1018426 B.C. LTD.
Compliance program
KYC / AML / CFT Policy
November 2023
ANTI-MONEY LAUNDERING AND COUNTER-
TERRORIST FINANCING POLICY
Administrative Information:
Legal name:
1018426 B.C. LTD.
Trade name:
First Canada Limited
Registered address:
3179 East Kent Avenue North, Vancouver BC V5S 4Y1, Canada
Senior Management – Details:
Chief Executive Officer – Albert John Chan Compliance Officer – Kwan Kit Yeung
1018426 B.C. LTD. (the Company) is committed to implementing single global standards shaped by the most effective anti-money laundering and counter-terrorism financing standards available in Canada operated by the Company.
The Company has established an Anti-Money Laundering Program (“AML Program”) for this purpose. The objective of this AML Program is to ensure that any money laundering risks identified by the Company are appropriately mitigated. This means having adequate systems and controls in place to mitigate the risk of the company being used to facilitate any financial crimes. This policy is designed to represent the basic standards of Anti-Money Laundering and Combating Terrorism Financing procedures and standards, which will be strictly complied to by the Company.
Please note that there may be supplementing policies and procedures established in other documents in support of the policy referenced in this document, which the Company may implement from time to time this policy (including any supplementing AML/CFT procedures) will be periodically reviewed, with timely and suitable changes made as the risks of the business evolve over time.
The purpose of this policy is to provide the basic guidelines to the Company’s customers and its employees, irrespective of their location, regarding to essential AML/CFT requirements. To achieve these objectives, and to ensure proper compliance procedures are implemented, the Company will continuously strive to ensure desired senior management oversight, appropriate analysis and assessment of the risks exposed to its customers and work/product types, proper systems for monitoring compliance with emphasis on procedures and communications to be adopted, and regular updates to its employees’ knowledge and efficiency.
CHAPTER 2 - GENERAL PROVISIONS
2.1 HOLDER OF CANADA MSB LICENSE
CHAPTER 3 - MONEY LAUNDERING AND TERRORISM FINANCING OVERVIEW
CHAPTER 4 - ENTERPRISE-WIDE RISK ASSESSMENT
CHAPTER 5 - RISK MANAGEMENT FRAMEWORK
CHAPTER 6 - KNOW YOUR EMPLOYEES
CHAPTER 7 - INTERNAL CONTROL STRUCTURE
CHAPTER 8 - RECORD-KEEPING AND MAINTENANCE OF RECORDS
8.1 PRESERVED DOCUMENTATION 24
CHAPTER 9 - SUSPICIOUS TRANSACTION REPORTING (STR)
-
REPORTING SUSPICIOUS TRANSACTIONS
APPENDIX 1 – PROHIBITED AND HIGH RISK COUNTRY LIST
APPENDIX 2 - PROHIBITED AND HIGH RISK INDUSTRY LIST
APPENDIX 3 - RISK ASSESSMENT REPORT FOR CORPORATE CLIENTS
APPENDIX 4 - RISK ASSESSMENT REPORT FOR INDIVIDUAL CLIENTS
“Account relationship” means the opening or maintenance of an account by the Company in the name of a person (whether a natural person, legal person or legal arrangement);
“AML/CFT” means anti-money laundering and countering the financing of terrorism;
“Authority” refers to FINTRAC;
“Beneficial owner”, in relation to a customer of the Company, means the natural person who ultimately owns or controls the customer or the natural person on whose behalf a transaction is conducted or business relations are established, and includes any person who exercises ultimate effective control over a legal person or legal arrangement in the course of carrying on its business of providing a specified payment service;
“Connected party” –
-
In relation to a legal person (other than a partnership), means any director or any natural person having executive authority in the legal person;
-
In relation to a legal person that is a partnership, means any partner or manager; and
-
In relation to a legal arrangement, means any natural person having executive authority in the legal arrangement;
-
“Customer” or “Client” means a person (whether a natural person, legal person or legal arrangement ("Entity") with whom the Company establishes or intends to establish an account relationship. These two terms can be used interchangeably;
“FATF” means the Financial Action Task Force;
“Legal arrangement” means a trust or other similar arrangement;
“Legal person” means an entity other than a natural person that can establish a permanent customer relationship with
the Company or otherwise own the concerned property;
“Officer” in relation to the Company that is a legal person refers to any director or any member of the committee of
management of the Company;
“STR” means suspicious transaction report;
The phenomenon of money laundering, due to its effects and its globalization, can be witnessed through its destabilizing effect on financial markets; it can affect the credibility of financial institutions, both in their relations with regulators and with society in general. Incidents of money laundering, drug trafficking and terrorism financing have increased in recent years, and the Company is adopting increasingly stringent standards to combat this scourge.
The Company adopts appropriate, sufficient measures aimed to prevent its operations from being used as means to conceal, manage, invest or use any form of money – or other assets – due to illicit activities, or to give the appearance of legality to such activities.
-
To set the minimal standard in establishing the criteria and parameters that the businesses and operations of the Company must follow in terms of the design, implementation and operation of a plan for the prevention of money laundering and terrorism financing.
The Company will implement policies and procedures in order to avoid the use of its operations for criminal purposes, as well as to cooperate with global efforts to prevent money laundering and the financing of terrorism. The procedures and controls detailed in this policy intend to provide the Company’s employee with the knowledge and resources needed to avoid money laundering and terrorism financing.
Chapter 2 - GENERAL PROVISIONS
2.1 Holder of Canada MSB License
The Company is interested in a safe and legal provision and use of its services and for this purpose, cooperates with local, national and international police and law enforcement authorities.
The Company is subject to supervision by the Government of Canada and Financial Transactions and Reports Analysis Centre of Canada (FINTRAC).
Chapter 3 - MONEY LAUNDERING AND TERRORISM FINANCING OVERVIEW
-
Money laundering (ML) refers to the legitimization (‘washing’) of illegally obtained money to hide its true nature or source. ML involves funds being passed surreptitiously through legitimate business channels by means of bank deposits, investments or transfers from one place (or person) to another. Through the laundering process, illegally obtained funds, or crime funds, are given the appearance of having been legitimately obtained.
ML is a method though which criminals disguise the illegal origins of their wealth - protecting their asset bases - as a means of avoiding the suspicion of law enforcement agencies and preventing leaving a trail of incriminating evidence. The act of laundering is committed in circumstances where a person is engaged in an arrangement (i.e. by providing a service or product), and that arrangement involves the proceeds of the crime. These arrangements include a wide variety of business relationships, e.g. banking, fiduciary and investment management.
