Instruction Number 02/2023 for Specified Businesses (Bulgaria)

1 INSTRUCTION (NUMBER 02/2023) FOR SPECIFIED BUSINESSES 6 November 2023 Bulgaria This Instruction is made under Section 49AA (6) of the Criminal Justice (Proceeds of Crime) (Bailiwick of Guernsey) Law, 1999, as amended (“the Law”). This Instruction is being issued in light of the FATF’s statement issued on 27 October 2023 that Bulgaria had been added to its list of jurisdictions under increased monitoring and following the removal of Bulgaria from Appendix C (Equivalent Jurisdictions) of the Handbook for Countering Financial Crime and Terrorist Financing (“the Handbook”). It requires specified businesses to (i) review their relationship risk assessments for all existing business relationships where Bulgaria is a relevant risk factor and (ii) apply full customer due diligence measures to existing Bulgarian business relationships if it has used the customer due diligence concessions allowed under paragraphs 6 and 10 of Schedule 3 to the Law and the relevant rules in the Handbook. Those concessions are the reliable introducer arrangements, the intermediary provisions and the simplified customer due diligence measures that can be applied to customers which are Appendix C businesses. ACTION TO BE TAKEN By 31 March 2024:

1. A specified business must identify any business relationships where it has used the provisions in paragraphs 6 or 10 of Schedule 3 to the Law and relevant rules in chapters nine and ten of the Handbook regarding Appendix C Businesses, Intermediary Relationships and Introduced Business because the introducer, intermediary or Appendix C business is a Bulgarian financial services business.
2. Reliable introductions - For all such business relationships identified under point 1 where reliance has been placed on an introducer in accordance with paragraph 10 of Schedule 3, the specified business must ensure that measures required under paragraph 4 of Schedule 3 and associated rules in the Handbook regarding customer due diligence are met for each of those business relationships.
3. Appendix C businesses - For all such business relationships identified under point 1 where the specified business’s customer carries on a business in Bulgaria which is regulated and supervised for anti-money laundering and terrorist financing purposes and to which the specified business has applied the measures in section 9.6 of the Handbook, it must ensure that the verification measures required under paragraph 4 of Schedule 3 and associated rules in the Handbook are met.
4. Intermediary relationships: For all such business relationships identified under point 1 where the intermediary is treated as the customer in accordance with paragraph 6 of Schedule 3 and rules in section 9.8 of Chapter 9 of the Handbook, the specified business must either: a. Ensure that the correspondent relationship requirements set out in paragraph 5(1)(b) of Schedule 3 and rules in Section 8.6 of the Handbook are met; or

2 b. Ensure that the measures required under paragraph 4 of Schedule 3 and associated rules in the Handbook regarding customer due diligence are met for each of the intermediary’s customers. 5. A specified business must notify the Commission where it is unable to remediate any business relationship identified in point 1 in accordance with either points 2, 3 or 4 by 31 March 2024, detailing the additional risk controls put in place for those business relationships. The Commission recognises that there may be exceptional circumstances where a specified business cannot complete elements of points 2, 3 or 4 above prior to 31 March 2024. In these circumstances, the Commission would expect a specified business to apply the requirements of paragraph 7 of Schedule 3 and rules in section 4.5 of the Handbook regarding timing of identification and verification. However, where customer due diligence cannot ultimately be completed a specified business should, in accordance with paragraph 9 of Schedule 3 and rules in section 4.7 of the Handbook terminate the business relationship and consider whether a disclosure should be made to the Financial Intelligence Unit. 6. Relationship risk assessments: a specified business must review by 31 March 2024 all business relationships for which Bulgaria is a relevant risk factor to assess its risk exposure, and where the level of risk has changed take relevant mitigating measures. The Commission will review the action taken by specified businesses to comply with this Instruction during on-site inspections and by other supervisory means as necessary.