AML Act, 2010 PDF

Summary

These are the regulations and guidelines for preventing money laundering and financing of terrorism. They're detailed and specific, outlining procedures for regulated persons, such as securities brokers, to ensure they comply with the act.

Full Transcript

AML ACT, 2010
Saturday, March 18, 2023 3:33 PM

3. OFFENCE OF Money Laundering (xxxi) “property involved in money laundering” means, (xxx) “property” means property or assets of any
Property is proceed of crime regardless of who holds or has held the property, proceeds of description, whether corporeal or incorporeal,
crime, property derived or obtained directly or indirectly from movable or immovable, tangible or intangible,
Acquire, conceal, hold on behalf of 3rd person, participate the offence of money laundering and property used or and includes deeds and instruments evidencing
intended to be used in commission of the offence of money title to, 5 or interest in, such property or assets,
laundering, a predicate offence or a foreign serious offence; including cash and monetary instruments,
wherever located;

(xxvi) “predicate offence” means an offence
specified in Schedule-I to this Act;
4. Punishment for money laundering (xx) “legal person” means companies, associations,
Imprisonement 1 to 10 years & fine 25 million & foundations, partnerships, societies and any other legal xvi) “foreign serious offence” means an offence,—
forfeiture of property person as may be defined in any other law; (a) against the law of a foreign state stated in a
Fine may extend to Rs. 100 million in case of legal certificate issued by, or on behalf of, the
person government of that foreign state; and

(b) which, had it occurred in Pakistan, would have
constituted a predicate offence;