Interpol defines ML as, “Any act, or attempted act, to conceal or disguise the identity of illegally obtained proceeds (funds) so that they appear to have originated from legitimate sources.”
-
Terrorism Financing (TF) involves providing finance or financial support to individual terrorists or terrorist organisations. A TF risk comprises three factors: threat, vulnerability and consequence.
Threat: This may be a person or a group of people with the potential to cause harm by raising, moving, storing or using funds and other assets (whether from legitimate or illegitimate sources) for terrorist purposes. Threats may include domestic or international terrorist organisations and their facilitators, their funds, as well as past, present and future TF activities, as well as individuals or populations having sympathy towards the terrorist organisations.
Vulnerability: This involve areas that can be exploited by the threat or provide support to terrorist activities. Vulnerabilities may include:
-
features of a particular sector;
-
a financial product or type of service that is easy target for TF;
-
weaknesses in measures specifically meant for TF, or more broadly in AML/CFT systems or controls; or
-
jurisdictions with higher risk of TF and ease of raising or moving funds/assets (e.g. large informal economy, porous borders etc).
Consequence: This relates to the impact of a vulnerability. Consequences are effects resulting from the underlying terrorist activity perpetrated through financial systems and impacting the social fabric of the country. These consequences are usually more severe than for ML or other types of financial crime (e.g. tax fraud etc), causing damage including the loss of lives.
Terrorists may move or transfer funds and assets through various methods, including:
-
using the financial system to transfer funds;
-
relying on systems such as the hawala system in areas with less developed financial system are often employed for multiple small amounts of fund transfers; and
-
using international trade networks to transfer assets.
-
-
Normally, the money laundering process comprises three stages. These stages, while they can be separate and distinct, most frequently occur simultaneously, or often overlap. It all depends on the facilities of the launderers, the requirements of the criminals, and on the robustness, or otherwise, of the regulatory and legal requirements linked to the effectiveness of the monitoring systems of the financial or regulated sector. However, while a convenient way of describing the activity, this three-stage model described below is for reference only, therefore it does not fully exhausted what could actually happen and the Company’s employees are expected to continue to learn from the market.
-
Placement: Placing the criminal funds into the financial system directly or indirectly.
At this stage, illegal funds or assets are initially brought into the financial system. This placement makes the funds more liquid. For example, if cash is converted into a bank deposit, it becomes easier to transfer and manipulate. Money launderers place illegal funds using a variety of techniques, which include depositing cash into bank accounts and using cash to purchase assets.
-
Layering: The process of separating criminal proceeds from their source by using complex layers of financial transactions designed to hide the audit trail and provide anonymity.
To conceal the illegal origin of the placed funds, thereby making them more useful, the funds must be moved, dispersed and disguised. The process of distancing the placed funds from their illegal origins is known as layering. At this stage, money launderers use many different techniques to layer the funds. These techniques include using multiple banks and accounts, having professionals act as intermediaries, and transacting through corporations and trusts. Funds may be shuttled through a web of many accounts, companies and countries in order to disguise their origins.
-
Integration: If the layering process succeeds, integration schemes place the laundered proceeds back into the legitimate economy in such a way that they appear to be normal business funds.
Once the funds are layered and distanced from their origins, they are made available to criminals to use and control as seemingly legitimate funds. This final stage in the money laundering process is called integration. The laundered funds are made available for activities such as investment in legitimate (or illegitimate) businesses or spent to promote the criminals’ lifestyle. At this stage, the illegal money has achieved the appearance of legitimacy.
It should be noted that not all money laundering transactions go through this three-stage process. Transactions designed to launder funds can also be executed in one or two stages, depending on the money laundering technique being used.
If coordinated successfully, money laundering allows criminals to maintain control over their proceeds and ultimately provide a legitimate cover for their source of income. Money laundering plays a fundamental role in facilitating the ambitions of the drug trafficker, the terrorist, the organized criminal, the insider dealer and the tax evader, as well as the many others who need to avoid the scrutiny from the authorities that sudden wealth brings from illegal activities. By engaging in this type of activity, it is hoped that proceeds can be placed beyond the reach of any asset forfeiture.
-
-
There are several reasons why people launder money. These include:
-
Hiding Wealth: Criminals can hide illegally accumulated wealth to avoid its seizure by authorities.
-
Avoiding Prosecution: Criminals can avoid prosecution by distancing themselves from the illegal funds.
-
Evading Taxes: Criminals can evade taxes that would be imposed on earnings from the funds.
-
Increasing Profits: Criminals can increase profits by reinvesting the illegal funds in businesses.
-
Becoming Legitimate: Criminals can use the laundered funds to build up a business and provide legitimacy to this business.
-
-
Social and Economic Consequences of Money Laundering
-
Undermining Financial Systems: Money laundering expands the black economy, undermines the financial system and raises questions of credibility and transparency.
-
Expanding Crime: Money laundering encourages crime because it enables criminals to effectively use and deploy their illegal funds.
-
Criminalizing Society: Criminals can increase profits by reinvesting the illegal funds in businesses.
-
Reducing Revenue and Control: Money laundering diminishes government tax revenue and weakens government control over the economy.
-
Chapter 4 - ENTERPRISE-WIDE RISK ASSESSMENT
An Enterprise-Wide Risk Assessment (EWRA) is intended to highlight the areas where there is an inherent ML/TF risk in the nature of the company’s business and operations as a payment service licence holder. The risk assessment must be carried out having regard to the customers, countries or jurisdictions customers are from or in, the countries or jurisdictions the company has operations in and the products and services, affiliates, transactions and delivery channels of the company. This assessment is essential for determining the systems and controls needed to mitigate the risk of ML and/or TF. The risk assessment will be reviewed at least once every two years or when material trigger events occur. Such material events include (but are not limited to) acquisition of new customer segments or delivery channels or the introduction of new products and services.
The following risk factors have been identified in relation to the business of the Company.
-
The Company pays particular attention to countries, or geographical locations of operation, which our customers and intermediaries are connected to when these locations are subject to high levels of organized crime, increased vulnerabilities to corruption, and inadequate systems to prevent and detect ML/TF. In conjunction with other risk factors, country risk provides useful information regarding potential money laundering risks.
Each jurisdiction has been labelled with its respective risk level. A jurisdiction may be classified as higher risk due to it being subject to sanctions, embargoes or similar measures. It can also be identified by the Financial Action Task Force (“FATF”) as non-cooperative in the fight against money laundering, or identified by credible sources as lacking appropriate money laundering laws and regulations. The jurisdiction is also identified by credible sources as providing funding or support for terrorist activities or having significant levels of corruption, or being a non- transparent tax environment.
