overview of the qfc / cft aml regime

Qatar Financial Centre Regulatory Authority

OVERVIEW OF THE QFC / CFT AML REGIME

Date: 9 June 2010

By: Shaun Swan, Associate Director

Joy Smallwood (IMF resident advisor)

Christiane Chidiac, Manager AML/CFT

1


AGENDA

• Introduction and objectives

• An overview of the AML / CFT Law (Joy Smallwood, IMF)

• Key obligations under the AML/ CFT Rules for QFC Firms

• Supervisory approach / regulatory expectations

• Consultation feedback – revisions and updates

• Working draft guidance discussion and questions


Introduction and objectives

• AML briefing sessions:

– have open and transparent communication with firms operating in the QFC;

– brief firms on the requirements and obligations of the AML/CFT Law and the AML/CFT Rules; and

– provide firms with clear information on our expectations when

implementing your obligations under the Law and the Rules.


An overview of the AML / CFT Law

Joy K SmallwoodIMF Resident Advisor

June 2010

4


Overview of the AML/CFT Law

Background:

1. Law passed to protect Qatar from money laundering (ML) and the financing of terrorism (FT)

2. 2007 IMF AML/CFT Evaluation showed deficiencies in Qatar’s previous AML/CFT legal framework

3. New framework in line with Financial Action Task Force (FATF) international standards



10 Sections

1. Definitions2. ML and FT Offences3. Disclosure system at customs4. National Anti-Money Laundering Committee (NAMLC)5. Qatar Financial Information Unit (QFIU) and Suspicious

Transaction Reporting (STR) System 6. Preventive Measures 7. Supervisory Authorities8. Investigative Procedures and Provisional Measures 9. International Cooperation10. Sanctions



Key Definitions include:

1. Proceeds of Crime - Any funds derived or obtained, directly or indirectly, from one of the predicate crimes listed in Article 2 (all felonies, international conventions, list of proceeds generating crimes e.g. fraud, theft, smuggling )

2. Funds - Assets or properties of every kind3. Money Laundering – see below4. Financing of terrorism - see below5. Financial Institution (FI)– 14 categories 6. Designated Non Financial Businesses & Professions (DNFBPs)

– real estate agents, jewelers, lawyers, accountants, trust and company service providers



Money Laundering: Defined as any of the following acts:

1) The conversion or transfer of funds, by any person who knows, should have known or suspects that such funds are the proceeds of crime, for the purpose of concealing or disguising the illicit origin of such funds or of assisting any person who is involved in the commission of the predicate offence to evade the legal consequences of his actions.

2) The concealment or disguise of the true nature, source, location, disposition, movement or ownership of or rights with respect to funds by any person who knows, should have known or suspects that such funds are the proceeds of crime.

3) The possession, acquisition, or use of funds by any person who knows, should have known or suspects that such funds are the proceeds of crime.



Terrorism Financing : An act committed by any person who,

• in any manner, directly or indirectly, and

• willfully

• provides or collects funds, or attempts to do so,

• with the intention to use them or knowing that these funds will be used in whole or in part

• for the execution of a terrorist act, or by a terrorist or terrorist organization.



Money Laundering Offence – Article 2:

• Definition (above) plus

• Expanded list of predicate offences- All felonies- Crimes covered under int’l conventions to which Qatar

is a party- A list of other specific proceeds generating offences

• Associated ML offences – including for FIs and DNFBPs - Article 3



Financing of Terrorism Offence – Article 4

• Definition (above) plus

• Offence considered committed irrespective of:

- any occurrence of a terrorist act, - the place where it was committed or - whether funds actually used to commit an act



Filing Suspicious Transaction Reports (STRs) – Article 18:

Financial institutions, DNFBPs and non profit organizations to promptly report suspicious transactions or attempted transactions to the QFIU when:

- They suspect, or - They have reasonable grounds to suspect - Transactions could include funds that are proceeds of

crime, or - Funds linked, related to or to be used for terrorist acts,

terrorist organisations or terrorist financiers



Important protections when Filing STRs

- No Tipping off to customer/third parties permitted (art 39)

- Disclosure to competent authorities permitted

- Protection for liability for STR reporting in good faith (art 82) - Protection from breach of criminal, civil and breach of

professional secrecy provisions



Customer Due Diligence (CDD) – Section 6:

- Identify and verify customer identities using reliable independent source documents, date or information

- In a minimum of 5 situations:1. when establishing business relationships, 2. during a domestic or international transfer of

funds; 3. when doubts exist about the veracity or

adequacy of previously obtained customer identification documents, data or information;

4. when there is a suspicion of money laundering or terrorist financing;

5. when carrying out occasional transactions, with a value equal to or above 55,000 Rials



Financial institutions and DNFBPs have responsibility to:

1. enquire about the anticipated purpose and the nature of the business relationship and collect all relevant information.

