The CMO Survey - Highlights and Insights Report - Spring 2024
Regulations Overview.pptx
1. ANTI-MONEY LAUNDERING, COMBATING THE FINANCING OF
TERRORISM & COUNTERING PROLIFERATION FINANCING
(AML/ CFT/ CPF) REGULATIONS
FOR
STATE BANK OF PAKISTAN’S REGULATED ENTITIES
(SBP-REs)
(Updated up to June 08, 2021)
2. Zohaib Zulfiqar Abbasi
Unit Head (AML C & C) / AML Officer,
Master of Commerce (Punjab University)
Post Graduate Diploma in Fraud and Money
Laundering: Prevention, Detection and Investigation
NIBAF Certified AML/CFT Professional
E-mail: zohaib.121134@ztbl.com.pk
Phone: 051-9252765 / 0300-9877078
3. What is Money Laundering?
FATF: -
The goal of a large number of criminal acts is to
generate a profit for the individual or group that
carries out the act. Money laundering is the
processing of these criminal proceeds to
disguise their illegal origin.
5. proliferation financing” means the
Financing of proliferation of weapons of mass destruction;
▶ بڑے
پیمانے
والے پھیالنے تباہی پر
ہتھیار
6. REGULATION – 1
RISK BASED APPROACH TO AML / CFT
1. SBP REs shall comply with risk based approach
2.SBP REs shall ensure entity level Internal Risk Assessment Report (IRAR)
which covers Transnational TF risk.
3. IRAR shall include results of National Risk Assessment (NRA)
4. IRAR should be used for evaluating Residual Risk
5. SBP REs shall formulate policy for application of SDD, CDD and EDD.
6. Periodic updation of IRAR
7.SBP REs shall develop AML / CFT / CPF policies / procedures / controls /
obligation / preventive measures
7. REGULATION – 2
Definition of Due Diligence
1.REs shall at minimum conduct CDD of the customers / occasional
customers as set out in section 7A (1) of the AML Act
2. REs shall apply CDD measures as per section 7A (2) of the AML Act
3.For identification of the customer / occasional customer, REs shall obtain
information mentioned in Annexure I
4. For purpose of verification of identity of the customer / occasional
customer, REs shall obtain information mentioned in Annexure II
5. Reliable and independent document
6. Customers, Product & Services, delivery channels and geographic location
7. Person who acts on behalf of the customer (authorized agent or
representative)
8. Ascertain the beneficial ownership
9. Additional documentation
10. Measures to verify the identity of beneficial owners of legal persons
11. Customer Due Diligence
Identify and Verify the Customer
(In case of expired CNIC, account may be opened or process of permanent customer
relationship may be initiated on the basis of attested copies of NADRA receipt/
token and expired CNIC subject to condition that SBP RE shall obtain copy of
renewed CNIC of such customer within 03 months of the opening of account/
initiating permanent customer relationship.)
Identify and verify the beneficial
Ownership
12. Customer Due Diligence
Beneficial Owner (AMLA, 2010, Sec 2a)
“beneficial owner” means,— (a) natural person who ultimately owns or
controls a customer or the natural person on whose behalf a transaction
is being conducted; or
(b) natural person who exercises ultimate effective control over a legal
person or legal arrangement;
Beneficial Owner (SECP)
Ultimate Beneficial Owner” “means a natural person who ultimately
owns or controls a company, whether directly or indirectly, through at
least twenty-five percent shares or voting rights
13.
14.
15.
16. Customer Due Diligence
Source of Funds: - A customer’s SoF refers to the origin and
means of transfer of currency, financial instruments or other
assets deposited with the FI.
Simply, Source of funds mean source of all funds that land in
an account.
17. Customer Due Diligence
Source of Wealth: - Customer SoW generally
refers to a description of the economic,
business and/or commercial activities that
generated, or significantly contributed to, the
customer’s overall net worth (assets minus
liabilities), recognising that the composition of
wealth generating activities may change over
time, as new activities are identified and
additional wealth is accumulated.
