Regulation on Money Transfer Business Operations, 2016

2016 1 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 CBS/NBS/REG/03 IN EXERCISE of the powers contained in Articles 50, 52 and 108 of the Financial Institutions Law, the following Regulation are hereby made: PART I – PRELIMINARY

1. These Regulation may be cited as the Regulation on Money Transfer Business Operations, 2015.
2. These Regulation shall apply to any natural or legal person, other than banks authorized to carry on banking business in Somalia under Financial Institutions Law, conducting money transfer business (whether or not the business is licensed as a money transfer business), which is expressly permitted under their license to carry on money transfer business as an activity.
3. These Regulation establish operational requirements imposed on any natural or legal person who is licensed under “The Financial Institutions (Money Transfer Business Licensing) Regulations, 2014” for conducting money transfer business.
4. In these Regulation, unless the context otherwise requires, the terms below shall have the following meanings: -

“Agent” means any person who acts under the direction of or by contract with a registered or licensed money transfer business and thereafter may subcontract other agents in a network while retaining overall responsibility for the agency relationship with subagents; “AML/CFT” means Anti-Money Laundering and Countering the Financing of Terrorism; “Beneficial owner” means the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes persons who exercise ultimate and effective control over a legal person, business entity or a non-profit organization; “Beneficiary/Recipient” means a customer record holder who receives money transfer from another person;

2016 2 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 “Branch” means any premises, other than its head office, at which a money transfer business transacts business in Somalia; “Business entity” means any firm, whether or not a legal person, which is not an individual and includes a corporate body or other, unincorporated association; “Business relationship” means a business, professional or commercial relationship between a money transfer business and a customer, which is expected by the money transfer business, at the time when contact is established, to have an element of duration; “Central bank” means the Central Bank of Somalia; “Central Bank of Somalia Act” means the Central Bank of Somalia Act, No.130 of 2012; “Competent authority” means a public authority other than a self-regulatory body with designated responsibilities for combating money laundering and/or financing of terrorism; “Control” in relation to a money transfer business means a situation where: a. One or more persons acting in concert, directly or indirectly, own, control or have the powers to vote five percent or more of any class of voting shares of the business; b. One or more persons acting in concert, control in any manner, the election of a majority of the directors, trustees, or other persons exercising similar functions, of the business; or c. Any circumstances exist which indicate that one or more persons acting in concert, directly or indirectly, exercise a controlling influence over the management, policies or affairs of the business; “Customer” means a person (including both sender and recipient of money transfers) with whom the money transfer business establishes a business relationship; “Customer record”, in relation to money transfer business, means a record of the customer identity information as held by a money transfer business; “Director” includes any person occupying the position of director of a money transfer business by whatever name called and includes a person in accordance with whose directions or instructions the officers of a money transfer business are accustomed to act and includes an alternate or substitute director; “Enhanced due diligence” means customer due diligence that should be conducted by a money transfer business where the money laundering/financing of terrorism risks are assessed as higher risk; “Financial Institution” means any natural or legal person who conducts as a business activities defined in the Financial Institutions Law, 2012 or one or more of the following activities or operations for or on behalf of a customer:

2016 3 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016

1. Acceptance of deposits and other repayable funds from the public, including private banking;
2. Lending, including consumer credit; mortgage credit; factoring, with or without recourse; and finance of commercial transactions (including forfeiting);
3. Financial leasing, not extended to financial leasing arrangements in relation to consumer products;
4. The transfer of money or its equivalent, including financial activity in both the formal or informal sector;
5. Issuing and managing means of payment (e.g. credit and debit cards, checks, traveler’s checks, money orders and bankers’ drafts, electronic money transfers);
6. Financial guarantees and commitments;
7. Trading in money market instruments (checks, bills, certificates of deposit, derivatives etc.); foreign exchange; exchange, interest rate and index instruments; transferable securities; or commodity futures;
8. Individual and collective portfolio management;
9. Safekeeping and administration of cash on behalf of other persons;
10. Otherwise investing, administering or managing funds or money on behalf of other persons;
11. Money and currency changing;
12. Electronic money also known as e-money services. “Financial Institutions Law” means the Central Bank of Somalia Financial Institutions Law No. 130 of 22 April, 2012; “Financing of terrorism” means the act of, directly or indirectly, providing or collecting funds, or attempting to do so, with the intention that they should be used or in the knowledge that they are to be used or in whole or in part for any purpose: a. in order to carry out a terrorist act; or b. by a terrorist; or c. by a terrorist organization. “Money laundering” means the conversion or transfer of any property including money, knowing it is derived from a criminal offence, for the purpose of concealing or disguising its illegal origin or of assisting any person who is involved in the commission of the crime to evade the legal consequences of its actions; the concealment or disguise of the true nature, source, location, disposition, movement, rights with respect to, or ownership of, property knowing that it is derived from a criminal offence; or the acquisition, possession or use of property knowing at the time of its receipt that it is derived from a criminal offence; “Money transfer business” means the acceptance of cash, checks and other payment instruments, mobile money (also including other stored-value products), in one location, and payment of a corresponding sum in cash or other form to a beneficiary in another location. Transactions

