LogoRegulatory Alerts
2021-12-23 | 13385

Central Bank Decision No. 13385 on the Application of Law 347 (Dated August 6, 2001) Concerning the Regulation of Money Dealers

The Central Bank of Lebanon, through Decision No. 13385 dated January 23, 2021, mandates money exchange institutions to implement a comprehensive risk-based approach for anti-money laundering and counter-terrorist financing compliance. The decision amends Article 5 of Decision No. 7933 by formally defining "Client" and "Beneficial Owner," while imposing strict obligations on institutions to conduct enhanced due diligence, maintain detailed transaction records, appoint certified compliance officers, and continuously monitor high-risk clients, politically exposed persons, and third-party reliance. Furthermore, it establishes a robust internal reporting framework requiring 48-hour notifications for suspicious activities, standardized risk scoring, and regular external audits to ensure alignment with Financial Action Task Force (FATF) recommendations.

Banque du Liban logo

Lebanon

Banque du Liban

Click to view thumbnail

Central Bank Circular No. 602 For Money Exchange Institutions

We hereby submit to you the application of controls and reports for Central Bank Decision No. 7933 dated September 27, 2001, amended by Basic Circular No. 3 for Money Exchange Institutions, along with Central Bank Decision No. 13385 dated December 23, 2021.

Central Bank Decision No. 13385 Based on Central Bank Decision No. 7933 dated September 27, 2001

The Governor of the Central Bank, Having considered Law No. 44 dated November 24, 2015, concerning the prevention of money laundering and terrorist financing, as amended; Having considered Decision No. 347 dated August 6, 2001, concerning the regulation of money exchange; Having considered Basic Decision No. 7818 dated May 18, 2001, and its amendments concerning the supervision of financial and banking operations for money exchange institutions; Having considered Basic Decision No. 7933 dated September 27, 2001, and its amendments concerning the application of controls and reports for money exchange institutions; Having considered the recommendations of the Financial Action Task Force (FATF); Having considered the decision of the Central Bank Council at its extraordinary session dated December 15, 2021; Has decided as follows:

Article 1: The text of "Article 5" in the application of controls and reports for money exchange institutions attached to Central Bank Decision No. 7933 dated September 27, 2001 is replaced with the following:

"Article 5: First, The following definitions apply:

  • 'Client': A natural or legal person, Lebanese or foreign (Arrangement Legal), such as a Trust, foundation, institution, association, cooperative, social welfare institutions, non-profit associations, charities, etc.
  • 'Beneficial Owner': A natural or legal person who ultimately owns or controls, directly or indirectly, the 'Client' and/or the legal person with whom transactions are conducted. Indirect ownership/control includes cases where ownership/control is exercised through a series of intermediaries or indirect control mechanisms.

Second, Money exchange institutions shall:

