Offenses Ordinance).

Terrorism, including terrorist financing: Sections 10 and 30 Terrorism Ordinance 2005, Article 11 Terrorism (United Nations Measures) (Overseas Territories) Order 2001.

Trafficking in human beings and migrant smuggling: Section 63A of the Immigration Control Ordinance; Sections 62-65 of the Immigration Control Ordinance—Summary only offenses.

Sexual exploitation, including sexual exploitation of children: Sections 121-137 Criminal Offenses Ordinance.

Illicit trafficking in narcotic drugs and psychotropic substances: Section 59 Drug Trafficking Offenses Ordinance 1995.

Illicit arms trafficking: Paragraph 2 Export Control (Sanctions etc.) Order 2005, which prohibits the export of any goods listed in Schedule 1 of the Export Control Ordinance (2005). Schedule 1 of that Ordinance includes military equipment and technology, which is defined to include firearms, other weapons and foods intended, designed or adapted for military use.

Regulation 5 Export of Goods (Control) Regulations 1997 makes it an offense to falsely declare shipments of goods being exported from Gibraltar. Section 14(1)(f) of the Imports and Exports Ordinance (1986) prohibits importation of anything that requires a license under the Firearms Ordinance (1958) or the Explosives Ordinances (1960). Section 3 of the Firearms Ordinance (1958) requires a license for the importation of firearms or ammunition.

Illicit trafficking in stolen and other goods: Section 183 Criminal Offenses Ordinance.

Corruption and bribery: Sections 236-239 Criminal Offenses Ordinance.

Fraud: Sections 196-200 Criminal Offenses Ordinance.

Counterfeiting currency: Sections 223-232 Criminal Offenses Ordinance.

Counterfeiting and piracy of products: Sections 128, 237, 240 and 256 of the Intellectual Property (Copyright and Related Rights) Ordinance 2005 cover copyright infringements or products adapted for the purpose of enabling or facilitating the circumvention of effective technological measures. Such provisions would cover the piracy of CDs, DVDs and other musical, film or literary works. Gold bullion, gold coins and tobacco products require a license for importation under the Imports and Exports (Control) Regulation 1987 under Regulation 3 and the attached schedule. Sections 3-5 of the Merchandise Marks Ordinance criminalize the counterfeiting or piracy of commercial goods such as handbags. Export of Cigarettes requires a license under the Tobacco Ordinance 1997 but failure to obtain a license is only a summary conviction offence and therefore not a predicate for money laundering.

Environmental crime: Section 11 of the Environmental Protection (Disposal of Dangerous Substances) Ordinance, 2000 creates an either way offence for holding contaminated equipment; Public Health Ordinance—summary only offenses.

Murder, grievous bodily injury: Section 59 Criminal Offenses Ordinance (Murder) Section 75 of the Criminal Offenses Ordinance (Grievous Bodily Harm with Intent) and Section 76 Criminal Offenses Ordinance (Grievous Bodily Harm)

Kidnapping, illegal restraint and hostage-taking: Section 143 Criminal Offenses Ordinance (Kidnapping of children), Sections 138-142 of the Criminal Offenses Ordinance (Abduction of women and heiresses) and, for the kidnapping of men, offenses under the Common Law which are indictable only (False Imprisonment and Kidnapping).

Robbery or theft: Sections 170-177 Criminal Offenses Ordinance (Theft) and Section 178 (Robbery).

Smuggling: Sections 102-106 of the Imports and Exports Ordinance and Drug Trafficking Offenses Ordinance.

Extortion: Section 204 of the Criminal Offenses Ordinance (Demand with Menaces).

Forgery: Sections 206-217 of the Criminal Offenses Ordinance

Piracy: Tokyo Convention Act 1967 (Overseas Territories Order), 1968 Hijacking Act 1971 (Overseas Territories) Order 1971; application by derogation from the UK to Gibraltar of the piracy offense from the English Piracy Acts of 1698 and 1867 as well as the Piracy Act of 1722 incorporating 28 Henry 8c.5 and 11 William 3c.7 entitled An Act for the More Effectual Suppressing of Piracy.

Insider trading and market manipulation: Section 9 of the Market Abuse Ordinance transposes Directive 2003/6/EC of the European Parliament and of the Council of January 28, 2003 on insider dealing and market manipulation. Paragraphs 1 and 3 of Schedule 1 are derived from both Article 18 and Article 8 of the Directive. These defenses are cast very broadly and run the risk of creating such broad exceptions as to seriously impair the offenses. No other legislation with regard to conduct of investment firms in the market is in place which could curb such broad defenses.

Ancillary offences. Ancillary offenses are covered by various legislative provisions in Gibraltar. Attempts are covered by Sections 7 and 8 of the COO. The offence is widely cast: “A provision which constitutes an offense, shall unless the contrary intention appears, be deemed to provide also that an attempt to commit such offense shall be an offense against such provision.” Furthermore, “any person charged with any offense may, if it appears upon the evidence that he did not complete the offense charged but that he was guilty only of an attempt to commit the same, be convicted of an attempt to commit the same; and thereupon such person shall, where no punishment is specified for such attempt, be liable to be punished in the same manner as if he had been convicted of the offense with which he was charged.” Accessory offences are covered by Section 9 of the COO. Sections 11-13 of the COO criminalize conspiracy. The penalties for conspiracy match those for the underlying crime and may be higher if no maximum penalty is set as the sentence would then be life in prison. In the case of conspiracy to commit money laundering, the maximum penalty would be 14 years. Section 17 of the COO criminalizes aiding and abetting, counseling and procuring. Such persons can be indicted, tried and punished as a principal offender. Section 18 of the COO criminalizes assisting offenders and would include assisting offenders in concealing or transferring proceeds of criminal conduct pursuant to Section 4 of the CJO. Penalties for assisting would include seven years in jail, where the principle offence carried a term of 14 years and the person had not been previously convicted. Concealment of offences and false information is criminalized in Section 19 of the COO and carries a sentence of two years.

Mental element. In both Section 54 of the DTOO and Section 2(1) of the CJO, the mental standard of knowledge is “knowing or having reasonable grounds to suspect that the property is in whole or in part directly or indirectly represents another person’s proceeds of criminal conduct (drug proceeds).” In the other money-laundering offenses listed, the standard is knowingly.

Intent. Pursuant to Section 4 of the COO, inferences as to intent may be made as follows:

“A court or jury, in determining whether a person has committed an offense, (a) shall not be bound in law to infer that he intended or foresaw a result of his actions by reason only of its being a natural and probable consequence of those actions; but (b) shall decide whether he did intend or foresee that result by reference to all the evidence, drawing such inferences from the evidence as appear proper in the circumstances.” This statutory direction of an objective test with some subjective elements is in addition to the English common law standard regarding the ability to make reasonable inferences from objective factual circumstances (the “man on the Clapham omnibus” test). In discussions with the Chief Justice, he confirmed that, in Gibraltar, when juries are charged, they are instructed to consider facts objectively.

Legal persons. Criminal liability extends to corporations by Section 2 of the Interpretation and General Clauses Ordinance which provides that person means “any corporation either aggregate or sole, any club, society or other body, or any one or more persons of any age, and either of the male or female sex.” Liability of company officers is set out by Section 201 of the COO, false statements of company directors is set out by Section 202, and Section 203 sets out the offense of suppression of documents. The offense does not extend to trusts as they are not legal arrangements. The trustee may be a corporate entity, however, and so would be captured by these provisions. It should be noted that the majority of trusts conducting transactions in Gibraltar are, however, foreign trusts. Many of these foreign trusts have trustees located in other jurisdictions and it is unclear how easy it would be for the Gibraltar authorities to pursue these trustees on a money-laundering charge. The attorney general has indicated that there is a real issue with resources and the authorities have preferred to offer mutual legal assistance to other countries rather than to prosecute foreign trustees in Gibraltar. For more discussion on this, see implementation section.

Sanctions for various money-laundering offences. The attorney general has the discretion to charge either summarily or by indictment for so-called either-way offences. Sanctions are dependent upon the choice of charge but, for indictment, include 14 years’ incarceration as well as a possible fine, in addition to confiscation of proceeds of crime. If there is a corporate defendant, fines, confiscation, and a possible winding up of the corporate defendant are available by invoking Schedule 10 of the Companies Ordinance. Both incarceration and unlimited fines are permitted as sanctions in Gibraltar for individual defendants. Additionally, separate sanctions levied by the FSC are permitted where an individual is a registrant with the FSC. A combination of criminal, civil and administrative sanctions are therefore available for both individual and legal persons. No criminal charges may be brought against a trust as a trust does not fall within the definition of a “person.” The attorney general stated that he would freeze assets in a trust if evidence was present to support a freezing action but he would not be able to charge the trust with money laundering. He would be able to charge the trustee or the settlor with money laundering.

Summary of available sanctions

Drug Trafficking Offenses Ordinance 1995

article image

Drug Trafficking (Detention and Forfeiture of Cash) Rules 1995

article image

Criminal Justice Ordinance 1995

article image

From the table above, sanctions are effective, proportionate, and dissuasive for the various offences listed.

The attorney general’s office does not keep statistics on the number of prosecutions, convictions or charges for money laundering. The police keep statistics on the number of charges laid for money laundering. In the last four years there have been 17 arrests for money-laundering offences. In some cases charges were laid. There have been no successful prosecutions and in the vast majority of cases, charges have been dropped either because of difficulties associated with proving the predicates committed abroad or—in one significant case—as a result of legal challenges to the process. While the process challenges were eventually resolved in favor of the attorney general, in that particular case no current proceedings are underway. There is currently one charge of money laundering outstanding.

Implementation. Gibraltar authorities have not successfully prosecuted anyone on a money-laundering charge. There is currently only one money-laundering case pending. The authorities have been involved in some complex international money-laundering cases and have attempted to bring charges in a few of them.

Authorities described a typical case as follows: A car theft was discovered in Gibraltar where the car had been stolen in France. The defendant was charged with handling stolen property and money laundering. Once the car was returned to the owners in France, however, the French authorities were not interested in pursuing the case and the case was dismissed.

Of more particular import, however, is the case where individuals were allegedly laundering the proceeds of a fraud committed in Spain, and the police arrested six people in connection with money laundering. There was a successful judicial review in the Supreme Court of the Commissioner of Police’s decision to investigate the case on the grounds that, prior to commencing an investigation into the laundering of the proceeds of a predicate offense, the Crown had to prove to a prima facie level that a predicate offense had been committed. That decision was successfully appealed by the prosecutor to the Court of Appeal. The Privy Council upheld the decision of the Court of Appeal., but not before the defendants had long since fled. This case is still pending, but no charges have been laid since the appeal was decided. Authorities explained that this is due in part to the fact that the Spanish authorities are no longer interested in pursuing the matter. Authorities also explained that—despite strong working level cooperation on investigations—the Spanish government has tended not to recognize Gibraltar’s jurisdiction and so has refused to permit Spanish investigators to give evidence in Gibraltar’s courts.

In another case, two local men were accused of money-laundering activities in the UK. Local law enforcement authorities cooperated with the UK authorities. The prosecution in the UK was stayed for abuse of process in the UK on the basis that the English police had been guilty of what was described as “state-created crime” i.e. entrapment. The judge in the case did, however, state that one of the Gibraltarian defendant’s conduct, “based on his admissions”, was incompatible with his continued membership of the bar. The defendant had maintained that he had only been moving money for a client engaged in tobacco smuggling.

In another instance, foreign authorities investigated a foreign national who maintained bank accounts through trust companies in Gibraltar. A disclosure from a local financial institution alerted local authorities to the presence of assets in Gibraltar, and this information was passed to foreign authorities investigating the case. Local authorities were unable to restrain the assets because the matter did not involve drug trafficking. The Attorney and the police did assist the foreign authorities in obtaining - through a local solicitor acting on their behalf - a civil restraint order against the proceeds. Ultimately, pursuant to a global settlement, the defendant agreed to disgorge the proceeds and to cease doing business in Gibraltar. No extradition request was ever made by the attorney general regarding the foreign national and no charges were filed; the authorities opted instead, as noted above, to assist a foreign government in repatriating the proceeds of the crime.

The local bar has confirmed that there is an active practice in litigation discovery and injunction issues in civil fraud cases involving Gibraltar companies. Furthermore, the unresolved matter involving Stephen Curtis, London lawyer who was based in Gibraltar and who at his untimely death was the managing director of Group Menatep, the holding company of Yukos Oil, highlights that Gibraltar professionals and entities can become involved in extremely complicated, sometimes controversial international transactions. Mr. Curtis ran the business of Group Menatep out of Gibraltar with the aid of a local law firm. After Mr. Curtis’ death, a UK-based and a local lawyer ran Menatep and relied on an anonymous trustee in Gibraltar to communicate with Mr. Khodorkovsky, who was and remains in jail in Russia.

In practical terms, the attorney general is of the view that in order to secure a conviction, the Crown would need to prove the predicate crime. While evidence of times and dates of the very specific offence may not to be adduced, certainly enough evidence of, for example, a fraud would need to be led in court. Because most of the predicates occur abroad, the attorney general has chosen to use his limited resources to grant mutual legal assistance to a number of countries. (2.5 person-years of his seven-person office are devoted to international matters.)

Where the predicate offence takes place in Gibraltar, the attorney general takes the view that to add a charge of money laundering in addition to the substantive offence would be superfluous. In relation to cases where the predicate offence is committed abroad it would be necessary to prove that predicate crime to a criminal standard in a Gibraltar court in order to obtain a conviction for money laundering. On cases thus far, a decision has been taken that there is not sufficient evidence to prove the foreign predicate offence. The Montilla case (2005), a recent House of Lords case in the UK, held that the prosecution cannot rely on merely proving that a person suspected he was laundering the proceeds of crime. The prosecution must prove that the provenance of the monies was in fact illicit. In addition, relying on proving a “proceeds of crime” predicate is not enough and the attorney general would further need to prove that the predicate crime was either drugs related or the proceeds of criminal activity as there are two separate money-laundering offences under the CJO and the DTOO. The attorney general has indicated that, in his view, he would also need to prove the type of offence that had generated the proceeds of crime.

Prosecutions and convictions have a powerful deterrent effect. Without them, authorities are left to rely solely on the professional integrity of industry and regulatory oversight to ensure compliance with the AML/CFT regime. Since the money-laundering risk in Gibraltar is lodged principally in the professional sector, and since a number of Gibraltarian professionals have been implicated in foreign prosecutions, Gibraltar authorities should redouble efforts to follow up on credible suspicions or intelligence and aggressively pursue cases of money laundering by professional advisors if and when they arise, subject to proof of the predicate crime.

Recommendations and comments

  • Consolidate the ML offences laid out in the DTOO and the CJO into one consolidated ordinance to avoid two-track approach to the ML offence, as indicated by the chief minister.

  • Criminalize migrant smuggling as an indictable offence so that it may be considered a predicate offence for money laundering

  • Consider criminalizing the export of cigarettes as an indictable offence (rather than a summary conviction only offence) in order that it becomes a predicate crime for money laundering as part of the required category of offences for “illicit trafficking in stolen and other goods.”

  • Consider charging domestic persons in the financial industry with money laundering when a mutual legal assistance request reveals complicity in money laundering by Gibraltar residents.

  • Hold seminars for the bench and bar on money-laundering prosecutions.

  • Maintain statistics on the number of charges laid, the number of prosecutions brought and the number of convictions for money-laundering offences.

article image

1.2. Criminalization of terrorist financing (SR.II & R. 32)

Description and analysis

Terrorist financing is an “either way” offense, which falls within the definition of an indictable offense, when charged in that manner. Terrorist financing is criminalized by the following legislation:

  • Terrorism Ordinance 2005 (TO);

  • Terrorism (United Nations Measures) (Overseas Territories) Order 2001 (UN Order 2001);

  • Terrorism (United Nations Measures) (Overseas Territories) Order 2001—New Consolidated List Pursuant to Security Council Resolutions 1267 (1999) and 1333 (2000) (UN Consolidated List Order); and

  • Al-Qaida and Taliban (United Nations Measures) (Overseas Territories) Order 2002 (UN Order 2002).

Section 5 of the TO creates three offenses: (i) inviting another person to provide money or property, (ii) receiving money or property, (iii) providing money or property knowing or having a reasonable suspicion that it would be used for the purposes of terrorism. Section 6 of the TO prohibits the use of money or other property for the purposes of terrorism. Section 7 of the TO criminalizes the act of arranging for funds to become available for terrorism. Section 8 of the TO prohibits a person entering into an arrangement whereby he facilitates the retention and control of terrorist property. Article 3 of the UN Order 2001 is cast in the same terms as Section 5 of the TO. Article 4 of the UN Order 2001 prohibits the making available of funds or financial (or related) services.

As Sections 5, 6, and 7 of the TO are widely cast to encompass raising, using, possessing and arranging funds for terrorism. The terrorist financing offenses in Gibraltar extend to persons who willfully provide or collect funds with the unlawful intention that they should be used or in the knowledge that they are to be used to (a) carry out a terrorist act(s), by a terrorist organization, or by an individual terrorist. Taken in combination, these material acts adequately cover the material acts required by the Convention, i.e., “provides or collects funds.”

The description of the offense does not clarify the type of knowledge or intent (mens rea) required for committing financing of terrorism. In the absence of any specific indication, the general provisions of the CPO Penal Code apply, which would suggest that the offense is committed intentionally but judges and juries can infer facts subject to both Section 45 of the COO and common law, which allows the inference of objective factual circumstances.

Definition of funds. Terrorist property is defined by Section 4 of the TO as “(a) money or other property which is likely to be used for the purposes of terrorism; (b) proceeds of the commission of acts of terrorism; and (c) proceeds of acts carried out for the purposes of terrorism.” Furthermore, Section 4(3) states that: “a person commits an offense if that person (a) provides money or other property; and (b) knows or has reasonable cause to suspect that it will or may be used for the purposes of terrorism.”

“Funds” is also defined in Section 2 of the UN Order 2001 as “financial assets and economic benefits of any kind including (but not limited to) gold coins, gold bullion, cash, checks, documents evidencing an interest in funds or financial resources and any other instrument of export financing” and is in line with Article 1 of the ICSFT. In both the TO and the UN Order 2001, no distinction is made between legitimate or non-legitimate funds and therefore both are covered by the definition.

Link to a terrorist act. According to the authorities, the financing of terrorism offense does not require that any terrorist act be actually committed since Sections 5, 6, and 7 of the TO are widely cast. The mission agrees with this interpretation. Furthermore, terrorism is defined by Section 3 of the TO as “use or threat of action where the use or threat is designed to:

(i) intimidate the public;

(ii) compel the government to perform or abstain from performing any act; and

(iii) destabilize or destroy the government or the economic or social structure of Gibraltar; and an action that results in death, serious bodily violence, causes serious damage to property, endangers a person’s life….”

Therefore, the fact that Sections 5, 6, and 7 only require a link to terrorism and terrorism is widely defined in line with the ICSFT indicates that there is no need for a link to a specific terrorist act.

Attempt. Attempt of the financing of terrorism is not specifically provided for in the TO or in the UN Order 2001, but the general provisions of the CPO are applicable (see Recommendation 1 for discussion of this provision).

Ancillary offenses. This is regulated by the CPO (see discussion under Recommendation 1).

Predicate offense for ML. As Gibraltar has adopted an all indictable crimes approach to predicates for money laundering, the financing of terrorism, where charged as an indictable offense, would be a predicate offense for ML. Terrorism and financing of terrorism are “either way” offenses in Gibraltar and it is in the attorney general’s discretion as to whether he charges as an indictable or summary offense, having regard to the gravity of the offense and other circumstances arising in the case.

Extraterritoriality of the terrorist offense. It is clear from Section 3 of the TO that the financing of terrorism offense may relate to an action outside of Gibraltar. It is also clear that the financing of terrorism could relate to a terrorist group that is not located in Gibraltar as Section 3 of the TO indicates that reference to any person or property applies wherever such person or property is located. Furthermore, Section 27 of the TO applies to persons doing anything outside Gibraltar which would have constituted an offense had it been committed in Gibraltar.

Other elements: Intentional element. In the absence of judicial case law, the mission looked to both Section 4 of the COO and the English common law and concluded that the intentional element of financing of terrorism can be inferred from objective factual circumstances.

Liability of legal persons. Based on Section 2 of the Interpretation and General Clauses Ordinance criminal liability for financing of terrorism extends to legal persons, as in the case of ML. Note that the definition of legal persons does not extend to trusts as trusts are legal arrangements and are not legal persons. The trustee would be a person, whether individual or corporate. The attorney general has indicted, that in the case where a trust was involved in a terrorist financing offense, he would look to charge either the trustee or the settlor either directly if they were located in Gibraltar. If they were located outside Gibraltar, as is the case in many trusts operating in Gibraltar, he would invoke mutual legal assistance provisions to have them charged abroad.

Furthermore, under Section 30(1) of the TO, a body corporate is also liable. Specifically, “any director, manager, secretary or other similar officer of a body corporate or a person who was purporting to act in any such capacity as well as the body corporate shall be guilty of that offense and shall be liable to be proceeded against and punished accordingly.” In addition, pursuant to Section 30(3) of the TO, “If the affairs of a body corporate are managed by its members, Subsection (2) shall apply in relation to the acts and defaults of a member in connection with his functions of management as if that member were a director of the body corporate may be made liable (a) for an offense under this Ordinance committed by a person acting either individually or as part of an organ of the body corporate, who has a leading position within the body corporate, and based on a power of representation of, or an authority to take decisions on behalf of the body corporate, or an authority to exercise control within the body corporate; or (b) for its involvement as an accessory or instigator in the commission of the offense or in the attempt of commission of the offense, if the offense is committed for its benefit 2) Where a body corporate is guilty of an offense under this Ordinance and that offense is proved to have been committed with the consent or connivance of, or to be attributable to any neglect on the part of (a) any director, manager, secretary or other similar officer of a body corporate; or (b) a person who was purporting to act in any such capacity, that person as well as the body corporate shall be guilty of that offense and shall be liable to be proceeded against and punished accordingly. (3) If the affairs of a body corporate are managed by its members, Subsection (2) shall apply in relation to the acts and defaults of a member in connection with his functions of management as if that member were a director of the body corporate. (4) A body corporate who is held liable for an offense under this Section may, in addition, be declared by the court that it is (a) not entitled to any public benefit or aid; or (b) disqualified for such time as may be prescribed by the court or, permanently from the practice of commercial activities in Gibraltar.

Sanctions. In Gibraltar, such offenses if charged on indictment under Section 10 of the TO, would carry a maximum penalty of 14 years in prison as well as monetary penalties. Under Section 11 of the UN Order 2001, a person may be subject to seven years in prison and, under Section 11(4), for corporate vehicles, winding up and other measures may be sought (see Recommendation 1 for more discussion on this matter).

Implementation. Gibraltar has issued targeted freezing orders on two occasions related to specific terrorist incidents. In neither case was a person charged as neither of the beneficial owners of the accounts were located in Gibraltar. Both actions of freezing were taken under Section 5 of the UN Order 2001.

Recommendations and comments

article image

1.3. Confiscation, freezing and seizing of proceeds of crime (R.3 & 32)

Description and analysis

Confiscation framework. The legal framework for confiscation, freezing, and seizing the proceeds of crime in Gibraltar is reflected in five statutes: The Criminal Justice Ordinance 1995 (CJO), the Drug Trafficking Offences Ordinance 1995 (DTOO), the Drugs (Misuse) Ordinance 1973, the Criminal Procedure Ordinance 1961 (CPO), and the Terrorism Ordinance 2005 (TO).

  • Section 23 of the Criminal Justice Ordinance provides for confiscation of property obtained as a result of or in connection with a conviction for any indictable offense other than a drug trafficking offence. Confiscation proceedings must be initiated through a request by the prosecutor. A confiscation order may issue in cases where the offender derived £10,000 or more in “benefit” (i.e., pecuniary advantage or value of property obtained) from or in connection with committing the offense. Such an order is not available in cases involving less than £10,000 in benefit, so that unless the proceeds can be characterized as “instrumentalities” under Section 248 of the CPO, they may not be confiscated.

    The court must be satisfied—under the preponderance of the evidence standard of proof applicable in civil proceedings—that the offender’s benefit fully or in part stems from the offense for which he is convicted. Confiscation orders issued under the CJO specify the amount to be recovered; they do not target particular assets. The court assesses the amount to be recovered after determining the amount of the benefit derived, and the court may take into account information indicating that a victim has instituted or intends to institute civil proceedings against the offender in connection with loss, injury or damage sustained in connection with the offense. (See CJO, Section 24(3).)

  • Section 3 of the Drug Trafficking Offences Ordinance 1995 provides for a conviction based confiscation of the benefits obtained from a drug trafficking offense. Confiscation proceedings may be initiated either upon motion of the prosecutor or on the initiative of the court. A confiscation order must be based on a determination by the court—under the preponderance of the evidence standard of proof applicable in civil proceedings—that the defendant has received any payment or other reward in connection with the drug trafficking offense committed by him or another person.

    Subject to practical limitations imposed by the ability of the defendant to pay, Section 6 of the DTOO provides for confiscation of the full value of a defendant’s proceeds from drug trafficking. As is the case in confiscation orders under the CJO, orders issued under the DTOO specify the amount to be recovered; they do not target particular assets. In making the determination, the court has wide discretion to take into account relevant facts, but as described below the court is generally obliged to apply a rebuttable presumption that any property obtained by the defendant over the past six years constitutes proceeds subject to confiscation.

  • Section 28 of the Drugs (Misuse) Ordinance 1973 provides for conviction based forfeiture of anything shown to the satisfaction of the court to relate to a drug offense. This statute clearly applies to instrumentalities used in such an offense. Proof must be made to the criminal standard, beyond a reasonable doubt. Of course, customs law also provides for the forfeiture and destruction of contraband.

  • Section 248 of the Criminal Procedure Ordinance 1961 provides for conviction based confiscation of instruments used in or intended to be used in the commission of an offense. This provision applies to all criminal offenses, but allows for confiscation only of property seized from the offender or in his or her possession or control at the time he was apprehended or when a summons in respect of the offense was issued. The law does not provide for confiscation of instrumentalities identified or seized subsequently.

  • Section 11 of the Terrorism Ordinance 2005 provides for the conviction based forfeiture of property from persons who raise funds for terrorism, provide money or other property that may be used for terrorism, use money or other property for the purposes of terrorism, arrange funds for terrorism, or arrange for retention or control of terrorist property. Forfeiture orders in such cases may extend to any money or property which, at the time of the offense, the defendant had in his possession or under his control, which, at that time, the person intended should be, has been, or was intended to be used for the commission of an offense, or—in the case of a conviction on one of the “arrangement” offenses, money or property related to the arrangement. The TO does not strictly provide for confiscation of the proceeds of terrorism, but these provisions de facto cover the proceeds of the offense of raising funds for terrorism as well as proceeds that are or may be used to finance terrorism. The TO is the only statute in Gibraltar that provides for confiscation of proceeds of a criminal organization—i.e., a terrorist organization.

Property derived indirectly from proceeds of crime. Section 2(2) of the CJO provides that proceeds of criminal conduct include any property which in whole or in part directly or indirectly represented in his hands his proceeds of criminal conduct. Similarly, Section 5(1) of the DTOO provides for proceeds of drug trafficking offenses to include any payment or other reward received by a person in connection with drug trafficking carried out by him or any third person and the value of these proceeds to be the aggregated value of all payments or other rewards. Both statutes provide for the calculation of “realizable property” to account for market valuations, interest, and other adjustments to reflect subsequent changes in the value of money, as well as discounts for sham or undervalued sales or other manipulations. See CJO Sections 27(4) and 36, and DTO Sections 8-11. As described above, Sections 5-11 of the TO provides for forfeiture of property involved in arrangements designed to facilitate the retention or control of property by terrorists.

Property held by a third party. Section 27 of the CJO and Section 7(2) of the DTOO provide that confiscation orders issued under those statutes extend, in addition to property held by the defendant/offender, to property held by a person to whom the defendant has directly or indirectly made a gift. As noted above, both statutes provide for issuance of confiscation orders not with respect to particular property, but against the defendant/offender for a specific sum. In each case, the amount is calculated on the basis of the benefit deemed to have derived from the underlying crime(s). Both statutes provide for the payment of preferential debts, such as those arising out of the bankruptcy, tax obligations, etc.

Subject to notice and an opportunity to be heard, Section 11(6) of the TO provides for the court to order the forfeiture of any money or other property which wholly or partly, and directly or indirectly, is received by any person as a payment or other reward in connection with the commission of the offence.

Provisional measures. Sections 29-31 of the CJO (for criminal cases other than those related to drug trafficking), and Sections 26-29 of the DTOO (for drug trafficking cases) provide in substantially identical terms for restraint orders and charging orders in domestic cases. Restraint and charging orders can be issued:

  • When criminal proceedings against the defendant have been instituted and are still ongoing and either a confiscation order has been made or it appears that it will be made;

  • After a confiscation order is already in effect when a court finds that the order was made for less than the actual value of the proceeds of the defendant’s crimes and the court is satisfied that the amount that might be realized is greater than was previously the case; or

  • Before criminal proceedings have been instituted, if the court is satisfied that a person will be charged with a criminal offense and it appears that a confiscation order may be made in the course of the proceedings.

Restraint orders and charging orders can be applied to all “realizable” property or interests in realizable property held beneficially by the defendant or by a person to whom the defendant has directly or indirectly made a gift. Charging orders may specifically be imposed on land, securities, interests held as a trustee of a trust, units of a unit trust, and interest and dividends payable on the property. Provision may be made for the authorities to take possession of property subject to confiscation or charge orders, or to appoint receivers, as appropriate.

With respect to international drug-related criminal cases, Section 26 of the DTOO (Designated Countries and Territories) Order 1999 provides for a Gibraltarian court to issue a restraint or charging order if proceedings against a defendant have been instituted and are still ongoing in any country designated in schedule attached to the order6 and an External Confiscation Order has been made, or where it appears to the court that proceedings are to be instituted and an External Confiscation Order reasonably may be made in them. An External Confiscation Order is defined as “an order made by a court in a designated country for the purpose of recovering payments or other rewards received in connection with drug trafficking or their value.” The order may be issued upon application by a government of a designated country. (No such comparable order has been issued in connection with the CJO, though the authorities are planning to enact legislation extending this power to all countries who are party to the UN Transnational Organized Crime Convention (UNTOC).)

Section 5 of the Terrorism (United Nations Measures) (Overseas Territories) Order 2001, Section 8 of the Al-Qaida and Taliban (United Nations Measures) (Overseas Territories) Order 2002, and Section 13 of the TO all provide for provisional measures in connection with terrorist financing matters. For details see Section 1.4, supra.

