Bank Policy for Prevention of Money Laundering Combating ... CTF Policy 01.pdf · [PML & CTF Policy - BOC] 3 | Page Bank of Ceylon 1. Prevention of Money Laundering & Combating Terrorist

Bank Policy for Prevention of Money Laundering &

Combating Terrorist Financing

Effective Date: 01.01.2012 Next Review date: 31.12.2014

[PML & CTF Policy - BOC]

2 | P a g e

Contents Page No.

1. Policy for Prevention of Money Laundering & Combating 03

Terrorist Financing

2. Definitions 03

3. `Objective & Scope of the policy 03

4. Overview of AML & CTF initiatives 04

5. Responsibilities.

5.1. Institutional 05

5.2. Board of Directors, Corporate & Executive Management 06

5.3. Compliance Officer- AML (CO-AML) 07

5.4. Branch Managers/Strategic Business Unit (SBU) Heads 07

5.5. Other Staff Members 08

6. KYC & CDD Operational Framework

6.1 Customer Identification 08

6.2 Maintenance of Accounts 10

6.3 Risk Management 15

6.4 Customer Due Diligence, Transaction Monitoring & Reporting 16

6.5 Identification of unusual or suspicious activities 18

7. Retention of Records 20

8. AML/CTF Training Policy 21

9. Adherence to Monitoring of the Policy 21

Annex. (I) Convention on the suppression of Terrorist 22 Financing Act No: 25 of 2005 (II) Prevention of Money Laundering (PMLA) Act No: 5 of 2006 35

(III) Financial Transaction Reporting Act (FTRA) No: 6 of 2006 61

(IV) KYC & CDD Rules from the Regulator 102

(V) KYC Check List 118

(VI) KYC Profile 121

(VII) Cash Transactions Report (CTR) 122

(VIII)Electronic Fund Transfer (EFT) – Incoming 123

(IX) Electronic Fund Transfer (EFT) – Outgoing 124

(X) Suspicious Transaction Report - (STR) 125


3 | P a g e

Bank of Ceylon

1. Prevention of Money Laundering & Combating Terrorist Financing Policy Bank of Ceylon, as a state bank and as the premier national bank has recognized the importance of extending its co-operation for combating Money Laundering and Terrorist Financing. Board of Directors, Corporate Management, Executive Management and entire staff is totally committed for achieving this objective.

2. Definitions

• Money Laundering (M/L) The involvement in any one transaction or series of transactions that assists a criminal in keeping, concealing or disposing of proceeds derived from illegal activities.

• Terrorist Financing (T/F) Provision or collection of funds by any means, directly or indirectly, to be used in full or in part to carry out terrorist acts or support terrorist groups which encompass both legitimate and criminal funds.

• Know Your Customer (KYC) Know Your Customer is obtaining and using information about a customer over and above the basic identification information.

• Customer Due Diligence (CDD) Ongoing scrutiny of any transaction undertaken throughout the course of the business relationship with a customer to ensure that any transaction that is being conducted is consistent with the Institution’s knowledge of the customer, the customer’s business and risk profile, including, where necessary, the source of funds.

3. Objective & Scope of the policy

The objective of this policy of the BOC & its Foreign Branches is to comply with the Statutory & Regulatory obligations to combat Money Laundering and Terrorist Financing. In the light of the above, the objectives of the BOC Anti Money Laundering (AML) policy are enumerated below: (a) To comply with applicable laws in Sri Lanka & guide lines issued by Central Bank

of Sri Lanka (CBSL), with reference to Money Laundering / Terrorist Financing and also to adhere to internationally accepted standards.

(b) Enable the Bank to conduct clean, commercial business, conforming to standards set

by Banking Industry; within the framework designed by regulators.


4 | P a g e

(c) To establish and maintain Systems & Procedures to ensure that all officers & employees are aware of rules, regulations & guide lines relating to Money Laundering / Terrorist Financing.

(d) To report any suspicious transaction or activity to the relevant authority & co-

ordinate with the relevant Law Enforcing Authority in Investigations. 4. Overview of Anti Money Laundering (AML) & Combating Terrorist Financing

(CTF) initiatives Money Laundering is a serious threat to financial system of all countries which leads to destruction of the country’s sovereignty and character. The recognition has culminated in concerted efforts the world over to fight this ultra-criminal activity through enactment of stringent laws, regulations and measures aimed at securing financial systems against money laundering. Three major International standard setters are: 1. Financial Action Task Force (FATF) Sets AML/ CTF frame work. 2. Basel Committee on Banking Supervision (BCBS)

Provides detailed Recommendation on Customer Due Diligence (CDD) sets core principles, Banking Supervisors need to implement.

