AML/CFT Awareness
AML/CFT Engagement Session with Dealers in Precious Metals & Stones
(DPMS)
Orchard Room 2, Thistle Hotel JBSunday, 24 April 2016
AML/CFT Awareness2
Engagement Objectives
Understanding on the ML/TF risks faced by DPMS
DPMS’ obligations as a Reporting Institution within Malaysia’s AML/CFT
Framework
Understanding on the nature of business and operation of DPMS
AML/CFT Awareness3
Presentation Outline
Overview of ML/TF & the AML/CFT system
ML/TF Vulnerabilities of DPMS
Recent AML/CFT Developments
AML/CFT Requirements on DPMS
Compliance to AML/CFT Requirements
AML/CFT Awareness4
“A process of converting cash
or property derived from criminal activities to give it a legitimate appearance. It is the process of cleaning and disguising the criminal origin
of ‘dirty’ money”
“Process of
financing terrorist
activity either
through legitimate
or illegitimate
sources.”
Critical for a country to have an effective AML/CFT regime…
1. Reduces rewards associated with crime and hence, overall crime rates;
2. Increases government revenue, reduces leakages within the economy;
3. Preserves the integrity and reputation of the market place; and
4. Creates conducive environment for businesses and investors to flourish.
Money Laundering (ML) & Terrorism Financing (TF) defined
Why Launder?
5
Why Criminals Launder Their Money?
To remove or distance themselves from the criminal activity generating the illicit proceeds, thus making it more difficult to identify & prosecute key perpetrators
To distance proceeds gained from conduct of criminal activity to prevent confiscation if the perpetrators is
caught
To enjoy the benefits of the illicit proceeds without bringing undue attention to themselves
To reinvest the profits in future criminal activity or in legitimate businesses
Back to Slide 4
6
The Impact of ML/TF
Known costs
Unknown costs
• Amount lost• Amount involved
Weaken the national security and economic development
• Proliferation of criminal activities
• Existence of “underground businesses” competing with
legitimate businesses
• Weaken investors and business confidence
• Lower real sectors’ competitiveness affecting country’s
long term economic development
Increase integrity risk and cost for businesses and financial
transactions
• Lower integrity and reputation of financial system
• Risk of being blacklisted as jurisdiction with high risk of
ML/TF that will affect business and investment climate
• Increase the business and operation costs of various
economic sectors
AML/CFT Awareness7
Since AMLA was effected in 2001, Malaysia has established a
comprehensive AML/CFT framework for prevention of ML/TF activities
FATF
Standards
• BNM the competent authority for AMLA
• Criminalisation of ML/TF i.e. 362
offences from 44 legislations
• Freezing, seizure & forfeiture of
properties
• Identify & respond to emerging
risks through National Risk
Assessment process
• Adequate investigation &
enforcement powers
• Fully-functional Financial
Intelligence Unit (FIU) in BNM
• AML/CFT Units set-up in key law
enforcement agencies (LEAs)
• Structured training programs for
financial investigators
• National Coordination
Committee for integrated
approach across 16
Ministries/Agencies
• MoUs and Strategic
Partnerships with Foreign FIUs
& Counterparts
• Strong networks with
International/regional bodies FATF, APG, Egmont Group
Responsibilities of Reporting
Institutions (RIs)
More than 43,000 RIs
Implement effective AML/CFT
compliance programme to
detect and deter ML/TF
Submit Cash Transaction
Reports (CTR) and Suspicious
Transaction Reports (STR) to
FIED, BNM
AML/CFT Awareness8
Presentation Outline
Overview of ML/TF & the AML/CFT system
ML/TF Vulnerabilities of DPMS
Recent AML/CFT Developments
AML/CFT Requirements on DPMS
Compliance to AML/CFT Requirements
AML/CFT Awareness9
Key Findings from Mutual Evaluation Exercise (MEE) 2014
• On-site visit by Asia/Pacific Group (APG) & FATF Assessors from 13/11 to 25/11/2014;
• Assessment made based on Technical Compliance and Effectiveness of Malaysia’s AML/CFT regime in line with FATF Recommendations & Methodology;
• Outcome – Malaysia has achieved high levels of technical compliance. But, significant improvements needed in: a. Implementation of AML/CFT preventive measures on risk-basis
by all RIs, especially Designated Non-Financial Businesses & Professions (DNFBPs) sector,
b. Effectiveness of international cooperation for cross-border crime prevention and investigations,
c. Conduct of parallel investigations and prosecution of ML/TF
• Key Findings on Financial Institutions and DNFBPs: o Several sectors are still transitioning from rules-based to risk –
based approach;o RIs have a mixed understanding of risk and application of
Customer Due Diligence (CDD) requirements, including CDD on Beneficial Owners (BOs), on a risk sensitive basis, but rather in a prescriptive formal manner.
