oversight framework for malaysia: approaches to...
TRANSCRIPT
1BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 1
Bali, Indonesia9 – 11 June 2008
Oversight Framework for Malaysia:Approaches to Customers’ Due Diligence (CDD)
2BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 2
Legal Framework
Oversight and Supervision
CDD Practices
Key Challenges
Content
3BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 3
Payment Systems Act (PSA) 2003
Legal Framework
Allow supervisors to access regulatees’books and records
Section 35Provides examination powerSection 34
To notify the Bank to operate payment system
Section 5
Permission to make payment outside Malaysia
Section 10
Permission to deal / quote foreign currency
Section 4
Exchange Control Act 1953
4BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 4
Anti Money Laundering and Anti Terrorism-Financing Act 2001 (AMLA)Came into operation effective 15 January 2002
Criminalises money laundering
Provides among others, for the following:
Money laundering offence
Financial intelligence
Reporting obligations of the reporting institutions
o Suspicious transaction reporting (STR)
o AML/CFT compliance programme
o Record keeping – 6 years
Investigation of ML/TF cases
Freezing, seizure and forfeiture of property
Combating the financing of terrorist (CFT) offences and freezing, seizure and forfeiture of terrorist property
5BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 5
Invocation on RSPs was carried out in stages….15 Apr 200215 Apr 2002
15 Apr 200315 Apr 2003
9 Mar 20079 Mar 2007
15 Nov 200615 Nov 2006
First stage – STR
In addition, RIs are subjected to:
Remaining reporting obligations in Part IV of the AMLA(covering among others S15 (Centralisation of Information),S16 (Identification of accountholder)
Standard Guidelines on AML/CFTAML/CFT Sectoral Guidelines 3 for Licensed Money Changers and/or Non-Bank Remittance Operators
Anti-Money Laundering and Anti-Terrorism Financing (Reporting Obligations) Regulations 2007 (AMLA Regulations)
S14(b) (Report by Reporting Institutions)S20 (Secrecy Obligation Overridden)S21 (Obligations of Supervisory or Licensing authority)S24 (Protection of Person Reporting) of the AMLA)
6BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 6
Issued in November 2006
Roles and responsibilities of Board of Directors/Senior Management
Formulate and approve AML/CFT policies and procedures
Appoint a compliance officer
Review and assess compliance with relevant AML/CFT laws and regulations
Ensure adequate resources to carry out AML/CFT measures
Provide staff training on AML/CFT
AML/CFT Guidelines
7BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 7
Roles and responsibilities of designated AML Compliance OfficerEstablishes internal AML/CFT programmeEnsures compliance by institution and staffAssesses AML/CFT mechanism, esp. customer due diligence (CDD) proceduresEnsures staff awareness of institution’s AML/CFT measuresReceives reports and feedback from other employees and submits STRs and requisite information to the FIUAssess the risk of money laundering in the institution’s products and services Has necessary knowledge and authority to effectively discharge his responsibilities
AML/CFT Guidelines
8BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 8
Supervisory Approach on RSP….
Broad Objectives• Promote migration of informal to formal remittance channel• Improve remittance service and increase competition• Ensure integrity of remittance service providers
• Comply with prudential and conditional (approval) requirements imposed by BNM
• Provide the necessary mechanism and control processes to ensure compliant with AML/CFT requirements
• Not used as conduit for ML/CFT activities• Provide reasonable assurance of system control and integrity
• Adopt a risk-based supervisory approach• Continuous surveillance based on periodic submission of statistical
and financial reporting• On-site supervision (part of annual supervisory plan)
Risk basedIncident based - act on complaint (e.g. frequent public complaint)On a surprise basis
• Stringent supervisory intervention for any breaches or non-compliant with prevailing law or guidelines by RSPs
Supervisory Approach….
Supervisory objectives to ensure that RSP….
Supervisory Balancing Act :Promote Ease of Migration to Formal Channel
vsCompliance with Regulatory Requirements
9BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 9
Supervisory Approach (cont.)
Adopt Risk Based
Differentiated Supervisory
Approach
Agile and Responsive
• Profile companies into 4 risk groups (low, moderate-low, moderate-high and high)
• Continuous risk assessment and validation
• Surveillance and supervision - based on companies’ risk profile, size and complexity
• Incident based approach• Surprise visit
• Surveillance through continuous monitoring and reporting by regulated entity
• Enforce varied supervisory intervention
10BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 10
Payment Systems Supervisory Life Cycle
11BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 11
Profiling of companies based on riskthey pose to the Bank’s objectives
Risk to the Bank’s objective = Impact x Probability
Risk rating to supervisors’ fair judgment
4 types of risk rating
Calculation of ProbabilityLikelihood of issues / events to occur
Assessment will be based on historical data, current emerging risks and future trends as well as market intelligence gathering
Calculation of ImpactDegree of issues / events tothe Bank’s objectives
Guiding principles for impact assessment
Risk Based Methodology
Low
GROUP 2(MODERATE
HIGH)
GROUP 1(HIGH)
GROUP 4(LOW)
GROUP 3(MODERATE
LOW)
RISK BASED QUADRANTSHigh
High
Low
IMPA
CT
PROBABILITY
12BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 12
Impact Assessment - Guiding Principles
Risk Based Methodology (cont.)
