Law on Prevention of Legalization of Criminally Obtained Property and the Financing of Terrorism

THE LAW OF THE REPUBLIC OF AZERBAIJAN on Prevention of Legalization of Criminally Obtained Property and the Financing of Terrorism This Law shall regulate relations associated with effective domestic and international cooperation in order to create conditions to detect and disrupt the legalization of criminally obtained property and the financing of terrorism and for excluding possibility to use the country's economic system for illegal purposes, fulfill obligations arising from related international treaties seconded by the Republic of Azerbaijan, as well as protect interests of the state and the society in accordance with Article 94 Part I Para 15 and 20 of the Constitution of the Republic of Azerbaijan. Chapter 1 GENERAL PROVISIONS Article 1. Main definitions 1.1. The definitions used in this Law shall have the following meanings: 1.1.1. criminally obtained property – funds of every kind, property, whether movable or immovable, corporeal, or incorporeal, tangible, or intangible, legal documents evidencing the title to such property, obtained directly or indirectly by the commission of an offence provided by the Criminal Code of the Republic of Azerbaijan. 1.1.2. legalization of criminally obtained property – the crime specified in Article 193- 1 of the Criminal Code of the Republic of Azerbaijan. 1.1.3. financing of terrorism – the crime specified in Article 214-1 of the Criminal Code of the Republic of Azerbaijan. 1.1.4. predicate offence – any crime resulting in acquisition of property that can be the subject of the crime provided for in Article 193-1 of the Criminal Code of the Republic of Azerbaijan. 1.1.5. monitoring – investigation measures provided by the financial intelligence unit based on information and documents the source of which is known. 1.1.6. financial intelligence unit (FIU) – the body (institution) established by the relevant executive authority, that provides unified regulation and supervision, coordinates activities and participates in the formulation of state policy in preventing the legalization of criminally obtained property and the financing of terrorism.

1.1.7. reporting entity – financial institutions, as well as designated non-financial businesses and professions who are obliged to implement measures provided for in this Law to prevent the legalization of criminally obtained property and the financing of terrorism. 1.1.8. financial institutions – credit institutions, local and foreign insurers engaged in endowment life insurance, reinsurers and insurance intermediaries, investment companies, investment funds, managers of these funds, representative offices of foreign investment funds, the central depository, the national postal operator, pawnshops, persons that provide financial lease services, payment institutions (except for payment institutions exclusively engaged in an intermediary service and (or) account information service for payment transactions) and electronic money institutions, virtual asset providers and persons licensed for currency exchange. 1.1.9. designated non-financial businesses and professions – real estate agents, organizers and operators of casino games, lawyers, notaries, independent persons providing legal, accounting and tax consulting services, branches, or representative offices of such foreign legal arrangements in the Republic of Azerbaijan. 1.1.10. real estate agent – an individual or a legal entity that provides brokerage services for purchase and sale of real estate. 1.1.11. virtual asset (VA) – digital representation of the value that acts as a medium of exchange for payment or investment purposes and that exists in a virtual asset circulation system. The digital equivalent of national and foreign currency, securities, as well as derivative financial instruments shall not be considered a virtual asset. 1.1.12. virtual asset service providers (VASP) – persons that provide exchange of virtual assets with currency resources, the national currency and other virtual assets; transfer or organize transfer of virtual assets from the virtual asset account or a wallet used for storage of virtual assets to another virtual asset account or wallet; organize conduction of operations (concluding transactions) with virtual assets or tools that allow controlling virtual assets or their storage; provide or involve in provision of financial services related to purchase, sale, exchange, initial placement or storage of virtual assets as an independent entrepreneurial activity. 1.1.13. compliance with the requirements on prevention of the legalization of criminally obtained property and the financing of terrorism (hereinafter – compliance with the AML/CTF requirements) – compliance with requirements of legal acts in countering the legalization of criminally obtained funds and terrorist financing. 1.1.14. financial group (holding) – a legal entity that exercises and coordinates group control over other members included in the group, including a set of branches or subsidiary legal entities where rules and procedures are applied in combating the legalization of criminally obtained property obtained and the financing of terrorism at the group level.

1.1.15. supervisory authorities – authorities (institutions) specified in Article 16 of this Law that supervise compliance with the requirements of this Law by reporting entities, as well as the persons defined in Article 12 of this Law. 1.1.16. supervisory measures – all types of examinations, including supervision, investigation, observation, revision, review, and other similar measures applied to reporting entities, as well as persons defined in Article 12 of this Law by supervisory authority and the financial intelligence unit. 1.1.17. foreign legal arrangements – trust or another institution with similar characteristics established in accordance with the legislation in force in a foreign state (territory) without creating a legal entity and engaged in activities related to transfer of property to ownership of a foreign legal institution manager with or without the condition of control by the foreign legal institution within the frames of benefiting of the group of beneficiaries or specific goals by an individual or a legal entity founder. The founder, manager, guarantor, beneficial or a group of beneficiaries of a foreign legal arrangement shall be defined as persons who have relevant rights and duties arising from the founding document of the foreign legal arrangement. 1.1.18. customer – a person who uses any service of reporting entities or a foreign legal arrangement. 1.1.19. beneficial owner – individual(s) who ultimately exercise(s) control over a customer or a legal entity or who is a real owner of the customer which is a foreign legal arrangement and/or in whose favor an operation is conducted and/or transactions are concluded, as well as exercises ultimate effective control over a legal entity or a foreign legal arrangement. 1.1.20. qualifying holding – direct or indirect ownership of a share that constitutes 10 (ten) or more percent of charter capital, as well as voting rights, or that allows to have a significant influence on the decision-making of the legal entity in which it is a participant on a contractual basis. 1.1.21. currency resources and the national currency – cash national and foreign currency, bearer certified bonds in national and foreign currencies, precious stones, or precious metals. 1.1.22. information and documents – facts, opinions, news or other information, documents in hard or soft copies created, stored, or recorded on operations (transactions) resulting from activities of reporting entities, defined in Article 12 of this Law, supervisory authorities, and other public authorities (hereinafter – operations) regardless of the date of creation, presentation form and classification. This definition shall at the same time cover facts, news and other information or documents created, stored, registered in various databases, as well as gathered from Internet or other information resources. 1.1.23. wire transfers – cross-border or domestic operations conducted to deliver funds by individuals or legal entities by means of electronic facilities provided by financial