2016 4 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 performed by such services can involve one or more intermediaries, participation into a system, and a final payment to a third party, and may include any new payment methods; “Non-face-to-face customer” means a customer with whom the money transfer business has not had direct interaction at the time of opening a customer record; “Non-profit organization” means any organization, whether or not a legal person or arrangement, that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes or any other similar activity; “Occasional transaction” means a money transfer transaction carried out other than as part of a business relationship; “Officer”, in relation to a money transfer business, means a director or any other person, by whatever name or title he may be called or described, who carries out or is empowered to carry out functions relating to the overall direction, in Somalia, of that money transfer business or takes part in the general management thereof in Somalia; “Person” means any natural or legal person, business entity or non-profit organization; “Politically exposed person” or “PEP” means any person who is or has been entrusted with a prominent public function in the Federal Republic of Somalia or in other countries, for example, heads of state or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned entities, important political party officials and senior staff of nongovernmental organizations. All family members of such persons, and close associates who have business or financial relationships with such persons are also included herein; “Reasonable measures” means appropriate measures which are commensurate with the money laundering or financing of terrorism risks; “Sanctioned person” means a person prohibited from doing business with financial institutions; “Sender/originator” means a customer who requests a money transfer business to send a remittance transfer to another person; “Stored-value product” means a card or other tangible object for which a person pays in advance a sum of money to the issuer in exchange for an undertaking by the issuer that on production of the card or other tangible object to the issuer or a third party (whether or not some other action is required), the issuer or the third party, as the case may be, will supply goods or services or both goods and services; “Structuring” means to conduct or to attempt to conduct one or more transactions in any amount at one or more financial institutions on one or more days in any manner for purposes of evading the reporting requirements set in these Regulation;

2016 5 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 “Sub-agent” means a person who acts under the direction of an agent to provide money transfer services to customers. PART II - RISK MANAGEMENT PROCEDURES Article1 - Ownership and Management

1. No person with significant shareholding shall transfer its control of the money transfer business without prior written approval of the central bank.
2. Any money transfer business shall ensure that all of its directors, officers and agents are adequately trained to operate the money transfer business and are aware of their responsibilities under relevant Regulation, regulations, and laws.
3. Directors and management of any money transfer business shall: a. ensure the activities conducted by the money transfer business are in full conformity with these Regulation; b. ensure the money transfer business maintains, at all times, an effective system of internal controls; and c. develop appropriate policies and procedures to supervise all areas of its operations including accounting, human resources and information technology. Article2 - System Security Standards
4. Any money transfer business shall have system security standards for money transfer implementation and operational risk management.
5. The system security standards sub 1) shall at least consist of: a. an information technology security system to ensure: i. confidentiality, integrity, and authentication of system and data; ii. non-repudiation of executed transactions; iii. system availability; iv. security of the database and backup; v. business continuity; vi. disaster recovery system. vii. b. systems and/or procedures to ensure effective internal control; c. systems and/or procedures to ensure the ability to conduct an audit trail of money transfer transactions; and d. systems and/or procedures to ensure continuity of the provision of money transfer transactions. Article3 –Tools and Systems
6. Any money transfer business shall have the necessary tools and systems to: a. detect counterfeit currency; b. determine the appropriate fees, charges or commissions, if any; c. effectively communicate and exchange information; and

2016 6 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 d. process data and generate reports that meet regulatory requirements. Article4 – Risk Management Process

