aml/cft compliance general guidelines for ......aml/cft compliance - general guidelines for money...

General compliance guidelines to assist

money remittance institutions in their

compliance to the Law No. 10/2014

(Prevention of Money Laundering and

Financing of Terrorism Act) and the

regulations issued under that Act; and to

establish internal programs to combat

money laundering and terrorism financing

applicable to those institutions.

AML/CFT COMPLIANCE

GENERAL GUIDELINES

FOR MONEY

REMITTANCE

INSTITUTIONS

26 December 2016

FINANCIAL INTELLIGENCE UNIT

Maldives Monetary Authority Boduthakurufaanu Magu,

Malé, 20182,

Republic of Maldives Email: [email protected]

Web: www.mma.gov.mv/fiu

AML/CFT COMPLIANCE

GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS

CONTENTS

Introduction ............................................................................................................................................................................... 1

Scope ......................................................................................................................................................................................... 1

Applicability .............................................................................................................................................................................. 1

Acronyms................................................................................................................................................................................... 1

CHAPTER I – GENERAL ........................................................................................................................................................ 2

1- Money Laundering ...................................................................................................................................................... 2

2- Terrorism Financing .................................................................................................................................................... 2

3- Risk-Based Approach .................................................................................................................................................. 2

4- Risk Assessment .......................................................................................................................................................... 2

5- Risk Control and Mitigation ........................................................................................................................................ 3

6- Risk Profiling .............................................................................................................................................................. 3

CHAPTER II – AML/CFT PROGRAM .................................................................................................................................... 5

1- Board of Directors and Senior Management ............................................................................................................... 5

Board of Directors ............................................................................................................................................................ 5

Senior Management ......................................................................................................................................................... 6

Compliance Officer .......................................................................................................................................................... 6

2- Employee Due Diligence Procedures .......................................................................................................................... 7

3- Employee Training and Awareness Programs ............................................................................................................. 7

4- Independent Audit Function ........................................................................................................................................ 8

5- Internal Policies, Procedures, and Controls ................................................................................................................. 8

CHAPTER III – COMPLIANCE MEASURES ...................................................................................................................... 10

1- KYC and CDD .......................................................................................................................................................... 10

When to Conduct KYC and CDD? ................................................................................................................................ 10

What is Required? .......................................................................................................................................................... 10

CDD related to Combating the Financing of Terrorism ................................................................................................. 10

Verification of KYC and CDD Information ................................................................................................................... 11

Specific CDD Measures ................................................................................................................................................. 11

Enhanced CDD .............................................................................................................................................................. 13

On-Going Due Diligence ............................................................................................................................................... 13

Existing Customers ........................................................................................................................................................ 14

Politically Exposed Persons ........................................................................................................................................... 14

New Products and Business Practices ............................................................................................................................ 15

Transfers ........................................................................................................................................................................ 15

Reliance on Third Parties ............................................................................................................................................... 16

Non-Face-to-Face Business Relationship ....................................................................................................................... 16

Higher Risk Countries .................................................................................................................................................... 16

Unable to Comply with the CDD Measures ................................................................................................................... 16

Resource Allocation ....................................................................................................................................................... 17

2- Monitoring and Reporting ......................................................................................................................................... 17

Monitoring ..................................................................................................................................................................... 17

Suspicious Transaction Reporting .................................................................................................................................. 17

Tipping Off .................................................................................................................................................................... 18

Other Transaction Reports ............................................................................................................................................. 19

3- Record Keeping ......................................................................................................................................................... 19

4- Non-Compliance ....................................................................................................................................................... 19

CHAPTER IV – FEEDBACK AND INQUIRIES ................................................................................................................... 21

CHAPTER V – REFERENCE ................................................................................................................................................. 21

1- Useful Websites ........................................................................................................................................................ 21

2- Useful Reference Materials ....................................................................................................................................... 21

APPENDIX - EXAMPLES OF RED FLAGS ......................................................................................................................... 22

AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS

1

AML/CFT COMPLIANCE

GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS

Introduction This guidance document is issued by the Financial Intelligence Unit pursuant to the paragraph (5)

Section 27(c) of Law No. 10/2014 (Prevention of Money Laundering and Financing of Terrorism Act,

hereinafter referred to as the PMLFTA).

The purpose of this document is to assist money transfer institutions other than licensed banks and

mobile payment services providers permitted or licensed by Maldives Monetary Authority to conduct

money remittance or funds transfer services in their compliance to the PMLFTA and the regulations

issued under this Act and to establish internal programs to combat money laundering and terrorism

financing that is applicable to those institutions. These money transfer institutions bear the

responsibility to establishment of such programs and must ensure that its permitted services are not

being used to launder unlawfully derived funds or to finance terrorist acts.

Scope This document uses plain language to explain the relevant compliance aspects in the PMLFTA as well

as the related Regulations. It is provided as compliance guidance only. It is not legal advice, and is not

intended to replace the PMLFTA and Regulations.

This document intends to cover the following:

1- obligations of money transfer institutions with respect to the requirements imposed under the

PMLFTA;

2- requirements imposed on money transfer institutions in implementing a risk-based approach

in managing ML/TF risks; and

3- roles of the Board of Directors and Senior Management of money transfer institutions in

putting in place the relevant AML/CFT measures.

Applicability All on-shore and off-shore money transfer institutions, other than banks and mobile payment service

providers, licensed by the Maldives Monetary Authority pursuant to relevant laws and regulations are

recommended to refer to this document and be guided by this document in their compliance to the

PMLFTA and the applicable regulations issued under this law.

The Financial Intelligence Unit reserves the right to amend and make relevant changes to this

document.

Acronyms AML – anti-money laundering

CFT – combatting the financing of terrorism

CDD – customer due diligence

KYC – know your customer

FATF – Financial Action Task Force

ML – money laundering

TF – terrorism financing


2

CHAPTER I – GENERAL

1- Money Laundering

Money laundering is the process by which criminals attempt to conceal the true origin and ownership

of the proceeds of their criminal activities.

While the techniques for laundering funds vary considerably and are often highly intricate, there are

generally three stages in the process:

Placement - the physical disposal of cash proceeds derived from illegal activity;

Layering - separating illicit proceeds from their source by creating complex layers of financial

transactions designed to disguise the source of money, subvert the audit trail and provide

anonymity; and

Integration - creating the impression of apparent legitimacy to criminally derived wealth.

These three stages may occur as separate and distinct phases. They may also occur simultaneously or,

more commonly, they may overlap. How the basic steps are used depends on the available laundering

mechanisms and the requirements of the criminals.

If the layering process has succeeded, integration schemes place the laundered proceeds back into the

economy in such a way that they re-enter the financial system appearing to be normal business funds.

