The IFSCA or International Financial services centres authority, issued IFSCA (Anti Money Laund...
The IFSCA, or International Financial Services Authority, is established by the Government of India to regulate international financial services centres in India. It is a financial centre that helps customers located outside of the domestic economy. Henceforth, it is known as an offshore financial centre as it deals with financial products and services across borders. To regulate the financial services in the jurisdiction, the IFSCA authority has issued detailed guidelines on anti-money laundering or counter-terrorist financing for regulated entities, which is discussed in brief in this article.
The guidelines on anti-money laundering or counter-terrorist financing shall become enforceable from the date of its publication. Further, the provisions of the guidelines shall apply to:
The guidelines provide the below-mentioned duties for regulated entities:
The guidelines on anti-money laundering or counter-terrorist financing define risk-based approach and risk assessment. A Risk-Based Approach (RBA) enables the regulated entities to assess and identify the potential ML and TF risks to which the regulated entities are exposed. The risk of regulated entities varies with the nature of the business and exposure or involvement with the clients, geographic areas, countries, services, products, transactions, delivery channels etc. In contrast, the Risk Assessment shall be appropriate to the nature and size of the business. The regulated entity shall consider all the risk factors before finalising overall risk and implementing RBA. Henceforth, based on the risk assessment, the regulated entity shall apply appropriate and effective measures to monitor, manage and mitigate the risk to which it is exposed.
The regulated entity shall also identify and assess the ML and TF risks associated at an enterprise level. It includes a consolidated assessment of risk that exists across all business units, delivery units and product lines. It is required that the decision of the risk assessment shall be documented properly.
Further, the risk assessment result shall be graded as low, medium and high. The principle behind grading the result is to apply enhanced measures in the case of high-risk customers and simple measures in the case of low-risk customers.
Moreover, the Regulated entity shall remain updated with its risk assessment. It must review its risk assessment at least once in every 2 years or when any material trigger event occurs. The result of the risk assessment review shall be supplied to the governing body or to the committee to whom the powers are delegated.
The guidelines on anti-money laundering or counter-terrorist financing determine business risk assessment and customer risk assessment. It further explains the procedure of assessment which is discussed in brief below:
The business risk assessment helps the regulated entity identify the risk associated with money laundering (ML) and terrorist financing (TF). It enables the entity to frame appropriate measures to protect its business from being used for ML or TF risk. The result of the business risk assessment shall be used to understand its own vulnerabilities to the risks and prepare the necessary plan to mitigate such risks. The regulated entity shall take suitable steps in identifying the nature, size and complexities of its business activities and take necessary steps in identifying anti-money laundering or counter-terrorist financing risks. The regulated entity must consider the following factors while identifying and assessing the risk:
The regulated entity must identify and assess the ML and TF risks that may arise due to the following:
Moreover, the regulated entity must undertake a risk assessment before launching or using such practices, products or technologies and shall take measures to mitigate those risks.
Further, the anti-money laundering or counter-terrorist financing systems and controls shall correspond with the money laundering and terrorist financing risk identified through enterprise-wise risk assessment. The senior management shall approve the Anti-Money Laundering or Counter-Terrorist Financing policies, controls and procedures. Further, its implementation shall be constantly monitored by the regulated entity.
The risk identified while assessing the business risks shall be used for customer risk assessment. The Regulated Entity shall:
However, the risk assessment shall be completed before undertaking customer due diligence for new and existing customers.
The guidelines on anti-money laundering or counter-terrorist financing further state that the regulated entity shall, at the time of risk assessment, undertake the following activities:
Further, the regulated entity shall determine the other relevant factors that determine the high or low ML or TF risks in relation to customer risk, products, services, transactions, and delivery channels.
Moreover, the guidelines on anti-money laundering or counter-terrorist financing mandate that the regulated entity shall not maintain any business relationship with the customer in the following cases:
The guidelines on anti-money laundering or counter-terrorist financing require the regulated entity to undertake customer due diligence.
