National Bank of Angola. Implementation guide for a money laundering and terrorism financing prevention program

Transcription

1 National Bank of Angola Implementation guide for a money laundering and terrorism financing prevention program Document intended for financial institutions under the supervision of the National Bank of Angola 0

2 1 Introduction Purpose of the document Recipients Definition of ML and TF Other financial crimes 4 2 Legal and regulatory framework Applicable legislation and regulations Obligations of the financial institutions with regards to ML and TF 0 3 Approach to the ML and TF prevention program Risk of ML and TF Risk factors of ML and TF Identification of risk factors Analysis and review of risk factors ML and TF prevention program Policies Organic and functional model (Governance) of ML/TF prevention Training and awareness program Processes 10 4 Due Diligence Measures Identification of the client Identification of a new client Identification of an existing client Identification of the client's beneficial owner Identification of the life insurance beneficiaries Identification of the legal representatives Identification of trusts Identification by third-parties Verification Verification of natural and legal persons Document certification Proper documentation for verification Verification time Document assessment Obtaining additional information Source of funds and source of income Purpose and nature of the business relationship or the occasional transaction 21 1

3 4.3.3 Updating client information Continuous monitoring Client monitoring Transaction monitoring Nature of the monitoring Document conservation Simplified due diligence measures Enhanced due diligence measures Politically Exposed Persons Non-profit organizations Establishment of a business relationship and conducting transactions without the client on site Corresponding institutions Other high-risk situations Due diligence measures for wire transfers Specific duties of remittance services providers 29 5 Unacceptable clients 30 6 Communication with the Financial Intelligence Unit Subjective indicators Reporting suspicious transactions Reporting designated persons, groups or entities Objective indicators Reporting deadline for suspicious transactions Reporting methods for suspicious transactions Procedures for transactions with prior consent Role of the Compliance Officer Financial institution's relationship with the client 35 Annex I: List of the predicate crime categories for the crime of money laundering (listed in the glossary of the 40 Recommendations of the GAFI/FATF) 36 Annex II: Example of a risk matrix 37 Annex III: Example of a due diligence matrix 38 Annex IV: Glossary of terms 39 2

4 1 Introduction 1.1 Purpose of the document This documents aims to clarify what is expected of the financial institutions with regards to preventing money laundering (ML) and terrorism financing (TF), pursuant to the provisions of Law no. 34/11 of December 12th, and is non-binding in nature. The financial institutions have the discretionary power to implement the policies and their processes. The main objectives of this document are: To interpret the legal and regulatory requirements and provide general instructions as to their implementation; To provide general and specific examples related to various ML and TF prevention processes by implementing a risk-based approach, suited to the size and nature of the business; To help financial institutions implement the control processes required to mitigate the risk of involvement in criminal activities. 1.2 Recipients This document is intended for financial institutions under the supervision of the National Bank of Angola, pursuant to the provisions of Article 3 and 5 of Law no. 13/05 of September 30th - Financial Institutions Law, with particular emphasis on banks. 1.3 Definition of ML and TF Money laundering and terrorism financing are criminalized in Articles 60 and 64 of Law no. 34/11, of December 12th. The crime of money laundering corresponds to the process of concealing the existence, illegal origin or use of goods originating from criminal activities, in order to make these goods seem legitimate. For the purposes of money laundering, pursuant to No. 4 of Article 60 of Law no. 34/11, of December 12th, relevant criminal activities are all typical illegal acts punishable with imprisonment of at least 6 months, in accordance with the provisions of the Penal Code in effect and assorted criminal law. In accordance with the requirements established in the Recommendations of the GAFI/FATF (40 Recommendations and 9 Special Recommendations) and in the United Nations Conventions, particularly the Convention against Transnational Organized Crime (Palermo Convention), the Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (Vienna Convention) and the Convention for the Suppression of the Financing of Terrorism, there are a number of crimes whose product is more likely to be the subject of money laundering, such as drug trafficking, smuggling, fraud or extortion (in this sense, see Annex I of this document). Generally, the money laundering process consists of three distinct stages: Placement: the introduction of goods originating from criminal activity (ex. theft) in the financial system through deposits, wire transfers and other means. An example of placement could be the deposit of various cash amounts in a bank account. Layering: the execution of transactions (multiple) in order to separate the illegally-acquired goods from their source. An example of layering could be converting cash into traveler's checks, money orders, etc. Integration: the placement of illegal goods, once again, in the formal economy, in order to create the perception of legitimacy. An example of integration could be the payment of loans (fake), commissions or salaries. 3

