Essential AML/CFT Guidelines for Fintechs in the Philippines


The fintech industry in the Philippines has witnessed rapid growth in recent years, fueled by increasing digitalization, high mobile penetration, and a tech-savvy population. However, this growth has also heightened the need for robust anti-money laundering (AML) and counter-financing of terrorism (CFT) compliance measures. As fintechs introduce innovative financial products and services, they must navigate a complex regulatory landscape and implement stringent AML/CFT controls to mitigate risks associated with money laundering, terrorist financing, and other illicit activities.

The Philippine Economic Landscape

The Philippines is a rapidly emerging economy in Southeast Asia, with a diverse economic base spanning agriculture, manufacturing, and services sectors. The country's strategic location, skilled workforce, and business-friendly policies have attracted significant foreign direct investment (FDI) in recent years, contributing to its economic growth.

Key Economic Vulnerabilities

While the Philippine economy has demonstrated resilience, it faces several vulnerabilities that can potentially contribute to money laundering and terrorist financing risks, including:

  • Reliance on remittances and cash-based transactions in certain sectors
  • Exposure to international trade and cross-border financial flows
  • Presence of organized crime groups, corruption, and drug trafficking
  • Risks associated with the real estate and casino industries

Talk to an Expert

AML Regulatory Framework

The Philippines has a comprehensive legal framework to combat money laundering and terrorist financing. The primary legislation governing AML/CFT is the Anti-Money Laundering Act of 2001 (AMLA), as amended by Republic Act No. 10365 in 2017. This Act is supplemented by various regulations and guidelines issued by the Anti-Money Laundering Council (AMLC), the country's financial intelligence unit.

The AMLC has issued the following key AML/CFT regulations and guidelines:

  1. Revised Implementing Rules and Regulations of the AMLA
  2. Anti-Money Laundering Risk Rating System
  3. Regulatory Issuance on Digital Asset Service Providers

The AMLA criminalizes money laundering and provides for measures to prevent, detect, and prosecute these offenses, as well as the forfeiture of related assets and proceeds.

Key AML/CFT Institutions

The implementation and enforcement of AML/CFT measures in the Philippines involve several key institutions:

  • Anti-Money Laundering Council (AMLC): The AMLC acts as the country's financial intelligence unit and is responsible for overseeing and ensuring compliance with AML/CFT regulations. It is also empowered to investigate and prosecute money laundering cases.
  • Bangko Sentral ng Pilipinas (BSP): The central bank of the Philippines is responsible for supervising and regulating banks and other financial institutions for AML/CFT compliance.
  • Securities and Exchange Commission (SEC): The SEC oversees the compliance of capital market participants, including securities firms and investment companies.
  • Insurance Commission (IC): The IC is the regulatory body responsible for ensuring AML/CFT compliance in the insurance industry.
  • Philippine National Police (PNP): The PNP plays a crucial role in investigating and prosecuting money laundering and terrorist financing cases.

Breakdown of AML/CFT Requirements

Covered Institutions

The following institutions are subject to AML/CFT requirements under the AMLA:

Financial Institutions

  • Banks and non-bank financial institutions
  • Securities dealers, brokers, and investment companies
  • Insurance companies and intermediaries
  • Foreign exchange dealers and money changers
  • Remittance and transfer companies

Designated Non-Financial Businesses and Professions (DNFBPs)

  • Casinos and gambling entities
  • Real estate brokers and developers
  • Dealers in precious metals and stones
  • Lawyers, accountants, and other independent legal professionals
  • Trust and company service providers

Virtual Asset Service Providers (VASPs)

  • Entities engaged in the exchange of virtual assets for fiat currencies or other virtual assets
  • Transfer of virtual assets
  • Safekeeping or administration of virtual assets

Financial institutions, DNFBPs, and VASPs are collectively referred to as "covered persons" and are required to comply with AML/CFT obligations, including:

  1. Conducting Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD)
  2. Reporting covered and suspicious transactions to the AMLC
  3. Maintaining records of transactions and CDD documents
  4. Implementing risk-based AML/CFT compliance programs