1. Any money transfer business shall adopt a risk management process for dealing with risks, especially money laundering and financing of terrorism risks.
2. A risk management process shall encompass: a. recognizing the existence of the risk(s), b. undertaking an assessment of the risk(s), identifying higher risk customers, products and services, including delivery channels, and geographical locations, and c. developing strategies to manage and mitigate the identified risks.
3. The risk analysis referred to in sub 2) must be kept up to date.
4. Proportionate procedures based on assessed risks shall be designed according to which: a. higher risk customers, products and services, delivery channels and geographical locations shall be subject to enhanced controls; b. lower risk customers, products and services, delivery channels and geographical locations may be subject to low, simplified or reduced controls. Article 5 – Internal Controls
5. The risk-management process must be imbedded within the internal controls of the institutions.
6. Senior management is ultimately responsible for ensuring that the money transfer business maintains an effective internal control structure, including suspicious activity monitoring and reporting.
7. Senior management must create a culture of compliance, ensuring that officers adhere to the money transfer business’s policies, procedures and processes designed to limit and control risks.
8. The framework of internal controls should: a. provide for regular review of the adequacy of risk assessment and risk management processes; b. provide for adequate AML/CFT compliance function and program; c. ensure that adequate controls are in place before new products are offered; d. inform senior management of compliance initiatives, identified compliance deficiencies, corrective action taken, and suspicious activity reports filed; e. provide for program continuity despite changes in management or officers composition or structure; f. provide increased focus and adequate controls on higher risk transactions, customers, products and services, delivery channels and geographical locations, as necessary, such as transaction limits or management approvals; g. provide for adequate supervision of officers who handle transactions, complete reports, grant exemptions, monitor for suspicious activity, or engage in any other activity that forms part of the business’s AML/CFT program;

2016 7 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 h. provide for adequate supervision of the activities of agents and subagents; i. provide for appropriate regular training to be given to relevant directors, and officers, and all agents and subagents at appropriate intervals. 5) While determining the nature and extent of anti-money laundering and countering the financing of terrorism controls, money transfer businesses shall consider a number of factors, including: a. The nature, scale and complexity of the money transfer business; b. The diversity of the money transfer business’s operations. c. The money transfer business’s customer, product, and activity profile. d. The distribution channels used; e. The volume and size of the transactions; f. The degree of risk associated with each area of the money transfer business’s operation; g. The integrity of the systems used; and h. The extent to which the money transfer business is dealing directly with customers or is dealing through intermediaries, third parties, or in a non-face-to-face setting. 6) Senior management shall have a means of testing and reporting the development and operation of the risk assessment and management processes and related internal controls by qualified parties who are not involved in the implementation or operation of the risk-management program. PART III - MAINTENANCE OF RECORDS Article 6 – Record Keeping

1. A money transfer business shall maintain the information required under these Regulation and “Money Transfer Businesses Customer Registration Regulations, 2015” for at least 5 (five) years.
2. Where a business relationship has ended, a money transfer business shall keep the information required by these Regulation and “Money Transfer Businesses Customer Registration Regulations, 2015” for at least 5 (five) years after the business relationship has ended.
3. The information required by these Regulation and “Money Transfer Businesses Customer Registration Regulations, 2015” shall be made available to competent authorities upon request and in a timely manner.
4. In situations where the records are subjected to on-going investigation or prosecution in court, they shall be retained beyond the stipulated retention period until such time money transfer businesses are informed by the relevant law enforcement agency that such records are no longer required.

2016 8 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 PART IV - CONSUMER PROTECTION Article7 – Disclosure

1. Any money transfer business shall disclose the following information in writing to their clients: a. the fees, charges or commissions, if any, and other conditions applicable to the money transfer business offered; b. that the money to be remitted by money transfer business clients enjoy the protection established by Article 54 of the Financial Institution Law; c. a notice informing the customers that they are entitled to be issued with a receipt for any money transfer transaction; and d. business hours. Article8 - Consumer Redress Mechanisms
2. Any money transfer business shall establish an effective, readily accessible mechanism for consumers to file complaints.
3. Any money transfer business shall provide easily understood information about the customer care system, including the customer care contact number, at its head office, branches as well as the premises of agents. Article 9 – Duty of Confidentiality
4. A money transfer business owes a customer a duty of confidentiality except where: a. disclosure is at the instance of the Central Bank of Somalia or other relevant authority; and b. the customer expressly consents to disclosure. PART V - AGENTS AND OUTSOURCING Article10– Appointment of Agents
5. Money transfer businesses may conduct their services through agents, in line with these Regulation.
6. A money transfer business shall not appoint an agent unless the following requirements are met: a. money transfer business completes adequate due diligence on the agent having regard to its reputation, character, reliability, financial integrity and business experience or other qualifications; b. the agent possesses or has access to appropriate physical infrastructure and human resources to meaningfully provide money transfer services; c. the agent is a person that is not on any sanction lists;

