preserving the integrity of the financial system ... -...

AML/CFT Awareness

Preserving the Integrity of the Financial System:

Prevention of Money Laundering &

Terrorism Financing

Role of Company Secretaries as

Effective Gatekeepers

AML/CFT Awareness2

Learning Objectives

Understanding on the ML/TF risks faced by company secretaries

Company Secretaries’ obligations as a Reporting Institution within Malaysia’s

AML/CFT Framework

Awareness and compliance to the AML/CFT requirements

AML/CFT Awareness3

Presentation Outline

Overview of ML/TF & the AML/CFT system

ML/TF Vulnerabilities of Company Secretaries

Recent AML/CFT Developments

AML/CFT Requirements on Company Secretaries

Compliance to AML/CFT Requirements

AML/CFT Awareness4

“A process of converting cash

or property derived from criminal activities to give it a legitimate appearance. It is the process of cleaning and disguising the criminal origin

of ‘dirty’ money”

“Process of

financing terrorist

activity either

through legitimate

or illegitimate

sources.”

Critical for a country to have an effective AML/CFT regime…

1. Reduces rewards associated with crime and hence, overall crime rates;

2. Increases government revenue, reduces leakages within the economy;

3. Preserves the integrity and reputation of the market place; and

4. Creates conducive environment for businesses and investors to flourish.

Money Laundering (ML) & Terrorism Financing (TF) defined

5

Why Criminals Launder Their Money?

To remove or distance themselves from the criminal activity generating the illicit proceeds, thus making it more difficult to identify & prosecute key perpetrators

To distance proceeds gained from conduct of criminal activity to prevent confiscation if the perpetrators is

caught

To enjoy the benefits of the illicit proceeds without bringing undue attention to themselves

To reinvest the profits in future criminal activity or in legitimate businesses

AML/CFT Awareness6

All countries are required to comply with the FATF international standards

UN Conventions and Resolutions

Financial Action Task Force (FATF), Headquartered in Paris [Malaysia is a ‘Member’]

All countries are members of a FRSB (except Iran and DPRK)

Principles under the Resolutions have been embedded into the FATF standards

The Vienna Convention

The Palermo Convention Security Council Resolution 1267 and its Successors

Security Council Resolution 1373

International Convention for the Suppression of the Financing of Terrorism

Issues & ensures compliance by jurisdictions to FATF 40 Recommendations (2012) & Methodology (2013)

APG -Malaysia is a ‘Member’ MENAFATF GIABA CFATF MONEYVAL GAFISUD EAG

Principles under the Resolutions have been embedded into the FATF standards

Implementation by FATF-Styled Regional Bodies (FSRBs)

Principles under these Resolutions have been embedded into the FATF standards

AML/CFT Awareness7

Since AMLA was effected in 2001, Malaysia has established a

comprehensive AML/CFT framework for prevention of ML/TF activities

FATF

Standards

• BNM the competent authority for AMLA

• Criminalisation of ML/TF i.e. 362

offences from 44 legislations

• Freezing, seizure & forfeiture of

properties

• Identify & respond to emerging

risks through National Risk

Assessment process

• Adequate investigation &

enforcement powers

• Fully-functional FIU in BNM

• AML/CFT Units set-up in key law

enforcement agencies (LEAs)

• Structured training programs for

financial investigators

• National Coordination

Committee for integrated

approach across 16

Ministries/Agencies

• MoUs and Strategic

Partnerships with Foreign FIUs

& Counterparts

• Strong networks with

International/regional bodies FATF, APG, Egmont Group

Responsibilities of Reporting

Institutions (RIs)

More than 43,000 RIs

Implement effective AML/CFT

compliance programme to detect

and deter ML/TF

Submit CTRs and STRs to

FIED, BNM

AML/CFT Awareness8







AML/CFT Awareness

Reporting institutions (RIs) are the first line of defence

Criminals and

Criminal Activities

Financial Institutions

Law enforcement

Agencies (LEAs)

