Sri Lanka has developed a robust framework to combat money laundering (ML) and terrorist financing (TF), aligning with international standards. These regulations cover various sectors, including banking, insurance, asset management, wealth management, payment processors, fintech, lending, and crypto, ensuring the integrity of its financial system.
Â
Key Laws and Guidelines
- Prevention of Money Laundering Act No. 5 of 2006:Â The Prevention of Money Laundering Act No. 5 of 2006 is the cornerstone of Sri Lanka's AML framework. The act criminalizes money laundering and mandates financial institutions to implement customer due diligence, maintain records, and report suspicious transactions. It also outlines the procedures for the confiscation of proceeds derived from money laundering activities.
- Financial Transactions Reporting Act No. 6 of 2006:Â The Financial Transactions Reporting Act No. 6 of 2006 complements the Prevention of Money Laundering Act by establishing the Financial Intelligence Unit (FIU) of Sri Lanka. The act mandates reporting entities to submit reports on suspicious transactions, large cash transactions, and electronic fund transfers to the FIU
- Convention on the Suppression of Terrorist Financing Act No. 25 of 2005:Â This act aligns Sri Lanka's legal framework with international conventions on the suppression of terrorist financing. It criminalizes the financing of terrorism and mandates financial institutions to report transactions suspected to be linked to terrorist activities.
- Central Bank of Sri Lanka Guidelines:Â The Central Bank of Sri Lanka issues guidelines to support compliance with AML/CFT regulations. These guidelines provide specific instructions for various sectors, including banking, insurance, and fintech, on implementing effective AML/CFT measures. The guidelines also outline the responsibilities of financial institutions in conducting customer due diligence and reporting suspicious activities.
Regulatory Bodies
- Financial Intelligence Unit (FIU):Â The FIU, established under the Financial Transactions Reporting Act, is the central agency responsible for receiving, analyzing, and disseminating reports on suspicious transactions. It plays a crucial role in coordinating AML efforts across various sectors and collaborating with international counterparts.
- Central Bank of Sri Lanka:Â The Central Bank of Sri Lanka oversees the implementation of AML regulations within the banking and financial sectors. It issues directives and guidelines to ensure compliance with AML/CFT standards and conducts regular inspections to enforce these regulations.
- Securities and Exchange Commission of Sri Lanka (SEC):Â The SEC regulates the securities market, ensuring that securities firms implement effective AML measures. It issues guidelines for customer due diligence, transaction monitoring, and reporting of suspicious activities within the securities sector.
- Insurance Regulatory Commission of Sri Lanka (IRCSL):Â The IRCSL supervises the insurance sector, mandating companies to implement AML/CFT measures, including customer verification and transaction monitoring. It conducts regular audits to ensure compliance with AML regulations.
- Department of Customs:Â The Department of Customs plays a key role in preventing money laundering through cross-border trade. It enforces regulations related to the declaration and reporting of cash and negotiable instruments carried across borders.
Â
History of Regulations
- 2005: Enactment of the Convention on the Suppression of Terrorist Financing Act.
- 2006: Enactment of the Prevention of Money Laundering Act and the Financial Transactions Reporting Act.
- 2007: Establishment of the Financial Intelligence Unit (FIU) under the Central Bank of Sri Lanka.
- 2011: Introduction of guidelines by the SEC for securities firms to enhance AML compliance.
- 2013: Issuance of detailed AML guidelines for the insurance sector by the IRCSL.
Â
Sector-specific Regulations
- Banking and Financial Institutions:Â Regulated by the Central Bank of Sri Lanka, the banking and financial institutions sector is required to implement robust AML/CFT programs, including strict KYC protocols, continuous monitoring of transactions, and the reporting of suspicious activities. Banks and financial institutions must also maintain records for a minimum of five years.
- Insurance: The insurance sector, overseen by the Insurance Regulatory Commission of Sri Lanka (IRCSL), mandates companies to implement effective AML measures. This  includes customer due diligence, transaction monitoring, and the reporting of suspicious activities to the FIU.
- Asset Management and Wealth Management:Â Regulated by the Securities and Exchange Commission of Sri Lanka (SEC), asset management and wealth management firms must adhere to stringent AML regulations. These firms are required to implement robust AML programs, conduct thorough customer due diligence, and monitor transactions for suspicious activities. They must also report any suspicious transactions and maintain detailed records.
- Payment Processors and Fintech:Â Payment processors and fintech companies are subject to regulations issued by the Central Bank of Sri Lanka. These entities must implement comprehensive AML measures, including customer verification, real-time transaction monitoring, and the reporting of suspicious transactions. They must also comply with guidelines issued by the SEC for securities-related activities.
- Lending:Â Lending institutions, both traditional and fintech-based, must adhere to AML regulations set by the Central Bank of Sri Lanka. These institutions are required to conduct customer due diligence, monitor transactions for suspicious activities, and report any suspicious transactions to the FIU. They must also maintain records of all transactions and customer information.
- Crypto: The crypto sector is regulated under guidelines issued by the Central Bank of Sri Lanka. Virtual asset service providers (VASPs) are required to implement robust AML measures, including customer verification, transaction monitoring, and the reporting of suspicious activities. VASPs must also maintain detailed records of all transactions.