SBP AML/CFT/CPF Regulations Overview

Questions and Answers

What does AML stand for?

Anti-Money Laundering (correct)

Automated Money Lending

Anti-Monetary Loss

None of the above

The Anti-Terrorism Act was created in 2010.

False

What is the function of the Financial Monitoring Unit (FMU)?

It is established under Section 6 of the Anti-Money Laundering Act to monitor financial transactions.

The regulations were updated up to ______.

November 28, 2022

What does CDD stand for?

Customer Due Diligence

A PEP stands for Politically Exposed Person.

True

What does the acronym FATF refer to?

Financial Action Task Force

What is a Currency Transaction Report (CTR)?

A report that must be filed for transactions exceeding a specified amount.

The State Bank of Pakistan issues regulations under the authority of ______.

the Anti-Money Laundering Act, 2010

Match the following acronyms with their full forms:

AML = Anti-Money Laundering CFT = Combating the Financing of Terrorism CPF = Countering Proliferation Financing KYC = Know Your Customer

How long should the records of identification data obtained through CDD process be maintained after the business relationship ends?

ten years

What types of records must SBP REs maintain for a minimum period of ten years from transaction completion?

Records of transactions, STRs, and CTRs

SBP REs can dispose of records involved in litigation once the litigation begins.

False

What do SBP REs need to assess in relation to correspondent banking services? (Select all that apply)

AML/CFT/CPF controls and procedures

Which of the following measures is NOT mandated when establishing correspondent banking relationships?

Obtaining customer feedback

What is illegal MVTS?

Unauthorized foreign exchange business including unauthorized money transfers

SBP REs can use any premises for conducting money transfer services.

False

What should information about wire transfers enable?

Reconstruction of the transfer

What is the primary purpose of maintaining records of wire transfers by SBP REs?

Permit reconstruction of transactions

What must SBP REs ensure about transactions lacking complete information?

They must adopt risk-based policies to assess such transactions.

SBP REs shall ensure compliance with _____ laws and regulatory instructions.

prevailing

What type of systems must SBP REs implement for monitoring transactions?

Automated Transaction Monitoring Systems (TMS)

What do 'Payment Services' include?

Services that enable customers to make payments for goods and services, bill payments, fund transfers, cash deposit and withdrawal, and any other service endorsed by SBP.

What is the meaning of 'Payment System' as per PS&EFT Act?

It refers to the definition provided under Section 2(1)(zd) of the PS&EFT Act.

Who is considered a 'Politically Exposed Person (PEP)'?

An individual entrusted with a prominent public function domestically or abroad, including heads of state, government officials, and senior executives.

What does 'Regulated Entities (REs)' refer to?

Financial institutions licensed and regulated by the SBP which includes banks, DFIs, MFBs, and others.

What is the purpose of an Internal Risk Assessment Report (IRAR)?

To document identified ML/TF/PF risks and assess the effectiveness of existing AML/CFT/CPF policies and controls.

What should SBP REs achieve with their IRAR?

Identify, assess, and understand ML/TF/PF risks at the entity level.

What does CDD stand for?

Customer Due Diligence.

What should be verified as part of Customer Due Diligence?

The identity of the customer, including beneficial owners, through reliable documents.

SBP REs are not allowed to apply Enhanced Due Diligence (EDD) measures.

False

What does EDD stand for?

Enhanced Due Diligence.

A ____________ means an obligation annexed to the ownership of property for the benefit of a beneficiary.

trust

What is a 'Shell Bank'?

A bank that has no physical presence in the country where it is incorporated and is unaffiliated with a regulated financial group.

Which of the following are included in Regulated Entities (REs)? (Select all that apply)

Development Finance Institutions

Which measures are part of Customer Due Diligence requirements? (Select all that apply)

Verify beneficial owners

What shall SBP REs maintain in line with the Code of Corporate Governance?

Independent audit function

SBP REs should ignore compliance with FATF Recommendations in countries where branches are located.

False

What must SBP REs do if the AML/CFT/CPF requirements in the host country differ from those in Pakistan?