The result of the Anti-Money laundering or Counter-terrorist financing risks assessment determines the degree of customer due diligence that needs to be undertaken. Further, if any information obtained from customer due diligence alters the rating risk of a customer, then such change shall reflect in its CDD.
The regulated entity shall undertake CDD at the time of:
Moreover, the regulated entity shall undertake CDD when:
The regulated entity shall establish a business relationship with the customer before verification. The verification shall be completed in 30 business days after establishing a business relationship. However, if the regulated entity is not able to comply with the 30 business days, then it shall do so before the end of 30 days by:
Suspension and termination: The regulated entity shall suspend or terminate the business relationship with the customer if the verification remains uncompleted for 30 days or 120 days after establishing the business relationship.
The guidelines on anti-money laundering or counter-terrorist financing state the following requirements for undertaking customer due diligence:
The regulated entity must implement an internal risk management system, procedures and policies for anti-money laundering or counter-terrorist financing to identify if any customer, natural person or beneficial owner of the customer is appointed as politically exposed person (PEP) and further ascertain their source of wealth through appropriate means.
The regulated entity conducts enhanced due diligence when Money laundering (ML) or Terrorist Financing (TF) risk is high. It shall be applied depending on the customer’s risk profile, and its applicability to a customer will depend on a case-to-case basis. Further, the regulated entity shall take reasonable steps to ascertain the source of wealth such as loan documentation, sale proceeds, salary payments, bank statements, etc. Further, the regulated entity shall undertake simplified customer due diligence when the ML or TF risks are low. It shall verify the customer’s identity after establishing the business customer relationships.
The regulated entity shall monitor all its business relations with a customer on an ongoing basis. It shall observe the conduct of the customer’s account and scrutinise transactions undertaken throughout the course of business relations. The entity shall review its customers, business and transactions against United Nations Security Council sanctions list.
If the regulated entity is unable to complete the requisite CDD, it shall not undertake the following activities:
The regulated entity shall periodically update CDD for different categories of customers in the following manner:
The third-party means:
The third party will generally have an existing relationship with the customer that is independent of the customer with the relying regulated entity. The third-party will perform CDD according to its own Anti-Money Laundering or Counter-Terrorist Financing policies, procedures and controls. Further, the regulated entity may rely on third-party CDD measures. In pursuance of this, the entity may obtain records or information of the customer due diligence performed by the third party within 2 days. It is necessary that the regulated entity must be satisfied that the third party is regulated, supervised or monitored and has measures put in place for compliance with client due diligence.
The guidelines on anti-money laundering or counter-terrorist financing mandate that the regulated entity shall implement a policy that the governing body shall approve. The policy shall lay down the parameter for approving correspondent banking relationships. The policy shall document the assessment of the suitability of the respondent bank, the responsibility of each bank with the correspondent banking relationship, and provide customer information data immediately. It shall be further ensured that the correspondent relationship shall not be entered with a shell institution.
The guidelines on anti-money laundering or counter-terrorist financing further discuss the provision of wire transfers or when the regulated entity receives funds through wire transfers. The regulated entity shall monitor the payment messages to and from high-risk countries and jurisdictions and suspend or reject payment from the high-risk parties. If the regulated entity finds out that the wire transfer originator or wire transfer beneficiary is from a terrorist or terrorist entity, it shall reject, freeze or reject the assets of these terrorist entities immediately. In a domestic wire transfer, the ordering information, beneficiary institution and intermediary institution shall include in the message payment or instruction and account number of the wire transfer originator.
Further, the responsibility of the ordering information shall be:
The regulated entities must develop and implement policies, procedures and controls depending on the ML or TF risks, size of the business, and prevention measures. It serves as a guide to officers, employees and representatives in ensuring that all the rules and regulations in respect of Anti-Money Laundering or Counter-Terrorist Financing laws and regulations are complied with. Further, the regulated entity must promptly update its policies and procedures, keeping in mind the new laws, regulatory developments, operational developments and emerging or new risks.
