Question & AnswerQ&A (AMLC REGULATORY ISSUANCE A, B AND C, NO. 2, S. 2018)
Any revelation of an ongoing AMLC investigation is considered inimical to public interest as it may lead to the immediate movement of funds subject to investigation, depriving the State of the opportunity to recover proceeds of unlawful activity.
Covered persons are required to ensure that their officers and employees maintain confidentiality and ensure swift retrieval of customer records to assist the AMLC in prompt investigations and legal actions.
Customer records include: (1) Records used to establish customer's identity such as Customer Due Diligence (CDD) files, official IDs, account files, and business correspondence; and (2) Account transaction histories or statements of accounts, whether in Philippine pesos or other currencies.
Covered persons must promptly act on AMLC requests, digitize all customer records within set timeframes (excluding closed accounts beyond five years), develop a central database accessible to authorized officers, ensure database security and compliance with data privacy laws, keep records in court-admissible formats, and update their Money Laundering and Financing of Terrorism Prevention Program (MLPP).
Within 6 months from the effectivity of the Guidelines, covered persons must update their MLPP, and immediately upon effectivity of the updated MLPP (not exceeding 6 months from the Guidelines' effectivity), they must begin digitizing all new customer records.
Covered persons must complete the digitization of all existing customer records and establish the central database within 2 years after the 6-month period allowed for updating the MLPP and starting digitization.
Covered persons must comply with prevailing laws related to data privacy, data protection, and security measures when developing their databases and adopt retrieval procedures that safeguard confidentiality.
Customer records must be submitted to the AMLC's File Transfer and Reporting Facility (FTRF) using the covered persons' login credentials or through other modes prescribed by the AMLC, ensuring that the submission is complete, accurate, timely, and secure.
Non-compliance subjects covered persons to administrative sanctions and penalties as provided in the AMLC's Rules on Imposition of Administrative Sanctions (RIAS), and such violations are considered grave. Breaches of confidentiality constitute criminal offenses under the AMLA and its Implementing Rules and Regulations.
Yes, covered persons engaged in money service business operations are exempted from digitizing existing records prior to the implementation period, except when their business model allows opening, keeping, and maintaining accounts as electronic wallets or similar electronic services.