Framework for Managing Risks of Trade Based Money Laundering and Terrorist Financing

1. Definitions

For the purpose of this framework:

i. “Authorized Dealer” shall have the same meaning as defined under Foreign Exchange Regulation Act 1947 (FERA). ii. “Dual Use Goods” shall mean goods, software, technologies, etc. which can be used for both civilian and military purposes. iii. “Fair Market Value” shall mean the price at which an asset would sell in a competitive market assuming: a. Both buyer and seller are acting independently as if they are unrelated, b. All relevant facts are known to both the parties, c. Neither is under any compulsion to buy or sell, and d. All rights and benefits inherent in (or attributable to) the item must have been included in the transfer. iv. “Overdue Trade Bills” shall mean and include: a. Export Bills: where export proceeds have not been realized within the prescribed period and manner, as determined by SBP. b. Import Bills: where the importer did not make payment against the goods received on collection or open account basis on due date or within one year of clearance of goods, respectively. c. Advance Payment Export: where export proceeds are received in advance and shipment of goods against the advance payment is not made within the prescribed period and shipping documents are not submitted by the exporters. d. Advance Payment Import: where importer does not ensure shipment into Pakistan of equivalent value of advance payment made or its repatriation within the prescribed period. v. “Overdue” means overdue trade bills and any outstanding regulatory penalty levied under FERA. vi. “Red Flag” means a warning sign or an indicator that suggests a potential risk of money laundering or suspicious trade activity. vii. “Trade Based Money Laundering and Terrorist Financing” refers to the process of disguising the proceeds of crime and moving value through the use of trade transactions in an attempt to legitimize the illicit origin of funds or to finance terrorist activities. It involves misrepresentation of price, quantity and / or quality of imports/exports to transfer value across the border. viii. “Trade Transactions” shall mean the transactions carried out through following modes: a) Letter of Credit b) Documentary Collection c) Registered Contracts d) Open Account in Imports and Exports e) Advance Payment Import/Export f) Remittance for Import and Export of Services g) Foreign Bank Guarantee/Stand-by Letter of Credit

All other terms used in the document have the same meaning as defined in the relevant laws, rules and regulations.

2. Introduction and Objectives

i. Trade transactions have become an increasingly attractive channel for money launderers and terrorist financiers, as they can conceal illicit activities within high volumes of legitimate international trade transactions. The main methods by which such people transfer value through legitimate trade transactions are under-invoicing, over-invoicing, multiple invoicing, short/over shipment, obfuscation of type of goods/services and fictitious trade transactions (i.e. transactions involving no shipments) etc. ii. In order to strengthen trade related AML/CFT regime and restrict the possible misuse of banking channel, the Framework for Managing Risks of Trade Based Money Laundering and Terrorist Financing (TBML/TF) was issued by SBP in 2019. Over the period, emerging TBML/TF related typologies, global best practices and technological advancements in the domain of international trade have necessitated revisions in the existing framework for better mitigating the risks associated with trade transactions. iii. The revised framework contains a broad set of instructions for Authorized Dealers (ADs) to build their policies and controls that shall help them in effectively managing the risks and assist them in performing their regal & regulatory obligations under the relevant laws and regulations. However, the ADs are encouraged to adopt more robust measures and best international practices, evolving over time to effectively manage the Money Laundering, Terrorists Financing and Proliferation Financing (ML/TF/PF) risks. iv. The prime objectives of this framework is to strengthen the trade related AML/CFT/CPF regime and prevent the misuse of foreign exchange for unauthorized purposes. Following are key components of the framework, and ADs are required to comply with them in letter and spirit.

