customer due d (cdd) a (aml) (cft) mcb s o · ulterior motives. to address the risks stemming from...

CUSTOMER DUE DILIGENCE (CDD) & ANTI-

MONEY LAUNDERING (AML) / COMBATING

FINANCING OF TERRORISM (CFT) POLICY

MCB SRI LANKA OPERATIONS

2015

Document Control Sheet

Title Of Policy Customer Due Diligence (CDD) & Anti-Money laundering (AML) / Combating Financing of

Terrorism (CFT) Policy

Associated Key Risk (if applicable) Money Laundering & Financing of Terrorism

Policy Owner Country General Manager MCB Sri Lanka & Local Compliance Officer

Final Review Group Head – Wholesale Banking Group and Compliance and Control Group

Review Frequency Once in two years

Latest Review/ Approval date Oct, 2015

Next review date 2 years from the approval date

Version Version 1.0

Reviewed by A&RARG & LAG

Concurred by President

Recommended By Standing Committee for Review of Policies (SCRP)

Approved By Board of Directors

Table of Contents

1. INTRODUCTION: ...........................................................................................................................................1

2. SCOPE ...........................................................................................................................................................2

3. OBJECTIVE OF THE POLICY IS TO COVER: .....................................................................................................3

4. ROLE AND RESPONSIBILITY OF COMPLIANCE OFFICER................................................................................3

5. ORGANIZATIONAL CHART OF COMPLIANCE FUNCTION ..............................................................................4

6. KEY ELEMENTS OF CUSTOMER DUE DILIGENCE ..........................................................................................5

I. Customer Identification: ....................................................................................................................... 5

II. Customer Verification ........................................................................................................................... 5

III. Customer Acceptance ........................................................................................................................... 6

IV. Accounts and Transaction Monitoring .................................................................................................. 6

V. Risk Management ................................................................................................................................. 7

7. CORRESPONDENT BANKING.........................................................................................................................7

8. RECORD KEEPING .........................................................................................................................................8

9. TRAINING .....................................................................................................................................................9

10. AML/CFT PROCEDURAL HANDBOOK ...........................................................................................................9

11. PERIODICITY FOR REVIEW OF POLICY ..........................................................................................................9

12. GLOSSARY .................................................................................................................................................... 10

Wholesale Banking Group & Compliance and Controls Group

MCB Sri Lanka CDD & AML/CFT Policy Version 1.0 Page 1 of 10

1. INTRODUCTION: MCB Bank-Sri Lanka (‘the Bank’) is committed to combat Money Laundering and Terrorist Financing. Its commitment to the inhibition of ML/FT is reflected in this policy in compliance with the legislative requirements of authorities in Sri Lanka as well as with MCB’s Head Office in Pakistan. Reference was made to the following laws and regulations for the development of the policy:

Prevention of Money Laundering Act, No.05 of 2006 (PMLA)

Convention on the Suppression of Terrorist Financing Act, No.25 of 2005 (CSTFA)

Financial Transaction Reporting Act, No. 06 of 2006 (FTRA)

Know-Your-Customer and Customer Due Diligence Rules prescribed by FIU under FTRA

from time to time.

Applicable/ Relevant AML/CFT Guidelines issued by SBP (State Bank of Pakistan)

To further strengthen the regulatory framework to curb Money Laundering and Terrorist

Financing CBSL (Central Bank of Sri Lanka) has issued AML/CFT regulations, covering the

following aspects:

Key Elements Area Covered

Customer Due Diligence CDD Measures for Identifying, Verifying and Accepting new customers and maintaining relationship with existing customers.

Correspondent Banking CDD measures for establishing and maintaining relationship with Correspondent and Respondent Banks / Financial Institutions (FIs)

Wire Transfers / Fund Transfers

Responsibilities of Ordering, Intermediary and Beneficiary Institutions (as applicable) involved in processing wire transfers / fund transfer.

Maintenance of Accounts and General rules

All Measures prescribed by Central Bank of Sri Lanka under Licensed banks and Registered Finance Companies (Know your Customer (KYC) and Customer Due Diligence (CDD) Rules No. 1 of 2011 issued by Financial Intelligence Unit under the Financial Transactions Reporting Act No. 6 of 2006 is to be adhered to in letter and spirit.

Reporting of Transactions (STRs)

Guidelines for Reporting of Complex, Unusually Large, and out of pattern Transactions.



