pasha securities (pvt.) limited _procedures.pdfpasha securities (pvt.) limited contents 1. goals and...
TRANSCRIPT
POLICY & PROCEDURES
KNOW YOUR CUSTOMER (KYC)
CUSTOMER DUE DILIGENCE (CDD)
ANTI-MONEY LAUNDERING (AML)
COMBATING FINANCING OF TERRORISM (CFT)
INTERNAL RISK ASSESSMENT NRA 2019
Pasha Securities (Pvt.) Limited
CONTENTS
1. Goals and Objectives
2. Scope
3. Regulatory Oversight & Compliance Risk
4. Customer Due Diligence and Know your Customer
5. AML Compliance Officer & Employee Training Program.
6. Procedures for Documentation & Verification of High Risk Customers
Documentation
Documentation for investors who can’t sign or have unsuitable signatures
Sending Account Statement
Steps for Enhanced Due Diligence
Political Exposed Person (PEPs)
6. Monitoring and Reporting of Suspicious Transactions
Suspicious Transaction
Potential indicators of money laundering or terrorist financing
Currency Transaction Reporting (CTR)
Suspicious Transaction Reporting (STR)
Training
Non Compliance
7. Internal Risk Assessment in the light of NRA 2019
8. Accountability and Responsibility
9. Record Retention
10. Internal Audit
2
1. GOALS & OBJECTIVES
The objective of this policy is to ensure that the products and services of the Pasha Securities (Pvt.)
Limited are not used to launder the proceeds of crime and that all of the PASHA SECURITIES (PVT.)
LIMITED’s staff is aware of their obligations and the need to remain vigilant in the fight against
money laundering/terrorist financing. The document also provides a framework to comply with
applicable laws, Regulatory guidelines specially related with detection and reporting of suspicious
activities.
Other objectives pursued by this policy are as follows:
Promote a “Know Your Customer” policy as a cornerstone principle for the Brokerage firm’s ethics
and practices;
Introduce a controlled environment where no business with a Customer is transacted until all
essential information concerning the Customer has been obtained;
Conduct self-assessments of compliance with AML policy and procedures;
Introducing to the employees the stages of money laundering process and their individual duties;
Establishing a review process which will be used to identify opportunities that might be used to
launder money;
Providing instructions regarding taking appropriate action once a suspicious activity or a money
laundering activity is detected or suspected.
Adherence to this policy is absolutely fundamental for ensuring that the PASHA SECURITIES (PVT.)
LIMITED is fully complies with applicable anti-money laundering rules and regulations.
The PASHA SECURITIES (PVT.) LIMITED is committed to examining its anti-money laundering
strategies, goals and objectives on an ongoing basis and maintaining an effective AML Policy for its
business.
2. SCOPE
This policy is applicable to the PASHA SECURITIES (PVT.) LIMITED’s local as well as overseas
operations (if any) including business of other Financial Institutions routed through PASHA
SECURITIES (PVT.) LIMITED.
3
In overseas offices (if any), PASHA SECURITIES (PVT.) LIMITED shall ensure compliance with the
Regulations of the host country on KYC, CDD AML/CFT or that of the SECP whichever are more
exhaustive.
Our coverage will include:
Compliance of AML Act 2010.
Compliance of SECP requirements on KYC, CDD AML/CFT.
Compliance of local country legislations/ regulations on KYC, CDD AML/CFT& subsequent
updates.
FATF Recommendations.
International Standards and guidelines, including Regulatory sanctions as applicable.
3. REGULATORY OVERSIGHT & COMPLIANCE RISK
PASHA SECURITIES (PVT.) LIMITED is bound to use SECP, PSX guidelines and International Regulatory
guidelines/standards as applicable to formulate its own KYC, CDD AML/CFT Policy. The consequence of
contravening the Regulations or failing to comply can be significant and include disciplinary measures,
imprisonment or fine or both under local laws as well as the loss of reputation for PASHA SECURITIES
(PVT.) LIMITED.
Notwithstanding the statutory and regulatory penalties, increased vigilance by Management and staff will
protect PASHA SECURITIES (PVT.) LIMITED from the following risks:
• Reputational
• Operational
• Legal
• Financial
• Reputational risk: The reputation of a business is usually at the core of its success. The ability to attract
good employees, customers and business is dependent on reputation. Even if a business is otherwise doing all
the right things, if customers are permitted to undertake illegal transactions through that business, its
reputation could be irreparably damaged. A strong KYC, CDD AML/CFT policy helps to prevent a business
from being used as a vehicle for illegal activities.
•Operational risk: This is the risk of direct or indirect loss from faulty or failed internal processes,
management and systems. In today's competitive environment, operational excellence is critical for
competitive advantage. If KYC, CDD AML/CFT policy is faulty or poorly implemented, then operational
resources are wasted, there is an increased chance of being used by criminals for illegal purposes, time and
money is then spent on legal and investigative actions and the business can be viewed as operationally
unsound.
4
• Legal risk: If a business is used as a vehicle for illegal activity by customers, it faces the risk of fines,
penalties, injunctions and even forced discontinuance of operations.
• Financial risk: If a business does not adequately identify and verify customers, it may run the risk of
unwittingly allowing a customer to pose as someone they are not. The consequences of this may be far
reaching. If a business does not know the true identity of its customers, it will also be difficult to retrieve
money that the customer owes.
4. CUSTOMER DUE DILIGENCE & KNOW YOUR CUSTOMER
KYC/CDD is closely associated with the fight against money-laundering “AML”. Supervisors around the
world are increasingly recognizing the importance of ensuring that their financial institutions have adequate
controls and procedures in place so that they know the customers with whom they are dealing. Adequate due
diligence on new and existing customers is a key part of these controls. Without this due diligence, financial
institutions can be exposed to reputational, operational, legal and financial risks.
