Financial Transactions Reporting Regulations 2007

# FIJI ISLANDS GOVERNMENT GAZETTE SUPPLEMENT

No. 22 MONDAY 30th APRIL 2007

[LEGAL NOTICE NO. 53]

## FINANCIAL TRANSACTIONS REPORTING ACT 2004
(Act No. 22 of 2004)

### Commencement Notice

IN exercise of the powers conferred upon me by section 1 of the Financial Transaction Reporting Act 2004, I appoint 1 January 2008 as the date on which Section 13 and Part 5 of the Act come into force.

Dated this 30th day of April 2007.

A. S. KHAIYUM  
Attorney-General, Minister for Justice, Electoral Reform & Anti-Corruption

---

## FINANCIAL TRANSACTIONS REPORTING REGULATIONS 2007

### TABLE OF REGULATIONS

#### PART 1 – PRELIMINARY
1. Short title and commencement  
2. Interpretation  
3. Risk based approach in applying these Regulations  
4. Requirement to deter and prevent money laundering and the financing of terrorism  

#### PART 2 – CUSTOMER DUE DILIGENCE
5. Requirement for customer due diligence  
6. Customers exempted from customer due diligence requirements  
7. Scope of customer identification  
8. Identification of customers who are natural persons  
9. Identification of customers who are non-Fiji citizens  
10. Identification of customers who are legal persons or legal arrangements  
11. Identification of non-face-to-face customers  
12. Identification of customers who are non-profit organisations  
13. Identification of insurance beneficiaries  
14. Determination of persons on whose behalf the customer is acting  
15. Delay in verification of customers  
16. Reliance on third parties or intermediaries  

---

#### PART 3 – REPORTING OF TRANSACTIONS AND INFORMATION
17. On-going monitoring of customers  
18. Continuous due diligence of customers- customer profile  
19. Purpose of transaction; origin and destination of funds  
20. Enhanced customer due diligence for higher risk customers  
21. Simplified customer due diligence for lower risk customers.  
22. Due diligence of existing customers  
23. Originator information requirement  

#### PART 4 – INTERNAL PROCEDURES, POLICIES, SYSTEMS AND CONTROLS
24. Reporting of suspicious transactions  
25. Reporting of cash transactions  
26. Reporting of electronic funds transfer transactions  
27. Mode of reporting  
28. Details to be reported  

#### PART 5 – SUPERVISORY AUTHORITIES
29. Adoption and implementation of internal procedures, policies, systems, and controls  
30. Internal controls and policies on shell banks  
31. Compliance officer  
32. Independent testing of compliance  
33. Staff recruitment and training  

#### PART 6 – BORDER REPORTING
34. Relevant supervisory authority  
35. Supervisory guidelines  
36. Guidelines for reporting of transactions  
37. Guidelines for internal procedures, policies, systems and controls  
38. Supervisory authority or auditor to report suspicious transactions  

#### PART 7 – FINANCIAL INTELLIGENCE UNIT
39. Obligation to report to the Fiji Islands Revenue and Customs Authority  
40. Information exchange between the Fiji Islands Revenue and Customs Authority and the Unit  

#### PART 7 – FINANCIAL INTELLIGENCE UNIT
41. Agreements with domestic agencies  

First Schedule — Reporting forms  
Second Schedule — Other forms

---

## THE FINANCIAL TRANSACTIONS REPORTING ACT 2004  
(Act No. 22 of 2004)

### Financial Transactions Reporting Regulations 2007

IN EXERCISE of the powers conferred upon him by section 42 of the Financial Transactions Reporting Act 2004, the Attorney General and the Minister of Justice, has made the following Regulations:

### PART 1 – PRELIMINARY

#### Short title and commencement
1. —(1) These Regulations may be cited as the Financial Transactions Reporting Regulations 2007, and come into force on 1st May 2007.

(2) A financial institution must achieve full compliance with the requirements of these Regulations before 31st December 2007.

#### Interpretation
2. —(1) For the purpose of the definition of “occasional transaction” in section 2 of the Act and the threshold of an occasional transaction in section 4(9)(d) of the Act, “occasional transaction” shall mean a transaction not exceeding $5,000.

(2) For the purpose of section 13(1) and (2) of the Act, the threshold for reporting financial transactions is prescribed as:
(a) transaction of an amount in cash of $10,000 and above or its equivalent in foreign currency;
(b) the sending out of the Fiji Islands, at the request of a customer any electronic fund transfer;
(c) the receipt from outside the Fiji Islands of any electronic funds transfer, sent at the request of a customer.