Compliance Program Requirements

The covered persons are required to implement a comprehensive risk-based AML/CFT compliance program, as outlined in the AMLA and its Implementing Rules and Regulations (IRR). The compliance program must include:

  • Policies, procedures, and controls to manage and mitigate money laundering and terrorist financing risks
  • Ongoing employee training on AML/CFT obligations and responsibilities
  • An independent audit function to test the program's effectiveness
  • Designation of a compliance officer responsible for overseeing the program

Recordkeeping and Reporting


Covered persons must maintain and retain records of the following for at least five years:

  • Customer identification documents and CDD information
  • Transaction records, including account files and business correspondence
  • Internal and external reports related to AML/CFT compliance

Records must be sufficient to permit the reconstruction of individual transactions and facilitate investigations.


Covered persons are required to report the following transactions to the AMLC:

  • Covered Transactions: Transactions in cash or other equivalent monetary instruments involving a total amount in excess of PHP 500,000 (approximately USD 9,000) within one banking day.
  • Suspicious Transactions: Transactions, regardless of amount, where the covered person knows, suspects, or has reasonable grounds to suspect that the funds are related to an unlawful activity or money laundering offense.

Reporting of Suspicious Transactions

As mentioned above, covered persons must report Suspicious Transaction Reports (STRs) to the AMLC, regardless of the transaction amount, if they suspect or have reasonable grounds to suspect that the funds are related to an unlawful activity or money laundering offense.

The STR should include the following information:

  • Identifying details of the subject and the transaction
  • Description of the suspicious circumstances and potential predicate offense
  • Any additional relevant information or documentation

STRs can be submitted electronically through the AMLC's online reporting system or via printed forms sent to the AMLC office.

Customer Due Diligence and Enhanced Due Diligence

Customer Due Diligence (CDD)

Covered persons must conduct CDD on their customers, which includes:

  • Identifying and verifying the customer's identity using reliable documents or information
  • Identifying the beneficial owner and taking reasonable measures to verify their identity
  • Understanding the nature and purpose of the business relationship
  • Conducting ongoing monitoring of the business relationship

For individual customers, CDD involves obtaining information such as full name, date of birth, address, and government-issued identification documents. For legal entities, CDD involves gathering information on the company's ownership and control structure, business activities, and authorized signatories.

New call-to-action

Enhanced Due Diligence (EDD)

EDD measures must be applied in higher-risk situations, such as:

  • Dealing with politically exposed persons (PEPs)
  • Customers from higher-risk countries or jurisdictions
  • Complex or unusually large transactions
  • Transactions involving high-risk products, services, or delivery channels

EDD measures may include:

  • Obtaining additional information on the customer and beneficial owner
  • Establishing the source of funds or wealth
  • Conducting enhanced monitoring of the business relationship
  • Obtaining senior management approval for establishing or continuing the relationship

Sanctions Screening

Covered persons must screen customers and transactions against applicable sanctions lists, such as those issued by the United Nations Security Council and the Philippines' Anti-Terrorism Council. Appropriate risk mitigation measures must be taken in case of potential sanctions exposure.

Closing Summary

As the fintech industry continues to thrive in the Philippines, adhering to AML/CFT regulations is imperative for maintaining the integrity of the financial system and preventing its exploitation for illicit purposes. By implementing robust compliance programs, conducting comprehensive risk assessments, and fostering a culture of compliance, fintech companies can effectively mitigate the risks associated with money laundering and terrorist financing.

Non-compliance with AML/CFT obligations can result in severe consequences, including regulatory sanctions, reputational damage, and potential criminal liability. The AMLA provides for substantial penalties, including fines and imprisonment, for those found guilty of money laundering offenses or non-compliance with reporting and CDD requirements.

By staying informed about their AML/CFT obligations and proactively addressing regulatory requirements, fintech companies can navigate the complex regulatory landscape and position themselves for sustainable growth in the Philippine market while contributing to the overall security and stability of the financial system.

Related Posts

Time to reform your compliances

Kickstart your journey by exploring our products or book a demo with us.

illustration tookitaki colors-09