1

AML/CFT and Critical Compliance

Issues

Compliance Department
2021
 2

Compliance

Compliance Function
“An Independent Function that Identifies, Assesses, Advises on,
Monitors, and Reports on the bank’s Compliance Risk.

Compliance Risk
Risk of Legal or Regulatory sanctions, Financial Loss or loss to
Reputation a Bank may suffer as a result of its failure to comply with all
applicable laws, regulations, codes of conduct and standards of best
practices.
 3

Compliance

Internal control is the process designed and effected by those

charged with governance, management and other persons to
provide reasonable assurance about the achievement of the entity’s
objective with regard to:

• Reliability of financial reporting

• Effectiveness and efficiency of operations
• Compliance with applicable laws and regulations

----International Standards on Auditing

FATF
• FATF is a global task force which was
formed in 1989 by different countries to
combat money laundering, terrorist
financing and other illegal activities
related to international financial system.
• FATF has issued a series of
recommendations that when followed will
help stop money laundering and terrorist
financing
Placement of Pakistan in Grey
List
• Portrays a negative image of Pakistan to
the world
• It conveys the impression that country’s
financial system is weak and effective
measures aren’t being taken to halt ML
and TF
• It is bad for the country’s economy.
Countries placed on these lists see a
decrease in foreign investment and
foreign companies hesitate to invest
Placement of Pakistan in Grey
List
• It will be difficult for Pakistan to get
foreign loans from IMF, World Bank or
Asian Development Bank etc as well. It
could also prove hard to raise debts from
international markets
• Banking system of Pakistan come under
extreme scrutiny.
• Correspondent relationship may be
affected
Placement of Pakistan in Grey
List
• Pakistan rating may be downgraded by
international rating agencies
• Cost of borrowing may be increased
 8

Who is Responsible for

Internal Control?
 9

Board
Everyone?
Audit committee

Senior management

Audit/Compliance /ICU staff

All employees
 10

Role of MBL in
Preventing Money Laundering

Remember, it is an Offence to assist anyone whom you know or

suspect to be laundering money.

Assistance means providing support for:

- Opening a bank account
- advancing loan/finance
- issuing/accepting letters of credit/bank guarantees etc.

Binding on every staff member: If you know or suspect, you must

report it else you will be committing a criminal offence.
 11

AML/CFT

Money Laundering:
Any transaction involving funds derived from criminal activity.

Terrorist Financing:
Funds contributing to or supporting terrorists acts or organizations
engaged in terrorism.
 12

AML/CFT

Money Laundering
Money Laundering is fundamentally a simple concept

 It’s a process by which proceeds from a criminal activity are disguised.

 and the origin of funds is concealed.

Money laundering is the process by which criminals attempt to conceal

the true origin and ownership of the proceeds of illegal or criminal
activities.

The main objective of money laundering is to legitimize proceeds

originating from illegal or criminal activities.
 13

AML/CFT

Terrorist Financing
It is the financial support, in any form, of terrorism or of those who
encourages, plan or engaged in terrorism.

 It can be financed through legitimate as well as illegitimate sources

 Terrorist finance is needed:

to recruit, support, train, transport, house, compensate and equip
terrorist agents
to sustain media campaigns and win political support.
for educational and social programs to win members and create a
support base.
to carry out terrorist activity.
 14

AML/CFT

Money Laundering:
 Crime already committed.

 Funds are proceeds of crime.

Terrorist Financing:
 Crime committed / to be committed;

 Funds could be legitimate

 15

Money Laundering Process/ Stages

 16

1- Placement
2- Layering
3- Integration
 17

• Placement: Introduction of Proceeds of Crime in the financial

system in a systematic manner. Illegal funds or assets are first
brought into the financial system

• Layering: Series of financial transactions to distance funds from

the source. Funds are hidden in financial system through a web of
complicated transactions

• Integration: Laundered funds are made available as apparently

legitimate funds.
 18

Placement

• First Stage of Money Laundering Process (MLP)

• This is the movement of cash from its source

• Illegal funds or assets are first brought into the financial system
 19

Layering

• Second stage of Money Laundering Process (MLP)

