guidelines For The Identification, Verification And Reporting Of Suspicious Transactions Related To Money Laundering, Financing Of Terrorism And Proliferation Of Weapons Of Mass Destruction (ml/tf/pf) For Financial Institutions

NIGERIAN FINANCIAL INTELLIGENC NFIU INTEGRITY & DILIGENCE NIGERIAN FINANCIAL INTELLIGENCE UNIT REF: STR-NFIU-2024-A0001 13 December 2024 GUIDELINES FOR THE IDENTIFICATION, VERIFICATION AND REPORTING OF SUSPICIOUS TRANSACTIONS RELATED TO MONEY LAUNDERING, FINANCING OF TERRORISM AND PROLIFERATION OF WEAPONS OF MASS DESTRUCTION (ML/FT/PF) FOR FINANCIAL INSTITUTIONS REF: STR-NFIU-2024-A0001 PUBLIC 1 PART ONE In compliance with its powers under Section 3(1) (a-s) and Section 23 (2) (a) of the Nigerian Financial Intelligence Unit (Establishment) Act, 2018 and the Money Laundering (Prevention and Prohibition) Act, 2022 and under its inherent powers to prevent, mitigate and combat money laundering linked to cash-based financial dealings, Illicit Financial Flows (IFF) and the responsibility to protect the integrity of the financial system, this document is issued for the guidance and compliance by ALL Financial Institutions Recipients, End Users and Implementers of the Guidelines Governor, Central Bank of Nigeria DG, Securities and Exchange Commission Commissioner for Insurance, National Insurance Commission 1 2 3 4 5 6 7 Managing Directors/Chief Executive Officers of ALL Financial Institutions Executive Chief Compliance Officers of ALL Financial Institutions Chief Operating Officers of ALL Financial Institutions Chief Compliance Officers of ALL Financial Institutions 8 Chief Risk Officers of ALL Financial Institutions 9 Legal Departments of ALL Financial Institutions The following terms are used in the Guidelines S/N TERMS FOR THE PURPOSE OF THESE GUIDELINES, THE HIGHLIGHTED TERMS SHALL HAVE THE MEANINGS ASCRIBED HEREBELOW 1. CDD This refers to the additional measures taken by a reporting entity to verify a customer's identity. REF: STR-NFIU-2024-A0001 PUBLIC 2 2. Financial Institutions 3. DNFBPS 3. EDD REF: STR-NFIU-2024-A0001 Includes banks, body corporate, association or group of persons, whether corporate or incorporated which carries on the business of investment and securities, virtual asset service providers, a discount house, insurance institution, debt factorisation and conversion firm, bureau de change, finance company, money brokerage firm whose principle business includes factoring, project financing, equipment leasing, debt administration, fund management, private ledger service, investment management, local purchase order financing, export finance, project consultancy, pension funds management and such other business as the Central Bank of Nigeria, National Insurance Commission or Securities and Exchange Commission of Nigeria may designate; includes automotive dealers, business involved in the industry, casinos, clearing and settlement companies, consultants and consulting companies, dealers in jewelleries, dealers in mechanised farming equipment, farming equipment and machineries, dealers in precious metals and precious stones, dealers in real estate developers, estate agent and brokers, high value dealers, hotels, legal practitioners and notaries, licensed professional accountants, mortgage brokers, practitioners of mechanised farming, supermarkets, tax consultants, trust and company service providers, pools betting, such other businesses and professions as may be designated by the relevant regulations. This is an advanced application of CDD measures. It is applied when dealing with high- risk customers, products, or transaction platforms. PUBLIC 3 4. Relevant Laws 5. 6. KYC STR/SAR Laws that have direct and indirect bearings on the operations of the Unit and the subject matter, including but not limited to the • Nigerian Financial Intelligence Unit (Establishment) Act, 2018, • Money • • • • • Laundering (Prevention & Prohibition) Act, 2022, Terrorism (Prevention & Prohibition) Act, 2022. ML/CFT/CPF) Regulations 2022, NAICOM(AML/CFT) Regulations 2022 CBN(AML/CFT/CPF) Regulation 2022 SEC (AML/CFT/CPF) Regulations, 2022 EFCC (SCUML) Regulation 2023 This refers to the due diligence that reporting entities must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. KYC is the 1st level in the 1st line line of defence within an AML/CFT & CPF context. Wherever STR appears in this guideline it also applies to SAR A. PART TWO: INTRODUCTION

1. In accordance with the powers conferred on the Nigeria Financial Intelligence Unit by Section 28 of the Nigerian Financial Intelligence Unit, Act 2018, the NFIU hereby issue the Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation of Weapons of Mass Destruction (AML/CFT/CPF) Guidelines for the Identification, Verification and Reporting of Suspicious Transactions (hereinafter referred to as “STR reporting Guidelines") to all Financial Institutions. These guidelines will assist financial institutions in the generation and filing of quality STRs to enhance the control measures within these institutions. The provisions specified in these Guidelines are minimum requirements and shall be read in conjunction with the Relevant Laws outlined in this REF: STR-NFIU-2024-A0001 PUBLIC 4 document. This guideline is to be read in conjunction with 2023 Guidance to Reporting Institutions on Preparing a Complete Suspicious Transaction/Activity Report and Filing Electronically to the Nigerian Financial Intelligence Unit as well as other guidelines and advisories on red flags and indicators of suspicious transactions and activities issued by the NFIU.