3. United Nations Issue Lists of Terrorists whose assets must be frozen.

To meet both its own and International initiatives, Sri Lanka has culminated in the promulgation of 3 Acts as follows:

• Convention on the suppression of Terrorist Financing Act No: 25 of 2005 (Annex I) • Prevention of Money Laundering (PMLA) Act No: 5 of 2006 . • Financial Transaction Reporting Act (FTRA) No: 6 of 2006 .

The three basic tenets of Anti Money Laundering i.e. Know Your Customer (KYC), Source of funds and End use / destination of funds have been covered in this policy. The adoption of this policy is aimed at increasing awareness of money laundering activity / Terrorist Financing and its ill-effects among the staff members, guarding against the ML/TF at all times. The relevant guide-lines by Financial Transaction Reporting Act & the directives by the Regulator, Central Bank of Sri Lanka (Annex IV) will be abided by Bank of Ceylon while giving effect to this policy. Bank of Ceylon, as a whole, would aim to Comply adopting and implementing this policy and the amendments thereafter.


5 | P a g e

5. Responsibilities 5.1 Institutional Responsibilities.

• Bank should comply with the requirements of the Act not withstanding any obligation as to the secrecy or other restrictions.

• Screen all persons before employing them in the Institution.

• Bank should appoint a compliance officer in terms of Section 14 of the FTRA,

who shall be responsible for ensuring the institution’s compliance with the requirements of the relevant laws. This officer must be at the senior management level.

• Bank should establish an audit function to test its procedures and systems for

compliance.

• Bank should make its officers and employees aware of the laws relating to money laundering and financing of terrorism and to train its officers, employees and agents to recognize suspicious transactions.

• Bank should ensure that its domestic and foreign branches, and subsidiaries

adopt and observe measures to the extent that local laws and regulations are applicable and where the foreign branches / subsidiaries are unable to adopt and observe such measures in jurisdictions which do not or insufficiently apply the FATF recommendations, such matter should be reported to Bank’s Compliance Officer for appropriate action.

• Bank should scrutinize and examine the background of all their relatively large

transactions that are complex, unusual or have no apparent economic and lawful purpose and retain a written record of such examination.

• Identification is essential to conduct of business of Institution.

• If satisfactory evidence of identity is not submitted, Bank shall not proceed any

further with the transaction.

• Bank should maintain records of Transactions and of Correspondence for a period of six years.

• Bank should conduct ongoing due diligence and scrutiny of customers.

• Cash Transactions, Incoming & Outgoing swift messages exceeding a sum

prescribed by order published in the gazette or its equivalent in any foreign currency should be reported to Financial Intelligence Unit (FIU), in every 15 days.( mid / end month)


6 | P a g e

• To disclose information if any, relating to property of terrorist groups or property used for commission of offence under these Acts.

• Duty of the staff members on suspicious transaction is not to divulge information to other members of staff or any other including customer and report only to Compliance Officer.

• Bank should protect persons reporting suspicious transactions if done in good

faith, compliance with regulations under the Act and directions of FIU.

5.2 Board of Directors, Corporate & Executive Management Responsibilities

• Developing and maintaining policy in line with evolving statutory and regulatory obligations.

• Develop internal procedures on current CBSL regulations on combating Money

Laundering/Terrorist Financing and ensure that the staff keep up to date with new money laundering requirements and developments.

• Ensuring that staff is aware of their obligations and the Bank’s procedures, and

that staff is adequately trained in combating money laundering and Terrorist financing and a mechanism should be established to communicate all relevant changes.

• Representing the Bank to all external agencies in Sri Lanka and in any other third party enquiries in relation to money laundering prevention or compliance.

• Ensuring that all fragment of the Bank are complying with the stated policy and

therefore monitoring operations and development of the policy should be done.

• Preparing compliance report to the Board of Directors annually by the Corporate Management & necessary directives by the Board.

• Undertaking the internal review of all suspicions and determining whether or

not such suspicions have substance and require disclosure to FIU at CBSL.

• Obtaining and making use of national and international findings concerning Countries with serious deficiencies.

• Seeking from the Compliance Division, at least annually, a report relating to the

Bank’s compliance with its anti-money laundering obligations and acting on the findings and recommendations.

• Screen all persons before employing them in the Institution.