The Company does not provide services to legal entities or individuals of jurisdictions which are identified as prohibited countries and will exercise addition controls when providing services to high-risk or non-cooperative jurisdictions by the Financial Action Task Force (FATF).
See Appendix 1 for the list of prohibited and high-risk countries.
-
There is no universal consensus as to which customers pose a higher risk, but, when assessing the customer risk, we consider who our customers are and what they do. We also gather other information that may help us to decide whether the customer is of high risk or not.
Low-risk customers
This category includes the following customers:
-
Customer risk factors:
-
a government entity or a public body in Canada
-
a corporation listed on a stock exchange and subject to disclosure requirements (e.g. either by stock exchange rules, or through law or enforceable means), which impose requirements to ensure adequate transparency of beneficial ownership;
-
an FI incorporated or established outside Canada that is subject to and supervised for compliance with AML/CFT requirements consistent with standards set by the FATF.
-
-
Product, service, transaction or delivery channel risk factors:
-
a pension, superannuation or similar scheme that provides retirement benefits to employees, where contributions are made by way of deduction from wages, and the scheme rules do not permit the assignment of a member’s interest under the scheme; and
-
financial products or services that provide appropriately defined and limited services to certain types of customers (e.g. to increase customer access for financial inclusion purposes).
-
-
Country risk factors:
-
countries or jurisdictions identified by credible sources, such as mutual evaluation or detailed assessment reports, as having effective AML/CFT systems; or
-
countries or jurisdictions identified by credible sources as having a lower level of corruption or other criminal activity
-
Medium-risk customers
This category includes the following customers:
-
Public companies listed on stock exchanges in countries which inadequately apply FATF recommendations;
-
Private companies that are not classified as high-risk; and
-
Any other customer not falling under either high-risk or low-risk category.
In the above cases, 1018426 B.C. LTD. should gather sufficient information to establish whether the customer qualifies to be classified as a medium-risk customer and perform Customer Due Diligence and Identification Procedures.
High-risk customers
This category includes the following customers:
-
Customer risk factors
-
business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic difference between the Company and the customer);
-
legal persons or legal arrangements that involve a shell vehicle without a clear and legitimate commercial purpose;
-
companies that have nominee shareholders or shares in bearer form;
-
cash intensive business;
-
the ownership structure of the legal person or legal arrangement appears unusual or excessively complex given
the nature of the legal person’s or legal arrangement’s business;
-
the customer or the Beneficial owner of the customer is a PEP;
-
customers who are not physically present for identification purposes without legitimate reason;
-
customers convicted for a predicate offence;
-
customers from countries which inadequately apply FATF’s recommendations
-
customers that their nature entail a higher risk of ML/TF
-
any other customer determined by the Company itself to be classified as such.
-
-
Product, service, transaction or delivery channel risk factors
-
anonymous transactions (which may involve cash); or
-
frequent payments received from unknown or un-associated third parties.
-
-
Country risk factors:
-
countries or jurisdictions identified by credible sources, such as mutual evaluation or detailed assessment reports, as not having effective AML/CFT systems;
-
countries or jurisdictions identified by credible sources as having a significant level of corruption or other criminal activity;
-
countries, jurisdictions or geographical areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organizations operation
-
high risk countries identified as such by the FATF
-
In the above cases, the Company should gather sufficient information to establish whether the customer qualifies to be classified as a high-risk customer and perform Enhanced Customer Due Diligence and Identification Procedures (see Chapter 5 VII).
See Appendix 2 for the list of high risk and prohibited industries.
-
The nature of the Company’s business involves transmission of monies and this inherently will result in ML/TF risks. The ML/TF risks increase where transmission of monies is carried out on a cross-jurisdictional basis. A risk-based approach will be adopted to conduct appropriate CDD measures, subject to the risk, on each customer.
The Company will identify its customers and verify the submitted documents using means of Artificial Intelligence by an external third-party vendor, such as Sum & Substance or TESS International.
Chapter 5 - RISK MANAGEMENT FRAMEWORK
As identified above, the major risks of the Company’s business are country risk, customer risk and business activity risk. The nature of the company’s business and the speed with which the transfer of funds can be affected are also factors
that affect the Company’s risk exposure. The Company has identified key risk areas based on which it will accord
appropriate risk ratings to customers. The Company will implement measures to mitigate the risks associated with prospects and customers with higher risk ratings.
The basic elements of the Company’s risk management framework are as follow:
-
The “Know Your Customer” is the most critical process against the Company’s services being used unwittingly to launder money and finance terrorism. Know Your Customer (KYC) is the process of a business identifying and verifying the identity of its customers and their respective profiles. The objective of KYC guidelines is to prevent the Company from being used, intentionally or unintentionally, by criminal parties for money laundering activities. Related procedures also enable the Company’s employees to better understand the customers and their respective financial dealings. This helps the Company’s employees to manage the risks prudently. Compliance with AML, Know Your Customer (“KYC”) and sanctions requirements continues to be a key focus area for management, and the Company is taking all necessary steps and precautions to ensure that all employees are following appropriate compliance procedures to meet the increasing regulatory demands.
The requirement to verify the identity of an individual and confirm the existence of a corporation or of an entity other than a corporation under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and associated Regulations applies to all reporting entities (REs).
KYC controls typically include the following:
-
Collection and analysis of basic identity information (“Customer Identification Program” or CIP)
-
Name-matching against lists of known parties (such as “politically exposed persons” or PEPs)
-
Name-screening against sanctions lists
-
Identification of customers with inappropriate intentions to help to detect suspicious activity in a timely manner, preventing money laundering or terrorist financing
-
Determination of the customer’s risk in terms of propensity to commit money laundering, terrorism
financing, or identity theft
-
Creation of an expectation of a customer’s transactional behaviour
-
Monitoring of a customer’s transactions against expected behaviour and recorded profile, as well as that of the customer’s peers
-
Having a properly defined and practiced KYC Policy
-
Promotion of compliance with all regulations
-
Promotion of safe and sound money transfer practices
-
Minimization of the risk of services being used for illicit activities
-
Protection of the company’s reputation
-
-
Customer due diligence (CDD) forms an integral part of a global effort to combat money laundering, terrorist financing and fraudulent activities. Under this approach, the Company will collect sufficient information upon account opening, as well as on a periodic basis and from time to time, as required, to identify the customers and develop an understanding of their normal, expected financial activities.
Every Customer, including its beneficial owners, connected parties and natural persons appointed to act on behalf of, will be subject to background screening against relevant money laundering and terrorism financing information sources, as well as lists and information provided by the Authority or other relevant authorities in Canada for the purposes of determining if there are any money laundering or terrorism financing risks in relation to the customer.