institutions (through a bank and another payment account, without opening an account or with new payment methods) to payees (in case of wire transfer, the payer and the payee may be the same person). Transfers in which unique information allowing to identify the card throughout the transaction chain during purchase of products and services using payment cards and settlements and transfers between financial institutions for their own purposes shall not be considered wire transfers. 1.1.24. politically exposed persons – persons who hold or previously held an important state or public position in any state (territory) or international organization (heads of states and governments, heads of public authorities (institutions), their deputies, members of the legislative authority, members of governing bodies of political parties, judges of the supreme and constitutional courts, members of control bodies that carry out supreme audit and management boards of central banks, extraordinary and plenipotentiary ambassadors, temporary attorneys, high military and high special rank persons, members of management bodies of state enterprises, heads of international organizations, their deputies, members of management bodies); 1.1.25. close relatives of politically exposed persons – parents, grandparents, spouses, children, grandchildren, full and half siblings, adopters (adoptees) of political figures. 1.1.26. close associates of politically exposed persons – individuals who are joint beneficial owners with the political person of the same legal entity or foreign legal arrangement or who have any other close entrepreneurial relations with him/her, individuals who are founders or beneficial owners of the legal entity or the foreign legal arrangement established to allow political figures to generate actual profit or persons in whose names the rights on the property actually owned by the political figure are formalized; 1.1.27. business relations – professional relations formed by reporting entities with their customers when conducting their professional activity that are based upon mutual rights and duties of parties and are not one-time by nature. 1.1.28. FATF – an independent intergovernmental institution that provides formulation and spread of the policy on protection of the global financial system from the legalization of criminally obtained property, the financing of terrorism and the proliferation of weapons of mass destruction. 1.1.29. The Egmont Group of Financial Intelligence Units – a co-operation network created to strengthen information and document exchange and technical cooperation between financial intelligence units on an international scale, as well as activity effectiveness and potential of these institutions. 1.1.30. high risk jurisdictions – states or territories that have no adequate system to counter the legalization of criminally obtained funds and the financing of terrorism based upon reliable sources (mutual assessments or detailed reports by international organizations and institutions, as well as progress reports), support armed separatism, extremism,

mercenaries and terrorism, do not require publication of identification information and documents during financial operations and with respect to which international organizations have imposed sanctions or other similar measures. 1.2. Other definitions used in this Law shall bear the meanings specified in normative legal acts of the Republic of Azerbaijan. Article 2. The scope of this Law 2.1. To detect and prevent acts related to the legalization of criminally obtained property and the financing of terrorism, this Law shall regulate relations between citizens of the Republic of Azerbaijan, foreigners, stateless persons, legal entities, foreign legal arrangements, as well as supervisory authorities and other public authorities (institutions). 2.2. This Law shall apply in accordance with international commitments undertaken by and international treaties seconded by the Republic of Azerbaijan with respect to activities related to legalization of the criminally obtained property and the financing of terrorism outside the jurisdiction of the Republic of Azerbaijan. Article 3. Application of the requirements of this Law to designated non-financial businesses and professions 3.1. The requirements of this Law, except for organizers and operators of casino games, shall apply in relation to designated non-financial businesses and professions when: 3.1.1. real estate agents conduct real estate buy-sell operations. 3.1.2. notaries, lawyers, independent persons engaged in legal, accounting and tax consulting services conduct the following operations or participate in conduction of such operations: 3.1.2.1. buy and sell of real estate. 3.1.2.2. management of client’s funds, securities, or other property. 3.1.2.3. management of client’s bank, deposit, postal, payment and money accounts. 3.1.2.4. establishment of legal entities, provision and management of their activities, organization of pooling of funds for these purposes, as well as buy and sell of stocks or shares of legal entities. 3.2. The provisions of Articles 4–8 of this Law shall be applicable to the organizer and operator of casino games where a customer conducts financial transactions in an amount equal to or exceeding three thousand manats.

Chapter 2 PREVENTIVE MEASURES IN COMBATING THE LEGALIZATION OF CRIMINALLY OBTAINED PROPERTY AND THE FINANCING OF TERRORISM Article 4. Customer due diligence measures 4.1. Financial institutions shall not open anonymous accounts or accounts in fictitious names, not accept to their vaults documents and property using fictitious names or anonymously (not store in special rooms or safes), not issue the anonymous deposit certificates and introduce anonymous bankbooks. 4.2. Reporting entities shall apply customer due diligence in the following cases: 4.2.1. before establishing business relations. 4.2.2. before carrying out any transaction above the applicable threshold in the amount of 20000 or over manats (hereinafter – threshold) (this also applies to several related transactions carried out within the limit and total amount of which exceeds the threshold); 4.2.3. before one-off wire transfer of financial resources and one-off operations with VAs in accordance with regulations on wire transfer of financial resources and conduction of operations with VAs determined by the Central Bank of the Republic of Azerbaijan. 4.2.4. in all cases that create suspicions on acquisition of property criminally or its use in the financing of terrorism. 4.2.5. there are suspicions with respect to accuracy and relevance of information and documents obtained. 4.3. In the event total amount of the operation is not known prior to execution of the operation, customer due diligence measures shall be provided at the moment when it is found out that the amount of the transaction is over the threshold. 4.4. As part of customer due diligence reporting entities shall: 4.4.1. identify the customer (regardless of whether the customer uses services regularly or irregularly, whether he/she is an individual or a legal entity, as well as a foreign legal arrangement), verify customer identification information based on information and documents obtained from reliable, independent sources, or based on information resources and take other customer due diligence measures in the cases specified in Article 4.2 of this Law. 4.4.2. find out whether the person has an authority to act on behalf of the customer or another person as per the legislation, identify that person and verify identification information based on information and documents obtained from reliable, independent sources or based on information resources and take other customer due diligence measures. 4.4.3. identify the beneficial owner until they are reasonably certain of the identity of him/her and take reasonable steps to verify beneficial owner's identification information based on information and documents or information resources obtained from reliable, independent sources.

4.4.4. clarify the goal and nature of business relations and obtain related information and documents from the customer. 4.4.5. create a customer profile based upon information and documents specified in Articles 4.4.1–4.4.4 of this Law. 4.4.6. inform customers on requirements specified in Articles 4.19 and 4.20 of this Law. 4.5. Reporting entities should apply the following customer due diligence measures on an ongoing basis with respect to business relations: 4.5.1. analyze operations in order to find out compliance of operations with information and documents obtained about the customer, as well as the customer’s activity and risk profile, including the information and documents on the source of funds. 4.5.2. ensure updating and adequacy of information and documents obtained within the framework of customer due diligence measures by reviewing and investigating available information and documents prioritizing high-risk customers. 4.6. Reporting entities whose customers are legal entities or foreign legal arrangements should additionally: 4.6.1. find out the nature of activities of customers, their ownership, control and management structures. 4.6.2. identify customers based on proofs regarding their names, organizational-legal forms, and availability, as well as foundation documents, information and documents on names of officials who lead their current activities, legal and actual addresses and verify identification information based on information, documents or information resources obtained from reliable and independent sources. 4.6.3. identify the beneficial owner of the legal entity and the foreign legal arrangement until they are reasonably certain of the identity of him/her and take reasonable steps to verify beneficial owner's identification information based on information and documents or information resources obtained from reliable, independent sources. 4.7. The beneficial owner of the legal entity (except for legal entities of public law) should be identified under the following sequence and identification information should be verified: 4.7.1. ultimately individual(s) with qualifying holding in the legal entity (in case breakdown of participation shares in the legal entity does not exclude qualifying holding) should be identified. 4.7.2. in case of suspicions that individual(s) with qualifying holding is (are) beneficial owner(s) of the legal entity or there is no individual(s) who exercise control over the legal entity based on the participation share, the individual(s) who exercise current control over the legal entity in another form should be identified. 4.7.3. in case it is impossible to identify the individual who exercises control over the legal entity based on the participation share or otherwise, the individual(s) who manage(s) the legal entity should be identified.

