know your customer/anti-money laundering...
TRANSCRIPT
KYC/AML/CFT Policy Global IME Bank Ltd.
Know Your Customer/Anti-Money Laundering
Counter Financing of Terrorism Policy
(KYC/AML /CFT Policy)
Global IME Bank Limited
2018
KYC/AML/CFT POLICY 2018
Page i
KYC/AML/CFT Version Control
Version Control No. Date Remarks
Version 1 July 2012 Revised
Version 2 August 2015 Revised
Version 3 December 2017 Revised
Version 4 December 2018 Revised
KYC/AML/CFT POLICY 2018
Page ii
Prepared by:
Suresh Prakash Chataut- [Asst. AML /CFT Compliance Officer]_______________________
Reviewed & Recommended by :
Kamala K. Ojha – [Chief AML/CFT Compliance Officer] ___________________________
Shanta Siwakoti – [Chief Operating Officer]_____________________
Ganesh Pd. Awasthi- [Chief Liability Marketing & Business Promotion]_______________
Sushil Shrestha- [Chief Internal Audit] ______________________________________
Raja Aryal- [Chief Compliance Officer ]_______________________________
Recommended by:
Anil Joshi – [Head - Information Technology/Card & E-banking] _____________________
Buddhi Akela [Chief Risk Officer] _______________________________________
Mahesh Sharma Dhakal - [Deputy Chief Executive Officer] ______________________
Supported by:
Janak Sharma Poudyal- [Chief Executive Officer] ___________________________
Approved by:
The Board of Directors
Supported by:
Assets (Money) Laundering Prevention Committee
KYC/AML/CFT POLICY 2018
Page iii
Contents 1. Preamble .......................................................................................................................................... 1
2. Scope and Objectives of KYC/AML/CFT Policy ......................................................................... 2
3. Governance Structure of AML/CFT ............................................................................................. 3
3.1 Board of Directors ....................................................................................................................... 3
3.2 Assets (Money) Laundering Prevention Committee ................................................................ 4
3.3 Chief Executive Officer .............................................................................................................. 4
3.4 AML/CFT Management Committee ......................................................................................... 4
3.5 Chief Compliance Officer ........................................................................................................... 5
3.6 AML/CFT Compliance Unit/ Chief AML/CFT Compliance Officer ..................................... 6
3.7 Branch AML/CFT Compliance Officer and other responsible operating units ................... 7
4. Money Laundering .......................................................................................................................... 7
5. Financing of Terrorism .................................................................................................................. 7
6. Anti-Money Laundering (AML)/Counter-Financing of Terrorism (CFT) ............................... 8
7. Know Your Customer (KYC) ........................................................................................................ 8
8. Establishing Relationship ............................................................................................................... 9
9. The Bank shall not deal or accept the following person/entities as a customer: ....................... 9
10. Supervision and Monitoring of Transactions ............................................................................. 10
11. Wire Transfer ................................................................................................................................ 11
12. Trade Based Money Laundering: ................................................................................................ 11
13. Correspondent Banking ............................................................................................................... 11
14. Downward Correspondent Banking (Nested Account) ............................................................. 12
15. Payable-through Accounts or Pass-through accounts ............................................................... 12
16. Resubmission Policy ...................................................................................................................... 12
17. Reporting of Transactions to FIU ................................................................................................ 12
18. Failure to Report ........................................................................................................................... 13
19. Sanctions Compliance Policy ....................................................................................................... 13
20. Prohibition of Personal Accounts for Business Purposes .......................................................... 13
21. Risk Grading of Customer Profile ............................................................................................... 13
22. Reviewing/Monitoring of Customer Profile................................................................................ 14
23. Customer Due Diligence (CDD) ................................................................................................... 14
23.1 General Provisions of Customer Identification .................................................................. 14
23.2 Customer Due Diligence Measures (but not limited to): .................................................. 15
23.3 Simplified Customer Due Diligence (SCDD): ..................................................................... 16
KYC/AML/CFT POLICY 2018
Page iv
23.4 Enhanced Customer Due Diligence (ECDD) ...................................................................... 16
24. Risk Based Approach (RBA) ....................................................................................................... 17
24.1 Risk Management ..................................................................................................................... 17
24.2 Customer Risk ........................................................................................................................... 19
24.3 Country Risk ............................................................................................................................. 19
24.4 Geographical Risk ..................................................................................................................... 20
24.5 Product and Delivery Channel Risk ........................................................................................ 20
25. Awareness and Training ............................................................................................................... 20
26. Internal Audit Function................................................................................................................ 21
27. Confidentiality and Tipping off ................................................................................................... 21
28. Non-compliance with KYC/AML/CFT Policy............................................................................ 21
29. Not to be Liable for Providing Information ............................................................................... 22
30. Importance of Know Your Employee (KYE) ............................................................................. 22
31. Record Keeping ............................................................................................................................. 22
32. Miscellaneous ................................................................................................................................. 23
33. KYC/AML/CFT Procedure Manual/Guideline ......................................................................... 23
34. Maintenance and Update.............................................................................................................. 23
35. Effective Date ................................................................................................................................ 24
KYC/AML/CFT POLICY 2018
Page v
ABBREVIATIONS
AML Anti-Money Laundering
APG Asia Pacific Group on Money Laundering
BM Branch Manager
BOD Board of Directors
CDD Customer Due Diligence
CEO Chief Executive Officer
CFT Counter-Financing of Terrorism
DMLI Department of Money Laundering and Investigation
ECDD Enhanced Customer Due Diligence
EU European Union
FATF Financial Action Task Force
FIU Financial Information Unit
HRD Human Resource Department
KYC Know Your Customer
ML Money Laundering
NRB Nepal Rastra Bank
OFAC Office of Foreign Assets Control
OI Operation In-charge
RMC Risk Management Committee
RO Relationship Officer
STR Suspicious Transaction Report
TBML Trade Based Money Laundering
TF Terrorist Financing
TTR Threshold Transaction Report
UK United Kingdom
US United State
UN United Nation
KYC/AML/CFT POLICY 2018
Page 1
1. Preamble
Global IME Bank Limited (GIBL) herein after referred as “The Bank” is a Commercial Bank of
Nepal categorized under “A” class by Nepal Rastra Bank (NRB). The Bank is committed
towards providing entire commercial banking products and services without compromising its
reputation for integrity. The Bank's shares are publicly traded as an 'A' category company in the
Nepal Stock Exchange.