• Funds can be hidden in the financial system through a web of

complicated transactions

• Illegal funds or assets are moved, dispersed and disguised to

conceal their origin in
 20

Integration

• Third stage of Money Laundering Process (MLP)

• Funds are available for investment, saving or expenditure

• Illegal funds appear legitimate in the financial system

 21

Money Laundering: The Process

Process of
Proceeds Money Laundered
of Laundering Asset
Crime

Placement

Layering

Integration
 22

AML Act
2010 Section 3. Offence of ML

FMU.. To frame regulations in consultation with SBP

FMU.. To recommend to the regulatory authorities to issue
regulations are considered necessary
FMU.. May refer matters requiring regulatory/ administrative
action to SBP and SECP
In the case of the conviction of a reporting entity, the concerned
regulatory authority may also revoke its license or registration or
take such other administrative action, as it may deem appropriate.
DG-FMU to be appointed by the GOP in consultation with SBP
Governor,SBP is a member of NEC and GC
Any government agency- regulatory body may share intelligence
Or report its suspicion to FMU
 23

AML Act 2010

Section 4.Punishment for ML
 24

Customer Due Diligence (CDD) Defined

Customer Due Diligence is a continuous and integrated procedure of

determining the:
The true identification of Customer as well as verification of the
Same
Purpose of Account
Sources of money and Anticipated future activities
Ownership/ Beneficial Owner
 25

Customer Due Diligence (CDD)

“Customer due diligence or CDD” in broader terms includes;

a) identifying the customer and verifying the customer’s identity on the basis of
documents, data or information obtained from customer and/or from reliable and
independent sources;
b) identifying, where there is a beneficial owner who is not the customer, the beneficial
owner and taking adequate measures, to verify his identity so that the bank/DFI is
satisfied that it knows who the beneficial owner is, including, in the case of a legal person,
trust or similar legal arrangement, measures to understand the ownership and control
structure of the person, trust or arrangement;
c) understanding and, as appropriate, obtaining information on the purpose and intended
nature of the business relationship; and
d) monitoring of accounts/transactions on ongoing basis to ensure that the transactions
being conducted are consistent with the banks/DFIs knowledge of the customer, their
business and risk profile, including, where necessary, the source of funds and, updating
records and data/ information to take prompt action when there is material departure
from usual and expected activity through regular matching with information already
available with bank/DFI.
 26

Customer Due Diligence (CDD)

When CDD measures are to be applied:

1.Banks/DFIs shall apply CDD measures;

(a)when establishing business relationship;

(b) while dealing with occasional customers/walk-in customers

(c) in other situations/ scenarios when there is suspicion of money

laundering/financing of terrorism, regardless of threshold; and

(d) when bank/ DFI has doubts about the veracity or adequacy
Previously obtained customer identification data.
 27

Customer Due Diligence (CDD)

IMPORTANT UPDATES

In cases where banks/DFIs form a suspicion of money

laundering, terrorist financing or other criminal activity, a
they reasonably believe that performing the CDD process w
tip-off the customer, they may not to pursue the CDD proc
and instead file an STR with FMU.

Customers from Jurisdictions identified by FATF

Banks/ DFIs shall apply enhanced due diligence proportion
to the risks, to business relationships and transactions wit
Natural and legal persons (including financial institutions
from jurisdictions for which this is called for by the FATF.
 28

Four Elements of CDD

CDD

Customer
acceptance policy

Customer
identification

On going
monitoring of higher
risk accounts

Risk Management
 29

1- Customer Acceptance Policy

• Only relationships with clients known & convincing information

• No anonymous or fictitious/ benami accounts
• No clients with criminal background, bad reputation, potential to cause
embarrassment.
• Not to open any account if unable to verify identity, obtain required
documents, or due to non-cooperation of customer or non reliability
of information
• No Shell bank account
 30

2- Customer Identification

• Identify customer and verifying identity using independent

reliable source documents. Bank shall verify identity documents
of the customers (natural persons) and in case of legal persons,
identities of their natural persons from relevant authorities or
where necessary using other reliable, independent sources and r
on record copies of all reference documents used for identificatio
and verification. Verification of the identity of the customers and
beneficial owners shall be completed before business relations ar
established . For individual customers – obtain sufficient identification
data to verify identity of customer & his address