7 | P a g e

5.3 COMPLIANCE OFFICER AML (CO) It is mandatory to appoint a Compliance Officer who shall be Responsible for ensuring the Institution’s Compliance (including Foreign Branches) with the requirements of the Act and to act on his own authority and co- ordinate with the Financial Intelligence Unit of Central Bank of Sri Lanka & any Law enforcement Authority in Investigations accordingly. • The CO’s role would be to maintain controls and procedures aimed at deterring

Criminal elements from using the products and services of the Bank and Implement this policy.

• He/She will also be instrumental in adhering to KYC principle and effective

customer identification and should provide necessary guidance to operating staff.

• His/Her vigilance in computerized and non-computerized transactions and track

patterns.

• He/She should keep abreast of all latest developments in AML area in other organizations and countries and effect the changes in AML measures suitably to improve AML exercise of the Bank.

• Compliance Officer should;

a) Maintain up-to-date list of high risk countries.(Heat Map) b) Identify for the Bank, the high, moderate and low risk activities from AML

point of view. c) Identify unusual transactions.

• Depending on the Suspicious Transaction Report (STR), he/she shall co-ordinate with senior management to decide on continuing the account relationship with caution /alert or for closing of the Account. In this context, he/she should report the suspicious transaction to FIU.

• He/She should arrange to conduct training for staff with latest course material on AML/CTF and case studies.

• CO will report to FIU, the progress status of the AML/CTF measures in vogue, improvements and findings.

5.4 Branch Managers/ Strategic Business Unit (SBU) Heads

Branch Managers/SBU heads are mainly responsible for their day to day compliance with money laundering obligations within all segments of the Bank. • Ensuring that the Compliance officer is provided with prompt advice of unusual suspicious transactions and other matters of significance.


8 | P a g e

• Ensuring that all the staff members are aware of their obligations and the Bank’s procedures, and that staff is adequately trained in money laundering prevention.

• Interview Customers on opening any Account for Political Exposed Persons

(PEP) and should have authorization of the Senior Management. PEPs are defined as “Individuals in Sri Lanka or abroad who are, or have been entrusted with prominent public functions e.g. Head of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials”. As per Central Bank guidelines Business relationships with family members or close associates of PEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended to cover middle ranking or junior officials.

• If satisfactory evidence of identity is not submitted, Manager should give instructions to not to proceed any further with the transaction.

• Should continue customer Due Diligence. • Annual Confirmation should be forwarded to the relevant Asst. General Manager that the Branch/ Dept. is complied with the AML requirements.

5.5. Other Staff Members • Remaining vigilant to the possibility of ML/TF. • Complying fully with all AML/CTF procedures in respect of customer identification, account monitoring, record keeping and reporting.

• Reporting all suspicions of money laundering to the Compliance Officer.

• All staff members should sign and forward, “Annual Acknowledgement form

for the AML/CTF ” confirming that they had no suspicions during the year to the Manager.

• Employees who violate any of the regulations or the policies /procedures

outlined on AML/CTF, will be subject to disciplinary action.

6. KYC & CDD Operational Framework

6.1 Customer Identification BOC has adopted a Customer Identification Process and the Bank will verify the credentials of every customer when an account is first opened. –( KYC Check List; - KYC Profile in addition to the mandate). This applies to all types of accounts (personal customers; sole traders; partnerships; private and public etc.). The Manager of the Branch should interview the customer before permitting opening of


9 | P a g e

the Current Accounts and the Accounts of Political Exposed Persons (PEP), while Savings Accounts by the Personal Banking Officer/ Customer Service Manager. Bank should satisfy that all aspects of KYC guidelines are complied with, at the time of opening of the account, based on customer’s profile, a threshold limit of transaction is to be determined. • Accounts of Individual

Information to be obtained a. Full name appearing in the identification document. b. Identification document to be specified as, national identity card, unexpired

passport and official driving license. c. Permanent address as appearing on the identification document. Any other

address to be accepted should be supported by a utility bill not over three months old. Utility bills are to be specified as electricity bill, water bill and telecom or any fixed line operators bill. No post-box number to be accepted. In the case of ‘C/o’, property owner’s consent and other relevant address verification documents are need to be obtained.

d. Telephone number, fax number and e-mail address. e. Nationality f. Occupation, business, public position held and the name of the employer. g. Purpose for which the account is opened. h. Expected turnover / volume of business. i. The reason for choosing to open the account in a foreign jurisdiction in case of

NRFC / NRRAs. j. Satisfactory reference. k. Signature

• Proprietorship / Partnership Accounts Information to be obtained

a. Full name as appearing in the registration document. b. Personal details of the proprietor / partners as in the case of individual accounts. c. Registered address or the principal place of business and the permanent

address of the proprietor / partners. d. Contact telephone, fax numbers, E-mail address. e. Tax file number. f. Satisfactory reference. g. Signature h. Other connected business interests. i. The extent of the ownership controls.


