Financial Institutions (Anti-Money Laundering and Combating of Financing of Terrorism) Regulations, 2015

LESOTHO Government Gazette Vol. 60 Friday – 31st July, 2015 No. 50 CONTENTS No. Page LEGAL NOTICES 76 Publication of Postal Rates and Charges . . . . . . . . . . . . . . . . . . . . . . 382 Notice, 2015 77 Financial Institutions (Anti-Money Laundering and . . . . . . . . . . . . . 385 Combating of Financing of Terrorism) Regulations, 2015

OTHER NOTICES (See Supplement of the Gazette) Published by the Authority of His Majesty the King Price: M13.00

382 LEGAL NOTICE NO. 76 OF 2015 Publication of Postal Rates and Charges Notice, 2015 Pursuant to section 14 of the Post Office Act, 1979 1 , I, THATO MOSISILI the Postmaster General publish the attached Postal Rates and Charges as shown in Schedule A. DATED: THATO MOSISILI POSTMASTER GENERAL NOTE

1. Act No. 13 of 1979

SCHEDULE A Postage Rates as from 1st April 2015 Rates of Postage on Articles Addressed to Places within Lesotho (Domestic Mail) CATEGORY OF MAIL WEIGHT STEP CHARGE MS

1. LETTERS Up to 20g 1 70 Above 20 up to 100g 2 20 Above 100 up to 250g 3 50 Above 250 up to 500g 4 00 Above 500 up to 1000g 6 00 Above 1000 up to 2000g 10 00 Per additional step of 1000g 4 00

2. POSTCARDS 1 70

3. PRINTED PAPERS Up to 20g 1 50 Above 20 up to 100g 2 00 Above 100 up to 250g 2 50 Above 250 up to 500g 3 00 Above 500 up to 1000g 3 50 Above 1000 up to 2000g 7 00 Per additional step of 1000g 3 00

4. PARCELS Per 500g 17 00

5. LITERATURE FOR THE BLIND FREE Supplementary Charges M S

6. Registration of a Postal item inland (domestic) 3 40

7. Compulsory registration of postal item posted out of course (POC) 10 00

8. Express delivery of a Postal article 7 00

9. Advise of delivery of registration item 3 00

10. An inquiry regarding any unregistered Postal item or in respect of money/postal order enclosed in an unregistered letter 10 00

11. Price of each small registered envelope 3 50 383

12. Price of each large registered envelope 4 00

13. Registration of a newspaper 100 00

14. Yearly renewal of a newspaper 350 00

15. Advice of arrival of a Postal parcel 3 00 COMMISSION ON MONEY ORDERS ISSUED IN LESOTHO AND TO BE PAID IN SWAZILAND AMOUNT PER ISSUE COMMISSION (M) (M) 50 - 100 25.00 101 - 200 30.00 201 - 300 39.00 301 - 400 47.00 401 - 500 53.00 501 - 1000 61.00 1001 - 1500 75.00 1501 - 2000 82.00 COMMISSION ON MONEY ORDERS ISSUED IN LESOTHO AND TO BE PAID IN ZIMBABWE AMOUNT PER ISSUE COMMISSION (M) (M) 50 - 100 30.00 101 - 200 36.00 201 - 300 47.00 301 - 400 56.00 401 - 500 64.00 501 - 1000 73.00 1001 - 1500 90.00 1501 - 2000 98.00 384

LEGAL NOTICE NO. 77 OF 2015 Financial Institutions (Anti-Money Laundering and Combating of Financing of Terrorism) Regulations, 2015 PART I - PRELIMINARY

1. Citation and commencement
2. Interpretation
3. Objectives
4. Application PART II - ANTI MONEY LAUNDERING AND COMBATING OF FINANCING OF TERRORISM MEASURES
5. Anti-Money Laundering and Combating of Financing of Terrorism Measures
6. Internal Control
7. Operational Risk Management to Curb Money Laundering and Financing of terrorism
8. management Information Systems
9. Ethical and Professional Standards for Staff
10. Reporting of Suspicious Activities, Incidents of Fraud and Large Transaction
11. Customer Due Diligence
12. Correspondence Banking
13. Internal and External Audit
14. Compliance Officers
15. Staff Training
16. Record Keeping
17. On Site Examination
18. Supervisory Action 385