• Should be enough to convince competent authorities that

due diligence was conducted
 31

2- Customer Identification

In case banks/ DFIs are not able to satisfactorily complete require

CDD measures then account shall not be opened or any service
provided and consideration shall be given if the circumstances ar
suspicious so as to warrant the filing of an STR. If CDD of an exis
customer is found unsatisfactory, the relationship should be treat
as high risk and reporting of suspicious transaction be considere
as per law and circumstances of the case.
 32

3- Monitoring of Transactions

• Identify transactions outside regular pattern of activity

• Pay special attention to all complex, unusually large transactions and

all unusual patterns which have no apparent economic or visible lawful
purpose

• High-risk accounts have to be subjected to intensified monitoring

 33

4- Risk Management

• Effective senior management oversight, systems and controls,

segregation of duties, training etc.
• Check and verify compliance of Know Your Customer (KYC)
procedures
• Ongoing employee training programs
• System & technology support most critical
 34

Enhanced Due Diligence (EDD)

EDD is defined as a rigorous and robust process of investigation

(over and above KYC procedures) that support actionable decisions to
mitigate against financial, regulatory and reputational risk and ensure
regulatory compliance. The process

• seeks with reasonable assurance to verify the customer’s identity;

• understand and test the customer’s profile, business and account
activity;
• identify relevant adverse information; and
• assess the potential risk for money laundering / terrorist financing.
 35

Specific High Risk Elements

 NPOs/ NGOs/Charities, Trusts, Clubs, Societies, and

Associations etc
 Housewife accounts
 Proprietorships and self employed individuals/ professionals
 Landlords
 Online transactions
 Cash
 Wire Transfers
 36

Enhanced Due Diligence (EDD)

Banks / DFIs shall conduct enhanced due diligence when:

(a) Dealing with high-risk customers, business relationship or
transaction including:
i) non-resident customers;
ii) private banking customers;
iii) legal persons including NGOs / NPOs / trusts / charities;
iv) customers belonging to countries where CDD / KYC and AML
regulations are lax;
v) customers with links to offshore tax havens;
vi) customers in cash based businesses;
vii) high net worth customers with no clearly identifiable source of
income; and
viii) customers dealing in high-value items etc.
 37

Enhanced Due Diligence (EDD)

(b) the customer has been refused by another bank / DFI.

(c) opening correspondent banks’ accounts.
(d) dealing with non-face-to-face / on-line customers.
(e) dealing with Politically Exposed Persons (PEP).
(i) Establish relationship with the approval of Senior Management
(Regional Manager) even when an existing customer becomes
PEP
(ii) on going monitoring on regular basis.
 38

General High Risk Scenarios/ Factors &

Recommendations for EDD
 Obtaining additional information on the customer (occupation,
volume of assets, address, information available through public
databases, internet, etc);

 Reducing interval for updating and reviewing customer risk profile;

 reducing interval for updating the identification data of customer

and beneficial owner;

 Obtaining additional information on the intended nature of the

business relationship;

 Obtaining information on the reasons for intended or performed

transactions;
 39

General High Risk Scenarios/ Factors &

Recommendations for EDD

 Obtaining additional information on the sources of funds of

the customer;

 Obtaining the approvals of senior management to commence

or continue the business relationship;

 Conducting enhanced monitoring of the business relationship,

by increasing the number and timing of control applied and
selecting patterns of transactions that need further examination;

 Documentary evidence may be sought to support transactions.

 40

STR

A suspicious transaction shall often be:

Any transaction or instruction that is not logical from an economic,
financial or banking point of view;
Any transaction where the amount, duration or other specific
feature is inconsistent with the customer's professional or
business activities or expected account activity as per KYC/ CDD
Be cautious of customers who are too friendly, since the key to
successful ML is to conduct business at a financial institution that
does not ask too many questions
At the start of a relationship, suspicions might arise:
- If a customer refuses or is reluctant to provide information or
- documents;
- If the time taken to provide information or documents proves to
- be unusually long; and
- If the information provided does not make sense when assessed
- in respect of nature of the relationship
 41

STR

Employees are strictly prohibited to disclose the fact to the customer

that suspicious transaction or related information is being transferred
for investigation.