5. NATIONAL EXECUTIVE COMMITTEE
FG shall constitute committee consist of 6. Financial Monitoring Unit
FG shall establish FMU which shall be housed in SBP or at
members
Any other place in Pakistan
NEC shall hold meeting twice a year and
FMU shall have independent decision making authority
responsible for following functions
The FG in consultation with SBP shall appoint a Director General
Make recommendation to FG who shall be a financial sector specialist to head FMU.
He shall exercise all powers and functions of the FMU subject to
○ To make rules and provide guidance for
the administrative oversight of the General Committee.
implementation of Act and framing
Powers and Functions of FMU 7A. Conducting CDD Securities and Exchange Commission of Pakistan (Anti Money Laundering and Countering Financing of Terrorism)
national policy 7. Procedure and manner of furnishing
○ To make rules for determination of Receive CTR and STR from reporting entities and then analyse Regulations, 2020.
After analyzing disseminate to concerned investigating or information by reporting entities.— 1) Every reporting entity shall conduct CDD in the manner as may be prescribed and in accordance with “regulated person” means securities brokers, futures brokers, Insurers, Takaful Operators, NBFCs and Modarabas
offence that may be considered Every reporting entity shall file with FMU
prosecuting agency and thereafter request feedback in the form provisions of this Act in the following matters, namely:- regulated by SECP under the administered legislation;
predicate offence PROMPTLY to the extent and in the manner
of periodic reports or statistics (a) entering into a business relationship;
○ Seek report from competent authorities prescribed by the FMU STR if it has reason that
inlcuding annual report containing Create and maintain database of all CTR and STR (b) conducting an occasional transaction above the prescribed threshold; CUSTOMER DUE DILIGENCE (CDD) AND BENEFICIAL OWNERSHIP
Cooperate financial intelligence unit of other countries involves funds derived from illegal activities (c) where there is a suspicion of money laundering or terrorist financing; or
overall analysis of of STR and CTR is designed to evade any requirements of 8.CUSTOMER DUE DILIGENCE
to represent Pakistan at all international and regional (d) where there are doubts about the veracity or adequacy of previously obtained data.
○ Discuss issues of national importance this Act
organizations
relating to money laundering and has no apparent lawful purpose after (1) The regulated person shall conduct CDD in the circumstances and matters set out in section 7A(I) and 7(E) of the AML Act
financing of terrorism (2) Every reporting entity shall—
examining the available facts, including the (a) identify the customer and verify the customer’s identity on the basis of documents, data or
NEC may constitute one or more sub background and possible purpose of the (2) For the purposes of conducting CDD as required under section 7A (2) of the AML Act every regulated person shall comply with
committes to assign and delegate information obtained from reliable and independent sources; sections 9-25 of these Regulations.
transaction
FG shall constitute General Committee involves financing of terrorism,
consists of members as mentioned schedule III (b) identify the beneficial owner and take reasonable measures to verify the beneficial owner’s identity 9. The regulated person shall: (a) identify the customer; and
(2) Any government agency, autonomous body, on the basis of documents, data or information obtained from reliable sources and be satisfied that it
of this act which perform functions oversight body for SRB, AML/CFT regulatory (b) verify the identity of that customer using reliable and independent documents, data and information as set out in Annex 1.
knows who the beneficial owner is;
authority, domestic or foreign, may share (c) understand and, as appropriate, obtain information on the purpose and intended nature of the
intelligence or report their suspicions within the 10. Where the customer is represented by an authorized agent or representative, the regulated person shall: (a) identify every
(viii) “Competent authorities” means the regulators, business relationship; and person who acts on behalf of the customer, (b) verify the identity of that person in using reliable and independent documents, data
meaning of STR12 or CTR to FMU in normal course (d) monitor the business relationship on an ongoing basis.
oversight bodies for SRBs, the Financial Monitoring Unit and of their business and the protection provided and information as set out in Annex 1; and (c) verify the authority of that person to act on behalf of the customer.
the Investigating or prosecuting agencies as defined in this under section 12 shall be available to such agency,
Act; body or authority. 11. The regulated person shall also identify the beneficial owner and take reasonable measures to verify the identity of the beneficial
7B. Reliance on third parties.18— A reporting entity may rely on third party to perform CDD in the owner by using reliable and independent document, data or sources of information as set out in Annex 1, such that the regulated
ALL CTR shall filed by the reporting entities manner as may be prescribed. person is satisfied that it knows who the beneficial owner is.
immediately but not later than 7 working days
after the respective currency transaction 7C. Record keeping. — Every reporting entity shall maintain a record of all transactions for a period of 12. (I) For customers that are legal persons or legal arrangements, the regulated person shall identify the customer and verify its
6A. AML/CFT regulatory authority 6B. International cooperation by regulators.— The at least five years following the completion of the transaction, and records of account files, business identity by obtaining the following information in addition to the information required in Annex 1: (a) name, legal form and proof of
regulators as specified in clause (1) Schedule IV of Every reporting entity shall keep and maintain all correspondence, documents, of all records obtained through CDD and the results of any analysis existence; (b) the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons
AML/CFT regulatory authority means the regulators and SRBs as this Act shall co-operate with their foreign record related to STRs13 and CTRs filed by it for a undertaken for a period of at least five years following the termination of the business relationship having a senior management position in the legal person or arrangement; and (c) the address of the registered office and, if
specified in Schedule IV counterparts period of at least ten14 years after reporting of different, a principal place of business.
transaction
Power and functions of RA w.r.t Reporting entitites The provisions of this section shall have effect (2) For customers that are legal persons or legal arrangements, the financial institution should be required to understand the nature
licensing or registration of reporting entities; notwithstanding any obligation as to secrecy or of the customer’s business and its ownership and control structure.
Imposing any condition to conduct business to prevent ML 7D. Inability to complete CDD and tipping off.— (1) Where a reporting entity is unable to complete
other restriction on the disclosure of information
Issue regulation, guidelines and directions CDD requirements, it— (a) shall not open the account, commence business relations or perform the 13. (1) For customers that are legal persons, the regulated person shall identify and take reasonable measures to verify the identity
imposed by any other law or written document.
transaction; or shall terminate the business relationship if any ; and (b) shall promptly consider filing a of beneficial owners by: (a) identifying the natural person(s) (if any) who ultimately has a controlling ownership interest (as defined
6C. Oversight Body for SRBs Suspicious Transaction Report in relation to the customer. (2) Where a reporting entity forms a under relevant laws) in a legal person; and (b) to the extent that there is doubt under (a) as to whether the person(s) with the
FG shall appoint an Oversignt body mentioned in clause (2) of Schedule IV suspicion of money laundering or terrorist financing, and reasonably believes that performing the CDD controlling ownership interest is the beneficial owner(s) or where no natural person exerts control through ownership interests, the
process will tip-off the customer, the reporting entity shall not pursue the CDD process and shall file a identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means; and (c) where
POWER AND FUNCTIONS STR no natural person is identified under (a) or (b) above, the identity of the relevant natural person who holds the position of senior
managing official.
make regulations for the SRB
monitor and oversee the SRB 14. For customers that are legal arrangements, the regulated person shall identify and take reasonable measures to verify the
Impose sanctions if SRB fails identity of beneficial owners as follows: (a) for trusts, the identity of the settlor, the trustee(s), the protector (if any), the
7E. Anonymous business relationships and transactions.
beneficiaries or class of beneficiaries, and any other natural person exercising ultimate effective control over the trust (including
21— No reporting entity shall enter into a business relationship or conduct any transaction with a
through a chain of control/ownership); (b) for waqfs and other types of legal arrangements, the identity of persons in equivalent or
customer who is anonymous or provides a fictitious name.
similar positions as specified in (a). (c) Where any of the persons specified in (a) or (b) is a legal person or arrangement, the identity
of the beneficial owner of that legal person or arrangement shall be identified.
7F. Risk understanding.— Every reporting entity shall take appropriate steps to identify, assess and
understand the risks to which its business is subjected to, in accordance with this Act and as
15. An insurer or takaful operator shall: (1) At the time at which the beneficiary of the life insurance policy or takaful is identified or
prescribed.
designated: (a) if the beneficiary is a specifically named natural person, legal person or legal arrangement, obtain the full name of
the beneficiary; (b) if the beneficiary is designated by characteristics, class or other means and is known to the regulated person,
7G. Compliance program.— Every reporting entity shall implement compliance management
obtain sufficient information concerning the beneficiary to satisfy itself that it will be able to establish the identity of the beneficiary
arrangements, including the appointment of a compliance officer at a management level and training
at the time of payout. (2) for both the above cases, verify the identity of the beneficiary at the time of payout.
programs, having regard to the money laundering and terrorism financing risks and the size of the
business during the course of their activities subject to this Act and as prescribed.
16. The regulated person should verify the identify the customer and beneficial owner before establishing a business relationship or
during the course of establishing a business relationship.