Following key Areas has been covered:
a) Customer Identification
b) Reliance on third Parties
c) Risk assessment of customer
d) Circumstances where Enhanced Due Diligence is required
a) Beneficial Ownership of Legal Person.
e) On-going due Diligence
f) Circumstances where simplified Due Diligence can be adopted
a. Compliance function
b. Data retention
c. Training and employee screening
f) Political Exposed Persons (PEPs)
a) Customer Identification
“PASHA SECURITIES (PVT.) LIMITED” should verify the identity of the customer and beneficial owner
before or during the course of establishing a business relationship or may complete verification after the
establishment of the business relationship, provided that-
i. this occurs as soon as reasonably practicable;
ii. this does not interrupt the normal conduct of business; and
iii. the ML/TF risks are effectively managed.
.
5
6
Customer identification is very important that will protect our company from being used by
unscrupulous and/or criminal elements. In this respect minimum documents/information as prescribed
by SECP must be obtained from customers at the time of opening of accounts. Further, any additional
document/information may be obtained on case to case basis where considered necessary. The key point
is that anonymous or obviously fictitious accounts should not be opened.
In case a customer is acting on behalf of another person, then identity of that person shall be ascertained
and relevant documents/information of that person need to be obtained also.
For non-individual customers (e.g. companies, pension funds, government owned entities, non-profit
organizations, foreign companies/organizations) additional care shall be taken to establish the ownership
and control structure of such an organization and who (i.e. person(s)) actually owns the organization and
who manages it. It shall be verified that the person who represents Pasha Securities (Pvt.) Limited as
authorized signatory with powers to open and operate the account is actually authorized by the
organization.
For individual customers, proper authorization shall be obtained from person authorized to act on behalf
of the customer.
It shall be ensured that accounts of Institutions/organizations/corporate bodies are not opened in the
individual name(s) of employee(s)/official(s). Because of sensitive nature of public sector (government)
entities and risk of potential conflict of interest, these accounts shall not be opened in the individual
name of any employee/official. Any such account, which is to be operated by an officer of a govt.
owned entity, is to be operated by an officer of the Federal/Provincial/Local Government in his/her
official capacity, shall be opened only on production of a special resolution/authority from the
concerned administrative department, duly endorsed by the Ministry of Finance or Finance Department
of the concerned Provincial or Local Government.
Explanation:- “Government entities” includes a legal person owned or controlled by a Provincial or
Federal Government under Federal, Provincial or local law.
Sufficient information shall be obtained and documented on the purpose and intended nature of account
to be opened and a profile shall be developed based on results of customer identification and the risk
assessment. Information regarding intended investment plan of the customer must also be obtained to
the extent possible and should be documented.
Sufficient information shall be obtained to determine the expected source of funding for the account,
particularly whether the customer shall receiving/remitting funds in foreign currency.
.
7
It must be ensured that all receipts and payments to the customers above the prescribed threshold (i.e.
Rs. 25,000/-) are made through cross cheques, bank drafts, pay orders or other crossed banking
instruments. For exceptional circumstances where it shall become necessary to accept cash from a
customer, reporting of such instances with rationale should be made immediately to the exchanges
Physical presence of the customer at the time of opening of account is necessary. In case of off-shore
customers or customers in cities where no branch exist, appropriate procedures must be applied to
ensure the identification of customer through video conferencing (e.g Skype, IMO etc.). When
obtaining confirmation in different jurisdictions, it must be considered whether that jurisdiction is
following the FATF recommendations.
“PASHA SECURITIES (PVT.) LIMITED” shall perform appropriate enhanced due diligence (EDD)
measures with customers that are identified as high risk by the “PASHA SECURITIES (PVT.)
LIMITED” or are notified as such by the Commission.
b) Reliance on Third Parties
PASHA SECURITIES (PVT.) LIMITED's AML/CFT policy and procedures are intended to ensure
that, prior to accepting funds from clients, all reasonable and practical measures are taken to confirm
the clients' identities. PASHA SECURITIES (PVT.) LIMITED may take assistance from the bank or
other financial institutions for completing client identification process. The assistance shall not relieve
the PASHA SECURITIES (PVT.) LIMITED for identification process to be conducted by the
company.
These Client Identification Procedures are based on the premise that the PASHA SECURITIES (PVT.)
LIMITED will accept funds from a new and existing client only after:
PASHA SECURITIES (PVT.) LIMITED has confirmed the client's identity and that the client is
acting as a principal and not for the benefit of any third party unless specific disclosure to that effect is
made; or
If the client is acting on behalf of others, PASHA SECURITIES (PVT.) LIMITED has confirmed the
identities of the underlying third parties.
PASHA SECURITIES (PVT.) LIMITED maintain the data, and collect information confidentially
and required the non-disclosure agreement with the third party
8
c) Risk assessment of customer
Risk assessment must be performed of all the existing and prospective customers on the basis of
information obtained regarding their identity, nature of income, source of funding, location etc. and
based on the results of such assessment, categorize customers among high risk, medium risk and low
risk customers.
Annexure C the sets out examples of factors should be considered when performing risk assessment.
Where thereis one or more “yes” responses, professional judgement must be exercised, with reference to
the policies and procedures of the “PASHA SECURITIES (PVT.) LIMITED”, as to the nature of
customer due diligence to be carried out.
d) Enhanced Due Diligence
Once a customer has been categorized as HIGH RISK, it is necessary to have Enhanced Due Diligence
(EDD) when dealing with such a customer. Activities and transactions of HIGH RISK customers shall
be monitored and any unusual transactions shall be reported in suspicious transaction report.
If it will be not possible to comply with the above requirements, account shall not be opened or business
relationship shall be terminated, as the case may be and suspicious transaction report shall be submitted.
Where “PASHA SECURITIES (PVT.) LIMITED” are not able to satisfactorily complete required
CDD measures, account shall not be opened or any service provided and consideration shall be given if
the circumstances are suspicious so as to warrant the filing of an STR and where CDD of an existing
customer is found unsatisfactory, the relationship should be treated as high risk and reporting of
suspicious transaction be considered in accordance with point 8;
Where “PASHA SECURITIES (PVT.) LIMITED” forms a suspicion of money laundering or terrorist
financing, and it reasonably believes that performing the CDD process will tip-off the customer, it may
not pursue the CDD process, and instead should file an STR in accordance with point 8.