Note: Branch should send STR to Compliance Department for onward

reporting to FMU, if substantiated.
 42

Reporting Threshold of CTR/STR

Cash transaction Rs. 2.0 million or above

(or equivalent foreign currency).

Reporting to Financial Monitoring Unit (FMU) within

seven working days after the date of
transaction.
Suspicious Transaction Report shall be filed-by the
financial Institution or reporting entity with the FMU
immediately but not later than seven working days
after-forming that suspicion.
 43

CTR

Abbreviation of currency transaction reporting

SBP has instructed Financial institutions to maintain and submit the
record of Cash transactions => PKR 2 Million to FMU
Previously CTR data had to manually uploaded for each and every
transaction on the FMU portal
Now the CTR process has been automated i.e. the CTR data is compiled
at the back end as per the transactions input in the T 24 by the tellers
 44

Issues related to automation of CTR

Branches are selecting option 'Self' or 'Account Holder' in the case of

deposit/withdrawal in accounts of entities instead of selecting the option
of 'walk in customer‘
This result in appearance of information of the entities instead of the person
depositing the amount
Therefore in case of entities ensure to select Walk in Customer
Branches are required to ensure the integrity of the information entered
i.e. name , CNIC, contact detail, DOB and address in the case of walk in
customer
Further, also input the information in relative field i.e. name in name
column and CNIC in CNIC column
Please do not use special characters such as Comma " ," while punching
Data in T-24
 45

Issues related to automation of CTR

Wrong input of person conducting transaction's occupation while processing the entry
Wrong input of person conducting transaction’s DOB
Contact Details & Occupation Details are missing in T 24. Must be up to date at all times
Always input person conducting transaction ( walk in customer ) ' information in CAPITAL
letters
 46

Liability for Failure of Filing STR/CTR

Whoever willfully fails to comply with the suspicious transaction

reporting requirement as provided in section 7 or give false
information shall be liable for imprisonment for a term,
which may extend to three years or with fine which may
extend to one hundred thousand rupees or both.

In case of the conviction of a reporting entity ,the concerned

regulatory authority may also revoke its license or registration
or take such other administrative action ,as it may deem
appropriate.
 47

Section 34 Disclosure of Information

The directors, officers, employees and agents of any repo

entity, financial institution, non-financial Business or pro
or intermediary which reports suspicious transaction or
pursuant to this law or any other authority, are prohibite
from disclosing directly or indirectly, any person involved
transaction, that the transaction has been reported.

A violation of the sub-section (1) is a criminal offence and

be punishable by a maximum term of three years impriso
or a fine which may extend to five hundred
thousand rupees or both.
 48

Updates in AML-CFT Regulations

SBP has updated AML-CFT Regulations vide BPRD Circular

letter # 18 of 2017 dated 09 June 2017.

It is clarified that the obligations/ prohibitions regarding

proscribed entities and persons mentioned in the aforesaid
Regulations and Guidelines are applicable, on an ongoing
basis, to proscribed/ designated entities and persons or to
those who are known for their association with such entities
and persons, whether under the proscribed/ designated name
or with a different name.
 49

Updates in AML-CFT Regulations

State Bank of Pakistan circulates subject Statutory Regulatory

Orders (SROs) /Notifications issued by Ministry of Foreign Affairs, to its
regulated entities for taking necessary action. These SROs/Notifications,
in addition to other requirements, require banks/DFIs to:

“Freeze without delay the bank accounts, funds and other financial
assets or economic resources of these individuals, groups, undertakings
and entities,
Including funds derived from property owned or controlled directly or
indirectly by a proscribed/designated individual/entity or by person
acting on their behalf or at their direction and ensure that neither these
nor any other funds, financial assets or economic resources are made
available directly or indirectly for such persons benefit”.
 50

Updates in AML-CFT Regulations

SBP has updated AML-CFT Regulations vide BPRD Circular letter
#
20 of 2017 dated 14 June 2017.
REGULATION-1: CUSTOMER DUE DILIGENCE (CDD)
Asset Side Customers

35. Banks/DFIs shall make comprehensive assessment

of controls on asset products and related customers to
ensure effective implementation of due diligence
requirements as per their own assessment of materiality
and risk without compromising on identity and verification
requirements. This shall include monitoring of the
customers and related risks on ongoing basis as per
standard norms and best practices to mitigate the risks
related to such products/ customers.
 51