7H. Policies and procedures.— Every reporting entity shall implement policies and procedures 17. (1) The regulated person may complete verification of a customer or beneficial owner’s identity after the establishment of the
to ensure their compliance with the provisions of this Act and orders, rules or regulations made business relationship, provided that- (a) this occurs as soon as reasonably practicable; (b) this is essential not to interrupt the normal
thereunder that impose TFS obligations upon reporting entities. conduct of business; and (c) the ML/TF risks are low. (2) The types of circumstances where the regulated person permits completion
of verification after the establishment of the business relationship should be recorded in the CDD policies.
Securities and Exchange Commission of Pakistan (Anti Money Laundering and Countering 18. The regulated person shall adopt risk management procedures concerning the conditions under which a customer may utilize the
Financing of Terrorism) Regulations, 2020. business relationship prior to verification.

4. Risk Assessment - The regulated person shall take appropriate steps in accordance with section 19. Ongoing Monitoring - (1) The regulated person shall conduct ongoing due diligence on the business relationship, including: (a)
7F of the AML Act to identify, assess and understand its money laundering, and terrorism scrutinizing transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are
financing risks for customers, countries or geographic areas and products, services, transactions consistent with the regulated person’s knowledge of the customer, their business and risk profile, including where necessary, the
or delivery channels. The regulated person shall: source of funds; (b) obtaining information and examining, as far as possible, the background and purpose of all complex and unusual
transactions which have no apparent economic or visible lawful purpose. The background and purpose of these transactions shall be
(a) document their risk assessments; inquired and findings shall be documented with a view of making this information available to the relevant competent authorities
when required. (c) undertaking reviews of existing records and ensuring that documents, data or information collected for the CDD
(b) consider all the relevant risk factors before determining what is the level of overall risk and the purposes is kept up-to-date and relevant, particularly for higher risk categories of customers. (2) In relation to sub-regulation (b),
appropriate level and type of mitigation to be applied; customers’ profiles should be revised keeping in view the CDD and basis of revision shall be documented.

(c) keep their risk assessments up to date; (3) The regulated person shall implement the measures as set out in 7D of the AML Act.

(d) categorize its own overall entity level risk as high, medium or low based on the result of risk (4) The regulated person shall comply with the provisions of the AML Act and rules, regulations and directives issued thereunder for
assessment; and reporting suspicious transactions/currency transactions in the context of money laundering or financing of terrorism.