2. identify the beneficial owner of the customer and take all reasonable measures to verify his identity using reliable, independent source documents, data or information such that they are satisfied that they know who the beneficial owner is.

3. For legal persons and arrangements, these measures must include taking reasonable additional measures to understand and monitor the beneficial owner thereof as well as the ownership and organizational structure thereof.



If financial institutions, and DNFBPs cannot fulfill their obligation of due diligence:

1. they shall not establish or maintain the business relationship 2. Where appropriate, they shall make a report to the FIU in

accordance with this law.3. Transitional provisions for 6 months (to October 31) for

implementation of CDD and correspondent banking provisions.



Financial Institutions and DNFBPs to put in place the following measures:

1. Exercise ongoing due diligence2. Ensure CDD documents, data kept up to date3. Take specific and adequate measures to address the risks of ML

and FT4. Put in place risk management systems for PEPs5. Keep records for 5 years, or longer if required by their

supervisor (6 years for QFC)



Financial institutions and DNFBPs to develop and implement AML/CFT programs including the following internal policies, procedures, systems and controls:

1. program management arrangements, and appropriate employee screening procedures to ensure that they are appointed pursuant to the highest standards.

2. ongoing training for officers and employees to assist them in recognizing transactions and activities that may be linked to money laundering and terrorist financing and instruct them in the procedures to be followed in such cases.

3. audit arrangements to check compliance with and effectiveness of the measures taken to apply the law.

4. compliance officer at department leadership level.



For cross-border correspondent banking relationships, financial institutions shall:

1. identify and verify the identification of respondent institutions.2. collect information on the nature of the respondent institution’s

business.3. evaluate the respondent institution’s reputation and the nature

of supervision to which it is subject.4. obtain approval from senior management before establishing a

correspondent banking relationship.5. assess the controls implemented by the respondent institution

re AML/CFT, and ensure that they are appropriate and effective.6. Payable through account requirements –customer CDD,

monitoring and CDD information requests



For financial institutions who conduct domestic (including QFC) and external wire transfer business (exceeding 4000 Rials, or an equivalent value in other currencies), they must obtain and verify the following information about the originators of the transfers:

(1) full name. (2) account number or, if there is no account number, a

unique reference number. (3) address, national identity number, customer identification number, or date and place of birth.



4. The information is to be included in the wire message or payment form accompanying the transfer

5. Upon receipt of wire transfers that do not contain the complete originator information, FIs should take measures to obtain and verify the missing information from the ordering institution or the beneficiary

6. Should they not obtain the missing information they shall refuse acceptance of the transfer and report it to the Unit



Supervisors have the authority to: (Article 42)

(1) adopt the necessary measures to establish fit and proper criteria for owning, controlling, or participating, in the directorship, management or operation of financial institutions.

(2) regulate and supervise financial institutions, NPOs and DNFBPs for compliance with the obligations set out in this law, including through on-site examinations, and the request of documents, information, or records.

(3) cooperate and share information with competent authorities, and provide assistance in evidence collection, prosecutions or proceedings relating to predicate offences, money laundering, and terrorist financing.



A supervisory authority may sanction its licensees (financial institution, NPO, or DNFBP ) for a violation under the law, made intentionally or by gross negligence, by imposing one of the following measures and sanctions: (Article 44)

(1) ordering regular reports on the measures it is taking. (2) order to comply with specific instructions.(3) written warnings.(4) replacing or restricting the powers of managers, board members, or controlling owners, including the appointing of ad hoc administrator.



(5) barring individuals from employment within a business, profession or activity , either permanently or for a provisional period.(6) imposing supervision, suspending license, restricting or withdrawing any other form of permission and prohibiting the continuation of a business, profession or activity.(7) financial penalty in an amount no greater than 10 million Rials.(8) any other measures.