(a) Beneficial Ownership of Legal Person.
PASHA SECURITIES (PVT.) LIMITED understand the nature of customer's business and its
ownership control.
PASHA SECURITIES (PVT.) LIMITED identify the natural business is acting alone or partnership and
examine that is legal person is having executive authority of his business.
9
PASHA SECURITIES (PVT.) LIMITED examine that the legal beneficiary person has the full authority
or executive body of or equivalent.
e) On-Going Due Diligence & Monitoring
All business relations with customers shall be monitored on an ongoing basis to ensure that the transactions
are consistent with the “PASHA SECURITIES (PVT.) LIMITED”’ knowledge of the customer, its
business and risk profile and where appropriate, the sources of funds.
“PASHA SECURITIES (PVT.) LIMITED” shall obtain information and examine, as far as possible the
background and purpose of all complex and unusual transactions, which have no apparent economic or
visible lawful purpose and the background and purpose of these transactions shall be inquired and findings
shall be documented with a view of making this information available to the relevant competent authorities
when required.
“PASHA SECURITIES (PVT.) LIMITED” shall periodically review the adequacy of customer
information obtained in respect of customers and beneficial owners and ensure that the information is kept
up to date, particularly for higher risk categories of customers and the review period and procedures
thereof should be defined by “PASHA SECURITIES (PVT.) LIMITED” in their AML/CFT policies, as
per risk based approach.
In relation to sub-regulation (3), customers’ profiles should be revised keeping in view the spirit of Know
Your Customer/CDD and basis of revision shall be documented and customers may be consulted, if
necessary.
Where “PASHA SECURITIES (PVT.) LIMITED” files an STR on reasonable grounds for suspicion that
existing business relations with a customer are connected with ML/TF and the “PASHA SECURITIES
(PVT.) LIMITED” considers it appropriate to retain the customer-
The “PASHA SECURITIES (PVT.) LIMITED” shall substantiate and document the reasons
for retaining the customer; and
The customer’s business relations with the “PASHA SECURITIES (PVT.) LIMITED” shall be
subject to proportionate risk mitigation measures, including enhanced ongoing monitoring.
“PASHA SECURITIES (PVT.) LIMITED” shall not form business relationship with entities/individuals
that are:
Proscribed under the United Nations Security Council Resolutions and adopted by the
Government of Pakistan;
10
Proscribed under the Anti-Terrorism Act, 1997(XXVII of 1997); and
Associates/facilitators of persons mentioned in (a) and (b).
The “PASHA SECURITIES (PVT.) LIMITED” should monitor their relationships on a continuous
basis and ensure that no such relationship exists directly or indirectly, through ultimate control of an
account and where any such relationship is found, the “PASHA SECURITIES (PVT.) LIMITED” shall
take immediate action as per law, including freezing the funds and assets of such proscribed
entity/individual and reporting to the Commission.
f). Simplified Customer Due Diligence
CDD measures shall be simplified or reduced in the following circumstances:
risk of money laundering or terrorist financing is lower
information on the identity of the customer and the beneficial owner of a customer is publicly available
adequate checks and controls exist
Following customers may be considered for simplified or reduced CDD:
Financial institutions which are subject to requirements to combat money laundering and terrorist
financing consistent with the FATF Recommendations and are supervised for compliance with those
controls
Public companies that are subject to regulatory disclosure requirements Government administrations
or enterprises
When opting for simplified or reduced due diligence, the FATF guidelines in this regard shall be
consulted. Simplified CDD shall not be followed when there is an identified risk of money laundering or
terrorist financing.
a. Compliance Function
A compliance function shall be established with suitable human resource and MIS reporting capabilities,
enabling it to effectively monitor the customers’ transactions and make timely reports.
11
The Head of Compliance function shall have skills and experience necessary for satisfactory
performance of functions assigned. Head of Compliance shall be independent and report directly to the
Board of Directors.
The Compliance function shall ensure compliance with the requirements of these policies as well as
other regulatory requirements applicable under the relevant legal framework. A record shall be
maintained of all violation/ non-compliance identified and reported to the BoD and must be available for
the inspection of SECP as and when required.
b. Data Retention
It shall be required to maintain the relevant documents obtained through the application of
KYC/CDD/AML/CFT procedures, especially those pertaining to identification of the identity of a
customer, account files and correspondence exchanged for a minimum period of five years.
c. Training and Employee Screening
Appropriate on-going employee training program and knowledge refreshment shall be arranged to
ensure that the employees understand their duties and are able to perform the same on a satisfactory
level.
Staff shall be hired with extra care and all possible screening measures shall be taken including
independent inquiries, information from previous employers/colleagues etc. Further, screening process
shall be an on-going exercise and shall be applied consistently to ensure that employees, particularly
those working at sensitive positions, meet and maintain high standards of integrity and professionalism.
Any information concerning customers and their transactions shall be provided to the exchanges,
Financial Monitoring Unit or the Commission as and when required. All requirements of Anti Money
Laundering and Countering financing of Terrorism Regulations, 2018 as applicable, including the
requirement to file Suspicious Transaction Reports and any directives, circulars, guidelines issued in this
regard by Federal Government, Financial Monitoring Unit and SECP shall be complied.
(g) Political Exposed Person (PEPs)
When dealing with high-risk customers, including Politically Exposed Persons (PEP’s), senior
management’ approval shall be obtained to establish business relationships with such customers. The
same shall also apply in case of an existing customer which will be classified as high-risk pursuant to
these policies or which will be subsequently classified as a result of ongoing due diligence. Further,
reasonable measures shall be taken to establish the source of wealth and source of funds.
12
5. ANTI-MONEY LAUNDERING COMPLIANCE OFFICER
The PASHA SECURITIES (PVT.) LIMITED has appointed a dedicated Compliance Officer to oversight
the Compliance function who will be reporting to the Board of Directors of the PASHA SECURITIES
(PVT.) LIMITED.Any Employee shall immediately notify the Compliance Officer if he/she suspects or
has any reason to suspect that any potentially suspicious activity has occurred or will occur if a
transaction is completed. Employees are encouraged to seek the assistance of the Compliance Officer
with any questions or concerns they may have with respect to the PASHA SECURITIES (PVT.)