4.8. The beneficial owner of the foreign legal arrangement should be identified under the following sequence and identification information should be verified: 4.8.1. the founder in the structure of the trust, the trust manager, the trust guarantor (if any), the beneficiary or a group of beneficiaries, any other individual who exercises effective control over the trust (including control or ownership chain) should be identified. 4.8.2. persons who have the same or similar rights or hold the same or similar positions in other types of foreign legal arrangements. 4.9. As soon as the person who benefits on the endowment life insurance agreement in addition to customer due diligence measures is identified or designated, the following measures should be taken on him/her: 4.9.1. in case the person who benefits on the endowment life insurance agreement is an individual, a legal entity, or a foreign legal arrangement, that person’s identification information and documents should be obtained. 4.9.2. in case the person who benefits is designated in terms of the characteristics, classification or other grounds, sufficient information and documents should be obtained during payment allowing to identify the benefiting person. 4.9.3. the benefiting person should be verified during the payment. 4.9-1. The organizer of casino games shall carry out customer due diligence measures in such a manner as to enable each financial transaction conducted by a customer in the casino to be linked with the information and documents obtained on that customer within the framework of such measures. In this case, transactions related solely to casino games conducted through the use of chips or tokens in casinos shall not be considered financial transactions. 4.10. Reporting entities should reasonably clarify the purpose and nature of all complex, unusually large-scale transactions, as well as those without an obvious economic or legal purpose in comparison with similar transaction models, identify the source of property provided during such transactions and develop a related analysis report. 4.11. In the cases where the degree of risk is high for transactions that are complex, unusually large-scale without an obvious economic or legal purpose, as well as based on the assessment of the criteria related to customers, products, services, transactions, delivery channels and the nature of geographical location and findings of risk evaluations, reporting entities identify that the risk is high, they should apply enhanced customer due diligence measures. 4.12. The FIU shall determine high and low risk factors in terms of characteristics of customers, products, services, transactions, delivery channels and geographical location, a procedure on attributing a customer profile to a high, medium, or low risk group, as well as the requirements on enhanced customer due diligence measures. 4.13. As part of enhanced CDD measures reporting entities shall: 4.13.1. apply enhanced CDD measures in proportion to identified risks, where AML/CFT risks are high and increase intensity of monitoring of business relations.

4.13.2. identify the risk rate of the person benefiting on the endowment life insurance certificate in order to determine the application of enhanced customer due diligence measures on the endowment life insurance agreement; if it is found out that the benefiting person that is a legal entity or a foreign legal arrangement is high risky, provide enhanced CDD measures in relation to the benefiting person, as well as his/her beneficial owner; 4.13.3. inform the FIU in case it is impossible to apply the requirements of Articles 4.9 and 4.13.2 of this Law, as well as in case suspicious grounds are identified during application of the measures specified in Article 4.13.1 of this Law. 4.14. In the event CDD cannot be applied, operations should not be conducted, business relations should not be established, accounts should not be opened, as well as business relations should be terminated, and the FIU should be informed accordingly. 4.15. In case of probability that CDD measures will cause the customer or other persons to be informed about the measures provided for in Articles 4.13.3 and 11.2 of this Law, CDD measures should be suspended, and the FIU should be informed by adding information and documents known about the customer. 4.16. CDD measures should be applied on business relations established until this Law took effect and those that continue after this Law took effect taking into account the nature and specificity of its activities and the risk rate. In this case, previous imposing the mentioned measures, its time and frequency, as well as adequacy of the obtained data should be taken into account. 4.17. Except for the below cases, previously implemented CDD measures can be relied on and repeat CDD measures shall not be required: 4.17.1. in all cases that cause suspicions that property was criminally obtained or used for the financing of terrorism. 4.17.2. in case of suspicions in accuracy and relevance of previously submitted identification information and documents related to the customer or the beneficial owner. 4.17.3. in case of significant changes, inconsistent with customer's business profile. 4.17.4. in case complex, unusually large transactions, as well as without obvious economic or legal purpose are carried out. 4.17.5. when it is necessary to continuously apply CDD measures provided for in Article 4.5 of this Law. 4.18. If, based upon assessment of the criteria (factors) related to customers, products, services, transactions, delivery channels and the nature of geographical location and findings of risk assessments, the risk is identified to be low, simplified CDD measures shall be allowed in the cases specified in Articles 4.2.1–4.2.3 of this Law and in accordance with the procedures determined by the FIU. Requirements on simplified CDD measures shall be determined by the FIU based on the risk assessment. 4.19. As part of professional activities, persons that render services to third parties on founding legal entities or their branches and representative offices; act as legal

representatives of legal entities; provide legal addresses for legal entities or their branches and representative offices, shall be considered service providers of the company. Service providers of the company that act as an external manager of the legal entity founded (registered) in a foreign state (territory) in accordance with their activity directions when establishing business relations with reporting entities should declare that they act as service providers of the company and deliver all related necessary information and documents. 4.20. Persons acting as managers of foreign legal arrangements in accordance with their activity directions when establishing business relations with reporting entities should declare that they act as managers of foreign legal arrangements and should deliver information and documents on the structure, founders, beneficiary (beneficiaries, a group of beneficiaries), other managers (if any) of the foreign legal arrangements they are managers of, foreign legal arrangement guarantors (if any) or on the persons who have the same or similar rights and hold the same or similar positions and a copy of a foundation document of the foreign legal arrangement. Article 5. Reliance on third parties 5.1. Reporting entities may rely on CDD measures provided by other reporting entities (third parties) in accordance with Article 4 of this Law or on information and documents obtained by other reporting entities when introducing a new customer for the establishment of business relations. In cases of reliance on third parties, reporting entities, who rely, shall be taken responsible for compliance with the requirements of this Law. In this case, reporting entities should: 5.1.1. immediately take from third parties’ information and documents obtained as part of CDD measures specified in Article 4 of this Law. 5.1.2. take steps to ensure that copies of identification information and documents and relevant information and documents relating to compliance with the requirements of CDD measures are available from the third party without delay (in any case no later than the end of the requested business day) upon request. 5.1.3. comply with the requirements of Article 4.17 of this Law. 5.1.4. make sure that third parties comply with the requirements of this Law, as well as that there is an effective monitoring and control mechanism over those persons by the state in the country (territory) where they are established, managed, or operate. 5.2. Reporting entities should take into account riskiness of the jurisdiction they belong to in case reporting entities located in a foreign jurisdiction rely on CDD measures or intermediation services on establishment of business relations and information and documents obtained by those persons. 5.3. Reporting entities may rely on CDD measures of other reporting entities within the same financial group (holding) or intermediation services on establishment of business