The Bank is well aware with the importance of preventing money laundering and terrorism
financing activities and is fully committed in implementation of the highest standards of Anti-
Money Laundering and Counter Financing of Terrorism (‘AML/CFT’). The Bank is subject to
applicable legislation designed to prevent AML/CFT. This legislation includes Asset (Money)
Laundering Prevention Act 2064, Asset (Money) Laundering Prevention Rule 2073 and Nepal
Rastra Bank (Central Bank) Directive/Circulars issued from time to time.
Further, The Bank acknowledges the FATF recommendations against criminal activities related
to money laundering and adopts appropriate mechanism to address those recommendations to
prevent Bank being used for Money Laundering/Terrorist Financing activities (ML/TF). The
Bank is also committed to continually discharging its Anti-Money Laundering obligations to its
foreign correspondent banks that may from time to time require due diligence information to
ensure transactions as per the recommendations of the FATF.
Hence, Banks Policy on Know Your Customer, Anti Money Laundering, and Counter Financing
of Terrorism (hereinafter referred as the “Policy”) outlines the minimum general unified
standards of internal AML/CFT control which should be strictly adhered by the Bank in order to
mitigate the legal, regulatory, reputational, and subsequent operational and financial risks.
In order to mitigate the risks and comply with KYC/AML/CFT norms with international best
practices and statutory regulation, the Bank shall formulate internal policies, manual, control and
procedures to effectively manage the risks of ML/TF based on principals of the Policy. The
Banks AML/CFT Compliance Unit shall regularly perform periodic monitoring of the
effectiveness of the Policy, considering its regulatory applicability and adequacy.
KYC/AML/CFT POLICY 2018
Page 2
This Policy establishes standards which every employee and business partner of the Bank should
observe. Board of Directors (BODs) and all employees are under an obligation to implement the
procedures laid down in this Policy.
This is a revised Policy in compatible to local and international regulations which shall replace
the existing KYC/AML/CFT Policy issued on December 2017.
Any change in the provision on Government Law/Act/Rules, NRB Directive/Circulars issued on
KYC/AML/CFT after the implementation of this Policy shall be applicable even if the new
provision does not coincide with this Policy.
2. Scope and Objectives of KYC/AML/CFT Policy
Primary Scope and Objectives of this Policy are as follows:
To Prevent the Bank from being used for ML/TF activities.
To ensure that the employees are not involved in money laundering and terrorist
financing.
To establish a “Due Diligence” as a guiding principle for the Bank business practices.
To establish procedures to verify the bonafide identification of those individuals/
entities which establishes the transactional relationship with the Bank, for applying
appropriate risks depending upon the risk posed by them.
To deploy the appropriate mechanism for detection and reporting of suspicious
activities.
To ensure that the concerned staffs are adequately trained in AML/CFT Acts/Rules and
NRB Directive, Bank's Policies, and Manuals/Guideline.
To comply with all the regulatory instructions, Government Laws/Rules and
Regulations (issued from time to time).
Conduct self-assessments of compliance with KYC/AML/CFT Policy and Procedures.
KYC/AML/CFT POLICY 2018
Page 3
3. Governance Structure of AML/CFT
Combating Money Laundering, Terrorist Financing, and fraud have become an area of increasing
focus for governments and regulators across the world. Since AML/CFT violations continue to
attract stiff regulatory fines and penalties for the Financial Institutions, the Bank is concerned
than ever about risk and compliance management, thus it has established a structure as follows:
3.1 Board of Directors
The Board of Directors shall be responsible for approving, enforcing this Policy on
prevention of ML/TF. The Board shall review the implementation status of the Bank as
per the Anti-Money Laundering Prevention Act, 2064 (2nd
amendment 2070), Anti
Money Laundering Rules, 2073, and the provisions contained in the Directives issued by
NRB related to AML/CFT at least on a quarterly basis.
