AML-CFT Policy - September 2013.pdf
Transcript of AML-CFT Policy - September 2013.pdf
-
8/10/2019 AML-CFT Policy - September 2013.pdf
1/75
2013
Anti-Money Laundering & Combating
the Financing of Terrorism Policy
-
8/10/2019 AML-CFT Policy - September 2013.pdf
2/75
I
KASB Bank's AML / eFT Pol icy - 2013
Under the Guidelines on "Policy Framework in Bank/DFls" issued by the State Bank of Pakistan vide BSD Circular
NO.3 of 2007 dated April 04, 2007, Banks are required to formulate policies for different areas of their Operations
and ensure their regular updates.
Pursuant to the directives issued vide BPRD Circular NO.2 of 2012, we have aligned our existing AML/KYC Policy
with SBP's AML/CFT Regulations which was approved in BOD meeting held on August 27, 2013. In the meanwhile,
SBPvide BPRD Circular Letter No. 22 dated August 19, 2013 has made amendments in AML/CFT Regulations for
updation in bank's AML/CFT Policy till September 30, 2013. Accordingly, desired amendments are made in KASB
AM L/CFT Policy - 2013 on pages NO.8, 14, 15, 16, 18, 20, 27, 28, 29, 34 and 36.
Submitted for review by the Audit Committee of the BOD and then necessary approval from BOD.
\
aqar Ahmed Khan
Group Executive - Operations & GTS
=?:,-~vsalma~
Group Head - Branch Banking
Ap pr ov ed By:
Sumair Wahid Abro
Head - Human Resource.
Bilal Mustafa
President & CEO
-
8/10/2019 AML-CFT Policy - September 2013.pdf
3/75
i
KASB Banks AML / CFT Policy 2013
Contents
Introduction
Preface 2Purpose of Policy and Scope 3
Money Laundering 3
General Methods and Stages of Money Laundering 3
Vulnerability of Financial Institutions to Money Laundering 4
Compliance Obligation 4
Risk Aversion Measures and Awareness 5
Financial Action Task Force (FATF) on ML 5
Asia / Pacific Group 5
Office of Foreign Assets Control (OFAC) 5
United Nation (Security Council) Resolution 6
Legal and Regulatory framework in Pakistan 6
Customer Due Diligence
New Customer Acquisition Policy 8
Customer Due Diligence 8
Guiding Principles 9
Beneficial Owner 10
Reduced Customer Due Diligence 11
Enhanced Customer Due Diligence 13
Customer Risk Based Approach 14
Risk Assessment 15Prohibited Customer Types 15
Ongoing Monitoring 16
Prohibition of Personal Accounts for Business Purpose 16
Suspicious Transactions
Suspicious Transactions 18
Examples 18
Suspicious and Currency Transactions Monitoring 18
Management of Alerts 18
Monitoring at source 19Screening names against OFAC / UN Security Council / NAB /
and other list 19
Reporting Agencies 19
E-Banking 20
Correspondent Banking 20
Suspicious Transaction Reporting 21
Currency Transaction Reporting 21
-
8/10/2019 AML-CFT Policy - September 2013.pdf
4/75
ii
Freezing of property by DG, FMU 22
Disclosure and provisioning of reported information & Immunity
to Bank Officials 22
Customer Relationship
Customer Transaction Profile and Relationship review 24Process to relate Customer Transaction Profile 24
General requirement applicable on all relationships 25
Customer Identification and Transaction Profiling Procedure 25
Process of identification of customer source of earning and
status of customer 26
CDD Measures for Occasional Customers/ Walk-in Customers
and Online Transactions) 27
Wire / Funds Transfers 27
Home Remittance Products 28
Where CDD Measures are Not Completed 28
Dormant Account 28
Verification & Authenticity of Identity Document 29
Documentation Requirement 29
Misys Support 29
Allied Issues
Review of Products and Services 31
Record Retention 31
Training and Awareness 31
Certification 31
AppendicesAppendix - A: Documents to be obtained from various types of
customers / Account Holders 33
Appendix - B: Examples of Suspicious Transactions 39
Appendix - C: Customer Due Diligence (Individual / Salaried) 46
Appendix - D: Customer Due Diligence (Corporate Retail) 47
Appendix - E: Customer Risk Profiling (CRP) Form 49
Appendix - F: Enhanced Due Diligence 51
Appendix - G: Customer Transaction Profile 53
Appendix - H: Reporting Format of Suspicious Transaction 54
Appendix - I: Reporting Format of Currency Transaction 58Appendix - J: Customer Level Information 61
Appendix - K: Acronyms 65
Appendix - L: Details of Walk-in / Online Cash Depositors 66
Appendix - M: Common Type of Typologies 67
Appendix - N: List of High Risk Jurisdictions 70
-
8/10/2019 AML-CFT Policy - September 2013.pdf
5/75
-
8/10/2019 AML-CFT Policy - September 2013.pdf
6/75
P a g e|1
Introduction
-
8/10/2019 AML-CFT Policy - September 2013.pdf
7/75
P a g e|2
Preface
As a part of SBP ongoing efforts to promote the culture of awareness relating to Anti Money Laundering and Anti-
Terrorist Financing legal and regulatory framework, the State Bank of Pakistan revised the regulations M-1 to M-5 of
Prudential Regulations on Corporate/ Commercial Banking with AML/CFT Regulations, w.e.f. October 31, 2012 which
are further amended vide BPRD Circular Letter No. 22 of 2013 dated August 19, 2013 and implementation deadline was
extended till September 30, 2013 for review of banks internal Policies/Procedures & Compliance Programs. Revised
Regulations inter alia call for special vigilance on various types of accounts including Politically Exposed Persons. Access
to beneficial ownership of natural and legal person would be clearly established. Movement of funds to high risk countries
would be closely monitored. Risk assessment of every customer by adopting risk based approach has been stressed upon.
Adoption of effective Know Your Customer Standards and Anti Money Laundering Measures is an essential part of risk
management practices. The KASB Bank demonstrates its full commitment and support to high standards of Compliance
with the Anti-Money Laundering/Combating Financing on Terrorism requirements by implementing robust and
comprehensive policy, procedures and systems for the prevention and detection of Money Laundering / Terrorist
Financing activities and maintain the highest possible standards of due diligence and AML procedures.
It is therefore, obligatory for each associate to desist from accepting assets that they know, or are expected to know, are
proceeds of criminal activities. The proceeds of criminal activities may include any asset obtained through corruption,
embezzlement of public funds, abuse of an official function, or dishonest dealings by a public officer. Likewise,
inward/outward remittances making economic sense and having bona fide remitter/ beneficiary are to pass through the
bank.
SBP policy focus is on stringent transactional monitoring with zero tolerance for any suspicious transaction. Strict
monitoring is to be exercised at the very outset of undertaking customer relationship and executing any business
transaction at branches and segments. CDD / EDD will constitute foundation of the risk identification process.
Key measures undertaken in AML / CFT Regulations include having in place the following:
Customer Due Diligence measures which encompasses the importance of ascertaining new customer acceptance
policy, Customer Identity, ongoing monitoring and establishing the ultimate economic beneficiary.
Exceptions to use personal accounts for business purpose.
Ongoing monitoring of transactions through virtual monitoring system to detect suspicious transaction.
FMU guidelines to identify and report suspicious transaction.
Timely submission of Currency transaction report
Classification of Accounts as High / Medium / Low Risk categories by adopting risk based approach. Further strengthen the process to relate transaction with customer transaction profile, identification of customer
source of earning and status of customer.
List of Jurisdictions stated by FATF as High Risk.
Monitoring of wire transfers / fund transfers
Record Retention guidelines
Regular AML / CFT communication and training program through various channels to raise staff awareness at all
levels within Bank.
Revised AML / CFT booklet attempts to offer comprehensive commentary on each related area including the procedures
and safe guards to be adopted at source. Examples of potential transactions that pose suspicion have been cited for
guidance of branches/segments.
Hope that the revised version of AML/ CFT Booklet will help branches and respective segments to conduct business
activities smoothly with strict adherence to regulatory and other mandatory requirements relating to AML/CFT/ KYC.