relations and the information and documents obtained by those persons only if they are assured that the financial group (holding) apply the requirements of this Law and the supervisory authority exercises an effective control over that financial group (holding). At that, risk reduction measures should also be implemented in relation to high-risk zones within the framework of internal control programs. Article 6. Commitment on storage of information and documents 6.1. Reporting entities should keep all information and documents related to domestic and cross-border transactions for at least 5 years after the end of the transaction unless a longer period is provided for by the legislation. 6.2. In accordance with Article 4 of this Law, reporting entities should keep information and documents obtained within the framework of CDD measures, business correspondence, accounts, as well as information and documents on results of any analysis carried out, unless a longer period is provided for in the legislation, after termination of business relations or after the date of the end of any one-time transaction for at least 5 years. 6.3. The period provided for in Articles 6.1 and 6.2 of this Law may be extended in each specific case by the decision of the FIU or the supervisory authority. 6.4. Information and documents on operations should be kept in a manner that will allow recovery of any operation to ensure their use as evidence in criminal proceedings. 6.5. The information and documents kept by reporting entities should be submitted to the FIU, supervisory authorities, criminal prosecution bodies and courts (information and documents protected by a special regime provided for by law in accordance with their protection regime) within the period specified in the request. 6.6. The matters concerning the possession by legal entities of accurate, precise, and up-to-date information and documents regarding their beneficial owners, and by representative offices or branches of foreign legal entities regarding the beneficial owner of such a foreign legal entity, as well as the maintenance of a register of information on beneficial owners, shall be regulated by the Law of the Republic of Azerbaijan ‘on State Registration and the State Register of Legal Entities.’ Article 7. Operations with politically exposed persons, their close relatives, or close associates 7.1. In relation to operations with politically exposed persons, their close relatives, or close associates along with the measures specified in Article 4 of this Law reporting entities should: 7.1.1. apply a risk management system that allows identifying whether the customer and the beneficial owner is a politically exposed person, his/her close relative or associate.

7.1.2. establish and continue business relations with a politically exposed person, his/her close relative or associate only by the consent of the management. 7.1.3. when identifying whether the customer or the beneficial owner is a politically exposed person, his/her close relative or associate, take reasonable measures to identify the source of property he/she provides as well as other assets in general. 7.1.4. apply enhanced CDD measures with respect to business relations with the politically exposed person, his/her close relative or associate on an ongoing basis. 7.2. Insurers engaged in endowment life insurance should take measures to identify whether persons benefiting on the endowment life insurance certificate and beneficial owners of benefiting persons are politically exposed persons, their close relatives or associates prior to making a payment; in case they identify a high risk, the payment should be made at the consent of the management, business relations with a certificate holder should be investigated comprehensively and the FIU should be informed on operations. Article 8. New technologies 8.1. Reporting entities should treat business relations established through new and developing technologies (hereinafter – new technologies) and conducted operations as high￾risk relations and operations and take measures on evaluation and reduction of ML/FT when such relations are established, and operations are conducted. Reporting entities should take measures on safe application of new technologies prior to their introduction and have a risk assessment mechanism for application of new technologies. 8.2. Reporting entities should have internal rules and procedures, preventive measures, including electronic control systems on regulation of business relations created by new technologies or those that imply their application, products and conducted operations. 8.3. Financial institutions should assess relevant risks prior to introduction of new products and business practices and use of new technologies, as well as determine preventive measures with respect to management and reduction of relevant risks. 8.4. Supervisory authorities should identify and assess ML/FT risks arising from launch of new business practices including new products and delivery channels with respect to reporting entities, as well as application of new technologies with respect to new products and products under way; as well as determine preventive measures with respect to management and reduction of relevant risks. 8.5. New technologies should not exclude CDD measures. In the event CDD measures are applied with the help of information technologies, information and documents are delivered electronically. When applying new technologies, verification measures specified in Article 4 of this Law shall be provided in the order determined by the FIU. 8.6. In the event new technologies do not allow full application of CDD measures, or there are insurmountable suspicions or inconsistencies in identification of the customer or

the beneficial owner, as well as in verification of accuracy of submitted information and documents, introduction of new technologies should be rejected. Article 9. High-risk jurisdictions 9.1. In relation to any business relations and transactions with citizens of high-risk zones, with persons whose registration, residence or main place of activity are in or through those zones, as well as with persons who have an account in a bank and other payment service providers registered in those zones, enhanced CDD measures should be applied without relying on information and documents provided by third parties established, managed, or operating in the country considered a high-risk area. 9.2. Restrictions and specific requirements may apply with respect to high-risk jurisdictions identified based on the challenges made by the FATF and Article 9.5 of this Law. 9.3. The text of challenges made by the FATF with respect to high-risk jurisdictions shall be published on an official website of the FIU and sent to reporting entities either directly or through relevant supervisory authorities. Reporting entities should take actions specified in challenges made by the FATF. 9.4. Grounds for identification of high-risk jurisdictions, a list of restrictions and specific requirements applicable with respect to high-risk jurisdictions shall be determined by the authority (body) designated by the relevant executive authority. 9.5. The FIU shall establish a list of high-risk jurisdictions in coordination with the relevant authority (body) designated by the relevant executive power or sent to reporting entities either directly or through relevant supervisory authorities. 9.6. The type and duration of restrictions and specific requirements applied with respect to high-risk jurisdictions shall be determined by the FIU in accordance with identified risks and sent to reporting entities either directly or through relevant supervisory authorities. Article 10. Internal control program 10.1. As part of the internal control program on AML/CFT in accordance with identified risks, the scope and nature of their activities reporting entities should: 10.1.1. approve and apply internal rules and procedures, control mechanisms and their development plans. 10.1.2. establish an independent and effective system on compliance with the AML/CFT requirements, including designation of a responsible person on a management level and his/her substitute in his/her absence.

