AML/CFT COMPLIANCE GENERAL GUIDELINES FOR ......AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY...
Transcript of AML/CFT COMPLIANCE GENERAL GUIDELINES FOR ......AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY...
General compliance guidelines to assist
money remittance institutions in their
compliance to the Law No. 10/2014
(Prevention of Money Laundering and
Financing of Terrorism Act) and the
regulations issued under that Act; and to
establish internal programs to combat
money laundering and terrorism financing
applicable to those institutions.
AML/CFT COMPLIANCE
GENERAL GUIDELINES
FOR MONEY
REMITTANCE
INSTITUTIONS
26 December 2016
FINANCIAL INTELLIGENCE UNIT
Maldives Monetary Authority Boduthakurufaanu Magu,
Malé, 20182,
Republic of Maldives Email: [email protected]
Web: www.mma.gov.mv/fiu
AML/CFT COMPLIANCE
GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
CONTENTS
Introduction ............................................................................................................................................................................... 1
Scope ......................................................................................................................................................................................... 1
Applicability .............................................................................................................................................................................. 1
Acronyms................................................................................................................................................................................... 1
CHAPTER I – GENERAL ........................................................................................................................................................ 2
1- Money Laundering ...................................................................................................................................................... 2
2- Terrorism Financing .................................................................................................................................................... 2
3- Risk-Based Approach .................................................................................................................................................. 2
4- Risk Assessment .......................................................................................................................................................... 2
5- Risk Control and Mitigation ........................................................................................................................................ 3
6- Risk Profiling .............................................................................................................................................................. 3
CHAPTER II – AML/CFT PROGRAM .................................................................................................................................... 5
1- Board of Directors and Senior Management ............................................................................................................... 5
Board of Directors ............................................................................................................................................................ 5
Senior Management ......................................................................................................................................................... 6
Compliance Officer .......................................................................................................................................................... 6
2- Employee Due Diligence Procedures .......................................................................................................................... 7
3- Employee Training and Awareness Programs ............................................................................................................. 7
4- Independent Audit Function ........................................................................................................................................ 8
5- Internal Policies, Procedures, and Controls ................................................................................................................. 8
CHAPTER III – COMPLIANCE MEASURES ...................................................................................................................... 10
1- KYC and CDD .......................................................................................................................................................... 10
When to Conduct KYC and CDD? ................................................................................................................................ 10
What is Required? .......................................................................................................................................................... 10
CDD related to Combating the Financing of Terrorism ................................................................................................. 10
Verification of KYC and CDD Information ................................................................................................................... 11
Specific CDD Measures ................................................................................................................................................. 11
Enhanced CDD .............................................................................................................................................................. 13
On-Going Due Diligence ............................................................................................................................................... 13
Existing Customers ........................................................................................................................................................ 14
Politically Exposed Persons ........................................................................................................................................... 14
New Products and Business Practices ............................................................................................................................ 15
Transfers ........................................................................................................................................................................ 15
Reliance on Third Parties ............................................................................................................................................... 16
Non-Face-to-Face Business Relationship ....................................................................................................................... 16
Higher Risk Countries .................................................................................................................................................... 16
Unable to Comply with the CDD Measures ................................................................................................................... 16
Resource Allocation ....................................................................................................................................................... 17
2- Monitoring and Reporting ......................................................................................................................................... 17
Monitoring ..................................................................................................................................................................... 17
Suspicious Transaction Reporting .................................................................................................................................. 17
Tipping Off .................................................................................................................................................................... 18
Other Transaction Reports ............................................................................................................................................. 19
3- Record Keeping ......................................................................................................................................................... 19
4- Non-Compliance ....................................................................................................................................................... 19
CHAPTER IV – FEEDBACK AND INQUIRIES ................................................................................................................... 21
CHAPTER V – REFERENCE ................................................................................................................................................. 21
1- Useful Websites ........................................................................................................................................................ 21
2- Useful Reference Materials ....................................................................................................................................... 21
APPENDIX - EXAMPLES OF RED FLAGS ......................................................................................................................... 22
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
1
AML/CFT COMPLIANCE
GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
Introduction This guidance document is issued by the Financial Intelligence Unit pursuant to the paragraph (5)
Section 27(c) of Law No. 10/2014 (Prevention of Money Laundering and Financing of Terrorism Act,
hereinafter referred to as the PMLFTA).
The purpose of this document is to assist money transfer institutions other than licensed banks and
mobile payment services providers permitted or licensed by Maldives Monetary Authority to conduct
money remittance or funds transfer services in their compliance to the PMLFTA and the regulations
issued under this Act and to establish internal programs to combat money laundering and terrorism
financing that is applicable to those institutions. These money transfer institutions bear the
responsibility to establishment of such programs and must ensure that its permitted services are not
being used to launder unlawfully derived funds or to finance terrorist acts.
Scope This document uses plain language to explain the relevant compliance aspects in the PMLFTA as well
as the related Regulations. It is provided as compliance guidance only. It is not legal advice, and is not
intended to replace the PMLFTA and Regulations.
This document intends to cover the following:
1- obligations of money transfer institutions with respect to the requirements imposed under the
PMLFTA;
2- requirements imposed on money transfer institutions in implementing a risk-based approach
in managing ML/TF risks; and
3- roles of the Board of Directors and Senior Management of money transfer institutions in
putting in place the relevant AML/CFT measures.
Applicability All on-shore and off-shore money transfer institutions, other than banks and mobile payment service
providers, licensed by the Maldives Monetary Authority pursuant to relevant laws and regulations are
recommended to refer to this document and be guided by this document in their compliance to the
PMLFTA and the applicable regulations issued under this law.
The Financial Intelligence Unit reserves the right to amend and make relevant changes to this
document.
Acronyms AML – anti-money laundering
CFT – combatting the financing of terrorism
CDD – customer due diligence
KYC – know your customer
FATF – Financial Action Task Force
ML – money laundering
TF – terrorism financing
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
2
CHAPTER I – GENERAL
1- Money Laundering
Money laundering is the process by which criminals attempt to conceal the true origin and ownership
of the proceeds of their criminal activities.
While the techniques for laundering funds vary considerably and are often highly intricate, there are
generally three stages in the process:
Placement - the physical disposal of cash proceeds derived from illegal activity;
Layering - separating illicit proceeds from their source by creating complex layers of financial
transactions designed to disguise the source of money, subvert the audit trail and provide
anonymity; and
Integration - creating the impression of apparent legitimacy to criminally derived wealth.
These three stages may occur as separate and distinct phases. They may also occur simultaneously or,
more commonly, they may overlap. How the basic steps are used depends on the available laundering
mechanisms and the requirements of the criminals.
If the layering process has succeeded, integration schemes place the laundered proceeds back into the
economy in such a way that they re-enter the financial system appearing to be normal business funds.