KYC/AML/CFT POLICY 2018
Page 4
3.2 Assets (Money) Laundering Prevention Committee
The Bank shall have a board level Assets (Money) Laundering Prevention Committee
which is constituted in line with the guidelines of NRB Directives. The Committee
highlights on risk governance and identifies the need for a strong AML/CFT risk
management framework, well-defined AML risk management processes and effective
risk assessment and measurement mechanism. The Committee shall also review the
KYC/AML/CFT Policy and recommend for approval to the Board of Directors. The
meeting shall be held on at least once in 3 months or as required. The Committee
comprised of following members:
Board Member - Coordinator
Deputy Chief Executive Officer - Member
Chief Risk Officer - Member
Chief Compliance Officer - Member
Chief AML/CFT Compliance Officer - Member Secretary
3.3 Chief Executive Officer
CEO shall be responsible to ensure that the procedures, mechanisms implemented are in
line with the KYC/AML/CFT Policy of the Bank, NRB Directive and Asset (Money)
Laundering Prevention Act/Rule and Bank shall have robust system, proper data base and
efficient & adequate resources, proper & focus based AML /CFT training provided to the
staffs for effective AML/CFT monitoring.
3.4 AML/CFT Management Committee
The Bank shall formulate AML/CFT Management Committee, The purpose of the
committee shall be to assess/review/monitor the status of the Bank’s standing on
complying with Know Your Customer principle, implementation of its KYC/AML/CFT
Policy/Guideline, identifying issues/lapses on part of the Banks effort to monitor the
customers and their transactions and mitigate the risks arising there on. It shall also
ensure that a standard process manual is in place to safeguard the Bank from being used
for ML/TF activities. The Committee shall also review the AML/CFT implementation
KYC/AML/CFT POLICY 2018
Page 5
status report submitted by the Chief AML/CFT Compliance Officer and recommend
forwarding the report to Assets (Money) Laundering Prevention Committee through
CEO. The meeting shall be held at least once in 3 months or as required. The Committee
comprised of following members:
Deputy Chief Executive Officer - Coordinator
Chief- Risk Officer - Member
Chief Compliance Officer - Member
Chief Operating Officer - Member
Chief- Liability Marketing & Business Promotion - Member
Head - Information Technology/Card & E-banking - Member
Chief AML/CFT Compliance Officer - Member Secretary
3.5 Chief Compliance Officer
CCO shall head the Compliance Department and shall be responsible towards ensuring
that the organization is conducting its operations/business in full compliance with the
internal policies, regulatory framework and relevant national and international
laws/standard and regulations. Furthermore, CCO is also responsible for ensuring that the
organization performing its operations within professional standards, accepted business
practices and prudential business practices. The AML/CFT Compliance Unit, a separate
unit under the Compliance Department.
Chief Compliance Officer shall be responsible to ensure that the Bank has adequate
policies and systems to safeguard the bank against the risk of being used for any illicit
activities. CCO shall also serve the role of an advisor in the formulation of
policy/procedural guidelines. He/she shall assist/communicate to the top management and
the BOD level Committee towards managing the AML/CFT risk, to which the Bank is
exposed to and towards formulating necessary policy/procedures for mitigation of the
same. CCO shall also be responsible for effective implementation of the Policies and
Guidelines/Manuals, in all areas within the bank.
KYC/AML/CFT POLICY 2018
Page 6
3.6 AML/CFT Compliance Unit/ Chief AML/CFT Compliance Officer
The Bank establishes a dedicated AML/CFT Compliance unit; AML/CFT Compliance
Officer shall be the Chief of the Unit, who shall prepare KYC/AML/CFT Policy,
Guidelines in line with the Asset (Money) Laundering Prevention Act, Rule, and NRB
directive and forward the same for the approval.
The Chief AML/CFT Compliance Officer shall be responsible for effective
implementation of the Policy and Guidelines/Manuals. The Officer shall closely work
with other departments/branches especially with Branch AML/CFT Compliance Officers
and other concerned Department on KYC/AML/CFT related issues and take specialized
service from the head of all other departments as required. The Bank shall also nominate
an Assistant AML/CFT Compliance Officer in corporate level, who shall assist the
officer in all matters related to KYC/AML/CFT.
The Chief AML/CFT Compliance Officer shall ensure effective transaction monitor is in
place and shall file STR to FIU after proper analysis. Further, other reports such as TTR,
AML implementation status reports and any other reports as required by the NRB on
AML/CFT aspect shall be submitted by the Officer. The Officer shall also be the member
secretary of the AML/CFT Management Committees and Assets (Money) Laundering
Prevention Committee and shall put up risk associated with ML/TF to the committees for
developing a mechanism to mitigate such risk. The officer shall enforce branches and
departments to strictly adhere to AML/CFT compliance and correspond with FIU, DMLI,
Correspondent Bank and Remittance Partner or any other regulatory bodies in matters
related to AML/CFT.
The Officer shall also conduct basic and refresher training to the staff regularly, further
the unit shall be responsible to check KYC/AML/CFT compliance in the Bank through
offsite and onsite inspection.
KYC/AML/CFT POLICY 2018
Page 7
3.7 Branch AML/CFT Compliance Officer and other responsible
operating units
In order to ensure fulfillment of norms of KYC/AML/CFT in the branches, OI of the
Branch shall be designated as the Branch AML/CFT Compliance Officer who shall report
to the Chief AML/CFT Compliance Officer in KYC/AML/CFT related matters. Branch
AML/CFT Compliance Officer and other responsible operating units shall also be
responsible for ensuring compliance of norms of KYC/AML/CFT as per the prevailing
regulation and direction given by Chief AML/CFT Compliance Officer from time to time.
