9870310368 8860712800

Learning

Learning » IFSCA » IFSCA guidelines on Anti-Money Laundering or Counter-Terrorist Financing

SP Services

IFSCA guidelines on Anti-Money Laundering or Counter-Terrorist Financing

Nikhil Mogha

| Updated: Nov 10, 2022 | Category: IFSCA

IFSCA guidelines on Anti-Money Laundering or Counter-Terrorist Financing

The IFSCA, or International Financial Services Authority, is established by the Government of India to regulate international financial services centres in India. It is a financial centre that helps customers located outside of the domestic economy. Henceforth, it is known as an offshore financial centre as it deals with financial products and services across borders. To regulate the financial services in the jurisdiction, the IFSCA authority has issued detailed guidelines on anti-money laundering or counter-terrorist financing for regulated entities, which is discussed in brief in this article.

What are the applicability and commencement date of the guidelines?

The guidelines on anti-money laundering or counter-terrorist financing shall become enforceable from the date of its publication. Further, the provisions of the guidelines shall apply to:

  • Licensed, registered or recognised regulated entities
  • Financial group of the regulated entities

What are the Duties of Regulated Entities?

The guidelines provide the below-mentioned duties for regulated entities:

  • The regulated entity must make an Anti-money Laundering or Counter-terrorist financing (AML-CFT) policy which the governing body shall approve.
  • The policy shall contain key principles or elements enumerated in the guidelines.
  • The senior members of the regulated entity shall be responsible for compliance with the provision of the guidelines.
  • The senior management must maintain skill, due care and diligence while carrying out the responsibilities under the guidelines.

What are Risk Based Approach and Risk assessment?

The guidelines on anti-money laundering or counter-terrorist financing define risk-based approach and risk assessment. A Risk-Based Approach (RBA) enables the regulated entities to assess and identify the potential ML and TF risks to which the regulated entities are exposed. The risk of regulated entities varies with the nature of the business and exposure or involvement with the clients, geographic areas, countries, services, products, transactions, delivery channels etc. In contrast, the Risk Assessment shall be appropriate to the nature and size of the business. The regulated entity shall consider all the risk factors before finalising overall risk and implementing RBA. Henceforth, based on the risk assessment, the regulated entity shall apply appropriate and effective measures to monitor, manage and mitigate the risk to which it is exposed.

The regulated entity shall also identify and assess the ML and TF risks associated at an enterprise level. It includes a consolidated assessment of risk that exists across all business units, delivery units and product lines. It is required that the decision of the risk assessment shall be documented properly.

Further, the risk assessment result shall be graded as low, medium and high. The principle behind grading the result is to apply enhanced measures in the case of high-risk customers and simple measures in the case of low-risk customers.

Moreover, the Regulated entity shall remain updated with its risk assessment. It must review its risk assessment at least once in every 2 years or when any material trigger event occurs. The result of the risk assessment review shall be supplied to the governing body or to the committee to whom the powers are delegated.  

What are Business Risk Assessment and Customer Risk Assessment?

The guidelines on anti-money laundering or counter-terrorist financing determine business risk assessment and customer risk assessment. It further explains the procedure of assessment which is discussed in brief below:

Business Risk Assessment

The business risk assessment helps the regulated entity identify the risk associated with money laundering[1] (ML) and terrorist financing (TF). It enables the entity to frame appropriate measures to protect its business from being used for ML or TF risk. The result of the business risk assessment shall be used to understand its own vulnerabilities to the risks and prepare the necessary plan to mitigate such risks. The regulated entity shall take suitable steps in identifying the nature, size and complexities of its business activities and take necessary steps in identifying anti-money laundering or counter-terrorist financing risks. The regulated entity must consider the following factors while identifying and assessing the risk:

  • Types of the customer and their activities
  • Business engagement in the geographic areas or countries.
  • Activity profiles, Services, products and delivery channels
  • Development of new business practices and products
  • Use of new technologies for new and pre-existing products

The regulated entity must identify and assess the ML and TF risks that may arise due to the following:

  • Development of new products, new delivery mechanisms, and business practices
  • Use of new technologies for new and pre-existing products

Moreover, the regulated entity must undertake a risk assessment before launching or using such practices, products or technologies and shall take measures to mitigate those risks.