10 | P a g e

• Corporations / Limited Liability Company Information to be obtained

a. Registered name of the institution and the number. b. Principle place of institution’s business operations. c. Mailing address if any. d. Nature and purpose of business. e. Telephone / Fax / E-mail. f. Bank references. g. Personal details of all Directors and authorized signatories, as in the case of

individual customers. h. Major share holders and their financial interests and control. i. List of subsidiaries/associates and other business connections. j. Signatures. k. Income Tax file number.

• Clubs, Societies, Charities, Associations and NGO’s Information to be obtained

a. Name and address, as appearing in Charter, Constitution etc. b. Detailed information of at least two office bearers, signatories, administrators,

members of the governing body or committee or any other person who has control and influence over the operations of the entity as in the case of individual accounts.

c. The purpose for which the account is opened, the objectives and the areas of the activities.

d. The source and level of income / funding. e. Other connected institutions / associates / organizations. f. Telephone / Fax numbers / E-mail address

• Trust, nominees and fiduciary accounts Information to be obtained

a. Identification of all trustees, settlers/grantors and beneficiaries in case of trustees.

b. Whether the customer is acting as a ‘front’ or acting as a trustee, nominee or

other intermediary.

It should also be ensured that KYC guidelines are made applicable to new and existing account holders. Introduction of large number of accounts by a single introducer should be dealt with cautiously and we must satisfy ourselves about this.

6.2 Maintenance of Accounts:

1. Unless and until adequate identity of the prospective client is obtained no account should be opened. If any discrepancy in information is detected


11 | P a g e

subsequently the account should be stopped until the veracity of such information is confirmed.

2. The general customer information to be recorded at the out set, should include

customers business/profession, level of income, economic profile, business associates and other business connections, source of funds, and the purpose for which the account is opened.

3. Copies of all identification and address verification documents should be

retained as stated in para. 7-0

4. Where the permanent address given in the application is at a location far away from that of the branch which receives the account opening request, the request must be discouraged / turned down and the prospective client be requested to open the account at the closest branch to his residence or his business, unless an acceptable and a valid reason is given. Such exceptions should be recorded in file. If change of address is made after the opening of the account, the account should be transferred to the nearest branch of the particular bank.

5. When two or more accounts are opened in the same bank, the specific purpose for which the account is opened may be recorded to assist continued due diligence of all accounts.

6. Check whether the prospective customers appear on any list of any known

suspected terrorist list or alert list issued by national / government authorities such as the Controller of Immigration, Customs, Central Bank etc.

7. When instructions are received from clients to transfer funds from one account to another both account numbers should be recorded internally to aid future reference.

8. Bank accounts for charitable and aid organizations and NGOs should be

opened only with the registration of the NGO Authority and with other appropriate credentials. Due regard should be paid to specific directions governing their operations i.e. issued by the Department of Bank Supervision/Controller of Exchange.

9. Opening of accounts for ‘politically exposed people’ (PEP) should have

authorization of senior management. PEPs are defined as “individuals in Sri Lanka or abroad who are, or have been, entrusted with prominent public functions e.g. Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of State owned corporation, important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar


12 | P a g e

to those with PEPs themselves. The definition is not intended to cover middle ranking or junior officials.

10. All cash deposits made into savings and current accounts exceeding a sum

prescribed by order published in the gazette or its equivalent in any foreign currency by third parties should have on record, the identity of the depositor. The required details are, the name, address, ID number, purpose and the signature. However, clerks, accountants and employees of business houses who are authorized to deal with the accounts do not come within the definition of ‘third parties’.

11. Accounts which record frequent transactions below the threshold limit

prescribed by order published in the gazette or its equivalent in any foreign currency in an attempt to circumvent the reporting requirement should be reported to the Bank’s Compliance Officer for appropriate action.

12. Banks must ensure that account activities are consistent with the customer

profile on record. Any inconsistency should be inquired into and the correct position recorded. All unexplainable activities should be reported to the Bank’s Compliance Officer for appropriate action.