5 Terrorism financing can be defined as the provision or collection of funds, by any means, directly or indirectly, with the intention of using such funds or with the awareness that such funds may be used, in whole or in part, to plan, prepare or perpetrate a crime of terrorist organization, terrorism or international terrorism. The biggest difference between money laundering and terrorism financing lies in the fact that money laundering always involves goods originating from illegal activity. On the other hand, funds used for terrorism financing may be legal, while the purpose for which they are used is illegal. Note that, despite the fact that the origin of the funds used for terrorism financing may be legal, the terrorist organizations continuously need to conceal the source of the funds, in order to hide the connection between the investors and the terrorist organization or the terrorist activities. 1.4 Other financial crimes The risk of money laundering and terrorism financing is directly related to the risks associated with other financial crimes, such as the insider trading, market manipulation, fraud and embezzlement (in this sense, see Annex I of this documents for other examples of financial crimes); These guidelines do not aim to detect activities related to fraud or market abuse, as autonomous crimes, but rather these crimes must be taken into account while reading this document, since they are predicate offenses for money laundering. Financial institutions may associate fraud and money laundering as part of an overall strategy to fight financial crime, given the existing procedures against fraud and market abuse. 4

6 2 Legal and regulatory framework 2.1 Applicable legislation and regulations Legislation Law no. 34/11 of December 12th, the Anti-Money Laundering and Countering Financing of Terrorism Law, which revoked Law no. 12/10, of July 9th. Presidential Decree no. 35/11, of February 15th, which established the organization and operation of the Financial Intelligence Unit Law no. 1/12, of January 12th, Law for the designation and implementation of international legal acts. Regulations Notice no. 22/12, of April 25th, intended for banks Notice no. 21/12, of April 25th, intended for non-banking financial institutions Instruction no. 02/12, of April 20th, intended for exchange offices Directive no. 01/DSI/12, of April 10th, for reporting suspicious transactions to the Financial Intelligence Unit Directive no. 03/DSI/2012, of July 24th, for reporting designated persons, groups or entities Directive no. 04/DSI/2012, of July 24th, for freezing funds and economic resources of Designated Persons, Groups or Entities 2.2 Obligations of the financial institutions with regards to ML and TF Money laundering and terrorism financing were criminalized under Law no. 34/11, of December 12th. This Law implemented new preventative measures for money laundering and terrorism financing, at the start of and during the business relationship and/or during the establishment of an occasional transaction. Therefore, the following general obligations were determined, namely: Obligation to identify and verify the client's identity and, if applicable, the identify of their representatives and beneficial owner; Obligation of due diligence, including enhanced due diligence; Obligation to refuse the establishment of a business relationship or to carry out an occasional transaction, if unable to comply with the obligations of identification and due diligence; Obligation to conserve client and transaction records, for at least 10 (ten) years; 0

7 Obligation to report information legally due to the Financial Intelligence Unit; Obligation to abstain from carrying out transactions when it appears that there is founded evidence of a particular transaction being suspected of constituting a crime; Obligation of the financial institutions to cooperate with the responsible authorities, namely supervisory authorities and government authorities. Obligation of the financial institutions to maintain confidentiality for clients and third-parties, with regards to reporting legally required information or when any party is under criminal investigation; Obligation to establish policies and processes for matters of internal control, namely risk management and auditing, as well as proper processes to ensure strict criteria for hiring employees, enabling them, at any time, to be capable of fulfilling the obligations envisaged by Law no. 34/11, of December 12th; Obligation to guarantee the proper training of its employees and management, in order to comply with the obligations established under Law no. 34/11, of December 12th, and regulations to prevent and suppress money laundering and terrorism financing. The National Bank of Angola issued Notices no. 21/12 and no. 22/12, of April 25th (hereinafter referred to as "Notices") and Instruction no. 02/12, of April 20th, which contain specific rules intended for banks and non-banking financial institutions, within the scope of preventing money laundering and terrorism financing. 3 Approach to the ML and TF prevention program Financial institutions must implement a money laundering and terrorism financing prevention program in order to identify, monitor and prevent criminal activities, pursuant to the provisions of the Anti-Money Laundering and Countering Financing of Terrorism Law - Law no. 34/11, of December 12th. The money laundering and terrorism financing prevention program uses a risk-based approach; in other words, the financial institution must identify the potentially vulnerable areas to be used for money laundering and terrorism financing. A risk-based approach must include identifying and analyzing the risks associated with money laundering and terrorism financing and, consequently, defining control procedures to be established for the different risks identified. Thus, the financial institution must identify and analyze the clients, entities, products, services and geographic locations that pose the greatest risk for ML and TF (for all lines of business). Each financial institution is responsible for defining the most suitable approach, considering their vulnerability to the listed factors. It is important to mention that, of course, a risk-based approach should not be designed so as to prevent the financial institutions from conducting business and, in and of itself, it does not guarantee that money laundering and terrorism financing will not occur or that they will be effectively detected. Finally, and regardless of the strategy adopted, the legally-established obligations must be fulfilled; in other words, financial institutions must adequately know their clients and if they are likely to be involved in criminal activities. 1