Money remittance services are often used by money launderers and terrorist financiers in layering
stage to disguise the origin and real purposes of funds.
Money remittance institutions are therefore placed with a statutory duty to make a disclosure to the
authorized officer when knowing or suspecting that any property, in whole or in part, directly or
indirectly, representing the proceeds of an offence or is connected to terrorism financing, or was or is
intended to be used in that connection is passing through the institution. Such disclosures are
protected by law, enabling the person with information to be able to disclose the same without the risk
of breaching their duty of confidentiality owed to customers.
2- Terrorism Financing
Financing of terrorism generally refers to carrying out transactions involving funds or property,
whether from a legitimate or illegitimate source, that may or may not be owned by terrorists, or those
have been, or are intended to be used to assist the commission of terrorist acts, and/or the financing of
terrorists and terrorist organisations.
The major difference between money laundering and terrorism financing is that the funds used in
terrorism financing maybe legitimate funds whereas money laundering involves funds or property that
are proceeds crime.
3- Risk-Based Approach
In the context of “Risk-Based Approach”, the intensity and extensiveness of risk management
functions shall be proportionate to the nature, scale and complexity of the money remittance
institution’s activities and ML/TF risk profile. The institution’s AML/CFT risk management function
must be aligned and integrated with their overall risk management control function.
4- Risk Assessment
Money remittance institutions are required to take appropriate steps to identify, assess and understand
their ML/TF risks in relation to the nature and size of the institution’s business, including whether
there are multiple subsidiaries, branches or agent networks offering financial products and services;
the risk profile of its customers, including whether their customer base is more diverse across
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
3
different geographical locations; the extent to which the products and services offered are consistently
below a given threshold; and the extent to which the institution is vulnerable to ML/TF threats.
In identifying and assessing indicators of ML/TF risk to which they are exposed, money remittance
institutions should consider a range of factors which may include:1
The nature, scale, diversity and complexity of their business and their target markets;
The proportion of customers already identified as high risk;
The jurisdictions the institution is operating in or otherwise exposed to, either through its own
activities or the activities of customers, especially in jurisdictions with greater vulnerability
due to contextual and various risk factors such as the prevalence of crime, corruption,
financing of terrorism, as well as the general level and quality of governance, law
enforcement, AML/CFT controls, regulation and supervision, including those listed by FATF;
The distribution channels, including the extent to which the institution deals directly with the
customer and the extent to which it relies (or is allowed to rely) on third parties to conduct
CDD, the complexity of the payment chain and the settlement systems used between
operators in the payment chain, the use of technology and the extent to which agent networks
are used;
The internal audit and regulatory findings; and
The volume and size of its transactions, considering the usual activity of the institution and
the profile of its customers.
In assessing ML/TF risks, money remittance institutions shall have the following processes in place:
1- documenting their risk assessments and findings;
2- considering all the relevant risk factors before determining what is the level of overall risk
and the appropriate level and type of mitigation to be applied;
3- keeping the assessment up-to-date through a periodic review; and
4- having appropriate mechanisms to provide risk assessment information to the supervisory
authority.
Money remittance institutions are required to conduct additional risk assessment as and when required
by the Financial Intelligence Unit or the respective supervisory authority.
5- Risk Control and Mitigation
Money remittance institutions are required to:
have policies, controls and procedures to manage and mitigate ML/TF risks that have been
identified;
monitor the implementation of those policies, controls, procedures and to enhance them if
necessary; and
take enhanced measures to manage and mitigate the risks where higher risks are identified.
Money remittance institutions must conduct independent control testing on their policies, controls and
procedures for the purpose of monitoring the implementation of their risk control and mitigation
policies mentioned above.
6- Risk Profiling
Money remittance institutions may conduct risk profiling on their customers, considering the
following risk factors:
1- customer risk (e.g. resident or non-resident, type of customers, occasional or one-off
transactions, legal person structure, types of PEP, types of occupation);
2- geographical location of business, country of origin of customers or destination of the
recipient;
1 FATF Guidance for a Risk-Based Approach - Money or Value Transfer Services (February 2016)
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
4
3- products, services, transactions or delivery channels (e.g. cash-based, face-to-face or non
face-to-face, cross-border); and
4- any other information suggesting that the customer is of higher risk.
The risk control and mitigation measures implemented shall commensurate with the risk profile of a
particular customer or type of customer. Upon the initial acceptance of the customer, money
institutions may regularly review and update the customer’s risk profile based on their level of ML/TF
risks.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
5
CHAPTER II – AML/CFT PROGRAM In order to discharge the statutory responsibility to detect possible attempts of money laundering or
financing of terrorism, every money remittance institution must have an AML/CFT program which
should, at a minimum, include:
Internal policies, procedures, and controls;
Designation of a principal Compliance Officer;
Recruitment and training of its employees and agents; and
Audit of AML/CFT policies, procedures and controls.
Where applicable, the AML/CFT program must be applicable and appropriate to all branches,
subsidiaries and agents of the institution.
1- Board of Directors and Senior Management
Board of Directors
Members of Board of Directors (the Board) must be aware of their roles and responsibilities in
managing ML/TF risks faced by a money remittance institution, as well as the ML/TF risks associated
with business strategies, delivery channels and geographical coverage of its business products and
services.
The Board must understand the AML/CFT measures required by the laws including the PMLFTA,
subsidiary legislations and instruments issued under the PMLFTA, and the industry's standards and
best practices as well as the importance of implementing AML/CFT measures to prevent the
institution from being abused by money launderers and financiers of terrorism.
Generally, the Board has the following roles and responsibilities:
maintain accountability and oversight for establishing AML/CFT policies and minimum
standards.
approve policies regarding AML/CFT measures within the institution, including those
required for risk assessment, mitigation and profiling, CDD, record keeping, on-going due
diligence, reporting of suspicious transactions and combating the financing of terrorism.
establish appropriate mechanisms to ensure the AML/CFT policies are periodically reviewed
and assessed in line with changes and developments in the institution's products and services,
technology as well as trends in ML/TF.
establish an effective internal control system for AML/CFT and maintain adequate oversight
of the overall AML/CFT measures undertaken by the institution.
define the lines of authority and responsibility for implementing the AML/CFT measures and
ensure that there is a separation of duty between those implementing the policies and
procedures and those enforcing the controls.
ensure effective internal audit function in assessing and evaluating the robustness and
adequacy of controls implemented to prevent ML/TF.
assess the implementation of the approved AML/CFT policies through regular reporting and
updates by the Senior Management and Audit Committee.
establish systems that is reflective of the nature of the institution's operations, size of
business, complexity of business operations and structure, risk profiles of products and
services offered by the institution and geographical coverage.