Bilal Mustafa
President/CEO
September 20, 2013
-
8/10/2019 AML-CFT Policy - September 2013.pdf
8/75
P a g e|3
Purpose and Scope
This Policy based on the provisions of Anti Money Laundering (AML) Act, 2010; Anti Money Laundering (AML)
Regulations, 2008 and revised AML/CFT Regulations videBPRD Circular No. 02 of 2012, shall apply to monitor
each transaction individually and in the overall perspective of Customer Transactions Profile (CTP) by all branches/
sub branches and segments like Consumer, corporate and WSB etc. Compliance at source will be mandatory by all
employees of KASB Bank Limited. CTP will be monitored by the Branches as an ongoing process to ensure thattransactional behavior is in accordance with KYC disclosures at the time of account opening and subsequent update.
Relationships shall be discontinued with customers or counterparties including banks whose conduct pose concern
of involvement with illegal activities. Such termination of relationship shall immediately be reported through STR to
Compliance Division for further action as per prescribed procedure.
This Policy and the related laws/regulations shall be complied with comprehensively by all employees of KASB
Bank Limited as a job requirement whether at a Branch/sub branch and segment. All accounts of Politically Exposed
Persons (PEP) will be opened with the prior permission of the senior management. No waiver, modification or
exception of any requirement or provision of this Policy shall be permitted.
The Chief of Compliance at Principal Office; Karachi shall be responsible to keep the Policy update and
aligned with any change occurring in the local as well as international laws, regulations, guidelines and policies.
Money Laundering (ML)
ML, loosely defined, is the transactional processing or moving of illicitly gained funds (such as currency, cheques,
electronic transfers or similar equivalents) towards disguising its source, nature, ownership or intended destination
and/or beneficiaries. The desired outcome of this process is clean money that can be legally accessed or
distributed via legitimate financial channels and credible institutions.
ML scams abound, yet they all have a single goal in common i.e. to create the illusion that illicitly generated funds
have a legal source. As such, the challenge for Anti Money Laundering (AML) legislation is to cover loopholes as
quickly and effectively as possible.
General Methods and Stages of ML
ML methods and techniques continue to vary from country to country and time to time. The ML process aims to
camouflage illegal funds or financial assets which can range from purchase and resale of a high value or luxury
items by passing it through multiple accounts and shell companies towards either totally obscuring the original
source, or towards associating the funds or assets with a source that looks legal. If the ML process is successful, the
launderer gains funds that look legitimate, and can be moved around with ease. The proceeds usually take the form
of cash which needs to enter the financial system by some means.
Despite the variety of methods employed, the laundering process is accomplished in three stages that may comprise
numerous transactions.
The three stages can be summarized as follows:
Placement:physical disposal of cash proceeds derived from illegal activity; The aims is to remove the cashfrom the location of acquisition so as to avoid detection from the authorities and to then transform it into other
asset forms; for example: travelers cheques, postal orders, etc.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
9/75
P a g e|4
Layering:separating illicit proceeds from their source for concealment or disguise of the source of the ownership of
the funds by creatingby creating complex layers of financial transactions designed to disguise the audit trail and
provide anonymity; and
Integration:attempt to legitimize wealth derived from illegal or criminal activity. It is this stage at which the
money is integrated into the legitimate economic and financial system and is assimilated with all other assets in
the system. Integration of the "cleaned" money into the economy is accomplished by the launderer making it
appear to have been legally earned. By this stage, it is exceedingly difficult to distinguish legal and illegal
wealth. If the layering process succeeds, integration schemes place the laundered proceeds back into the
economy in such a way that they re-enter the financial system appearing abnormal business funds.
The three stages discussed above may occur separate and distinct or simultaneously or may overlap each other.
How the stages are used depend on the available laundering mechanisms and the requirement of the money
launderers.
Vulnerability of Financial Institutions to Money Laundering
Certain points of vulnerability have been identified in the laundering process which the money launderers find
difficult to avoid and the activities are more susceptible to being recognized, namely:
Entry of cash into the financial system
Cross-border flow of cash
Transfers within and from the financial system
Efforts to combat ML largely focus on those points in the process where the launderer's activities are more
susceptible to recognition and have, therefore, to a large extent concentrated on the deposit taking procedures of
financial institutions i.e. the placement stage. Equally, however, it is emphasized that there are also many crimes
where cash is not involved.
The most common form of ML that financial institutions encounter on a day to day basis, in respect of their
mainstream business, takes the form of cash transactions, which is deposited in the financial system or exchanged
for value. Electronic funds transfer systems increase the vulnerability by enabling the cash deposits to be switched
rapidly between accounts in different names and different jurisdictions. Additionally, financial institutions arevulnerable to being used in the layering and integration stages as loan and finance facilities may be used as a part of
the process to create layers of transactions.
Compliance Obligation
The compliance of AML rules, regulations and regulatory framework is obligatory in the context of the following
three vital perspectives:
Legal and Regulatory:
Comply with the laws and regulations to avoid any legal consequence and imposition of penalties.
Reputation:
Saving the reputation, prestige and honor of the bank, in-case any involvement is revealed in recycling the proceeds
of crime that would call into question reputation, integrity and if fraud is involved, solvency of the bank.
Ethical:
Preserve ethical values, standards, code of the Bank /group by taking part in the fight against crime to discourage the
criminals.
Financial:
Any fake or fraudulent transaction may cause financial loss to Bank.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
10/75
P a g e|5
Risk Aversion Measures and Awareness
CDD/KYC requires special attention and concrete implementation to mitigate/forestall AML and TF Risks. It is
mandatory for KASB Bank to create awareness that it is binding on each associate because:
It is an offence to assist anyone whom you know or suspect to be laundering money generated by any crime or
illegal activity. This may inter alia include support for opening a bank account, accepting deposits, making
transfers/payments, advancing loan/finance, issuing/accepting letters of credit/bank guarantees etc.; withoutdetermining bona fide of account holder or transactional activity.
If one knows or suspects that a transaction or instruction is related to any crime, he/she must refer it to his
immediate line manager for scrutiny and reporting Compliance Division.
If CTP mismatch with KYC or a suspicion of money laundering is sensed, it is mandatory to bring it to light
even if the concerned associate is not handling the transaction or instruction or funds in question. Any
negligence on this account will constitute committing connivance in commission of a criminal offence.
Financial Action Task Force (FATF) on Money Laundering
The FATF is an inter-governmental body whose purpose is to set standards and promote effective implementation of
legal, regulatory and operational measures for combating money laundering, terrorist financing and other related
threats to the integrity of the national and international financial system. The FATF is therefore a 'policy-making
body' created in 1989 that works to generate the necessary political will to bring about legislative and regulatoryreforms in these areas.
FATF is a multi-disciplinary body that brings together the policy-making power of legal, financial and law
enforcement experts from its member states. It monitors members progress in implementing AML measures;
reviews and reports on laundering trends, techniques and counter-measures; and promotes the adoption and
implementation of AML standards globally. FATF has issued 40 + 9 recommendations that are recognized as the
international standard for combating of money laundering and the financing of terrorism and proliferation of
weapons of mass destruction these recommendations are already incorporated in this policy. For further details visit
www.fatf-gafi.org
Asia/Pacific Group (APG)
The Asia Pacific Group on Money Laundering (APG) is an international organization consisting of 41 member
countries/jurisdictions and a number of international and regional observers including the United Nations, IMF andWorld Bank. The APG is closely affiliated with the FATF. All APG members including Pakistan have committed
to effectively implement the FATF's international standards for AML and combating TF referred to as the 40+9
Recommendations. Part of this commitment includes implementing measures against terrorists listed by the United
Nations in the "1267 Committee Consolidated List":
APG Key Role
Assess APG members' compliance with the global AML/CFT standards through a robust mutual evaluations;
Coordinate technical assistance and training with donor agencies and APG jurisdictions to improve compliance
with the AML/CFT standards;
Co-operate with the international AML/CFT network;
Conduct research into ML and TF methods, trends, risks and vulnerabilities to update APG members of
systemic and other associated risks and vulnerabilities
Contribute to the global AML/CFT policy development by active Associate Membership of FATF. For further
details refer to www.Apgml.org
Office of Foreign Assets Control (OFAC)
OFAC is an agency of USA department of treasury. OFAC administers and enforces economic and trade sanctions
based on U.S. foreign policy and national security goals against targeted foreign states, organizations and
individuals. Specially Designated Nationals (SDN) List is a publication of OFAC which lists individuals and
-
8/10/2019 AML-CFT Policy - September 2013.pdf
11/75
P a g e|6
organizations with which US citizens and permanent residents are prohibited from doing business for further
knowledge refer to www.treas.gov/ofac
United Nations (Security Council) Resolutions
As empowered under United Nations (Security Council) Act, 1948; United Nation established the Al- Qaida and
Taliban Sanctions Committee to apply travel restrictions, arms embargo and to freeze the funds and other financial
resources of certain individuals and entities. Such sanctions are notified by the Ministry of Foreign Affairs, GOPthrough Gazette notifications and conveyed to financial institutions through SBP to identify report and freeze such
accounts. Branches provide information to submit compliance report to SBP as directed from time to time.