• Key Recommendation: The authorities should enhance existing outreach so that there is a more detailed and systematic program of outreach to DNFBPs and to FIs generally.
AML/CFT Awareness10
National ML/TF Risk Assessment 2013 – Sectoral Risk Assessment
Likelihood
POSSIBLE LIKELY VERY LIKELY
Exte
nt
of
Vu
lne
rab
ilit
y
HIGH
MEDIUM
LOW
• Casino
• Gaming Companies
• Jewellers
• Accountants
• Offshore Trust
• Company Secretaries
• Real Estate
• Trust Companies
• Lawyers
• Pawn Brokers
• Notaries
Legal Entities* –
onshore / offshore
Non Profit Orgs.
* Companies and partnerships
AML/CFT Awareness11
Presentation Outline
Overview of ML/TF & the AML/CFT system
ML/TF Vulnerabilities of DPMS
Recent AML/CFT Developments
AML/CFT Requirements on DPMS
Compliance to AML/CFT Requirements
AML/CFT Awareness
Reporting institutions (RIs) are the first line of defence
Criminals and
Criminal Activities
Financial Institutions
Law enforcement
Agencies (LEAs)
Non-bank FIs
DNFBPs
• Placement of proceeds from unlawful activities
• Apply loan and use illegal proceeds for repayment
Supervisory authorities
BNM, Securities Commission,
Labuan Financial Services
Authority
Financial Intelligence Unit
FIED, BNMSubmit
Suspicious Transaction
(STR) & Cash Threshold
Reports (CTR)
Collect, analyse,
disseminate financial
intelligence
Feedback on effectiveness of financial intelligence
Identify illicit activities and investigate crimes
Monitor & enforceAML/CTF
requirements
AML/CFT PREVENTIVE MEASURES• ML/TF Risk Assessment & Client Risk Profiling• CDD and Enhanced CDD on Clients• Record Keeping • On-going Monitoring of Clients’ Transactions• Promptly Detect & Report Suspicious Transactions
Supervisory authorities
BNM in collab. with licensing bodies & Self-
Regulated Organizations
1
2 3
45
12
AML/CFT Awareness13
ML/TF Risk Example of red flags indicators
• Purchase of product using proceeds of criminal activities
• Sale of gold which was purchased using illicit funds to gold brokers
• Online trading of physical gold using illegal proceeds
• Sale of robbed jewellery to scrap or used jewellery dealers
• Trade in robbed jewellery for new products
• Supply of product received from unknown source
• Unusual payment methods such as the use of large amount of cash or payment from unknown third parties
• Purchases or sales that are unusual i.e. bulk/large quantity purchases inconsistent with customer’s profile
• Attempt by customer to maintain high and unusual degree of secrecy such as request for records to be destroyed or purchase made anonymously
• Payments seem to be structured into small amount to avoid detection
• Unwillingness by customer or supplier to provide identity information
Sale & Purchase
Specific ML/TF risks in DPMS sector
Customer
Geographical Location
Product
AML/CFT Awareness
Case Study 1 - ML Case involving DPMS
Source: FATF Report – Money Laundering / Terrorist Financing Risks and Vulnerabilities Associated with Gold (July 2015)
Illegal proceeds from drug trafficking
Purchase of gold from precious metals retailers
Gold then sold to a precious metals broker
Proceeds from sale wired to a third party with links to the
drug trafficking
Broker sold the gold to other businesses
14
AML/CFT Awareness
Case Study 2 - ML Case involving DPMS
Source: FATF Report – Money Laundering / Terrorist Financing Risks and Vulnerabilities Associated with Gold (July 2015)
Paid bribe in physical gold form worth RM120,000 to get
contract
Managing Director, Company A Chairman B, Head of Public Entity