Business relationships
The Company shall strictly adhere to the regulations and requirements imposed by FINTRAC to identify and verify identity of customers when establishing a business relationship with them. A business relationship is a relationship established between the Company and a client to conduct financial transactions or provide services related to financial transactions. As per definition from FINTRAC, the Company will be considered as entering into a business relationship with a client when one of the following occurs:
-
the Company enters into a service agreement with a client to provide payment services;
-
account opening for a client;
-
when a client does not hold an account with the Company, but conducted accumulatively CAD1,000 or above
financial transaction within 24 hours for which the Company is required to verify the client’s identity.
-
-
The risk level is determined in two steps:
-
A scoring process based on objective or quantifiable criteria, which can be automated or delegated to a KYC team
-
The consideration of qualitative elements requiring an analysis or judgement, as well as consideration of objective factors that are not taken into account at all in the scoring grid calculation, or not fully taken into account in the scoring grid calculation
A customer risk level should then be associated with every customer and determines the level of due diligence related to the information collection, the onboarding or recertification decision process, and the recertification frequency. There are three levels of Due Diligence: Simplified Due Diligence (SDD), Normal Due Diligence (NDD) and Enhanced Due Diligence (EDD).
-
Low risk customers are subject to SDD
-
Medium risk customers are subject to NDD
-
High risk customers are subject to EDD
-
-
An objective risk evaluation system is needed to ensure the Company has a consistent approach to evaluate a customer’s risk and a scoring system is built for this purpose and all businesses and operations should adapt such mechanism when assessing a customer. See Appendix 3 and 4 for the risk assessment for corporate customers as well as individual customers. Depending on the score attained by each customer, the customer will be classified into different risk categories accordingly.
-
As the business environment may evolve overtime both the scores and scoring criteria should also been updated timely to meet the development of the latest AMT/CFT strategy. Therefore the score thresholds stipulated in Appendix 3 and 4 should also been updated when the following occurs:
-
during periodical review of the AML/CFT policy and plan; or
-
when new modus of operandi of money laundering or terrorist financing is identified; or
-
new guideline imposed by FINTRAC
-
-
Individual Account
For a customer that is a natural person, the Company should identify the customer by obtaining at least the following identification information:
-
full name
-
date and place of birth
-
nationality
-
unique identification number (e.g. identity card number or passport number) and document type.
-
residential address
In verifying the identity of a customer that is a natural person, the Company should try the best effort to verify the:
-
genuineness of the provided identification document; and
-
full name, including any aliases, date of birth and identification number match the information on the identification document; and
-
residential address;
by reference to documents, data or information provided by a reliable and independent source, examples of which include:
-
Canada identity card or other national identity card; or
-
valid travel document (e.g. unexpired passport); or
-
a utility bill or statement issued by reliable financial institutions; or
-
other relevant documents, data or information provided by a reliable and independent source (e.g. document issued by a government body)
The identification document obtained by the Company should contain a photograph of the customer. In exceptional circumstances where the Company is unable to obtain an identification document with a photograph, the Company may accept an identification document without a photograph if it is assessed as low risk or the risk can be mitigated through other mechanism.
Corporate Account
Where the customer is a legal person the Company is required to identify and screen all the connected parties of a customer. However, the Company must verify their identities using a risk-based approach. The Company shall identify connected parties and remain apprised of any changes to connected parties. Identification of connected parties may be done using publicly available sources or databases such as company registries, annual reports or based on substantiated information provided by the customers.
The Company shall, identify the connected parties of the customer, by obtaining at least the following information of each connected party:
-
full name, including any aliases; and
-
unique identification number (such as an identity card number, birth certificate number or passport number of the connected party).
In relation to trust and similar legal arrangements, the Company shall perform CDD measures on the customer by identifying the settlors, trustees, the protector (if any), the beneficiaries (including every beneficiary that falls within a designated characteristics or class) and any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust (including through a chain of control or ownership), as required by paragraph 7.14 of the PSN01 Notice.
In verifying the identity of a customer that is a legal person or legal arrangement, the Company should verify the below:
-
name, legal form, proof of existence and constitution based on certificate of incorporation, certificate of good standing, partnership agreement, trust deed, constitutional document, certificate of registration or any other documentation from a reliable independent source; and
-
powers that regulate and bind the legal person or arrangement based on memorandum and articles of association, and board resolution authorizing the opening of an account and appointment of authorized signatories.
-
-
In the case even when customers request for the products or services are assessed to be low risk and onboarding process may not be appropriate, the Company must still strictly adhere the requirements from FINTRAC to exercise SDD to collect the required information, without no need to verify the identity of the customer, for the purpose of record keeping.
Individual Account
Like Normal Due Diligence, the Company should still identify the customer by obtaining at least the following identification information:
-
full name
-
date and place of birth
-
nationality
-
unique identification number (e.g. identity card number or passport number) and document type.
-
residential address
Corporate Account
However, due to the complexity of corporates could bring to the Company it is decided that SDD will not applicable to cooperate customers at this stage.
-
-
Enhanced Customer Due Diligence
The Company applies Enhanced Customer Due Diligence (EDD) to customers categorized under high risk. These customers are subject to additional due diligence in addition to that required for CDD. This higher level of due diligence is required to mitigate the increased risk. Crucial to the integrity of the Company’s EDD process are the reliability of information and information sources, and the type and quality of information sources used, as well as the deployment of properly trained analysts who know where and how to look for information, and how to corroborate, interpret and decide upon results.
What the EDD procedure actually entails is dependent on the nature and severity of the risk. The additional due diligence could take many forms, from gathering additional information to verify the customer’s identity or income source(s), or perhaps an adverse media check. These checks should be relative and proportionate to the level of risk identified, providing confidence that any risk has been mitigated, and that the risk is unlikely to be realized.
Subject to the risk and situation, one or more of the following enhanced customer due diligence (EDD) measures may be taken in order to manage and mitigate the ML/TF risk that is higher than usual:
-
Obtain additional identification documents, data or information from credible and independent source.
-
Gather additional information or documents on the purpose and nature of the business relationship.
-
Gather additional information or documents for the purpose of identifying the source of funds and wealth of the customer.
-
Gather information on the underlying reasons of planned or executed transactions.
-
Increasing the number and frequency of control measures in monitoring customer relationships and/or transactions.
Approval must be obtained from the Company’s board of directors before establishing or continuing an account relationship with the high-risk customer or undertaking any transaction for the high-risk customer. The board of directors shall provide and record written reasons for its decision as to whether to approve or reject a high-risk customer.
