AML/CFT Policy for Designated Non-Financial Business

AML/CFT Policy for Designated Non-Financial Business and Professions
(DNFBPs) & Other Non-Financial Sectors (Sector 5)
Presentation to Company Secretary and
Trust Company
14 August 2014
Financial Intelligence and Enforcement Department
@ Forum, Level 1, Sasana Kijang, Bank Negara Malaysia
1
Outline of Presentation
1. Introduction
2. Application of Risk-Based Approach
3. Customer Due Diligence and Other Requirements
4. AML/CFT Compliance Programme
5. Combating Financing of Terrorism
6. Non-Compliance
2
Introduction
Applicability
Applicable to:
A. Persons prescribed by the Minister or licensed by the Registrar of Companies to act as
a company secretary of a company (refer to as company secretaries) when they
prepare or carry out the following activities:
i.
act as a formation agent of legal entities;
ii. act as (or arrange for another person to act as) a director or secretary of a
company, a partner of a partnership, or a similar position in relation to other legal
entities;
iii. provide a registered office, business address or accommodation, correspondence
or administrative address for a company, a partnership, or any other legal entities
or arrangement;
iv. act as (or arrange for another person to act as) a trustee of an express trust; or
v. act as (or arrange for another person to act as) a nominee shareholder for
another person.
B.
Corporation as defined in the Public Trust Corporation Act 1995 and trust companies
as defined in the Trust Companies Act 1949 when they carry out the following
activities for their clientsi.
ac act as a formation agent of legal entities;
ii. act as (or arrange for another person to act as) a director or secretary of a
company, a partner of a partnership or any similar position in relation to other
entities;
iii. act as (or arrange for another person to act as) a trustee of an express trust; or
iv. act as (or arrange for another person to act as) a nominee shareholder for
another person.
3
Introduction
 Earlier issued Guideline:
Supersede
Standard Guidelines on Anti-Money Laundering and Counter Financing of
Terrorism (AML/CFT) (UPW/GP1); and
Sectoral Guidelines 6 for Designated Non-Financial Businesses and
Professions (DNFBPs) (UPW/GP[6])
 Any exemptions given to RI under the previous Standard Guidelines
4
Changes to the AML/CFT Policy
Key elements:
1
2
Strengthen the requirements
risk-based approach
for
Risk management function, risk assessment,
control & mitigation, profiling
Clarity in dealing with higher risk
countries
Countermeasures when dealing with higher
risk countries
3
Refine customer due diligence
(CDD) requirements to reflect
risk-based approach
Enhanced CDD, Politically Exposed Persons
(PEPs), verification documents, threshold
revision, simplified CDD
4
Enhance requirements on AML/CFT
Compliance Programme
Roles and Responsibilities of Board of
Directors, Senior Management and
Compliance Officers
5
Risk-Based Application : Expectations
1
2
Proper documentation of
process and rationale
Evidence on how findings
from risk assessment are
translated into policies and
procedures
6
Risk Based Approach Application (RBA)
Details
Risk
Management
Functions (RMF)
• Intensity and extensiveness of RMF proportionate with the NATURE,
SCALE and COMPLEXITY of the reporting institutions’ activities and
ML/TF risk profile.
•
Risk Assessment
Risk Control and
Mitigation
Risk
Profiling
AML/CFT risk management function must be aligned and integrated
with overall risk management function
• Identify, assess and understand RI’s exposures to ML/TF risks
• Keep the assessment up-to-date and documented
• Have policies, controls and procedures to manage identified risk
• Conduct independent control testing on their policies, controls and
procedures
• Based on CDD information
• Consider risk factors (e.g. customer, country or geography,
•
products and services and others)
Facilitate on-going monitoring
7
RISK ASSESSMENT
RISK PROFILING
1
2
3
Geography
Customer risk
• Resident or nonresident
Products,
services,
transactions/
delivery
channels
 Business location
 Cash-based
 Country of origin
 Non face-to-face
• Company structure
 Country on sanctions
list
 Simple/ complex
transactions
• PEPs
 Etc.
 Etc.
• Company
individual
or
RISK CONTROL AND MITIGATION
8
4
Other
information
• Suggesting higher
risk, if any
Customer Due Diligence (CDD)
1.
Three elements :
1
2
Identification
• Identify
• Sight ID document
3
Verification
• Take copy of ID
document
9
On-Going Due
Diligence
• Review and update
profile
• Transaction
monitoring
Customer Due Diligence (CDD): Identification
2.
