NNPC Limited Due Diligence Processes & Procedures PDF

Summary

This document outlines NNPC Limited's due diligence processes. The document covers an array of topics including general integrity review, beneficial ownership, sanctions, and identifying politically exposed persons. It also delves into contingency measures for business relationships.

Full Transcript

3.0 Due Diligence Focus
3.1

General Integrity Due Diligence
Every due diligence conducted by NNPC Limited shall include a Level A
general integrity review (as explained in Section 2.2) of any counterparty or
customer in accordance with recognized KYC principles. Such general
integrity review shall comprise the following non-exhaustive areas:
i.

Beneficial Ownership and Business Rationale: Any counterparty or
beneficial owner(s) shall be identified, and the identity verified through
reliable and independent sources. In addition, reasonable measures
shall be taken to assess the purpose and economic rationale of the
counterparty’s dealings with NNPC Limited. This will be done to
determine that NNPC Limited is conducting business with a credible
counterparty to prevent involvement with structures or networks set
up for the money laundering, financing terrorism, tax evasion, or any
other illegal activity.

ii.

Sanctions: Sanctions imposed against individuals and entities involved
in fraud, corruption, terrorism, human rights violations, money
laundering, terrorist financing, tax evasion amongst other things, shall
be reviewed. The purpose of the review is to identify whether a
counterparty, beneficial owner, or any member of the board of
directors or senior management of the counterparty, are included on a
sanctions list.

iii.

Criminal charges: All reasonable measures shall be taken to identify any
criminal charges or convictions as well as ongoing investigations for
serious wrongdoings, including but not limited to prohibited practices,
offences related to labour laws, taxation or social security contributions,
professional misconduct, human rights violations or conduct related to
Page 123 of 347

NNPC Limited Due Diligence Processes and Procedures

a criminal organization by the counterparty, a beneficial owner, or any
member of the board of directors or senior management of the
counterparty or a beneficial owner.
iv.

Politically Exposed Persons (PEPs): All reasonable measures shall be
taken to identify any Politically Exposed Persons linked to the
counterparty or the relevant NNPC Limited activity.

v.

Contingency Measures: NNPC Limited shall, from the outset of any
business relationship, forecast how long the relationship may possibly
last, and map out contingency plans on exit therefrom. This review will
consist of identifying exit risk indicators and assessing possible
contingency measures. The purpose is to determine that the risks that
may have a negative operational, legal and financial impact on NNPC
Limited, are identified on time.

The above assessment shall identify red flags, if any, and may then prompt
the need for enhanced due diligence measures.
Refer to sections 2.2, 2.3 and 2.4 below, for the details of the procedures for
performing employee due diligence, customer due diligence and thirdparty due diligence.
3.1.1

Regulations
Depending on the type and nature of the specific NNPC Limited activity
being considered, relevant regulatory compliance areas shall be assessed,
as well as the internal policies and controls of any counterparty.
Regulations
S/N
1.

Description
AML/CFT

Page 124 of 347

NNPC Limited Due Diligence Processes and Procedures

Regulations
Any counterparty’s regulatory and/or compliance history shall be
assessed, including any incidents of weak controls or poor
implementation of AML/CFT systems, and the counterparty’s
response to questions related to AML/CFT. Recommendations from
FATF shall be taken into consideration in the assessment.
2.

Policies and safeguards
Depending on the nature and type of NNPC Limited activity with
the counterparty, the safeguards, policies, and procedures of the
counterparty should be reviewed and assessed to ensure
compatibility with relevant policies.

3.1.2

Risk Classifications
Following the general integrity review described above, the Business Units,
as the first line of defense, shall assess the risk arising from any identified
risk indicator or gap in information in accordance with section 2.1 above.
The Business Units are responsible for keeping record of the identified risk
indicators, any mitigating measures undertaken, and the conclusions
reached. The Business Units shall keep these records for a period between
5 to, and in the designated formats and systems, as established internally in
coordination with GRC.
Mitigating Measures
In the event of an identified risk, the following non-exhaustive mitigating
measures could be applied:

Page 125 of 347

NNPC Limited Due Diligence Processes and Procedures



Inclusion of relevant contractual obligations or representations and
warranties in the agreement with the Counterparty.



Revision of relevant internal policies of the Counterparty.



Reporting or audit requirements.



Additional AML/CFT controls to be put in place by the Counterparty.



Possible removal of individual(s) from decision-making process related
to the NNPC Limited activity.


3.1.3

Engaging multiple counterparties.

