Article (14): Anti-Money Laundering and Countering the Financing of Terrorism Procedures
C 6/2020 Effective from 30/10/2020
All Licensees must comply with the existing legal obligations and regulatory requirements for AML/CFT of the Central Bank and address money laundering and terrorist financing risks through appropriate preventive measures to deter abuse of the sector as a conduit for illicit funds, and detect money laundering and terrorist financing activities and report any suspicious transactions to the Financial Intelligence Unit at the Central Bank.
The Central Bank requires the Licensees to undertake periodic risk profiling and assessment based on the AML/CFT requirements.
Risk factors
The risk of an SVF product will to a significant degree, depend on its design, its functions and the mitigating measures applied. In assessing the risk of an SVF product, a Licensee should take into account the following risk factors:
3.1. maximum stored value or transaction amount of the SVF – SVF products with higher transaction value or higher maximum stored value may increase the money laundering and terrorist financing risk;
3.2. methods of funding – SVF products that allow funding by cash offer with little or no audit trail present a higher money laundering and terrorist financing risk. On the other hand, funding by unverified parties or via other payment methods without Customer identification can also create an anonymous funding mechanism and hence present higher money laundering and terrorist financing risks;
3.3. cross-border usage – in general, SVF products with cross-border usage may increase the risk as transactions may be subject to different AML/CFT requirements and oversight in other jurisdictions and also give rise to difficulties with information sharing;
3.4. person-to-person fund transfer function – an SVF product that allows person-to-person fund transfers may give rise to higher money laundering and terrorist financing risks;
3.5. cash withdrawal function – an SVF product that allows access to cash for instance through automated teller machine networks may increase the level of money laundering and terrorist financing risk;
3.6. holding of multiple accounts/cards – SVF products that allow a Customer to hold more than one account or card may also increase the money laundering and terrorist financing risk as it may be utilized by a third-party user other than the Customer;
3.7. multiple cards linked to the same account – SVF products that permit this functionality may present higher money laundering and terrorist financing risks, especially where the linked card is anonymous; and
3.8. payment for high-risk activities – some merchant activities, for example, gaming, present higher money laundering and terrorist financing risks.
The money laundering and terrorist financing risks of an SVF product can be reduced by implementing risk mitigating measures, which may include: (a) the application of limits on the maximum storage values, cumulative turnover or transaction amounts; (b) disallowing higher risk funding sources; (c) restricting the SVF product being used for higher risk activities; (d) restricting higher risk functions such as cash access; and (e) implementing measures to detect multiple SVF accounts/cards held by the same Customer or group of Customers.
The level of money laundering and terrorist financing risks posed by a particular SVF product will depend on a consideration of all risk factors, the existence and effectiveness of risk mitigating measures and their functionality.
A Licensee should assess whether a business relationship presents a higher money laundering and terrorist financing risk and assign a related risk rating. Generally, the Customer risk assessment will be based on the information collected during the identification stage. The Licensee should ensure that their CDD models are designed to address the specific risks associated to its Customer profile and SVF product features.
Compliance management arrangements and independent audit function
A Licensee must have appropriate compliance management arrangements that facilitate the SVF’s implementation of AML/CFT systems to comply with relevant legal and regulatory obligations and to manage money laundering and terrorist financing risks effectively. Compliance management arrangements should at a minimum include oversight by the Licensee’s Senior Management and appointment of a Compliance Officer and a Money Laundering Reporting Officer.
In addition, a Licensee should put in place comprehensive AML/CFT policies and procedures in accordance with the AML/CFT law and regulations.
Use of technology
The Central Bank supports innovative means by which Licensees implement AML/CFT Systems effectively as well as exploring the greater use of technology and analytical tools. The Central Bank expects Licensees, before introducing any new product, service or technology, to conduct adequate risk assessments and ensure that any identified risks are effectively managed or mitigated.
In general, the eKYC process currently adopted by licensed banks for digital onboarding of Customers is acceptable for SVF account opening. No physical face-to-face meetings with the Customer or physical documents verification are required so long as the digital authentication of the Customer and digital verification of all required documents can be done in accordance with the existing requirements of the Central Bank.
Depending on the nature of relationship, Licensees may undertake additional CDD measures, including the collection of sufficient information to adequately understand the nature of the Virtual Asset Service Providers’ business; determining from publicly available information whether the Virtual Asset Service Providers are licensed or registered, and subject to AML/CFT supervision; and assessing the AML/CFT controls of the Virtual Asset Service Providers as appropriate. The extent of Customer due diligence measure should be commensurate with the assessed money laundering and terrorist financing risks of the Virtual Asset Service Providers.
Globally there is an emerging range of new products and services involving Virtual Asset. In line with the FATF standards, before a Licensee offers any new products relating to Virtual Assets, it should undertake money laundering and terrorist financing risk assessment and take appropriate measures to manage and mitigate the identified risks in accordance with applicable legal and regulatory requirements. Licensees are encouraged to refer to the suggestions provided by FATF in relation to the guidance for a risk-based approach to Virtual Assets and Virtual Assets Service Providers.
Book traversal links for Article (14): Anti-Money Laundering and Countering the Financing of Terrorism Procedures