Further, the anti-money laundering or counter-terrorist financing systems and controls shall correspond with the money laundering and terrorist financing risk identified through enterprise-wise risk assessment. The senior management shall approve the Anti-Money Laundering or Counter-Terrorist Financing policies, controls and procedures. Further, its implementation shall be constantly monitored by the regulated entity.

Customer Risk Assessment                   

The risk identified while assessing the business risks shall be used for customer risk assessment. The Regulated Entity shall:

  • Undertake risk assessment of every customer
  • Assign the risk rating proportionate to the money laundering and terrorist financing risks.

However, the risk assessment shall be completed before undertaking customer due diligence for new and existing customers.

The guidelines on anti-money laundering or counter-terrorist financing further state that the regulated entity shall, at the time of risk assessment, undertake the following activities:

  • Identification of the customer and beneficial owner
  • Obtain information on the intended nature of the business relationship
  • Take into consideration the nature of the business’s relationship
  • Take into consideration the customer’s nature, ownership and control structure
  • Take into consideration the relationship of the customer’s business with a regulated entity
  • Consider the customer’s residence, country of origin, residence, nationality, place of incorporation or business.
  • Take into consideration relevant service, product and transaction
  • Take into consideration the beneficiary of the policy

Further, the regulated entity shall determine the other relevant factors that determine the high or low ML or TF risks in relation to customer risk, products, services, transactions, and delivery channels.

Moreover, the guidelines on anti-money laundering or counter-terrorist financing mandate that the regulated entity shall not maintain any business relationship with the customer in the following cases:

  • The control arrangement and ownership of the customer prevent the regulated entity from identifying the customer’s beneficial owner.
  • The account is held in a fictitious name or nominee account, held in the name of one person but held for the benefit of another person whose identity is unknown to the regulated entity.
  • The Shell Financial Institution

What is Customer Due Diligence, Enhanced & Simplified Customer Due Diligence?

The guidelines on anti-money laundering or counter-terrorist financing require the regulated entity to undertake customer due diligence.

Customer Due Diligence (CDD)

The result of the Anti-Money laundering or Counter-terrorist financing risks assessment determines the degree of customer due diligence that needs to be undertaken. Further, if any information obtained from customer due diligence alters the rating risk of a customer, then such change shall reflect in its CDD.

The regulated entity shall undertake CDD at the time of:

  • Establishing business relationship
  • After establishing a business relationship

Moreover, the regulated entity shall undertake CDD when:

  • There is a veracity adequacy with respect to data, documents, or information of an existing consumer
  • There is a suspicion of ML or TF risk
  • Change in the risk rating of a customer, which is warranted by a change in circumstances of the customer

The regulated entity shall establish a business relationship with the customer before verification. The verification shall be completed in 30 business days after establishing a business relationship. However, if the regulated entity is not able to comply with the 30 business days, then it shall do so before the end of 30 days by:

  • Stating the reason for its non-compliance
  • Completing the verification as soon as possible
  • Recording of non-compliance to the governing body

Suspension and termination:  The regulated entity shall suspend or terminate the business relationship with the customer if the verification remains uncompleted for 30 days or 120 days after establishing the business relationship.

Requirements for Customer due diligence

The guidelines on anti-money laundering or counter-terrorist financing state the following requirements for undertaking customer due diligence:

  • Identification of a customer
  • Verification and Identity of Customer
  • Identification and verification of the identity of the natural person appointed to act on behalf of the customer
  • Identification and Verification of Identity of Beneficial Owners
  • Parameters to identify and verify the identity of beneficial owners
  • Identifying and verifying the beneficiary of a life insurance policy
  • Information on the Purpose and Intended Nature of Business Relations

The regulated entity must implement an internal risk management system, procedures and policies for anti-money laundering or counter-terrorist financing to identify if any customer, natural person or beneficial owner of the customer is appointed as politically exposed person (PEP) and further ascertain their source of wealth through appropriate means.

Enhanced due diligence & Simplified Due Diligence

The regulated entity conducts enhanced due diligence when Money laundering (ML) or Terrorist Financing (TF) risk is high. It shall be applied depending on the customer’s risk profile, and its applicability to a customer will depend on a case-to-case basis. Further, the regulated entity shall take reasonable steps to ascertain the source of wealth such as loan documentation, sale proceeds, salary payments, bank statements, etc. Further, the regulated entity shall undertake simplified customer due diligence when the ML or TF risks are low. It shall verify the customer’s identity after establishing the business customer relationships.

