The Securities and Exchange Commission of Pakistan (SECP) has conveyed to the corporate sector that the individuals who are authorised to open and operate the accounts in case of corporate entities should also be subject to comprehensive customer due diligence (CDD) requirements. According to the FAQs issued by the SECP on anti-money laundering here on Saturday, the documentation is required for identification and verification of person acting on behalf of the entity and its directors. In addition, the authority of such person to act on behalf of the customer shall be verified through documentary evidence including resolution of board of directors.
The SECP said that the ML/TF risk w.r.t risk categories, ie customers, countries or geographical locations, products and services, transactions and delivery channels are specific to each entity. Examples of high and low risk categories are given in section 18 of the SECPAML/CFT Guidelines 2018. It may be noted that EDD is mandatory for high risk customers and has to be done irrespective of any thresholds.
The KYC/CDD requirements for the pre-existing accounts opened before 2012 is explained under Section 9b-Existing Customers of the SECP Guidelines on AML, CFT and Proliferation Financing :-
"RPs are required to apply CDD measures to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained."
The SECP said that the KYC/CDD process entails identifying the customer or beneficial owner; obtaining information on the purpose and intended nature of the business relationship; and monitoring of accounts/transactions on ongoing basis. Therefore, reliable and independent sources may be used for verification purposes.
The SECP further said that ongoing monitoring is part of the customer due diligence and essentially consists of monitoring transactions for intended purpose of the customer.
Section 10 of the SECP AML/CFT Guidelines 2018 explains the mechanism of ongoing monitoring of accounts. However, entity should formulate policies and procedures for ongoing monitoring, the SECP said.
About the KYC requirements for investors with long-term banking relationships, SECP clarified that the section 12 of the SECP AML/CFT Regulations 2018 provides detailed guidance on third party reliance. It may be noted that notwithstanding long-term banking relationships and the investment of funds through banking channel the responsibility for ongoing monitoring of customers and reliance on third parties ultimately remains with the regulated person, including generation of STRs.
To a query on how to identify and verify the beneficiaries in case of trusts as required under Regulation (7)2 of SECP AML/CFT Regulations 2018, the SECP has issued a clarification.
The SECP responded that in the case of "Trusts", the regulated person should obtain: a) Whether the Trust is a Public Trust or Private Trust; b) Trust Deed whereby the Trust has been created; c) Details of Settlor (this will also be available in the Trust Deed); d)Objects of the trust (this will also be available in the Trust Deed); e)Trustee of the trust (whether trustee is associated person of the settlor); f) Description of each class or type of beneficiary (this information may also be checked from Trust Deed); g) Details of any possibility of influence of any other person on trustee regarding management and control of trust property; h) In the case of "Private Trust" if the beneficiary of a trust is also the beneficial owner of the trust, identification and verification of the beneficiary is required otherwise the name and CNIC of each beneficiary of a trust should be obtained.
For this purpose, the regulated person may obtain a declaration from governing body/board of trustees/executive committee/sponsors on ultimate control, purpose and source of funds etc. Further, the documents as per Sr. No. 1 of the Annex 1 of the SECP AML/CFT Regulations, 2018 can be used for identification and verification of settlor, the trustee, the protector (if any), the beneficiaries and any natural person exercising ultimate ownership, ultimate control or ultimate effective control over the trust under Regulation (7)2 of SECP AML/CFT Regulations.
The SECP has also received a query that the annual risk assessment Framework and Compliance Assessment Check list are required to be filed with SECP by June 30 of each Financial Year. What would be the cut-off date for data to be used for this risk and compliance assessment?
The SECP responded that the May 31 of each financial year may be taken as a cut-off date for data to conduct necessary assessment and subsequent filing to the SECP on June 30. However, the data for month of "June" shall be included in the subsequent annual filing.
The SECP has said six monthly information/data is required to be filed with SECP by June 30 and December 31 of each financial year. What would be the cut-off date for data to be used for each six monthly information/data submission?
The first six monthly data along with annual risk assessment and annual compliance check list shall be submitted not later than June 30, based upon the data up to May 30 (hence the data period will be from December to May 31) and for second six monthly information/data shall be submitted not later than 31st December based upon the data up to 30 November (hence the data period will be from 1stJune to 30 November), the SECP added.