13. When applications for opening of accounts are received by mail or e-mail, due

care should be exercised to record the true identity of the client prior to opening the accounts or activating them. In no case should the banks short-circuit the required identity procedures just because the prospective client is unable to present himself in person.

14. When banks maintain account for money changers/money remitters they need

to be aware that such clients are engaged exclusively in the money changing/money remitting business in compliance with the terms and conditions of the permit issued to them. Since money changers are covered by the provisions of the Prevention of Money Laundering Act (PMLA) and the Financial Transactions Reporting Act (FTRA) it is the duty of the banks to ensure that they fully comply with the requirements of the law. Any unauthorized illegal engagement in financial transactions should be brought to the notice of the Bank’s Compliance Officer for appropriate action.

15. When RNNFC, RGFC as well as temporary rupee accounts are opened for

non- nationals / foreign passport holders who are resident in Sri Lanka, a local address should be obtained as their permanent address during their stay in the Island. A copy of the passport, visa with validity period, foreign address and the purpose for which the account is opened should be made available in the file. On the expiry of the visa, the account should cease to operate unless and otherwise appropriate instructions are received. On leaving the Island the account should either be closed or be converted into a non-resident account.


13 | P a g e

Banks must ensure that a valid visa is held at all times by the clients during the continuation of the account with them.

16. When rupee accounts (NRRA) are opened and maintained for non-

residents(foreign passport holders), a foreign address may be used as a permanent address and for all correspondence. The reason for choosing to open the account in a foreign jurisdiction should be recorded in the file.

17. All rupee accounts for resident non-nationals should carry a Sri Lankan

address. A foreign address may be used temporarily until the account holder is resident abroad. Bank must ensure to up date the address on the client’s return, under the ongoing due diligence. In the case of joint accounts a foreign address may be used only when all parties are domicile abroad. If any one party remains in the Island, the local address needs to be maintained.

18. No wire transfers should be permitted out of currency deposits made into these

NRFC/RFC accounts unless they are brought into the country by the account holder with evidence. No undeclared currency notes brought into the country be accepted into these accounts. If regular currency notes are deposited into foreign currency accounts, the Bank should be satisfied and be aware of the legitimacy of such deposits

19. When outward remittances/wire transfers are made out of NRFC/RFC

accounts it is mandatory that a complete application be forwarded to the bank incorporating important and meaningful originator information such as name, address, account number, identification number together with a brief account of the purpose for such transfers. This is applicable to domestic wire transfers as well.

20. No transfer of funds from RFC to NRFC should be permitted although fund

transfer from NRFC and RFC is permitted as per exchange control regulations. 21. Banks must ensure that no ATM external withdrawals exceeding the

mandatory threshold prescribed by order published in the gazette or its equivalent in any foreign currency are made without the expressed approval of the Bank. If regular withdrawals are made by customers in small amounts in order to circumvent the reporting limit, the withdrawal facility in such events must be suspended forthwith and reported as a suspicious transaction. Banks must exercise due diligence to prevent any misuse of this facility. This is applicable to both rupee accounts and foreign currency accounts.

22. Additional KYC and CDD on existing and new credit card merchant bases

with a special focus on the nature of business of credit card merchants should be undertaken and appropriate measures taken in terms of the provisions of the FTRA against any customer, transaction or merchant involved in any unlawful activity. Payments made through the internet by credit card customers in


14 | P a g e

particular warrant very close attention to ensure that payments are not made for unlawful activities.

23. Introduction of new technologies – Bank should pay special attention to any

money laundering threats that may arise from new or developing technologies, including internet banking , that might favour anonymity and take measures , if needed, to prevent their use in money laundering schemes. Bank should be mindful of a variety of Electronic Cards that are used by customers for buying goods and services, drawing cash from ATMs and for electronic transfer of funds. Pre-loading of credit cards in particular can be resorted to, inter alia, for money laundering and terrorist financing purposes and should not be permitted as to do so would be tantamount to the abuse of credit cards.

24. A proper customer identification or relationship has to be established when

import documents on collection basis are released to non customers of Banks. Identification should include the correct address of the person or the business.

25. It is mandatory for banks to preserve SWIFT messages that accompany inward remittances for a period of six years as they contain important customer details.

26. Treasury Dealings - With regard to dealings in Forex, money market, bonds,

securities, precious metal etc. confirmation should be obtained from counter- parties on their adherence to AML / CTF guidelines to prevent transactions with non-compliant countries /entities.