8 3.1 Risk of ML and TF Money laundering and terrorism financing determine the existence of a number of risks for financial institutions. There are areas of risk considered to be associated with money laundering and terrorism financing, such as compliance risk or reputational risk. These risks are not exclusive and are often interconnected, directly influencing each other. Effective risk management for money laundering and terrorism financing is crucial for the stability of financial institutions and the financial system. Compliance risk is the risk arising from violations or non-compliance with laws, rules, regulations, contracts, prescribed practices or ethical standards. In this sense, financial institutions are at an increased risk when they violate exiting legislation or regulations, within the scope of money laundering and terrorism financing, and are subject to sanctions, civil liability, etc. Compliance risk may impact the financial institutions' image in the eyes of the client, counterparties, shareholders, investors, supervisors and public opinion in general (reputational risk). When a financial institution does not implement effective ML/TF prevention programs, it may be associated with these types of activities and, consequently, it increases its reputational risk. 3.2 Risk factors of ML and TF In order to properly analyze the risk of ML and TF, financial institutions must identify the underlying factors of this risk. Note that there is no unique methodology, since the distinct risk levels depend on different factors that are characteristic of each financial institution, including its structure, national/international activities, products and services, customer base, etc. For example, the risks for an international financial institution with various business units are different from the inherent risks of a financial institution that only provides service in the local market Identification of risk factors According to the existing international practices 1, the following general factors can be taken into consideration: Client / Transactions; Product; Service; Distribution channel; Geographic location Client Pursuant to the provisions of No. 1 of Article 8 of Law no. 34/11, of December 12th, financial institutions must adopt a risk management system for ML and TF associated with both new and already existing clients, in order to ensure that the identification and due diligence measures are adapted to the profile of the identified risk, aimed at preventing money laundering and terrorism financing. 1 Financial Action Task Force, Guidance on the Risk Based Approach to Combating Money Laundering and Terrorist Financing, June

9 All clients (existing and potential) may be considered likely to be involved in ML and TF, however particular clients and entities may pose a greater risk due to certain characteristics, which include, among others: Nature of the client (legal status, ownership structure, etc); Nature of the client's activity; Complexity, volume and nature of the transactions (to be) carried out by the client; Origin of the client's funds; Client's history; Client's relationship with other clients (even if the latter are not involved in their business relationships with the financial institution). The following client categories may pose a greater risk of money laundering and terrorism financing: Clients whose activities are known to be associated with corruption (for example: arms dealers); Clients who are politically exposed persons; Clients with funds whose origins are difficult to determine; Clients with complex or non-transparent structures, which prevent the identification of beneficial owners; Clients whose activities are related to highly liquid businesses, such as: Activities related to payment services (for example: remittance service providers, exchange offices, agents who execute funds transfers or other businesses that handle funds transfers); Activities related to the gambling industry (for example: casinos); Dealers in high-value goods (for example: jewelry dealers, precious metals and gemstones dealers, art and antiques dealers, auction houses and real estate agents and brokers); Other businesses that generate substantial amounts of money (for example: car dealers and tourism agents). Clients who perform the following transactions: Frequent and unwarranted transfer of accounts to other financial institutions; Frequent and unwarranted transfer of funds between different financial institutions; Frequent and unwarranted transfer between different jurisdictions; Substantial and complex transactions that do not fit the client's profile; Clients who request products and services that do not comply with the financial institution's knowledge of the client, that is, that do not fit their profile. Financial institutions must be aware that the aforementioned categories may indicate involvement in activities associated with ML and TF, however, this does not necessarily mean that there is 3