Non-bank FIs

DNFBPs

• Formation of complex company structures

• Placement of proceeds from unlawful activities

Supervisory authorities

BNM, SC, LFSA

Financial Intelligence Unit

FIED, BNMSubmit Cash Threshold & Suspicious Transaction

Reports

Collect, analyse,

disseminate financial

intelligence

Feedback on effectiveness of financial intelligence

Identify illicit activities and investigate crimes

Monitor & enforceAML/CTF

requirements

AML/CFT PREVENTIVE MEASURES• ML/TF Risk Assessment & Client Risk Profiling• CDD and Enhanced CDD on Clients• Record Keeping • On-going Monitoring of Clients’ Transactions• Promptly Detect & Report Suspicious Transactions

Supervisory authorities

BNM in collab. with licensing bodies & SROs

1

2 3

45

9

AML/CFT Awareness10

Type of services Specific ML/TF risks

Formation agents• Forming company for criminal use• Forming company for laundering of illegal

proceeds (layering, integration)

Arrangement services(arrange for CS, director, partner)

• Concealing the identity of the criminals• Appearance of legitimacy & respectability• Conducting business transactions on behalf of

criminals

Providing registered/businessaddress, accommodation

• Concealing the location of criminals• Use of CS’s address for criminal activities (e.g.

fraud)

Trustee services

• Concealing the identity of the criminals• “Gatekeepers” when dealing with FIs• Executing trust arrangement for criminal

purposes

Nominee services• Concealing the identity of the criminals• Conducting transactions on behalf of criminals

Specific ML/TF risks in Company Secretarial Services

AML/CFT Awareness

Example: ML Case involving a Company Secretary

• Syndicates use of 3rd parties to open and operate bank accounts to cloak identities

of ultimate beneficial owners, for cleansing of criminal proceeds

Brief facts of case:

1. Director of Company Secretarial Firm X (CFSX), served as a Nominee Director of 2

companies, established by CFSX as part of services provided;

2. A bank a/c was opened with the Nominee Director‘s father acting as the sole bank a/c

signatory;

3. A/C received > 120 inward remittances within 6 months from various jurisdictions and funds

were quickly remitted out to a neighbouring jurisdiction;

4. During investigation, the Director and her father denied any offence, stating that a 3rd party

had hired her to set up the 2 companies, and to open a bank a/c to receive funds from

allegedly legitimate overseas business clients. She argued that services provided by her

firm was legitimate company secretarial services;

5. The Director’s father admitted signing for all remittance transactions but denied actual

dealing with the funds;

6. Both denied knowledge of either the source or ultimate beneficiary of funds remitted out

from the bank a/c.

7. Both the director and her father were convicted of Money Laundering.

11

AML/CFT Awareness12







AML/CFT Awareness13

Key Findings from Mutual Evaluation Exercise 2014

• On-site visit by APG & FATF Assessors from 13/11 to 25/11/2014;

• Assessment made based on Technical Compliance and Effectiveness of Malaysia’s AML/CFT regime in line with FATF Recommendations & Methodology;

• Outcome – Malaysia has achieved high levels of technical compliance. But, significant improvements needed in: a. Implementation of AML/CFT preventive measures on risk-basis

by all RIs, especially DNFBP sector, b. Effectiveness of international cooperation for cross-border crime

prevention and investigations, c. Conduct of parallel investigations and prosecution of ML/TF

• Key Findings on DNFBPs (apart from casino): o All DNFBPs’ have low level of understanding on key ML/TF risks

and AML/CFT obligationso AML/CFT internal controls of DNFBPs are weak or inadequate, not

implemented on risk-sensitive basis

• Key Recommendation: Malaysia to strengthen oversight of DNFBPs, enhance outreach/guidance and enforcement on non-compliance, to improve implementation of effective preventive measures by DNFBPs