(e) have appropriate mechanisms to provide risk assessment information to the Commission. (5) Where regulated person files an STR with respect to a customer with whom it has an existing business relationship, and if the
regulated person considers it appropriate to retain the customer, then the regulated person shall:- (a) substantiate and document
the reasons for retaining the customer; and

(b) subject the business relationship to proportionate risk mitigation measures, including enhanced ongoing monitoring. (6) The
5. Risk Mitigation and Applying Risk Based Approach - The regulated person shall: basis of deciding whether an STR is being filed or not shall be documented and kept on record together with all internal findings and
analysis done in relation to a suspicion irrespective of the fact that transaction is subsequently reported or not.
(a) have policies, controls and procedures, which are approved by its board of directors, to
enable them to manage and mitigate the risks that have been identified in its own risk 20. Existing Customers – (1) The regulated person is required to apply CDD requirement to its existing customers on the basis of
assessment and any other risk assessment publicly available or provided by the materiality and risk and should conduct due diligence on existing relations at appropriate times, taking into account whether and
Commission; when CDD measures have previously been undertaken and the adequacy of data obtained.
(2) For existing customers who opened accounts with old NICs, the regulated person shall ensure that attested copies of identity
(b) monitor the implementation of those policies, controls and procedures and to enhance documents shall be present in the regulated person record. The regulated person shall block accounts without identity document
them if necessary; and (after serving one-month prior notice) for all withdrawals, until the subject regulatory requirement is fulfilled. However, upon
submission of attested copy of identity document and verification of the same from NADRA or biometric verification, the block from
(c) take enhanced measures to manage and mitigate the risks where higher risks are the accounts shall be removed.
identified.
(3) For customers whose accounts are dormant or in-operative, withdrawals shall not be allowed until the account is activated on
Explanation:- For the purposes of this regulation the expression “risk based approach” the request of the customer. For activation, the regulated person shall conduct NADRA Verisys or biometric verification of the
means applying measures to manage and mitigate money laundering and terrorist customer and obtain attested copy of customer’s valid identity document (if already not available) and fulfill the regulatory
financing risks that are commensurate with the risks identified. requirements.

6.The regulated person may take simplified measures to manage and mitigate risks, if 21. Enhanced Due Diligence (EDD) -
lower risks have been identified. Simplified measures should not be permitted whenever (1) Regulated person shall implement appropriate internal risk management systems, policies, procedures and controls to determine
there is a suspicion of ML/TF. if any customer presents high risk of ML/TF.
The regulated person shall apply EDD where a customer presents high risk of ML/TF including but not limited to the following
circumstances:
(a) business relationships and transactions with natural and legal persons when the ML/TF risks are higher;
7. New Products, Practices and Technologies - The regulated person shall: (a) identify and (b) business relationships and transactions with natural and legal persons from countries for which this is called for by the FATF;
assess the ML and TF risk that may arise in the development (c) PEPs and their close associates and family members.

(2) EDD measures include but shall not be limited to the following measures: (a) Obtaining additional information on the customer
(e.g. volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification
data of customer and beneficial owner;
(b) Obtaining additional information on the intended nature of the business relationship;
(c) Obtaining information on the source of funds or source of wealth of the customer;
(d) Obtaining information on the reasons for intended or performed transactions.
(e) Obtaining the approval of senior management to commence or continue the business relationship; (f) Conducting enhanced
monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of
transactions that need further examination.

(4) In relation to 21(1)(c), the regulated person shall implement appropriate internal risk management systems, to determine if a
customer or a beneficial owner is a PEP or a close associate or family member of a PEP, both prior to establishing a business
relationship or conducting a transaction, and periodically throughout the course of business relationship. The regulated person shall
apply, at minimum the following EDD measures: (a) obtain approval from senior management to establish or continue a business
relationship where the customer or a beneficial owner is a PEP, close associate or family member of a PEP or subsequently becomes
a PEP, close associate and family member of a PEP; (b) take reasonable measures to establish the source of wealth and the source of
funds of customers and beneficial owners identified as a PEP, close associate or family member of a PEP; and (c) conduct enhanced
ongoing monitoring of business relations with the customer or beneficial owner identified as a PEP, close associate and family
member of a PEP.