2. By the provisions of Section 7(2) of the MLPPA 2022, a reporting entity, shall within 24 hours after the transaction referred to in subsection (1) a. draw up a written report containing all relevant information on the matters mentioned in subsection (1) together with the reasons and identity of the principal and, where applicable, of the beneficiary or beneficiaries. b. take appropriate action to prevent the laundering of the proceeds of a crime or an illegal act; and c. report the suspicious transaction and actions taken to the Unit. The above provisions shall apply whether the transaction is complete or not. B. PART THREE: STATEMENT OF ISSUES AND CHALLENGES UNDERPINNING THE GUIDELINES
3. Reporting Entities (REs) typically make use of transaction monitoring systems (TMS) to help identify transactions that may be suspicious. These alerts are triggered based on certain criteria/indicators developed by the REs and when triggered are considered unusual based on the rules and indicators set by the RE within their TMS as such should not be automatically regarded as suspicious.
4. It is noted that TMS may produce false positives based on the parameters set by the RE. Depending on the volume of transactions of the RE, hundreds if not thousands of alerts maybe flagged daily by the TMS. Thus, the transaction monitoring team within the AML/CFT/CPF compliance department will need at a minimum on a daily basis filter these alerts, carry out internal review and verification in order to determine which are false positives or which are potential STRs that need to be filed to the NFIU. REF: STR-NFIU-2024-A0001 PUBLIC 5 C. PART FOUR: OBJECTIVE OF THE GUIDELINES

To guide Reporting Entities in complying with AML/CFT/CPF requirements as to the identification, verification and reporting of activities and/or transactions that are deemed to be Suspicious. Ensure that Suspicious Transaction Reports filed to the NFIU are of high quality. 3) Minimize incidences of false positives and defensive filings of STRs 4) Ensure that Reporting Entities have in place appropriate and effective measures to prevent criminals from using the financial systems. 5) Ensure that Reporting Entities put in place appropriate and effective AML/CFT/CPF Policies and Procedures commensurate with their business complexities and risks. D. PART FIVE: SCOPE OF THE GUIDELINES

1. These Guidelines covers the requirements prescribed in the Money Laundering Prevention & Prohibition Act (MLPPA) 2022, Terrorism Prevention & Prohibition Act (TPPA) 2022 and other regulations issued by the relevant supervisory authorities.
2. These Guidelines do not supersede the provisions of the regulatory responsibility imposed under the Investments and Securities Act, Banking and Other Financial Institutions Act, Insurance Act and would not stop the exercise of regulatory authority made under these Acts where a suspected breach of relevant AML/CFT/CPF Laws and Regulations is brought to the attention of any of the competent regulatory authorities.
3. These Guidelines are subject to periodic review by the Nigerian Financial Intelligence Unit (NFIU). E. PART SIX: THE GUIDANCE NOTES REF: STR-NFIU-2024-A0001 PUBLIC 6 The Nigerian Financial Intelligence Unit in pursuance of its mandate under Section 28 (2) of the NFIU Act 2018 hereby provides this guidance for the purpose of clarity as to; • • • • What constitutes a suspicious transaction ready for filing to the NFIU, The period it should take between forming a suspicion and filing the STR with the NFIU, The contents and nature of narration of STR ready for filling to the NFIU The accompanying documents and details required that should form part of the STR to be filed with the NFIU.