NOTE: Where a Board does not exist, the Senior Management of that money remittance institution
shall be considered as having the responsibilities of the Board.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
6
Senior Management
The Senior Management is responsible for the implementation and management of AML/CFT
compliance programmes in accordance with policies and procedures established by the Board,
requirements of the law, regulations, guidelines and the industry’s standards and best practices.
The Senior Management has the following roles and responsibilities:
be aware of and understand the ML/TF risks associated with business strategies, delivery
channels and geographical coverage of its business products and services offered and to be
offered including new products, new delivery channels and new geographical coverage;
formulate AML/CFT policies to ensure that they are in line with the risks profiles, nature of
business, complexity, volume of the transactions undertaken by the institution and its
geographical coverage;
establish appropriate mechanisms and formulate procedures to effectively implement
AML/CFT policies and internal controls approved by the Board, including the mechanism
and procedures to monitor and detect complex and unusual transactions;
ensure review and propose to the Board the necessary enhancements to the AML/CFT
policies to reflect changes in the institution's risk profiles, institutional and group business
structure, delivery channels and geographical coverage;
provide timely periodic reporting to the Board on the level of ML/TF risks facing the
institution, strength and adequacy of risk management and internal controls implemented to
manage the risks and the latest development on AML/CFT which may have an impact on the
institution;
allocate adequate resources to effectively implement and administer AML/CFT compliance
programmes that are reflective of the size and complexity of the institution's operations and
risk profiles;
ensure all the necessary remedial actions proposed by the Financial Intelligence Unit and the
regulator on AML/CFT compliance issues;
appoint a compliance officer at management level at the local Head Office with sufficient
authority and establish effective compliance mechanisms at each branch or subsidiary;
provide appropriate levels of AML/CFT training for its employees at all levels throughout the
institution;
ensure that there is a proper channel of communication in place to effectively communicate
the AML/CFT policies and procedures to all levels of employees;
ensure that AML/CFT issues raised are addressed in a timely manner; and
ensure the integrity of employees by establishing appropriate employee assessment system.
Compliance Officer
The Compliance Officer acts as the reference point for AML/CFT matters within a money remittance
institution. The Compliance Officer must have sufficient knowledge, resources, stature, authority and
seniority within the institution to participate and be able to effectively implement decisions of the
Board and the Senior Management relating to AML/CFT. The Compliance Officer is required to be
“fit and proper” to carry out his AML/CFT responsibilities effectively, based on the following criteria
at minimum:
probity, personal integrity and reputation; and
competency and capability.
The Compliance Officer must have the necessary knowledge and expertise to effectively discharge his
roles and responsibilities, including being informed of the latest developments in ML/TF techniques
and the AML/CFT measures undertaken by the industry.
Money remittance institutions are required to ensure that the roles and responsibilities of the
Compliance Officer are clearly defined and documented.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
7
The Compliance Officer has a duty to ensure the following:
the institution's compliance with the AML/CFT requirements;
proper implementation of the AML/CFT policies;
the appropriate AML/CFT procedures, including CDD, record keeping, on-going due
diligence, reporting of suspicious transactions and combating the financing of terrorism, are
implemented effectively;
the AML/CFT mechanism is regularly assessed to ensure that it is effective and sufficient to
address any change in ML/TF trends;
the channel of communication from the respective employees to the branch, subsidiary and
agents, is secured and that information is kept confidential;
all employees are aware of the institution's AML/CFT measures, including policies, control
mechanism and the channel of reporting;
internally generated suspicious transaction reports are appropriately evaluated before
submitted to the Financial Intelligence Unit;
the identification of ML/TF risks associated with new products or services or arising from the
institution's operational changes, including the introduction of new technology and processes;
and
act as the main contact person for the Financial Intelligence Unit on behalf of the institution
on AML/CFT measures.
Institutions must inform, in writing, the Financial Intelligence Unit on the appointment or change in
the appointment of the Compliance Officer, including such details as the name, designation, office
address, office telephone number, fax number, e-mail address and such other information as may be
required.
2- Employee Due Diligence Procedures
The employee due diligence procedures shall apply upon hiring the employee and throughout the
course of employment.
Institutions are required to establish an employee assessment system that is commensurate with the
size of operations and risk exposure of the institutions to ML/TF. The employee assessment system
shall include an evaluation of an employee’s personal information, including criminal records,
employment and financial history.
The employees must be made aware that they may be held personally liable for any failure to observe
the AML/CFT requirements and institutions are required to have proper remedial and administrative
actions applicable for the employees who violate the institution’s own policies and procedures,
including the institution’s AML/CFT policies and procedures, and shall keep record of the actions
taken.
3- Employee Training and Awareness Programs
Money remittance institutions are required to conduct awareness and training programs on AML/CFT
practices and measures for their employees. Such training must be conducted regularly and
supplemented with refresher trainings.
Every institution must make available its AML/CFT policies and procedures for all employees and its
documented AML/CFT measures must contain at least the following:
the relevant laws and regulations issued by the MMA;
the relevant documents on the enforcement of AML/CFT issued by the Financial Intelligence
Unit or relevant supervisory authorities; and
the institution’s internal AML/CFT policies and procedures.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
8
The training conducted for employees must be appropriate to their level of responsibilities in
detecting ML/TF activities and the risks of ML/TF faced by the institution. In addition, training for all
employees may provide a general background on ML/TF, the requirements and obligations to monitor
and report suspicious transactions to the Compliance Officer and the importance of CDD.
Front-Line Employees: Front-line employees may be trained to conduct effective on-going CDD,
detect suspicious transactions and on the measures that need to be taken upon determining a
transaction as suspicious. Training may also be provided on factors that may give rise to suspicion,
such as transacting in large cash volumes, PEPs, higher risk customers and the circumstances where
enhanced CDD is required.
Employees that Establish Business Relationships: The training for employees who establish
business relationship may focus on customer identification, verification and CDD procedures,
including when to conduct enhanced CDD and circumstances where there is a need to defer
establishing business relationship with a new customer until CDD is completed satisfactorily.
Supervisors and Managers: The training on supervisors and managers may include overall aspects
of AML/CFT procedures, in particular, the risk-based approach to CDD, risk profiling of customers,
enforcement actions that can be taken for non-compliance with the relevant requirements pursuant to
the relevant laws and procedures related to combat money laundering and the financing of terrorism.
4- Independent Audit Function
The Board is responsible to ensure regular independent audits of the internal AML/CFT measures to
determine their effectiveness and compliance with the PMLFTA, its regulations, subsidiary
legislations and the relevant documents on AML/CFT issued by the Financial Intelligence Unit as
well as the requirements of the relevant laws and regulations of other supervisory authorities, where
applicable.