LEGAL NOTICE NO. 77 OF 2015 Financial Institutions (Anti-Money Laundering and Combating of Financing of Terrorism) Regulations, 2015 In exercise of the powers conferred upon the Commissioner of Financial Insti￾tutions by section 71 of the Financial Institutions Act, 2012, the Commissioner makes the following regulations: PART I - PRELIMINARY Citation and commencement

1. These regulations may be cited as the Financial Institutions (Anti-Money Laundering and Combating of Financing of Terrorism) Regulations, 2015 and shall come into operation on the date of publication in the Gazette. Interpretation
2. (1) In these regulations, unless the context otherwise requires - “Board of Directors” means the Board of Directors of a bank; “bank” has the same meaning as in the Financial Institutions Act, 2012 “Commissioner” has the same meaning as in the Financial Institutions Act, 2012; “correspondent banking” means provision of banking services by one bank called ‘the correspondent bank’, to another bank referred to as ‘the respondent bank’; “money laundering” has the same meaning as assigned to it under the Money Laundering and Proceeds of Crime Act, 2008; “politically exposed person” has the same meaning as assigned to it under Money Laundering and Proceeds of Crime Act, 2008; “staff” means an employee of a bank; 386

“shell bank” means a bank that has no physical presence in the country in which it is incorporated and licensed, and which is unaffiliated with a regulated financial services group that is subject to effective consoli￾dated supervision; “Unit” means the Financial Intelligence Unit established under the Money Laundering and Proceeds of Crime Act, 2008. (2) Other words used have the same meaning assigned to them in the Financial Institutions Act, 2012 or the Money Laundering and Proceeds of Crime Act, 2008. Objective 3. The objective of these regulations is to prescribe safeguards against the abuse of the financial services in the banking sector. Application 4. These regulations apply to a bank licensed in Lesotho. PART II - ANTI MONEY LAUNDERING AND COMBATING OF FINANCING OF TERRORISM MEASURES Anti money laundering and combating of financing of terrorism measures 5. (1) A bank shall have and implement, at the minimum, the following policies together with the necessary processes: (a) internal control policies to guard against criminal activities; (b) operational risk management policies; (c) a policy on: (i) ethical and professional conduct of staff; (ii) reporting of incidents of fraud and suspicious activities; 387

(iii) customer due diligence; (iv) correspondent banking; (v) internal and external auditors; and (vi) record keeping. Internal controls relating to anti-money laundering and combating of fi￾nancing of terrorism 6. (1) In addition to the existing regulatory framework on internal con￾trols, a bank shall adhere to the internal control requirements specified in this regulation. (2) The Board of Directors shall ensure that a system of internal con￾trols for anti-money laundering and combating of financial terrorism purposes is established and maintained. (3) A bank’s internal control framework shall provide and set up an organizational structure, which shall provide accounting policies and processes, checks and balances, and framework intended to safeguard assets and invest￾ments to ensure that the bank is not used for money laundering and terrorist fi￾nancing. (4) In relation to organizational structure, the bank’s framework should have clear definitions of duties and responsibilities, including clear del￾egation of authority, decision making powers, policies and processes, separation of critical functions such as business origination, payments, reconciliation, ac￾counting, risk management, audit and compliance. (5) A bank’s accounting policies and processes shall include but not be limited to reconciliation of accounts, control lists and management informa￾tion systems. (6) A bank shall have - (a) a policy that encourages checks and balances to ensure cross checking of major decisions by more than one person to ensure that the bank is not used for criminal 388

