AML/CFT Compliance in the Bahamas: CBoB, Financial Intelligence Unit, and the 2026 Regulatory Landscape

The Bahamas' AML/CFT regime is under heightened scrutiny as the country continues to address concerns raised by the Financial Action Task Force (FATF) during its grey-list period from June 2018 to January 2021. The Central Bank of The Bahamas (CBoB) and the Bahamas Financial Intelligence Unit (FIU) are actively enhancing their regulatory frameworks, with a focus on improving compliance among domestic financial institutions, particularly in areas such as digital assets, non-financial businesses and professions (DNFBPs), and private banking. Recent and upcoming enforcement actions, regulatory updates, and international cooperation efforts reflect the evolving landscape of AML/CFT in The Bahamas.

The Regulatory Landscape

The Bahamas' AML/CFT framework is built on several key pieces of legislation, including the Proceeds of Crime Act 2018 (PCA), the Financial Transactions Reporting Act 2018 (FTRA), and the Anti-Terrorism Act 2018. These statutes establish the primary obligations for banks, trust companies, money-transmission businesses, credit unions, and other reporting entities. The Central Bank of The Bahamas (CBoB) serves as the principal regulator for the banking sector, while the Securities Commission of The Bahamas (SCB) oversees investment funds and digital-asset service providers.

The Bahamas Financial Intelligence Unit (FIU), created under the FIU Act 2000, receives, analyses, and disseminates suspicious transaction information. Its work is coordinated with the National Anti-Money Laundering Committee (NAMLC), which aligns policy across ministries, the CBoB, the SCB, and law-enforcement agencies.

CBoB's Updated AML/CFT Guidance

On 1 January 2025 the CBoB released its Guidelines for AML/CFT Compliance. The guidance expands on risk-based obligations, prescribes minimum standards for customer due diligence (CDD), outlines the timing and content of suspicious transaction reports (STRs), and integrates the new digital-asset regime under the DARE Act 2024.

The guidance also introduces a tiered approach to monitoring DNFBPs, with a particular focus on real-estate agents, private-banking advisers, and high-net-worth individuals. It requires a documented source-of-wealth (SoW) assessment for private-banking clients whose net assets exceed US$5 million, reflecting the CBoB’s 2025 “enhanced private-banking” initiative.

Customer Due Diligence and KYC

Section 10 of the Proceeds of Crime Act 2018 obliges all reporting entities to conduct CDD before establishing a business relationship. For natural persons, the required data include full name, date and place of birth, nationality, and a verifiable residential address. For legal entities, verification must cover the incorporation certificate, register of beneficial owners, and the identity of the senior managing official.

Beneficial-ownership information must be refreshed at least annually, and any change in ownership of 25 percent or more triggers an immediate update. The CBoB guidance clarifies that “notional” beneficial owners (where no natural person meets the 25 percent threshold) must still be identified and recorded, a departure from earlier practice that relied on a single senior official.

Sanctions Screening

The Financial Transactions Reporting Act 2018 requires ongoing screening against the United Nations Consolidated List, the European Union Consolidated List, and any Bahamas-specific designations issued by the Ministry of Foreign Affairs. The FIU provides a web-based screening portal that must be integrated into onboarding and transaction-monitoring systems.

Failure to screen or to maintain an audit trail of screening decisions can result in administrative penalties of up to US$250 000 per breach, as demonstrated in the 2024 enforcement action against a local money-transfer operator.

SAR/STR Reporting

Under Section 12 of the PCA, reporting entities must submit a Suspicious Transaction Report (STR) via the FIU’s secure portal. The report must contain a concise narrative, the transaction details, and the rationale for suspicion. The FIU may request additional information within 10 business days; failure to comply can trigger criminal liability under Section 4 of the PCA.

Risk-Based Approach

The CBoB guidance mandates a documented, institution-wide risk assessment that is refreshed annually and whenever a material change occurs (e.g., new product launch, geographic expansion, or a significant shift in client profile). The assessment must cover money-laundering risk, terrorist-financing risk, and the emerging “crypto-asset” risk category introduced by the DARE Act 2024.

The CBoB’s 2025 “Risk-Focus” bulletin identifies three high-risk sectors: (1) private-banking and wealth-management, (2) real-estate conveyancing, and (3) digital-asset exchanges. Institutions operating in any of these sectors are expected to apply enhanced due-diligence measures, including deeper source-of-wealth verification and more frequent transaction monitoring.

Crypto-Assets: DARE Act 2024

The Digital Assets and Registered Exchanges Act 2024 (DARE Act 2024) supersedes the 2020 version and expands the regulatory perimeter to include custodial service providers, stable-coin issuers, and token-sale platforms. The SCB now issues licences under the DARE Act, while the CBoB retains AML/CFT supervisory authority over the same entities.

AML/CFT obligations under the DARE Act require digital-asset businesses to (i) conduct CDD on all users, (ii) screen against the same sanctions lists as traditional financial institutions, (iii) file STRs for any transaction that appears to be structured to evade detection, and (iv) maintain a blockchain-analytics capability or engage a third-party provider that can trace token flows. Non-compliance can result in licence suspension, a fine of up to US$1 million, or criminal prosecution under the PCA.

Recent Enforcement

The CBoB and the FIU have taken a series of enforcement actions in 2024-2025 that illustrate the regulator’s increasing willingness to impose substantial penalties for AML/CFT failures.

Practical Compliance Checklist for Bahamian Institutions

Common Pitfalls

Three patterns dominate recent enforcement files. The first is SAR latency: institutions that have built escalation processes around weekly compliance committees rather than daily filing capacity find themselves systemically late, attracting per-day fines that quickly accumulate.

The second is fragmented governance: where AML investigations sit across multiple business lines, geographies, or legal entities, the CBoB treats the resulting coordination failures as substantive breaches. The Bahamas Bank Ltd. case demonstrated that a lack of a single AML oversight function can lead to a $1.2 million penalty.

The third is over-reliance on commercial screening tools without documented rationale. While third-party PEP and sanctions databases are permissible, the regulator expects evidence of algorithmic parameters, false-positive thresholds, and periodic vendor validation. A “black-box” approach is not defensible under the CBoB guidance.

How RegMantle Helps

RegMantle generates jurisdiction-specific AML/CFT documentation for Bahamian institutions, citing the Proceeds of Crime Act 2018, Financial Transactions Reporting Act 2018, Anti-Terrorism Act 2018, and the CBoB’s 2025 AML/CFT Guidelines directly in the text. Generated outputs include an institution-wide risk-assessment report, a full AML/CFT policy manual, CDD/KYC procedures aligned with Section 10 PCA, a sanctions-screening policy referencing UN, EU, and Bahamas lists, STR procedures keyed to Section 12 PCA and the FIU portal, and a staff-training programme meeting Section 6 PCA requirements. For digital-asset firms, RegMantle also produces a DARE-Act-compliant crypto-asset AML framework, complete with blockchain-analytics vendor assessment templates and source-of-wealth questionnaires.