Updates in AML-CFT Regulations

REGULATION-4: REPORTING OF TRANSACTIONS

(STRs/CTRs)

Adequate Number of Analysts for AML/CFT:

6. The adequacy of staff posted for effective monitoring

and reporting of suspicious transactions is a critical factor
of Customer Due Diligence. Banks/DFIs shall place
adequate number of analysts for monitoring and reporting
purpose. Moreover, steps should be taken by banks/DFIs
to develop knowledge and skills of their staff and utilize
technology solutions required for effective monitoring and
reporting of suspicious transactions.
 52

Updates in AML-CFT Regulations

REGULATION-6: INTERNAL CONTROLS, POLICIES,

COMPLIANCE, AUDIT AND TRAINING

Compliance

9. Banks/DFIs shall incorporate procedures to record

and maintain data of account opening cases rejected by
compliance or central account opening units, the cases
where customers’ risk ratings recommended by business
units were challenged or revised, and the cases where
accounts were closed based on ML/TF risks.
 53

Updates
10.
in AML-CFT
Banks/DFIs shall:
Regulations
(a) in addition to oversight by Board, assign
monitoring of compliance and AML/CFT function as term of
reference to one of the Management Committees responsible for
risk and control;
(b) include compliance and AML/CFT related
responsibilities in Key Performance Indicators (KPIs) of
responsible staff down the line, in order to strengthen the
compliance/ AML/CFT function. Moreover, ML/TF risks should
be included in KPIs of officer(s) responsible for Enterprise Risk
Management and Operational Risk Management functions;
(c) not assign unrealistic business targets and
conflicting roles to their employees. Appropriate strategies may
be devised to ensure provision of safe and smooth banking
services; and
(d) regularly assess working strength of the
compliance function and all its sub-divisions and deficiency if
any, observed should be addressed on priority basis.
SWIFT
• Society for worldwide Interbank Financial
Telecommunication
• A network that enables financial institutions worldwide to
send and receive information about financial transactions
• SWIFT does not facilitate funds transfer, rather, it sends
payment orders, which must be settled by correspondent
accounts that the FI’s have with each other
• Whenever foreign transactions takes place across FI’s,
SWIFT message MT 103 is generated for that particular
transaction
Essential Components
• Sender, for example : Mashreqbank PSC, New York
branch
• Receiver: Meezan bak LTD, Karachi
• Ordering customer name & Address, for example: Ascend
trading company LLC, XYZ area, port of spain, trinadad
• Ordering institution, for example: Mashreqbank PSC Dubai
• Note: Ordering institution and sender bank may or may not
be same
• Beneficiary customer name & Address, for example: Ali
Zaman, IBAN #, Address
• Remittance Information, for example: Salary, personal,
property investment, family remittance etc
Accuity Compliance Link
• AML/ CFT Regulations issued by State Bank of Pakistan (SBP)
require Banks/DFIs to ensure that banking services are not provided
to proscribed entities
• Previously such entities/ individuals were manually screened using a
consolidated PDF file comprising of US OFAC SDN List, United
Nations List and NAB convicted persons List
• To comply with regulatory requirement, screening of customers is
being performed by various banks through automated customer
screening software using international watch lists, sanctions files and
politically exposed persons (PEPs) database
• MBL has explored and procured Customer Screening Solution from
Accuity
• Internationally acclaimed screening solution provider which is a
trusted partner of over 17,000 enterprises in more than 150 countries
Accuity Compliance Link
• Meezan Bank has subscribed to
• Accuity's Global Watchlists Database,
• Accuity Compliance Link Application,
• Global Watch (GW) List Database comprising of diverse
public sanction and enforcement sources including
• US OFAC SDN list, United Nations (UN) List, Her Majesty
Treasury (HMT) List, European Union (EU) List and Enhanced
Due Diligence Lists
• Pakistan specific files related to LEAs (Law Enforcement
Agencies) are also part of Accuity's watch lists database
• In addition, the data files also include PEP list which will
identify the possible Politically Exposed Persons (PEP)
Accuity Compliance Link
• Accuity’s Compliance Link uses various
international and domestic watch lists which
covers several proscribed individuals and entities
enlisted by major screening bodies, LEA &
Financial Regulators worldwide