3. Governance and Oversight

a. Role of Board and Senior Management

i. The Board of Directors (BOD) of the ADs shall be responsible for the oversight of trade based ML/TF/PF risks in the bank. BOD shall provide a strategic direction and necessary resources to the management to ensure identification, assessment and mitigation of TBML risks in an effective and timely manner. To this end, BOD shall develop and approve appropriate policies for managing the trade based ML/TF/PF risks in the bank, in line with the nature, scale and complexity of the AD’s trade business operations. Such policies, at the minimum, should cover the following areas: a. Risk profiling of customers dealing in or intending to deal in trade. b. Price verification of underlying contracts related to import/export of goods/services. c. Screening of customers, counter parties, goods, including dual used goods, etc. d. Transaction Monitoring System for managing ML/TF/PF risks arising out of trade transactions. e. AD’s own risk profile and its periodic review. ii. Such policies should adequately cover the instructions and requirements given in this framework. Further, any operational procedures formulated under the policies shall clearly delineate the roles and responsibilities of all functions involved in processing, reviewing and approving the trade transactions. iii. The BOD shall also periodically review the TBML risk profile of the AD as part of the Internal Risk Assessment Report (IRAR) process, already required under AML/CFT/CPF Regulations for Regulated Entities (REs). The BOD shall evaluate the performance of senior management in terms of managing TBML risks so as to ensure the effectiveness of internal controls, systems and mitigation measures put in place. The BOD may delegate this oversight responsibility to one of its sub-committees for efficient and focused oversight. iv. In accordance with the direction and policies established by BOD, the senior management of the ADs shall formulate and implement relevant procedures and internal controls to effectively manage the TBML/TF/PF risks. For this purpose, the responsibility of overseeing the overall trade based ML/TF/PF risk should be entrusted to a management level committee. The committee shall ensure deployment of adequate technology based solutions and allocation of necessary resources/staff among the relevant functions. However, the compliance function, being the owner of entity wide AML processes, should have a leading role in managing trade based ML/TF/PF risks. v. The management committee shall also ensure that systems are robust enough to generate accurate & comprehensive information/MIS reports, at their Head Office level, containing all the important data/information, thereby enabling a thorough and comprehensive portfolio level review by the ADs.

b. TBML Risk Assessment – ADs Own Risk Profile

i. ADs shall periodically identify and assess the ML/TF/PF risks arising out of trade transactions and document their findings in their IRAR document. The assessment should consider, at a minimum, the following factors: a. Weighted average risk rating of their trade portfolio i.e. weighted average of risk ratings assigned to trade customers. b. Risks associated with various trade related products offered by the AD. c. Number of red flags/TMS Alerts/STRs raised against trade related customers. d. Assessment of jurisdictions, with respect to their riskiness, involved in trade transactions. e. Internal audit ratings of AD’s branches and centralized operations managing trade business. f. Enforcement actions and quantum of regulatory penalties imposed on the AD due to non-compliance with the regulatory requirements related to trade business/ foreign exchange.

c. Independent Review by Control Functions

i. Internal Audit function of ADs shall periodically review, at least once in 2 years, the robustness and effectiveness of ADs’ systems and controls with respect to compliance with the provisions of this framework. In this regard, the internal audit function shall ensure that its audit strategy adequately focuses on trade based ML/TF/PF risks and the staff performing the audit activities has sufficient expertise/knowledge of trade products/procedures and AML/CFT processes. The frequency and scope of audit activities should be commensurate with the trade based ML/TF/PF risks identified by the ADs during the IRAR process and the volume of trade transactions handled by the AD. ii. The deficiencies identified by internal audit, especially those relating to material weaknesses in controls or non-compliance of regulatory instructions shall be escalated to relevant board and management committees in line with the SBP’s Guidelines on Internal Audit Function. iii. The internal audit may review the process of granting ADs status to the branches, along-with subsequent review of their performance. iv. The AD’s risk management function shall periodically conduct TBML risk assessment to identify vulnerable products, regions, customers & trade activities and report key risks/ key risk indicators relating to trade based ML/TF/PF, in accordance with the SBP's Operational Risk Management Framework. v. Compliance function shall periodically conduct an independent compliance risk assessment in coordination with the trade processing units and escalate any identified gaps to relevant management committee for their resolution.