Awarded contract in return for the bribe received
15
AML/CFT Awareness16
Presentation Outline
Overview of ML/TF & the AML/CFT system
ML/TF Vulnerabilities of DPMS
Recent AML/CFT Developments
AML/CFT Requirements on DPMS
Compliance to AML/CFT Requirements
AML/CFT Awareness17
Prevailing Laws and Guidelines in Malaysia:
Anti-Money Laundering, Anti-Terrorism Financing
and Proceeds of Unlawful Activities Act 2001 (Act
613) – AMLA
Anti-Money Laundering & Anti-Terrorism
Financing (Reporting Obligations) Order 2007
AML/CFT – Designated Non-Financial Businesses
and Professions (DNFBPs) & Other Non-Financial
Sectors (Sector 5) Guidelines - Revised & reissued
on 1 Nov 2013
Relevant AML/CFT Law, Regulations & Guidelines - DPMS
As specified in First Schedule of AMLA and
Sector 5 Guidelines, AML/CFT reporting
requirements extend to “companies incorporated
under the Companies Act 1965 and businesses
defined and registered under the Registration of
Businesses Act 1956 which are carrying on
activities of dealing in precious metals or
precious stones”
FATF’s expectations on implementation of
AML/CFT preventive measures by
reporting institutions (RIs):
Immediate Outcome 4 from FATF Methodology
2013
FIs & DNFBPs adequately apply AML/CFT
preventive measures commensurate with their risks,
and report suspicious transactions
• Understand the nature and level of ML/TF risks;
• Develop and apply AML/CFT policies, internal
controls and programmes to adequately mitigate
identified risks;
• Apply appropriate CDD measures to identify and
verify customers and BOs and conduct ongoing
monitoring;
• Adequately detect and report suspicious
transactions; and
• Comply with other AML/CFT requirements.
AML/CFT Awareness18
Key AML/CFT Reporting Obligations from Sector 5 Policy Document
1. Risk Assessment and Client Risk
Profiling
2. CDD, ECDD & Other Requirements
3. AML/CFT Compliance Programme
4. Suspicious Transaction Report
(STR)
5. Combating Financing of
Terrorism
6. Consequences of Non-Compliance
AML/CFT Awareness19
Practical Guide on Key AML/CFT Requirements
No. What’s required Paragraph Reference in
Sector 5 Guidelines
1. Appoint a Compliance officer • 22
• 23
2. Develop and implement internal programme, policies,
procedures and controls to guard against and detect any
offence under AMLA, including
• 22
a. Policies and procedures (P&P) on overall ML/TF risk
assessment, client risk profiling, managing and
mitigating risk identified, periodic update of risk
assessment, and documentation of risk assessment and
findings
• 12
b. P&P on customer due diligence (CDD) on customer
and person conducting transaction, enhanced due
diligence (EDD) and on-going due diligence (ODD)
• 13
c. Establish internal criteria (‘red flags’) to detect
suspicious transactions; and establish a reporting
system for assessment and submission of suspicious
transaction reports (STR) in a secure manner
• 23
Slide 25
Slides 26-27
Slides 28-34
Slides 35-36
AML/CFT Awareness20
No. What’s required Paragraph Reference in
Sector 5 Guidelines
3. When in ‘doubt’, submit STR • 23
4. Check new and existing client database against the UNSCR
Consolidated List and gazette orders issued by MOHA on
domestic list of sanctioned individuals and entities
• 25
5. Conduct AML/CFT awareness and training programmes
for employees
• 22
6. Put in place adequate management information system (MIS)
to complement CDD process
• 20
7. Keep all CDD information and records for at least 6 years • 21
