The State Bank of Pakistan has made amendments in Prudential Regulations for Corporate/Commercial Banking-M-1 & M-2 to prevent possible use of banking sector for money laundering and terrorist financing, and with the view to preserve integrity and safety of the financial system.
SBP on Monday asked banks and DFIs to strictly follow the guidelines of Customer Due Diligence (CDD) and make sure that personal accounts are not to be used for business purposes to avert the risks posed by money laundering and terrorist financing.
SBP has directed banks and DFIs to formulate, and put in place, a comprehensive Customer Due Diligence (CDD) or ''Know Your Customer'' (KYC) policy duly approved by their Board of Directors and, in case of branches of foreign banks, approved by their head office, and cascade the same down the line to each and every business location and concerned officers for strict compliance.
CDD/KYC policy of the banks and DFIs shall inter alia include a description of the types of customers that are likely to pose a higher than average risk to the institution, and guidelines for conducting ''Enhanced Customer Due Diligence;, depending upon the customers'' background, country of origin, public or high profile position, nature of business, etc, the SBP said.
Beneficiary financial institutions shall adopt effective risk-based procedures for identifying and handling wire transfers that are not accompanied by complete originator information, the SBP said. Adding wire transfers with incomplete originator information may be seen with suspicion, which may require reporting to Financial Monitoring Unit (FMU) of SBP or termination of the transaction.
IN THIS CONNECTION, THE SBP ISSUED FOLLOWING CIRCULAR ON MONDAY:
-- Prudential Regulations for Corporate/ Commercial Banking- M-1 & M-2
-- Please refer to Prudential Regulations M-1 & M-2 for Corporate/ Commercial Banking and instructions issued from time to time in this respect.
2. The following additions/amendments are made in aforesaid Prudential Regulations.
-- A. Substitution of Regulation M-1, Know Your Customer (KYC)
-- Regulation M-1, Know Your Customer (KYC) has been substituted with Regulation M-1, Customer Due Diligence (CDD) as per Annexure-I attached.
-- B. Amendments/ Additions in Regulation M-2 (Anti-Money Laundering Measures)
-- Existing paragraph 1 (d) may be renumbered as (f) and two new paragraphs namely (d) & (e) should be inserted as follows:
-- (d) Beneficiary financial institutions shall adopt effective risk-based procedures for identifying and handling wire transfers that are not accompanied by complete originator information. Wire transfers with incomplete originator information may be seen with suspicion which may require reporting to FMU or termination of the transaction. Banks/DFIs should remain careful from financial institutions which do not comply with aforesaid requirements by limiting or terminating business relationship.
-- (e) Banks/DFIs shall not allow personal accounts to be used for business purposes. To ensure the compliance of this requirement, banks/DFIs should obtain satisfactory information on the purpose and intended nature of the relationship and financial status including sources of income etc from the customer.
ANNEXURE-I
PRUDENTIAL REGULATION M-1 CUSTOMER DUE DILIGENCE (CDD) With the view to preserve integrity and safety of the financial system, it is expedient to prevent the possible use of the banking sector for money laundering and terrorist financing. To this end, Customer Due Diligence/Know Your Customer (CDD/KYC) requires special attention and concrete implementation. Accordingly, the following minimum guidelines are required to be followed by banks/DFIs to avert the risks posed by the money laundering and terrorist financing. However, banks/DFIs are free to take additional measures in line with Financial Action Task Force Recommendations.
2. Banks/DFIs shall formulate and put in place a comprehensive CDD/KYC policy duly approved by their Board of Directors and in case of branches of foreign banks, approved by their head office, and cascade the same down the line to each and every business location/concerned officers for strict compliance.
3. CDD/KYC policy of the banks/DFIs shall inter alia include a description of the types of customers that are likely to pose a higher than average risk to the bank/DFI and guidelines for conducting Enhanced Customer Due Diligence depending upon the customer''s background, country of origin, public or high profile position, nature of business, etc.
4. BANKS/DFIS SHOULD UNDERTAKE CUSTOMER DUE DILIGENCE MEASURES WHEN:
-- (a) establishing business relationship;
-- (b) conducting occasional transactions above rupees one million whether carried out in a single operation or in multiple operations that appear to be linked;
-- (c) carrying out occasional wire transfers (domestic/cross border) regardless of any threshold;
-- (d) there is suspicion of money laundering/terrorist financing; and
-- (e) there is a doubt about the veracity or adequacy of available identification data on the customer.
5. BANKS/DFIS SHALL UNDERTAKE AT LEAST FOLLOWING CUSTOMER DUE DILIGENCE MEASURES:
(a) Banks/DFIs should not open and maintain anonymous accounts or accounts in the name of fictitious persons.
(b) All reasonable efforts shall be made to determine identity of every prospective customer. For this purpose, minimum set of documents to be obtained by the banks/DFIs from various types of customers/account holder(s), at the time of opening account, as prescribed in Annexure-VIII of the Prudential Regulations for Corporate/Commercial Banking. While opening bank account of "proprietorships", the requirements laid down for individuals at Serial No (1) of Annexure-VIII shall apply except the requirement mentioned at No (3) of the Annexure. Banks/DFIs should exercise extra care in view of the fact that constituent documents are not available in such cases to confirm existence or otherwise of the proprietorships.
(c) Banks/DFIs shall identify the beneficial ownership of accounts/transactions by taking all reasonable measures.
(d) For all customers, banks/DFIs should determine whether the customer is acting on behalf of another person, and should then take reasonable steps to obtain sufficient identification data to verify the identity of that other person.