4. Customer Due Diligence (CDD)

i. In addition to the requirements specified in SBP’s AML/CFT/CPF Regulations, the ADs shall implement focused KYC/CDD measures for the customers availing trade related services in order to assess and document their trade related risk profiles. These measures shall be applied at the time of onboarding of new trade-related customers or when the existing customers intend to undertake trade transactions. ii. ADs shall ensure that no customer is allowed any trade related services without completion of separate risk profiling specific to trade activities. Risk profile of the customers shall be prepared on bank-wide basis duly considering the scenario where the customer is conducting trade business through multiple branches. Further, the CNIC numbers shall serve as a primary key (unique identifier) for risk profile of sole proprietorships. The due diligence of newly on-boarded and existing customers may include, but is not limited to, the following factors: a. Legal business structure of customer’s business i.e. sole proprietorship, limited company etc. b. Expected annual volume of trade to be carried out by the customer. c. Financial worth and size of business of the customer, which must be supported by customer’s financial statements and tax record / statements. d. Nature/type of goods/services that the customer usually trades in. e. Customer’s key foreign buyers/suppliers and the jurisdictions where they are located and operate from. f. Usual modes of trade and terms of payments. g. Related entities (domestic and foreign), over which the customer can exercise influence or control, due to the nature of their relationship. h. Customer’s membership of any Chamber of Commerce/Trade Associations etc. i. Payment routed to/from third parties or third countries. j. In case of existing customer, the number and nature of red flags raised by the AD during the period under review. k. Identification of ultimate beneficial ownership of the customer/transaction as specified in Regulation-2 of the AML/CFT/CPF Regulations. l. Transactional behavior of customer’s PKR/FCY deposit accounts in relation to size and nature of their business operations. m. Adverse media news, market intelligence or legal proceedings involving the customer. n. Verification of customer’s provided information through periodic on-site visits to the places of business. iii. ADs shall exercise due care while recording the expected annual trade volume of the customer and its financial worth. For this purpose, particularly in case of importers, ADs shall invariably obtain financial statements, duly audited by a chartered accountant/ cost and management accountant. In case of individuals, sole proprietorships and entities where external audit of their accounts is not required, the ADs shall obtain the details of their assets, liabilities, income and expenses, which would be appropriately examined by ADs, including through onsite visits to ensure their accuracy. The ADs shall also obtain annual income tax returns (including wealth statements where applicable) from all importers who are obligated to file income tax return under Income Tax Ordinance or any other applicable laws and regulations in Pakistan. In case of non-submission of the said documents and information, trade transactions of such customers shall not be processed by the ADs. These instructions, however, will not be applicable on federal/ provincial government(s) or their allied agencies / departments. iv. ADs shall properly review and analyze the financial statements and income tax returns submitted by the customers and shall give due consideration to the information provided in these documents at the time of preparing or updating risk profile of such customers. Further, the AD, while processing any import transaction, shall ensure that the volume of trade and activity in the deposit accounts of the customer is commensurate with its risk profile and financial position. However, in exceptional circumstances, any deviation should be referred to senior management for approval, prior to execution of such transactions. The justification/ rationale for approving such transactions shall be explicitly recorded for later review of internal audit of AD and the SBP. v. ADs shall obtain a declaration from customers intending to engage in trade business, whereby the customers shall authorize their ADs to share their outstanding overdue trade obligations / default history with other ADs. Additionally, the customers shall be required to disclose the name(s) of the bank(s), in the undertaking, with which they have or previously had trade business relationship along with the types of trade transactions conducted with those banks. Thereafter, ADs shall verify the status of customers’ trade overdues and default history from the concerned ADs or through other available means. The trade overdues, if any, shall be given due consideration while taking the decision of onboarding the customer for trade transactions. vi. The ADs should share their response to the requests received from other ADs, within a reasonable time period, not exceeding seven (07) working days. A proper record of these requests and corresponding responses shall be maintained by the ADs. vii. Based on the due diligence, the ADs shall assign a separate trade related risk rating to its customers, in addition to the general risk rating assigned by the ADs under AML/CFT/CPF Regulations, so that the AD is able to independently/separately evaluate trade related profile of the customers. In case the customer is assigned higher risk rating, the AD shall perform enhanced due diligence. viii. ADs shall periodically review and update trade-related risk profiles of the customers as per the frequency determined using risk based approach or when there are any significant changes in customers’ trade activities. However, such periodic review shall not be later than 18 months of last review. The dynamic information such as major counterparties, jurisdictions and type of goods etc. may also be updated as and when required. ix. While taking any credit exposure on a customer, the ADs should also give due consideration to its trade related risk profile.

