AML/CFT/CPF Guidelines 2026 Explained: Risk-Based Compliance for Financial Institutions

Regulation Name: Guidelines For Supervised Financial Institutions On The Prevention Of Money Laundering, Countering The Financing Of Terrorism & Proliferation Financing
Date Of Issue: 19 Mar 2026
Region: Bahamas
Agency: Central Bank of The Bahamas

AML/CFT/CPF Guidelines 2026: A Strategic Blueprint for Risk-Based Compliance in Financial Institutions

Introduction: The Evolution of AML Compliance in a Multi-Risk World

The revised AML/CFT/CPF Guidelines (March 2026) issued by the Central Bank of The Bahamas mark a decisive shift from traditional compliance frameworks toward integrated, risk-based financial crime management. These guidelines extend beyond money laundering (ML) and terrorist financing (TF) to explicitly incorporate proliferation financing (PF), reflecting global regulatory convergence with FATF standards.

For AML compliance leaders, this is not merely a regulatory update—it is a structural transformation in how financial institutions must assess, manage, and operationalize financial crime risks.

Regulatory Scope and Supervisory Expectations

The Central Bank positions itself as the competent authority responsible for ensuring that supervised financial institutions (SFIs) implement robust AML/CFT/CPF frameworks. These obligations are embedded within a broader prudential and conduct-of-business supervisory regime.

Key Expectations for SFIs:

• Develop risk-based AML frameworks proportional to business size and complexity
• Ensure enterprise-wide integration of AML/CFT/CPF controls
• Undergo onsite inspections, thematic reviews, and regulatory reporting
• Align with laws such as:
  • Financial Transactions Reporting Act (FTRA)
  • Proceeds of Crime Act (POCA)
  • Anti-Terrorism Act (ATA)

Failure to comply can result in fines up to B$100,000 for repeated violations, alongside severe regulatory consequences.

From Compliance Function to Enterprise Risk Strategy

One of the most critical shifts in the 2026 guidelines is the integration of AML/CFT/CPF into enterprise risk management (ERM).

Financial institutions are now required to:

• Embed AML controls into strategic decision-making
• Ensure board-level accountability
• Foster a culture of zero tolerance toward financial crime

This signals a move from “checkbox compliance” to “risk ownership at the top.”

The Risk-Based Approach: Core of Modern AML Frameworks

The guidelines strongly reinforce a risk-based approach (RBA) aligned with FATF and Basel Committee principles.

Five-Step Risk Assessment Model

1. Identify Inherent Risks
   Customers, geographies, products, delivery channels
2. Establish Risk Tolerance
   Define acceptable vs unacceptable risks
3. Implement Mitigation Controls
   Enhanced due diligence (EDD), transaction limits, escalation frameworks
4. Evaluate Residual Risk
   Measure effectiveness of controls
5. Continuous Monitoring & Review
   Periodic updates and independent audits

This structured methodology ensures dynamic, forward-looking risk management, not static compliance.

Customer Risk Rating and Due Diligence: Frequency Meets Precision

A standout update is the codification of risk-based CDD frequency:

• High-risk customers: Annual reviews
• Medium-risk customers: Every 3–5 years
• Low-risk customers: Every 5–10 years

This introduces predictable compliance cycles, enabling better resource allocation and automation.

Mandatory CDD Requirements:

• Identify and verify customer and beneficial owner
• Understand ownership and control structures
• Validate source of funds and wealth
• Prohibit anonymous or pseudonymous accounts

Failure to complete CDD results in:

• Account denial or termination
• Mandatory STR filing

Enhanced Due Diligence (EDD): Targeting High-Risk Segments

EDD requirements apply to:

• Politically Exposed Persons (PEPs)
• Non-face-to-face customers
• Correspondent banking relationships
• High-risk jurisdictions
• Complex ownership structures (e.g., bearer shares)

Institutions must implement:

• Senior management approvals
• Source of wealth verification
• Enhanced transaction monitoring

This reflects a granular, risk-tiered compliance approach.

Wire Transfers and Payment Transparency: Closing Data Gaps

The guidelines impose strict controls on electronic funds transfers (EFTs):

• Transactions ≥ $1,000 require complete payer and payee information
• Monitoring for sanctioned entities and jurisdictions is mandatory
• Beneficiary institutions must validate incoming transfers

This aligns with FATF Recommendation 16 and strengthens cross-border transaction traceability.

The Expanding Role of the MLRO and Compliance Officers

The Money Laundering Reporting Officer (MLRO) is now central to AML governance:

Key Requirements:

• Direct access to the board of directors
• Independence from revenue-generating functions
• Full access to customer and transaction data
• Responsibility for STR reporting and investigations

Institutions must also:

• Appoint a senior-level Compliance Officer
• Ensure both roles are fit and proper
• Maintain unrestricted regulatory communication

This elevates AML from operational control to strategic governance function.

Internal Controls, Technology, and Emerging Risks

The guidelines explicitly address technology-driven risks, including:

• Digital banking channels
• Virtual assets and crypto services
• Non-face-to-face onboarding

Mandatory Actions:

• Conduct pre-launch risk assessments
• Implement multi-factor authentication
• Apply layered security frameworks

This reflects regulatory recognition that innovation = new AML vulnerabilities.

Proliferation Financing (PF): The Third Pillar of Compliance

A major addition is the formal integration of proliferation financing (PF) alongside ML and TF.

Obligations include:

• Monitoring transactions linked to WMD-related activities
• Immediate reporting of designated entities
• Freezing assets under UN Security Council resolutions

Failure to comply can result in:

• License revocation
• Asset forfeiture

This significantly expands the scope and complexity of AML compliance.

Record-Keeping, Training, and Governance

Record-Keeping:

• Maintain accurate and retrievable records
• Support audit trails and investigations

Training:

• Continuous AML training programs
• Staff awareness on suspicious activity detection

Governance:

• Independent audits of AML frameworks
• Group-wide AML policies for international entities

This ensures sustainability and consistency of compliance programs.

Penalties and Enforcement: A Strong Deterrence Framework

Non-compliance carries severe consequences:

• Fines up to $500,000
• Imprisonment up to 20 years (POCA-related offences)
• Administrative penalties:
  • $200,000 (institutions)
  • $50,000 (individuals)

Additionally:

• Regulatory sanctions
• Reputational damage
• Loss of operating license

This underscores that AML failures are no longer just compliance risks—they are existential risks.

Strategic Takeaways for AML Leaders

1. Risk-Based Compliance is Non-Negotiable

Static frameworks are obsolete—institutions must adopt dynamic risk models.

2. AML Must Be Embedded Across the Enterprise

Board-level accountability is now a regulatory expectation.

3. Data, Technology, and Automation Are Critical

Manual compliance cannot scale with evolving risks.

4. PF Risk is the New Frontier

Institutions must expand beyond ML/TF to include geopolitical risk intelligence.

5. Governance and Accountability Are Intensifying

MLROs and compliance teams are now strategic decision-makers.

Conclusion: From Regulatory Burden to Competitive Advantage

The 2026 AML/CFT/CPF Guidelines redefine compliance as a strategic capability rather than a regulatory obligation. Institutions that proactively adopt risk-based, technology-driven, and intelligence-led AML frameworks will not only meet regulatory expectations but also gain a competitive advantage in trust, resilience, and global market access.

For AML compliance leaders, the message is clear:
The future of compliance is real-time, risk-driven, and enterprise-wide.

Read about the Guidelines here.

Read about the product: Transact Comply

Empower your organization with ZIGRAM’s integrated RegTech solutions – Book a Demo