(e) For customers that are legal persons or for legal arrangements, banks/DFIs are required to take reasonable measures to (i) understand the ownership and control structure of the customer
(ii) determine that the natural persons who ultimately own or control the customer. This includes those persons who exercise ultimate effective control over a legal person or arrangement.
(f) Government accounts should not be opened in the personal names of the government official(s). Any such account, which is to be operated by an officer of the Federal/ Provincial/ Local Government in his/her official capacity, shall be opened only on production of a special resolution/authority from the concerned administrative department duly endorsed by the Ministry of Finance or Finance Department of the concerned Government.
6. VERIFICATION IS AN INTEGRAL PART OF CDD/KYC MEASURES FOR WHICH BANKS/DFIS SHALL ENSURE THAT:
(a) copies of CNIC wherever required in Annexure-VIII are invariably verified, before opening the account, from Nadra through utilising on-line facility or where the banks/DFIs or their branches do not have such facility from the regional office(s) of Nadra.
(b) the identity of the beneficial owner is verified using reliable information/satisfactory sources.
(c) the cost of verification of CNIC from Nadra should not be passed on to their account holder(s) (either existing or prospective).
7. BANKS /DFIS SHALL NOTE THAT:
(a) For customers/clients whose accounts are dormant and an attested copy of account holder''s Computerised National Identity Card (CNIC) is not available in bank''s /DFI''s record, banks/DFIs shall not allow operation in such accounts until the account holder produces an attested copy of his/her CNIC and fulfil all other formalities for activation of the account.
(b) For all other customers/clients including depositors and borrowers, banks/DFIs shall obtain the attested copies of CNICs by June 30, 2009. Banks/DFIs shall discontinue relationship with such customers who fail to submit a copy of their CNIC by the above deadline.
Banks/DFIs are encouraged to carry on public campaign through print/electronic media individually as well as through Pakistan Banks Association for creating public awareness on requirement of CNIC for banking purposes. They are also advised to confirm compliance with the subject instructions by the above extended timelines.
8. Banks/DFIs are also advised that CDD/KYC is not a one-time exercise to be conducted at the time of entering into a formal relationship with customer/account holder. This is an on-going process for prudent banking practices. To this end, banks/DFIs are required to:
(a) set up a compliance unit with a full-time Head.
(b) put in place a system to monitor the accounts and transactions on regular basis.
(c) update customer information and records, if any, at reasonable intervals.
(d) install an effective MIS to monitor the activity of the customers'' accounts.
(e) chalk out plan of imparting suitable training to the staff of bank/DFI periodically.
(f) maintain proper records of customer identifications and clearly indicate, in writing, if any exception is made in fulfilling the CDD/KYC measures.
9. BANKS/DFIS SHALL CONDUCT ENHANCED DUE DILIGENCE WHEN:
(a) dealing with high-risk customers, business relationship or transaction, including the following;
i) non-resident customers;
ii) private banking customers;
iii) legal persons or arrangements including non-governmental organisations (NGOs)/not-for-profit organisations (NPOs) and trusts/charities;
iv) customers belonging to countries where CDD/KYC and anti-money laundering regulations are lax;
v) customers with links to offshore tax havens;
vi) customers in cash based businesses;
vii) high net worth customers with no clearly identifiable source of income; and
viii) customers in high-value items etc.
(b) there is reason to believe that the customer has been refused banking facilities by another bank/DFI.
(c) opening correspondent banks'' accounts.
(d) dealing with non-face-to-face/on-line customers. Adequate measures in this regard should be put in place, eg independent verification by a reliable third party, client report from the previous bank/DFI of the customer, etc.
(e) establishing business relationship or transactions with counterparts from or in countries not sufficiently applying FATF recommendations.
(f) dealing with politically exposed persons or customers holding public or high profile positions.
10. FOR POLITICALLY EXPOSED PERSONS OR HOLDERS OF PUBLIC OR HIGH PROFILE POSITIONS, ENHANCED DUE DILIGENCE SHOULD INCLUDE THE FOLLOWING:
(a) Relationship should be established and or maintained with the approval of senior management including when an existing customer becomes holder of public or high profile position.
(b) Appropriate risk management systems to determine whether a potential customer, a customer or the beneficial owner is a politically exposed person/holder of public or high profile position and sources of wealth/funds of customers, beneficial owners for ongoing monitoring on regular basis.
11. Where there are low risks and information on the identity of the customer and the beneficial owner of a customer is publicly available, or where adequate checks and controls exist, banks/DFIs may apply simplified or reduced CDD/KYC measures. Following cases may be considered for application of simplified or reduced CDD/KYC:
(a) Financial institutions, provided they are subject to requirements to combat money laundering and terrorist financing consistent with the FATF recommendations and are supervised for compliance with those requirements.
(b) Public companies that are subject to regulatory disclosure requirements and such companies are listed on a stock exchange or similar situations.
(c) Government administrations or entities.
12. Reduced CDD/KYC measures shall not be applied where there is risk of money laundering or terrorist financing or when a customer resides in a country, which does not comply with FATF recommendations.
13. In case banks/DFIs are not able to satisfactorily complete required CDD/KYC measures including identity, beneficial ownership or information on purpose and intended nature of business relationship, account should not be opened or any service provided and instead reporting of suspicious transaction be considered. Similarly, relationship with existing customers should be terminated and reporting of suspicious transaction be considered if CDD/KYC is found unsatisfactory.
14. State Bank of Pakistan, during the course of inspection, would particularly check the efficacy of the CDD/KYC policies and system of the banks/DFIs and its compliance by all the branches and the staff members. Appropriate action shall be taken against the bank/DFI and the concerned staff members for non-compliance and negligence in this area, under the provisions of Banking Companies Ordinance, 1962.