LIMITED's AML/CFT Policy& Procedures.
Responsibilities of the Compliance Officer include the following
Review of Account Opening Forms and sign off from Compliance perspective
Coordination and monitoring of PASHA SECURITIES (PVT.) LIMITED's day-to-day compliance
with applicable Anti-Money Laundering Laws and Regulations and PASHA SECURITIES (PVT.)
LIMITED's own AML/CFT Policy and Procedures;
Conducting Employee training programs for appropriate personnel related to the PASHA
SECURITIES (PVT.) LIMITED's AML/CFT policy and procedures and maintaining records
evidencing such training;
Receiving and reviewing any reports of suspicious activity from Employees;
Determining whether any suspicious activity as reported by an Employee warrants reporting to senior
management of the Firm;
Coordination of enhanced due diligence procedures regarding Clients; and Responding to both internal
and external inquiries regarding PASHA SECURITIES (PVT.) LIMITED's AML/CFT policy and
procedures.
Anti-Money Laundering Employee Training Program
As part of the PASHA SECURITIES (PVT.) LIMITED's anti-money laundering program, all Employees
are expected to be fully aware of the PASHA SECURITIES (PVT.) LIMITED's AML/CFT policy and
procedures.
Each Employee is required to read and comply with this Compliance policy and procedures, address
concerns to the Compliance Officer and sign the acknowledgement form confirming that he/she has read
and understands PASHA SECURITIES (PVT.) LIMITED's AML/CFT policy and procedures.
13
To ensure the continued adherence to PASHA SECURITIES (PVT.) LIMITED’s AML/CFT policy and
procedures, all Employees are required to reconfirm their awareness of the contents of this document by
signing the acknowledgement form annually, or more frequently, as required by the Compliance Officer.
To undertake training programs on AML/CFT policy and procedures.
To get trained in how to recognize and deal with transactions which may be related to money
laundering.
To timely escalate and report the matter to the Compliance Officer.
To get themselves acquainted with Anti Money Laundering Rules & Regulations.
To comply with the requirements of Rules & Regulations.
6. PROCEDURES FOR DOCUMENTATION & VERIFICATION OF
LOW RISK CUSTOMER
(a) Documentation
14
S No. Type of Customer Information/Documents to be Obtained
1.
Individuals
A photocopy of any one of the following valid identity documents;
(i) Computerized National Identity Card (CNIC) issued by NADRA.
(ii) National Identity Card for Overseas Pakistani (NICOP) issued by NADRA.
(iii) Pakistan Origin Card (POC) issued by NADRA.
(iv) Alien Registration Card (ARC) issued by National Aliens Registration
Authority (NARA), Ministry of Interior (local currency account only).
(v) Passport; having valid visa on it or any other proof of legal stay along with
passport (foreign national individuals only).
2.
Sole proprietorship
(i) Photocopy of identity document as per Sr. No. 1 above of the proprietor.
(ii) Copy of registration certificate for registered concerns.
(iii) Copy of certificate or proof of membership of trade bodies etc, wherever
applicable.
(iv) Declaration of sole proprietorship on business letter head.
(v) Account opening requisition on business letter head.
(vi) Registered/ Business address.
3.
Partnership
(i) Photocopies of identity documents as per Sr. No. 1 above of all the partners
and authorized signatories.
(ii) Attested copy of ‘Partnership Deed’.
(iii)Attested copy of Registration Certificate with Registrar of
Firms. In case the partnership is unregistered, this fact shall be clearly mentioned
on the Account Opening Form.
(iv) Authority letter from all partners, in original, authorizing the person(s) to
operate firm’s account.
(v) Registered/ Business address.
15
4.
Limited Companies/
Corporations
(i) Certified copies of:
(a) Resolution of Board of Directors for opening of account specifying the
person(s) authorized to
open and operate the account;
(b) Memorandum and Articles of Association;
5.
Branch Office or
Liaison Office of
Foreign Companies
(i) A copy of permission letter from relevant authority i-e Board of Investment.
(ii) Photocopies of valid passports of all the signatories of account.
(iii)List of directors on company letter head or prescribed format under relevant
laws/regulations.
(iv) A Letter from Principal Office of the entity authorizing the person(s) to open
and operate the account.
(v) Branch/Liaison office address.
6.
Trust, Clubs,
Societies and
Associations etc.
(i) Certified copies of:
(a) Certificate of Registration/Instrument of Trust
(b) By-laws/Rules & Regulations
(ii) Resolution of the Governing Body/Board of Trustees/Executive Committee, if
it is ultimate governing body, for opening of account authorizing the person(s) to
operate the account.
(iii)Photocopy of identity document as per Sr. No. 1 above of the authorized
person(s) and of the members of Governing Body/Board of Trustees /Executive
Committee, if it is ultimate governing body.
(iv) Registered address/ Business address where applicable.
7.
NGOs/NPOs/Charities
(i) Certified copies of:
(a) Registration documents/certificate
(b) By-laws/Rules & Regulations
(ii) Resolution of the Governing Body/Board of Trustees/Executive Committee, if
it is ultimate governing
(b) Documentation for Investors who can’t sign or have unsuitable signatures
Investors who cannot sign or have unstable signatures shall be required to submit two recent passport size
photographs and Thumb impression on the Account Opening form attested by the Branch Manager of the
Bank where the investor maintains an account.
(c) Sending Account Statement
After opening of a new account, the Transfer Agent sends an Account Statement to the investor through a
registered post/ courier on his/her postal address in order to notify the investor of their account status and
to confirm the address of the investor.
(d) Steps for Enhanced Due Diligence
Enhanced due diligence (EDD) for higher-risk customers is especially critical in understanding their
anticipated transactions and implementing suspicious activity monitoring system that reduces the PASHA
SECURITIES (PVT.) LIMITED reputation, compliance, and transaction risks.