19. Definition:
“The Common Reporting Standard (CRS) is a worldwide information-gathering and reporting
requirement for financial institutions, to help fight against tax evasion and protect the integrity
of tax systems.”
CRS is a global standard for the automatic exchange of financial information between jurisdictions
that have agreed to adopt it. The Organization for Economic Co-operation and Development
(OECD) introduced CRS in order to combat tax evasion and to improve cross-border tax
compliance. In Pakistan, CRS compliance is effective from 01 July 2017.
Which countries have committed to the implementation of CRS?
200+ countries that have committed to the implementation of CRS as full list of countries is
available on the OECD website.
Required Forms for CRS?
CRS-I (For Individual Persons)
CRS-2 (For Entities)
CRS-3 (For Controlling Persons)
21. Foreign Account Tax Compliance Act (FATCA)
FATCA stands for the Foreign Account Tax Compliance Act. This legislation was introduced
by the United States Department of Treasury and the US Internal Revenue Service (IRS), the
purpose of FATCA is to encourage better tax compliance by preventing US persons from
using banks and other financial institutions for tax evasion.
When the FATCA legislation become effective in PAKISTAN?
In Pakistan, FATCA compliance is effective from 1st July 2014 for personal accounts and
from 1st Jan 2015 business accounts.
Why ZTBL needs to comply with FATCA legislation?
State Bank of Pakistan (SBP) vide BPRD Circular Letter No. 16 of 2014 dated: April 30,
2014 has advised all Financial Institutions to complete the registration process with the IRS
as a Participating Foreign Financial Institution (PFFI) to avoid negative repercussions of non-
compliance with FATCA regulations.
22. Required Forms for FATCA:
W9 Form for Individual Accounts
W8-BEN-E for Entity Accounts
W8-BEN for FATCA Indicia
The US indicia is used as an indication in determining the FATCA status of an individual –
US person or non US Person.
US citizen or resident
US place of birth
US address
US telephone
Standing instruction to a US account
Power of Attorney with a US address
Provides only a “hold mail” or “in care of” address
23.
24. Obtaining additional information on the customer (for e.g. occupation, assets volume),
and updating more regularly the identification data of customer and beneficial owner;
Obtaining additional information on the intended nature of the business relationship;
Obtaining information on the SOF/SOW & reasons for intended transactions of the
customer; ;
Obtaining the approval of senior management to commence or continue the business
relationship;
Conducting enhanced monitoring of the business relationship by increasing the number
and timing of controls.
Verifying the identity of the customer and the beneficial owner after the establishment
of the business relationship Reducing the frequency of customer identification updates;
Reducing the degree of ongoing monitoring and scrutinizing transactions based on a
reasonable monetary threshold;
Not collecting specific information to understand the purpose & intended nature of the
business but inferring the purpose and nature from the type of transactions or business
relationship established.
25. Sr. Particular Checklist
1. Customer Postal Address or email address is up to date
2. Customer Contact Number is up to date
3. Customer Source of funds is up to date
4. Customer last 1/2/3 year account’s activity is consistent with its
profile
5. Senior Management approval is taken. (Only for PEP, NPO/NGO,
Trust and Charity Accounts)
6. Beneficial Ownership information is up to date
7. Source of wealth is up to date (Only for PEP)
8. Customer not falls in PEP category
9. All other relevant KYC/CDD formalities are completed
On-Going Due Diligence (ODD)
26.
27. ▶ REs (except ECs/ ECs-B) allowed to rely on third party FIs for CDD.
▶ REs shall satisfy themselves that the third party financial institution is regulated, and has measures in place for
compliance with CDD & other regulations.
▶ REs shall ensure compliance of High Risk Jurisdictions Regulation-14. (The lists of countries which falls in High-
Risk jurisdictions have significant strategic deficiencies.)
