Gibraltar Financial Services Commission AML/CFT/CPF Guidance Notes Glossary

www.gfsc.gi Glossary AML/CFT/CPF Guidance Notes May 2026

Gibraltar Financial Services Commission AML/CFT/CPF Guidance Notes 2

1. List of Defined Terms Term Definition “AML/CFT/CPF Responsible Person” The primary individual within a regulated entity with responsibility for complying with the provisions of the Act and these Guidance Notes, as set out under Section 9B of the Act. Where appropriate, this function should be held by an executive director. “Anti-money laundering” Controls and efforts to prevent the abuse of the financial system for the purposes of facilitating money laundering. “Applicable legislation” The different elements with the legal framework setting out Gibraltar’s AML/CFT/CPF regime, including the requirements applicable to regulated entities and the powers afforded to the GFSC. This consists of:

• The Proceeds of Crime Act 2015;
• The Terrorism Act 2018;
• The Sanctions Act 2019;
• The Export Control Act 2005;
• The Proceeds of Crime Act 2015 (Relevant Financial Business) (Regulations) 2021;
• The Supervisory Bodies (Powers Etc.) Regulations 2017; and
• The Financial Services Act 2019. “Beneficial owner” The natural person(s) ultimately owning, controlling or benefitting from a legal entity, arrangement or similar, as defined under Sections 7(1A) to 7(1C) of the Act. “Beneficiary VASP” The ultimate VASP which receives a transfer of virtual assets from an originator VASP directly or through an intermediary VASP, and makes the virtual assets available to the beneficiary. “Business relationship” A business, professional or commercial relationship which has services provided to it by is connected with the professional activities of a relevant financial business, and which is expected, at the time when contact is established, to have an element of duration (as defined under Section 8(1) of the Act). “Correspondent banking relationship” An arrangement under which a correspondent bank provides services to a respondent bank in another location or jurisdiction. “Counter proliferation financing” Controls and efforts to prevent the abuse of the financial system for the purposes of financing the manufacture, production, possession, acquisition, development, transshipment, brokering, transport, stockpiling or use of nuclear, chemical, or biological weapons and their means of delivery and related materials. “Counter-terrorist financing” Controls and efforts to prevent the abuse of the financial system for the purposes of financing the activities of terrorists or terrorist organisations. “Correspondent banking” As defined under Section 7(1) of the Act: a) the provision of banking services by one bank as the correspondent to another bank as the respondent, including providing a current or other liability account and related services, such as cash management, international funds transfers, cheque clearing, payable￾through accounts and foreign exchange services; or b) the relationships between and among credit institutions and financial institutions including where similar services are provided by a correspondent institution to a respondent institution, and including relationships established for securities transactions or funds transfers. “Client” Please refer to the definition of “customer”. “Customer” The subject of a business relationship or occasional transaction. “Customer due diligence” The process and measure required to be undertaken by a relevant financial business in identifying and verifying a customer (including its ultimate beneficial owners and source of funds and wealth) following a risk-based approach (as formally defined under Sections 10 and 11 of the Act). “Distributed ledger technology” A database system in which information is recorded and consensually shared