-
-
The Company will conduct periodic ongoing monitoring whenever a business relationship is established with a client. Clients of lower risk categories will be subject to less frequent ongoing monitoring while high-risk clients will be subject to enhanced ongoing monitoring.
-
High-risk customers: Every 1 year
-
Medium-risk customers: Every 2 years
-
Low-risk customers: Every 3 years
In addition to the above periodic reviews, existing CDD records should be reviewed upon trigger events. Examples of trigger events include:
-
re-activation of a dormant account.
-
change in the beneficial ownership or control of the account.
-
when a significant transaction is to take place.
-
when a material change occurs in the way the customer’s account is operated.
If an account relationship is established or maintained with a high-risk customer, enhanced monitoring must be undertaken throughout the course of the relationship. The degree and nature of monitoring of the account relationship and transactions undertaken for the customer must be increased accordingly, to help assess whether the customer’s conduct is in any way unusual or suspicious.
The Company will keep records of the measures taken and information obtained from the ongoing monitoring of clients. This includes the processes in place to perform ongoing monitoring, processes in place to perform the enhanced ongoing monitoring of high-risk clients, processes for recording the information and information obtained as a result of ongoing monitoring.
In the event EDD is unable to be performed, the company will not open the account or commence business relationship or perform the transaction. In the event a business relationship is already established, the Company will terminate the business relationship. In addition, the Company and the Compliance Officer will consider making a suspicious activity report in relation to the customer when suspicious elements are observed, including, but not limited to, unwillingness of supporting the EDD assessment.
-
-
Much international attention has been paid in recent years to the risk associated with providing financial and business services to those with prominent political profile or holding senior public office. However, Politically Exposed Person (“PEP”) status itself does not automatically mean that the individuals are corrupt or that they have been incriminated in any corruption.
However, their office and position may render PEPs vulnerable to corruption. The risk increase when the person concerned is from a foreign country with widely known problems of bribery, corruption and financial irregularity within their governments and society. This risk is even more acute where such countries do not have adequate AML/CFT standards.
A domestic PEP is a person who currently holds, or has held within the last 5 years, a specific office or position in or on behalf of the Canadian federal government, a Canadian provincial (or territorial) government, or a Canadian municipal government. Specifically, the person has held the office or position of:
-
Governor General, lieutenant governor or head of government;
-
member of the Senate or House of Commons or member of a legislature;
-
deputy minister or equivalent rank;
-
ambassador, or attaché or counsellor of an ambassador;
-
military officer with a rank of general or above;
-
president of a corporation that is wholly owned directly by Her Majesty in right of Canada or a province;
-
head of a government agency;
-
judge of an appellate court in a province, the Federal Court of Appeal or the Supreme Court of Canada;
-
leader or president of a political party represented in a legislature; or
-
mayor.
A foreign PEP is a person who holds or has held one of the following offices or positions in or on behalf of a foreign state:
-
head of state or head of government;
-
member of the executive council of government or member of a legislature;
-
deputy minister or equivalent rank;
-
ambassador, or attaché or counsellor of an ambassador;
-
military officer with a rank of general or above;
-
president of a state-owned company or a state-owned bank;
-
head of a government agency;
-
judge of a supreme court, constitutional court or other court of last resort; or
-
leader or president of a political party represented in a legislature.
-
In the event a customer or any beneficial owner of the customer is determined to be a PEP or a family member or close associate of a PEP, the Company should consider to end business relationships immediately subject the products and services offered to the customer of requested by the customers. For example, if a PEP customer requested to remit an one-off CAD300 to buy an overseas concert ticket and have the confirmation of the success of purchase then this may be acceptable. In contrast, if the PEP requested to remit CAD300 to buy overseas every day for the next 2 years then it will not be acceptable. Although the remittance is CAD300 in both cases, the second situation is not reasonable therefore the Company must not entertain the request.
In the case, the board of directors decided to onboard the customer or continue the business with the customer even associated with PEP or related persons, the board of directors must document the reasons and the customer must be classified as high-risk customer and is subject to stringent ongoing monitoring.
Chapter 6 - KNOW YOUR EMPLOYEES
There has been a lot of attention regarding ‘Know Your Customers” policies and procedures. In accordance with this, the Company has, indeed, concentrated on identifying its customers. However, the Company believes on doing the same with employees. Financial crime investigators generally agree that 4% of an institution’s workforce has been caught embezzling and never prosecuted.
-
Employee Screening and Integrity of Employee
Employee Screening
The best way to reduce insider abuse is to stop it from happening. It means the mitigation should start during the hiring process, with the Company exercising the same precautions as it does when opening an account. The Company performs due diligence on employees and screens employee names through name screening process, which should include sanction list, negative news and predicate offence, from reliable sources and verifies any information supplied.
Integrity of Employee
Integrity is one of the fundamental values that employers seek in the employees that they hire. Employers, business leaders and employees can benefit from integrity in the workplace. Integrity involves moral judgment and character, honesty and leadership values. Individuals who show integrity in the workplace not only understand right from wrong, but they practice it in all they do. This is beneficial in a business environment, where trustworthy actions set the foundation for successful business relationships.
Counterchecking of Work Completed by Employee
The Company performs occasional spot checks on work done by employee at all levels. Usually, these checks are undertaken by senior management to ensure that the company’s policies and procedures are being followed and everything is in the correct order.
Actions to Help to Get to Know its Employee
-
A criminal conviction search in jurisdictions where it is possible
-
Credit checks
-
Conducting a private investigation, if thought necessary
-
An internet check before they are hired
-
-
Employee Training for the Awareness of AML/CFT
The Company will provide periodical anti-money laundering and countering terrorism financing training to the employees. Employees will be made aware of their own personal legal obligations/responsibilities under the regulations, and that they can be personally liable for failure to report information to the authorities. The Company must ensure sufficient guidance is given to employees to enable them to form suspicion or to recognize when money laundering/terrorist financing is taking place, taking into account the nature of the transactions and instructions that employees are likely to encounter, the type of product or service, and the means of delivery (i.e. face-to-face or remote). This will also enable employees to identify and assess the information that is relevant for judging whether a transaction or instruction is suspicious in the circumstances. The training will be conducted at least once every six months.
The training will be in writing, reviewed and kept up to date. The training program will be delivered and tailored to employees who:
-
have contact with clients such as front-line employees or agents;
-
are involved in client transaction activities;
-
handle cash or funds in any way;
-
are responsible for implementing or overseeing the compliance program.
