1st Follow-Up Report - Mutual Evaluation of Nepal - June 2024 PDF

1st Follow-Up Report Mutual Evaluation of Nepal June 2024 The Asia/Pacific Group on Money Laundering (APG) is an inter-governmental organisation consisting of 42 members in the Asia-Pacific region, as well as organisations, and observers from outside the region. Under Article 1 of the APG Terms of Reference 2019, the APG is a non-political, technical body, whose members are committed to the effective implementation and enforcement of the internationally accepted standards against money laundering, financing of terrorism and proliferation financing set by the Financial Action Task Force. This document, any expression herein, and/or any map included herein, are without prejudice to the status of, or sovereignty over, any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Under the APG Terms of Reference, membership in the APG is open to jurisdictions which have a presence in the Asia-Pacific region. For more information about the APG, please visit the website: www.apgml.org © December 2024 APG No reproduction or translation of this publication may be made without prior written permission. Applications for permission to reproduce all or part of this publication should be made to: APG Secretariat Locked Bag A3000 Sydney South New South Wales 1232 AUSTRALIA Tel: +61 2 5126 9110 E mail: [email protected] Web: www.apgml.org Cover image: Chungba Sherpa © Nepal Tourism Board NEPAL 1ST ENHANCED (EXPEDITED) FOLLOW-UP REPORT 2024 I. INTRODUCTION 1. The mutual evaluation report (MER) of Nepal was adopted in September 2023. 2. This FUR analyses the progress of Nepal in addressing the technical compliance requirements of the recommendations being re-rated. Technical compliance re-ratings are given where sufficient progress has been demonstrated. 3. This report does not analyse any progress Nepal has made to improve its effectiveness. 4. The assessment of Nepal’s request for technical compliance re-ratings and the preparation of this report was undertaken by the following experts: Minerva A. Sobreviga-Retanal, The National Bureau of Investigation, the Philippines Robert Milnes, Department of Internal Affairs, New Zealand Jeff Napp, Financial Markets Authority, New Zealand Md. Khairul Anam, Bangladesh Bank, Bangladesh Ran Sun, Anti-Money Laundering Monitoring and Analysis Centre of the Peoples Bank of China, China Katie Andrews, the Australian Federal Police, Australia 5. The preparation of the report was supported by Alex Neville, Caroline Bicheno, Gavin Raper, Joëlle Woods, Margaret Stone and Sylvia Deutsch of the APG Secretariat, with additional support from other Secretariat members. 6. Section IV of this report summarises the progress made to improve technical compliance. Section V contains the conclusion and a table illustrating Nepal’s current technical compliance ratings. II. FINDINGS OF THE MUTUAL EVALUATION REPORT 7. Nepal current ratings 1 are follows: 1 There are four possible levels of technical compliance: compliant (C), largely compliant (LC), partially compliant (PC), and non-compliant (NC). Effectiveness ratings for the 11 Immediate Outcomes are: Low, Moderate (Mod), Substantial or High. 1 Effectiveness IO.1 IO.2 IO.3 IO.4 IO.5 IO.6 IO.7 IO.8 IO.9 IO.10 IO.11 Mod Mod Low Low Low Mod Mod Low Low Low Low Technical Compliance R. Rating R. Rating 1 PC (2023 MER) 21 C (2023 MER) 2 PC (2023 MER) 22 PC (2023 MER) 3 LC (2023 MER) 23 PC (2023 MER) 4 LC (2023 MER) 24 PC (2023 MER) 5 LC (2023 MER) 25 PC (2023 MER) 6 PC (2023 MER) 26 PC (2023 MER) 7 NC (2023 MER) 27 C (2023 MER) 8 NC (2023 MER) 28 PC (2023 MER) 9 LC (2023 MER) 29 C (2023 MER) 10 PC (2023 MER) 30 LC (2023 MER) 11 C (2023 MER) 31 PC (2023 MER) 12 LC (2023 MER) 32 LC (2023 MER) 13 LC (2023 MER) 33 LC (2023 MER) 14 LC (2023 MER) 34 PC (2023 MER) 15 NC (2023 MER) 35 LC (2023 MER) 16 LC (2023 MER) 36 LC (2023 MER) 17 LC (2023 MER) 37 LC (2023 MER) 18 LC (2023 MER) 38 PC (2023 MER) 19 PC (2023 MER) 39 PC (2023 MER) 20 C (2023 MER) 40 PC (2023 MER) 2 8. Given these results and the effectiveness ratings, Nepal is on enhanced (expedited) follow- up.2 III. PROGRESS TO IMPROVE TECHNICAL COMPLIANCE 9. In keeping with the APG ME Procedures, this FUR considers progress made up until 1 June 2024 and considers progress to address the deficiencies identified in the MER and the entirety (all criteria) of each Recommendation under review, noting that this is cursory where the legal, institutional or operational framework is unchanged since the MER or previous FUR. This report does not address the progress Nepal has made to improve its effectiveness. 10. This section summarises the progress made by Nepal to improve its technical compliance by implementing requirements in place at the time of the MER. Progress to address technical compliance deficiencies identified in the MER. 11. Nepal requested re-ratings of R.7, R.8, R.15 (which were rated NC); and R.1, R.2, R.6, R.10, R.19, R.22, R.23, R.24, R.25, R.26, R.28, R.31, R.34, and R.38 (which were rated PC). 12. The APG welcomes the steps that Nepal has taken to improve its technical compliance with R.1, R.2, R.6, R.7, R.8, R.10, R.15, R.19, R.22, R.23, R.24, R.25, R.26, R.28, R.31, R.34, and R.38. As a result of this progress, Nepal has been re-rated on R.2, R.7, R.10, R.15, R.19, R.22, R.23, R.31 and R.38. Recommendation 1 [R.1] (Originally rated partially compliant) 13. Nepal was rated PC for R.1 in its 2023 MER. The report noted discrepancies in determining threats in the NRA. The AT considered banking offences as lower threat, and that drugs trafficking and environmental crime might be higher than outlined in the NRA. The identification of human trafficking as medium was not reasonable. The NRA did not include all FIs and DNFBPs. Other shortcomings included no analysis of ML/TF risk associated in legal persons and limited analysis of cross-border issues. The TF assessment in the NRA was very limited and lacks sufficient analysis. Furthermore, the 2023 MER also identified that it was unclear whether the frequency of NRA updates is based on consideration of changing ML/TF risk. How the National AML/CFT Strategy and Action Plan is used to allocate institutional-level resources across all agencies involved in Nepal’s AML/CFT regime is another issue that needed to be addressed. There were minor scope gaps for DNFBPs. 14. Criterion 1.1 is partly met. Since the 2023 MER, Nepal has amended the ALPA and is required to make yearly updates to ML/TF risk assessments (s35 ALPA), related policy and guidance (s7P(5)(6) ALPA Amended); and conduct an evaluation and review of implemented guidelines or plans (s7X(4)(b)(c) ALPA). Nepal has not conducted an updated NRA since 2020 and the analysis and findings on ML and TF threats and vulnerabilities remain unchanged from Nepal’s 2023 MER. 15. Criterion 1.2 is met. With amendments to the ALPA, the Coordination Committee is responsible for coordinating actions to assess Nepal’s risks (s35(5) ALPA). 16. Criterion 1.3 is mostly met. As per c.1.1, under the amendments to the ALPA, Nepal is to make yearly updates to ML/TF risk assessments, with the Coordination Committee responsible for 2 There are three categories of follow-up based on mutual evaluation reports: regular, enhanced and enhanced (expedited). For further information see the APG Mutual Evaluation Procedures. 3 preparing the national and regional risk assessments, sourcing information from sectoral risk assessments (s35 ALPA). As outlined in the MER, Nepal’s first National ML/TF NRA was initiated in 2012 and completed in 2016. The 2nd NRA was completed in 2020. Up to the Follow-Up report progress deadline of 1 June 2024, Nepal has not updated its NRA. Nepal new National Strategy and Action Plan (NSAP) 2024-2029 details a program for carrying out an update to the National and Sectoral Risk Assessment by January 2025. 17. Criterion 1.4 is met. No deficiencies were identified in the 2023 MER and the analysis in the MER is current. 18. Criterion 1.5 is mostly met. The Coordination Committee is responsible for coordinating resources and implementing action plans and guidelines, such as the new NSAP 2024-2029 to prevent and mitigate ML/TF (s7X(4) ALPA). At the time of this FUR (deadline for progress of 1 June 2024) Nepal was in a transition phase between the previous NSAP and the new NSAP 2024-2029, which was approved on 1 July 2024. As outlined in the MER, the previous NSAP was informed by the 2016 NRA, a 2018 self-assessment and was updated with supplementary activities based on the 2020 NRA findings. At the time of the 2023 MER, it was not fully translated into institutional level resource allocation across all agencies involved in Nepal’s AML/CFT regime. 19. Nepal’s new NSAP 2024-2029 is based on the previous NSAP, informed by the 2016 NRA, a 2018 self-assessment and 2020 NRA findings, and the findings of the 2023 MER. The new NSAP is clearer on allocation of institutional level resource but was not approved before the deadline for progress of 1 June 2024. 20. Criterion 1.6 is not applicable. The analysis in the MER is current except that Nepal no longer has a scope gap with regard to DNFBPs (see R.22 and R.23 below). 21. Criterion 1.7 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 22. Criterion 1.8 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 23. Criterion 1.9 is partly met. As outlined in R.26, the NRB is ensuring commercial banks are implementing their obligations under R.1 and there have been some onsite inspections on different types of FIs carried out and some sanctions were imposed on a very few entities. As outlined in R.28, across all DNFBPs, risk-based AML/CFT supervision has not yet commenced. 24. Criterion 1.10 is met. In addition to these risk assessment requirements set out in s7D ALPA to give effect to c.10.10(a) to (d), the amendments to the ALPA require reporting entities are to develop and maintain risk assessments, identifying, assessing and understanding their relevant ML/TF risks (s35 and s7P(5)(6) ALPA Amended). 25. Criterion 1.11 is mostly met. As outlined in the MER, FIs and DNFBPs are required to have policies, controls, and procedures to manage and mitigate identified risks and monitor their implementation (s7D(7) and (8) of ALPA). Amendments to the ALPA, reinforce FIs and DNFBPs to make necessary updates on institutional policy, procedure, and action plans to manage and mitigate their risks (s7P (5) and (6) ALPA Amended). There remains no explicit requirement for senior management approval. 4 26. Criterion 1.12 is mostly met. As outlined in c.1.8, FI and DNFBPs can take simplified measures to manage and mitigate risks, if lower risks have been identified and where there is no suspicion of ML/TF ((s7F(2) ALPA). However, criteria 1.9 to 1.11 are not all met. Weighting and Conclusion 27. Amendments to the ALPA (s35 and s7P(5)(6) ALPA) reinforce requirements to regularly develop and maintain risk assessments; however, there has been no updated risk assessments and gaps highlighted in MER with regards to Nepal’s 2020 NRA (in c.1.1) remain. Nepal is applying a national- level risk-based approach through its NSAPs and is in a transition phase to the NSAP 2024-2029. The new NSAP is clearer on allocation of institutional level resources but was not approved before the deadline for progress of 1 June 2024. Obligations on FIs and DNFBPs are in place. 