LogoRegulatory Alerts
2024-09-04

Notice No. 11/GBM/2024, of August 30 – Establishes the Minimum Share Capital of Mutual Guarantee Companies and Management Companies of Mutual Guarantee Funds

The Bank of Mozambique issued Notice No. 10/GBM/2024 to approve comprehensive Guidelines on Money Laundering, Terrorism Financing, and Proliferation Financing (ML/TF/PF) for all supervised financial institutions. The regulation mandates the establishment of robust risk management policies, the appointment of a dedicated Suspicious Transaction Reporting Officer (STRO), and strict internal audit and confidentiality procedures. It further enforces rigorous client identification, risk classification, outsourcing standards, and group coordination to ensure full regulatory compliance and effective mitigation of financial crime risks.

Banco de Mocambique logo

Mozambique

Banco de Mocambique

Click to view thumbnail

BOLETIM DA REPÚBLICA

PUBLIC OFFICIAL GAZETTE OF THE REPUBLIC OF MOZAMBIQUE

SUMÁRIO / TABLE OF CONTENTS

A V I S O / NOTICE: The matter to be published in the «Boletim da República» must be submitted as a duly authenticated copy, one for each subject matter, containing the necessary indications, including the following endorsement, signed and authenticated: For publication in the «Boletim da República».

IMPRENSA NACIONAL DE MOÇAMBIQUE, E.P. / NATIONAL PRESS OF MOZAMBIQUE, E.P.

Banco de Moçambique: / Bank of Mozambique:

  • Aviso n.º 10/GBM/2024: / Notice No. 10/GBM/2024: Approves the Guidelines on Prevention and Combating of Money Laundering, Terrorism Financing and Proliferation Financing of Weapons of Mass Destruction and revokes Notice No. 5/GBM/2022, of November 17.
  • Aviso n.º 11/GBM/2024: / Notice No. 11/GBM/2024: Establishes the Minimum Share Capital of Mutual Guarantee Companies and Management Companies of Mutual Guarantee Funds.

Sexta-feira, 30 de Agosto de 2024 | I SÉRIE — Número 170 / Friday, August 30, 2024 | SERIES I — Number 170

BANCO DE MOÇAMBIQUE / BANK OF MOZAMBIQUE

Aviso n.º 10/GBM/2024 / Notice No. 10/GBM/2024

de 30 de Agosto / of August 30

Law No. 14/2023, of August 28 establishes the new regime for Prevention and Combating of Money Laundering, Terrorism Financing and Proliferation Financing of Weapons of Mass Destruction in Mozambique.

Deeming it necessary to guide the actions of financial institutions that, under the aforementioned Law, fall under its supervisory and monitoring authority, the Bank of Mozambique, using the powers attributed to it by the combined provisions of letters d) and e) of paragraph 2 of Article 56 of said Law, determines:

  1. The Guidelines on Prevention and Combating of Money Laundering, Terrorism Financing and Proliferation Financing of Weapons of Mass Destruction are approved, attached to this Notice, forming an integral part thereof.
  2. Non-compliance with the provisions of this Notice constitutes a regulatory offense punishable under Law No. 14/2023, of August 28.
  3. Notice No. 5/GBM/2022, of November 17, Guidelines on Prevention and Combating of Money Laundering and Terrorism Financing, is revoked.
  4. This Notice enters into force immediately.
  5. Interpretation and application doubts regarding this Notice are submitted to the Regulation and Licensing Department of the Bank of Mozambique.

Bank of Mozambique, in Maputo, August 23, 2024. The Governor, — Rogério Lucas Zandamela.

Directrizes Sobre Prevenção e Combate ao Branqueamento de Capitais, Financiamento do Terrorismo e Financiamento da Proliferação de Armas de Destruição em Massa

Guidelines on Prevention and Combating of Money Laundering, Terrorism Financing and Proliferation Financing of Weapons of Mass Destruction

CAPÍTULO I / CHAPTER I: General Provisions

Artigo 1 (Objecto) / Article 1 (Object): These Guidelines establish the procedures and preventive measures against money laundering, terrorism financing, and proliferation financing of weapons of mass destruction.

Artigo 2 (Âmbito de aplicação) / Article 2 (Scope): These Guidelines apply to all financial institutions that, under letters a), b), c), d) and f) of Article 4 of Law No. 14/2023, of August 28, are under the supervision and monitoring of the Bank of Mozambique.