Governor of the Central Bank (Article 48), without prejudice to the authority of the Public Prosecutor,

- in cases where there is a concern about the disposal of money laundering proceeds held at Financial

Institutions

- or where there is suspicion that funds, balances or accounts are being used in terrorist financing

- may order the freezing of the suspected funds, balances or accounts for a period not exceeding ten business days,

- The public prosecutor shall be notified of such an order within three business days of its issuance, otherwise

it shall be treated as void ab initio

- The public prosecutor may cancel the freezing order or renew it for a period not exceeding three months



Criminal Sanctions (Articles 72 - 76):

1. Terrorist financing: 10 years in jail and up to a 2 million Rial fine 2. Money Laundering: 7 years in jail and up to a 2 million Rial fine 3. Associated money laundering offences or tipping off: three years

in jail and a fine not exceeding 500,000 Rials 4. Failure to freeze terrorist assets by a financial institution or

DNFBP, a fine not exceeding 1,000,000 Rials5. Breach of confidentiality by the FIU or by customs: three years

in jail and a fine not exceeding 500,000 Rials


• Key obligations under the AML / CFT Rules for QFC Firms

27


Key legislation and background to the new AML/CFT Rules

Law No. 4 of 2010 on Anti- Money Laundering and Combating the Financing of Terrorism

QFC Regulatory Authority AML / CFT Rules 2010

• Aligned to Law No. 4 of 2010 on Anti- Money Laundering and Combating the Financing of Terrorism

• Ensure optimum compliance with FATF Recommendations and standards


Background to the new AML/CFT Rules

• close alignment with the FATF Recommendations and standards through the use of key FATF terms and terminology;

• the rules set out a clear senior management responsibility forAML/CFT responsibilities and the development of an AML/CFTprogramme;

• more sophisticated risk-based approach to addressing firms AML/CFTrisks; and

• a single set of rules designed and structured to closely alignwith how a firm would undertake the development and implementation of an AML/CFT program and the ongoingcompliance with AML/CFT regulatory requirements.


Key AML/CFT principles

The 6 key AML/CFT principles cover the following areas:

Principle 1 – senior management responsibility;Principle 2 – risk-based approach;Principle 3 – know your customer;Principle 4 – effective reporting;Principle 5 – high standard screening and appropriate

training; andPrinciple 6 – evidence of compliance.


Principle 1 - senior management responsibility

• Senior Management responsible for effectiveness of the firm’s policies, procedures, systems and controls in preventing ML/TF (Rule 2.2.1)

• Senior Management must ensure that it:

• develops, establish and maintain effective AML/CFT policies, procedures, systems and controls;

• has adequate screening standards;

• identifies, designs, delivers and maintains AML/CFT training programme;

• has an adequately resourced and independent audit function;

• has regular and timely information to Senior Management of ML/TF risks;

• has ML/TF risk management policies and methodology that are appropriately documented;

• has in place an MLRO for the firm; and

• promotes an AML/CFT compliance culture


Principle 1 - senior management responsibility

• Senior Management must ensure that there is at all times an MLRO for the firm who:

• has sufficient seniority, experience and authority;

• has appropriate knowledge and understanding of their legal and regulatory responsibilities under the AML/CFT framework;

• has sufficient resources to carry out the role;

• has timely and unrestricted access to all firm AML/CFT information, including;• all customer ID documents

• all other documents, data and info for CDD and ongoing monitoring purposes; and

• all transaction records

• appropriate back-up arrangements including a deputy MLRO


Principle 2 – risk-based approach

• Principle 2 (Rule 1.2.2) requires firms to adopt a risk-based approach to the Rules

• Firms must

– Conduct business risk assessment and decide risk mitigation

– Approach risk mitigation based on threat assessment methodology

– Develop methodology by assessing the risk profiling and scoring of a business relationship with a customer and must consider at least the following 4 risk elements:

• Customer risk• Product risk• Interface risk• Jurisdiction risk


Principle 2 – risk-based approach

• Customer risk• Measures for PEP risks

• Persons associated with Terrorism

• Product risk• Correspondent banking

• Shell banks

• Wire transfers

• Interface risk• Reliance on others

• Introducers, Group introductions and Intermediaries

• Jurisdiction risk • ineffective AML/CFT regimes

• impaired international cooperation

• international sanctions

• high propensity for corruption


Principle 3– know your customer

• Principle 3 (Rule 1.2.3) requires a firm to know each of its customers to the extent appropriate for the customer’s risk profile