4. What Constitute a Suspicious Transaction When filing a suspicious transaction report to the NFIU, the Reporting Entity must ensure that it has established reasonable grounds to suspect the transaction is related to the commission of an ML/TF/PF offence. The RE should take appropriate measures to ensure: a) Screening and reviewing of transaction alerts. b) Assessing the facts and contexts surrounding the suspicious transaction • Facts A fact may include an event, action, occurrence or elements that exists or are known to have happened or existed. It cannot be an opinion from the information about the transaction. Facts of a transaction may include the date of the transaction, time, location, amount or type. It could also include customer type, account details, particular business line etc. • Context This is the information that clarifies the circumstances or explains a situation or transaction. This type of information is important to differentiate between what may be suspicious and what may be reasonable in a given scenario. c) Linking the ML/TF/PF indicators or red flags to your assessment of the facts and contexts • Indicators/Red Flags REF: STR-NFIU-2024-A0001 PUBLIC 7 Red flags are indicators that initiate suspicion of a transaction and indicate that something may be unusual without a reasonable explanation. They typically stem from one or more facts, behaviours, patterns or other factors that identify irregularities related to a client's transactions. These transactions often exhibit inconsistencies with what is expected or considered normal based on the facts and context known to the Reporting Entity about its client and their transactional activities. d) Explaining the grounds for suspicion in an STR, where the Reporting Entity articulates how the facts, context and ML/TF/PF indicators allowed it to reach reasonable grounds for suspicion. Reporting Entity must be able to demonstrate and articulate its suspicion of ML/TF/PF in such a way that another Reporting Entity/individual reviewing the same material with similar knowledge, experience, or training would likely reach the same conclusion.
5. The period for forming a suspicion and filing the transaction as an STR to the NFIU By the provision of Section 7 (2)(1) (a) MLPPA, and Section 84 (1) ТРРА, 2022, Reporting Entities are mandated to render STRs to NFIU within 24 hours of the transaction. This should mean once a transaction is termed suspicious after meeting the criteria listed in Section 7(1) (a-e) of MLPPA and 84(1) (a-c) TPPA, it is only then that the 24-hour period for the report to NFIU is activated. Thus, this means that the process of filing a suspicious transaction is activated after the transaction has been subjected to a thorough examination and screening process by the Reporting Entity not later than 72 hours. Reporting Entities are to file internally all alerts generated and investigated but failed to qualify as suspicious with clear written reason why they are deemed not suspicious for examiners to review in the course of AML/CFT/PF examinations. This will also serve as a reservoir for future investigations by the TMS team within the institution. REF: STR-NFIU-2024-A0001 PUBLIC 8 Reporting Entities are also required to periodically review the rules, parameters, and thresholds that define their TMS framework, thus guaranteeing efficiency. There should also be a basis to carry out such reviews where an event or events occur outside of the scheduled periodic review periods, such as core banking upgrades, product introductions, or as directed by competent authorities.
6. The Accompanying Documents and Details Required That Should Form Part of The STR to Be Filed with the NFIU Customer Identification Documents: To support the Suspicious Transaction Report STR, the following Customer Identification Documents may be required: • • • • • A copy of a valid identity document (e.g. international passport, National Identification Number document, driver's license, etc) Proof of address (e.g., utility bill, visitation report, lease agreement etc) Business registration documents (for corporate accounts) Copy of the beneficial owner's identity document (if applicable) Copy of the legal representative's identity document (if applicable) NOTE: These documents are required as part of the Customer Due Diligence (CDD) process when a customer opens an account and forms part of the Account Opening Package (AOP). a) Transaction Records: To support the STR, the following Transaction Records should be included: i Transaction slips or receipts: copies of the actual transaction records, including deposit slips, withdrawal slips, transfer receipts, or other instructions. ii Bank statements or account activity logs: comprehensive records of the customer's account activity, including transactions, balances, and any relevant notes. iii Electronic payment records: records of electronic transactions, such as SWIFT messages, wire transfer records, or online payment confirmations. iv Account opening or closing records: documents related to the opening or closing of the account. REF: STR-NFIU-2024-A0001 PUBLIC 9 b) V Fixed Deposit account records/call Deposits, Treasury bills, Bonds etc (if any) vi Customer loan account records, including duly executed loan agreement and offer letters (if any) vii Evidence of remittances by IMTOs (Money Gram, Western Union, etc) Predicate Offence Documentation: i. Clearly indicate (in the RE's best estimate) the specific predicate offence (e.g., Corruption, Kidnapping, Fraud, Terrorist/Proliferation Financing etc)