(3) Pursuant to paragraph (c) of the definition of “terrorist group” in section 2 of the Act, “terrorist group”, for the purpose of these Regulations, includes the individuals and entities set out in —
(a) the current consolidated list of individuals and entities issued by the bodies established pursuant to the United Nations Security Council Resolution 1267 and 1373; or
(b) any other recognised list of terrorist groups that include individuals and entities listed in the consolidated list in sub regulation 4(a).

#### Risk Based Approach in Applying these Regulations
3. —(1) A financial institution may apply the requirements of these Regulations on a risk-based approach.

---

### PART 2 – CUSTOMER DUE DILIGENCE

#### Requirement for customer due diligence
5. Without limiting section 4 of the Act, a financial institution must undertake the customer due diligence measures set out in these Regulations, and such customer due diligence includes —
(a) identification of customers, including beneficial owners and controllers and the verification of the customers’ identity;
(b) gathering information on customers to create a customer profile;
(c) application of acceptance policies to new customers;
(d) maintenance of customer information on an ongoing basis; and
(e) on-going monitoring of customers and transactions.

#### Customers exempted from customer due diligence requirements
6. For the purposes of section 4(4)(c) and (d) of the Act, the requirement for customer due diligence does not apply to a customer in respect of a person carrying on the business of —
(a) an insurer for the issue of a non-investment type insurance policy such as a third party insurance policy or travel insurance policy;
(b) a money lender as defined in the Money Lenders Act (Cap. 234) if the transaction or total loan for a customer is less than $5,000;
(c) a consumer credit provider, including financial leasing, hire purchase and similar credit, if the transaction, inclusive of credit provided, is less than $5,000.
(d) a money services provider for business or activity of collecting, holding, exchanging or remitting funds or the value of money, or otherwise negotiating transfers of funds or the value of money, on behalf of other persons where the transaction is less than $5,000 and if such transaction is completed domestically within Fiji and does not involve any foreign currency.

---

#### Scope of customer identification
7. When conducting customer identification and verification, a financial institution must —
(a) obtain the following information about the customer —
(i) name of the customer;
(ii) the permanent residential or business address in Fiji;
(iii) the date of birth;
(iv) the occupation, business or principal activity (including name of employer or nature of self-employment or business);
(v) the specimen signature;
(vi) the source of funds;
(vii) the citizenship.
(b) verify the information obtained in paragraph (a).

#### Identification of customers who are natural persons
8. —(1) For a customer who is natural person, a financial institution must identify the customer on the basis of one or more of the following documents —
(a) a valid passport;
(b) a birth certificate;
(c) a marriage certificate;
(d) a citizenship certificate;
(e) a valid driver’s licence;
(f) a valid Fiji National Provident Fund membership card;
(g) any other evidence of identity, as may be determined by the Unit.

(2) When a financial institution has identified the customer, the financial institution must then verify the identity of the customer using reliable, independently sourced and valid documents, data, or information which must include one or more of the following —
(a) bank statement or account statement issued by another financial institution if the person previously transacted with a bank or financial institution and that bank or financial institution had confirmed the person’s identity;
(b) tax identification number and acknowledgement from Fiji Islands Revenue and Customs Authority;
(c) notice of taxation assessment by the Fiji Islands Revenue and Customs Authority;
(d) utility bill for electricity, water, telephone or other similar services issued by the authority responsible for the supply of such services;
(e) municipal business licence certificate or municipal rates statement or invoice;
(f) mortgage statement from another financial institution;
(g) cellular phone account statement;
(h) television account statement;
(i) long-term or short-term insurance policy document issued by an insurance company;

---

#### Identification of customers who are non-Fiji citizens
9. For a customer who is non-Fiji citizen, in addition to the requirements of regulation 8, a financial institution must obtain and conduct verification of the following documents —
(a) a current and valid passport or any other travel document issued by a foreign government or recognized international organisation;
(b) current and valid work, business or other permit or visa issued by the Fiji Immigration Department;
(c) current and valid employment or student status document issued by the customer’s employer or the education institution in Fiji.

#### Identification of customers who are legal persons or legal arrangements
10. —(1) For a customer that is a legal entity or other form of legal arrangement, a financial institution must obtain and verify —
(a) the customer’s name, address and legal form, obtaining proof of incorporation or similar evidence of establishment or existence including a certificate of registration from the Registrar of Companies, Registrar of Businesses or a trust instrument;
(b) the legal provisions that set out the power to bind the customer including the memorandum and articles of association or trust instrument or other legal instruments;
(c) the identity of the natural person purporting to act on behalf of the customer, using reliable, independently sourced documents as provided in regulation 9;
(d) the legal provisions that authorize the above natural person(s) to act on behalf of the customer (such as a resolution of the board of directors or statement of trustees on opening an account and conferring authority on those who may operate the account);
(e) where the customer is a business, either for profit or otherwise, the business licence from the relevant local authorities or from the municipal council.

(2) In this regulation —
“legal person” means bodies corporate, foundations, partnerships or associations, or any similar bodies that can establish a permanent customer relationship with a financial institution or otherwise own property;
“legal arrangement” refers to express trusts or other similar legal arrangements.

---

(3) A financial institution must take reasonable measures to understand and document the ownership and control structure of the legal person or arrangement including the name and permanent residential address of the natural person(s) who ultimately owns or controls the legal person or arrangement.

(4) For a customer that is a company, limited partnership, or similar form of arrangement, a financial institution must identify and verify the identity of the principal owner of the company, limited partnership or similar form of arrangement and must at a minimum identify —
(a) each natural person who owns directly or indirectly 30 percent or more of the vote or value of an equity interest in the company, limited partnership, or similar arrangement; and
(b) any person exercising effective control of the company, limited partnership or similar arrangement; and
(c) each natural person who exercises a signing authority on behalf of the company, limited partnership, or similar arrangement.

(5) For the purpose of sub regulation (4), the financial institution may not undertake identification and verification of the principal owners if the customer is —
(a) a public company quoted on the South Pacific Stock Exchange or other exchanges supervised by the Capital Markets Development Authority; or
(b) a non-resident public company subject to adequate regulatory disclosure and is quoted on a stock exchange and is in a jurisdiction that is implementing effectively the Financial Action Task Force (FATF) 40 + 9 Recommendations. (FATF was formed in 1989 by G7 countries as an inter-governmental body whose objective is to develop and promote policies to combat money laundering and terrorist financing. The 40 recommendations were initially issued in 1990 and revised in 2003. The 8 recommendations were initially issued in 2001 and 1 additional recommendation was issued in 2004. The International Monetary Fund and the World Bank have adopted the FATF 40 + 9 Recommendations in 2004 in the revised methodology for assessment of anti-money laundering and combating the financing of terrorism systems.)

(6) For a customer that is a trust or other similar arrangement, the financial institutions must identify and verify the identity of the settlor and trustee, and any beneficiary whose interest is 30 percent or more of the value of trust or arrangement.

(7) In determining indirect ownership of equity interests —
(a) an equity interest held by a company, limited partnership, trust or other similar arrangement, must be considered as being owned proportionately by its shareholders, partners, or vested beneficiaries; and
(b) an equity interest held by a family member must be considered as also being owned, in its entirety by each family member (family members include brothers and sisters, whether by the whole or half blood, spouse, ancestors, and lineal descendants).

---

#### Identification of non-face-to-face customers
11. In the case of non-face-to-face customers, in addition to the requirements of regulation 8, a financial institution must use other additional procedure for identification and verification to ensure compliance with customer identification and verification requirements, and such procedure may include —
(a) certification of documents presented;
(b) requisition of additional documents to complement those that are required for face-to-face customers;
(c) independent contact with the customer by the financial institution;
(d) third party introduction;

#### Identification of customers who are non-profit organisations
12. For customers that is a non-profit organization, group or agency (such as a charitable and religious organization), a financial institution must also satisfy itself as to the legitimate purpose of such organization, group or agency, such as reviewing the charter, constitution or trust instrument of the organization, group or agency.

#### Identification of insurance beneficiaries
13. —(1) For life insurance or an investment-linked insurance, in addition to the requirements of regulation 8, a financial institution must identify each beneficiary under the policy and verify the identity of such beneficiary using reliable and independently sourced documents as provided in regulation 8.

(2) A financial institution may undertake the identification and verification of a beneficiary before the time of payout or the time the beneficiary intends to exercise the right under the policy.

#### Determination of persons on whose behalf the customer is acting
14. —(1) For the purposes of section 4(7) of the Act, a financial institution must take reasonable measures to determine if a customer is acting on behalf of any other person or persons including on behalf of a beneficial owner or a controller.

(2) If a financial institution determines that the customer is acting on behalf of any other person, the financial institution must identify and verify the identity of the person on whose behalf the customer is acting using reliable, independently sourced documents as provided in regulation 9.

#### Delay in verification of customers
15. Pursuant to section 4(4)(d) of the Act, a financial institution may delay completion of the customer verification process for a given category of customers if:
(a) the financial institution identifies the circumstances in which customer verification can be delayed and the procedures to be followed to manage the risk concerning delayed customer verification;
(b) verification occurs as soon afterwards as reasonably practical;
(c) the delay is essential to not interrupting the normal course of business; and
(d) the money laundering and financing of terrorism risks are effectively managed.

---

#### Reliance on third parties or intermediaries
16. —(1) For the purposes of section 6 of the Act, a financial institution may rely on certain third parties or intermediaries to perform the customer identification requirements of the Act as provided in this regulation and guidelines issued by the relevant supervisory authority or the Unit.

(2) A financial institution may rely on another financial institution to perform customer identification requirements.

(3) A financial institution may rely on a non-financial institution to perform customer identification requirements if the financial institution is satisfied that the third party intermediary is adequately regulated and supervised and such intermediary has measures in place to comply with the customer identification requirements of the Act and these Regulations.

(4) When relying on a third party or intermediary as set out in sub regulations (1), (2) and (3), the financial institution must —
(a) be satisfied that the customer due diligence procedures of the intermediary are as rigorous as those which the financial institution would have conducted itself for the customer;
(b) enter into a written agreement with the third party or intermediary that it will verify promptly the due diligence undertaken by the third party or intermediary at any stage;
(c) be satisfied that the third party or intermediary is subject to customer identification and verification requirements comparable with the Act and these Regulations;
(d) be satisfied that the third party or intermediary is subject to supervision to enforce the customer identification and verification requirements;
(e) not be subject to any action that calls into question its execution of those policies, and is located in a jurisdiction that is implementing effectively the FATF 40 + 9 Recommendations.

(5) If a financial institution relies on a third party or intermediary, the financial institution must immediately obtain from the third party or the intermediary the customer identification information required in this Act or these Regulations.

(6) A financial institution must take adequate steps to satisfy itself that any copy of identification data and other relevant documentation relating to the information will be made available without delay.

(7) A financial institution must not rely upon —
(a) a third party or intermediary identified by the relevant supervisory authority or the Unit as not complying with customer identification and verification requirements comparable with the Act or these Regulations; or
(b) a third party or intermediary which the financial institution has reason to believe is not complying with such requirements.

---

(8) A financial institution must not rely upon any third party or intermediary specified in writing by the Unit.

(9) Despite the provisions of this regulation, a financial institution is still ultimately responsible for the implementation of the customer identification and verification requirements under the Act and these Regulations.

#### On-going monitoring of customers
17. —(1) For the purposes of sections 10 of the Act, a financial institution must gather and maintain customer information on an on-going basis and monitor transactions on an on-going basis.

(2) The monitoring system must, taking into account the size and nature of business of a financial institution, be capable of identifying any transaction that is —
(a) from any source or to any recipient, identified as being of questionable legitimacy;
(b) unusual in terms of —
(i) the amount, such as by reference to predetermined limits for the customer in question or to comparative figures for similar customers;
(ii) the type, such as international wire transfers for the customer in question;
(iii) the number, such as high account activity in relation to the size of the balance of the customer in question; and
(iv) any other risk factor identified by the financial institution.
(c) identified in writing by the Unit, as being a transaction that the financial institution must monitor.

#### Continuous due diligence of customers- customer profile
18. —(1) For the purposes of section 11 of the Act, a financial institution must create and maintain a customer profile for each customer of sufficient nature and detail to enable the financial institution to monitor any transaction of the customer, apply enhanced customer due diligence where necessary, and detect suspicious transactions.

(2) A customer profile must include —
(a) relevant information as to the normal and reasonable activity for particular types of customer taking into account the nature of the customer’s business;
(b) a comprehensive picture of the customer’s transactions;
(c) where necessary, the source and legitimacy of the funds;
(d) the overall relationship with the financial institution.

#### Purpose of transaction, origin and destination of funds
19. —(1) In addition to regulations 17 and 18 and for the purposes of section 4(6) of the Act, a financial institution must implement internal controls and procedures that establish the general purpose, type, volume and value, and the origin and destination of funds involved in a transaction.

---

(2) An internal control and procedure referred to in subregulation (1) may include the following —
(a) any measure required under Part 2;
(b) any other additional measure to ensure that the required information is obtained when a transaction is conducted by the customer;

(3) A financial institution —
(a) must not proceed with the attempted transaction if it had failed to ascertain the required information;
(b) must report such transaction to the Unit as a suspicious transaction under section 14 of the Act; and
(c) must not proceed with such transaction unless directed to do so by the Unit.

#### Enhanced customer due diligence for higher risk customers
20. —(1) For the purposes of section 4(1) and pursuant to section 4(4)(c) of the Act, a financial institution must undertake enhanced customer due diligence of any customer and any transaction that the institution have determined is of higher risk of money laundering and financing of terrorism.

(2) Any enhanced customer due diligence must include enhanced —
(a) scrutiny of customer’s identity (including of the beneficial owner and controller);
(b) scrutiny of the source and legitimacy of funds;
(c) transaction monitoring; and
(d) customer profiling.

(4) Any enhanced customer due diligence must be applied to any higher risk customer, business relationship or transaction, as appropriate at each stage of the customer identification and verification process.

(5) In addition to measures required in sub regulation (4), a financial institution must have policies and procedures in place and must ensure an effective implementation of these measures to address any specific risk associated with non-face-to-face business relationship or transaction.

(6) Pursuant to sections 4(3) and 4(4)(c) of the Act, a financial institution must undertake enhanced customer due diligence in relation to a politically exposed person, as a category of high risk customer.

(7) A financial institution must put in place appropriate risk management systems to determine whether a customer, a potential customer or the beneficial owner is a politically exposed person.

(8) A relevant supervisory authority or the Unit may issue guidelines specifying the factors a financial institution must take into account when determining whether a customer is of a higher risk.

---

(9) A financial institution must not enter into a business relationship with a higher risk customer unless a senior member of the financial institution’s management has given approval in writing.

#### Simplified customer due diligence for lower risk customers
21. —(1) For the purposes of section 4(1) and pursuant to section 4(4)(c), a financial institution may apply a simplified customer due diligence procedure in certain circumstances if —
(a) the risk of money laundering or financing of terrorism is lower;
(b) information on the identity of the customer and the beneficial owner of a customer is publicly available; or
(c) adequate checks and controls exist in Fiji.

(2) For the purposes of sub regulation (1), customers which may be subject to simplified due diligence procedures include —
(a) licensed and regulated financial institutions;
(b) locally incorporated public companies that are subject to regulatory and disclosure requirements;
(c) Fiji Government administrations or enterprises;
(d) local governments and municipal councils;

(3) Simplified customer due diligence may include a lower level of —
(a) scrutiny for customer identification;
(b) scrutiny of the source and legitimacy of funds;
(c) scrutiny of the legitimacy of the recipient of funds;
(d) transaction monitoring; and
(e) customer profiling.

(4) A financial institution, as a minimum requirement, must obtain information about the name and address of the customer, occupation and the legal form and nature of business and activity conducted by the customer.

(5) A financial institution must terminate simplified customer due diligence procedures when there is suspicion of money laundering or terrorist financing or conditions under regulation 21 apply.

(6) The relevant supervisory authority or the Unit may issue guidelines specifying what factors a financial institution must take into account when determining whether customers are of a lower risk.

#### Due diligence of existing customers
22. A financial institution must —
(a) apply customer due diligence requirements on existing customers on the basis of materiality and risk; and
(b) conduct due diligence on such existing relationships at appropriate time as specified in the financial institution’s internal policies and procedures.

---

#### Originator information requirement
23. —(1) For the purposes of section 12 of the Act, a financial institution carrying on the business or activity set out in paragraph (a) and (f) of the Schedule to the Act must ensure that for all electronic funds transfer transactions and all other forms of funds transfers, it obtain and maintain full originator information and verify that the information is accurate and meaningful.

(2) Full originator information includes —
(a) the name of the originator;
(b) the originator’s bank and account number, or a unique reference number if there is no account number;
(c) the originator’s address;
(d) the amount of payment order;

(3) For cross-border electronic funds transfers and any other forms of funds transfers (including transactions using a credit or debit card to effect a funds transfer), the ordering financial institution must include full originator information in the message or payment form accompanying the funds transfer.

(4) For any domestic funds transfer (including a transaction using a credit or debit card, as a payment system to effect a money transfer), the ordering financial institution must include either —
(a) full originator information in the message or payment form accompanying the electronic funds transfers and all other forms of funds transfers; or
(b) only the originator’s account number or, where no account number exists, a unique identifier, within the message or payment form, providing that full originator information can be made available to the beneficiary financial institution and to the Unit, within 3 business days of receiving a request.

(5) If a cross-border electronic funds transfer and any other forms of transfer is contained within a batch transfer and is sent by a financial institution, the batch transfer may be treated as a domestic electronic funds transfer.

(6) A financial institution must ensure that any non-routine transaction is not batched if this would increase the risk of money laundering or terrorist financing.

(7) An intermediary in the payment chain must maintain all the required originator information with the accompanying funds transfer.

(8) A beneficiary financial institution must identify and scrutinize a funds transfer that are not accompanied by complete originator information and constitute an enhanced risk of money laundering and financing of terrorism.

(9) For the purposes of subregulation (8), a financial institution must have in place procedures to address funds transfers that are not accompanied by complete originator information and as a minimum these procedures must include —
(a) the financial institution requesting the missing originator information from the financial institution that sent the funds transfer;

---

(b) if the missing information is not forthcoming, the requesting financial institution must consider whether, in all the circumstances, the absence of complete originator information creates or contributes to suspicion about the funds transfer or a related transaction;
(c) if the funds transfer is deemed to be suspicious, then it must be reported by the requesting financial institution to the Unit under section 14 of this Act and the financial institution may decide not to accept the funds transfer.

### PART 3 – REPORTING OF TRANSACTIONS AND INFORMATION

#### Reporting of suspicious transactions
24. —(1) For the purposes of section 14(2) of the Act, a financial institution must report any transaction referred to in section 14(1) of the Act in Form 1 as set out in the First Schedule – Suspicious Transaction Report (STR).

(2) A financial institution must report to the Unit —
(a) all suspicious funds and transactions, including attempted transactions, and all suspicious information;
(b) pursuant to section 7 of the Act, all transactions and attempted transactions for which satisfactory evidence of identity has not been obtained under the Act and this Regulation; or
(c) pursuant to section 16 of the Act, information relating to terrorist groups.

(3) A relevant supervisory authority and the Unit may issue guidelines relating to the reports to be made under section 14 of the Act.

#### Reporting of cash transactions
25. —(1) For the purposes of section 13(1) of the Act, a financial institution must report to the Unit any transactions of an amount in cash of $10,000 and above or its equivalent in foreign currency except as provided for in sub regulations (2) and (3).

(2) Pursuant to section 42(a) of the Act, a financial institution set out in sub regulation (3) need not report the following class of transactions of an amount in cash of $10,000 and above or its equivalent in foreign currency;
(a) transactions with established retail customers, as specified in writing by the Unit except transactions involving the selling of vehicles, vessels, farm machinery, aircraft, jewelleries, or other high value commodities;
(b) transactions with Fiji government authorities;
(c) routine pay-roll transactions;
(d) transactions with other class or type of customers, as specified in writing by the Unit.

(3) Sub regulation (2) applies to a financial institution carrying on a business or activity of:
(a) banking;
(b) an insurer; or
(c) foreign exchange.

---

(4) A financial institution must report transactions under sub regulation (1) in Form 2 as set out in the First Schedule – Cash Transaction Report (CTR).

#### Reporting of electronic funds transfer (EFT) transactions
26. —(1) For the purposes of section 13(2) of the Act, a financial institution that carries on the business or activity set out in paragraph (a) or (f) of the Schedule to the Act must report to the Unit —
(a) the sending out of the Fiji Islands, at the request of a customer, any electronic funds transfer;
(b) the receipt from outside the Fiji Islands of any electronic funds transfer, sent at the request of a customer.

(2) A financial institution must report transfers under sub regulation (1) in Form 3 as set out in the First Schedule – Electronic Funds Transfer Transaction Report (EFTR).

#### Mode of Reporting
27. —(1) A financial institution may transmit to the Unit a report referred to in regulation 24, 25 or 26 through the following —
(a) electronically by a secure reporting system established by the Unit;
(b) electronically by secure email;
(c) in a diskette, compact disc or other similar form;
(d) by submitting the completed forms in writing by hand delivery or by registered post;
(e) by submitting the completed forms in writing by facsimile;
(f) by telephone provided that any report made by telephone is confirmed in writing by method referred to in paragraph (a) to (e).

(2) Notwithstanding sub regulation (1), a financial institution must report to the Unit the reports referred to in regulation 24, 25 or 26 electronically by a secure reporting system established by the Unit, if 250 transactions of each type are reportable in a year.

(3) The report referred to in regulation 24 shall be submitted as soon as practicable after the financial institution forms the suspicion or obtains the information referred to in section 14(1)(b) of the Act but no later than 2 working days after the forming of the suspicion or the receipt of the information.

(4) If practicable, a suspicious transaction report must be filed before a transaction is made.

(5) A report required under regulation 25 or 26 shall be transmitted to the Unit —
(a) no later than the end of 5 working days after the day in which the transaction was undertaken; or
(b) within such other period as the Unit may specify for any particular class of customers, class of transactions, or class of financial institutions.

(6) The reports may be transmitted by batch, and the Unit and a financial institution must agree as to what constitutes a batch.

---

(7) A relevant supervisory authority or the Unit, shall issue guidelines in relation to the reporting of transactions referred to in regulation 24, 25 or 26.

#### Details to be reported
28. —(1) The suspicious transaction report referred to in regulation 24 must contain all relevant information concerning the customer, transaction and financial institution, as set out in Form 1 of Schedule 1.

(2) The cash transaction report referred to in regulation 25 must contain all relevant information concerning the customer, transaction and financial institution, as set out in Form 2 of Schedule 1.

(3) The electronic funds transfer transaction report referred to in regulation 26 must contain all relevant information concerning the customer, transaction and financial institution as set out in Form 3 of Schedule 1.

(4) The Unit, after consultation with the financial institution, may —
(a) waive compliance with certain parts of the reporting forms referred to in regulation 25, 26, 27; and
(b) determine the mandatory and optional details to be reported under subregulation (1), (2) or (3).

### PART 4 – INTERNAL PROCEDURES, POLICIES, SYSTEMS AND CONTROLS

#### Adoption and Implementation of Internal Procedures, Policies, Systems, and Controls
29. For the purposes of section 21 of the Act, a financial institution must adopt and implement effective programmes against money laundering and financing of terrorism that must include —
(a) written procedures, policies, systems, and controls to deter and prevent money laundering and financing of terrorism in accordance with this Act and these Regulations.
(b) written internal procedures, policies, and controls, including compliance management arrangements, to ensure compliance with this Act and these Regulations.

(2) The programmes referred to in sub regulation (1), regulation 4 and regulation 5 must have regard to the risk of money laundering and financing of terrorism, the size and nature of business, and the types of products and services offered by the financial institution.

#### Internal controls and policies on shell banks
30. —(1) Without limiting the generality of the requirements of section 5 of the Act, for purposes of section 21 and 42 of the Act, the internal controls and policies of a financial institution must include measures to guard and prohibit the financial institution against establishing relationship with a shell bank.

(2) In this regulation, “shell bank” shall mean a bank incorporated in a jurisdiction in which it has no physical presence or which is unaffiliated with a regulated financial group.

---

#### Compliance officer
31. —(1) For the purposes of section 21(2) of the Act, a financial institution must designate an officer at the management level as its anti-money laundering and combating the finance of terrorism compliance officer (compliance officer) to perform the following functions —
(a) be responsible for ensuring compliance with the Act and these Regulations;
(b) be given appropriate and adequate authority and responsibility to implement the requirements of the Act and these Regulations;
(c) have the authority to act independently and to report to senior management above the compliance officer’s next reporting level.

(2) The compliance officer and other employees designated by such officer must have timely access to customer identification data and other customer due diligence information, transaction records and other relevant information.

(3) Subject to section 21(4) of the Act, a financial institution must provide the Unit with the contact information, and any changes to such information for its compliance officer.

(4) The compliance officer’s contact information must be provided to the Unit in Form 5 set out in Schedule 2 – AML Compliance Officer Contact Information and Notification Form and shall contain such details as set in the form.

#### Independent testing of compliance
32. —(1) For the purposes of section 21(3) of the Act, a financial institution must establish and maintain an adequately resourced and independent audit function to test compliance (including sample testing) with the procedures, policies and controls required under this Part , including —
(a) attestation of the overall integrity and effectiveness of the written procedures, policies, systems, and controls and technical compliance with the Act and these Regulations;
(b) transaction testing in all areas of the financial institution with emphasis on high-risk areas, products, and services to ensure that the financial institution is complying with the Act and these Regulations;
(c) assessment of the employees’ knowledge of procedures, policies, systems, and controls;
(d) assessment of the adequacy, accuracy, and completeness of employee training programmes;
(e) assessment of the adequacy and effectiveness of financial institution’s process for identifying and reporting suspicious transactions and activities, and other reporting requirements under the Act and these Regulations.

(2) A financial institution may provide a copy of the report of the audit function undertaken under sub regulation (1) to the Unit and a supervisory authority.

(3) Notwithstanding sub regulation (2), an auditor of a financial institution must report to the Unit any suspicious information or transaction noted during the audit function.

---

#### Staff recruitment and training
33. —(1) For the purposes of section 21(1)(a)(vii) of the Act, a financial institution must put in place screening procedures to ensure high standards when hiring employees and to prevent the employment of persons convicted of offences involving fraud and dishonesty.

(2) Any procedure for screening employee must ensure that —
(a) employees have the high level of competence necessary for performing their duties;
(b) employees have appropriate ability and integrity to conduct its business activities;
(c) potential conflicts of interests are taken into account, including the financial background of the employee;
(d) proper code of conduct requirements are defined;
(e) persons convicted of offences involving fraud, dishonesty or other similar offences are not employed by it.

(3) For the purposes of section 21(1)(b) of the Act, a financial institution must establish ongoing employee training to ensure that employees are kept informed of new developments, including —
(a) information on current money laundering and financing of terrorism techniques, methods and trends;
(b) aspects of anti-money laundering and combating the financing of terrorism laws and obligations, and in particular;
(c) requirements concerning customer due diligence and suspicious and other transaction reporting.

(4) The relevant supervisory authority or the Unit may issue guidelines in relation to the development and implementation of internal procedures, policies, controls and programmes by financial institutions.

### PART 5 – SUPERVISORY AUTHORITIES

#### Relevant supervisory authority
34. For the purposes of section 42(c) of the Act, the relevant supervisory authority for each of the entity set out in column 1 of Schedule 2 is the corresponding relevant authority set out in the column 2 of that Schedule.

#### Supervisory guidelines
35. —(1) The relevant supervisory authority may issue guidelines to the financial institutions they supervise for purposes of implementing the requirements relating to customer due diligence, record keeping and retention and reporting obligations and internal controls and programs necessary to implement the obligations of the Act and to provide guidance to financial institutions on the implementation of the requirements of the Act and these Regulations.

---

(2) The relevant supervisory authority may issue guidelines specifying what factors the financial institution must take into account when determining whether customers are of a higher risk.

(3) The relevant supervisory authority may issue guidelines specifying what factors the financial institution must take into account when determining whether customers are of a lower risk.

#### Guidelines for reporting of transactions
36. —(1) The relevant supervisory authority may issue guidelines in relation to the reporting of financial transactions referred to in section 13 of the Act.

(2) The relevant supervisory authority may issue guidelines in relation to the reporting of suspicious transactions referred to in section 14 of the Act.

#### Guidelines for internal procedures, policies, systems and controls
37. The relevant supervisory authority may issue guidelines in relation to the development and implementation of internal procedures, policies, controls and programs by financial institutions.

#### Supervisory authority or auditor to report suspicious transactions
38. For the purposes of section 15 of the FTR Act, a supervisory authority or an auditor of a financial institution must report to the Unit any suspicious transaction or attempted transaction or suspicious information in Form 1 as set out in Schedule 1.

### PART 6 – BORDER CURRENCY REPORTING

#### Obligation to report to the Fiji Islands Revenue and Customs Authority
39. —(1) For the purposes of section 32(1) of the Act, a person who departs or arrives in the Fiji Island with $10,000 and above in currency or negotiable bearer instruments on his or her person or in his or her baggage must be —
(a) declared in the first instance on the Fiji Islands arrival card or the Fiji Islands departure card; and
(b) reported to the Fiji Islands Revenue and Customs Authority in Form 4 set out in Schedule 1, and shall contain such details as are set in the form.

#### Information exchange between the Fiji Islands Revenue and Customs Authority and the Unit
40. Pursuant to section 25(1)(q) of the Act, the Fiji Islands Revenue and Customs Authority and the Unit shall exchange the following —
(a) border currency declaration and report referred to in regulation 4;
(b) information on the relevant provisions and operations of the Act;
(c) information on the Fiji Islands Revenue and Customs Authority in relation to laws specified in the First Schedule of the Fiji Islands Revenue and Customs Authority Act.

### PART 7 – FINANCIAL INTELLIGENCE UNIT

#### Agreement with Domestic Agencies
41. For the purposes of sharing and exchange of information under section 25(1)(d) and (q) of the Act, the Unit may enter into an agreement or arrangement with the following agencies and authorities:
(a) The Ministry of Justice;
(b) The Fiji Islands Revenue and Customs Authority, including the sharing of border currency reports under Part 5 of the Act;
(c) The Office of the Director of Public Prosecutions, subject to its constitutional functions;
(d) The Fiji Police Force, subject to its constitutional functions;
(e) The Reserve Bank of Fiji;
(f) The Immigration Department;
(g) The Fiji Trade and Investment Bureau;
(h) The Land Transport Authority;
(i) Any other Government institution, agency or department.

Made this 30th day of April, 2007

A. S. KHAIYUM  
Attorney-General, Minister for Justice, Electoral Reform & Anti-Corruption