The training will include the following:
-
AML/CFT laws and regulations, and in particular, CDD measures, detecting and reporting of suspicious transactions;
-
prevailing techniques, methods and trends in money laundering and terrorism financing; and
-
the company’s internal policies, procedures and controls on AML/CFT and the roles and responsibilities of
employees and officers in combating money laundering and terrorism financing.
As and when a new product, services or delivery methods are taken on-board, the Company will conduct a training for all its employees to go through the methodologies, various ML/TF risk associated with the service and the reporting requirements.
In order to ensure that the AML training is given sufficient prominence a register will be kept of all training received by an employee. This is to be regularly updated and will be overseen by the Compliance Officer.
If a meeting with all employees is not possible, the relevant managers/senior team members will ensure that they have a one-on-one training with the employee following which a documented record will be kept.
The company will apply necessary processes and controls for managing instances when an employee is non-compliant with the requirements of the AML/CFT Program. Upon identifying employee being non-compliant, the company will undertake the following steps which include but are not limited to.
-
Additional training
-
Written warnings, suspensions and instant dismissal depending on the degree of non-compliance.
-
-
Essential Training for Employees
Below are essential training contents that must be included in the training:
-
Knowledge of company policies and procedures
-
Learning how to identify suspicious activity and structured transactions
-
Learning procedures for verifying customer identity
-
Familiarity with anti-money laundering policies
-
Knowledge of record-keeping and reporting requirements
-
-
The Company will also conduct an effectiveness review at least once every two years to test the effectiveness of the elements of the compliance program. This is to ensure that the company does not have any gaps or weaknesses within the compliance program and that the company is effectively detecting and preventing ML/TF. This shall be conducted by an internal or external auditor. In the event an internal or external auditor is not engaged, a senior management team officer who has prior working knowledge on AML/CFT will conduct the effectiveness review. The director will report to FINTRAC in writing no later than 30 days after the effectiveness review is completed.
Examples of effectiveness review include:
-
Interviews with those handling transactions to evaluate their knowledge of policies and procedures and related record keeping, client identification and reporting obligations.
-
A review of the company’s criteria and process for identifying and reporting suspicious transactions.
-
A sample of the company’s account opening records followed by a review to ensure that client identification
policies and procedures are being followed.
-
A sample of large cash transactions followed by a review of the reporting of these transactions.
-
A sample of electronic funds transfers followed by a review of the reporting of these transactions.
-
A sample of clients followed by a review to see if the risk assessment was applied correctly.
-
A sample of clients followed by a review to see if the frequency of your ongoing monitoring is adequate.
-
A sample of high-risk clients followed by a review to ensure that enhanced mitigation measures were taken.
-
A review of a sample of records to ensure proper record keeping procedures are being followed.
-
A review of risk assessment to ensure it reflects your current operations.
-
A review of policies and procedures to ensure they are up-to-date with the current legislative requirements.
-
Chapter 7 - INTERNAL CONTROL STRUCTURE
A robust management structure with clearly defined responsibilities for each role is critical to ensure the effectiveness of the Compliance Program. Although the compliance officer is responsible for all AML/CFT matters for the Company the support from the senior management team is also important to ensure the daily AML/CFT operation is running effectively. Below is the AML/CFT management structure.
-
Duties and Responsibilities of the Board of Director
The Board of Directors (BoD) is responsible for setting and approving the business directives in relation to managing ML/TF risks effectively and monitoring the Anti-Money Laundering (“AML”) / Counter Terrorist Financing (“CTF”) framework, including policies, procedures and operations, is properly implemented and executed to address the ML/TF risks identified.
The BoD is responsible for:
-
Approving AML/CFT culture, strategies and framework;
-
Appointing a qualified Compliance Officer to lead the Compliance Program and work with FINTRAC as the central reference point for suspicious transactions reporting;
-
Monitoring the effectiveness and guiding the direction of Compliance Officer.
-
-
Although the Compliance Officer is responsible to implement, execute and oversee the AML/CFT program it will not be successful if it is not incorporated into the overall business operation. Therefore the Chief Executive Officer (CEO) is responsible to ensure the AML/CFT processes are embedded into the daily business operation and work closely with the Compliance Officer to run the program and address any regulatory requirements.
In summary, the CEO is responsible for:
-
Ensuring business processes, procedures and escalation of ML/TF issues comply with the policy and the applicable AML/CTF laws;
-
Updating the Compliance Officer of any control deficiencies and timely implementing appropriate rectification;
-
Supporting ongoing and regular reviews on the customer profile and transaction patterns, ensuring all information on record are up-to-date.
-
-
Duties and Responsibilities of the Compliance Officer
The function of the Compliance Officer does not mean that other employees are exempt from the obligation to detect, and internally report, any unusual operations. The Compliance Officer should be responsible for ensuring the Company AML/CFT program is properly executed while other employees must diligently follow the Company’s functions related responsibilities to the prevention and control of ML/FT risks. For daily operational related matters, the Compliance
Officer, or his/her delegate, should report to the Chief Executive Officer. However, the Compliance Officer should directly report to the Board of Directors to ensure a clear segregation of the duties between business and risk management. In addition, for all major changes and issues, such as change of strategy, policy and major incidents, the Compliance Officer must report to the Board of Directors in order to seek their understanding and approval.
Summarise below the key functions and responsibilities of the Compliance Officer, or his/her delegate:
-
Making sure the business complies with its AML/CFT obligations;
-
Reporting regularly to the board of directors and senior management about how the business is meeting its obligations, including alerting them if the business is not complying.
-
Taking day-to-day responsibilities to ensure the business is legally compliant while being exposed to minimal ML/TF risks;
-
Helping to create, implement and maintain internal policies, procedures and systems for AML/CFT compliance;
-
Being the contact point for the company’s dealing with FINTRAC, for example submitting STR;
-
Addressing any feedback from FINTRAC or internal auditors about how the company is managing its risks or about the AML/CFT Program;
-
Providing periodic training to employees to ensure they are aware of company policies and procedures;
-
Managingthe KYC files of customers and monitors the file completion and integrity of information;
-
Reviewing, approving and signing the Risk Assessment Report;
-
Coordinating the decision process as to whether to onboard a Customer;
-
Preparing and attending the FINTRAC examination which can be on-site or desk examination.
-
The Compliance Officer will hold a sufficiently senior position within the organizational structure in the Company. The Company has ensured that the reporting lines and communication between the employees and the Compliance Officer is effective and efficient to ensure speed, confidentiality and accessibility of information. In case the Compliance Officer has to delegate the daily tasks to other employee, preferable to be senior member of the Company, the Compliance Officer must continue to be accountable for both the performance and all matters related to the AML/CFT program.