10.1.3. approve and apply verification procedures to ensure high professionalism and civil impeccability requirements during recruitment. 10.1.4. involve staff to trainings on an ongoing basis. 10.1.5. establish an independent audit mechanism that assesses how effective the existing system is based on internal audit standards. 10.2. Reporting entities that are financial groups (holdings) should provide application of the following measures in all branches and subsidiary legal entities in addition to the measures specified in Article 10.1 of this Law within the frames of internal control programs on that group (holding) level: 10.2.1. approve and apply rules and procedures on transfer of information and documents within the group (holding) as part of CDD measures and to manage ML/FT risks. 10.2.2. approve and apply rules and procedures on requesting information and documents on customers, accounts and operations from parent legal entity, branches and subsidiary legal entities as part of compliance with AML/CFT requirements on a group (holding) level, audit and obligations arising from this Law. 10.2.3. approve and apply rules and procedures on formation of mechanisms that ensure confidentiality and security of and prevent distribution of transferred information and documents. 10.3. In the event the jurisdiction in which the financial institution is incorporated sets AML/CFT requirements stricter than those existing in the foreign jurisdiction where the financial institution's branches and subsidiaries are located, financial institutions should ensure that their foreign branches and subsidiary legal entities operate based on stricter requirements as much as allowed by the legislation of the foreign jurisdiction. 10.4. In the event the legislation of the foreign jurisdiction prohibits application of stricter requirements, financial groups (holdings) should take measures to manage risks and inform the supervisory authority to that end. 10.5. The FIU shall set minimum requirements to be met by the internal control program. Supervisory authorities may determine requirements in addition to minimum requirements established by the FIU with respect to reporting entities. Chapter 3 OPERATIONS SUBJECT TO MONITORING Article 11. Submission of information and documents on operations subject to monitoring to the FIU 11.1. Financial institutions shall deliver information and documents on the following operations to the FIU: 11.1.1. information and documents on cash transactions equal to or above the minimum limit set by the FIU.

11.1.2. information and documents on wire transfer of funds equal to or above the minimum limit set by the FIU. 11.2. In the event of the following cases, regardless of the amount, information and documents on transactions or attempts to conduct such transactions shall be submitted to the FIU by reporting entities, as well as persons who provide auditor services: 11.2.1. suspicion in criminal acquisition of property or circumstances that create sufficient grounds for such a suspicion. 11.2.2. suspicion that the property will be used for preparation, organization of or committing a terroristic act, as well as for the financing of a terrorist or a terrorist group (gang, organization) or circumstances that create sufficient grounds for such a suspicion. 11.3. Information and documents on the following operations shall be submitted to the FIU by reporting entities, as well as by persons providing audit services, regardless of the amount or whether there are grounds for a suspicion: 11.3.1. any operations by politically exposed persons of foreign states, their close relatives, or associates. 11.3.2. operations with assets of individuals and bodies sanctioned in accordance with the Law of the Republic of Azerbaijan on Targeted Financial Sanctions. 11.3.3. operations on bank and other payment accounts of religious institutions, non￾governmental organizations, including branches and representative offices of foreign non￾governmental organizations operating in the territory of the Republic of Azerbaijan. 11.4. Reporting entities, as well as persons who provide audit services should submit the information and documents provided for in Articles 4.14, 4.15 and 11.1-11.3 of this Law in the manner determined by the FIU. The information and documents provided for in Articles 11.1, 11.3.1 and 11.3.3 of this Law shall be submitted to the FIU within 3 working days after the transaction, while in the cases specified in Articles 4.14, 4.15 and 11.3.2 of this Law immediately after determination of the grounds for submission of information and documents, but in any case, no later than the end of that working day. 11.5. In the event of the cases provided for in Article 11.2 of this Law, the following operations shall not be conducted by financial institutions within 2 business days, except for the case provided for in Article 11.6 of this Law, and information and documents shall be immediately submitted to the FIU before operations are executed: 11.5.1. operations related to high-risk customer profiles. 11.5.2. operations conducted in an amount equal to or higher than the minimum limit set by the FIU. 11.5.3. operations resulting in withdrawal of funds from the account. 11.6. If it is impossible not to conduct the operation provided for in Article 11.5 of this Law, financial institutions should inform the FIU immediately after the operation. 11.7. If the instruction of the FIU to suspend the operation is not received within the period stipulated in Article 11.5 of this Law, the operation should be executed. If during this

period the information from the FIU is not received that it is not necessary to suspend the transaction, the transaction should be executed immediately without waiting for expiration of the 2-day period. 11.8. Regardless of the source of obtaining, information and documents submitted to the FIU shall be kept secret and confidential, used only for the purposes provided for by this Law and protected within the regime of protection of secrets established by law. The FIU shall establish a system of ensuring security of information and documents. 11.9. The FIU shall review the issue of updating the minimum amount of transactions provided for in Article 11.1 of this Law no later than every 5 years. The 5-year period shall begin when the FIU sets minimum amount of transactions. 11.10. In the cases provided for in Articles 4.14, 4.15, 11.2 and 11.3.2 of this Law, the customer should not be informed on submission of information and documents to the FIU. 11.11. Reporting entities shall be required, within three business days, to submit to the FIU the information on the beneficial owner as determined within the framework of CDD measures applied to legal entity customers. Article 12. Information and documents submitted by the persons who provide audit services, religious institutions, non-governmental organizations, including branches or representative offices of foreign non-governmental organizations in the Republic of Azerbaijan 12.1. When persons who provide audit services specified in the Law of the Republic of Azerbaijan on Audit Service discharge auditing activity identify cases on a suspicion or enough grounds for such a suspicion that property was obtained criminally, as well as that the property is related to terrorism, terroristic activity, terroristic organizations or any person who finances terrorism or used by such persons or there are enough grounds for such a suspicion in order to prevent ML/FT, they should submit information and documents on it to the FIU in accordance with Article 11.4 of this Law. 12.2. Persons providing audit services should keep all information and documents obtained during audit for at least 5 years. This period may be extended by up to 5 years by the decision of the FIU or the supervisory authority. 12.3. To prevent the financing of terrorism, any religious institution, non-governmental organization, including branches or representative offices of foreign non-governmental organizations in the Republic of Azerbaijan, which as part of its activities receives, collects, provides, or transfers funds, shall, when receiving or providing grants and donations, have rules and procedures in place aimed at minimizing risks, develop a comprehensive annual financial report on the sources of formation of its property in monetary or other form, as well as on the use thereof. The financial report should be submitted to the supervisory authority no later than April 1 of every year.

Article 13. Statutory confidentiality requirements 13.1. Submission of information and documents within the requirements of this Law to the FIU and supervisory authorities related to implementation of supervisory measures may not be refused, except for state secrets, as well as taking into account the provisions of Article 13.2 of this Law, based on the regime of protection of all other secrets established by legislation. 13.2. The requirements of Articles 11.2, 11.3.1 and 11.3.3 of this Law shall not apply to the information and documents obtained during determining customer's legal status or in connection with his/her defense (representation) in court, administrative, arbitration and mediation (regardless of whether information was obtained before, during or after court proceedings), that constitute the lawyer or other professional secrets. In the event designated non-financial businesses and professions knowing that the customer is involved in acts ML/FT, or provides legal consultations in order to legalize criminally obtained funds or finance terrorism, or the customer strives to get legal consultations for such purposes provide such legal consultations or try to conclude transactions with the same purpose and execute transactions, such acts shall not be considered the determination of the legal status of the customer and exempt from objectives of complying with the requirements of Articles 11.2, 11.3.1 and 11.3.3 of this Law. 13.3. A lawyer or other persons responsible for protection of professional secrecy shall take all measures arising from requirements of this Law to determine the legal status of the customer. Conclusion of contracts, execution of operations with their participation without fulfilling these requirements, as well as giving advice for conclusion of such contracts, implementation of operations shall cause liability in accordance with the law. Chapter 4 MONITORING AND SUPERVISORY MEASURES Article 14. Financial intelligence unit 14.1. The FIU shall take part in the formation of the state policy on AML/CFT, collect and analyze information and documents submitted by reporting entities, as well as the persons specified in Article 12 of this Law, supervisory and other public authorities (bodies), and obtained from information resources, open sources, and other persons, and submit findings of the analysis and other important information to related public authorities (bodies). At that the FIU shall assess the quality of information and documents obtained with respect to suspicious cases and use tactical and strategic analysis methods in order to identify suspicious cases and evaluate risks. 14.2. The FIU shall be independent in its activities.