Non-consent letters. Gibraltar’s suspicious transaction reporting regime provides an unusual means for “freezing” transactions through accounts of persons or entities about whom suspicious transaction reports (STRs) have been filed. As noted elsewhere, Section 2(3) of the CJO provides in part that it is a defense to a money-laundering charge in Gibraltar that a person makes a disclosure. However, after a disclosure is made, the person who made the disclosure is still subject to potential criminal liability for any act that facilitates another’s retention or control of proceeds of criminal conduct or places such proceeds at the disposal of the person about whom the disclosure was made or uses the proceeds for his or her benefit to acquire property by way of investment, unless such act is done with the consent of the police or customs service. For this reason, the GFIU issues—in response to each STR it receives—“consent” or “non-consent” letters to instruct the filing institution as to whether it may proceed with transactions related to the matter or persons that are the subject of the STR. Unless and until reporting institutions receive a “consent” letter from the GFIU, they proceed with further transactions at their peril. Accordingly, they will often cease activity on an account or a matter while the GFIU and other authorities decide how to proceed. Subsequent to the on site visit, the authorities advised that general operational guidelines for the processing of consent and non consent letters are being considered.

In the assessors’ view, the legal authority for issuing a “non-consent” letter is somewhat tenuous, and there are no regulations or other guidelines used by the GFIU, police or customs indicating criteria that should be used in making consent/non-consent decisions, or the duration of a non-consent letter. Non-consent letters may in fact create a legal dilemma for filers.

Bank of Scotland orders. Where a filing institution becomes aware—through a non-consent order or otherwise—that one of its clients or accounts may be involved in a crime or a fraud, it may consider that if it pays out moneys held in accounts it could be liable in equity to third parties as a constructive trustee. At the same time, freezing the account may expose the institution to an action that it would be unable to defend without breaching the provisions against “tipping off” in Section 5 of the CJO and Section 58 of the DTOO. In such cases, filing institutions may choose to—and in Gibraltar have chosen to—seek an order from the court declaring setting forth what information the filing institution may rely upon in defending any subsequent action from its client challenging the freeze. In such cases, the government appears as the other party to the matter. Orders issued under such circumstances serve as justification for continuing freezes and have come to be known as “Bank of Scotland” orders after the opinion of Lord Woolf, CJ in the precedent-setting English case of governor and Company of the Bank of Scotland v. A Ltd and others, 3 All ER 58 (18 January 2001).

Ex parte applications. Section 5 of the CJO, Section 27 (1) of the DTOO, and Section 13(4) of the TO all provide for ex parte applications by the prosecutor for restraint orders on property. Section 27(4) of the DTO (Designated Countries and Territories) Order 1999 provides that governments of designated countries may apply ex parte for restraint orders. (Neither the CJO nor the TO contains a comparable provision.) Under Section 5 of the Terrorism (UN) Order 2001 the governor has power to direct that funds be frozen upon reasonable grounds for suspecting that the person by, for on behalf of whom the funds are held is or may be a person who commits, attempts to commit, facilitates, or participates in acts of terrorism.

Legal powers of authorities to identify and seize assets. The CPO contains a wide range of compulsory powers by which the authorities can arrest people and search for evidence. Section 25 of the CPO contains a general authorization for courts to issue search warrants to enable the police and customs service to search premises, buildings, vessels, aircrafts, vehicles, boxes, receptacles or places, for anything necessary to conduct the investigation into any offence, to seize it, and to carry it before the magistrates’ court to be dealt with according to law. Such warrants may be issued upon a showing of reasonable cause. The Supreme Court—which is the court of general jurisdiction in Gibraltar—is empowered under its own rules to issue subpoenas duces tecum for the production of documents to the police or customs officers in criminal matters. Such subpoenas can be issued upon a showing of reasonable cause that the documents described in the subpoena are likely to be of substantial value to a criminal investigation. Persons who are targets of search warrants or who receive subpoenas duces tecum may limit their scope or quash them if they can show they are overbroad or unjustified.

Where the police or customs have reasonable grounds for suspecting that a person has carried on or has benefited from a drug trafficking offense, or that specific material or more generally material on a premises that is likely to be of substantial value to the investigation, they may apply ex parte for the issuance of a production order or a search warrant, as appropriate, under Sections 60 and 61 of the DTOO. Section 60(9) contains specific provisions addressing information retained in a computer, and the authorities are generally authorized to take possession of relevant material obtained through a production order or a search warrant.

Section 48 of the DTOO grants authority to customs and police officers to seize and detain cash (i.e., currency) being imported into or exported from Gibraltar upon reasonable grounds for suspecting that it directly or indirectly represents any person’s proceeds of drug trafficking or is intended by any person for use in drug trafficking. This provision applies only to amounts of £10,000 or more. Currency seized under this authority may be held for 48 hours, after which its continued detention must be authorized by an order made by a justice of the peace upon a finding that there are reasonable grounds for the customs or police officer’s suspicion and that continued detention is justified while its origin or derivation is investigated.

Orders issued by the justice of peace may extend up to three months, and may be renewed in three month intervals up to a total period of two years from the first such order. If, during the period when the cash is being held under Section 48, a magistrate finds, on a preponderance of the evidence and on an application by a customs or police officer, that the cash directly or indirectly represents any person’s proceeds of drug trafficking or is intended by any person for use in drug trafficking, the court may order forfeiture of the cash. This is the only mechanism in Gibraltar for confiscation of proceeds of crime without a conviction, and there is no similar provision in Gibraltar law for suspicion-based seizure of cash suspected to be the proceeds of crimes other than drug trafficking.

Police and customs officers assigned to the Gibraltar Financial Intelligence Unit may also, from time to time in connection with their research and analysis of information contained in suspicious transaction reports (STRs), ask reporting institutions for additional information that may elaborate on the basis of particular STRs. This follow up is conducted on a case-by-case basis pursuant to the police and customs services’ general police powers. Information provided by reporting institutions in response to follow up requests is provided on the authority that STR information is required by law to be provided. Some reporting institutions have asserted that they would not under any circumstances provide such additional information without legal process, in the nature of a production order or search warrant. Others have developed relatively open and informal lines of communication with the GFIU concerning STRs and even in some cases potential STR filings. In all cases, the final responsibility for reporting disclosures rests with the reporting entity. The assessment team could not locate any clear guidance addressing the appropriate behavior of police or reporting institutions in this area. Specific legal provisions governing STR reporting are set forth in Section 2.7, supra.

Rights of bona fide third parties. Gibraltar confiscation and forfeiture statutes generally protect the rights of bona fide third parties to retain their assets and collect legitimate debts from persons subject to confiscation orders, restraint orders, charging orders and other process related to forfeiture of proceeds of crime. Section 33(8) of the CJO, Sections 23 and 30(8) of the DTOO, and Section 11(7) of the TO provide that persons holding an interest in confiscated property have the right to make representations before final confiscation can occur.

Provisions to counter disposal of assets subject to confiscation. The Gibraltar confiscation statutes generally give broad discretion to the courts to make factual determinations necessary to implement confiscation fairly. Clearly, these determinations may include findings related to attempts by defendants to conceal or dispose of assets otherwise subject to confiscation. See, e.g., DTOO, Sections 7-20; CJO Sections 26, 33-37. In addition, authorities have informed the assessors that, where a contract is entered into by two parties purporting to further a criminal offence the contract is void under the general common law rule that a contract tainted with illegality is voidable. Where one of the parties may not have intended to commit a fraud against the state, however, a court will have regard to the individual circumstances of the case and will take into account any public policy issues that may arise.

Reversed burden of proof. In the drug trafficking context, defendants bear the burden of proving that property they acquired during the six years prior to the beginning of proceedings against them was not purchased with the proceeds of drug trafficking. Specifically, under Section 5 of the DTOO, the court is required to apply a rebuttable presumption that: (a) any item held by the defendant at any time since his conviction or transferred to him during the period of six years prior to proceedings being instituted against him, constitutes proceeds of drug trafficking; (b) any item of expenditure during the six year period was met out of such proceeds; and (c) for purposes of valuing any item of property received by him that he received the property free of any other interests in it. This presumption does not apply to proceedings involving confiscation of proceeds of crimes other than drug trafficking.

Implementation. The authorities do not maintain statistics on assets frozen, seized, or confiscated under the various authorities at their disposal. The attorney general and his chambers, the Supreme Court judges, the police and customs did however demonstrate understanding of these authorities during interviews and described cases where they had been put to use.

Section 248 of the CPO is used with some regularity to seize vehicles and other instrumentalities linked to narcotics crimes. Customs authorities have seized more than a £250,000 being carried across the border since 1995. Several years ago, customs officials participated in a multinational operation targeting a Yacht that crossed the Atlantic from the Caribbean and moored in Gibraltar. While it was docked, Gibraltar authorities boarded the yacht and found 500 kilograms of cocaine hidden on board. The drugs and yacht were forfeited, and the defendants were convicted to 10-year prison sentences in Gibraltar. More recently, authorities confiscated £40,000 in a UK-based drug trafficking case.

In another case, a foreign national who maintained an active presence as a company service provider in Gibraltar was investigated by foreign authorities. A disclosure from a local financial institution alerted local authorities to the presence of assets in Gibraltar, and this information was passed to the foreign authorities investigating the case. Local authorities were unable to restrain the assets because the matter did not involve drug trafficking and the investigation was still ongoing. The attorney general and police nevertheless did assist the foreign authorities in obtaining—through a local solicitor acting on their own behalf—a civil restraint order against the proceeds. Ultimately, pursuant to a global settlement, the defendant agreed to disgorge the proceeds and to cease doing business in Gibraltar.

In the terrorism context, Gibraltar authorities have twice invoked the authority of the governor under the Terrorism Order 2001 to issue freeze orders directed at specific Gibraltar institutions suspected of holding terrorist funds. These cases were both generated by intelligence received through liaison with foreign services by the RGP’s special services. The orders were able to be issued almost immediately upon receipt of the intelligence by the RGP.

Recommendations and comments

Gibraltar’s legal framework for asset forfeiture and confiscation reflects the history of the application and transposition of English law in Gibraltar. The DTOO and CJO—though substantially identical in many respects and enacted at the same time—contain important differences in the confiscation area. Although domestic authorities understand these differences and are able to negotiate the various provisions reasonably effectively for their own purposes and even to assist foreign governments, they find the split between the CJO and DTOO problematical at times, especially in connection with dealing with suspect moneys whose provenance cannot clearly be traced to drug trafficking.

  • Consolidate the asset forfeiture provisions of the CJO and DTOO, and in doing so take advantage of the best features of each. Thus, reversal of burden of proof provisions should be extended beyond drug-related confiscation to all crimes, and cash seized at the border should be allowed to be detained on a suspicion that it is proceeds of or intended to be used in any crime, not just drug trafficking.

  • Enact the proposed legislation extending to all states that are parties to the UNTOC the ability to enforce external confiscation orders.

  • Clarify the authority of the GFIU to issue “non-consent” letters and provide guidelines for their use.

  • Maintain consolidated asset confiscation and forfeiture statistics.

article image

1.4. Freezing of funds used for terrorist financing (SR.III & R.32)

Description and analysis

Implementation of UN resolutions. The United Kingdom has issued two significant terrorism orders to implement the UN resolutions on terrorist financing throughout the UK and its overseas territories and dependencies, and Gibraltar has also enacted a Terrorism Ordinance 2005 to elaborate criminal provisions and restraint order powers. Gibraltar is also subject to relevant EC regulations on freezing terrorist assets.

Freezing orders. Sections 7-10 of the Al Qaida and Taliban (United Nations Measures) (Overseas Territories) Order 2002 criminalizes the funding of persons listed pursuant to UN Security Council Resolution (UNSCR) 1267. Section 7 broadly implements sanctions against listed persons, and Section 8 sets forth the governor’s power to issue by way of notice a freezing order directed at particular financial assets, economic benefits and economic resources upon reasonable grounds to suspect that the assets are held by, for or on behalf of any individual listed in pursuant to UNSCR 1267 (1999). Section 5 of the Terrorism (United Nations Measures) (Overseas Territories) Order 2001 sets forth the governor’s power to issue by way of notice a freezing order regarding financial assets, economic benefits and economic resources if he has reasonable grounds to suspect that these funds are held by, for or on behalf of a person that is committing, attempting to commit, facilitating or participating in a terrorist activity or that is controlled directly or indirectly by such a person, or that is acting on behalf of such a person.

EC regulations. EC regulation 2002/881, which implements UNSCR 1267 and its successors, also applies to Gibraltar. It provides that all funds and economic resources belonging to, or owned or held by a natural or legal person, group or entity designated by the Sanctions Committee and listed in annex of the regulation shall be frozen. According to general European law principles, European regulations are immediately effective in European national systems without the need for domestic implementing legislation. Controlled institutions are therefore required to directly implement this regulation and, as new names are published on the subsequent lists, financial institutions which identify a customer whose name is on the list should immediately freeze the account. Funds can be frozen without prior notification to the persons concerned. Decisions on the freezing of assets taken on the basis of the EC Regulations can be challenged before the European Courts.

UNSCR 1373 is implemented through EU common position 2001/931/CSFP and EC Regulation 2580/2001. However, the provisions of EC Regulation 2580 apply only for non-EU citizens. For listed persons and entities from within the EU (“domestic terrorists”), the EC regulation for freezing is not applicable. Financial sanctions can be imposed on such “domestic terrorists” only upon bilateral agreement pursuant to a framework decision dated April 15, 2003. Although nothing in the U.K. freezing orders requires Gibraltar entities to freeze assets of EU “domestic terrorists,” authorities have demonstrated their ability to respond to requests from other countries under the Terrorism Order 2001, as noted below. Thus, Gibraltar law plugs the gap created by EC Regulation 2580.

Aside from the obligation to report suspicious transactions, however, nothing in Gibraltar law or regulation imposes a specific obligation on financial institutions to inform the competent national authorities about any assets they may have frozen pursuant to the UNSCR list and EC regulations. Nor is there any affirmative obligation on financial institutions to notify measures adopted to freeze funds. The FSC has issued no guidance to its licensees concerning their affirmative obligations to implement measures with respect to the UNSCR list and EC regulations.

Restraint orders issued under the TO. Section 13 of the Terrorism Ordinance 2005 provides for the issuance of a restraint order upon ex parte application to the Chief Justice where an investigation is ongoing or proceedings have been instituted for an offense under the Act and a forfeiture order has been or is expected to be made in the course of the proceedings. This provision is styled in such a way as to allow the court flexibility with respect to accepting applications from the prosecutor or “a person who the .Court is satisfied will have the conduct of any proceedings for the offence.” See Section 13(2)(b).

Orders issued by the governor. Orders issued pursuant to the Al Qaida and Taliban (United Nations Measures) (Overseas Territories) Order 2002 and the Terrorism (United Nations Measures) (Overseas Territories) Order 2001 may be issued for a limited or unlimited amount of time. And a violation of either order constitutes an offense under the Terrorism Ordinance 2005. The 2001 Order is designed to implement UNSCR 1373. Rather than elaborate a bureaucratic mechanism for designating entities or persons whose assets should be frozen pursuant to its terms, however, it simply vests the governor with broad decision-making powers on a case-by-case basis. Similarly, neither Terrorism Order explicitly (a) provides that a freezing order can be made without delay and prior notice; (b) elaborates procedures that have to be followed when issuing a freezing notice; or (c) designates a party responsible for administering frozen funds or for enforcing freezing or unfreezing actions. Nevertheless, Gibraltar authorities were all in agreement that the RGP special services would have the investigative lead, the attorney general would review relevant information and prepare any necessary applications, and that the governor would issue an order promptly and without prior notice as necessary. Indeed this has been done already on two occasions without difficulty.

Freezing orders of other jurisdictions. As noted, the Gibraltar authorities have acted on two occasions promptly in response to intelligence received from overseas to issue freezing orders directed at assets reasonably believed to be owned or controlled by terrorists. As they were in those cases, requests from foreign governments to implement a freezing order under any of the authorities outlined above would be referred to the attorney general, who would analyze the matter with the assistance of the RGP special services. If the AG is satisfied that there are reasonable grounds to issue a freeze or restraint order, he can prepare an application for such an order or orders to the governor and/or the Chief Justice, as appropriate.

Communication of actions to the financial sector. The Financial Services Commission is responsible for monitoring the UN’s press releases concerning individuals and entities listed under UNSCR 1267 (1999) and EC Regulation 881. Licensed firms are notified promptly of any changes made to the list through an e-mailing list that is maintained through the Financial Services Commission’s database.

The freeze orders previously issued under the governor’s powers delegated from the Queen, as described above, have been directed confidentially at specific financial institutions or persons believed to hold assets subject to freezing. Nothing in the Orders would prohibit an order of general applicability, however, which could be communicated to the financial sector through the official gazette and through the Financial Services Commission e-mail alert system and on its website.

Guidance for financial institutions concerning their obligations. The FSC’s Anti-Money-Laundering Guidance Notes (AMLGNs) contain no guidance for financial institutions concerning their obligations to freeze funds of designated terrorist and terrorist organizations or check their accounts against UN or EU terrorism lists. The FSC’s website does contain links to various applicable lists, but it does not include any guidance, either. FSC staff indicated that they expect their licensees to check their accounts against the lists, but it was not clear to the assessors how they communicate those expectations, and they did not articulate any further expectation in terms of freezing, notification to the government of accounts identified, etc. Since with one exception the banks operating in Gibraltar are branches of large international institutions, they not surprisingly demonstrated familiarity with international expectations to run the lists against their accounts, to freeze accounts, and to notify the authorities as necessary. Other licensees in Gibraltar, however, appeared significantly less familiar with their obligations under the UN and EU lists, and they could clearly benefit from guidance from the FSC.

With respect to targeted orders issued pursuant to both the Al Qaida and Taliban (United Nations Measures) (Overseas Territories) Order 2002 and the Terrorism (United Nations Measures) (Overseas Territories) Order 2001 provide for financial institutions holding the frozen assets to send without delay a copy of the received notification to the person whose funds have been frozen or on whose behalf they are held. The requirement is complied with if the financial institutions send the notice to the last known address of the frozen funds or—if an address is not available—provides the owner with a copy of the order at the first available opportunity. Failure to do so is considered an offense under both Orders.

Procedures for delisting requests and unfreezing funds. As indicated, the FSC notifies licensees concerning updates to international terrorist lists. No authority in Gibraltar has promulgated procedures to use in the event that a person or entity with frozen assets in Gibraltar is removed from such a list. After discussions with the authorities, it seems that, as a practical matter, any such unfreezing would be handled jointly by the FSC, the attorney general, RGP special services, the governor, and the Chief Justice, as necessary. The Enforcement Committee should review this issue, develop procedures for such delisting requests, and an appropriate entity—the Government, or perhaps the FSC—should publish them..

Under both Orders the governor can revoke a freezing order at any time. Neither the Orders nor the TO includes specific listing or delisting procedures, however. After discussions with the authorities, it seems that any such request to the government would be referred to the attorney general, who would consult with RGP special services in deciding whether to make an application to the governor or the Court, as applicable. It is equally clear that the governor would decide how to handle any matter that would require international negotiation to remove a person from an international terrorist list. Written procedures should be drawn up, however.

Access to frozen funds. Sections 13-14 of the TO provide for exceptions and conditions to be included in restraint orders; the Terrorism Orders provide for licenses, as well.

Remedies before courts by individuals. Both the Al Qaida and Taliban (United Nations Measures)(Overseas Territories) Order 2002 and the Terrorism (United Nations Measures)(Overseas Territories) Order 2001 provide for persons by, for on behalf of whom funds that are frozen to apply to the Supreme Court for the freezing order to be set aside. At least seven days before the hearing of the application, the applicant needs to provide the governor with a copy of the application and all witness statements or affidavits used to support the application.

Apart from the case where assets would have been frozen which belong to a homonym of the person listed, there is no general procedure for protecting the rights of bona fide third parties.

Freezing, seizing, and confiscation in other circumstances. Article 11 Terrorism Ordinance 2005 provides for conviction-based confiscation of any money or property which has been or was intended to be used for the commission of an offence under the Act if the person is convicted for that offence. It is possible to imagine “non-consent” process or Bank of Scotland freezes in the terrorism context, too (see discussion in Section 1.3, infra), although there are no formal procedures in place.

Effectiveness, compliance, monitoring, sanctions. Gibraltar authorities have twice invoked the authority of the governor under the Terrorism Order 2001 to issue freeze orders directed at specific Gibraltar institutions suspected of holding terrorist funds. These cases were both generated by intelligence received through liaison with foreign services by the RGP’s special services division. The orders were able to be issued almost immediately upon receipt of the intelligence by the RGP.

As indicated, however, aside from the international banks operating in Gibraltar, which appear to be complying with their UN and EU obligations to identify and freeze, as necessary, funds of listed persons and entities, other financial services providers and licensees demonstrated a general lack of knowledge of the international asset freezing regime. This is due principally to the FSC’s failure to update its guidance notes, develop appropriate procedures, and communicate clear expectations in this area—including sanctions for non-compliance—to its licensees. This situation should be remedied promptly.

Recommendations and comments

Gibraltar has in place very muscular terrorism orders and statutory authorities giving the governor and the police broad powers to freeze and seize suspected terrorist assets. Gibraltar has also put these authorities to practical and effective use. Nevertheless, the FATF recommendations and the methodology used by the IMF emphasize the need for clear procedures for implementing international obligations and responding to foreign requests for assistance.

  • Procedures for delisting requests and the unfreezing of funds should be developed and published.

  • The FSC should issue guidance to the financial services community concerning affirmative obligations to freeze assets of persons listed by the UNSCR 1267 Committee and the EU. These affirmative obligations should include incorporating the information into their AML/CFT compliance programs, and reporting to authorities on any transactions that may be connected to terrorist financing.

article image

Authorities

1.5. The Financial Intelligence Unit (FIU) and its functions (R.26, 30 & 32)

Description and analysis

Authority, operational independence, and staffing.

The DTOO and CJO require reporting of suspicious transactions to the police or customs. On January 1, 1996, following the enactment of these statutes, the RGP and customs jointly established the Gibraltar Financial Intelligence Unit (GFIU) within their already jointly established Gibraltar Coordinating Centre for Criminal Intelligence and Drugs (GCID). The GCID, and by extension the GFIU, derives its authority from the general police powers delegated to the RGP and customs to enforce the laws of Gibraltar. Specific authority to receive STR is lodged in the CJO and DTOO. The GFIU’s functions were further elaborated in a restricted report to the chief minister and governor, prepared contemporaneously with the GFIU’s establishment. Those functions are:

  • - To receive, research, and allocate intelligence from suspicious reports;

  • - To maintain a financial intelligence database;

  • - To liaise with the financial and business community;

  • - To develop quality financial intelligence

  • - To provide training and education.

Paragraphs 6-29 and 6-30 of the AMLGNs, promulgated by the FSC and the Government, provide administrative guidance to the reporting community that the GFIU is the “central reception point for disclosures.” Similarly, the GOG’s recently issued AMLGNs for High Value Dealers (HVD) also refer to the GFIU as the GOG authority to which disclosures can be made.

There is, however a degree of confusion as to where disclosures of reports relating to funding of terrorism should be made. Depending on whether the legal authority is the CJO, Terrorism Ordinance or Terrorism Order, relevant financial businesses are required to make disclosures to the GFIU (by virtue of being the designated police or customs officer), the governor or to the police only. (Section 2.7 contains a fuller description of the disclosure regime.) The FSC-issued AMLGNs were updated during the assessment to reflect the provisions of the Terrorism Ordinance 2005. The AMLGNs now indicate that reports should be sent to the police (who report to the governor) through the GCID. In contrast, the Terrorism Order (2001) requires suspicious transactions related to terrorism to be reported to the governor.

The GFIU’s total staffing is two. The GFIU Head of Unit is traditionally a seconded customs officer and the other staff member is a financial analyst from the Royal Gibraltar Police. Both FIU staff are experienced law enforcement officers. The RGP financial analyst who has five years experience at the GFIU has training in various analytical software packages. GCID has a staff of five including the GFIU staff. The staff of the GCID is also seconded from the police and customs service.

The Executive Coordinator of GCID is responsible for the budget and operations of the FIU, and he reports directly to both the chief minister and the Governor of Gibraltar. This reporting structure is designed to ensure that the GCID—and by extension the GFIU—has autonomy and operational independence. The Head of the GFIU is functionally responsible to the GCID Executive Coordinator. The Head of the GFIU is a member of Gibraltar’s AML Enforcement Committee, which coordinates the government’s work on AML/CFT issues.

FIU Functions

The GFIU performs the standard functions of receiving disclosures of STRs, analyzing them, and disseminating STRs and related intelligence to designated law enforcement authorities. The GFIU was formally admitted to the Egmont Group of FIUs at the Plenary on June 23, 2004.

Receipt of STRs. As indicated and despite some lingering confusion in the private sector, STRs are in fact reported to the GFIU. Although AML control officers, whom FSC licensees are required to appoint, generally demonstrated familiarity with the GFIU, this is not the case in the sectors not regulated by the FSC. Reports are typically made on the reporting form promulgated by the FSC as part of the AMLGNs and sent via secure or hand delivered letter. Sometimes disclosures are first made informally via telephone and followed up in writing. In all cases, the GFIU formally acknowledges receipt of disclosures to the money-laundering reporting officer who made the disclosure. Such receipt may include a “consent” or “non-consent” for the filer to process a transaction or continue a business relationship with its customer, as described below.

Under Section 18 of the CJO, all “relevant financial businesses” are required to identify an “appropriate person” to consider all internal reports of suspicion and to make disclosures where there is considered suspicion or knowledge of ML. These persons, who are also known as money laundering control or reporting officers or nominated persons, are also the persons to whom the GFIU reverts in cases where further information is sought about particular disclosures. A fuller discussion on issues concerning the requirements to make disclosures is at Section 2.7, infra.

Analysis. The GFIU performs an initial evaluation and rating on all STRs it receives. The GFIU enhances disclosures by accessing further information either directly on-line or indirectly through referral to criminal and intelligence databases held by GCID, police, customs (including immigration data), Interpol, and open source information such as Companies House (the Gibraltar Registrar of Corporations), World Check, and general internet searching. The assessment team was advised that the GCID criminal intelligence database is not linked to the GFIU database of disclosures. The GCID database does record, however, that disclosures have been received by the GFIU. Where appropriate, further information is requested from the disclosing business. If the business has concerns about confidentiality or legal protection then the FIU will turn over the disclosure to the appropriate investigator in the police or customs. Where an international connection is suspected, GFIU uses the Egmont secure link to make inquiries of foreign FIUs. All disclosures are held on an Ibase database platform, and link chart analysis is undertaken where appropriate. The GFIU’s analytical function is solely tactical. Strategic analysis is not undertaken on the disclosures due to the small number. Similarly, the GFIU has to date not undertaken any meaningful analysis for ML/TF threats in the regulated sector. The authorities advised that training in financial analysis was being arranged with the Asset Recovery Agency of the United Kingdom.

Dissemination. The GFIU’s domestic customers are the police and customs service. The assessment team was advised that the authority for the GFIU to disseminate cases is restricted to the police and customs by virtue of AMLGN Paragraph 6.36, together with the general disciplinary and secrecy requirements that apply to police and customs officers. Though the volume of reports is not overwhelming, the GFIU, the police, and customs are all relatively modest organizations, and part of the GFIU’s role in the system is to filter unnecessary information. A key consideration in determining whether to forward STR information to police or customs is whether there appears to be proceeds of crime available locally. When the GFIU does make a dissemination, it directs it to one service or the other for action, with an information copy to the other service.

The FSC and FDS employ the services of the GCID for background checks in connection with license applications. The existence of an STR may be factored into GCID’s considerations, although disclosure of the existence of the STR disclosure would not be permitted. The assessors suggest this view be reconsidered, as such information might assist the FSC in conducting risk-based targeting of compliance resources. As part of the dissemination process, police and customs are required to provide feedback to the GFIU within 28 days of receiving the GFIU intelligence report, as to use made of the intelligence.

As part of its dissemination function, the GFIU also receives and responds to requests from other FIUs for intelligence through the Egmont secure link. GFIU also initiates dissemination of intelligence to relevant FIUs. The GFIU does not require a Memorandum of Understanding (MOU) for such information sharing and adheres to the Egmont Principles for Information sharing as the basis for such communication.

Information and operational security. Appropriate physical and information technology security measures are in place to prevent unauthorized access to GFIU information and staff. The business practice is for disclosures of STRs to the GFIU and GFIU’s disseminations to designated police or customs officers to be conducted by secure hand delivery or secure mail.

As law enforcement officers working in an intelligence unit, GFIU staff have been trained to handle sensitive information and they demonstrated keen sensitivity to the confidentiality of STR information. They are subject to discipline, including criminal charge, under internal police and customs regulations on officer conduct and the Official Secrets Act.

Legal powers to request further information to assist in the analysis of disclosures are neither specified nor specifically excluded. (As noted, the GFIU is a police unit, so its staff have police powers.) In practice, such intelligence is obtained through GFIU’s relationships with reporting officers. Although GFIU staff might be able to use their police and customs powers to seek production orders for further information, the GFIU staff prefers to use informal inquiries when analyzing STRs. If requests for further information are not satisfied—which can and does happen for valid reasons when reporting institutions believe they cannot provide more without formal process—then the GFIU refers the disclosure with its comments and analysis to the relevant law enforcement agency, which may seek production orders or search warrants, as necessary.

Consent and non-consent letters. The GFIU also acts as an intermediary in the process of advising or withholding consent for the disclosing financial business to participate in transactions about which (or related to which) a disclosure was made. Gibraltar’s suspicious transaction reporting regime provides an unusual means for “freezing” transactions through accounts of persons or entities about whom suspicious transaction reports (STRs) have been filed. As noted elsewhere, Section 2(3) of the CJO provides in part that it is a defense to a money-laundering charge in Gibraltar that a person makes a disclosure. After a disclosure is made, however, the person who made the disclosure is still subject to potential criminal liability for any act that facilitates another’s retention or control of proceeds of criminal conduct or places such proceeds at the disposal of the person about whom the disclosure was made or uses the proceeds for his or her benefit to acquire property by way of investment, unless such act is done with the consent of the police or customs service. For this reason, the GFIU issues—in response to each STR it receives—“consent” or “non-consent” letters to instruct the filing institution as to whether it may proceed with transactions related to the matter or persons that are the subject of the STR. Unless and until reporting institutions receive a “consent” letter from the GFIU, they proceed with further transactions at their peril. Accordingly, they will often cease activity on an account or a matter while the GFIU and other authorities decide how to proceed.