Chapter 8 - RECORD-KEEPING AND MAINTENANCE OF RECORDS
Record-keeping is an essential part of the audit trail for the detection, investigation and confiscation of criminal or terrorist property or funds. Record-keeping helps the investigating authorities to establish a financial profile of a suspect, trace the criminal or terrorist property or funds and assist the court to examine all relevant past transactions to assess whether the property or funds are the proceeds of, or related to, criminal or terrorist offences. The Company will maintain customer transactions and other records that are necessary and sufficient to meet the record-keeping requirements under the Compliance Officer and the Authority, appropriate to the scale, nature and complexity of its business.
The Company follows closely to the record keeping guidelines from FINTRAC. The Company will keep records in such a manner that they can be provided to FINTRAC within 30 days of request. The records will be kept in a machine- readable or electronic form. The below records will be kept for at least 5 years.
-
The company will keep the following reports:
-
Reports – a copy of every report sent to FINTRAC
-
Suspicious Transaction Reports
-
Terrorist Property Reports
-
Large Cash Transaction Reports
-
Large Virtual Currency Transaction Reports
-
Electronic Funds Transfer Reports
-
-
Records of large cash transaction of CAD10,000 or more
-
Records of large virtual currency transaction of CAD10,000 or more
-
Records of transactions of CAD3,000 or more
-
When the company receives CAD3,000 or more in funds or an equivalent amount in VC for the issuance of traveller's cheques, money orders or other similar negotiable instruments from a person or entity.
-
-
Records of remitting and transmitting CAD1,000 or more in funds by means other than an electronic funds transfer
-
When the Company transmits CAD1,000 or more in funds at the request of a person or an entity by means other than an electronic funds transfer (for example, by using informal value transfer systems such as Hawalas)
-
-
Records of electronic funds transfers of CAD1,000 or more
-
Records of virtual currency transfers equivalent to CAD1,000 or more
-
Foreign currency exchange transaction tickets
-
Virtual currency exchange transaction tickets
-
Created or received internal memorandums about MSB/FMSB services
-
Service agreement records since the termination date
-
Chapter 9 - SUSPICIOUS TRANSACTION REPORTING (STR)
-
What is a Suspicious Transaction?
A transaction may be of suspicious nature irrespective of the amount involved. A suspicious transaction involves there being reasonable grounds to suspect that the transaction is related to a money laundering offence or a terrorist activity financing offence. Suspicious transactions involve a case of there being any information, suspicion or reasonable grounds to suspect that the asset – which is subject to the transactions being carried out, or attempted to be carried out – has been acquired through illegal means (or used for illegal purposes) and is used, in this scope, for terrorist activities, or by terrorist organizations, terrorists or those who finance terrorism.
Below are the typical patterns of suspicious behaviour related to transaction, customer and employee and are documented for reference. The Company’s operations should make sensible assessment on all situations and timely communicate with the compliance officer when there is doubt.
-
-
Transactions or instructions which have no apparent legitimate purpose and/or appear not to have a commercial rationale, e.g. a customer makes frequently purchases at a high price and subsequently sells at a considerable loss to the same party.
-
Transactions, instructions or activity that involve apparently unnecessary complexity or which do not constitute the most logical, convenient or secure way to do business, e.g. a customer makes multiple small deposits/withdrawals to avoid currency reporting requirements.
-
Where, without reasonable explanation, the size or pattern of transactions is out of line with any pattern that has previously emerged, e.g. the size and frequency of a customer’s trades unexpectedly appear to be large and active while the previous pattern has been small and inactive.
-
Transfers to and from high-risk jurisdiction(s) without reasonable explanation, which are not consistent with
the customer’s declared business dealings or interests.
-
Routing of funds or cryptocurrencies through third party service provider, e.g. cryptocurrency tumbler (also known as cryptocurrency mixing services) by obscuring the transaction details and making it difficult to track their original source.
-
-
-
Where the customer refuses to provide the information requested without reasonable explanation or who otherwise refuses to cooperate with the CDD and/or ongoing monitoring process.
-
Where a customer who has entered into a business relationship uses the relationship for a single transaction or for only a very short period without a reasonable explanation.
-
A customer was introduced by someone or an entity that is based in high-risk jurisdiction(s).
-
A customer uses a bank account, telephone number, or mailing address that is located in high-risk jurisdiction(s).
-
A customer has opened multiple accounts for no apparent business reason.
-
-
-
Changes in employee characteristics, e.g. lavish lifestyles or avoiding taking holidays without reasonable cause.
-
Unusual or unexpected increase in the sales performance of an employee.
-
The employee’s supporting documentation for customers’ accounts or orders is incomplete or missing.
-
The use of an address which is not the customer’s home or office address, e.g. utilization of an employee’s
address for the dispatch of customer documentation or correspondence.
-
In the event the Company faces a suspicious transaction with Reasonable Grounds to Suspect (RGS), the Compliance Officer will at the soonest file a STR with FINTRAC in top priority manner.
APPENDIX 1 – PROHIBITED and HIGH RISK COUNTRY LIST
The FATF identifies jurisdictions with weak measures to combat money laundering and terrorist financing (AML/CFT) in two FATF public documents, black list and grey list that are issued three times a year.
"Black and grey" lists (fatf-gafi.org)
Black list contains jurisdictions which have strategic deficiencies in their regimes to counter money laundering, terrorist financing and proliferation financing. Since the ML/FT risks would be high therefore the Company decided not to service the customers and entities involved in the black list.
As of October 2023, black list consists of 3 jurisdictions:
-
Democratic people’s republic of Korea
-
Iran
-
Myanmar
For all countries identified in the grey list, the FATF calls on all members and urges all jurisdictions to apply enhanced due diligence, and in the most serious cases, countries are called upon to apply counter-measures to protect the international financial system from the ongoing money laundering, terrorist financing, and proliferation financing (ML/TF/PF) risks emanating from the country.
As of October 2023, Grey list consists of 23 jurisdictions:
-
Barbados
-
Bulgaria
-
Burkina Faso
-
Cameroon
-
Croatia
-
Democratic Republic of Congo
-
Gibraltar
-
Haiti
-
Jamaica
-
Mali
-
Mozambique
-
Nigeria
-
Senegal
-
South Africa
-
South Sudan
-
Syria
-
Tanzania
-
Türkiye (Turkey)
-
Uganda
-
United Arab Emirates
-
Vietnam
-
Yemen
In order to distinguish the content in black and grey lists and as well as to facilitate easy communication, the Company has internally named the black list as prohibited list to denote the intention of not to serve customers and activities related to these countries; and named the grey list as high-risk list to ensure all employees are aware the high-risk that these countries may bring to the Company and therefore apply more stringent controls on customers and activities related these countries.