8. Keeping ML/TF risk assessment up-to-date through
periodic review, and having appropriate mechanisms to
provide risk assessment information to the supervisory
authority, when required
• 12
9. Roles and responsibilities of Board of Directors • 22
Slide 37
Slide 38
Slide 39
Practical Guide on Key AML/CFT Requirements (2)
Slide 40
AML/CFT Awareness21
Presentation Outline
Overview of ML/TF & the AML/CFT system
ML/TF Vulnerabilities of DPMS
Recent AML/CFT Developments
AML/CFT Requirements on DPMS
Compliance to AML/CFT Requirements
AML/CFT Awareness22
BNM’s Supervisory Expectation & Approach
•Understand ML/TF risk which the business is exposed to
•Assess ML/TF risk profile of clients
• Implement comprehensive AML/CFT compliance programme
•Appointment of Compliance Officer to oversee AML/CFT compliance matters
Understand and mitigate risks
• Conduct robust CDD/ECDD, identify BOs & conduct on-going monitoring
• Maintain records for minimum of 6 years
• Detect & report suspicious transactions
• Regular AML/CFT training for employees & employee screening
• Regular audits on effectiveness of AML/CFT compliance programme
Preventing abuse by criminals
1. Continuous engagement in increasing awareness and enhancing compliance to AML/CFT requirements
2. Off-site surveillance / monitoring by reviewing and analysing internal audit report and periodic statistical report
3. On-site examination to ensure compliance4. Periodic review of sectoral guidelines to address key and
emerging risks
Expectations
Approach
AML/CFT Awareness23
Consequence of Non-Compliance
1. Enforcement action can be taken against a reporting institution,
including directors, officers and employees for any non-compliance
with AML/CFT requirements;
2. Penalties upon breaches include:
• General Offence (section 86 of AMLA) – Fine not exceeding
RM1.0 million e.g. for failure to conduct CDD, failure to submit STR
and failure to adopt, develop and implement AML/CFT compliance
programme;
• Retention of Records (section 17 of AMLA) – Fine not exceeding
RM3.0 million or imprisonment for a term not exceeding five (5)
year or both
AML/CFT Awareness
Thank You and Questions?
23
AML/CFT Microsite in BNM Website:http://amlcft.bnm.gov.my
FIED’s E-mail : [email protected]
AML/CFT Awareness25
Roles and Responsibilities of Compliance Officer
WHO
High expectation on role and duty of AML/CFT Compliance Officer
RI’s compliance with AML/CFT requirements
Proper implementation of AML/CFT Procedures
Appropriate AML/CFT procedures and effective implementation
Communication channel between RIs/ staff/ department is secured and kept confidential
AML/CFT Compliance Programme awareness to all staff.
Internally generated STR are evaluated before submission to FIED
Identification of ML/TF risks associated with new products and services
DUTY – to ensure:
For individual RIs who operate within a group (e.g.: partnership):
responsible for own obligation under AMLA;
may appoint particular person (with management responsibilities) within such group to perform the role of compliance officer
1. Individual with management
responsibilities
2. Fit and proper
3. Necessary knowledge and
expertise
Back to Slide 19
AML/CFT Awareness26
Customer risk Geography
Products, services,
transactions/ delivery channels
Other information
1 2 3
• Resident or non-resident
• Company or individual
• Company structure
• PEPs
Business location
Country of origin
Country on sanctions list
Etc.
Cash-based
Non face-to-face
Simple/ complex transactions
Etc.