Legal and Regulatory framework in Pakistan
Legal and Regulatory framework in Pakistan comprises of the following:
Federal Investigation Agency ACT 1974
Anti-Narcotic Act 1997
Control of Narcotics Substances Act 1997
Anti-Terrorism Act -1997
NAB Ordinance, 1999
AML Ordinance, 2007AML Regulations, 2008
AML Act, 2010
AML / CFT Regulations SBP, 2012
Prevention and Control of Human Trafficking Ord. 2002
Foreign Exchange Regulations
SBP directives issued from time to time
-
8/10/2019 AML-CFT Policy - September 2013.pdf
12/75
P a g e|7
Customer Due Diligence
-
8/10/2019 AML-CFT Policy - September 2013.pdf
13/75
P a g e|8
Business Initiation Stage
New Customer Acquisition Policy
It is a statutory obligation to reasonably know all those for whom the Bank undertake transactions and also
understand the nature of business and each transaction that is being conducted. This applies to every type of account
regardless of who the customer is and the personal status of the customer.
New customer acquisition and approval process shall perform the requisite degree of due diligence as spelled out in
the regulatory framework on the subject in order to sufficiently assess that the customer's wealth is derived from
legitimate sources, that the uses to which the customer intends to put the account are legitimate and that the quality
of the customer's reputation and dealings are of a satisfactory standard.
All customer relationships shall be documented on the AOF and KYC and no new account shall be opened without
clearance of Centralized Account Opening (CAO) Unit of Operations Division.
Name of all new customers are to be filtered through the World-Check screening software before account opening to
check and ensure that the customer in not a proscribed person / entity and also to assist in categorizing risk rating of
the customer in case the customer is PEP or belongs to a country having higher than normal risk rating.
The CDD / KYC Form shall be reviewed and approved by the BM/OM or Authorized Person in case of Segments
on before entering in formal relationship.
The information and documents required for opening each type of account shall be completed in all respects and
kept up to date.
Customer Due Diligence
Customer is defined as any individual, company or a legal entity that has a relationship or initiates a relationship
with KASB Bank Limited for products and services offered through conventional modes of banking or electronic /
internet banking.
CDD is one of the best defenses a Financial Institution can take to guard against the threats of ML and other
financial crimes. It is also termed as KYC and begins at the stage of account opening and collecting all possible
information to determine the nature of his business and the level of AML risk that the new customer poses. KYC
should be properly filled in to provide adequate information for making an accurate evaluation of who customer is
and what to expect from them. It should be risk based and in accordance with banks AML/CFT policy, to convey
that the dealing branch/segment properly understands the connection between customers identification and ability
to efficiently monitor for suspicious activity.
Customer Due Diligence is a continuous and integrated procedure of determining the true identity and source of
funds during the course of customers dealing with the bank and the beneficial ownership of their wealth. It is the
igniting stage in the sustaining fight against ML.
CDD measures must be carefully invoked when:
Establishing business relationship. Dealing with occasional / Walk-In Customer:
i) Obtain copy of CNIC while conducting cash transactions above rupees 0.5 million; and
ii)
Obtain copy of CNIC while issuing remittance instruments e.g. POs, DDs and MTs etc.
Obtain copy of CNIC (regardless of threshold) while conducting online transactions by occasional
customers/walk-in-customers (except deposits through Cash Deposit Machines or cash
-
8/10/2019 AML-CFT Policy - September 2013.pdf
14/75
P a g e|9
collection/management services). If transaction exceeds Rs. 100,000 the name and CNIC No. shall be
captured in system and made accessible along with transaction details at beneficiarys branch.
Carrying out occasional wire transfers (domestic / cross border) regardless of threshold.
There is a suspicion of ML/TF; and
There is a doubt about the veracity or adequacy of available identification data on the customer. At least the
following CDD measures are to be taken:-
Should not open and maintain anonymous accounts or accounts in the name of fictitious persons ornumbered accounts.
All reasonable efforts shall be made to determine identity of every prospective customer by obtaining the
minimum set of documents as prescribed in Appendix - A
In case of joint accounts, CDD measures on all of the joint account holders shall be performed as if each of
them were individual customers of the bank.
Identify and verify the identities of beneficial ownership of accounts/ transactions
Determine whether the customer is acting on behalf of another person, and should then take reasonable
steps to obtain sufficient identification data to verify the identity of that other person.
Where one or more natural persons are acting on behalf of a customer or where customer is legal person,
bank shall identify the natural persons who act on behalf of the customer and verify the identity of such
persons.
For customers that are legal persons or for legal arrangements, take reasonable measures to
Understand the ownership and control structure of the customer
Determine that the natural persons who ultimately own or control the customer. This includes
those persons who exercise ultimate effective control over a legal person or arrangement.
Government accounts shall not be opened in the personal names of the government official(s). Government
account which is to be operated by an officer of the Federal/Provincial/Local Government in his/her official
capacity, shall be opened only on production of a special resolution/authority from the concerned
administrative department duly endorsed by the Ministry of Finance or Finance Department of the
concerned Government. However, in case of autonomous entities and Armed Forces including their allied
offices, account can be opened on the basis of special resolution/authority from the concerned
administrative department or highest executive committee/management committee of that entity duly
endorsed by their respective unit of finance. Rules, regulations or procedures prescribed in the Governing
laws of such entities relating to opening and maintaining of their bank accounts shall also be taken intoaccount.
Guiding principles
The guiding principles mentioned below are common practices followed by prudent bankers world-wide in the
context of CDD and governing all dealings both with existing customers as well as prospective customers:-
Deal with reputable persons with legitimate businesses
Establish legitimate source of income and wealth
Ensure transaction flow is proportionate to their income and serves purpose of known business dealings
Determine and record the identity and background of all customers
Regularly monitor relationship and transactions to identify unusual or suspicious Activity
Keep CDD / KYC form updated
In case of inconsistency take appropriate action
Having sufficient information about customers and making effective use of that information is the most effective
weapon used against ML/TF attempts. In addition to minimizing the risk of being used for illicit activities, the
information provides protection against any fraud attempt and enables suspicious activity to be recognized. It also
protects from reputation, financial and legal risks.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
15/75
P a g e |10
CDD / KYC is not a onetime exercise to be conducted at the time of entering into a formal relationship with
customer / account holder. This is an on-going process for prudent banking practices. SBP, during the course of
inspection would particularly check the efficacy of CDD / KYC policies and system of the bank and its compliance
by all the branches / segments and the associates. SBP is also empowered to impose penalties, cancel commercial
banking license and order winding up of a bank in case the bank is massively non-compliant with relevant laws and
SBP regulations.
In case banks is not able to satisfactorily complete required CDD measures, account shall not be opened or any
service provided and consideration shall be given if the circumstances are suspicious so as to warrant the filing of an
STR. If CDD of an existing customer is found unsatisfactory, the relationship should be treated as high risk and
reporting of suspicious transaction be considered as per law and circumstances of the case.
Beneficial Owner
As per AML/CFT Regulations, Beneficial owner in relation to a customer of a bank means the natural person(s)
who ultimately own(s) or controls a customer or the person on whose behalf a transaction is being conducted and
includes the person(s) who exercise(s) ultimate effective control over a person or a body of persons whether
incorporated or not whereas beneficiary means the person to whom or for whose benefit the funds are sent or
deposited in bank. Placing the emphasis on this person is a necessary step in determining what the source of fund is.
To determine Beneficial Owner the following guidelines have been prescribed vide AML Regulations 2008:
a) Obtain a declaration setting forth the identity of the beneficial owner. Such declaration is to be kept on
record in an appropriate manner.
b) Ensure that the contracting partner is also the beneficial owner of the assets/funds placed.
c) In case of beneficial owner(s) in relation to a customer, reasonable measures shall be taken to obtain
information to identify and verify the identities of the beneficial owner(s).
d) If the contracting party states that the beneficial owner is a third party, complete data (name, address, date
of birth, nationality, country of domicile, etc.) of the beneficial owner should be obtained by the Bank.
e) In case of legal persons complete data, as mentioned in point (d) above, of the authorized attorneys shall be
obtained. Take reasonable measures to understand the ownership and control structure of the customer for
obtaining information as to the purpose and intended nature of business relations and determine that the
natural persons who ultimately own or control the customer.f) If serious doubts persist about the accuracy of the contracting partners written declaration and cannot be
dispelled through further clarification, the bank shall refuse to enter in a business relationship or to execute
the transaction.
g) The holder of a joint account or a joint securities account is required to provide to the bank a full list of
beneficial owners, pursuant to point (c) above, and to inform the bank of any changes without delay.
Beneficial Ownership is conventionally used in Anti Money Laundering context and it could be viewed at two
stages. Firstly it will be done at the time of customer acceptance policy and secondly at the time of transaction
review.
The identity of the beneficial owner will be reviewed by the Relationship Manager by asking whether such person is
acting on his own behalf and the person respond in affirmative then this person is beneficial owner. If there is doubt
arise in prospective clients explanation as to source of his/her funds does not make sense, further due diligencewould be appropriate.
Moreover after the account has been opened, subsequent activity in the account may become inconsistent with the
originally anticipated account activity, the most famous example to this context is that customer is house wife and in
her account transactions were taken place, clearly inconsistent with the CDD of prospective customer and source of
funds were mentioned as savings from husbands business and transactions were quite in the context of the business
then it clearly mentioned as husband is the beneficial owner of the prospective customers account.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
16/75
P a g e |11
Some of the examples of beneficial owners are mentioned below:
In corporate context, the beneficial owner of a non-listed company is any one that ultimately owns or controls
(including indirectly) more than 25 % of the shares or voting rights of the company, or who otherwise exercise
control over its management.
XYZ (Private) Limited is the prospective customer of the bank and it is the subsidiary of NYK Limited so NYK
hold the control over the business of the subsidiary and truly called as the beneficial owner of the prospective
customer business.
Mr. X and Mr. Y is the employee of ABC limited and are the prospective customer of the bank and were engage
in sale and purchase of property on behalf of the company and in this case company is the beneficial owner of
the clients business.
Alpha is a Trust which governs the stakes of the welfare of public and Mr. A, Mr. B and Mr. C are the trustees
of the company and Mr. A is the founder member of the trust and as per trust deed Mr. A has power to appoint
and remove trustees and regulate the operation of the trust then of course Mr. A is the beneficial Owner of the
Trust.
If there are individuals who are in position to extent control over the funds held by the company (e.g., directors
or persons with power to give direction to the directors), and such individuals are not related to the apparent
provider of funds, the banker should consider why this might be so.
Always watch for the nominee directors of the holding companies because they are working on behalf of the
holding company and taking cares the benefits of the holding company because holding company is the
beneficial owner of the business.
Mr. Y is the legal advisor of Mr. M and wishes to open an Alpha Company account, Mr. Y will serve as the
representative and authorized signatory of Alpha Company, but in this case personal banker should ask the
customer about the beneficial owner of the company because in that case Mr. M is the beneficial owner of the
company.
Reduced CDD Customers
AML/CFT Regulations categorizes reduced CDD customers as follows:
Where information on the identity of the customer and the beneficial ownership is publicly available
Financial Institutions provided they are subject to requirements to combat ML and TF consistent with the FATF
recommendations and are supervised for compliance with those requirements.
Public companies that are subject to regulatory disclosure requirements and such companies are listed on a
stock exchange or similar situations.
A Non-Bank Finance Company (NBFC) regulated/ supervised by Securities and Exchange Commission of
Pakistan (SECP) unless an entity is notified for application of the requirements
Public administrations or enterprises
Government administrations or entities.
A foreign government entity.
Country identified by credible sources such as mutual evaluation or detailed assessment reports, as adequately
complying with and having effectively implemented the FATF Recommendations; and Country identified by
credible sources as having a low level of corruption, or other criminal activity.
However, enhanced CDD / KYC measures shall be applied where:
There is risk of ML or TF or when a customer resides in a country, which does not comply with FATF
recommendations.
In case of certain high risk factors are identified in internal risk assessment or as per international standards
-
8/10/2019 AML-CFT Policy - September 2013.pdf
17/75
P a g e |12
In relation to customers that are from or in jurisdictions which have been identified for inadequate AML/CFT
measures by FATF or identified by the bank itself having poor AML/CFT standards or otherwise identified by
the State Bank of Pakistan.
There are no exceptions in reporting suspicion to FMU within the provisions of AML Act.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
18/75
-
8/10/2019 AML-CFT Policy - September 2013.pdf
19/75
P a g e |14
a) Relationship should be established and or maintained with approval of senior management (not below the
rank of Executive Vice President as designated by the board of a bank for the purpose of AML/CFT
regulations) including when an existing customer becomes holder of public or high profile position.
b) Monitoring of such relationships on regular basis.
c) Establish, by appropriate means, the sources of wealth or beneficial ownership of funds, as
appropriate; including Banks own assessment to this effect.
15. Senior management approval should be obtained while establishing relationship with Non-Governmental
Organizations (NGOs)/Not-for-Profit Organizations (NPOs) and Charities to ensure that these accounts are used
for legitimate purposes and the transactions are commensurate with the stated objectives and purposes.
The accounts should be opened in the name of relevant NGO/NPO as per title given in its constituent
documents of the entity. The individuals who are authorized to operate these accounts and members of their
governing body should also be subject to comprehensive CDD. Banks should ensure that these persons are not
affiliated with any proscribed entity, whether under the same name or a different name.
In case of advertisements through newspapers or any other medium, especially when bank account number is
mentioned for donations, Banks will ensure that the title of the account is the same as that of the entity soliciting
donations. In case of any difference, immediate caution should be marked on such accounts and the mattershould be considered for filing STR.
Personal accounts shall not be allowed to be used for charity purposes/collection of donations.
Customer Risk Based Approach
It is pertinent to mention here that without proper quantification of risks, it may be difficult to decide which
customer qualifies for simplified due diligence (SDD) or enhanced due diligence (EDD). A sound Customer risk
Based Approach is based on the following major elements:
Customer Risk: Identifying risk determinants, comprising of various elements like, Overall Back Ground and
Reputation, Business Interest and Practices, Business Associates, Political Affiliation, Beneficial Ownership and
Source of Fund.
Product Risk: Foreseeing risk elements resulting from customers need for financial services and appropriate
controls. Entailed in case of Private Banking Customers where the Bank is generally not aware of the fact that
customer is investing money in their institution on behalf of the main money owner whose particulars are not
disclosed to the bank.
Delivery Channels:Identifying risks associated with delivery channels like cash, wire transfers which may vary
from customer to customer depending on their needs
Business Risk: Includes various elements like, Nature of business, Location of Business, Region of Business and
Prime customers of business.
Geographical/Jurisdictional/Country Risk:Risks resulting from customer geographic presence and jurisdiction in
which the customer is operating. Relates to various elements like, Political Stability, Legal Status, Economic
Situation, Standing of Financial Service Industry, Exposure to organized crimes, money laundering and corruption
culture.
After identification and quantification of inherent risks, controls and residual risks, the decision should be taken
while establishing relationship whether to take the customer on-board, mark as high risk or refuse to accept the
customer etc.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
20/75
P a g e |15
Risk Assessment:
Risk profiling of every new customer is to be done using the information obtained through CDD/KYC by the
Relationship Manager of requisite segment / Branch Managers as per the Customer Risk Profiling template given
in Annexure - E for all customer relationships categorized under AML Table.
Business should review and update customer profile
High & Medium AML/ CTF Risk Customer Quarterly
Low Risk Customers - Annually
All Commercial / Business Name Accounts - Minimum every two years Others - Minimum every three years
Approval criteria for customers falling under PEP / NGOs / NPOs / Trust & Charities category shall require
sign-off by the Designated Senior Management.
Approval criteria for customers categorized under (Money Changers, Intermediaries, Off-shore Financial
services, Journalists, Private banking customers, Customers dealing in High value items, Insurance companies)
shall require sign-off from Region Head Business.
Approval criteria for customers categorized under (Non - resident, High net worth customers with no
identifiable sources of income, Import / Export Business, property brokers, travel agencies, cash drivenbusinesses) shall require sign-off from concerned Business Head and Operations Head.
Obtain approval of senior management to commence or continue the business relationship with customers
falling under the category of High Risk.
Customer having medium risk rating shall require sign-off from concerned Business Head & Operations Head.
Self - Declaration form for customers that are classified to be under (self -employed / freelancer / landlords /
agriculturists, Fixed Income, Students / Housewives / others) shall be referred to concerned Business Head prior
to account opening for their review & approval.
During the process of Review of High/Medium/Low Risk Customers the following points should be specifically
considered:
Obtaining additional information on the customer (occupation, volume of assets, address, information available
through public database, internet etc.), intended nature of business relationship, reasons for intended orperformed transaction, source of funds or source of wealth, wherever required.
Obtaining documentary evidence to support transactions where possible
Elevating risk profile on the basis of customer business conduct and transaction profile of the customers
Customers profiles should be revised keeping in view the spirit of KYC/CDD and basis of revision shall
be documented and customers may be consulted, if necessary.
Prohibited Customers
Transaction with Non-Account Holder:
Bank business centers will not under any circumstances, accept anonymous relationships, for any purpose. One-off
Pay order favoring Government and Education bodies is permitted to walk in customers subject to due diligence, or
if explicitly permitted so under any product features.
Known Beneficiaries of Corruption or Illegal Activities:
Any individual or entity whose wealth or funding has been accumulated through corruption or activities that are
illegal will not be accepted as Bank customer.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
21/75
P a g e |16
Shell Companies:
Bank shall not indulge into any business with shell companies due to the complexity of the organization and
structure, as it is difficult to determine the true owners/beneficial owners and may be subject to misuse. Some of
such companies may not exist for legitimate business and may merely be a shell or front company. Dealing with all
such companies shall be strictly prohibited.
Proscribed Individuals / Entities
Bank shall not provide any banking services to proscribed entities and persons or to those who are known for
their association with such entities and persons, whether under the proscribed name or with a different name.
The bank should monitor their relationships on a continuous basis and ensure that no such relationship
exists. If any such relationship is found, the same should be immediately reported to Financial Monitoring
Unit (FMU) and other actions shall be taken as per law.
Ongoing monitoring
All business relations with customers shall be monitored on an ongoing basis by their respective branches / segment
to ensure that the transactions are consistent with customer profile, its business and risk profile and where
appropriate, the sources of funds.
Prohibition of personal accounts for business purposes
Personal accounts shall not be used for business purposes except proprietorships, small businesses and professions
where constituent documents are not available and the Branch/related Segment is satisfied with KYC profile of the
account holder, purpose of relationship and expected turnover of the account keeping in view financial status &
nature of business of that customer.
The business transactions in personal accounts of proprietors may only be permitted by linking it with
account/business turnover. Such customers having monthly credit turnover of Rs. 5 million or above may be
required to open a separate account for business related transactions.
In order to verify the physical existence of business or self-employment status, banks may conduct physicalverification within 05 working days of the opening of account and document the results thereof on account opening
form. In case of unsatisfactory verification, bank may consider reporting it to FMU and/or may change risk profile,
as appropriate.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
22/75
P a g e |17
Suspicious Transactions
-
8/10/2019 AML-CFT Policy - September 2013.pdf
23/75
P a g e |18
Suspicious Transactions
As the types of transactions that may be used by a money launderer are almost unlimited, it is difficult to define a
suspicious transaction. Suspicion is personal and subjective and falls far too short of proof based on firm evidence.
However, the suspicion must have some foundation and not just be based on mere speculation. A suspicious
transaction shall often be:
Any transaction or instruction that is not logical from an economic, financial or banking point of view
Any transaction where the amount, duration or other specific feature is inconsistent with the customer's
professional or business activities or expected account activity as per KYC.
Even "Good Customers" launder money with the financial institution unknowingly assisting them. Be cautious of
customers who are too friendly, since the key to successful ML is to conduct business at a financial institution that
doesn't ask too many questions and appears to look the other way.
Suspicion
The key to recognizing suspicious transactions is based on having enough knowledge about a customer's normal
expected transactional profile or activities to be able to recognize the abnormal/unusual and from the abnormal, what
might be suspicious.
At the start of a relationship, suspicions might arise:
If a customer refuses or is reluctant to provide information or documents
If the time taken to provide information or documents proves to be unusually long
If the information provided does not make sense when assessed in respect of nature of the relationship
Examples
Examples of what might constitute a suspicious transaction are attached as Appendix - B. The examples mentioned
in Appendix - Bare not meant to indicate that all such activities would be indicative of ML, they are meant to be
used as indicators which, given your knowledge of the customer, their normal account and business activities and
the sector in which they operate might assist in recognizing suspicious transactions. Identification of any of the types
of transactions listed or any other circumstances that are unusual for that customer should prompt enquiry.
Suspicious & Currency Transactions Monitoring
Designated Officers in branches should conduct regular monitoring of Large Transactions (Rs.0.5M and above)
daily generated on their Branch Folders and Occasional transactions 0.5 Million and above, showing unusual
behavior in a particular account on the basis of data generated by IT system.
Additionally, transactions are monitored through installed SAS-AML Solutions software at Compliance Division on
the basis of pre-defined parameters/thresholds for analysis to check transaction pattern and to ensure that the
transactions are in accordance with customer profile available in Banks record and possible reporting of
suspicious transactions. Individual large transactions and transactions structured to avoid CTR reporting are
identified and monitored for the purpose of regulatory requirement of reporting CTRs and to track any suspicious
transaction executed by the customer.
Management of alertsLarge Transaction Monitoring Unit of Compliance Department should review all alerts generated on predefined
thresholds from SAS/AML Software in the following manner:
i) Alerts to be checked with Customer profile in the System.
ii) In case of mismatch, report to concerned branch under copy to Compliance Chief in context of investigation on
mismatched transaction.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
24/75
P a g e |19
iii) Reply of branch should be reviewed and;
a) If satisfactory then customer profile should be updated and the alert may be closed.
b) If not satisfactory then the background & purpose of such transaction shall be examined and findings
established in writing for availability to assist the relevant authorities in inspection & investigations.
iv) The transactions / wire transfers, which are out of character or are inconsistent with the history, pattern, or
normal operation of the account including through heavy deposits, withdrawals and transfers, shall be viewed
with suspicion, be properly investigated and referred to Compliance chief for possible reporting to FMU underAML Act
v) Nothing to be disclosed to the customer that a suspicious transaction or related information is being or has been
reported to any authority, except if required by law.
All remittance transactions / wire transfers / SWIFT messages are filtered through SWIFT Sanction Screening
system to ensure that no transaction is conducted with individuals / entities / countries that falls in any negative /
proscribed sanction list.
Monitoring at Source
However, monitoring by Large Transactions Monitoring Unit of Compliance Division does not relieve Branch/
Segments officials to monitor all complex, unusual large transactions, and all unusual patterns of transactions, which
have no apparent economic or visible lawful purpose leading them to have reasonable grounds to suspect that atransaction is directly or indirectly related to the commission of a ML offence or to the commission of a terrorist
activity financing offence. The background and purpose of these transactions shall be inquired and findings shall be
documented with a view to making this information available to the relevant competent authorities when required.