10 suspicion of such activities, for example: if the transaction fits the client's profile and there is a logical business explanation for this transaction or the business relationship is legitimate. If applicable, the business relationship history should be reviewed to determine if there is a reason (commercial) for the client to acquire the product or service in question or to perform a particular transaction. If it is confirmed that there is no apparent reason for this behavior, the financial institution must consider the possibility of involvement in ML or TF, and refuse to establish any business relationship, in addition to reporting this situation to the Financial Intelligence Unit Product / Service / Distribution channel There are products and services available to clients likely to be used for money laundering or terrorism financing. For risk assessment, financial institutions must question if the characteristics of a particular product/service may be used to conduct activities related to ML and TF or any other crime, for example, the possibility of paying third-parties, the complexity and the transparency of the product or service. Taking into account that the financial institutions offer products/services with different characteristics, a standard for classifying the risk of products/services cannot be established, however, bank correspondence services, private banking services and services related to cash deposits or payments are generally considered high-risk for financial institutions. There are several examples of how a service or product distribution channel can increase the risk of a transaction because there is no face-to-face relationship with the client that allows the veracity of the information provided to be assessed, namely, when the client wants to open an account online, or when the client is not located in the same jurisdiction as the financial institution Geographic location Some countries/jurisdictions are potentially more susceptible to ML/TF than others, such as countries without proper legislation to combat these crimes. This risk factors implies that financial institutions must assess the location: Country/jurisdiction of residence of the client; Country/jurisdiction of residence of the parent company, subsidiaries and/or final beneficial owner; Country/jurisdiction where most of the business activities are performed; Country/jurisdiction where the business partners are located. The following categories, among others, may be considered by the financial institution as posing a greater risk associated with geographic location: Countries/jurisdictions subject to sanctions, embargoes or other similar measures issued by the United Nations or by similar international organizations; Country/jurisdiction subject to any type of sanction applied by the Government of Angola; Countries identified, by credible sources, as countries lacking laws, regulations and other measures against money laundering and terrorism financing; Countries identified, by credible sources, as countries that support terrorist activities; 4

11 Countries identified, by credible sources, as countries with significant levels of corruption, or other criminal activities; There are no general and independent criteria for classifying countries with regard to their susceptibility to money laundering and terrorism financing. However, financial institutions may develop their own risk-classification model for countries, using independent, credible sources, such as: Publications issued by the Financial Action Task Force (FATF); Publications issued by the United Nations; Publications issued by the World Bank; Publications issued by Transparency International (TI); Publications issued by Angolan government authorities. 5

12 3.2.2 Analysis and Review of the Risk Factors The combination of risk factors related to the customer, product, service, distribution channel and geographic location determines the global risk of a business relationship or single transaction, and hence the appropriate precautions to be taken. As a general guideline, based on completed analysis of the risk factors, the following risk levels can be defined for the customer base, product, service, channel, and geographic location: Low Normal High Unacceptable The financial institutions can formulate a risk matrix in which the various potential indicators and risk types are combined to give a final risk classification, which will be established in the financial institution policies. The risk matrix formulated by the financial institutions must be adjusted to reflect the specific indicators and risk types identified by the institution, while remaining justifiable and compatible with its risk management policy (see the sample matrix presented in Annex 1). The financial institution shall periodically re-examine the accuracy of the money laundering (ML) and terrorist financing (TF) risk factor analysis. Risk management is a dynamic process, given that the actual vulnerability of products or transactions associated with ML and TF activities also varies according to the external perception of their vulnerability. It is thus advisable to conduct a risk assessment review at least once a year, and more frequently if the financial institution is introducing new products or services, has accepted or rejected new business relationships or transactions with high-risk customers, or has undergone corporate splitting or mergers with other financial bodies or entities ML and TF Prevention Plan The financial institutions must take internal steps to mitigate and manage any identified ML and TF risk, as specified in the preceding sections, by defining and implementing a plan to be applied companywide, including, where necessary, the entire financial or economic group, supported by policies and procedures, and the relevant organic and functional model, to ensure that the risks assumed are contained at the level previously determined by the Board of Directors, and that they do not significantly influence the financial situation of the institution or group.

13 This plan must be specifically designed to cover the range of activities of the financial institutions, permitting adequate knowledge of their clients and business relations to promptly recognise the risks associated with money laundering and terrorist financing and to take the necessary measures to mitigate them. The ML and TF prevention plan shall consist of policies and processes, based on an appropriate organisational structure guaranteeing compliance with the legal requirement and regulatory provisions on the prevention of money laundering and terrorism financing, as well as the ML/TF risk parameters adopted by the financial institution. Emphasis shall be placed on at least the following key elements in any ML and TF prevention plan: Policies Organic and Functional Model Training and Awareness Programme ML and TF Prevention Measures Policies The financial institution must develop their policies, including where relevant, group policies, based upon the previously completed money laundering and terrorist financing risk assessment. The policies must determine the minimum standards of compliance with the mandatory legal requirements for global application company-wide. As specified in Notices nos. 21 and 22 of April 25, 2012, preparation of the policy definitions of a financial institution shall be the responsibility of the Anti-Money Laundering and Financing of Terrorism (AML/CFT) Compliance Officer, approved by the Board of Directors. The defined policies must be made available to all the financial institution s employees. Furthermore, a process must be implemented to guarantee the periodic review of these policies and their respective approval by the competent authority. The financial institution is required to define and formulate policies, inter alia, targeting the implementation of processes and procedures on: ML/TF prevention Economic sanctions Customer acceptance Diligence, including enhanced due diligence 1