27. Alternative Remittance Systems - Extra vigilance is required by Banks to

distinguish between formal money transmission services and other money or value transfer systems through which funds or value are moved from one geographic location to another through informal and unsupervised networks or mechanisms. To ascertain the sources of funds thus becomes an imperative.

28. Wire transfers should contain originator information as follows,

a. Name of the Originator b. Originators account number or unique reference number and c. Originator’s address, unique identification number or date and place of birth.

29. Correspondent Banks and Shell Banks - Prior to commencing banking

relationship with ‘correspondent banks/ financial institutions’, banks should gather sufficient information with regard to their management, major business activities, and the money laundering prevention and detection efforts. It is also the duty of the banks to ensure that the purpose of the account is exclusively for correspondent banking activities and that the bank is effectively supervised by the relevant authorities for their due diligence and AML standards in that country. The banks should refuse to enter into or conduct business and provide services to banks that are located in jurisdictions that have poor KYC


15 | P a g e

standards or have been identified as being ‘non-co-operative’ in the fight against ML and TF. It is also imperative that the banks ensure that their correspondent banks do not undertake business with shell banks. No accounts for ‘shell’ banks should be opened without the proper approval of the Controller of Exchange.

30. Central Bank has informed that the updating of all existing accounts with

relevant information should have been completed by 31st March 2009 by all Banks.

31. Safe Custody and Safe Deposit Boxes - This facility where sealed envelops/

parcels/ boxes/ are held, should only be made available to Account Holders.

6.3 Risk Management

Based on the risk of the true identity of its customers, BOC shall rely on Central Bank issued identification guide lines on ‘know your customer’ (KYC) & ‘customer due diligence’ (CDD) for verification purposes. BOC, however will analyze the information provided to determine if there are any logical inconsistencies in the information obtained.

KYC/CDD is mandatory due to the Risks involved as follows;

(1) Reputational Risk due to the erosion of Confidence

(2) Operational Risks due to inadequate internal processes

(3) Legal Risks due to failure to observe mandatory KYC/CDD standards & implication of penalties, fines etc.

In order to mitigate the Risks involved the followings should be adhered to;

• To comply with the rules/ regulations/guidelines on AML/CTF. • Addresses of all accounts ie. Current Accounts, Savings and Fixed Deposits

Accounts etc. should be verified. • Internal Control Officer of the branch, should scrutinize all documents of the

new accounts opened by the Bank. • Ensure proper preservation of all the mandate forms and other documents

under safe custody. • Internal Audit reports and Compliance reports on AML & CTF should be

forwarded to the corporate management. • Customer Risk Profiles should be reviewed annually, keeping in view the risks

involved in a transaction, account or Banking / Business relationship. Additional due diligence/ attention should be taken in the following instances;


16 | P a g e

High-risk countries The bank will apply heightened scrutiny to clients and beneficial owners resident in and funds sourced from countries identified by credible sources as having inadequate anti-money-laundering standards or representing high-risk for crime and corruption.

Offshore jurisdictions Risks associated with entities organized in offshore jurisdictions are covered by due diligence procedures laid out in these guidelines.

High-risk activities Clients and beneficial owners whose source of wealth emanates from activities known to be susceptible to money laundering will be subject to heightened scrutiny.

Public officials Individuals who have or have had positions of public trust such as government officials, senior executives of government corporations, politicians, important political party officials, etc. and their families and close associates require heightened scrutiny.

• Banks Internal Audit and Compliance functions should evaluate and ensure adherence to the KYC policies and procedures.

• Employees should be given training on an ongoing basis regarding the

KYC Procedures. All the staff should fully understand the rationale behind the KYC policies and implement them consistently.

6.4 Customer Due Diligence, Transaction Monitoring & Reporting Due diligence

Due diligence is to collect, record and monitor information covering the following categories: • Purpose and reasons for opening the account • Anticipated account activity • Source of wealth (description of the economic activity which has generated the

net worth) • Estimated net worth • Source of funds (description of the origin and the means of transfer for monies

that are accepted) • References or other sources to corroborate reputation information where

available.

The Manager is responsible for updating the customer file on a defined basis and/ or when there are major changes. He/She will be responsible for monitoring of his branch / dept. and how it is carried out, and will report suspicious activities to the Compliance Officer. He/She also will have to list out high-risk clients whose


17 | P a g e

accounts may warrant further scrutiny. In case the name of any banned organization appears in any transaction of the Bank, it will be the Bank’s endeavor to ensure that the Reporting of such transactions should be done as and when detected as stated below.