In addition to the above, the international best practices such as FATF (Financial Action Task Force), Basel Committee on Banking Supervision (BCBS) on Customer Due Diligence, and UN (United Nations) resolutions concerning sanctions should also be followed to prevent the possible use of the Bank as a conduit for money laundering or terrorist financing activities. Amid increasing focus of banks and regulatory bodies on curbing ML (Money Laundering) / FT (Financing of Terrorism) activities, the AML / CFT policy of the Bank aims to provide guidelines for business, while establishing a business relationship with a new customer and maintaining/continuing relationship with existing customers in order to identify, assess, manage and mitigate risk on an ongoing basis and compliance with applicable laws and regulations.

2. SCOPE

This policy applies to each and every business segment and concerned employees to effectively

mitigate the risk of ML and FT. The document should be read in conjunction with the AML/CFT

Policy applicable in MCB Head Office (Pakistan) to ensure adherence to Regulation-6 (sub-

section 4, 5, and 6) of AML/CFT regulations issued by State Bank of Pakistan.

Bank is prone to the risk of ML/FT thereby being misused by criminal elements for their

ulterior motives. To address the risks stemming from customers, this policy will be a guiding

document for concerned employees towards managing the customer’s risks in an effective

way by using the risk based approach. Thus the Customer Due Diligence process will involve

the application of Risk Based Approach (RBA), through the introduction of sophisticated and

quantified Risk Rating Sheet(s)/Customer Risk Profiling Forms. Under the Customer Due

Diligence process, various sets of documents will be developed and provided to the branches /

field offices from time to time to ensure execution of the process and identification of risks

attached with each customer for effective mitigation of ML / FT risk.

Tipping off

Employees are strictly prohibited to disclose to any person including customers that the said transaction is being scrutinized for possible involvement in suspicious money laundering operations and/or terrorist financing and ensure compliance of section 9 and 10 of Financial Transaction Reporting act no. 6 of 2006.

Penalty

Failure to comply with AML/CFT requirements may result in penal action such as fines and imprisonment in accordance with the applicable laws.

Internal Controls, Policies, Compliance, Audit and Training

Requirements relating to development of Controls, Policies, Procedures, Training and programs to ensure compliance with AML / CFT regulations.



3. OBJECTIVE OF THE POLICY IS TO COVER:

1. Compliance of all Statutory, regulatory & legal obligations to prevent ML and FT.

2. Acceptance of only bona fide and legitimate customers.

3. Verify the identity of customers using reliable and independent sources.

4. Conduct ongoing monitoring of customer accounts and transactions to prevent or

detect potential ML / FT activities.

5. Implement Customer Due Diligence process using risk based approach.

6. Effectively manage customer-driven risks by using procedures laid down in CDD &

AML/CFT Procedural Handbook of MCB Sri Lanka.

7. Managing reputational, operational, legal and concentration risks, etc.

4. ROLE AND RESPONSIBILITY OF COMPLIANCE OFFICER

The Bank is required to appoint a Compliance Officer in terms of Section 14 of the FTRA

(Financial Transactions Reporting Act, No. 6 of 2006), who shall be responsible for ensuring the

Bank’s compliance with the requirements of the relevant laws. This Officer must be at the

senior management level.

The said Compliance Officer shall specifically be responsible for the following:

(a) Ensuring the Bank’s compliance with the requirements of FTRA;

(b) Establish and maintain procedures and systems to—

(i) implement the customer identification requirements under section 2 ;

(ii) Implement procedures for the record keeping and retention requirements under

section 4;

(iii) Implement the process of monitoring required under section 5;

(iv) Implement the reporting requirements under sections 6, 7, 8 and section 22 in

relation to auditors and report all information to FIU as required in Section 7 of

Financial Transaction Reporting Act No 06 of 2006;

(v) Make its officers and employees aware of the laws relating to money laundering

and financing of terrorism; and

(vi) Screen all persons before hiring them as employees;

(c) Establish an audit function to test its procedures and systems for the compliance with

the provisions of this Act;

(d) Train its officers, employees and agents to recognize a suspicious transaction.



5. ORGANIZATIONAL CHART OF COMPLIANCE FUNCTION

President

Group Head

Wholesale

Banking (WBG)

Country General

Manager -

Srilanka

Group Head

Compliance &

Controls (CCG)

Unit Head

Compliance -

Srilanka

Officer

Compliance -

Srilanka



6. KEY ELEMENTS OF CUSTOMER DUE DILIGENCE Following are the basic components of CDD:

I. Customer Identification:

The Bank will serve only the genuine person(s) and all out efforts would be made to determine t h e true identity of every customer. Minimum set of documents shall be obtained from various types of customer(s), at the time of opening an account, as prescribed in Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) Regulations.