14.3. When the FIU receives information and documents about operations, subject to monitoring, sources of which are known, also as a result of its own strategic and tactical analysis or based on the third party request for the purpose of investigation by sending a relevant request, it shall be entitled to obtain information and documents from reporting entities, as well as from the persons specified in Article 12 of this Law, supervisory authorities and public authorities (bodies). 14.4. The FIU by sending requests to reporting entities may ask them to provide information on operations they have carried out under certain criteria (the type of operation, nature, persons, territories, products, delivery channels, etc.) for a period of up to 6 months after the date of sending this request. The FIU may extend this period up to 6 months. 14.5. The FIU shall enjoy the right to receive information necessary for discharging authorities specified by the legislation electronically by integrating its information system to information systems (resources) of authorities (bodies) designated by the relevant executive authority. The scope of information the FIU obtains from the said information systems (resources) shall be determined by the authority (body) designated by the relevant executive authority. 14.6. The FIU shall ensure confidentiality of submitted information and use it only for the purposes provided for by this Law, as well as organize a system for ensuring security of this information. 14.7. When the FIU obtains information about systematic violation of the requirements of this Law by financial institutions, it submits this information to the relevant supervisory authority for applying the responsibility and other measures established by the legislation. The supervisory authority shall inform the FIU about measures taken based on the information provided to it. 14.8. The FIU shall analyze the information it has on the state of compliance with the requirements of this Law by designated non-financial businesses and professions, as well as persons specified by Article 12 of this Law, as well as the information obtained from supervisory authorities and reporting entities upon request, and may: 14.8.1. conduct sectorial risk assessment and submit findings to the relevant supervisory authority. 14.8.2. provide external assessment of the system of compliance by designated nonfinancial businesses and professions with AML/CFT requirements. 14.8.3. participate as an observer or an expert in inspections conducted in order to determine the state of compliance by designated non-financial businesses and professions with the requirements of this Law based on the request of relevant supervisory authorities. 14.8.4. suggest that the supervisory authority conducts an appropriate inspection, take measures specified in the legislation (enforcement, corrective etc.), and impose sanctions. 14.9. Supervisory authorities shall inform the FIU about implementation or refusal to implement the measures provided for in Article 14.8.4. When appropriate inspections of

designated non-financial businesses and professions are carried out by the supervisory authority at the proposal of the FIU, the supervisory authority shall submit information of inspection findings to the latter. 14.10. When the FIU identifies signs of ML/FT or other crimes during the analysis, it should immediately submit information and documents to the relevant criminal prosecution authority. 14.11. The FIU, in accordance with this Law, shall adopt regulations on the procedure of submission of information and documents to it, CDD measures, internal control program, verification measures during application of new technologies, feedback of reporting entities, as well as the persons specified in Article 12 of this Law. 14.12. Powers of the FIU shall be determined by this Law and the Charter approved by the body (institution) designated by the relevant executive authority. Article 15. Suspension of execution of transactions 15.1 In the event there are grounds or suspicions on ML/FT or other crimes, in the cases specified in Article 11.5 of this Law the FIU shall make a reasoned decision to suspend execution of the transaction as soon as possible, but no later than 2 working days, and immediately instruct the financial institution executing the transaction to suspend it. 15.2. The FIU shall take a decision to suspend transactions for a period not exceeding 3 working days in the cases specified in Article 15.1 of this Law, as well as a result of its strategic and tactical analysis or at the request of a third state. 15.3. The decision taken by the FIU on the suspension of the execution of the transaction and relevant information and documents shall be immediately sent to the authorities that carry out criminal prosecution in relation to the investigation. Those bodies can take measures to suspend the execution of the operation for a longer period provided for in Article 15.2 of this Law as per the criminal-procedural legislation. 15.4. In accordance with Article 15.2 of this Law, the customer should not be informed about suspension of the transaction by the financial institution Article 16. Supervisory authorities 16.1. Supervisory authority shall consist of the following authorities (institutions) that supervise compliance with the requirements of this Law by reporting entities, as well as the persons defined by Article 12 of this Law 16.1.1. in relation to financial institutions – the Central Bank of the Republic of Azerbaijan.

16.1.2. in relation to real estate agents, organizers and operators of casino games, persons who provide legal, accounting and tax consultation services – the authority (institution) designated by the relevant executive authority. 16.1.3. in relation to notaries and non-governmental organizations, including branches or representative offices of foreign non-governmental organizations – the authority (institution) designated by the relevant executive authority. 16.1.4. in relation to religious institutions – the authority (institution) designated by the relevant executive authority. 16.1.5. in relation to lawyers – the Bar Association of the Republic of Azerbaijan. 16.1.6. in relation to persons who provide audit services – the Chamber of Auditors of the Republic of Azerbaijan. 16.2. During inspections in relation to reporting entities, as well as the persons specified in Article 12 of this Law, supervisory authorities should investigate transactions that correspond to the grounds specified in Article 11 of this Law and if they discover that information and documents on such transactions have not been sent to the FIU, they should immediately ensure that the information and documents are sent to the FIU and investigate reasons for non-submission of information and documents. At the same time, supervisory authorities should investigate grounds of the cases provided for in Article 11.2 of this Law in transactions of the entities they supervise and submit information and documents on transactions with such grounds to the FIU. 16.3. In the event supervisory authorities discover non-compliance with the requirements of this Law by reporting entities, as well as the persons defined in Article 12 of this Law, they should impose administrative or other measures provided for in the legislation against them and inform the FIU accordingly. Violation of the requirements of this Law by reporting entities, as well as by persons defined by Article 12 of this Law shall cause suspension or revocation/cancellation of the license that provides the right to carry out that activity, permit, registration, certificate and (or) membership in the cases and in the order provided by the legislation of the Republic of Azerbaijan. 16.4. Supervisory authorities should carry out inspections in the established order, as well as in accordance with risks existing at the sectoral and national level as prescribed by the law. Periodicity and intensity of inspections in relation to financial groups (holdings) should be determined taking into account specific nature of those financial groups (holdings) 16.5. With respect to payment and electronic money organizations, the requirements of this Law shall be applied in accordance with the procedure established by the Central Bank of the Republic of Azerbaijan.