REGULATION – 4
FINANCIAL SANCTIONS UNDER UNSC ACT, 1948 AND ATA, 1997
▶ Under the UNSC Act and ATA, Designated Person and Proscribed Person, Entities owned or controlled, directly
or indirectly, by them; or Individuals and entities acting on their behalf, or at their direction
▶ RE will ensure the real-time screening of customers / occasional customers.
▶ If any relationship is found REs shall
a) Freeze, without delay and without prior notice, the funds or other assets of the identified
relationship. Compliance will report STR to FMU.
REGULATION – 3
RELIANCE ON THIRD PARTY FINANCIAL INSTITUTIONS FOR CDD
MEASURES
28. b) Report the freezing of funds or other financial assets to SBP, within 48 hours of
freezing, in the manner prescribed by SBP.
▶ SBP REs shall ensure compliance with TFS obligations with regard to their vendors,
employees (permanent, contractual or hired through outsourcing), BoD, owners, sponsor
shareholders, etc.
REs shall permit deposits (credits) in frozen accounts without changing status of the
accounts. However, no charges shall be deducted from frozen accounts
REGULATION – 5
POLITICALLY EXPOSED PERSONS (PEPs)
In relation to PEPs and their close associates or family members, SBP REs shall:
a) Implement appropriate internal policies, procedures and controls to determine if a customer or
beneficial owner is a PEP or a close associate or a family member of a PEP, both prior to establishing a
business relationship.
b) Obtain approval from the senior management where the customer or a beneficial owner is a PEP.
c) Establish, by appropriate means, the sources of wealth and the source of funds of customers and
beneficial owners identified as PEP.
d) Conduct enhanced ongoing monitoring of business relations with the customer or beneficial owner
identified as PEP,
29. Detail of Amended Regulations: Regulation – 4
Targeted Financial Sanctions under UNSC Act, 1948 and ATA, 1997
▶ 3) SBP REs shall ensure mechanisms, processes and procedures for real-time
screening of customers/ occasional customers, by implementing effective name
screening solution and allocate sufficient trained resources. Unquote]
▶ In this regard you are advised to coordinate with Country Operations to create
tool for screening of Home remittance transactions with Sanctions Lists i.e. UNSC,
OF
AC, EU, NACT
A and FIA Redbook, and share it with concerns who perform Homer
remittance transactions and instruct them to keep proper record of screen results
alongwith copy of valid ID document with each transaction for audit review.
30. PEP Politically Exposed Person
Definition: PEPs are defined as individuals, who are or have been
entrusted with prominent public functions in a Local or Foreign
country, for example Heads of State or of Government, Senior
Politicians, Senior Government, Judicial or Military Officials,
important political party officials, business relationships with family
members or close associates of PEPs involve reputation risks similar
to those with PEPs themselves.
Close family members of PEPs includes: Spouses, children, parents,
siblings and may also include other blood relatives and relatives by
marriage.
Closely associated persons includes: Close business colleagues and
personal Advisors/ Consultants to the politically exposed person as
well as persons who are expected to benefit significantly by being
close to such a person.
Relationships with PEPs shall be established with the prior approval of
respective Functional Business Heads and AML Unit, HOK’s Clearance
31. REGULATION – 6
NGO/ NPO/ CHARITY/ TRUST ACCOUNTS
1) Conduct EDD (including obtaining senior management approval) while establishing relationship or financial
transaction with NGOs/ NPOs, Charities and Trusts.
2) CDD /EDD of the individuals and all members of their governing body who are authorized to operate these
accounts and all members of their governing body. REs shall ensure that these persons are not affiliated with
any DP/ PP, whether under the same name or a different name. The same would be applied on all existing
relationships of NGOs/ NPOs/ Charities/ Trust
3) REs will ensure that the title of the customer/account is the same as that of the entity soliciting donations. In
case of any difference, immediate the matter shall be considered for filing STR.