• Key Term – Customer Due Diligence Measures (Rule 4.2.1)

• Customer identification

• Verifying the customers ID, reliable, independent source documents, data and information

• Establishing whether customer acting on behalf of another person

• Measures if customer acting on behalf of another person

• Measures if customer is a legal person or legal arrangement

• Establishing beneficial ownership

• Obtaining the source of customer’s wealth and funds

• Obtaining information about the purpose and intended nature of the business relationship



• Part 4.3 of the Rules deals with CDD measures and ongoing measures

• When CDD is required

• Timing of CDD – establishing business relationships and one-off transactions

• Extent of CDD

• Ongoing monitoring and procedures for monitoring

• Part 4.4 and Part 4.5 of the Rules deals with enhanced and reduced / simplified CDD measures

• Sets out circumstances in which enhanced CDD must be performed

• Sets out circumstances in which reduced / simplified CDD may be performed



• Part 4.6 of the Rules deals with 2 elements of Customer identification documentation:

• Customer

• Nature of customer’s economic activity

Customer

• Firms must make and keep records of all ID documentation it obtains when conducting CDD measures and ongoing monitoring

• Firms must make and keep records of how and when the steps of the CDD measures were taken and completed

Customer’s economic activity

• Firms must obtain and document information on the source of the applicant’s wealth and funds

• Firms must obtain and document information about the purpose and intended nature of the of the business relationship


Principle 4– effective reporting

• Principle 4 (Rule 1.2.4) requires a firm to have effective measures in place to ensure there is internal and external reporting whenever ML/TF is known or suspected

Internal Reporting

• Clear effective policies, procedures, systems and controls for internal reporting of all known or suspected ML/TF instances

• Direct access to MLRO

• Obligation to report (STR) to MLRO (knows, suspects, grounds to know or suspect)

• MLRO to document, acknowledge, consider, investigate, decide, notify reporter

External Reporting• Clear effective policies, procedures, systems and controls for reporting to the FIU of all known or

suspected ML/TF instances

• Prompt reporting to FIU, consult with FIU before proceeding with transaction

• Facts and circumstances of the knowledge or suspicion

• Regulator notified in writing but NOT the STR


Principle 4– effective reporting

• Tipping off under Part 5.2 of the Rules

• unauthorised act of disclosing information to the customer which results in the customer knowing or suspecting the following:

• that they are the subject of an STR ; or

• that they are the subject of an investigation relating to ML/TF

• unauthorised act of disclosing information that may prejudice action in relation to offences, apprehension and prosecutions, recovery of proceeds of crime and the prevention of ML/TF

• Firms must ensure no tipping off occurs

• Firms must ensure staff are aware of and sensitive to issues surrounding and consequences of tipping off


Principle 5– high standard screening and appropriate training

• Principle 5 (Rule 1.2.5) requires a firm to have adequate screening procedures to ensure high standards when appointing or employing officers and employees

• Screening procedures focus on ‘higher-impact’ individual – role in preventing ML/TF

• Employment based on appropriate character, knowledge, skills and abilities to act honestly, reasonably and independently

• Procedures for higher-impact individual before employment must include provision for:

• Obtaining references

• Employment history and qualifications

• Regulatory actions

• Criminal convictions

• Accuracy and completeness of information


Principle 5– high standard screening and appropriate training

• Principle 5 (Rule 1.2.5 (b)) requires a firm to have an appropriate ongoing AML/CFT training programme for its officers and employees

Firms must

• Identify, design, deliver and maintain an appropriate ongoing AML/CFT training programme for staff, including:

• Awareness and understanding of legal and regulatory responsibilities and obligations

• Role in preventing ML/TF

• Liabilities incurred under the AML/CFT framework

• Role of risk management, MLRO,

• ML/TF techniques and trends and vulnerabilities

• STR obligations

• Training must be maintained and reviewed and improved if appropriate


Principle 6– evidence of compliance

• Principle 6 (Rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and the Rules.