CAPÍTULO II / CHAPTER II: Risk Management Policies

Artigo 3 (Responsabilidades do conselho de administração ou equiparado) / Article 3 (Responsibilities of the Board of Directors or equivalent body):

  1. The board of directors or equivalent body of financial institutions must document and approve policies on risk identification, assessment, and management, along with internal control measures that enable effective management and mitigation of identified money laundering, terrorism financing, and proliferation financing risks, and submit them to the Bank of Mozambique.
  2. For the purposes of the preceding paragraph, the board of directors or equivalent body must prioritize a risk-based approach.
  3. The board of directors or equivalent body must annually approve the institution's risk assessment policy, determine the level of risk it is willing to accept, and propose adequate risk mitigation measures.
  4. The board of directors or equivalent body must, at least annually: a) formally communicate risk tolerance and acceptance strategies to all institution employees; and b) disclose recommendations regarding the implementation of policies on money laundering, terrorism financing, and proliferation financing.
  5. The board of directors or equivalent body must ensure that the adopted control process and procedures are effective, efficient, and contribute to reducing the risk of the institution being used for money laundering, terrorism financing, or proliferation financing.

Artigo 4 (Política de gestão de risco) / Article 4 (Risk management policy): The money laundering, terrorism financing, and proliferation financing risk management policy must contain, at minimum, information on the following procedures: a) identification and verification duty; b) risk assessment, management, and monitoring; c) confidentiality regarding accounts under monitoring to determine suspicious transactions; d) reporting of suspicious transactions and other types of reports; and e) document retention.

Artigo 5 (Avaliação de risco) / Article 5 (Risk assessment):

  1. Financial institutions must prepare an annually documented risk assessment for all money laundering, terrorism financing, and proliferation financing risks, which must be approved by the board of directors or equivalent body.
  2. In preparing the risk assessment, the institution must comply with applicable legislation and utilize internal information, such as operational and transactional data, as well as external information, including national and sectoral risk assessment reports.
  3. The risk assessment must be prepared using quantitative and qualitative elements and must be updated whenever any changes in the assumptions used for its preparation may have a material impact.
  4. The risk assessment must be formally approved by the board of directors or equivalent body, via minutes, and must cover, among other elements: a) products and services provided to clients; b) specificities of the institution's transactions, including but not limited to nature and complexity; c) direct or indirect distribution channels; d) client characteristics; and e) geographic areas where clients or related transactions are located.
  5. The risk assessment must consider all jurisdictions with which the institution has commercial relations and all possible types of transactions, including: a) documentary credits; b) correspondent banking; and c) transfers.

Artigo 6 (Implementação das medidas de mitigação de risco) / Article 6 (Implementation of risk mitigation measures): In compliance with the risk assessment duty, the board of directors or equivalent body must ensure the implementation of approved mitigation measures within the risk assessment framework.

Artigo 7 (Procedimentos relativos à confidencialidade) / Article 7 (Confidentiality procedures):

  1. Financial institutions' confidentiality procedures must include provisions regarding the confidentiality of the existence, content, and follow-up of suspicious transaction reports, to avoid tipping-off.
  2. Tipping-off constitutes a criminal offense under Article 206 of Law No. 20/2020, of December 31.

CAPÍTULO III / CHAPTER III: Suspicious Transaction Reporting Officer (STRO)

Artigo 8 (Nomeação do Oficial de Comunicação de Operações Suspeitas) / Article 8 (Appointment of the STRO):

  1. The board of directors or equivalent body must appoint a Suspicious Transaction Reporting Officer (STRO) at headquarters, branches, subsidiaries, and other representation forms of the institution, ensuring sufficient resources for its operation, including human, material, and technological resources.
  2. The STRO must be selected from the institution's management-level employees, possessing at least a high degree of responsibility and independence.
  3. The level of resources referred to in paragraph 1 must reflect the institution's size, complexity, number of clients, and offered products.

Artigo 9 (Responsabilidades do OCOS) / Article 9 (STRO responsibilities):

  1. The STRO supports and guides the management of money laundering, terrorism financing, and proliferation financing risks within the financial institution.
  2. Without prejudice to applicable legislation, the STRO's responsibilities include: a) regularly reviewing the adequacy of the control system for money laundering, terrorism financing, and proliferation financing, including: i. supervising the implementation of policies and procedures; ii. ensuring an appropriate monitoring process; and iii. actively participating in the selection of software for monitoring clients and transactions. b) ensuring that all relevant information is transmitted to workers, supervising compliance with approved training and capacity-building policies, and ensuring that content is adequate, up-to-date, and aligned with best practices and trends in money laundering, terrorism financing, and proliferation financing.

Artigo 10 (Confidencialidade) / Article 10 (Confidentiality):

  1. STROs are subject to confidentiality obligations regarding all individual alerts, transactions, and suspicious operations they handle in the exercise of their functions.
  2. Information exchange within the institution may only be conducted with organization members subject to the same confidentiality obligations in money laundering, terrorism financing, and proliferation financing cases, based on the institution's procedures' "need to know" rule.