23. Simplified Due Diligence - (1) The regulated person may apply SDD only where low risk is identified through adequate analysis
through its own risk assessment and any other risk assessment publicly available or provided by the Commission in accordance with
section 6 of these regulations and commensurate with the lower risk factors. (2) The decision to rate a customer as low risk shall be
justified in writing by the regulated person. (3) SDD measures include the following measures: (a) Verifying the identity of the
customer and the beneficial owner after the establishment of the business relationship; (b) Reducing the degree of on-going
monitoring and scrutinizing transactions, based on a reasonable monetary threshold as prescribed or as set out by the Commission;
(c) Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the
business relationship, but inferring the purpose and nature from the type of transactions or business relationship established. (4)
The regulated person shall not apply any simplified CDD whenever there is a suspicion of money laundering or terrorist financing.

24. Reliance on Third Parties - (1) Any regulated person may rely on a third party to conduct CDD on its behalf as set out in provisions
8-23 of these regulations, provided that the regulated person shall- (a) remain liable for any failure to apply such indicated CDD
measures above; (b) immediately obtain from the Third Party the required information concerning CDD; (c) take steps to satisfy itself
that copies of identification data and other relevant documentation relating to CDD requirements will be made available from the
third party upon request without delay; (d) keep that copies of identification; and
(e) satisfy itself that the Third Party is supervised by an AML/CFT regulatory authority or an equivalent foreign authority and has
measures in place for compliance with AML Act obligation of CDD and record keeping. (2) Where a regulated person relies on a third
party that is part of the same corporate group, the regulated person may deem the requirements of subsection 24(1) to be met if:
(a) the corporate group applies CDD and record-keeping requirements in accordance with the AML Act and its associated
regulations; (b) the implementation of the requirements in paragraph (a) is supervised by an AML/CFT regulatory authority or an
equivalent foreign authority; and (c) the corporate group has adequate measures in place to mitigate any higher country risks. (3) In
addition to subsection 24(1), when determining in which country a third party may be based, the regulated person shall have regard
to available information on the level of country risk (4) Notwithstanding any reliance upon a third party, the regulated person shall
ultimately remain responsible for its AML/CFT obligations, including generating STRs and shall carry out ongoing monitoring of such
customer itself.

TFS Obligations
25. (1) The regulated person shall undertake TFS obligations under the United Nations (Security Council) Act 1948 and/or Anti-
Terrorism Act 1997 and any regulations made there under, including: (a) develop mechanisms, processes and procedures for
screening and monitoring customers, potential customers and beneficial owners/associates of customers to detect any matches or
potential matches with the stated designated/proscribed persons in the SROs and notifications issued by MoFA, NACTA and MoI. (b)
If during the process of screening or monitoring of customers or potential customers the regulated person finds a positive or
potential match, it shall immediately: i. freeze the relevant funds and assets without delay the customer’s fund/ policy or block the
transaction, without prior notice if it is an existing customer in accordance with the respective SRO. ii. prohibit from making any
funds or other assets, economic resources, or financial or other related services and funds in accordance with the respective SRO iii.
Reject the transaction or attempted transaction or the customer, if the relationship has not commenced.
(c) In all cases referred to in (b), the regulated person shall file a suspicious transaction report to the FMU in case that person is
designated under United Nations Security Council Resolutions, or proscribed under the Anti-Terrorism Act, 1997 and simultaneously
notify the Commission in the manner as may be instructed from time to time by the Commission. (d) implement any other obligation
under the AML Act 2010, United Nations (Security Council) Act 1948 and Anti-Terrorism Act 1997 and any regulations made there
under. (2) The regulated person is prohibited, on an ongoing basis, from providing any financial services to proscribed/ designated
entities and persons or to those who are known for their association with such entities and persons, whether under the proscribed/
designated name or with a different name. The regulated person should monitor their business relationships with the entities and
individuals on a continuous basis and ensure that no such relationship exists directly or indirectly, through ultimate control of an
account and where any such relationship is found, the regulated person shall take immediate action as per law, including reporting
to the FMU. Explanation:- For the purposes of this section the expression associates means persons and entities acting on behalf of,
or at the direction, or for the benefit, of proscribed/ designated entities and individuals that may be determined on the basis of
appropriate screening of sanctions lists, disclosed nominee/beneficiary information, publicly known information, Government or
regulatory sources or reliable media information, etc