Supervisory approach / regulatory expectations

43

Qatar Financial Centre Regulatory Authority 44

“Dear CEO” letters

Compliance confirmation letters from Firms on or before September 15th stating that the Firm has undertaken the following:

Review of Policies, Procedures, Systems and ControlsDevelopment & implementation of the risk-based approachReview customers filesEnhancement of AML/CFT compliance cultureTraining to relevant staffIndependent Review of the AML framework

The letter should confirm whether or not the Firm is in compliance with the new AML/CTF Rules 2010 of the QFC Regulatory Authority.

Areas of non-compliance + related remediation plan to be shared with the Regulatory Authority


AML/CFT Assessments

Risk Assessment & AML reviews will be conducted in light of the new AML/CTF Rules – no interruption to normal assessment / review timetable.

AML Focused reviews – Supervisor reviews will focus, among other items, on:

The Risk-Based Approach

Senior management buy-in / AML/CFT compliance culture

Know Your Employees / Employees Screening

Review of client files

Reviews of policies, procedures, systems and controls particularly: KYC/CDD/Customer identification documentation Screening against sanction/suspect lists Transaction monitoring Suspicious Transaction Reporting

Deputy MLRO arrangements


Firms not compliant with the new requirements

• Firms will have until 15 September (after EID) to demonstrate full compliance with the new AML/CFT Rules.

• Firms not compliant with the new requirements of the 2010 Rules will be dealt with by Risk Mitigation Programs (RMPs), letters… at this stage the Regulatory Authority will educate Firms and assist them in complying with the new requirements.

• Non compliance with rules that also existed under the old AML Rulebook will be dealt with via Breaches, RMP & enforcement action depending on the gravity of the matter.


What do we expect firms to do?

ASAP, and in line with confirmation letter to send, we expect Firms to:

Review of Policies, Procedures, Systems and Controls

Develop:-an AML business risk assessment -an AML threat assessment methodology -an AML Risk profiling and risk scoring of business relationships

methodology

Review customers files

Enhance the AML/CFT compliance culture

Train relevant staff

Undertake an Independent Review of the AML framework


What happens next?

• Firms need to be able to demonstrate full compliance with the new AML/CTF Rules

• On or before Sept 15th, the Firm needs to file with the Regulatory Authority the compliance confirmation letters stated previously

• The AML team will be conducting reviews (onsite/offsite) to verify compliance with the new AML/CTF Rules

• The Regulatory Authority will be filing breaches and enforcing action in relation to non-compliance with the new AML/ CTF rules


Consultation feedback revisions and updates

49


Feedback and revisions

• CP submissions covered the following areas• Correspondent Banking – exceptions

• Outcome – no change as Rules in line with FATF recommendations

• Relaxation of payable through accounts provisions


• Relaxation of ‘originator information’ requirements on wire transfers


• Clarification sought on the ordinarily resident requirement for the Deputy MLRO

• Outcome – Rules clarified under 2.3.5 (3) that the Deputy MLRO is not required to be ordinarily resident when acting as MLRO

• Clarification sought on provisions relating to ‘Group Introductions’ (Rule 3.4.10) and the extent of information to be provided by the introducer to the Firm

• Outcome – No change to the Rule – Information on obtained CDD needs to be provided by the Introducer to the Firm, not the totality of the documentation collected.

• Clarification sought on the status of the AML Regulations

• Outcome – the AML Regulations have been superseded by the Law and the AML Regulations are with the Minister for formal repeal


Feedback and revisions

• CP submissions covered the following areas

• Clarification sought on the need to notify the Regulator when an STR is submitted • Outcome – the Rules require Firms to notify the Regulator of an STR submission but does

not include the STR itself

• Clarification sought on the extent to which screening requirements applied to all prospective employees of a firm • Outcome – the Rules have been modified to focus on ‘higher-impact’ AML/CFT officers and

employees

• Clarification sought on the extent to which screening requirements should be applied across jurisdictions • Outcome – No change to the Rules, firms will need to satisfy themselves and be able to

demonstrate that they have taken appropriate measures in accordance with the rules

• Reliance on others provision – Introducers (Rule 3.4.9 (3) (a)) requires firms to receive an introducers certificate from the introducer

• Outcome – Introducers Certificate – Approved Form Q20 on the website


Working draft guidance discussion and questions

52

overview of the qfc / cft aml regime

Documents