In the latest episode of Crypto Compliance podcast Pawel Kuskowski, CEO of Gatenox, and Carlos M. Martins, Chief Compliance Officer and MLRO of ZUBR, as well as Chairman of the Gibraltar Association of Compliance Officers (GACO), engaged in a discussion on the regulatory landscape of cryptocurrency in Gibraltar. Commencing the conversation with a query about Gibraltar’s flourishing economy, Pawel posed the question:
With 34,000 people and 50,000 cars, what’s happening in Gibraltar?
In response, Carlos expounded on the topic of crypto compliance, stating that Gibraltar has been one of the few countries to embrace distributed ledger technology (DLT) licenses from the outset. Gibraltar’s attractiveness as a destination for crypto businesses lies in the regulators’ steadfast adherence to compliance principles, which ensures that companies operating in the crypto sphere of Gibraltar are compliant. This engenders greater public trust in their crypto market, as businesses are under constant monitoring.
DLT Framework
At the start of 2018, Gibraltar instituted the DLT Framework, which bolstered flexibility, client interest protection, and the reputation of Gibraltar. The financial regulator of the peninsula welcomes fresh entities and industries and nurtures their growth.
DLT licenses enable individuals to engage in crypto exchanges, provide wallet services, act as custodian service providers, and even operate in a DLT-based marketplace that facilitates the buying and selling of goods and services, as per Carlos.

Conceptualising Transaction Processing In A DLT System, Kathryn Vagneur
He further explains that this sector is closely linked with other major industries such as finance, tourism, and gaming, which are highly regulated in Gibraltar. However, the key objective is not to attract numerous companies but to select a few high-quality ones, ensuring stable economic growth in a sustainable manner.
In comparison to the Bahamas, Pawel stresses the significance of caution and maintaining a compliant and regulated sector to avoid situations like the FTX scandal. With legal experts such as Joey Garcia, who has been a pioneer in regulating virtual currency and DLT, Gibraltar does not merely accept any business but ensures that entities entering their financial ecosystem are regulated and trustworthy.
Gibraltar Association of Compliance Officers (GACO)
Regarding the Gibraltar Association of Compliance Officers (GACO), Carlos notes that it is a non-profit organization that includes businesses ranging from high-value dealers to banks. GACO welcomes all Gibraltar-regulated entities and individuals, with a primary goal of providing education to all citizens to raise awareness of the AML sector, counter-terrorism finance, and proliferation finance.
GACO works closely with the Gibraltar Financial Intelligence Unit (GFIU), the fraud squad of Gibraltar police, which strengthens their awareness campaign and encourages people to act as gatekeepers. This has protected Gibraltar from fraudsters like Ruja Ignatova, also known as the crypto queen, who was the founder of OneCoin, labeled as “one of the biggest scams in history.”

What should an entity entering the Gibraltar market look for?
3P rule
For entities entering the Gibraltar market, Carlos advises proper training and understanding of the regulatory landscape. Additionally, they must ensure policies, processes, and procedures (the three Ps) are in place.
Policies are essential in ensuring that Customer Due Diligence (CDD) is carried out appropriately by assessing the risks associated with the company, identifying parameters necessary to evaluate those risks, and mitigating them. They ensure that all individuals entering the company are regulated and have provided sufficient documentation to verify their legitimacy. Policies also assist in detecting and investigating unusual activities and determining whether they are acceptable.
Processes and procedures assist companies in meeting the expectations established by policies. They aid in verifying an individual’s documents, monitoring everyday transactions, and enabling spot checks to ensure policy compliance. Gibraltar takes it one step further, requiring companies to conduct an independent audit of their compliance with the Proceeds of Crime Act (POCA) 2002. The auditor evaluates the effectiveness of the company’s policies, processes, and procedures in mitigating compliance risks.
GACO’s primary objective is to raise awareness of the three Ps and provide proper training to promote an ethical and compliant approach to conducting business. The organization’s goal is not to intimidate companies with compliance officers, but rather to encourage them to operate legitimately and avoid potential issues. Ultimately, it is crucial for individuals to understand the distinction between right and wrong.
How will the entity know what to do and what not to do?
Carlos responds that firstly, you need proper training and understanding of what is going on. Secondly, the three Ps must be ensured: policies, processes and procedures.
Watch the whole discussion: