AML-CFT Policy - September 2013.pdf

8/10/2019 AML-CFT Policy - September 2013.pdf

1/75

2013

Anti-Money Laundering & Combating

the Financing of Terrorism Policy


2/75

I

KASB Bank's AML / eFT Pol icy - 2013

Under the Guidelines on "Policy Framework in Bank/DFls" issued by the State Bank of Pakistan vide BSD Circular

NO.3 of 2007 dated April 04, 2007, Banks are required to formulate policies for different areas of their Operations

and ensure their regular updates.

Pursuant to the directives issued vide BPRD Circular NO.2 of 2012, we have aligned our existing AML/KYC Policy

with SBP's AML/CFT Regulations which was approved in BOD meeting held on August 27, 2013. In the meanwhile,

SBPvide BPRD Circular Letter No. 22 dated August 19, 2013 has made amendments in AML/CFT Regulations for

updation in bank's AML/CFT Policy till September 30, 2013. Accordingly, desired amendments are made in KASB

AM L/CFT Policy - 2013 on pages NO.8, 14, 15, 16, 18, 20, 27, 28, 29, 34 and 36.

Submitted for review by the Audit Committee of the BOD and then necessary approval from BOD.

\

aqar Ahmed Khan

Group Executive - Operations & GTS

=?:,-~vsalma~

Group Head - Branch Banking

Ap pr ov ed By:

Sumair Wahid Abro

Head - Human Resource.

Bilal Mustafa

President & CEO


3/75

i

KASB Banks AML / CFT Policy 2013

Contents

Introduction

Preface 2Purpose of Policy and Scope 3

Money Laundering 3

General Methods and Stages of Money Laundering 3

Vulnerability of Financial Institutions to Money Laundering 4

Compliance Obligation 4

Risk Aversion Measures and Awareness 5

Financial Action Task Force (FATF) on ML 5

Asia / Pacific Group 5

Office of Foreign Assets Control (OFAC) 5

United Nation (Security Council) Resolution 6

Legal and Regulatory framework in Pakistan 6

Customer Due Diligence

New Customer Acquisition Policy 8

Customer Due Diligence 8

Guiding Principles 9

Beneficial Owner 10

Reduced Customer Due Diligence 11

Enhanced Customer Due Diligence 13

Customer Risk Based Approach 14

Risk Assessment 15Prohibited Customer Types 15

Ongoing Monitoring 16

Prohibition of Personal Accounts for Business Purpose 16

Suspicious Transactions

Suspicious Transactions 18

Examples 18

Suspicious and Currency Transactions Monitoring 18

Management of Alerts 18

Monitoring at source 19Screening names against OFAC / UN Security Council / NAB /

and other list 19

Reporting Agencies 19

E-Banking 20

Correspondent Banking 20

Suspicious Transaction Reporting 21

Currency Transaction Reporting 21


4/75

ii

Freezing of property by DG, FMU 22

Disclosure and provisioning of reported information & Immunity

to Bank Officials 22

Customer Relationship

Customer Transaction Profile and Relationship review 24Process to relate Customer Transaction Profile 24

General requirement applicable on all relationships 25

Customer Identification and Transaction Profiling Procedure 25

Process of identification of customer source of earning and

status of customer 26

CDD Measures for Occasional Customers/ Walk-in Customers

and Online Transactions) 27

Wire / Funds Transfers 27

Home Remittance Products 28

Where CDD Measures are Not Completed 28

Dormant Account 28

Verification & Authenticity of Identity Document 29

Documentation Requirement 29

Misys Support 29

Allied Issues

Review of Products and Services 31

Record Retention 31

Training and Awareness 31

Certification 31

AppendicesAppendix - A: Documents to be obtained from various types of

customers / Account Holders 33

Appendix - B: Examples of Suspicious Transactions 39

Appendix - C: Customer Due Diligence (Individual / Salaried) 46

Appendix - D: Customer Due Diligence (Corporate Retail) 47

Appendix - E: Customer Risk Profiling (CRP) Form 49

Appendix - F: Enhanced Due Diligence 51

Appendix - G: Customer Transaction Profile 53

Appendix - H: Reporting Format of Suspicious Transaction 54

Appendix - I: Reporting Format of Currency Transaction 58Appendix - J: Customer Level Information 61

Appendix - K: Acronyms 65

Appendix - L: Details of Walk-in / Online Cash Depositors 66

Appendix - M: Common Type of Typologies 67

Appendix - N: List of High Risk Jurisdictions 70


5/75


6/75

P a g e|1

Introduction


7/75

P a g e|2

Preface

As a part of SBP ongoing efforts to promote the culture of awareness relating to Anti Money Laundering and Anti-

Terrorist Financing legal and regulatory framework, the State Bank of Pakistan revised the regulations M-1 to M-5 of

Prudential Regulations on Corporate/ Commercial Banking with AML/CFT Regulations, w.e.f. October 31, 2012 which

are further amended vide BPRD Circular Letter No. 22 of 2013 dated August 19, 2013 and implementation deadline was

extended till September 30, 2013 for review of banks internal Policies/Procedures & Compliance Programs. Revised

Regulations inter alia call for special vigilance on various types of accounts including Politically Exposed Persons. Access

to beneficial ownership of natural and legal person would be clearly established. Movement of funds to high risk countries

would be closely monitored. Risk assessment of every customer by adopting risk based approach has been stressed upon.

Adoption of effective Know Your Customer Standards and Anti Money Laundering Measures is an essential part of risk

management practices. The KASB Bank demonstrates its full commitment and support to high standards of Compliance

with the Anti-Money Laundering/Combating Financing on Terrorism requirements by implementing robust and

comprehensive policy, procedures and systems for the prevention and detection of Money Laundering / Terrorist

Financing activities and maintain the highest possible standards of due diligence and AML procedures.

It is therefore, obligatory for each associate to desist from accepting assets that they know, or are expected to know, are

proceeds of criminal activities. The proceeds of criminal activities may include any asset obtained through corruption,

embezzlement of public funds, abuse of an official function, or dishonest dealings by a public officer. Likewise,

inward/outward remittances making economic sense and having bona fide remitter/ beneficiary are to pass through the

bank.

SBP policy focus is on stringent transactional monitoring with zero tolerance for any suspicious transaction. Strict

monitoring is to be exercised at the very outset of undertaking customer relationship and executing any business

transaction at branches and segments. CDD / EDD will constitute foundation of the risk identification process.

Key measures undertaken in AML / CFT Regulations include having in place the following:

Customer Due Diligence measures which encompasses the importance of ascertaining new customer acceptance

policy, Customer Identity, ongoing monitoring and establishing the ultimate economic beneficiary.

Exceptions to use personal accounts for business purpose.

Ongoing monitoring of transactions through virtual monitoring system to detect suspicious transaction.

FMU guidelines to identify and report suspicious transaction.

Timely submission of Currency transaction report

Classification of Accounts as High / Medium / Low Risk categories by adopting risk based approach. Further strengthen the process to relate transaction with customer transaction profile, identification of customer

source of earning and status of customer.

List of Jurisdictions stated by FATF as High Risk.

Monitoring of wire transfers / fund transfers

Record Retention guidelines

Regular AML / CFT communication and training program through various channels to raise staff awareness at all

levels within Bank.

Revised AML / CFT booklet attempts to offer comprehensive commentary on each related area including the procedures

and safe guards to be adopted at source. Examples of potential transactions that pose suspicion have been cited for

guidance of branches/segments.

Hope that the revised version of AML/ CFT Booklet will help branches and respective segments to conduct business

activities smoothly with strict adherence to regulatory and other mandatory requirements relating to AML/CFT/ KYC.

Bilal Mustafa

President/CEO

September 20, 2013


8/75

P a g e|3

Purpose and Scope

This Policy based on the provisions of Anti Money Laundering (AML) Act, 2010; Anti Money Laundering (AML)

Regulations, 2008 and revised AML/CFT Regulations videBPRD Circular No. 02 of 2012, shall apply to monitor

each transaction individually and in the overall perspective of Customer Transactions Profile (CTP) by all branches/

sub branches and segments like Consumer, corporate and WSB etc. Compliance at source will be mandatory by all

employees of KASB Bank Limited. CTP will be monitored by the Branches as an ongoing process to ensure thattransactional behavior is in accordance with KYC disclosures at the time of account opening and subsequent update.

Relationships shall be discontinued with customers or counterparties including banks whose conduct pose concern

of involvement with illegal activities. Such termination of relationship shall immediately be reported through STR to

Compliance Division for further action as per prescribed procedure.

This Policy and the related laws/regulations shall be complied with comprehensively by all employees of KASB

Bank Limited as a job requirement whether at a Branch/sub branch and segment. All accounts of Politically Exposed

Persons (PEP) will be opened with the prior permission of the senior management. No waiver, modification or

exception of any requirement or provision of this Policy shall be permitted.

The Chief of Compliance at Principal Office; Karachi shall be responsible to keep the Policy update and

aligned with any change occurring in the local as well as international laws, regulations, guidelines and policies.

Money Laundering (ML)

ML, loosely defined, is the transactional processing or moving of illicitly gained funds (such as currency, cheques,

electronic transfers or similar equivalents) towards disguising its source, nature, ownership or intended destination

and/or beneficiaries. The desired outcome of this process is clean money that can be legally accessed or

distributed via legitimate financial channels and credible institutions.

ML scams abound, yet they all have a single goal in common i.e. to create the illusion that illicitly generated funds

have a legal source. As such, the challenge for Anti Money Laundering (AML) legislation is to cover loopholes as

quickly and effectively as possible.

General Methods and Stages of ML

ML methods and techniques continue to vary from country to country and time to time. The ML process aims to

camouflage illegal funds or financial assets which can range from purchase and resale of a high value or luxury

items by passing it through multiple accounts and shell companies towards either totally obscuring the original

source, or towards associating the funds or assets with a source that looks legal. If the ML process is successful, the

launderer gains funds that look legitimate, and can be moved around with ease. The proceeds usually take the form

of cash which needs to enter the financial system by some means.

Despite the variety of methods employed, the laundering process is accomplished in three stages that may comprise

numerous transactions.

The three stages can be summarized as follows:

Placement:physical disposal of cash proceeds derived from illegal activity; The aims is to remove the cashfrom the location of acquisition so as to avoid detection from the authorities and to then transform it into other

asset forms; for example: travelers cheques, postal orders, etc.


9/75

P a g e|4

Layering:separating illicit proceeds from their source for concealment or disguise of the source of the ownership of

the funds by creatingby creating complex layers of financial transactions designed to disguise the audit trail and

provide anonymity; and

Integration:attempt to legitimize wealth derived from illegal or criminal activity. It is this stage at which the

money is integrated into the legitimate economic and financial system and is assimilated with all other assets in

the system. Integration of the "cleaned" money into the economy is accomplished by the launderer making it

appear to have been legally earned. By this stage, it is exceedingly difficult to distinguish legal and illegal

wealth. If the layering process succeeds, integration schemes place the laundered proceeds back into the

economy in such a way that they re-enter the financial system appearing abnormal business funds.

The three stages discussed above may occur separate and distinct or simultaneously or may overlap each other.

How the stages are used depend on the available laundering mechanisms and the requirement of the money

launderers.

Vulnerability of Financial Institutions to Money Laundering

Certain points of vulnerability have been identified in the laundering process which the money launderers find

difficult to avoid and the activities are more susceptible to being recognized, namely:

Entry of cash into the financial system

Cross-border flow of cash

Transfers within and from the financial system

Efforts to combat ML largely focus on those points in the process where the launderer's activities are more

susceptible to recognition and have, therefore, to a large extent concentrated on the deposit taking procedures of

financial institutions i.e. the placement stage. Equally, however, it is emphasized that there are also many crimes

where cash is not involved.

The most common form of ML that financial institutions encounter on a day to day basis, in respect of their

mainstream business, takes the form of cash transactions, which is deposited in the financial system or exchanged

for value. Electronic funds transfer systems increase the vulnerability by enabling the cash deposits to be switched

rapidly between accounts in different names and different jurisdictions. Additionally, financial institutions arevulnerable to being used in the layering and integration stages as loan and finance facilities may be used as a part of

the process to create layers of transactions.

Compliance Obligation

The compliance of AML rules, regulations and regulatory framework is obligatory in the context of the following

three vital perspectives:

Legal and Regulatory:

Comply with the laws and regulations to avoid any legal consequence and imposition of penalties.

Reputation:

Saving the reputation, prestige and honor of the bank, in-case any involvement is revealed in recycling the proceeds

of crime that would call into question reputation, integrity and if fraud is involved, solvency of the bank.

Ethical:

Preserve ethical values, standards, code of the Bank /group by taking part in the fight against crime to discourage the

criminals.

Financial:

Any fake or fraudulent transaction may cause financial loss to Bank.


10/75

P a g e|5

Risk Aversion Measures and Awareness

CDD/KYC requires special attention and concrete implementation to mitigate/forestall AML and TF Risks. It is

mandatory for KASB Bank to create awareness that it is binding on each associate because:

It is an offence to assist anyone whom you know or suspect to be laundering money generated by any crime or

illegal activity. This may inter alia include support for opening a bank account, accepting deposits, making

transfers/payments, advancing loan/finance, issuing/accepting letters of credit/bank guarantees etc.; withoutdetermining bona fide of account holder or transactional activity.

If one knows or suspects that a transaction or instruction is related to any crime, he/she must refer it to his

immediate line manager for scrutiny and reporting Compliance Division.

If CTP mismatch with KYC or a suspicion of money laundering is sensed, it is mandatory to bring it to light

even if the concerned associate is not handling the transaction or instruction or funds in question. Any

negligence on this account will constitute committing connivance in commission of a criminal offence.

Financial Action Task Force (FATF) on Money Laundering

The FATF is an inter-governmental body whose purpose is to set standards and promote effective implementation of

legal, regulatory and operational measures for combating money laundering, terrorist financing and other related

threats to the integrity of the national and international financial system. The FATF is therefore a 'policy-making

body' created in 1989 that works to generate the necessary political will to bring about legislative and regulatoryreforms in these areas.

FATF is a multi-disciplinary body that brings together the policy-making power of legal, financial and law

enforcement experts from its member states. It monitors members progress in implementing AML measures;

reviews and reports on laundering trends, techniques and counter-measures; and promotes the adoption and

implementation of AML standards globally. FATF has issued 40 + 9 recommendations that are recognized as the

international standard for combating of money laundering and the financing of terrorism and proliferation of

weapons of mass destruction these recommendations are already incorporated in this policy. For further details visit

www.fatf-gafi.org

Asia/Pacific Group (APG)

The Asia Pacific Group on Money Laundering (APG) is an international organization consisting of 41 member

countries/jurisdictions and a number of international and regional observers including the United Nations, IMF andWorld Bank. The APG is closely affiliated with the FATF. All APG members including Pakistan have committed

to effectively implement the FATF's international standards for AML and combating TF referred to as the 40+9

Recommendations. Part of this commitment includes implementing measures against terrorists listed by the United

Nations in the "1267 Committee Consolidated List":

APG Key Role

Assess APG members' compliance with the global AML/CFT standards through a robust mutual evaluations;

Coordinate technical assistance and training with donor agencies and APG jurisdictions to improve compliance

with the AML/CFT standards;

Co-operate with the international AML/CFT network;

Conduct research into ML and TF methods, trends, risks and vulnerabilities to update APG members of

systemic and other associated risks and vulnerabilities

Contribute to the global AML/CFT policy development by active Associate Membership of FATF. For further

details refer to www.Apgml.org

Office of Foreign Assets Control (OFAC)

OFAC is an agency of USA department of treasury. OFAC administers and enforces economic and trade sanctions

based on U.S. foreign policy and national security goals against targeted foreign states, organizations and

individuals. Specially Designated Nationals (SDN) List is a publication of OFAC which lists individuals and


11/75

P a g e|6

organizations with which US citizens and permanent residents are prohibited from doing business for further

knowledge refer to www.treas.gov/ofac

United Nations (Security Council) Resolutions

As empowered under United Nations (Security Council) Act, 1948; United Nation established the Al- Qaida and

Taliban Sanctions Committee to apply travel restrictions, arms embargo and to freeze the funds and other financial

resources of certain individuals and entities. Such sanctions are notified by the Ministry of Foreign Affairs, GOPthrough Gazette notifications and conveyed to financial institutions through SBP to identify report and freeze such

accounts. Branches provide information to submit compliance report to SBP as directed from time to time.

Legal and Regulatory framework in Pakistan

Legal and Regulatory framework in Pakistan comprises of the following:

Federal Investigation Agency ACT 1974

Anti-Narcotic Act 1997

Control of Narcotics Substances Act 1997

Anti-Terrorism Act -1997

NAB Ordinance, 1999

AML Ordinance, 2007AML Regulations, 2008

AML Act, 2010

AML / CFT Regulations SBP, 2012

Prevention and Control of Human Trafficking Ord. 2002

Foreign Exchange Regulations

SBP directives issued from time to time


12/75

P a g e|7



13/75

P a g e|8

Business Initiation Stage

New Customer Acquisition Policy

It is a statutory obligation to reasonably know all those for whom the Bank undertake transactions and also

understand the nature of business and each transaction that is being conducted. This applies to every type of account

regardless of who the customer is and the personal status of the customer.

New customer acquisition and approval process shall perform the requisite degree of due diligence as spelled out in

the regulatory framework on the subject in order to sufficiently assess that the customer's wealth is derived from

legitimate sources, that the uses to which the customer intends to put the account are legitimate and that the quality

of the customer's reputation and dealings are of a satisfactory standard.

All customer relationships shall be documented on the AOF and KYC and no new account shall be opened without

clearance of Centralized Account Opening (CAO) Unit of Operations Division.

Name of all new customers are to be filtered through the World-Check screening software before account opening to

check and ensure that the customer in not a proscribed person / entity and also to assist in categorizing risk rating of

the customer in case the customer is PEP or belongs to a country having higher than normal risk rating.

The CDD / KYC Form shall be reviewed and approved by the BM/OM or Authorized Person in case of Segments

on before entering in formal relationship.

The information and documents required for opening each type of account shall be completed in all respects and

kept up to date.


Customer is defined as any individual, company or a legal entity that has a relationship or initiates a relationship

with KASB Bank Limited for products and services offered through conventional modes of banking or electronic /

internet banking.

CDD is one of the best defenses a Financial Institution can take to guard against the threats of ML and other

financial crimes. It is also termed as KYC and begins at the stage of account opening and collecting all possible

information to determine the nature of his business and the level of AML risk that the new customer poses. KYC

should be properly filled in to provide adequate information for making an accurate evaluation of who customer is

and what to expect from them. It should be risk based and in accordance with banks AML/CFT policy, to convey

that the dealing branch/segment properly understands the connection between customers identification and ability

to efficiently monitor for suspicious activity.

Customer Due Diligence is a continuous and integrated procedure of determining the true identity and source of

funds during the course of customers dealing with the bank and the beneficial ownership of their wealth. It is the

igniting stage in the sustaining fight against ML.

CDD measures must be carefully invoked when:

Establishing business relationship. Dealing with occasional / Walk-In Customer:

i) Obtain copy of CNIC while conducting cash transactions above rupees 0.5 million; and

ii)

Obtain copy of CNIC while issuing remittance instruments e.g. POs, DDs and MTs etc.

Obtain copy of CNIC (regardless of threshold) while conducting online transactions by occasional

customers/walk-in-customers (except deposits through Cash Deposit Machines or cash


14/75

P a g e|9

collection/management services). If transaction exceeds Rs. 100,000 the name and CNIC No. shall be

captured in system and made accessible along with transaction details at beneficiarys branch.

Carrying out occasional wire transfers (domestic / cross border) regardless of threshold.

There is a suspicion of ML/TF; and

There is a doubt about the veracity or adequacy of available identification data on the customer. At least the

following CDD measures are to be taken:-

Should not open and maintain anonymous accounts or accounts in the name of fictitious persons ornumbered accounts.

All reasonable efforts shall be made to determine identity of every prospective customer by obtaining the

minimum set of documents as prescribed in Appendix - A

In case of joint accounts, CDD measures on all of the joint account holders shall be performed as if each of

them were individual customers of the bank.

Identify and verify the identities of beneficial ownership of accounts/ transactions

Determine whether the customer is acting on behalf of another person, and should then take reasonable

steps to obtain sufficient identification data to verify the identity of that other person.

Where one or more natural persons are acting on behalf of a customer or where customer is legal person,

bank shall identify the natural persons who act on behalf of the customer and verify the identity of such

persons.

For customers that are legal persons or for legal arrangements, take reasonable measures to

Understand the ownership and control structure of the customer

Determine that the natural persons who ultimately own or control the customer. This includes

those persons who exercise ultimate effective control over a legal person or arrangement.

Government accounts shall not be opened in the personal names of the government official(s). Government

account which is to be operated by an officer of the Federal/Provincial/Local Government in his/her official

capacity, shall be opened only on production of a special resolution/authority from the concerned

administrative department duly endorsed by the Ministry of Finance or Finance Department of the

concerned Government. However, in case of autonomous entities and Armed Forces including their allied

offices, account can be opened on the basis of special resolution/authority from the concerned

administrative department or highest executive committee/management committee of that entity duly

endorsed by their respective unit of finance. Rules, regulations or procedures prescribed in the Governing

laws of such entities relating to opening and maintaining of their bank accounts shall also be taken intoaccount.

Guiding principles

The guiding principles mentioned below are common practices followed by prudent bankers world-wide in the

context of CDD and governing all dealings both with existing customers as well as prospective customers:-

Deal with reputable persons with legitimate businesses

Establish legitimate source of income and wealth

Ensure transaction flow is proportionate to their income and serves purpose of known business dealings

Determine and record the identity and background of all customers

Regularly monitor relationship and transactions to identify unusual or suspicious Activity

Keep CDD / KYC form updated

In case of inconsistency take appropriate action

Having sufficient information about customers and making effective use of that information is the most effective

weapon used against ML/TF attempts. In addition to minimizing the risk of being used for illicit activities, the

information provides protection against any fraud attempt and enables suspicious activity to be recognized. It also

protects from reputation, financial and legal risks.


15/75

P a g e |10

CDD / KYC is not a onetime exercise to be conducted at the time of entering into a formal relationship with

customer / account holder. This is an on-going process for prudent banking practices. SBP, during the course of

inspection would particularly check the efficacy of CDD / KYC policies and system of the bank and its compliance

by all the branches / segments and the associates. SBP is also empowered to impose penalties, cancel commercial

banking license and order winding up of a bank in case the bank is massively non-compliant with relevant laws and

SBP regulations.

In case banks is not able to satisfactorily complete required CDD measures, account shall not be opened or any

service provided and consideration shall be given if the circumstances are suspicious so as to warrant the filing of an

STR. If CDD of an existing customer is found unsatisfactory, the relationship should be treated as high risk and

reporting of suspicious transaction be considered as per law and circumstances of the case.

Beneficial Owner

As per AML/CFT Regulations, Beneficial owner in relation to a customer of a bank means the natural person(s)

who ultimately own(s) or controls a customer or the person on whose behalf a transaction is being conducted and

includes the person(s) who exercise(s) ultimate effective control over a person or a body of persons whether

incorporated or not whereas beneficiary means the person to whom or for whose benefit the funds are sent or

deposited in bank. Placing the emphasis on this person is a necessary step in determining what the source of fund is.

To determine Beneficial Owner the following guidelines have been prescribed vide AML Regulations 2008:

a) Obtain a declaration setting forth the identity of the beneficial owner. Such declaration is to be kept on

record in an appropriate manner.

b) Ensure that the contracting partner is also the beneficial owner of the assets/funds placed.

c) In case of beneficial owner(s) in relation to a customer, reasonable measures shall be taken to obtain

information to identify and verify the identities of the beneficial owner(s).

d) If the contracting party states that the beneficial owner is a third party, complete data (name, address, date

of birth, nationality, country of domicile, etc.) of the beneficial owner should be obtained by the Bank.

e) In case of legal persons complete data, as mentioned in point (d) above, of the authorized attorneys shall be

obtained. Take reasonable measures to understand the ownership and control structure of the customer for

obtaining information as to the purpose and intended nature of business relations and determine that the

natural persons who ultimately own or control the customer.f) If serious doubts persist about the accuracy of the contracting partners written declaration and cannot be

dispelled through further clarification, the bank shall refuse to enter in a business relationship or to execute

the transaction.

g) The holder of a joint account or a joint securities account is required to provide to the bank a full list of

beneficial owners, pursuant to point (c) above, and to inform the bank of any changes without delay.

Beneficial Ownership is conventionally used in Anti Money Laundering context and it could be viewed at two

stages. Firstly it will be done at the time of customer acceptance policy and secondly at the time of transaction

review.

The identity of the beneficial owner will be reviewed by the Relationship Manager by asking whether such person is

acting on his own behalf and the person respond in affirmative then this person is beneficial owner. If there is doubt

arise in prospective clients explanation as to source of his/her funds does not make sense, further due diligencewould be appropriate.

Moreover after the account has been opened, subsequent activity in the account may become inconsistent with the

originally anticipated account activity, the most famous example to this context is that customer is house wife and in

her account transactions were taken place, clearly inconsistent with the CDD of prospective customer and source of

funds were mentioned as savings from husbands business and transactions were quite in the context of the business

then it clearly mentioned as husband is the beneficial owner of the prospective customers account.


16/75

P a g e |11

Some of the examples of beneficial owners are mentioned below:

In corporate context, the beneficial owner of a non-listed company is any one that ultimately owns or controls

(including indirectly) more than 25 % of the shares or voting rights of the company, or who otherwise exercise

control over its management.

XYZ (Private) Limited is the prospective customer of the bank and it is the subsidiary of NYK Limited so NYK

hold the control over the business of the subsidiary and truly called as the beneficial owner of the prospective

customer business.

Mr. X and Mr. Y is the employee of ABC limited and are the prospective customer of the bank and were engage

in sale and purchase of property on behalf of the company and in this case company is the beneficial owner of

the clients business.

Alpha is a Trust which governs the stakes of the welfare of public and Mr. A, Mr. B and Mr. C are the trustees

of the company and Mr. A is the founder member of the trust and as per trust deed Mr. A has power to appoint

and remove trustees and regulate the operation of the trust then of course Mr. A is the beneficial Owner of the

Trust.

If there are individuals who are in position to extent control over the funds held by the company (e.g., directors

or persons with power to give direction to the directors), and such individuals are not related to the apparent

provider of funds, the banker should consider why this might be so.

Always watch for the nominee directors of the holding companies because they are working on behalf of the

holding company and taking cares the benefits of the holding company because holding company is the

beneficial owner of the business.

Mr. Y is the legal advisor of Mr. M and wishes to open an Alpha Company account, Mr. Y will serve as the

representative and authorized signatory of Alpha Company, but in this case personal banker should ask the

customer about the beneficial owner of the company because in that case Mr. M is the beneficial owner of the

company.

Reduced CDD Customers

AML/CFT Regulations categorizes reduced CDD customers as follows:

Where information on the identity of the customer and the beneficial ownership is publicly available

Financial Institutions provided they are subject to requirements to combat ML and TF consistent with the FATF

recommendations and are supervised for compliance with those requirements.

Public companies that are subject to regulatory disclosure requirements and such companies are listed on a

stock exchange or similar situations.

A Non-Bank Finance Company (NBFC) regulated/ supervised by Securities and Exchange Commission of

Pakistan (SECP) unless an entity is notified for application of the requirements

Public administrations or enterprises

Government administrations or entities.

A foreign government entity.

Country identified by credible sources such as mutual evaluation or detailed assessment reports, as adequately

complying with and having effectively implemented the FATF Recommendations; and Country identified by

credible sources as having a low level of corruption, or other criminal activity.

However, enhanced CDD / KYC measures shall be applied where:

There is risk of ML or TF or when a customer resides in a country, which does not comply with FATF

recommendations.

In case of certain high risk factors are identified in internal risk assessment or as per international standards


17/75

P a g e |12

In relation to customers that are from or in jurisdictions which have been identified for inadequate AML/CFT

measures by FATF or identified by the bank itself having poor AML/CFT standards or otherwise identified by

the State Bank of Pakistan.

There are no exceptions in reporting suspicion to FMU within the provisions of AML Act.


18/75


19/75

P a g e |14

a) Relationship should be established and or maintained with approval of senior management (not below the

rank of Executive Vice President as designated by the board of a bank for the purpose of AML/CFT

regulations) including when an existing customer becomes holder of public or high profile position.

b) Monitoring of such relationships on regular basis.

c) Establish, by appropriate means, the sources of wealth or beneficial ownership of funds, as

appropriate; including Banks own assessment to this effect.

15. Senior management approval should be obtained while establishing relationship with Non-Governmental

Organizations (NGOs)/Not-for-Profit Organizations (NPOs) and Charities to ensure that these accounts are used

for legitimate purposes and the transactions are commensurate with the stated objectives and purposes.

The accounts should be opened in the name of relevant NGO/NPO as per title given in its constituent

documents of the entity. The individuals who are authorized to operate these accounts and members of their

governing body should also be subject to comprehensive CDD. Banks should ensure that these persons are not

affiliated with any proscribed entity, whether under the same name or a different name.

In case of advertisements through newspapers or any other medium, especially when bank account number is

mentioned for donations, Banks will ensure that the title of the account is the same as that of the entity soliciting

donations. In case of any difference, immediate caution should be marked on such accounts and the mattershould be considered for filing STR.

Personal accounts shall not be allowed to be used for charity purposes/collection of donations.

Customer Risk Based Approach

It is pertinent to mention here that without proper quantification of risks, it may be difficult to decide which

customer qualifies for simplified due diligence (SDD) or enhanced due diligence (EDD). A sound Customer risk

Based Approach is based on the following major elements:

Customer Risk: Identifying risk determinants, comprising of various elements like, Overall Back Ground and

Reputation, Business Interest and Practices, Business Associates, Political Affiliation, Beneficial Ownership and

Source of Fund.

Product Risk: Foreseeing risk elements resulting from customers need for financial services and appropriate

controls. Entailed in case of Private Banking Customers where the Bank is generally not aware of the fact that

customer is investing money in their institution on behalf of the main money owner whose particulars are not

disclosed to the bank.

Delivery Channels:Identifying risks associated with delivery channels like cash, wire transfers which may vary

from customer to customer depending on their needs

Business Risk: Includes various elements like, Nature of business, Location of Business, Region of Business and

Prime customers of business.

Geographical/Jurisdictional/Country Risk:Risks resulting from customer geographic presence and jurisdiction in

which the customer is operating. Relates to various elements like, Political Stability, Legal Status, Economic

Situation, Standing of Financial Service Industry, Exposure to organized crimes, money laundering and corruption

culture.

After identification and quantification of inherent risks, controls and residual risks, the decision should be taken

while establishing relationship whether to take the customer on-board, mark as high risk or refuse to accept the

customer etc.


20/75

P a g e |15

Risk Assessment:

Risk profiling of every new customer is to be done using the information obtained through CDD/KYC by the

Relationship Manager of requisite segment / Branch Managers as per the Customer Risk Profiling template given

in Annexure - E for all customer relationships categorized under AML Table.

Business should review and update customer profile

High & Medium AML/ CTF Risk Customer Quarterly

Low Risk Customers - Annually

All Commercial / Business Name Accounts - Minimum every two years Others - Minimum every three years

Approval criteria for customers falling under PEP / NGOs / NPOs / Trust & Charities category shall require

sign-off by the Designated Senior Management.

Approval criteria for customers categorized under (Money Changers, Intermediaries, Off-shore Financial

services, Journalists, Private banking customers, Customers dealing in High value items, Insurance companies)

shall require sign-off from Region Head Business.

Approval criteria for customers categorized under (Non - resident, High net worth customers with no

identifiable sources of income, Import / Export Business, property brokers, travel agencies, cash drivenbusinesses) shall require sign-off from concerned Business Head and Operations Head.

Obtain approval of senior management to commence or continue the business relationship with customers

falling under the category of High Risk.

Customer having medium risk rating shall require sign-off from concerned Business Head & Operations Head.

Self - Declaration form for customers that are classified to be under (self -employed / freelancer / landlords /

agriculturists, Fixed Income, Students / Housewives / others) shall be referred to concerned Business Head prior

to account opening for their review & approval.

During the process of Review of High/Medium/Low Risk Customers the following points should be specifically

considered:

Obtaining additional information on the customer (occupation, volume of assets, address, information available

through public database, internet etc.), intended nature of business relationship, reasons for intended orperformed transaction, source of funds or source of wealth, wherever required.

Obtaining documentary evidence to support transactions where possible

Elevating risk profile on the basis of customer business conduct and transaction profile of the customers

Customers profiles should be revised keeping in view the spirit of KYC/CDD and basis of revision shall

be documented and customers may be consulted, if necessary.

Prohibited Customers

Transaction with Non-Account Holder:

Bank business centers will not under any circumstances, accept anonymous relationships, for any purpose. One-off

Pay order favoring Government and Education bodies is permitted to walk in customers subject to due diligence, or

if explicitly permitted so under any product features.

Known Beneficiaries of Corruption or Illegal Activities:

Any individual or entity whose wealth or funding has been accumulated through corruption or activities that are

illegal will not be accepted as Bank customer.


21/75

P a g e |16

Shell Companies:

Bank shall not indulge into any business with shell companies due to the complexity of the organization and

structure, as it is difficult to determine the true owners/beneficial owners and may be subject to misuse. Some of

such companies may not exist for legitimate business and may merely be a shell or front company. Dealing with all

such companies shall be strictly prohibited.

Proscribed Individuals / Entities

Bank shall not provide any banking services to proscribed entities and persons or to those who are known for

their association with such entities and persons, whether under the proscribed name or with a different name.

The bank should monitor their relationships on a continuous basis and ensure that no such relationship

exists. If any such relationship is found, the same should be immediately reported to Financial Monitoring

Unit (FMU) and other actions shall be taken as per law.

Ongoing monitoring

All business relations with customers shall be monitored on an ongoing basis by their respective branches / segment

to ensure that the transactions are consistent with customer profile, its business and risk profile and where

appropriate, the sources of funds.

Prohibition of personal accounts for business purposes

Personal accounts shall not be used for business purposes except proprietorships, small businesses and professions

where constituent documents are not available and the Branch/related Segment is satisfied with KYC profile of the

account holder, purpose of relationship and expected turnover of the account keeping in view financial status &

nature of business of that customer.

The business transactions in personal accounts of proprietors may only be permitted by linking it with

account/business turnover. Such customers having monthly credit turnover of Rs. 5 million or above may be

required to open a separate account for business related transactions.

In order to verify the physical existence of business or self-employment status, banks may conduct physicalverification within 05 working days of the opening of account and document the results thereof on account opening

form. In case of unsatisfactory verification, bank may consider reporting it to FMU and/or may change risk profile,

as appropriate.


22/75

P a g e |17



23/75

P a g e |18


As the types of transactions that may be used by a money launderer are almost unlimited, it is difficult to define a

suspicious transaction. Suspicion is personal and subjective and falls far too short of proof based on firm evidence.

However, the suspicion must have some foundation and not just be based on mere speculation. A suspicious

transaction shall often be:

Any transaction or instruction that is not logical from an economic, financial or banking point of view

Any transaction where the amount, duration or other specific feature is inconsistent with the customer's

professional or business activities or expected account activity as per KYC.

Even "Good Customers" launder money with the financial institution unknowingly assisting them. Be cautious of

customers who are too friendly, since the key to successful ML is to conduct business at a financial institution that

doesn't ask too many questions and appears to look the other way.

Suspicion

The key to recognizing suspicious transactions is based on having enough knowledge about a customer's normal

expected transactional profile or activities to be able to recognize the abnormal/unusual and from the abnormal, what

might be suspicious.

At the start of a relationship, suspicions might arise:

If a customer refuses or is reluctant to provide information or documents

If the time taken to provide information or documents proves to be unusually long

If the information provided does not make sense when assessed in respect of nature of the relationship

Examples

Examples of what might constitute a suspicious transaction are attached as Appendix - B. The examples mentioned

in Appendix - Bare not meant to indicate that all such activities would be indicative of ML, they are meant to be

used as indicators which, given your knowledge of the customer, their normal account and business activities and

the sector in which they operate might assist in recognizing suspicious transactions. Identification of any of the types

of transactions listed or any other circumstances that are unusual for that customer should prompt enquiry.

Suspicious & Currency Transactions Monitoring

Designated Officers in branches should conduct regular monitoring of Large Transactions (Rs.0.5M and above)

daily generated on their Branch Folders and Occasional transactions 0.5 Million and above, showing unusual

behavior in a particular account on the basis of data generated by IT system.

Additionally, transactions are monitored through installed SAS-AML Solutions software at Compliance Division on

the basis of pre-defined parameters/thresholds for analysis to check transaction pattern and to ensure that the

transactions are in accordance with customer profile available in Banks record and possible reporting of

suspicious transactions. Individual large transactions and transactions structured to avoid CTR reporting are

identified and monitored for the purpose of regulatory requirement of reporting CTRs and to track any suspicious

transaction executed by the customer.

Management of alertsLarge Transaction Monitoring Unit of Compliance Department should review all alerts generated on predefined

thresholds from SAS/AML Software in the following manner:

i) Alerts to be checked with Customer profile in the System.

ii) In case of mismatch, report to concerned branch under copy to Compliance Chief in context of investigation on

mismatched transaction.


24/75

P a g e |19

iii) Reply of branch should be reviewed and;

a) If satisfactory then customer profile should be updated and the alert may be closed.

b) If not satisfactory then the background & purpose of such transaction shall be examined and findings

established in writing for availability to assist the relevant authorities in inspection & investigations.

iv) The transactions / wire transfers, which are out of character or are inconsistent with the history, pattern, or

normal operation of the account including through heavy deposits, withdrawals and transfers, shall be viewed

with suspicion, be properly investigated and referred to Compliance chief for possible reporting to FMU underAML Act

v) Nothing to be disclosed to the customer that a suspicious transaction or related information is being or has been

reported to any authority, except if required by law.

All remittance transactions / wire transfers / SWIFT messages are filtered through SWIFT Sanction Screening

system to ensure that no transaction is conducted with individuals / entities / countries that falls in any negative /

proscribed sanction list.

Monitoring at Source

However, monitoring by Large Transactions Monitoring Unit of Compliance Division does not relieve Branch/

Segments officials to monitor all complex, unusual large transactions, and all unusual patterns of transactions, which

have no apparent economic or visible lawful purpose leading them to have reasonable grounds to suspect that atransaction is directly or indirectly related to the commission of a ML offence or to the commission of a terrorist

activity financing offence. The background and purpose of these transactions shall be inquired and findings shall be

documented with a view to making this information available to the relevant competent authorities when required.

Relationship with accounts wherein ML illegal activity is established should be immediately terminated after

seeking guidance / instructions from the Compliance Division.

Screening names against OFAC / UN Security Council / NAB / and other list

Bank is committed to monitor and take actions on all Sanctioned names by OFAC/UN Sanctions / NAB and other

lists. In addition, U.N. Security Council regulation makes it mandatory for all Banks to block funds and also not to

enter into any transactions with individuals or entities reported to be involved in financial crimes and money

laundering. Following procedure is applied

All customer are filtered in World-check screening system prior to account opening and if any match is found

the matter is further investigated and advise is given to CAO accordingly on the basis of findings

NAB Circulars for convicted individuals/entities, SBP S.R.O.s and letters received from Ministry of Foreign

Affairs are circulated by the Compliance Department to all concerned.

If during SAS monitoring any Alert is raised about the account holder it will be communicated to the branch /

segments to put the account on watch.

If during SWIFT monitoring any Alert is raised about the account holder, the transaction shall not be allowed to

be processed further, branch / segments would be instructed to hold the transaction and raise STR. Further

action should be taken as per law.

Branches/Segments should consolidate the UNSC/NAB/S.R.O.s circulated by Compliance from time to time

and check the names through the consolidated lists prior to opening of account

Reporting Agency

As per AML Act, 2010, and AML Regulations, 2008 (available on Banks portal), Financial Monitoring Unit

(FMU) set up at, SBP Main Building, Karachi is the only designated agency in Pakistan to which suspicious

transaction reports (STRs) and the currency transaction report (CTRs) shall be made by the Compliance Division

within 7 working days after forming suspicion / respective currency transaction.


25/75

P a g e |20

E-Banking

E-Banking related risk should be recognized, adjudged and managed in a prudent manner according to the

fundamental characteristics and challenges of e-banking Services. These Characteristics include unprecedented

speed of change related to technological and customer service innovation, the ubiquitous and global nature of open

electronic networks, the integration of e-banking applications with legacy computer systems and the increasing

dependence of bank on third parties that provide the necessary information technology.

While not creating inherently new risks, use of e-banking increases and modifies some of the traditional risks

associated with banking activities, in particular strategic, operational, legal and reputation risks, thereby influencing

the overall risk profile of banking.

Investigations of major ML cases over the last few years have shown that criminals make extensive use of electronic

payment and message system. The rapid movement of funds between the accounts in different jurisdiction increases

the complexity of investigation. In addition, investigation becomes even more difficult to pursue if the identity of the

original ordering customer is not clearly appear in such transactions.

Correspondent Banking

In addition to the CDD requirements given in this policy, sufficient information about correspondent banks should

be secured and properly understood by FI and International Division before establishing correspondent banking

relationship.

In opening correspondent banking account following measures (as deemed necessary by the Bank)shall be taken:

a) Assess the suitability of the correspondent bank by:

i) Gathering adequate information about the correspondent bank to understand the nature of correspondent

banks business including the following

Know Your Customer Policy

Correspondent Banks Management and Ownership

Major Business Activities

Geographical presence/jurisdiction (country) of correspondence

Business location Money Laundering Prevention and Detection Measures

Purpose of Account or service

Identity of Third Party that will use the correspondent banking services (Payable Through Accounts)

Condition of the bank regulation and supervision in the correspondents country.

ii) Determine the reputation of the correspondent bank, the quality of supervision over the respondent bank,

including where possible whether it has been the subject of money laundering or financing of terrorism

investigation or regulatory action; and

iii) Assess the correspondent Bank in the context of sanctions/embargoes and advisories about risks

b) Understand and document the AML/CFT responsibilities of the correspondent bank

c)

Obtaining approval of Senior Management before establishing new correspondent banking relationship.

The Bank should ensure that business relationship with foreign banks should be establish after checking customer

acceptance and KYC policies and are sufficiently supervised by the relevant authorities.

Banks shall pay special attention when establishing or continuing correspondent relationship with banks/ financial

institutions which are located in jurisdictions that have been identified or called for by FATF for inadequate and

poor AML/CFT standards in the fight against money laundering and financing of terrorism.


26/75

P a g e |21

The bank should ensure not to establish or continue correspondent banking relations with a shell bank and that the

correspondent bank do not allow their accounts to be used by shell bank.

Where the cross-border banking services involve a payable-through account, the correspondent bank shall be

satisfied that:

(a)

the respondent bank has performed appropriate CDD measures at least equivalent to those specified inRegulation a) on the third party having direct access to the payable-through account; and

(b) the respondent bank is able to perform ongoing monitoring of its business relations with that third party and is

willing and able to provide customer identification information to the correspondent bank upon request.

In case where a Pakistani bank is availing correspondent banking services from a bank/financial institution abroad, the CDD

measures specified above should be applied, as considered necessary to mitigate ML/TF risks.

STRs Reporting

Suspicious Activity is a difficult concept to define, because it can vary from one transaction to another based upon

on all the circumstances surrounding the transaction or group transactions. For example, transactions by one

customer may be normal, because of your knowledge of that customer, while similar transactions, by another

customer, may be suspicious. Many factors are involved in determining whether transactions are suspicious,including the amount, the location of business, comments made by your customer, the customers behavior, etc. That

is why it is important to detect suspicious activity and structured transactions after in depth analysis and undertaking

reason to establish that:

1. Involve funds derived from illegal activity or is intended to hide funds derived from illegal activity;

2. Is structured to avoid recordkeeping or reporting requirements;

3. Has no business or apparent lawful purpose; or

4. Facilitates criminal activity.

Any suspicious transaction (STR) effected or attempted by, at or through financial institution if the financial

institution knows, suspects, or has reasons to suspect that the transaction (or a pattern of transactions of which the

transaction is a part) involves funds derived from illegal activities or is intended or effected in order to hide or

disguise proceeds of crimes or is designated to evade any requirements of section 7 of the AML Act 2010, or has noapparent lawful purpose after examining the available facts, including the back ground and possible purpose of the

transaction shall be reported immediately as per Appendix - H to the Chief of Compliance. The record will be

thoroughly scrutinized and if the suspicion is found to be well substantiated, the matter will be reported to Financial

Monitoring Unit (FMU) in consultation with President / CEO.

The STR, including attempted transactions shall be reported (regardless of the amount) immediately but not later

than seven working days after forming that suspicion in respect of a particular transaction, irrespective of the fact

that the transaction was followed through or not.

CTRs Reporting

When a financial institution under takes a cash based transaction involving payment, receipt, or transfer of an

amount exceeding the minimum threshold as specified by the National Executive Committee (NEC), hereinafter

referred to as the NEC, the financial institution shall file a report of such transaction (CTR) through Compliance

Department on prescribed format Appendix - I immediately but not later than seven working days, after the

respective currency transaction for onward submission to FMU.

The NEC has declared the threshold of above Rs. 2.5 million for CTRs reporting by Banks as per requirement of

AML Act.


27/75

P a g e |22

The NEC may exempt a financial institution from the reporting requirements with respect to transactions between

financial institutions and the following categories of entities, namely:-

a) A department or agency of the Federal Government or a Provincial Government or any autonomous body

under the Federal Government or Provincial Government.

b) Any business or category of business the reports on which entail little or no risk concerning ML and TF.

Freezing of property by DG, FMU

Where a financial institution knows, suspects or has reasons to suspect that any property or account is involved

in ML or TF and needs immediate attention or action on the part of FMU as to the freezing of such property or

account, the concerned financial institution as the case may be, shall immediately inform the Director General

of such property or account along with the grounds that warrant immediate action.

The Director General FMU may, if there appear to be reasonable grounds to believe that any property or

account is involved in ML or TF, order freezing of such property of account for maximum period of fifteen

days, in any manner that he may deem fit in the circumstances.

Disclosure and provision of reported information & immunity to Bank Officials

AML Act, 2010 & AML Regulations, 08 explicitly provides as follows:

Prohibition

The financial institution and their officers strictly prohibited to disclose directly or indirectly the fact to the

customer or notifying any person involved in the transaction or any other quarter that a suspicious transaction or

related information is being or has been reported to any authority, except if required by law.

Immunity

Any financial institution or officer which makes a disclosure pursuant to the Ordinance and these regulations

shall not be subject to any civil, criminal or disciplinary proceedings under any law or regulation or under any

contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or any

failure to provided notice of such disclosure to the person who is the subject of such disclosure or any other

person identified in the disclosure.

Disclosure to FMU

The financial institutions must provide all documentation supporting the filing of a STR or any other related

information upon demand by FMU. When asked to provide supporting documentation or any information,

financial institution should take special care to verify that the person asking for information is, in fact, an

authorized representative of FMU.


28/75


29/75

P a g e |24

Customer Transaction Profile and Relationship Review

The foundation of any monitoring procedure lies in the initial collection of CDD / KYC information and the

ongoing updating of that information. The nature value and volume of business expected to be undertaken, shall be

recorded at the start of the relationship and regularly updated enabling to judge whether transactions are in line

with the KYC profile of the customer or whether unusual transaction suspects any cause for concern that criminal

money may be involved.

The initial period of any new customer relationship warrants close monitoring at the business location to determine

possibility to any suspicious transaction Activity and transaction review shall include both scrutiny at the point

of transaction and historic review. Particular attention must be paid to cash, high volume accounts, third- party

transfers, outward /inward remittances both domestic and international, collections both clean and documentary

and unexpected prepayment of advances.

To ensure that customers remain in good standing, on observance of sudden CTP variation with KYC disclosures,

large occasional transaction (s), high volume of unusual cash transactions, change in customers business

nature/behavior, indifferent pattern of remittances and account activity; immediate review and update of customer

KYC as per Appendix - G would be essential. Wherever necessary, inquiries shall be made to obtain a

clarification from the respective customer for unusual large transaction volumes or other inconsistent patterns.

Besides periodical review of customers relationship profile will be undertaken as an ongoing process and shall be

properly documented. The review shall include updating of customer data. This shall provide a current assessment of

the relationship, thus enabling to assess the potential nature of the customers activities and determine that overall

account activity is commensurate with the information known and recorded.

All associates shall have a responsibility to be vigilant throughout the course of carrying out their duties and to

report any activity they may observe or become aware of, in dealing with the customer, they deemed to be

potentially suspicious or in consistent with expected activity or business.

Whenever any unusual trends in turnover volume patterns or holding are observed, the same shall reported to BMs/

OMs, who shall undertake a critical review of account activity and its worthiness for reporting as STR/ CTR through

Chief of Compliance.

Process to relate customer transaction profile

Before opening an account due diligence is required to be performed on all prospective clients. This process should be

completed by fulfilling the documentation requirements and also a Know Your Customer (KYC) profile which

is used inter alia to record a clients source of funds, expected transaction activity and other related information

at its most basic level.

Once the due diligence / enhanced due diligence process is completed and the client relationship is established,

Branch should monitor the conduct of the relationship / account to ensure that it is consistent with the nature of

business stated when the relationship / account opened. Branch do this firstly by their officer being diligent and

includes visiting customer / place of business where appropriate; to know whether the business premises are self-

owned or rented, the type of clients visited, commercial environment, mode of payment (cheque or cash) / receiptgenerally resorted to the client. The Officer will record his observations and sign the KYC Profile form and submit to

BM / Segment Head for review and signoff.

Updating the clients KYC profile for any significant change in their lifestyle (e.g., change of employment status,

nature of business, transactional activity and consequential increase in net worth); monitoring the transaction

activity and pattern over the clients account regularly is critical to identify any unusual or suspicious transaction in a

timely manner and reporting any suspicious transaction as per prescribed process.


30/75

P a g e |25

General Requirements Applicable on All relationship

At a minimum, all businesses must adhere to the following customer acceptance policies when opening new accounts or

establishing any relationships:

Business associates of relevant segments should only accept customers whose identity can be established.

Business associates of relevant segments should make a concerted effort to determine the true identity of all

customers and to identify and know the beneficial owners of all accounts. Business associates of relevant segments should only accept customers who are willing to cooperate and provide the

needed documents and information.

Business associates of relevant segments should obtain proper and valid identification documents from the

customers.

No account should be opened or transaction processed until:

1. The personal valid identity of the individual or commercial identity of legal entity opening the account has been

established and verified.

2. Identity of the beneficial owner has been established.

3. Information on the purpose and intended nature of the business relationship has been obtained.

No accounts shall be opened for non-face-to-face customers.

No account should be opened or retained if there is any evidence of the account being used for any type of

"alternative remittances," i.e. Hawala / Hundi. Any activities noted under this category should be reported as

"Suspicious Activities". All accounts opening, at the minimum, shall be subject to the Branch Manager /concerned Business Head approval

as applicable. A site visit must be made and documented for all commercial/ business purpose accounts.

Account(s) should be closed if any outstanding identity verifications cannot be resolved.

Personal accounts should not be used for business purposes except proprietorships, small businesses and professions

where constituent documents are not available and the banks is satisfied with KYC profile of the account holder,

purpose of relationship and expected turnover of the account keeping in view financial status & nature of business

of that customer

Customer Identification & Transaction Profiling Procedures

The branch where a customer has his primary account should be responsible for carrying out customer acceptance

requirements even though the customers may choose other branches of the bank to process their transactions. The staff

obtaining the identification documents must compare them with original documents to ensure their conformity and

authenticity and must stamp with the Bank Stamp "Original Seen" as and when received the documents.

Customer transaction profile should be prepared to capture the number of transactions expected to be used by a

customer, and the value of transactions for an average month, for each product and service. All efforts should be made to

establish the source of funds to the bank's satisfaction and the customer and transaction profiling methodology to assist in

establishing the source of funds.

A. KYC Profiling:

Obtaining and document the customers basic background information.

Try to use this information to evaluate the correctness and rationality of the customers transaction activity.

Determine the source of the customers funds.

The customers expected transaction trends (monthly or annually),

The source of wealth and

Net income Mode of transaction

B. KYC Profile periodic update:

Regular reviews of transaction activity and large transactions reports;

Print and News Media, financial statements, brochures, industry activities relating to the customer;

Periodical discussions with the client relating to their business activities including future plan.


31/75


32/75

P a g e |27

S.No.

AccountCategory

Basic DocumentationProcess to identifysource of earning

Process to verify statusof customer

Societies,

Trust and

Associations

etc.

Policy Appendix - A Sr.

No. 6

entity is established; Members /

Office Bearers; in case of

foreign remittances highlight

amount of remittance and

country.

11.

High Net

worth

Customers

AML & CDD / KYC

Policy Appendix - A Sr.

No. 1

Customers residence or place

of business, Sources of funds

and sources of wealth; Proof of

income / evidence of service

from employer; Current

Investment, Size of Investment,

Estimated Capital Investment;

Nature of Business; Ownership

type (Private, public);

Estimated Sales Volume;

Estimated Net Income; Length

of Business; No. of Employees;

Area of Business; Products of

Business; Area of expertise;

Past Experience.

CDD Measures for Occasional Customers/ Walk-in Customers and Online Transactions):

A walk-in customer is one who neither maintains any type of account nor holds any KYC record with the Bank. Over

the counter occasional / walk-in customers will be required to produce Original Valid CNIC / NICOP / POC / NARA

with noting original seen which will be seen and Copy of the same will be retained by the Branch before executing

the following transaction:

(i) While conducting cash transactions above rupees 0.5 million; and

(ii) While issuing remittance instruments e.g. POs, DDs and MTs etc.

Also, obtain copy of CNIC (regardless of threshold) while conducting online transactions by occasional

customers/walk-in-customers (except deposits through Cash Deposit Machines or cash collection/management

services). If transaction exceeds Rs. 100,000 the name and CNIC No. shall be captured in system and made

accessible along with transaction details at beneficiarys branch.

These transactions includes encashment of cheques, online deposit / withdrawal of cash into account, issuance of

demand draft / Payment orders or any other financial transaction, if the CNIC is expired no financial transaction will be

allowed. In case amount deposited by customer other than the accountholder, Branch should obtain satisfactory

evidence for identification of applicants on (Appendix - L) for Bank record.

Wire Transfers / Fund Transfers

The requirement stated hereunder shall apply during the course of sending or receiving funds by wire transfer except

transfer and settlement between KASB and other banks where both the banks are acting on their own behalf asoriginator and the beneficiary of the wire transfer. All remittance transaction routed through SWIFT are filtered through

SWIFT sanction screening system prior to further processing of transaction to ensure that no transaction is conducted

with individuals / entities / countries that falls in any negative / proscribed sanction list

(a) Checking Identities of Originator

Bank shall include the following information in the message or payment instruction which should accompany or

remain with the wire transfer throughout the payment chain:


33/75

P a g e |28

(i) the name of the originator;

(ii) the originators account number (or unique reference number which permits traceability of the

transaction); and

(iii) the originators address or CNIC/passport number;

(b) Responsibility of Beneficiary Institution

As a beneficiary, it should be ensured that the incoming remittance should bear the following information of the

remitter:

Name of remitter

Address of remitter with business details

Purpose of remittance

Beneficiary institution shall adopt risk-based internal policies, procedures and controls for identifying and handling in-

coming wire transfers that are not accompanied by complete originator information. The incomplete originator

information may be considered as a factor in assessing whether the transaction is suspicious and whether it merits

reporting to FMU or termination thereof is necessary. Bank shall remain cautious when entering into relationship or

transactions with institutions which do not comply with the standard requirements set out for wire transfers by limiting

or even terminating business relationship.

Note: In context of wire transfers/fund transfer, it may be noted that as per AML/CFT Regulation 3 of SBP, the

requirements may not apply to domestic fund transfer transactions through e-banking channels (e.g. ATM,

internet banking & mobile banking etc.) and RTGS provided appropriate controls are in place

(c)

Responsibility of Intermediary Institution

A bank that is an intermediary institution shall, in passing onward the message or payment instruction, maintain all the

required originator information with the wire transfer.

Home Remittance Products

The product is being used for inward transaction only, for clients using this service customer service staff should verify

the true identity of beneficiaries through identification process. Copy of CNIC from the beneficiary should be obtained

and retained by the branch. Further, RM / BM should verify from beneficiary on the purpose of amount that is being

transferred, remitter name and relation.

Where CDD Measures are Not Completed

In case bank is not able to satisfactorily complete required CDD measures, account shall not be opened or any service

provided and consideration shall be given if the circumstances are suspicious so as to warrant the filing of an STR. If

CDD of an existing customer is found unsatisfactory, the relationship should be treated as high risk and reporting of

suspicious transaction be considered as per law and circumstances of the case.

Dormant accounts

Dormant or in-operative account means the account in which no transaction has been taken place from last one year.

For customers whose accounts are dormant or in-operative, bank may allow credit entries without changing the

dormancy status of such accounts. Debit transactions/ withdrawals shall not be allowed until the account holder

requests for activation and produces attested copy of his/her CNIC, if already not availableand bank is satisfied with

CDD of the customer.

It may be noted that transactions e.g. debits under the recovery of loans and markup etc. any permissible bank

charges, government duties or levies and instruction issued under any law or from the court will not be subject to

debit or withdrawal restriction.

Dormant and inactive account shall be subjected to proper monitoring and authorization to execute any transaction

activity because of the dormant nature of the account warrants particular review or approval.


34/75

P a g e |29

Verification & authenticity of identity

While opening accounts of customers, all reasonable efforts must be made to determine the true identity of the

customer and the sources and utilizations of funds. To have a uniform procedure for CDD/ KYC Form is to be

completed by the PB / OM/ BM. For segments like Consumer and WSB; Authorized personswill incorporate

complete and fair information on this account in the BBFS.

During the course of meetings with the customer to complete the account opening formalities, they should be asked

about the type of the transactions for which the bank account would be used and any information gathered must be

recorded on the CDD / KYC Form. Any further information felt necessary and obtained during conversation with the

customer should be recorded on the CDD / KYC Form and placed on record. However, branches shall ensure that the

CNIC and the photograph are of the same person whose account is being opened with them. The particulars / CNIC of

such persons must be confirmed from NADRA in writing or through its Verisys system by the bank.

The Bank shall verify identities of the customers (natural persons) and in case of legal persons, identities of

their natural persons from relevant authorities or where necessaryusing other reliable, independent sources and

retain on record copies of all reference documents used for identification and verification. The verification shall be

the responsibility of concerned Branch / Segment for which the customer should neither be obligated nor the cost of

such verification be passed on to the customers.

In relation to above, where one or more natural persons are acting on behalf of a customer or where customer is

legal person, bank shall identify the natural persons who act on behalf of the customer and verify the identity of such

persons. Authority of such person acting on behalf of a customer shall be verified through documentary evidence

including specimen signature of person so authorized.

Verification of the identity of the customers and beneficial owners are to be completed before establishment of

business relationship including verification of Smart Card/CNIC/NICOP/POC from NADRA for customers under

these regulations.

Documentation Requirement

All reasonable efforts shall be made to determine true identity of every prospective customer. For this purpose,

minimum set of documents given at Appendix - A along with those mentioned in General Banking

Manual/Instruction Circulars, must be obtained from various types of customers/ account holder(s). While opening

bank account of proprietorships, the requirements laid down for individuals at serial No. (1) of Appendix - Ashall

apply except the requirement mentioned at No. (3) of the appendix. Extra care should be exercised in view of the

fact that constituent documents are not available in such cases to confirm existence or otherwise of the proprietorships.

MISYS Support

To meet with regulatory requirement I.T. has rolled out AIM/CIM fields/ data structure in MISYS (Appendix- I). The

main purpose is to record the requisite information and to have system generated customer KYC, AOF features and risk

rating profile as and when required.

CAO should ensure that at the time of Account opening, no field related to customer information/KYC/transaction

profile is left blank as appearing in ECI option.


35/75

P a g e |30

Allied Issues


36/75

P a g e |31

Review of Products and services

Prior to initiation of any new product or services it should be ensured by the concerned segment that consideration is

given in identifying and assessing ML/FT risks that may arise in relation to new products, services, business practices

and delivery mechanisms. Also, existing products and services are to be reviewed periodically in the light of revised

AML/CFT regulations and establish a practice to review products and services on on-going basis, specifically after any

changes in regulations.

Record Retention

Documents and records on transaction (domestic and international) including any working done in relation to those

transactions shall be retained for a minimum period of ten years from completion of the transaction. Filing and storage

shall be done in a manner suitable for speedy retrievals of every individual transaction. The transaction record may be

maintained in both hard and soft copy (like scanning or electronic form or microfilm) so as the same could be retrieved

upon, when necessary, if required by any court of law or authorized Law Enforcement Agencies for review or as an

evidence for prosecution of criminal activity admissible in a court of law.

Record related to transactions/customers/accounts involved in litigation or required by court or other competent

authority is to be retained till such time the case is settled or the bank is advised/permitted to destroy the records.

Banks shall satisfy, on timely basis, any enquiry or order from the relevant competent authorities including law

enforcement agencies and FMU for supply of information and records as per law.

Bank shall, however, retain those records for longer period where transactions, customers or accounts involve litigation

or it is required by court or other competent authority

Record of Identification data like Account opening form, identification documents, KYC Forms, verification

documents and other documents related to customer relationship along with internal correspondence and account files

shall be maintained for at least ten years after the business relationship is ended as required by applicable regulations.

The documents shall be maintained in originals or copies with banks attestation.

Training and Awareness

HR, Learning and Organizational Development Unit shall arrange periodical programs at all critical centers to impart

appropriate training on all matters pertaining to ML and TF with special emphasis on up-gradation of staff skillset for

AO, CDD, EDD and other KYC dimensions to keep banks associates updated with the latest development, ML and

FT techn

AML-CFT Policy - September 2013.pdf

Documents

Transcript of AML-CFT Policy - September 2013.pdf