Artigo 11 (Coordenação centralizada) / Article 11 (Centralized coordination):

  1. Financial institutions must appoint a coordinating STRO to coordinate and centralize information received from other STROs and analyze detected unusual transactions.
  2. The coordinating STRO is specifically responsible for: a) monitoring the effective application of policies, procedures, and controls adequate to effectively manage money laundering, terrorism financing, and proliferation financing risks to which the institution is or may be exposed; b) promoting the institution's compliance with legal and regulatory standards on money laundering, terrorism financing, and proliferation financing prevention; c) ensuring the submission of suspicious transaction reports to the Financial Information Office of Mozambique (GIFiM), with all relevant information on the transaction and client; d) ensuring the immediate submission of any additional information requested by competent authorities regarding suspected money laundering, terrorism financing, or proliferation financing cases; and e) ensuring centralized coordination with various stakeholders, including internal auditors, external auditors, the Bank of Mozambique, GIFiM, and judicial and administrative authorities.

Artigo 12 (Substituição) / Article 12 (Substitution):

  1. In case of STRO substitution due to absence or other reasons, the financial institution must ensure that the substitute meets relevant requirements.
  2. To avoid conflicts of interest, under no circumstances may the STRO be replaced by a member of internal audit.

Artigo 13 (Conflitos de interesse) / Article 13 (Conflicts of interest): The board of directors or equivalent body must adopt provisions on conflict prevention for STROs, including prohibiting incentives that may hinder the timely identification and reporting of suspicious transactions to competent authorities.

CAPÍTULO IV / CHAPTER IV: Internal Audit

Artigo 14 (Responsabilidades da auditoria interna) / Article 14 (Internal audit responsibilities): Internal audit is responsible for conducting an independent assessment of the effectiveness and efficiency of the money laundering, terrorism financing, and proliferation prevention system, including: a) verifying policy adequacy; b) adopting support procedures and systems to detect potential suspicious transactions; c) evaluating whether each line of defense adequately performs assigned tasks and functions; and d) reviewing system operation to ensure adequate performance.

Artigo 15 (Independência) / Article 15 (Independence): Internal audit must always be independent and report directly to the board of directors or equivalent body.

Artigo 16 (Programa e relatório de auditoria interna) / Article 16 (Internal audit program and report):

  1. The internal audit program must align with the risk assessment conducted by the financial institution.
  2. The internal audit report must be submitted in a timely manner to the board of directors or equivalent body and, if applicable, the audit committee.

Artigo 17 (Escopo e metodologia) / Article 17 (Scope and methodology): The board of directors or equivalent body must ensure that the scope and methodology of internal audit are adequate to the institution's risk profile and that audit frequency is risk-based.

Artigo 18 (Constatações) / Article 18 (Findings): Any adverse findings from internal audit must be properly directed to the board of directors or equivalent body, according to the formal corporate governance structure.

Artigo 19 (Deveres da auditoria interna) / Article 19 (Internal audit duties):

  1. Internal audit must ensure compliance with money laundering, terrorism financing, and proliferation prevention procedures in all branches and subsidiaries of the financial institution.
  2. The aforementioned duty must cover third parties and agents acting on behalf of the financial institution to ensure their compliance with institutional policies and procedures.
  3. Internal audit must, in particular, review due diligence and "Know Your Customer" (KYC) processes conducted for clients, products, services, or distribution channels identified as high-risk.
  4. Internal audit must verify the diligent handling of money laundering, terrorism financing, and proliferation alerts, and whether generated alerts are promptly closed with an adequate risk assessment.

Artigo 20 (Periodicidade) / Article 20 (Periodicity): Internal audits must be conducted across all or part of the institution's money laundering, terrorism financing, and proliferation prevention system at least annually.

CAPÍTULO V / CHAPTER V: Outsourcing and Group Organization

Artigo 21 (Terceirização) / Article 21 (Outsourcing):

  1. Financial institutions may outsource processes, services, or activities within the scope of duties provided in legislation concerning money laundering, terrorism financing, and proliferation financing.
  2. Whenever financial institutions outsource processes, services, or activities, they remain exclusively responsible for complying with the aforementioned legislation.
  3. Processes, services, or activities whose outsourcing could prejudice the quality of measures and procedures adopted to comply with money laundering, terrorism financing, and proliferation legislation cannot be outsourced.
  4. Financial institutions are prohibited from using service providers established in countries with legal regimes that impose prohibitions or restrictions preventing or limiting compliance with money laundering, terrorism financing, and proliferation legal and regulatory standards, including regarding information provision and circulation.