activities. (b) processes for safe guarding assets and investments including physical and electronic infrastructure control to ensure that assets are not used for criminal activities. (7) A bank shall ensure that investments are not made in entities or territories that are not regulated against anti-money laundering and combating of financial terrorism and that the entity communication systems are not used for money laundering and terrorist financing. Operational risk management to curb money laundering and financing terrorism 7. (1) A bank shall have appropriate operational risk management strategies, policies and processes that identify, assess, evaluate, monitor, report and control or mitigate operational risk that may give rise to money laundering and financing of terrorism. (2) A bank’s operational risk management strategies, policies and processes against money laundering and terrorist financing shall - (a) be consistent with the bank’s risk profile, systemic importance, risk appetite and capital strength; (b) take into account market macro-economic conditions and address major aspects of operational risk prevalent in the business of the bank on a bank-wide basis, includ￾ing periods when operational risk may increase; (c) be approved and annually reviewed by the Board of Directors. (3) The Board of Directors shall ensure that the operational risk management strategies, policies and processes against money laundering and terrorist financing are implemented effectively and are fully integrated into the bank’s overall risk management process. (4) A bank shall have a comprehensive disaster recovery and busi￾ness continuity plan that shall enable the bank to resume operation in the event 389

of severe business disruptions. Management Information System 8. (1) A bank shall put in place - (a) management information systems policies and processes to identify assess, monitor and manage technology risks to prevent money laundering and terrorist financing; (b) management information systems infrastructure to meet its current and projected business requirements under normal circumstances and periods of stress, which ensures data and system integrity, security and availab￾ility and supports integrated and comprehensive risk management including management of risk related to money laundering and terrorist financing. (2) A bank shall ensure that it has appropriate and effective man￾agement information systems that: (a) monitor operational risk including money laundering and terrorist financing risk; (b) compile and analyse operational risk data referred to in paragraph (a); and (c) facilitate appropriate reporting at the Board of Directors, senior management and business line levels that support proactive management of operational risk. (3) A bank shall have policies and processes that assess, manage and monitor outsourced management information systems and other activities. (4) At the minimum, the outsourcing risk management programme shall cover: (a) conducting of due diligence in selecting potential service providers; 390

(b) structuring the outsourcing arrangement; (c) managing and monitoring the risks associated with the outsourcing arrangement; (d) ensuring regulatory control environment; and (e) establishing viable contingency planning. (5) A financial institution’s outsourcing of information technology and other functions policies and processes shall require the bank to have com￾prehensive contracts or service level agreements with a clear allocation of re￾sponsibilities between the outsourcing provider and the bank. Ethical and professional standards for staff 9. (1) A bank shall have in place - (a) policies and processes that promote high ethical and professional standards, specific to the organization and in line with those set by professional bodies, to prevent the bank from being used, intentionally, for criminal activities; (b) screening policies and processes to ensure high ethical and professional standards. Reporting of suspicious activities, incidents of fraud and large transactions 10. (1) A bank shall report - (a) incident of fraud to the Commissioner; (b) suspicious transactions and large transactions to the Unit in the format prescribed in the Money Laundering (Accountable Institutions) Guidelines, 2013 developed pursuant to section 15(2)(e) of the Money Laundering and Proceeds of Crime Act, 2008. (2) If a bank considers that a suspicious activity is material to the 391

safey, soundness or reputation of the bank, the bank shall, in addition to reporting to the Financial Intelligence Unit, report the suspicious activity to the Commis￾sioner. (3) A staff member of a bank who reports a suspicious transaction or incident of fraud in good faith, either internally or directly to the Unit, the Commissioner, the law enforcement agency or another relevant authority shall not be held liable. (4) A bank shall have and follow clear policies and processes for staff to report any suspected incident related to money laundering and terrorist financing to either local management or the relevant dedicated officer or to both. (5) A bank shall have and utilize adequate management information systems to provide the Board of Directors, management, compliance and dedi￾cated officers with timely and appropriate information to abuse of the bank’s fi￾nancial services of the bank. Customer Due Diligence 11. (1) In addition to the Financial Institutions (Know Your Customer) Guidelines, 2007 a bank shall comply with the Money Laundering (Accountable Institutions) Guidelines, 2013 with regard to customer due diligence. (2) A bankshall establish well documented customer due diligence policies and processes that are communicated to all relevant staff and integrated in the bank’s overall risk management system. (3) A bank’s customer due diligence policies and processes shall comprise appropriate steps to identify, assess, monitor, manage and mitigate risks of money laundering and the financing of terrorism with respect to cus￾tomers, countries and regions, as well as to products, services, transactions and delivery channels on an ongoing basis. (4) A bank’s customer due diligence program shall have the follow￾ing essential elements: (a) customer acceptance policy that identifies business relationships that the bank shall not accept based on identified risks; 392

(b) a customer identification, verification and due diligence programme on an ongoing basis which encompasses verification of beneficial ownership, understanding the purposes and nature of the business relationship, and risk-based reviews to ensure that records are updated and relevant; (c) policies and processes to monitor and recognize unusual or potentially suspicious transactions; (d) enhanced due diligence on high-risk accounts including escalation to the bank’s senior management level deci￾sions on entering into business relationships with high risk accounts or maintaining such relationships when an existing relationship becomes high risk; (e) enhanced due diligence on politically exposed persons, including escalation to the bank’s senior management level of decisions on entering into business relationships with politically exposed persons; and (f) rules on records to be kept on customer due diligence and individual transactions and their retention period which shall not be less than 10 years. Correspondent banking 12. (1) A bank shall have and implement customer due diligence poli￾cies and processes that are specific to its correspondent banking and the policies and processes shall include: (a) gathering sufficient information about their respondent banks to appreciate the nature of their business and cus￾tomer base, and how they are supervised; (b) prohibit or discontinue correspondent relationships with a bank that does not have adequate controls against crim￾inal activities or is not effectively supervised by the rel￾evant authorities; 393

(c) a requirement by a bank to satisfy itself that respondent financial institutions in a foreign jurisdiction do not per￾mit their account to be used by shell banks; (d) prohibition of banks to enter into or continue correspon￾dent banking relationships with shell banks; (e) a requirement for the bank to provide evidence that their accounts with respondent banks are not used by shell banks. (2) A bank shall also adhere to the Financial Institutions (Know Your Customer) Guidelines, 2007 regarding correspondent banking. Internal and External Audit 13. (1) A bank shall - (a) have a policy, approved by the Board of Directors, on the appointment of internal and external auditors; (b) appoint internal and external auditors, to whose reports the Commissioner shall have unrestricted access, to in￾dependently evaluate the relavant risk management poli￾cies, processes and controls. Compliance officers 14. (1) A bank shall - (a) establish policies and processes to designate compliance officers or money laundering officers; (b) appoint compliance or money laundering officers to whom potential abuses of the bank’s financial services, including suspicious transactions, are reported. 394

Staff training 15. A bank shall undertake an ongoing training programme for its staff on - (a) anti-money laudering; (b) combating of financial terrorism; (c) customer due diligence; and (d) methods to monitor and detect criminal and suspicious activi￾ties. Record keeping 16. (1) A bank shall - (a) maintain customer records as prescribed by the Financial Institutions (Know Your Customer) Guidelines, 2007; (b) maintain customer records for a minimum of 10 years. On site examination 17. (1) The Commissioner may, from time to time, carry out an exami￾nation of a bank without prior notice to assess its compliance with anti-money laudering and financing of terrorism legislation. (2) A bank shall provide information related to anti-money laudering and financing terrorism to examiners both on site and off site when required to do so. (3) In carrying out an examination of a bank, the Commissioner may use its own staff or external experts. (4) A bank shall provide working space for examiners to carry out their examination work. 395

Supervisory action 18. Where a person contravenes these regulations the Commissioner may pursue remedial measures set out in the Financial Institutions Act, 2012, includ￾ing: (a) revocation of a licence; (b) imposition of penalty on the financial institution or any of its di￾rectors, managers, officers or staff. DR. RET◊ELISITSOE MATLANYANE GOVERNOR OF THE CENTRAL BANK OF LESOTHO Printed by the Government Printer, P.O. Box 268, Maseru 100 Lesotho 396