28. Recommendation 1 remains rated partially compliant. Recommendation 2 [R.2] (Originally rated partially compliant) 29. Nepal was rated PC for R.2 in its 2023 MER. The 2023 MER acknowledged that the NCC is responsible for national AML/CFT policy including Nepal’s risk-based National Strategy and Action Plan. Nepal has a range of committees supporting the NCC and implementing Nepal’s AML/CFT policies. Nepal’s 2023 MER identified that, while these committees are cooperating on AML/CFT policy, operational cooperation and coordination is limited. Due to the large number of LEAs and AML/CFT supervisors, the AT has placed weight on the limited operational cooperation and coordination. There was no cooperation and coordination on PF. 30. Criterion 2.1 is met. No deficiencies were identified in the 2023 MER. Currently, Nepal is in the transition phase to its third National Security and Action Plan, NSAP 2024-2029. Nepal’s new NSAP 2024-2029 is based on the previous NSAP, informed by the 2016 NRA, a 2018 self-assessment and 2020 NRA findings, and the findings of the 2023 MER. The previous NSAP (discussed in the MER) was in place to the NSAP 2024-2029 was approved on 1 July 2024 (post the deadline for progress of 1 June 2024). 31. Criterion 2.2 is met. No deficiencies were identified in the 2023 MER. Since the MER and under amendments to the ALPA, Nepal has reformed its mechanisms responsible for its national AML/CFT policies. A Directive Committee (DC) comprising of members from all relevant agencies, chaired by the Minister of Finance, reviews and recommends national AML/CTF policies and programs received from the Coordination Committee (CC) (previously the NCC), for approval to the Government of Nepal (s7W ALPA Amended). It also monitors and reviews the effectiveness of operations related to preventing ML, TF and PF (s7W ALPA). The DC is senior to the CC and coordinates the functions for all relevant Nepal agencies involved in AML/CFT national policy. The CC is coordinated by the Secretary, OPMCM, who coordinates and facilitates functional coordination of agencies involved in activities related to preventing ML, TF and PF. 32. Criterion 2.3 is mostly met. Information provided to the review team shows that the CC/NC has met 17 times since the ME onsite visit, with meeting focused on responding to the finding of the MER, legislative reforms, and development NSAP 2024-2029. In addition, to support development of the NSAP 2024-2029 and agencies plans the OPMCM coordination has held over 75 inter agency meetings. 33. In addition to the DC and CC and as discussed in the MER, Nepal has three primary mechanisms for AML/CFT cooperation and coordination as follows. 5 34. As discussed in the MER, the RCM coordinated by Governor, NRB is responsible for coordinating FI and DNFBPs implementation of AML/CFT requirements, supporting FIU for resources and developing related AML/CFT policies and procedures. The RCM has met four times since the ME onsite visit with meetings focused on a combination of policy and operational matters. 35. As discussed in the MER, The ICM headed by Deputy Attorney General coordinates with law enforcement in regard to investigation, prosecution and adjudication of ML, prescribing national investigation strategies against financial crimes on the basis of risk. The Investigation Coordination Committee (ICC) under the chairmanship of Attorney General is an additional mechanism for cooperation and coordination on ML investigations and prosecutions. Information provided to the review team shows the ICM has formally met twice since the ME onsite visit with meeting focused policy issues and overcoming operational challenges. 36. At the time of the ME, DMLI was the sole ML investigator and predicate crime investigation was with Nepal Police and multiple other LEAs and Investigative Authorities. This arrangement required strong policy and operational cooperation and coordination on ML. The MER outlined that the ICM and to a lesser extent the ICC were being used for policy-related cooperation and coordination but not operational. 37. Since the ME, the ML investigation jurisdiction has changed. With the amendments to the ALPA, all predicate crime LEAs and Investigative Authorities are designated to investigate ML related to their predicate crime jurisdiction (s13 to s15 ALPA). Furthermore, amendments to the ALPA do enable joint investigative teams between DMLI and other LEA/ Investigative Authorities (s14A and s14A(4) ALPA), supporting a mechanism for operational level coordination and cooperation on ML and associated predicate offence activities. Nepal reports that five operational meetings, coordinated by DMLI, have occurred between LEAs, and resulted in at least three fraud cases for prosecution. No other information or supporting documentation was provided on the operational cooperation and coordination done by DMLI through the ICM and ICC. 38. The CTM is headed by Secretary, Ministry of Home Affairs and is responsible for controlling, combatting, and executing responses to terrorism and TF. Nepal Police is designated to investigate TF (s13 ALPA). Information provided to the review team shows the CTM has formally met four times since the ME onsite visit with its subcommittee meeting another twelve times. Meeting have been focused policy issues and some operationally focused issues. 39. Criterion 2.4 is met. Under amendments to the ALPA, the DC has a clear mandate to monitor and review the effectiveness of operations related to preventing PF (s7W ALPA) and a CC (replacing NCC) to maintain or facilitate functional coordination of agencies involved in activities related to preventing and PF (s7X ALPA). Since the MER, Nepal’s PF related cooperation has focused on legislative amendments to the ALPA (the ALPA has criminalised PF), development of the IP-TFS, which is an implementation procedure for Nepal’s TFS-PF regime and issuing a freeze order related to TFS-PF (see below discussion of R.7). 40. Criterion 2.5 is met. The CC is the mechanism for cooperation and coordination between relevant authorities to ensure compatibility of AML/CFT requirements with any Data Protection and Privacy Rules in Nepal (s7X(4)(f) ALPA). Weighting and Conclusion 41. With the amendment in ALPA, the DC is now responsible Nepal’s national AML/CFT policies supported by the CC (previously the NCC). At the time of this FUR (deadline for progress of 1 June 2024), Nepal was in a transition phase between the previous NSAP and the new NSAP 2024- 6 2029. Nepal has a range of committees for policy and operational cooperation and coordination, which have continued to meet post the ME with a focus on policy and some operational cooperation and coordination. The DC and CC include a clear mandate for PF cooperation and corporation. The CC is now the mechanism for cooperation and coordination between relevant authorities to ensure compatibility of AML/CFT requirements with any Data Protection and Privacy Rules in Nepal. 42. Recommendation 2 is re-rated to largely compliant. Recommendation 6 [R.6] (Originally rated partially compliant) 43. Nepal was rated PC for R.1 in its 2023 MER. Deficiencies identified in the 2023 MER included the absence of implementing TFS without delay pursuant to UNSCRs 1267 and 1989 and Nepal did not specifically provide provisions for the freezing of funds or properties which are directly or indirectly, wholly or jointly benefits designated persons and entities. There are other shortcomings in the requirements covering identifying and designating, de-listing, unfreezing, and providing access to frozen funds. 44. Criterion 6.1 is met. Since the 2023 MER, the ALPA, which has a separate chapter on TFS, has been amended. The changes cover TFS under Chapter 6-A. Furthermore, Nepal issued the ‘Implementation Procedure of Targeted Financial Sanctions’ (IP-TFS), under the Asset (Money) Laundering Prevention (Freezing of Properties and Funds of Designated Persons, Group and Organization) Regulation 2013 (ALPR-TFS) which is still in place since the time of the ME. 45. c.6.1(a) is met: the analysis and rating of met in the MER is current. As outlined in the MER, the Ministry of Home Affairs (MoHA) as the competent authority to conduct necessary inquiries into persons, groups or organisations involved in, or suspected to be involved in TF in accordance with UNSCRs 1267/1989/1988 Committees for designation (s29F(2) ALPA) and Under s29F(3) ALPA and r4(3)(a) of the ALPR-TFS, when the Government of Nepal, Council of Ministers decides to enlist a person, group or organisation, MoHA forwards the proposal to the UN through the Ministry of Foreign Affairs (MoFA). 46. c.6.1(b) is met: As outlined in the MER, MoHA on suo motu (on its own motion/initiative) or upon receipt of a request from a foreign country, conducts the necessary inquiry into the person’s, group’s or organisation’s involvement in suspected terrorist or terrorist financing activities (s29F(2) ALPA). r4 ALPR-TFS provides mechanisms to identify targets for designation including that r4(3) sets out the process once the decision has been made to enlist a person, group or organisation dependent on the relevant UNSCR. The IP-TFS has now been implemented and sets out the designation criteria in accordance with relevant UNSCRs in Chapter 4 and Annex 2, which includes copies of the relevant forms. This addresses the identified deficiency. 47. c.6.1(c) is met: As outline in the MER, s29F(2),(3) ALPA and r4(1) of the ALPR-TFS provides an evidentiary standard of proof or “reasonable grounds” when deciding whether to make a proposal for designation. The MER outlines that Nepal states that these provisions are independent of criminal proceedings involving investigation and prosecution; however, this is not explicit in the ALPA or ALPR-TFS. The IP-TFS set outs that the Office of the Prime Minister and Council of Minister (OPMCM) is involved in the decision with regard to evidentiary standard and clarifies that “reasonable grounds” is independent of criminal proceedings. 48. 6.1 (d) is met: The IP-TFS provides the detailed procedures of listing including requirement to use standard forms adopted by relevant committees. 7 49. 6.1 (d) is met: The IP-TFS provides the procedures of listing and states that MoFA when proposing a person or entities to the UN it must include “name, a statement of case with detail on basis for listing and specify whether Nepal's status as a designating state may or may not be made known” and also includes the UN designation criteria and standard forms for listing as an annex for reference. Nepal has not proposed any designation pursuant to UNSCR 1267/1989 and 1988. 50. Criterion 6.2 is mostly met. 51. c.6.2(a) is met: As set out in the MER, Nepal’s legal framework to identify and designate pursuant to UNSCR 1373 is set out under Chapter 6B of the ALPA. s29F ALPA provides mechanism for identifying targets for designation and freezing the property or funds under UNSCR 1373. The MER states that r4(3)(c) ALPR-TFS provides for MoHA with approval from the Council of Ministers, to designate persons or organisations to the ‘domestic designation list’, there is no explicit requirement for this to be done in accordance with the criteria of UNSCR1373. The IP-TFS sets out explicit obligations for designations pursuant to UNSCR 1373. 52. c.6.2(b) is met: As set out in the MER, s29F(3) ALPA provides the mechanism for identifying targets for designation under UNSCR 1373. r4(1) and (3) ALPR-TFS provides further requirements on this mechanism; however, there is no explicit requirement for the designation criteria to be in accordance with UNSCR 1373. The IP-TFS sets out the designation criteria in accordance with relevant UNSCRs 1373. 