Gibraltar Financial Services Commission AML/CFT/CPF Guidance Notes 3 and synchronised across a network of multiple nodes. All copies of the database are regarded as equally authentic (as defined under Paragraph 138(2) of Schedule 2 to the FSA). “Distributed ledger technology provider” An entity authorised for the storage or transmission of value belonging to another using DLT (as defined under Paragraph 139 of Schedule 2 to the FSA). “DLT provider” Please refer to the definition of “distributed ledger technology provider”. “Enhanced due diligence” The application of more rigorous or stringent due diligence measures in cases of identified higher risk, or where otherwise required under Section 17(1) of the Act. “EEA State” A state party to the European Economic Area Agreement. “Financial Action Task Force” An intergovernmental organisation identified as setting international standards and policies to combat money laundering, terrorist financing, proliferation financing and other threats to the integrity of the global financial system. “Gibraltar Financial Intelligence Unit” The authority responsible for the receipt, analysis and dissemination of SARs made by financial and other institutions in accordance with the Act. “Gibraltar Financial Services Commission” The supervisory authority with responsibility for the AML/CFT/CPF supervision of the financial services industry. “Guidance Notes” Guidance established by the GFSC to assist regulated entities in complying with the legislative and regulatory AML/CFT/CPF-related requirements applicable in Gibraltar. This refers to this document. “Head of Compliance” A regulated individual responsible for the oversight and implementation of the compliance strategy within a regulated entity. This extends to all compliance matters and not those solely related to AML/CFT/CPF. “Initial coin offering” An entity offering or providing services as specified under Regulation 4(1)(c) of the Proceeds of Crime Act 2015 (Relevant Financial Business) (Registration) Regulations 2021. These entities typically mint and issue a pre-defined number of virtual assets in exchange for fiat currency or another virtual asset, to either the public at large or a set of private investors during a limited time period. “Linked transaction” Two or more financial transactions which appear to be related together. “Listed entity” A company or other body corporate with shares admitted to trading in a regulated market in Gibraltar, the EEA or another regulated market listed within Schedule 9 of the Act. “Money laundering” The process by which criminals attempt to conceal the origin of the proceeds they have obtained by conducting criminal activity (formally defined under Section 5(9) of the Act). “Money laundering reporting officer” The appointed individual within a regulated entity responsible for the receipt of internal disclosures of suspicious activity and determining whether an external SAR is required to be raised to the GFIU (as set out under Section 28 of the Act). This individual must be approved by the GFSC, subject to an assessment of their fitness and propriety, competence, capability, skills and experience. “National Coordinator for AML/CFT/CPF” The individual appointed by the Minister for Financial Services under the National Coordinator for Anti-Money Laundering and Combatting Terrorist Financial Regulations 2016 to oversee and coordinate Gibraltar’s AML/CFT/CPF efforts. “National risk assessment” The official assessment of the money laundering, terrorist financing and proliferation financing threats and vulnerabilities faced by Gibraltar as a jurisdiction, as published by the HM Government of Gibraltar. “Occasional transaction” A financial transaction (carried out in a single operation or several linked operations) which may be subject to the requirements set out under the Act. This is dependent on the value and nature of the transaction, namely:

• In the case of fiat transactions, above 15,000 EUR;
• In the case of persons trading in goods whose transactions are carried out in cash, below 10,000 EUR; and/or
• In the case of transactions involving virtual assets above 1,000 EUR. “Originator VASP” A VASP which issues a virtual asset transfer on behalf of a customer.