They will manually monitor a sufficient number of account activities to permit identification of patterns of unusual size, volume, pattern or type of transactions, geographic factors such as whether jurisdictions designated as “non-cooperative” are involved. Internal Audit will review relevant portions of client files on a regular basis to ensure consistency and completeness. Internal Auditor also will look at transactions, including trading and wire transfers, in the context of other account activity to determine if a transaction lacks financial sense or is suspicious because it is an unusual transaction for that customer. A monitoring and reporting system has to be developed that enables the rapid flow of information to the AML Compliance Officer.

Cash Transactions Report (CTR) – Operating staff is required to record and report all individual cash deposits and withdrawals, exceeding a sum prescribed by order published in the gazette or its equivalent in any foreign currency in every 15 days to the Compliance Officer which will be forwarded to the FIU. This Report includes Value date, Amount, Branch, Account number, Type of A/c, nature of the Transaction, customer’s Name, Address and nature of the business/ profession/ vocation.

Electronic Fund Transfer –Incoming – Report on incoming Swift Messages should be prepared for exceeding a sum prescribed by order published in the gazette or its equivalent in any foreign currency for every 15 days to the Compliance Officer which will be forwarded to the FIU. This Report includes Value date, Amount in Foreign Currency (FCY),Type of CCY, Value in Rs., Details of the Transaction, Information on Remitter Correspondent, Information on Third Party Reimbursement Institute & Information of the Party who Receives the Electronics Fund Transfer. Electronic Fund Transfer- Outgoing – Report on Outgoing Swift Messages should be prepared for amounts exceeding a sum prescribed by order published in the gazette or its equivalent in any foreign currency for every 15 days to the Compliance Officer which will be forwarded to the FIU. This Report includes Value date, Amount in Foreign Currency (FCY),Type of CCY, Value in Rs., Details of the Transaction, Information on customer ordering Payment


18 | P a g e

of Electronic Fund Transfer & Information of the Party who Receives the Electronics Fund Transfer.

Suspicious Transactions Report (STR) – In reporting suspicious transactions at branch level, dealing officer at the branch will report to the Manager who will get himself satisfied about the existence of a suspicious activity / nature and then himself report to Compliance Officer who will bring this matter to the notice of FIU. Further course of action is decided by the FIU to take up the matter with the appropriate law enforcing authorities designated under the relevant laws governing such activities.

6.5 Identification of unusual or suspicious activities Unusual or suspicious activities can be identified through: • Monitoring of transactions • Client contacts (meetings, discussions, in-country visits etc.) • Third party information (e.g. newspapers, Reuters, internet) • Banker's / internal knowledge of the client's environment (e.g. political situation

in his/her country).

Follow-up on unusual or suspicious activities The Compliance Officer will carry out an analysis of the background of any unusual or suspicious activity. If there is no plausible explanation a decision will be made involving the control function: • To continue the business relationship with increased monitoring • To cancel the business relationship • To report the business relationship to the authorities.

The report to the authorities is made by the Compliance Officer. As required by local laws and regulations the assets may be blocked and transactions may be subject to approval by the control function.

Identifying Signals Red flags that signal possible money laundering or terrorist financing as stated below include, but are not limited to: • Account that show frequent large value transactions without a business reason.

• A customer who builds up large balances, not consistent with the known

turnover of the customer’s business, especially where there is a subsequent transfer overseas.

• Business account(s) where deposits or withdrawals are primarily in cash rather

than cheques and this is not consistent with the usual activities of a business of that nature.


19 | P a g e

• An account that sends and receives telegraphic transfers or payment orders (especially to/from tax haven countries), without an apparent business reason or when inconsistent with the customer’s business or history.

• A customer who suddenly repays loan, particularly a problem loan, with no

reasonable explanation of the source of funds.

• A customer who borrows funds to purchase a property and intends to fund the development from their own cash flow but the funds to pay sub-contractors etc do not appear to be flowing in and out of their account.

• A request to borrow against assets held by the bank or a third party, where the

origin of the assets is not known or the assets are inconsistent with the customer’s standing.

• A request by a customer for a bank to provide or arrange finance where the source of the customer’s financial contribution to a deal is unclear particularly where the property is involved.

• A request for loans to an offshore company, especially one located in a tax haven country, or for a loan secured by obligation of an offshore bank.

• A large number of individuals making deposits in to the same account.