Relationship with accounts wherein ML illegal activity is established should be immediately terminated after
seeking guidance / instructions from the Compliance Division.
Screening names against OFAC / UN Security Council / NAB / and other list
Bank is committed to monitor and take actions on all Sanctioned names by OFAC/UN Sanctions / NAB and other
lists. In addition, U.N. Security Council regulation makes it mandatory for all Banks to block funds and also not to
enter into any transactions with individuals or entities reported to be involved in financial crimes and money
laundering. Following procedure is applied
All customer are filtered in World-check screening system prior to account opening and if any match is found
the matter is further investigated and advise is given to CAO accordingly on the basis of findings
NAB Circulars for convicted individuals/entities, SBP S.R.O.s and letters received from Ministry of Foreign
Affairs are circulated by the Compliance Department to all concerned.
If during SAS monitoring any Alert is raised about the account holder it will be communicated to the branch /
segments to put the account on watch.
If during SWIFT monitoring any Alert is raised about the account holder, the transaction shall not be allowed to
be processed further, branch / segments would be instructed to hold the transaction and raise STR. Further
action should be taken as per law.
Branches/Segments should consolidate the UNSC/NAB/S.R.O.s circulated by Compliance from time to time
and check the names through the consolidated lists prior to opening of account
Reporting Agency
As per AML Act, 2010, and AML Regulations, 2008 (available on Banks portal), Financial Monitoring Unit
(FMU) set up at, SBP Main Building, Karachi is the only designated agency in Pakistan to which suspicious
transaction reports (STRs) and the currency transaction report (CTRs) shall be made by the Compliance Division
within 7 working days after forming suspicion / respective currency transaction.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
25/75
P a g e |20
E-Banking
E-Banking related risk should be recognized, adjudged and managed in a prudent manner according to the
fundamental characteristics and challenges of e-banking Services. These Characteristics include unprecedented
speed of change related to technological and customer service innovation, the ubiquitous and global nature of open
electronic networks, the integration of e-banking applications with legacy computer systems and the increasing
dependence of bank on third parties that provide the necessary information technology.
While not creating inherently new risks, use of e-banking increases and modifies some of the traditional risks
associated with banking activities, in particular strategic, operational, legal and reputation risks, thereby influencing
the overall risk profile of banking.
Investigations of major ML cases over the last few years have shown that criminals make extensive use of electronic
payment and message system. The rapid movement of funds between the accounts in different jurisdiction increases
the complexity of investigation. In addition, investigation becomes even more difficult to pursue if the identity of the
original ordering customer is not clearly appear in such transactions.
Correspondent Banking
In addition to the CDD requirements given in this policy, sufficient information about correspondent banks should
be secured and properly understood by FI and International Division before establishing correspondent banking
relationship.
In opening correspondent banking account following measures (as deemed necessary by the Bank)shall be taken:
a) Assess the suitability of the correspondent bank by:
i) Gathering adequate information about the correspondent bank to understand the nature of correspondent
banks business including the following
Know Your Customer Policy
Correspondent Banks Management and Ownership
Major Business Activities
Geographical presence/jurisdiction (country) of correspondence
Business location Money Laundering Prevention and Detection Measures
Purpose of Account or service
Identity of Third Party that will use the correspondent banking services (Payable Through Accounts)
Condition of the bank regulation and supervision in the correspondents country.
ii) Determine the reputation of the correspondent bank, the quality of supervision over the respondent bank,
including where possible whether it has been the subject of money laundering or financing of terrorism
investigation or regulatory action; and
iii) Assess the correspondent Bank in the context of sanctions/embargoes and advisories about risks
b) Understand and document the AML/CFT responsibilities of the correspondent bank
c)
Obtaining approval of Senior Management before establishing new correspondent banking relationship.
The Bank should ensure that business relationship with foreign banks should be establish after checking customer
acceptance and KYC policies and are sufficiently supervised by the relevant authorities.
Banks shall pay special attention when establishing or continuing correspondent relationship with banks/ financial
institutions which are located in jurisdictions that have been identified or called for by FATF for inadequate and
poor AML/CFT standards in the fight against money laundering and financing of terrorism.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
26/75
P a g e |21
The bank should ensure not to establish or continue correspondent banking relations with a shell bank and that the
correspondent bank do not allow their accounts to be used by shell bank.
Where the cross-border banking services involve a payable-through account, the correspondent bank shall be
satisfied that:
(a)
the respondent bank has performed appropriate CDD measures at least equivalent to those specified inRegulation a) on the third party having direct access to the payable-through account; and
(b) the respondent bank is able to perform ongoing monitoring of its business relations with that third party and is
willing and able to provide customer identification information to the correspondent bank upon request.
In case where a Pakistani bank is availing correspondent banking services from a bank/financial institution abroad, the CDD
measures specified above should be applied, as considered necessary to mitigate ML/TF risks.
STRs Reporting
Suspicious Activity is a difficult concept to define, because it can vary from one transaction to another based upon
on all the circumstances surrounding the transaction or group transactions. For example, transactions by one
customer may be normal, because of your knowledge of that customer, while similar transactions, by another
customer, may be suspicious. Many factors are involved in determining whether transactions are suspicious,including the amount, the location of business, comments made by your customer, the customers behavior, etc. That
is why it is important to detect suspicious activity and structured transactions after in depth analysis and undertaking
reason to establish that:
1. Involve funds derived from illegal activity or is intended to hide funds derived from illegal activity;
2. Is structured to avoid recordkeeping or reporting requirements;
3. Has no business or apparent lawful purpose; or
4. Facilitates criminal activity.
Any suspicious transaction (STR) effected or attempted by, at or through financial institution if the financial
institution knows, suspects, or has reasons to suspect that the transaction (or a pattern of transactions of which the
transaction is a part) involves funds derived from illegal activities or is intended or effected in order to hide or
disguise proceeds of crimes or is designated to evade any requirements of section 7 of the AML Act 2010, or has noapparent lawful purpose after examining the available facts, including the back ground and possible purpose of the
transaction shall be reported immediately as per Appendix - H to the Chief of Compliance. The record will be
thoroughly scrutinized and if the suspicion is found to be well substantiated, the matter will be reported to Financial
Monitoring Unit (FMU) in consultation with President / CEO.
The STR, including attempted transactions shall be reported (regardless of the amount) immediately but not later
than seven working days after forming that suspicion in respect of a particular transaction, irrespective of the fact
that the transaction was followed through or not.
CTRs Reporting
When a financial institution under takes a cash based transaction involving payment, receipt, or transfer of an
amount exceeding the minimum threshold as specified by the National Executive Committee (NEC), hereinafter
referred to as the NEC, the financial institution shall file a report of such transaction (CTR) through Compliance
Department on prescribed format Appendix - I immediately but not later than seven working days, after the
respective currency transaction for onward submission to FMU.
The NEC has declared the threshold of above Rs. 2.5 million for CTRs reporting by Banks as per requirement of
AML Act.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
27/75
P a g e |22
The NEC may exempt a financial institution from the reporting requirements with respect to transactions between
financial institutions and the following categories of entities, namely:-
a) A department or agency of the Federal Government or a Provincial Government or any autonomous body
under the Federal Government or Provincial Government.
b) Any business or category of business the reports on which entail little or no risk concerning ML and TF.
Freezing of property by DG, FMU
Where a financial institution knows, suspects or has reasons to suspect that any property or account is involved
in ML or TF and needs immediate attention or action on the part of FMU as to the freezing of such property or
account, the concerned financial institution as the case may be, shall immediately inform the Director General
of such property or account along with the grounds that warrant immediate action.
The Director General FMU may, if there appear to be reasonable grounds to believe that any property or
account is involved in ML or TF, order freezing of such property of account for maximum period of fifteen
days, in any manner that he may deem fit in the circumstances.
Disclosure and provision of reported information & immunity to Bank Officials
AML Act, 2010 & AML Regulations, 08 explicitly provides as follows:
Prohibition
The financial institution and their officers strictly prohibited to disclose directly or indirectly the fact to the
customer or notifying any person involved in the transaction or any other quarter that a suspicious transaction or
related information is being or has been reported to any authority, except if required by law.