7. THE CONTENTS AND NATURE OF NARRATION OF STR READY FOR FILLING TO THE NFIU When submitting a Suspicious Transaction Report (STR), REs are required to provide; a) a detailed and well-organized account of the suspicious activity, explicitly linking it to a specific predicate offence. This means clearly identifying the following facts: b) i. the Subject (Who) of the report and ii. When the Subject conducted the transaction. iii. Where the Subject is doing it (channel and geographic location) In the opinion of the RE i. what the Subject is doing ii. Why the Subject is doing it and, iii. how the Subject is doing it c) The RE should also provide details of the alert or alerts that triggered the investigation, along with all previous alerts and or STR filing history on the subject (if any). d) Where there have been previous LEA requests on the subject or internally triggered investigations, details of this should form part of the STR. e) A detailed account of remedial actions taken by the RE to address the risk identified around the transaction REF: STR-NFIU-2024-A0001 PUBLIC 10 F. PART SEVEN: SANCTIONS AND PENALTIES Money Laundering (Prevention & Prohibition) Act, 2022 • • • Section 7(10): requires financial institutions and designated non-financial businesses and professions to report suspicious transactions to the Nigerian Financial Intelligence Unit (NFIU). Failure to comply with this obligation is considered an offence. Section 19(4): provides for an additional disciplinary measure against an RE where as a result of a serious oversight or a flaw in its internal control procedures, it fails to meet any of the obligations imposed by this Act. Section 27(1): empowers supervisory and regulatory authorities to impose on REs or any of their officers for any breach of any requirement of this Act, such administrative sanctions as may be prescribed in a regulation made by the Attorney-General of the Federation under this Act. (2) Any penalty imposed by a supervisory or regulatory authority by virtue of subsection (1) shall take precedence over and is not limited by any other sanction that may be imposed under any other regulation. Section 19(2) provides for criminal penalties including a minimum jail term of two (2) years and a fine of at least ten million (N10,000,000.00) naira for any employee or director of a financial institution that warns or informs the subject of an STR of the disclosure or imminent disclosure of the report to the NFIU. Terrorism (Prevention & Prohibition) Act, 2022 • Section 84(1): mandates financial institutions and designated non- financial businesses to report STRs to NFIU within 24 hours of any transaction they suspect might involve terrorism financing. Section 84(3): Imposes penalties, fines and/or withdrawal of licence for failure to comply with reporting requirements. Entities that fail to report suspicious transactions related to terrorism financing may face substantial fines and/or imprisonment. Nigerian Financial Intelligence Unit (NFIU) Act, 2018 Section 25(2): empowers the NFIU's to impose penalties on entities that fail to comply with reporting requirements, including the failure to submit STRs. REF: STR-NFIU-2024-A0001 PUBLIC 11 • Section 25(5): stipulates that the penalty imposed shall be paid within two working days from the date of imposition otherwise an interest of 10% shall accrue for each day of the default. G. PART EIGHT: WAIVERS AND EXEMPTIONS Nothing in the Guidelines shall be construed or interpreted as exempting or exonerating any financial institutions from taking responsibilities and liabilities for acts spelt out in the Guidelines and under any other laws in Nigeria. H. PART NINE: ADDITIONAL INFORMATION

In determining whether a transaction or activity is suspicious as defined in Part 6 of these guidelines, Reporting Entities shall also take into consideration the following: a) The identification of high-risk predicate offences as contained in the National Risk Assessment, the findings of any relevant sectoral risk assessments as well as the entities' own AML/CFT/CPF risk assessment. b) The identification of red flags, indicators and methodologies as contained in any typology reports and any other strategic products issued by the NFIU and any other competent authority. c) the identification of higher-risk jurisdiction as outlined in the relevant regulations issued by supervisory authorities d) Reporting entities are encouraged to take a risk-based approach to transactions and activities that raise suspicion and in particular prioritize those related to the highest-risk predicate offences as included in Nigeria's National AML/CFT/CPF Risk Assessment. Questions or comments regarding the contents of this Guidelines should be sent to the NFIU Legal Services Division at guidelines@nfiu.gov.ng Authorised By: HAFSAR ABUBALLAR BALLARI Authorised On: 12M DECEMBER, 2024. Signature: REF: STR-NFIU-2024-A0001 PUBLIC 12 BLANK PAGE REF: STR-NFIU-2024-A0001 PUBLIC 13