Take Advantage Of Our Visa And Mastercard With Smooth Buying Power
Everyone Is Bankable
Everyone Is Bankable
Take Advantage Of Our Visa And Mastercard With Smooth Buying Power
AfriOne Bank - Everyone Is Bankable
KNOW YOUR CUSTOMER / CUSTOMER DUE DILIGENCE, ANTI-MONEY LAUNDERING, COUNTER FINANCING OF TERRORISM AND PROLIFERATION FINANCING POLICY AND PROCEDURES.
INTRODUCTION AFRIONE.
AfriOne Bank Trading as a Subsidiary of PLATFORM CENTRE PTY LTD (hereinafter referred to collectively as “AfriOne”, “Company”, “Our”, AfriOne Bank/Wallet System", “Us” and “We”) AFRIONE BANK is an active company that serves as emerging market focused all in one marketplace, incorporated in the jurisdiction of South Africa and operated at No. 2 Baanbreker Avenue, Helderkruin, Roodepoort, Johannesburg, South Africa in accordance with the company act of south Africa with the registration number K2021920262 and We are registed with the Financial Intelligence Centre (FIC) - SHREG-230419-0000077. The company website address is www.afrionebank.africa .
The core activity of company is to trade (“buy”, “sell”, “spend”, “trade” & “Invest”) of crypto and has been serving customers through our various products and services i.e. digital wallet bank “Fiat”, Money Transfer/Remittance, Sales & Service, MasterCard, gift card, Debit card, API payment gateway, Crypto buy and sell of digital assets between P2P Parties and wallets address and remittance. AfriOne is a API facilitation company, making service reach the ordinary and every citizen where we find ourselves, except otherwise stated below and by operational jurisdiction.
The core activity of our company is unified next generation feature rich, secured, scalable, robust, and flexible crypto trading services platform enabling South Africans, Africans, Governments, business, individual and Aggregators to efficiently roll out and scale services through offering a wide range of use cases for the consumers through multiple transaction channels and creating a digital eco system by integrating the digital assets to various other digital service system. e.g. Operating custody accounts for third parties, offering payments services, executing payments transactions, operating an online crypto currency exchange platform, clearing and settling transactions between third parties, decentralized crypto trading platform and marketplace offering and various other services. Our Company is an all in one delivery extension to which will help to build delivery business and platforms for the entrepreneurs and the general public.
AUTHORITY & SCOPE OF THE AML/CTF POLICY
This Anti-Money Laundering (AML) and Counter Terrorism Financing (CTF) Policy (the Policy) is issued under the authority of AFRIONE Directors (the “Board” or “BOD”). This Policy applies to all of the Company’s (“PLATFORM CENTRE” and It “SUBSIDIARIES”) employees, staff, officers and directors in accordance with the regulatory requirement of South African regulations and guidelines and subsequent amendments or additions, constitute and form part of the terms shall also be applicable on the conditions of their employment.
This Policy establishes the compliance framework by which all AFRIONE comply with all applicable laws and regulations in the south Africa entity have AML/CTF or suspicious activities obligations. This Policy is used by the Board as a guide to ensure that the stable business is conducted in a manner that is compliant with all applicable laws and regulations. The company has created and developed products and services with a compliance and security focus in mind in an effort to combat any attempted use of AFRIONE for illegal or illicit purposes. AFRIONE is committed to maintaining the highest possible compliance with all applicable laws and regulations relating to AML and the prevention of terrorism financing. All company’s personnel will be required to complete annual compliance training programs to support compliance focus. In all circumstances, company will maintain rigorous AML/CTF controls in accordance with applicable laws.
Adherence to this Policy is the responsibility of all employees directly or indirectly facing customers, executing or overseeing transactions, contractual documentation, systems and tools or other sources of information that may provide or reveal indications of possible money laundering or terrorism financing. All employees, including full-time, temporary or part-time employees, interns and contractors, if they have access to information or tools or are involved in the processes described in this document, are expected to be familiar with this policy as it relates to their responsibilities, and act in accordance with its provisions. The Board of Directors of company is ultimately responsible for approving this policy, ensuring compliance with this policy and creating the culture of compliance within the company.
Company has adopted a risk-based approach to mitigate the risk of being used for the purpose of money laundering or terrorism financing. This means assessing the ML/TF risks to which company is exposed to as a result of the nature and complexity of its business and the ML/TF risk to which is exposed to as a result of entering into a business relationship or carrying out a particular transaction. The rules, requirements and procedures set out in this Policy must be complied with at all times. The Company reserves the right to take disciplinary action (including dismissal) for non-compliant employees or contractors.
The AML/CTF function at company is an independent function executed and managed by the appointed Money Laundering Reporting Officers (MLRO) in each of its regulated entity worldwide, as applicable, who will regularly update local management and BOD on all material issues. The AML/CTF program encompasses but is not limited to the following activities: customer identification processes, defining the scope of eligible and non-eligible activities, sanctions screening, transactional monitoring, regular risk assessments, suspicious activities reporting, record keeping, training and other pertinent aspects, as required by applicable laws and regulations.
This Policy is reviewed on every addendum/SROs/Circular of the regulations issued by South African government under regulations, to ensure that it incorporates recently enacted rules and regulations, provides guidance in relation to said products, systems or tools introduced by the company, and addresses most recent learning and best practices in the areas of AML and CTF.
AML/CTF POLICY OBJECTIVES
This AML/CTF Policy protect AFRIONE being used by money launderers, terrorists, and those financing terrorist activities. Specifically, this Policy:
· Define specific roles and responsibilities for company AML/CTF compliance personnel;
· Create an AML/CTF risk assessment process;
· Outline company AML/CTF internal control processes;
· Create a Know Your Customer (referred as “KYC”) framework that provides for risk-based customer identification, verification and due diligence;
· Create a transaction monitoring and suspicious activity reporting program;
· Establish controls to ensure compliance with sanctions requirements and the regular screening against official public financial sanctions lists;
· Establish a process to ensure adherence to all AML/CTF requirements, including filing of suspicious activities reports to the authority as per law, performing AML/CFT risk assessments, responding to information requests and maintaining records;
· Ensure that company documents its efforts to meet its legal and regulatory obligations, including any applicable recordkeeping requirements;
· Provide a training program for all personnel of the Company;
· Require periodic independent testing; and
· Require regular reporting to the Board about company AML/CTF efforts.
KEY TERMS AND DEFINITIONS
The key terms and definitions of this Policy are: “Money laundering” shall mean:
“knowingly facilitating by any means the false justification of the nature, the origin, the emplacement, the position, the movement or the propriety of the goods, which are constituting the object or the direct or indirect proceeds, or constituting a patrimonial benefit of any nature whatsoever from one or several of the designated predicate offences;”
“knowingly assisting in a placement, dissimulation or conversion transaction of digital assets constituting the object or the direct or indirect proceeds, or constituting a patrimonial benefit of any nature whatsoever from one or several of the predicate offences;” and ―having acquired, held or used the digital assets i.e. crypto constituting the object or the direct or indirect proceeds, or a patrimonial benefit of any nature whatsoever from one or several of the predicate offences, knowing, at the time they received them, that they originated from one of the designated offences or from the participation in one or several of these offences.”
The above references both define the money laundering offence by listing the facts constituting this offence and also specify the categories of predicate offences which may give rise to this offence. Money laundering presupposes the existence of a predicate offence whose object or proceeds may give rise to a money laundering offence.
The predicate offences are classified within this policy according to the list of designated categories of offences set forth in the glossary of the FATF Recommendations. The predicate offences include, but are not limited to:
· Involvement with an organized criminal gang, racket, or terrorism, including the financing thereof;
· Human trafficking and illicit trafficking of immigrants;
· Illicit trafficking in narcotic drugs and psychotropic substances;
· Arms trafficking;
· Illicit trafficking in stolen goods and other goods;
· Corruption;
· Fraud and swindle;
· Forgery of money;
· Forgery and product piracy;
· Kidnapping;
· Illegal detention and taking of hostages;
· Theft;
· Smuggling;
· Extortion;
· Forgery;
· Aggravated tax fraud and tax evasion;
· Piracy.
Money laundering consists of any act relating to the proceeds of or the object of any predicate offense (i.e. any act from which any economic benefit is drawn from the predicate offence).
The legal definition of money laundering is very broad and encompasses a whole set of devices which all serve the purpose to provide a false justification of the origin of the property forming the object or proceeds of the predicate offences. The money laundering offense requires that the actor knowingly launders the proceeds.
The FATF has identified a three-step process that is commonly used to launder money:
· Placement: The disposal of cash obtained from illegal activity by depositing it with or sending it through a financial institution. Illegal activities usually generate large amounts of cash that need to be placed into the financial system, the retail economy or transferred out of the country (e.g., the sale of illegal drugs, where payment is commonly made in cash).
· Layering: Moving illegally obtained funds through various layers of financial transactions in order to disguise the illicit source of funds confuse any audit trail and provide anonymity for the criminal.
· Integration: The placement of laundered funds back into the financial system in a manner that makes such funds appears to be “clean” and legally earned.
A Politically Exposed Person (PEP) shall mean: An individual who is or has been entrusted with a prominent public function such as a Head of State or Government, a senior politician, senior government/judicial/military officer, senior executive of a state-owned corporation, important political party officials or family member and/or close relative of a PEP.
Know Your Customer (“KYC”) is the process of identifying and verifying the identity of its customers and ascertain relevant information required for doing business with them. KYC involves:
a. Seeking evidence of identity and address from the customer and independently confirming that evidence at the start of a relationship with the Company and periodically updating the information as per customer risk classification; and
b. Seeking information regarding the sources of income and nature of business etc. of the customer.
Customer Due Diligence (“CDD”) information comprises the facts about a customer that should enable an organization to assess the extent to which the customer exposes it to a range of risks. These risks include money laundering, terrorist financing and having business relationship with sanctioned individuals/entities or designated terrorists under South Africa Anti-Terrorism law.
(i) Money Laundering (“ML”) is the involvement of any transaction or series of transactions seeking to conceal or disguise the nature or source of proceeds derived from illegal activities, including narcotics trade, human trafficking, terrorism, ransom, extortion money, organized crime, fraud, and other crimes.
(ii) Financing Terrorism (“TF”) refers to activities that provide financing or financial support to individual terrorists or non-state actors.
(iii) Customer means any natural person, legal person or legal arrangement to whom financial services have been extended by a regulated person.
(iv) Beneficial Owner A natural person who is the owner of the Customer (a legal entity or a foreign undertaking) or controls the Customer and/or the natural person on whose behalf a transaction or activity is being conducted.
