AML/CFT Regulations issued by SECP
Framework for AML/CFT-Before June 2018 Header Framework for AML/CFT-Before June 2018 NBFCs: Circulars 12 of 2009; u/s 282B of the Companies Ordinance 1984 Stockbrokers: Rule 4.17 of the PSX Rule book read with the PSX KYC & CDD Guidelines dated Mar 16, 2012. Modarabas: Circular 29 of 2009 /s 11 of the Modaraba Companies and Modaraba (Floatation and Control) Ordinance, 1980; Insurers/ Takaful Operators: Directive u/s 40B read with section 20 (4) (u) and section 20 (6) (fa) and (g) of the SECP Act 1997. Guidance on UNSCR 1267 Compliance: 2015 Guidance for Compliance of SROs issued under UNSC Act, 1948 for implementation of UNSCR 1267 Framework obligated FI to undertake; KYC/CDD and determining BO for all new and existing customers Risk profiling of customers, EDD for high risk customers and PEPs STR reporting Appropriate internal controls Record keeping and updating Regular accession to the UNSC 1267 Consolidated List and immediate assets freeze of any listed individuals/ entities Compliance to the above made part of SECP's inspection manual enforced through SECP’ inspection regime Presentation Name/ Company Name:
Overview of Regulations The Securities and Exchange Commission of Pakistan (SECP) notified Anti Money Laundering and Countering Financing of Terrorism Regulations, 2018 in June 2018. The Regulations are fully compliant with Financial Action Task Force (FATF) Recommendations The regulations supersede all earlier circular/notifications which had separate anti money laundering (AML) and countering financial of terrorism (CFT) requirements for financial institutions regulated by the SECP These Regulations provide a single set of Regulations for all the aforementioned financial institutions with the aim to harmonize the AML/CFT regime.
SECP AML Regulations 2.Definitions 3.Risk Assessment 4.Risk Mitigation and Applying Risk Based Approach 5.New Products, Practices and Technologies 6.Customer Due Diligence 7.Beneficial Ownership of Legal Persons and Legal Arrangements 8.Identification of Beneficiary for Life Insurance or Takaful Policies 9.Enhanced Due Diligence 10.Politically Exposed Persons (PEPs) 11.Simplified Due Diligence 12.Reliance on Third Parties 13.Ongoing Monitoring 14.Reporting of Transactions (STRs/CTRs)
SECP AML Regulations MISCELLANEOUS: 15.Record Keeping 16.Foreign Branches and Subsidiaries 17.Correspondent Relationship 18.Appointment of Compliance Officer 19.Financial Groups 20.Screening and Training 21.Penalty 22.Repeal
3.Risk Assessment 1.A regulated person shall take appropriate steps to identify, assess and understand, its money laundering and terrorism financing risks. its customers; the jurisdictions or countries its customers are from or in; the jurisdictions or countries the regulated person has operations or dealings in; and the products, services, transactions and delivery channels of the regulated person.
2.Appropriate steps referred to in sub-regulation (1), shall include (a) documenting the regulated person risk assessments; (b) considering all the relevant risk factors before determining the level of overall risk and the appropriate type and extent of mitigation to be applied; (c) keeping the risk assessments up-to-date; (d) categorizing the overall entity level risk as high, medium or low based on the result of risk assessment; and (e) having appropriate mechanisms to provide its risk assessment information to the Commission.
4. Risk Mitigation and Applying Risk Based Approach. Counter measures should include: (a)develop and implement policies, procedures and controls, which are approved by its board of directors, to enable the regulated person to effectively manage and mitigate the risks that are identified in the risk assessment of ML/TF or notified to it by the Commission; (b) monitor the implementation of those policies, procedures and controls and enhance them if necessary; (c) perform enhanced measures where higher risks are identified, to effectively manage and mitigate those higher risks; and (d) have an independent audit function to test the system.
5.New Products, Practices and Technologies a) identify and assess the money laundering and terrorism financing risks the development of new products the use of new or developing technologies b) undertake the risk assessments, prior to the launch or use of such products c) pay special attention on those which favour anonymity
6. Customer Due Diligence 1.Anonymous accounts or an accounts in fictitious name not to be opened or maintained 2.CDD when establishing business relationship and when there is doubt about previously obtained customer identification data 3.CDD may include: identifying the customer or beneficial owner understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship monitoring of accounts/transactions on ongoing basis 4. Regulated person shall obtain such documents from different types of customers as provided in Annexure–I
5. Verification should be done before or during the course of establishing a business relationship or may complete verification after the establishment of the business relationship (a) this occurs as soon as reasonably practicable; (b) this does not interrupt the normal conduct of business; and the ML/TF risks are effectively managed.