4) Personal accounts/ customer relationships shall not be allowed to be used for charity purposes/ collection of
donations.
REGULATION – 7
REPORTING OF TRANSACTIONS (STRs/ CTRs)
1) SBP REs shall file STRs and CTRs with FMU as required under Section 7 of the AML Act.
• CTR ( Currency Transaction Report)
• STR ( Suspicious Transaction Report)
• As per Section 7 of the AMLAct STR shall be filed with the FMU promptly.
32. ANTI-MONEY LAUNDERING ACT 2010
AS AMMENDED ON SEPTEMBER 2020
Failure to file STR and for providing false information
▶ Whoever willfully fails to comply with the STR requirement as provided in section 7
or give false information shall be liable for imprisonment for a term which may
extend to five years or with fine which may extend to five hundred thousand rupees
or both.
▶ In case of entities, the relevant regulatory authority can also revoke the license or
registration of such entity and necessary regulatory/administrative action can also be
taken
DISCLOSURE OF INFORMATION (TIPPING OFF):
1) The directors, officers, employees and agents of any financial institution, non-
financial business or profession or intermediary which report a suspicious
transaction or CTR pursuant to this Act or any other authority, are prohibited from
disclosing, directly or indirectly, any person involved in the transaction that the
transaction has been reported.
2) A violation of the above is a criminal offence and shall be punishable by a
maximum term of five years imprisonment or a fine which may extend to two
million rupees or both.
33. REGULATION – 8
RECORD KEEPING
1. The records obtained through CDD , copies of identification documents, account opening forms, KYC forms,
verification documents and other documents along with records of account files and business correspondence,
shall be maintained for a period of ten years after the business relationship is ended.
2. Record of Transactions, Record of any analysis (e.g. inquiries to establish the background and purpose of
complex, unusual large transactions)record related to STR & CTR shall be maintained minimum for a period of
ten years
3. Record, If required by LEAs and other relevant authorities, customers or instruments are involved in litigation
retain such records until the litigation is resolved or until the court of law indicates that the records no longer
need to be retained.
REGULATION – 9
CORRESPONDENT BANKING
Assess the suitability of the respondent bank gather adequate information about the respondent bank,
including but not limited to the following;
• Major business activities . Their geographical presence/ jurisdiction (country) of correspondence
• Information about the respondent bank’s management and ownership
CDD, AML/ CFT/ CPF controls and procedures
• EDD when correspondent relationship pertaining to high risk countries
Obtain approval of senior management, before establishing new correspondent banking relationship
34. REGULATION – 10
MONEY VALUE TRANSFER SERVICE (MVTS) / EXCHANGE COMPANIES
• Only SBP licensed entities can carry out MVTS business in Pakistan.
• Unauthorized foreign exchange business / unauthorized money transfers/ payments (illegal MVTS) (Hundi/
Hawala) is a punishable offense under FERA and the Act.
• Discourage public from using illegal MVTS (Hundi/ Hawala). RE should run awareness campaigns against illegal
MVTS (Hundi/ Hawala) through placing notices/ banners, websites, ATMs and other digital platforms.
REGULATION – 11
WIRE TRANSFERS/ FUND TRANSFERS
•REs shall scrutinize information of sender and receiver, SBP REs shall include the following information in the
message or payment instruction
A. Name of the originator;
B. Originator’s account number or unique reference number which permits traceability of the transaction;
C. Originator’s applicable identity document number;
D. Name of the beneficiary; and
E. Beneficiary’s applicable identity document number
Responsibility of the Ordering Institution
Responsibility of the Beneficiary Institution
35. REGULATION – 12
NEW TECHNOLOGIES
▶ Review of Products and Services including new Technologies
1. ML/ TF/ PF risks assessment before the development of new products, services/ launch or use of new
product/services
▶ Automation of business and operational processes and use of systems for risk management and
controls in area of AML/ CFT/ CPF
▶ Implement automated Transaction Monitoring Systems (TMS) capable of producing meaningful alerts,
for analysis and possible reporting of suspicious transactions.