AML/CFT Awareness14

Likelihood

POSSIBLE LIKELY VERY LIKELY

Exte

nt

of

Vu

lnera

bil

ity HIGH

MEDIUM

LOW

• Casino

• Gaming Companies

• Jewellers (DPMS)

• Accountants

• Offshore Trust

• Company Secretaries

• Real Estate

• Trust Companies • Lawyers

• Pawn Brokers

• Notaries

LP – onshore /

offshore

NPOs

National ML/TF Risk Assessment 2013 – Sectoral Risk Assessment

AML/CFT Awareness15







AML/CFT Awareness16

Relevant AML/CFT Law, Rules & Regulations – Company Secretaries Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001

(Act 613) – AMLA

Anti-Money Laundering & Anti-Terrorism Financing (Reporting Obligations) Order 2007

AML/CFT – Designated Non-Financial Businesses and Professions (DNFBPs) & Other Non-

Financial Sectors (Sector 5) Guidelines - Revised & reissued on 1 Nov 2013

Gazetted Activities Example of Services

1. Act as a formation agent of legal entities • Arranging for the establishment/incorporation of new

company/partnership

• Arranging for the sale of “off the shelf” company

2. Act as (or arrange for another person to act as):

i. a director of a company,

ii. a secretary of a company,

iii. a partner of a partnership, or

iv. a similar position in relation to other legal

entities;

• Arranging for natural persons to serve as directors or key

responsible persons within a company/partnership

3. Provide for a company, a partnership, or any other

legal entities or arrangement;

i. a registered office,

ii. business address or accommodation, or

iii. correspondence or administrative address

• Providing a registered company address or official

correspondence facilities

• Provide secretarial and administrative support to clients

and/or physical office space

4. Act as (or arrange for another person to act as) a

trustee of an express trust

• Providing trustee services, e.g. executing / managing the

trust, preparation of trust deed

5. Act as (or arrange for another person to act as) a

nominee shareholder for another person.

• Arranging for natural persons to represent the ultimate

beneficial owner of a company

AML/CFT Awareness17

Key AML/CFT Reporting Obligations from Sector 5 Policy Document

1. Understand ML/TF Risks & Risk Profiling of Clients

2. CDD and Other Requirements

3. AML/CFT Compliance Programme

4. Suspicious Transaction Report

(STR)

5. Combating Financing of

Terrorism

6. Consequences of Non-Compliance

AML/CFT Awareness18

Practical Guide on Key AML/CFT Requirements

No. What’s required Ref. as per

Sector 5 (Para)

1. Appoint a Compliance officer • 22

• 23

2. Develop and implement internal programme, policies, procedures

and controls to guard against and detect any offence under

AMLA, including

• 22

a. P & P on overall ML/TF risk assessment, client risk

profiling, managing and mitigating risk identified, periodic

update of risk assessment, and documentation of risk

assessment and findings

• 12

b. P & P on customer due diligence (CDD), enhance DD and

on-going DD

• 13

c. Establish internal criteria (‘red flags’) to detect suspicious

transactions; and a reporting system for submission of

suspicious transaction report (STR)

• 23

S24

S25 -26

S27 - 32

S33 - 35

AML/CFT Awareness19

No. What’s required Ref. as per

Sector 5 (Para)

3. When in ‘doubt’, submit STR • 23

4. Check new and existing client database against the UNSCR

Consolidated List and gazette orders issued by MOHA on list

of sanctioned individuals and entities

• 25

5. Conduct AML/CFT awareness and training programmes for

employees

• 22

6. Put in place adequate management information system (MIS) to

complement CDD process

• 20

7. Keep all CDD information and records for at least 6 years • 21

8. Keeping ML/TF risk assessment up-to-date through periodic

review, and having appropriate mechanisms to provide risk

assessment information to the supervisory authority, when

required

• 12

S36

S37

S38

Practical Guide on Key AML/CFT Requirements (2)

AML/CFT Awareness20







AML/CFT Awareness

Fostering greater collaboration with CCM and Professional Bodies to enhance Co Secretaries’ compliance with AML/CFT requirements