4. Money Laundering
Money laundering is the process by which criminals disguise the illegal origin of their funds. In
simple words, it is the process of laundering (washing) black money for the purpose of
converting the same into clean money. Money laundering is done by launderers worldwide to
conceal funds from criminal activities such as drugs/arms trafficking, terrorism, tax evasion,
extortion, etc. There are three stages of Money Laundering, which are (i) Placement (ii)
Layering and (iii) Integration.
4.1 Placement is the first stage in money laundering where the cash proceeds of criminal
activity enter into the financial system.
4.2 Layering is the second stage in money laundering where attempts are made to distance
the money from its illegal source through layers of financial transactions.
4.3 Integration is the third stage of money laundering. This stage involves the re-
introduction of the illegal proceeds into legitimate commerce by providing a legitimate-
appearing explanation for the funds.
5. Financing of Terrorism
Financing of Terrorism means financial support to any form of terrorism or to those who
encourage plan or engage in terrorism. The source of such fund may be either legal or illegal.
KYC/AML/CFT POLICY 2018
Page 8
6. Anti-Money Laundering (AML)/Counter-Financing of Terrorism
(CFT)
AML/CFT is a term used in the financial and legal industries to describe the legal controls that
require the financial institutions and other regulated entities to prevent, detect, and report ML/TF
activities. The Bank has implemented standard KYC norms to prevent, detect and report of
ML/TF activities to the FIU.
7. Know Your Customer (KYC)
KYC is the process of a business verifying the identity of its customers; it is to safeguard the
banks from being used by criminal elements for ML/TF activities.
For the purpose of KYC Policy customer is defined as (i) A Person or entity that maintains an
account and or has business relationship with the Bank (ii) One on whose behalf an account is
maintained i.e. beneficial owners and (iii) Any person or entity connected with the financial
transaction that may impose significant reputational or other risks to the Bank, such as a wire
transfer or issue of high value demand draft as a single transaction.
Beneficial owner in terms of AML/KYC is a person who generally has ultimate control over the
funds through ownership or other means and/or who are the ultimate source of funds for the
account. The Bank shall identify the individuals who have control over such account/fund or
having 10% shareholding in case of a legal entity.
The Bank KYC Policy incorporates the following four key elements, which shall be elaborated
in the KYC/AML/CFT Manual/Guidelines:
Customer Acceptance Policy.
Customer Identification Procedures.
Monitoring of Transactions.
Risk Management.
The Guideline shall cover in details following areas under key elements of KYC Policy:
KYC/AML/CFT POLICY 2018
Page 9
Internal responsibility and work / job classification.
The Basis of Risk Assessment system and mechanism
Risk-Based Customer identification, update and monitoring mechanism
PEP identification mechanism
Beneficial owner identification mechanism
System/ mechanism for suspicious transaction identification
Mechanism for monitoring transaction to prevent trade-based money laundering.
8. Establishing Relationship
The Bank shall establish relationship with customers like depositors, borrowers, remittance
customers, correspondent banks, remittance agents as well as other associates like consultants,
valuators, vendors and its employees. In this regard, the Bank shall obtain relevant information
as deemed necessary of all of its relationships and shall adopt following measures while
establishing customer relationship.
Strictly follow the Customer Identification and the Customer Acceptance
Procedure, which are the basic elements of KYC Policy.
Obtain KYC documents/information at the time of commencing the business
relationship.
Carry out initial Due Diligence at the time of establishing the relationship. This
shall include but not limited to verification of the background and screening
procedures to verify that the customer has a clean record.
9. The Bank shall not deal or accept the following person/entities as a
customer:
Anonymous or Fictitious Accounts
Shell Banks/Firm/Companies
KYC/AML/CFT POLICY 2018
Page 10
Unregistered Company/Institution/Entity.(except where Regulator has
provisioned for opening/operating of bank account or conducting any financial
transactions)
The Customer acting on behalf of another customer to open an account.
Entities/Persons appearing in Negative/Sanctioned lists and any other list issued
by NRB, Nepal Government and international authorized bodies such as, UN, US,
HMT, EU, OFAC, Australian.
The Customers who are unable to provide documents, information, and details
required for the customer identification and verification.
Documents, information, and other details provided appear conflicting to the
identity of the customer.
Those who deal with armaments.
10. Supervision and Monitoring of Transactions
Transaction monitoring shall be an ongoing process to the transaction done by the customer,
which is an essential aspect of an effective KYC procedure. The transaction that does not justify
the customer profile, the transaction performed just below the threshold limit to avoid reporting
and transactions equal to or above the threshold limit as mentioned in the NRB directive shall be
paid special attention by Operational Staffs, Relationship Managers, and AML/CFT Compliance
Unit. Further transactions of suspicious nature shall be reported as and when noticed to the FIU
through Chief AML/CFT Compliance Officer. The Banks KYC/AML/CFT Guideline shall
incorporate detail Guideline for Detecting Suspicious Transaction.