14 Politically Exposed Persons Suspicious Transactions Reporting Record Keeping In addition, and where applicable, policies may be formulated for specific business lines to ensure compliance with their special business requirements in place of money laundering and terrorist financing prevention measures Economic Sanction Policies Economic sanctions are restrictive measures of a financial nature imposed by international organisations or countries (individually) on legal bodies, persons or entities in order to combat terrorism and maintain or restore international peace and security. Countries and international organisations maintaining lists of sanctioned persons, groups or entities notably include the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury, Her Majesty's Treasury (HMT), Common Foreign Security Policy (CFSP) for the European Union, and the Sanctions Committee, in accordance with the various relevant resolutions of the United Nations Security Council (UNSC). According to Directive 03/DSI/12 of July 24, issued by the National Bank of Angola, sanctions may be applied to "designated persons, groups or entities", as follows: By the Sanctions Committee of the United Nations pursuant to UN Security Council Resolution 1267, via the list maintained by the same Sanctions Committee, By the Sanctions Committee pursuant to UN Security Council Resolution 1988, whereby a current list is maintained of persons, groups and entities associated with the Taliban, who constitute a threat to the peace, stability and security of Afghanistan, By any other Sanctions Committee established by the United Nations or other body of the United Nations which maintains lists of persons, groups or entities associated with terrorism, including the financing of terrorism, terrorists or terrorist organisations, with a view to the application of restrictive measures of a financial nature, and By the competent national authority for the national designation and implementation of restrictive measures via a national list, as ruled by Law 1 of January 12, 2012 the Law on the Designation and Execution of International Judicial Acts, in all cases where the designated parties are persons, groups or entities associated with terrorism, including the financing of terrorism, terrorists or terrorist organisations, for the implementation of restrictive measures of a financial nature. The policy regarding the imposition of economic sanctions by the financial institution must include at least the following topics: Definition of an economic sanction Definition of 'designated person, group or entity" covering at least the above-mentioned definition, without prejudice to the freedom of the organisation to expand the scope of the definition to include other lists of persons, groups or entities designated by other countries or international organisations General principles and procedures to be applied by the financial institution, when a business involves a sanctioned legal body or when the identity of a sanctioned person, group or entity is revealed in connection with a business negotiation or transaction 2

15 Nevertheless, the financial institutions should be aware of alternative restrictive measures of a nonfinancial nature, such as commercial, diplomatic or others designed to effect change in legal bodies, persons or entities, and implemented by international organisations or countries (individually) with the direct or indirect power to influence on their activities Organic and Functional Governance Model for ML/TF Prevention The financial institution must define its agents, and their roles and responsibilities throughout the entire organisation in the context of the adoption, implementation and monitoring of the ML/TF prevention plan. Such definitions of roles and responsibilities shall include: The Board of Directors: Responsible for the prevention and detection of activities or suspected operations in money laundering and terrorist financing operations through the implementation of an internal monitoring system. The Board of Directors consists, in principle, of the group of persons, elected by the corporate partners or shareholders, and charged with the representation of the company, discussion of all the issues and execution of all appropriate action in order to realise the corporate goals. Its membership may include, inter alia, managers of the limited companies as provided for in Article 282 and executive management officers as referenced in Article 425, both of Commercial Companies Law 1 of It shall be incumbent upon the Board of Directors to: Approve the policies of the institution Appoint the Compliance Officer Define, implement and approve the processes related to the main tasks of the Compliance Officer Supervise the anti-money laundering and terrorism financing (AML/CFT) strategy The Compliance Officer (for AML/CFT-related matters) shall be responsible for implementing the ML and TF prevention plan. He shall also undertake the centralisation of information and the TF and is also responsible for central processing of information and notification to the Financial Information Unit and other competent authorities regarding operations potentially susceptible to money laundering and terrorist financing. The Compliance Officer shall be specifically charged with: Obtaining approval of the ML/TF prevention plan Monitoring fulfilment of the policies and processes defined within the framework of the antimoney laundering and counter-terrorism financing system implemented by the financial institution Managing and monitoring the implementation of controls on the prevention of money laundering and terrorist financing Centralising and analysing information received within the organisation Reporting to the Financial Intelligence Unit and other competent bodies regarding operations susceptible to set-up for criminal practices of money laundering and terrorist financing Receiving information requests from the Financial Intelligence Unit or other competent bodies, and providing, where applicable, the solicited information Formulating an annual report on the risk assessment conducted for the financial institution and the effectivity of the implemented measures for money laundering and terrorist financing prevention, for the submission to the Board of Directors. Note: If applicable, given the scale and complexity of the business of the financial institution, a person may be appointed specifically to manage ML/TF prevention, by line of business within the financial institution, and to report to the Compliance Officer. These will be the local Compliance Officers, who will be consulted prior to submission of a specific 3