5. Transactions Due Diligence & Monitoring

a. Initial Scrutiny/Screening of the Trade Transactions

i. At the time of handling a trade transaction in front offices, ADs shall ensure that adequate and appropriate controls are in place for thorough scrutiny of the relevant documents. For this purpose, ADs shall put in place appropriate procedures, systems and deploy adequately trained personnel for carrying out scrutiny of documents and screening of all parties involved in the trade transactions including importers, exporters, jurisdictions, goods, vessels and ports etc. ii. ADs shall also follow the provisions relating to goods and jurisdictions given in Import / Export Policy Orders of Ministry of Commerce (MOC) as well as Control Lists of Strategic Export Control Division (SECDIV) of Ministry of Foreign Affairs. In this regard, ADs shall maintain H.S. Code wise electronic record of the goods/services, capturing specific requirements, such as, licensing requirements, import / export permits and other applicable relevant requirements.

b. Price Related Due Diligence

i. The ADs shall put in place adequate procedures and systems for assessment of prices of goods and services in trade transactions to ensure that the prices reflected in the trade documents correspond to their fair market value. For reference of fair market values of goods and services, ADs shall use reliable sources, such as chambers of commerce, local business circles, daily newspapers, historic appraisements, MOC/TDAP, international and local commodity exchanges, Customs Valuation Rulings, web searches etc. Further, ADs shall also develop their internal database of prices using historical data of trade transactions processed by them. ii. The price verification shall invariably be performed prior to execution of the trade transactions. However, in exceptional cases where price verification is not possible at pre-transaction stage due to non-availability of benchmark prices or other compelling reasons, ADs may perform such verification after the transaction. In such cases, verification must be completed within forty-five (45) days of approving of FIs or disbursing the amount to the exporter, as the case may be. iii. ADs should define acceptable thresholds for variance from benchmark prices and delineate the process of conducting additional due diligence or escalation, if needed. The transactions, where the price variation from fair market value is beyond the acceptable threshold or there is suspicion of price misrepresentation, the ADs must undertake reasonable measures to ascertain the reasons for such variances and document their findings. Where price variation is identified during post transaction assessment, it shall be considered as a red flag, warranting further evaluation. In all such cases, the AD, as part of the enhanced due diligence process, shall escalate the transaction to the senior management for a decision. iv. In order to prevent conflict of interest, ADs shall entrust the responsibility of price verification to a function, having reporting lines independent from the business function. Such a function should be adequately staffed with experienced officers possessing the necessary expertise.