APPENDIX 2 - PROHIBITED AND HIGH RISK INDUSTRY LIST
Customers that are involved in below industries are unacceptable to the Company.
|
Prohibited Industry |
|
Production or trade in radioactive materials and nuclear material |
|
Production or trade in weapons and munitions, arms and defence |
|
Trade in wildlife or wildlife products regulated under CITES |
|
Trading of Animal Fur and Fur products |
|
Unlicensed gaming (incl. Internet, casinos, betting shops) and Gambling, unlicensed casinos and equivalent enterprises: Betting/Horse Racing/Bingo/Sports/Online Betting/Online Casino/Online Poker/Online Gambling/Online Betting |
|
Unlicensed trading in Derivatives/Options/Hedging/FOREX |
The company will have to pay high attention to customers that are involved in the below high risk industries and should always execute enhanced due diligence (EDD) when onboarding them and should be subject to more stringent transaction monitoring criteria.
|
High Risk Industry |
|
Arts and antiques (sculptures, statues, antiques, collector’s items, archaeological pieces) |
|
Auction houses |
|
Casinos |
|
Online gaming |
|
Night clubs |
|
Pawn brokers, microfinance, crowdfunding |
|
Political organizations/Parties |
|
Precious stones & precious metals, uranium |
|
Religious organizations/NGOs or Charities |
|
Trust and offshore company services, domiciliation services |
|
Virtual assets trading including OTC, centralised virtual assets exchange and decentralised virtual assets exchange |
APPENDIX 3 - RISK ASSESSMENT REPORT FOR CORPORATE CLIENTS
|
CLIENT NAME: |
|
|||
|
Risk Parameter |
Details/ Answer |
Description |
Weight (0 to 3) |
Comments |
|
Geographical Risk |
||||
|
Country of Incorporation (low- risk countries)? |
Yes/No |
If the answer is Yes, the score will be 0 |
|
|
|
If answer to above is |
|
If the company is incorporated in a jurisdiction that is sanctioned, the risk will be 3. |
|
|
|
no, what country is |
||||
|
the company |
||||
|
incorporated? |
||||
|
Business Risk |
||||
|
Date of creation |
|
If the company is incorporated less than 1 year ago, the score will be 2. |
|
|
|
Otherwise, the score will be 0 |
|
|
||
|
|
|
If the company has more |
|
|
|
|
than 5% of activities in |
|||
|
|
Major Sanctioned |
|||
|
|
Countries, the score will be |
|||
|
|
3. |
|||
|
|
If the company has less than |
|
|
|
|
Countries of |
5% of activities in |
|||
|
Activity |
Major Sanctioned countries, |
|||
|
|
the score will be 2. |
|||
|
|
If the company has no |
|
|
|
|
|
activities in Major |
|||
|
|
Sanctioned countries, the |
|||
|
|
score will be 0. |
|||
|
Sector of Activity |
|
If the company is in any sectors listed in Appendix 1, the source will be 3. |
|
|
|
Otherwise, the score will be 0. |
|
|
||
|
|
|
If the declared monthly |
|
|
|
|
turnover is above |
|||
|
|
CAD10,000,000, the score |
|||
|
|
will be 3. |
|||
|
|
If the declared monthly |
|
|
|
|
Declared Monthly |
turnover is above |
|||
|
Turnover |
CAD2,500,000, the score will |
|||
|
|
be 2. |
|||
|
|
If the declared monthly |
|
|
|
|
|
turnover is below |
|||
|
|
CAD2,500,000, the score will |
|||
|
|
be 0. |
|||
|
Sanctions |
|
If there are sanctions involved, the score will be 3. |
|
|
|
|
|
If there is at least one |
|
|
|
|
financial security incident in |
|||
|
Financial Security Incidents |
last 5 years, the score will be 3. |
|||
|
|
Otherwise, it will |
|
|
|
|
|
be 0. |
|||
|
Declared Partners |
||||
|
|
|
If the company has partners |
|
|
|
|
with more than 5% of |
|||
|
|
activities in |
|||
|
|
Major Sanctioned |
|||
|
|
countries, the score will be |
|||
|
|
3. |
|||
|
Countries of |
If the company has partners |
|
|
|
|
Activity (Sensitive |
with less than 5% of |
|||
|
Countries) |
activities in Major |
|||
|
|
Sanctioned countries, the |
|||
|
|
score will be 2. |
|||
|
|
If the company has partners |
|
|
|
|
|
with no activities in Major |
|||
|
|
Sanctioned countries, the |
|||
|
|
score will be 0 |
|||
|
Sanctions |
|
If the partners are involved with sanctions, the score will be 3. |
|
|
|
UBO |
||||
|
UBO residence(s) |
|
If the UBO is a resident of Sanctioned country, the score will be 3. |
|
|
|
Presence of PEP |
|
If the UBO is a PEP, the score will be 3. |
|
|
|
Sanctions |
|
If the UBO is involved with sanctions, the score will be 3. |
|
|
|
SUMMARY: |
|
|
|
|
Corporate customers
Based on the current risk assessment, the below are the risk thresholds proposed for the operation used.
-
Low risk: Below 10 points
-
Medium risk: Between 11 to 20 points
-
High risk: Above 21 points
APPENDIX 4 - RISK ASSESSMENT REPORT FOR INDIVIDUAL CLIENTS
|
CLIENT NAME: |
|
|||
|
Risk Parameter |
Description |
Description |
Weight (1 to 3) |
Comments |
|
Country of birth and residency (low- risk countries?) |
|
If the answer is Yes, the score will be 0 |
|
|
|
If answer to above is no, where is the customer born and resides? |
|
If it is a jurisdiction that is sanctioned, the risk will be 3. |
|
|
|
If it is a jurisdiction that is not sanctioned but deemed high risk, the risk will be 2. |
|
|
||
|
Otherwise, it will be 0. |
|
|
||
|
Presence of PEP |
|
If the individual is a PEP, the score will be 3. |
|
|
|
Sanctions |
|
If the individual is involved with sanctions, the score will be 3. |
|
|
|
Negative information/Red flags from Sum & Substance |
|
If yes, Compliance Team to include in comments |
|
|
|
SUMMARY: |
|
|
|
|
Individual customers
Based on the current risk assessment, the below are the risk thresholds proposed for the operation used.
-
Low risk: 0 points
-
Medium risk: 2 points
-
High risk: Above 2 points