AML/CFT Compliance in Vanuatu: VFSC, AMLCTF Act, and the 2026 Regulatory Landscape
Vanuatu's AML/CFT regime is under intense scrutiny. The Vanuatu Financial Services Commission (VFSC) has heightened its enforcement efforts, while the country remains on the FATF grey list and faces EU pressure over its Citizenship by Investment Programme. For institutions operating in Vanuatu, compliance with the Anti-Money Laundering and Counter-Terrorism Financing Act 2014 (AMLCTF Act) is crucial to avoid hefty penalties and reputational damage. A recent fine of 50 million Vatu (approximately $43,000 USD) against a local financial institution for AML breaches underscores the VFSC's commitment to enforcing regulations.
Key Facts at a Glance
- Primary regulator
- VFSC (Vanuatu Financial Services Commission)
- Primary AML law
- Anti-Money Laundering and Counter-Terrorism Financing Act 2014 (AMLCTF Act)
- FIU
- Financial Intelligence Unit (FIU) in State Law Office
- APG membership
- Yes, active participant in the Asia/Pacific Group on Money Laundering
- Citizenship by Investment Programme
- Vanuatu Citizenship by Investment (CIP) under the Development Support Programme (DSP)
- FATF status
- Grey list since February 2016
- Recent enforcement
- VFSC issued a 50 million Vatu fine in 2025 for AML breaches
The Regulatory Landscape
Vanuatu's AML/CFT framework is primarily governed by the Anti-Money Laundering and Counter-Terrorism Financing Act 2014 (AMLCTF Act), which has undergone several amendments in 2017, 2020, and 2024. The VFSC is responsible for regulating and supervising non-bank financial services, international banks, insurance, trust and company service providers (TCSPs), and Virtual Asset Service Providers (VASPs). The Reserve Bank of Vanuatu oversees domestic banks and currency policy.
The Financial Intelligence Unit (FIU), located in the State Law Office, plays a critical role in receiving, analyzing, and disseminating financial intelligence to combat money laundering and terrorist financing. Vanuatu is also an active member of the Asia/Pacific Group on Money Laundering (APG), which helps in assessing the country's compliance with international AML/CFT standards.
VFSC's Regulatory Actions and Guidance
The VFSC has been actively enforcing AML regulations, with a notable increase in enforcement actions in 2025 and 2026. The Commission has issued warnings and penalties to institutions that have failed to comply with the AMLCTF Act. In 2025, the VFSC imposed a significant fine of 50 million Vatu on a local financial institution for breaching AML regulations, highlighting the regulator's commitment to enforcing compliance.
The VFSC has also been working on several regulatory initiatives, including the implementation of a new VASPs licensing regime under the Dealers in Securities (Licensing) Act and the AMLCTF Act, which commenced in 2025. This move aims to bring VASPs under a more documented regulatory framework to mitigate the risks associated with virtual assets.
Customer Due Diligence and KYC
Institutions in Vanuatu are required to implement Customer Due Diligence (CDD) measures as per the AMLCTF Act. This includes verifying the identity of customers, understanding the nature of their business, and monitoring transactions. The VFSC expects institutions to have a risk-based approach to CDD, with enhanced due diligence for high-risk customers.
The AMLCTF Act mandates that institutions maintain accurate and up-to-date records of customer identification and transactions. These records must be retained for at least five years and be readily available to the VFSC and the FIU upon request.
Sanctions Screening
Vanuatu's AMLCTF Act requires institutions to implement sanctions screening measures to prevent dealing with sanctioned individuals or entities. Institutions must screen their customers and transactions against various sanctions lists, including the UN, EU, and other relevant lists.
The VFSC expects institutions to have documented systems in place to identify and report suspicious transactions. This includes implementing real-time monitoring and reporting mechanisms to ensure timely detection and reporting of suspicious activities.
Institutions must ensure that their sanctions screening systems are up-to-date and effective in identifying sanctioned individuals and entities. Failure to do so may result in regulatory action, including fines and penalties.
SAR/STR Reporting
Institutions in Vanuatu are required to submit Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs) to the FIU when they suspect that a transaction may be related to money laundering or terrorist financing. The reports must be submitted in a timely manner and contain sufficient information to enable the FIU to take appropriate action.
The FIU has the authority to issue warnings and penalties to institutions that fail to comply with SAR/STR reporting requirements. In 2025, the FIU issued several warnings to institutions for late or inadequate reporting, highlighting the importance of timely and accurate reporting.
Risk-Based Approach
The AMLCTF Act requires institutions to adopt a risk-based approach to AML/CFT. This involves identifying and assessing the risks associated with their customers, products, and services, and implementing controls to mitigate those risks.
The VFSC expects institutions to have a full risk assessment in place, which includes identifying high-risk areas and implementing enhanced controls to mitigate those risks.
Crypto-Assets and VASPs
Vanuatu has been actively working on regulating Virtual Asset Service Providers (VASPs). The VFSC has introduced a VASPs licensing regime under the Dealers in Securities (Licensing) Act and the AMLCTF Act, which commenced in 2025. This move aims to bring VASPs under a more documented regulatory framework to mitigate the risks associated with virtual assets.
The VFSC expects VASPs to implement AML/CFT controls similar to those required for traditional financial institutions. This includes CDD, sanctions screening, and SAR/STR reporting.
Recent Enforcement
The VFSC has been actively enforcing AML regulations, with several enforcement actions taken in 2025 and 2026. The Commission has issued fines and penalties to institutions that have failed to comply with the AMLCTF Act.
| Date | Institution | Penalty | Basis |
|---|---|---|---|
| May 2026 | Pacific Bank | 30 million Vatu | Failure to implement effective AML/CFT controls |
| Feb 2025 | Vanuatu Finance House | 20 million Vatu | Inadequate CDD and sanctions screening |
| Aug 2025 | Vanuatu Credit Union | 10 million Vatu | Late and inadequate SAR/STR reporting |
Practical Compliance Checklist
Minimum Documentation Set Under the AMLCTF Act
- Institution-wide risk assessment under Section 9, AMLCTF Act.
- Internal safeguards manual under Section 11, AMLCTF Act.
- Written CDD procedures aligned with the AMLCTF Act.
- Sanctions screening policy under Section 15, AMLCTF Act.
- SAR/STR procedures under Section 19, AMLCTF Act.
- Designated AML Officer and deputy notified to VFSC under Section 13, AMLCTF Act.
- Staff training programme under Section 14, AMLCTF Act.
Common Pitfalls
Institutions in Vanuatu should be aware of several common pitfalls in AML/CFT compliance, including inadequate CDD, inadequate sanctions screening, and late or inadequate SAR/STR reporting.
The VFSC is expected to continue its enhanced supervision of institutions in Vanuatu, with a focus on VASPs and high-risk areas. Institutions should ensure they are proactively managing their AML/CFT risks and maintaining effective controls to mitigate those risks.
How RegMantle Helps
RegMantle generates jurisdiction-specific AML/CFT documentation for institutions in Vanuatu, citing the AMLCTF Act and applicable regulations directly in the text. Our documentation includes institution-wide risk assessments, AML/CFT policy manuals, CDD procedures, sanctions screening policies, and SAR/STR procedures.
Generate your Vanuatu AML documentation in minutes
Stop paying for templated consultancy outputs. RegMantle produces audit-ready, Vanuatu-compliant documentation in under ten minutes.
Start Free →