4
• Suggesting higher risk, if any
RISK ASSESSMENT
RISK PROFILING
RISK CONTROL AND MITIGATION
AML/CFT Awareness27
Risk profile customer based on CDD info collected- Examples of CDD info that can be used as risk profiling factors
i. Customer risk
ii. Geographical risk
iii. Risk associated with Transaction / Delivery Channel
Document Client’s risk
profile
Automatically a high risk customer
when there is a positive name
match
Back to Slide 19
AML/CFT Awareness28
2. Three elements:
i ii iii
1. When is CDD required (Identification)?
Establishing business relations – when engages in cash transaction equivalent
to RM50,000 and above (single or multiple related
transactions)
If there is suspicion of ML/TF
Doubts on veracity & adequacy of previously
obtained CDD information
Customer Due Diligence (CDD)
i ii iii
• Identify• Sight ID document
• Make a copy of ID document
• Review and update profile• Transaction monitoring for
consistency with known profile
Back to Slide 19
Guide in Slide 30
AML/CFT Awareness29
3. Meeting AML/CFT Requirements - CDD– In practice, a quick guide
Info to obtain when conducting CDD
Customer Due Diligence (CDD) (2)
Back to Slide 19
CDD Guide for Legal Person – Slide 31
CDD Guide for PEPs –Slide 32
AML/CFT Awareness30
ACCEPTABLE DOCUMENTS FOR INDIVIDUAL CUSTOMERS AND BENEFICIAL OWNER
• NRIC/ Passport
If there is doubt – require the customer to produce other supporting official identification documents bearing his/ her photograph
• Any other official documents bearing the photograph of the customer, provided that the RI is satisfied with the authenticity of the document.
• If biometric ID is used, verification requirement deemed to have been fulfilled. No photocopy of ID is necessary
Customer Due Diligence (CDD): Verification of Documents
Back to Slide 28
AML/CFT Awareness31
Identify and verify customer
Identify and take reasonable measures to verify beneficial owner (BO)
(a) Name, legal form and proof of existence(b) Powers that regulate and bind customers(c) Address of registered office
(a) Identity of the natural person who ultimately has a controlling ownership interest in a legal person
i. Identification of directors/shareholders with equity interest of 25% or more;ii. Proper authorisation for persons authorised to represent the company (letter of authority/
directors’ resolution); andiii. NRIC / Passport to identify the authorised person(s)
(b) If there is a doubt on the controlling interest - the identity of the natural person exercising control through other means
(c) Where there is no natural person identified- the identity of the natural person who holds the senior management position
Identification & verification of the BOs up to the level of natural persons who have control
Customer Due Diligence (CDD): On Legal Persons
Back to Slide 29
AML/CFT Awareness32
…are individuals who are or have been entrusted with prominent public
functions by their respective governments or organisations
Heads of State or of government, senior politicians, senior
government, judicial or military officials, senior executives
of state owned corporations, important political party officials
FOREIGN DOMESTICINTERNATIONAL ORGANISATION
Members of senior
management , i.e. directors,
deputy directors and members
of the board or equivalent functions.
Customer Due Diligence (CDD): On PEPs
PEPs do not include middle ranking or junior level individuals
Para 14.2.2 – Foreign PEPs to be assessed as having high ML/TF
risks which require enhanced due diligence
Back to Slide 29
AML/CFT Awareness33
When is Enhanced CDD Required?
Conditions
Requirements
Foreign PEPs
Customers from high risk jurisdictions (black
and grey list)
Domestic PEPs assessed as higher risk
1. Obtain CDD information
3. Inquire on source of wealth
and/or funds
4. Obtain approval from Senior Management
2. Obtain additional
informationClients assessed as
higher risk
Customer Due Diligence (CDD): Enhanced CDD
Back to Slide 19
AML/CFT Awareness34
Potential Customers Do not open the account or commence business relationship or
perform transaction
Existing Customer Terminate the business relationship
• Also, consider submitting a STR. Remember to document your rationale for submitting or
not submitting the STR
1. If the customer does not want to cooperate or refuses to provide information -What should a RI do?
2. If a RI finds a potential client to be suspicious, but believes that insistence oncompleting the CDD would tip-off the customer – What should a RI do?