c. Financial Instrument (FI) Related Due Diligence

i. ADs shall implement adequate controls for issuance of Financial Instruments (FIs) for the trade transactions. Issuance of FIs shall preferably be centralized and the principles of dual control shall be implemented. If the FIs are issued in decentralized manner, a robust monitoring mechanism should be in place for overseeing the process. In addition, the ADs shall ensure adherence to the following instructions while issuing FIs: a. The FI must include the complete and precise specification of the goods, including the quality, varieties and sub categories. Mentioning the generic or vague/incomplete description of goods on FI should be avoided. In this regard, ADs shall require customers to provide complete details of goods along-with their H.S. codes. Further, use of H.S. codes having description as ‘others’ should be discouraged; however, in case it is necessary, the ADs shall seek proper justification from the customer. Furthermore, the full name of parties involved should be mentioned on FIs and abbreviations should be avoided. b. In case an H.S. Code includes multiple goods/products, ADs shall ensure that the particulars of each good is mentioned against that H.S. Code. c. Units of measurement (UoM) that are inconsistent with the nature of goods or which obscures the actual quantity of goods, such as using cartons or boxes for goods that are counted in numbers/units, shall be avoided. If UoM is not required to be declared otherwise, then it shall be declared in line with relevant Custom Valuation Rulings, where available. d. The use of brand names, trade names or trademarks of the goods must be avoided, if it is not accompanied by the generic name of such product. e. In case of export advance payment, the guidelines at (b), (c) & (d) above shall also be followed while preparing the Advance Payment Voucher (Appendix V-14). Moreover, it shall be ensured that in case of export against advance payment, declaration made on FI is strictly in accordance with the particulars declared on Advance Payment Voucher including the name of consignee. f. The expiry date of FI should be commensurate with the nature and tenor of the underlying trade transaction.

d. Transaction Monitoring System

i. ADs shall implement a robust Transaction Monitoring System (TMS) for monitoring and managing the ML/TF/PF risk arising out of the trade transactions, which should be capable of generating meaningful alerts based on pre-defined trade based ML/TF/PF related scenarios/thresholds. The alerts shall be thoroughly evaluated and complete trail, from generation of alerts till their closure, shall be maintained by the ADs for later review of internal audit or SBP. ii. The ADs are encouraged to develop scenarios for the TMS that appropriately cover the typologies described under this framework. The scenarios/thresholds shall be reviewed periodically by ADs, at least once in two years or more frequently if required, to ensure their effectiveness and relevance.

e. Post Transaction Due Diligence Measures

i. The particulars of FIs shall be corroborated with all shipping documents and Goods Declaration (GD) information to ensure their cohesion. For this purpose, the ADs shall carefully compare the GD Forms and other information received from PSW with the corresponding FIs to identify any discrepancies. In this regard, particular attention should be placed on verifying the quantity, type of goods (H.S. Codes) and per unit price recorded on FI and declared to / assessed by Customs. ii. Where the particulars of FI are not commensurate with the declaration made on GD, AD must seek clarification from the concerned customer. If the clarification is found to be unsatisfactory, the risk profile of customer shall be reassessed and the matter shall be escalated to senior management for a decision to consider filing of an STR or otherwise. However, in case of persistent undesired/suspicious conduct of a customer, the AD may take necessary actions as per the relevant provisions of AML Act 2010, including termination of relationship. iii. In cases where multiple shipments are cleared by the importers under a single FI, the ADs shall thoroughly examine the relevant information and documents to ensure that all shipping documents have been routed through them, to mitigate the risk of ML/TF/PF.