Besides monitoring of the customer and transaction manually via exceptional reports developed
by the Bank internally, the Bank shall also implement an automated system. The system shall
support account monitoring and screening of the entire customer against various sanction list
/PEP list and would do so at the time of the customer onboarding, whenever the circumstances
demand and also as soon as these lists are updated. The monitoring of transactions and AML
automated system shall be supervised by the Compliance AML/CFT unit; Chief AML/CFT
Compliance Officer shall also be responsible to enhance the monitoring system by reviewing and
adding scenario/rules for suspicious activity detection.
KYC/AML/CFT POLICY 2018
Page 11
11. Wire Transfer
There is a greater chance of wire transfer to be used for terrorist financing, fraud, and money
laundering activities; hence, the Bank shall have mechanism established to prevent terrorists and
other criminals from having unregulated access to the wire transfer facility. The Bank shall
ensure that complete information of sender and beneficiary accompanies the wire transfer
message/request before initiating the transaction and the transfer of fund are in line with the
customers’ business profile and is consistent to the account history. If any doubt is established,
enhance customer due diligence shall be carried out and suspicious report shall be filed to the
FIU.
12. Trade Based Money Laundering:
Trade Based Money Laundering (TBML) is the process of disguising the proceeds of crime and
moving value through the use of trade transactions in an attempt to legitimize their illicit origins.
Such money laundering activities are done through under-invoicing, over-invoicing,
misrepresentation of the price, quantity, and quality of goods through imports or exports
activities. The Bank shall not be involved in TBML activities of customers. All the trade
transactions shall be strictly checked/ monitored prior to the execution by the concerned
department/unit and ensure that the required documents are obtained as per the prevailing NRB’s
guideline/regulations.
13. Correspondent Banking
A correspondent bank is a financial institution that provides services on behalf of another
financial institution. The Bank shall carry out customer due diligence while establishing a new
correspondent relationship and also at the time of reviewing/renewing such relationships. From
AML aspect Bank’s Treasury Department shall complete AML/CFT compliance test for all the
existing Banks/Financial Institutions with which the Bank has correspondent relationship in the
format (Questionnaire) prescribed by the AML/CFT unit of the Bank every year, within 3
months from the start of the new Calendar year (A.D). Such questionnaire shall help evaluate the
quality of the Correspondent Banking Client’s AML/CFT program, including how it meets
KYC/AML/CFT POLICY 2018
Page 12
internationally recognized standards and sufficiency so as to mitigate the risk presented based
upon their products, customer base, and jurisdiction.
14. Downward Correspondent Banking (Nested Account)
The Bank shall not allow downward correspondent banking service and nested account activities
to other financial institutions.
15. Payable-through Accounts or Pass-through accounts
The Bank shall not allow its customers to directly access the correspondent account to conduct
business on their own behalf.
16. Resubmission Policy
Bank shall not attempt to resubmit any transaction that has already been rejected due to concern
over Sanctions, Money Laundering or Terrorist Financing. The record of such rejected
transaction to be maintained by the concern department and ensure that they are not resubmitted
after changing the information.
17. Reporting of Transactions to FIU
BM, OI and RO shall be a key person to report any unusual transaction identified to the Chief
AML/CFT Compliance Officer. The Officer shall further analyze and, if suspicion is established,
will immediately file STR to FIU. Similarly, TTR shall also be reported to the FIU by the
AML/CFT Compliance Unit on fortnightly basis.
Further, in regard to other regulatory reporting on AML/CFT issues, required information/data
shall be furnished by concern departments and branches, which shall be analyzed by the Unit and
report to the regulator.
KYC/AML/CFT POLICY 2018
Page 13
18. Failure to Report
Staff failing to report, identified unusual and suspicious transactions, shall be taken action in
accordance with Banks Policy and Asset (Money) Laundering Prevention Act 2064 or NRB
Directive as appropriate.
19. Sanctions Compliance Policy
Sanctions compliance is a common, global challenge facing banks and financial institutions. The
Bank shall check various sanction lists directed by the regulator and other competent authorities
and any other lists as appropriate to safe-guard Banks reputation and prevent it from being used
by money launderers and terrorists, such as OFAC, US, UN, EU, HMT, Australian sanction list.
Departments/ Branches while opening account, reviewing account and initiating the wire transfer
transaction shall perform the sanction check against customer and Parties involved in the
transaction. If any exact match is found, The Bank shall block/freeze the accounts/assets of such
customer immediately and notify the concerned authority. Similarly, any customer under doubt
on their information should also be referred to the Chief AML/CFT Compliance Officer as
suspicious. The Chief AML/CFT Compliance Officer shall investigate on such issues and derive
conclusion within reasonable time and give appropriate instruction.
The Bank shall have appropriate mechanism in place to screen the customer against various
sanctions list and PEP list, which shall be duly exercised while the customer on-boarding and
carrying out wire transfer transaction. Such automated mechanism shall support screening of the
entire customer against updated sanction list.
20. Prohibition of Personal Accounts for Business Purposes
The Bank shall not allow personal saving accounts to be used for business purposes.