Develop and maintain Co. Secretaries’ Database to

identify and monitor sectoral ML/TF risks

Launch of Self-Assessment Questionnaire in to assess

professions level of awareness and compliance to

AML/CFT requirements

More effective involvement of CCM & professional bodies in

increasing professions’ awareness on role in curbing

ML/TF activities

21

AML/CFT Awareness22

Consequence of Non-Compliance

1. Enforcement action can be taken against a reporting institution,

including directors, officers and employees for any non-compliance

with AML/CFT requirements;

2. Penalties upon breach include:

• General Offence (section 86) – Fine not exceeding RM1.0 million

e.g. for failure to conduct CDD and failure to adopt, develop and

implement AML/CFT compliance programme;

• Retention of Records – Fine not exceeding RM3.0 million or

imprisonment for a term not exceeding five (5) year or both

• Opening Account in False Name – Fine not exceeding RM3.0

million or imprisonment for a term not exceeding five (5) year

or both

AML/CFT Awareness

Thank You

Link to AML/CFT Microsite in BNM Website:

http://amlcft.bnm.gov.my

23

http://amlcft.bnm.gov.my/

AML/CFT Awareness24

Roles and Responsibilities of Compliance Officer

WHO

High expectation on role and duty of AML/CFT Compliance Officer

RI’s compliance with AML/CFT requirements

Proper implementation of AML/CFT Procedures

Appropriate AML/CFT procedures and effective implementation

Communication channel between RIs/ staff/ department is secured and kept confidential

AML/CFT Compliance Programme awareness to all staff.

Internally generated STR are evaluated before submission to FIED

Identification of ML/TF risks associated with new products and services

DUTY – to ensure:

For individual RIs who operate within a group (e.g.: partnership):

responsible for own obligation under AMLA;

may appoint particular person (with management responsibilities) within such group to perform the role of compliance officer

1. Individual with management

responsibilities

2. Fit and proper

3. Necessary knowledge and

expertise

Back to S18

AML/CFT Awareness25

• Principle : ML/TF risks faced by one institution differ from another institution.• The intensity and extensiveness of risk management functions shall be proportionate to the nature,

scale and complexity of the reporting institution’s activities and ML/TF risk profile.

RISK ASSESSMENTRISK CONTROL AND

MITIGATION

Risk Factors to consider

Example of risk sub-factor

Customer • Composition & type of clients• % of high risk clients served (see slide 26)

Geographical • Physical location of firm & branches e.g. border town, high crime rates etc.

Business • Size of firm - e.g. based on no. of branches, client size, revenue etc.

• Payment method – cash?

Products & Services Offered

• Serve as nominee for companies owned by PEPs or high-networth individuals etc.

DeliveryChannels

• Face-to-Face (FTF)• Online services i.e. non-FTF

Example of controls:

minimum requirements or more stringent?

Intensity of CDD process

Frequency of monitoring

Overall policies & procedures

Level of monitoring by senior management

Frequency and intensity of audit

1 2

Overall ML/TF risk assessment for the institution

AML/CFT Awareness26

Example of template to support client risk profiling based on CDD info collected

To freeze account if existing client,

to reject if at point of on-boarding a

new client.

Back to S18

1. Customer risk (example) resident or non-resident Individual or company structure of company PEP or not? Domestic or foreign? types of occupation / nature of

business

3. Risk associated with Transaction / Delivery Channel (example) Mode of payment – cash, e-payment face-to-face or non face-to-face cross-border transaction occasional or one-off

No. NameType of Client

(individual/Com)

Occupation /

Nature of

Business

ID /

NationalityAddress

Type of

Services

No. of Services

Given

Amount Charged

(Fees /

Disbursement)

Mode of

payment

Communication

channel

ML/TF risk

rating

Check

Against

UNSCR List

(Y/N)