Customer relationship is only to be established on the strength of a valid Passport/NIC/DL number or where the customer is not a natural person, the registration/ incorporation number, business registration number or special resolution/authority, in case of Charity Accounts etc. (as applicable).

For walk-in-customers / Occasional customers, to establish and validate the true identity of the person(s) executing the transactions either for self or if the person is acting on behalf of some other person(s), complete originator information must be obtained and identities must be invariably verified.

For non-face-to-face customers, Business shall put in place suitable operational procedures to establish identity of the client from a third party (an independent source). Equally effective customer identification procedures for non-face-to-face customers shall be applied as for those available for interview.

II. Customer Verification

The Bank shall identify the beneficial ownership of accounts/ transactions by taking all reasonable measures. Identification of the customer and beneficial owner will be verified using reliable independent sources.

Extra care is essential where the customer is acting on behalf of another person, and reasonable steps must be taken to obtain sufficient identification data to verify the identity of that other person as well. For customers that are legal persons or for legal arrangements, branches are required to take reasonable measures to (i) understand the ownership and control structure of the customer (ii) determine and verify the natural persons who ultimately own or control the customer. This includes those persons who exercise ultimate effective control over a legal person or arrangement.



Identity documents, wherever required as per relevant AML/CFT Regulations, are to be verified. Verification of the identity of the customers and beneficial owners shall be completed before business relationship is established or a transaction is processed.

III. Customer Acceptance

A customer will only be accepted once the aforementioned formalities have been completed in letter and spirit. Walk-in-customers shall only be entertained, once due diligence measures for transactions relating to such customers as prescribed in CDD & AML/CFT Procedural Handbook have been complied with. Following accounts will not be opened/maintained by MCB Bank where;

a. Identity, beneficial ownership, or information on purpose and intended

nature of business relationship is not clear.

b. Name of the individual customer/organization (including such individuals who

are authorized to operate account(s) and the members of governing

body/directors/trustees of an entity) appears in the Proscribed/Sanctioned

entities lists.

c. Proscribed entities and persons or to those who are known to be associated

with such entities and persons, whether under the proscribed name or with a

different name.

d. Anonymous / fictitious (Benami) or numbered accounts.

e. Shell Banks & Corporations.

f. Client or business segment black listed by the Bank or by the Regulators.

g. The Bank is not able to satisfactorily complete required CDD measures.

IV. Accounts and Transaction Monitoring

The Bank shall put in place a Transaction Monitoring System to identify suspicious

transactions while paying special attention to every complex, unusually large and

out-of- pattern transaction(s), which have no apparent economic or visible lawful

purpose. If the Bank suspects or has reasonable grounds to suspect that the funds are

the proceeds of criminal activities or have potential to be used for terrorist activities, it

shall report its suspicion to FIU as per the procedures laid down by Central Bank of Sri

Lanka (CBSL).

High Value Transactions (HVT) exceeding the prescribed limits as defined by FIU (of

CBSL) shall also be reported to FIU through the Compliance Unit.



For Wire Transfers, the bank may act as Ordering Institution, Beneficiary Institution or

Intermediary Institution while processing wire transfers/fund transfers. However,

wh i le cond u ct in g su ch operat ion s , i t sh a l l b e en su red t hat all

requirements as described in CDD & AML/CFT Procedural Handbook are completed

and other instructions, issued from time-to-time, in this matter are also adhered to.

V. Risk Management

All relationships shall be categorized with respect to their risk levels i.e. High, Medium and

Low based on the quantified risk profiling of customer (through standard risk rating sheet,

and as guided in CDD & AML/CFT Procedural Handbook) for making effective decisions

whether to perform Simplified Due Diligence (SDD) or Enhanced Due Diligence (EDD) both at

the time of opening and ongoing monitoring of business relationships.

The approval for all High Risk Customers in compliance of Section 29(c ii) Financial Transaction Reporting Act No 06 of 2006 will be obtained from Senior Management (Country General Manager) after performing EDD (Enhanced Due Diligence). Customer KYC / CDD profile will be reviewed and/or updated on the basis of t h e f o l l o w i n g predefined frequency contained in the AML / CFT Procedural Handbook.

High Risk At least Once in a Year or One-off*

Medium Risk At Least Once in 2 Years or One-off*

Low Risk At least Once in 3 Years or One-off*

*In case of any material change in the relationship or deviation from customer profile, CDD will be conducted and customer profile will be updated immediately without lapse of above defined period.