The Board is required to ensure that the roles and responsibilities of the auditor are clearly defined
and documented. The roles and responsibilities of the auditor include, at a minimum:
(a) checking and testing the compliance with, and effectiveness of the AML/CFT policies,
procedures and controls; and
(b) assessing whether current measures are in line with the latest developments and changes to
the relevant AML/CFT requirements.
The scope of independent audit shall include, at a minimum:
a) compliance with PMLFTA, its subsidiary legislation and instruments issued under the
PMLFTA;
b) compliance with the institution’s internal AML/CFT policies and procedures;
c) adequacy and effectiveness of the AML/CFT compliance programme; and
d) reliability, integrity and timeliness of the internal and regulatory reporting and management of
information systems.
The institutions must ensure that the auditor submit a written audit report to the Board to highlight the
assessment on the effectiveness of AML/CFT measures and any inadequacy in internal controls and
procedures. Institutions must ensure that records of such audit findings and the necessary corrective
measures undertaken are kept and made available to the Financial Intelligence Unit and their relevant
supervisory authorities once requested.
5- Internal Policies, Procedures, and Controls
Each money remittance institution must establish and implement policies, procedures, and internal
controls in its AML/CFT program. These policies, procedures, and internal controls shall be in writing
and approved by the Board and subject to continuous or periodic review. At minimum, the following
shall be included in these policies, procedures, and internal controls:
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
9
KYC/CDD and Customer Acceptance
Monitoring and Reporting
Risk Assessment and Risk Mitigation
Record-keeping
Audit
Employee Due Diligence and Training
Such policies, procedures, and internal controls must be easily accessible to the relevant employees at
least during the office hours.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
10
CHAPTER III – COMPLIANCE MEASURES
1- KYC and CDD
Considering the potential threat of usage of the cash-intensive alternate remittance systems by a
money launderer, money remittance institutions should make reasonable efforts to determine the true
identity of all customers requesting for their services. Hence effective procedures should be put in
place to obtain and verify the requisite details for proper identification of new customers.
Every institution is expected to obtain satisfactory evidence of the identity and legal existence of the
customer and beneficial owner at the point of establishing the business relationship.
Money remittance institutions must not keep anonymous accounts or accounts in fictitious names or
conduct a single transaction with a customer whose identity cannot be properly verified.
When to Conduct KYC and CDD?
Money remittance institutions must conduct CDD on the customer and the person conducting the
transaction, when:
1- establishing business relationships or conducting a single transaction;
2- it has any suspicion of ML/TF, regardless of amount; or
3- it has any doubt about the veracity or adequacy of previously obtained information.
In conducting a single transaction, institutions may conduct simplified CDD on the customer,
beneficial owner and beneficiary for the remittance service the institutions provide based on the risks
the institutions may have identified or the regulator or the Financial Intelligence Unit has identified.
What is Required?
Money remittance institutions are required to:
identify the customer and verify that customer’s identity using reliable, independent source
documents, data or information;
verify that any person purporting to act on behalf of the customer is so authorised, and
identify and verify the identity of that person;
identify the beneficial owner and take reasonable measures to verify the identity of the
beneficial owner, using the relevant information or data obtained from a reliable source, such
that the institution is satisfied that it knows who the beneficial owner is; and
understand and, where relevant, obtain information on, the purpose and intended nature of the
business relationship or the single transaction.
A customer who fails to provide evidence of his identity must not be allowed to engage in business
relations with the institution or conduct a single transaction. Additional measures must be undertaken
to determine whether to proceed with the business relationship or the single transaction, where initial
checks fail to identify the customer or give rise to suspicions that the information provided is false and
could not be adequately verified.
CDD related to Combating the Financing of Terrorism
Money remittance institutions are required to keep updated with the various counter terrorism related
resolutions passed by the United Nations Security Council (UNSC) under the authority of Chapter VII
of the United Nations’ Charter on counter terrorism measures, in particular the UNSC Resolutions
1267 (1999), 1988 (2011) and 1989 (2011) which require sanctions against individuals and entities
belonging or related to Taliban and Al-Qaida.
Institutions should not conduct or continue any business relationship or a single transaction with or
involving the individuals and entities the UNSC designates as per the relevant resolutions.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
11
In addition to the above sanction lists, all the necessary steps must be taken to ensure other applicable
UN sanctions on nations, individuals and entities are taken into consideration when establishing
business relationships and conducting single transactions.
The Financial Intelligence Unit will provide updates on the changes (additions, changes in the
information and removal) to those lists with specific instructions to the institutions.
Institutions must conduct checks on the names of new customers, as well as regular checks on the
names of existing customers and potential customers, against the names in the database. If there is any
name match, institutions are required to take reasonable and appropriate measures to verify and
confirm the identity of its customer. Once confirmation has been obtained, institutions must
immediately:
a) freeze the customer’s funds or block the transaction (where applicable), if it is an existing
customer
b) reject the potential customer, if the transaction has not commenced
c) submit a suspicious transaction report to the Financial Intelligence Unit
Money remittance institutions must also submit a suspicious transaction report when there is an
attempted transaction involving any of the persons listed in the UN consolidated lists.
Institutions may also consolidate their database with the other recognised lists of designated persons
or entities issued by the Government of Maldives and other jurisdictions.
Verification of KYC and CDD Information
Apart from identification, money remittance institutions are required to verify the identity of its
customer, beneficial owner and beneficiary for all the transactions they conduct regardless of the
amounts involved.
The verification of the identity of the beneficiary must occur for all the transactions conducted, and
using relevant identification documents issued by designated Government authorities.
Institutions must verify the information referred to under the above paragraph by requiring the
customer or beneficial owner, as the case may be, to furnish the original document and make a copy
of the said document for record-keeping purposes. Institutions must also ensure that all the
identification documents are valid at the time of obtaining that information.
Specific CDD Measures
Individual Customer and Beneficial Owner: In conducting CDD on natural persons and beneficial
owners, institutions must obtain the relevant information including, but not limited to:
full name;
National Identity (NID) number, passport number or visa number of the customer or
beneficial owner;
residential and mailing address;
date of birth;
nationality;
occupation type;
name of employer or nature of self-employment/ nature of business;
contact number (home, office or mobile); and
purpose of the business relationship or transaction.
Money remittance institution must take all the necessary steps where a third party conducts a
transaction on behalf of a customer. In such cases, institutions must ensure collecting and verifying all
the necessary customer identification information of the actual transaction originator and the person
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
12
physically attending the institution, its branch, subsidiary or agent. In addition, necessary steps must
be taken to ensure the person is authorized to conduct transaction on behalf of the originator.
Legal Persons: For customers that are legal persons, institutions are required to understand the nature
of the customer’s business, its ownership and control structure.