Money remittance services are often used by money launderers and terrorist financiers in layering

stage to disguise the origin and real purposes of funds.

Money remittance institutions are therefore placed with a statutory duty to make a disclosure to the

authorized officer when knowing or suspecting that any property, in whole or in part, directly or

indirectly, representing the proceeds of an offence or is connected to terrorism financing, or was or is

intended to be used in that connection is passing through the institution. Such disclosures are

protected by law, enabling the person with information to be able to disclose the same without the risk

of breaching their duty of confidentiality owed to customers.

2- Terrorism Financing

Financing of terrorism generally refers to carrying out transactions involving funds or property,

whether from a legitimate or illegitimate source, that may or may not be owned by terrorists, or those

have been, or are intended to be used to assist the commission of terrorist acts, and/or the financing of

terrorists and terrorist organisations.

The major difference between money laundering and terrorism financing is that the funds used in

terrorism financing maybe legitimate funds whereas money laundering involves funds or property that

are proceeds crime.

3- Risk-Based Approach

In the context of “Risk-Based Approach”, the intensity and extensiveness of risk management

functions shall be proportionate to the nature, scale and complexity of the money remittance

institution’s activities and ML/TF risk profile. The institution’s AML/CFT risk management function

must be aligned and integrated with their overall risk management control function.

4- Risk Assessment

Money remittance institutions are required to take appropriate steps to identify, assess and understand

their ML/TF risks in relation to the nature and size of the institution’s business, including whether

there are multiple subsidiaries, branches or agent networks offering financial products and services;

the risk profile of its customers, including whether their customer base is more diverse across


3

different geographical locations; the extent to which the products and services offered are consistently

below a given threshold; and the extent to which the institution is vulnerable to ML/TF threats.

In identifying and assessing indicators of ML/TF risk to which they are exposed, money remittance

institutions should consider a range of factors which may include:1

The nature, scale, diversity and complexity of their business and their target markets;

The proportion of customers already identified as high risk;

The jurisdictions the institution is operating in or otherwise exposed to, either through its own

activities or the activities of customers, especially in jurisdictions with greater vulnerability

due to contextual and various risk factors such as the prevalence of crime, corruption,

financing of terrorism, as well as the general level and quality of governance, law

enforcement, AML/CFT controls, regulation and supervision, including those listed by FATF;

The distribution channels, including the extent to which the institution deals directly with the

customer and the extent to which it relies (or is allowed to rely) on third parties to conduct

CDD, the complexity of the payment chain and the settlement systems used between

operators in the payment chain, the use of technology and the extent to which agent networks

are used;

The internal audit and regulatory findings; and

The volume and size of its transactions, considering the usual activity of the institution and

the profile of its customers.

In assessing ML/TF risks, money remittance institutions shall have the following processes in place:

1- documenting their risk assessments and findings;

2- considering all the relevant risk factors before determining what is the level of overall risk

and the appropriate level and type of mitigation to be applied;

3- keeping the assessment up-to-date through a periodic review; and

4- having appropriate mechanisms to provide risk assessment information to the supervisory

authority.

Money remittance institutions are required to conduct additional risk assessment as and when required

by the Financial Intelligence Unit or the respective supervisory authority.

5- Risk Control and Mitigation

Money remittance institutions are required to:

have policies, controls and procedures to manage and mitigate ML/TF risks that have been

identified;

monitor the implementation of those policies, controls, procedures and to enhance them if

necessary; and

take enhanced measures to manage and mitigate the risks where higher risks are identified.

Money remittance institutions must conduct independent control testing on their policies, controls and

procedures for the purpose of monitoring the implementation of their risk control and mitigation

policies mentioned above.

6- Risk Profiling

Money remittance institutions may conduct risk profiling on their customers, considering the

following risk factors:

1- customer risk (e.g. resident or non-resident, type of customers, occasional or one-off

transactions, legal person structure, types of PEP, types of occupation);

2- geographical location of business, country of origin of customers or destination of the

recipient;

1 FATF Guidance for a Risk-Based Approach - Money or Value Transfer Services (February 2016)


4

3- products, services, transactions or delivery channels (e.g. cash-based, face-to-face or non

face-to-face, cross-border); and

4- any other information suggesting that the customer is of higher risk.

The risk control and mitigation measures implemented shall commensurate with the risk profile of a

particular customer or type of customer. Upon the initial acceptance of the customer, money

institutions may regularly review and update the customer’s risk profile based on their level of ML/TF

risks.


5

CHAPTER II – AML/CFT PROGRAM In order to discharge the statutory responsibility to detect possible attempts of money laundering or

financing of terrorism, every money remittance institution must have an AML/CFT program which

should, at a minimum, include:

Internal policies, procedures, and controls;

Designation of a principal Compliance Officer;

Recruitment and training of its employees and agents; and

Audit of AML/CFT policies, procedures and controls.

Where applicable, the AML/CFT program must be applicable and appropriate to all branches,

subsidiaries and agents of the institution.

1- Board of Directors and Senior Management

Board of Directors

Members of Board of Directors (the Board) must be aware of their roles and responsibilities in

managing ML/TF risks faced by a money remittance institution, as well as the ML/TF risks associated

with business strategies, delivery channels and geographical coverage of its business products and

services.

The Board must understand the AML/CFT measures required by the laws including the PMLFTA,

subsidiary legislations and instruments issued under the PMLFTA, and the industry's standards and

best practices as well as the importance of implementing AML/CFT measures to prevent the

institution from being abused by money launderers and financiers of terrorism.

Generally, the Board has the following roles and responsibilities:

maintain accountability and oversight for establishing AML/CFT policies and minimum

standards.

approve policies regarding AML/CFT measures within the institution, including those

required for risk assessment, mitigation and profiling, CDD, record keeping, on-going due

diligence, reporting of suspicious transactions and combating the financing of terrorism.

establish appropriate mechanisms to ensure the AML/CFT policies are periodically reviewed

and assessed in line with changes and developments in the institution's products and services,

technology as well as trends in ML/TF.

establish an effective internal control system for AML/CFT and maintain adequate oversight

of the overall AML/CFT measures undertaken by the institution.

define the lines of authority and responsibility for implementing the AML/CFT measures and

ensure that there is a separation of duty between those implementing the policies and

procedures and those enforcing the controls.

ensure effective internal audit function in assessing and evaluating the robustness and

adequacy of controls implemented to prevent ML/TF.

assess the implementation of the approved AML/CFT policies through regular reporting and

updates by the Senior Management and Audit Committee.

establish systems that is reflective of the nature of the institution's operations, size of

business, complexity of business operations and structure, risk profiles of products and

services offered by the institution and geographical coverage.

NOTE: Where a Board does not exist, the Senior Management of that money remittance institution

shall be considered as having the responsibilities of the Board.