The robustness of the Due Diligence process will be assessed independently through the Compliance function & Internal Audit function by adhering to the respective processes laid down in this regard.

7. CORRESPONDENT BANKING

The Bank will establish correspondent banking relationships with only those foreign banks

that have adequate and effective AML / CFT systems and policies in line with the AML / CFT

regulations relating to the country in which that Bank operates. Moreover, the Bank will pay

special attention when establishing or continuing correspondent relationship with banks/

financial institutions which are located in geographical locations or governed by jurisdictions



that have been identified by FATF for inadequate and poor AML/CFT standards in the fight

against money laundering and financing of terrorism.

Before establishing new correspondent banking relationship, approval from senior

management (Country General Manager) and Financial Institution Division (FID) MCB Head

Office shall be obtained and proper Due Diligence shall be conducted. Ongoing Due

Diligence o f respondent/correspondent b a n k s will b e c o n d u c t e d u s i n g risk-based

approach following the guidelines as contained in the CDD & AML/CFT Procedural Handbook.

Bank shall not enter into or continue correspondence banking relationship with a shell bank

and shall take appropriate measures when establishing correspondent banking relationship, to

satisfy themselves that their respondent banks do not permit their accounts to be used with by

shell banks.

8. RECORD KEEPING

The records of identification documents, account opening forms, KYC forms, verification

documents, etc. along with records of account files and business correspondence, shall be

maintained for a minimum period of ten years after the business relationship is ended.

The Bank shall also maintain for a minimum period of ten years or more if required by local

law, all necessary records on transactions for both domestic and cross-border from the date of

completion of transaction(s). The data relating to suspicious transactions and currency

transactions reported by the Bank to relevant Authority/ Central Bank of Sri Lanka (CBSL) will

be retained for a period of at least ten years or more if required by local law from the date of

such reporting.

However, records relating to customers, accounts or transactions will be retained for longer

period, which involve litigation or is required by court or other competent authority until

otherwise instructed by the relevant body. Furthermore, all signature cards and documents

indicating signing authorities, and other documents relating to the account/deposit or

instrument surrendered to the CBSL, shall be kept in the bank’s record till such time that the

CBSL informs in writing that same need no longer to be preserved.

Further, MCB - Srilanka shall also follow the record management policy of MCB Head Office.



9. TRAINING

Suitable Employee Training Program will be put in place by the country general manager as per

appropriate HR policy on an annual basis to enhance staff capability, in order to effectively

implement the regulatory requirements, and also bank’s own policy & procedural

requirements relevant to AML/CFT including alerts, analysis, and possible reporting of

Suspicious transactions as well as to understand new developments in AML/CFT techniques,

methods, and trends.

10. AML/CFT PROCEDURAL HANDBOOK

All Policy guidelines related to CDD and AML/CFT shall be documented in the form of CDD and

AML/CFT Procedural Handbook. This document shall be prepared and reviewed by Compliance

Officer-MCB Sri Lanka, and shall carry the joint recommendation of Country General Manager-

MCB Sri Lanka, subject to review by Group Head WBG and Group Head Compliance & Controls.

The approving authority for this document shall be the President.

Furthermore, it shall be reviewed at least once in two years.

11. PERIODICITY FOR REVIEW OF POLICY

This policy shall be reviewed at least biennially or on need basis. This policy will be approved

by the Board of Directors and all subsequent reviews of the document shall continue to be

approved at the same level.

The primary responsibility for review and maintenance of this Policy rests with the Compliance

Officer- MCB Sri Lanka and Country General Manager-MCB Sri Lanka, subject to review by

Group Head WBG and Group Head Compliance & Controls.



12. GLOSSARY

AML Anti-Money Laundering

CFT Combating the Financing of Terrorism

BCBS Basel Committee on Banking Supervision

CBSL Central Bank of Sri Lanka

CSTFA Convention on the Suppression of Terrorist Financing Act

EDD Enhanced Due Diligence

FATF Financial Action Task Force

FIs Financial Institutions

FIU Financial Intelligence Unit

FTRA Financial Transaction Reporting Act

KYC Know Your Customer

ML Money Laundering

FT Financing of Terrorism

NGOs Non-Governmental Organizations

NPOs Not-for-Profit Organizations

PEPs Political Exposed Persons

PMLA Prevention of Money Laundering Act

RBA Risk Based Approach

SDD Simplified Due Diligence

STRs Suspicious Transaction Reports

UN United Nations

customer due d (cdd) a (aml) (cft) mcb s o · ulterior motives. to address the risks stemming from...

Documents