(5a)A regulated person shall not form business relationship with entities and/or individuals that are: designated under the United Nations Security Council Resolutions and adopted by the Government of Pakistan; proscribed under the Anti Terrorism Act, 1997(XXVII of 1997); and associates/facilitators of persons mentioned in (a) and (b).” 6. Circumstances where the regulated person permits completion of verification after the establishment of the business relationship should be recorded in their CDD policies.
(7) For all persons, regulated person should determine whether the person is acting on behalf of a customer and should take reasonable steps to obtain- evidence to determine authority of such person to act on behalf evidence to determine authority of such person to act on behalf of the customer, which shall be verified through documentary evidence including specimen signature of the customer; identification and verification of the person purporting to act on behalf of the customer; identification and verification of the customer; 8. Each customer shall be categorized as high or low risk, depending upon the outcome of the CDD process. regulated person will maintain a list of all such customers/accounts where the business relationship was refused or needed to be closed on account of negative verification; where regulated person are not able to satisfactorily complete required CDD measures, account shall not be opened or any service provided /filing of STR
10. Regulated person are required to apply CDD requirement to its existing customers on the basis of materiality and risk and should conduct due diligence on existing relations at appropriate times. 11. where regulated person are not able to satisfactorily complete required CDD measures, account shall not be opened or existing business relationship shall be terminated and consideration shall be given if the circumstances are suspicious so as to warrant the filing of an STR in relation to the customer. 12. where regulated person forms a suspicion of money laundering or terrorist financing, and it reasonably believes that performing the CDD process will tip-off the customer, it may not pursue the CDD process, and instead should file an STR in accordance with regulation 14. 13.Government entities accounts shall not be opened in the personal names of the government officials /Special Resolution.
7.Beneficial Ownership of Legal Persons and Legal Arrangements 1.The regulated person shall acquire and use requisite information and data obtained from a reliable source, for the following purposes: understand the nature of the customer’s business and its ownership identify and verify the identity of the natural persons where there is doubt , verification of the natural person who effectively controls the legal person or who have executive authority should be done where no natural persons are identified under clause (b) or (c), identify the natural persons having executive authority in the legal person 2. Verification in case of trusts identify and verify the identity of the settlor, the trustee, the protector (if any), the beneficiaries (
8. Identification of Beneficiary for Life Insurance or Takaful Policies 1.An insurer/ takaful operator shall conduct the following CDD measures for the beneficiary of life insurance or takaful a Obtain the full name and identity of the beneficiary Verifications should occur at the time of payout. 2.Enhanced scrutiny in case the beneficiary are politically exposed persons and where higher risks are identified 3.Enhanced Due Diligence of beneficiary who is a legal person or a legal arrangement and is termed as High Risk reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of payout
9. Enhanced Due Diligence 1.Appropriate internal risk management systems, policies, procedures and controls should be in place to determine if any customer presents high risk of ML/TF. 2.EDD in case of: Customers/ policy holders belonging to countries which are non-compliant with anti-money laundering regulations according to FATF; Such body corporate, partnerships, associations and legal arrangements including non-governmental organizations or not- for-profit organizations which receive donations; and Legal persons or arrangements with complex ownership structures.
9. Enhanced Due Diligence (Cont) EDD measures include but are not limited to the following: (a)Obtain approval from regulated person senior management to establish or continue business relations with such customers; (b) establish, by appropriate means, the sources of wealth and/or funds or beneficial ownership of funds, as appropriate; including regulated person’ own assessment to this effect; and (c) conduct during the course of business relations, enhanced monitoring of business relations with the customer.
10. Politically Exposed Persons (PEPs) In relations to foreign and domestic PEPs, regulated person shall implement appropriate internal risk management systems, policies, procedures and controls to determine if any customer or a beneficial owner is a PEP. In case of foreign PEPs, regulated person shall perform EDD in accordance with sub-regulation (4) of regulation 9, in addition to other requirements of these regulations. In case of domestic PEPs, where business relationship poses higher risk, regulated person shall carry out EDD in accordance with sub-regulation (4) of regulation 9, in addition to other requirements of these regulations. The requirements of sub-regulations (2) and (3) are also applicable on family members and close associates of foreign and domestic PEPs.