In the assessors’ view, the legal authority for issuing a “non-consent” letter is somewhat tenuous, and there are no regulations or other guidelines used by the GFIU, police or customs indicating criteria that should be used in making consent/non-consent decisions, or the duration of a non-consent letter. Non-consent letters may in fact create a legal dilemma for filers, arising out of the possibility that adhering to a “non-consent” letter may result in a breach of the “tipping off” provisions of the CJO and DTOO. See discussion of Bank of Scotland Orders at Section 1.3, infra.

Even though well understood by GFIU staff, GCID, the police and customs, the GFIU’s information handling policies are not documented anywhere. It would be useful, in connection with the issuance of a clear public statement of the GFIU’s powers and responsibilities, to elaborate a set of information management principles, and to include in such principles guidance on how to handle the issue of “consent” and “non-consent” letters.

Guidance to the reporting community

GFIU staff currently performs an educational function for licensed financial services providers and professional bodies such as the Association of Compliance Officers. through face to face presentations and newsletters. The education focuses on explaining the requirements for disclosures, typologies of cases derived from past disclosures and trends and vulnerabilities gleaned from international sources such as the Egmont Group, FATF, and other sources. Although the GFIU is consulted on the format of the STR Disclosure Form, formal guidance on the disclosure form is provided in the AMLGNs promulgated by the FSC.

In the near future the GFIU intends to extend the education program to the DNFBP sector that is not regulated by the FSC.

Statistics

The level of STRs disclosed to the GFIU has significantly declined since 2001. The assessment team was advised that the significant reduction since 2002 was primarily due to the completion, during the previous period, of FSC required remedial action of retrospective due diligence requirements. Accordingly the true level of disclosures may be closer to the lower 2003 to 2005 levels. An additional factor may also be instances where business is being declined or transactions being blocked for reasons possibly related to grounds of suspicion, which should have also resulted in subsequent disclosure to GFIU.

Disclosures received

article image

Disseminations (to domestic authorities)

article image

Recommendations and comments

Although it is staffed by law enforcement officers, the GFIU operates in some respects like an administrative FIU. GFIU staff do not invoke law enforcement powers to seek further information from business. This practice maintains some degree of distinction between the law enforcement intelligence and investigative functions, and gives a degree of comfort to business.

Although the GFIU is the designated authority to receive disclosures of suspicions relating to money laundering, for which terrorist financing is an underlying predicate crime, the Terrorism Order (TO) and Terrorism Ordinance literally require relevant financial businesses to report to different authorities. In practice, however, terrorism-related reports all find their way quickly to the RGP’s special branch for action. Similarly, Section 6 of the recently enacted Gambling Ordinance specifies that disclosures of suspicious transactions should be made to the yet to be created Gambling Commissioner,7 which will be the Gibraltar Regulatory Authority (GRA). The GRA will then be required to forward such disclosures to the relevant competent authorities. The current and somewhat confusing set of directives concerning disclosures regarding suspected financing of terrorism, dilutes the GFIU’s role as the sole central, agency responsible for receiving of disclosures concerning suspected proceeds of crime and potential financing of terrorism. During the on-site visit the AMLGNs were amended to require the sectors subject to the Guidance to make reports to the GFIU for the purposes of the TO.

The distinction between the GFIU and the GCID does not appear to be clearly understood outside the financial sector. This GFIU identity issue is further complicated by the fact that relevant provisions of the CJO, DTOO, TO, Terrorism Orders, and AMLGNs require or suggest that reports can be made to police or customs officers, the GFIU, the governor, and “competent authorities.” The information to be disclosed is not specified other than in the FSC issued AMLGNs. The assessors were apprised of some confusion especially in the non-financial business and professions sectors about where to report, and whether there is a difference between the GFIU and GCID. A clearer public statement of the GFIU’s role, along with appropriate edits to the AMLGNs, however, would go a long way towards clarifying this issue.

There is no agreed formula or expectation to guide AML/CFT assessors in arriving at a judgment concerning the “appropriate” number of disclosures. On the basis of their experience working inside FIUs and in reviewing assessments of other jurisdictions, however, and giving due consideration to the size of Gibraltar and its financial sector, the assessors concluded that the level of disclosures is probably appropriate, although this is less likely to be the case for those sectors of the DNFBP category not subject to supervision by the FSC. The current level of disclosures places limitations on any meaningful trend and strategic analysis on money-laundering trends specific to the local environment, and tactical value added analysis of disclosures is undertaken prior to any dissemination. The circumstances and extent to which the GFIU can and does obtain access to additional information from reporting businesses are not clear. The GFIU maintains good relations with ML reporting officers in financial institutions, and has been able to obtain additional information necessary to clarify the circumstances of particular STRs. The GFIU did note, however, that in some cases the disclosing financial business is unwilling for confidentiality reasons to provide further information without receipt of a production order. In these cases the GFIU disseminates the STR to the relevant police or customs authority to seek the further information. The GFIU itself does not access this further information.

The GFIU could generate statistics on the reporting performance of individual businesses, however to date, such analysis has not been provided to the FSC or other body with supervisory responsibility but, neither has the GFIU been asked for such information. The assessors suggest that such information might assist the FSC, and other competent authority such as the GRA, in developing future supervisory and monitoring programs.

The GFIU staff—though small—is suitably skilled for their current work and has established meaningful relationships with the financial sector and the financial services regulator. The widening of the disclosure requirements to the DNFBP sectors places added pressure on GFIU staff to perform an educational role, especially in those activities where there is no available monitoring body or representative body. The current practice of issuing newsletters on typologies and issues related to reporting is commendable.

The administrative placement of the GFIU within the GCID works well for Gibraltar and the two units are aware of their operational differences. It is not considered that the GFIU’s ability to act independently is affected by this placement

Recommendations

  • Provide clearer public explanations of the roles and responsibilities of the GFIU vis-à-vis the GCID and the police particularly with respect to TF.

  • Clarify the implications, if any, on the GFIU of legal requirements that suspicious transactions related to terrorism be reported variously to the governor and the police.

  • Amend Sections 33(2) and (3) of the GO to require holders of gambling licenses to report disclosures of suspected money laundering to the GFIU instead of the Gambling Commissioner.

  • Analyze possible relationships between observed trends in disclosures and other criminal intelligence.

  • Consider providing the FSC, the GRA and any other authority having AML/CFT oversight responsibility with numerical only statistical data on the reporting performance of specific individual businesses. This would assist those authorities in their supervisory programs.

  • GFIU should give priority to establishing contact with the sectors not regulated by the FSC to: provide clear education and guidance as to reporting obligations and procedures for making disclosures to the GFIU and to foster sharing of information on potential ML/TF risks in these sectors.

  • Document internal procedures for all GFIU functions.

  • Consider ways to clarify the circumstances and extent to which the GFIU can and will obtain access to further information from reporting businesses.

article image

1.6. Law enforcement, prosecution and other competent authorities-the framework for the investigation and prosecution of offences, and for confiscation and freezing (R.27, 28, 30 & 32)

Description and analysis

Police and customs

The Royal Gibraltar Police (RGP) force is comprised of approximately 220 officers. The Police Commissioner reports to the governor, though the government funds the police. The Financial Crime Unit (FCU) which has been in existence since the early 1990s, has a staff of six dedicated investigators with expertise in fraud, money laundering, and other financial investigations (false accounts, benefit frauds, counterfeit currency, etc.). Two FCU officers were trained as financial investigators in the UK. Three FCU officers are trained in computer forensic techniques. The FCU investigates ML and FT offences both locally and internationally. The FCU works closely with the head of the RGP’s special branch on ML and TF cases and on matters involving intelligence. Current major cases under investigation in the FCU include a £10 million domestic fraud, and responding to several foreign requests for assistance.

The customs service has approximately 105 officers, and is responsible for collecting approximately 30 percent of government revenue. The Investigating Branch (IB) has five investigators, two clerks and an assistant, and responsibility for investigating ML matters. Customs uses the UN’s automated system for customs data, and maintains comprehensive computerized data on 81,000 annual declarations, tariffs, penalties and violations, immigration filings, etc. Enforcement cases may be generated at any of several points during an import inspection, and the IB generates cases from time to time by searching the data on file. Drug sniffing dogs are deployed at the land frontier with Spain, and x-ray machines are used to detect “swallowers.” Customs has recently been focused on interdicting counterfeit goods, and is involved in a cooperative initiative with cigarette manufacturers.

Enforcement discretion. Each investigation is treated on a case-by-case basis and FCU and IB supervisors monitor the progress of each investigation and decide when and if suspected persons are to be arrested. The trade-offs between preventing crime and gathering further intelligence, as well as the potential seizure of funds, is taken into consideration before any arrests are made. In some cases, arrest may be the only option when, for instance, it is suspected that the suspect may leave the jurisdiction.

Special investigative powers. The FCU uses electronic and human surveillance techniques, including under “covert human intelligence sources” pursuant to guidelines issued by the UK Association of Chiefs of Police, which the RGP has endorsed for its purposes. The FCU participated with Metropolitan Police London in a “sting” operation involving a Gibraltar lawyer who was charged in the UK for narcotics-related money laundering.

The police do not, at this time, have wire tap or other electronic eavesdropping authority, though they have been advocating for it for some time. A draft bill, the Interception of Communications Act, is being prepared for consideration by the Gibraltar parliament. This statute may also contain provisions regulating the use of undercover and other surveillance techniques.

Gibraltar Coordinating Centre for Criminal Intelligence and Drugs and FIU. The GCID is a combined unit of five police and customs officers situated in their own office away from both headquarters offices. GCID focuses on intelligence and international cooperation, and houses the two-person Gibraltar Financial Intelligence Unit. The GFIU has full access to customs and police data, Interpol, the Egmont secure web system, GCID criminal intelligence, and open source information. It uses i2 database technology to assist with analysis. Although he GFIU is closely integrated with police and customs, it is a stand alone unit. The assessors are not aware of any factor that would inhibit its operational independence or autonomy or subject it to undue influence or interference, but its separate role vis-à-vis the financial sector, as well as the police, customs, and—to the extent it is separate from it—the GCID, is not entirely clear to the financial and non financial sectors..

The GFIU produces statistics on the collection and use of disclosures it receives and the disseminations it makes to police and customs.

International networks, staff development, training, and ethics. The FCU, IB and GFIU have extensive experience in dealing with competent authorities in other countries and will use whatever powers are available in the circumstances. The RGP is a member of CARIN (Camden Assets Recovery Inter Agency Network) which is a Europol initiative supported by Eurojust and intended to facilitate informal contacts and cooperation on criminal asset identification and recovery. The IB has similar extensive contacts. The GFIU is a member of the Egmont Group of financial intelligence units, and frequently exchanges information with other FIUs.

ML and FT methods, techniques and trends are disseminated and shared among the GFIU, police, customs, and other agencies in the interagency enforcement group. Gibraltar police and customs officials communicate regularly on such matters with their foreign colleagues. Gibraltar police maintain especially close links to the UK, including through a program of mutual secondments to one another’s’ forces.

Both police and customs staff are required to adhere to a code of conduct, and are subject to prosecution for unauthorized disclosures of information. All the staff met during the mission demonstrated sensitivity to confidentiality issues, which is particularly important in such a small place as Gibraltar. The assessors got the impression that Gibraltar has a strong law enforcement culture, which may be rooted in its history as a fortress often under siege. The often-heard theme of protecting Gibraltar’s reputation is also a driver.

Powers of search and seizure. The general search warrant in Gibraltar issues under Section 25 of the Criminal Procedure Ordinance (CPO), which can be used for local proceedings and also, subject to a dual criminality requirement, for requests under Section 15 of the Mutual Legal Assistance (EU) Ordinance and the Mutual Legal Assistance (International) Ordinance. Section 25 provides:

  • Where there is reasonable cause to believe that anything upon, by, or in respect of which an offense has been committed or anything which is necessary to the conduct of an investigation into any offense is in any premises, building, vessel, aircraft, vehicle, box, receptacle or place, a justice of the peace may issue a search warrant authorizing a police officer or other person to search the premises, building, vessel, aircraft, vehicle, box, receptacle or place, named or described in the warrant, for any such thing and, if anything searched for be found, or any other thing which there is reasonable cause to suspect to have been stolen or unlawfully obtained be found, to seize it and carry it before the magistrates’ court to be dealt with according to law.

This authority may be used by police or customs officials to obtain transaction records, identification data obtained through the CDD process, account files and business correspondence, and other records, documents or information, held or maintained by financial institutions and other businesses or persons, upon a showing of reasonable cause. (Section 38 of the CPO provides for detention of property seized pursuant to a warrant.)

Similar information may be obtained through a production order issued by the court, pursuant to Section 28 of the Magistrates’ Court Ordinance. As a matter of general practice, records of banks, trust and company service providers, and others in Gibraltar whose records are sought in connection with money-laundering investigations are obtained through production orders in the vast majority of cases. The court’s power is enforceable through criminal contempt proceedings. Persons may justifiably refuse the produce documents, for example on the grounds of privilege or that to do might be self-incriminatory.

In addition, the governor has the authority under Section 12 of Schedule 10 of the Companies Ordinance to appoint an inspector to investigate and report on ownership and control of companies formed in Gibraltar, with a principal place of business in Gibraltar, or that has at any time carried on business in Gibraltar. This authority includes broad powers to compel the production of documents, to execute search warrants, to hold persons in contempt for failing to comply. Authorities have used this authority on occasion.

Gibraltar law also provides for specialized warrants under the Drugs (Misuse) Ordinance (searches of persons, vehicles, and vessels, along with detention of evidence), which provides in relevant part at Section 26(3) that:

  • In drug cases, if there is reasonable grounds for suspecting that a document directly or indirectly relating to, or connected with, a drug transaction or dealing, is in the possession of a person on any premises, he may grant a warrant authorizing any customs or police officer at any time or times within one month from the date of the warrant, to enter, if need be by force, the premises named in the warrant, and to search the premises and any persons found therein and, if there is reasonable ground for suspecting that such a document is found to seize and detain to document.

  • A person commits an offence if he intentionally obstructs a person in the exercise of his powers under this section, conceals any such books, documents, stocks or drugs, or without reasonable excuse fails to produce any such books or documents as are so mentioned where their production is demanded by a person in the exercise of his powers under that subsection.

  • For local investigations into drug trafficking, Section 60 of the DTOO provides that customs or police officers may obtain a production order for particular material, to include a provision allowing the police or customs to enter a premise to obtain access to the material. Such an order may be obtained ex parte, and may include specific provisions ensuring the preservation of information contained in a computer. Section 43(a) of the DTO makes similar provisions available to assist overseas investigations into drug trafficking, provided a proceeding has been initiated or a person has been arrested by authorities from a signatory to the Vienna convention.

Section 61 of the DTOO authorizes search warrants for specified premises and seizure of evidence for local investigations into drug trafficking.

Provided there are reasonable grounds for suspecting that a specified person has carried on or has benefited from drug trafficking, that here is on the premises material relating to the specified person or to drug trafficking which is likely to be of substantial value (whether by itself together with other material) to the investigation for the purpose of which the application is made, but that the material cannot at the time of the application be particularized; and that there are other factors justifying entry onto the premises. Where a customs or police officer enters a premises in the execution of a warrant issued under this section, he may seize and retain any material, other than items subject to legal privilege and excluded material, which is likely to be of substantial value (whether by itself or together with other material) to the investigation for the purposes of which the warrant was issued.

Subject to dual criminality requirements, similar authorities are available in support of drug trafficking investigations by Vienna Convention signatories pursuant to Section 43 of the DTOO, provided that criminal proceedings have been instituted against a person or that a person has been arrested.

Witness statements. Gibraltar police and customs may take statements from witnesses, witnesses may make statements before a magistrate, and witnesses may swear statements before a commissioner of oaths. The court may summon witnesses to appear in a criminal case under Section 70 of the CPO; depositions of witnesses may be read into the record of a criminal trial under Section 80, and Section 90 provides for proof by written statement.

Law Enforcement and Intelligence authorities are able to discuss and review money laundering and financing of terrorism trends and techniques through the Enforcement Committee forum. The membership of the Committee includes the GFIU and other competent authorities such as the FSC and Legislative Support Unit.

Recommendations and comments

  • Update production order and warrant statutes to make them more effective in non-drug related financial investigations. Specify types of documents that may be made available, include provisions protecting information retained on computers, and authority for police and customs to enter premises to execute production orders. Use Schedule 10 of the Companies Ordinance as a model.

  • Clarify and document the roles and responsibilities of the GFIU within the GCID vis-à-vis the private sector.

article image

1.7. Cross Border Declaration or Disclosure (SR.IX & R.32)

Description and analysis

Section 48 of the DTO grants authority to customs and police officers to seize and detain cash (i.e., currency) being imported into or exported from Gibraltar upon reasonable grounds for suspecting that it directly or indirectly represents any person’s proceeds of drug trafficking or is intended by any person for use in drug trafficking. This provision applies only to amounts of £10,000 or more, and it does not apply to bearer or negotiable instruments. Currency seized under this authority may be held for 48 hours, and afterwards detained for up to two years in three month intervals upon a finding by a judge that there are reasonable grounds for the suspicion and that continued detention is justified while its origin or derivation is investigated. Cash seized under this authority may be forfeited upon a finding based on a preponderance of the evidence that the cash directly or indirectly represents any person’s proceeds of drug trafficking or is intended by any person for use in drug trafficking.

There is no similar provision in Gibraltar law for suspicion-based seizure of cash suspected to be the proceeds of crimes other than drug trafficking, although Part II of the Criminal Justice Ordinance (CJO) does provide for the seizure of funds derived from criminal conduct upon proof that they are so derived.

There is no requirement to declare or disclose cross-border transportation of currency or bearer negotiable instruments in Gibraltar.

Recommendations and comments

  • Amend laws to require disclosure of cross-border movements of currency and bearer negotiable instruments. Such a system could apply only above a certain threshold.

  • Amend laws to enable customs and police officers to detain currency and negotiable instruments that are falsely disclosed or that are suspected of being related to terrorist financing or money laundering.

  • Amend laws to enable authorities to confiscate such seized currency and negotiable instruments under appropriate circumstances consistent with Special Recommendation IX.

article image

2. PREVENTIVE MEASURES—FINANCIAL INSTITUTIONS

2.1. Risk of money laundering or terrorist financing

The Financial Services Commission has adopted a risk-based approach to supervision of its licensees. Risk assessments are conducted on all licensees and the results of these assessments impact directly on the supervisory program established for all financial institutions. The program was updated in 2005 to permit more accurate identification of the risks in each institution. The focus of the program is on ensuring consistency of the supervisory program, while allowing for flexibility and supervisory judgment.

The current risk based approach used by the FSC enables the FSC to carry out the responsibilities placed on it by the various Ordinances and Regulations in a targeted manner “at the areas and firms where there is a higher probability of a risk crystallizing and its impact having repercussions for consumers as well as the stability and reputation of the jurisdiction.”

The FSC assesses six evaluation factors known as risk groups. These include financial soundness and capital, environment, business plan, controls, organization and management. Each risk group for each financial institution is graded as either a material risk, a perceptible risk, or a negligible risk. The FSC uses both onsite assessments and information gathered offsite from required filings to assess the risk groups.

The AMLGNs cover a wide range of financial institutions including banks, building societies, and investment businesses (including investments services, company management, professional trusteeship, insurance management and insurance intermediation). They also cover life insurance companies, currency exchange/bureaux de change and money transmission/remittance offices. While currency exchange houses outside banks and a lone money transmitter are not supervised by the FSC, all other major significant types of financial institution are both subject to the AMLGNs and supervised by the FSC.

The main risk in the financial sector comes from the professions such as accountants and lawyers as well as from the trust and company service providers both within and outside Gibraltar who refer clients to the financial institutions as part of their services on advising clients regarding wealth management and transactional business. Gibraltar has therefore enacted fairly strict requirements regarding introduced business. Many times, however, the “mind and management” of clients are not based in Gibraltar but transactions are executed locally as part of a wider scheme or deal. These are the most risky transactions undertaken; for while the financial institution in Gibraltar will likely have all the appropriate customer due diligence on file, they may not always have a complete understanding of the purposes of all of the transactions. This may also limit the ability to conduct ongoing monitoring and due diligence which, in turn, may affect the identification and reporting of suspicions.

Customer Due Diligence & Record Keeping

2.2. Customer due diligence, including enhanced or reduced measures (R.5 to 8)

Description and analysis

R. 5

The Financial Services Commission (FSC) is the designated supervisor for the financial sector and for the trust and company services (fiduciary services) sector. The FSC has adopted a risk-based approach to customer due diligence for all of its licensees. The authorities have set minimum requirements that apply to all customers, with enhanced requirements where the risk presented by the customer or the nature of their business is higher. There are basic statutory obligations in the Criminal Justice Ordinance (CJO), but the vast majority of the requirements that institutions must address are found in the Anti-Money Laundering Guidance Notes (AMLGNs). Both the CJO and the AMLGNs are applied to the full spectrum of financial institutions including banks, insurance firms, investment activities, bureaux de change, and money transmitters. The Gibraltar Savings Bank, a government department is also included in the scope of application of the CJO and AMLGNs.

Part III of the CJO covers “Measures to Prevent the Use of the Financial System for Purposes of Money Laundering.” The CJO covers identification requirements, record keeping procedures, and training as key issues in the fight against money laundering. Identification requirements are covered in Sections 11 and 13 of the CJO. Section 11 requires that, “as soon as reasonably practicable after contact is first made” between the financial institution and the client, a client must produce “satisfactory evidence of their identity” and that procedures, established by the financial institution, are followed to ensure “satisfactory evidence of his identity.” Where this information is not obtained, “the business relationship or one-off transaction in question shall not proceed any further.”

Beneficial ownership is addressed in Section 13 of the CJO. It addresses those situations where the “applicant for business is or appears to be acting otherwise than as principal.” In these cases, the CJO requires that the institution’s identification procedures require “reasonable measures” to be taken to ensure that the identity of the beneficial owner can be established. The identification procedures must take place “as soon as is reasonably practicable after contact is first made between that person and an applicant for business concerning any particular business relationship or one-off transaction.”

One-off or occasional transactions are addressed in the CJO. These are defined as either a single transaction of €15,000 or two or more one-off transactions that are linked and are equal to or greater than €15,000. Evidence of identity is required in these cases, in accordance with Sections 11(4) and 11(5). Where this evidence cannot be obtained, Section 11(1) of the CJO requires that the one-off transaction not proceed. The CJO does not require that consideration be given to having an STR filed in this situation.

The AMLGNs is the key document addressing the detailed provisions of customer due diligence. However, as mentioned in Paragraph 41 et seq., the AMLGNs are considered as “other enforceable means” and do not qualify as a law or regulation. As a result, there are a number of provisions in Recommendation 5 that are required to be covered by law or regulation, but currently are not. This is reflected in the rating, but it is important to note that functionally, the industry considers all but one of these criteria as ongoing requirements via the AMLGNs. As a result, the industry is currently applying these standards within their CDD frameworks, as described below:

  • Criteria 5.1: The requirement that financial institutions should not offer anonymous or fictitious accounts is not covered within the CJO or any other law or regulation. But, in the AMLGNs, Paragraph 3-11 indicates that “no institution may maintain accounts or business relationships which are either anonymous or in fictitious names.”

  • Criteria 5.2(c): This criteria is not addressed in the CJO, but is covered by Paragraph 5-21 in the AMLGNs. Paragraph 5-21 establishes the requirement, for all wire transfers including one-off transfers, that meaningful and accurate originator and beneficiary information be established for all outgoing funds transfers and related messages. The information must also remain with the transfer or message throughout the payment chain.

  • Criteria 5.2(d): While reporting is required under the CJO, the Terrorism Order 2001, and the Terrorism Ordinance 2005, none specifically indicate that identity must be checked when there are suspicions of money laundering or the financing of terrorism. The CJO does indicate that identity should be established when, in processing a one-off transaction, the person “handling the transaction knows or suspects that the applicant for business is engaged in money laundering.” However, this is not extended to all transactions. It is addressed in the AMLGNs as follows: “Identity must also be verified in all cases where money laundering is known, or suspected” (Paragraph 4-8). During the assessment, the FSC expanded the language across the entire AMLGNs to cover the financing of terrorism in Paragraph 4-8. This now covers the requirement for verification in all transactions where there is a suspicion.

  • Criteria 5.2(e): This criteria is not specifically addressed by the CJO, nor the AMLGNs. However, as part of the risk-based framework, while the FSC would expect an institution to undertake more extensive CDD efforts in this case, as it presents a higher level of risk the CJO (as it is a requirement which should be placed in law or regulation) should be amended to specifically cover the case of doubts as to the veracity or adequacy of the previously obtained customer identification data.

  • Criteria 5.5.2(b): This requirement covers the need to determine who are the natural persons who ultimately own or control the customer. While not in the CJO, this element is covered by Paragraph 4-54 of the AMLGNs, which indicates that the “principal requirement is to look behind a corporate entity to identify those who have ultimate control over the business and the company’s assets.”

  • Criteria 5.7: Ongoing due diligence is not captured in the CJO. The AMLGNs were updated during the assessment to better reflect the current practice within the industry of ongoing due diligence. Prior to the update, there was no explicit requirement of ongoing due diligence, but it was functionally necessary given the requirement to 1) know the customer and their expected levels of activity and 2) the requirement to report anything suspicious to the MLRO; the link between these elements is ongoing due diligence and this was confirmed during discussions with financial institutions. Paragraph 4-3 of the AMLGNs now indicate that “In order to be able to judge whether a transaction is or is not suspicious, institutions need to have a clear understanding of the business carried on by their customers. This must entail such ongoing monitoring of the business relationships, as is appropriate to the nature and scale of the business and the risks posed by the customer.”

In addition to these criteria, the AMLGNs provide the detail satisfying specific elements of Recommendation 5. The CJO requires that institutions provide “satisfactory evidence of their identity” and the AMLGNs expand on this issue to indicate that “the best identification documents possible should be obtained by the customer i.e. those that are most difficult to obtain illicitly.” This type of requirement needs to be in law or regulation. Specific requirements for natural persons are set out at AMLGN 4-23 to 4-41 and include the requirement to verify identity as well as to identify using a document providing photographic evidence of identity. Partnerships and unincorporated businesses are covered by Paragraph 4-55 which requires the verification of at least two partners or equivalent (for unincorporated businesses).

The fundamental notion that a financial institution knows the beneficial owner of the business relationship is established in Section 13 of the CJO. The AMLGNs expand on the statutory requirement, providing additional detail. Criteria 5.5.2(b), while not covered in the CJO, is covered in Paragraph 4-54 of the AMLGNs. Criteria 5.5.2(a) is satisfied through a series of requirements covered by Paragraphs 4-54 through 4-62 on requirements for “Bodies Corporate.” In this section of the AMLGNs, institutions are required to confirm that the company exists, to conduct company searches, to obtain information on all of the directors and all of the authorized signatories, and the beneficial owner(s) of the company. Where the beneficial owner(s) of the company differs from the major shareholders of the company, the institution must look at the shareholders as well. The overriding principle, however, goes back to Paragraph 4-54 where the institution must look at the ultimate control of the company and its assets and those that appear to exert significant influence over the affairs of the company.

Similarly, requirements for trusts and fiduciary accounts are set out in Paragraphs 4-57 to 4-74. The identities of the settlor, the trustee, and controllers who have the power to remove the trustee. For discretionary and non-Gibraltar based trusts, Paragraph 4-62 sets out measures which must be taken to identify the trust company or corporate service provider in line with requirements for natural or legal persons generally, together with the underlying principals (settlors, trustees) on whose behalf the applicant is acting.

Purpose and intended nature of the business relationship is captured in Paragraph 4-32 and 4-33 of the AMLGNs. As per Paragraph 4-32, institutions are required to establish the “anticipated level and nature of the activity to be undertaken” in the business relationship. This is further strengthened by 4-33, which sets the minimum requirements for all accounts. In this paragraph, institutions are required to record to a level of “plausible verifiability” the anticipated “level and nature of the activity that will be conducted.” For higher risk situations, institutions are required to independently verify the information.

Institutions are required to keep information up-to-date on its customers. Paragraph 4-35 states that “Once a business relationship has been established, reasonable steps should be taken by the institution to ensure that descriptive information is kept up to date as opportunities arise. It is important to emphasize that the customer identification process do not end at the point of application.” The paragraph also indicates that the extent to which information needs to be updated depends on the sector, the nature of the product or service being offered, and the level of personal contact with the customer. As a result, higher risk customers will be subject to more frequent updates than lower risk clients.

Criteria 5.8 to 5.12 deal with the risk-based approach to due diligence. Paragraph 4-21 indicates that “Institutions must therefore design and adapt their KYC processes and remediation processes using a risk-based methodology.” The risk-based methodology flows throughout the CDD process, but is best addressed by the AMLGNs in the areas of KYC and suspicious transaction reporting. The requirements for ongoing monitoring were weaker in the AMLGNs and, as a result, the FSC took steps to strengthen the language during the assessment. There is a provision in paragraph 4-101 that indicates that “Once an ongoing relationship has been established, any regular business undertaken for that customer should be assessed at regular intervals against the expected pattern of activity of the customer.” However, the new language is, in fact, a better reflection of current practice in the industry, as the private sector has programs in place for ongoing monitoring.

The foundation of the FSC’s risk-based framework for AML is that there is a minimum standard that all institutions must meet in terms of customer identification, customer verification and suspicious activity reporting. For customers that present a higher level of risk, enhanced levels of scrutiny and/or action will be required. With only limited exceptions (financially excluded, elderly, and students), there is no notion of “simplified” or “reduced” due diligence, only that higher risk customers will be asked more questions and there is a higher threshold for verification. The minimum standard for all customers is to obtain information (with appropriate documentary evidence) on the physical entity which covers the name, date of birth and unique identifier such as a registration number, the client’s address, the purpose and reason for establishing the business relationship, the anticipated level and nature of the activity that will be conducted, and the expected source of funds that will be used in the relationship. The requirements for the “financially excluded, elderly, and students” are that these individuals should not be precluded from obtaining banking services even if they do not “possess evidence of identity or address where they cannot reasonably be expected to do so” (Paragraph 4-50). However, in these cases, the institution is required to have internal procedures to address these situations and the procedures “must provide appropriate advice to staff on how identity can be confirmed in these exceptional circumstances.”

The AMLGNs are the primary source of guidance for institutions on the approach they must take and the obligations they must meet in designing their risk-based framework. Institutions are required to meet the standards identified in the AMLGNs or can be subject to sanctions.