  1. Apply risk-based procedures for identifying clients and beneficial owners, considering transaction value, type (cash/non-cash), frequency, and purpose. They must understand the nature of business, ownership/control structure, source of funds, and continuously monitor transactions, especially in cases: a) Opening or maintaining an account. b) Conducting one-off transactions exceeding 10,000 LBP (or equivalent). c) Suspicion of money laundering or terrorist financing.
  2. Consider the risk-based assessment regarding existing client relationships, ensuring that identification procedures are adequate and documented, and that obtained data is sufficient.
  3. Obtain the following official documents or assessments: a) If the client is a natural person, their ID/passport, proof of address or place of establishment. b) If the client is a legal entity/organization, its commercial registration, articles of association, list of shareholders/beneficial owners (direct or indirect), power of attorney, and authorized signatories. c) If the transaction is conducted through an agent or natural person, proof of identity and address, plus compliance with procedures in Article 2(1) for non-resident clients.
  4. Identify and document the beneficial owner upon transaction initiation, completion, or account closure, as specified in the 'Internal Reporting Unit'.
  5. Maintain special records for transactions exceeding 10,000 LBP (or equivalent).
  6. Retain records of 'Client' and 'Beneficial Owner' (names, addresses, identification documents, risk assessments, source of funds/wealth, purpose/nature of business) for five years from the date of transaction/account closure. Records must be readily accessible in case of criminal activity.
  7. Establish and maintain effective internal control systems for money laundering/terrorist financing prevention, including: a) Effective procedures aligned with senior management directives. b) Adequate staffing, expertise, and tools for risk assessment. c) A Compliance Officer at the senior management level with authority, continuous training (CAMS certified), and defined duties: - Organizing continuous training for staff. - Assessing risk (Risk-Based Approach) and recommending procedures. - Participating in transactions to ensure consistency, identifying clients/patterns/risks. - Ensuring obtained documents/data are adequate and records are maintained, especially for high-risk clients. d) Risk-based procedures aligned with client/transaction profiles and FATF recommendations, including periodic reviews by an independent internal audit function. e) Centralized risk assessment center for data collection, including names from the 'Internal Reporting Unit' and transaction amounts, continuously updated. f) Risk assessment policies at the institutional level, covering all branches/subsidiaries with specific guidelines on data flow, compliance officer role, risk scoring (Low, Medium, High), and record retention. g) Risk assessment criteria aligned with the Risk-Based Approach for clients, transactions, products, and markets. h) Monitoring criteria based on risk and purpose for clients, beneficial owners, politically exposed persons (PEPs), high-risk transactions, and risk scoring. i) Continuous monitoring and evaluation of client relationships. j) Obtaining enhanced due diligence (EDD) information, especially regarding wealth source. k) Senior management approval for transactions based on risk profiles. l) Periodic relationship reviews. m) Ongoing peer comparison. n) Risk assessment criteria for determining if a client or beneficial owner is politically exposed (PEP). o) Considering the time factor in establishing/maintaining client relationships. p) Relying on information providers for adequate procedures and peer comparison. q) Comprehensive senior management policies, including those in this Article, to assess risks and implement control procedures. r) Risk assessment results reviewed by the Compliance Officer and stored for regulatory authorities as needed. s) Ensuring third-party transactions are subject to assessment and supervision, with the institution bearing primary responsibility for AML/CFT procedures. Third parties (local or foreign) must follow risk-based criteria, especially high-risk ones, as approved by the Central Bank. t) Assessing and scoring risks from new/modified products, services, delivery channels, market innovations, and external factors. Continuous product/service risk assessment with appropriate criteria to increase/decrease risks.
  8. The Compliance Officer bears full responsibility for client compliance with 'Internal Reporting Unit' procedures, except when the 'Authority' issues a specific decision.
  9. Branches and foreign subsidiaries apply these procedures, or additional ones if local laws conflict, with the institution bearing responsibility for risk assessment and 'Internal Reporting Unit' procedures.
  10. Continuous review by the external auditor of the General Assembly regarding names listed in the 'Internal Reporting Unit' (direct/indirect, active/inactive) and transactions/operations attempted to be reviewed or other related activities. The 'Internal Reporting Unit' must notify within 48 hours of completing the review with available data.
  11. Notifying the 'Internal Reporting Unit' of any objections regarding listed names, with details and reasons.
  12. The FATF's ninth recommendation regarding continuous review of related transactions, accounts, or operations (including attempted reviews) must be notified to the 'Internal Reporting Unit' within 48 hours, specifying completion and available data, peer comparison notifications, and risk scoring.
  13. Considering, as non-exhaustive examples, indicators of money laundering/terrorist financing risk when no decision is made: - Transactions with unclear client activity. - Frequent small transactions below thresholds. - Attempts to cash in/checks with unclear purpose. - Execution/requests for execution of checks not aligned with client profile. - Execution/requests by multiple third parties with unclear purpose. - Incomplete documents for client identification. - Checks involving third parties with names/amounts/purposes. - Regular intervals between check issuance and cashing. - Discrepancy between client identity and beneficiary. - Check amount vs. financial capacity. - Client using non-active accounts for check issuance. - Unexplained client inquiries to the Compliance Officer. - Client's refusal of standard due diligence questions. - Unusually high check volume for the client. - Cancellation of transactions with additional documents/data. - Increased transaction volume during peak periods.
  14. The Compliance Officer shall submit the annual report to the supervisory authority, detailing the institution's AML/CFT procedures, risk assessment results, and compliance status.
  15. Assessing and scoring risks from new/modified products, services, delivery channels, market innovations, and external factors. Continuous product/service risk assessment with appropriate criteria to increase/decrease risks.
  16. Notifying Central Bank governors (local branches) if they have objections or support regarding transactions/operations related to money laundering/terrorist financing, or if third-party reliance is used.
  17. The Compliance Officer bears full responsibility for client compliance with 'Internal Reporting Unit' procedures, except when the 'Authority' issues a specific decision.
  18. Branches and foreign subsidiaries apply these procedures, or additional ones if local laws conflict, with the institution bearing responsibility for risk assessment and 'Internal Reporting Unit' procedures.
  19. Continuous review by the external auditor of the General Assembly regarding names listed in the 'Internal Reporting Unit' (direct/indirect, active/inactive) and transactions/operations attempted to be reviewed or other related activities. The 'Internal Reporting Unit' must notify within 48 hours of completing the review with available data.
  20. Notifying the 'Internal Reporting Unit' of any objections regarding listed names, with details and reasons.
  21. The FATF's ninth recommendation regarding continuous review of related transactions, accounts, or operations (including attempted reviews) must be notified to the 'Internal Reporting Unit' within 48 hours, specifying completion and available data, peer comparison notifications, and risk scoring.
  22. Considering, as non-exhaustive examples, indicators of money laundering/terrorist financing risk when no decision is made: [list]
  23. The Compliance Officer shall submit the annual report to the supervisory authority, detailing the institution's AML/CFT procedures, risk assessment results, and compliance status."

Article 2: This Decision takes effect upon issuance. Article 3: This Decision is published in the Official Gazette.

Byurout, on January 23, 2021 Governor of the Central Bank Rachad Tawfiq Salamé

Share