11. Simplified Due Diligence 1. Simplified or reduced Customer Due Diligence / Know Your Customer measures can be applied to Low risk cases which may include: Regulated person and banks Public listed companies Insurance policies for pension schemes (if there is no early surrender option and the policy cannot be used as collateral) Life insurance policies where the premium is low Group insurance policies etc
11. Simplified Due Diligence (Cont) Measures are limited to the following: reducing the frequency of customer identification updates; reducing the degree of on-going monitoring and scrutinising transactions not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship
12. Reliance on Third Parties Regulated person may rely on a third party to conduct CDD on its behalf : obtain immediately, the necessary information relating to identification of the customer/BO Information relating to CDD will be made available from the third party upon request without delay; the third party is regulated, and supervised or monitored maintain data/ information confidentiality and non-disclosure agreement with the third party Jurisdiction of the third party Regulated person shall ultimately remain responsible for its AML/CFT obligations
13. Ongoing Monitoring All business relations with customers shall be monitored on an ongoing basis background and purpose of all complex and unusual transactions periodically review the adequacy of customer information obtained and information is to be kept up to date. (higher risk categories of customers ) customers’ profiles should be revised
5.Where regulated person files an STR on reasonable grounds for suspicion that existing business relations with a customer are connected with ML/TF the regulated person may considers it appropriate to retain the customer- (a) to substantiate and document the reasons for retaining the customer; and (b) the customer’s business relations with the regulated person shall be subject to proportionate risk mitigation measures, including enhanced ongoing monitoring. 6.Deleted 7. The regulated person should monitor their relationships with the entities and individuals mentioned in sub-regulation (5a) of regulation 6, on a continuous basis and ensure that no such relationship exists directly or indirectly, through ultimate control of an account and where any such relationship is found, the regulated person shall take immediate action as per law, including freezing the funds and assets of such proscribed entity/individual and reporting to the Commission
14. Reporting of Transactions (STRs/CTRs) To comply with the provisions of the AML Act and rules, regulations and directives issued Appropriate internal policies, procedures and controls should be in place for meeting their obligations under the AML Act Regulated person shall pay special attention to all complex and all unusual patterns of transactions STRS on transactions, which are out of character, are inconsistent with the history, pattern, or normal operation of the account or are not commensurate with the level of income STRs on attempted transactions/CTRs The basis of deciding whether an STR is to be filed or not, shall be documented Employees of regulated person are strictly prohibited to disclose the fact to the customer or any other quarter that a STR or related information is being reported Regulated person without disclosing the contents of STRs, shall intimate to the Commission on bi-annual basis the number of STRs reported to FMU
14A. Counter Measures against high risk countries Regulated persons shall adopt counter measures, including but not limited to, enhance due diligence proportionate to the risk, to the business relationship and transactions with their customer belonging to such countries for which this is called upon by FATF and/or as notified by the Federal Government. (2) The Commission, on the advice of the Federal Government regarding weakness in the AML/CFT systems of other counties, shall direct the Regulated Person to adopt counter measures in accordance with these regulations with the customers belonging to such countries.”
MISCELLANEOUS Record Keeping: all necessary records on transactions, both domestic and international, including the results of any analysis undertaken for Minimum 5 years Foreign Branches and Subsidiaries Ensure that their AML/ CFT policy is observed by branches and subsidiaries in countries which do not or insufficiently comply with FATF Recommendations.
MISCELLANEOUS (Cont.) 17. Correspondent Relationship: Assess the suitability of the respondent financial institution Gather adequate information about the respondent financial institution Determine from any available sources the reputation of the respondent financial institution and the quality of supervision Assess the respondent financial institution’s AML/CFT controls Regulated person shall pay special attention when establishing or continuing correspondent relationship with financial institutions which are located in jurisdictions that have been identified or called for by FATF High-risk Jurisdictions Shell Financial Institutions
MISCELLANEOUS (Cont.) Appointment of Compliance Officer Appoint a management level officer as compliance officer access to all customer records Responsibilities as defined under the Recommendation 18 Financial Groups implement group-wide programmes against ML/TF
20. Screening and Training have screening procedures to ensure high standards when hiring Employees develop and implement a comprehensive employee due diligence policy chalk out and implement suitable training program for relevant employees on annual basis 21. Penalty Any person who contravenes or fails to comply with any provision of these regulation made shall be liable to pay such sum as provided in section 40 of the Securities and Exchange Commission of Pakistan Act, 1997 (XLII of 1997), in addition to any penalty provided under AML Act.
Thankyou Email:sumera.baloch@fmu.gov.pk