• A customer who regularly pays in large third party cheques that have been endorsed.

• Sending or receiving frequent or large volumes of telegraphic transfers to and from offshore institutions, especially when there is no apparent business reason.

• Depositing funds into several accounts, usually in amounts below the cash reporting

threshold, and then consolidating into a master account and transferring them outside of the country.

• Instructing the bank to transfer funds overseas and to expect an equal incoming

transfer from other sources.

• Regularly depositing and withdrawing large amounts by telegraphic transfers to, from or through countries that are nominated by FATF as non-corporative or are known sources of narcotics.

• Receiving telegraphic transfers and immediately purchasing monetary instruments

prepared for payment to a third party.

• A business that is reluctant to reveal details about its activities or to provide financial statements.

• A business that presents financial statements noticeably different from those of

similar businesses.


20 | P a g e

• A business that is reluctant to provide complete information regarding the purpose of the business, prior banking relationships, officers or directors, or its location

• A customer who has no records of past or present employment but make frequent

large transactions.

• Movement of funds through a country identified as a high risk for money laundering

• Telegraphic transfer activity within a short period following deposits

• Business account activity conducted by nationals of countries associated with terrorist activity with no obvious connection to the business

• Use of business account to collect and then funnel funds to a small number of foreign

beneficiaries, both individuals and business, in a high risk location.

• Charity / relief organization linked to various transactions.

• A high volume of telegraphic transfer activity into and out of an account held by a business that would not be expected to normally generate a large volume of telegraphic transfers.

• Funds generated by a business owned by nationals of countries associated with

terrorist activities.

• Import / export business acting as an unlicensed remitter to conduct telegraphic transfers.

7. Retention of Records

In terms of the Banking Regulations, records such as Account Opening Forms, vouchers, ledgers, registers, etc., pertaining to Banking Transactions for specified periods are required to be maintained. In addition, the following documents in respect of accounts, which have been reported for suspicious activities, are required to be retained even after the end of business relationship with the customer, for at least 6 years and are to be made available for scrutiny of Law enforcing agencies, Audit functionaries as well as Regulators, as and when required.

• Customer Profiles • Reports made to Financial Intelligence Unit of Central Bank of Sri Lanka,

concerning suspicious customer activity relating to possible ML/TF or other criminal conduct together with supporting documentation.

• Name & Address of Employees who prepares the record and any other

documents required to be retained under the rules / guidelines issued by FIU.


21 | P a g e

8. AML/CFT Training Policy The Compliance Unit of the BOC will introduce training programmes on Anti Money Laundering & Combating terrorist financing for the staff members of the bank. This Training will make its officers and employees aware of the Law relating to money laundering, financing of terrorism and financial transaction reporting. This programme will also train the staff to recognize suspicious transaction. Training will also enhance the employees knowledge of the existing good practices in AML & CTF including Know your Customer concept and Customer Due Diligence requirements. Training on Anti-Money Laundering must be provided for the first time within 3 months after the person has joined the Bank, with follow-up training for every employee every 2 years. (This training must cover employees with customer contact or those authorized to settle cash and non-cash financial transactions.) Any anti-money laundering training must at least impart knowledge about General legal requirements regarding: • Meaning of anti-money laundering requirements and possible risks of not adhering to the requirements, • Requirement for adequate client identification procedures, • Recognition of suspicious transactions or suspicious behavior of a client, • Methods and techniques of money laundering/ terrorist financing.

Furthermore, training must be related to the employees’ daily work and comprise examples from business. The attendance has to be documented and it must comprise: • Contents of the training; • Procedure of the training; • Name of attendant; and • Date of attendance.

9. Adherence to Monitoring of the Policy

Bank will establish an audit function to test its procedures and systems for the compliance with the provision of the Acts on AML / CTF. An independent evaluation of KYC compliance will be carried out by internal Auditor. He will be required to comment on the effectiveness for measures taken by branches/ depts. for implementation of KYC guidelines and prevention of money laundering and combating terrorist financing. The content of this Policy document is subject to changes on subsequent amendments to existing legal provisions and new legal provisions that would be imposed by the Parliament of Sri Lanka or any rules, regulations and the guidelines that would be issued by the Central bank of Sri Lanka from time to time.

Documents

Bank Policy for Prevention of Money Laundering Combating ... CTF Policy 01.pdf · [PML & CTF Policy - BOC] 3 | Page Bank of Ceylon 1. Prevention of Money Laundering & Combating Terrorist