6. Enhanced Due Diligence (EDD) of High Risk Transactions

i. AD’s shall develop a criteria of monitoring the transactions falling under high risk category and ensure that high risk trade transactions and/or customers are subject to enhanced due diligence. In this respect, following are illustrative examples of some trade transactions/activities that may pose higher trade based ML/TF/PF risks and, therefore, warrant EDD measures: a. Sole proprietorships and other entities with low financial standings but intending to conduct high value transactions. b. Transactions on open account basis. c. Advance Payments (Import and Export). d. Import/Export of Services. e. Transactions involving high value services and those on free of cost basis. f. Transactions involving related parties. g. Payments and shipments from or to third parties/countries. h. Transactions with high-risk jurisdictions or jurisdictions with lax AML/CFT/CPF regulations. i. Import of goods that are either exempt from duties or subject to duties exceeding 25%. j. Export of goods on which export related rebates/subsidies are allowed by the Government of Pakistan, from time to time. k. Trade payments where the underlying amount was deposited predominantly in cash. l. Transactions where a significant variation in price of goods being traded is identified that does not align with the bank’s approved/acceptable price variance. m. Transactions where the particulars of FIs do not correspond with the shipping documents particularly with GD Forms. ii. For the purpose of this framework, EDD measures may include, but are not limited to, one or a combination of the following actions: a. Seeking justification from customer and obtaining additional information or documents that can explain or justify the transaction. b. Reviewing independent sources of information, such as creditworthiness reports. c. Reviewing the customer’s historical transactions to identify behavioral patterns, trends, etc. and/or assessment of previously flagged alerts. d. Obtaining feedback or information from foreign correspondent banks involved in transaction, where needed. e. Obtaining senior management’s approval for onboarding the customer, executing the transaction or continuing the relationship, as the case may be. f. Any other measure deemed appropriate by the AD. iii. For any payments involving third parties / countries, not being a country of origin or the country of shipment, the ADs should obtain additional documents from the customers, which may include, but are not limited to, tri-partite agreement, justifications for third party/country payments or any transaction-specific or customer-related information to understand the relationship between the beneficiary and the shipper and the reason for payment to a third party/country. ADs should maintain details of such payments for later review of internal audit and SBP inspection teams. iv. While obtaining the creditworthiness reports of the foreign importer/exporter, ADs shall make reasonable efforts to ensure that such reports, inter-alia include, names of sponsors and shareholders of foreign entity. v. In case where an AD forms a suspicion regarding a transaction or customer as defined in section 7 of AML Act, it shall be mandatory for the concerned AD to promptly file an STR with FMU. However, before reporting the STR, ADs shall undertake appropriate inquiries on transaction/customer, so as to avoid unnecessary or unwarranted STRs. vi. If the senior management of the ADs, upon receiving an escalated transaction, does not find sufficient grounds for filing the STR, they may consider subjecting the customer for enhanced monitoring. A database of such customers/transactions should be maintained, that have been considered as high risk by the ADs and escalated to the senior management. This will assist the ADs in undertaking more focused and effective ongoing due diligence of their customers. vii. In case where the anomalies in the customer’s transactional behavior persist, despite enhanced due diligence and filing of STR, the AD may consider taking other appropriate measures including discontinuation of its relationship with the customer.

7. Deployment of Technology Based Solutions

i. ADs shall take reasonable measures to adopt technology based solutions to mitigate ML/TF/PF risks associated with trade transactions. Following are some of the areas requiring use of technology based solutions: a. Customer risk profiling and periodic review. b. Sanctions Screening. c. Transaction Monitoring. d. Verification of prices of goods and services. e. Corroboration of FIs with GDs. f. Detection of invoices and other documents already utilized by the importers/exporters. g. Vessel tracking to identify potential sanctions breaches. h. Regulatory reporting. ii. ADs shall ensure integration of customer risk profiling system with trade processing/core banking system enabling the relevant function to carry out ongoing monitoring of trade transactions effectively.

8. Trainings & Awareness

i. ADs shall provide a comprehensive, practical and targeted TBML related trainings at all levels, i.e. staff deputed in branches, centralized trade processing units, compliance, internal audit and risk management functions to enable them to detect and report trade based ML/TF/PF related risks. ii. ADs shall incorporate case studies based on practical examples, common typologies and red flags in their training programs. In this regard, ADs shall develop a repository of trade related red flags and keep them updated based on their due diligence findings and international best practices. A non-exhaustive list of common red flag indicators, common typologies and sample case studies are also provided at Annexure-A, B and C, respectively, of this framework for information and guidance of ADs. iii. ADs shall proactively collaborate with each other and arrange knowledge sharing events to share their experience with each other. Further, such collaboration may include development of portal / helpdesk where experts of the industry can answer queries.

Annexure-A: Common Red Flag Indicators for TBML

(Content omitted as requested for summary and core text output)

Annexure-B: Common Typologies of Trade Based Money Laundering

(Content omitted as requested for summary and core text output)

Annexure-C: Sample Case Studies

(Content omitted as requested for summary and core text output)