For clients coming from jurisdictions that have not effectively applied the FATF Recommendations, institutions are required to first apply the baseline identification and verification requirements, necessary for all clients. There is no opportunity for reduced or simplified procedures. Then, in accordance with Paragraphs 4-155 to 4-159, institutions must consider the overall risk associated with a client from a jurisdiction that does not have “equivalent” AML legislation; equivalence is based on application of EU directives and FATF membership but makes clear that institutions must take their own views as to the risks and necessary mitigation policies and procedures. Language in these paragraphs was enhanced during the assessment to make this previous point clearer. In practice, it appears that the private sector scrutinizes clients based outside of Western Europe to a greater degree and several indicated there are certain jurisdictions that they will not deal with at all. This evidences that the institutions are, internally, determining who creates an unacceptable risk and cannot, therefore, be considered equivalent.

Identification procedures, including the capture of beneficial ownership information, must be completed “as soon as reasonably practicable after contact is first made between that person and an applicant for business concerning any particular business relationship” (CJO, Section 11(1)). The AMLGNs expand on this in Paragraphs 4-101 to 4-104. For example, in Paragraph 4-103, the FSC gives the example of telephone business, as follows: “It is acceptable to await settlement by an investor to ascertain whether the payment is made from an account held in the investor’s name. The proceeds of any dealing in an investment should not be remitted to the investor until identification is verified.” Overall, the AMLGNs indicate that institutions must make “every effort” to complete verification before settlements take place. The money-laundering risks in the cases where CDD procedures are not finalized must be managed.

Where criteria 5.3 to 5.5, which address identification information, cannot be obtained, the CJO in Section 11(1) indicates that “the business relationship or one-off transaction in question shall not proceed any further.” The AMLGNs created a slightly different standard in Paragraph 4-107, in that it allowed for the business to be authorized by a senior manager in exceptional circumstances where an individual could not produce evidence of identification. It is the FSC’s view that these “exceptional circumstances” tie back to the financially disadvantaged, elderly, or students, but this is not clear from the language. As a result, the FSC strengthened the language during the assessment and the revisions reflect that identity must still be verified, even in “exceptional circumstances.” It will be important for the FSC to review institutions’ policies and practices in this area to determine what has, to date, been identified as exceptional.

If the business is refused, as required under the CJO and AMLGNs, because adequate identification information cannot be supplied, there is a requirement under Paragraph 4-104 that “In these cases, the institution should consider whether these circumstances give rise to a requirement to make a disclosure to the GFIU.” This is new language, added by the FSC during the assessment. While the language meets the requirements of criteria 5.15, it is not clear if this is currently standard practice within the industry; the FSC should review this issue as part of their inspection program.

Paragraph 4-104 also covers those situations where the business has been entered into without the full CDD having been completed and identifies the responsibilities of the institution when it subsequently becomes apparent that the CDD information cannot be obtained. The basic requirement under CJO still is applicable and the institution must exit the business. But, in addition, transactions may need to be cancelled or frozen and a report to the FIU may be needed if the circumstances of the transaction look abnormal or suspicious.

The FSC, through the AMLGNs, have required that institutions review all their existing accounts, identify missing documentation, and take steps to remediate those situations. This remediation has been a significant exercise and has covered all of the accounts that were in existence before the AMLGNs went into effect.

Criteria 5.18 requires that that financial institutions “perform CDD measures on existing customers if they are customers to whom Criterion 5.1 applies.” In Gibraltar, there are no anonymous or fictitious accounts, so this is not applicable.

Overall, the industry appears to follow the AMLGNs in the area of customer due diligence and the level of understanding of the standards is strong. As is typical, however, knowledge and understanding appeared strongest in the banking sector and weaker in the investment and insurance sectors. Some company service providers also showed a weaker understanding of the standards. For many institutions, the main focus is on protecting the reputation of Gibraltar in the areas of the provision of financial services, so the level of due diligence is considered acceptably high. The FSC has identified, through its on-site programs, areas where there are weaknesses and these are being addressed through ongoing vigilance with the affected institutions.

Outside of the FSC licensees, the Gibraltar Savings Bank and the bureaux de change also appear aware of the requirements and are applying them. However, the level of effectiveness is harder to judge on these entities, as they do not appear to be subject to strong supervisory efforts in the area of the AMLGNs. The authorities need to consider whether bureaux de change are keeping records that would allow both the licensees themselves and a competent authority the ability to determine linked transactions that could add up to over €15,000, as well as individual transactions over that amount. It appears that these transactions are very rare, and it does appear that most bureaux de change ask for identification information below the €15,000 mark, but the extent to which the transactions can be easily or readily identified and reviewed is unclear.

For the one stand-alone money transmitter, it does appear that identification procedures are being implemented on a self-regulated basis. However, because of the lack of appropriate licensing or regulatory framework, it is not clear how effective the efforts of this entity have been vis-à-vis the AMLGNs.

R. 6

PEPs are not covered specifically under the CJO, as this contains simply the broad provision requiring identification of customers (Section 15). However, PEPs are addressed in Part IV, Sections 4-87 to 4-92, in the AMLGNs. There is no set definition of PEPs in the CJO, but there is a discussion of what makes up a PEP in the AMLGNs. In Section 4-87, PEPs are considered as those who hold “important public positions” as well as those “persons or companies clearly related to them” and include “heads of state, ministers, high-level civil servants, judges, military commanders, and directors or managers of public enterprises.” There is no differentiation between domestic or foreign PEPs in the AMLGNs.

The AMLGNs include a series of requirements that must be met by all financial institutions in Gibraltar. Among the requirements, institutions must adopt systems of control to reduce the risks associated with establishing and maintaining business relationships with PEPs by taking several specific measures including:

  • Developing clear policy and internal guidelines, procedures and controls regarding PEPs;

  • Maintaining appropriate risk management systems to determine whether a potential customer is a PEP;

  • Ensuring that the decision to enter into business with PEPs is taken by senior management;

  • Proactively monitoring of the activity on PEP accounts so that any changes are detected and evaluated;

  • Paying close attention to receipts of large sums from government bodies, state-owned activities or government and central bank accounts;

  • Assessing which countries are more vulnerable to corruption; and

  • Applying additional monitoring to customers from high-risk countries whose line of business is more vulnerable to corruption.

There are several sections of the AMLGNs that touch on reasonable measures to identify the source of wealth and the source of funds. Section 4-33 requires that information on the expected source of funds that will be used in the relationship be collected and verified. Verification will be to a level of “plausible verifiability” for low risk cases and independently verified for higher risk cases. The requirement to capture source of wealth information is covered under Section 4-36. Beneficial ownership checks are required for all accounts, not just PEP accounts. The AMLGNs state (Section 4-54) that “The principal requirement is to look behind a corporate entity to identify those who have ultimate control over the business and the company’s assets, with particular attention being paid to any shareholders or others who exercise a significant influence over the affairs of the company.”

PEP requirements are well understood in Gibraltar by the banking institutions. This is in part due to the strong links with the parent companies for all but one (the only local bank) of the banks in Gibraltar. These institutions receive instructions from the parent institutions on PEP accounts, all of which are as strong or stronger than the AMLGNs. In some cases, approval to enter into a business relationship with a PEP must be granted at the parent company level, with the Gibraltar office making a recommendation.

PEPs requirements were also understood, but to a lesser degree, in the investment and insurance sectors. These sectors are not receiving the same kind of information that the branches and subsidiaries of major European banks have received. In addition, it was not clear that all of these institutions had the capacity to conduct PEP checks with their existing infrastructure.

While the bureaux de change are subject to the requirements of the AMLGNs, it does not appear that these entities have the capacity to check for PEP clients. As there is only minimal oversight of the bureaux de change generally and apparently no sampling of accounts as part of that oversight, it is not possible to determine if PEPs are part of the bureaux de change routine KYC procedures.

The Gibraltar Savings Bank, a state-owned savings bank, is subject to the AMLGNs, but it does not appear that PEP checks are being conducted on clients. The risk of a PEP client seems quite low for the GSB, as the side of the bank that accepts funds for deposits is typically receiving them as pension money from the government and the side that is directly taking savings for deposits is dealing with very small amounts of money. However, policies and procedures should be in place to ensure that appropriate checks are done, as necessary.

R. 7

Correspondent banking relationships in Gibraltar are extremely limited. The nature of the banking sector in Gibraltar makes it more feasible for most Gibraltar banks to route payments through the parent bank, rather than setting up their own correspondent relationships. In essence, there were two types of correspondent relationships identified during the assessment. One type, that several banks have in place, is a relationship to conduct business for the bank itself; a conduit for purchasing of currency was the primary example cited. The second arrangement, of which the FSC indicated there was only one, is between a Moroccan bank with a branch in Gibraltar and an EU-based Gibraltar bank. The arrangement between these two institutions was established so that the branch could take deposits from local Moroccan workers and provide them to the EU-based Gibraltar bank to transfer to these workers accounts in the main office of the Morocco bank; the local branch of the Moroccan bank does not have the capacity to make the transfers directly. The EU-based bank receives all the names of the clients that it is transferring funds for and the funds that enter into the local branch must come from either the Department of Defense or the government of Gibraltar as either salary or pension money. This arrangement was described to assessors as a unique one, created to serve the needs of local workers who are sending money home. The amount of transfer per worker is approximately US$200-US$300.

The AMLGNs indicate that transactions conducted through correspondent relationships need to be monitored according to perceived risk. Institutions with correspondent relationships are required to create “Know Your Correspondent” procedures to determine if the correspondent bank is regulated for money laundering as well as to understand whether the correspondent is required to verify the identity of the customers to FATF standards. Other requirements under the AMLGN (4-93 to 4-100) include the need for financial institutions to: assess the AML/CFT controls of the respondent institution and make a determination about effectiveness; obtain senior management approval of the relationship before it is set up; document the AML/CFT responsibilities for both institutions; monitor the volume and nature of transactions flowing from high risk jurisdictions; and terminate relationships with correspondents who do not provide satisfactory answers to reasonable enquiries on customer identification or suspicious transactions.

The AMLGNs did not address Criteria 7.1 specifically, which looks to ensure that the bank has gathered sufficient information about a respondent institution “to understand fully the nature of the respondent’s business and to determine” whether it has been subject to any actions related to AML/CFT. The FSC amended the AMLGNs during the assessment to indicate that “Additionally the institution must gather sufficient information about the respondent’s business and to determine from publicly available information the reputation of the institution and the quality of supervision including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action.” While the FSC believes this change has no immediate impact, as institutions should have already been gathering this information, it should be noted assessors were informed that the correspondent arrangements in place are long-standing ones and it will be important to ensure that the banks did gather this type of information when the relationships were originally established. If not, the information will need to be obtained.

The AMLGNs address payable through accounts in Paragraph 4-98. The requirements were strengthened during the assessment with the addition of a sentence indicating that “the institution must be satisfied that the respondent institution is able to provide KYC documentation on the underlying customer, upon request.” According to the authorities, there are no payable through accounts and this was confirmed in discussions with the private sector. This is in large part due to the exceptionally limited availability of direct correspondent relationships between banks in Gibraltar and their counterparts elsewhere.

R. 8

The AMLGNs were revised during the assessment to address provisions related to new technologies. The AMLGNS, described below, had addressed internet services and telephone banking, but there was no general statement about other technologies. The new language, in Paragraph 1-29, indicates that “With the growth in new technologies, like e-money, care must be undertaken to treat such payment systems in much the same manner as cash and therefore the susceptibility of the sector to placement and layering risks of money laundering and terrorist financing.” While most of the discussion on postal and telephone banking describe exemptions to the standard KYC responsibilities, the paragraphs on internet banking are more robust. These paragraphs discuss the risks associated with internet banking and indicate that institutions should implement procedures to “establish and authenticate customer identity.” In addition, monitoring is covered. Paragraph 4-154 states that “Institutions should consider regular monitoring of transactions over the internet.” The lack of requirement in this area was raised with the FSC, which removed “should consider” and made it a requirement during the assessment.

These changes are important because internet banking and trading appears to be a growth area in Gibraltar and the FSC has the ability to approve e-money licenses. Most of the internet services are being offered through the platform developed by the parent bank. Internet banking, like internet trading, is still in the nascent stages in Gibraltar.

With respect to non-face-to-face business relationships, the CJO does not differentiate between these relationships and the standard face-to-face business relationships. Instead, the “evidence of identity” is satisfied if the institution can reasonably establish that the applicant is who he claims to be. Despite the lack of specific provisions for non-face-to-face relationships, there is a specific provision in the CJO exempting institutions from completing the KYC information in Section 12(1). This section covers those cases where 1) customer identification efforts are required and 2) the payment and details are sent by post or any other electronic means, including the details furnished via telephone. Evidence of identity is satisfied if, in that case, the payment is debited from an account held in the applicant’s name at an institution; institution means either a Gibraltar or EU credit institution. The only exception where this would not apply is if the institutions suspects money laundering or if the payment is for the purposes of opening up an account in the institution.

The exception in 12(1) of the CJO matches exactly what is permitted under the first EU AML Directive. In Article 11 of that Directive, evidence of identity is satisfied “by requiring that the first payment of the operations is carried out through an account opened in the customer’s name with a credit institution subject to this Directive.”

While there is no concern about this exemption, the issue arises in how the CJO language was translated in the AMLGNs. The AMLGNs repeat almost exactly the exemption language found in both the CJO and the EU Directive. However, there is one significant difference. Evidence of identity is satisfied when the payment is made from one account to an account in another institution, provided it is in the customer’s name. However, Paragraph 4-148 goes on to say that “Where the payment is made either by check or by other means, and where the account name from which the funds are to be debited is not apparent, or has not been provided by the originating credit institution, confirmation of the account holder may be obtained in a variety of ways.” The last bullet covering the “variety of ways” indicates that “as a last resort, by contacting the bank, building society, or debit card issuer concerned to seek confirmation of the name(s) in which the account is held from which the payment is to be debited. However, it should be noted that in the absence of a specific authorization from the customer, a bank or building society may refuse to identify the account holder on the grounds of confidentiality.” This language is problematic in that it does not conform to the CJO and the EU Directive requirements and, more importantly, it creates a significant gap that would allow for payments to be made by post or telephone without adequate checks on identification.

The FSC acknowledged the issue during the assessment and noted that the provision applies to only a small subset of account types (passbook accounts). New language was created and applied to the AMLGNs that removes this loophole and ensures that evidence of identity is required either directly, or as permitted by the CJO. The FSC will also need to ensure that the industry understands this new language and is in compliance with the new standard as it moves forward with its supervisory program.

Another exemption in the AMLGNs applies to non-written applications, more commonly known as telephone or electronic orders. This is covered in Paragraph 4-151. In the case of non-written applications, institutions are allowed to avoid conducting KYC on a client by using a certification process. During the assessment, the FSC repealed this paragraph.

Several other details, covered by the AMLGNs, are important to the issue of non-face-to-face customers. The AMLGNs address non-face-to-face situations in a series of paragraphs in Part IV. Unlike the CJO, which is silent on KYC for non-face-to-face relationships, Paragraph 4-43 indicates the following: “Where there is no face-to-face contact, and photographic identification would clearly be inappropriate, procedures to identify and authenticate the customer should ensure that there is sufficient evidence, either documentary or electronic, to confirm address and personal identity. At least one additional check must be undertaken to guard against impersonation.” This section clearly identifies the specific and effective procedures that must be followed for non-face-to-face customers. New language was added by the FSC to the AMLGNs during the assessment to more specifically address monitoring, focusing on the need to ensure that monitoring is sufficient given the risks presented by the customer. This would include non-face-to-face customers.

The bureaux de change and the Gibraltar Savings Bank are subject to the AMLGNs so they too will be impacted by the changes. While the risk of non-face-to-face transactions and new technology seem low for both entities, it does not appear that they are addressing these issues, nor is there sufficient supervisory checks of either entity on these issues. Money transmitters are not subject to any oversight, so it is unlikely that there are any controls in place to address risks associated with new technologies or non-face-to-face transactions.

Recommendations and comments

  • Prohibit anonymous and fictitious accounts in law or regulation;

  • Address, in law or regulation, the need to undertake customer due diligence when: carrying out occasional transactions that are wire transfers; there is a suspicion of money laundering or terrorist financing; and the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data;

  • Require through law or regulation that the financial institution determine the natural person who ultimately owns or controls the customer, when the customer is a legal person or arrangement;

  • Address, in law or regulation, the requirement for financial institutions to conduct ongoing due diligence on its business relationships;

  • Determine if institutions, having refused business because full KYC information was not provided, have provided STR reports to the GFIU;

  • Ensure that bureaux de change, the Gibraltar Savings Bank, and money transmitters are subject to and implementing PEP requirements;

  • Review existing correspondent banking arrangements to ensure that the institution has gathered sufficient information on the reputation and supervisory arrangements for the respondent;

  • Ensure that bureaux de change, the Gibraltar Savings Bank, and money transmitters are looking at the risks associated with new technologies;

  • Ensure effective implementation of the new language in the AMLGNs requiring that institutions carefully consider the risks associated with new technologies;

  • Generally review the AMLGNs for language and tone which may read as permissive or informational in places.

article image

2.3. Third parties and introduced business (R.9)

Description and analysis

The FSC has defined its overriding principle on KYC as “every institution must know who their customers are, and have the necessary documentary evidence to verify this,” covered in Paragraph 4-3 of the AMLGNs. However, there are exceptions permitted in the case of intermediaries and these stem from the EU’s Third Money Laundering Directive. The exceptions are covered under Paragraphs 4-85 and 4-86 of the AMLGNs. For introducers or other third parties, there are no exceptions and the requirements for these entities are covered under Paragraphs 4-119 through 4-126 of the AMLGNs.

Beginning with intermediaries, it is important to note that the some, but not all elements of the Third EU Directive have been transposed into Gibraltar law; EU members have until December 2007 to complete the transposition process. The Directive clearly permits a certain level of reliance on intermediaries (Article 11), but it has equally built in controls for this type of activity. In the AMLGNs, the FSC permits the reliance on the intermediaries, but has not adequately built in the controls identified in both the Directive and FATF Recommendation 9. Specifically, controls relative to reliance on pooled accounts operated by a certain class of intermediaries have not been established.

There are differences between the EU Directive and the AMLGNs in the area of intermediaries, which are problematic. The most significant one is on the overriding principle when dealing with an intermediary. Article 14 of the Directive states that “the ultimate responsibility for meeting those requirements (customer due diligence requirements) shall remain with the institution or persons covered by this Directive which relies on the third party.” This is in contrast to the position taken in the AMLGNs in Paragraph 4-85, which indicates that “In each case, it is the intermediary who is the institution’s customer.”

A second issue is related to the process for determining whether a client falls into that approved intermediary status. This is required under Article 11(3) of the Directive, which indicates that “institutions and persons covered by this Directive shall in any case gather sufficient information to establish if the customer qualifies for an exemption as mentioned in these paragraphs.” “Customer” in this case means the intermediary financial institution or entity. Process is an issue raised in Recommendation 9 in two of the criteria (9.3 and 9.4). However, the AMLGNs are largely silent as to process, except in two of the intermediary scenarios identified in Paragraph 4-86 where the institutions obtains a “general undertaking” from the third party, with no requirement to do anything further in the intermediary relationship.

There is also a difference in terms of the requirement for access to information on the underlying client by the intermediary. Information is required on the underlying customer in certain circumstances under FATF Recommendation 9 (see criteria 9.1 and 9.2). It also will be required by the Third EU Directive in Article 18. The information must be available upon request of the institution. The AMLGNs do not provide for this in any of the scenarios identified in Paragraph 4-85.

There is a specific concern about the fourth scenario; this was addressed during the assessment. Originally, this scenario indicated that an intermediary (with no specification as to type of intermediary) from a country without equivalent money-laundering legislation could conduct the due diligence on the underlying clients for the institution. The institution was required to take “reasonable measures” to verify the identity of the underlying client, but could also just rely on a “general undertaking in writing” indicating that the intermediary has done the due diligence on the client. The language was revised to indicate that “The intermediary is from a country without equivalent money-laundering legislation. Where the intermediary is not from an equivalent jurisdiction it is clear that the exemptions provided for in Section 13 of the Criminal Justice Ordinance do not apply, and as a result, there is a requirement to verify the identity of the underlying customers. The institution may not rely on the general assurance from the intermediary that KYC has been conducted by them.” It is not clear to what extent this scenario was used by institutions prior to the revision during the assessment but the team was advised of instances where it had been relied upon.

Overall, it appears that the AMLGNs have incorporated the provisions allowing reduced CDD for accounts opened by intermediaries without establishing the proper controls, as identified in both the FATF 40, as well as the EU Third Directive on AML. These controls will need to be established.

Introduced business is treated, within the AMLGNs, very differently than intermediary relationships. Introduced business represents a significant component of the financial services business in Gibraltar and the FSC has established a high level of control through the AMLGNs. During discussions with the private sector, all indicated that introductions are a key way of securing business; this included introductions between Gibraltar service providers, as well as from introducers outside of Gibraltar.

The FSC has developed stringent requirements that must be followed by institutions that rely on introducers. At the heart of the requirements is Paragraph 4-119, which requires institutions to have copies of all the documentation or ready access to that documentation.

Gibraltar has a four part test to determine if an entity is an eligible introducer. Entities must meet all four conditions. These conditions are: the entity must be regulated by the FSC or an equivalent institution if it carries on business outside of Gibraltar; it must be subject to equivalent or more stringent AML legislation than Gibraltar; it must be based in Gibraltar or a country that has an equivalent AML regime; and there must be no secrecy or other obstacles which would prevent the Gibraltar institution from obtaining the original documentation when necessary. Paragraph 4-122 also requires institutions to look carefully at institutions outside of Gibraltar to ensure they meet the eligible introducer standards, as “some activities are regulated by professional bodies and not by a public or quasi public regulatory body.”

In addition to satisfying the criteria, the eligible introducer must also provide the institution with the certificate in Appendix F of the AMLGNs; this is done for every account that is introduced by the eligible introducer and a business relationship may not begin until the institution has received the Certificate. The Applicant Introduction Certificate requires information on the introducer itself (name and license/authorization) and certifies that the introducer has “verified the identity of the Applicant and confirm that documentary evidence has been obtained and identity checks have been undertaken to confirm that the applicant(s) name(s) and address(es) as shown on the Applicant Form(s) is correct.” The form also requires that the introducer certify that the applicant is “applying on his/her own behalf and not as a nominee, trustee or in a fiduciary capacity for any other person.” Copies of the documentation on the client are then included with the form when it is provided to the financial institution.

Eligible introducers, once they have satisfied the criteria, may complete KYC requirements for Gibraltar financial institutions. According to 4-123, the Gibraltar financial institution must “simply obtain copies of the relevant documentation rather than be required to see the original documentation.”

Recommendations and comments

  • Require financial institutions relying on intermediaries to immediately obtain from that intermediary information on the identity of the customer, and beneficial owner of the account and the legal status of legal persons or arrangements. Beneficial ownership requirements should be included in law or regulation;

  • Require that financial institutions have access, without delay, to the identification or other relevant documentation housed with the intermediaries;

  • Require that institutions have processes to assess whether or not an institution within the EU may be accepted as an intermediary; and

  • Determine to what extent the industry has been allowing intermediaries under the fourth scenario of the AMLGNs (Paragraph 4-85) and ensure that all institutions are now obtaining the appropriate due diligence information.

Ensure that the ultimate responsibility for customer identification and verification remains with the financial institution relying on the third party.

article image

2.4. Financial institution secrecy or confidentiality (R.4)

Description and analysis

There is no statutory secrecy law in Gibraltar. Banking confidentiality in Gibraltar is governed by the general principle at Common Law as applicable in the United Kingdom, i.e., a bank owes a legal duty of confidentiality to its client arising out of a contract. This duty is not absolute, but qualified by over-riding duties, one of which is the duty of a bank to comply with the law. If it is the duty of a bank, whether at common law or under statute to disclose confidential information in defined circumstances, then the bank must do so, and any express contract to the contrary is illegal and void. The disclosure provisions in the CJO, DTOO, TO and UN Order regarding the requirement to file suspicious transaction reports are examples of statutory disclosure obligations which override the duty of confidentiality owed to the client. Furthermore, under Section 60 of the Banking Ordinance, Section 98 of the Insurance Companies Ordinance and Sections 32-38 of the Financial Services Ordinance 1989, the Commissioner of the FSC has the right to request information from any licensee in order to provide it to a requesting body.

There is a three part test that is required before the commissioner can send information to another regulatory body. He must satisfy himself that the requesting body performs a function similar to his own, the disclosure is necessary to assist the requesting body and it is in the interests of the public of Gibraltar that he should disclose it to the requesting body. The above test has been set out by Mr. Justice Glidewell of the Gibraltar Court of Appeal in the case of the Queen (on the application of a Gibraltar company, X, Y, and Z and other respondents) (2003). He may then send information to the requesting authority.

In practice, the commissioner has provided information to a number of regulatory authorities in recent years. See discussion at Recommendation 40 for details. Furthermore, the FSC regularly visits the licensees under the banking, insurance and financial services ordinances in order to monitor the licensees and is permitted to review files for compliance with customer due diligence and record keeping requirements.

Recommendations and comments

article image

2.5. Record keeping and wire transfer rules (R.10 & SR.VII)

Description and analysis

R. 10

Record keeping requirements are identified in CJO Sections 16 and 17. Records must be kept for five years. The five year window begins at different stages depending on the type of transaction or situation with the account. For example, for most transactions, it is five years from the time the business was completed. The five years begins from the time insolvency proceedings began on a client. In addition, where an account has not been closed, but becomes inactive or dormant, then the five years begins from the point at which the last activity and transactions in the account took place. The CJO requires both identification records and transaction information be maintained by the financial institution. However, as required under criteria 10.2, there is no requirement in law or regulation that business correspondence be retained.

Another requirement that must be captured in law or regulation is under 10.3 of the Methodology, which states that “Financial institutions should be required to ensure that all customer and transaction records and information are available on a timely basis to domestic competent authorities upon appropriate authority.” This requirement is not addressed in the CJO, but is covered in Paragraph 5-4 of the AMLGNs. The paragraph requires that records are maintained such that “the institution can satisfy within a reasonable time any enquiries or court orders from the appropriate authorities as to disclosure of information.” The authorities should address this requirement in law or regulation.

While the primary responsibilities for record keeping are established in the CJO, these requirements are expanded in the AMLGNs in Part V, Sections 5-1 to 5-19. The AMLGNs state the purpose for the maintenance of the records, which includes: to ensure that the legislation is met; to ensure that competent third parties will be able to assess the institution’s observance of money-laundering policies and procedures; to ensure that any transaction effected by the institution can be reconstructed; and to ensure that the institution can satisfy any court orders in a reasonable period of time and provide the authorities with the information needed. Records relating to verification of identification must be kept in Gibraltar, but otherwise it is not prescribed where the records will be kept; the key in the AMLGNs is that the records are rapidly and easily retrievable. Section 5-18 states that access to documents held outside of Gibraltar must not be impeded by confidentiality or data protection restrictions. In discussions with the private sector, all indicated that their KYC and transaction records are kept in Gibraltar.

Another important aspect of record keeping involves the requirements if an investigation is launched. Paragraph 5-36 of the AMLGNs states that “Where an institution has submitted a report of suspicious activity to the GFIU…or where it knows that a client or transaction is under investigation, it should not destroy any relevant records without the agreement of the authorities even though the five year limit may have been reached.”

The AMLGNs are more detailed than the CJO. For example, Section 5-10 establishes the types of records that should be kept for transactions. This includes: the name and address of the customer; the name of the counterparty; what the transaction was used for, including the price and size; whether the transaction was a purchase or sale; the form of instruction or authority; and the account details from which the funds were paid. These are all components that would greatly assist law enforcement in the event that a transaction needs to be reviewed.

Section 1-26 provides additional emphasis on the record keeping requirements for insurance and investment product providers. This section indicates that these intermediaries should “keep transaction records that are comprehensive enough to establish an audit trail.”

There is one point of confusion vis-à-vis record keeping requirements. Section 17(2) of the CJO contains a provision that has implications for a specific aspect of record keeping requirements, but when asked, the government was unable to provide an interpretation of this confusing passage. The provision covers responsibilities of the “principal” and the “servant or agent.” This provision should either be redrafted to be understandable or repealed. The Legislation Support Unit indicated that this provision is in need of repeal. Practically, it does not appear to have any impact on record keeping in financial institutions, as it cannot easily be interpreted to restrict record keeping requirements.

The record keeping requirements are applicable to all financial institutions and appear to be well understood by the banking, insurance, and investment licensees. It was not clear, however, that these requirements were understood or followed by the bureaux de change and the stand-alone money transmitter. The lack of proper oversight of these two entities also raise doubts as to the extent to which appropriate records are being retained.

SR. VII

The requirements for SR VII are addressed by the AMLGNs. The AMLGNs apply to banks and money transmission/remittance offices. The banks, which conduct the majority of the wire transfer activity in Gibraltar, are supervised by the FSC. The FSC supervises the institutions using on-site visits and off-site analysis. Where a bank offers money or wire transfer services, the FSC would include those activities in the scope of its supervisory program, using the AMLGNs as the underlying framework. However, there is one money transfer agent that is outside of a bank. This company is not regulated or supervised in Gibraltar. So, while the agent is subject to the AMLGNs, there are no checks for or mechanisms to ensure compliance with the standards. The requirements for wire transfer activity are covered under Part V, Paragraphs 5-20 through 5-35 in the AMLGNs.

There is no de minimus threshold set for the wire transfer activities; the requirements in the AMLGNs cover all transactions. The AMLGNs require that financial businesses that engage in wire transfer activity are required to include accurate and meaningful originator and beneficiary information on all outgoing funds transfers and related messages that are sent. The information must remain with the transfer or related message throughout the payment chain. In addition, Paragraphs 5-22 requires that institutions “should have effective risk-based procedures to identify wire transfers lacking complete originator information.”

Domestic wire transfers must also include originator information. However, the originator information does not need to be with the wire if it can be made available to the beneficiary institution and the authorities by other means. In those instances, the originating institution needs to provide either an account number or unique identifier with the wire. Paragraph 5-30 requires that the ordering information be made available within five business days of receiving the request either from the beneficiary financial institutions or the authorities. The FSC noted that while they recognized the FATF standards is three days, it has been extended to five days, as most Gibraltar institutions (using their parent institutions for this service) would need the extra days to obtain the ordering information. While it can be accessed in some cases in three days, four or five is more typical. As a result, the AMLGNs have been developed to reflect this situation. It is important to note, however, that the ordering information can be accessed in these cases.

Cross-border transfers are covered in Paragraph 5-26 of the AMLGNs and require that institutions ensure that cross-border wire transfers always contain the name of the originator and, where applicable, the number of the account. Where there is no account number, a unique identifier number is required. Paragraph 5-27 also requires that the address of the originator be included; this may be substituted with a “national identity number, customer identification number, or date and place of birth.”