16 Business and Operational Departments: Each business or operational department must undertake to run routine checks, for example, of the acceptance of new customers, processing of transactions, or definition of new products. The control checks must be set up by the responsible person designated for the task by the institution in accordance with the ML/TF prevention policy. Where the responsibilities are distributed between different departments, a system must be set up within the organisation to connect the different managers in order to facilitate management of the various risk areas and the requisite information reporting to the Board of Directors in line with corporate policy. Internal Audit: The designated monitoring manager of the defined TF prevention plan will be in charge of the internal audit. In cases where the internal audit is outsourced, the subcontracted entities or persons must be appropriately qualified to provide the service Training and Awareness Programme The training and awareness programme is an essential component to ensure the effectiveness of any of ML/TF prevention plan. The financial institution must acquaint all its employees, including the Board of Directors, with the current legislative framework and regulations governing the prevention of money laundering and terrorist financing, as well as the company s own relevant policies and processes. The training programme must enable employees to identify suspicious behaviour and/or activities, and instruct them in the additional steps to be taken to identify a suspicious transaction. The first step towards setting up an effective training programme is definition of the target audience, because the training given must be tailored to the specific topics and issues of relevance for each participant s role, it not being necessary for all employees to receive the same level of training. For this reason, the financial institutions must determine the relevant training for each participant, and it is particularly important that the Compliance Officer receive appropriate training for his/her function. The training content will necessarily vary between the different financial institutions according to the nature of their customer base, and of the products and services they offer, and its frequency and format must also be adapted to suit the type and size of each institution. Under Law 34 of December 12, 2011, training must be provided periodically (for example, once a year) and preferably in sessions formed of small groups to permit the discussion of individual views and exploration of the key issues relevant to the topic under review. Note: The training programme can include presentation of hypothetical problems and scenarios to stimulate debate. It is recommended to include money laundering and terrorist financing cases based on real-life situations that have occurred within the institution or in similar financial institutions. The type of training depends on the subject matter and the audience. In fact, there are alternative training methods and models that may be more suitable, such as training sessions via Web-based learning programmes, group sessions, and more. When major events occur in the anti-money laundering and counter-terrorism financing domain, the institutions must inform their employees about them without delay, providing them with information on the implications of these events for their activities. The financial institution must maintain a detailed record of the training sessions conducted, including the number and names of the participants. The financial institutions must decide what the consequences will be of an employee s absence without due justification. 4

17 3.3.4 Processes The policies defined and approved by the Board of Directors according to the terms specified in Section above will be implemented by integrating the defined processes into the financial institution s routine business operations. In Law 34 of December 12, 2011 and Notices nos. 21 and 22 of April 25, 2012, the mandatory requirement is established to implement processes, such as due diligence measures, which include, inter alia, customer identification and identity verification, record keeping, and communication. Despite the absence of any specified execution method for these measures in the current laws and regulations, the financial institutions must ensure their implementation. 4 Customer Due Diligence Measures The policy of due diligence approved by the Board of Directors must clearly describe the process for identifying the customer as it is to be executed in the various component stages of the due diligence measures implementation, as provided for in Article 7 of Law 34 of December 12, 2011: Customer identification, and where applicable, of the actual beneficiary or representative Customer identity verification, and where applicable, of the actual beneficiary or representative Information acquisition on the purpose and nature of the business relationship Information acquisition on the origin and destination of funds Update of customer information Continuous monitoring of the business relationship Implementation of the customer due diligence measures is translated into a series of processes enabling the financial institutions to obtain a coherent understanding of the customer s identity, in addition to acquiring and maintaining the requisite background information for an understanding of the nature of his business, his operations and also their associated risk levels. 4.1 Customer Identification "Identification" of the customer denotes the act by which the financial institution determines the name and other relevant information about a prospective customer, whether an individual or a company. Article 5 of Law 34 of December 12, 2011, together with the relevant current Notices, requires the establishment of monitoring controls, of which the customer identification procedures are of key importance in the following situations: When establishing a business relationship Where an occasional transaction is made in excess of a set threshold If there is some suspicion of involvement in activities associated with money laundering and terrorist financing When there are questions regarding the authenticity or reliability of the given customer identification data. The Law 34 of December 12, 2011, together with the relevant current Notices, determines the kind of information, at least, which needs to be collected by the financial institutions during the establishment of a business relationship or conduct of an occasional transaction. Articles 5 of Notice no. 21 and 5 of Notice no. 22, both of April 25, 2012, indicate the minimum information to be requested from potential customers upon initiation of a business relationship. 1