Apply the higher of the two standards, if permitted by host country law.

SBP REs shall develop and implement appropriate ______ procedures for hiring employees.

screening

What types of people should not become part of SBP REs?

Both A and B

What type of training program should SBP REs implement for AML/CFT/CPF?

An Annual Training Program developed after a Formal Training Need Assessment.

SBP REs are encouraged to provide outreach and awareness regarding AML/CFT/CPF obligations only to their employees.

False

Which document should be used for the identification of natural persons?

Valid identity document

Match the following components with the corresponding identification requirements:

National Tax Number = Legal Persons Date of Birth = Individuals Purpose of account = All Customers Trust Deed = Trusts

The training content shall also include responsibilities relating to ______.

AML/CFT/CPF

What is required to be obtained for the identification of customers?

Relevant documents as per customer type.

Which of the following measures may be included in SDD? (Select all that apply)

Not collecting specific information about the business relationship

SBP REs shall apply SDD whenever there is a suspicion of money laundering.

False

What shall SBP REs ensure regarding customer risk profiling?

The update of Customer Risk Profiling of their new and existing customers on an ongoing basis.

SBP REs shall block accounts without valid ______.

Identity Document

Match the following measures with their descriptions regarding dormant accounts:

Prior notice = Notices sent one month, seven days, and one day prior to marking the account as dormant Credit entries = Allow credit entries in dormant accounts Debit transactions = Not allowed until the account is activated Formal request for activation = Activation upon receipt of a request through authenticated medium

Government accounts can be opened in the personal names of government officials.

False

What must be obtained before opening accounts for autonomous bodies?

Necessary approval or resolution from their respective board or governing bodies.

SBP REs are allowed to rely on third-party financial institutions for CDD measures.

True

What action should SBP REs take if they find a relationship with existing or potential customers linked to DPs or PPs?

Both A and C

What should SBP REs do if they suspect a match between customer information and that of a DP or PP?

View with suspicion and analyze the details for necessary actions.

SBP REs shall conduct ______ while establishing a relationship with NGOs, NPOs, Charities, and Trusts when risks are higher.

Enhanced Due Diligence

Match the actions required for PEPs with the corresponding obligations:

Approval from senior management = Required when establishing or continuing relationships with PEPs Establish sources of wealth = Required for customers identified as PEPs Enhanced ongoing monitoring = For business relations with identified PEPs or their associates

Personal accounts may be used for charity purposes.

False

What is the requirement for SBP REs regarding transaction reporting?

To file STRs and CTRs with FMU as required under Section 7 of the Act.

What is required for newly registered branches or liaison offices of foreign companies?

Form II about particulars of directors, Principal Officer etc.

What document must be obtained from the Principal Officer authorizing account operation?

Letter from Principal Officer of the entity

Which identity documents are required for Trusts, Clubs, Societies, and Associations?

Identity documents of Governing Body members

What must be provided by NGOs/NPOs/Charities when opening an account?

Photocopy of applicable identity documents and certified copies of registration documents.

Which document is required for Executors and Administrators?

Both A and C

A certified copy of the order of appointment of the Guardian is required for ______ accounts.

Minor

All CDD requirements must be completed only for the mentally disordered person.

False

What additional verification is required for a mentally disordered person's account?

Biometric verifications

Expired CNIC can be used to open an account under certain conditions.

True

What is required if an individual has shaky or immature signatures?

A passport size photograph and thumb impressions.

Study Notes

Overview of SBP AML/CFT/CPF Regulations

• Issued by the State Bank of Pakistan (SBP) under Anti-Money Laundering Act, 2010.
• Intended for SBP Regulated Entities (SBP REs).
• Violations attract penal and administrative actions.
• Regulations prioritize compliance based on the size and complexity of operations.
• Updates and amendments may be issued through circulars, which can affect the interpretation of regulations.

Key Sections of the Regulations

• Part A: Acronyms - Abbreviations relevant to AML/CFT/CPF, including AML (Anti-Money Laundering), CDD (Customer Due Diligence), and FATF (Financial Action Task Force).
• Part B: Definitions - Provides clarity on terms like "Bank," "Beneficial Owner," "Politically Exposed Persons (PEPs)," and various transaction types.