Gibraltar Financial Services Commission AML/CFT/CPF Guidance Notes 4 “Payee” A natural person or legal entity identified by a payer as the intended recipient of a funds transfer. “Payer” A natural person or legal entity that holds a payment account and allows for or orders the transfer of funds from that account. “Policies and procedures” The documented processes through which a regulated entity’s AML/CFT/CPF￾related systems and controls are applied in practice. “Politically exposed person” A natural person who is or has been entrusted with a prominent public function (as defined under Section 20A of the Act). “Proliferation financing” The provision of funds or financial services used in whole or in part for the manufacture, production, possession, acquisition, stockpiling, storage, development transportation, sale, supply, transfer, export, transhipment or use of nuclear, chemical, or biological weapons and their means of delivery or related materials (as formally defined under Section 38A of the Terrorism Act 2018). “Protected cell company” A limited liability company that is able to create one or more cells for the purposes of segregating and ring-fencing the assets in each cell. “Regulated entity” An entity subject to supervision by the Gibraltar Financial Services Commission which offers or provides relevant financial business activities. This includes all entities registered or authorised by the GFSC for the provision of relevant financial business activity. “Relevant financial business” The business of engaging in one or more of the business activities outlined under Section 9(1) of the Act. “Sanctions list” A list of natural persons, legal entities or countries subject to economic or trade restrictions imposed by a government or international organisation with punitive measures recognised under the Sanctions Act 2019 (i.e. the United Nations, United Kingdom, European Union & Gibraltar). “Senior managing official” An officer or employee with sufficient knowledge of the institution’s money laundering, terrorist financing and proliferation financing risk exposure and sufficient seniority to take decisions affecting its risk exposure (as defined under Section 7(1) of the Act). This is not necessarily limited to an entity’s Board of Directors. “Simplified due diligence” The application of simplified due diligence measures in cases identified as posing a lower level of risk, or otherwise afforded under Section 16(1) of the Act. “Source of funds” The origin of the funds or assets which are the subject of the business relationship between the regulated entity and its customer. “Source of wealth” The origin of the entire body of wealth of the customer or ultimate beneficial owner. “Staff member” An officer or employee of the regulated entity. “Suspicious activity report” A disclosure to report any potentially suspicious or unusual transactions or activity which may indicate money laundering, terrorist financing, proliferation financing or other illicit activity. This can be made either internally to a regulated entity’s MLRO, or externally to the GFIU. “Terrorist financing” The collection and use of funds deriving from either legitimate or illegitimate sources with the intention, or in the knowledge, that they will, or may be used, with the purpose to carry out an act of terrorism, whether or not those funds are in fact used for that purpose (formally defined under Section 1ZA of the Act). “Travel Rule requirements” The collective legislative requirements imposed on Relevant Financial Businesses sending or receiving Virtual Asset Transfers by way of the Proceeds of Crime Act 2015 (Transfer of Virtual Assets) Regulations 2021. “Trust & company service provider” An entity authorised for the provision of company management, professional trusteeship, foundation councillorship or other services as specified under Paragraphs 126 and/or 131 of Schedule 2 to the FSA. “Virtual asset” A digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes (not including digital representations of fiat currencies or financial instruments) (as defined under

Gibraltar Financial Services Commission AML/CFT/CPF Guidance Notes 5 Section 7 of the Act). “Virtual asset arrangement provider” An entity offering or providing services as specified under Regulation 4(1)(d) of the Proceeds of Crime Act 2015 (Relevant Financial Business) (Registration) Regulations 2021. This typically involves entities which exchange, or arrange for the exchange of, virtual assets for money; money for virtual assets; or one virtual asset for another. “Virtual asset service provider” An entity offering or providing services as specified within either Regulations 4(1)(c) or 4(1)(d) of the Proceeds of Crime Act 2015 (Relevant Financial Business) (Registration) Regulations 2021, or Paragraph 139 of Schedule 2 to the FSA. These entities consist of DLT Providers, VAAPs & ICOs. “Virtual asset transfer” Any material transaction, on behalf of a payer, with a view to making a virtual asset available to a payee, irrespective of whether the payer and the payee are the same person. 2. Acronyms Acronym Meaning AML Anti-money laundering CDD Customer due diligence CFT Counter-terrorist financing CPF Counter-proliferation financing DLT Distributed ledger technology EDD Enhanced due diligence E-ID Electronic identification FATF Financial Action Task Force FSA The Financial Services Act 2019. The primary piece of legislation applicable to the regulation of financial services sectors and the provisions in respect of the GFSC. GFIU Gibraltar Financial Intelligence Unit GFSC Gibraltar Financial Services Commission ICO Initial coin offering ML Money Laundering MLRO Money laundering reporting officer NPO Non-profit organisation NRA National risk assessment OCG Organised crime group PCC Protected cell company PEP Politically exposed person PF Proliferation financing POCA The Proceeds of Crime Act 2015. This is the primary piece of Gibraltar legislation setting out money laundering, terrorist financing and proliferation financing offences and preventative controls. SAR Suspicious activity report SBPR The Supervisory Bodies (Powers Etc.) Regulations 2017. A subsidiary piece of legislation setting out the supervisory, enforcement and sanctioning powers of the GFSC under the Act. SDD Simplified due diligence TCSP Trust & company service provider TF Terrorist financing VA Virtual asset VAAP Virtual asset arrangement provider VASP Virtual asset service provider

Published by: Gibraltar Financial Services Commission PO Box 940 Suite 3, Ground Floor Atlantic Suites Europort Avenue Gibraltar www.gfsc.gi © 2017 Gibraltar Financial Services Commission