The regulated entity shall monitor all its business relations with a customer on an ongoing basis. It shall observe the conduct of the customer’s account and scrutinise transactions undertaken throughout the course of business relations. The entity shall review its customers, business and transactions against United Nations Security Council sanctions list.

Failure to conduct due diligence

If the regulated entity is unable to complete the requisite CDD, it shall not undertake the following activities:

  • Open an account
  • Carry out any transaction
  • Establish business relations
  • Terminate or suspend any existing business relations
  • Return any monies or assets

Periodic Updation

The regulated entity shall periodically update CDD for different categories of customers in the following manner:

  • Annually- High-Risk customer
  • Once in every 2 years- Medium risk Customer
  • Once in every 5 years- low-risk customer

What is Third Party Reliance?

The third-party means:

  • A financial institution
  • A regulated entity, its branches, subsidiaries, parent entity and their branches or subsidiaries

The third party will generally have an existing relationship with the customer that is independent of the customer with the relying regulated entity. The third-party will perform CDD according to its own Anti-Money Laundering or Counter-Terrorist Financing policies, procedures and controls. Further, the regulated entity may rely on third-party CDD measures. In pursuance of this, the entity may obtain records or information of the customer due diligence performed by the third party within 2 days. It is necessary that the regulated entity must be satisfied that the third party is regulated, supervised or monitored and has measures put in place for compliance with client due diligence.

What are Correspondent Banking and Wire Transfers?

The guidelines on anti-money laundering or counter-terrorist financing mandate that the regulated entity shall implement a policy that the governing body shall approve. The policy shall lay down the parameter for approving correspondent banking relationships. The policy shall document the assessment of the suitability of the respondent bank, the responsibility of each bank with the correspondent banking relationship, and provide customer information data immediately. It shall be further ensured that the correspondent relationship shall not be entered with a shell institution.

The guidelines on anti-money laundering or counter-terrorist financing further discuss the provision of wire transfers or when the regulated entity receives funds through wire transfers. The regulated entity shall monitor the payment messages to and from high-risk countries and jurisdictions and suspend or reject payment from the high-risk parties. If the regulated entity finds out that the wire transfer originator or wire transfer beneficiary is from a terrorist or terrorist entity, it shall reject, freeze or reject the assets of these terrorist entities immediately. In a domestic wire transfer, the ordering information, beneficiary institution and intermediary institution shall include in the message payment or instruction and account number of the wire transfer originator.

 Further, the responsibility of the ordering information shall be:

  • Identification and recording of information
  • Identification and recording of Information if Cross-border Wire Transfers below or equal to USD 1000
  • Identification and recording of Information if Cross- border Wire transfers exceed USD 1000.

What are Internal Policies, Compliance, Audit and Training?

Internal policies

The regulated entities must develop and implement policies, procedures and controls depending on the ML or TF risks, size of the business, and prevention measures. It serves as a guide to officers, employees and representatives in ensuring that all the rules and regulations in respect of Anti-Money Laundering or Counter-Terrorist Financing laws and regulations are complied with. Further, the regulated entity must promptly update its policies and procedures, keeping in mind the new laws, regulatory developments, operational developments and emerging or new risks.

Compliance

The regulated entity must develop compliance management and its framework and appoint a principal officer at the management level. The entity must ensure that the principal officer or any person appointed is suitably qualified and has timely access and records of all the information on the customer. The principal officer must ensure that business relations are carried out in accordance with the guidelines.

Audit

An audit function shall be put in place that will regularly assess the effectiveness of the entity’s internal policies, procedures and controls. The Anti-Money Laundering or Counter-Terrorist Financing framework of a regulated entity shall be subject to periodic audits and performed on both individual and entity-wise basis. Further, any non-compliance shall be reported to the senior management.

Training

It is required that a regulated entity shall provide training to all its employees in relation to Anti-Money Laundering or Counter-Terrorist Financing. The training will enable the employees to easily comprehend the applicable laws, policies, procedures, systems and controls. The regulated entity must ensure that the training is relevant and tailored to its activities, products, services, customers, distribution channels, level of business and nature.

What is Record Keeping under the guidelines on anti-money laundering or counter-terrorist financing?