Immunity
Any financial institution or officer which makes a disclosure pursuant to the Ordinance and these regulations
shall not be subject to any civil, criminal or disciplinary proceedings under any law or regulation or under any
contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or any
failure to provided notice of such disclosure to the person who is the subject of such disclosure or any other
person identified in the disclosure.
Disclosure to FMU
The financial institutions must provide all documentation supporting the filing of a STR or any other related
information upon demand by FMU. When asked to provide supporting documentation or any information,
financial institution should take special care to verify that the person asking for information is, in fact, an
authorized representative of FMU.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
28/75
-
8/10/2019 AML-CFT Policy - September 2013.pdf
29/75
P a g e |24
Customer Transaction Profile and Relationship Review
The foundation of any monitoring procedure lies in the initial collection of CDD / KYC information and the
ongoing updating of that information. The nature value and volume of business expected to be undertaken, shall be
recorded at the start of the relationship and regularly updated enabling to judge whether transactions are in line
with the KYC profile of the customer or whether unusual transaction suspects any cause for concern that criminal
money may be involved.
The initial period of any new customer relationship warrants close monitoring at the business location to determine
possibility to any suspicious transaction Activity and transaction review shall include both scrutiny at the point
of transaction and historic review. Particular attention must be paid to cash, high volume accounts, third- party
transfers, outward /inward remittances both domestic and international, collections both clean and documentary
and unexpected prepayment of advances.
To ensure that customers remain in good standing, on observance of sudden CTP variation with KYC disclosures,
large occasional transaction (s), high volume of unusual cash transactions, change in customers business
nature/behavior, indifferent pattern of remittances and account activity; immediate review and update of customer
KYC as per Appendix - G would be essential. Wherever necessary, inquiries shall be made to obtain a
clarification from the respective customer for unusual large transaction volumes or other inconsistent patterns.
Besides periodical review of customers relationship profile will be undertaken as an ongoing process and shall be
properly documented. The review shall include updating of customer data. This shall provide a current assessment of
the relationship, thus enabling to assess the potential nature of the customers activities and determine that overall
account activity is commensurate with the information known and recorded.
All associates shall have a responsibility to be vigilant throughout the course of carrying out their duties and to
report any activity they may observe or become aware of, in dealing with the customer, they deemed to be
potentially suspicious or in consistent with expected activity or business.
Whenever any unusual trends in turnover volume patterns or holding are observed, the same shall reported to BMs/
OMs, who shall undertake a critical review of account activity and its worthiness for reporting as STR/ CTR through
Chief of Compliance.
Process to relate customer transaction profile
Before opening an account due diligence is required to be performed on all prospective clients. This process should be
completed by fulfilling the documentation requirements and also a Know Your Customer (KYC) profile which
is used inter alia to record a clients source of funds, expected transaction activity and other related information
at its most basic level.
Once the due diligence / enhanced due diligence process is completed and the client relationship is established,
Branch should monitor the conduct of the relationship / account to ensure that it is consistent with the nature of
business stated when the relationship / account opened. Branch do this firstly by their officer being diligent and
includes visiting customer / place of business where appropriate; to know whether the business premises are self-
owned or rented, the type of clients visited, commercial environment, mode of payment (cheque or cash) / receiptgenerally resorted to the client. The Officer will record his observations and sign the KYC Profile form and submit to
BM / Segment Head for review and signoff.
Updating the clients KYC profile for any significant change in their lifestyle (e.g., change of employment status,
nature of business, transactional activity and consequential increase in net worth); monitoring the transaction
activity and pattern over the clients account regularly is critical to identify any unusual or suspicious transaction in a
timely manner and reporting any suspicious transaction as per prescribed process.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
30/75
P a g e |25
General Requirements Applicable on All relationship
At a minimum, all businesses must adhere to the following customer acceptance policies when opening new accounts or
establishing any relationships:
Business associates of relevant segments should only accept customers whose identity can be established.
Business associates of relevant segments should make a concerted effort to determine the true identity of all
customers and to identify and know the beneficial owners of all accounts. Business associates of relevant segments should only accept customers who are willing to cooperate and provide the
needed documents and information.
Business associates of relevant segments should obtain proper and valid identification documents from the
customers.
No account should be opened or transaction processed until:
1. The personal valid identity of the individual or commercial identity of legal entity opening the account has been
established and verified.
2. Identity of the beneficial owner has been established.
3. Information on the purpose and intended nature of the business relationship has been obtained.
No accounts shall be opened for non-face-to-face customers.
No account should be opened or retained if there is any evidence of the account being used for any type of
"alternative remittances," i.e. Hawala / Hundi. Any activities noted under this category should be reported as
"Suspicious Activities". All accounts opening, at the minimum, shall be subject to the Branch Manager /concerned Business Head approval
as applicable. A site visit must be made and documented for all commercial/ business purpose accounts.
Account(s) should be closed if any outstanding identity verifications cannot be resolved.
Personal accounts should not be used for business purposes except proprietorships, small businesses and professions
where constituent documents are not available and the banks is satisfied with KYC profile of the account holder,
purpose of relationship and expected turnover of the account keeping in view financial status & nature of business
of that customer
Customer Identification & Transaction Profiling Procedures
The branch where a customer has his primary account should be responsible for carrying out customer acceptance
requirements even though the customers may choose other branches of the bank to process their transactions. The staff
obtaining the identification documents must compare them with original documents to ensure their conformity and
authenticity and must stamp with the Bank Stamp "Original Seen" as and when received the documents.
Customer transaction profile should be prepared to capture the number of transactions expected to be used by a
customer, and the value of transactions for an average month, for each product and service. All efforts should be made to
establish the source of funds to the bank's satisfaction and the customer and transaction profiling methodology to assist in
establishing the source of funds.
A. KYC Profiling:
Obtaining and document the customers basic background information.
Try to use this information to evaluate the correctness and rationality of the customers transaction activity.
Determine the source of the customers funds.
The customers expected transaction trends (monthly or annually),
The source of wealth and
Net income Mode of transaction
B. KYC Profile periodic update:
Regular reviews of transaction activity and large transactions reports;
Print and News Media, financial statements, brochures, industry activities relating to the customer;
Periodical discussions with the client relating to their business activities including future plan.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
31/75
-
8/10/2019 AML-CFT Policy - September 2013.pdf
32/75
P a g e |27
S.No.
AccountCategory
Basic DocumentationProcess to identifysource of earning
Process to verify statusof customer
Societies,
Trust and
Associations
etc.
Policy Appendix - A Sr.
No. 6
entity is established; Members /
Office Bearers; in case of
foreign remittances highlight
amount of remittance and
country.
11.
High Net
worth
Customers
AML & CDD / KYC
Policy Appendix - A Sr.
No. 1
Customers residence or place
of business, Sources of funds
and sources of wealth; Proof of
income / evidence of service
from employer; Current
Investment, Size of Investment,
Estimated Capital Investment;
Nature of Business; Ownership
type (Private, public);
Estimated Sales Volume;
Estimated Net Income; Length
of Business; No. of Employees;
Area of Business; Products of
Business; Area of expertise;
Past Experience.
CDD Measures for Occasional Customers/ Walk-in Customers and Online Transactions):
A walk-in customer is one who neither maintains any type of account nor holds any KYC record with the Bank. Over
the counter occasional / walk-in customers will be required to produce Original Valid CNIC / NICOP / POC / NARA
with noting original seen which will be seen and Copy of the same will be retained by the Branch before executing
the following transaction:
(i) While conducting cash transactions above rupees 0.5 million; and
(ii) While issuing remittance instruments e.g. POs, DDs and MTs etc.
Also, obtain copy of CNIC (regardless of threshold) while conducting online transactions by occasional
customers/walk-in-customers (except deposits through Cash Deposit Machines or cash collection/management
services). If transaction exceeds Rs. 100,000 the name and CNIC No. shall be captured in system and made
accessible along with transaction details at beneficiarys branch.