6

Senior Management

The Senior Management is responsible for the implementation and management of AML/CFT

compliance programmes in accordance with policies and procedures established by the Board,

requirements of the law, regulations, guidelines and the industry’s standards and best practices.

The Senior Management has the following roles and responsibilities:

be aware of and understand the ML/TF risks associated with business strategies, delivery

channels and geographical coverage of its business products and services offered and to be

offered including new products, new delivery channels and new geographical coverage;

formulate AML/CFT policies to ensure that they are in line with the risks profiles, nature of

business, complexity, volume of the transactions undertaken by the institution and its

geographical coverage;

establish appropriate mechanisms and formulate procedures to effectively implement

AML/CFT policies and internal controls approved by the Board, including the mechanism

and procedures to monitor and detect complex and unusual transactions;

ensure review and propose to the Board the necessary enhancements to the AML/CFT

policies to reflect changes in the institution's risk profiles, institutional and group business

structure, delivery channels and geographical coverage;

provide timely periodic reporting to the Board on the level of ML/TF risks facing the

institution, strength and adequacy of risk management and internal controls implemented to

manage the risks and the latest development on AML/CFT which may have an impact on the

institution;

allocate adequate resources to effectively implement and administer AML/CFT compliance

programmes that are reflective of the size and complexity of the institution's operations and

risk profiles;

ensure all the necessary remedial actions proposed by the Financial Intelligence Unit and the

regulator on AML/CFT compliance issues;

appoint a compliance officer at management level at the local Head Office with sufficient

authority and establish effective compliance mechanisms at each branch or subsidiary;

provide appropriate levels of AML/CFT training for its employees at all levels throughout the

institution;

ensure that there is a proper channel of communication in place to effectively communicate

the AML/CFT policies and procedures to all levels of employees;

ensure that AML/CFT issues raised are addressed in a timely manner; and

ensure the integrity of employees by establishing appropriate employee assessment system.

Compliance Officer

The Compliance Officer acts as the reference point for AML/CFT matters within a money remittance

institution. The Compliance Officer must have sufficient knowledge, resources, stature, authority and

seniority within the institution to participate and be able to effectively implement decisions of the

Board and the Senior Management relating to AML/CFT. The Compliance Officer is required to be

“fit and proper” to carry out his AML/CFT responsibilities effectively, based on the following criteria

at minimum:

probity, personal integrity and reputation; and

competency and capability.

The Compliance Officer must have the necessary knowledge and expertise to effectively discharge his

roles and responsibilities, including being informed of the latest developments in ML/TF techniques

and the AML/CFT measures undertaken by the industry.

Money remittance institutions are required to ensure that the roles and responsibilities of the

Compliance Officer are clearly defined and documented.


7

The Compliance Officer has a duty to ensure the following:

the institution's compliance with the AML/CFT requirements;

proper implementation of the AML/CFT policies;

the appropriate AML/CFT procedures, including CDD, record keeping, on-going due

diligence, reporting of suspicious transactions and combating the financing of terrorism, are

implemented effectively;

the AML/CFT mechanism is regularly assessed to ensure that it is effective and sufficient to

address any change in ML/TF trends;

the channel of communication from the respective employees to the branch, subsidiary and

agents, is secured and that information is kept confidential;

all employees are aware of the institution's AML/CFT measures, including policies, control

mechanism and the channel of reporting;

internally generated suspicious transaction reports are appropriately evaluated before

submitted to the Financial Intelligence Unit;

the identification of ML/TF risks associated with new products or services or arising from the

institution's operational changes, including the introduction of new technology and processes;

and

act as the main contact person for the Financial Intelligence Unit on behalf of the institution

on AML/CFT measures.

Institutions must inform, in writing, the Financial Intelligence Unit on the appointment or change in

the appointment of the Compliance Officer, including such details as the name, designation, office

address, office telephone number, fax number, e-mail address and such other information as may be

required.

2- Employee Due Diligence Procedures

The employee due diligence procedures shall apply upon hiring the employee and throughout the

course of employment.

Institutions are required to establish an employee assessment system that is commensurate with the

size of operations and risk exposure of the institutions to ML/TF. The employee assessment system

shall include an evaluation of an employee’s personal information, including criminal records,

employment and financial history.

The employees must be made aware that they may be held personally liable for any failure to observe

the AML/CFT requirements and institutions are required to have proper remedial and administrative

actions applicable for the employees who violate the institution’s own policies and procedures,

including the institution’s AML/CFT policies and procedures, and shall keep record of the actions

taken.

3- Employee Training and Awareness Programs

Money remittance institutions are required to conduct awareness and training programs on AML/CFT

practices and measures for their employees. Such training must be conducted regularly and

supplemented with refresher trainings.

Every institution must make available its AML/CFT policies and procedures for all employees and its

documented AML/CFT measures must contain at least the following:

the relevant laws and regulations issued by the MMA;

the relevant documents on the enforcement of AML/CFT issued by the Financial Intelligence

Unit or relevant supervisory authorities; and

the institution’s internal AML/CFT policies and procedures.


8

The training conducted for employees must be appropriate to their level of responsibilities in

detecting ML/TF activities and the risks of ML/TF faced by the institution. In addition, training for all

employees may provide a general background on ML/TF, the requirements and obligations to monitor

and report suspicious transactions to the Compliance Officer and the importance of CDD.

Front-Line Employees: Front-line employees may be trained to conduct effective on-going CDD,

detect suspicious transactions and on the measures that need to be taken upon determining a

transaction as suspicious. Training may also be provided on factors that may give rise to suspicion,

such as transacting in large cash volumes, PEPs, higher risk customers and the circumstances where

enhanced CDD is required.

Employees that Establish Business Relationships: The training for employees who establish

business relationship may focus on customer identification, verification and CDD procedures,

including when to conduct enhanced CDD and circumstances where there is a need to defer

establishing business relationship with a new customer until CDD is completed satisfactorily.

Supervisors and Managers: The training on supervisors and managers may include overall aspects

of AML/CFT procedures, in particular, the risk-based approach to CDD, risk profiling of customers,

enforcement actions that can be taken for non-compliance with the relevant requirements pursuant to

the relevant laws and procedures related to combat money laundering and the financing of terrorism.

4- Independent Audit Function

The Board is responsible to ensure regular independent audits of the internal AML/CFT measures to

determine their effectiveness and compliance with the PMLFTA, its regulations, subsidiary

legislations and the relevant documents on AML/CFT issued by the Financial Intelligence Unit as

well as the requirements of the relevant laws and regulations of other supervisory authorities, where

applicable.