1. Nature of business2. Pervasiveness of business operations
• Linkages to financial system
• Customer base
• Size of liabilities
• Transaction volume
3. Compliance with prudential requirements• Shareholders’ funds requirements
RSP – RM100k
4. Financial health
13BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 13
Brief Background on Profile of Non-Bank RSPs
21 RSPs (non-bank) and 113 branches (excluding POS M’sia)
Extreme range of business size
Some have yet to commence operations (5 RSPs)
Internet and computer-based
Some use proprietary system, few rely on established network/system (International Money Transfer Operator) such as WU
Heavy investment – IT system, premises, branding, marketing, personnel, etc.
14BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 14
Customer Acceptance PolicyReporting institutions to formulate policies and procedures to address the establishment of business relationship with the customer
Identify and assess risk of customers
Have reasonable measures to address the different risks posed
Risk profiling - factors to consider:
Origin of customers and location of business;
Background or profile of the customer;
Nature of the customer’s business/occupation;
Structure of ownership (for a corporate customer); and
Any other information suggesting that the customer is of higher risk.
Continuously monitor the customers’ transaction activity pattern to ensure it is in line with the customer profile
15BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 15
The extent at the identification stage may be based on the following severity:
Background of the person and the suspicious circumstances in which the transaction was conducted
Type or form of transaction undertaken
New type of service/ product/new technology, which alters the delivery mode and transaction process - care must be taken to ensure that customer identification and verification requirements are adequately complied with
The type of customers
The reporting institution should adhere to the customer due diligence requirements as stipulated in the Standard Guidelines on AML/CFT
Where there is doubt on identification of the customer – RSP should not proceed with the transaction and lodge STR with FIU, BNM
Customer Due Diligence
16BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 16
Customer Due Diligence (cont.)
RSP should undertake the following:
Identify and verify the customer
Identify and verify beneficial ownership and control of such transaction
Obtain information on the purpose and intended nature of the business relationship/transaction
Conduct on-going due diligence and scrutiny, to ensure the information provided is updated and relevant
CDD should also be conducted, when:
Establishing a business relationship with the customer;
There is suspicion of ML or FT; or
There is doubts about the veracity or adequacy of previously obtained information.
If the customer fails to comply with the CDD requirements, reporting institution should not commence or should terminate such business relations with the customer
17BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 17
RSP is required to conduct CDD and transmit accurate and meaningful originator information for any transaction involving an amount equivalent to RM3,000 and above
Required to obtain and verify the originator’s information:
– Name
– Nationality
– National identification card/passport/Kad Jalan
– Account number (or unique reference number) / Privilege card
– Address
If remittance is facilitated through a bank, RSP is required to provide the originator’s information immediately upon request
For remittance/wire transfer received, RSP should ensure that complete originator’s information is provided. RSP should adopt risk-based approach for transaction with incomplete information.
Customer Due Diligence (cont.)
(Identity Card issued by Immigration Dept)
18BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 18
For Higher Risk Customers….Enhanced due diligence
Obtain more detailed information from the customer and through publicly available information (if available), on the purpose of transaction and source of fundsObtain approval from the Senior Management before establishing the business relationship with the customer
Examples of higher risk customersHigh net worth individualsFrom locations known for their high crime rate (e.g. drug producing, trafficking, smuggling)Countries or jurisdictions with inadequate AML/CFT laws and regulations such as the Non-Cooperative Countries and Territories (NCCT)Politically Exposed Persons (PEP)Legal arrangements that are complex – trust, nomineeCash-based businesses
19BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 19
Record KeepingKeep all records and documents
Transactions conducted
Customer due diligence
For at least 6 years* after:
Transaction has been completed or
The business relations with the customer have ended
Where the records are subjected to ongoing investigations or prosecution, they shall be retained beyond the stipulated retention period as specified
For audit trail, records shall include at least:
Identity of the customer and beneficiary
Form of transaction (e.g. by cash or by cheque)
Instruction and the origin and destination of fund transfers
Amount and type of currency
* As per AML/CFT guidelines
20BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 20
Have in place an adequate management information system to complement its customer due diligence
Provide timely information to detect any suspicious activity, which would include:Multiple transactions over a time frame
Large transactions
Anomaly in transaction pattern
Transactions exceeding any internally specified threshold.
Establish internal criteria (“red flags”) to detect suspicious transactions
Conduct enhanced due diligence and ongoing monitoring of transactions:That match the “red flags” list
From countries which have insufficiently implement the internationally accepted AML/CFT measures
All findings must be documented and made available to Bank Negara Malaysia and relevant supervisory authority
Ongoing Monitoring by RSP….
21BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 21
Examples of ‘Red-Flags’Transactions conducted are out of character with the usual conduct or profile of customers carrying out such transactions
Customer using different identifications each time conducting a transaction
A group of customers trying to break up a large cash transaction into multiple small transactions
Unwillingness to provide information
Same customer conducting a few small transactions in a day or atdifferent branches/locations
There are sudden or inconsistent changes in remittance/wire transfer sent/received transactions
Remittances/wire transfers from different customers/jurisdiction being sent to the same customer
22BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 22
Some of the Key Challenges…. Many small players with varied compliance cultureIT system lacking embedded AML/CFT control and reporting featuresUse of numerous disparate remittance IT system – not able to effectively track and monitor aggregated transaction limit and irregular pattern, holistically Promote use of a safe and secure channel (CDM, Internet banking)
However, CDM does not identify senderCrowded market – issue of business viability and sustainability (stiff competition, cost-conscious clients, rising overheads)Collaboration and co-operation with foreign International Money Transfer Operators – issues on cross border jurisdictionOwnership – concern over subsequent transfer of ownership / shareholding to “undesired elements” (fit and proper criteria)
23BANK NEGARA MALAYSIACENTRAL BANK OF MALAYSIA 23