When is CDD required (Identification)?
1
2
Establishing business
relations
3
If there is suspicion of
ML/TF
RI may complete verification after establishment IF:
- the ML/TF risks are assessed as low; and
- verification is not possible at the point of business
relationship
The following conditions must be satisfied:
- Occurs as soon as reasonably practicable
- Delay is essential as not to interrupt normal conduct
of business
- No suspicion of ML/TF risk, or ML/TF risks effectively
managed
10
Doubts on veracity &
adequacy of previously
obtained CDD
information
Customer Due Diligence (CDD): Identification
3.
What is required?
Principles
a) Identify and verify the customer using reliable,
independent source documents, data or
information.
Individual Customers
b) Verify that person carrying transaction on
behalf of other customer is authorised to do so.
c)
Identify the beneficial owner and take
reasonable measures to verify the identity of
the beneficial owner;
d) Find out the purpose and intended nature of
the business relationship
11
Legal persons/ legal
arrangements/ club, societies and
foundations
Customer Due Diligence (CDD): Verification of Documents
ACCEPTABLE DOCUMENTS FOR INDIVIDUAL
CUSTOMERS AND BENEFICIAL OWNER
• NRIC/ Passport
• Any other official documents
bearing the photograph of
the customer, provided that
the RI is satisfied with the
authenticity of the
document.
• If biometric ID is used,
verification requirement
deemed to have been
fulfilled.
If there is doubt – require the customer to produce other supporting official
identification documents bearing his/ her photograph
12
Customer Due Diligence (CDD): On Legal Persons
Identify and verify
customer
(a) Name, legal form and proof of existence
(b) Powers that regulate and bind customers
(c) Address of registered office
Identify and take reasonable measures to verify beneficial owner
(a) Identity of the natural person who ultimately has a controlling ownership interest in a legal
person
i. Identification of directors/shareholders with equity interest of 25% or more;
ii. Authorisation for any person to represent the company (letter of authority/ directors’
resolution); and
iii. NRIC / Passport to identify the authorised person
(b) If there is a doubt on the controlling interest - the identity of the natural person exercising control
through other means
(c) Where there is no natural person identified- the identity of the natural person who holds the
senior management position
Identification/verification of the beneficial owners up to the level of natural persons who are controlling entities
13
Customer Due Diligence (CDD): Enhanced CDD
1. Obtain CDD information
Requirements
Clients assessed as
higher risk
When is Enhanced CDD
Required?
Foreign PEPs
Other PEPs
assessed as higher
risk
2. Obtain
additional
information
3. Inquire on
source of wealth
or/and funds
4. Obtain approval from
Senior Management
Conditions
Customers from high
risk jurisdictions
(black list)
14
Customer Due Diligence (CDD): On PEPs
FOREIGN
DOMESTIC
INTERNATIONAL
ORGANISATION
…are individuals who are or have been entrusted with prominent public
functions by their respective governments or organisations
Heads of State or of government, senior politicians, senior
government, judicial or military officials, senior executives
of state owned corporations, important political party
officials
Members of senior
management , i.e. directors,
deputy directors and members
of the board or equivalent
functions.
PEPs do not include middle ranking or junior level individuals
15
Customer Due Diligence (CDD): PEPs
Politically Exposed Person
Take reasonable measures to determine whether a customer or beneficial
owner is a domestic PEP or person entrusted with prominent function in an
international organisation
Not a domestic PEPs / Not a
Person entrusted with
prominent function in an
international organisation
Domestic PEPs / Person entrusted with
prominent function in an international
organisation
Put in place risk management
system to determine whether a
customer is a foreign PEP
Foreign PEP
Assess the ML/TF risks
Not High Risk?
High Risk?
ENHANCED CDD
Normal CDD
16
Customer Due Diligence (CDD): On Clients from High Risk Countries
COUNTER MEASURES
Enhanced CDD
applies
(Automatic)
Countries having
on-going or
substantial ML/TF
risks
High Risk
Countries
• Limit business relationship
• Review and amend, if
necessary terminate,
correspondent relationship
• Conduct increased external
audit
• Report summary exposures to
FIED
• Other measures specified by
Bank Negara Malaysia
Apply
countermeasures,
proportionate to
the risk
HIGH
Countries having
strategic AML/CFT
deficiencies
Enhanced CDD
Assess risks
LOW
17
Normal CDD
Failure to Satisfactorily Complete CDD
1. If the customer does not want to cooperate or refuses to provide information What RI needs to do?
Potential Customers
Existing Customer
•
Shall not open the account or commence business relationship or
perform transaction
Shall terminate business relationship
CONSIDER submitting a STR – Decisions and rationales for the decision taken must be documented
2. If the RI believes that completing the CDD would tip-off the customer – What RI
needs to do?