PASHA SECURITIES (PVT.) LIMITED determines if a customer possess a higher risk because of the
customer’s business activity, ownership structure, anticipated or actual volume and types of transactions,
including those transactions involving higher risk jurisdictions.
Request for further documentation/ Information
Review of the documents/ Information
Approval for Account opening of the higher risk customers.
When the PASHA SECURITIES (PVT.) LIMITED is not able to satisfactorily complete required
CDD/KYC measures, account opening applications are rejected; business relationships are not
established/ terminated and business transaction are not carried out
16
17
7. Risk Assessment
A risk assessment must be performed of all the existing and prospective customers on the basis of
information obtained regarding their identity, nature of income, source of funding, location etc and
based on the results of such assessment, categorizing customers among high risk, medium risk and low
risk customers
1. Risk Profiling Of Customers
(a) All relationships shall be categorized with respect to their risk levels i.e. High, Medium and Low
based on the risk profiling of customer (through KYC/CDD application and as guided in the
operational Manual for making effective decision whether to perform Simplified Due Diligence (SDD)
or Enhanced Due Diligence (EDD) both at the time of opening and ongoing Monitoring of business
relationship.
(b) The approval for opening of PEP and Non-Governmental Organizations (NGOs)/Not-for-Profit
Organizations (NPOs) and Charities account will be obtained from Senior Management (Business
Head) after performing EDD. Further Personal accounts will not be allowed to be used for charity
purposes/collection of donations. Customer KYC / CDD profile will be reviewed and/or updated on
the basis of predefined frequency, in accordance with the risk profile of the customer, as per procedure
defined in operational Manual.
2. High Risk Clients
Pasha Securities (Pvt.) Limited will continuously update a list of the types of Clients that FES
considers to be of ‘high risk,’ such that enhanced due diligence procedures are warranted compared to
the routine Client Identification Procedures.
Following are the examples of Clients who pose a high money laundering risk:
(a) A Senior Foreign Political Figure, any member of a Senior Foreign Political Figure’s Immediate
Family, and any Close Associate of a Senior Foreign Political Figure;
(b) Any Client resident in, or organized or chartered under the laws of, a Non-Cooperative
Jurisdiction;
(c) Note: Non-Cooperative Jurisdiction means any foreign country that has been designated as non-
cooperative with international anti-money laundering principles or procedures by an
intergovernmental group or organization, such as the Financial Action Task Force on Money
Laundering (“FATF”)
(d) Any Client who gives the Compliance Officer any reason to believe that its funds originate from,
or are routed through, an account maintained at an “offshore bank”, or a bank organized or
chartered under the laws of a Non-Cooperative Jurisdiction; and
(e) Any Client who gives the Compliance Officer any reason to believe that the source of its funds
may not be legitimate or may aid terrorist financing activities
18
Enhanced Client Identification Procedures for High Risk Natural Persons and Legal
Person
Enhanced Client Identification Procedures for ‘high risk’ natural persons as Clients include, but are not
limited to, the following:
(a) Assessing the Client’s business reputation through review of financial or professional references,
generally available media reports or by other means;
(b) Considering the source of the Client’s wealth, including the economic activities that generated the
Client’s wealth and the source of the particular funds intended to be used to make the investment;
(c) Reviewing generally available public information, such as media reports, to determine whether the
Client has been the subject of any criminal or civil enforcement action based on violations of anti-
money laundering laws or regulations or any investigation, indictment, conviction or civil
enforcement action relating to financing of terrorists;
(d) Conducting a face-to-face meeting with the Client to discuss/confirm the account opening documents.
The enhanced due diligence procedures undertaken with respect to ‘high risk’ Clients must be
thoroughly documented in writing, and any questions or concerns with regard to a ‘high risk’ Client
should be directed to the Compliance Officer.
Enhanced Client Identification Procedures for ‘High-Risk’ Corporations, Partnerships, Trusts and
Other Legal Entities Include but are not limited to the following:
(a) Enhanced Client Identification Procedures For High Risk Corporations, Partnerships & Other Legal
Entities Assessing the Client’s business reputation through review of financial or professional
(b) References, generally available media reports or by other means;
(c) Reviewing recent changes in the ownership or senior management of the Client
Conducting a visit to the Client’s place of business and conducting a face- to-face meeting with the
Client to discuss/confirm the account application, the purpose of the account and the source of assets;
(d) Reviewing generally available public information to determine whether the Client has been the
subject of any criminal or civil enforcement action based on violations of anti-money laundering law
or regulations or any criminal investigation, indictment, conviction or civil enforcement action
relating to financing of terrorists.
19
High-Risk Classification Factors
1. Customer risk factors:
The institution will describe all types or categories of customers that it provides business to and should
make an estimate of the likelihood that these types or categories of customers will misuse the RP for ML or
TF, and the consequent impact if indeed that occurs. Risk factors that may be relevant when considering
the risk associated with a customer or a customer’s beneficial owner’s business include:
(a) The business relationship is conducted in unusual circumstances (e.g. significant
unexplained geographic distance between the RP and the customer).
(b) Non-resident customers.
(c) Legal persons or arrangements.
(d) Companies that have nominee shareholders.
(e) Business that is cash-intensive.
(f) The ownership structure of the customer appears unusual or excessively complex given the nature of
the customer’s business such as having many layers of shares registered in the name of other legal
persons;
(g) Politically exposed persons
(h) Shell companies, especially in cases where there is foreign ownership which is spread across
jurisdictions;
(i) Trusts and other legal arrangements which enable a separation of legal ownership and beneficial
ownership of assets.
(j) Requested/Applied quantum of business does not match with the profile/particulars of client
(k) Real estate dealers,
(l) Dealers in precious metal and stones, and lawyers/notaries.
Country or geographic risk factors
Country or geographical risk may arise because of the location of a customer, the origin of a destination of
transactions of the customer, but also because of the business activities of the RP itself, its location and the
location of its geographical units. Country or geographical risk, combined with other risk categories,
provides useful information on potential exposure to ML/TF. The factors that may indicate a high risk are
as follow:
(a) Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or
published follow-up reports by international bodies such as the FATF, as not having adequate
AML/CFT systems.
