NNPCL GRC_Due Diligence Processes_Due Diligence Policy.pdf

Full Transcript

NNPC Limited Due Diligence Processes and Procedures

Glossary of Terms
Term/
Abbreviation

Meaning

AML

Anti-Money Laundering

CBN Sanction List

Central Bank of Nigeria Sanction List

CDD

Customer Due Diligence

CFT

Combating the Financing of Terrorism

CHD

Card Holder Data

CV

Curriculum Vitae

CPF

Countering Proliferation Financing of Weapons of
Mass Destruction

EDD

Enhanced Due Diligence

FATF

Financial Action Task Force

FIRS

Federal Inland Revenue Service

CCO

Chief Compliance Officer

GRC

Governance, Risk and Compliance

HR

Human Resource

IDD

Integrity Due Diligence

KYC

Know Your Customer

LOD

Line of defense

MLPPA 2022

Money Laundering (Prevention and Prohibition)
Act, 2022

NNPC

Nigerian National Petroleum Corporation Limited

OFAC

Office of Foreign Asset Control of the US
Department of Treasury

PEPs

Politically Exposed Persons

PIA

Petroleum Industry Act, 2021

TPPA 2022

Terrorism (Prevention and Prohibition) Act, 2022

Page 108 of 347

NNPC Limited Due Diligence Processes and Procedures

1.0

Due Diligence Policy

1.1

Introduction
This Policy sets out NNPC Limited’s (“the Company”) due diligence
processes and provides guidance to the process of assessing, managing,
and reducing potential risks involved in the Company’s association with
employees (pre-employment, and prior to occupying high-risk roles postemployment),

suppliers,

service

providers,

contractors,

distributors,

customers, clients, third-party agents, counterparties, and other relevant
stakeholders. The Policy details the preventive processes put in place by
NNPC Limited, to confirm every relevant fact and information about
prospects.

1.2

Scope and Compliance
This Policy applies to all due diligence activities undertaken by, or on behalf
of NNPC Limited, particularly:


Employees, directors, officers, consultants, contractors, and agents of
NNPC Limited (“Employees”).



Customers and clients of NNPC Limited (“Customers”).



Third-party

service

providers,

vendors,

suppliers,

distributors,

counterparties, business partners, investors, and other relevant third
parties, with whom NNPC Limited intends to assume a business
relationship (“Third parties”).
Strict compliance with the provisions of this policy is obligatory for each
officer, employee, director, and other relevant personnel of the Company.
The manual is notified to all the Company’s personnel.
Page 109 of 347

NNPC Limited Due Diligence Processes and Procedures



Failure to comply with the provisions of this policy may result in civil,
disciplinary, or criminal sanctions against the Company and/or its
employees, as well as damage to the Company’s reputation.

a

1.3

Purpose
The objective of this Due Diligence Policy is to establish the mechanisms
and procedures for conducting due diligence reviews, in compliance with
the MLPPA 2022, TPPA 2022 and other applicable laws and regulations
governing the Company. Such mechanisms and procedures are performed
to assess, analyse, and mitigate the risks involved, if at all, in any business
decision to be undertaken by NNPC Limited.

1.4

Definitions
“Beneficial Owner” is defined as the natural person(s) who ultimately owns
or controls the customer and/or the natural person on whose behalf a
transaction or activity is being conducted and includes at least the
following:


The natural person(s) who ultimately owns or controls a legal entity
through direct or indirect ownership or control over a sufficient
percentage of the shares or voting rights in that legal entity, a
percentage of 5% is sufficient to meet this criterion.



The natural person(s) who otherwise exercises control over the
management of a legal entity.



The natural person who holds the position of senior managing official if,
after having exhausted.
Page 110 of 347

NNPC Limited Due Diligence Processes and Procedures

“Counterparty” means any natural person or legal entity (when there is no
natural person) with whom NNPC Limited engages contractually and, in
particular about NNPC Limited’s financing operations, that receives or
seeks from, or transfers to NNPC Limited any form of financing or support.
Depending on the type of NNPC Limited’s activity, “Counterparty” may be
construed to also cover an entity that otherwise executes, implements,
contributes, or substantially participates in an NNPC Limited business
activity. Examples of Counterparties include Vendors, JV Partners, amongst
others.
“Customer” means individual, and businesses involved in a business of
buying products, goods, or services from NNPC Limited
“Employees” mean full time staff, contract staff, directors, officers, and
agents of NNPC Limited.
“High-risk countries” mean:
a. Countries which are subject to a call for application of counter measures
by the FATF, Transparency International, United Nations or any other
internationally-recognised organization.
b. Countries identified by CBN or other competent authorities as having
strategic deficiencies in their AML, CFT and CPF regimes or posing a risk
to the AML, CFT and CPF regime of Nigeria.
c. Countries under the sanction of the Nigerian Government.
“KYC – Know-Your-Customer” refers to the process of verifying the identity
of your customers, either before or during the time that they start doing
business with you.
“Level 1 Committee” this includes the Board Audit committee and Senior
Management Teams (SMT).