(v) Legal Persons mean entities other than natural persons whether incorporated or not or a legal arrangement that can establish a permanent customer relationship with a regulated person or otherwise own property and include companies, bodies corporate, foundations, Limited Liability partnership (LLP), partnerships, or associations and other relevantly similar entities.
AML/CTF RISK ASSESSMENT AND ASSOCIATED CONTROLS AND MEASURES
AFRIONE will identify and assess the money laundering risks and the terrorism financing risks that may be associated with its unique business, services, and customers. More specifically, company will:
· Carry out a business-wide ML/TF risk assessment on semiannually basis, assessing the risks to which company is exposed as a result of the nature and complexity of its business;
· Assess the risks to which company is exposed as a result of entering a business relationship or carrying out transactions to buy remittances.
Each of the above risks assessments will consist of two separate, but related steps: The identification of the ML/TF risk factors, and the assessment of any such factors. The Company shall take reasonable steps to manage them and shall focus resources on the areas of its business that management believes pose the greatest risks.
Having identified its AML/CTF risks, the Company has following strengths:
· Developed and implemented policies, procedures and controls, which are approved by the Board of Directors to enable it to manage and mitigate the risks;
· Monitor the implementation of those policies, procedures and controls, and enhance them if necessary;
· Perform enhanced/reinforced measures where higher risks are identified, to effectively manage and mitigate those higher risks; and
· Ensure the performance of measures or enhanced measures to effectively manage and mitigate the identified risks to address the risk assessment and guidance from the relevant authorities.
Company will perform its semiannual risk assessment, where AML/CTF risks must be fully addressed. Based on the outcome of such risk assessment, an appropriate compliance plan must be developed and executed. The outcome of the AML/CTF risk assessment must be presented to and reviewed by the Board of Directors.
The risk assessment is based on total customer risk assessment scoring system. Score in the client’s overall risk profile is 100 points.
The above number of points in the customer risk assessment scoring system upon the assessment of the nature of company socioeconomic activity and the client ‘s MLTF risk is broken down by risk assessment as follows:
· customer risk—33 Points
· national and geographic risk— 2O points
· risk related to services and products used by the client — 27points
· service and product delivery channel risk—20 Points
For each risk segment considered within the assessment, the risk score can never be zero. Whilst the risk within a factor can be extremely low, there is always an inherent money laundering and terrorist financing risk which needs to be acknowledged by the South African Financial Intelligence Centre [FIC].
The monitoring employees ensure updates of the customer’s risk profile by applying the customer risk assessment scoring system each time when it is required to carry out due diligence of the customer. The customer risk assessment scoring system is utilized to apply risk mitigation measures pursuant to this AML and TF Policy or when FIC has obtained (through reports, customer service or due diligence, mass media Etc) Information concerning the customer, its beneficial owner, personal or economic activity as well.
The monitoring employee, based on the risk assessment and the risk Profile of the customer awarded score, determines the necessary due diligence measures and their regularity. The client’s due diligence measures and their regularity is determined based on the existing level of risk.
In order to perform regular update of the numerical score assigned to the risk factor, the customer compliance and monitoring department head selects at least 10 (ten) clients (focus group) and the relevance of the numerical score assigned to each risk factor, as well as the necessary changes in the numerical score assigned to each risk factor is based on the monitoring of the activity of the focus group.
Before the implementation of a new customer risk assessment scoring system or significant changes to the existing client risk assessment scoring system, the company shall inform the commission in a written form. The customer risk assessment scoring system shall include the following client identification information:
· name of the customer
· country of registration of the customer
· registration number of the customer
· representatives of the customer
· beneficial owners of the customer
Company will put these following measures in place to ensure its business-wide and individual risk assessments remain up to date:
· Set a date for every six months of each calendar year, on which the next business-wide risk assessment update will take place
· Set a risk-sensitive date for individual risk assessments to ensure that new or emerging risks are included
· Reflect the emergence of new, or an increase in existing ML/TF risks in business-wide and individual risk assessments as soon as possible, and
· For each risk assessment period, record issues that could have a bearing on risk assessments, such as suspicious transaction or activity reports, compliance failures and intelligence from front office staff.
OBLIGATION TO ASSESS NEW PRODUCTS, PRACTICES AND TECHNOLOGIES PROCESS
The Company must identify and assess the money laundering and terrorism financing risks that may arise in relation to:
· New products and new business practices, including new delivery mechanisms
· Impact of new AML regulations on existing products and services
This must be done prior to the launch or use of such products and practices, where applicable, paying particular attention to products or practices that favor anonymity.
OBLIGATION TO CONDUCT CUSTOMER DUE DILIGENCE (“CDD”) & KNOW YOUR CUSTOMER (“KYC”)
Company must exercise due diligence when dealing with new and existing clients. It will, under applicable laws, assist and cooperate with regulators and relevant law enforcement authorities in detecting and preventing money laundering and terrorism financing.
AFRIONE will periodically, and at least after six months of year, review the adequacy of the existing CDD information and procedures, in accordance with the business-wide risk assessment and ensure these remain relevant and kept up-to-date.
Under CDD, company shall apply risk-sensitive measures to identify the customer and, where applicable, the customer’s beneficial owner, and verify that identity on the basis of reliable and independent sources in a satisfactory manner, including the identity of beneficial owners. Finally, company shall establish the purpose and the intended nature of the business relationship.
OBLIGATION TO IDENTIFY AND REPORT SUSPICIOUS ACTIVITIES, CONDUCT CLIENT DUE DILIGENCE (“CDD”) & KNOW YOUR CUSTOMER (“KYC”)
Company AML team will file Suspicious Activity Reports or Suspicious Transaction Reports (hereinafter “SARs” or “STRs”) with the relevant FIC (and other authorities, where applicable) when we know, suspect or have reasonable grounds to suspect that money laundering or terrorism financing is being committed or has been committed or attempted, in particular in consideration of the person concerned, its development, the origin of the funds, the purpose, nature and procedure of the operation.
CUSTOMER IDENTIFICATION:
(i) No account shall be opened in the name of person who fails to disclose his/her true identity or fails to provide valid identity document. To authenticate identity of new customer:
a. The photocopies of identity documents shall be validated through regulatory authority, identifying presence of any adverse remarks in the comments.
b. In case of an individual with shaky/immature signatures, in addition to Passport, a passport size photograph of the new account holder will be obtained.
(ii) Source of income shall be essentially disclosed by the customer.
a. In case source of customer’s income is business / employment, name of the business / employer shall also be disclosed.
b. In case of a salaried person copy of his service card or salary slip or certificate or letter on letter head of the employer will be obtained.
(iii) All prospective customers must be seen either face to face by the Company’s customer service representative or trader or on video call through communication tool like Skype, WhatsApp etc. and details verified over a recorded call on registered phone number.
(iv) For any new account opening form, the Compliance Department shall match the particulars of the customer from the followings:
UNSC Sanctions list obtained daily from UNSC website under consolidated sanction list (https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list); If any matching name is found the account is being declined and reported to FIC simultaneously in the form of STR.
PROGRAM AND SYSTEMS TO PREVENT ML AND TF:
(i) The Company will establish and maintain programs and systems to prevent, detect and report ML/TF. The systems will be appropriate to the size of the Company and the ML/TF risks to which it is exposed and will include:
a. Adequate systems to identify and assess ML/TF risks relating to persons, countries and activities which should include checks against all applicable sanctions lists;
b. Policies and procedures to undertake a Risk Based Approach (RBA);
c. Internal policies, procedures and controls to combat ML/TF, including appropriate risk management arrangements;
d. Customer Due Diligence measures;
e. Record keeping procedures;
f. Group-wide AML/CFT programs;
g. An audit function to test the AML/CFT system;
h. Screening procedures to ensure high standards when hiring employees; and
i. An appropriate employee-training program.
(ii) It will be the responsibility of the Senior Management to ensure that appropriate systems are in place to prevent, detect and report ML/TF and the Company is in compliance with the applicable legislative and regulatory obligations.
GOVERNANCE OF AML/CTF COMPLIANCE PROGRAM
Chief Compliance Officer (CCO) and Money Laundering Reporting Officer (“MLRO”)
The Designated Chief Compliance Officer appointed by AFRIONE or a Board of Directors Member responsible for regulatory and compliance matters (―CCO‖) is responsible for proper execution of the company Anti-Money Laundering and Counter Terrorism Financing Policy and related processes. Key Responsibilities of CCO and respective regional MLROs are:
· Oversight of effective implementation of AML/CTF Policy and related controls
· Making necessary changes and improvements to the AML/CTF Policy, arising, for example, from implementation of new regulations, introduction of new products, findings and learnings arising from AML/CTF testing and monitoring
· Organization of AML Trainings for employees and retention of attendance records
· Managing Suspicious Activities Reporting process and cooperating with law enforcement agencies
· Monitoring of rules and regulations concerning AML/CTF matters and ensuring that company AML/CFT systems and tools remain up-to-date and meet current regulatory requirements
· Reporting on AML/CTF matters to the Authorized Managers and Board of Directors, and providing support and guidance to senior management to ensure that AML/TF risks are adequately addressed
· Assistance in resolving AML/CTF issues escalated by AML or Risk Teams, and
· Participation in risk reviews and customer termination decisions
The CCO and MLROs will act as a main point of contact for external supervisors, law enforcement, and any other competent authorities in relation to AML/CTF prevention and related matters.
COMPLIANCE FUNCTION
In addition to CCO and MLROs, there are dedicated teams responsible for execution of certain AML/CTF tasks and activities within company and constituting the first line of defense (―FLOD‖) in relation to AML/CTF matters:
· Operations and Customer Support is responsible for the quality of customer on boarding and due diligence, performing reviews of customer information and analysis of triggering events, assessing customer screening results, evaluating suspicious transactions indications and responding to questions, escalated by other teams and internal departments regarding AML/CTF matters.
· Risk, Fraud and Transaction Monitoring is responsible for monitoring of incoming and outgoing transactions, risk alerts and triggering events in order to identify potential fraud or ML/TF suspicious transactions.
· Business Development and Account Management is responsible to gather necessary information from company partners and service providers to ensure that all financial, payments or technical partners and counterparties of company have adequate licensing and proper controls in place.
· Product Development is responsible for ensuring that the technical and policy recommendations of company and MLROs are appropriately understood, implemented, tested and monitored at the technical and product level.
SENIOR MANAGEMENT OVERSIGHT
The MLRO or CCO for each of the regulated entities will send regular reports to the Authorized Management of their entity and the Board of Directors in which a summary of all significant compliance matters is presented. MLROs will also prepare ad-hoc reports regarding important matters relating to AML/CTF as needed (i.e. change of regulatory framework, specific AML findings, detected risks etc.).