The AMLGNs require that for both cross-border and domestic wire transfers, financial institutions processing an intermediary step of a chain of wire transfers must ensure that all originator information that accompanied the wire transfer, remains with it. This is addressed in Paragraph 5-33. In addition, Paragraph 5-35 indicates that if there is a lack of complete originator information, the financial institution must consider whether the wire transfer or the related transaction is suspicious and merits a report to the GFIU. The section also indicates that the financial institution should consider restricting or terminating its business relationship with institutions that do not meet the wire transfer standards.

The ability to sanction a financial institution applies in the same manner for breaches of the AMLGNs on wire transfers, as it does for any other breach of the AMLGNs.

The AMLGNs did not contain any provisions on non-routine batch transactions. During the assessment, however, the FSC added language that prohibits the batching of non-routine transactions. The FSC does not believe that its licensees currently batch these types of transactions.

Recommendations and comments

  • Address the confusion related to Section 17(2) of the CJO, ideally through repeal of the passage;

  • Address, in law or regulation, that business correspondence must also be retained (in addition to the requirements for identification and transaction records);

  • Address, in law or regulation, the requirement that institutions maintain their records in a way that they are able to provide information to the appropriate authorities on a timely basis when appropriately authorized to do so; and

  • Verify that bureaux de change and the stand-alone money transmitter are effectively implementing the record keeping requirements.

article image

Unusual and suspicious transactions

2.6. Monitoring of transactions and relationships (R.11 & 21)

Description and analysis

R. 11

The FSC takes a risk-based approach to AML/CFT, which is reflected in the AMLGNs. As a result, there is relatively limited guidance on the specific types of transactions that must be reviewed. Instead, the focus is on identifying suspicious transactions and activities and taking appropriate actions vis-à-vis those risks. However, during the assessment, the FSC added the following passage to Paragraph 4-22 of the AMLGNs: “Institutions must pay special attention to all complex, unusual transactions or patterns that have no apparent economic or lawful purpose.” It is the view of the FSC that, by virtue of the required risk-based program, institutions should already be monitoring and paying special attention to these transactions.

Paragraph 6-2 of the AMLGNs highlight four questions that financial institutions “must consider when determining whether an established customer’s transaction” might be considered suspicious. These four questions are:

  • Is the size of the transaction consistent with the normal activities of the customer?

  • Is the transaction rational in the context of the customer’s business or personal activities?

  • Has the pattern of transactions conducted by the customer changed?

  • Where the transaction is international in nature, does the customer have any obvious reason for conducting business with the other country involved?

To the extent that responses to the four questions generate the need for further investigation, financial institution employees must report these suspicions to the MLRO. Section 6-25 requires that all suspicions that are reported, must be documented. The documentation must include the full details of the customer and a statement regarding what has given rise to the suspicions. The MLRO will acknowledge receipt of the report. The MLRO, per Paragraphs 6-18 and 6-19, is then required to review the transaction and take steps to “validate the suspicion in order to judge whether or not a report should be submitted to the GFIU.” A written record of the findings from that review, including the reasoning for submitting or not submitting the report to the GFIU must be maintained.

Paragraph 6-28 requires that records of the suspicions raised internally to the MLRO be maintained for five years, including those records that were not disclosed to the authorities.

Where the answer to those four questions does not yield any concerns or issues, there is no requirement in the AMLGNs to investigate further. As a result, there will be no paper trail. This is a reasonable approach and one that corresponds to the parameters of a risk-based system.

R. 21

The AMLGNs contain requirements regarding dealings with relationships and transactions with persons from countries with insufficient AML measures and systems. This is a key issue in Gibraltar, as the vast majority of its financial business comes from clients residing outside of Gibraltar. It must be noted, however, that the current focus is on AML in this section; the FSC plans to extend the provisions to TF, but this has not yet been done.

The FSC uses the concept of equivalency when it looks at money-laundering standards, procedures and regulations. This is addressed under Part IV, Section 4-155 through 4-159, in the AMLGNs, with the actual list of “equivalent jurisdictions” in Appendix E. In essence, equivalency is defined by a series of categories. Guernsey, Jersey, and Isle of Man are one category; non-EU member countries, non-FATF member countries, dependencies of the UK, and all three have issued all-crimes anti-money-laundering measures that Gibraltar considers in-line with its measures. Other equivalent jurisdictions would include EU member states and FATF members. Appendix E is periodically updated by the FSC to reflect changes by the FATF to the NCCT list or as other related country risk issues arise.

Paragraph 4-158 and Appendix E of the AMLGNs are both caveated by the FSC in terms of recognizing that institutions must do their own due diligence and ultimately decide who is equivalent. The FSC revised the language during the assessment to make it clearer in the AMLGNs. The new language, in Paragraph 4-159, is as follows: “Although the notes provide a list of equivalent jurisdictions in Appendix E this does not exonerate the institution from arriving at its own view of individual jurisdictions, as to equivalency, from the information available from the public sources mentioned above. In arriving at this view, each institution must also give consideration and implement such additional measures as are necessary to mitigate risks that arise from dealings with countries not having equivalence status.” This is a reflection of current practice in the institutions that the assessment team met with.

It is important to understand the ramifications of being deemed an equivalent jurisdiction. In practical terms, it has a very narrow application. If a credit or financial institution comes from a jurisdiction deemed as equivalent, this means that identification evidence will not be required. However, that is not the case of other clients from equivalent jurisdictions, as the AMLGNs still require full KYC to be done on the client. Equivalency, in those cases, is a factor in the risk assessment. Similarly, for all clients coming from non-equivalent jurisdictions, full KYC, including complete documentation will be required and the non-equivalency status will be a factor when determining the level of monitoring. NCCT countries are specifically identified and institutions dealing with those jurisdictions are instructed to develop their internal processes to ensure that there are additional monitoring procedures for transactions from those countries.

In addition to the general requirements on equivalency, the AMLGNs address some specific cases where equivalency must be considered. For trusts, Section 4-69 of the AMLGNs indicates that trusts, special purpose vehicles or international business companies connected to trusts that are “created in jurisdictions without equivalent money-laundering procedures in place will warrant additional enquiry.”

Eligible introducers are also assessed on the basis of the jurisdiction they are from and the supervisory structure they are subject to. Section 4-121 defines the criteria that eligible introducers must meet for considerations. The criteria include being “based in Gibraltar or a country which has an equivalent anti-money-laundering regime.”

The AMLGNs address the reporting of unusual transactions on the basis of the transaction itself; the requirement is not specific as to whether it is unusual because of its size or its country of origination. In Paragraphs 6-18 and 6-19, there are requirements that the MLRO both review and examine the report that has been made on a suspicious transaction and to keep a written record of the findings of the review, including the reason for deciding to send or not send the information to the GFIU.

Gibraltar does not apply specific countermeasures to countries which do not adequately apply the FATF standards, but rather relies on its risk-based program to ensure that their financial institutions understand the risks of dealing with these countries and design adequate programs to address those risks. At the country level, the UK would first apply any sanctions against specific countries; those sanctions would then be extended to Gibraltar.

Given the lack of effective oversight of the bureaux de change and the complete lack of oversight of the stand-alone money transmitter, it is not clear that these entities have implemented or even have the capacity to implement a risk-based program designed to identify “equivalent” jurisdictions.

Recommendations and comments

Comments

While the FSC has not covered criteria 11.2 and 11.3 for those cases where there is a large or complex transaction but no concerns or suspicions arise they do cover them when there is a concern or a suspicion. In those cases, the MLRO will be informed, there will be reviews done on the transactions and the records will be retained for five years. Although FATF requirements do not distinguish between large and complex transactions that raise suspicion and all other large and complex transactions, the key risks stem from the former and the FSC is addressing those appropriately.

Recommendations

  • Ensure that bureaux de change and the stand-alone money transmitter are applying risk-based procedures for relationships and transactions coming from persons outside of Gibraltar, who may not be subject to equivalent AML/CFT requirements; and

  • Extend the discussion on equivalency to include considerations related to TF.

article image

2.7. Suspicious transaction reports and other reporting (R.13, 14, 19, 25 & SR.IV)

Description and analysis

R. 13

The CJO establishes the basic requirements for reporting of suspicious transactions in the area of money laundering. In Section 8, the CJO defines “relevant financial business” which includes the following types of entities: banks, the Gibraltar Savings Bank, investment business, insurance firms, auditors, external accountants, tax advisors, real estate agents, notaries and other independent legal professionals, controlled activities (company formation and trust service providers), dealers in high value goods, casinos, currency exchange offices and bureaux de change, and money transmission/remittance offices. This definition is important because the basic obligation to report a suspicious transaction applies to those persons that undertake “relevant financial business.” In those situations, Section 2A (1) indicates that where the person “knows or suspects that another person is engaged in money laundering; the information or other matter, on which that knowledge or suspicion is based came to his attention in the course of his trade, profession, business or employment; and he does not disclose the information or other matter to a customs or police officer as soon as is reasonably practicable after it comes to his attention, he is guilty of an offence.” There is no threshold established in the CJO, so reports must be made regardless of the size of the transaction.

Section 57 of the Drug Trafficking Offences Ordinance (DTOO) includes a substantially identical provision requiring reporting of suspected drug money laundering. Drug is defined with reference to DTOO provisions on concealing or transferring proceeds of drug trafficking (Section 54), assisting another person to retain the benefit of drug trafficking (Section 55), and acquisition, possession or use of proceeds of drug trafficking (Section 56). Section 57 obligations apply to “any person” who knows or suspects; reporting is to be made to a customs or police officer.

The AMLGNs provide further detail on reporting requirements for money laundering, primarily through Part VI. A suspicious transaction is defined as one that is inconsistent with a customer’s known, legitimate business or personal activities or with the normal business for that type of customer. The duty for reporting rests with the money-laundering reporting officer (MLRO) (6-18), who receives reports internally regarding potentially suspicious transaction; the MLRO is then responsible for making the determination as to whether the suspicious transaction should be reported to the Gibraltar authorities. While the legal requirement to report is clear, and in the small jurisdiction of Gibraltar the MLROs in fact know the GFIU staff personally, the law and AMLGNs are not entirely clear about precisely where STRs should be filed. Paragraph 6-18 indicates that the MLRO reports to the GFIU, Paragraph 5-35 indicates that the report can go to the financial intelligence unit or “other competent authorities”, Paragraph 2-7, referring back to the CJO, refers to reporting to police or customs officers, and finally in Paragraph 2-26 there is a requirement to disclose the information to law enforcement authorities. The clearest direction appears in footnote 1 to the Anti-Money Laundering Guidance for Business Which Accept Large Cash Payments for Goods. This footnote states: “The Royal Gibraltar Police and HM Customs jointly operate the Gibraltar Financial Intelligence Unit (GFIU). A disclosure made to an officer in the GFIU may be regarded as being compliant with any disclosure requirement imposed under the Criminal Justice Ordinance 1995.”

There are three overlapping reporting requirements in place for suspicious transaction reports tied to terrorist financing. First, because terrorism is a crime, STRs are addressed through basic CJO requirements. More specific requirements are set forth in the Terrorism Order issued by the UK in 2001 and applicable to all overseas territories and the Terrorism Ordinance 2005. Article 8 of the Terrorism Order, with a reference back to Article 4 which deals with funding, indicates that reports on terrorism financing must be made to the governor as soon as reasonably practicable. However, this reporting requirement extends only to “relevant institutions” which are defined as banks and building societies. The Terrorism Ordinance 2005 expands the reporting requirement to all persons, which includes all financial institutions. But under Section 9(2), the reports filed pursuant to this Ordinance are to be made not to the governor, but to the police. However, it is important to note that the RGP reports to the governor.

As with the AMLGNs, the reporting obligations are clear, but it is less clear where the reports should be filed. The CJO refers to a police or customs officer, the Terrorism Order requires reports to the governor, and the Terrorism Ordinance has reports sent to the police.

This confusion was echoed in discussions with the private sector. While most of the confusion on STR reporting concerned the minor issue of whether reports went to the GFIU or the GCID (where the GFIU is housed), there was a more general level of confusion about where reports on terrorism financing would go.

According to statistics provided by the Government, no reports have been filed on suspicion of terrorist financing to date, but in 2004, there were 123 reports filed by all reporters on money-laundering suspicions. Of the 123 reports, 74 were filed by financial institutions, with 72 of those filed by banks. The stand-alone money transfer agent reported, but insurance companies did not according to the statistics provided. In 2004, there were also reports filed by bureaux de change, company managers, supervisory bodies, lawyers, accountants, financial advisors, and government departments.

Fiscal offences are specifically addressed in the AMLGNs in Paragraphs 2-3 to 2-6. There is a very high bar for reporting, as “mere suspicion that a customer or client is placing money in, or moving money through, Gibraltar with the intention of committing an offence against an overseas tax authority is not sufficient.” Instead, there needs to be a suspicion that an indictable offence had “actually been committed” and that the institution was involved through the processing of the transactions for the clients. Paragraph 2-6 does indicate that “if criminal conduct is suspected, then the normal reporting obligations apply. However, each suspected case would need to be examined in the light of its particular circumstances.”

There is no specific legal requirement to file on attempted transactions. Instead, the requirement is for any suspicious transaction regardless of the stage that the transaction is in. In discussions with one member of the private sector, one of the examples they gave the assessors of an STR filed involved an attempted transaction, so it does appear that the financial institutions will file even when a transaction has not been completed.

SR. IV

As indicated above, there are specific and overlapping reporting requirements in place for suspicious transaction reports tied to terrorism financing. Reports do not go to the GFIU, but instead go to the entities described in the legal framework established for terrorism and terrorism funding. In Gibraltar, that legal framework comprises the Terrorism Order issued by the UK in 2001 and applicable to all overseas territories and the Terrorism Ordinance 2005. Section 8 of the Terrorism Ordinance, with a reference back to Section 4 which deals with funding, indicates that reports on terrorism financing must be made to the governor as soon as reasonably practicable. However, the reporting requirement is only for “relevant institutions” which are defined as banks and building societies. The Terrorism Ordinance 2005 expands the reporting requirement to all persons, which includes all financial institutions. But, in this Ordinance under Section 9(2), the reporting requirement is not to the governor, but rather, to the police.

As with AML reporting, TF reporting is not linked to a threshold, so reports must be provided regardless of the size of the transaction (criteria 13.3). With respect to fiscal offences, there is a high bar set on when suspicious transaction reports can be provided if they involve fiscal issues. This is identified in Paragraphs 2-3 to 2-6. However, there is still an obligation to report.

According to the LSU, the Terrorism Order 2001 and the Terrorism Ordinance 2005 are both currently applicable and work in tandem. The fact that they have different reporting requirements creates a certain level of confusion, as it is does not appear clear to the private sector where reports on the financing of terrorism should be sent. The AMLGNs were updated during the assessment to reflect the provisions of the Terrorism Ordinance 2005. The AMLGNs now indicate that reports should be sent to the police (who report to the governor) through the GCID.

R. 14

Statutes that that require reporting of suspicious transactions in Gibraltar contain provisions that protect persons who make such disclosures from criminal and civil liability, provided such disclosures are made in good faith. See CJO (Section 2(3)(a)), and DTO (Section 57(3)). (The Terrorism Ordinance does not contain such a provision, but Section 2(3)(a) is written with sufficient breadth to cover any disclosure made pursuant to the TO.) “Persons” include financial institutions and their directors, officers and employees. And the protections extend to all situations involving disclosures, without regard to whether the disclosing persons knew precisely the nature of the suspected underlying criminal activity, or whether any criminal activity in fact occurred.

In order to be protected from potential criminal liability for continuing to deal with funds, accounts, clients, or arrangements related to the transaction with respect to which a disclosure was made, however, disclosing parties must obtain the consent of a police or customs officer. See CJO (Section 2(3)(b)), DTO (Section 56(5)), TO (Section 9). See also discussion of “consent” and “non-consent” letters at Section 1.5.

Gibraltar law also prohibits all persons—not just financial institutions or persons who make disclosures of suspected activity—from “tipping off.” Tipping off is defined as disclosing to any person information or any other matter likely to prejudice an investigation or proposed investigation, or an investigation which might be conducted following a disclosure. See CJO (Section 5), and DTO (Section 58(1)). (The Terrorism Ordinance has no comparable provision, but tipping off suspected terrorist financing would clearly be covered by the CJO.) The tipping off provisions include an exception for providing professional advice in connection with ascertaining the legal position of a client, or performing the task of defending or representing that client or any other person in, or concerning, judicial proceedings.

There is no specific statutory or regulatory provision ensuring that the names and personal details of staff of financial institutions that make disclosures are kept confidential by the FIU, but as law enforcement officers working as part of an intelligence unit, GFIU staff have been trained to handle sensitive information and they would be subject to discipline under internal police and customs guidelines for improper dissemination of sensitive information, as well as criminal charge under the Disciplinary Code and Official Secrets Act

R. 19

Authorities confirmed for the assessment team that they had considered the feasibility and utility of implementing a ‘report-all-currency transactions-above-a-fixed-threshold’ system. At the present time, Gibraltar, like many FATF countries, has a suspicion-based reporting system. On balance and taking into account the amount of information generated by a fixed reporting system versus a risk-based approach, Gibraltar authorities believe that the risk-based approach is a more productive and effective means of control. The small size of the jurisdiction argues against a threshold based reporting system because large cash placements are quite likely to be noticed in the Gibraltarian financial and DNFBP sectors.

R. 25

Financial Institutions

The FSC has established the AMLGNs which provide detailed requirements on AML/CFT. These are applicable for all FSC licensees (banks, investment activities, insurance firms and TCSPs) and have been extended to several non-FSC-regulated financial entities, including the Gibraltar Savings Bank, the bureaux de change, and money transmitters. The AMLGNs were written several years ago and have been periodically updated as new issues have required attention. The FSC plans to revise the AMLGNs to extend the requirements to include consideration of FT in addition to ML; FT is only minimally covered in the current version.

The FSC uses two mechanisms to provide feedback to its licensed institutions. The first is a feedback letter. This is provided to a licensee following an on-site visit. The letter details, inter alia, any concerns or criticisms regarding the AML/CFT controls and indicates if any corrective action is needed. A more generic form of feedback comes through the FSC Newsletter, which is issued periodically. In early 2006, the FSC issued a Newsletter which reviewed the findings and trends from the risk assessment visits they had completed to date. The FSC indicated that this is a good mechanism to remind all licensees of their obligations and to let them know where other licensees have had issues. As is noted on the first page, the Newsletter is issued as a “guide to the Commission’s expectations concerning the operation of authorized firms.”

Bureaux de change and money transmitters receive no direct feedback on their AML/CFT program. The Gibraltar Savings Bank receives its feedback directly from the government’s external auditors, following reviews of systems and controls.

The GFIU

The GFIU, via its periodic newsletters, provides information on typologies of ML/TF and sectoral breakdowns on the number of disclosures. The typology information is usually sourced from international sources such as Egmont or FATF, although sanitized local cases are also provided subject to suitable confidentiality. GFIU also acknowledges all disclosures it receives and either GFIU or the investigating officer of the police or customs provide updates to the relevant institution or business on the use made of the disclosures. These updates are subject to any restrictions that need to apply for active investigations.

The GFIU has not established any written guidelines for reporting separate and apart from those issued by FSC. Sample reporting forms are found in the FSC’s AMLGNs. The GFIU does, however, provide significant feedback to the financial institutions when they report suspicious transactions. The FIU will inform the reporting entities if more information is needed and will also let them know to what extent a given report was useful or helpful. Far less feedback is currently provided to DNFBPs, although the GFIU is planning outreach activities this year.

Recommendations and comments

  • Clarify the reporting obligations for the suspicious transaction reports related to money laundering (GFIU vs. GCID vs. “customs and police”);

  • Clarify, through law or regulation, where reporting entities should file suspicious transaction reports related to TF in Gibraltar; and

  • Ensure that there are requirements in place to report suspicions on attempted transactions.

article image

Internal controls and other measures

2.8. Internal controls, compliance, audit and foreign branches (R.15 & 22)

Description and analysis

R. 15

Section 9 of the CJO requires that institutions maintain procedures and internal control systems, communicated to employees for the “purposes of forestalling and preventing money laundering.” The AMLGN extends these purposes (Paragraph 2-21) to include being able to identify suspicious activities and to provide an audit trail, if it becomes necessary in the course of an investigation. The CJO, Terrorism Order 2001, and the Terrorism Ordinance 2005 do not establish a requirement for policies and procedures in the area of terrorism financing. However, the AMLGNs need to be extended to include the financing of terrorism; while this may not mean a significant change in the current practices of the financial sector, it is one that will need to be highlighted to the industry to ensure that it can review it current practices and adjust as necessary.

The CJO also requires that institutions identity a person that will act as the central point of contact for all information flows when there is “knowledge or suspicion that another person is engaged in money laundering” (Section 18(a)); in the AMLGNs, this person is referred to as the money-laundering reporting officer (MLRO). The AMLGNs describe the MLRO’s function as follows: responsible for the oversight of the institution’s AML activities and the key person in the implementation of the AML strategy of the institution. The MLRO must be a senior member of the staff so that it has appropriate authority and must be located in Gibraltar (Paragraph 6-15). Section 18(c) of the CJO requires that the MLRO have “reasonable access to other information which may be of assistance to him.”

The AMLGNs address the internal audit function in Paragraph 3-5. This Paragraph indicates that “Businesses are required to make arrangements to verify, on a regular basis, compliance with policies, procedures, and controls relating to money-laundering activities, in order to satisfy management that the requirement in the Sections to maintain such procedures has been discharged.” The choice of how and who will complete these tests of the AML/CFT system are left to the financial institutions, based on the internal structure and existing compliance and audit requirements. It is important to note that during the assessment, the FSC changed the language in Paragraph 3-5 to make this a requirement. The original language encouraged internal tests as a measure of best practice, but did not require them. According to the FSC and based on discussions with the private sector, it does appear that the many of the industry participants already have these systems in place. With the change in language, the FSC will need to ensure that all licensees have incorporated this function into their businesses.

In terms of entities outside of the FSC, the Gibraltar Savings Bank undergoes testing by the government’s auditors, but neither the bureaux de change nor the one stand-alone money transmitter are required to have an audit function that tests compliance with policies, procedures, and controls. The AMLGNs, which do extend to bureaux de change and, under the revised language will now create an obligation for an audit may not be an easy or ready change for the bureaux de change, as most are small operations.

Employee training is required in both the CJO and the AMLGNs. In the CJO, Section 9(1)(b) creates the requirement that institutions train their employees. Part VII of the AMLGNs focuses entirely on education and training for their licensed institutions. Part VII recognizes that training programs will vary but emphasizes the need for training on KYC, beneficial ownership requirements, and what constitutes a suspicious activity. New employees, directors and senior managers are all highlighted in this Section of the AMLGNs. Refresher training must be done annually, as described in Paragraph 7-14. The requirements in both the CJO and the AMLGNs focus on ML training; the AMLGNs will need to be extended to TF for training and provisions will need to be made to ensure that the industry receives training specific to TF issues.

The assessment team discussed training with the private sector and found it to be in line with the requirements. Most firms have created internal programs, which are, in bigger firms, supplemented by external training programs as well. In addition, the Gibraltar Association of Compliance Officers offer training programs on AML issues throughout the year to their members.

Screening procedures for hiring new employees are not fully addressed. For entities that are licensed to carry out investment business or “controlled activities”, the Financial Services Ordinance Financial Services (Conduct of Business Regulations) 1991 contains a provision in Section 12. This provision indicates that “where the licensee employs staff or is responsible for the conduct of financial services business by others, shall have adequate arrangements to ensure that they are suitable, adequately trained, and properly supervised.” Controlled activities refer to company management, professional trusteeship, insurance and reinsurance mediation, and insurance management. However, the provision is also relevant to banks and investment licensees as they are also licensed under the FSO. No similar requirements have been extended to insurance firms, bureaux de change, or money transmitters, although insurance firms will be covered once the FSC’s Approved Persons Regime is enacted and implemented. The Gibraltar Savings Bank hiring policies are covered by civil service requirements, which include screening procedures.

R. 22

The basic requirements that address Recommendation 22 are found in Paragraphs 3-7 and 3-8 of the AMLGNs. Paragraph 3-7 indicates that where there is a Gibraltar branch, subsidiary or associate where control can be exercised, the requirements are that:

  • A group policy be established covering all overseas branches and territories. The policy should ensure that the AML strategies, internal controls, procedures and processes are “undertaken at least to the standards required under Gibraltar law or, if the standards in the host country are more rigorous, to those higher standards;”

  • The overseas branch or subsidiary adhere to local laws and procedures;

  • Where local laws prohibit the application of Gibraltar’s practices or higher standards, the institution inform the FSC; and

  • Suspicions must be reported within the jurisdiction where the suspicion arose and, depending on the situation, to the GFIU as well.

  • While several paragraphs in the AMLGNs (4-69, 4-155 to 4-159) address the issue of jurisdictions that do not adequately apply the FATF standards, these provisions relate to customer due diligence and do not address the situation where a Gibraltar financial institution has set up operations in a non-equivalent jurisdiction. It currently does not arise as an issue, as Gibraltar has only one local bank and that bank does not have any overseas branches or subsidiaries.

Recommendations and comments

  • Extend AMLGNs to include TF in the areas of controls and training;

  • Ensure that financial institutions have an internal audit or other mechanism to check compliance with the AMLGNs in place, including bureaux de change and the stand-alone money transmitter; and

  • Extend the standards for hiring to insurance firms, bureaux de change, and money transmitters.

article image

2.9. Shell banks (R.18)

Description and analysis

Physical presence is required under the Banking Ordinance (Section 23(1)(e)) for all licensees. This section indicates that “an institution incorporated in or formed under the laws of Gibraltar will have its head office in Gibraltar.” Records must also be kept in Gibraltar and the AMLGNs require that the MLRO for licensees be located in Gibraltar. Shell banks are not approved for license by the FSC.

As mentioned in the discussion of Gibraltar’s position with respect to Recommendation 7, at Section 2.2, infra, Gibraltar banks have very limited correspondent banking activity and it is directed more to their corporate, rather than client needs, which would be the interest of a shell correspondent. According to the FSC, no bank has a relationship with a shell correspondent bank and such relationships are prohibited by Paragraph 4-94 of the AMLGNs. This paragraph also prohibits Gibraltar banks from using correspondents who allow their banks to be used by shell banks. Institutions are required to have measures in place to ensure that they do not deal with shell banks in a correspondent capacity through their review and approval process of new correspondent banking relationships.

Recommendations and comments

article image

Regulation, Supervision, Guidance, Monitoring and Sanctions

Description and analysis

R. 17

Financial Institutions

The supervisory authority for banks, insurance firms, and investment companies is the FSC. The FSC has the ability to impose conditions or directions on its licensees and may take other actions to ensure remediation of identified problems. The authority is identified in several different Ordinances, as follows.

The Banking Ordinance covers deposit-taking institutions, including banks and building societies. The Gibraltar Savings Bank, a state-owned institution, is covered separately, described below. The Banking Ordinance, in Section 62(1), indicates that the Commissioner of the FSC may “by notice in writing served on the licensee direct it, at its own expense, to take or refrain from taking any course of action in relation to the conduct of its business that the commissioner specifies in the notice.” The Ordinance also gives the commissioner the power to appoint an auditor, to appoint an individual to advise the licensee on specific issues, and to cancel the license. In addition, the Banking Supervisor can appoint an individual to investigate and report to him on the “nature, conduct or state of the licensee’s business or any particular aspect of it.” This is referred to as engaging Reporting Accountants.

The Financial Services Ordinance 1989 applies to investment business or controlled activities such as insurance managers, insurance and reinsurance mediation, and fiduciary trusteeship. Section 10(1) indicates that the FSC “by notice in writing served on the licensee, impose such conditions as appear to the Authority to be necessary or desirable for the protection of investors.” Section 10(2) identifies a range of conditions that may be imposed including prohibiting a licensee from entering into any transactions, carrying out specific investment business, or require a licensee to take steps to transfer custody of assets or property to designated individual. Section 11(1) also provides the FSC with the power to cancel or suspend a license. In addition to conditions, the FSC also has the authority to issue directions to the licensee under Section 35(1) of the Financial Services Ordinance 1989.

The Insurance Ordinance covers insurance firms, including life insurance companies. Like the two previous Ordinances, the Insurance Ordinance provides the Commissioner of the FSC the power to issue directions. These must be in writing, with the purpose to protect “policy holders or potential policy holders of the insurer against the risk that the insurer may be unable to meet its liabilities, or in the case of long term business, to fulfill the reasonable expectations of policyholders or potential policyholders.” This is addressed under Section 100(1). The Ordinance also allows the commissioner to appoint an individual to conduct investigations on the insurance licensees.

The sanctioning powers of the FSC provides for a range of options that appear effective, proportionate and dissuasive. The greatest penalty, of course, is the revocation of the license. There are several steps that the FSC can take well before cancellation of the license that will ensure appropriate action on the part of the licensee. These actions can be tailored to the specific licensees and to the specific situation, which adds to their effectiveness. The possible actions that can be taken range from exchanges of letters and action plans, where the institution is agreeing to take action, to the imposition of specific directions and conditions, which are in writing, are public documents, and must be met to avoid more serious consequences.

There are two issues with respect to the types of sanctions that may be applied by the FSC to financial institutions. The first issue is that there is no specific language in the Ordinances that permits a condition or direction to be issued against an individual, instead of an institution. However, there are no limitations on what can be imposed through a condition or a direction, so the FSC has the authority to issue such documents requiring the institution to take action against an individual. The FSC would prefer to take the action directly and has developed a proposal that would allow this; it is referred to as the Approved Persons Regime. The proposal has been sent to the GOG for consideration.

A second issue is that, to date, no conditions or directions have been issued on AML/CFT issues. This is not necessarily problematic in itself, but it is less clear that the FSC has fully identified the instance when it would impose such conditions or directions when there is a problem with the AMLGNs; the FSC has issued conditions and directions to licensees on other issues outside of AML/CFT. Currently, the FSC relies on two primary mechanisms to ensure corrective action by its licensees—exchange of letters and the use of Reporting Accountants. The institutions must pay the fees of the Reporting Accountants, and the institutions are required to submit to the results of the Reporting Accountants’ investigation and remediation plans. Reporting Accountants have been engaged by the FSC approximately thirteen times for AML/CFT purposes over the last three years.

The Financial and Development Secretary (FDS) is responsible for the oversight of the Gibraltar Savings Bank and heads the Bureaux de Change committee provides oversight for the bureaux de change sector. The Gibraltar Savings Bank is a state-owned institution. It is subject to the Savings Bank Ordinance, which contains no provisions for sanctions. However, as a state-owned institution, the Gibraltar Savings Bank is also subject to regular checks by the government’s “external” auditors. These individuals work for the government, but provide independent checks on all government operations. Problems identified in these audits of systems and controls must be corrected. No specific problems on AML/CFT have been identified to date on the Gibraltar Savings Bank. For bureaux de change, the Bureaux de Change Ordinance allows few options in the area of sanctions. A license may be cancelled or it may be suspended “pending inquiry” by the Bureaux de Change Committee. There are no other sanctions available in the Ordinance.