18 4.1.1 Identification of a New Customer When a new customer requests a product or service, he or she must be identified before beginning the business relationship or before conducting an occasional transaction Establishment of the business relationship Note: The establishment of the business relationship is not necessarily conditional upon presentation of all the details specified in Article 5 of Notices 21 and 22 respectively, both of April 25, Nevertheless, if such a situation arises, the customer must provide the available information available. Under the terms of Article 2 of Law 34 of December 12, 2011 and for the purposes of the same law, a business relationship is characterised by a "relationship of a commercial or professional nature between the entities concerned and their customers who, at the actual moment of its establishment, anticipate that it will be or view it as enduring" such as, for example, the opening of a savings account or execution of a leasing contract. At the time when the business relationship is established, the Account Manager or other person in charge of the business relationship must at least ensure the completion and signature of a form of Customer Profile (hereinafter referred to as "documents", in compliance with the Know Your Customer (KYC) rules). These documents contain essential details about the customer and the effective beneficiary of the relationship. Such essential customer details may be considered to include marital status, professional status, employer identity where applicable, financial situation, origin of bank deposits and the payment channel used, and any other details enabling the bank to check the customer s current financial situation. Without prejudice to the above, the financial institutions are empowered, at their discretion, to collect additional information to enable them to extend the scope of their stock of knowledge about the customer and the business relationship, and thereby to further support their assessment of the associated risk. They are entitled, for example, to request identifying details of the company directors or administrators with current management authority over the customer Performing an Occasional Transaction Furthermore, identification is required when: Occasional transactions are performed by a person or entity The occasional transaction is in an amount equal to or exceeding USD 15,000 (fifteen thousand dollars of the United States of America), regardless of whether the transaction is executed as a single operation or in multiple operations that appear to be linked. If the total amount of the transaction is not known when the operation is initiated, the financial institution must demand identification as soon as the amount in question becomes known, if it is equal to or exceeding USD 15, (fifteen thousand dollars of the United States of America). As stated in Article 2 of Law 34 of December 12, 2011, occasional transactions are understood to refer to "transactions executed by entities outside the scope of an established business relationship". In other words, these are one-off transactions not bound by the concept of a lasting business relationship, such as generally exists between a financial institution and a customer. In this case, the customer is an "occasional" customer requesting a single foreign currency transaction or an isolated share acquisition instruction for an amount in excess of the above-stated ceiling, above this threshold, and at the outset, no long-term framework has yet been associated with this relationship. Financial institutions must take into account certain factors that may link occasional transactions, and assess whether such transactions are inherently habitual or repetitive in character in order to determine whether the current transaction is likely to extend to an amount equivalent to or greater than the abovestate ceiling: For example, payments made to the same person from one or more sources within a short period of time, or a customer regularly transferring funds to one or more sources. 2