Every material change in AML/CTF Policy needs to be formally approved by the Board of Directors. Small tactical changes (sanctions list updates, slight modification of internal tools) can be implemented via on- going SOP updates and on-the-job trainings for relevant teams.
In order for the AML/CTF Compliance function to be effective, senior management should, as far as practicable, ensure that:
· Compliance function operates as an independent, permanent function, able to escalate any important issues or risks directly to the BOD
· Compliance function has adequate budget that can be allocated to processes, products or issues as needed based on the level of identified ML/TF risk; and equipped with sufficient resources, including tools and headcount.
· CCO/ MLRO is of a sufficient level of seniority and authority within the company
· Compliance teams are capable of accessing, on a timely basis, all available information (both from internal sources, such as customer or transactional records, and external sources, such as circulars from relevant authorities)
RISK ASSESSMENT AND APPLYING A RISK BASED APPROACH (“RBA”):
The RBA enables the Company to ensure that AML/CFT measures are commensurate to the risks identified and allow resources to be allocated in the most efficient ways. RBA is applied keeping into consideration the Company’s size, geographical coverage, structure and business activities e.g. daily system-based sanction screening. As a part of the RBA, The Company:
a. Identify ML/TF risks relevant to it;
b. Assess ML/TF risks in relation to-
c. Its customers (including beneficial owners);
i) Country or Geographic area in which its customers reside or operate and where the Company operates;
ii) Products, Services and Transactions that the Company offers; and
iii) Their Delivery Channels.
iv) Design and implement Policies, Controls and Procedures that are approved by its Board to manage and mitigate the ML/TF risks identified and assessed;
a. Monitor and evaluate the implementation of mitigating controls and improve systems where necessary;
b. Keep its risk assessments current through ongoing reviews and, when necessary, updates;
c. Implement and monitor procedures and updates to the RBA; and
d. Have appropriate mechanisms to provide risk assessment information to the Commission.
Under the RBA, the following mechanism will be applied:
a. where there are higher risks, the Company takes enhanced measures to manage and mitigate those risks; and
b. Correspondingly, where the risks are lower, simplified measures are permitted. However, simplified measures are not permitted whenever there is a suspicion of ML/TF.
In the case of some very high-risk situations or situations which are outside the Company’s risk tolerance, the Company may decide not to take or accept the customer, or to exit from the relationship. CO in such cases will consider need to raise an STR to FIC
In view of the fact that the nature of the TF differs from that of ML, the risk assessment must also include an analysis of the vulnerabilities of TF. Many of the CFT measures the Company has in place will overlap with its AML measures. These may cover, for example:
a) risk assessment;
b) CDD checks;
c) transaction monitoring;
d) escalation of suspicions; and
e) Liaison relationships with the authorities.
The process of ML/TF risk assessment has four stages:
a) Identifying the area of the business operations susceptible to ML/TF;
b) Conducting an analysis in order to assess the likelihood and impact of ML/TF;
c) Managing the risks;
d) Regular monitoring and review of those risks; and
e) Identification, Assessment and Understanding Risks.
a. The first step in assessing ML/TF risk is to identify the risk categories, i.e. Customers, Countries or Geographical locations, Products and Services, Transactions and Delivery Channels that are specific to the Company.
b. In the second stage, the ML/TF risks that can be encountered by the Company need to be assessed, analyzed as a combination of the likelihood that the risks will occur and the impact of cost or damages if the risks occur. This impact can consist of the followings:
i) Financial loss to the Company from the crime and monitory penalties from regulatory authorities or the process of enhanced mitigation measures.
ii) Reputational damages to the business or the entity itself.
iii) The analysis of certain risk categories, their combination and the conclusion on the total risk level must be based on the relevant information available.
For the analysis, the Company will identify the likelihood that these types or categories of risk will be misused for ML and/or for TF purposes. This likelihood is for instance:
a) High, if it can occur several times per year;
b) Medium if it can occur once per year; and
c) Low if it is unlikely, but possible.
In assessing the impact, the Company will, for instance, look at the financial damage by the crime itself or from regulatory sanctions or reputational damages that can be caused. The impact can vary from minor if that are only in short-term or there are low-cost consequences, to very major, when they are found to be very costly inducing long-term consequences that affect the proper functioning of the institution.
c. Company will allow for the different situations that currently arise in its business or are likely to arise in the near future. For instance, risk assessment should consider the impact of new products, services or customer types, as well as new technology. In addition, ML/TF risks will often operate together and represent higher risks in combination. Potential ways to assess risk include but are not limited to:
a) How likely an event is;
b) Consequence of that event;
c) Vulnerability, threat and impact;
d) The effect of uncertainty on an event;
d. The assessment of risk will be informed, logical and clearly recorded. Further, the risk assessment should indicate how the Company arrived at this rating.
5.1 RISK ASSESSMENT MECHANISM:
RISK ASSESSMENT (LOWER COMPLEXITY):
The Company will assess risk by only considering the likelihood of ML/TF activity. This assessment will involve considering each risk factor that have been identified, combined with business experience and information published by the Commission and international organizations such as the FATF. The likelihood rating will correspond to:
a) Unlikely - There is a small chance of ML/TF occurring in this area of the business;
b) Possible - There is a moderate chance of ML/TF occurring in this area of the business;
c) Almost Certain - There is a high chance of ML/TF occurring in this area of the business
RISK ASSESSMENT (MODERATE COMPLEXITY):
· Another way to determine the level of risk is to work out how likely the risk is going to happen and cross- reference that with the consequence of that risk.
· Using likelihood ratings and consequence ratings can provide the Company with a more comprehensive understanding of the risk and a robust framework to help arrive at a final risk rating. These ratings, in combination with structured professional opinion and experience, will assist the Company in applying the appropriate risk management measures as detailed in the program.
· Cross-referencing possible with moderate risk results in a final inherent risk rating of moderate. The program should then address this moderate risk with appropriate control measures. Company will need to undertake this exercise with each of the identified risks.
RISK ASSESSMENT (HIGHER COMPLEXITY)
a) The Company will further assess risk likelihood in terms of threat and vulnerability.
b) Determining the impact of ML/TF activity can be challenging but to focus AML/CFT resources in a more effective and targeted manner. When determining impact, Company can consider a number of factors, including:
a. Nature and size of your business (domestic and international);
b. Economic impact and financial repercussions;
c. Potential financial and reputational consequences;
d. Terrorism-related impacts;
e. Wider criminal activity and social harm; 6) Political impact;
f. Negative media.
g. The Company wills more weight to certain factors to provide a more enhanced understanding of your ML/TF risk.
h. In addition, Company may consider how its risks can compound across the various riskfactors.
APPLYING THE RISK ASSESSMENT:
The risk assessment will assist in ranking and prioritizing risks and providing a framework to manage those risks. The risk assessment will enable the Company to prepare a comprehensive program. It will enable to meet relevant obligations under the regulations, including obligations to conduct CDD, monitor accounts and activities and report suspicious activity.
The assessment will help in determining suspicion and consequently assist in the decision to submit an STR to the FIC The Company will submit an STR to the FIC if it thinks that activities or transactions are suspicious.
The Company will conduct ongoing CDD. The risk assessment will help target and prioritize the resources needed for ongoing CDD.
The Company will undertake account monitoring. The risk assessment will help to design the triggers, red flags and scenarios that can form part of account monitoring.
a) MATERIAL CHANGES AND RISK ASSESSMENT:
The risk assessment will adapt when there is a material change in the nature and purpose of the business or relationship with a customer. A material change could present an increase, or decrease, in ML/TF risk.
Material change could include circumstances where the Company introduces new products or services or have customers (or their beneficial owner) based in new jurisdictions. Material change can include when the Company starts using new methods of delivering services or have new corporate or organizational structures. It could result from deciding to outsource CDD functions or changing your processes for dealing with PEPs. In these circumstances, the Company will need to refresh its risk assessment.
The Compliance resources are accordingly allocated to the areas with higher Inherent Risk to bring the Residual Risk within tolerable band. This risk assessment is an ongoing process and is reviewed on semiannual basis to factor in new and emerging risks due to business dynamics and changes in regulatory framework. This include changes in risk levels as new products are offered, as new markets are entered, as high-risk customers open or close accounts, or as the products, services, policies, and procedures change. The Company also have appropriate mechanisms to provide risk assessment information to the Commission, if required. This is done through a specially designed document which is provided as Annexure 1 to these policy and procedures.
RISK CLASSIFICATION FACTORS:
Below are some examples that can be helpful indicators of risk factors / indicators that may be considered while assessing the ML/TF risks for different risk categories relating to types of customers, countries or geographic areas, and particular products, services, transactions or delivery channels. However, this list is not exhaustive and staff should use critical thinking in determining risk of ML/TF.
A. High-Risk Classification Factors:
a. The Customer risk factors: Risk factors that may be relevant when considering the risk associated with a customer or a customer’s beneficial owner’s business include:
i) The business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between the Company and the customer):
ii) Non-resident customers;
iii) Politically Exposed Persons (PEPs);
iv) Legal persons or arrangements;
v) Companies that have nominee shareholders;
vi) Business that is cash-intensive;
The ownership structure of the customer appears unusual or excessively complex given the nature of the customer’s business such as having many layers of shares registered in the name of other legal persons;
i) shell companies, especially in cases where there is foreign ownership which is spread across jurisdictions (i) trusts and other legal arrangements which enable a separation of legal ownership and beneficial ownership of assets;
ii) Requested/Applied quantum of business does not match with the profile/particulars of client;
iii) Not-For-Profit organization (NPOs) with association with political parties or religious groups;
iv) Real Estate Dealers;
v) Dealers in precious metal and stones, and
vi) Designated Non-Financial Business and Professionals (DNFBPs) such as Lawyers/notaries, accountants.
SCENARIOS OF CUSTOMER TYPES
Small and Medium Sized Enterprises:
Small and medium business enterprise customers usually entail domestic companies with simple ownership structures. Most of these businesses deal with cash and multiple persons that can act on its behalf. The likelihood that funds deposited are from an illegitimate source is HIGH, since it can‘t easily be identified and can have a major impact on a large number of SME customers. Thus, the risk assessment and risk rating result is HIGH.
International Corporations:
International corporate customers have complex ownership structures with foreign beneficial ownership (often). Although there are only a few of those customers, it is often the case that most are located in offshore locations. The likelihood of Money Laundering is High because of the limited number of customers of this type and the beneficial ownership could be questionable, with two criteria that in this scenario result in a possible risk impact of moderate and a moderate risk assessment.