1

2

2. Geographical risk (example) Location / origin of customer High risk area/jurisdiction?

• Principle : ML/TF risks posed by customer differ from one to another

• Examples of CDD info (from existing client database) that can be used as risk profiling factors:

Resulting risk rating based on consideration of

risk factors

AML/CFT Awareness27

Customer Due Diligence (CDD)

1. Three elements:

Identification VerificationOn-Going Due

Diligence

i ii iii

• Identify• Sight ID document

• Take copy of ID document

• Review and update profile

• Transaction monitoring

AML/CFT Awareness28

Meeting AML/CFT Requirements - CDD– In practice, a quick guide

i ii iii

3. When is CDD required (Identification)?

Establishing business relations, where

applicable

If there is suspicion of ML/TF

Doubts on veracity & adequacy of previously

obtained CDD information

2. Info to obtain when conducting CDD

AML/CFT Awareness29

Identify and verify customer

Identify and take reasonable measures to verify beneficial owner (BO)

(a) Name, legal form and proof of existence(b) Powers that regulate and bind customers(c) Address of registered office

(a) Identity of the natural person who ultimately has a controlling ownership interest in a legal person

i. Identification of directors/shareholders with equity interest of 25% or more;ii. Authorisation for any person to represent the company (letter of authority/ directors’

resolution); andiii. NRIC / Passport to identify the authorised person

(b) If there is a doubt on the controlling interest - the identity of the natural person exercising control through other means

(c) Where there is no natural person identified- the identity of the natural person who holds the senior management position

Identification & verification of the BOs up to the level of natural persons who have control

Customer Due Diligence (CDD): On Legal Persons

AML/CFT Awareness30

When is Enhanced CDD Required?

Foreign PEPs

Customers from black listed jurisdictions

Domestic PEPs assessed as higher risk

1. Obtain CDD information

3. Inquire on source of wealth and/or funds

4. Obtain approval from Senior Management

2. Obtain additional information

Clients assessed as higher risk (from risk

profiling)

Customer Due Diligence (CDD): Enhanced CDD

Customers from grey listed jurisdictions

assessed as higher risk

What to do ?

AML/CFT Awareness31

…are individuals who are or have been entrusted with prominent public

functions by their respective governments or organisations

Heads of State or of government, senior politicians, senior

government, judicial or military officials, senior executives

of state owned corporations, important political party officials

FOREIGN DOMESTICINTERNATIONAL ORGANISATION

Members of senior

management , i.e. directors,

deputy directors and members

of the board or equivalent functions.

Customer Due Diligence (CDD): On PEPs

PEPs do not include middle ranking or junior level individuals

AML/CFT Awareness32

Potential Customers Do not open the account or commence business relationship or

perform transaction

Existing Customer Terminate the business relationship

• Also, consider submitting a STR. Remember to document your rationale for submitting or

not submitting the STR

1. If the customer does not want to cooperate or refuses to provide information -What should a RI do?

2. If a RI finds a potential client to be suspicious, but believes that insistence oncompleting the CDD would tip-off the customer – What should a RI do?

• Proceed with the transaction, then immediately submit a STR to FIED, BNM

Failure to Satisfactorily Complete CDD

Back to S18

AML/CFT Awareness

General red-flags or indicators of ML/TF

Transaction Risk:

1. Unusual or unnecessarily complicated business structures or transaction

paths

2. Use of large amount of cash

3. Unusual source of funding

4. Speed of transaction (without reasonable explanation)

5. Unexplained changes in instructions or business entities

6. Transactions where there are doubts about the validity of the documents

submitted

Customer Risk:

1. Transaction inconsistent with the individual’s known occupation or income

2. Unusual involvement of third parties / intermediaries

3. Use of legal entities that hide the identity of ultimate beneficial owner

4. Instruction outside normal geographical area, area of expertise, or client

market

5. Involvement of higher risk clients such as Political Exposed Persons

(PEP), individuals from high risk jurisdictions

6. Formation of shell companies that can then be used by money launderers

7. Avoiding personal contact without good reason

33

AML/CFT Awareness34

Type of services Specific indicators

Formation agents

• Unclear purpose for the formation of the company• Suspicious behaviour by the clients e.g. unwilling to provide CDD info• Unjustified nature and pattern of transaction/request – e.g. to hold /receive funds which

is not consistent with their profile.