Article 17. Control over compliance with civil impeccability requirements 17.1. Supervisory authorities should provide control over compliance of reporting entities with the civil impeccability requirements specified in Article 17.2 of this Law. 17.2. Civil impeccability requirements shall be defined as not allowing the following persons to own qualifying holding or become beneficial owners, as well as discharge management functions in reporting entities: 17.2.1. a person convicted of an intentional crime against property or in the field of economic activity, or any grave or particularly grave crime committed intentionally. 17.2.2. a person deprived of the right to hold a certain position in the economic field or engage in a certain activity for a certain period of time by a court decision. 17.2.3. a person who fails to meet civil impeccability requirements specified in the Laws of the Republic of Azerbaijan on Banks, on Insurance Activity, in the Securities Market, on Investment Funds, and other requirements necessary to carry out activities specified in the Laws of the Republic of Azerbaijan on Notaries and on Lawyers and Legal Practice. 17.3. Persons who have a close relationship with the persons provided for in Article 17.2 of this Law (persons determined to have common interests as a result of the investigation) after inspections reveal that there is no criminal collusion between them, may have qualifying holding in reporting entities or become their beneficial owners, and carry out management functions in reporting entities. Supervisory authorities should conduct regular investigations to find out whether there is criminal collusion between those persons. 17.4. When issuing licenses or permits to reporting entities or registering them to start their activities supervisory authorities should identify reporting entity’s beneficial owner and in the process of registration, permitting and licensing, as well as in subsequent changes in ownership and management structure of the reporting entity regularly control compliance with the requirements of Article 17.2 of this Law. 17.5. Additional restrictions and prohibitions may be imposed with respect to the persons specified in Article 17.2 of this Law, their close associates, with the Laws of the Republic of Azerbaijan on Banks, on Insurance Activity, on the Securities Market, on Investment Funds, on Notaries, on Lawyers and Legal Practice. Note: In this Article, qualifying holding shall be defined as qualifying holding determined for financial institutions in the Laws of the Republic of Azerbaijan on Banks, on Insurance Activity, on the Securities Market, on Investment Funds and on Currency Regulation, whose activities are regulated by the above laws.

Article 18. Control over cross border transportation of currency resources and the national currency 18.1. In the event of detection of undeclared or improperly declared currency resources and the national currency as part of the requirements on the regime of declaration of currency resources during cross border transportation of currency resources and the national currency established under the legislation, the authority (institution) designated by the relevant executive authority shall request information and documents on the source of and the purpose of use of the currency resources and national currency. 18.2. If the authority (institution) designated by the relevant executive authority detects signs of ML/FT and other crimes during cross border transportation of currency resources and the national currency in the cases specified in Article 18.1 of this Law, it shall send related information and documents to the FIU and the criminal prosecution authority for investigation. 18.3. In accordance with the Law of the Republic of Azerbaijan ‘on Currency Regulation’, the information and documents submitted by the authority (institution) designated by the relevant executive authority on currency resources and the national currency passed through the customs border of the Republic of Azerbaijan shall also be sent to the FIU. 18.4. In the event of detection of undeclared or improperly declared currency resources and the national currency during cross border transportation of currency resources and the national currency, as well as signs of ML/FT, and other crimes the authority (institution) designated by the relevant executive authority shall be entitled to stop the movement of currency resources and the national currency for 48 hours. Within the framework of the application of this article, procedures on stopping the movement of currency resources and the national currency shall be determined by the authority (institution) designated by the relevant executive authority. Those procedures shall also determine a list of indicators related to stopping the movement of currency resources and the national currency. 18.5. The form of compiling the information and documents mentioned in Articles 18.2 and 18.3 of this Law shall be established by the authority (institution) designated by the relevant executive authority. Article 19. Feedback 19.1. Feedback shall be submission by the authority (institution) that receives information and documents of relevant information to the sending party in accordance with Articles 19.3-19.5 of this law to follow up outcome of measures taken on information and documents submitted as per this Law, control quality and collect statistic data. 19.2. The following information and documents shall be submitted as part of feedback:

19.2.1. information on receipt and investigation of submitted information and documents. 19.2.2. summary of next steps as a result of the investigation of information and documents. 19.2.3. information on the quality and usability of information and documents. 19.2.4. periodic statistical data on submitted transactions. 19.3. The FIU shall provide the information stipulated in Articles 19.2.1 and 19.2.3 of this Law to reporting entities, as well as to the persons specified in Article 12 of this Law on the information and documents submitted to it on the transactions subject to monitoring. The procedure on feedback of reporting entities, as well as the persons defined by Article 12 of this Law shall be determined by the FIU. 19.4. The FIU shall submit the information and documents specified in Article 19.2 of this Law to supervisory authorities and the authority (institution) designated by the relevant executive authority on the information and documents submitted to it in accordance Articles 16 and 18 of this Law. 19.5. The criminal prosecution body to which information and documents are submitted in accordance with Article 14.10 of this Law, shall submit the information and documents provided for in Article 19.2 of this Law to the FIU based on the information and documents submitted to it. 19.6. The FIU, the authority (institution) designated by the relevant executive authority, as well as the criminal prosecution bodies in relation to the investigation shall carry out feedback of foreign partners on the information and documents submitted in accordance with Article 22 of this Law. Chapter 5 DOMESTIC AND INTERNATIONAL CO-OPERATION Article 20. Domestic co-operation 20.1. The Commission on Combating Corruption of the Republic of Azerbaijan shall participate in the formation of the state policy on AML/CFT, study and summarize the status of implementation of the relevant legislation and exercise control over the implementation of state programs. 20.2. To ensure coordination in AML/CFT, proliferation and financing of proliferation of weapons of mass destruction; assess related risks countrywide (hereinafter – country risk assessment); develop activity plans and drafts related to improvement of the legislation; increase the effectiveness of AML/CFT, and establish co-operation mechanisms between central executive and criminal prosecution authorities, courts and other institutions, a coordination council shall be created by the authority (institution) designated by the relevant executive authority with the involvement of representatives of related central executive