Note: The above risk analysis is a general one for types or categories of customers. It is the starting point for the risk classification of an individual customer. Based on the circumstances of an individual customer, such as its background or information provided, the risk classification of an individual customer can be adjusted. Based on that individual risk classification, customer due diligence measures should be applied.
B. Country or geographic risk factors:
Country or geographical risk may arise because of the location of a customer, the origin of a destination of transactions of the customer, but also because of the business activities of the Company itself, its location and the location of its geographical units. Country or geographical risk, combined with other risk categories, provides useful information on potential exposure to ML/TF. The factors that may indicate a high risk are as follow:
i) Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports by international bodies such as the FATF, as not having adequate AML/CFT systems;
ii) Countries subject to sanctions, embargos or similar measures issued by, for example, the United Nations;
iii) Countries identified by credible sources as having significant levels of corruption or other criminal activity
iv) Countries or geographic areas identified by credible sources as providing funds or support for terrorist activities, or that have designated terrorist organizations operating within their country;
v) Entities and individuals from jurisdictions which are known tax heavens;
C. PRODUCT, SERVICE, TRANSACTION OR DELIVERY CHANNEL RISK FACTORS:
The Company, while doing its ML/TF risk assessment, takes into account the potential risks arising from the products, services, and transactions that the Company offers to its customers and the way these products and services are delivered. In identifying the risks of products, services, and transactions, the following factors are considered:
i) Anonymous transactions (which may include cash);
ii) Transaction for which payments are made from more than two bank accounts of a customer;
iii) Products that involve large payment or receipt in cash of more than or equivalent R24,999.99
D. LOW RISK CLASSIFICATION FACTORS:
a. Customer risk factors:
Ø The customer is a regulated person or bank and is subject to requirements to combat money laundering and terrorist financing consistent with the FATF recommendations and are supervised for compliance with those requirements; or
Ø Public listed companies that are subject to regulatory disclosure requirements to ensure adequate transparency of beneficial ownership;
b. Product, service, transaction or delivery channel risk factors:
Financial products or services that provide appropriately defined and limited services to certain types of customers.
c. Country risk factors:
Ø Countries identified by credible sources, such as mutual evaluation or detailed assessment reports, as having effective AML/CFT systems.
Ø Countries identified by credible sources as having a low level of corruption or other criminal activity.
In making a risk assessment, the Company could, when appropriate, also take into account possible variations in ML/TF risk between different regions or areas within a country.
1. RISK MATRIX
In assessing the risk of money laundering and terrorism financing, the Company will establish whether all identified categories of risks pose a low, moderate, high or unacceptable risk to the business operations. The Company will review different factors, e.g., number and scope of transactions, geographical location, and nature of the business relationship. In doing so, it must also review the differences in the manner in which it establishes and maintains a business relationship with a customer (e.g., direct contact or non-face-to-face). It is due to the combination of these factors and the variety of their combinations, that the level of money laundering and terrorism financing differs from institution to institution. The geographical risk should be seen in correlation with other risk factors in order to come up with an assessment of the total money laundering and terrorism financing risk.
The Company will use a risk matrix as a method of assessing risk in order to identify the types or categories of customers that are in the low-risk category, those that carry somewhat higher, but still acceptable risk, and those that carry a high or unacceptable risk of money laundering and terrorism financing.
The development of a risk matrix can include the consideration of a wide range of risk categories, such as the products and services offered by the Company, the customers to whom the products and services are offered, the size and organizational structure, etc. A risk matrix is not static: it changes as the circumstances of the Company change. A risk analysis will assist the Company to recognize that ML/TF risks may vary across customers, products, and geographic areas and thereby focus its efforts on high-risk areas in its business.
Note: When conducting risk assessment, the Company does not have to follow the processes in this document. As long as it complies with the obligations under the Act and any other applicable laws or regulations, the Company has a choice to select the method of risk.
A. RISK MANAGEMENT:
1. Risk Mitigation
I. The Company will develop appropriate policies, procedures and controls that will enable it to manage and mitigate effectively the inherent risks that it has identified, including the national risks. Company will monitor the implementation of those controls and enhance them, if necessary. The policies, controls and procedures will be approved by the senior management of the Company, and the measures will be taken to manage and mitigate the risks (whether higher or lower) to ensure that measures are consistent with legal and regulatory requirements.
The nature and extent of AML/CFT controls the Company puts in place depends on a number of aspects, which include:
a. The nature, scale and complexity of the Company’s business;
b. Diversity, including geographical diversity of the Company’s operations;
c. The Company’s customer, product and activity profile;
d. Volume and size of transactions;
Extent of reliance or dealing through third parties or intermediaries, which is minimal in case of Company and restricted to Administration department related services;
Some of the risk mitigation measures that the Company may consider include:
i) Determining the scope of the identification and verification requirements or ongoing monitoring based on the risks posed by particular customers;
ii) setting transaction limits for higher-risk customers or products;
iii) requiring senior management approval for higher-risk transactions, including those involving PEPs;
iv) determining the circumstances under which they may refuse to take on or terminate/cease high risk customers/products or services;
v) Determining the circumstances requiring senior management approval (e.g. high risk or large transactions, when establishing relationship with high risk customers such as PEPs).
II. Evaluating Residual Risk and Comparing with the Risk Tolerance:
Subsequent to establishing the risk mitigation measures, the Company will evaluate its residual risk, which is the risk remaining after taking into consideration the risk mitigation measures and controls. Residual risks are kept in line with the Company’s overall risk tolerance and this sets the cornerstone of accepting and continuing business relations.
2. MONITORING AML/CFT SYSTEMS AND CONTROLS:
The Company will have systems in place to monitor the risks identified and assessed as they may change or evolve over time due to certain changes in risk factors, which may include changes in customer conduct, development of new technologies, new embargoes and new sanctions. The Company will update their systems as appropriate to suit the change in risks.
Additionally, the Company will assess the effectiveness of their risk mitigation procedures and controls, and identify areas for improvement, where needed. For that purpose, the Company will need to consider monitoring certain aspects which include:
a. the ability to identify changes in a customer profile or transaction activity/behaviour, which come to light in the normal course of business
b. the potential for abuse of products and services by reviewing ways in which different products and services may be used for ML/TF purposes, and how these ways may change, supported by typologies/law enforcement feedback, etc.;
c. the adequacy of employee training and awareness;
d. the adequacy of internal coordination mechanisms i.e., between AML/CFT compliance and other functions/areas;
e. the compliance arrangements (such as internal audit);
f. changes in relevant laws or regulatory requirements; and
g. changes in the risk profile of countries to which the Company or its customers are exposed to.
DOCUMENTATION AND REPORTING:
Documentation of relevant policies, procedures, review results and responses will enable the Company to demonstrate to the Commission:
a. risk assessment systems including how the Company will assess ML/TF risks;
b. details of the implementation of appropriate systems and procedures, including due diligence requirements, in light of its risk assessment;
c. will monitor and, as necessary, improves the effectiveness of its systems and procedures; and
d. arrangements for reporting to senior management on the results of ML/TF risk assessments and
e. implementation of its ML/TF risk management systems and control processes.
Ø The Company will note that the ML/TF risk assessment is not a one-time exercise and therefore, they must ensure that their ML/TF risk management processes are kept under regular review which is at least annually. Further, the Company management should review the program’s adequacy when the reporting entity adds new products or services, opens or closes accounts with high-risk customers, or expands through mergers or acquisitions.
Ø The Company will demonstrate to the Commission, the adequacy of its assessment, management and mitigation of ML/TF risks; its customer acceptance policy; its procedures and policies concerning customer identification and verification; its ongoing monitoring and procedures for reporting suspicious transactions; and all measures taken in the context of
Ø AML/CFT, during the on-site inspection. The Company will maintain Risk Assessment Tables (Annexure 1), AML/CFT Compliance Assessment Template (Annexure 2) and Control Assessment Template (Annexure 3) within the period as required by the Commission from time to time.
NEW PRODUCTS AND TECHNOLOGIES:
The company provides electronic verification should also have processes that allow the Firm to record and store the information they used to verify an identity
a. Electronic verification of documentation;
b. Data and transaction screening systems; or
c. The use of virtual or digital currencies
· The Company will undertake a risk assessment prior to open the account and take appropriate measures to manage and mitigate the risks.
· These policy and procedures provides governance framework to prevent the misuse of technological development in ML/TF schemes, particularly those technologies that favor anonymity. For example, securities trading and investment business on the Internet, add a new dimension to the Company’s activities. The unregulated nature of the Internet is attractive to criminals, opening up alternative possibilities for ML/TF, and fraud.
· To insulate itself against risk of anonymity of customer, Company offer an on-line account opening only after appropriate identification checks and fulfillment of its all applicable KYC requirements.
· To maintain adequate systems, the Company will ensure that its systems and procedures will be kept up to date with such developments and the potential new risks and impact they may have on the products and services offered by the Company. Risks identified must be fed into the Company business risk assessment.
3. CROSS-BORDER CORRESPONDENT RELATIONSHIP:
Cross-border correspondent relationships are the provision of services by one institution to another institution (the respondent institution). Correspondent institutions that process or execute transactions for their customer ‘s (i.e. respondent institution ‘s) customers may present high ML/TF risk and as such may require Enhanced Due Diligence (EDD).
4. CUSTOMER DUE DILIGENCE:
According to Section 21C of the Financial Intelligence Act 2001, “If an accountable institution suspects that a transaction or activity is suspicious or unusual as contemplated in section 29, and the institution reasonably believes that performing the customer due diligence requirements in terms of this section will disclose to the client that a report will be made in terms of section 29, it may discontinue the customer due diligence process and consider making a report under section 29.”.
The Company will take steps to know who their customers are. The Company as a policy matter will not open anonymous accounts or accounts in fictitious names and alias. Hence, for customers which are natural person, names contained in their national registration card or Passports will be used as title of account, and same is verified from regulatory authority record. For entities the title of account offered is same as the one contained in their establishing/incorporation document. The Company will conduct CDD, which will comprise of identification and verification of customers including beneficial owners (such that it is satisfied that it knows who the beneficial owner is), understanding the intended nature and purpose of the relationship, and ownership and control structure of the customer.
Additionally, Company will conduct ongoing due diligence on the business relationship and scrutinize transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the Company‘s knowledge of the customer, its business and risk profile (Annexure 4), including, where necessary, the source of funds. The Company will conduct CDD when establishing a business relationship if:
There is a suspicion of ML/TF, Annexure 5 gives some examples of potentially suspicious activities or ―red flags‖ for ML/TF. Although these may not be exhaustive in nature, it may help the Company to recognize possible ML/TF schemes and may warrant additional scrutiny, when encountered. The mere presence of a red flag is not by itself evidence of criminal activity. Closer scrutiny will assist in determining whether the activity is unusual or suspicious or one for which there does not appear to be a reasonable business or legal purpose; or
a. There are doubts as to the veracity or adequacy of the previously obtained customer identification information.