Money remittance institutions shall identify the customer and verify its identity through the following
information, whichever is applicable:
name, legal form and proof of existence (such as Memorandum and Articles of Association,
Certificate of Incorporation and/or partnership agreements)
the powers that regulate and bind the customer such as directors’ resolution, as well as the
names of relevant persons having a senior management position; and
the address of the registered office and, if different, a principal place of business.
Money remittance institutions shall identify and take reasonable measures to verify the identity of
beneficial owners through the following information:
the identity of the natural person(s) (if any) who ultimately has a controlling ownership interest in
a legal person. At minimum, this includes the following:
o identification document of Directors/Shareholders or partners with equity interest of more
than twenty five percent;
o authorisation for any person to represent the company or business either by means of a letter
of authority or directors’ resolution; and
o relevant documents such as NID Card for Maldivians, permanent resident or passport for
foreigners, to identify the identity of the person authorised to represent the company or
business in its dealings with the institution.
to the extent that there is doubt as to whether the person(s) with the controlling ownership interest
is the beneficial owner(s) referred to in the above paragraph or where no natural person(s) exert
control through ownership interests, the identity of the natural person (if any) exercising control
of the legal person through other means; and
where no natural person is identified under the above paragraphs, the identity of the relevant
natural person who holds the position of senior management.
It is important to note that it might not be practical to identify and verify all the shareholders of an
entity listed in a stock exchange licensed by the Capital Market Development Authority. However,
institutions shall take all necessary steps to ensure identification and verification of the Board of
Directors and majority shareholders of those entities for KYC and CDD purposes.
Legal Arrangements and Trusts: For the purposes of this document, legal arrangements refer to
express trusts and other similar legal arrangements where a private or court-mediated agreement
between a debtor and unsecured creditors, under which the creditors agree to settle for a certain
fraction of monies owed by the debtor.
For customers that are legal arrangements, institutions are required to understand the nature of the
customer’s business, its ownership and control structure.
Institutions shall identify the customer and verify its identity through the following information:
name, legal form and proof of existence, or any reliable references to verify the identity of the
customer;
the powers that regulate and bind the customer, as well as the names of relevant persons
having a senior management position; and
the address of the registered office, and if different, a principal place of business.
Institutions are required to identify and take reasonable measures to verify the identity of beneficial
owners through the following information:
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
13
for trusts, the identity of the settler, the trustee(s), the protector (if any), the beneficiaries or
class of beneficiaries, and any other natural person exercising ultimate effective control over
the trust (including through a chain of control/ ownership); or
for other types of legal arrangements, the identity of persons in equivalent or similar
positions.
For the purpose of identifying beneficiaries of trusts that are designated by characteristics or by class,
institutions are required to obtain sufficient information concerning the beneficiary in order to be
satisfied that it would be able to establish the identity of the beneficiary when the beneficiary intends
to exercise vested rights.
Non-Profit Organisations: For customers that are non-profit organisations such as clubs, societies or
charities, institutions shall conduct CDD and require the customers to furnish the relevant
identification and constituent documents (or other similar documents) including certificate of
registration and the identification and verification of the office bearer or any person authorised to
represent the non-profit organization.
Institutions are required to take reasonable measures to identify and verify the beneficial owners of
non-profit organisations.
Enhanced CDD
Money remittance institutions shall perform enhanced CDD where the ML/TF risks are assessed as
higher risk. Enhanced CDD shall include at least, the following:
obtaining CDD information of the intended beneficiary;
identify and verify the true purpose of the funds remitted;
obtaining the source of wealth or source of funds;
obtaining approval from the Senior Management of the institution before executing the
transaction or establishing (or continuing, for existing customer) such business relationship
with the customer.
The following categories of customers and transactions are classified as high risk:
1- politically exposed persons who are or have been entrusted with prominent public functions in
the Maldives or any foreign country as well as members of such person’s family or those
closely associated with him/her
2- persons from an area or location identified as being a high risk area
3- transactions that were successfully used in the past to promote or hide illegal or terrorist
activities
4- if institution has any doubts about the veracity or adequacy of previously obtained
information
5- persons and entities designated by United Nations Security Council
In addition, the Financial Intelligence Unit may designate additional categories that require enhanced
CDD measures.
Regardless of the risks identified above, institutions are required to conduct their own risk
assessments and determine high risk customers and transactions to apply enhanced due diligence
measures.
On-Going Due Diligence
Money remittance institutions are required to conduct on-going due diligence on the business
relationship with its customers.
Such measures shall include:
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
14
scrutinising transactions undertaken throughout the course of that relationship to ensure that
the transactions being conducted are consistent with the institution’s knowledge of the
customer, their business and risk profile, including where necessary, the source of funds and
purpose of transactions
ensuring that documents, data or information collected under the CDD process is kept up-to-
date
if relevant, by undertaking reviews of existing records particularly for higher risk customers.
In conducting on-going due diligence, institutions may take into consideration the economic
background and purpose of any transaction or business relationship which:
appears unusual;
is inconsistent with the expected type of activity and business model when compared to the
volume of transaction;
does not have any apparent economic purpose;
casts doubt on the legality of such transactions, especially with regard to complex and large
transactions or involving higher risk customers; or
casts doubt about the veracity of previously provided information.
The frequency of the on-going due diligence or enhanced on-going due diligence, as the case may be,
shall commensurate with the level of ML/TF risks posed by the customer based on the risk profiles
and nature of transactions.
Institutions may increase the number and timing of controls applied, and to select patterns of
transactions that need further examination when conducting enhanced on-going due diligence.
Existing Customers
Money remittance institutions must apply CDD requirements to existing customers on the basis of
risk, at appropriate times, taking into account whether and when CDD measures have previously been
undertaken and the adequacy of information obtained.
In assessing risk of the existing customers, institutions may consider the following circumstances:
the nature and circumstances surrounding the transaction including the significance of the
transaction;
any material change in the way the account or business relationship is operated; and/or
insufficient information held on the customer or change in customer’s information.
Regardless of the assessment of risks as mentioned above, institutions shall take reasonable measures
to ensure their entire customer CDD information are up-to-date.
Politically Exposed Persons
Money remittance institutions are required to take reasonable measures to determine whether the
customer, beneficial owner, or, where required, the beneficial owner of the beneficiary, are politically
exposed persons (PEPs).
PEPs are defined as any person (foreign or domestic) who is or has been entrusted with prominent
public functions in the Maldives or any foreign country as well as members of such person’s family or
those closely associated with the person.
These include:
heads of states (example: presidents, vice presidents and prime ministers)
cabinet ministers and state ministers
members of parliament
judges and magistrates
elected council members
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
15
members and senior most officials of a state agency or institution
senior military officials
board members of state owned enterprises
senior officials appointed as per the provisions of a specific law (example: Head of Financial
Intelligence Unit)
senior political appointees of a government (example: coordinators at various ministries)
foreign and local diplomats
senior political party members
If the customer, a beneficial owner or the beneficiary is a PEP, institutions shall assess the level of
ML/TF risks posed by the business relationship with the PEP. The assessment of the ML/TF risks
shall take into account the profile of the customer.