53. c.6.2(c) is met: The analysis and rating of met in the MER is current. As outlined in the MER, ALPA provides the legal basis for the designation pursuant to UNSCR1373. r3(4) requires the MoHA to complete its enquiry within three days upon receipt of the request. In the MER, this is considered a prompt determination. 54. 55. c.6.2(d) is met: As set out in the MER, s29F(2) and (3) ALPA and r4(1) of the ALPR-TFS provides an evidentiary standard of proof or “reasonable grounds” when deciding whether or not to make a proposal for designation. The MER outlines that Nepal states that these provisions are independent of criminal proceedings involving investigation and prosecution; however, this is not explicit in the ALPA or ALPR-TFS. The IP-TFS set outs that the Office of the Prime Minister and Council of Minister (OPMCM) is involved in the decision with regard to evidentiary standard and clarifies that “reasonable grounds” is independent of criminal proceedings. 56. c.6.2(e) is mostly met: As set out in the MER, the legal basis for requesting another country give effect to a domestic listing is under s29F and s29I(1) ALPA and r4 ALPR-TFS. Nepal has not demonstrated that, when requesting another country to give effect to the actions initiated under the freezing mechanisms, there are processes/requirements for providing as much identifying information, and specific information supporting the designation, as possible. 57. Criterion 6.3 is partly met. As outlined in the MER, s29(F)(2) and r3 and r4 ALPR-TFS provides the legal basis for the MoHA to conduct ‘inquiry into such person, groups or organization’. The IP-TFS authorises the Ministry of Home Affairs and Counter Terrorism Mechanism-Technical Committee as legal authorities that devise procedures or mechanisms to collect or solicit information to identify persons and entities based on reasonable grounds, or who are suspected or believe to meet the criteria for designation. It is not clear this has been done in practice. 58. As outlined in the MER, ex parte proceeding is allowed in Nepal when provided under the relevant laws or rules; however, there are no explicit provisions in the ALPA or ALPR that allow competent authorities in Nepal to operate ex parte against a person or entity who has been identified and whose (proposal for) designation is being considered. The amendment to the ALPA does not allow 8 competent authorities in Nepal to operate ex parte against a person or entity who has been identified and whose (proposal for) designation is being considered. 59. The IP-TFS includes duties and responsibilities including “Operate ex parte against a person or entity who has been identified and whose (proposal for) designation is being considered”. Nepal advises that the IP-TFS is a delegated legislation, which has been approved, by Ministry of Home Affairs, as per Rule 17 of Asset (Money) Laundering Prevention (Freezing of Properties and Funds of Designated Persons, Group and Organization) Regulation 2013 (ALPR) and has been effective per 31 May 2024. It is not clear the IP-TFS is delegated legislation that provides a legal basis ex parte proceeding. 60. Criterion 6.4 is partly met. The amendments to the ALPA do not impact the legal basis and process for Nepal’s implementation of TFS for UNSCR 12617 and 1988 and UNSCR 1373; therefore, Nepal’s process for implementing TFS remains unchanged from the MER as follows. 61. For implementation of TFS related to UNSCR 1373: As discussed in the MER, once Nepal makes the decision to designate an individual/entity pursuant to UNSCR 1373, an order to freeze the property or funds is issued (s29F(3) of the ALPA). In accordance with r3(7) ALPR-TFS, MoHA is required to immediately issue the freeze order. s29G(1) ALPA requires all natural and legal persons in Nepal to immediately freeze property or funds of designated persons/entities under s29F ALPA. IP- TFS does stipulate that dissemination of freezing order by MoHA shall not be more than 18 hours. To date, Nepal has not designated an individual/entity pursuant to UNSCR 1373. 62. For implementation of TFS related to UNSCR 1267 and 1988: As discussed in the MER, ALPA s29E requires the MoFA must publish ‘without delay’ on its website any changes to the listing and electronically inform the Ministry of Home Affairs (MOHA) (s29E(1) ALPA). MOHA must then issue a Freeze Order that requires the immediate freezing of the property or funds of designated persons or entities (s29E(2) ALPA) and publish the UNSCR list and Freeze Order ‘without delay’ on its website (s29E(2) ALPA). In line with the MER, the IP-TFS clarifies that the freeze order issued by MOHA will cover future changes and amendments to designations. 63. Since the MER, Nepal has issued 5 freeze order. Nepal did not demonstrate these were issued within 24 hours of any changes to the UN designations. The latest Freeze Order issued by MOHA (is dated 5 April 2024) states: 64. “The list of terrorist individuals, groups, or organizations pursuant to Section 29E. and 29F. of the Asset (Money) Laundering Prevention Act (ALPA), 2008 remains updated and published on the website of this Ministry and it is public that the actions have been taken accordingly. As the updated list is regularly maintained on the website, this order is issued pursuant to S29E(2) to all concerned to immediately freeze without delay the assets or funds or any kind of direct or indirect benefits relating to terrorist person, group or organization without prior notice as per Section 29G. of the ALPA and extend information to concerned authorities. Failure to comply with this freezing order shall result in legal actions as per the prevailing laws.” 65. Consistent with the findings of the MER, the latest Freeze Order, dated 5 April 2024, still lacks a prospective clause to cover future changes and amendments to designations. Similar wording is included in the other 4 freezing orders provided to reviewers. As Nepal does not include a prospective clause in freeze orders, it seems that Nepal is not implementing TFS consistent with the new IP-TFS. 66. Criterion 6.5 is partly met. 9 67. 6.5(a) is met: The analysis and rating of met in the MER is current. As outlined in the MER, all natural and legal persons in Nepal are required to immediately freeze and without prior notice the funds or property of designated persons and entities (s29G(1) ALPA). 68. c.6.5(b) is met: The analysis and rating of met in the MER is current. As outlined in the MER, the obligation to freeze extends to, and includes properties or funds (i) solely owned or jointly owned (s29G(2)(a) ALPA). (ii) possessed or controlled, directly or indirectly (s29G(2)(a) ALPA). (iii) generated or accrued (s29G(2)(b) ALPA). (iv) of any person, group or organisation acting on behalf of, or at the direction of, such person, group or organisation (s29G(2)(c) ALPA). 69. c.6.5(c) is partly met: The analysis and rating of partly met in the MER is current. There is yet an explicit prohibition for all types of persons under the FATF requirements i.e. both nationals and foreigners or foreign entities or individuals with no nationality since no changes in s29G(4) was introduced in the amended ALPA.Provisions under 29G of Amended ALPA has not addressed the requirements in criterion c.6.5(c) which requires countries to prohibit their nationals, or any persons and entities within their jurisdiction, from making any funds or other assets or economic resources as defined by FATF to be available for the benefit of designated persons and unless licensed, authorised or otherwise notified in accordance with the relevant UNSCRs. 70. c.6.5(d) is partly met: The analysis and rating of partly met in the MER is current. As outlined in the MER, Nepal has a mechanism to communicate designations to the FIs and DNFBPs, by requiring MOHA to publish a freeze order on its website (s29E(2) & (3)) with natural persons, legal persons and FIs and DNFBPs required to regularly and proactively access the website (s29E(4)). r3(2),(7). ALPR- TFS has similar requirements. However, since the 2023 MER, Nepal still does not have any mechanism to provide clear guidance to FI or DNFBPs that may be holding targeted funds or other assets of persons and entities acting on behalf of, or at the direction of, designated persons or entities as well as on their obligations in taking action under freezing mechanisms. The IP-TPS specifically states that its objective is to help government officials and relevant agencies to effectively implement TFS regime. It is not industry guidance. While the IP-TFS includes some definitions, it is not clear that the IP-TFS imposes legally enforceable obligations. 71. c.6.5(e) is partly met: The analysis and rating of partly met in the MER is current. No significant changes were introduced in the amended ALPA to cover the requirement to report compliance actions. The provision s29G(6) of the amended ALPA does not explicitly include attempted transactions. 72. c.6.5(f) is partly met: The analysis and rating of partly met in the MER is current. There are still no explicit provisions covering compensation and protection against arbitrary deprivation/seizure of property or in an oppressive manner to those bona fide third parties ‘acting in good faith’ when implementing the obligations under Recommendation 6. 73. Criterion 6.6 is partly met. 74. c.6.6(a) is partly met: The analysis and rating of partly met in the MER is current. As outlined in the MER, persons and entities listed pursuant to Chapter 6B. ALPA can submit an application to the MoHA if referring to s29F or MoFA if referring to s29E. The process for de-listing is outlined in ALPA s29H and ALPR-TFS r5(1). However, the ALPA or ALPR-TFS or the IP-TFS (issued post the MER) do not outline the procedures, mechanics and standards required for the submission of a request for de- listing to the relevant UN sanctions Committee in the case of persons and entities designated pursuant to the UN Sanctions Regimes, in the view of the country, do not or no longer meet the criteria for designation. 10 75. c.6.6(b) is met: The analysis and rating of met in the MER is current. As outlined in the MER, the legal basis for de-listing designated persons or entities regarding UNSCR 1373 is under s29H of the ALPA and r5 of the ALPR-TFS also outlines this requirement. 76. c.6.6(c) is met: The analysis and rating of met in the MER is current. As outlined in the MER, s29H of the ALPA enables MoHA to conduct an enquiry or review of a designation decision. Additional guidance is included in Annexure 3 of the IP-TFS. 77. c.6.6(d) is not met: The analysis and rating of not met in the MER is current. As outlined in the MER, s29H does not provide a mechanism to facilitate the review in accordance with any applicable guidelines or procedures adopted by the 1988 Committee, including those of the Focal point mechanism established under UNSCR 1730. 78. c.6.6(e) is not met: The analysis and rating of not met in the MER is current. As outlined in the MER, there is no evidence shown with respect to designation on the Al-Qaida Sanctions List, procedures for informing designated persons and entities of the availability of the United Nations Office of the Ombudsperson, pursuant to UNSCRs 1904, 1989, and 2083 to accept de-listing petitions. The IP-TFS is not a public document, and it is unclear if there is any relevant information on MoHA or MFA websites. 79. c.6.6(f) is partly met: As outlined in the MER, MOHA may order property and funds to be unfrozen (r8 of ALPR-TFS), but the procedure for unfreezing false positives is unclear and is not publicly available. The IP-TFS includes procedures for unfreeze including in relation to false positives (Chapter 7), but the IP-TFS is not public. The IP-TFS states that MoHA and MoFA will publish clear procedures for unfreeze of the funds, but it is unclear if this has occurred. 