· In case of suspicion of ML/TF , the Company will:
i) Seek to identify and verify the identity of the customer and the beneficial owner(s), irrespective of any specified threshold that might otherwise apply; and
ii) File an STR with the FIC, in accordance with the requirements under the Law if the amount is equivalent or more than EU 15,000 or in foreign currency.
Ø The Company will monitor transactions of foreign exchange operations in cash amounting to equivalent or more than EU 3,000 or equivalent to foreign currency amount to determine whether they are linked. Transactions could be deliberately restructured into two or more transactions of smaller values to circumvent the applicable threshold.
Ø The Company will verify the identification of a customer using reliable independent source documents, data or information including verification.
Ø Similarly, the Company will identify and verify the customer’s beneficial owner(s) to ensure that the Company understands who the ultimate beneficial owner is.
Ø The Company will ensure that it understands the purpose and intended nature of the proposed business relationship or transaction. The Company will assess and ensures that the nature and purpose are in line with its expectation and use the information as a basis for ongoing monitoring.
Ø The Regulations require the Company to identify and verify the identity of any person that is purporting to act on behalf of the customer (―authorized person‖). In this regard Company will also verify whether that authorized person is properly authorized to act on behalf of the customer by demanding an authorization letter in Company’s designed pro-forma (which requires reason for using third person) and matching customer signatures against those in Company’s record. Customer Call Back confirmation will also perform where customer signatures would be doubtful. The Company will conduct CDD on the authorized person(s) using the same standards that are applicable to a customer.
Ø When performing CDD measures in relation to customers that are legal persons or legal arrangements, the Company identifies and verifies the identity of the customer, and understands the nature of its business, and its ownership and control structure.
The purpose of the requirements set out regarding the identification and verification of the applicant and the beneficial owner is twofold: first, to prevent the unlawful use of legal persons and arrangements, by gaining a sufficient understanding of the applicant to be able to properly assess the potential ML/TF risks associated with the business relationship; and second, to take appropriate steps to mitigate the risks. In this context, the Company will identify the customer and will verify its identity. The type of information that will be needed to perform this function shall be as specified in Annexure 6.
Ø In the case of several monetary operations which appear to be linked, the customer must be identified immediately after establishing that several monetary operations are linked. Several operations shall be considered to be linked if the customer carries out within 2 days several virtual currency exchange operations or transactions in virtual currency with funds amounting to R24,999.99 or more, or the equivalent amount in foreign or virtual currency, or carries out within 2dyas several operations of depositing virtual currency to or withdrawing virtual currency from the depository virtual currency wallet in the amount equal to or exceeding EUR 1 000, or the equivalent amount in foreign or virtual currency.
If the Company will have any reason to believe that an applicant has been refused facilities by another exchange house of digital assets due to concerns over illicit activities of the customer, it will consider classifying that applicant as higher-risk and will apply enhanced due diligence procedures to the customer and the relationship, filing an STR and/or not accepting the customer in accordance with its own risk assessments and procedures.
A. TIMING OF VERIFICATION:
The Company will undertake verification prior to entry into the business relationship or conducting a transaction.
Where CDD checks will raise suspicion or reasonable grounds to suspect that the assets or funds of the prospective customer may be the proceeds of predicate offences and crimes related to ML/TF, the Company will decline trading accounts to such customers. In such situations, the Company will consider filing an STR with the FIC and will ensure that the customer is not informed, even indirectly, that an STR has been, is being or shall be filed.
CDD SHALL BE PERFORM FOR THE FOLLOWING OCCASIONAL TRANSACTIONS:
1. A single operation or several operations which appear to be linked or transactions the value whereof equals or exceeds EUR 15,000 or an equivalent amount in foreign currency;
2. currency exchange operations (buying or selling currency) in cash, where the amount of cash being acquired or sold amounts to or exceeds EUR 3,000 or an equivalent amount in foreign currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked;
3. Virtual currency exchange operations or transactions in virtual currency the value whereof equals or exceeds R24,999.99 or an equivalent amount in foreign or virtual currency, or before depositing identified. or withdrawing virtual currency amounting to or above EUR 1,000 or an equivalent amount in foreign or virtual currency, whether the transaction is carried out in a single operation or in several operations which appear to be linked (the value of the virtual currency is determined at the time of the monetary operation or transaction), unless the Customer and BO have already been Identified.
4. For the purposes of effective ongoing monitoring of the Business Relationship and Occasional Transactions referred and timely determination of the several related monetary operations or transactions, the Firm has to perform Identification on the payer and the payee carrying out the transaction, and screen the payer and the payee against the relevant financial sanctions list even where the transaction is performed below the thresholds.
B. EXISTING CUSTOMERS:
The Company will apply CDD/EDD measures to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained. For this purpose, Company will perform CDD/EDD measures on its existing customers at the frequency as defined in the following section of Period Risk Reviews.
I. Further, if the Company will have suspicion of ML/TF or will become aware at any time that it lacks sufficient information about an existing customer, it will take steps to ensure that all relevant information is obtained as quickly as possible irrespective of CDD/EDD revised information collection frequency set as per risk classification of customer.
II. The Company will rely on the identification and verification steps that it has already
undertaken, unless it has doubts about the veracity of that information. Examples of situations that might lead Company to have doubt include significant change in the value of injections into his/her trading account, or change in correspondent address to an area / country with high susceptibility to money laundering, terrorist financing or other predicated offences.
III. Where the Company will be unable to complete and comply with ongoing CDD/EDD requirements as specified above, the Company will terminate the relationship. Additionally, the Company will consider filing an STR to the FIC.
REFUSAL TO ON-BOARD / TERMINATION OF A BUSINESS RELATIONSHIP OR OCCASIONAL TRANSACTIONS
In case of a new Customer, if the company is unable to fulfil its CDD obligations (e.g. verify the Customer ‘s identity) because the data or documents allowing the Identification and/or verification of a Customer or BO‘s identity, or determination of a purpose and intended nature of the Business Relationship or Occasional Transactions adhering to the criteria CDD cannot be obtained due to the fact that:
i) The Customer is uncooperative and/or does not provide the requested data or information necessary to perform CDD; and/or
ii) If there are no relevant reliable and independent sources to verify the information provided by the Customer, the company must duly assess the ML/TF risk and take appropriate measures to mitigate such risk which may include the refusal to on-board such a Customer or perform the Occasional Transaction adhering to the criteria in CDD.
The termination of the Business Relationship or Occasional Transaction adhering to the criteria specified in CDD must be taken only if it is proportionate and should be possible only after the other appropriate measures are exhausted and the Firm is still unable to comply with the AML/CFT requirements.
IDENTIFICATION AND VERIFICATION OF THE CUSTOMER WHEN THE CUSTOMER IS NOT PHYSICALLY PRESENT:
The Customer and BO can be identified and their identities verified without the Customer being physically present for identification in one of the following alternative ways:
1. when using the Third Party information on the Customer and BO;
2. When using electronic means allowing video-streaming by one of the following methods:
a. The original of the identification document or the equivalent residence permit in South Africa
is captured through video streaming and the Customer’s identity is confirmed by at least the advanced electronic signature in line with the requirements.
b. The Customer’s facial image and the original of the identification document or the equivalent residence permit in South Africa produced by the Customer are captured by way of video-streaming,
3. in cases where:
Before commencing the use of the services of the Firm, a payment order is made to the payment account of the Firm from the account held on behalf of the Customer in the credit institution which is registered in South Africa State which applies the requirements equivalent to the requirements of the Law and which is monitored by competent authorities as to the compliance with such requirements; and
TIPPING-OFF & REPORTING:
i. The Law prohibits tipping-off any information about the suspicious matter to the concerned customer or to a person not relevant in the process of filing an STR. However, a risk exists that customers could be unintentionally tipped-off when the Company is seeking to complete its CDD obligations or obtain additional information in case of suspicion of ML/TF. The applicant/customer’s awareness of a possible STR or investigation could compromise future efforts to investigate the suspected ML/TF operation.
ii. Therefore, if the Company will form a suspicion of ML/TF while conducting ongoing CDD/EDD, it will take into account the risk of tipping-off when performing the CDD process. If the Company reasonably believes that performing the CDD or on-going process will tip- off the applicant/customer, it might not pursue that process, and will file an STR. For this Company will ensure that its employees are aware of, and sensitive to, these issues when conducting CDD or ongoing CDD/EDD.
NO SIMPLIFIED DUE DILIGENCE FOR HIGHER-RISK SCENARIOS:
The Company will not adopt simplified due diligence measures where the ML/TF risks are high. The Company will identify risks and have regard to the risk analysis in determining the level of due diligence to be performed in each case.
5. PERIOD RISK REVIEW (“PRR”):
The Company will perform periodic customer profile updating exercise every years for customers classified as high risk while perform this exercise every four years for Low risk classified customers.
The Company will consider updating customer CDD records as a part its periodic reviews (within the timeframes set by the Company based on the level of risk posed by the customer) or on the occurrence of a triggering event, whichever is earlier. Examples of triggering events include:
a. Material changes to the customer risk profile or changes to the way that the account usually operates;
b. Where it comes to the attention of the Company that it lacks sufficient or significant information on that particular customer;
i. Where a significant transaction takes place;
ii. Where there is a significant change in customer documentation standards;
iii. Significant changes in the business relationship.
6. ON-GOING MONITORING OF BUSINESS RELATIONSHIPS:
Once the identification procedures will be completed and the business relationship will be established, the Company will monitor the conduct of relationship to ensure that it is consistent with the nature of business stated when the relationship/account was opened. The Company will conduct ongoing monitoring of their business relationship with their customers. Ongoing monitoring helps the Company to keep the due diligence information up-to-date, and review and adjust the risk profiles of the customers, where necessary.
The Company will conduct an on-going due diligence which will include scrutinizing the transactions undertaken throughout the course of the business relationship with a customer. Further, the Company’s risk department has put in place a weekly review mechanism which includes comparison of client deposits and available KYC/CDD clients ‘information to confirm that the clients have disclosed adequate income sources to justify the value of deposits. Where inadequacy is identified additional documents/information is obtained from the clients by sending emails and making follow-up calls. Where clients provide the required document, their profile is updated. In cases where clients do not provide the requisite information, the same is discussed with Head of Risk on a client to client basis and recommendation is made to CO for necessary course of action including re- categorization of client’s risk category and/or filing STR with FIC.