Generally all PEPs, whether current or previous are considered as PEPs and therefore high risk.
However, institutions may conduct enhanced due diligence on PEPs, whether previous or current,
depending on the PEP’s capacity to influence public functions.
New Products and Business Practices
Money remittance institutions shall identify and assess the ML/TF risks that may arise in relation to
the development of new products and business practices, including new delivery mechanisms, and the
use of new or developing technologies for both new and pre-existing products.
Institutions are required to:
undertake the risk assessment prior to the launch or use of such products, practices and
technologies; and
take appropriate measures to manage and mitigate the risks.
Transfers
Money remittance institutions must comply with the CDD requirements on combating money
laundering and financing of terrorism specified in this document in carrying out domestic and
international transfers, and shall maintain all originator and beneficiary information collected in
accordance with record keeping requirements.
With respect to transfers, institutions must:
1- ensure that full originator information, with the name, address, and account number of a
person who originates a funds transfer and related messages remain with the transfer and
messages throughout the payment chain
2- ensure that full originator information is included in the batch file, provided that it is
sufficient to include the originator’s account number on each individual electronic fund
transfer in the batch
3- have appropriate risk management procedures for electronic fund transfers that do not include
full originator information and shall, in high risk situations, reject the transfer, unless it is
fully satisfied that the funds received are not connected with any suspicious activity
Where the institution is a beneficiary institution or the transaction receiving institution for transfers,
the institution must ensure that the required and verifiable beneficiary information is accompanied
with the transfer messages.
In addition, institutions must have appropriate control measures to determine when to execute, reject,
or suspend a transfer lacking the required originator or required beneficiary information and to take
the appropriate follow-up actions.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
16
Reliance on Third Parties
Money remittance institutions may rely on third parties to conduct CDD or to introduce business,
where the ultimate responsibility and accountability of CDD measures shall remain with the
institution relying on the third parties.
Institutions shall have in place internal policies and procedures to mitigate the risks when relying on
third parties, including those from jurisdictions that have been identified as having strategic
AML/CFT deficiencies that pose a ML/TF risk to the domestic and international financial system.
Institutions must ensure not to rely on third parties located in the higher risk countries that have been
identified as having on-going or substantial ML/TF risks.
The relationship between institutions and the third parties relied upon by the institution to conduct
CDD shall be governed by an arrangement that clearly specifies the rights, responsibilities and
expectations of all parties. At the minimum, the institutions must be satisfied that the third party:
can obtain immediately the necessary information concerning CDD as required under
applicable laws and regulations;
has an adequate CDD process;
has measures in place for record keeping requirements;
can provide the CDD information and provide copies of the relevant documentation
immediately upon request; and
is properly regulated and supervised by the respective authorities.
Non-Face-to-Face Business Relationship
Money remittance institutions may not undertake any transactions without face-to-face contact with
the customer unless the necessary steps have been taken to ensure a business relationship with the
customer has been first established and CDD measures have been conducted.
Institutions shall establish appropriate measures for identification and verification of customer’s
identity that shall be as effective as that for face-to-face customer and implement monitoring and
reporting mechanisms to identify potential ML/TF activities.
Higher Risk Countries
Money remittance institutions are required to conduct enhanced CDD for business relationships and
transactions with any person from countries identified by the FATF, the Financial Intelligence Unit or
the Government of Maldives as having on-going or substantial ML/TF risks.
Where ML/TF risks are assessed as higher risk, institutions are required to conduct enhanced CDD for
business relationships and transactions with any person from countries identified by the FATF, the
Financial Intelligence Unit or the Government of Maldives as having strategic AML/CFT deficiencies
and have not made sufficient progress in addressing those deficiencies.
In addition to the enhanced CDD requirement under this Chapter, institutions must apply appropriate
countermeasures, proportionate to the risk, for higher risk countries listed as having on-going or
substantial ML/TF risks. Such measures may include:
limit or impose transaction limits
enhanced scrutiny, including verification of CDD information
requiring face-to-face identification and verification;
enhanced monitoring of customer activities
Unable to Comply with the CDD Measures
Money remittance institutions shall not commence business relations or conduct any transaction, or
shall terminate business relations in the case of an existing customer, if the institution is unable to
comply with the CDD requirements detailed in this Chapter.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
17
Similar steps must be taken where the person acting on behalf of the beneficiary is unable or refuses
to provide the information on the identity of the beneficiaries or written undertaking (where
applicable). In addition, based on the ML/TF risk, the institutions must also consider lodging a
suspicious transaction report to the Financial Intelligence Unit in such circumstances.
Resource Allocation
Money remittance institutions must allocate adequate resources, to complement its CDD process to
ensure timely information on a regular basis is available to the institution which enables the institution
to detect irregularity and/or any suspicious activity. The allocated resources shall commensurate with
the nature, scale and complexity of the institution’s activities and ML/TF risk profile.
2- Monitoring and Reporting
Money remittance institutions must establish proper customer and transaction monitoring systems to
ensure that all the customers and transactions are monitored to detect any unusual activity. Such a
system may also include a reporting mechanism for the submission of suspicious transaction reports
as well as other reports the intuition is legally required to report. It is strongly recommended that the
institutions to establish internal criteria to detect suspicious activities (also commonly known as “red
flags”), and to monitor customers and transactions against those activities.
Institutions may be guided by examples of suspicious activities and red flags provided by the
Financial Intelligence Unit or other corresponding competent authorities, supervisory authorities and
international organisations from time to time and may incorporate those red flags in their monitoring
and reporting function.
Monitoring
Money remittance institutions shall monitor and investigate a transaction that is unusually large,
unusually complex, has an unusual pattern, and when it does not have an apparent lawful economic
purpose. As part of transaction monitoring and reporting function, institutions must ensure that
transaction or series of transactions will not facilitate the transfer of the proceeds of crime or property
connected to financing of terrorism, and that all the business relationships and transactions are
scanned for involvement of any person designated by the United Nations Security Council
Resolutions (UNSCRs) under the authority of Chapter VII of the United Nations’ Charter.
In addition, institutions shall pay special attention to business relationships and transactions with
persons, including legal persons, residing in countries that do not apply the relevant international
standards to combat money laundering and financing of terrorism.
The Financial Intelligence Unit will, from time to time, provide the changes that are brought to the
lists maintained under the relevant UNSCRs as well as the information of countries that do not apply
the relevant international standards to combat money laundering and financing of terrorism countries
to the institutions.