(b) Countries subject to sanctions, embargos or similar measures issued by, for example, the United
Nations.
20
(d) Countries identified by credible sources as having significant levels of corruption or other criminal
activity countries or geographic areas identified by credible sources as providing funding or
support for terrorist activities, or that have designated terrorist organizations operating within their
country.
(f) Jurisdictions in which the customer and beneficial owner are based;
(g) Jurisdictions that are the customer's and beneficial owner's main places of business.
Product, service, transaction or delivery channel risk factors:
Comprehensive ML/TF risk assessment must take into account the potential risks arising from the
products, services, and transactions that the RP offers to its customers and the way these products and
services are delivered. In identifying the risks of products, services, and transactions, the following
factors should be considered:
a) Anonymous transactions (which may include cash).
b) Non-face-to-face business relationships or transactions.
c) Payments received from unknown or un-associated third parties.
d) The surrender of single premium life products or other investment-linked insurance products with a
surrender value.
e) International transactions, or involve high volumes of currency (or currency equivalent) transactions
f) New or innovative products or services that are not provided directly by the RP, but are provided
through channels of the institution;
g) Products that involve large payment or receipt in cash; and
h) One-off transactions.
i) To what extent is the transaction complex and does it involve multiple parties or multiple
jurisdictions.
j) Any introducers or intermediaries the firm might use and the nature of their relationship with the
RP.
k) Is the customer physically present for identification purposes? If they are not, has the firm used a
reliable form of non-face-to-face CDD? Has it taken steps to prevent impersonation or identity
fraud?
l) Has the customer been introduced by another part of the same financial group and, if so, to what
extent can the firm rely on this introduction as reassurance that the customer will not expose the
firm to excessive ML/TF risk? What has the firm done to satisfy itself that the group entity applies
CDD measures?
m) Has the customer been introduced by a third party, for example, a Financial Institution that is not
part of the same group, and is the third party a financial institution or is its main business activity
unrelated to financial service provision? What has the firm done to be satisfied that:
n) The third party applies CDD measures and keeps records to standards and that it is supervised for
compliance with comparable AML/CFT obligations;
21
Review of Existing Client Base and Detection of Suspicious Activity
a) The FES shall perform such CDD measures as may be appropriate to its existing customers having
regard to its own assessment of materiality and risk but without compromise on identity and
verification requirements.
b) The Compliance Officer shall coordinate a periodic review of the FES's existing Client list, and ensure
the adequacy of due diligence performed on existing Clients. In addition, FES's policies, procedures
and controls may provide for the detection of suspicious activity, and if detected may require further
review to determine whether the activity is suspicious,
c) FES requires any Employee who detects suspicious activity or has reason to believe that suspicious
activity is taking place immediately to inform his or her immediate supervisor as well as the
Compliance Officer.
d) Under no circumstances may an Employee discuss the suspicious activity or the fact that it has been
referred to the Compliance Officer, with the Client concerned (Required by Law).
e) The Compliance Officer shall determine in consultation with the higher management whether to report
to appropriate law enforcement officials (i.e. FMU-Financial Monitoring Unit) any suspicious activity
of which he becomes aware within 7 working days of knowing the suspicious activity (Required by
Law).
Methodology
A threat is a person or group of people, object or activity with the potential to cause harm to, for example,
the state, society, the economy, etc. In the ML/TF context this includes criminals, terrorists groups and
their facilitators, their funds, as well as past, present and future ML or TF activities.
Vulnerabilities comprise those things that can be exploited by the threat or that may support or facilitate
its activities. In the ML/TF risk assessment context, looking at vulnerabilities as distinct systems or
controls or certain features of a country. They may also include] the features of a particular sector, a
financial product or type of service that make them attractive for ML or TF purposes. Note: this revised
NRA focuses on inherent vulnerabilities, so we have put the reference to weakness in AML/CFT in
brackets.
Inherent risk: refers to ML/TF risk prior to the application of AML/CFT controls.
Consequence refers to the impact or harm that ML or TF may cause and includes the effect of the
underlying criminal and terrorist activity on financial systems and institutions, as well as the economy and
society more generally.
Likelihood of ML/TF: the likelihood of ML/TF threat actors exploiting inherent vulnerabilities.
22
Overview of National ML/TF Threats and Vulnerabilities
Geography
Afghan Diaspora
Conflict and Terror
Demography
Social and Religious Norms
Education
Economy
Assessment of inherent ML/TF Vulnerabilities by Sector
1. PEPs and High Net worth Individuals.
Information available to NBFCs and motorbus on the source of funds invested by high net worth
individuals is often unreliable or unavailable.
2. Foreign and Non-resident clients;
Customer identification and CDD information (source of funds) is not easily verifiable and
therefore it is difficult to ascertain if the funds being invested and constitute criminal proceeds.
Foreign and non-resident clients may also place funds, the source of which is not verifiable, in the
deposit products offered by NBFCs and modaraba.
Therefore, these customers are rated high risk for ML.
3. Geography
Branches alongside porous borders with Afghanistan and areas along KP and Baluchistan are
therefore critical geographical vulnerability.
Customers from high risk countries for ML/TF may seek a business relationship with a
NBFCs/Modarabas in Pakistan to conduct/facilitate criminal activities in Pakistan.
Such customers from high risk jurisdictions present a higher risk to ascertain the validity and
adequacy of the documents presented and to be familiar with the laws and requirements of foreign
jurisdictions.
Microfinance entities have outlets across Pakistan, Especially in rural/remote areas.
23
4. Delivery channels
Not permitted to deal in cash exceeding Rs 50,000/- Payments through banking channels.
Most of the recovery of micro-credit is in the form of cash. This presents a challenge that the
movement of funds may not be easily tractable Online transactions
The risk posted by an anonymous product can also be effectively mitigated by other measures such as
imposing value limits (i.e., limits on transaction amounts or frequency) or implementing strict
monitoring systems.
