Guidance Note on Risk-Based Approach for Car Dealers and Automobile Businesses

GUIDANCE NOTE FOR RISK BASED APPROACH FOR CAR DEALERS/AUTOMOBILES ISSUED BY THE SPECIAL CONTROL UNIT AGAINST MONEY LAUNDERING 2019

2 Table of Contents 2.0 Risk-Based Approach for Car dealers..........................................................................................4 2.1 Purpose/Objective of the Guidance Note ................................................................................5 2.2 Understanding of the Nigeria Car Dealership/Automobile Business sector .....................5 2.2.1 Vulnerability of Automobile Business sector........................................................................5 2.4 Components of the risk-based approach and risk profiling ................................................7 2.5 Risk Factors..........................................................................................................................................7 2.6 Risk Factors For The Car Dealership Sector............................................................................8 3.1 Modified risk Variables......................................................................................................................9 3.2 Risk Scoring .......................................................................................................................................11 4. Suspicious Transaction Reporting..................................................................................................11 5. Internal Control Systems...................................................................................................................13 ANNEXURES...............................................................................................................................................15 Annexure 1: Customer Risk Assessment ..........................................................................................15 Annexure 2: Customer on boarding lifecycle...........................................................................16

3 1.Background The Special Control Unit against Money Laundering (SCUML) has commenced implementation of the outcome of the Nigeria National Money Laundering/Terrorist Financing (ML/TF Risk Assessment)(NRA) concluded in 2016. The Assessment was conducted as a response to Recommendation 1 of the Financial Action Task Force 40 Recommendations. The Recommendation urges countries to identify, assess and understand their ML/TF risks and apply mitigating measures commensurate to identified risks. Following the conclusion of the Nigerian National Risk Assessment (NRA) exercise, the country developed a National Strategy from the findings of the NRA as contained in the National AML/CFT strategy 2018-2020. Accordingly, individual reporting entities or DNFIs are required to conduct an assessment of their own Money Laundering /Terrorist financing risk (ML/TF)in line with the risks identified in the NRA using customers, countries or geographic areas, products and services, transactions or delivery channels.1 Such as when on-boarding new customers, and throughout the relationship with each customer, Designated Non financial institutions are required to perform anti-money laundering (AML) and know-your-customer (KYC) risk assessments to determine a customer’s overall money laundering risk. In order to achieve the above objective of combating ML/TF, it is essential to have a clear understanding of the threats/vulnerabilities to the dealers in precious metals and stones in particular and the Designated Non-Financial Institution sector in general. Consequently, SCUML has developed an AML/CFT risk assessment template and information collection tool herewith attached for your guidance. Please note that SCUML is available to guide your understanding and utilization of the developed template and tool where required.

4 2.0 Risk-Based Approach for Car dealers Introduction In today’s emerging risks and challenges, Designated Non Financial Businesses and Professions (DNFBPs) which is referred to as Designated Non- financial institutions (DNFIs) in S.25 of the Money Laundering Prohibition Act, 2011 as amended are seriously exposed to vulnerabilities of money laundering, terrorist financing and proliferation of weapons of mass destruction and consequently risk being sanctioned. It is therefore necessary to adopt preventive measures that will ensure effective application of mitigation measures . Risk Based Approach (RBA) in AML/CFT means the identification, Understanding and Assessment of ML/TF risks to which they are exposed and take AML/CFT measures commensurate to those risks in order to mitigate them effectively. This approach should be an essential foundation to efficient allocation of resources across the anti-money laundering and combating the financing of terrorism (AML/CFT) regime and the implementation of risk based measures throughout the FATF Recommendations. Based on the foregoing, Nigeria conducted her maiden National Risk Assessment (NRA) on Money Laundering/Terrorist Financing in 2016, the assessment covered the period between 2010- June 2016. The report findings revealed that the risk posed by Car dealership sector in Nigeria is high.2In line with Regulation 10(7) of Federal Ministry of Industry, Trade and Investment (Designation of Non-Financial Institutions and Other Related Matters) Regulations, 2013, it is required that DNFIs conduct their risk assessment and come up with measures to mitigate the risks thereof. For the purpose of guidance, find below a risk based approach manual to guide the operations of the sector.