Arrangement services• Doubtful reason for the arrangement • Excessive influence or involvement by unrelated third parties

Providing address/ accommodation

• Doubtful reason for the usage of CS’s address/premise• Excessive receipt of “unofficial”, suspicious mails• Frequent presence of suspicious individuals at CS’s premise• Conduct of unrelated or suspicious business activities at CS’s premise

Trustee services

• Complex/unusual trust arrangements• Numerous changes of trustee• Unusual involvement of unrelated 3rd parties• Questionable relationship among the parties involved• Unjustified source of fund

Nominee services

• Doubtful reason for the nomination• Extensive influence or involvement of unrelated third parties• Unjustified/suspicious instruction from the ultimate owner – e.g. to approve loans from

the company to specified person frequently and/or for sums which are large

Specific red-flags or indicators of ML/TF for company secretarial services

AML/CFT Awareness35

Suspicious Transaction Report: Reporting Mechanism

Internal reporting mechanism:

• RI to have in place policies on

duration taken by Compliance

Officer to review internal STR and

circumstances the timeframe can be

exceeded

TIPPING OFF:

• If RI has formed a suspicion of ML/TF but

believes that performing CDD process would

tip-off the customer, RI is permitted not to

pursue CDD, to proceed with the transaction

and immediately file a STR

Back to S15

Establish clear Policies & Procedures to guide all staff, which should include:

Guidance on the type of client behavior or transactions that could be considered as

suspicious i.e. internal criteria/red-flags

What to do when doubt arises e.g. types of further scrutiny to conduct, consider

submitting STR if suspicion remains

Who to submit STR to within the firm and where to get STR forms i.e. sample/template

Method for submitting STRs - by staff to CO, by CO to FIED,BNM - to preserve

confidentiality

Timeframe for (i) initial assessment by staff upon formation of doubt before raising STR to

CO, and (ii) assessment by CO before submitting STR to FIED, BNM.

Method for recording of CO’s assessment and decision not to submit STR received from

staff and secure filing of these documents for at least 6 years.

Back to S18

AML/CFT Awareness36

Suspicious Transaction Report: Info Required – When in doubt, submit STR

Useful

information for

investigation

by LEAs

• Name of Subject

• Identification No.

• Address• Contact No.• Employment details i.e. occupation,

name of employer

Details of Subject Reported

• Mode of transaction• Transaction Amount• Transaction Date

Transaction Details

• Reasons given by the reporting institutions on why they feel the conduct of account is suspicious

Description of Suspicious Transaction

Back to S19The STR form is available in Sector 5 Policy Document

AML/CFT Awareness37

Combating Financing of Terrorism

Updated and maintain list

Check on names Freeze/ Reject Report

1 2 3

• List under Section 66B (Domestic) and Section 66C (UNSC) (Part VIA)

• The list is available at AML/CFT Microsite

on new customers, beneficial owners and beneficiary

existing customers

potential customers

take measures to ascertain identity –not ‘false positive’

freeze/ block fund for existing customers

reject transactions for new/ potential customers

4

• to FIED (including attempted transactions)

• inform relevant supervisory authority

Obligations under Part VIA of the AMLA applicable to any person

Back to S19

AML/CFT Awareness38

AML/CFT Training

• Tailored to staff level & nature of works;

• Frequency – correlate with level of risk

Record-keeping

• All records relating to transactions, CDD etcmust be properly maintained, for at least 6 years from the point of termination of the business relationship with the client

Management Information System

• Not necessarily automated

• To commensurate with nature, scale and complexity of operations

Other Requirements

Back to S19

preserving the integrity of the financial system ... -...

Documents