NBFIRA

Non-Bank Financial Institutions Regulatory Authority

GUIDANCE NOTE ON RECORD KEEPING & CUSTOMER IDENTIFICATION

NON BANK FINANCIAL INSTITUTIONS June 2020

AML/CFT & P Guidance Note 2 of 2020

1 | Page

---

Definition of Terms

“Act” refers to the Financial Intelligence Act, 2019

“Anonymous account” means an account which cannot be linked to any person or be traced to any customer as defined under part I of the Act

“Beneficial ownership” means a natural person, who directly or indirectly through any contract, arrangement, understanding, relationship or otherwise-

(a) in relation to an incorporated body, ultimately owns or has a controlling ownership or exercises ultimate effective control through positions held in the incorporated body or is the ultimate beneficiary of a share or other securities in the body corporate;

(b) in relation to a trust or other legal arrangement, is the settlor, trustee or ultimate beneficiary of the trust or legal arrangement or has the power, alone or jointly with another person or with the consent of another person, to

(i) dispose of, advance, lend, invest, pay or apply trust property or property of the legal arrangement,

(ii) vary or terminate the trust or legal arrangement,

(iii) add or remove a person as a beneficiary or to or from a class of beneficiaries,

(iv) appoint or remove a trustee or give another person control over the trust or legal arrangement, or

(v) direct, withhold consent or to overrule the exercise of a power referred to in subparagraphs (i) – (iv);

(c) is the ultimate beneficiary of proceeds of a life insurance policy or other related investment services when an insured event covered by the policy occurs; or

(d) a transaction is conducted on his or her behalf.

“Business relationship” means any arrangement made between a customer and a NBFI or specified parties where the purpose or effect of the arrangement is to facilitate an occasional, frequent, habitual or regular course of dealing between the customer or legal arrangement and

2 | Page

---

specified parties where payment to be made is not known or capable of being ascertained at the time of the conclusion of the arrangement as defined under part I of the Act

“Customer Due Diligence” means the process where relevant information about the customer is collected and evaluated for any potential risk of commission of financial offence; as defined under part I of the Act

“Enhanced Customer Due Diligence” refers to means higher level of due diligence required to mitigate the increased risk of commission of financial offence; as defined under part I of the Act

“Specified party” means a person listed in schedule 1 of the FI Act

“FATF” means the Financial Action Task Force

“PIP” means a Prominent Influential Person

“NBFIRA” means the Non-Bank Financial Institutions Regulatory Authority as established under section 3 of the Non-Bank Financial Institutions Regulatory Authority Act 2016

3 | Page

---

1. INTRODUCTION

NBFIRA as a supervisory authority listed in Schedule II of the Act is mandated under Section 44 (1) of the Act to issue guidance notes in an effort to raise awareness amongst specified parties with regards to money laundering, terrorism financing and proliferation financing risks. This is to ensure that specified parties are able to develop systems and have policies in place that would assist them to be compliant.

The Act mandates all specified parties to implement programs to combat money laundering and terrorist financing. Section 16 of the Act requires that specified parties identify their customers whereas sections 27 to 32 require that specified parties keep records of all the documents acquired through customer identification process.

2. SCOPE

This Guidance Note should be read in conjunction with the Act and the regulations thereof, as well as the international standards.

3. APPLICABILITY

This guidance note is applicable to all specified parties to ensure that they have systems in place on how to deal with money laundering, terrorism financing and proliferation financing risks associated with record keeping and customer identification.

NBFIRA as a supervisory authority has an obligation under the Act to assist specified parties with guidance on how to combat money laundering, terrorism financing and proliferation financing risks. On the other hand, specified parties also have obligations relating to customer identification and record keeping. Specified parties should ensure that after going through this guidance note, they consider complementing other measures as outlined in the Act to ensure effectiveness in combatting the risks.