•
Proceed with transaction
•
MUST submit STR to FIED, BNM
18
Other Requirements
Delayed
Verification
• If unable to conduct
CDD immediately,
must be completed
within 10 working
days
Record-keeping
• All records relating to
transactions, CDD etc
must be properly
maintained, for at least
6 years
19
Management
Information System
• Not necessarily
automated
• To commensurate with
nature, scale and
complexity of
operations
19
Role and Responsibilities of Compliance Officer
Higher expectation on role and duty of AML/CFT Compliance Officer
1
WHO
2
DUTY – to ensure:
RI’s compliance with AML/CFT requirements
Proper implementation of AML/CFT Procedures
1. Fit and proper
2. Necessary
knowledge and
expertise
Appropriate AML/CFT procedures and
implemented effectively
Communication channel between staff/
department and compliance department is
secured and kept confidential
Important Information:
 responsible for obligation under AMLATFA even if
operating as a group
 may appoint particular person (with management
responsibilities) within such group to perform the role of
compliance officer
20
AML/CFT Compliance Programme awareness to
all staff.
Internally generated STR are evaluated before
submission to FIED
Identification of ML/TF risks associated with new
products and services
Independent Audit Functions
• Additional requirements:
1
2
SCOPE
REPORTING
• Adequacy and effectiveness
of AML/CFT programme
• To the Board on assessment
of effectiveness and
adequacy of control;
• Reliability, integrity and
timeliness of internal and
regulatory reporting
• To FIED on findings and
corrective measures.
21
Suspicious Transaction Report: Reporting Mechanism
Requirements on reporting of STR are largely unchanged.
TIPPING OFF:
Internal reporting mechanism:
•
 RI to have in place policies on duration
taken by the head office Compliance
Officer to review internal STR and
circumstances the timeframe can be
exceeded
22
If RI has formed a suspicion of ML/TF
but believes that performing CDD
process would tip-off the customer, RI is
permitted not to pursue CDD, to
proceed with the transaction and
immediately file a STR
Suspicious Transaction Report: Info Required
Details of Subject
Reported
Transaction Details
Description of
Suspicious Transaction
•
•
•
•
•
•
•
•
Name of Subject
Identification No.
Address
Contact No.
Employment details i.e. occupation,
name of employer
Account No./ Policy No.
Transaction Amount
Transaction Date
• Reasons given by the reporting
institutions on why they feel the conduct
of account is suspicious
23
To facilitate
LEA’s
investigation
Combating Financing of Terrorism
Obligations under Part VIA of the AMLATFA applicable to any person
1
2
Updated and
maintain list
• UNSCR 1267
Consolidated List
• List under Section
66B (Domestic)
and Section 66C
(UNSC) (Part VIA)
• Other List
(Optional)
3
Check on
names
4
Freeze/ Reject
Report
 on new customers,
beneficial owners
and beneficiary
 freeze/ block fund
for existing
customers
• to FIED (including
attempted
transactions)
 existing customers
 reject
transactions for
new/ potential
customers
• inform relevant
supervisory
authority
 potential customers
 take measures to
ascertain identity –
not ‘false positive’
24
Effects of Non-Compliance with AMLATFA and Sector 5 Guidelines
1. Enforcement action can be taken against the reporting institution, including directors,
officers and employees for any non-compliance with the Guideline requirements
2. Penalties have been increased under the new AMLATFA. Penalties upon breach include:
Involve in ML/TF
(direct or indirect)
Imprisonment for a term not exceeding 15 years and fine of not less than 5
times the sum or value of the proceeds of an unlawful activity or
instrumentalities of an offence at the time the offence was committed or
RM5 million, whichever is higher
General Offence
(section 86) - e.g. for
failure to conduct CDD and
failure to adopt, develop
and implement AML/CFT
compliance programme
Fine not exceeding RM1 million
Retention of Records
Fine not exceeding RM3 million or imprisonment for a term not exceeding
five years or both
Opening Account in
False Name
Fine not exceeding RM3 million or imprisonment for a term not exceeding
five years or both
25
Questions?
Thank you
For further enquiries:
[email protected]
26

Download Report