The regulated entity must develop compliance management and its framework and appoint a principal officer at the management level. The entity must ensure that the principal officer or any person appointed is suitably qualified and has timely access and records of all the information on the customer. The principal officer must ensure that business relations are carried out in accordance with the guidelines.
An audit function shall be put in place that will regularly assess the effectiveness of the entity’s internal policies, procedures and controls. The Anti-Money Laundering or Counter-Terrorist Financing framework of a regulated entity shall be subject to periodic audits and performed on both individual and entity-wise basis. Further, any non-compliance shall be reported to the senior management.
It is required that a regulated entity shall provide training to all its employees in relation to Anti-Money Laundering or Counter-Terrorist Financing. The training will enable the employees to easily comprehend the applicable laws, policies, procedures, systems and controls. The regulated entity must ensure that the training is relevant and tailored to its activities, products, services, customers, distribution channels, level of business and nature.
The regulated entity must maintain a record of the following records in electronic format, and it shall be accessible and promptly made available to the authority and other law enforcement agencies.
The regulated entity must put in place anti-money laundering or counter-terrorist financing policies, procedure and controls that will monitor and detect suspicious transactions with respect to potential ML or TF risks. The policies, procedures and controls must ensure that whenever any of its employees knows or suspects that a person is engaged in Ml or TF, the employee shall notify to the principal officer with all the relevant details. The Regulated entity may identify the suspicious records by below steps:
Reporting: The regulated entity must furnish a copy of all the documents along with risk assessment documents to the Director, Financial Intelligence Unit- India. Any delay in filing information shall attract a separate violation.
Confidentiality of Suspicious Transaction Report (STR): The regulated entity or its employees shall not disclose to any person that it has reported or formed suspicion on suspicious transactions.
The compliance obligations under the International Agreements and Domestic Laws for anti-money laundering or counter-terrorist financing are:
According to section 51A of UAPA 1967, the regulated entity must make sure that they do not have an account in the name of individuals appearing in the list of individuals approved by the UNSC and suspected of having terrorist links. Further, the individual’s assets shall be frozen as per Section 51A of UAPA. The regulated entity must regularly check the jurisdiction that does not follow or apply the FATF recommendations. Further, it shall maintain secrecy regarding the customer information that arises out of the contractual relationship.
The regulated entity must adhere to the provisions of Rules 114F, 114G, and 114H of Income Tax rules and determine if it is a reporting financial institution in terms of Rule 114F.
According to Rule 9(1A), the regulated entity must submit KYC information to the central KYC within 10 days from the commencement of an account-based relationship with the customer.
The regulated entity must make a group policy on Anti-Money Laundering or Counter-Terrorist Financing to meet the requirements under the guidelines. The entity shall communicate group policy to all its branches and subsidiaries and ensure it is implemented. Further, the regulated entity must ensure that its group policy on Anti-Money Laundering or Counter-Terrorist Financing is strictly observed by the management of every branch or subsidiary. The group policies must be developed to ensure proper sharing of information on ML or TF risk, confidentiality and use of any information, and awareness of the ML or TF risks of the financial groups.
The IFSCA, through the current circular, has increased the responsibility of the regulated entity to eliminate any risk of ML or TF. The detailed guidelines on anti-money laundering or counter-terrorist financing have mandated the regulated entity to adopt a risk-based approach and asses the risk before or when establishing business relations with the customer. In addition to taking a risk assessment of its activities, the regulated entity shall also take customer due diligence to ensure that the entity is not exposed to any ML or TF risk. Further, the regulated entity must make internal policies, procedures and controls to implement the requirements mentioned in the guidelines. The detailed overview of each chapter of the guidelines will be discussed separately in further blogs.
Read Our Article: Different Stages of Money Laundering