4 | Page

---

4. UNDERSTANDING MONEY LAUNDERING, TERRORISM FINANCING AND PROLIFERATION FINANCING ACTIVITIES

4.1. Money Laundering

Money laundering means an offence under section 47 of the Proceeds and Instruments of Crime Act 2014. Money laundering offence refers to a person who

(a) engages in a transaction that involves property which is, or in part directly or indirectly represents the proceeds of any crime; or

(b) receives, or is in possession of, conceals, disguises, transfers, converts, disposes of, removes from or brings into Botswana any property which in whole or in part directly or indirectly represents, the proceeds of any crime, where she or he knows, suspects or has reasonable grounds for knowing or suspecting that the property is derived or realized, in whole or in part, directly or indirectly from an confiscation offence or foreign serious offence related activity, shall be guilty of the offence of money laundering

4.2. Terrorism Financing

The FATF Recommendations - International Standards on Combating Money Laundering and the Financing of Terrorism (2012) (updated 2019), the Counter Terrorist Act 2014 and the Counter Terrorist (Amendment) Act 2018 provide the following definitions:

Terrorist

The term terrorist refers to any natural person who: (i) commits, or attempts to commit, terrorist acts by any means, directly or indirectly, unlawfully and wilfully; (ii) participates as an accomplice in terrorist acts ; (iii) organizes or directs others to commit terrorist acts ; or (iv) contributes to the commission of terrorist acts by a group of persons acting with a common purpose where the contribution is made intentionally and with the aim of furthering the terrorist act or with the knowledge of the intention of the group to commit a terrorist act.

5 | Page

---

Act of Terrorism

Act of terrorism means any act or omission in or outside Botswana which is intended to advance a political, ideological or religious cause, or by its nature or context, may reasonably be regarded as being intended to intimidate or threaten then public or a section of the public, or compel a government or an international organization to do or abstain from doing any act, or to adopt or abandon a particular position.

Terrorist financing

Terrorism financing involves the provision of funds to enable the commission of terrorism or terrorist activity. Those involved in acts of terrorism or financing of terrorism, move their funds by using the formal banking system, money transfer services, informal value and physical cross border transportation of cash. Financial transactions associated with terrorist financing tend to be in smaller amounts than is the case of money laundering, and when terrorists raise funds from legitimate sources, the detection and tracking of these funds are difficult.

Terrorist financing offence

FATF Recommendation 5 encourages countries to criminalize terrorist financing, financing of terrorist acts and organizations and also individual terrorists even where there is no connection to terrorist act or acts on the Terrorist Financing Convention.

Terrorist group

Section 2 of the Counter Terrorism Act defines a terrorist group as a structured group of two or more persons, existing for a period of time and acting in concert with the aim of committing acts of terrorism, which is declared as a terrorist group under part III of the Act.

6 | Page

---

4.3. Proliferation Financing

The Act defines proliferation as the manufacture, acquisition, possession, development, export, transshipment, brokering, transport, transfer, stockpiling, or use of any arms of war or NBC weapons in contravention of the Arms and Ammunition Act, Nuclear Weapons (Prohibition) Act, Biological and Toxin Weapons (Prohibition) Act or Chemical Weapons (Prohibition) Act.

Proliferation financing therefore can be defined as the act of providing financial services which are used in whole or in part to the manufacture, acquisition, possession, development, export, transshipment, brokering, transport, transfer, stockpiling, or use of any arms of war or NBC weapons in contravention of the Arms and Ammunition Act, Nuclear Weapons (Prohibition) Act, Biological and Toxin Weapons (Prohibition) Act or Chemical Weapons (Prohibition) Act.

For proliferation financing, the FI Act should be read in conjunction with the;

a. Chemical Weapons (Prohibitions) Act b. Biological Weapons (Prohibitions) Act c. Nuclear Weapons (Prohibitions) Act

5. IDENTIFICATION OF CUSTOMERS

Specified parties should adopt a Risk Based Approach to identify their customers. Customers should thus be risk rated according to the level of risk they present. Specified parties thereafter shall ensure that measures are put in place to commensurate the level of risks that each customer presents. The Risk Based Approach would determine the level of customer due diligence that should be applied to the customer. Identifying a customer entails establishing and verifying the identity of the customer.

Identifying a customer comprises the collection of data about the customer and the verification process where the collected information is corroborated. Identifying customers enables specified parties to risk rate their customers therefore enabling the specified parties to know the level of risks that they are exposed to.