These transactions includes encashment of cheques, online deposit / withdrawal of cash into account, issuance of
demand draft / Payment orders or any other financial transaction, if the CNIC is expired no financial transaction will be
allowed. In case amount deposited by customer other than the accountholder, Branch should obtain satisfactory
evidence for identification of applicants on (Appendix - L) for Bank record.
Wire Transfers / Fund Transfers
The requirement stated hereunder shall apply during the course of sending or receiving funds by wire transfer except
transfer and settlement between KASB and other banks where both the banks are acting on their own behalf asoriginator and the beneficiary of the wire transfer. All remittance transaction routed through SWIFT are filtered through
SWIFT sanction screening system prior to further processing of transaction to ensure that no transaction is conducted
with individuals / entities / countries that falls in any negative / proscribed sanction list
(a) Checking Identities of Originator
Bank shall include the following information in the message or payment instruction which should accompany or
remain with the wire transfer throughout the payment chain:
-
8/10/2019 AML-CFT Policy - September 2013.pdf
33/75
P a g e |28
(i) the name of the originator;
(ii) the originators account number (or unique reference number which permits traceability of the
transaction); and
(iii) the originators address or CNIC/passport number;
(b) Responsibility of Beneficiary Institution
As a beneficiary, it should be ensured that the incoming remittance should bear the following information of the
remitter:
Name of remitter
Address of remitter with business details
Purpose of remittance
Beneficiary institution shall adopt risk-based internal policies, procedures and controls for identifying and handling in-
coming wire transfers that are not accompanied by complete originator information. The incomplete originator
information may be considered as a factor in assessing whether the transaction is suspicious and whether it merits
reporting to FMU or termination thereof is necessary. Bank shall remain cautious when entering into relationship or
transactions with institutions which do not comply with the standard requirements set out for wire transfers by limiting
or even terminating business relationship.
Note: In context of wire transfers/fund transfer, it may be noted that as per AML/CFT Regulation 3 of SBP, the
requirements may not apply to domestic fund transfer transactions through e-banking channels (e.g. ATM,
internet banking & mobile banking etc.) and RTGS provided appropriate controls are in place
(c)
Responsibility of Intermediary Institution
A bank that is an intermediary institution shall, in passing onward the message or payment instruction, maintain all the
required originator information with the wire transfer.
Home Remittance Products
The product is being used for inward transaction only, for clients using this service customer service staff should verify
the true identity of beneficiaries through identification process. Copy of CNIC from the beneficiary should be obtained
and retained by the branch. Further, RM / BM should verify from beneficiary on the purpose of amount that is being
transferred, remitter name and relation.
Where CDD Measures are Not Completed
In case bank is not able to satisfactorily complete required CDD measures, account shall not be opened or any service
provided and consideration shall be given if the circumstances are suspicious so as to warrant the filing of an STR. If
CDD of an existing customer is found unsatisfactory, the relationship should be treated as high risk and reporting of
suspicious transaction be considered as per law and circumstances of the case.
Dormant accounts
Dormant or in-operative account means the account in which no transaction has been taken place from last one year.
For customers whose accounts are dormant or in-operative, bank may allow credit entries without changing the
dormancy status of such accounts. Debit transactions/ withdrawals shall not be allowed until the account holder
requests for activation and produces attested copy of his/her CNIC, if already not availableand bank is satisfied with
CDD of the customer.
It may be noted that transactions e.g. debits under the recovery of loans and markup etc. any permissible bank
charges, government duties or levies and instruction issued under any law or from the court will not be subject to
debit or withdrawal restriction.
Dormant and inactive account shall be subjected to proper monitoring and authorization to execute any transaction
activity because of the dormant nature of the account warrants particular review or approval.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
34/75
P a g e |29
Verification & authenticity of identity
While opening accounts of customers, all reasonable efforts must be made to determine the true identity of the
customer and the sources and utilizations of funds. To have a uniform procedure for CDD/ KYC Form is to be
completed by the PB / OM/ BM. For segments like Consumer and WSB; Authorized personswill incorporate
complete and fair information on this account in the BBFS.
During the course of meetings with the customer to complete the account opening formalities, they should be asked
about the type of the transactions for which the bank account would be used and any information gathered must be
recorded on the CDD / KYC Form. Any further information felt necessary and obtained during conversation with the
customer should be recorded on the CDD / KYC Form and placed on record. However, branches shall ensure that the
CNIC and the photograph are of the same person whose account is being opened with them. The particulars / CNIC of
such persons must be confirmed from NADRA in writing or through its Verisys system by the bank.
The Bank shall verify identities of the customers (natural persons) and in case of legal persons, identities of
their natural persons from relevant authorities or where necessaryusing other reliable, independent sources and
retain on record copies of all reference documents used for identification and verification. The verification shall be
the responsibility of concerned Branch / Segment for which the customer should neither be obligated nor the cost of
such verification be passed on to the customers.
In relation to above, where one or more natural persons are acting on behalf of a customer or where customer is
legal person, bank shall identify the natural persons who act on behalf of the customer and verify the identity of such
persons. Authority of such person acting on behalf of a customer shall be verified through documentary evidence
including specimen signature of person so authorized.
Verification of the identity of the customers and beneficial owners are to be completed before establishment of
business relationship including verification of Smart Card/CNIC/NICOP/POC from NADRA for customers under
these regulations.
Documentation Requirement
All reasonable efforts shall be made to determine true identity of every prospective customer. For this purpose,
minimum set of documents given at Appendix - A along with those mentioned in General Banking
Manual/Instruction Circulars, must be obtained from various types of customers/ account holder(s). While opening
bank account of proprietorships, the requirements laid down for individuals at serial No. (1) of Appendix - Ashall
apply except the requirement mentioned at No. (3) of the appendix. Extra care should be exercised in view of the
fact that constituent documents are not available in such cases to confirm existence or otherwise of the proprietorships.
MISYS Support
To meet with regulatory requirement I.T. has rolled out AIM/CIM fields/ data structure in MISYS (Appendix- I). The
main purpose is to record the requisite information and to have system generated customer KYC, AOF features and risk
rating profile as and when required.
CAO should ensure that at the time of Account opening, no field related to customer information/KYC/transaction
profile is left blank as appearing in ECI option.
-
8/10/2019 AML-CFT Policy - September 2013.pdf
35/75
P a g e |30
Allied Issues
-
8/10/2019 AML-CFT Policy - September 2013.pdf
36/75
P a g e |31
Review of Products and services
Prior to initiation of any new product or services it should be ensured by the concerned segment that consideration is
given in identifying and assessing ML/FT risks that may arise in relation to new products, services, business practices
and delivery mechanisms. Also, existing products and services are to be reviewed periodically in the light of revised
AML/CFT regulations and establish a practice to review products and services on on-going basis, specifically after any
changes in regulations.
Record Retention
Documents and records on transaction (domestic and international) including any working done in relation to those
transactions shall be retained for a minimum period of ten years from completion of the transaction. Filing and storage
shall be done in a manner suitable for speedy retrievals of every individual transaction. The transaction record may be
maintained in both hard and soft copy (like scanning or electronic form or microfilm) so as the same could be retrieved
upon, when necessary, if required by any court of law or authorized Law Enforcement Agencies for review or as an
evidence for prosecution of criminal activity admissible in a court of law.
Record related to transactions/customers/accounts involved in litigation or required by court or other competent
authority is to be retained till such time the case is settled or the bank is advised/permitted to destroy the records.
Banks shall satisfy, on timely basis, any enquiry or order from the relevant competent authorities including law
enforcement agencies and FMU for supply of information and records as per law.
Bank shall, however, retain those records for longer period where transactions, customers or accounts involve litigation
or it is required by court or other competent authority
Record of Identification data like Account opening form, identification documents, KYC Forms, verification
documents and other documents related to customer relationship along with internal correspondence and account files
shall be maintained for at least ten years after the business relationship is ended as required by applicable regulations.
The documents shall be maintained in originals or copies with banks attestation.
Training and Awareness
HR, Learning and Organizational Development Unit shall arrange periodical programs at all critical centers to impart
appropriate training on all matters pertaining to ML and TF with special emphasis on up-gradation of staff skillset for
AO, CDD, EDD and other KYC dimensions to keep banks associates updated with the latest development, ML and
FT techn