The Board is required to ensure that the roles and responsibilities of the auditor are clearly defined

and documented. The roles and responsibilities of the auditor include, at a minimum:

(a) checking and testing the compliance with, and effectiveness of the AML/CFT policies,

procedures and controls; and

(b) assessing whether current measures are in line with the latest developments and changes to

the relevant AML/CFT requirements.

The scope of independent audit shall include, at a minimum:

a) compliance with PMLFTA, its subsidiary legislation and instruments issued under the

PMLFTA;

b) compliance with the institution’s internal AML/CFT policies and procedures;

c) adequacy and effectiveness of the AML/CFT compliance programme; and

d) reliability, integrity and timeliness of the internal and regulatory reporting and management of

information systems.

The institutions must ensure that the auditor submit a written audit report to the Board to highlight the

assessment on the effectiveness of AML/CFT measures and any inadequacy in internal controls and

procedures. Institutions must ensure that records of such audit findings and the necessary corrective

measures undertaken are kept and made available to the Financial Intelligence Unit and their relevant

supervisory authorities once requested.

5- Internal Policies, Procedures, and Controls

Each money remittance institution must establish and implement policies, procedures, and internal

controls in its AML/CFT program. These policies, procedures, and internal controls shall be in writing

and approved by the Board and subject to continuous or periodic review. At minimum, the following

shall be included in these policies, procedures, and internal controls:


9

KYC/CDD and Customer Acceptance

Monitoring and Reporting

Risk Assessment and Risk Mitigation

Record-keeping

Audit

Employee Due Diligence and Training

Such policies, procedures, and internal controls must be easily accessible to the relevant employees at

least during the office hours.


10

CHAPTER III – COMPLIANCE MEASURES

1- KYC and CDD

Considering the potential threat of usage of the cash-intensive alternate remittance systems by a

money launderer, money remittance institutions should make reasonable efforts to determine the true

identity of all customers requesting for their services. Hence effective procedures should be put in

place to obtain and verify the requisite details for proper identification of new customers.

Every institution is expected to obtain satisfactory evidence of the identity and legal existence of the

customer and beneficial owner at the point of establishing the business relationship.

Money remittance institutions must not keep anonymous accounts or accounts in fictitious names or

conduct a single transaction with a customer whose identity cannot be properly verified.

When to Conduct KYC and CDD?

Money remittance institutions must conduct CDD on the customer and the person conducting the

transaction, when:

1- establishing business relationships or conducting a single transaction;

2- it has any suspicion of ML/TF, regardless of amount; or

3- it has any doubt about the veracity or adequacy of previously obtained information.

In conducting a single transaction, institutions may conduct simplified CDD on the customer,

beneficial owner and beneficiary for the remittance service the institutions provide based on the risks

the institutions may have identified or the regulator or the Financial Intelligence Unit has identified.

What is Required?

Money remittance institutions are required to:

identify the customer and verify that customer’s identity using reliable, independent source

documents, data or information;

verify that any person purporting to act on behalf of the customer is so authorised, and

identify and verify the identity of that person;

identify the beneficial owner and take reasonable measures to verify the identity of the

beneficial owner, using the relevant information or data obtained from a reliable source, such

that the institution is satisfied that it knows who the beneficial owner is; and

understand and, where relevant, obtain information on, the purpose and intended nature of the

business relationship or the single transaction.

A customer who fails to provide evidence of his identity must not be allowed to engage in business

relations with the institution or conduct a single transaction. Additional measures must be undertaken

to determine whether to proceed with the business relationship or the single transaction, where initial

checks fail to identify the customer or give rise to suspicions that the information provided is false and

could not be adequately verified.

CDD related to Combating the Financing of Terrorism

Money remittance institutions are required to keep updated with the various counter terrorism related

resolutions passed by the United Nations Security Council (UNSC) under the authority of Chapter VII

of the United Nations’ Charter on counter terrorism measures, in particular the UNSC Resolutions

1267 (1999), 1988 (2011) and 1989 (2011) which require sanctions against individuals and entities

belonging or related to Taliban and Al-Qaida.

Institutions should not conduct or continue any business relationship or a single transaction with or

involving the individuals and entities the UNSC designates as per the relevant resolutions.


11

In addition to the above sanction lists, all the necessary steps must be taken to ensure other applicable

UN sanctions on nations, individuals and entities are taken into consideration when establishing

business relationships and conducting single transactions.

The Financial Intelligence Unit will provide updates on the changes (additions, changes in the

information and removal) to those lists with specific instructions to the institutions.

Institutions must conduct checks on the names of new customers, as well as regular checks on the

names of existing customers and potential customers, against the names in the database. If there is any

name match, institutions are required to take reasonable and appropriate measures to verify and

confirm the identity of its customer. Once confirmation has been obtained, institutions must

immediately:

a) freeze the customer’s funds or block the transaction (where applicable), if it is an existing

customer

b) reject the potential customer, if the transaction has not commenced

c) submit a suspicious transaction report to the Financial Intelligence Unit

Money remittance institutions must also submit a suspicious transaction report when there is an

attempted transaction involving any of the persons listed in the UN consolidated lists.

Institutions may also consolidate their database with the other recognised lists of designated persons

or entities issued by the Government of Maldives and other jurisdictions.

Verification of KYC and CDD Information

Apart from identification, money remittance institutions are required to verify the identity of its

customer, beneficial owner and beneficiary for all the transactions they conduct regardless of the

amounts involved.

The verification of the identity of the beneficiary must occur for all the transactions conducted, and

using relevant identification documents issued by designated Government authorities.

Institutions must verify the information referred to under the above paragraph by requiring the

customer or beneficial owner, as the case may be, to furnish the original document and make a copy

of the said document for record-keeping purposes. Institutions must also ensure that all the

identification documents are valid at the time of obtaining that information.

Specific CDD Measures

Individual Customer and Beneficial Owner: In conducting CDD on natural persons and beneficial

owners, institutions must obtain the relevant information including, but not limited to:

full name;

National Identity (NID) number, passport number or visa number of the customer or

beneficial owner;

residential and mailing address;

date of birth;

nationality;

occupation type;

name of employer or nature of self-employment/ nature of business;

contact number (home, office or mobile); and

purpose of the business relationship or transaction.

Money remittance institution must take all the necessary steps where a third party conducts a

transaction on behalf of a customer. In such cases, institutions must ensure collecting and verifying all

the necessary customer identification information of the actual transaction originator and the person


12

physically attending the institution, its branch, subsidiary or agent. In addition, necessary steps must

be taken to ensure the person is authorized to conduct transaction on behalf of the originator.

Legal Persons: For customers that are legal persons, institutions are required to understand the nature

of the customer’s business, its ownership and control structure.