2016 9 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 d. agency arrangement is documented in writing and is approved by the senior management of the money transfer business; e. money transfer business takes appropriate steps to identify, assess and understand the money laundering and financing of terrorism risks particular to the countries or jurisdictions that the agent operates in; f. money transfer business includes all its agents in its anti-money laundering and countering the financing of terrorism program and monitors them for compliance with its program; and g. The agent complies with these Regulation and relevant law and regulations while providing money transfer services to customers. 3) A money transfer business shall document the basis for its satisfaction that the requirements in paragraph (2) are met. 4) Money transfer business has the ultimate responsibility for the agent’s compliance with these Regulation and relevant laws and regulations prescribed by the Central Bank. 5) The Central Bank of Somalia shall have free, unfettered and timely access to the internal systems, documents, reports, records, staff and premises of the agents and subagents in so far as money transfer business is concerned and shall exercise such powers as it may consider necessary. Article11–Agency Arrangement

1. The written agency arrangement between a money transfer business and an agent shall contain the following, at a minimum: a. the name of the agent, including any trade names or “doing business as” names; b. the physical business address of the agent and/or detailed description of area of location where street address is not available; c. the phone number of the agent; d. specific services to be rendered by the agent; e. a statement that the money transfer business is wholly responsible and liable for all actions or omissions of the agent; f. measures to mitigate risks associated with agent business including any limitations on the agency arrangement, customer transactions, cash management and cash security; g. rights, expectations, responsibilities and liabilities of both parties; h. a statement that the Central Bank of Somalia shall have free, unfettered and timely access to the internal systems, documents, reports, records, staff and premises of the agents in so far as money transfer business is concerned and shall exercise such powers as it may consider necessary;

2016 10 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 i. appropriate policies and procedures to detect, prevent, report or otherwise deal with incidences of money laundering and financing of terrorism; j. responsibilities of the agent to deliver supporting transaction documents; k. a statement that all information or data that the agent collects related to the money transfer business, whether from the customers, the institution itself or from other sources, is the property of the money transfer business l. adequate oversight safeguards for the money transfer business to address instances of non￾compliance by the agent with the stipulated obligations; m. prohibition from charging the customer any fees other than the fees agreed upon between the money transfer business and the customer at the beginning of the transaction; n. adequate limits on cash holding by the agent and also limits on individual customer payments and receipts; o. confidentiality of customer information; and p. a requirement for the money transfer business’s prior approval to be obtained when an agent is seeking to transfer the agency business. Article12 – Maintaining List of Agents and Sub-agents

1. A money transfer business shall maintain a current list of its agents and subagents that it engages and any revisions on the list for a period of at least 5(five) years and shall make the list available to the central bank, upon request.
2. A money transfer business must include the following information with respect to each agent or subagent on the list (including any revised list) of its agents and subagents: a. The name of the agent/subagent, including any trade names or “doing business as” names; b. The physical business address of the agent/subagent and/or detailed description of area of location where street address is not available; c. The phone number of the agent/subagent; d. The type of money transfer service or services the agent/subagent provides. e. The name and address of any financial institution at which the agent/subagent maintains a transaction account; f. The year in which the agent/subagent first became an agent/subagent of the money transfer business.

2016 REGULATION ON MONEY TRANSFER BUSINESS OPERATIONS, 2016 11 Article 13 – Outsourcing

1. Any money transfer business may enter into a written contract with a third party service provider to outsource one or more of the following services: a. technology platform; b. agent selection; c. agent training; d. equipment provision; e. equipment maintenance.
2. Any money transfer business that outsources functions to third parties who provide services in the money transfer business’s name, the money transfer business shall ensure that those carrying out the outsourced functions themselves meet appropriate governance and risk management standards and comply with relevant Regulation, regulations, and laws. Article14 – Liability
3. Where a money transfer business outsources or uses an agent, the money transfer business shall take reasonable measures to ensure that the agent or the person to which activities are outsourced complies with the requirements of these Regulation and other relevant laws and regulations.
4. A money transfer business shall remain fully liable for any act of its employee, agent or person to which activities are outsourced. PART VI - MISCELLANOUS Article 15 - Transitional Provision
5. Any person who at the commencement of these Regulation is licensed under “The Financial Institutions (Money Transfer Business Licensing) Regulations, 2014” shall comply with these Regulation within 6 (six) months of the issuance of these Regulation.

MOGADISHU BASHIR ISSA ALI …October 2016 Governor Central Bank of Somalia