Suspicious Transaction Reporting
Money remittance institutions shall submit a suspicious transaction report to the Financial Intelligence
Unit under the following circumstance, as soon as possible and not later than 3 (three) working days:
a) where the institution suspects or have grounds to suspect that the funds or property are
proceeds of crime, or are related to money laundering or the financing of terrorism.
b) where a person or an entity designated pursuant to UNSCRs under the authority of Chapter
VII of the United Nations’ Charter attempted to establish a business relationship with the
institution or is party to a transaction conducted or attempted transactions.
c) where the institution is about to conduct a transaction or series of transactions which
facilitated or is likely to facilitate the transfer of the proceeds of crime or property connected
to financing of terrorism.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
18
d) any other suspicious activity the institution deems important to be reported.
The manner and form for submitting reports will be designated by the Financial Intelligence Unit.
When reporting suspicious transactions, institutions must provide the required and relevant
information that gave rise to doubt in the suspicious transaction report form, which includes but is not
limited to the nature or circumstances surrounding the transaction and business relationship’s
background of the person conducting the transaction that is connected to the suspicious activity.
It is strongly advised the institutions to establish an internal reporting mechanism for suspicious
activities the other employees may notice. It is the duty of the Compliance Officer to ensure such
reports are properly examined and such examination reports are properly documented and kept even
when such a report is not reported to the Financial Intelligence Unit.
Institutions must ensure that the Compliance Officer maintains a complete file on all internally
generated reports and any supporting documentary evidence regardless of whether such reports have
been submitted. If there is no suspicious transaction reports submitted the internally generated reports
and the relevant supporting documentary evidence must be made available to the Financial
Intelligence Unit or relevant supervisory authorities upon request.
The Compliance Officer must ensure that all suspicious transaction reports are submitted within
THREE working days, from the date the Compliance Officer establishes the suspicion.
Institutions must ensure that in the course of submitting the suspicious transaction report, utmost care
is undertaken to ensure that such reports are treated with the highest level of confidentiality. The
Compliance Officer shall have the sole discretion and independence to report suspicious transactions.
Institutions must provide additional information and documentation as may be requested by the
Financial Intelligence Unit and to respond promptly to any further enquiries by the Financial
Intelligence Unit. Institutions must also ensure that the suspicious transaction reporting mechanism is
operated in a secured environment to maintain confidentiality and preserve secrecy.
After the suspicious transaction report is made to the Financial Intelligence Unit, the institution may
continue with the business relationship or the transaction that became subject to the suspicious
transaction report, unless the Financial Intelligence Unit directs the institution otherwise.
Where a suspicious transaction report has been lodged, institutions are not precluded from making a
fresh suspicious transaction report as and when a new suspicion arises of the same person.
Tipping Off
Section 43 of PMLFTA states:
A Institution, its director, officer and employee, shall not disclose to its customers or
a third party that information of a customer is being, was or will be provided to the
Financial Intelligence Unit, or that a report concerning money laundering or
financing of terrorism is being, was or will be submitted to the Financial Intelligence
Unit, or that a money laundering or financing of terrorism investigation is being
carried on or will be carried out.
Therefore, money remittance institutions must ensure the implementation of Section 43 of PMLFTA.
Institutions must be aware that no criminal, civil, disciplinary or administrative proceedings for
breach of banking or professional secrecy or contract may be instituted against the institution or their
directors, officers or employees who in good faith submit reports or provide information in
accordance with the provisions of PMLFTA.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
19
Other Transaction Reports
Money remittance institutions must also report the Financial Intelligence Unit of all domestic and
international funds transfers, regardless of the amount involved, including transactions made via
agents.
The manner and form for submitting reports will be designated by the Financial Intelligence Unit.
3- Record Keeping
Money remittance institutions are required to keep records of the following and must ensure those
records remain up-to-date and relevant.
a) KYC and CDD information of customers (including the copies of information verification
documents);
b) records of single transactions (includes all the information collected during the course of
conducting the respective single transaction);
c) suspicious transaction reports submitted to the Financial Intelligence Unit;
d) internal investigations conducted on matters the institutions consider suspicious and records
of the information collected in this regard;
e) employee due diligence information and reports;
f) risk assessment reports
g) AML/CFT policy review reports
h) internal and external audit reports
The below record keeping periods shall apply under the record keeping obligation.
TYPE OF RECORD APPLICABLE PERIOD
Single Transactions Five years following the completion of a single
transaction. This includes all the information
collected during the course of conducting the
respective Single Transaction.
Business Relationships Five years following the termination of a business
relationship. This includes all the
correspondences and transaction history related to
the respective business relationship.
Suspicious Transactions Reports and internal
investigation reports into suspicious activities
Five years following the report was made to the
Financial Intelligence Unit or prepared (unless
the Financial Intelligence Unit has advised
otherwise).
Other Records Recommended period: at least three years
Money remittance institutions are required to retain the relevant records in a form that is admissible as
evidence in court and make such available to the supervisory authorities and law enforcement
agencies in a timely manner.
4- Non-Compliance
Money remittance institutions are encouraged to take all the necessary steps to ensure compliance to
the relevant provisions of the PMLFTA and the regulations issued under the PMLFTA. The Financial
Intelligence Unit or the relevant regulatory and supervisory agencies may issue specific instructions
and guidelines to the sector or to specific financial institution to assist the institutions to adequately
comply with the applicable provisions of the PMLFTA and the regulations issued under the
PMLFTA.
The following enforcement actions can be taken by the Financial Intelligence Unit against an
institution, including its directors, officers and employees for non-compliance to any applicable
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
20
provision in the PMLFTA, the regulations issued under the PMLFTA or specific guidelines and
instructions issued to the institution by the Financial Intelligence Unit.
a) issue a notice in writing to comply within a specified period;
b) impose a fine between 10,000.00 (ten thousand) and 500,000.00 (five hundred thousand)
Maldivian Rufiyaa;
c) impose a daily fine of amount between 10,000.00 (ten thousand) and 100,000.00 (one
hundred thousand) Maldivian Rufiyaa until compliance is obtained, where failing to comply
within the specified period; and/or
d) advise the relevant regulatory or supervisory authority to impose the following appropriate
penalty or penalties prescribed in the Section 47 of PMLFTA
1) written warnings;
2) order to comply with specific instructions;
3) ordering regular reports from the institution on the measures it is taking to comply
with its obligations;
4) fine in an amount between 10,000 (ten thousand) and 500,000 (five hundred
thousand) Maldivian Rufiyaa;
5) barring working within the sector;
6) restricting the powers of or replacing managers, directors or controlling owners,
including the appointing of an ad hoc administrator; or
7) suspending or revoking the license.