Money remittance institutions shall identify the customer and verify its identity through the following

information, whichever is applicable:

name, legal form and proof of existence (such as Memorandum and Articles of Association,

Certificate of Incorporation and/or partnership agreements)

the powers that regulate and bind the customer such as directors’ resolution, as well as the

names of relevant persons having a senior management position; and

the address of the registered office and, if different, a principal place of business.

Money remittance institutions shall identify and take reasonable measures to verify the identity of

beneficial owners through the following information:

the identity of the natural person(s) (if any) who ultimately has a controlling ownership interest in

a legal person. At minimum, this includes the following:

o identification document of Directors/Shareholders or partners with equity interest of more

than twenty five percent;

o authorisation for any person to represent the company or business either by means of a letter

of authority or directors’ resolution; and

o relevant documents such as NID Card for Maldivians, permanent resident or passport for

foreigners, to identify the identity of the person authorised to represent the company or

business in its dealings with the institution.

to the extent that there is doubt as to whether the person(s) with the controlling ownership interest

is the beneficial owner(s) referred to in the above paragraph or where no natural person(s) exert

control through ownership interests, the identity of the natural person (if any) exercising control

of the legal person through other means; and

where no natural person is identified under the above paragraphs, the identity of the relevant

natural person who holds the position of senior management.

It is important to note that it might not be practical to identify and verify all the shareholders of an

entity listed in a stock exchange licensed by the Capital Market Development Authority. However,

institutions shall take all necessary steps to ensure identification and verification of the Board of

Directors and majority shareholders of those entities for KYC and CDD purposes.

Legal Arrangements and Trusts: For the purposes of this document, legal arrangements refer to

express trusts and other similar legal arrangements where a private or court-mediated agreement

between a debtor and unsecured creditors, under which the creditors agree to settle for a certain

fraction of monies owed by the debtor.

For customers that are legal arrangements, institutions are required to understand the nature of the

customer’s business, its ownership and control structure.

Institutions shall identify the customer and verify its identity through the following information:

name, legal form and proof of existence, or any reliable references to verify the identity of the

customer;

the powers that regulate and bind the customer, as well as the names of relevant persons

having a senior management position; and

the address of the registered office, and if different, a principal place of business.

Institutions are required to identify and take reasonable measures to verify the identity of beneficial

owners through the following information:


13

for trusts, the identity of the settler, the trustee(s), the protector (if any), the beneficiaries or

class of beneficiaries, and any other natural person exercising ultimate effective control over

the trust (including through a chain of control/ ownership); or

for other types of legal arrangements, the identity of persons in equivalent or similar

positions.

For the purpose of identifying beneficiaries of trusts that are designated by characteristics or by class,

institutions are required to obtain sufficient information concerning the beneficiary in order to be

satisfied that it would be able to establish the identity of the beneficiary when the beneficiary intends

to exercise vested rights.

Non-Profit Organisations: For customers that are non-profit organisations such as clubs, societies or

charities, institutions shall conduct CDD and require the customers to furnish the relevant

identification and constituent documents (or other similar documents) including certificate of

registration and the identification and verification of the office bearer or any person authorised to

represent the non-profit organization.

Institutions are required to take reasonable measures to identify and verify the beneficial owners of

non-profit organisations.

Enhanced CDD

Money remittance institutions shall perform enhanced CDD where the ML/TF risks are assessed as

higher risk. Enhanced CDD shall include at least, the following:

obtaining CDD information of the intended beneficiary;

identify and verify the true purpose of the funds remitted;

obtaining the source of wealth or source of funds;

obtaining approval from the Senior Management of the institution before executing the

transaction or establishing (or continuing, for existing customer) such business relationship

with the customer.

The following categories of customers and transactions are classified as high risk:

1- politically exposed persons who are or have been entrusted with prominent public functions in

the Maldives or any foreign country as well as members of such person’s family or those

closely associated with him/her

2- persons from an area or location identified as being a high risk area

3- transactions that were successfully used in the past to promote or hide illegal or terrorist

activities

4- if institution has any doubts about the veracity or adequacy of previously obtained

information

5- persons and entities designated by United Nations Security Council

In addition, the Financial Intelligence Unit may designate additional categories that require enhanced

CDD measures.

Regardless of the risks identified above, institutions are required to conduct their own risk

assessments and determine high risk customers and transactions to apply enhanced due diligence

measures.

On-Going Due Diligence

Money remittance institutions are required to conduct on-going due diligence on the business

relationship with its customers.

Such measures shall include:


14

scrutinising transactions undertaken throughout the course of that relationship to ensure that

the transactions being conducted are consistent with the institution’s knowledge of the

customer, their business and risk profile, including where necessary, the source of funds and

purpose of transactions

ensuring that documents, data or information collected under the CDD process is kept up-to-

date

if relevant, by undertaking reviews of existing records particularly for higher risk customers.

In conducting on-going due diligence, institutions may take into consideration the economic

background and purpose of any transaction or business relationship which:

appears unusual;

is inconsistent with the expected type of activity and business model when compared to the

volume of transaction;

does not have any apparent economic purpose;

casts doubt on the legality of such transactions, especially with regard to complex and large

transactions or involving higher risk customers; or

casts doubt about the veracity of previously provided information.

The frequency of the on-going due diligence or enhanced on-going due diligence, as the case may be,

shall commensurate with the level of ML/TF risks posed by the customer based on the risk profiles

and nature of transactions.

Institutions may increase the number and timing of controls applied, and to select patterns of

transactions that need further examination when conducting enhanced on-going due diligence.

Existing Customers

Money remittance institutions must apply CDD requirements to existing customers on the basis of

risk, at appropriate times, taking into account whether and when CDD measures have previously been

undertaken and the adequacy of information obtained.

In assessing risk of the existing customers, institutions may consider the following circumstances:

the nature and circumstances surrounding the transaction including the significance of the

transaction;

any material change in the way the account or business relationship is operated; and/or

insufficient information held on the customer or change in customer’s information.

Regardless of the assessment of risks as mentioned above, institutions shall take reasonable measures

to ensure their entire customer CDD information are up-to-date.

Politically Exposed Persons

Money remittance institutions are required to take reasonable measures to determine whether the

customer, beneficial owner, or, where required, the beneficial owner of the beneficiary, are politically

exposed persons (PEPs).

PEPs are defined as any person (foreign or domestic) who is or has been entrusted with prominent

public functions in the Maldives or any foreign country as well as members of such person’s family or

those closely associated with the person.

These include:

heads of states (example: presidents, vice presidents and prime ministers)

cabinet ministers and state ministers

members of parliament

judges and magistrates

elected council members


15

members and senior most officials of a state agency or institution

senior military officials

board members of state owned enterprises

senior officials appointed as per the provisions of a specific law (example: Head of Financial

Intelligence Unit)

senior political appointees of a government (example: coordinators at various ministries)

foreign and local diplomats

senior political party members

If the customer, a beneficial owner or the beneficiary is a PEP, institutions shall assess the level of

ML/TF risks posed by the business relationship with the PEP. The assessment of the ML/TF risks

shall take into account the profile of the customer.