80. c.6.6(g) is partly met: As outlined in the MER, provisions relating to de-listing is limited to s29H(1) to (3) of the ALPA and r5 and 12 of the ALPR-TFS. r5(6) requires the MoHA to publish a notice of delisting on its website. It is unclear if this has occurred. It is unclear if Nepal has any mechanism to provide clear guidance to FI or DNFBPs on their de-listing obligations. 81. Criterion 6.7 is met. No deficiencies were identified in the 2023 MER with the analysis in the MER still current. Weighting and Conclusion 82. Since the 2023 MER, Nepal has issued the IP-TFS, which in combination with relevant provisions in the ALPA and ALPR-TFS, as outlined MER, rectify many of the deficiencies in c.6.1 and c.6.2 and are most met, respectively. Moderate shortcomings identified in the MER with respect to procedures and mechanism to collect and solicit information and to operate ex parte remain. The amendments to the ALPA do not impact the legal basis and process for Nepal’s implementation of TFS for UNSCR 1267 and 1988 and UNSCR 1373. The shortcomings identified in the MER regarding issuing of freezing orders have not been rectified with Nepal not implementing TFS for UNSCR 1267 and 1988 without delay. 83. Moderate shortcomings identified in the MER remain with respect to Nepal’s prohibition (c.6.5(c)), mechanisms for communicating designations and providing clear guidance to entities that may be holding targeted funds/assets (c.6.5(d)), reporting of attempted transactions is not required (c.6.5(e)), protections of bona fide third parties (c.6.5(f)), and Nepal’s requirements covering identifying and designating, de-listing, unfreezing and providing access to frozen funds. 84. Recommendation 6 remains rated partially compliant. 11 Recommendation 7 [R.7] (Originally rated not compliant) 85. Nepal was rated NC for R.1 in its 2023 MER. According to the 2023 MER, Nepal did not implement TFS for PF without delay as Nepal has not issued a Freeze Order pursuant to UNSCRs 1718 or 2231 and successor resolutions. In addition, there was ambiguity as to whether FIs’ and DNFBPs’ freeze obligation under ALPA s29G only applies to TFS-TF and not PF. Significant weight has been placed on these deficiencies. Nepal had some measures to give effect to de-listing and unfreezing requirements. 86. Criterion 7.1 is partly met. Nepal has amended Chapter 6B of ALPA in April 2024 to explicitly include targeted financial sanctions for proliferation financing. The process for implementation of TFS for PF remains unchanged from the MER. As discussed in the MER, for the freeze (under s29G(1) ALPA) to be in force and effect, the following steps must occur: The MoFA must publish ‘without delay’ on its website any changes to the listing and electronically inform the MOHA (s29E(1) ALPA). MOHA must then issue an ‘order to immediately freeze’ the property or funds of the ‘terrorist persons, groups or organizations enlisted’ (s29E(2) ALPA) and publish the list and freeze order ‘without delay’ on its website (s29E(3) ALPA). 87. In line with the MER, the IP-TFS clarifies that the freeze order issued by MOHA will cover future changes and amendments to designations. 88. Since the ME onsite visit and post adoption of ALPA amendments, the MoHA has issued one freezing order to immediately freeze the property or funds of the listed persons, groups or organizations and publish the order (s29E(2)). However, the freezing order provided to the Review Team is not clear in reference to UNSCRs 1718, Nepal did not demonstrate it can issue a freeze order within 24 hours post the UN designation, and the freeze order lacks a prospective clause to cover future changes and amendments to designations. As Nepal does not include a prospective clause in freeze orders, it seems that Nepal is not implementing TFS consistent with the new IP-TFS. 89. Criterion 7.2 is mostly met. Under this criterion, the 2023 MER identified significant deficiencies, such as: (i) No current standing order to immediately freeze properties or funds, and ambiguity in s29G (ALPA) whereby only TFS-TF appears to be covered under this provision; (ii) no implementation or implementing or enforcement TFS-PF without delay, (iii) no other mechanism for providing clear guidance to FIs or DNFBPs that may be holding targeted funds or other assets; and (iv) no provisions covering bona fide third parties acting in good faith when implementing the obligations. 90. After the 2023 MER, the implementation and enforcement of TFS-PF in line with criterion 7.2 has been largely covered under s29G of the amended ALPA. In accordance with s29G(1) to (5) of the amended ALPA and Chapter 6 of IP-TFS, the deficiencies in 7.2(a), (b), and (e) have been addressed. Chapter 6 of IP-TFS have listed some examples of communicating designation to FIs or DNFBPs and providing guidance to FIs or DNFBPs that may be holding targeted funds or other assets; however it lacks communication mechanism to FIs and DNFBPs. The provision on bona fide third party including those action in good faith is stipulated under r10 of ALPR-TFS and Chapter 6 of IP-TFS. 91. In addition, provisions under 29G of Amended ALPA has not addressed the requirements in criterion c.7.2(c) which requires countries to ensure that any funds or other assets are prevented from being made available by their nationals or by any persons or entities within their territories, to or for the benefit of designated persons or entities unless licensed, authorised or otherwise notified in accordance with the relevant UNSCRs. 12 92. Chapter 6 of IP-TFS have listed some examples of communicating designation to FIs or DNFBPs and. The IP-TFS is specifically designed to provide guidance to government agencies and relevant authorities on the implementation of TFS. It does not provide comprehensive guidance for FIs or DNFBPs that may be holding targeted funds or other assets, however lack of communication mechanism. 93. In relation with adherence to c.7.2(e), s29G(5) ALPA regulates that FI and DNFBPs are required to report to their regulatory body, within three days of executing a freeze. This is also stated under Chapter 6 of IP-TFS “Immediate reporting of assets frozen or actions taken in compliance with the prohibition requirements of the relevant UNSCRs.” Chapter 6 of IP-TFS, aligned with ALPR-TFS (r10) also covers provision of bona fide third party including those actions in good faith (c.7.2(f)). 94. To note, Nepal advises that the IP-TFS is a delegated legislation, which has been approved, by Ministry of Home Affairs, as per Rule 17 of Asset (Money) Laundering Prevention (Freezing of Properties and Funds of Designated Persons, Group and Organization) Regulation 2013 (ALPR) and has been effective per 31 May 2024. It serves as guiding document (supplement existing provisions of ALPA and ALPR) to understand and implement TFS regime by the regulatory agencies and investigative agencies and the private sector-FIs, DNFBPs, VASPs (currently illegal to operate). Overall, the deficiencies in 7.2 have been largely addressed. 95. Criterion 7.3 is mostly met. According to the 2023 MER, the sanctions apply to FI and DNFBPs that violate s29G of the ALPA, which does not include PF activities. 96. Consistent with the ALPA (s29J), ALPR (Rule 9 and Rule 15), concerned regulatory body shall carry out regular and TFS-targeted monitoring, inspections, supervision of whether FIs and DNFBPs have effectively performed their relevant obligations. Sanctions on failure to comply with such laws or enforceable means have been covered by s29K of Amended ALPA. The IP-TFS is issued as a guidance to understand and implement the TFS regime by the regulatory agencies and investigative agencies and the private sectors, as necessary. Chapter 5 of the IP-TFS outlines obligations of monitoring and ensuring compliance done by concerned regulatory body, but there are no specific provisions regarding obligations for FIs and DNFBPs to comply including any provisions related to sanctions for non-compliance. 97. As advised by Nepal that the IP-TFS is a delegated legislation, which has been approved by MoHA and supplement existing provisions of ALPA and ALPR, the procedure serves as guiding document for competent authorities to understand and implement TFS regime. 98. Criterion 7.4 is partly met. Deficiencies identified in the 2023 MER were: (i) the clarity of whether the ALPR-TFS is publicly available; (ii) no provisions that allow the listed persons or entities to petition the Focal Point or allow for informing the designated persons or entities to petition the Focal Point; (iii) unclear procedure for unfreezing false positives and whether it is publicly available; (iv) limitations on provisions relating to de-listing and procedures to communicate de-listing to FIs and DNFBPs; and (v) no other mechanisms for providing clear guidance to FIs or DNFBPs on their de- listing obligations. 99. After the 2023 MER, the de-listing procedure of designated persons and entities is stipulated by s29H of Amended ALPA and r5 of ALPR-TFS which are both public available now, however they do not allow the listed persons or entities to petition the Focal Point or allow for informing the designated persons or entities to petition the Focal Point. MoHA may order property and funds to be unfrozen under r8 of ALPR-TFS which is publicly available now, the verification requirements and procedures for unfreezing false positives is stipulated by Chapter 7 of IP-TFS. However, it is not clear whether the IP-TFS can be accessed publicly or not. Furthermore, MoHA can use a message or email 13 system for communicating to all FIs and DNFBPs of the de-listing notice and implement unfreezing measures in accordance with Chapter 7 of IP-TFS. However, there is no clear guidance regarding the mechanisms for communicating de-listings and unfreezings to FIs and DNFBPs. The deficiencies in 7.4 have been partly addressed. 100. Criterion 7.5 is mostly met. Nepal’s 2023 MER pointed out that Nepal did not permit interest or earnings to accounts frozen pursuant to UNSCR 1718 or 2231 as the deficiency highlighted at criterion 7.2(a) is applicable. Nepal also reported that s29H(5) of ALPA and r10 of ALPR-TFS are applicable for not preventing a designated person or entity from making any payment due under a contract entered into prior to the listing of such person or entity. However, it was not clearly identified nor the prohibitive items demarcated by Nepal in its Rules nor in the ALPA. No specific reference being made to the provisions entailed under Rec 7.5(b) and no time period is mentioned as prior notice being given to UNSC of the intention to make such payment to the payment or release of funds. 