In addition, the Maldives Monetary Authority may also publish such corrective action taken against a
money remittance institution.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
21
CHAPTER IV – FEEDBACK AND INQUIRIES Money remittance institutions are always encouraged to provide feedback and make inquiries in
relation to the underlying policies to strengthen the country’s AML/CFT system. All feedbacks and
recommendations shall be forwarded to the following address:
Financial Intelligence Unit
Maldives Monetary Authority
Boduthakurufaanu Magu,
Malé, 20182,
Republic of Maldives
Email: [email protected]
CHAPTER V – REFERENCE
1- Useful Websites
http://www.apgml.org (Asia Pacific Group on Money Laundering)
http://www.fatf-gafi.org (Financial Action Task Force)
http://www.egmontgroup.org (The Egmont Group of FIUs)
http://www.unodc.org (United Nations Office on Drugs and Crime)
2- Useful Reference Materials
International Standards on Combating Money Laundering and the Financing of Terrorism &
Proliferation - the FATF Recommendations (available from the FATF website: www.fatf-gafi.org)
Law No. 10/2014 (Prevention of Money Laundering and Terrorism Financing Act of Maldives)
Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism (available
from the World Bank Group website: www.worldbank.org)
FATF Best Practices Papers and Reports on various money laundering and terrorist financing issues
(available from the FATF website www.fatf-gafi.org)
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
22
APPENDIX - EXAMPLES OF RED FLAGS
NOTE The following are examples of potentially suspicious activities, or "red flags" for money laundering
and terrorist financing relevant to money remittance institutions. Although these lists are not all-
inclusive, they may help institutions to recognize possible money laundering and terrorist financing
activities. Institutions are advised to have institution-specific red flags incorporated to monitor
suspicious transactions and for risk mitigation.
The presence of a red flag may not necessarily be a suspicious transaction. However, it may warrant
an institution to collect more information before submitting a suspicious transaction report to the
Financial Intelligence Unit.
Customers Who Provide Insufficient or Suspicious Information
Customer is evasive or unwilling to provide information when requested.
Transactions conducted are out of character with the usual conduct or profile of customers
carrying out such transactions.
Customer using different identifications each time conducting a transaction.
A group of customers trying to break up a large cash transaction into multiple small transactions.
The same customer conducting a few small transactions in a day or at different branches or
locations.
There are sudden or inconsistent changes in wire transfer/remittance sent/received transactions.
Wire transfers/remittances from different customers/jurisdiction being sent to the same customer.
Customer frequently remitting money to non-cooperative countries/jurisdictions.
Customer exchanging small denomination notes into large denomination notes, in large quantity.
The same customer frequently exchanging local currency into foreign currency without apparent
economic or visible lawful purpose.
Customer exchanging cash for numerous postal money orders in small amounts for numerous
other parties.
Efforts to Avoid Reporting or Record-keeping Requirement
A customer or group tries to persuade an employee not to file required reports or maintain
required records.
A customer is reluctant to provide information needed to file a mandatory report, to have the
report filed, or to proceed with a transaction after being informed that the report must be filed.
A business or customer asks to be exempted from reporting or recordkeeping requirements.
A customer conducts transactions to a recipient from a location of specific concern (e.g., countries
designated by national authorities and FATF as non-cooperative countries and territories), but to a
low risk country.
A customer choses multiple third parties to conduct transactions on his/her behalf.
A customer makes transfers just below the prescribed thresholds.
Funds Transfers
Many funds transfers are sent in large, round dollar, hundred dollar, or thousand dollar amounts.
Funds transfer activity occurs to or from a financial secrecy haven, or to or from a high-risk
geographic location without an apparent business reason or when the activity is inconsistent with
the customer’s business or history.
Large, incoming funds transfers are received on behalf of a foreign client, with little or no explicit
reason.
Funds transfer activity is unexplained, repetitive, or shows unusual patterns.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
23
Payments or receipts with no apparent links to legitimate contracts, goods, or services are
received.
Funds transfers are sent or received from the same person to or from different accounts.
Funds transfers contain limited content and lack related party information.
A large number of incoming or outgoing funds transfers take place through a business account,
and there appears to be no logical business or other economic purpose for the transfers,
particularly when this activity involves high-risk locations.
Funds transfers are ordered in small amounts in an apparent effort to avoid triggering
identification or reporting requirements.
Funds transfers do not include information on the originator, or the person on whose behalf the
transaction is conducted, when the inclusion of such information would be expected.
Multiple personal and business accounts or the accounts of nonprofit organizations or charities are
used to collect and funnel funds to a small number of foreign beneficiaries.
Foreign exchange transactions are performed on behalf of a customer by a third party, followed
by funds transfers to locations having no apparent business connection with the customer or to
high-risk countries.
Activity Inconsistent with the Customer’s Business
The currency transaction patterns of a business show a sudden change inconsistent with normal
activities.
Unusual transfers of funds occur among related customers or among customers that involve the
same or related principals.
Goods or services purchased by the business do not match the customer’s stated line of business.
Embassy and Foreign Consulate Accounts
Official embassy business is conducted through personal accounts.
Customer activity is not consistent with the expected monthly salary or established purposes.
Accounts are funded through substantial currency transactions.
Accounts directly fund personal expenses of foreign nationals without appropriate controls,
including, but not limited to, expenses for college students.
Employees
Employee exhibits a lavish lifestyle that cannot be supported by his or her salary/income.
Employee fails to conform to recognized policies, procedures, and processes.
Employee’s frequent change in lifestyle.
Employee’s connection with high profile customers.
Other Unusual or Suspicious Customer Activity
Customer frequently presents currency notes wrapped in currency straps or currency wrapped in
rubber bands that is disorganized and does not balance when counted.
Customer repeatedly uses an institution or branch location that is geographically distant from the
customer’s home or office without sufficient business purpose.
Customer makes high-value transactions not commensurate with the customer’s known incomes.
A customer makes large number of transactions within a short period of time.
Potentially Suspicious Activity that May Indicate Terrorist Financing
The stated occupation of the customer is not commensurate with the type or level of activity.
Persons involved in currency transactions share an address or phone number, particularly when
the address is also a business location or does not seem to correspond to the stated occupation
(e.g., student, unemployed, or self-employed).
Regarding nonprofit or charitable organizations, financial transactions occur for which there
appears to be no logical economic purpose or in which there appears to be no link between the
stated activity of the organization and the other parties in the transaction.
AML/CFT COMPLIANCE - GENERAL GUIDELINES FOR MONEY REMITTANCE INSTITUTIONS
24
Other Transactions That Appear Unusual or Suspicious
Multiple beneficiaries are used to collect and funnel funds to a small number of foreign
beneficiaries, both persons and businesses, particularly in high-risk locations.
Customers from high-risk locations requests to conduct transactions.
Funds are sent or received from or to high-risk or locations where terrorism or armed conflict
activities are imminent or happening.
************************************