▶ AML/ CFT/ CPF policies and/ or procedures for management of such alerts. The adequacy of staff . REs
shall place adequate number of analysts for monitoring and reporting purpose.
REGULATION – 13
INTERNAL CONTROLS
▶ As mentioned in Regulation-1 (Risk Based Approach to mitigate ML/ TF/ PF
risks REs shall:
▶ Development and keeping the entity’s policy framework approved by board updated with
regard to mitigation of emergent ML/ TF/ PF risks
▶ AML/ CFT/ CPF compliance program/ procedure manuals/ SOPs approved by Senior
Management
36. ▶ Compliance
a. Include AML/ CFT/ CPF related responsibilities in Key Performance Indicators (KPIs) of responsible
staff down the line
b. SBP REs shall assess working strength of the compliance function and all its sub-divisions annually
and deficiency shall be addressed
▶ Employees shall be strictly prohibited from disclosing the fact to the customer that STR or related
information is being or has been reported to FMU. This shall be made part of Code of Ethics to be
signed by employees and Directors.
▶ Employee Due Diligence
▶ REs shall develop and implement appropriate screening procedures at the time of hiring all
employees (contractual or permanent)
▶ All employees are screened against lists of designated and proscribed individuals, on an ongoing
basis, and maintain proper record of screening.
▶ No employee is or has been convicted/ involved in any fraud/ forgery, financial crime etc.
▶ SBP REs comply with SBP’s Fitness and Proprietary Test (F&PT) Criterion required for sponsor
shareholders & board approval and senior management appointment
▶ Training
37. REGULATION – 14
COUNTER MEASURES FOR HIGH RISK JURISDICTIONS
▶ High Risk jurisdiction rules were issued on OCTOBER 1, 2020 by Government of Pakistan
Ministry of Finance
▶ SBP REs shall comply with the obligations imposed in the Counter Measures for High Risk
Jurisdictions Rules, 2020.
▶ The lists of countries which falls in High-risk jurisdictions have significant strategic deficiencies
in their regimes to counter money laundering, terrorist financing, and financing of proliferation.
This list is often externally referred to as the “black list”.
Black List Countries
Democratic People's Republic of Korea (DPRK)
Iran
When the FATF places a jurisdiction under increased monitoring, it means the
country has committed to resolve swiftly the identified strategic deficiencies within
agreed timeframes and is subject to increased monitoring. This list is often externally
referred to as the
‘Grey List Countries’
38. Jurisdictions under increased monitoring are actively working with the FATFto address
strategic deficiencies in their regimes to counter money laundering, terrorist financing, and
proliferation financing.
When the FATFplaces a jurisdiction under increased monitoring, it means the country has
committed to resolve swiftly the identified strategic deficiencies within agreed timeframes
and is subject to increased monitoring. This list is often externally referred to as the
‘Grey List Countries’
20. Uganda
21. Yeman
22. Zimbabwe
1. Albania
2. Barbados
3. Botswana
4. Burkina Faso
5. Cambodia
6. Cayman Islands
7. Haiti
8. Jamaica
9. Malta
10. Mauritius
11. Morocco
12. Myanmar
13. Nicaragua
14. Pakistan
15. Panama
16. Philippines
17. Senegal
18. South Sudan
19. Syria
39. REGULATION – 15
REGULATION AND SUPERVISION
1. Any sponsor shareholders/ beneficial owners, Directors, Presidents and key executives (all
persons subject to FPT) etc. shall become disqualified if they are DP/ PP or associated directly or
indirectly with any DP/ PP.
2. SBP REs shall ensure that the person subject to FPT has been verified through NADRA and
screened against the applicable sanctions list as per the applicable laws, rules and regulations.