Page 111 of 347

NNPC Limited Due Diligence Processes and Procedures

“NNPC Limited Activity”, according to Section 54 of the PIA means to:


carry out petroleum operations on a commercial basis, comparable to
private companies in Nigeria carrying out similar activities including
exemption to Public Procurement Act, Fiscal Responsibility Act and
Treasury Single Account.



lift and sell royalty oil and tax oil on behalf of the Nigerian Upstream
Regulatory Commission (NUPRC) and the Federal Inland Revenue
Service (FIRS) respectively for an agreed commercial fee and in the case
of profit oil and profit gas payable to the concessionaire, NNPC Limited
shall promptly remit the proceeds of the sales of the profit oil and profit
gas to the Federation less its 30% for management fee and Frontier
Exploration Fund.



carry out test marketing to ascertain the value of crude oil and report to
the Nigerian Upstream Regulatory Commission.



carry out the management of production sharing contracts for a fee,
based on the profit oil share or profit gas share.



engage in the business of renewables and other energy investments.



promote the domestic use of natural gas through development and
operation of large-scale gas utilisation industries.



carry out task requested by the Nigerian Upstream Regulatory
Commission or Nigerian Midstream and Downstream Petroleum
Regulatory Authority on a fee basis and generally engage in activities
that ensure national energy security in an efficient manner, in the overall
interest of the Federation.



carry out such other tasks as may be determined by the Board of NNPC
Limited.

Page 112 of 347

NNPC Limited Due Diligence Processes and Procedures



make NNPC Limited supplier of last resort for security reasons and all
associated costs shall be for the account of the Federation.

“Business Units” mean any other unit engaging with a counterparty
through the procurement of goods, works and/or services for NNPC
Limited’s internal use.
“Politically Exposed Persons (PEPs)” mean individuals who are or have
been entrusted with prominent public functions in Nigeria or in foreign
countries, and people or entities associated with them, and they include:


Heads of State or Government



State Governors



Legislators



Local Government Chairmen



Senior politicians



Senior government, judicial or military officials



Senior executives of State-owned corporations



Important political party officials



Family members or close associates of PEPs



Members of royal families

PEPs also include persons who are, or have been, entrusted with a
prominent function by an international organization including members of
senior management such as directors, deputy directors and members of
the board or equivalent functions and their family members and close
associates.
“Sanctions Lists” means to include the sanctions lists maintained by OFAC,
FATF and CBN Sanctions List etc.
Page 113 of 347

NNPC Limited Due Diligence Processes and Procedures

“High-risk position” means a role with duties that might subject the
employee to be an easy target for collusion, fraud, coercion, thereby running
foul of the MLPPA, TPPA or any other applicable law.
“Third Parties” mean any non-NNPC Limited entity that undertakes
regulated business on behalf of NNPC Limited. They can include third-party
service providers, vendors, suppliers, distributors, counterparties, potential
partners, investors, etc.

1.5

Responsibilities
The responsibility of carrying out due diligence shall rest with the Business
Units/Division, GRC, Senior Management and the Board of NNPC Limited.
At the first line of review (LOD 1), Business Units are responsible for
gathering the information, assessing, disclosing, mitigating and monitoring
the risk. The GRC shall perform second line of review (LOD 2) and act as an
advisory body to the Business Units, management and the Board of
Directors.
Specifically, Business Units shall consult with GRC when risks factors
indicating Medium or High risks (“deal-breaker”) are identified. However,
for low risk identified, GRC shall perform monthly spot checks on the risk
categorization presented by the responsible units for propriety.
GRC shall have responsibilities for implementing this policy and defining,
subject to necessary approval by the Board, the processes, procedures, and
other mechanisms by which this policy is implemented within the
Company.

Page 114 of 347

NNPC Limited Due Diligence Processes and Procedures

The GRC Division shall enforce compliance issues with Regulatory Bodies,
third-parties, laws, and policies within NNPC Limited including
licensing/permits for successful operations within the business space.
It is the responsibility of GRC, to ensure that all business relationships with
NNPC Limited, are subjected to the appropriate risk-related due diligence
process in accordance with this policy.
Chief Compliance Officer:
The Chief Compliance Officer or its equivalent shall be responsible for
overseeing the due diligence review process. The Chief Compliance Officer
or its equivalent shall consult with other stakeholders, as necessary, to
ensure compliance with this Policy and to resolve any issues identified by
the Chief Compliance Officer or his equivalent.
GRC Manager:
The GRC Manager or his equivalent administers the due diligence process
and is responsible for reviewing and analyzing information provided by
employees, customers, and third parties.
The GRC Manager may adopt procedures needed to implement this policy,
coordinate with other relevant units or functions to carry out those
procedures, and where necessary, request additional information or
documents from a prospective employee, customer or third Party.
The GRC Manager shall identify the appropriate level of due diligence by
assessing the risk level (Section 2.1.2) and the presence of any Red Flags, as
defined therein.
After the due diligence process, the GRC Manager shall make
recommendations to the Board Audit Committee, Corporate service units
and Senior Management Team (SMT) to approve or reject the business

Page 115 of 347

NNPC Limited Due Diligence Processes and Procedures

relationship, or where applicable, request for further information from the
employee, customer, or third Party.
Please refer to the Guide on Due Diligence Competencies on page 24.

2.0 Risk Categorisation and Scope of Evaluation

All due diligence should be conducted based on the risk classifications. The
subsequent level of research and due diligence to be conducted shall be
proportionate to the risk presented by the business relationship.

2.1

Risk Classification
The initial and final risk categorization based on the General IDD (Integrity
Due Diligence) and EDD (Enhanced Due Diligence) shall be performed by
LOD 1 and GRC respectively. The risk categories shall be rated as High,
Medium, or Low. The rating of the risk is a careful judgement call based on
research due diligence performed, type of risk identified, prospective
business relationship, possible mitigation measures, context, amongst
Page 116 of 347