The Company will stay vigilant for any significant changes or inconsistencies in the pattern of transactions. Inconsistency is measured against the stated original purpose of the accounts and the customer updated KYC profile. Possible areas to monitor could be:
a. transaction type;
b. frequency;
c. amount;
d. geographical origin/destination;
e. account signatories;
f. mandate
It is recognized that the most effective method of monitoring of accounts is achieved through a combination of computerized and human manual solutions. A corporate compliance culture, and properly trained, vigilant staff through their day-to-day dealing with customers, will form an effective monitoring mechanism. Hence, Company take support of the technology to the extent possible while uses manual procedures where current technology does not support certain report types and analysis. For example, screening against UNSC consolidate sanctions list is performed daily through an internally developed matching and alerts-based solution while individual transactions of customers are matched against customer profiles using Microsoft Excel spreadsheet analytical tool.
7. SIMPLIFIED DUE DILIGENCE MEASURES (“SDD”)
According to the Financial Action Task Force guideline, the Company may conduct SDD in case of lower risks identified by it. However, the Company will ensure that the low risks is identified commensurate with the low risks identified by the country or the Commission. While determining whether to apply SDD, Company pays particular attention to the level of risk assigned to the relevant sector, type of customer or activity. The simplified measures Company will apply shall be commensurate with the low risk factors. The Company however will not use SDD procedures in higher-risk scenarios where there is an increased risk, or suspicion that the applicant is engaged in ML/TF, or the applicant is acting on behalf of a person that is engaged in ML/TF. Where the Company to take SDD measures on an applicant/customer, it will document the full rationale behind such decision and maintain its record to make it available to the Commission on request.
8. ENHANCED CDD MEASURES (“EDD”)
According to Amendment of section 42 of Act 38 of 2001, as amended by section 27 of Act 1 of 2017 of South Africa wherein Section 42(e) of Financial Intelligence Centre Act 2001, provide for the manner in which and the processes by which the accountable institution conducts enhanced due diligence [is conducted] for higher-risk single transactions and business relationships and when simplified customer due diligence might be permitted in the institution.
The Company will examine, as far as reasonably possible, the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, that have no apparent economic or lawful purpose. Where the risks of ML/TF are higher, or in cases of unusual or suspicious activity, the Company will conduct enhanced CDD measures, consistent with the risks identified. In particular, the Company will increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear unusual or suspicious.
Examples of enhanced CDD measures that could be applied for high-risk business relationships include:
a) Obtaining additional information on the applicant/customer (e.g. occupation, volume of assets, information available through public databases, internet, etc.).
b) Updating more regularly the identification data of applicant/customer and beneficial owner;
c) Obtaining additional information on the intended nature of the business relationship.
d) Obtaining additional information on the source of funds or source of wealth of the applicant/customer.
e) Obtaining additional information on the reasons for intended or performed transactions.
f) Obtaining the approval of senior management to commence or continue the business relationship.
Conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination.
HIGH-RISK COUNTRIES:
Certain countries are associated with crimes such as drug trafficking, fraud and corruption, and consequently pose a higher potential risk to the Company. Conducting a business relationship with an applicant/customer from such a country exposes the Company to reputational risk and legal risk.
The Company will exercise additional caution and conduct enhanced due diligence on individuals and/or entities based in high-risk countries. Caution will also be exercised in respect of the acceptance of certified documentation from individuals/entities based in high-risk countries/territories and appropriate verification checks will be undertaken on such individuals/entities to ensure their legitimacy and reliability.
The Company therefore will consult publicly available information to ensure that they are aware of the high-risk countries/territories. While assessing risk of a country, the Company will also consider among the other sources, sanctions issued by the UN, the FATF high risk and non- cooperative jurisdictions, the FATF and its regional style bodies (FSRBs) and Transparency international corruption perception index. Useful websites include: FATF website at www.fatf-gafi.org and Transparency International, www.transparency.org for information on countries vulnerable to corruption. Information about these high-risk geographies will be provided to employees in on-going trainings and will be disseminated through pan-Company broadcast messages once every six months.
POLITICALLY EXPOSED PERSONS:
According to Schedule 3A to the financial Intelligence centre Act 2001 the political exposed person Is referred as:
(a) by the substitution for the heading of the following heading: “DOMESTIC [PROMINENT INFLUENTIAL] POLITICALLY EXPOSED PERSON”; and by the substitution for the words preceding paragraph (a) of the following words:
(b) A domestic [prominent influential] politically exposed person is an individual who [holds, including in an acting position for a period exceeding six months, or has held at any time in the preceding 12 months, in the Republic]— ‘‘;
(c) by the substitution in paragraph (a) for the words preceding subparagraph (i) of the following words:
“holds, including in an acting position for a period exceeding six months, or has held a prominent public function in the Republic, including that of—
(d) by the substitution in paragraph (a) for subparagraph (xiv) of the following subparagraph:
“(xiv) an officer of the South African National Defense Force above the rank of major-general; or‘‘;
(e) by the deletion of paragraph (b); and (f) by the substitution for paragraph (c) of the following paragraph: “(c) holds, including in an acting position for a period exceeding six months, or has held the position of head, or other executive directly accountable to that head, of an international organisation [based in the Republic].‘‘.
According to Schedule 3B to the Financial Intelligence Centre Act, 2001, is hereby amended— (a) by the substitution for the heading of the following heading: “FOREIGN [PROMINENT PUBLIC OFFICIAL] POLITICALLY EXPOSED PERSON‘‘; and (b) by the substitution for the words preceding paragraph (a) of the following words: “A foreign [prominent public official] politically exposed person is an individual who holds, or has held [at any time in the preceding 12 months], in any foreign country a prominent public function including that of a-”
Business relationships with individuals holding important public positions and with persons or companies clearly related to them may expose the Company to significant reputational and/or legal risk. The risk occurs when such persons abuse their public powers for either their own personal benefit and/or the benefit of others through illegal activities such as the receipt of bribes, grease money or commit fraud. Such persons, commonly referred to as PEPs and defined in the Regulations, an include inter-alia, heads of state, ministers, influential public officials, judges and senior military officials and includes their family members and close associates, hereinafter referred to as linked PEPs.
Family members of a PEP are individuals who are related to a PEP either directly (consanguinity) or through marriage or similar (civil) forms of partnership. Close associates to PEPs are individuals who are closely connected to PEP, either socially or professionally.
Provision of financial services to corrupt PEPs exposes the Company to reputational risk and costly information requests and seizure orders from law enforcement or judicial authorities. Hence, Company will remain extra vigilant in relation to PEPs from all jurisdictions, who are seeking to establish business relationships. The Company should, in relation to PEPs, in addition to performing normal due diligence measures will:
a. have appropriate risk management systems to determine whether the customer is a PEP;
b. obtain senior management approval for establishing business relationships with such customers; (3) take reasonable measures to establish the source of wealth and source of funds; and
c. Conduct enhanced ongoing monitoring of the business relationship.
The Company will obtain senior management approval to continue a business relationship once a customer or beneficial owner is found to be, or subsequently becomes, a PEP.
The Company will take a risk-based approach to determine the nature and extent of EDD where the ML/TF risks are high. In assessing the ML/TF risks of a PEP, Company will consider factors such as whether the customer who is a PEP:
a) Is from a high-risk country;
b) Has prominent public functions in sectors known to be exposed to corruption;
c) Has business interests that can cause conflict of interests (with the position held).
The other red flags that the Company will consider include (in addition to the above and the red flags that they consider for other applicants):
a) The information that is provided by the PEP is inconsistent with other (publicly available) information, such as asset declarations and published official salaries;
b) Funds are repeatedly moved to and from countries to which the PEP does not seem to have ties;
c) A PEP uses multiple bank accounts for no apparent commercial or other reason;
d) The PEP is from a country that prohibits or restricts certain citizens from holding accounts or owning certain property in a foreign country.
The Company will take a risk-based approach in determining whether to continue to consider a customer as PEP who is no longer PEP. The factors that they should consider include:
a) the level of (informal) influence that the individual could still exercise; and
b) Whether the individual ‘s previous and current function are linked in any way (e.g., formally by appointment of the PEPs successor, or informally by the fact that the PEP continues to deal with the same substantive matters).
RECORD-KEEPING PROCEDURES:
The Company will ensure that all information obtained in the context of CDD is recorded. This includes both;
i) recording the documents, the Company is provided with when verifying the identity of the customer or the beneficial owner, and
ii) Transcription into the Company owns IT systems of the relevant CDD information contained in such documents or obtained by other means.
The Company will maintain, for at least five years after termination, all necessary records on transactions to be able to comply swiftly with information requests from the competent authorities. Such records should be sufficient to permit the reconstruction of individual transactions, so as to provide, if necessary, evidence for prosecution of criminal activity.
Where there has been a report of a suspicious activity or the Company becomes aware of a continuing investigation or litigation into ML/TF relating to a customer or a transaction, records relating to the transaction or the customer will be retained until confirmation is received from the relevant authority in writing that the matter has been concluded.
The Company will also keep records of identification data obtained through the customer due diligence process, account files and business correspondence that would be useful to an investigation for a period of five years after the business relationship has ended. This includes records pertaining to enquiries about complex, unusual large transactions, and unusual patterns of transactions. Identification data and transaction records should be made available to relevant competent authorities upon request.
Beneficial ownership information will be maintained for at least five years after the date on which the customer (a legal entity) is dissolved or otherwise ceases to exist, or five years after the date on which the customer ceases to be a customer of the Company.
Records relating to verification of identity will generally comprise:
a) a description of the nature of all the evidence received relating to the identity of the verification subject; and
b) the evidence itself or a copy of it or, if that is not readily available, information reasonably sufficient to obtain such a copy. Records relating to transactions will generally comprise:
a. details of personal identity, including the names and addresses, of
a) the customer; and
b) the beneficial owner of the account or product
b. details of securities and investments transacted including: a. the nature of such securities/investments;
c. valuation(s) and price(s);
d. memoranda of purchase and sale;
e. source(s) and volume of funds and securities;
f. destination(s) of funds and securities;
g. memoranda of instruction(s) and authority(ies);
h. book entries;
i. custody of title documentation;
j. the nature of the transaction;
k. the date of the transaction;
l. The form (e.g. cash, cheques) in which funds are offered and paid out.
REPORTING OF SUSPICIOUS TRANSACTIONS / CURRENCY TRANSACTION REPORT
According to Section 52 of Financial Intelligence Act 2001 clause 4 states that:
An accountable institution, reporting institution or any other person that reasonably ought to have known or suspected that any of the facts referred to in section 29(1)(a), (b) or (c) or section 29(2) exists, and who negligently fails to report the prescribed information in respect of a suspicious or unusual transaction, 5, 10 15 19, 20, 25, 30, 35, 40, 45, 50, 55, or series of transactions or enquiry, is non-compliant and is subject to an administrative sanction.