Money transmitters are not subject to any supervisory or administrative sanctions, as they are not licensed, registered or supervised.

FIU

The GFIU does not have a supervisory role. It provides advice on procedures for making disclosures of suspicion and indicators of suspicious transactions and while GFIU staff has made educational visits to various car dealers, it is yet to make effective contact with all the sectors not regulated by the FSC. The assessment team was advised that GFIU intends to conduct an outreach program to all DNFBP sectors during 2006.

The GFIU is designated as the administrative unit to which disclosures of suspicion are to be provided. Fuller discussion of issues associated with the clarity of this role is provided in Section 1.5. The GFIU has not been allocated any powers of sanction including for non compliance associated with non, late or incomplete reporting by businesses required to make disclosures of STRs. Similarly, although the GFIU is administratively involved in advising non consent to proceed notifications, the GFIU does not have any authority to apply any sanctions should the notifications not be complied with.

R. 23

Financial institutions subject to licensing and supervision by the FSC include banks, building societies, insurance firms, and investment activities. These licensees are subject to adequate regulation and supervision by the FSC, through its program of on-site and off-site supervision, as well as its risk-based framework. The FSC is responsible for ensuring that the institutions under its purview meet the AML/CFT standards and, to the extent that there are issues and concerns, the FSC has the appropriate authority to ensure that institutions take remediation measures to come into compliance.

Onsite Inspections Carried out by the FSC for 2005 and 2006

article image

Risk assessments have been carried out on a number of financial institutions. Prudential visits have been carried out for all areas except insurance intermediaries. Six prudential visits are planned for insurance intermediaries in 2006. Insurance supervision should be increased and more staff are being hired for this purpose. Overall, there are five onsite examiners for fiduciary services, six onsite examiners for banks and investment firms (many investment firms are part of a banking group) and four onsite examiners for insurance supervision. One more insurance examiner will be hired.

Work on the bank risk assessments is cyclical with most full re-assessments coming up in 2006/07. All risk assessments/on-site work covers AML systems of control as this is an integral part of the FSC’s risk assessment program. Frequency of visits has been increased in the last couple of years as staff have been added for this purpose. The authorities advise that since the mission visited Gibraltar, additional staff have been hired.

For the balance of 2006, the FSC plans three prudential visits to banks and one risk assessment, seven prudential visits to investment firms and four risk assessments, five prudential visits to fiduciaries and two risk assessments, one prudential visit to an insurance manager and one risk assessment and six prudential visits to insurance intermediaries and three risk assessments.

There are 18 banks in Gibraltar and all but one of them are branches or subsidiaries of international banks, 49 insurance companies, six insurance managers, 34 insurance intermediaries and 23 non-bank firms that provide that provide investment services.

The FSC reviews the fitness and propriety of all applicants for license. The applicant must either have “a high reputation and standing in a financial community or will be able to do so in the carrying on of the deposit-taking business…for which the license is being sought.” This refers to Section 23(1) of the Banking Ordinance, but similar language is found in the Insurance Ordinance (for insurance licensees) and the Financial Services Ordinance 1989 (for investment and other licensees). Fit and proper covers every person who is to be a director, controller, shareholder controller or manager. However, while fitness and propriety is checked, there is no specific language prohibiting criminals from holding managerial positions in financial institutions.

There are two categories of financial institution that are not subject to an adequate regulatory and supervisory framework. The first are the bureaux de change, which are subject to the same legal and prudential requirements as FSC licensees for AML/CFT. However, they are not currently adequately supervised and the ability to ensure that corrective action is taken if there is a problem is extremely limited. There is one “investigating officer” that does visit each of the bureaux de change during the year, but this is more informational, than an inspection. There are no checks against the AMLGNs, nor any checks of records kept by the bureaux for AML/CFT purposes. The Bureaux de Change Ordinance establishes very general fit and proper criteria for bureaux de change licensees, but there is no prohibition that prevents a criminal to hold a managerial position in a bureaux de change. Money transmitters (non-bank) are not licensed or registered. While they have been made subject to the AMLGNs, there is no supervisory or regulatory structure in place to check for compliance.

The government of Gibraltar recognizes the need to further address bureaux de change and money transmitters. There is a proposed Money Service Business Ordinance, which has been in draft form for some time. The current proposal is to create a government committee headed the FSC, given its ability to provide the necessary level of oversight of these sectors. While the assessment team recognizes that these discussions are ongoing, it will be important to address several issues currently missing from the approach to these entities: specific requirements to prohibit criminals from holding managerial positions; the appointment of a competent authority who will be responsible for ensuring that the bureaux de change and the money transmitters meet the AML/CFT requirements through effective supervision; and, for money transmitters, a framework for licensing or registration of these entities.

For institutions subject to the Core Principles, the FSC uses exactly the same supervisory and regulatory approach as are used for more general prudential purposes, including fit and proper checks. The regulated firms are subject to on-site and off-site supervision and must use the risk-based approach as identified by the FSC.

R. 25

Financial Institutions

The FSC has established the AMLGNs which provide detailed requirements on AML/CFT. These are applicable for all FSC licensees (banks, investment activities, and insurance firms) and have been extended to several non-FSC-regulated financial entities, including the Gibraltar Savings Bank, the bureaux de change, and money transmitters. The AMLGNs were written several years ago and have been periodically updated as new issues have required attention. The FSC plans to revise the AMLGNs to extend the requirements to include consideration of FT in addition to ML; FT is only minimally covered in the current version.

The FSC uses two mechanisms to provide feedback to its licensed institutions. The first is a feedback letter. This is provided to a licensee following an on-site visit. The letter details any concerns or criticisms regarding the AML/CFT controls and indicates if any corrective action is needed. A more generic form of feedback comes through the FSC Newsletter, which is issued periodically. In early 2006, the FSC issued a Newsletter which reviewed the findings and trends from the risk assessment visits they had completed to date. The FSC indicated that this is a good mechanism to remind all licensees of their obligations and to let them know where other licensees have had issues. As is noted on the first page, the Newsletter is issued as a “guide to the Commission’s expectations concerning the operation of authorized firms.”

Bureaux de change and money transmitters receive no direct feedback on their AML/CFT program. The Gibraltar Savings Bank receives its feedback directly from the government’s external auditors, following reviews of systems and controls.

The GFIU

The GFIU, via its periodic newsletters, provides information on typologies of ML/TF and sectoral breakdowns on the number of disclosures. The typology information is usually sourced from international sources such as Egmont or FATF, although sanitized local cases are also provided subject to suitable confidentiality. GFIU also acknowledges all disclosures it receives and either GFIU or the investigating officer of the police or customs provide updates to the relevant institution or business on the use made of the disclosures. These updates are subject to any restrictions that need to apply for active investigations.

The GFIU has not established any written guidelines for reporting; instead, sample reporting forms are found in the FSC’s AMLGNs. The GFIU does, however, provide significant feedback to the financial institutions when they report suspicious transactions. The GFIU does inform the reporting entities where more information is needed and also lets them know to what extent particular reports are useful.

R. 29

The Financial Services Commission Ordinance requires that the commissioner “shall supervise institutions licensed to provide any financial services.” The commissioner is responsible for all financial institutions, excluding the Gibraltar Savings Bank, the bureaux de change, and money transmitters. The supervisory powers are further backed by requirements in the Banking, Insurance, and Financial Services (1989) Ordinances, respectively, which both compel production of records and allow for sanctions to be imposed by the FSC where necessary and appropriate. The sanctions are generally in the form of conditions or directions imposed on the licensees.

Inspections are conducted by the FSC on a supervisory cycle based on the risk of the institution. The cycle ranges from nine months between visits for high risk licensees to three years for the lowest risk institutions. Section 60 of the Banking Ordinance, Section 33 of the Financial Services Ordinance 1989, and Section 98(1) of the Insurance Ordinance covers the respective requirements for the production of documents at the request of the FSC. There are no limitations on the information that can be compelled from the licensees by the FSC.

The FSC also has the power to sanction its licensees, as necessary. There are a range of sanctions available to the FSC, including an informal exchange of letters to the more formal conditions or directions. These may be imposed only on the licensee itself and not on an individual. However, there is no prohibition on the FSC issuing a condition or direction to an institution requiring them to take action on an individual within that institution.

The Gibraltar Savings Bank falls under the responsibility of the financial and development secretary, but is run by the Treasury (accountant general). It is subject to oversight by the government of Gibraltar.

The bureaux de change are subject to oversight by the Bureaux de Change Committee, which is headed by the Financial and Development Secretary. The Bureaux de Change Ordinance does not provide for powers to monitor the bureaux de change for compliance with any standards, including AML/CFT, but it does allow the Committee or the Bureaux de Change investigating officer to compel production of records. The Ordinance does allow for sanctions of bureaux de change, but these are limited to either suspension of a licensing pending an inquiry or cancellation of a license.

There is no oversight of the one stand-alone money transmitter, no powers to monitor compliance, no sanctioning ability, and no ability to compel production of records.

R. 30

The FSC appears to have adequate financial, technical, and human resources necessary to conduct the functions of supervision and regulation of their licensees. The FSC is operationally independent and the commissioner may issue guidance and standards that the licensees are required to follow on penalty of sanction. The assessment team worked with a large number of the staff of the FSC during the assessment and the general view was that they were competent and well skilled. There will be some staff changes in the near future, as the Banking and Investment divisions are combined. The head of banking supervision will become the Chief Operating Officer, while the current head of the investments division will become head of the combing banking and investment divisions. The Commission is required, under the FSC Ordinance to hire “fit and proper” individuals. The supervision staff number fifteen: five in fiduciary services supervision, six in banking and investments supervision and four in insurance supervision with a fifth position to be filled. This number represents actual staff who conduct onsite examination visits.

Staff training on AML/CFT is provided. It is also required under the FSC Ordinance.

The Bureaux de Change Committee does not currently have the appropriate resources to ensure that bureaux de change are adequately supervised. However, the lack of resources is understandable given the general lack of requirement for oversight of these entities.

R. 32

The FSC has three databases that it uses to keep track of information related to its licensees. It has statistics on the number of inspections conducted, the risk assessments for each licensee, and the supervisory cycle. It could, however, only provide details of the dates of its supervision visits for the last two years. The FSC also keeps statistics about information requests from foreign jurisdictions and this includes identification of the number of days it took to resolve each request. The FSC does not keep information on STRs provided by its licensees to the GFIU because it does not receive a copy of those reports. The FSC is constantly reviewing the effectiveness of its systems and this was demonstrated by the upgrade in the risk-based system that was implemented approximately eighteen months ago and still remains under review.

Recommendations and comments

  • Address the lack of “effective, proportionate, and dissuasive” sanction regime for both bureaux de change and non-bank money transmitters in the area of AML/CFT;

  • Address the lack of effective oversight for bureaux de change;

  • Ensure that all financial institutions are subject to requirements that prohibit criminals or their associates from holding or being the beneficial owner of a significant or controlling interest or holding a management function in a financial institution;

  • Extend the AMLGNs to focus not only on ML, but also on TF; and

  • Ensure that authority responsible for bureaux de change and money transmitters (non-bank) is given appropriate regulatory powers and resources so that the authority can effectively conduct oversight, compel records, require remediation, and, where necessary, issue sanctions.

article image

Money or value transfer services

This section should very briefly summarize and cross-reference the description and analysis that has been made elsewhere on money or value transfer services. It should then set out in full any recommendations or comments, and the material concerning the compliance rating.

2.11. Money or value transfer services (SR.VI)

Description and analysis

Money transfer services outside banks is provided by a stand-alone money transfer agent who is neither licensed or registered, nor supervised in Gibraltar. As a result, the one stand-alone operation is outside the FATF 40 +9 requirements, although the scope of application for the AMLGNs has been extended to include money transfer agents.

There is a proposed Money Services Business Ordinance that is currently being drafted and this would move the responsibility for licensing and supervising money transmission and bureaux de change services to a government Committee, which will be headed by the FSC. However, there is no set timeframe for the passage of this new Ordinance and the drafting is not yet finalized.

There is no requirement that any of the money value transfer service operators maintain a current list of their agents, which can be made available to the authorities. This is not necessary for the banks that are performing these transactions, as the bank is the agent. However, for the stand-alone entity, and any others that come into existence in the future, there should be some requirement that a list be maintained.

There are no sanctions available to the government of Gibraltar for the stand-alone money transfer agent, as this is not a licensed entity. The authorities believe, however, that because this stand-alone does have a bureau de change license, it may be possible to sanction the agent using this license as primary mechanism.

Gibraltar is a small jurisdiction and it does not appear that there are any informal remittance providers. However, the assessment team did learn that there have been problems with retailers operating as bureaux de change between themselves (i.e., when one needs sterling or needs to dispose of sterling, he may go to another trader rather than a bank or a bureau de change). This practice is illegal, but it was not clear whether it was being done simply to facilitate the retail environment or if there might be an informal value transfer system associated with the exchanges. We were not able to confirm whether or not such a system exists. As with all money transmitters (excluding those housed in banks), alternative remittance providers are not be subject to any licensing or registration requirements currently.

Recommendations and comments

  • Close the gap in the financial services area by ensuring that all entities that provide money or value transfer services are licensed and supervised;

  • Require that principals keep lists of all agents of money and value transfer service providers; and

  • Develop a mechanism to ensure that money and value transfer service providers can be sanctioned.

article image

3. PREVENTIVE MEASURES—DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS

3.1. Customer due diligence and record-keeping (R.12) (applying R.5, 6, 8 to 11, & 17)

Description and analysis

The key statutes applicable to financial institutions for AML/CFT purposes, namely the Criminal Justice Ordinance (CJO), the Terrorism Order 2001, and the Terrorism Ordinance 2005, are also applied to those businesses and individuals covered by the FATF definition of Designated Non-financial Businesses and Professions (DNFBPs). Section 8 of the CJO, specifies the following categories of DNFBP as conducting “relevant financial business” and subject to the full obligations of the preventative measures and reporting obligations that also apply to the financial sector:

  • (h) auditors, external accountants and tax advisors;

  • (i) real estate agents;

  • (j) notaries and other independent legal professionals, when they participate whether:

    • (i) by assisting in the planning or execution of transactions for their client concerning the:

      • (A) buying and selling of real property or business entities;

      • (B) managing of client money, securities or other assets;

      • (C) opening or management of bank, savings or securities accounts; or

    • (ii) by acting on behalf of and for their client in any financial or real estate transaction;

  • (k) controlled activity under the Financial Services Ordinance 1989. These currently include: (1) company management; and (2) professional trusteeship;

  • (l) dealers in all high value goods whenever payment is made in cash and in an amount of €15,000 or more; and

  • (m) casinos.

The Anti-Money Laundering Guidance Notes (AMLGNs) issued by the FSC, apply explicitly to the trust and company service providers and to the internet gambling sector by virtue of a reference to the Notes in the licensing requirements issued by the Licensing Authority, which is currently the FDS until the recently enacted Gambling Ordinance is implemented) (The land-based casino is not covered because it operates under an old license that does not refer to the AMLGNs). It is important to note, however, that the licensing authority has the power to amend the terms of license. The requirement to comply with the provisions of the AMLGNs extends to all internet-based gambling licensees, not just casinos and would include remote-based sports bookmakers. The new Gambling Ordinance, which was enacted in December 2005, but has yet to be placed into effect, will continue this practice. The land-based casino will be subject to the same AML provisions following renewal of its license which is due in April 2006.

There are Guidance Notes for dealers in high value goods that have been issued by the GOG and cover AML issues, but they are on an information only basis and are not enforceable.

Lawyers in Gibraltar are licensed and subject to discipline pursuant to Section 33 of the Supreme Court Ordinance, which incorporates by reference the rules of court in force in England. Accordingly, Gibraltar lawyers are required to comply with England’s Money-Laundering Regulations of 2003 (English Regulations). The regulations apply, among other things, to “legal professionals acting on behalf of their clients in any financial or real estate transaction.” This is defined to include legal transactional services, insolvency and tax services, financial services, and company and trust services. (In Gibraltar, the latter is regulated directly by the FSC, as discussed elsewhere.)

Notaries in Gibraltar are licensed for life by the Archbishop of Canterbury. Their functions are limited to acting as a commissioner for taking oaths, verifying the bona fides of documents, etc. They do not prepare for or carry out transactions for clients. Thus, the FATF recommendations are not applicable to notaries in Gibraltar.

The remaining DNFBP categories, namely accountants, auditors and real estate agents are subject to no further regulatory or guidance standards. Where lawyers or other independent professionals perform company or trust management services (i.e. “controlled activities” under Section 8(k) of the CJO), they form legal entities for this purpose, and are regulated by the FSC.

R. 5 for DNFBPs

Part III of the CJO covers “Measures to Prevent the Use of the Financial System for Purposes of Money Laundering.” These measures cover both financial institutions and DNFBPs. Identification requirements are covered in Sections 11 and 13 of the CJO. Section 11 requires that, “as soon as reasonably practicable after contact is first made” between the financial institution and the client, a client must produce “satisfactory evidence of their identity” and that procedures, established by the financial institution, are followed to ensure “satisfactory evidence of his identity.” Where this information is not obtained, “the business relationship or one-off transaction in question shall not proceed any further.”

Beneficial ownership is addressed in Section 13 of the CJO. It addresses those situations where the “applicant for business is or appears to be acting otherwise than as principal.” In these cases, the CJO requires that the institution’s identification procedures require “reasonable measures” to be taken to ensure that the identity of the beneficial owner can be established. The identification procedures must take place “as soon as is reasonably practicable after contact is first made between that person and an applicant for business concerning any particular business relationship or one-off transaction.”

One-off or occasional transactions are addressed in the CJO. These are defined as either a single transaction of €15,000 or two or more one-off transactions that are linked and are equal to or greater than €15,000. Evidence of identity is required in these cases, in accordance with Sections 11(4) and 11(5). Where this evidence cannot be obtained, Section 11(1) of the CJO requires that the one-off transaction not proceed. The CJO does not require that consideration be given to having an STR filed in this situation.

There are several criteria that must be addressed in law or regulation and currently are not. This includes criteria 5.1, 5.2(c), 5.2(d), 5.2(e), 5.5.2(b), and 5.7. All of these must be addressed in law or regulation for DNFBPs.

The greatest level of detail on AML/CFT issues is contained in the Anti-Money Laundering Guidance Notes (AMLGNs). These are applicable (as far as DNFBPs are concerned) to trust and company service providers (TCSP) and casinos. All internet-based gambling and gaming licensees are subject to the provisions of the AMLGNs by reference in the individual licensing agreements. TCSPs are regulated by the FSC and are legally obliged by virtue of Section 19 of the CJO and Section 2(1) of the Financial Services Ordinance 1989 to comply with the preventative measures provisions of the FSC’s AMLGNs. As a result, it is appropriate to refer to Section 2.2 (R. 5) for information on what is covered in the AMLGNs on customer due diligence, as this applies directly to the TCSPs and the gambling sector.

The CJO 2004 provided scope for transitional arrangements for special regulatory guidance for TCSPs, especially with respect to KYC requirements for existing customers and the provision of the appropriate levels of AML/CFT training. The AMLGNs Paragraphs 4-127 to 4-134 detail these special provisions which in effect allowed for an extension of the time available for the remedial KYC and training to be completed. The extension lapsed on June 1, 2005. Drafting has commenced on Conduct of Business (Fiduciary Services) regulations. The draft provided to the assessment team provides further specificity on the FSC’s Best Practice expectations for licensees, with particular focus on the requirements for KYC and internal control requirements.

The English Regulation 4 requires firms carrying out relevant business to obtain “satisfactory evidence” of the identity of each client (and, where the client is acting as agent to take reasonable measures to establish the identity of the underlying principal).

English Regulation 3.29 requires lawyers to undertake CDD whenever becoming involved in a transaction of €15,000 or more. CDD is to be undertaken as soon as is reasonably practicable after contact is first made between the solicitor and client. CDD extends to dealings with applicants for business, which includes those seeking to carry out a one-off transaction, as well as those seeking a business relationship. (3.33). The rules appear to be silent with respect to requirements to conduct CDD under the threshold in cases where there is a suspicion of money laundering.

For evidence of identity to be “satisfactory,” it must be both reasonably capable of establishing that the client is the person he or she claims to be; and the person who obtains the evidence must be satisfied that it does in fact establish that the client is the person he or she claims to be. The regulations give lawyers flexibility to apply common sense and commercial judgment. The first step should be to identify exactly who the client is (for example in cases where a lawyer is acting for a group of companies). The rules require that satisfactory evidence be obtained for the identity of all persons for whom the lawyer or law firm intends to act. If the client is acting as an agent, the lawyer must take reasonable measures to establish the identity of the principal and maintain records in relation to that evidence. (3.36). Actual documentary evidence such as passports and certificates of incorporation, electronic checks of official databases, may be used. Third parties and credit reference agencies may also be used to verify identity. When using a combination of such checks, lawyers are required to use a variety of different original sources of information.

The English money-laundering regulations do not include requirements for ongoing due diligence on the business relationship, though lawyers are professionally obliged to keep abreast of their relationships with clients in any event. The regulations are similarly quiet about enhancing CDD measures for “high-risk” clients.

In the event that lawyers fail to obtain satisfactory identification, they may not proceed any further. (3.32). The regulations also contain transitional provisions for obtaining retroactive identification for existing customers, but these provisions do not apply to all existing customers. (3.49 and 3.50.)

For the remainder of the DNFBPs, there are significant gaps in the requirements for CDD. While the government of Gibraltar has promulgated AML Guidance for the High Value Dealer (HVD Guidance Notes), these do not have the same “other enforceable means” status as the AMLGNs. The HVD Guidance Notes are for information purposes only and are not enforceable. The HVD AMLGNs address various of the requirements of the CJO through introducing the “C.A.T.C.H.” concept to describe the requirements to control business through implementing appropriate AML systems, appointing a nominated officer responsible for AML disclosures, training staff, confirming the identity of customers and holding of records for the required years.

The gaps in Recommendation 5 for DNFBPs include:

  • Obtaining information on the purpose and intended nature of the business relationship;

  • Performing enhanced due diligence for higher risk categories of customer, business relationships or transactions;

  • Permitting simplified or reduced measures for CDD on low risk customers;

  • Requiring that where a customer may utilize the business relationship prior to verification, the organization must adopt risk management procedures concerning the conditions under which this may occur;

  • Prohibiting the opening of an account or commencing of business relations, when the entity cannot obtain appropriate CDD information; and

  • Requiring that DNFBPs apply CDD requirements to existing customers on the basis of materiality.

The gaps stem from a combination of causes. First, there are gaps in the CJO framework and items that should be covered by law or regulation, are either not addressed at all or are addressed in the AMLGNs, which do not have “law or regulation” status. A second cause is the lack of coverage in the AMLGNs of certain criteria. A final issue is the lack of enforceable guidance for several of the DNFBP sectors; for example, the HVD Guidance Notes are not enforceable, but rather information only. There is no guidance for the real estate or accounting/auditing sectors.

R. 6 for DNFBPs

Requirements to deal with politically exposed persons (PEPs) are not covered in the CJO or any other law or regulation. These requirements are, however, covered in the AMLGNs in Paragraphs 4-87 through 4-92. TCSPs and the gambling sector are covered by these obligations, which meet the FATF requirements.. The HVD Guidance Notes do not mention PEPs. England’s ML Regulations 2003 contain no special provisions for “politically exposed persons.”

None of the other DNFBPs are subject to any requirements on PEP clients.

R. 8 for DNFBPs

Non-face-to-face transactions and new technologies are addressed in the AMLGNs, with some limitations. Because these are relevant to TCSPs and the licensed gambling sector, reference is made to Section 2.2 of this report under R.8. The Law Society of England and Wales money-laundering regulations contain no special provisions for either developing technology or for non-face to face transactions. DNFBPs are not otherwise covered by law, regulation or guidance notes on the issues of non-face-to-face and new technologies.

The lack of non-face-to-face requirements raises particular concerns for the on-line gambling sector. The internet-based gambling sector poses an increased risk simply because of the non-face-to-face nature of its business. The assessment team was advised by industry representatives that specific measures are in place to mitigate such risks. These include measures such as requiring photocopies of identification, establishment of initial credit through use of credit/debit card details from reputable jurisdictions and verification of source of funds and country of origin through comparison of Internet protocol addresses and Bank Identification numbers.

R. 9 for DNFBPs

Third parties are covered by Paragraphs 4-85 to 4-86 for intermediaries and 4-119 to 4-126 for introducers. See Section 2.3 “Third parties and introduced business” for a full discussion. The majority of the third party activity for DNFBPs will be with introducers and provisions for introducers in the AMLGNs are strong. However, the scope of application of the AMLGNs covers only the TCSP and gambling sectors. The HVD Guidance Notes do not address intermediaries or introducers. England’s ML Regulations 2003 contain no special provisions for intermediaries. The regulations do, however, require individual lawyers engaged in a relationship with a client to maintain records even where the lawyer’s partner referred or introduced the client to him or her. (3.39.) As a result, no other category of DNFBP is subject to restrictions or requirements on the use of third parties to conduct KYC.

R. 10 for DNFBPs

There are record keeping requirements established in Sections 16 and 17 of the CJO. However, as noted in Section 2.5 of the report, there were deficiencies in how the record keeping requirements have been established; there are two issues that must be covered by law or regulation, but are currently addressed in the AMLGNs. For example, in Paragraph5-4 of the AMLGNs, there is a requirement that the records be available on a timely basis to provide to the authorities; this should be addressed in law or regulation. All DNFBPs are captured by the CJO, so the lack of fully detailed requirements in the Ordinance mean that DNFBPs are subject to only the baseline requirements for record keeping. Only the TCSP and gaming sectors would be subject to stronger requirements, given that they are covered by the AMLGNs. England’s ML Regulations 2003 require CDD records to be maintained for at least five years.

The HVD Guidance Notes address record keeping, but only very briefly. Section 10 indicates that “You only need to keep records relating to HVPs (high value payments). You do not need to keep records of payments you accept less than €15,000 or by check or credit card.” It is important to recall that the HVD Guidance Notes are not requirements, but rather “for information purposes only.”

R. 11 for DNFBPs

There are no requirements in the CJO covering the need to pay “special attention to all complex, unusual large transactions, and all unusual patters of transactions, which have no apparent economic or visible purpose.” During the assessment, the AMLGNs were updated to include new language regarding this Recommendation. Despite the addition, however, the criteria was rated “partially compliant” as the AMLGNs do not fully address the Recommendation. As a result, the standards applied to TCSPs and the gambling sector (by virtue of reference to the licensing agreement), do not fully satisfy the international standard. England’s ML Regulations 2003 contain no special provisions for “complex, large, or unusual” transactions.

The Guidance Notes issued for HVDs do give recognition to the concept of large and unusual transactions; however, the specific requirements by R. 11 with respect to documentation of any examination of such large, complex, or unusual transactions is not addressed. Furthermore, the HVD guidance notes are not enforceable.

There are no other rules, regulations or guidance for DNFBPs that address this issue.

R. 17 for DNFBPs

Sections 11 and 13 of the CJO set forth client identification requirements. The CJO applies to all categories of DNDBP. Failure to meet the requirements of these sections can lead to indictments, fines or imprisonment.

In addition, TCSPs are subject to sanctions under the Financial Services Ordinance 1989. The FSC imposes conditions on the license “as necessary or desirable for the protection of investors.” These conditions are specific to each license and each situation. In addition, where there are more significant issues, the FSC can suspend or cancel the license.

The current Gaming Ordinance of 1958 does not provide for any additional sanctions against the gambling sector for non compliance with the provisions of the CJO. Licenses may be revoked for unauthorized or unlicensed activity, but other than that, no action is provided for within the law. However, the Licensing Authority (FDS) requires compliance with the AMLGNs as a condition of the licenses it issues. The assessment team was advised that the current, land based, casino license does not contain this provision, however. The FDS plans to include the requirement in a new license in April 2006.

There are no regulatory sanctions available to high value goods dealers, real estate agents, auditors, and accountants, although the Auditors Registration Board may remove an auditor from its registry.

Although, by their terms, violations of the England’s ML Regulations 2003 constitute an offense in England, lawyers in Gibraltar who violate them are exposed merely to disciplinary proceedings pursuant to the Supreme Court Barristers’ and Solicitors’ Rules unless the circumstances independently constitute an offense under the CJO or DTO.

Recommendations and comments

  • Develop and apply strong requirements for customer due diligence for all categories of DNFBPs not subject to the requirements of the FSC-issued AMLGNs.8 This should include provisions requiring ongoing monitoring; obtaining information on the purpose and intended nature of the business relationship; performing enhanced due diligence on higher risk customers or business relationships; and prohibiting the opening of an account or commencing business relationships when an entity cannot provide appropriate CDD information;

  • Address criteria 5.1, 5.2(c), 5.2(d), 5.2(e), 5.5.2(b), and 5.7 in law or regulation;

  • Ensure that DNFBPs are subject to adequate requirements for PEP clients or business relationships;

  • Address the risks associated with new technologies and non-face-to-face business;

  • Develop requirements for DNFBPs in the area of large, complex or unusual transactions to ensure that these are reviewed, with findings set in writing and kept for five years; and

  • Address the lack of sanctioning ability for DNFBPs, other than TCSP, in the area of conducting appropriate customer due diligence.

  • Finalize the development and release of the regulations for the Conduct of Business (Fiduciary Services)

  • Finalize the new licensing agreement for the sole land based casino and include specific observance to the need to comply with the AMLGNs.

  • Afford priority to the implementation of the new Gambling Ordinance and resourcing of the GRA. The GRA should also give priority to releasing a Code of Conduct under its powers specifying the GRA’s expectations for license holders to meet the legal AML/CFT obligations. Furthermore reference to, and adherence with, such a Code of Conduct should be mandatory in all licensing agreements for the gambling sector.

article image

3.2. Suspicious transactions reporting (R.16) (applying R.13 to 15, 17 & 21)

Description and analysis

R. 13

Section 2.7, infra, sets out the legal obligations for making suspicious transaction reports for both money laundering and the financing of terrorism. For money laundering, reporting obligations are found under the CJO and the DTOO. For the financing of terrorism, the key provisions are found in the Terrorism Order 2001 and the Terrorism Ordinance 2005. While the CJO, DTOO, and Terrorism Ordinance 2005 require reporting by both financial institutions and DNFBPs, the Terrorism Order 2001 is more limited and applies only to banks and building societies. There are no thresholds for reporting, so all entities including DNFBPs must report regardless of the size of the transaction or activity. By operation of Sections 7-8 of the Criminal Offenses Ordinance (COO), the reporting obligation extends to suspicions of attempted transactions. There is no specific requirement to file on attempted transactions. Instead, the requirement is for any suspicious transaction regardless of the stage that the transaction is in.