21. Risk Grading of Customer Profile
The Bank shall establish risk grading of every customer based on their risk profile by evaluating
the impact of transactions to the Bank and as guided by Asset (Money) Laundering Prevention
KYC/AML/CFT POLICY 2018
Page 14
Act and NRB Directive. The Bank shall also consider influencing factors such as geographical,
occupational, professional, sectoral, customer type, product or service type, nature of the
transaction, and categorize customers into following risks category.
a) Low Risk,
b) Medium Risk, and
c) High Risk.
The Bank shall review High risk customer account once a year and Low and Medium risk
customer accounts once in every three years. For high risk customer approval of Senior
Management (COO) or as designated by him/her must be obtained. However, customers’
accounts in all risk categories shall be reviewed immediately in case of any unusual/suspicious
activities noticed.
22. Reviewing/Monitoring of Customer Profile
The Bank can effectively control and reduce the risk from customers only by conducting on-
going due diligence, which is also an important part of applying effective KYC procedure. The
transactions that do not match with the customers/profile, the line of business, high-value
transactions, high account turnover and transactions exceeding threshold limit shall be given
more attention. Any deviation in the transaction performed in the account against the customer
profile shall be followed by reviewing of the customer profile by carrying out Customer Due
Diligence (CDD) and Enhanced Customer Due Diligence (ECDD) based on transactions and risk
categorization of the customer.
23. Customer Due Diligence (CDD)
23.1 General Provisions of Customer Identification
The Bank shall apply customer due diligence measures in the following circumstances:
When establishing a business relationship.
When conducting wire transfer transactions.
KYC/AML/CFT POLICY 2018
Page 15
When the opening of customer’s account.
Any person or entity connected with a financial transaction with the Bank.
When carrying out occasional transactions, such as electronic and cash payments
for amounts exceeding established thresholds.
At any time of the transaction in relation to the high risk and politically exposed
person.
When there are doubts about the authenticity or adequacy of previously obtained
customer identification data.
Other provision as prescribed by the Regulator.
23.2 Customer Due Diligence Measures (but not limited to):
Identifying the customer and verifying the customer's identity on the basis of
documents, data or information obtained from a reliable source.
Checking the name of the customer against various sanction lists (such as OFAC,
UN, US EU, HMT, Australian list etc), any other list adopted/maintained by the
Bank (such as PEP list, watch list) and list provided by the Nepal
Government/Regulator.
Identifying and verifying the beneficial owner and obtaining sufficient
information of the beneficial owner to the extent that the Bank is satisfied with the
understanding of the same.
Obtaining information on the purpose and intended nature of the business
relationship.
Conducting ongoing monitoring of the business relationship including scrutiny of
transactions undertaken throughout the course of that relationship to ensure that
the transactions being conducted are consistent with the Bank’s knowledge of the
customer, the business and risk profile.
Ensuring that the documents, data or information held are kept up-to-date and the
due diligence carried out are in line with the risk profile of the customer.
KYC/AML/CFT POLICY 2018
Page 16
23.3 Simplified Customer Due Diligence (SCDD):
Categories of customers such as listed Companies (Company listed in the Nepal Stock
Exchange) public/Government authority, any other service/product provided to the
customer for the special motive as per the instruction of the regulator, simplified CDD
measures shall be applied. Such measure reflects the accepted low risk of ML/TF. The
Bank shall give special care while satisfying itself that the customer or business
qualifies for the simplified treatment or not.
23.4 Enhanced Customer Due Diligence (ECDD)
Based on the risk assessment ECDD, measures shall be applied by the Bank to the High
Risk Customers/transactions. It is a process of requiring intensive ‘Due Diligence’ for a
high risk customer and obtain adequate information/documents that satisfy the Bank for
the establishing/maintaining relationship. It is a process of applying measures that are
over and above the standard (KYC) procedures commensurate to the level of risks.
Enhanced due diligence shall be required when establishing the business relationship or
conducting transactions with the following customers, the details procedure/mechanism
shall be covered by the KYC/AML/CFT Guideline:
The Customer who conducts complex, unusual large transactions and unusual
patterns of transactions or which have no apparent economic or visible lawful
purpose,
The Transaction with the customer of a country, which is international, identified as
a deficient or non-compliant country of international AML/CFT standards,
PEP1 and their family members and person associated with them,
Correspondent Bank, Remittance Agents.
Trusts, Charities, Nonprofit making organizations, NGOs and organizations
receiving donations.
1 Politically Exposed Persons (PEPs) are the individuals who are or have been entrusted with prominent public function in the
country or abroad, e.g. Heads of States or of Governments, senior politicians, senior government/ judicial/ military officers, senior
executives of state owned corporations, important political party officials, etc.)
KYC/AML/CFT POLICY 2018
Page 17
Non-face to face customers
Customer suspected of ML/TF or other offences, and customers from high risk
countries.
Cash incentive business and individuals associated with such business
High net worth individuals
Gaming, Casino
Entities involved in mining and trading of precious metal including trading in rough
diamond.
Other customers/accountholders as prescribed by the Regulator.
24. Risk Based Approach (RBA)
24.1 Risk Management
The risk-based approach shall take the following steps in assessing the most cost-
effective and balanced way to manage and mitigate the money laundering and terrorist
financing risks in the Bank:
Identify and assess the ML/TF risks that are significant to the Bank.
Design and deploy controls to manage and mitigate the assessed risks.
Monitor and improve the effective operation of the controls in place.