• Proceed with the transaction, then immediately submit a STR to FIED, BNM
Failure to Satisfactorily Complete CDD
Back to Slide 19
AML/CFT Awareness
Firm / RIs to establish red-flags or indicators of ML/TF
Transaction Risk:
1. Unusual or unnecessarily complicated business structures or transaction
paths
2. Purchases or sales that are unusual or out of norm
3. Use of large amount of cash
4. Unusual source of funding
5. Speed of transaction (without reasonable explanation)
6. Unexplained changes in instructions or business entities
7. Transactions where there are doubts about the validity of the documents
submitted
Customer Risk:
1. Transaction inconsistent with the individual’s known occupation or income
2. Unusual involvement of third parties / intermediaries
3. Use of legal entities that hide the identity of ultimate beneficial owner
4. Instruction outside normal geographical area, area of expertise, or client
market
5. Involvement of higher risk clients such as individuals from high risk
jurisdictions, foreign PEPs or domestic PEPs assessed as high risk etc.
6. Avoiding personal contact without good reason
7. Attempt by customer to maintain a high and unusual degree of secrecy
35
AML/CFT Awareness36
Suspicious Transaction Report: Reporting Mechanism
Internal reporting mechanism:
• RI to have in place policies on
duration taken by Compliance
Officer to review internal STR and
circumstances the timeframe can be
exceeded
TIPPING OFF:
• If RI has formed a suspicion of ML/TF but
believes that performing CDD process would
tip-off the customer, RI is permitted not to
pursue CDD, to proceed with the transaction
and immediately file a STR
Establish clear P&P to guide all staff, which should include:
Guidance on the type of client behavior or transactions that could be considered as
suspicious i.e. internal criteria/red-flags
What to do when doubt arises e.g. types of further scrutiny to conduct, consider
submitting STR if suspicion remains
Who to submit STR to within the firm and where to get STR forms i.e. sample/template
Method for submitting STRs - by staff to CO, by CO to FIED,BNM - to preserve
confidentiality
Timeframe for initial assessment by staff upon formation of doubt before raising STR to
CO, assessment by CO before submitting STR to FIED, BNM
Method for recording of assessment and decision not to submit STR received from staff
and secure filing of these documents for at least 6 years.
Back to Slide 19
AML/CFT Awareness37
Suspicious Transaction Report: Info Required – When in doubt, submit STR
Useful
information for
investigation
by LEAs
• Name of Subject
• Identification No.
• Address• Contact No.• Employment details i.e. occupation,
name of employer
Details of Subject Reported
• Mode of transaction• Transaction Amount• Transaction Date
Transaction Details
• Reasons given by the reporting institutions on why they feel the conduct of account is suspicious
Description of Suspicious Transaction
Back to Slide 20
AML/CFT Awareness38
Combating Financing of Terrorism
Updated and maintain list
Check on names Freeze/ Reject Report
1 2 3
• UNSCR 1267 Consolidated List
• List under Section 66B (Domestic) and Section 66C (UNSC) (Part VIA)
• Other List (Optional)
on new customers, beneficial owners and beneficiary
existing customers
potential customers
take measures to ascertain identity –not ‘false positive’
freeze/ block fund for existing customers
reject transactions for new/ potential customers
4
• to FIED (including attempted transactions)
• inform relevant supervisory authority
Obligations under Part VIA of the AMLA applicable to any person
Back to Slide 20
AML/CFT Awareness39
AML/CFT Training
• Tailored to staff level & nature of works;
• Frequency – correlate with level of risk
Record-keeping
• All records relating to transactions, CDD etcmust be properly maintained, for at least 6 years from the point of termination of the business relationship with the client
Management Information System
• Not necessarily automated
• To commensurate with nature, scale and complexity of operations
Other Requirements
Back to Slide 20
AML/CFT Awareness40
Roles & Responsibilities of Board of Directors
Adequate oversight is the key for good compliance culture…
Establish governance structure for
AML/CFT
Approve & periodically
review AML/CFT
framework/ policies
Establish internal
control to ensure
compliance to AML/CFT
Provide direction on
AML/CFT issues
Aware of ML/TF risk associated with the business
Ensure sufficient
resources for independent
control function
Receive timely &
comprehensive
AML/CFT report
Ensure adequate &
effective training /
awareness
Back to Slide 20