5. Products and services
There are only four active products currently offered in the securities Market sector, Such as Ready
Market, Deliverable Futures contract, Margin Trading System and Margin financing.
Equity market products could be used to layer or integrate the proceeds of crime, or to transfer value to
terrorists, and are therefore vulnerable for ML/TF activities.
Crime Identified as High ML threat.
1. Illegal MVTS/Hawala/Hundi
The Unauthorized provisions of MVTS (Hawala/HundI) is illegal in Pakistan (i.e. violation of section
4 (1) and section 5 of the Foreign Exchange Regulation Act (FERA) 1947.
Hadaka is not only common in Pakistan; it has deep roots in the whole region.
Moreover, it is the existence of other predicate crimes, such as corruption, tax evasion, smuggling that
further creates demand for illegal money transfer businesses.
2. Cash Smuggling
Multiple issues such as socio-economic dispora on both sides of the Afghan border, long porous border
and absence of a formal channel infrastructure fot the transfer of funds have always posed hindrance in
the way of effective and efficient enforcement for the LEAs.
Proceeds of crime such as legal/illegal trade, Hawala and drug trafficking are conducted in through this
channel with all likelihood of ML/TF related funds movement utilizing it.
24
3. Terrorism including Terrorism Financing
The financial for the afghan Diaspora to terrorist group plays a significant role in strengthen the
operational and organizational structure of terrorist groups/organizations.
Recent intelligence reports the large, number of TF investigations and STRs all point to
significant and increased threats.
Funds generated illicitly in Pakistan include donation to now terrorist organization, extortion, and
kidnapping for ransom. Funds generated externally include these sources plus funding by hostile
intelligence agencies.
Crime Identified as Medium High ML threat.
Participation in an organized criminal group and racketeering
Human trafficking / migrant smuggling or
Trafficking in person and smuggling of migrants
Illicit arms trafficking
Fraud , forgery and cheating
Kidnapping for ransom
Robbery or theft
Extortion from business
Market manipulation and insider trading
Cyber crime
Crime Identified as Medium ML threat.
Sexual exploitation , including sexual exploitation of children
Illicit trafficking in stolen and other goods
Counterfeiting currency
Counterfeiting and piracy of products
Crime Identified as Low ML threat.
Murder, grievous bodily injury
Environmental crimes
Piracy
8. Monitoring and Reporting of Suspicious Transaction/Activity
In case where the PASHA SECURITIES (PVT.) LIMITED is not able to satisfactorily complete required
CDD/KYC measures, accounts are not opened; business relationships are not established/ terminated and
business transaction are not carried out. Instead reporting of suspicious transaction may be considered as
outlined later in this document.
All personnel are diligent in monitoring for any unusual or suspicious transactions/activity based on the
relevant criteria applicable.
(a) Suspicious Transactions
The following are examples of potential suspicious transactions for both money laundering and terrorist
financing. The lists of situations given below are intended mainly as a means of highlighting the basic ways in
which money may be laundered. These lists are not all-inclusive
While each situation may not be sufficient to suggest that money laundering or a criminal activity is taking
place, a combination of such situations may be indicative of such a transaction. A customer’s declaration
regarding the background of such transaction shall be checked for plausibility. Closer scrutiny shall help to
determine whether the activity is suspicious or one for which there does not appear to be a reasonable business
or legal purpose.
It is justifiable to suspect any customer who is reluctant to provide normal information and documents required
routinely by the financial institutions in the course of the business relationship. The PASHA SECURITIES
(PVT.) LIMITED will pay attention to customers who provide minimal, false or misleading information or,
when applying to open an account, provide information that is difficult or expensive to verify.
Transaction which do not make economical sense
Transaction inconsistent with the customer’s business
Transactions involving transfers to and from abroad
Transactions involving structuring to avoid reporting or identification requirement
25
(b) Potential Indicators of Money Laundering/Terrorist Financing
The following examples of potentially suspicious activity that may involve money laundering or terrorist
financing threat are primarily based on guidance note provided by the FATF in the name of "Guidance for
Financial Institutions in Detecting Terrorist Financing". FATF is an intergovernmental body whose purpose
is the development and promotion of policies, both at national and international levels, to combat money
laundering and terrorist financing.
Activities inconsistent with the customer business
Fund Transfers
Other transactions that appears unusual or suspicious
(c) CURRENCY TRANSACTION REPORTING (CTR)
PASHA SECURITIES (PVT.) LIMITED prefers that all receipts and payments to the customer are made
through crossed cheques, bank drafts, pay orders or other crossed banking instruments. PASHA
SECURITIES (PVT.) LIMITED discourages receiving cash but in exceptional circumstances here it
becomes necessary for a broker to accept cash from a customer to settle the obligation of clearing, reporting
of such instances (if above the threshold) with rationale should be made immediately to the PSX, (and if
above Rs.2 Million or any other revised threshold liable to reporting to Financial Monitoring Unit (FMU))
should be immediately reported to the PSX as well as FMU. Not in any case, cash payments are made to
client(s).
(d) SUSPICIOUS TRANSACTION REPORTING (STR)
(i) A suspicious activity will often be one that is inconsistent with a customer’s known, legitimate activities
or with the normal business for that type of account. Where a transaction is inconsistent in amount, origin,
destination, or type with a customer's known, legitimate business or personal activities, the transaction must
be considered unusual, and the PASHA SECURITIES (PVT.) LIMITED puts “on enquiry”. PASHA
SECURITIES (PVT.) LIMITED also pays special attention to all complex, unusual large transactions, and
all unusual patterns of transactions, which have no apparent economic or visible lawful purpose.
(ii) Where the enquiries conducted by the PASHA SECURITIES (PVT.) LIMITED do not provide a
satisfactory explanation of the transaction, it may be concluded that there are grounds for suspicion
requiring disclosure and escalate matters to the Anti Money Laundering and Countering Financing of
Terrorism "AML/CFT".