The HVD Guidance Notes also provide detail on requirements for reporting. While this is not an enforceable document, it provides useful information to many entities that fall under the DNFBP umbrella.

There are specific exemptions in the CJO for reporting by notaries, independent legal professions, auditors, external accountants and tax advisors when it involves defined client privilege. This is covered in Section (2A)(2) of the CJO. According to this section, a notary, independent legal professional, auditor, external accountant or tax advisor is exempt from having to report “before, during or after” judicial proceedings, where these individuals are “performing the task of defending or representing that client in, or concerning judicial proceedings, including advice on instituting or avoiding proceedings.”

As noted in Section 2.7, infra, there is some confusion over where disclosures should be sent and this confusion was echoed in discussions with representatives from the DNFBP sector. All suspicious transaction reports related to money laundering are to be sent to the GFIU, although the relevant legislation (CJO, DTOO and TOO) indicate that disclosures should be made to a police or customs officer. The HVD Guidance Notes contain the clearest explanation of all the documents reviewed in Gibraltar about where to send suspicious transaction reports related to money laundering. In footnote 1, HVDs are told that they will be regarded as being compliant with the provisions of the CJO if “a disclosure is made to an officer in the GFIU.” Despite this, however, there was still confusion and a general lack of awareness within the DNFBP sector about where reports should be filed.

Reports related to terrorism must be provided to the governor (Terrorism Order 2001) or the police (Terrorism Ordinance 2005).

There is no provision in the AML/CFT laws for the legal, accounting or notary professions to send suspicious transaction reports to a Self Regulatory Organization (SRO). For casinos, Sections 2 and 3 of the new Gambling Ordinance 2005 requires a licensed gambling activity to make disclosures to the Gambling Commissioner. Once this legislation is in placed into effect, reports will be required to be sent to the Gambling Commissioner, the Commission is required to send the disclosure to the GFIU and any other law enforcement authority in Gibraltar, as appropriate. Subject to the specific exemptions in the CJO for legal protection of client privilege, lawyers in Gibraltar are under the same obligation as any other “relevant financial business” under the CJO and as any other person under the DTOO and the TO, to file suspicious transaction reports.

The basis for protection under the law for DNFBPs making disclosures is the same as that provided for financial institutions. The issue of possible court disclosure of an STR in exceptional circumstances is common to the DNFBPs and financial sectors. The assessment team was advised that judicial authority for such release would be unlikely. No concern as to this approach was made to the assessment team. Disclosures made in good faith are afforded protection from actions for breach of release of information imposed by statute or otherwise.

The requirement to report also extends to transactions “thought among other things to involve tax matters.” The AMLGNs, which signal that without actual knowledge that a tax offense is being committed no report is required, do not apply to lawyers. There is no specific requirement to file an attempted transaction.

Section 1.5 provides statistics on the volume of reports made to the GFIU. The staggered inclusion of various DNFBP categories to the reporting requirements of the CJO probably explains the dominance of the TCSP and lawyer sectors. The strong supervisory presence of the FSC probably also contributes to the comparatively high filing rate from the TCSP sector. On face value, the casino sector appears to be under-filing and the influence of future educational programs by the GFIU and the anticipated but as yet not implemented regulatory function of the Gambling Commissioner will need to be evaluated.

R. 14 for DNFBPs

Statutes that require reporting of suspicious transactions in Gibraltar contain provisions that protect persons who make such disclosures from criminal and civil liability, provided such disclosures are made in good faith. See CJO (Section 2(3)(a)), and DTO (Section 57(3)). (The Terrorism Ordinance does not contain such a provision, but Section 2(3)(a) is written with sufficient breadth to cover any disclosure made pursuant to the TO.) “Persons” include but are not limited to financial institutions and their directors, officers and employees. The protections extend to all situations involving disclosures, without regard to whether the disclosing persons knew precisely the nature of the suspected underlying criminal activity, or whether any criminal activity in fact occurred.

In order to be protected from potential criminal liability for continuing to deal with funds, accounts, clients, or arrangements related to the transaction with respect to which a disclosure was made, however, disclosing parties must obtain the consent of a police or customs officer. See CJO (Section 2(3)(b)), DTOO (Section 56(5)), TO (Section 9). A fuller discussion of “consent” and “non-consent” letters is included at Section 1.5 infra.

Gibraltar law also prohibits all persons—not just financial institutions or persons who make disclosures of suspected activity—from “tipping off.” Tipping off is defined as disclosing to any person information or any other matter likely to prejudice an investigation or proposed investigation, or an investigation which might be conducted following a disclosure. See CJO (Section 5), and DTOO (Section 58(1)). (The Terrorism Ordinance has no comparable provision, but tipping off suspected terrorist financing would clearly be covered by the CJO.) The tipping off provisions include an exception for providing professional advice in connection with ascertaining the legal position of a client, or performing the task of defending or representing that client or any other person in, or concerning, judicial proceedings.

The AMLGNs and HVD Guidance Notes also make reference to the offence of tipping off and provide guidance on how to avoid inadvertent tipping off to clients.

There is no specific statutory or regulatory provision ensuring that the names and personal details of staff of financial institutions that make disclosures are kept confidential by the GFIU, but as law enforcement officers working as part of an intelligence unit, GFIU staff are subject to police disciplinary regulations and Official Secrets Act.

Lawyers in Gibraltar are obliged to protect the confidences of their clients. This obligation attaches at the outset of the relationship between the lawyer and client, which may be at the initial consultation. Lawyers met by the assessors, however, were unanimous in the view that a good faith disclosure of an STR created no conflict with their obligations to protect the confidences of their clients. Indeed, as indicated in the GFIU’s statistics, lawyers have been filing STRs.

R. 15 for DNFBPs

Section 9(1) of the CJO addresses the nature and scope of programs that both financial institutions and DNFBPs must have in place to combat money laundering. These programs include identification procedures, record keeping procedures, internal reporting procedures, and “such other procedures of internal control and communication as may be appropriate for the purposes of forestalling and preventing money laundering.” An MLRO must be appointed under Section 18 of the CJO and that person must have “reasonable access to other information which may be of assistance to him and which is available to the person responsible for maintaining the internal reporting procedures concerned.” There are no similar requirements for the financing of terrorism. Section 9(1)(b) also covers requirements for employee training and indicates specifically that employees must be trained to recognize suspicious transactions.

What is not covered by the CJO under Recommendation 15 includes the following:

  • A requirement to maintain an adequately resourced and independent audit function to test compliance with policies, procedures and controls.

  • A requirement for DNFBPs to put in place screening procedures to ensure high standards when hiring employees.

The AMLGNs were updated during the assessment and now include the requirement for an audit/compliance check function. However, this provision is unlikely to have taken effect, particularly in the DNFBP sectors that are covered, namely TCSPs and casinos. There are only limited provisions on the screening of employees and these do not apply to either the TCSP or the online gaming business. Under the existing Gaming Ordinance 1958, there are no provisions to address screening of employees. For trust and company service providers, under Section 12 of the Conduct of Business Regulations (Financial Services), licensees are required to ensure their staff are suitably trained and an appropriate internal organization exists.

For lawyers the stated purpose of the Money Laundering Regulations 2003 (at 3.2) of the Law Society of England and Wales is to enable suspicious transactions to be recognized and reported to the authorities and to ensure that an audit trail is available if a solicitor, client or other party to a transaction becomes the subject of an investigation. Lawyers in Gibraltar are required to file an annual report certifying compliance with solicitors’ accounts rules, which include an independent audit requirement. Such audits include spot checks and authentication, to ensure lawyers comply with their obligations to use client accounts only for client purposes. See Barristers and Solicitors Rules, and Solicitors’ (Practicing Certificate Rules), and Solicitors’ Accounts Rules. These audits are not, strictly speaking, checking for compliance with money laundering and terrorist financing obligations.

Section 3.56 of the Law Society regulations requires a nominated person to receive reports of suspected money laundering. Section 3.59 requires that officer to be of sufficient seniority and in a position of sufficient responsibility to enable him or her to have access to all of the firm’s client files and business information. The Law Society regulations include extensive provisions on training.

The HVD Guidance Notes provide examples of specific controls that should be considered by HVDs. However, the audit function and screening procedures are not addressed. No further guidance has been issued for DNFBPs.

R.17

The criminal sanctions for non compliance with the laws’ provisions for failure to report, tipping off and internal controls applies to all DNFBPs in the same way as for financial institutions. See prior discussions on sanctions in Section 2.10 and 3.1 above. TCSPs can also be sanctioned by the FSC through issuance of conditions on the license; there are also more informal mechanisms such as exchanges of letters between the FSC and the licensees. There also are licensing sanctions (suspension and cancellation) for the gambling sector. There is, however, little or no sanctioning power available to be applied against other DNFBPs except for general disciplinary action arising out of professional misconduct by lawyers and the revocation of auditors’ registration by the Auditors Registration Board. These are not, however, sanctions that are specific to non compliance with the preventative provisions of the CJO or disclosure provisions of the DTOO or TO.

R. 21 for DNFBPs

Requirements to pay special attention to business relationships and transactions with persons and companies “from countries which do not or insufficiently apply the FATF Recommendations” are only found in the AMLGNs; there are no provisions in the CJO. Because the AMLGNs cover only two sectors within the umbrella of DNFBPs, only TCSP and the gambling sector are subject to requirements for Recommendation 21. The Law Society regulations are silent with respect to recommendation 21.

The AMLGNs address the requirements regarding dealings with relationships and transactions with persons from countries with insufficient AML measures and systems in Sections 4-155 to 4-159. A full discussion of those provisions vis-à-vis Recommendation 21 can be found in Section 2.6 of the report. This is a key issue in Gibraltar, as the vast majority of its business comes from clients residing outside of Gibraltar.

Recommendations and comments

  • Consider specifying time limits on consent and non consent letters to assist disclosing businesses to avoid inadvertent tipping off to customers;

  • Remove the current s 33(1)(2)requirement in the new Gambling Ordinance that requires gambling licensees to in the first place make disclosures of the alleged money laundering to the Gambling Commissioner as opposed to the GFIU. This is necessary to maintain continued integrity and confidence in the confidentiality of the disclosure system.

article image

3.3. Regulation, supervision and monitoring (R.17, 24-25) (applying criteria 25.1, DNFBP)

Description and analysis

All categories of DNFBP must meet the standards established in Sections 9 to 18 of the CJO, which cover key preventative measures, together with the obligation to make disclosures of suspicion of money laundering or financing of terrorism. Despite being included in the CJO list, it is important to note that not all of the categories of DNFBPs are subject to regular oversight on these standards.

The GOG has yet to designate responsibility for monitoring of compliance with AML/CFT obligations for all the categories of DNFBP. Sanctioning DNFBPs for problems associated with AML/CFT compliance is most extensively covered in the CJO, which allows for fines, indictments, and imprisonment. However, regulatory style sanctions only apply to the TCSP via the FSC, and in the license agreements for internet based casinos, but do not exist or are extremely limited for the remaining sectors.

There does not appear to have been a process undertaken to assess the relative level of ML/TF risk associated with all the DNFBP sectors and making a conscious decision as to the level of monitoring that is appropriate to that level of risk. Accordingly no specific monitoring authority has been allocated for those DNFBP categories not regulated by the FSC or the new GRA.

Trust and Company Service providers (TCSP) are subject to a significant level of supervision. TCSPs are supervised by the FSC, which is the authority appointed under Section 2(1) of the FSC Ordinance of 1989. The FSC has access to the same regulatory and supervisory sanction and enforcement type actions that it commonly uses for its regulatory and supervisory responsibilities for the banking, insurance and investment sectors. The FSC’s Fiduciary Services (FS) Department has functional responsibility for TCSP within the FSC. The FS Department has increased its staffing from 1.5 at the time of the previous IMF assessment to 5, and the FS management has considerable experience in the supervision of this sector. In addition to the AMLGNs, additional regulatory requirements for AML are being developed through specific Conduct of Business Regulations (Fiduciary Services). The FSC has also provided feedback to all of its licensees, including the TCSPs, through a recent newsletter that highlighted findings and trends stemming from a series of on-site visits that have been recently completed, which focused on AML/CFT issues. The FSC AMLGNs and website also provide a valuable on-line resource for all relevant entities seeking to gain further information on their obligations under the law, including useful description of possible money laundering and terrorist financing risks.

The Department averages between 15 and 20 full group on-site risk assessments per year. Depending on the risk profile of a TCSP follow on site assessments would on average occur within a 4 year cycle. As part of their license conditions, licensees must provide an annual, self assessment based assurance of compliance with the conditions of their license, which include compliance with relevant FSC enforceable guidance such as the FSC’s AMLGNs. The approach to supervision of the TCSPs is considered appropriate for the inherent vulnerabilities associated with such businesses.

The FSC maintains a sanctions enforcement database. However no separate statistics are kept for supervisory remedial action or sanction actions specifically taken for AML/CFT. The database mostly relates to enforcement relating to general unlicensed activity, but the FSC has also pushed firms that it deems to be high risk to improve their compliance systems. The FSC may issue directions for remedial action and may also revoke or place restrictions on licenses.

The Finance and Development Secretary (FDS) is the existing authority for the licensing and regulation of the gambling sector. This sector includes both land and internet based licensees; the sector is largely focused on internet gaming, as there is only one small land-based casino. The FDS’s main sanctioning power is to approve and remove licenses to conduct gaming and gambling activity. The terms of the existing licenses require the license holders to comply with the requirements of the AMLGNs issued by the FSC. The FDS does not have the resources to undertake any on-site monitoring for compliance, although the FDS may authorize the investigating officer from customs to undertake inspections, if necessary. The assessment team understands that such inspections would relate to customer complaints, for confirmation of business turnover, or activity outside of terms of license; the authorities stated that no inspections have taken place to assess compliance with AML/CFT obligations. As part of its licensing process, the FDS undertakes due diligence that includes background checks on the applicant’s beneficial owners and management through enquiry to domestic law enforcement and overseas supervisory authorities.

The Gambling Ordinance 2005 was enacted in December 2005, although it is not yet in effect. The assessment team was advised that implementation is expected by May 2006.9 The Ordinance establishes a new and separate Gambling Commissioner, which will be the Gibraltar Regulatory Authority, (GRA) and a Gambling Ombudsman. Licensing power will be placed at the minister’s discretion. Under Schedule 1, Section 4, of the new Ordinance, the Licensing Authority “may take into account to such an extent as may be appropriate” issues such as “the proposed control measures and procedures to seek to identify money laundering and other suspicious transactions.” The lack of mandatory requirement in this provision is a concern, and the discretion to take or not actions in the full listing under Section 4 should be removed.

The GRA, which is also responsible for the supervision and regulation of other ordinances including Data Protection and Telecommunications, is provided with the power to establish codes of practice, which would include guidelines on the prevention of money laundering. The new Ordinance provides an offence for non-compliance with the terms of the license which will include reference to Codes of Practice issued by the GRA. The authorities from the GRA indicated that the implementation of the GO will follow the recruitment of appropriately skilled regulators with industry knowledge and in establishing an appropriate supervisory framework. Provided the staffing can be secured, the GRA’s stated intention and enacted legal powers also appear appropriate.

Independent legal professionals, including notaries and tax professionals operate under a variety of regimes.

The traditional legal professions of solicitors and barristers are fused in Gibraltar. The Bar Council is a professional association and membership is not a requirement in order to practice law. The Chief Justice’s Office has oversight of the professional conduct of lawyers and barristers via the medium of a professional disciplinary committee. No specific guidance has been issued to the legal profession with respect to the AML/CFT obligations under the CJO.

Lawyers in Gibraltar are licensed and subject to discipline pursuant to Section 33 of the Supreme Court Ordinance, which incorporates by reference the rules of court in force in England. Accordingly, Gibraltar lawyers are required to comply with the Money-laundering Regulations of 2003 issued by the Law Society of England and Wales. The regulations apply, among other things, to “notaries and other legal professionals acting on behalf of their clients in any financial or real estate transaction.” This is defined to include legal transactional services, insolvency and tax services, financial services, and company and trust services. (In Gibraltar, the latter is regulated directly by the FSC, as discussed elsewhere.) Persons carrying on covered business are required to establish internal control procedures, designate a “nominated officer” to receive internal reports of suspicious circumstances, and establish procedures for training, client identification, record keeping, and the internal reporting of knowledge or suspicion, or reasonable grounds for knowledge or suspicion, that a person is engaged in money laundering. (See Regulation 3, citied in Law Society of England and Wales, Guide Online, Section 3.16.) Violations of the Law Society’s money laundering regulations leave attorneys exposed to disciplinary proceedings pursuant to the Supreme Court Barristers’ and Solicitors Rules.

Lawyers in Gibraltar are required to file an annual report with the Chief Justice certifying compliance with solicitors’ accounts rules, which include an independent audit requirement. Such audits include spot checks and authentication to ensure lawyers comply with their obligations to use client accounts only for client purposes. See Barristers and Solicitors Rules, and Solicitors’ (Practicing Certificate Rules), and Solicitors’ Accounts Rules. The auditors do not specifically address compliance with the U.K. Law Society’s AML rules.

Notaries in Gibraltar are licensed for life by the Archbishop of Canterbury. Their functions are limited to acting as a commissioner for taking oaths, verifying the bona fides of documents, etc. They do not prepare for or carry out transactions for clients. Thus, the FATF recommendations are not applicable to notaries in Gibraltar.

There are three categories of auditors approved to work in Gibraltar and on Gibraltar registered businesses by virtue of registration with Auditors Registration Board (ARB). The category 3 auditors are not subject to the same professional qualification standards of other categories and are not empowered to sign accounts. The ARB is a statutory body answerable to the Chief Minister. The Financial Services Commissioner chairs the ARB and also appoints members to the Board. The FSC provides secretariat services to the ARB. Gibraltar has two societies that represent the auditing profession. The Society of Chartered and Certified accountants (GSCCAB), and the Gibraltar Accountants and Auditors Association, which represents category III auditors. Neither association has been allocated responsibility for monitoring members’ compliance with AML/CFT obligations. GSCCAB is active in providing specialist training courses for members as part of professional development process. Neither association has issued guidance to its members on AML/CFT matters.

The ARB has powers to remove people from its registry, although it does not have resources to conduct inspections. The ARB is currently considering a proposal to introduce yearly self assessment of practice and compliance. The industry is divided between the large multinational chartered accounting firms which provide accountancy, auditing and tax advisory or preparation services, and smaller scale practices. The assessment team was advised that the larger firms follow their internal group policies on AML/CFT and have in place appropriate systems of internal controls and governance structures. Group based internal audits of AML/CFT programs in such firms is normal practice.

There is no registration or licensing of the accountancy profession in Gibraltar, although practitioners qualified in the UK would be subject to on going monitoring by the UK’s professional body. No specific guidance has been provided to the sector.

Real estate agents in Gibraltar are not subject to any licensing or registration requirements. No monitoring authority exists and past attempts to establish an association or self regulatory body have proved unsuccessful. There are no sanctions for unlicensed activity. No sector specific guidance has been provided to the sector.

Dealers in any business that accept cash of €15,000 or more (HVD Dealers) include the narrower FATF category for dealers in precious metals and stones. The GOG issued specific guidance on AML issues to this sector in April 2005. The guidance is for information purposes only and is not enforceable. Due to the scope of the HVD definition, a wide range of businesses are potentially covered by the provisions of the CJO, for example car dealers, jewelers, yacht vendors. The Chamber of Commerce and Gibraltar Federation of Small Business were involved in the consultation process for the Guidance Notes; however, no monitoring authority has been determined for this sector.

Role of the GFIU:

The GFIU does not have a supervisory role. It provides guidance on procedures for making disclosures of suspicion and indicators of suspicious transactions, and Although GFIU staff have made educational visits to various car dealers, effective contact with all the sectors not regulated by the FSC, has yet to be established. No other guidance or guidelines have been produced The assessment team was advised that GFIU intends to conduct an outreach program to all DNFBP sectors during 2006

The GFIU is designated as the administrative unit to which disclosures of suspicion are to be provided. Fuller discussion of issues associated with the clarity of this role is provided in Section 1.5. The GFIU has not been allocated any powers of sanction including for non compliance associated with non, late or incomplete reporting by businesses required to make disclosures of STRs. Similarly, although the GFIU is administratively involved in advising non consent to proceed notifications, the GFIU does not have any authority to apply any sanctions should the notifications not be complied with.

The GFIU produces a periodic newsletter; two have been developed in the last six months.. For sectors covered by the FSC’s AMLGNs, there is a sample report in the annex of those guidance notes. The GFIU acknowledges all disclosures it receives and provides feedback on the reports and updates on the status of the investigation, where appropriate, to financial institutions and DNFBPs. To date, the GFIU has had limited to no contact with the DNFBP sectors, other than with the FSC-regulated TCSPs licensees and car dealers. Some indirect contact and interaction has been afforded through GFIU presentations to the Gibraltar Association of Compliance Officers, although the assessment team understands that feedback on typologies associated with the non TCSP categories has not occurred. The Head of GFIU stated that an educational program is being devised and will be rolled out during 2006.

Recommendations and comments

  • Extend, in law or regulation, the provisions for internal control systems to cover the financing of terrorism in addition to AML;

  • Address the need for an audit function to test compliance with policies, procedures, and controls in DNFBP entities, not subject to the FSC issued AMLGNs;

  • Require screening procedures in DNFBP entities not subject to the FSC issued AMLGNs, to ensure high standards when hiring employees;

  • Extend the requirements related to dealing with clients in jurisdictions that do not or insufficiently apply the FATF Recommendations to all DNFBPs.

  • Consider a more proportional level of regulatory sanction for the non gambling and non TCSP categories of the DNFBP sector;

  • Determine, implement and publicly declare the appropriate monitoring and sanctioning authority to be responsible for monitoring compliance with AML/CFT obligations by those categories of the DNFBP sector not subject to supervision by the FSC, FDS or future GRA.

  • Make mandatory the requirement for the Gambling Licensing Authority to include in any license agreement that compliance with the AMLGNs and any subsequent Codes of Conduct that may be issued by the Gambling Commissioner, is a condition of license.

  • Amend the Schedule 1, Section 4, of the Gambling Ordinance 2005 to make mandatory requirements identified in Subsection (a) through (k) and also that compliance with the AMLGNs and future Codes of Conduct issued by the GRA is an explicit condition of license;

  • Implement the Gambling Ordinance 2005 as a priority;

  • Ensure that the GRA is allocated appropriate budget, staffing and other resources to properly meet the requirements established under the new Gambling Ordinance;

  • Develop sector-specific guidelines on AML/CFT for DNFBP entities not covered by the AMLGNs and the HVD Guidance Notes, which cover both AML and CFT;

  • Ensure that the FIU provides guidance to all sectors regarding reporting requirements and typologies;

  • Identify and designate an appropriate authority to monitor DNFBPs (other than TCSP and the gambling sector) in the area of AML/CFT. Given the size of the jurisdiction consideration to using the FSC’s expertise may be appropriate; and

  • Ensure that designated competent authorities (once designated) for DNFBPs are represented on the domestic Enforcement Committee.

article image
article image

3.4. Other non-financial businesses and professions—Modern secure transaction techniques (R.20)

Description and analysis

Rather than limiting the requirements in the CJO to just the categories established under the FATF definition of DNFBP, the government of Gibraltar has extended the provisions to include all dealers in high value goods whenever a payment is made in cash and in an amount of €15,000 or more. This is addressed in Section 8 of the CJO and therefore subjects those dealers to a series of requirements for AML/CFT. In addition, the government developed the HVD Guidance Notes for those dealers; while the Guidance Notes are for informational purposes only, they provide a useful tool for the dealers.

Gibraltar has a modern financial services sector. Gibraltar’s banks are subsidiaries or branches of major international banks, all of which use modern and secure techniques for conducting financial transactions. Other indicators include: the rapidly growing internet gaming sector which makes extensive use of recognized banking credit and debit card facilities, the existence of a modern and well regulated financial sector and the recent introduction of increased security checks to prevent identity fraud for credit cards.

Recommendations and comments

article image

4. LEGAL PERSONS AND ARRANGEMENTS & NON-PROFIT ORGANIZATIONS

4.1. Legal Persons-Access to beneficial ownership and control information (R.33)

Description and analysis

Gibraltar companies. All Gibraltar companies are governed by Gibraltar company law, which is based on the United Kingdom’s Companies Act 1929, as updated by local statute and European Union company law directives. Legislation in Gibraltar relating to companies was recently consolidated into an updated version of the Companies Ordinance 1930.

Gibraltar generally provides for the incorporation of public companies limited by shares or guarantee and private companies limited by shares or guarantee. It is also possible in Gibraltar to incorporate an unlimited company with share capital, a European Economic Interest Grouping, and a protected cell company (limited to insurance companies with permission from the FSC). The vast majority of the approximately 25,000 active companies in Gibraltar are private companies, defined as having not more than 50 shareholders. The number of active companies in Gibraltar has declined by approximately 5,000 since 2001.

Section 14 of the Companies Ordinance all companies incorporated in Gibraltar to be registered. Companies House Gibraltar has a staff of 20 people (including several experienced company formation lawyers) and serves as the Registrar of Companies. Companies House is obliged by law to keep a public record of the ownership of the shares of all companies. This information is updated annually or whenever a change of ownership of the shares takes place. Gibraltar companies also have to file annual returns (Sections 153-156), which include the names, nationality, profession, and address of shareholders. The Companies House has no investigative powers and generally takes documents at face value. However, the Companies Ordinance provides that documents filed with the Registrar may be admitted into evidence in proceedings, so filers have an incentive to file accurate information. Companies House maintains an electronic data base, which is available on-line to anyone who wishes to subscribe. The data base is searchable only by company name or company number, however, and not, for example, by the names of directors, shareholders, registered agent, address, etc.

If a company does not file an annual return it may be struck off the register and its property confiscated. Companies House receives regular requests from financial institutions for certificates of good standing with respect to Gibraltar companies. These requests are apparently generated by financial institutions’ CDD procedures. Companies House responds promptly to these requests, and charges a small fee for doing so. Companies House reported that in nearly half of such cases, however, they are unable to provide such a certificate in the first instance because the company records are not up-to-date. Typically, the problem is cured and a certificate issues following a subsequent inquiry. But Companies House has reportedly recently taken more initiative in striking companies for failing to file returns.

Gibraltar law allows for nominee shareholders and corporate directors. Directors do not have to be residents of Gibraltar. Bearer shares are not permissible, but “share warrants” to bearer (which allow shares to be redeemed to their holder) are. Officials stated that few share warrants to bearer are issued and outstanding and, almost invariably, they are immobilized (i.e., deposited in Gibraltar or elsewhere with a bank on behalf of approved persons). As part of its commitment to the OECD in connection with the harmful tax competition initiative,10 the government intends to repeal the legislation relating to share warrants to bearer.

All Gibraltar companies must have a registered office in Gibraltar. Foreign companies doing business in Gibraltar or with a place of business in Gibraltar must register with the Registrar and comply with the same disclosure requirements as apply to Gibraltar companies. All companies must maintain in their registered office a Register of Members that includes the name, address, nationality and profession of all shareholders. This Register of Members is open to public inspection.

Companies accounts are required by the Companies (Accounts) Ordinance 1999, Section 1(2) and 3(1) of which require that such accounts must give a true and fair view of the companies assets, liabilities, financial position and profit and loss. Companies must file accounts with the Registrar in accordance with Gibraltar legislation transposing relevant EU Directives, but filings vary in complexity based on the type and size of the company.

Partnerships. The Limited Partnership Ordinance 1927 requires registration of the name, nature of business, place, name of partners, terms of partnership, statement of limitations, and sums contributed to a limited partnership. If and as this information changes, the registry is required to be updated. Limited partnerships are also registered at the Companies House. Companies limited by shares may—if the Registrar is satisfied that they qualify as a limited partnership—register as a limited partnership. Limited partnerships are required to file annual accounts with the Registrar, as well. Simple partnerships are not required to register.

Regulation of Gibraltar trust and company service providers. Gibraltar has been a pioneer in the supervision and regulation of Professional Trusteeship and Company Management service providers. Pursuant to Schedule 3 of the Financial Services Ordinance 1989 only persons licensed under the Financial Services Ordinance can form and manage companies in Gibraltar. Schedule 3 of the FSO defines company management as:

  • Undertaking or holding out by way of business as undertaking company or corporate administration including without limitation any one or more of the following:

    • The formation, management or administration of companies, partnerships or other unincorporated bodies whether incorporated or established in or under the laws of Gibraltar or elsewhere;

    • The provision to any one or more companies, partnerships or other unincorporated bodies, whether incorporated or established in or under the laws of Gibraltar or elsewhere, any one or more of the following:

      • Corporate or individual directors;

      • Individuals or companies to act as company or corporate secretary or in any other capacity as officer of a company, partnership or other unincorporated body other than a director;

      • Nominee services, including (without limitation) acting as or providing nominee shareholders; and

      • Registered offices.

  • Acting as director of any company or unincorporated body, or as partner of any partnership, whether incorporated, registered, or established in the laws of Gibraltar or elsewhere.

Persons who provide these services for strictly local Gibraltar businesses are exempt. Professional trusteeship is defined as the holding out as a professional trustee for profit or reward, or soliciting for business as such, in or from within Gibraltar. Eighty-two groups of companies are currently licensed to provide company management and professional trusteeship services in Gibraltar.

Section 9 of the FSO also provides criteria and standards that must be taken into consideration when the application is being considered. The FSO also provides for the creation of a set of supplementary Financial Services Regulations. These regulations cover such issues as conduct of business, accounting and financial, penalty fees, advertising licensing fees and classification of business. Applicants are required to be “fit and proper” (i.e., technically competent and having integrity), and involve at least two competent individuals in directing the business. All licensees must have a physical presence in Gibraltar. A multiple-layered internal FSC approval process ensures that there is no opportunity for undue influence over the decision.

After a license has been granted, the licensee is required to advise the commissioner of any material changes to the information given at the time of licensing. So, for example, changes of control, appointment of new directors and managers (for which consent is required from the commissioner) are all captured within the on-going supervisory process. Licensees must submit audited financial statements and their auditors must report to the Commission on compliance with specified regulatory obligations.