101. The issuance of IP-TFS in May 2024, covers provisions with regard to contracts, agreements or obligations that arose prior to the date on which accounts became subject to TFS (Chapter &). It permits the payment to the frozen accounts of interests or other earnings due on those accounts or payments due under contracts, agreements or obligations that arose prior to the date on which those accounts became subject to the provisions of this resolution. It also allows designated persons or entities to make payment provided that the provisions entailed under Rec 7.5(b) (i) to (iii) has been met. MoHA is empowered to make the decision, however IP-TFS has not stipulated the basis or procedures for MoHA to make such decision. The deficiencies in 7.5 have been largely addressed. Weighting and Conclusion 102. Nepal has amended Chapter 6B of ALPA in April 2024 to explicitly include targeted financial sanction for proliferation financing. The process for implementation of the TFS for PF remains unchanged from that described in the MER but is now supported by the TFS-IP. However, freeze order provided to the Review Team is not clear in reference to UNSCRs 1718 and 2231, Nepal did not demonstrate it can issue a freeze order within 24 hours post the UN designation, and the freeze order lacks a prospective clause to cover future changes and amendments to designations. As Nepal does not include a prospective clause in freeze orders, it seems that Nepal is not implementing TFS consistent with the new IP-TFS. The freezing and unfreezing obligations has been covered under Chapter 6B of ALPA, ALPR-TFS and IP-TFS, however Nepal lacks communication mechanism and clear guidance to FIs and DNFBPs on those obligations. Chapter 7 of IP-TFS covers provisions with regard to contracts, agreements or obligations that arose prior to the date on which accounts became subject to TFS, and MoHA is the authority to make the decision, however IP-TFS has not stipulated the basis or procedures for MoHA to make such decision. The deficiencies in R.7 have been partly addressed. 103. Recommendation 7 is re-rated to partially compliant. Recommendation 8 [R8] (Originally rated not compliant) 104. Nepal was rated NC for R.1 in its 2023 MER, which identified that: (i) Nepal did not have a targeted approach to preventing TF abuse of its NPO sector; (ii) no risk assessment of the NPO sector to identify NPOs at risk of TF abuse; (iii) no application of risk-based measures to NPOs identified as being vulnerable to TF. Although, SWC has conducted some monitoring of requirements on foreign NPOs and affiliated domestic NPOs, but this was not risk-based and available sanctions are not fully proportionate or dissuasive. There were major shortcomings in information sharing and investigation of NPOs as well as in responding to international requests. 14 105. Criterion 8.1 is not met. The amendments to the ALPA (s35) require regulatory agencies, investigative agencies, reporting entity and other and other agencies to carry out risk assessment and produce yearly reports in order to identify and update the risks, and agencies that register NPOs, must conduct sectoral and institutional risk assessment (s35D(1)). However, in practice, there has been no update since MER. Nepal has not identified NPOs that are likely to be at risk of TF abuse (c.8.1(a)), the nature of threats posed by terrorist entities to at-risk NPOs (c.8.1(b)), has not reviewed the adequacy of measures related to at-risk NPOs (c.8.1(c)), and has not periodically reassessed the NPO sector to review potential vulnerabilities related to terrorist activities (c.8.1(d)). 106. Criterion 8.2 is partly met. Referring to the 2023 MER, Nepal has some policies/guidelines that promote accountability, integrity and public confidence in the administration and management of NPOs under the Social Welfare Act 1992 (SWC Act) and Social Welfare Regulation 1993 (SWCR). The amendment to the ALPA require the body that registers NPOs to: regulate NPOs and carry out functions to (i) ensure that NPOs at not at risks of abuse for money laundering, terrorist financing and proliferation financing; (ii) provide suspicious information to the FIU; (iii) set up and implement standards of transparency and reliability on the information of who receives benefits from NPOs; (iv) conduct sectoral risk assessment and management; (v) conduct audit on the risks of operations; and (vi) conduct risk-based inspection, supervision or monitoring (s35D(1)); issue instructions regarding the nature of implementing the function on s35D (1) (s35D(2)); undertake action on the non-compliant NPOs in writing (s35D(4)), including give sanctions (fines) to the violation (s35D(5)). 107. Although the above provisions provide for accountability and reliability of NPOs, there is no further evidence showing how the policies promoting accountability, integrity and public confidence in the administration and management of NPOs are being applied to NPOs at risk of TF abuse and whether administrative and management requirements promoting accountability and integrity apply to domestic NPOs that are not affiliated with SWC. The rules under the revised act are underway. The supervisory manual will be revised accordingly and issued, once the rules are passed. 108. In regard to the deficiencies highlighted in c.8.2(b)-(d), the review team has not received any evidentiary proof demonstrating the conduct of targeted outreach and awareness programs have been undertaken, the work with NPOs in developing and refining best practices, and any new mechanisms set up to encourage NPOs conducting transactions via regulated financial channels do not apply to all NPOs. 109. Criterion 8.3 is not met. Up to the Follow-Up report progress deadline of the reporting time on 1 June 2024, the NPO sectoral assessment was yet to be conducted by Nepal, thus, it has not applied risk-based measures to NPOs at-risk of TF. 110. Criterion 8.4 is partly met. Nepal’s 2023 MER noted that the monitoring of registered foreign NPOs and affiliated domestic NPOs by SWC was not risk-based, and sanctions on registered foreign NPOs and affiliated domestic NPOs were not fully proportionate or dissuasive. 111. After the 2023 MER, there is no evidence was shown that Nepal has conducted risk-based monitoring of at-risk NPOs. The Amended ALPA (s35D(5)) outlines that sanction of fine may be imposed up to five hundred thousand rupees for first offense and up to one million rupees if repeated violations are committed by erring NPOs which may include registered foreign NPOs and affiliated 15 domestic NPOs. These sanctions are not fully proportionate or dissuasive, particularly if the NPOs are related to offences of money laundering, terrorist financing and proliferation financing. 112. Criterion 8.5 is partly met. The 2023 MER emphasised that the extent of cooperation, coordination and information sharing among government agencies was unclear given it had been in draft form since 2020. It was also unknown when the NPO Supervision Manual will be implemented. Furthermore, the 2023 MER also identified that it was not clear whether the administrative examination was legally binding and unknown what this examination would include given there is no reference in the ‘Directives for Monitoring, Supervision and Evaluation of Social Organisations and Institutions 2014.’ The access to information related to non-affiliated domestic NPOs was not available during an investigation. The assurance that the information from every agency information is promptly shared with competent authorities to take preventive or investigative action is not known. 113. The Amended ALPA (s35D(1)(b)) states that the regulatory body is mandated to provide suspicious information to the Financial Intelligence Unit regarding offences of money laundering, terrorist financing and proliferation financing, however, the extent of cooperation, coordination and information sharing among government agencies remain undetermined including any procedures or SOPs to support the coordination in practice. To date, The NPO Supervision Manual has yet to be finalized, approved and implemented. 114. Nepal has not demonstrated any updates or new mechanisms on showing that the administrative examination of NPOs done by the SWC and MoHA is legally binding and what this examination would include given there is no reference in the ‘Directives for Monitoring, Supervision and Evaluation of Social Organisations and Institutions 2014.’ 115. Nepal has not provided any information about the access to information related non-affiliated domestic NPOs. There is no further evidence showing updates on information sharing mechanism among competent authorities for preventive or investigative actions. 116. Criterion 8.6 is not met. Referring to Nepal’s 2023 MER, although SWC, MoWCSC and MoHA were identified as the three key authorities to respond to international requests, it was still unclear on: (i) the exact mechanisms under which these authorities are identified, (ii) specific contact points in each authority, and (ii) whether they have procedures to respond to international requests. 117. Since the 2023 MER, Criterion 8.6 analysis remains the same as the MER as no updates were provided by Nepal. Nepal has identified SWC, MoWCSC and MoHA as the three key authorities to respond to international requests for information regarding particular NPOs suspected of TF or involvement in other forms of terrorist support. The AT is unclear on; (i) the exact mechanisms under which these authorities are identified, (ii) specific contact points in each authority, and (ii) whether they have procedures to respond to international requests. Weighting and Conclusion 118. While Nepal has amended the ALPA to support implementation of R.8, major deficiencies identified in the 2023 MER remain including that: (i) Nepal does not have a targeted approach to preventing TF abuse of its NPO sector; (ii) Nepal has not conducted a risk assessment of the NPO sector to identify NPOs at risk of TF abuse and therefore has not applied risk-based measures to NPOs identified as being vulnerable to TF, (iii) No further evidence showing how the policies promoting accountability, integrity and public confidence in the administration and management of NPOs are being applied to NPOs at risk of TF abuse, and (iv) Nepal has major shortcomings in information sharing and investigation of NPOs as well as in responding to international requests. 16 119. Recommendation 8 remains rated non-compliant. Recommendation 10 [R.10] (Originally rated partially compliant) 120. Nepal was rated PC for R.10 in its 2023 MER. Shortcomings included the definition of customer, which did not clearly cover legal arrangements, gaps in the information required to identify BOs of trusts, deficiencies relating to CDD for beneficiaries of life insurance, and relating to tipping- off. Further shortcomings, which were given significant weighting in the MER, related to the ability for FIs to delay verification without it necessary to complete this as soon as practicable, nor that FIs should adopt risk management procedures for utilisation of the business relationship prior to verification. 121. Criterion 10.1 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 122. Criterion 10.2 is mostly met. The 2023 MER noted that the occasional transaction CDD requirement prescribed under r3 ALPR did not include situations where several operations appear to be linked as required under the standards. Furthermore, the ALPA and ALPR did not include a definition of wire transfer and ‘by electronic means’ was not used in connection with wire transfers elsewhere in the ALPA or ALPR. Therefore, the 2023 MER determined fully manual processing of wire transfers that did not have any electronic processing might not be covered. The 2023 MER also determined the requirement to conduct CDD where there was suspicion of ML/TF (s7A(1)(f) ALPA) did not extend to situations where there were existing exemptions or thresholds under the ALPA. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 123. Criterion 10.3 is mostly met. The 2023 MER noted the definition of ‘Customer’ did not clearly cover legal arrangements. As per the MER, the definition of “customer” in r2(b) of the ALPR is "a person or entity” and the definition of “person” in s2(z) of the ALPA is “a natural or legal person”. While the ALPA and ALPR do contain other provisions that anticipate legal arrangements as customers, the legal basis for this remains unclear. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 124. Criterion 10.4 is mostly met. The 2023 MER noted the obligation for FIs to verify that a person purporting to act on behalf of the customer is so authorised and identify and verify the identity of that person did not clearly apply to customers that are legal arrangements. This is the same deficiency as c.10.3 above. The deficiency has not been addressed. 125. Criterion 10.5 is mostly met. The 2023 MER noted there was no explicit requirement to verify identity using the relevant information or data obtained from a reliable source. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 126. Criterion 10.6 is mostly met. The 2023 MER noted the obligation for FIs to obtain appropriate information and details on the objective or intended nature of the business relationships did not clearly apply to customers that are legal arrangements. This is the same deficiency as c.10.3 above. The deficiency has not been addressed. 127. Criterion 10.7 is mostly met. The 2023 MER noted: (i) the obligation for FIs to scrutinise transactions throughout the course of the business relationship to ensure consistency with the FI’s knowledge of the customer, business and risk profile, including source of funds, did not clearly apply to customers that are legal arrangements; and (ii) the obligation for FIs to ensure that documents and information is kept up-to-date by reviewing existing records, particularly for higher risk categories of customers did not clearly apply to customers that are legal arrangements This is the same deficiency as c.10.3 above. The deficiency has not been addressed. 17 128. Criterion 10.8 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 129. Criterion 10.9 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 130. Criterion 10.10 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 131. Criterion 10.11 is mostly met. The 2023 MER noted there was no explicit requirement to identify persons in equivalent or similar positions or via class of beneficiaries. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 132. Criterion 10.12 is mostly met. The 2023 MER identified three deficiencies: (i) no requirements covering beneficiaries that are designated by characteristics, class or other means such that the identity of the beneficiary can be established at the time of payout; (ii) no explicit requirements for verification of beneficiary details obtained under r7(1) ALPR; and (iii) NIA’s Directive 2019 at section 4(3) only provided a general requirement for the insurer to identify the beneficial owner if the insurer suspects that there remains other persons in the transaction, and this does not extend to verification; Furthermore, the MER noted that (iv) the AML/CFT Directive for the Insurance Sector and 22 November 2022 Circular did not extend the requirements under the ALPA or ALPR. 133. Since the 2023 MER, NIA has updated its 2019 Directive. As part of CDD requirements, s4A(1) requires an insurance FI to a) identify and verify the identity of a beneficiary that is a natural person, legal person or legal arrangement; and b) for a beneficiary designated by class, group or institution, obtain sufficient information to ensure the identification of the beneficiary can be made at the time of payout. For both types of beneficiaries, the FI must c) ensure and identify the beneficiary while making a payment of any liability. There is also a requirement to d) take other appropriate measures to identify the beneficial owner or beneficiary. 134. However, there is no explicit requirement to verify the identity of a beneficiary designated by class or by other means at the time of payout. This does not meet the requirements of c.10.12(c) and so the deficiency is not fully addressed. 135. Criterion 10.13 is met. The 2023 MER noted there was no explicit requirement to undertake EDD in high-risk scenarios where the beneficiary is a legal person or legal arrangement, nor to adopt reasonable measures to identify and verify the BO of the beneficiary at the time of the payout in such circumstances. 136. Since the 2023 MER, NIA has updated its 2019 Directive. As part of CDD requirements, s4A(2) requires an insurance FI to include a beneficiary (and the beneficial owner of such a beneficiary) as a relevant risk factor to ensure if EDD is required or not. Section 4A(3) requires that if the beneficiary is a legal person or legal arrangement, the FI should conduct enhanced measures while making a payout of liability, including a requirement to identify and verify the beneficial owner. This applies to all beneficiaries that are legal persons or legal arrangements rather than only those that present higher risk. This exceeds the requirements of c.10.13 and addresses the deficiency. 137. Criterion 10.14 is mostly met. The 2023 MER noted there was no requirement that delayed verification must be completed as soon as reasonably practicable. Furthermore, obligations did not clearly apply to customers that are legal arrangements. Since the MER, s7H(1) of the ALPA has been amended so that verification of identity may be delayed until after establishment of a business relationship as long as it is conducted “as soon as possible within three days maximum after the transaction”. While this closes the deficiency identified in the MER for c.10.14(a) in relation to establishment of a business relationship, it appears that the same delayed verification can also be applied 18 when conducting transactions for occasional customers. Noting that s7H of the ALPA otherwise complies with c10.14(b) and (c), this is considered a minor deficiency. The deficiency with this criterion in relation to customers that are legal arrangements is the same deficiency as in c.10.3, which has not been addressed. 138. Criterion 10.15 is met. The 2023 MER noted that Nepal had no express provision within the ALPA or ALPR to require FIs to adopt risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification. Since the MER, amendment to, s7P(2) of the ALPA provides a new subsection (g2) which requires FIs to have risk management provisions relating to customer identification and verification and compliance with terms and conditions of use of business relationships. While this does not explicitly reference identity verification prior to establishing the business relationship, it does ensure risk management procedures are required across the identification and verification obligations associated with business relationships. This implicitly includes establishment of business relationships and the delayed verification provisions of c.10.14. Therefore, the deficiency identified in the MER is addressed. 139. Criterion 10.16 is partly met. The 2023 MER noted that the risk-sensitive basis for applying CDD measures to existing customers did not include taking into account when previous CDD measures were undertaken and adequacy of data obtained, and obligations did not clearly apply to customers that are legal arrangements. Since the MER, the legal framework remains unchanged. The deficiency relating to customers that are legal arrangements is the same deficiency as c.10.3 above, which has not been addressed. 140. Criterion 10.17 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 141. Criterion 10.18 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 142. Criterion 10.19 is met. No deficiencies were identified in the 2023 MER and the analysis is current. 143. Criterion 10.20 is not met. The 2023 MER noted there were no clear provision(s) under the ALPA, ALPR or other directives to give effect to the requirements of this criterion. There were only general obligations to preserve secrecy and prevent tipping-off under section s44A of the ALPA. Since the MER, s7S of the ALPA has been amended. New subsection (2A) requires that if an FI feels the customer needs to get information about the customer’s identification (after submitting the STR), it shall update the customer identification or verification information. This does not address c.10.20 which is to enable the FI not to pursue the CDD process (to avoid tipping off) and instead to submit a STR. The deficiency identified in the MER is not addressed. Weighting and Conclusion 144. The 2023 MER gave significant weighting to shortcomings relating to timing of verification due to limitations in Nepal’s common identity documentation. Nepal has taken steps to address these shortcomings, although a slight deficiency still remains relating to the delayed CDD verification provisions. Other shortcomings relating to beneficiaries of life insurance policies have been fully addressed. Other deficiencies identified in the MER remain. This includes provisions related to tipping off, occasional transactions occurring via linked operations, manually processed wire transfers and CDD in all situations where there is suspicion. There are also gaps in relation to BO of legal arrangements for identifying persons in similar positions or via classes of beneficiaries and the definition of customer. Overall, there are minor deficiencies for R.10. 19 145. Recommendation 10 is re-rated to largely compliant. Recommendation 15 [R.15] (Originally rated not compliant) 146. Nepal was rated NC for R.15 in its 2023 MER. The 2023 MER identified that Nepal had not assessed its ML/TF risks associated with new technologies or VA/VASPs. Nepal sought to prohibit VA/VASPs; however, the prohibition did not cover all elements of the FATF definitions of VA or VASPs. Nepal took some actions to identify “illegal” VASPs activities. VASPs were not a FI or DNFBP under the ALPA, no preventative measures obligation applied and there was no designated AML/CFT supervisor. Shortcomings in relation outlined in R.6, R.7 and R.37 to R.40 apply. 147. Criterion 15.1 is partly met. As outlined in the MER, FIs are required to identify and assess risk associated with new technology, products/services and delivery mechanisms (s7K(1) ALPA) which has further strengthened amendments to the APLA requiring FIs to update risk-based policies, procedures and action plans as changes to trends, patterns, technology, prevailing laws and risk assessments occur (s7P(5) ALPA). 148. Nepal government agencies are required to conduct a risk assessment annually, including upon identification of risky technologies (s35(1) ALPA). Nepal agencies can leverage information identified and assessed by FIs on new technologies, products/services and delivery mechanisms; however, it is unclear how authorities identify new or developing technology as high risk or not if they do not assess the technology. There is no detailed coverage of new technologies in the 2020 NRA. Nepal is planning to complete an NRA update by January 2025. 149. Criterion 15.2 is met. No deficiencies were identified in the 2023 MER. Analysis in the MER is current with requirements clarified and support by s7P(5) ALPA as discussed above at c.15.1. 150. Criterion 15.3 is partly met. 151. Deficiencies in the MER included the lack of assessment of ML/TF risks emerging from VA activities and operations of VASPs, the absence of a risk-based approach to ensuring that measures to prevent or mitigate ML/TF are commensurate with identified risks and VASPs are not required to take appropriate measures to identify, assess, manage and mitigate their ML/TF risks. Since 2023 MER, Nepal has not identified and assessed the ML/TF risks emerging from VA activities and the activities or operations of VASPs. The 2020 NRA does not include coverage of VA/VASPs and there have been no other risk assessments covering risks associated with VA/VASPs. Nepal is planning to complete an NRA update by January 2025. 