7 | Page

---

This process assists specified parties to develop systems that could help mitigate the money laundering, terrorists financing and proliferation risks. The Act therefore places an obligation under specified parties to

i. establish and verify the identity of a customer at the initial stage of conducting a business relationship or single transaction or ii. during the course of the business relationship or conclusion of a single transaction iii. where the customer is acting on behalf of another person, the specified parties should also establish the identity of that other person iv. establish and verify the identity of the beneficial owner v. collect information to enable understanding of the anticipated purpose and intended nature of the business relationship or transaction

Furthermore, where a specified party seeks to ascertain the information concerning customers, such specified party must take reasonable steps to obtain additional identification information as stated in the regulations.

i. Regulation 5: Ascertainment of information concerning natural persons ii. Regulation 6: Ascertainment of information concerning body corporate iii. Regulation 7: Ascertainment of information concerning other entities iv. Regulation 8: Ascertainment of information concerning partnerships v. Regulation 9: Ascertainment of information concerning trusts

Moreover, Sections 21 (1), 22 (1) and 23 (1) of the FI Act prohibits specified parties to establish or maintain any anonymous accounts or accounts that are fictitious, false or incorrect, establish or maintain a relationship with shell banks and maintaining business relationship with terrorist or a member of terrorist group.

5.1. Risk Based Approach

FATF Recommendation 1 advises countries on how to identify and assess ML/TF risks and ensure that proportionate measures to prevent or mitigate the defined risks. The risk based

8 | Page

---

approach requires that entities identify the risk factors, assess the level of risks, understand the impact of risk and have a mitigation plan.

During the initial onboarding process the nature of the customer will indicate the level of money laundering or terrorist financing risks. Identifying risk factors such as customer background, political affiliations, resident or non-resident status etc. will help entities be aware of the risks that they are exposed to. Based on these risk factors entities will be able to risk rate their customers and assess the vulnerability to money laundering and terrorist finance ng risks that their entities might face. The risk assessment will inform the entities of which level of customer due diligence to apply for each category of customers.

Simplified due diligence is appropriate where it is believed that the customer presents low risks to money laundering and terrorism financing risks. When conducting simplified due diligence verifying customer information may be limited to identification and source of funds evidence.

Enhanced due diligence should be applied to high risk customers. Prominent and influential persons should always be classified as high risk. Enhanced due diligence requires that extra care is applied in establishing and verifying information such as wealth or income.

5.2. Requesting Additional Identification Information and On-going due diligence

Based on the risk that the customer poses to the specified party, additional information about the customer might be sought from them. Regulation 10 makes a provision for this. The specified party should at all times conduct ongoing due diligence with respect to existing business relationship.

Ongoing due diligence comprises of;

a. collection and verification of additional Know Your Customer (KYC) information As part of conducting on going due diligence entities are required to determine when it is necessary to collect further KYC information or update the existing information.

b. transaction monitoring program

9 | Page

---

Entities should have a system in place to identify transactions that appear to be suspicious.

5.3. Examples of customers who might present high ML, TF and PF risks

a. Prominent influential persons (PIP’s) . PIPs are regarded as high risk because of their social status and influence. The risk with PIPs is increased because opportunities for them to gain assets through unlawful means such as accepting and paying bribes and by -passing certain controls due to their positions are high (See Annexure A for definition of PIP). Specified parties should ensure that they take all necessary precautionary measures when assessing the transactional behavior of PIPs.

Precautionary measures to be put in place when assessing transactional behaviors of PIPs may include;

• Obtaining senior management approval before establishing a business relationship
• Conducting enhanced due diligence by establishing and verifying the source of wealth and income

b. Persons from high risk jurisdictions High risk jurisdictions are those that have been identified as having weak anti money laundering and terrorist regimes, subject to sanctions, provides funding or support terrorist activities which presents a possibility of ML/TF and PF. Therefore persons from these areas present a high risk.

c. Persons whose source of income is unknown, uncommon in a given area or too complex to understand When the customer is involved in complex business structures where it would be impossible to easily determine their source of funds, there is usually a platform for illegal

10 | Page

---

funds to be moved around the system, hence conducting enhanced due diligence is vital to determine the source of funds.

d. Persons whose known profile does not match their financial or transacting behavior When a customer transacts beyond their known profile, they present higher risks than those transacting within their known profiles.