• The watch lists are grouped into three categories
• GWL (Global Watch List)
• PEP/EDD List
• Private Lists
GWL
• Entities listed on the office of foreign assets control
(OFAC)
• Of the U.S. Department of the Treasury economic and
trade sanctions Specially Designated National’s list
• Lists of entities designated by the United Nations Security
Council Sanctions Committees Resolutions (UNSCR);
• List of entities published in the European Union's (EU)
Consolidated List, Her Majesty's Treasury (HMT)
consolidated list of targets listed by the United Nations,
European Union and United Kingdom
• Under legislation relating to current financial sanctions
regimes
PEP/EDD List
• These lists include Accuity’s Politically Exposed Persons (PEPs)
list which is powered by WorldCompliance, a LexisNexis
Company
• Further, it includes the Worldwide Enhanced Due Diligence
(EDD) data set which contains high-risk entities / individuals
involved in activities such as money laundering, financial fraud,
arms proliferation, drug trafficking and terrorism
• Entities / individuals are derived from sources such as
enforcement lists, electronic media, public court records, and
geography specific research
• Enhanced Due Diligence lists also takes into account the
adverse media and negative news associated with the
proscribed individuals and entities
Private Lists
• These lists includes Pakistan specific individuals &
entities identified by Law Enforcements Agencies such as
• Federal Investigation Agency (FIA),
• National Accountability Bureau (NAB),
• Anti-Narcotics Force (ANF),
• Schedules published in accordance with Anti-Terrorism
Act (ATA)
• Further, Private lists also include list of individuals and
entities on which Meezan Bank has filed a Suspicious
Transaction Report (STR) with Financial Monitoring Unit
(FMU)
Common issues faced by branches
• Not logging in with correct windows user ID
• Entering CNIC without dashes
• Not going through/ screening of all the three tabs
• Not fully understanding the Case Status
• If case status is private open, then screening is
required
• If case status is No Match, no screening is required
• If case status is false positive, account may be opened
• If case status is true match, account cannot be opened
FCCM
• Financial Crime Compliance Management
• A web based software designed by Oracle, to
detect; trends and anomalies in complex
transactions and customer data
• Previously transactions were monitored
manually using Microsoft Excel Database
• It is SBP requirement that banks/DFI’s are to
have automated software for monitoring of
transactions
FCCM
• Oracle FCCM suite is a comprehensive platform that enable banks
to perform effective financial crime surveillance, detection, and
event correlation along with Know Your Customer (KYC) analytics,
FATCA, Enterprise Case Management (ECM) and regulatory
reporting
• It offers a large number of AML scenarios to detect possible
suspicious transactions; which covers majority of red flags identified
by SBP in AML/ CFT Regulations
• These scenarios capture transaction activity from various aspects
based on thresholds, behavioral pattern , anticipated customer
profile, possible CTR’s etc
• The software is designed to be used centrally at Head Office end
where information from branches is collated in to system by
investigating analysts
FCCM
• The software generates alerts; based on the
transactions conducted as per the different
scenarios imbedded in the software
• The alerts are then analyzed by analysts, and if
there is any anomaly related to ML/FT, then the
account is dealt accordingly (STR, account
closure etc)
• The alerts are reviewed in conjunction with
information available in T 24
Foreign Account Tax Compliance Act (FATCA)

The Foreign Account Tax Compliance Act (FATCA) is US

legislation enacted by the US Congress to prevent tax
evasion by US persons who conceal offshore assets from
the IRS.
Any financial institution that fails to comply with FATCA
will face a 30% withholding tax on a wide range of U.S.
sourced payments to its clients.

Bank must identify following U.S. Indicia if present:

• US Citizen
• US Resident
• US Permanent Resident Card Holder (Green Card)
• US Place of birth
• Current USA mailing or residence address
Foreign Account Tax Compliance Act (FATCA)

 Standing instructions to transfer funds to an account

maintained in the USA
 Current power of attorney or signatory authority granted
to a person with USA address
 An “in care of” address or “hold mail” address that is the
sole address the Bank has for the account holder.