Generally all PEPs, whether current or previous are considered as PEPs and therefore high risk.

However, institutions may conduct enhanced due diligence on PEPs, whether previous or current,

depending on the PEP’s capacity to influence public functions.

New Products and Business Practices

Money remittance institutions shall identify and assess the ML/TF risks that may arise in relation to

the development of new products and business practices, including new delivery mechanisms, and the

use of new or developing technologies for both new and pre-existing products.

Institutions are required to:

undertake the risk assessment prior to the launch or use of such products, practices and

technologies; and

take appropriate measures to manage and mitigate the risks.

Transfers

Money remittance institutions must comply with the CDD requirements on combating money

laundering and financing of terrorism specified in this document in carrying out domestic and

international transfers, and shall maintain all originator and beneficiary information collected in

accordance with record keeping requirements.

With respect to transfers, institutions must:

1- ensure that full originator information, with the name, address, and account number of a

person who originates a funds transfer and related messages remain with the transfer and

messages throughout the payment chain

2- ensure that full originator information is included in the batch file, provided that it is

sufficient to include the originator’s account number on each individual electronic fund

transfer in the batch

3- have appropriate risk management procedures for electronic fund transfers that do not include

full originator information and shall, in high risk situations, reject the transfer, unless it is

fully satisfied that the funds received are not connected with any suspicious activity

Where the institution is a beneficiary institution or the transaction receiving institution for transfers,

the institution must ensure that the required and verifiable beneficiary information is accompanied

with the transfer messages.

In addition, institutions must have appropriate control measures to determine when to execute, reject,

or suspend a transfer lacking the required originator or required beneficiary information and to take

the appropriate follow-up actions.


16

Reliance on Third Parties

Money remittance institutions may rely on third parties to conduct CDD or to introduce business,

where the ultimate responsibility and accountability of CDD measures shall remain with the

institution relying on the third parties.

Institutions shall have in place internal policies and procedures to mitigate the risks when relying on

third parties, including those from jurisdictions that have been identified as having strategic

AML/CFT deficiencies that pose a ML/TF risk to the domestic and international financial system.

Institutions must ensure not to rely on third parties located in the higher risk countries that have been

identified as having on-going or substantial ML/TF risks.

The relationship between institutions and the third parties relied upon by the institution to conduct

CDD shall be governed by an arrangement that clearly specifies the rights, responsibilities and

expectations of all parties. At the minimum, the institutions must be satisfied that the third party:

can obtain immediately the necessary information concerning CDD as required under

applicable laws and regulations;

has an adequate CDD process;

has measures in place for record keeping requirements;

can provide the CDD information and provide copies of the relevant documentation

immediately upon request; and

is properly regulated and supervised by the respective authorities.

Non-Face-to-Face Business Relationship

Money remittance institutions may not undertake any transactions without face-to-face contact with

the customer unless the necessary steps have been taken to ensure a business relationship with the

customer has been first established and CDD measures have been conducted.

Institutions shall establish appropriate measures for identification and verification of customer’s

identity that shall be as effective as that for face-to-face customer and implement monitoring and

reporting mechanisms to identify potential ML/TF activities.

Higher Risk Countries

Money remittance institutions are required to conduct enhanced CDD for business relationships and

transactions with any person from countries identified by the FATF, the Financial Intelligence Unit or

the Government of Maldives as having on-going or substantial ML/TF risks.

Where ML/TF risks are assessed as higher risk, institutions are required to conduct enhanced CDD for

business relationships and transactions with any person from countries identified by the FATF, the

Financial Intelligence Unit or the Government of Maldives as having strategic AML/CFT deficiencies

and have not made sufficient progress in addressing those deficiencies.

In addition to the enhanced CDD requirement under this Chapter, institutions must apply appropriate

countermeasures, proportionate to the risk, for higher risk countries listed as having on-going or

substantial ML/TF risks. Such measures may include:

limit or impose transaction limits

enhanced scrutiny, including verification of CDD information

requiring face-to-face identification and verification;

enhanced monitoring of customer activities

Unable to Comply with the CDD Measures

Money remittance institutions shall not commence business relations or conduct any transaction, or

shall terminate business relations in the case of an existing customer, if the institution is unable to

comply with the CDD requirements detailed in this Chapter.


17

Similar steps must be taken where the person acting on behalf of the beneficiary is unable or refuses

to provide the information on the identity of the beneficiaries or written undertaking (where

applicable). In addition, based on the ML/TF risk, the institutions must also consider lodging a

suspicious transaction report to the Financial Intelligence Unit in such circumstances.

Resource Allocation

Money remittance institutions must allocate adequate resources, to complement its CDD process to

ensure timely information on a regular basis is available to the institution which enables the institution

to detect irregularity and/or any suspicious activity. The allocated resources shall commensurate with

the nature, scale and complexity of the institution’s activities and ML/TF risk profile.

2- Monitoring and Reporting

Money remittance institutions must establish proper customer and transaction monitoring systems to

ensure that all the customers and transactions are monitored to detect any unusual activity. Such a

system may also include a reporting mechanism for the submission of suspicious transaction reports

as well as other reports the intuition is legally required to report. It is strongly recommended that the

institutions to establish internal criteria to detect suspicious activities (also commonly known as “red

flags”), and to monitor customers and transactions against those activities.

Institutions may be guided by examples of suspicious activities and red flags provided by the

Financial Intelligence Unit or other corresponding competent authorities, supervisory authorities and

international organisations from time to time and may incorporate those red flags in their monitoring

and reporting function.

Monitoring

Money remittance institutions shall monitor and investigate a transaction that is unusually large,

unusually complex, has an unusual pattern, and when it does not have an apparent lawful economic

purpose. As part of transaction monitoring and reporting function, institutions must ensure that

transaction or series of transactions will not facilitate the transfer of the proceeds of crime or property

connected to financing of terrorism, and that all the business relationships and transactions are

scanned for involvement of any person designated by the United Nations Security Council

Resolutions (UNSCRs) under the authority of Chapter VII of the United Nations’ Charter.

In addition, institutions shall pay special attention to business relationships and transactions with

persons, including legal persons, residing in countries that do not apply the relevant international

standards to combat money laundering and financing of terrorism.

The Financial Intelligence Unit will, from time to time, provide the changes that are brought to the

lists maintained under the relevant UNSCRs as well as the information of countries that do not apply

the relevant international standards to combat money laundering and financing of terrorism countries

to the institutions.