152. Under Nepal’s 2024 legal amendments related to the prevention of ML and promotion of business environment, Nepal has prohibited VASPs from providing activities or operations associated with exchanging, transferring, producing, selling, holding, or transacting in virtual assets in Nepal and to persons outside of Nepal (s262A NPC Amended). The punishment for contravening the prohibition on VASPs is confiscation of offence amount and value of assets gained, a fine of claimed amount and up to 5 years imprisonment. This prohibition is derived from Nepal’s monetary policy and foreign exchange control measures and is not informed by a risk assessment of VA/VASPs. However, the prohibition on VA/VASPs does not operate to prevent and mitigate all ML/TF risks associated with VA/VASP activities, for example VA/VASPs that may be operating illegally underground within Nepal. 153. In line with the FATF Methodology, c.15.3(c) is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 20 154. Criterion 15.4 is not applicable. In line with the FATF Methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 155. Criterion 15.5 is partly met. According to the 2023 MER, Nepal undertook some actions to identify natural and legal persons carrying out VASP activities. Further information showing the actions, and the application of appropriate sanctions was needed. Enforcement actions were under Nepal’s previous prohibition on VAs and VASPs under s96 NRB Act. Between the end of the 2023 ME onsite visit and Nepa’s new prohibition on VA and VAPS (s262A National Penal Code 2017) coming into force and effect, Nepal continued to take some enforcement actions related to use of VA under s96 NRB Act. 156. Since the new prohibition on VAs and VASPs (s262A National Penal Code 2017) came into force and effect on 12 April 2024, Nepal has undertaken two investigations, one of which commenced before the due date for document submission this FUR (1 June 2024 FUR). In April 2023, the Nepal Rastra Bank published a paper about the study of the use of virtual assets and virtual currencies which provided critical insights, potential risks and challenges associated with virtual assets in the financial system of the country and beyond. In April 2024, the Nepal Law Commission has undertaken a similar study on the virtual currencies and similar instruments that imparted clues and lacunas in the legal system of the nation. Furthermore, the Nepal Police Cyber Bureau conducts regular surveillance activities on the same matter in the critical locations. These activities in the regulatory and law enforcement areas that Nepal has done, demonstrating Nepal’s commitment in the process of carrying out a comprehensive risk assessment as mandated under the objective number 5.3 of the AML/CFT National Strategy and Action Plan 2024-2028. 157. Nepal's Strategic Plan includes objectives for AML/CFT supervisory agencies to implement risk-based supervision including ‘corrective action’ covering new technology and VAs, and for the Nepal Police to enhance investigative activities (actions related to VA/VASPs are highlighted above). However, the lack of a risk assessment of VAs and VASPs impedes these efforts by Nepal to identify unregistered (prohibited) VAs and VASPs. 158. Criterion 15.6 is not applicable. In line with the methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 159. Criterion 15.7 is not applicable. In line with the methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 160. Criterion 15.8 is not applicable. In line with the methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 161. Criterion 15.9 is not applicable. In line with the methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 162. Criterion 15.10 is not applicable. In line with the methodology, c.15.4 is not assessed when a jurisdiction has decided to prohibit VA/VASPs. 163. Criterion 15.11 is mostly met. Nepal’s 2023 MER noted that deficiencies existed in relation to Nepal’s MLA framework (see R.37 and R.38). As discussed in c.40.20, it was unclear if LEAs could exchange information with non-counterparts. 164. Criterion 15.11 analysis remains largely the same as the MER as no updates were provided by Nepal (minor edits noting the re-rating for R.38 in relation to MLA framework). Nepal can provide MLA on ML, predicate offences and TF relating to VA; however, it is noted that deficiencies exist in 21 relation to Nepal’s MLA framework (see R.37). Extradition on ML, predicate offences and TF relating to VA could be provided with Nepal’s sole treaty jurisdiction of India. LEAs would be required to exchange VA/VASPs information; however, as discussed in c.40.20 it is unclear if LEAs can exchange information with non-counterparts. Weighting and Conclusion 165. FIs are required to assess ML/TF risk relating to new technologies and apply measures to manage and mitigate risks. Nepal has not assessed its ML/TF risks associated with new technologies or VA/VASPs. Nepal has prohibited VA/VASPs; however, this prohibition is derived from Nepal’s monetary policy and foreign exchange control measures and is not informed by a risk assessment of VA/VASPs. Nepal has taken some actions to identify illegal VASPs activities Shortcomings outlined in R.6, R.7 and R.37 to R.40 apply to this criterion. 166. Recommendation 15 is re-rated to partially compliant. Recommendation 19 [R.19] (Originally rated partially compliant) 167. Nepal was rated PC for R.19 in its 2023 MER. The MER determined Nepal FIU advised FIs about weakness in the AML/CFT systems via its website and FIs were required to apply EDD on customers (applies to natural and legal persons but not legal arrangements) from jurisdictions which are “internationally identified as a non-compliance or partial compliant with international standards on prevention of ML/TF”. However, only commercial banks, development banks, finance companies, MVTS and money changers had explicit requirements to apply EDD when called for by the FATF. Furthermore, Nepal did not apply countermeasures. 168. Criterion 19.1 is partly met. The 2023 MER noted that the requirement to take appropriate EDD measures in s7E(1)(c) of ALPA on customers from jurisdictions “internationally identified as a non-compliance or partial compliant with international standards on prevention of ML/TF” did not explicitly apply to jurisdictions for which this is called by FATF. Nor did this clearly apply to customers that are legal arrangements (see above discussion of definition of Customer in c.10.3). 169. While the MER recorded that directives issued by NRB for the banking sector (class A, B and C), money remitters and money changers did explicitly require EDD on customers from countries for which this is called for by FATF, no directives issued to other FIs explicitly did so. Since the 2023 MER, the legal framework remains unchanged. 170. No directives to the other FI sectors have been issued to explicitly impose these requirements. The deficiency relating to customers that are legal arrangements is the same deficiency as c.10.3 above, which has not been addressed. 171. Criterion 19.2 is met. The 2023 MER noted that Nepal did not apply countermeasures proportionate to the risks when called upon by the FATF, or independent of any call by the FATF. Since the MER, s7U(1) of the ALPA has been amended. New subsection (i) states a function, duty and power of regulatory bodies is to issue the necessary instructions or standards regarding the risk assessment to be carried by the reporting entity and monitoring whether it has been followed or not and carry out enhanced customer identification (due diligence) in relation to customers from a country internationally identified as a non-complaint or partial compliant with international standards on money laundering, terrorist financing and proliferation financing or transactions with such customers. s7U(1)(i) means an AML/CFT regulatory body can now issue necessary instructions or standards to FIs relating to requirements on customers (or transactions with customers) from countries internationally identified as non-compliant or partially compliant on ML/TF/PF. While this is a potentially broad list of countries, 22 it includes countries subject to a FATF call for action, thereby enabling Nepal to apply countermeasures when called upon by FATF to do so. It could also include other countries or circumstances, thereby enabling Nepal to apply countermeasures independently of any call by FATF to do so. 172. Furthermore, NRB Directive 14/80 was amended to place a prohibition on banks from opening branches, contact or representative offices in FATF listed countries (including countries subject to a call for action (NRB Directive 14(5)(c)). Banks must also submit a six-monthly report of the number and the types of all customers, the types of account and the balances of those accounts, relating to all customers from FATF listed countries (including countries subject to a call for action). This is done in accordance with other statistical filings by NRB’s licensed institutions (Unified Directives 9(6)). 173. Criterion 19.3 is mostly met. The 2023 MER noted that there were no specific measures in place to ensure that FIs are advised of concerns about weaknesses in the AML/CFT systems of other countries on an on-going basis. Since the MER, s7U(1) of the ALPA (functions, duties and powers of an AML/CFT regulatory body) has been amended. New subsection (m1) states a function, duty and power of regulatory bodies is to regularly publish information on its website about ‘classifications made public by relevant intergovernmental international organisations regarding compliance on money laundering, terrorism financing, proliferation financing and other.’ This provides a measure for Nepal to ensure FIs are advised of concerns about weakness in AML/CFT systems of other jurisdictions on an on-going basis. However, while FIU and NRB have published information on their websites regarding FATF black and grey list countries, none of the other FI supervisors have. The term relevant intergovernmental international organisation is broad enough to cover the FATF. Weighting and Conclusion 174. Nepal has amended the ALPA so that it can apply countermeasures of issuing and monitoring instructions relating to EDD requirements on customers from countries subject to a FATF call for action. This is supported by other existing countermeasures imposed by NRB on banks that prohibit branches, contact or representative offices in FATF countries (including those subjects to a call for action), and require banks to submit a six-monthly report of the number of customers, the types of customers, the types of account and the account balances, in relation to all customers from such countries. 175. However, some shortcomings remain. Explicit requirements to apply EDD to customers from a country subject to a FATF call for action still only apply to the banking, MVTS and money changer sector, but not to any other sectors. Additionally, only the FIU and NRB have published information on their websites regarding FATF grey and blacklist countries. Noting the materiality of the banking sector in exposure to international transactions, these shortcomings are only a minor deficiency. 