26
(iii) Enquiries regarding complex, unusual large transactions, and unusual patterns of transactions, their
background, and their result should be properly documented, and made available to the relevant authorities
upon request. Activities which should require further enquiry may be recognizable as falling into one or more
of the following categories. This list is not meant to be exhaustive, but includes:
any unusual financial activity of the customer in the context of the customer’s own usual activities
any unusual transaction in the course of some usual financial activity;
any unusually-linked transactions;
any unusual method of settlement;
any unusual or disadvantageous early redemption of an investment product;
any unwillingness to provide the information requested.
(iv) Where cash transactions are being proposed by customers, and such requests are not in accordance with
the customer's known reasonable practice, PASHA SECURITIES (PVT.) LIMITED needs to approach such
situations with caution and make further relevant enquiries. Depending on the type of business each PASHA
SECURITIES (PVT.) LIMITED conducts and the nature of its customer portfolio, each PASHA
SECURITIES (PVT.) LIMITED may wish to set its own parameters for the identification and further
investigation of cash transactions.
(v) Where the PASHA SECURITIES (PVT.) LIMITED has been unable to satisfy that any cash transaction
is reasonable, and therefore should be considered as suspicious. PASHA SECURITIES (PVT.) LIMITED is
also obligated to file Currency Transaction Report (CTR), for a cash-based transaction involving payment,
receipt, or transfer of Rs. 2 million and above.
(vi) If the PASHA SECURITIES (PVT.) LIMITED decides that a disclosure should be made, the law
require the PASHA SECURITIES (PVT.) LIMITED to report STR without delay to the Financial Monitoring
Unit "FMU", in standard form as prescribed under AML Regulations 2015. The STR prescribed reporting
form can be found on FMU website through the link http://www.fmu.gov.pk/docs/AMLRegulations2015.pdf.
(vii) The process for identifying, investigating and reporting suspicious transactions to the FMU should be
clearly specified in the reporting entity’s policies and procedures and communicated to all personnel through
regular training.
(viii) PASHA SECURITIES (PVT.) LIMITED is required to report total number of STRs filed to the
Commission on bi-annual basis within seven days of close of each half year. The Compliance Officer ensures
prompt reporting in this regard.
27
(ix) Vigilance systems require the maintenance of a register of all reports made to the FMU. Such
registers should contain details of:
the date of the report;
the person who made the report;
the person(s) to whom the report was forwarded; and
reference by which supporting evidence is identifiable.
(x) It is normal practice for an PASHA SECURITIES (PVT.) LIMITED to turn away business that they
suspect might be criminal in intent or origin. Where an applicant or a customer is hesitant/fails to provide
adequate documentation (including the identity of any beneficial owners or controllers), consideration
should be given to filing a STR. Also, where an attempted transaction gives rise to knowledge or suspicion
of ML/TF, that attempted transaction should be reported to the FMU.
Once suspicion has been raised in relation to an account or relationship, in addition to reporting the
suspicious activity PSL ensures that appropriate action is taken to adequately mitigate the
risk of the PSL being used for criminal activities. This may include a review of either the
risk classification of the customer or account or of the entire relationship itself. Appropriate action may
necessitate escalation to the appropriate level of decision-maker to determine how to handle the
relationship, taking into account any other relevant factors, such as cooperation with law
enforcement agencies or the FMU.
(e) TRAINING
Training on anti-money laundering is provided to those new employees who work directly with customers
and to those employees who work in other areas that may be exposed to money laundering and terrorist
financing threats. Follow-up trainings also take place once a year.
(f) Non Compliance with PASHA SECURITIES (PVT.) LIMITED’S AML/CDD/CFT Policy
Failure to abide by the Policy set by PASHA SECURITIES (PVT.) LIMITED to prevent money
laundering and terrorist financing will be treated as a disciplinary issue. Any deliberate breach will be
viewed as severe misconduct. Such cases will be referred to HR for onward initiation of disciplinary action
that could lead to termination of employment and could also result in criminal prosecution and
imprisonment for the concerned staff member
28
9. Record Retention
It is a Policy of PASHA SECURITIES (PVT.) LIMITED:
To retain identification and transaction documentation for the minimum period as required by
applicable Laws and Regulations.
To retain records of all suspicious activity reports made by Compliance department to Regulators for an
indefinite period unless advised by the Regulator otherwise.
To be in a position to retrieve, in a timely fashion, records that are required by law enforcement
agencies as part of their investigations.
To keep records of KYC, CDD, AML/CFT training provided to the employees, nature of the training and
the names of staff who received such training.
ACCOUNTABILITIES AND RESPONSIBILITIES
The Board is Responsible for:
Ensuring that adequate systems and controls are in place to deter and recognize criminal activity, money
laundering and terrorist financing.
Seeking compliance reports including coverage of AML/CFT issues) on quarterly basis and taking
necessary decisions required to protect PASHA SECURITIES (PVT.) LIMITED from use by criminals
for ML & TF activities.
The Oversight of the adequacy of systems and controls that are in place to deter and recognize criminal
activity, money laundering and terrorist financing.
Management is Responsible for:
Ensuring that AML/CDD/CFT policy is implemented in letter and spirit.
All Employees are Responsible for:
Remaining vigilant to the possibility of money laundering / terrorist financing through use of PASHA
SECURITIES (PVT.) LIMITED’s products and services.
Complying with all AML/CFT policies and procedures in respect of customer identification, account
monitoring, record keeping and reporting.
29
Promptly reporting to CO where they have knowledge or grounds to suspect a criminal activity or
where they have suspicion of money laundering or terrorist financing whether or not they are engaged
in AML / CFT monitoring activities.
Understanding PASHA SECURITIES (PVT.) LIMITED’s Policy and Procedures on AML/CDD/CFT
and to sign-off on the require Form.
Employees who violate any of the Regulations or the PASHA SECURITIES (PVT.) LIMITED’s
AML/CDD/CFT policies and procedures will be subject to disciplinary action.
10. Internal Audit
Internal Auditor of the PASHA SECURITIES (PVT.) LIMITED shall also review the compliance of the
Anti Money Laundering function of the Company to ensure that the AML Policy is being effectively
implemented by the management of the PASHA SECURITIES (PVT.) LIMITED management.
30