Suspicious Transaction Reporting

Money remittance institutions shall submit a suspicious transaction report to the Financial Intelligence

Unit under the following circumstance, as soon as possible and not later than 3 (three) working days:

a) where the institution suspects or have grounds to suspect that the funds or property are

proceeds of crime, or are related to money laundering or the financing of terrorism.

b) where a person or an entity designated pursuant to UNSCRs under the authority of Chapter

VII of the United Nations’ Charter attempted to establish a business relationship with the

institution or is party to a transaction conducted or attempted transactions.

c) where the institution is about to conduct a transaction or series of transactions which

facilitated or is likely to facilitate the transfer of the proceeds of crime or property connected

to financing of terrorism.


18

d) any other suspicious activity the institution deems important to be reported.

The manner and form for submitting reports will be designated by the Financial Intelligence Unit.

When reporting suspicious transactions, institutions must provide the required and relevant

information that gave rise to doubt in the suspicious transaction report form, which includes but is not

limited to the nature or circumstances surrounding the transaction and business relationship’s

background of the person conducting the transaction that is connected to the suspicious activity.

It is strongly advised the institutions to establish an internal reporting mechanism for suspicious

activities the other employees may notice. It is the duty of the Compliance Officer to ensure such

reports are properly examined and such examination reports are properly documented and kept even

when such a report is not reported to the Financial Intelligence Unit.

Institutions must ensure that the Compliance Officer maintains a complete file on all internally

generated reports and any supporting documentary evidence regardless of whether such reports have

been submitted. If there is no suspicious transaction reports submitted the internally generated reports

and the relevant supporting documentary evidence must be made available to the Financial

Intelligence Unit or relevant supervisory authorities upon request.

The Compliance Officer must ensure that all suspicious transaction reports are submitted within

THREE working days, from the date the Compliance Officer establishes the suspicion.

Institutions must ensure that in the course of submitting the suspicious transaction report, utmost care

is undertaken to ensure that such reports are treated with the highest level of confidentiality. The

Compliance Officer shall have the sole discretion and independence to report suspicious transactions.

Institutions must provide additional information and documentation as may be requested by the

Financial Intelligence Unit and to respond promptly to any further enquiries by the Financial

Intelligence Unit. Institutions must also ensure that the suspicious transaction reporting mechanism is

operated in a secured environment to maintain confidentiality and preserve secrecy.

After the suspicious transaction report is made to the Financial Intelligence Unit, the institution may

continue with the business relationship or the transaction that became subject to the suspicious

transaction report, unless the Financial Intelligence Unit directs the institution otherwise.

Where a suspicious transaction report has been lodged, institutions are not precluded from making a

fresh suspicious transaction report as and when a new suspicion arises of the same person.

Tipping Off

Section 43 of PMLFTA states:

A Institution, its director, officer and employee, shall not disclose to its customers or

a third party that information of a customer is being, was or will be provided to the

Financial Intelligence Unit, or that a report concerning money laundering or

financing of terrorism is being, was or will be submitted to the Financial Intelligence

Unit, or that a money laundering or financing of terrorism investigation is being

carried on or will be carried out.

Therefore, money remittance institutions must ensure the implementation of Section 43 of PMLFTA.

Institutions must be aware that no criminal, civil, disciplinary or administrative proceedings for

breach of banking or professional secrecy or contract may be instituted against the institution or their

directors, officers or employees who in good faith submit reports or provide information in

accordance with the provisions of PMLFTA.


19

Other Transaction Reports

Money remittance institutions must also report the Financial Intelligence Unit of all domestic and

international funds transfers, regardless of the amount involved, including transactions made via

agents.

The manner and form for submitting reports will be designated by the Financial Intelligence Unit.

3- Record Keeping

Money remittance institutions are required to keep records of the following and must ensure those

records remain up-to-date and relevant.

a) KYC and CDD information of customers (including the copies of information verification

documents);

b) records of single transactions (includes all the information collected during the course of

conducting the respective single transaction);

c) suspicious transaction reports submitted to the Financial Intelligence Unit;

d) internal investigations conducted on matters the institutions consider suspicious and records

of the information collected in this regard;

e) employee due diligence information and reports;

f) risk assessment reports

g) AML/CFT policy review reports

h) internal and external audit reports

The below record keeping periods shall apply under the record keeping obligation.

TYPE OF RECORD APPLICABLE PERIOD

Single Transactions Five years following the completion of a single

transaction. This includes all the information

collected during the course of conducting the

respective Single Transaction.

Business Relationships Five years following the termination of a business

relationship. This includes all the

correspondences and transaction history related to

the respective business relationship.

Suspicious Transactions Reports and internal

investigation reports into suspicious activities

Five years following the report was made to the

Financial Intelligence Unit or prepared (unless

the Financial Intelligence Unit has advised

otherwise).

Other Records Recommended period: at least three years

Money remittance institutions are required to retain the relevant records in a form that is admissible as

evidence in court and make such available to the supervisory authorities and law enforcement

agencies in a timely manner.

4- Non-Compliance

Money remittance institutions are encouraged to take all the necessary steps to ensure compliance to

the relevant provisions of the PMLFTA and the regulations issued under the PMLFTA. The Financial

Intelligence Unit or the relevant regulatory and supervisory agencies may issue specific instructions

and guidelines to the sector or to specific financial institution to assist the institutions to adequately

comply with the applicable provisions of the PMLFTA and the regulations issued under the

PMLFTA.

The following enforcement actions can be taken by the Financial Intelligence Unit against an

institution, including its directors, officers and employees for non-compliance to any applicable


20

provision in the PMLFTA, the regulations issued under the PMLFTA or specific guidelines and

instructions issued to the institution by the Financial Intelligence Unit.

a) issue a notice in writing to comply within a specified period;

b) impose a fine between 10,000.00 (ten thousand) and 500,000.00 (five hundred thousand)

Maldivian Rufiyaa;

c) impose a daily fine of amount between 10,000.00 (ten thousand) and 100,000.00 (one

hundred thousand) Maldivian Rufiyaa until compliance is obtained, where failing to comply

within the specified period; and/or

d) advise the relevant regulatory or supervisory authority to impose the following appropriate

penalty or penalties prescribed in the Section 47 of PMLFTA

1) written warnings;

2) order to comply with specific instructions;

3) ordering regular reports from the institution on the measures it is taking to comply

with its obligations;

4) fine in an amount between 10,000 (ten thousand) and 500,000 (five hundred

thousand) Maldivian Rufiyaa;

5) barring working within the sector;

6) restricting the powers of or replacing managers, directors or controlling owners,

including the appointing of an ad hoc administrator; or

7) suspending or revoking the license.

In addition, the Maldives Monetary Authority may also publish such corrective action taken against a

money remittance institution.