Licensees are required by the FSC to conduct customer due diligence and “know-your-customer” procedures, and to report suspicious transactions pursuant to the CJO and DTO, on the same terms as banks and other financial institutions. Of particular note, trust and company service providers are required as a condition of doing business to obtain true beneficial owner information for all clients. The specific requirements are set forth in Section 2.2, infra. Licensees are supervised for AML/CFT compliance by a specialized fiduciary group that conducts regular on-site visits and training programs. Pursuant to its powers under various supervisory ordinances, the FSC may review all relevant documents maintained by licensees. Similar powers exist for trusts. Draft regulations for the conduct of fiduciary services business are under consideration. If promulgated, these regulations will place specific requirements on trust and company service providers for internal controls and customer due diligence and will continue to require licensees to abide by the AMLGNs.

The most profitable aspect of Gibraltar’s company service industry involves serving as corporate directors. Approximately 80 percent of the companies under management in Gibraltar are incorporated elsewhere. Most of these are incorporated in the British Virgin Islands, the Channel Islands, Cyprus, England, Ireland, Israel, and the United States. Some of these jurisdictions’ company laws are not as rigorous as those in Gibraltar. The FSC’s AMLGNs apply equally to Gibraltar licensees acting on behalf of foreign companies, however. Accordingly, industry practice is to apply the FSC’s requirements on obtaining beneficial owner information, etc., equally to business relationships with foreign companies as with Gibraltar based firms. Industry representatives told the assessors that they are particularly cautious when dealing with unusually complex structures, bearer share companies, or other known risks.

As elaborated in Section 2, infra, industry compliance with FSC expectations appears generally to be good, and the FSC staff appears to have identified the higher risk service providers.. It is common for attorneys also to be licensed as trust and company service providers, and to serve as corporate directors, but attorneys who met with the assessment team were universally clear about the AML compliance obligations that flow from their role as a licensee. They were not at all concerned that their professional privilege obligations would interfere with their AML compliance obligations.

Financial institution obligations. As described more fully in Section 2.2, pursuant to the terms of the AMLGNs, financial institutions in Gibraltar may not open or operate a business relationship with any customer without first obtaining beneficial ownership information.

Access to beneficial ownership and control information. As noted above, first line information on company ownership and control is available publicly through the Registrar, Companies House. Limited partnership information is similarly available. The Registrars have no access, however, to the books and records of companies beyond the information that is required to be filed with it, which may or may not include actual beneficial ownership and control information.

The FSC has broad powers as a supervisor to review the records of trust and company service providers, including customer files. FSC staff provided the assessors with a comprehensive checklist of items that, at a minimum, its examiners expect to find in licensees’ files, including files of non-Gibraltar entities under management. The FSC may file an STR with the GFIU, and it can share company files with foreign supervisors as necessary and appropriate under the FSCO.

Gibraltar police and customs generally rely upon production orders issued by the magistrates’ court to obtain company records. See Section 28 of the Magistrates’ Court Ordinance. Such production orders may be crafted broadly, to include information on ownership and control of companies incorporated elsewhere but managed in Gibraltar. These production orders are enforceable through criminal contempt proceedings. They may be challenged as to scope and grounds. Check this with AG. Can information be shared with foreign authorities? In addition, the governor has the authority under Section 12 of Schedule10 of the Companies Ordinance to appoint an inspector to investigate and report on ownership and control of companies formed in Gibraltar, with a principal place of business in Gibraltar, or that has at any time carried on business in Gibraltar. This authority includes broad powers to compel the production of documents, to execute search warrants, to hold persons in contempt for failing to comply. Authorities have used this authority on occasion.

Production orders are often sought with respect to Gibraltar companies through civil applications. These cases often involve allegations of fraud. Recent EU conventions for reciprocal enforcement of judgments has meant that proceedings are usually instituted outside Gibraltar, but that the parties often seek so-called “Norridge Pharma” disclosure orders and “Mareva” injunctions to freeze assets. As noted in Section 5.3, foreign governments have sought and obtained civil injunctions in fraud cases where they can assert a claim against assets held in Gibraltar. According to one lawyer the assessors met, requests for civil injunctions and production orders are likely to be contested, but not difficult to obtain, provided the client can state a reasonable claim.

Recommendations and comments

  • Repeal legislation allowing share warrants to bearer.

  • Ensure that Companies House’s data base is searchable by all relevant fields.

  • Provide the FSC complete access to information on file at Companies House.

  • Allow police and customs to compel production of client information required to be maintained by licensees under customer identification requirements in domestic and international criminal investigations. Use Schedule10 of the Companies Ordinance as a model.

article image

4.2. Legal Arrangements-Access to beneficial ownership and control information (R.34)

Description and analysis

Gibraltar Trusts. There are currently over 2,000 trusts under administration in or from within Gibraltar by a variety of licensed service providers. Types of trusts in Gibraltar include accumulation and maintenance settlements, non-interest in possession settlements, interest in possession settlements, bare trusts, discretionary trusts, and charitable trusts. Trust legislation in Gibraltar does not differ significantly from trust legislation in other offshore and onshore jurisdictions, including the United Kingdom, with English equitable principles being applied by the English Law (Application) Ordinances.

Resident trustees of domestic and foreign trusts are obliged to have information regarding the identity of settlors, protectors and enforcers, and beneficiaries under the relevant trust law and anti-money-laundering legislation. Trustees are required to maintain trust deeds/declarations of trust, letters of wishes, records of trust assets and general correspondence files with regard to all trusts for which they act as trustees. Except for asset protection trusts, trusts are not required to be registered in Gibraltar, though it is possible for them to do so through the Registrar at Companies House if they should so choose.

Asset Protection Trusts. Gibraltar law provides for so-called asset protection trusts under Section 42A of the Bankruptcy (Registry of Dispositions) Ordinance. This provision explicitly exempts certain trusts from the Fraudulent Conveyances Act of 1571, which otherwise forms a basic pillar of the common law of trusts. As a condition for this exemption, trusts must be registered, pursuant to regulations issued by the Financial and Development Secretary, with the FSC. Approximately 70 such trusts are registered. The application for registration must disclose the following information: the name and address of the trustee, the name of the disposition, the date of making of the disposition and the duration thereof, and the country of ordinary residence of the settlor. There is no requirement by law or regulation to disclose the identity of the settlor or the beneficiaries, although under AML/CFT requirements such information must be maintained by a licensed Trust or Company Service Provider

Flee clauses. Gibraltar legislation does not proscribe the inclusion of “flee clauses” in the trust instrument, so trusts in Gibraltar may include such clauses. Gibraltar authorities have indicated previously that although there are no restrictions on any specific events that might trigger a flee clause, there are certain events that were they to be included, would render it unenforceable as contrary to public policy, including if the “flee clause” were triggered by the occurrence of a criminal act or fraud.

Regulation of professional trustees. As noted in Section 4.1, above, though it is possible for private family trusts to be administered in Gibraltar by a non-licensed trustee, professional trustees must be licensed in Gibraltar. Also as described in Section 4.1, licensed trustees are subject to the full range of regulatory controls and AML requirements—including CDD, KYC, and suspicious transaction reporting requirements—as are traditional financial institutions.

The FSC requires three annual returns from professional trustees (and also licensed company service providers): audited annual financial statements, statement of compliance and returns on trusts (and companies) under management. The statement of compliance requires licensees to undertake a review of arrangements in respect of customers’ money and accounts to ensure being the monies are administered appropriately in accordance with relevant regulations. In addition as part of its on site supervisory work, all copies of audit letters to management are reviewed, as are client files to ensure the appropriate CDD documentation and controls are evidenced

Financial institution obligations. As described more fully in Section 2.2, pursuant to the terms of the AMLGNs, financial institutions in Gibraltar may not open or operate a business relationship with any customer without first obtaining beneficial ownership information. This applies equally to trusts.

Access to trust records. The FSC has broad powers as a supervisor to review the records of trust and company service providers, including customer files. FSC staff provided the assessors with a comprehensive checklist of items that, at a minimum, its examiners expect to find in licensees’ files, including trust files. The FSC may file an STR with the GFIU, and it can share trust files with foreign supervisors as necessary and appropriate under he FSCO.

Gibraltar police and customs generally rely upon production orders issued by the magistrates’ court to obtain trust records. Such production orders may be crafted broadly, to include information on settlors, beneficiaries, controllers, and protectors, to the extent such records are maintained in Gibraltar and reasonably necessary for a criminal investigation. The governor has no authority with respect to trusts that is comparable to his authority under Section 12 of Schedule 10 of the Companies Ordinance to appoint an inspector to investigate and report on ownership and control of companies.

Recommendations and comments

  • Abolish or limit asset protection trusts, or failing that require disclosure of the name and address of the settlor in addition to the other information required in the registration application.

  • Amend trust legislation to restrict the use of “flee clauses”; and

  • Consider requiring trusts that hold shares in corporations to disclose the trust settlor, beneficiaries, and/or trustees.

article image

4.3. Non-profit organizations (SR.VIII)

Description and analysis

Gibraltar has regulated charities, corporate and otherwise, since 1964 under the Charities Ordinance (1962) (“CO”). The current number of registered charities is 166. The assessment team was advised that no other forms of non profit organizations are allowed. Ninety-five percent of the charities in Gibraltar are purely local in nature. Charities are permitted to be established in Gibraltar and a Board of Charity Commissioners (the “Board”) has been established under Section 4 of the CO to, among other matters, “promote the effective use of charitable resources by encouraging the development of better methods of administration, by giving charity trustees information or advice on any matter affecting the charity and by investigating and checking abuses.”

Section 6 of the CO requires that a register of charities be established and maintained by the Board. An exception is made in Section 6(4) for both exempt charities and any charity which is accepted by order or regulations. The exemption for charities is listed in Schedule 2 to the CO and includes “(a) any cathedral or collegiate church or any building bona fide used exclusively as a place of meeting for religious purposes; (b) any friendly or benefit society or savings bank.”

For non-exempt charities, Section 6(5) of the CO requires that an application for registration be filed with the Board, including any trust documents or other documents or information that the Board may prescribe. It is usual practice for the Board to require audited accounts prior to approval and to conduct personal interview with the trustees and representatives of the applicant. The Board also requires that a local trustee be appointed for all charities. Applications are thoroughly reviewed under strict parameters by the Board, consisting of a Chief Charity Commissioner, who is a very senior barrister-at-law and Queen’s Counsel, and three other commissioners, one of whom is a chartered accountant. The Board sits three or four times per year. There is also an official complaints procedure whereby any complaint is rigorously investigated by the Board.

The Board has been granted general powers under Section 8 of the CO to institute inquiries with regard to charities, or a particular class or classes of charities either generally or for particular purposes. The Board has the power to require charities to furnish accounts and written statements regarding the matter being reviewed and to attend to give evidence under oath or produce documents in their custody or control which relate to the matter under inquiry. The Board may also keep copies of such documents. Under Section 9 of the CO, the Board has further powers to call for documents, search records and make copies of records or documents from a court, public registry or office of records. Regardless of whether the Board requires that accounts be filed with them, Section 31 of the CO requires that each charity keep proper books of account with respect to the affairs of the charity and prepare a statement of account no less than every fifteen months. It is usual practice for the Board to review the accounts of all charities. The Supreme Court staff act in a secretariat role for the Board.

Annual audits of charities with permanent endowments are required annually by Section 10 of the CO. For other charities, annual statements may be requested by the Board. In practice, all charities are required to file annual audited accounts with the Supreme Court registry and those accounts are perused by a member of the Board. Such audited accounts are lodged with the Supreme Court registry and then passed on to the Board. Where charities may be required to file accounts, these accounts may be required to be audited by an auditor recognized by the Board. In practice all charities provide accounts and the Board requiring audits of these accounts for charities depending on the resources of the charity. The Board reviews all accounts to consider whether the charities are complying with the approved objects of the charity. The intimate scale of Gibraltar also allows the Board members to have an on going appreciation of the work of the charities.

An “official custodian for charities” (“Official Custodian”) is created by Section 5 of the CO and appointed by the governor to act as trustee for charities in various circumstances set out in the CO, including by court order under Section 15. Essentially, the Official Custodian is available if necessary to step in where no other trustee can be appointed or at the discretion of the Supreme Court. In such cases, the Official Custodian is required to keep books and accounts and records and these records must be audited by the Principal Auditor for Gibraltar and a report prepared for the governor on an annual basis.

Under Section 6(3) of the CO, the Board must remove charities from the register where there have been changes in its purposes or trusts or the charity has ceased to operate. Furthermore, under Section 13(1) of the CO, where the original purposes of the gift have been fulfilled, the property can be more effectively used for other purposes or where the original purposes are useless or harmful to the community, the trustee can alter the gift by using the equitable remedy of Cy pres. Should the trustee fail to do so, under Section 15 the Supreme Court may order that the trust property be vested in the Official Custodian. Section 18 of the CO gives the Board further powers to make schemes or alter application of the charitable property.

Pursuant to Section 17 of the CO, the Board may exercise the same wide jurisdiction and powers as the Supreme Court with regard to appointing, discharging or removing charity trustees, establishing a scheme for the administration of a charity, or vesting or transferring property in a charity. Where the Supreme Court orders a scheme for the administration of a charity, it may by order refer the matter to the Board. This section gives wide powers of discretion to the Board to act, where necessary, after it has conducted an inquiry into the charity. Section 19 also gives powers to the Board to move trustees, after inquiry, for misconduct or mismanagement or to protect the trust property. These broad powers would assist the board where they were advised of a possible issue regarding diversion of funds. The Board could stop any transaction, remove the trustee and appoint the Official Custodian. The Board could then apply to the attorney general to take action to freeze the accounts of the charity under UN Order 2001 or the TO.

Overall, the CO provides a solid framework for the supervision of charities by the Board. The requirements for registration of charities with the Board, after an appropriate application and disclosure of material information by the applicant, indicate that the Board is fulfilling its gatekeeper role with regard to the registration of charities. Given the current risk of terrorist financing being sent through religious charities, a review of the exemption in (a) is strongly advised. Adequate legal provisions are in place for ongoing supervision of, investigation of and intervention regarding charities to prevent abuse. Should clandestine diversion of funds be discovered, adequate legal provisions exist for the Board to undertake immediate and effective actions to halt terrorist financing.

The Board members were unaware of the provisions of the FATF’s guidance on the possible abuse of non-profit organizations for terrorist financing purposes. A copy of the Interpretative Note on SR VIII and the Best Practices Paper was provided to the Board during the assessment.

Recommendations and comments

Recommendations

  • Review the current legislation and approval and monitoring process in light of the FATF documents that the assessors provided to the Board.

  • Review, in particular, the current policy of granting a blanket exemption from registration to religious charities.

article image

5. NATIONAL AND INTERNATIONAL COOPERATION

5.1. National cooperation and coordination (R.31 & 32) (criteria 32.1 only)

The government of Gibraltar regularly convenes an interagency “Enforcement Group” to coordinate activity to combat money laundering and terrorist financing. The Enforcement Group is chaired by the Finance Centre Department and comprises GFIU, the RGP, customs, the attorney general’s chambers, and the FSC. Issues recently addressed include FSC training for the regulated sector, GOG consultation with regulated industry on new legislation, GFIU in-house training for the financial sector, reviews of the effectiveness of Gibraltar’s system for combating money laundering and terrorist financing, the AMLGNs, and recent EU directives.

The regulatory and supervisory authorities for the gambling sector are not represented on the Enforcement Committee. There are no designated monitoring authorities for the remaining categories of the DNFBP sector (except with respect to trust and company service providers, which are supervised by the FSC).

The small scale of Gibraltar allows for ready contact at the operational level between the GFIU, GCID, law enforcement and the other relevant authorities. Mechanisms for consultation with industry are available through on going educational processes initiated by the GFIU, FSC and FCD.

Whereas some agencies in Gibraltar—led in this respect by the FSC—have evaluated and can articulate the threat posed to Gibraltar by money laundering and terrorist financing, the government of Gibraltar has not—on its own account—reviewed the overall effectiveness of its AML/CFT regime. Instead, it relies on others—such as outside assessors from the IMF—to assist it in that respect.

Section 22 of the FSC Ordinance covers the concept of confidentiality. The primary concept is that “any information from which an individual or body can be identified and which is acquired by the Commission in the course of carrying out its functions shall be regarded as confidential by the Commission and by its members, officers and servants.” This information is not permitted to be disclosed except in certain circumstances, identified in Section 22(2). Information may disclosed if it “appears to the Commission to be necessary” to enable the FSC to carry out its functions, to prevent or detect a crime, to comply with directions from the Supreme Court, or in the discharge of its international obligations.

As a result of this section of the FSC Ordinance, the FSC has the authority to share information with domestic authorities in specific circumstances. For example, the FSC can and does provide suspicious transaction reports to the GFIU when issues arise. Equally, there are gateways for the FSC to work with the police directly.

The GFIU currently does not provide statistics to the FSC regarding the reporting performance of individual licensees. This information would assist the FSC in its supervisory considerations and program development.

R 32 Overall, agencies should keep better statistics.

Recommendations and comments

Officials demonstrated a high degree of awareness of AML/CFT issues, and universally perceive the threat as one to the reputation of Gibraltar. Gibraltar is not a high crime jurisdiction, and therefore correctly sees the risk of money laundering and terrorist financing as something that comes to it principally from abroad. Gibraltar officials also correctly perceive that international standards have moved quite substantially in recent years. Officials are clearly willing to implement measures to keep pace with international standards as they develop, but they do not see themselves as being particularly well positioned to judge the overall effectiveness of their AML/CFT system as a whole, except to the extent that Gibraltar is able to maintain a reputation as a well regulated financial center.

GFIU to provide statistics of the reporting performance of individual licensees and businesses to the FSC, and in future to the GRA and any other authority that is designated monitoring authority for the DNFBP sectors.

article image

5.2. The Conventions and UN Special Resolutions (R.35 & SR.I)

Description and analysis

The UN Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (the Vienna Convention) has not been extended to Gibraltar. Sections 54-56 of the DTOO do, however, mirror the Vienna Convention’s obligations regarding the money-laundering offense. Furthermore, freezing and confiscating measures are available in some circumstances although not in all circumstances in Gibraltar (see discussion under Recommendation 3). Mutual legal assistance is available where a proceeding has been started in another jurisdiction and where drug offenses are the underlying predicate offense. The MLA (2005) has no countries yet listed in the schedule, so is effectively inoperative. Applications under the Evidence Ordinance are possible in some circumstances (see discussion under Recommendations 36-38). Extradition is possible through United Kingdom extradition acts (see discussion under Recommendation 39). The FSC can provide assistance to its foreign counterparts after due consideration (see discussion under Recommendations 4 and 40). Gibraltar has not fully implemented the requirements set out under SR IX.

The Transnational Organised Crime Ordinance (2006) came into operation on April 20, 2006, after the mission. The UN Convention against Transnational Organized Crime (the Palermo Convention) has now been implemented. (For a discussion of the provisions that Gibraltar has partially or completely implemented, see discussion above of the implementation of the provisions of the Vienna Convention). In addition to these requirements, Gibraltar also has a regulatory and supervisory system in place for banks and some non-bank financial institutions (see discussion for Recommendations 5, 10, 28, and 29).

The UN International Convention for the Suppression of Financing of Terrorism (“ICSFT”) has not been extended to Gibraltar. The TO implements Council Framework Decision 2002/JHA on combating terrorism, which also draws from the convention in question. TO implements JHA on combating terrorism. It also implements the ICSFT. (For further discussion on implementation of measure that match requirement in the ICSFT, see discussion at SR II).

UNSCR 1267 and 1373 and successor resolutions are implemented in Gibraltar by the UN Order and the Al-Qaida and Taliban (UN Measures) (Overseas Territories) Order 2002. The Attorney General of Gibraltar has invoked the UN Order on two occasions to freeze funds suspected of being connected to specific terrorist incidents.

Recommendations and comments

  • Request that the Vienna and ICSFT Conventions be extended to it at the earliest possible occasion.

article image

5.3. Mutual Legal Assistance (R.32, 36, 37, 38, SR.V)

International cooperation on mutual legal assistance is particularly important in the case of Gibraltar, because it is a small jurisdiction whose economy depends in large measure on its offshore financial services industry. Any country can request and obtain at least a basic level of mutual legal assistance from Gibraltar through letters rogatory. Provided it is acceptable for the requesting country to do so, such letters can be sent directly to the attorney general; they do not need to be routed through HM Foreign Office in London or the governor. Through creative application of a number of statutory provisions, Gibraltar has been able to provide apparently adequate mutual legal assistance in several AML/CFT investigations, prosecutions, and legal proceedings. Both prosecutors and police and customs agents—and their representatives at the GFIU—recognize the importance of providing effective assistance, have good informal working relationships with their counterparts abroad, and have demonstrated a willingness to assist foreign authorities in navigating the Gibraltar legal system. Gibraltar does not deny assistance on the basis that a request involves a fiscal element.

As explained more fully below, however, there is room for improvement in Gibraltar’s mutual legal assistance regime in a few significant areas. First, with respect to countries outside the EU, legal assistance during the investigative stage prior to formal commencement of “proceedings” is limited to drug related cases. Also, except in drug-related cases, the law of Gibraltar provides no power to the authorities to secure restraint or charging orders against secure proceeds of crime during the pendency of proceedings, or to detain suspect cash detected at the border. Finally, although the authority to do so was provided in the CJO more than ten years ago, the governor has failed to promulgate an order listing countries whose non-drug related confiscation orders may be registered and enforced in Gibraltar. The government has taken or is planning to take steps to address each of these issues, as explained more fully below.

Implementation of the Schengen Agreement. Gibraltar has implemented the Convention for implementing the Schengen Agreement of 14th June 1985 through the Mutual Legal Assistance (European Union) Ordinance. This statute provides the broadest and most flexible powers to Gibraltar authorities in providing mutual legal assistance in the context of working with EU member states. The only notable limitations on Gibraltar’s ability to provide assistance under the MLA (EU) Ordinance are: (a) that except for offenses relating to excise duty, value added tax or customs duties, “offenses” under the ordinance are defined to exclude fiscal offenses; and (b) that the search powers of Gibraltar’s Criminal Procedure Ordinance may be invoked under this ordinance only in cases of dual criminality. Gibraltar authorities have stated that this latter limitation is inherent in the underlying 1958 Council of Europe Convention on Mutual Legal Assistance that forms the basis of the Schengen Agreement, and thus that the limitation applies in all Schengen states.

Otherwise, the Schengen Agreement, as reflected in the MLA (EU) Ordinance, imposes no dual criminality requirement and allows assistance to be provided in criminal proceedings and investigations, measures related to the execution of sentences or measures, and civil proceedings joined to criminal proceedings. The MLA (EU) Ordinance provides, at Sections 5-6, for service of Schengen process, and, at Sections 27, for service of official documents in Gibraltar. Sections 12-15 provide that, upon receipt by the attorney general of a request for assistance for obtaining evidence in Gibraltar, the attorney general may arrange for a court to receive such evidence or apply for a search warrant on the same terms as provided for domestic search warrants under the Gibraltar Criminal Procedure Code. Judicial records may be collected, extracted, and communicated under Section 21, and Section 16 provides that evidence seized by a police officer pursuant to a search warrant will be sent to the court or authority that made the request for assistance. Persons in custody may be transferred temporarily to other Schengen territories for hearings, and persons may be transferred through Gibraltar to facilitate cooperation between other Schengen states. (Sections 18-19.)

A Gibraltar Supreme Court justice explained to the assessment team that, pursuant to the local rules of the courts, when a Gibraltar court “receives evidence” pursuant to a mutual legal assistance request, a police or customs officer appears before the court and presents affidavits, other sworn statements, documents and other material. The court ensures to its satisfaction that the investigator has followed appropriate procedures and documented his or her findings. In all cases, originals or copies of relevant documents and other relevant evidence can be provided to foreign authorities.

MLA (International) Ordinance. Last year, the Gibraltar parliament passed the Mutual Legal Assistance (International) Ordinance, which provides for mutual legal assistance with reciprocating countries outside the EU, without dual criminality restrictions and in both proceedings and investigations, on substantially the same terms as the MLA (EU) Ordinance provides for EU countries. The only significant difference is that the MLA (International) Ordinance contains a broad exclusion of fiscal offenses from the definition of “offense.” (Authorities have indicated, however, that they would not refuse cooperation on the basis of this provision in cases involving fiscal offenses, provided they also involve other offenses, such as false accounting.) The MLA (International) Ordinance, however, is not effectively in force, because no schedule of countries to which it applies has yet been elaborated.

The MLA (International) Ordinance contemplates the negotiation of bilateral agreements to give effect to its provisions. Gibraltar can negotiate these agreements directly, without intervention or specific approval from the UK. The Chief Minister indicated that Gibraltar would seek only very basic assurances of reciprocity from its counterparties to such agreements. Gibraltar has affirmatively tried for a year to open negotiations with one non-EU government that had previously expressed frustration that it could not qualify for assistance on the same terms as EU states, but Gibraltar has not yet received a reply to its proposal. Another government expressed an interest and began negotiations with Gibraltar, but then put negotiations aside as the case that prompted the start of negotiations moved into formal proceedings and there was no longer any pressing need for the agreement. A draft bill published in the Gibraltar Gazette on March 9, 2006, entitled “Transnational Organized Crime Ordinance 2006,” would if enacted deem parties to the convention automatically eligible to take advantage of the provisions of the MLA (International) Ordinance. Gibraltar should enact the UNTOC ordinance promptly.

Drug Trafficking Offenses Ordinance. In money-laundering cases arising out of drug trafficking, Gibraltar can provide mutual legal assistance under Part III of the DTOO. Pursuant to a letter rogatory from any country or territory to which application of the Vienna Convention has been extended, and if he is satisfied that (a) there are reasonable grounds for suspecting that a drug trafficking offense has been committed and (b) proceedings have been instituted or an investigation is underway, the attorney general may nominate a court in Gibraltar to receive evidence in response to the request pursuant to Section 40 of the DTOO. Evidence includes “documents and other articles.” A Gibraltar court may issue a subpoena duces tecum to collect documentary evidence to satisfy a Section 40 request pursuant to the court’s inherent authority.

Under Section 43 of the DTOO, customs and police officers may obtain a search warrant to assist in an overseas drug trafficking or drug money-laundering investigation upon where criminal proceedings have been instituted against a person in a convention state outside Gibraltar or that a person has been arrested in the course of a criminal investigation there, the conduct that is the subject of the proceeding or investigation would have constituted an offense in Gibraltar had it occurred there, and there are reasonable grounds for suspecting that there are on premises in Gibraltar occupied or controlled by that person, evidence relating to the offense.

The authorities pointed out that Section 43 provides very limited ability to search for business or financial records in drug money-laundering cases in Gibraltar. Although in one notable case where Gibraltar authorities cooperated with overseas authorities investigating a local lawyer, Gibraltar authorities were able to use Section 43 to obtain a search warrant for the lawyer’s premises and business, in drug money-laundering cases involving Gibraltar it typically is not the case that the person under investigation abroad “occupies or controls” the premises that may contain relevant records. More typically, the authorities are left to rely on subpoenas to obtain business and financial records to assist in drug money-laundering cases overseas. According to authorities and members of the bar, such subpoenas are generally not challenged, except from time to time as to scope.

Section 44 of the DTOO provides for enforcement of overseas forfeiture orders “of anything in respect of which an offence to whom this section applies has been committed or which was used, or intended for use, in connection with the commission of such an offence.” This section also requires dual criminality, and gives Gibraltar courts power to register an order as a condition of its enforcement, and to modify such orders as the court may deem appropriate.

Registration and enforcement of external confiscation orders11 is presently available under Section 26 of the DTOO (Designated Countries and Territories) Order 1999 in drug trafficking and drug money-laundering cases being pursued by authorities in the following designated countries: Anguilla, Australia, the Bahamas, Bahrain, Barbados, Bermuda, Canada, Cayman Islands, Denmark, Guernsey, Hong Kong, India, Isle of Man, Italy, Jersey, Malaysia, Montserrat, Netherlands, Nigeria, Saudi Arabia, South Africa, Spain, Sweden, Switzerland, United Kingdom, United Mexican States, and the United States. A Gibraltar court may issue a restraint or charging order if proceedings against a defendant have been instituted and are still ongoing in any of these countries and an External Confiscation Order has been made, or where it appears to the court that proceedings are to be instituted and an External Confiscation Order reasonably may be made in them. The order may be issued upon application by a government of a designated country.

Prisoners may be transferred to give evidence pursuant to Sections 41-42 of the DTOO.

Evidence Ordinance 1948. In cases where neither the Schengen Agreement nor the DTOO applies, Gibraltar authorities rely on the provisions of Part II of the Evidence Ordinance of 1948 to provide mutual legal assistance in criminal matters. Sections 9-12 of the Evidence Ordinance contains its key provisions, which are as follows:

  • In furtherance of a request issued by or on behalf of a foreign court or tribunal, where criminal proceedings have been instituted before the requesting court, the Attorney General of Gibraltar may apply for an order.

  • If the court is satisfied that the application is appropriate, it may “by order … make such provision for obtaining evidence in Gibraltar as may appear to the court to be appropriate for the purpose of giving effect to the request in pursuance of which the application is made; and any such order may require a person specified therein to take such steps as the court may consider appropriate for that purpose.”

  • The court may in particular make provision for the examination of witnesses, either orally or in writing; and for the production of documents. (Unlike in civil cases, in criminal cases, the court may not direct the inspection, photographing, preservation, custody or detention of any property, the taking of samples of property or any experiments with property, or the medical examination of, or taking of blood from, any person.)

  • Witnesses are entitled to assert privileges that would otherwise apply under Gibraltar law and shall not be compelled to give evidence prejudicial to the security of the United Kingdom, Gibraltar, or other territory for which the UK is responsible under international law.

  • Persons may not be required to state what documents relevant to the proceedings to which the proceeding relates are or have been in his possession, custody or power, or to produce any documents other than particular documents specified in the order as appearing to the court to be, or to be likely to be, in his possession, custody, or power.

Though there is neither a dual criminality requirement nor an exclusion for fiscal offenses under the Evidence Ordinance, there is a general exclusion in Section 12(3) for “criminal proceedings of a political character.” There is also, however, in Section 13, a broad grant of authority to the governor to implement measures to assist in obtaining evidence for “international proceedings”—i.e., proceedings before the International Court of Justice or any other court, tribunal, commission, body or authority which, in pursuance of any international agreement or any resolution of the General Assembly of the United Nations, exercises jurisdiction or performs functions of a judicial nature.

The authorities acknowledged that the Evidence Ordinance is outdated, but they pointed out that it was also very flexible. They insisted that the political character exception is not used to refuse to cooperate in fiscal offenses where other kinds of criminality have been alleged as well, and the evaluation team is not aware of any countries that have complained about the authorities’ lack of willingness to provide assistance in response to requests. But there are several opportunities for review of foreign court applications, and therefore several opportunities for them to be rejected, and not simply on legal grounds. The attorney general’s chamber is the first port of call. If the AG’s chamber approves the request, it is then forwarded to the legislative support unit of the chief minister’s office, which re