Artigo 22 (Relação de grupo) / Article 22 (Group relationship):

  1. If the financial institution belongs to a group or is the parent company of a financial group, internal procedures must allow information sharing within the group for organizational and supervisory purposes regarding money laundering, terrorism financing, and proliferation prevention, including routing information to the group's parent company.
  2. Information sharing procedures must comply with relevant legislation on the matter.

Artigo 23 (Princípio de equivalência) / Article 23 (Equivalence principle): If the financial institution is the parent company of a financial group, the STRO responsible for implementing the group's money laundering, terrorism financing, and proliferation risk management policy must verify whether measures applied in foreign entities are at least equivalent to those in force in Mozambique and whether branches located in other States comply with provisions similar to Mozambique's.

Artigo 24 (Comunicações) / Article 24 (Communications): If the financial institution is the parent company of a financial group, the STRO responsible for implementing the group system must be informed of suspicious transaction reports made to a Financial Intelligence Unit by any entity within the group.

Artigo 25 (Sucursais) / Article 25 (Branches): If the financial institution holds branches, the STRO responsible for implementing the group system must verify that applicable local legislation does not prevent rapid access to documents or transaction details.

CAPÍTULO VI / CHAPTER VI: Duty of Identification and Verification

SECÇÃO I / SECTION I: Client Policies and Classification

Artigo 26 (Conheça o seu cliente) / Article 26 (Know Your Customer):

  1. Financial institutions must adopt policies on client identification and verification, regardless of individual transaction amounts.
  2. The "Know Your Customer" policy must incorporate, among others: a) client acceptance policy; b) client identification and verification procedures; c) transaction monitoring; and d) risk management.

Artigo 27 (Política de aceitação de clientes) / Article 27 (Client acceptance policy): Financial institutions must develop a clear client acceptance policy, including applicable measures for each client category.

Artigo 28 (Conteúdo da política de aceitação de clientes) / Article 28 (Content of client acceptance policy):

  1. The client acceptance policy must consider risks associated with the client, country or geographic region, and risks associated with product/service delivery channels, operations, as per examples in Annex I of these Guidelines.
  2. Essentially, the client acceptance policy must integrate, without limitation: a) prohibition of anonymous or fictitious accounts; b) prohibition of numbered accounts; c) client categorization according to risk assessment; d) necessary documentation, additional required information, and applicable measures per client category based on risk assessment; e) enhanced due diligence measures for high-risk clients, as exemplarily shown in Annex II; f) prohibition of account opening or closure when the institution cannot apply due diligence measures; g) circumstances under which clients may act on behalf of others, whether natural or legal persons, according to prevailing legislation; h) measures for identifying beneficial owners; i) non-face-to-face account opening procedures; j) senior approval procedures for accounts opened by politically exposed persons and other high-risk clients; and k) type of necessary pre-opening checks to verify that the client has no criminal record, is not on terrorist or terrorist organization lists.

Artigo 29 (Classificação de risco) / Article 29 (Risk classification):

  1. Financial institutions must have a client risk classification policy.
  2. Client risk classification must be updated at least once per year.
  3. Risk classification frequency must increase for high-risk clients.

Artigo 30 (Sistema de gestão de activadores) / Article 30 (Trigger management system): Financial institutions must have an adequate trigger management system that enables necessary review of the client acceptance process in light of any events affecting the client and implying a revision of their risk classification.

SECÇÃO II / SECTION II: Client Identification and Verification Procedures

Artigo 31 (Dever de identificação) / Article 31 (Duty of identification): Financial institutions must identify their clients under the terms and situations provided in legislation on money laundering, terrorism financing, and proliferation financing, whenever they lack sufficient and current information about the client.

Artigo 32 (Dever de verificação) / Article 32 (Duty of verification):

  1. Financial institutions must identify and verify the identity and current address of their clients, understanding the nature of the client's business, income sources, financial situation, and the quality with which they intend to establish a business relationship.
  2. Financial institutions must ensure, as much as possible, that they are dealing with a reputable person and verify the identity of the concerned person, in accordance with this Chapter's provisions.

Artigo 33 (Intermediários) / Article 33 (Intermediaries):

  1. If funds to be deposited or transferred are provided by a third party, the institution must identify and verify that person.
  2. If the institution cannot determine whether the applicant in the business is acting on their own behalf or on behalf of a third party, it must consider submitting a suspicious transaction report to GIFiM, even if the account is not eventually opened or the transaction is not processed.

Artigo 34 (Medidas de vigilância) / Article 34 (Surveillance measures): [Text ends here as in source]

Share