21

CHAPTER IV – FEEDBACK AND INQUIRIES Money remittance institutions are always encouraged to provide feedback and make inquiries in

relation to the underlying policies to strengthen the country’s AML/CFT system. All feedbacks and

recommendations shall be forwarded to the following address:

Financial Intelligence Unit

Maldives Monetary Authority

Boduthakurufaanu Magu,

Malé, 20182,

Republic of Maldives

Email: [email protected]

CHAPTER V – REFERENCE

1- Useful Websites

http://www.apgml.org (Asia Pacific Group on Money Laundering)

http://www.fatf-gafi.org (Financial Action Task Force)

http://www.egmontgroup.org (The Egmont Group of FIUs)

http://www.unodc.org (United Nations Office on Drugs and Crime)

2- Useful Reference Materials

International Standards on Combating Money Laundering and the Financing of Terrorism &

Proliferation - the FATF Recommendations (available from the FATF website: www.fatf-gafi.org)

Law No. 10/2014 (Prevention of Money Laundering and Terrorism Financing Act of Maldives)

Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism (available

from the World Bank Group website: www.worldbank.org)

FATF Best Practices Papers and Reports on various money laundering and terrorist financing issues

(available from the FATF website www.fatf-gafi.org)


22

APPENDIX - EXAMPLES OF RED FLAGS

NOTE The following are examples of potentially suspicious activities, or "red flags" for money laundering

and terrorist financing relevant to money remittance institutions. Although these lists are not all-

inclusive, they may help institutions to recognize possible money laundering and terrorist financing

activities. Institutions are advised to have institution-specific red flags incorporated to monitor

suspicious transactions and for risk mitigation.

The presence of a red flag may not necessarily be a suspicious transaction. However, it may warrant

an institution to collect more information before submitting a suspicious transaction report to the

Financial Intelligence Unit.

Customers Who Provide Insufficient or Suspicious Information

Customer is evasive or unwilling to provide information when requested.

Transactions conducted are out of character with the usual conduct or profile of customers

carrying out such transactions.

Customer using different identifications each time conducting a transaction.

A group of customers trying to break up a large cash transaction into multiple small transactions.

The same customer conducting a few small transactions in a day or at different branches or

locations.

There are sudden or inconsistent changes in wire transfer/remittance sent/received transactions.

Wire transfers/remittances from different customers/jurisdiction being sent to the same customer.

Customer frequently remitting money to non-cooperative countries/jurisdictions.

Customer exchanging small denomination notes into large denomination notes, in large quantity.

The same customer frequently exchanging local currency into foreign currency without apparent

economic or visible lawful purpose.

Customer exchanging cash for numerous postal money orders in small amounts for numerous

other parties.

Efforts to Avoid Reporting or Record-keeping Requirement

A customer or group tries to persuade an employee not to file required reports or maintain

required records.

A customer is reluctant to provide information needed to file a mandatory report, to have the

report filed, or to proceed with a transaction after being informed that the report must be filed.

A business or customer asks to be exempted from reporting or recordkeeping requirements.

A customer conducts transactions to a recipient from a location of specific concern (e.g., countries

designated by national authorities and FATF as non-cooperative countries and territories), but to a

low risk country.

A customer choses multiple third parties to conduct transactions on his/her behalf.

A customer makes transfers just below the prescribed thresholds.

Funds Transfers

Many funds transfers are sent in large, round dollar, hundred dollar, or thousand dollar amounts.

Funds transfer activity occurs to or from a financial secrecy haven, or to or from a high-risk

geographic location without an apparent business reason or when the activity is inconsistent with

the customer’s business or history.

Large, incoming funds transfers are received on behalf of a foreign client, with little or no explicit

reason.

Funds transfer activity is unexplained, repetitive, or shows unusual patterns.


23

Payments or receipts with no apparent links to legitimate contracts, goods, or services are

received.

Funds transfers are sent or received from the same person to or from different accounts.

Funds transfers contain limited content and lack related party information.

A large number of incoming or outgoing funds transfers take place through a business account,

and there appears to be no logical business or other economic purpose for the transfers,

particularly when this activity involves high-risk locations.

Funds transfers are ordered in small amounts in an apparent effort to avoid triggering

identification or reporting requirements.

Funds transfers do not include information on the originator, or the person on whose behalf the

transaction is conducted, when the inclusion of such information would be expected.

Multiple personal and business accounts or the accounts of nonprofit organizations or charities are

used to collect and funnel funds to a small number of foreign beneficiaries.

Foreign exchange transactions are performed on behalf of a customer by a third party, followed

by funds transfers to locations having no apparent business connection with the customer or to

high-risk countries.

Activity Inconsistent with the Customer’s Business

The currency transaction patterns of a business show a sudden change inconsistent with normal

activities.

Unusual transfers of funds occur among related customers or among customers that involve the

same or related principals.

Goods or services purchased by the business do not match the customer’s stated line of business.

Embassy and Foreign Consulate Accounts

Official embassy business is conducted through personal accounts.

Customer activity is not consistent with the expected monthly salary or established purposes.

Accounts are funded through substantial currency transactions.

Accounts directly fund personal expenses of foreign nationals without appropriate controls,

including, but not limited to, expenses for college students.

Employees

Employee exhibits a lavish lifestyle that cannot be supported by his or her salary/income.

Employee fails to conform to recognized policies, procedures, and processes.

Employee’s frequent change in lifestyle.

Employee’s connection with high profile customers.

Other Unusual or Suspicious Customer Activity

Customer frequently presents currency notes wrapped in currency straps or currency wrapped in

rubber bands that is disorganized and does not balance when counted.

Customer repeatedly uses an institution or branch location that is geographically distant from the

customer’s home or office without sufficient business purpose.

Customer makes high-value transactions not commensurate with the customer’s known incomes.

A customer makes large number of transactions within a short period of time.

Potentially Suspicious Activity that May Indicate Terrorist Financing

The stated occupation of the customer is not commensurate with the type or level of activity.

Persons involved in currency transactions share an address or phone number, particularly when

the address is also a business location or does not seem to correspond to the stated occupation

(e.g., student, unemployed, or self-employed).

Regarding nonprofit or charitable organizations, financial transactions occur for which there

appears to be no logical economic purpose or in which there appears to be no link between the

stated activity of the organization and the other parties in the transaction.


24

Other Transactions That Appear Unusual or Suspicious

Multiple beneficiaries are used to collect and funnel funds to a small number of foreign

beneficiaries, both persons and businesses, particularly in high-risk locations.

Customers from high-risk locations requests to conduct transactions.

Funds are sent or received from or to high-risk or locations where terrorism or armed conflict

activities are imminent or happening.

************************************

aml/cft compliance general guidelines for ......aml/cft compliance - general guidelines for money...

Documents