19 Furthermore, the habitual nature or frequency of the transactions may convert their occasional business status into a long-term relationship. In principle, where such situations present a low ML/TF risk and do not initially lead to the establishment of a business relationship, the financial institutions can set a three-month period for transaction linking. Prior to execution of the occasional transaction, at least the details specified in Article 7 of Notice no. 22 of April 25, 2012 should be requested, namely the customer s full name and signature, nationality, date of birth, and the title and number of the identifying document used, as well as its expiry date and issuing authority Identification of an Existing Customer Law 34 of December 12, 2011 not only requires the financial institutions to identify new customers, but also provides for some situations where identification is mandatory for existing customers. These situations occur when the financial institution suspects involvement in money laundering and terrorist financing or if it has any doubts regarding the authenticity or reliability of information provided by the customer. The latter situation could arise, for example, during a review of the customer profile. On the other hand, under the provisions of Article 4, paragraph 2 of Notice no. 21 and Notice no. 22, both of April 25, 2012, there is a mandatory obligation to identify and verify identity expressly applicable to existing customers, where the business relationships of such customers were established prior to the entry into force of Notices nos. 21 and 22 of April 25, According to the provisions of the above-mentioned Notices, the requirement for identification may apply to existing customers, depending on their associated money laundering and terrorist financing risk assessment. In this case the financial institution must ensure that it is in possession of adequate information (at least the information required legally) to carry out an effective ML/TF risk assessment before deciding whether to enable an ongoing business relationship with the customer. If the information is not readily available, the financial institution is obliged to obtain it from the customer, given the possibility high risk situations where current customer information is essential. Depending on the adopted approach to risk assessment where existing customers are concerned, the financial institution may choose to make additional requirements: For example, whenever a new business transaction is processed (meaning that the customer is requesting a new product or service) or in cases where the associated risk has been identified as high (such as, the execution of a high volume of cash transactions), or else when the transaction is incompatible with the customer's established profile. Regardless of the approach adopted, the financial institution must document the criteria used to modify or add new details to existing customer information. To minimise the impact associated with a lack of information on customers whose business relationship was established prior to the introduction of mandatory information collection on matters of identity and customer due diligence, in accordance with the state provisions of Notices nos. 21 and 22 of April 25, 2012, the financial institution is empowered to implement an information update plan or to otherwise obtain the requisite additional information. 3

20 4

21 4.1.3 Identification of the client s beneficial owner When the client is a legal entity, financial institutions should identify the beneficial owner of this client. The beneficial owner is a natural person, who ultimately holds, controls the client, and in the name of which a given transaction is conducted. If the client is a legal entity, in order to determine the beneficial owner, the following should be identified: The natural persons who hold or control, directly or indirectly, at least 20% of the equity of the company or the voting rights of the legal entity; and The natural persons who, in any other way, exercise control over the management of the legal entity. If the client is an entity without legal personality, such as collective interest centers without legal personality who manage and distribute funds (trusts), in order to determine the beneficial owner, the following should be identified: The beneficiary natural persons who hold at least 20% of its equity, if the future beneficiaries have already been determined; 1

22 The natural persons in whose main interest the legal entity had been incorporated or conducts its activities, when the future beneficiaries have not yet been determined; and The natural persons who exercise control at least over 20% of the equity of the legal entity. Article 7.º of Law n.º 34/11, from 12 December, demands that financial institutions obtain specific information on the structure of the shareholders/shares, property and control over the client, as due to this knowledge, the financial institution may identify the beneficial owner. Complex property structures may require, from financial institutions, additional measures so that they are reasonably satisfied in terms of knowledge about their client. Moreover, and by the risk associated with the business or single transaction, the financial institution May use, for example, annual statements, company structure, memos, or contracts, which allow it to know and understand the property and control structure. Financial institutions may request from the client the provision of an identification of the beneficial owner and, if there is more than one beneficial owner, the identity of all these should be provided. Control over legal entities may be exercised in different ways and depends on various factors, namely the legal form and business sector. However, during the process of identifying the beneficial owner the financial institution may verify that the control over property is diversified to such a degree that there is no single person who effectively controls the legal entity. In this case, the institution should demonstrate that it has conducted all necessary measures to ascertain the identity of the beneficial owner exercising control over the institution. If after having conducted these measures no beneficiaries have been identified, the institutions should try to conduct measures necessary to identify the person who has management powers in the legal entity Identifying the beneficiaries of life insurance Banking financial institutions which have life insurance products, among other types of investment in The insurance sector, should conduct, apart from the diligence measures to identify the client and respective beneficial owner, the following measures relating to the beneficiary of the life insurance and other insurance policies, at that time at which the beneficiaries of the insurance policies are identified/designated by the buyer of insurance: Collecting the name of the person beneficiaries identified as natural persons or legal entities or entities without legal personality; Obtain sufficient information with regard to the beneficiary of the insurance policy so that the financial institution is satisfied that it can determine the identity of the beneficiary or beneficiaries at the time of payment who shall be designated by their characteristics or class (for example, spouse or children at the time the insured event occurs) or by other means (for example, by a will). The above mentioned information should be registered and kept in accordance with the procedures Pertaining to section 4.3 and 4.4, with the policy beneficiary identification only having to occur at the time of payment. Please note that the beneficiary of an insurance policy may be considered as an important risk factor, in determining the applicability of due diligence measures. In fact, if a financial institution determines, for example that a beneficiary of life insurance is a legal entity or an entity without legal personality, this may be considered to carry greater risk, but the institution may 2