In terms of Section 16 (10) (b) of the FI Act, where a specified party forms reasonable suspicious that continuing with the CDD process will tip off the customer, the specified party shall discontinue the CDD process and report as a suspicious transaction to the Agency.

In cases where the specified party fails to establish and verify the identity of a customer they can take any of the measures stipulated under regulation 4 (2) of the Financial Intelligence Regulations 2019 listed below;

a. Not open an account for the customer b. Not commence a business relationship with the customer c. Not perform the transaction; and d. Consider making a suspicious transaction report in relation to the customer

6. RECORD KEEPING

Specified parties should maintain all the records obtained through customer due diligence measures, account files and business correspondence and results of any analysis undertaken. Where a specified party appoints a third party to keep its record, the specified party shall forthwith provide the Agency with particulars of the third party. Some of the records to be kept include;

a. the identity of the customer b. if the customer is acting on behalf of another person – (i) the identity of the person on whose behalf the customer is acting, and (ii) the customer’s authority to act on behalf of that other person if another person is acting on behalf of the customer;

11 | Page

---

(i) the identity of that other person, and (ii) that other person’s authority to act on behalf of the customer; c. the manner in which the identities of the persons referred to in paragraphs (a), (b) and (c) were established; d. the nature of the business relationship or transaction; e. the amount involved in the transaction and the parties to the transaction; f. all accounts that are involved in a transaction concluded by a specified party in the course of a business relationship or single transaction; g. the name of the person who obtained the information referred to under paragraphs (a), (b) and (c) on behalf of the specified party; and h. a document or copy of a document obtained by the specified party in order to verify a person’s identity.

Records must be kept by all specified parties during the course of the relationship and after its termination. Third parties may be engaged to keep records by specified parties on their behalf. In the latter case, a specified parties should ensure that it has access to the records at all times and where the appointed third party fails to comply with section 27 of the Act, the specified parties shall be liable for the failure. Records should at all times be kept up to date, be updated every two years from the date a transaction is concluded.

Additionally, the Act allows that records be kept in hard copy or electronic format. Specified parties should maintain effective record-keeping systems to allow supervisory authorities to have access to the records in a timely fashion.

6.1. Period of record keeping

Records kept in terms of section 27 of the Act, must be kept for a period of 20 years from the date a transaction is concluded and after the termination of a business relationship.

12 | Page

---

6.2. Penalties relating to identification of customers and record keeping

The Act imposes penalties relating to record keeping and identification of customers as obligations for specified parties. A specified party that contravenes section 16 relating to identification of customers shall be liable to a fine not exceeding P1000 000. In relation, a person who transacts using false identification and documents commits an offence and is liable to a fine not exceeding P500 000 or to imprisonment for a term not exceeding 10 years or both.

A specified party that fails to keep records in accordance with section 27 and 28 shall be liable to a fine not exceeding P 500 000 while a person who destroys or removes any record, register or document kept in accordance with this part commits an offence and is liable to a fine not exceeding not exceeding P 500 000 or to imprisonment for a term not exceeding 10 years or both.

7. CONCLUSION

Specified parties need to familiarize themselves with the obligations set out for them in accordance with the Act and have procedures and programs that mitigate the money laundering, terrorism financing and proliferation risks. Specified parties are therefore required to at a minimum follow this guidance note together with other issued legislation to ensure compliance with identification of customers and record keeping obligations. Furthermore, specified parties are required to periodically frequently update their policies and make sure that they are aligned to the current laws and regulations.

13 | Page

---

ANNEXURE A

Prominent and influential Persons ” means a person who is entrusted with public functions within Botswana or by a foreign country, his or her close associates or immediate member of the family or an international organisation and includes —

(a) a President; (b) a Vice-President; (c) a Cabinet Minister; (d) a Speaker of the National Assembly; (e) a Deputy Speaker of the National Assembly; (f) a member of the National Assembly; (g) a Councillor; (h) a senior government official; (i) a judicial officer; (j) a Kgosi; (k) a senior executive of a private entity; (l) a senior executive of a public body; (m) a senior executive of a political party; (n) religious leaders; (o) senior executives of international organizations operating in Botswana; (p) a person who has in the last five years held any of the positions referred to in paragraphs (a) to (o); or (q) such person as may be prescribed;

14 | Page