AMLC Guidelines for DNFBPs AML/CFT Compliance

Scope of Application

Guidelines apply to jewelry dealers, dealers in precious metals and stones, company service providers, and persons such as lawyers and accountants providing specific services related to managing client money, organizing companies, and managing juridical persons.

Key Definitions

Important terms include Account, AMLA, AMLC, Beneficial Owner, Covered Persons, Covered Transactions, Customer/Client, Dealer, Identification Document, Jewel, Jewelry, Monetary Instrument, Politically Exposed Person, Precious Metals and Stones, Proceeds of Unlawful Activity, Property, Suspicious Transaction, Terrorism Financing, Transaction, Unlawful Activity.
Definitions sourced also from the 2016 Revised Implementing Rules and Regulations (RIRR).

Responsibilities of DNFBPs

Establish and maintain an effective AML/CFT Compliance Program.
Implement policies and controls for compliance including customer due diligence, risk assessment, record keeping, suspicious transaction detection and reporting, staff training, and employee screening.
Communicate policies across all relevant employees and conduct regular training.
Perform independent AML/CFT program reviews periodically.

Institutional Risk Assessment

DNFBPs must conduct regular risk assessments to identify ML/TF risks related to customer base, products, transaction types, geography, and delivery channels.
Document and update risk assessments regularly and submit information to AMLC as required.

Risk Management Policies

Develop policies to manage and mitigate identified ML/TF risks.
Monitor and enhance policies as necessary, particularly for higher risk exposures.

Governance and Compliance Oversight

Board of Directors or equivalent authorities hold ultimate responsibility for AML/CFT compliance.
Designate a senior management compliance officer with authority and a direct communication line to governance bodies.
The compliance officer manages day-to-day AML/CFT obligations and liaises with AMLC.

Money Laundering and Terrorism Financing Prevention Program (ML/TFPP)

Board approves and compliance officer implements a comprehensive ML/TFPP aligned with corporate structure and risk profile.
ML/TFPP must include procedures for customer identification, record keeping, transaction reporting, employee training, internal audits, cooperation with AMLC, and new business risk assessment.
ML/TFPP should be updated biennially or as needed.

Internal Controls and Audit

DNFBPs shall have internal controls for ongoing AML/CFT compliance, supported by independent audits at least every two years.
Audit scope includes verifying identification documents, transaction reports, and compliance effectiveness.
Corrective actions must be taken promptly for any deficiencies identified.

Customer Due Diligence (CDD)

DNFBPs must identify customers before starting business relationships and verify identities using reliable documents.
CDD must be risk-based with enhanced due diligence on high-risk customers and reduced measures on low-risk.
Customer information must be documented and reviewed regularly.

Monitoring and Reporting System

Implement transaction monitoring systems capable of generating timely and accurate covered and suspicious transaction reports.

Record Keeping

Maintain transactional and customer identification records for at least five years or longer if litigation is ongoing.

Employee Training

Provide ongoing and refresher training to employees on AML/CFT roles, compliance measures, and updates.
Maintain records of attendance and training materials.

Cooperation with Authorities

Implement procedures for cooperation with AMLC investigations, assessments, directives, and judicial orders.
Notify AMLC promptly upon receipt of inquiries related to ML or TF.

Managing New Products and Practices

Assess ML/TF risks for new products, practices, delivery mechanisms, and technology, adjusting controls accordingly.

High-Risk Customers

Identify customers from high-risk jurisdictions or with other risk factors such as PEP status or adverse media exposure.
Apply Enhanced Due Diligence (EDD) including additional information gathering and senior management approval.

Ongoing Monitoring

Conduct continuous review of existing customer activity to ensure consistency with customer profiles and identify suspicious patterns.

Face-to-Face Verification

Conduct face-to-face customer verification upon account opening, which may use information technology as long as identification documents have been verified.

Third Party Reliance and Outsourcing

DNFBPs may rely on or outsource customer identification and due diligence to covered persons or equivalent entities, but remain ultimately responsible.
Ensure outsourced parties maintain adequate CDD systems and provide information promptly upon request.
Prohibited from relying on third parties in countries with known substantial ML/TF risks.

Politically Exposed Persons (PEPs)

DNFBPs must identify PEPs, their families, and related entities, and apply due diligence appropriate to the risks.

Customer Acceptance and Refusal Policies

Develop written policies to refuse service to suspicious individuals or entities.
Refusal should be documented, and potential suspicious transactions reported.

Prohibition of Anonymous Accounts

Anonymous or fictitious accounts are forbidden; accounts must be under true and full customer names.

Termination of Business Relationships

DNFBPs must terminate relationships if customers refuse CDD compliance or cause unacceptable delays and consider filing Suspicious Transaction Reports.

Tipping Off

DNFBPs may withhold CDD if it risks alerting a customer suspected of ML/TF but must file a Suspicious Transaction Report immediately.

Record Keeping Requirements

Records must be organized and confidential, kept for five years or longer if involved in ongoing cases.
Records of internal decision-making on CTRs and STRs also must be maintained.

Reporting of Covered and Suspicious Transactions

Covered and suspicious transactions must be reported within five working days from occurrence or suspicion.
Reporting procedures follow AMLC Registration and Reporting Guidelines.
Instances of transactions initially flagged suspicious but not reported must be recorded.

Confidentiality and Safe Harbor

DNFBPs and personnel are prohibited from disclosing covered or suspicious transaction reports.
Good faith reporting affords protection from administrative, civil, or criminal liability.

Exemptions from Reporting

Lawyers and accountants acting as independent professionals are exempt from filing CTRs or STRs related to client confidentiality but may report knowledge of unlawful activities confidentially.

Registration Requirements

All DNFBPs must register with AMLC submitting documents including business registration, ownership, financials, and proof of AML seminar attendance.
Registration must be done within six months for existing entities or before operation for new ones.

Notifications to AMLC

DNFBPs must notify AMLC regarding commencement, transfer, closure of offices or business, name changes, and ownership changes within five business days.

Compliance Checking and Investigation

AMLC authorized to conduct onsite compliance checks with 24 hours' notice and investigations involving production of documents and information from DNFBPs.
DNFBPs must allow full access to records and produce certified true copies within specified timelines.

Examination of Transactions and Freezing of Assets

AMLC empowered to examine customer transactions related to unlawful activity and issue freeze or forfeiture orders.
DNFBPs must comply with freeze orders and ensure no lifting without AMLC confirmation.
Proceedings governed by specific rules under AMLA.

Enforcement Actions

AMLC empowered to impose administrative sanctions including monetary fines for violations of AMLA and related issuances.

Miscellaneous

Invalidity of any provision does not affect the rest of the guidelines.
Guidelines become effective fifteen days after publication in a newspaper of general circulation.