A suspicious activity will often be one that is inconsistent with a customer’s known, legitimate activities or with the normal business for that type of account. Where a transaction is inconsistent in amount, origin, destination, or type with a customer's known, legitimate business or personal activities, the transaction will be considered unusual, and Company will put the case “on enquiry”. The Company will also pay special attention to all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or visible lawful purpose.
Where the enquiries conducted by the Company do not provide a satisfactory explanation of the transaction, it may be concluded that there are grounds for suspicion requiring disclosure and escalate matters to the CO.
Enquiries regarding complex, unusual large transactions, and unusual patterns of transactions, their background, and their result will be properly documented, and made available to the relevant authorities upon request. Activities which will require further enquiry may be recognizable as falling into one or more of the following categories. This list is not meant to be exhaustive, but includes:
a) any unusual financial activity of the customer in the context of the customer’s own usual activities;
b) any unusual transaction in the course of some usual financial activity;
c) any unusually-linked transactions;
d) any unusual method of settlement;
e) any unwillingness to provide the information requested.
Where cash transactions are being proposed by customers, and such requests are not in accordance with the customer's known reasonable practice, the Company will need to approach such situations with caution and make further relevant enquiries. Company will set its own parameters at R24,999.99 or equivalence to the foreign currency amount for the identification and further investigation of cash transactions.
Where the Company will be unable to satisfy that any cash transaction is reasonable it will be considered as suspicious. The Company will also be obligated to file Currency Transaction Report (―CTR‖), to FIC for a cash based transaction involving payment.
The process for identifying, investigating and reporting suspicious transactions to the FIC is clearly specified in the Company’s KYC/CDD SOPs and communicated to all personnel through regular training.
The Company will also be required to report total number of STRs filed to the Commission on a bi- annual basis within seven days of close of each half year. The CO will ensure prompt reporting in this regard.
The Company will evolve a vigilance system for the purpose of control and oversight, which requires maintenance of a register of all reports made to the FIC. Such registers will be maintained and updated by CO and will contain details of:
a) the date of the report;
b) the person who made the report;
c) the person(s) to whom the report was forwarded; and
d) Reference by which supporting evidence is identifiable.
The Company as a matter of policy will turn away business where an applicant or a customer is hesitant/fails to provide adequate documentation (including the identity of any beneficial owners or controllers), consideration will be given to filing an STR to the FIC For existing customers, once suspicion has been raised in relation to an account or relationship, in addition to reporting the suspicious activity, the Company will ensure that appropriate action is taken to adequately mitigate the risk of the Company being used for criminal activities. This will include a review of either the risk classification of the customer or account or of the entire relationship itself. In such cases an escalation will be made to the Chief Executive Officer to determine how to handle the relationship, taking into account any other relevant factors, such as cooperation with law enforcement agencies or the FIC.
SANCTIONS COMPLIANCE
The company always take care to obliged to comply with the national, Financial Intelligence Centre, United Nations sanctions regime in accordance to the Law on the Implementation of Economic and Other Sanctions of the Republic of South Africa and its implementing legal acts, in particular, with the Instructions on the Supervision of the Appropriate Implementation of International Financial Sanctions in the Field of Regulation of the Financial Crime Investigation Service and In accordance with Section 50 of FIC ,2001 of clause 2 states that ― An accountable institution, reporting institution or any other person that fails to inform the Centre in accordance with section 27 is non-compliant and is subject to an administrative sanction.
According to Section 52 of FIC, 2001 states that (3)) An accountable institution, reporting institution or any other person that fails, within the prescribed period, to report to the Centre the prescribed information in respect of a suspicious or unusual transaction or series of transactions or enquiry in accordance with section 29(1) or (2), is non-compliant and is subject to an administrative sanction. (4) An accountable institution, reporting institution or any other person that reasonably ought to have known or suspected that any of the facts referred to in section 29(1)(a), (b) or (c) or section 29(2) exists, and who negligently fails to report the prescribed information in respect of a suspicious or unusual transaction or series of transactions or enquiry, is non-compliant and is subject to an administrative sanction. ‘‘.
AFRIONE must screen the Customer, the person performing the Occasional Transactions, the Customer’s representative, the persons that make up the Customers ownership structure and its BO against the relevant sanctions lists. When the Customer performs a monetary operation or transaction as a part of the Business Relationship or performs Occasional Transactions, the company will always screen both parties of the monetary operation or transaction, as well as screen the other payment details (in case a payment is made), against the sanctions lists.
The company must screen its clients against the relevant sanctions list not only upon the on-boarding, but the company’s Customer base should also be periodically, at least every day, screened against the relevant sanctions list to ensure the correct implementation thereof. The screening of the Customer base must include the screening of the Customer, its representative, the persons that make up the Customer’s ownership structure and the BO.
The AFRIONE must screen the relevant parties against at least the following sanctions list:
1. The consolidated list of individuals, groups and entities subject to financial sanctions;
2. The United Nations Security Council sanctions list;
3. The Office of Foreign Assets Control (OFAC) sanctions list.
Company chooses to use automated checks for the sanctions screening, they should ensure that relevant software includes checks against the lists relevant to the Firm and that such lists are kept up to date. The types of sanctions that may be imposed include:
a) targeted sanctions focused on named persons or entities, generally freezing assets and prohibiting making any assets available to them, directly or indirectly;
b) economic sanctions that prohibit doing business with, or making funds or economic resources available to, designated persons, businesses or other entities, directly or indirectly;
c) currency or exchange control;
d) arms embargoes, which would normally encompass all types of military and paramilitary equipment;
e) prohibiting investment, financial or technical assistance in general or for particular industry sectors or territories, including those related to military or paramilitary equipment or activity;
f) import and export embargoes involving specific types of goods (e.g. oil products), or their
movement using aircraft or vessels, including facilitating such trade by means of financial or technical assistance, brokering, providing insurance etc.; and (7) visa and travel bans.
g) Targeted financial sanctions relating to the prevention, suppression and disruption of proliferation of Weapons of Mass Destruction (WMD) and its financing.
As required by Regulations Company will screen all its customers against consolidated sanctions list available on UNSC’s website and will decline business relationship with the individuals/entities and their associates that are either, sanctioned under UNSC Resolutions adopted by Afghanistan or proscribed under the Anti-Terrorism Act, 1997.
The UNSC Resolution 1267 (1999), 1989 (2011), 2253 (2015) and other subsequent resolutions, which impose sanctions covering; asset freeze, travel ban and arms embargo, against individuals and entities associated to Al- Qaida, Taliban, and the Islamic State in Iraq (Daésh) organizations. The regularly updated consolidated lists are available at the UN sanctions committee‘s website, at following link;https://www.un.org/sc/suborg/en/sanctions/un-sc-consolidated-list The UNSC Resolution 1373 (2001), 1998 (2011) on terrorism and financing of terrorism requiring member states to proscribe individual and entities, who commit or attempt to commit terrorist act, freeze without delay the funds and other financial assets or economic resources, and prohibit making any funds or financial or other related services available to such proscribed persons and entities.
The UNSC Resolution 1718(2006), 2231(2015) and its successor resolutions 1 on proliferation of WMD and its financing, and Targeted Financial Sanctions (TFS) on countries and specifically identified individual and entities associated with it. The resolution requires, inter-alia freezing without delay the funds or other assets of, any person or entity designated, or under the authority of UNSC. The regularly updated consolidated lists of person and entities designated under UNSCRR 1718(2006) and its successor resolutions (on the DPRK) and listed under UNSCR 2231 (2015) (on Iran) is available at the UN sanctions committee‘s website, at following link; https://www.un.org/sc/suborg/en/sanctions/1718/materials |https://www.un.org/sc/2231/list.shtml
The Company will, taking note of the circumstances where customers and transactions are more vulnerable to be involved in TF and PF activities2, identify high-risk customers and transactions, and apply enhanced scrutiny. Company will conduct checks on the names of potential and new customers, as well as regular checks on the names of existing customers, beneficial owners, transactions, and other relevant parties against the names in the abovementioned lists, to determine if the business relations involve any sanctioned person/entity, or person associated with a sanctioned person/entity/country.
The Company will also screen its entire customer database when the new names are listed through UNSC Resolution or the domestic NACTA list. Company will undertake reasonable efforts to collect additional information in order to identify, and avoid engaging in prohibited activities and, to enable follow-up actions.
Where there is a true match or suspicion, Company will take steps that are required to comply with the sanction’s obligations including immediately –
a. Freeze without delay3 the customer’s fund or block the transaction, if it is an existing customer;
b. Reject the customer, if the transaction has not commenced;
c. Lodge a STR with the FIC; and (d) notify the FIC.
The Company will submit an STR when there is an attempted transaction by any of the listed persons. The Company will ascertain potential matches with the UN Consolidated List to confirm whether they are true matches to eliminate any ―false positives‖. The reporting institution must make further enquiries from the customer or counter-party (where relevant) to assist in determining whether it is a true match. In case there is not 100% match but sufficient grounds of suspicion that customer/ funds belong to sanctioned entity/ individual, the Company will consider raising an STR to FIC. Notwithstanding the funds, properties or accounts are frozen, Company will continue receiving dividends, interests, or other benefits, but such benefits shall still remain frozen, so long as the individuals or entities continue to be listed.
The Company will make their sanctions compliance program an integral part of their overall AML/CFT compliance program and accordingly should have policies, procedures, systems and controls in relation to sanctions compliance. Company will provide adequate sanctions related training to their staff. When conducting risk assessments, Company will take into account any sanctions that may apply (to customers or countries).
The obligations/ prohibitions regarding proscribed entities and persons mentioned in the above lists are applicable, on an ongoing basis, to proscribed/ designated entities and persons or to those who are known for their association with such entities and persons, whether under the proscribed/ designated name or with a different name. Therefore, to mitigate the risk of having a sanctioned individual / entity in the portfolio of customer Company has implemented an in-house solution to screen the updated customer portfolio against Alerts are raised by the system on daily basis, which are reviewed and closed by CO on daily basis. Where there is a true match or suspicion, the CO raise the matter with the CEO with his proposal to comply with sanctions obligations including freeze without delay and without prior notice, the funds or other assets of designated persons and entities and reporting to the Commission.
The Company will document and record all the actions that have been taken to comply with the sanctions regime, and the rationale for each such action. The Company will keep track of all the applicable sanctions, and where the sanction lists are updated, shall ensure that existing customers are not listed. The Company will also educate its customers that in case of wrongful or inadvertent freezing, they may apply in writing for de-listing to Federal Government through relevant Ministry or to the UN’s Ombudsman, as the case may be.