5 2.1 Purpose/Objective of the Guidance Note The development of guideline is in line with the FATF Recommendation 25 to assist DFNIs in applying national measures to combat money laundering and terrorist financing. The objectives of the guidance note include: o Understanding the vulnerability of the sector to ML/TF o Understanding of what risk-based approach involves o Principles involved in applying risk-based approach o Illustrate good practice in the design and implementation of an effective risk-based approach 2.2 Understanding of the Nigeria Car Dealership/Automobile Business sector Car/vehicle dealer can be defined as a natural person, legal person or corporation who on a commercial basis trades on or acts as an intermediary in the purchase and sale of vehicles. The Nigerian automobile market is mainly divided into two categories ‘organised’ and ‘un-organised’ dealers. The organised automobile business mostly deals in the buying and selling of new motor vehicles, while un-organised dealers engage in the buying and selling of used or second-hand motor vehicles. The un-organised dealers dominated the automobile industry due to high patronage for used cars, thus, making it difficult for the organised dealers to strive. The new car segment’s profit margin is being eroded by the increasing patronage of the used car market. 2.2.1 Vulnerability of Automobile Business sector o High cash transaction o Car smuggling o Weak border control o High level of illiteracy and low awareness of AML/CFT amongst the dealers o Lack of cooperation with supervisory/law enforcement agencies o Collusion between officials and dealers 2.3 Understanding of the RBA Risk is defined as the possibility of some adverse event occurring and the likely consequences of this event. Risk is expressed as; • combination of threat and vulnerabilities

6 Risk is also defined as Risk = Likelihood x Consequence ML threat refers to The proceeds of crimes in a country which includes • The proceeds generated in the country (internal threat) • The proceeds that come from other countries (external threat) ML Threat Assessment should analyze • The frequency of predicate crimes that generate illicit proceeds • The scale of illicit proceeds in the country • The scale of ML in the country • ML methods and trends in the country TF threat • Refers to the scale of funds raised/ moved/used or utilized/transiting to support TF activities and groups Vulnerability • Is the state of being exposed to weaknesses and gaps in defense mechanisms against ML/TF, which can be at the national and/or sector level. A vulnerability assessment analyzes the following: • Lack of awareness, commitment, knowledge, resources • Weaknesses/gaps in AML/CFT laws and regulations • Weaknesses/gaps within institutional frameworks (FIU, police, judicial, etc.) • Weaknesses in infrastructures (ID infrastructure, STR collection and analysis) • Economic, geographical, or social environment factors • Low awareness and general or specific control mechanisms • The porous border opened to smuggling

7 • Intensive cash transaction within sector 2.4 Components of the risk-based approach and risk profiling Designated Non Financial Institutions are required to take appropriate steps to identify, assess, understand and mitigate their ML/TF. The assessment should be documented. FATF Recommendation 1 is considered the groundwork towards the implementation of the risk-based approach: See figure 1 below: Figure 1: Risk based approach implementation Groundwork3 2.5 Risk Factors Accordingly, the main components that drive a risk assessment by the Designated Non financial institution are as recommended by the Wolfsberg risk￾based approach guidance has provided an insight on the approach by identifying these components that can assist in measuring the risk4. “Money laundering risks may be measured using various categories, which may be modified by risk variables. The most commonly used risk criteria are as follows: • Geographical/country risk • customer risk • Product and Services risk • Industry risk See figure 2 below for details: Identify the risk factors Assess the level of risk Understand the impact of the risk Mitigation plan Identify Assess Understand Take action

8 Figure 2: Risk Based Approach: Risk Factors 2.6 Risk Factors For The Car Dealership Sector The risk factors have been modified as seen below for the car dealer sector for the purpose of conducting a risk based assessment in the sector. The list is non exhaustive. Customer Risk • Student/ Minor • Public quoted companies • House Wife • Politicians(PEP) • Civil Servant • Business Person(type of business) • Foreigner/Resident • Unknown beneficial owner • Offshore companies • Lawyers, TCSPs • NGOs Geography/Country Risk

9 • Central Business District • Crime Prone Areas • State/Town/Country of buyer • Safe haven location for Terrorism • Safe haven location for Tax evasion • Border Towns • Commercial cities Industry/Sector Risk • Sale of New/Used Cars • Management of car stands • Importation of New/Used Cars Product/Service Risk The under listed are typical characteristics of Product/services for the car dealership sector: • cross-border business • Sale of new cars • Sale of Used cars • Maintenance services • Car Hire Services/Rentals 3.1 Modified risk Variables It is important to identify the risk factors which will assist in defining the weightage or classification of the customer (weighted risk level) by listing each component and attributing a rating or score that will allow the risk rating. 3.1.1 Customer Risk In order to define the customer risk, the Designated Non-financial institution should understand the nature of the customer that should be rated based on its vulnerability to money laundering and terrorist financing (e.g., the AML/CTF risk would be higher for a PEP customer than for a civil servant). It can be difficult to effectively identify all high risk customers based on prevailing circumstances, it is therefore necessary that a thorough understanding of all the risks associated with the customers should be obtained prior providing a risk rate. 3.1.2 Country Risk

10 High-risk countries to ML/TF have been identified by many regulatory and advisory bodies such as the Financial Action Task Force (FATF), World Bank, Transparency International, United Nations, Office of Foreign Asset Control (OFAC) etc based on certain characteristics as stated below which can assist in understanding the level of risk such as the level of stability and corruption, terrorist and criminal activity. • Countries not having adequate AML/CTF systems • Countries subject to sanctions, embargoes issued by the U.N., EU and OFAC • Countries having significant levels of corruption or other criminal activities such as narcotics, arm dealing, human trafficking, illicit diamond trading, etc. • Countries identified to support terrorist activities, or have designated terrorist organizations operating within their country. 3.1.3 Product /Services Risk The risk level of products and services should be identified based on their vulnerability to money laundering and terrorist financing. E. g Products/services that involve cross-border transaction which is characterized by smuggling due to porous border, high cash transaction, and high patronage by politically exposed persons (PEPs) can be determined as high risk and require further scrutiny. 3.1.4 Industry The industry refers to the nature of business activities and related activities which typically involves importation/sales of new and used cars. Information on the ultimate beneficial owners on these transactions is often limited thus posing a risk.

11 3.2 Risk Scoring After the identification of the risk variables, the next stage is to develop a risk assessment by calculating the risk, based on the level of impact and threat considering the weightage and risk scoring in order to classify the risk properly. Attributing the risk rating should be in a numerical format. The DNFI can choose ranges from 1 to 5 with 1 being the lowest and 5 being the highest 100% 80% 60% 40% 20% 5 4 3 2 1 Very High High Medium Medium Low Low Risk Scoring 5 4 3 2 1 Risk Level Very High High Medium Medium Low Low Due Diligence Level EDD Simplified due diligence CDD Approval AML Committee CCO HOD Relationship Manager/Staff The first step in implementing RBA is identifying the risk factors and setting up risk scoring. The process can be simple or sophisticated depending on the size, nature of business and its complexity. The method should allow the integration of RBA with the Designated Non financial institution’s customer on-boarding process. Car dealers should do risk assessments of their business and developing appropriate risk mitigation policies. 4. Suspicious Transaction Reporting • The reporting of suspicious transactions or activity is critical to a country’s ability to utilize financial information to combat Money Laundering and Terrorist Financing. The Money Laundering Prohibition Act 2011 as amended and other legislation requires Designated Non Financial Institutions to file suspicious transaction reports when the need arises. See list of relevant sections of legislation:

12 • Section 6(2)of the ML(P)A2011 as amended — • Section 14(1) of the Terrorism (Prevention) Act 2011 • Section 8(a) of the Terrorism (Prevention)(Amendment)Act 2013 • Regulation 8(1) of the Terrorism Prevention (Freezing of International Terrorists Funds and Other Related Measures) Regulations 2013 • Reg. 22 of the (FMITI) Federal Ministry of Industry Trade and Investment, AML/CFTRegulations2013 SCUML • Where a legal or regulatory requirement mandates the reporting of suspicious activity as enshrined in the various legislation: o Section 6(2)of the ML(P)A2011 as amended o Section 14(1) of the Terrorism (Prevention) Act 2011 o Section 8(a) of the Terrorism (Prevention)(Amendment)Act 2013 o Regulation 8(1) of the Terrorism Prevention (Freezing of International Terrorists Funds and Other Related Measures)Regulations 2013 o Reg. 22 of the (FMITI) Federal Ministry of Industry Trade and Investment, AML/CFTRegulations2013,SCUML • Designated Non Financial Institutions are required when once a suspicion has been formed, to file a report and therefore, a risk-based approach for the reporting of suspicious activity under these circumstances is not applicable. All these instruments mandate reporting entities to file STRs to the NFIU via info@nfiu.gov.ng. • A risk-based approach is however, required for the purpose of identifying suspicious activity, for example, by directing additional resources at those areas a dealer has identified as higher risk. As part of a risk-based approach, it is likely that a dealer in jewelleries, precious metals and stones will utilize information provided by designated competent authorities or SROs to inform its approach for identifying suspicious activity. A Dealer should also periodically assess the adequacy of its system for identifying and reporting suspicious transactions.

13 5. Internal Control Systems Many DNFIs differ significantly from financial institutions in terms of size. By contrast to most financial institutions, a significant number of DNFIs have only a few staff. This limits the resources that small businesses and professions can dedicate to the fight against Money Laundering and Terrorist Financing. This peculiarity of DNFIs, including Dealers in precious metals and stones, should be taken into account in designing a risk-based framework for internal control systems. Application of know your customer measures, customer due diligence procedures, reporting(CTR) and compliance obligation/processes by DNFIs. In order for Dealers to have effective risk-based approaches, the risk-based process must be imbedded within the internal controls of the firms. The success of internal policies and procedures will be dependent largely on internal control systems. The two key systems identified are as follows;

1. Culture of compliance amongst all
2. Senior management ownership

1. Culture of compliance amongst all This should encompass: • Developing, delivering and maintaining a training program for all designated agents and employees. • Monitoring of any government regulatory changes. • Undertaking a regularly scheduled review of applicable compliance policies and procedures within the dealer firms will help constitute a culture of compliance in the industry.
2. Senior management ownership Strong senior management leadership and engagement in AML/CFT is an important aspect of the application of internal control measures. Senior management must create a culture of compliance, ensuring that staff adheres to the Jewellery firm’s policies, procedures and processes designed to limit and control risks. Within precious metals and stones agencies, the front line of the transaction is with the individual dealer. Therefore, policies and procedures are effective only at the point that firm/company owners and senior management support the guidance. Having regard to the size of the precious metals and stones/jewellery’s firm, the framework of internal control should:

14 • Provide increased focus on dealers’ operations (products, services, customers and geographic locations) that are more vulnerable to abuse by Money Launderers and other criminals. • Provide for regular review of the risk assessment and management processes, taking into account the environment within which the dealers operates and the activity in its market place. • Designate an individual or individuals at management level responsible for managing AML/CFT compliance. • Provide for an AML/CFT compliance function and review programme. • Inform senior management of compliance initiatives, identified compliance deficiencies, corrective action taken and suspicious activity reports filed. • Implement risk-based customer due diligence policies, procedures and policies. • Provide for appropriate training to be given to all relevant staff.

15 ANNEXURES Annexure 1: Customer Risk Assessment Risk Factors Risk Description Rating Range Description Risk Rating Customer type Public Sector Private Sector Business man Nature of the customer • Ex.Governor • Student • Civil Servant 1-5(5-Highest,1 lowest) • 5 Country of incorporation/ Nationality • Foreigner(BVI,Iraq) • 5 UBO Ultimate beneficial owner Company in BVI • 5 Products & Services Type • Purchase of luxury car • Purchase of latest model with cash Use of cash for payment Use of 3rd party account Use of Professional (Lawyer) • 5 Date 9/8/2018 Department Private Sector Sales Customer introduced by Agent Account Manager Customer Name Abubakar Emeka Yemi

16 Annexure 2: Customer on boarding lifecycle Customer Customer Type of Customer and Watch List screening(PEP, Natural or Legal Person) Country Country of residence and origin and risk factors of the country(sanctioned, highly corrupt, high risk)

Industry Nature of business that the customer is involved the risk level

Product and Services Type of services the practitioner is offering(Mortgage, outright sale, multiple sale etc) 1 FATF Recommendation 2012-Interpretatiove Note to Recommendation 1 2 National Risk Assessment of Money Laundering and Terrorist Financing in Nigeria 2016. 3 FATF Recommendations, Recommendation No.1, 2012. High Risk Customer Low Risk Customer Medium Risk Customer Risk Rating Appro ach based Risk KYC Process

17 4 Wolfsberg Statement, Guidance on a Risk Based Approach for Managing Money Laundering Risks, 2006. 4 Typologies of Money Laundering through the Real Estate Sector in West Africa, 2008