authorities, criminal prosecution bodies, supervisory authorities, courts, other public authorities (institutions) and non-governmental organizations (hereinafter – the Coordination Council). 20.3. The flow of work of the Coordination Council shall be determined by the authority (institution) designated by the relevant executive authority. 20.4. The Coordination Council shall establish work groups on relevant areas and control their activities. Article 21. Country risk assessment 21.1. The country risk assessment shall consist of identification and assessment of risks on a country level, determining targets in line those risks, as well as measures on elimination or reduction of risks. 21.2. ML/FT risks shall be assessed on a country level by the Coordination Council based on findings of sectoral and institutional assessments with the involvement of representatives of related supervisory authorities, other public authorities (institutions), reporting entities, as well as the persons defined in Article 12 of this Law and representatives of related parties at least once every 3 years. 21.3. The report on results of the country risk assessment should be published on the official internet information resource of the FIU and sent to all participants of the country risk assessment, including reporting entities through supervisory authorities, as well as to the persons defined by Article 12 of this Law. The country risk assessment report may be updated as a result of sectoral and institutional risk assessments. 21.4. To maintain country risk assessment the Coordination Council shall: 21.4.1. organize assessment of ML/FT/FP risks of the on a country level. 21.4.2. determine targets to manage risks identified as a result of the risk assessment specified in Article 21.4.1 of this Law, develop and submit to related public authorities (institutions) relevant draft plans for the purpose. 21.4.3. maintain current control over attaining identified targets and inform the Commission on Combating Corruption of the Republic of Azerbaijan to that end. 21.5. The aim of the country risk assessment shall be to adjust activities of supervisory authorities, other public authorities (institutions), reporting entities, as well as the persons defined in Article 12 of this Law to risk rates in order to identify, assess, manage, eliminate or reduce ML/FT/FP risks on a country level, in particular ensure consistency of measures with identified risks and effective allocation of resources (administrative, legal, economic, financial) used in it. 21.6. Supervisory authorities shall assess sectoral ML/FT/FP risks with respect to reporting entities they supervise, as well as persons defined in Article 12 of this Law on an annual basis, document and submit findings to reporting entities they supervise, as well as

the persons defined in Article 12 of this Law, and take measures for management, elimination, and reduction of identified risks. In the process of sectoral risk assessment, supervisory authorities should take into account all risk factors, findings of country risk assessment and findings of institutional risk assessment submitted by reporting entities they supervise, as well as the persons defined in Article 12 of this Law. 21.7. Reporting entities, as well as persons defined in Article 12 of this Law should identify and assess institutional ML/FT/FP risks on an annual basis, document and submit to the supervisory authority findings of assessments and take measures on management, elimination, or reduction of risks in accordance with internal rules and procedures approved by the management. Reporting entities, as well as persons defined in Article 12 of this Law should consider all risk factors, findings of country and sectoral risk assessments during institutional risk assessment. 21.8. To maintain country risk assessment the General Prosecutor's Office of the Republic of Azerbaijan shall collect necessary statistical data from courts and criminal prosecution bodies via its information system, process, summarize and submit accordingly. Article 22. International co-operation, exchange of information and documents 22.1. International co-operation shall be defined as information and document sharing with authorities for the purpose of monitoring, control, investigation, operation, and other purposes based on a request or at an own initiative. In order to analyze, examine and investigate ML/FT or predicate crimes, the FIU, supervisory authorities, the authority (institution) designated by relevant executive authority, as well as criminal prosecution authorities in relation to investigation shall exchange all types of information and documents, including secrets protected by law (with the exception of state and professional secrets defined in Article 13.2 of this Law) based on a request or at an own initiative in accordance with the legislation of the Republic of Azerbaijan or international treaties seconded by the Republic of Azerbaijan with their foreign partners. 22.2. Exchange of information between monitoring units shall base upon the ‘Principles for information exchange’ of the Egmont Group of FIUs and encompass exchange of information and documents submitted to the FIU, stored in internal databases of the FIU, on information resources the FIU has access to, as well as obtained by the FIU upon request. 22.3. Exchange of information between supervisory authorities shall encompass exchange of information and documents that regulate relevant area (countrywide normative regulatory system, general information on the financial sector, etc.), prudential requirements (business activities of financial institutions, beneficial owners, management, civil impeccability, etc.), as well as information and documents on AML/CFT (internal control program, CDD measures, customer information and documents, samples of accounts and operations etc.).

22.4. International co-operation between criminal prosecution authorities shall encompass exchange of information and documents related to investigation on ML/FT or predicate offences, information and documents on operations and investigations and tracking criminally obtained property. 22.5. Information exchange on cross-border transportation of currency resources and the national currency shall encompass co-operation measures on cross-border transportation of declared, improperly declared or undeclared, as well as on detecting signs of ML/FT and predicate offences. 22.6. Authorities (institutions) provided for in Article 22.1 of this Law, when executing requests by foreign partners, shall collect information and documents and issue requests within the same powers as the collection of information and documents and issuance of requests during the analysis, research and investigation carried out by them while performing their powers established by the legislation. 22.7. Information shall be provided to the relevant authority of a foreign state under the condition that the information will not be used for purposes not specified in the request. That information and documents may be used for other purposes only upon a written permit by the party that provided the information and documents. 22.8. As part of the international co-operation criminal prosecution authorities may take measures for joint investigations with their foreign partners (including usage of special investigative technologies), as well as for determining relevant co-operation frames in accordance with the legislation of the Republic of Azerbaijan. 22.9. The authorities (institutions) provided for in article 22.1 of this Law may exchange information with authorities (institutions) that are not direct partners of the foreign state with respect to those authorities (institutions) within the frames of the requirements of Article 22 of this Law. 22.10. Information shall be exchanged through a channel that ensures security of the exchange, in the order of prioritizing requests and within a reasonable time. When information is exchanged, the information and documents obtained from foreign partners shall be kept secret or confidential, equal to secrets protected by law. Grounds for breach of privacy or confidentiality shall lead to rejection of the request. 22.11. Authorities (institutions) specified in Article 22.1 of this Law may not refuse to answer the request based on the circumstances mentioned below: 22.11.1. the requests include financial issues. 22.11.2. the legislation imposes a secrecy regime in relation to reporting entities (except for the cases where the requested information and documents are state secrets or professional secrets defined in Article 13.2 of this Law). 22.11.3. criminal prosecution is provided in the country related to the requested issue (except for cases where the response to the request impedes criminal prosecution).

22.11.4. powers and the status (civil, administrative, criminal prosecution, etc.) of the requesting authority (institution) is different from powers and status of the requested authority (institution). Chapter 6 FINAL PROVISIONS Article 23. Exemption from liability When any person, including reporting entities, as well as their staff working on the basis of labor or other civil legal agreements, as well as staff of supervisory authorities submit information and documents on operations subject to monitoring to the FIU in good faith in accordance with the requirements of this Law, they shall be exempted from any liability that may arise under this Law, due to distribution of information and documents whose distribution is restricted in accordance with existing agreements between them, as well as administrative and other regulatory documents. Article 24. Responsibility for violation of this Law Persons who violate the requirements of this Law shall be kept liable in accordance with the law. Article 25. Transitional provisions 25.1. Article 11.1.2 of this Law shall take effect 6 months after setting the minimum limit of the amount for wire transfer of funds by the FIU. 25.2. Except for the provision provided for in Article 15.1 of this Law, other Articles of this Law shall take effect on 1 February 2023. 25.3. The Law of the Republic of Azerbaijan ‘on Prevention of the Legalization of Criminally Obtained Funds or Other Property and the Financing of Terrorism’ shall be repealed from the day this Law takes effect. Ilham ALIYEV, President of the Republic of Azerbaijan Baku city, 30 December 2022 № 781-VIQ