Major Regulations

• Risk-Based Approach - Regulation prioritizes assessing customer risk to tailor AML/CFT strategies.
• Customer Due Diligence (CDD) - Essential for understanding and verifying customer identities and risk profiles.
• Reporting Transactions - Requires Suspicious Transaction Reports (STRs) and Currency Transaction Reports (CTRs) to be maintained and reported.
• Record Keeping - Mandates proper documentation and storage of transaction data and customer information.
• Politically Exposed Persons (PEPs) - Enhanced scrutiny for individuals with prominent public functions due to higher risks of corruption.

Customer Identification Requirements

• Identification documents required include:
  • Valid CNIC/SNIC/NICOP for Pakistani citizens.
  • Valid passport for foreign nationals.
  • Proof of registration for Afghan refugees.
• Enhanced due diligence is necessary for higher-risk customers.

Financial Transactions Regulations

• Wire Transfer Regulations - Outline protocols for domestic and international fund transfers, requiring accurate info for both sender and receiver.
• Targeted Financial Sanctions - Compliance with sanctions from the United Nations Security Council (UNSC) mandated under specific laws.

Responsible Bodies

• Financial Monitoring Unit (FMU) - Oversees compliance and reports on suspicious activities.
• Law Enforcement Agencies (LEAs) - Collaborate with financial institutions for investigations and enforcement of AML/CFT measures.

Additional Considerations

• Correspondent Banking - Banks providing services to foreign banks must adhere to strict compliance standards.
• Anti-Terrorism Act, 1997 - Regulations integrate frameworks established under this act, reinforcing the need for vigilance against terrorism financing.
• Technological Adaptation - New technologies adopted by institutions for transaction monitoring and identification processes.

Conclusion

• Continuous monitoring and compliance with AML/CFT/CPF regulations are critical for SBP REs to mitigate risks associated with money laundering, terrorism financing, and proliferation financing.### Definitions and Key Terms
• Payment Services: Services facilitating payments for goods, bill payments, fund transfers, cash deposits and withdrawals, as endorsed by the State Bank of Pakistan (SBP).
• Payment System: Defined under Section 2(1)(zd) of the PS&EFT Act.
• Politically Exposed Person (PEP): Individuals with prominent public roles, classified into foreign, domestic, and international organization officials. Excludes middle-ranking or junior individuals.
• Prescribed: Means established under applicable rules, circulars, or orders.
• Proscribed Person (PP): Individuals or entities banned under the Anti-Terrorism Act (ATA).
• Regulated Entities (REs): Financial institutions licensed and regulated by SBP, including banks, development finance institutions, microfinance banks, exchange companies, and payment service providers.
• Ultimate Effective Control: Ownership or control exercised through a chain of ownership or indirect means.

Regulations Overview

• Regulation – 1: Risk-Based Approach to AML/CFT

  • Compliance with AML/CFT regulations mandated for SBP REs.
  • Requires an Internal Risk Assessment Report (IRAR) to assess money laundering and terrorist financing risks.
  • IRAR should include insights from National Risk Assessment (NRA), past financial crimes, and stakeholder feedback.
  • Policies for customer onboarding and service provision should be guided by risk levels identified in IRAR.

• Regulation – 2: Customer Due Diligence (CDD)

  • Mandatory CDD for all customers, with specific measures detailed under section 7A of the Act.
  • Verification of customer identity using reliable independent documents.
  • Special provisions for authorized agents or representatives, requiring identification and verification of the agent's identity.
  • Identification of beneficial owners is crucial, with defined measures for legal persons and arrangements.
  • EDD measures are required in high-risk scenarios, including transactions with PEPs.

CDD Implementation

• CDD must occur before establishing business relationships or transactions.
• Legal persons require additional verification including proof of existence, governing powers, and senior management details.
• Prohibition on opening numbered accounts or conducting transactions using fake identities.