Risk management generally shall be regarded as a continuous process, carried out on a
dynamic basis. The Bank therefore, ensures that its risk management processes for
managing ML/TF risks are kept under regular monitoring and review.
The Bank shall revisit its assessments at least annually. The RBA principals propose
identification, assessment, understanding, and mitigation of ML/TF risk including
explicit consideration to key risk factors and its impacts such as geographical location,
type of customer, and type of business/product and delivery channel.
KYC/AML/CFT POLICY 2018
Page 18
Where the Bank identifies higher risks, it shall ensure that its AML/CFT procedure
adequately addresses such risks by carrying out ECDD. Where the Bank identifies
lower risks, simplified due diligence measures under certain conditions (pursuant to
Applicable Legislation/NRB Directive) may be adopted.
In case of existing customer accounts, where due diligence exercise is not possible due
to lack of information or non-cooperation by the customer, the Bank shall debit freeze
the account of such customers and should consider closing accounts or terminate entire
banking relationship after issuing due notice, as appropriate, to the customer.
The Bank shall focus on the areas where risks are relatively high in order to allocate
resources in the most effective way. Based on regulatory guidelines/circulars and
international best practices, FATF recommendations on AML/CFT risk management,
the Bank will develop necessary internal policies, procedures and risk parameters to
ensure alignment with regulatory framework and best practices in this regard. The
Bank shall carry out due diligence of the customer based on the risk
identified/established.
Following the best practice, the Bank shall implement three lines of defense as part of
the effective risk management from AML/CFT aspect:
The First line of defense shall be performed by Business/front lined staff. Each
of the Bank businesses (Head of each Business Unit) shall own and manage the
ML/TF risks arising from the business/accounts, and is responsible for having
controls in place to mitigate the risk and promoting AML/CFT principles.
The Second line of defense will be performed by the AML/CFT Compliance
Unit. The Chief AML/CFT Compliance officer shall monitor and facilitates the
implementation of effective AML/CFT risk management practices by businesses
(operational management) and assists the risk owners in reporting adequate risk
related information up and down the Bank and also provide risk owners
(businesses) with regulatory compliance expertise and guidance, set standards and
trainings to manage ML/TF risks.
KYC/AML/CFT POLICY 2018
Page 19
The Third line of defense will be performed by internal audit. The Bank internal
audit shall carry out AML/CFT theme based audit, through a risk-based approach,
where it will reviews activities (effectiveness) of the first two lines of defense
with purpose to ensure (BODs and senior management) that applicable
Act/rules/directives and internal policies/manuals requirements are carried out
effectively.
24.2 Customer Risk
For effective development of an overall risk framework, the Bank shall determine the
potential ML and TF risks posed by a customer, or category of customers, based on its
own principle, which shall be in line with the recommendation of FATF and the
Regulator.
24.3 Country Risk
Those countries which have deficiencies in their national AML/CFT regimes and
countries with effective sanctions pose significant threats to the Banks reputation.
Therefore, the customers’ that have any link with such countries shall be identified in
order to protect the Bank against reputational and financial risks. The Bank shall
introduce mechanism/system to identify high risk countries before establishing and
carrying out the transaction on behalf of the customer thus requiring ECDD.
Factors that may result in a determination those customers from or connected with a
particular country pose a higher risk includes, for example:
Countries subject to sanctions, embargoes or similar measures issued by, for
example, the United Nations (“UN”), OFAC, etc.
Countries identified by credible sources (e.g. FATF, FATF-style national
authorities or other recognized evaluation bodies) as lacking adequate money
laundering laws and regulations;
Countries identified by credible sources as providing funding or support for
terrorist activities; or
KYC/AML/CFT POLICY 2018
Page 20
Countries identified by credible sources as having significant levels of corruption,
drug trafficking, human trafficking or other criminal activity.
24.4 Geographical Risk
Those areas where ML/TF risk is high due to the geographical location of the country
where illegal activities are high e.g. smuggling, human trafficking, criminal activities,
etc. The Bank shall/may assess the risk of customers of that region based on his/her
transaction and categorized and monitor accordingly.
24.5 Product and Delivery Channel Risk
Certain products and delivery channels offered by the Bank may pose a higher risk of
money laundering or terrorist financing depending on the nature of the specific product or
service offered. Such products and services may facilitate a higher degree of anonymity,
or involve the handling of high volumes of the transaction. The Bank shall identify the
High-risk product and delivery channels and apply appropriate measures to mitigate the
risk of ML/TF.
The Bank shall pay special attention to the ML/TF threats arising from new or developing
technologies and take necessary steps to prevent its misuse for money laundering
activities. The Bank will ensure that appropriate KYC procedures are duly applied to the
customers.
25. Awareness and Training
Bank staffs, Directors and Promoters hold 2% and above shares or as directed by NRB from time
to time, are to be made aware of their statutory and regulatory obligations on KYC/AML/CFT at
least once in a year. Induction training shall be provided to new staffs on the KYC/AML/CFT
and the Bank’s Policy to counter it. The Bank shall refresh employees’ knowledge on the
practices of ML/TF from time to time with indications to the recognition of suspicious
transactions. Such training may be given through online e-learning course also. Further frequent
onsite visits shall also be conducted by the AML/CFT Compliance unit to check/monitor the
activities and to create awareness in aspect to KYC/AML/CFT. Report of such visits shall be
KYC/AML/CFT POLICY 2018
Page 21
submitted to the AML/CFT Management Committee for review. More extensive training
including foreign training shall also be provided to staff in the AML/CFT Compliance Unit and
other AML/CFT relevant staff. The training shall be conducted in coordination with Training and
Development, Human Resource Department.