The regulated entity must maintain a record of the following records in electronic format, and it shall be accessible and promptly made available to the authority and other law enforcement agencies.

  • Copy of documents at the time of undertaking customer due diligence
  • Records of Customer and business relationships.
  • Notifications of the Principal Officer
  • Suspicious transaction reports
  • Risk Assessment documents
  • Any other relevant contact information

What is the process of identification of suspicious transactions?

The regulated entity must put in place anti-money laundering or counter-terrorist financing policies, procedure and controls that will monitor and detect suspicious transactions with respect to potential ML or TF risks. The policies, procedures and controls must ensure that whenever any of its employees knows or suspects that a person is engaged in Ml or TF, the employee shall notify to the principal officer with all the relevant details. The Regulated entity may identify the suspicious records by below steps:

  • Detect a suspicious Indicator
  • Ask customer questions
  • Review Customer’s records
  • Evaluate the above-obtained information.

Reporting: The regulated entity must furnish a copy of all the documents along with risk assessment documents to the Director, Financial Intelligence Unit- India. Any delay in filing information shall attract a separate violation.

Confidentiality of Suspicious Transaction Report (STR): The regulated entity or its employees shall not disclose to any person that it has reported or formed suspicion on suspicious transactions.

What are the compliance obligations under International Agreements and Domestic Laws for anti-money laundering or counter-terrorist financing?

The compliance obligations under the International Agreements and Domestic Laws for anti-money laundering or counter-terrorist financing are:

Reporting requirements under International agreements Communications from International Agencies

According to section 51A of UAPA 1967, the regulated entity must make sure that they do not have an account in the name of individuals appearing in the list of individuals approved by the UNSC and suspected of having terrorist links. Further, the individual’s assets shall be frozen as per Section 51A of UAPA. The regulated entity must regularly check the jurisdiction that does not follow or apply the FATF recommendations. Further, it shall maintain secrecy regarding the customer information that arises out of the contractual relationship.

Reporting requirements under Foreign Account Tax Compliance Act and Common Reporting Standards

The regulated entity must adhere to the provisions of Rules 114F, 114G, and 114H of Income Tax rules and determine if it is a reporting financial institution in terms of Rule 114F.

Sharing of KYC information pertaining to Indian Residents (Natural and Legal Entities) with Central KYC Records Registry

According to Rule 9(1A), the regulated entity must submit KYC information to the central KYC within 10 days from the commencement of an account-based relationship with the customer.

What is the obligation to develop and ensure implementation of the Anti-Money Laundering or KYC standards in groups, branches and subsidiaries?

The regulated entity must make a group policy on Anti-Money Laundering or Counter-Terrorist Financing to meet the requirements under the guidelines. The entity shall communicate group policy to all its branches and subsidiaries and ensure it is implemented. Further, the regulated entity must ensure that its group policy on Anti-Money Laundering or Counter-Terrorist Financing is strictly observed by the management of every branch or subsidiary. The group policies must be developed to ensure proper sharing of information on ML or TF risk, confidentiality and use of any information, and awareness of the ML or TF risks of the financial groups.

Conclusion

The IFSCA, through the current circular, has increased the responsibility of the regulated entity to eliminate any risk of ML or TF. The detailed guidelines on anti-money laundering or counter-terrorist financing have mandated the regulated entity to adopt a risk-based approach and asses the risk before or when establishing business relations with the customer. In addition to taking a risk assessment of its activities, the regulated entity shall also take customer due diligence to ensure that the entity is not exposed to any ML or TF risk. Further, the regulated entity must make internal policies, procedures and controls to implement the requirements mentioned in the guidelines. The detailed overview of each chapter of the guidelines will be discussed separately in further blogs.

Read Our Article: Different Stages of Money Laundering

Nikhil Mogha

An Advocate by profession, Nikhil Mogha holds experience in the field of Business and Securities law. He has done his Masters of Law in Corporate Law from Guru Gobind Singh Indraprastha University, New Delhi. He is also versed with the drafting and research work in the field of Company Law, Banking Laws and Contract Laws.

Business Plan Consultant


No Comments

Leave a Reply

Request A Call Back

Are you human?: 5 + 7 =

Categories

Startup CFO

Trending Articles

Hey I'm Suman. Let's Talk!