Ongoing Monitoring

• SBP REs must refine customer risk profiling and verify identities on an ongoing basis.
• Regular updates of CDD data are mandated, particularly for high-risk customers, to ensure all information is current and accurately reflects any changes in risk status.
• All transactions must align with the established knowledge of the customer and their risk profile.

Enhanced and Simplified Due Diligence

• Enhanced Due Diligence (EDD): Required for high-risk customers/transactions, involving deeper investigation into customer profiles and funds source verification.
• Simplified Due Diligence (SDD): Permitted only when low risk is established; does not require the same level of scrutiny as standard CDD.
• SDD cannot be applied if there are suspicions of money laundering or terrorism financing.

Responsibility and Governance

• The Board of Directors (BoD) is ultimately responsible for ensuring effective AML/CFT controls and adequate monitoring systems.
• Internal policies must reflect dynamic approaches to evolving risks and must be approved by the BoD and senior management for effectiveness and compliance.### SBP REs Responsibilities
• Obligation to acquire information about the background and purpose of complex or unusually large transactions lacking apparent economic rationale.
• Document findings to make available to competent authorities when needed.
• Requirement to update customer records for effective communication, recording postal/email addresses and phone numbers.

Customer Due Diligence (CDD)

• Apply CDD measures based on materiality and risk for existing customers, performing ongoing diligence as needed.
• Block accounts without valid identity documents after one month's notice; unblock upon verification of valid ID.

Dormant Accounts

• Send prior notification to account holders before marking accounts as dormant, with notifications at one month, seven days, and one day prior.
• Allow credit entries in dormant accounts, but restrict debits until reactivation.
• Reactivation requires a formal request from the customer through authorized means.

Use of Personal Accounts for Business

• Personal accounts prohibited for business use, with exceptions for proprietorships when KYC is satisfied.
• Government accounts cannot be opened in the personal names of officials, operating only from the principal account at SBP.

Accounts for Autonomous Bodies

• Requirements for opening accounts for autonomous bodies include obtaining necessary board approvals and No Objection Certificates (NOCs) from Finance Divisions.

Asset Side / Trade Finance Customers

• SBP REs must implement CDD for asset side/trade finance customers, monitoring for money laundering (ML), terrorism financing (TF), and proliferation financing (PF) risks.

Reliance on Third Party Financial Institutions

• SBP REs can rely on third-party institutions for CDD but retain ultimate responsibility for compliance.
• Ensure third parties are regulated and have appropriate measures for CDD, record-keeping, and data security.

Targeted Financial Sanctions (TFS)

• Obligations under UNSC Act and ATA regarding designated persons (DPs) and prohibited persons (PPs) include preventing provision of funds and assets.
• Implement real-time screening for customer transactions to identify links with DPs and PPs.

Politically Exposed Persons (PEPs)

• Policies are necessary to identify PEPs and their associates, requiring senior management approval for business relationships.
• Conduct enhanced monitoring for PEP relationships to confirm the legitimacy of sources of wealth and funds.

NGO/NPO/Charity/Trust Accounts

• Enhanced due diligence required for NGOs, ensuring accounts are used legitimately and for their stated purposes.
• Any discrepancies in account titles or transaction methods must be marked with caution, potentially filing Suspicious Transaction Reports (STRs).

Reporting of Transactions

• Mandatory filing of STRs and Currency Transaction Reports (CTRs) with the Financial Monitoring Unit (FMU) as per legal requirements.

Record Keeping

• Maintain records of customer identification for ten years post-business relationship, including transaction records and analysis.
• Ensure compliance with legal inquiries requires timely responses to authorities regarding records and transactions.

Correspondent Banking Services

• Assess suitability of respondent banks, considering factors such as business activities, geographical presence, management, and compliance controls.
• Thoroughly evaluate the respondent bank's reputation and history of compliance issues regarding money laundering and terrorism financing.

Description

Test your knowledge on the Anti-Money Laundering Regulations issued by the State Bank of Pakistan. This quiz covers key points such as compliance requirements, violations, and the structure of the regulations. Suitable for professionals and students interested in financial regulations.