26. Internal Audit Function
As per the Policy, the Bank shall maintain an independent audit function, that is adequately
resourced and capable to regularly assess the effectiveness of the Bank’s internal policies,
procedures and controls, and its compliance with regulatory requirements especially covering
the aspect of KYC/AML/CFT issues. The Internal audit shall carry out a theme based audit, the
report of which shall be provided to the AML/CFT Compliance Unit.
27. Confidentiality and Tipping off
The Bank shall keep the details of all transaction of STR, TTR and correspondence record to and
from the regulatory body on Banks customers under the investigation, as confidential and this
information shall not be shared with the customer or any irrelevant bank staff, unrelated official
meetings or anyone outside the Bank. Informing the customer about the STR (i.e. tipping off)
will be treated as a criminal offense and be punished accordingly.
Further, any documents, information and transaction details of the customer shall be kept
confidential and not leaked/shared to an unauthorized person. Such personal data is considered as
confidential and is prohibited to be shared to the third party unless otherwise stipulated by the
applicable Legislation.
28. Non-compliance with KYC/AML/CFT Policy
Failure from staffs to abide by the Policy set by the Bank to prevent ML and TF will be treated
as a disciplinary issue. Any deliberate breach will be viewed as gross misconduct. Further, such
actions shall also attract the penalty as per the applicable legislation and regulatory provision.
KYC/AML/CFT POLICY 2018
Page 22
29. Not to be Liable for Providing Information
In case any loss occurs to a person/customer, the business of the bank because of submission of
information to the FIU or other investigating authorities by the designated staff, the Bank shall
not take any action to such designated officials.
30. Importance of Know Your Employee (KYE)
The Bank employees will conduct themselves in accordance with the highest ethical standards
and the extant regulatory requirements and laws. Staff should not provide advice or other
assistance to individuals who are indulging in ML/TF activities. Any knowledge/information of
any staff involved in such activities shall not be kept hidden and as per the Whistle Blowing
Policy of the Bank, it shall be informed to the competent authority.
HRD shall conduct code of conduct of every employee as per Staff Service Bylaw and Know
Your Employee (KYE) procedure and maintain up-to-date information of each employee. It shall
also monitor the transaction of the employees and if any suspicious nature of activities related to
ML/TF is observed it shall be notified/ reported to Chief AML/CFT Compliance Officer.
31. Record Keeping
The Bank will maintain records of transactions including the results of any analysis undertaken
for a minimum period of five years from its completion and closure of transactions/account.
The records of identification data obtained through CDD process like copies of identification
documents, account opening forms, verification documents, and other documents, shall also be
maintained for a minimum period of five years after the end of the relationship.
The record shall be kept digitally as well as in physical form to ensure that such records could be
retrieved without any delay.
Further Records shall be kept of all training given to staff including the date and nature of the
training along with names of the training resource person and staff attending the training by
HRD.
KYC/AML/CFT POLICY 2018
Page 23
32. Miscellaneous
32.1 While introducing new products and services, entering affiliation with any third
party, the Bank shall confirm that it is in accordance with this Policy and NRB
Directive and Act. Any affiliates of the Bank shall have policies and practice
which prevents the organization from money laundering and terrorist activities.
The Bank may review AML/CFT related documents and practices of such
affiliates. Where Bank holds 50% or more shares of any organizations, such
organization shall prepare their own AML/CFT Policy as directed by their
respective Regulators and shall also be in line/spirit with the Policy of the Bank.
32.2 Every internal document (Policy, manual, process notes, guideline, etc.) should
be developed in compliance to this Policy, likewise, all the process notes &
product papers should mention about the monitoring and control mechanism of
ML/TF as per this Policy and KYC/AML/CFT Guideline where applicable.
33. KYC/AML/CFT Procedure Manual/Guideline
A separate manual shall supplement this Policy. The manual shall be reviewed by the Chief
AML/CFT Compliance Officer at least on annual basis or as and when required and may be
amended/revised as per the requirement with approval of the AML/CFT Management
Committee.
34. Maintenance and Update
The review and update of this Policy shall be an ongoing process to ensure continuous alignment
of the Policy with the Bank’s strategy, internal and external dynamics in which Bank operates.
Such factors shall include the developments, changes, and trends whether required by law or by a
generally accepted risk management or business practices within the financial sector. Review
and amendments of the Policy shall be assessed and approved by the BOD.
The Bank management on need basis may develop the guidelines/procedures and elaborate on
topics/ issues covered by this Policy.
KYC/AML/CFT POLICY 2018
Page 24
This Policy shall be subject to review in at least once a year or whenever circumstances justify.
(If there is no change required in the KYC/AML/CFT Policy within a year, a note will be raised
to renew the Policy with no change).
35. Effective Date
This Policy shall come into effect following approval from the BOD and subsequently circulated
to the staff.