INTERNAL CONTROLS (AUDIT FUNCTION, OUTSOURCING, EMPLOYEE SCREENING AND TRAINING)
The Company will put in place systems and controls that are comprehensive and proportionate to the nature, scale and complexity of its activities and the ML/TF risks they identified. The Company will establish and maintain internal controls in relation to:
a. an independent internal audit function to test the AML/CFT systems, policies and procedures;
b. outsourcing arrangements;
c. employee screening procedures to ensure high standards when hiring employees; and
d. an appropriate employee training program.
INTERNAL AUDIT FUNCTION:
The Company will, on a regular basis, conduct an AML/CFT audit to independently evaluate the effectiveness of compliance with AML/CFT policies and procedures. The frequency of the audit will be determined through annual risk assessment exercise and will commensurate with the Company nature, size, complexity, and risks identified during the risk assessments. The scope of AML/CFT audits will cover assessment of the AML/CFT systems which include:
a. testing the overall integrity and effectiveness of the AML/CFT systems and controls;
b. assessing the adequacy of internal policies and procedures in addressing identified risks, including; (a) CDD measures; Record keeping and retention;
c. Third party reliance; and
d. Transaction monitoring;
e. assessing compliance with the relevant laws and regulations;
f. testing transactions in all areas of the Company, with emphasis on high–risk areas, products and services; (5) assessing employees ‘knowledge of the laws, regulations, guidance, and policies & procedures and their effectiveness in implementing policies and procedures;
g. assessing the adequacy, accuracy and completeness of training programs;
h. assessing the effectiveness of compliance oversight and quality control including parameters for automatic alerts (if any), and
i. Assessing the adequacy of the Company’s process of identifying suspicious activity including screening sanctions lists.
OUTSOURCING
The Company will maintain policies and procedures in relation to outsourcing where it intends to outsource some of its functions. The Company will conduct the due diligence on the proposed service provider to whom it intends to outsource as appropriate and also ensure that the outsourced service provider (―OSP‖) is fit and proper to perform the activity that is being outsourced.
Where the Company decides to enter into an outsourcing arrangement, the Company will ensure that the outsourcing agreement clearly sets out the obligations of both parties. The Company while entering into an outsourcing arrangement will develop a contingency plan and a strategy to exit the arrangement in the event that the OSP fails to perform the outsourced activity as agreed.
The AFRIONE will report regularly to the Company within the timeframes as agreed upon with the Company. The Company will have access to all the information or documents relevant to the outsourced activity maintained by the OSP. The Company as a matter of policy will not enter into outsourcing arrangements where access to data without delay is likely to be impeded by confidentiality, secrecy, privacy, or data protection restrictions.
Further, the Company will ensure that the outsourcing agreement require OSPs to file a STR with the FIC in case of suspicions arising in the course of performing the outsourced activity.
EMPLOYEE SCREENING
The Company’s policy and procedures with regards to screening prospective and existing employees to ensure abidance with high ethical and professional standards are defined in these sections. The extent of employee screening will be proportionate to the particular risks associated with the individual positions.
Employee screening will be conducted at the time of recruitment and periodically thereafter, i.e., at least annually and where a suspicion has arisen as to the conduct of the employee.
The Company will ensure that their employees are competent and proper for the discharge of the responsibilities allocated to them. While determining whether an employee is fit and proper, the Company will:
a. references provided by the prospective employee at the time of recruitment;
b. Verify the employee’s employment history, professional membership and qualifications from his resume and original copies of education documents.
c. Verify details of any regulatory actions or actions taken by a professional body;
d. Verify details of any criminal convictions; if possible and
e. Verify whether the employee has any connections with the sanctioned countries or parties.
EMPLOYEE TRAINING
The Company will ensure that all staff, receive training on ML/TF prevention on a regular basis, ensure all staff fully understands the procedures and their importance, and ensure that they fully understand that they will be committing criminal offences if they contravene the provisions of the legislation.
Training to staff will be provided at least annually, or more frequently where there are changes to the applicable legal or regulatory requirements or where there are significant changes to the Company’s business operations or customer base.
The Company will provide their staff training in the recognition and treatment of suspicious activities. Training will also be provided on the results of the Company’s risk assessments. Additionally, this training will be structured to ensure compliance with all of the requirements of the applicable legislations pertaining to AML/CFT.
Training material will be designed to ensure staff is aware on the AML/CFT legislation and regulatory requirements, systems and policies. Additionally, focus will be given on the consequences should they fail to report information in accordance with internal procedures and legislation. One of the key focus of these training program will be active coordination with customers and CO whereby all staff will be encouraged to provide a prompt and adequate report of any suspicious activities to the CO for inward reporting to FIC
To make staff more accountable towards AML/CFT requirements, Company will obtain an undertaking from its staff members (both new and existing) confirming that they have attended the training on AML/CFT matters, read the Company’s AML/CFT manuals, policies and procedures, and understand the AML/CFT obligations under the relevant legislation.
The Company is cognizant of the fact that all information regarding a potential or existing customer is not available on systems or on public domain immediately and human interaction plays an important role in identifying such information. Staff members who deal with the public such as traders are the first point of contact with potential money launderers, and their efforts are vital to an organization's effectiveness in combating ML/TF. Staff responsible for opening new accounts or dealing with new customers should be aware of the need to verify the customer's identity, for new and existing customers. Training will be given on the factors which may give rise to suspicions about a customer's activities, and actions to be taken when a transaction is considered to be suspicious.
Staff involved in the processing of transactions will receive relevant training in the verification procedures, and in the recognition of abnormal settlement, payment or delivery instructions. The training curriculum will contain information on types of suspicious activities which may need reporting to the relevant authorities regardless of whether the transaction was completed. Staff will also be made aware of the correct procedure(s) to be following in such circumstances.
The Company expects all staff to be vigilant in circumstances where a known, existing customer opens a new and different type of account, or makes a new investment e.g. a customer with a personal account opening a business account. In such cases whilst the Company may have previously obtained satisfactory identification evidence for the customer, the Company will take steps to learn as much as possible about the customer's new activities.
Although Directors and Senior Managers may not be involved in the handling of ML/TF transactions, it is important that they understand the statutory duties placed upon them, their staff and the Company itself given that these individuals are involved in approving AML/CFT policies and procedures. Hence the supervisors, managers and senior management (including the Board) will receive a higher level of training covering all aspects of AML/CFT procedures, including the offences and penalties arising from the relevant primary legislation for non-reporting or for assisting money launderers, and the requirements for verification of identity and retention of records.
The CO will himself receive in-depth training on all aspects of the primary legislation, the Regulations, regulatory guidance and relevant internal policies. It will include appropriate initial and ongoing training on the investigation, determination and reporting of suspicious activities, on the feedback arrangements and on new trends of criminal activity.
PROCEDURE FOR ENHANCE DUE DILIGENCE:
To address the assessed ML/TF risk following controls are implemented and methods are used for high risk clients;
1. KYC/CDD process is performed for each client which includes the following;
Ø Approval from senior management for enhanced due diligence
Ø Biometric/face verification of the customer.
Ø Verification of customer’s identity
Ø Validation of identity documents (Soft/Hard Copy)
Ø Full name as per identity document;
Ø Father/Spouse Name as per identity document;
Ø Mother Maiden Name;
Ø Identity document number along with date of issuance and expiry;
Ø Existing residential address (if different from CNIC);
Ø Contact telephone number(s) and e-mail (as applicable);
Ø Nationality-Resident/Non-Resident Status
Ø FATCA/CRS Declaration wherever required;
Ø Date of birth, place of birth;
Ø Incorporation or registration number (as applicable);
Ø Date of incorporation or registration of Legal Person/ Arrangement;
Ø Registered or business address (as necessary);
Ø Nature of business, geographies involved and expected type of counter-parties (as applicable);
Ø Type of account/financial transaction/financial service;
Ø Profession / Source of Earnings/ Income: Salary, Business, investment income;
Ø Purpose and intended nature of business relationship;
Ø Expected monthly turnover (amount and No. of transactions); and
Ø Normal or expected modes of transactions/ Delivery Channels.
Ø Verification of customer’s mailing and permanent addresses
Ø Verification of customer’s source of income with supporting documents
Ø Identification of beneficial owner
i) In case of a salaried person, in addition to customer domicile of South African citizen or passport along with a copy of his salary slip or service card or certificate or letter on letter head of the employer will be obtained.
ii) For Customer registration number [CRN] which expire during the course of the customer’s relationship, regulated person shall design/ update their systems which can generate alerts about the expiry of CRN at least 01 months before actual date of expiry and shall continue to take reasonable measures to immediately obtain copies of renewed CRN.
iii) The condition of obtaining Board Resolution is not necessary for foreign companies/entities belonging to countries where said requirements are not enforced under their laws/regulations. However, such foreign companies will have to furnish Power of Attorney from the competent authority for establishing Business Relationship to the satisfaction of the regulated person.
iv) The condition of obtaining photocopies of identity documents of directors of Limited Companies/Corporations is relaxed in case of Government/Semi Government entities, where regulated person should obtain photocopies of identity documents of only those directors and persons who are authorized to establish and maintain Business Relationship. However, regulated person shall validate identity information including CRN numbers of other directors from certified copies of article of Association, Article of Memorandum and pattern of shareholding.
v) Government entities accounts shall not be opened in the personal names of a government official. Any account which is to be operated by an officer of the Federal or Provincial or Local Government in his/her official capacity, shall be opened only on production of a special resolution or authority from the concerned administrative department or ministry duly endorsed by the Ministry of Finance or Finance Department/Division of the concerned Government.
Explanation: - For the purposes of this regulation the expression ―Government entities‖ includes a legal person owned or controlled by a Provincial or Federal Government under Federal, Provincial or local law.
Screening of customers through UN sanctions committee’s website, National Counter Terrorism Authority’s website and different SROs issued by the Federal Government.
Ongoing monitoring of the clients which includes monitoring of their trading activities and their receipts and payments, etc. Enhanced Due Diligence (EDD) process in which more documentary evidences are obtained from the customers to verify their source of income, etc.
CONTACT INFORMATION
Any questions or suggestions about this Privacy Policy should be addressed via email to: “afrione@afrionebank.africa
This notice is reviewed intermittently and may be updated at any time. We are regulated by the Information Commissioner’s Office You can contact them for advice and support.
Thank you
Compliance Department.
2 Baanbreker Avenue, Helderkruin, Roodepoort South Africa
AFRIONE BANK – EVERYONE IS BANKABLE