176. Recommendation 19 is re-rated to largely compliant. Recommendation 22 [R.22] (Originally rated partially compliant) 177. Nepal was rated PC for R.22 in its 2023 MER The MER determined DNFBPs were subjects to the same requirements in the ALPA as FIs. The deficiencies identified in R.10 and R.17 therefore applied. There were also scope gaps for real estate agents and DPMS. For real estate agents, the ALPA only applied to the sale and purchase of a house or land of NPR 10 million (~USD 75,000) or over. In addition, it was unclear whether real estate agents were required to comply with CDD requirements for both buyer and seller. These gaps were compounded by an informal and unregulated real estate sector, in which CDD was not being conducted. For DPMS, the ALPA and AML/CFT directives did not apply to transactions by retailers of precious metals or stones. However, the scope gap was reduced to some extent because of Nepal’s wider prohibition of cash transactions of NPR 1 million (~USD 7,500) in the economy other than when use of cash was reasonably necessitated. 23 178. Criterion 22.1 is mostly met. The 2023 MER identified the following deficiencies: (i) the deficiencies identified in R.10 for FIs also apply to casinos, real estate agents, DPMS, lawyers, notaries, auditors, accounting or other similar professionals, and also TCSPs; (ii) the AML/CFT Directive for real estate agents restricted the application of the ALPA (and CDD requirements) to the sale and purchase of a house or land of NPR 10 million (~USD75,000) or more (s1, directive issued 7 June 2022), this was considered a scope gap and does not comply with the requirements of c.22.1(b); (iii) it was also unclear in the directive whether real estate agents were required to comply with CDD requirements for both buyer and seller. This did not comply with the requirements of c.22.1(b), which require CDD to be conducted at all times on both buyer and seller; and (iv) the IRD AML/CFT directive only applied to importers, distributors, including wholesale traders, but not to retailers of precious metals or stones (s2(c), AML/CFT directive). 179. For c.22.1(b) - A new AML/CFT directive was issued by DoLMA for real estate agents (on 30 May 2024) and requires a real estate agent to comply with the ALPA “while buying or selling real estate of any type and value”. This closes the scope gap identified in the MER, by which sale of purchase of real estate under NPR10 million (USD75,000) was exempt from CDD requirements. The new directive does not explicitly prescribe that the real estate agent must conduct CDD on both buyer and seller. However, this requirement of c.22.1(b) is met due to the broad definitions of transaction and customer in the ALPA (s2(j) and r2(b)). 180. For c.22.1(c), a new AML/CFT directive issued by IRD for DPMS replaces the previous directive in place for the MER. Under the new directive, the requirements of the ALPA apply to importers, distributors, wholesalers, or retailers involved in transactions for precious metals or stones (s2(c), AML/CFT directive). This closes the scope gap identified in the MER. 181. For c.22.1(a)-(e), the deficiencies identified in R.10 still apply. However, as per analysis above, some shortcomings have been addressed and R.10 is now LC. There is no other change to the legal framework and no other deficiencies for c.22.1 (b) and (c). 182. Criterion 22.2 is met. Any deficiencies in the situations set out in c.22.1 apply. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same record keeping requirements as FIs, for which the legal framework is unchanged (R.11 is Compliant). The deficiency identified in the MER is addressed. 183. Criterion 22.3 is met. Any deficiencies in the situations set out in c.22.1 apply. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same PEPs requirements as FIs, for which the legal framework is unchanged and meets all requirements of c.12.1, c.12.2 and c.12.3. The deficiency identified in the MER is addressed. 184. Criterion 22.4 is met. Any deficiencies in the situations set out in c.22.1 apply. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same new technologies requirements as FIs, for which the legal framework is unchanged and meets all requirements of c.15.1 and c.15.2. The deficiency identified in the MER is addressed. 185. Criterion 22.5 is mostly met. Any deficiencies identified in R.17 and in the situations set out in c.22.1 apply. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same reliance on third parties’ requirements as FIs, for which the legal framework is unchanged (R.17 is Largely Compliant). Therefore, the deficiency identified in the MER relating to R.17 remains. 24 Weighting and Conclusion 186. The scope gaps for real estate agents and DPMS have been closed. There have been improvements to R.10, which is upgraded to LC. Only the shortcomings in R.17 remain unchanged, which is a minor deficiency. 187. Recommendation 22 is re-rated to largely compliant. Recommendation 23 [R.23] (Originally rated partially compliant) 188. Nepal was rated PC for R.23 in its 2023 MER. The 2023 MER determined that DNFBPs were subject to the same requirements in the ALPA as FIs. The deficiencies identified in R.18 and R.19 therefore applied. There were scope gaps for real estate agents and DPMS (see R.22 above). 189. Criterion 23.1 is met. The 2023 MER noted the scope gaps for real estate agents and DPMS applied. Since the MER, as per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same STR/SAR requirements as FIs, for which the legal framework is unchanged (R.20 is Compliant). The deficiency identified in the MER is addressed. 190. Criterion 23.2 is mostly met. The 2023 MER noted the scope gaps for real estate agents and DPMS applied, and the deficiencies in R.18 applied. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same internal controls requirements as FIs, for which the legal framework is unchanged (R.18 is Largely Compliant). Therefore, the deficiency identified in the MER relating to R.18 remains. 191. Criterion 23.3 is mostly met. The 2023 MER noted the scope gaps for real estate agents and DPMS applied, and the deficiencies in R.18 applied. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same higher risk countries requirements as FIs, for which R.19 is upgraded to LC (refer analysis for R.19 above). Therefore, only a minor deficiency relating to R.19 remains. 192. Criterion 23.4 is met. The 2023 MER noted the scope gaps for real estate agents and DPMS applied. As per analysis for c.22.1, the scope gaps for real estate agents and DPMS have been closed. DNFBPs are otherwise required to comply with the same tipping off and confidentiality requirements as FIs, for which the legal framework is unchanged (R.21 is Compliant). The deficiency identified in the MER is addressed. Weighting and Conclusion 193. The scope gaps for real estate agents and DPMS have been closed. There have been improvements to R.19, which has been upgraded to LC. Only the shortcomings in R.18 (which is LC) remain unchanged. Overall, the remaining shortcomings are a minor deficiency. 194. Recommendation 23 is re-rated to largely compliant. Recommendation 24 [R.24] (Originally rated partially compliant) 195. Nepal was rated PC for R.24 in its 2023 MER. Major shortcomings in relation to basic and BO information were identified in the 2023 MER, and there were no mechanisms to ensure the misuse of nominee arrangements. There are major shortcomings in relation to dissuasiveness of sanctions. 25 196. Criterion 24.1 is mostly met. The 2023 MER noted that there was no publicly available information on the process for obtaining BO information. Basic information of Associations was obtained during registration but there was no requirement for BO details to be provided except details of its members. It was unclear if information on the creation of associations was publicly available apart from what is already stated in the law. 197. Section 35A of the amended ALPA requires submission of beneficial ownership information at a threshold of 15% of shares or capital. The section further prohibits registration/incorporation/licensing unless this information is submitted to the relevant agency. Section 35A(5) requires the relevant agency makes this information available upon request from Government or Reporting entities. There is also a specification that, for others, “it should be kept in such a way that it is made available as specified.” 198. Whilst the Amended ALPA does specify that the recording of BO information must be done in a way that will be made available in a public form, the operational rules for this, including relevant BO declaration and identification standards, are yet to be produced. 199. Criterion 24.2 is not met. The analysis in the MER is current. Nepal has not undertaken any legal person risk assessment. 200. Criterion 24.3 is partly met. Since the 2023 MER, there is no amendment has been made to the Companies Act. The Amended ALPA does not address deficiencies identified under the criterion 24.3 regarding the public access to the registry information. 201. Criterion 24.4 is partly met. The 2023 MER noted that there was no requirement in the Companies Act to maintain in the index the category of share that are held. Details of shareholders of foreign companies were not required to be maintained. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 202. Criterion 24.5 is partly met. Nepal’s 2023 MER identified that it was unclear whether the requirement of annual updates of the information on directors, and loan amount of directors and members of Cooperatives would require an update of members’ details or just the number of individual divisions of the cooperatives capital. Since the 2023 MER, the legal framework remains unchanged. The deficiency identified in the MER remains. 203. Criterion 24.6 is mostly met. 204. c.24.6(a) and (b): Through amendments under section s35A(1) of the ALPA all legal persons in Nepal as part of the legal person formation/incorporation process must submit to the relevant registrar information on individuals owning 15% or more shares or capital invested (individual, jointly, or in a group, directly or indirectly or through another person) and the ultimate beneficial owner. The legal person itself is required to hold information on the ultimate beneficial owner (s35A(6) ALPA). Beneficial owner is defined in s2(u) with the definition and text of s35A(1) covering the definition of beneficial owner required under the standards. Section 35A(5) of the amended ALPA prescribes maintenance of this information by the registry. However, the Act does not prescribe what information must be provided to and kept by the registrars for the different legal persons in Nepal. Furthermore, under s35A(7), there is a one-year implementation period with current (at the time of commence of s35B) legal person given one year to provide the information to the relevant registrar. For information on the BO that must be maintained by the legal person itself, s35C ALPA requires name, address, legal identity, capacity to be maintained. 26 205. c.24.6(c)(i): Consistent with the MER, Nepal still relies upon information collected by FIs/DNFBPs in the course of implementing CDD requirements, set out in the ALPA and ALPR, to ensure beneficial ownership information can be determined by competent authorities. As discussed above in R.10, amendments to the ALPA have resulted in the upgrade of R.10 and R.22 to LC with key gaps (related to delayed verification) that impacted Nepal’s ability to obtain or determine BO information (through specific CDD measures for legal persons) in a timely manner from FIs or DNFBPs mostly rectified. 206. c.24.6(

1st Follow-Up Report - Mutual Evaluation of Nepal - June 2024 PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue