Banque de la République d'Haïti

CIRCULAR

No. 128-1

TO EXCHANGE OFFICES

This circular determines certain preventive measures that exchange offices must take to combat money laundering and terrorist financing.

1. Customer Due Diligence

Every exchange office must establish written procedures and take measures to establish the identity of clients, beneficiaries, agents, principals, and beneficial owners.

Exchange offices must establish risk profiles for clients or categories of clients in order to conduct ongoing due diligence on the customer base.

The risk profile is an individualized assessment of the risk level of each client. It takes into account elements characterizing the risks presented by a client, namely: their activities (profession), their income or financial situation, any element allowing an assessment of their assets, the intended purpose and nature of the business relationship or the one-off transaction, the expected level of activity, the source of funds, etc. The risk profile must be complete, accurate, and updated at a frequency appropriate to the risk.

Exchange offices must exercise ongoing vigilance and examine transactions carried out by customers to ensure they are consistent with what they know about their clients, their business activities, their risk profile, and, where applicable, the source of their funds. If a client presents a higher risk, the exchange office must apply enhanced due diligence measures based on its risk assessment.

2. Customer Identification

Customer identification takes place during:

1. the establishment of the business relationship;
2. occasional transactions equal to or exceeding the threshold established by law and regulations;
3. transactions in the form of electronic transfers;
4. multiple cash transactions, both in gourdes and foreign currencies, when the total exceeds the established threshold and when they are carried out by and for the account of the same person within a day or at an unusual frequency;
5. the existence of a suspicion of money laundering;
6. the existence of a suspicion of terrorist financing;
7. doubts regarding the accuracy or relevance of previously obtained customer identification data.

Identification must also cover, whether for a natural or legal person, the intended purpose and nature of the business relationship.

Identification and verification of identity cover the legal surname and other names used (e.g., maiden name), place and date of birth, and primary residential address. Client identification is carried out by presenting an original, valid official document bearing a photograph (national identity card, driver's license, or passport). Address verification is carried out by presenting a document capable of proving it. A copy of all documents must be made, classified, and centralized. Formal checks must be conducted regarding the signature, any anomalies in the photograph, and the physical appearance of the potential client.

When the client is a legal person or a legal structure, identity verification covers the corporate name, registered office address, identity of the directors, proof of legal formation, and knowledge of the provisions governing the authority to bind the legal person.

Exchange offices must take reasonable measures to obtain information on the true identity of the persons on whose behalf a transaction is carried out, if there is the slightest doubt that these clients might not be acting for their own account. Furthermore, agents cannot invoke professional secrecy to refuse to disclose the identity of the actual beneficiary.

Exchange offices are required to verify client identity using independent and reliable documents, data sources, or information.

When clients are not acting for their own account, exchange offices are required to obtain necessary information on the identity of the persons on whose behalf a transaction is carried out. Furthermore, a lawyer, notary, accountant, or securities broker acting as a financial intermediary cannot invoke professional secrecy to refuse to disclose the identity of the beneficial owner, in accordance with the provisions of Article 49 of the Decree of April 30, 2023.

If exchange offices cannot comply with the provisions set out above, they may neither establish nor maintain a business relationship, nor carry out a transaction for the client. They will determine, in this case, whether it is appropriate to file a suspicious transaction report with the Central Unit for Financial Intelligence (UCREF) or to draw up an internal confidential report in accordance with Article 46 of the Decree of April 30, 2023.

Information on identification verification must be reviewed at least every two (2) years for high-risk situations and every three (3) years for moderate or low-risk cases. Risk mitigation measures must be included in policies and procedures.

Exchange offices are also required to apply due diligence measures to their existing clients, according to the risks they represent.

Exchange offices are not required to repeatedly identify each client and verify their identity every time they carry out a transaction. The exchange office may rely on identification and verification measures already carried out, unless it has doubts regarding the accuracy of previously obtained information.

2.1. Beneficial Owners

Exchange offices are required to identify beneficial owners in accordance with the provisions of Articles 40 to 42 of the Decree of April 30, 2023.

Adequate measures must be taken to verify the aforementioned data, as well as to update them when it appears that they are no longer current.

If exchange offices cannot obtain this information or their clients fail to communicate it or provide irrelevant or implausible information, they may neither establish nor maintain a business relationship, nor carry out a transaction for the client. They will determine, in this case, whether it is appropriate to inform the UCREF.

2.2. Politically Exposed Persons

A duty of vigilance must be exercised regarding politically exposed persons (PEPs), who are defined by Article 6 of the Decree of April 30, 2023 as persons who hold or have held prominent public functions in a foreign country or in Haiti or within or for the account of an international organization, as well as the family members of this person, or any other persons closely linked or associated with them.

Exchange offices must have appropriate risk management systems to determine whether the client is a politically exposed person. As soon as the client is identified as a politically exposed person, the following must be done:

a) obtain senior management approval before establishing or continuing a business relationship with the client; b) take all reasonable measures to establish the origin of wealth and identify the source of funds; c) ensure enhanced ongoing monitoring of the business relationship.

3. Prevention Program

In accordance with Article 31 of the Decree of April 30, 2023, exchange offices must implement a prevention program that includes the following elements:

a) policies, procedures, and internal controls, including compliance monitoring mechanisms, and appropriate procedures during employee hiring, to ensure it is carried out according to stringent criteria; b) centralization of information on client identity, beneficial owners, agents, and suspicious transactions; c) the appointment of a compliance officer and the designation of compliance officers at each branch or agency, where applicable; d) an assessment of money laundering and terrorist financing risks and a risk classification based on activities and customer profiles; e) the development of a continuous training program for employees; f) an internal control mechanism to verify compliance, observance, and the effectiveness of adopted measures; g) the establishment of an independent compliance monitoring mechanism; and h) the handling of suspicious transactions.

3.1. Appointment of a Compliance Officer

The compliance officer is responsible for implementing the prevention program and must be selected based on competence, experience, integrity, and professional ethics. They must know the functions and structure of the institution, and be aware of the risks and vulnerabilities related to money laundering and terrorist financing in the exchange sector. They must report directly to the board of directors on all matters related to combating money laundering and terrorist financing.

The compliance officer's duties include:

• ensuring the application of current laws and regulations;
• ensuring compliance with internal procedures and methods for combating money laundering and terrorist financing;
• identifying deficiencies and making appropriate recommendations;
• proposing training programs on a periodic basis;
• serving as the liaison with the UCREF;
• preparing and transmitting suspicious transaction reports to the UCREF;
• ensuring that transaction reports are completed and transmitted to the UCREF within the required deadlines;
• receiving and responding to information requests from the UCREF and any other competent authority acting within the framework of combating money laundering and terrorist financing;
• exercising due diligence vis-à-vis clients.

To ensure the application of the prevention program, the compliance officer may delegate certain functions to other employees of the institution.

3.2. Compliance Policies and Procedures

Exchange offices are required to develop a prevention program comprising written policies, procedures, and methods that allow for the identification of risk factors and the assessment of money laundering and terrorist financing risks presented by their activities.

Policies, procedures, and methods must be approved by the board of directors and kept up to date. They must be clearly communicated to all executives involved in dealing with clients.

Policies and procedures must cover all reporting, record-keeping, document retention, client identification, control, assessment, and risk mitigation obligations applicable to the exchange office. They must be integrated into the institution's overall risk management strategy and include appropriate steps to prevent, detect, assess, monitor, manage, and continuously mitigate money laundering and terrorist financing risks related to clients, geographic areas, or products, services, new technologies, operations, and distribution channels.

Policies, procedures, and methods must apply to all branches and any network constituted by sub-exchange agents, where applicable.

3.3. Risk Assessment

The prevention and compliance program must include an assessment of money laundering and terrorist financing risks.

Risk assessment is an analysis of the money laundering or terrorist financing threats and weaknesses presented by the exchange office's activities. This assessment varies notably according to the size of the institution, its geographic location, and the activities carried out.

A risk classification must be carried out based on the services offered, the conditions of proposed transactions, the distribution channels used, customer characteristics, and geographic regions of activity.

Risk assessment implies that employees are well-versed in the institution's activities and exercise judgment to evaluate money laundering risks. This assessment must not be static and must be modified at least every twelve (12) months.

3.4. Continuous Training

Exchange offices must ensure that their employees, particularly those in permanent contact with clients, have minimum knowledge in combating money laundering and terrorist financing and a mastery of the prevention mechanisms in place.

Exchange offices must develop and update a compliance-focused continuous training program. They must also develop and implement a training plan indicating, among other things, the categories of participants, the topics to be covered, and the frequency of training sessions.

The continuous training program and plan must be adapted to the size, structure of the institution, and its level of exposure to money laundering and terrorist financing risks.

3.5. Internal Control Mechanism

Exchange offices must exercise constant vigilance and establish an organization and internal procedures designed to ensure compliance with legal provisions and to prevent and identify any attempt at money laundering or terrorist financing.

This internal control system must contain, among other things:

• a control mechanism for policies and procedures combating money laundering and terrorist financing;
• a structure guaranteeing the confidentiality of information processing;
• measures for identifying money laundering and terrorist financing risk elements, and systems for assessing these risks;
• a centralized documentation and information system.

3.6. Independent Testing

Exchange offices must evaluate the effectiveness of their money laundering and terrorist financing prevention procedures at least once a year to identify weaknesses and implement recommendations regarding improvements and/or modifications to existing control mechanisms.

This evaluation must be carried out by the internal auditor and endorsed by a report specifying the nature, scope, and evaluation methods used, as well as conclusions and recommendations.

This report must clearly indicate whether the entity concerned has complied with internal procedures and legislative requirements. Specific checks may notably apply to the following points:

• interviews with employees responsible for operations and their supervisors to assess their level of knowledge and compliance with money laundering and terrorist financing prevention procedures;
• examination of a sample of document filing forms and forms for reporting suspicious financial transactions;
• verification of the document retention system;
• existence of supporting documents attached or referenced to accounting records;
• employees' knowledge of internal anti-money laundering rules.

The results of any verification must be reported to the board of directors of the exchange office.

3.7. Handling of Suspicious Transactions

Exchange offices must develop and implement policies regarding the identification and monitoring of unusual or suspicious transactions. These policies must define what is considered suspicious or unusual, and provide examples in this regard.

The identification of unusual or suspicious transactions can be done through transaction monitoring, information from third parties (newspapers, internet, etc.), and the exchange office's knowledge of the client's environment.

4. Document Retention

Exchange offices are required to retain for a period of at least five (5) years, from the date of cessation of relations with the regular or occasional client, all documentation relating to client identity, records of significant cash transactions, exchange transaction slips, reports mentioned in Section 5 of this circular, account books, and business correspondence.

To this end, a document filing form for operations must be used for document retention.

A copy of transaction reports and suspicious transaction reports must be kept and archived by the compliance officer.

This document retention will enable a rapid response to information requests from competent authorities and the reconstruction of individual transactions (including amounts and types of cash involved, where applicable) to provide, where applicable, evidence in case of criminal prosecution.

5. Preparation of Reports

Two types of reports must be prepared: transaction reports for any operation globally equal to or exceeding the established threshold, and suspicious transaction reports when doubts exist regarding the legality, legitimacy, or regularity of a transaction.

For any transaction that appears complex, unusual, unjustified, or lacking economic justification or lawful purpose, even when the amount involved does not reach the established threshold, all