Enhanced Due Diligence
If the integrity review in accordance with Section 2.1.2 indicates a Medium
Risk, an EDD review shall be carried out by the GRC team or an external
provider. The same applies if there are weighty justifications for proceeding
with a counterparty, despite an indication of High Risk in the initial IDD
review.
The scope of EDD shall be determined on a case-by-case basis and consists
of gathering additional information regarding the identified risk indicators.
Additional information regarding the relevant risk indicator(s) shall be
collected amongst others, by requesting information directly from the
counterparty, requesting information from independent sources and/or
through an external service provider with relevant expertise, or by reviewing
the counterparty’s anti-corruption or KYC-related policies.
Once the EDD is completed, the risk shall be re-assessed, and a final risk
rating shall be established. The final Risk Rating may be Low, Medium, or
High (as described in Section 2.1). If the final risk rating is determined as
High/Medium after EDD, the Counterparty may be required to introduce
measures to avoid, minimize or manage the risks and/or NNPC Limited shall

Page 126 of 347

NNPC Limited Due Diligence Processes and Procedures

ensure inclusion of relevant clauses to minimize its exposure to the
counterparty.

3.2

General Integrity Due Diligence
Pre-employment screening and post-employment screening are to be
carried out on potential or current employees of NNPC Limited.

3.2.1

Pre-employment Screening
For recruitment into NNPC Limited, pre-employment screening is to be
performed. To perform this screening for potential or new employees, the
following must be provided:
i.

Proof of the identity through a valid identification document such as
international passport, national identity number, driver’s license.

ii.

Proof of academic qualification by requesting to sight original copies
certificates or other academic records.

iii.

Proof

of

work

experience,

evidenced

by

a

well-documented

Resume/CV or other references or referee reports.
Prior to hire or confirmation, potential, new or current employees as the
case may be, are to be subject to satisfactory reference, background,
integrity and criminal records checks by the Company’s HR function (Level
A). These checks may be outsourced to an external provider.
For employment into high-risk positions within NNPC Limited, more
stringent checks or full background checks (Level B or C) to confirm
whether such persons have been subjects of regulatory, court or legal
actions, has criminal records, or lived in high-risk countries, shall be
conducted to prevent future public scrutiny or damage to the Company’s
reputation.
Page 127 of 347

NNPC Limited Due Diligence Processes and Procedures

3.2.2

Promotions
For existing employees being considered for promotion to high-risk
positions, promotion into management cadre within the Company, NNPC
Limited shall also apply similar stringent checks (due diligence recertification).
Employees are to immediately notify the HR function of any changes to the
details submitted in the course of their employment.

3.3

Customer Due Diligence (CDD)
Based on information provided by the customer as well as the information
obtained from other available sources during compliance checks (general
integrity review), existing or prospective customers of NNPC Limited are
classified into one of three categories, depending on the assessed level of
risks possibly associated with business relationship with such customer –
Low Risk, Medium Risk and High Risk. The basis of risk-classification is as set
out at section 2.1 above.
Enhanced due diligence must be conducted on all customers identified as
medium to high risk prior to any business transaction. This will include, but
is not limited to, verification of the nature and purpose of the business, riskbased identity checks and watchlist screening of owners and directors,
amongst others.
Due diligence should be conducted for customers in existing contracts
throughout the relationship with the customer once in two years. Higherrisk customers may be recertified more frequently and on a need basis.
Where a relevant person notices any suspicious conduct or has reasonable
cause to believe that a potential client is engaging in money laundering or
Page 128 of 347

NNPC Limited Due Diligence Processes and Procedures

terrorist financing and the business connection has not yet developed, an
internal disclosure must be made. The rule applies regardless of the kind of
potential customer.
For new business relationships or frequent transactions, the relevant unit
should establish, record, maintain and operate procedures and controls in
respect of new customers or occasional transactions which cover the
following:


identifying the customer.



verifying the identity of the customer using reliable, independent source
documents, data or information.



verifying the legal status of the customer using reliable, independent
source.

obtaining information on the nature and intended purpose of the business
relationship; and take reasonable measures to establish the source of
funds.

3.4 Third Party Due Diligence
NNPC Limited may be held liable for the acts of their counterparties, other
third parties or entities that has some form of business relationship with the
Company. Therefore, before commencing business relationships with third
parties, NNPC Limited shall conduct due diligence on that potential third
and

shall take active steps to ensure that potential corruption risks

associated with the business relationship are responsibly evaluated and
subsequently managed. This policy sets out the minimum required due
diligence procedure for doing business with certain third-party service
providers and suppliers.
Page 129 of 347