Regulation on Customer Due Diligence During Wire Transfers

‘Approved’ Central Bank of the Republic of Azerbaijan Decision № 09/1 22 February 2023 Regulation on customer due diligence measures during wire transfers

1. General provisions 1.1. This Regulation has been developed in accordance with the Laws of the Republic of Azerbaijan on Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism and on Targeted Financial Sanctions and determines requirements on the cases of customer due diligence during electronic transfer of funds (hereinafter – wire transfer), as well as transmission of information in the wire transfer chain and business relations between financial institutions. 1.2. The provisions of this Regulation apply to cross-border and domestic wire transfers of individuals and institutions provided for in the Law of the Republic of Azerbaijan on Targeted Financial Sanctions (legal entities, groups, non-legal entity organizations, public and non-public authorities (institutions)) through domestic banks, local branches of foreign banks, payment institutions, electronic money institutions, local branches of foreign payment institutions, local branches of foreign electronic money institutions and the national operator of postal communication. 1.3. Transfers where unique number allowing identification of the payment card throughout the entire transaction for the purchase of products and services using payment cards; and financial institution-to-financial institution settlements and transfers where both financial institutions acting on their own behalf, are not considered wire transfers. 1.4. Except for the cases provided for in Article 4.17 of the Law of the Republic of Azerbaijan on Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism, previously provided customer due diligence measures can be trusted in wire transfers and these measures are not required to be repeated. 1.5. Irrespective other provisions of this Regulation, in the event the ordering, intermediary and beneficiary financial institutions find out in wire transfers that the originator and the beneficiary are in the list of persons subject to targeted financial sanctions they should take measures in accordance with the Laws specified in Item 1.1 herein along with the measures specified in this Regulation. 1.6. The issues not regulated with this Regulation during wire transfers are regulated with regulations of the Central Bank of the Republic of Azerbaijan on conduction of payment operations and payment instruments, as well as on foreign currency denominated operations.
2. Definitions 2.1. The definitions used in this Regulation bear the following meanings: 2.1.1. financial institutions (FI) – domestic banks, local branches of foreign banks, payment institutions (excluding payment institutions exclusively engaged in payment initiation and/or account information services), electronic money institutions, local branches of foreign payment institutions, local branches of foreign electronic money institutions and the national postal operator (except for the cases where provisions on the text of the Regulation refer to foreign financial institutions). 2.1.2. funds – the value sent by the originator and paid to the beneficiary by the

beneficiary financial institution. 2.1.3. wire transfer – a cross-border or domestic transaction conducted to deliver funds by individuals and legal entities by means of electronic facilities provided by FIs (through bank and other payment accounts, w/o opening accounts or with new payment methods) to the beneficiary (the originator and the beneficiary may be the same person in wire transfers). 2.1.4. cross-border transfer – wire transfer between FIs are located in different countries (territories) (‘cross-border transfer’ applies to serial, cover and batch payments, as well as the cases where at least one of the ordering, intermediary or beneficiary FIs involved to the wire transfer chain is located in different countries. (territories). 2.1.5. domestic transfer – wire transfer in the Republic of Azerbaijan by individuals and legal entities through FIs (domestic transfers include serial, cover and batch payments). 2.1.6. serial payment – a payment chain where an ordering FI sends a payment message together with funds to the beneficiary FI either directly, or through one or more intermediary FIs. 2.1.7. cover payment – a payment chain where a payment message is sent directly by the ordering FI to the beneficiary FI, and funds on the order are sent to the beneficiary FI through one or more intermediary FIs. 2.1.8. batch payments – a transfer comprised of a number of individual wire transfers conducted by a single originator, that are sent from the ordering FI to the beneficiary FI where the information is transmitted in a batch file. 2.1.9. originator – the bank and other payment account holder who orders wire transfer of funds from that account or the person who places the order to perform the wire transfer without opening an account. 2.1.10. beneficiary – a person in whose favor wire transfer is made. 2.1.11. ordering financial institution – the FI that receives payment order during wire transfer and sends funds. 2.1.12. intermediary financial institution – a FI that is involved to the wire transfer chain for receive and transmit wire transfer between ordering and beneficiary FIs. beneficiary financial institution – the FI that receives funds and credits to the beneficiary’s bank and other payment account during wire transfer or makes the funds available to the beneficiary. 3. Responsibilities of the ordering financial institution 3.1. The ordering FI ensure that wire transfers, including batch payments contain the following information: 3.1.1. the originator’s name (individual’s first, middle (if specified in the ID card) and last names and TIN (if the transfer relates to entrepreneurial activity and is not made through payment cards), the name, organizational-legal form of the legal entity and TIN (if any)) . 3.1.2. the originator’s date and place of birth, PIN (personal identification number), address, or national identity number). 3.1.3. the originator account number, payment card number (PAN) or another unique identifier where such information is used to process the transaction. 3.1.4. beneficiary’s name (individual’s first, last and middle (if specified in the ID card) and TIN (if known), legal entity’s name, organizational-legal form (if known) and TIN (if a taxpayer registered in the Republic of Azerbaijan)). 3.1.5. the beneficiary account number, payment card number (PAN) or another unique identifier where such information is used to process the transaction. 3.1.6. In wire transfers without account, a unique reference number which permits

traceability of the transaction. 3.2. The ordering FI should verify the originator information specified in sub-items 3.1.1 and 3.1.2 herein prior to domestic or cross-border wire transfers taking into account the provisions of Article 4.17 of the Law of the Republic of Azerbaijan on Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism and provide other CDD measures determined in the legislation. Customer Due Diligence (CDD) measures may not be applied to occasional domestic wire transfers of up to AZN 500 (five hundred) to the beneficiary’s bank or other payment account. 3.3. Except for the case specified in Item 3.4 herein the ordering FI should transmit the information specified in Item 3.1 herein to the next FI in the wire transfer chain during wire transfers. In cover payments the information is transmitted to all intermediary FIs involved in the wire transfer chain, along with being transmitted directly to the beneficiary FI. 3.4. During domestic wire transfers ordering FIs a r e not required transmit the information specified in sub-items 3.1.1 and 3.1.2 herein in the wire transfer chain. However, the ordering FI must provide transaction information, including originator and beneficiary information to appropriate competent authorities and the beneficiary FI as per the legislation within 3 (three) business days of receiving the request. In the event a request is received from law-enforcement authorities in accordance with the legislation, the ordering FI must be able to immediately provide such information 4. Responsibilities of the intermediary financial institution 4.1. The intermediary FI must ensure integrity of the information specified in Item 3.1 herein, obtained from the preceding FI in the wire transfer chain ( taking into account Item 3.4 herein) and transmit this information in its entirety to the next financial institution, ensuring that the information accompanying a wire transfer is retained with it. 4.2. Where technical limitations prevent the intermediary FI from transmitting the information specified in Item 3.1 herein, obtained from the preceding FI to the next FI in the wire transfer chain, it shall take measures to keep all information received from the preceding within the timeframe specified in Article 6 of the Law of the Republic of Azerbaijan on Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism. 4.3. The intermediary FI takes measures to identify wire transfers that lack the required information to be transmitted by it, ensuring that such measures are consistent with straight-through processing. 4.4. The intermediary FI shall have risk-based policies and procedures regarding wire transfers lacking required information, for determining: 4.4.1. when to reject or suspend a wire transfers. 4.4.2. appropriate follow-up action to be taken in accordance with the level of risk appetite for such wire transfers, including measures related to reassessing business relationships with the relevant FI with which it maintains a business relationship. 5. Responsibilities of the beneficiary financial institution 5.1. The beneficiary FI shall verify integrity of the required information specified in Item 3.1. herein obtained from the preceding FI in the wire transfer chain considering Item 3.4 herein. 5.2. The beneficiary FI financial institution shall implement customer due diligence measures to verify the identity of the beneficiary during domestic or cross-border wire transfers, taking into account the provisions of Article 4.17 of the Law of the Republic of Azerbaijan on

Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism and verify the accuracy of the information specified in sub-item 3.1.5 herein. Customer Due Diligence (CDD) measures may not be applied to occasional domestic wire transfers of up to AZN 100 (one hundred) from the originator's bank or other payment account in favor of the beneficiary. 5.3. Taking into account Item 5.2 herein, the beneficiary FI shall take reasonable measures to identify wire transfers that lack required information as specified in Item 3.1 herein, such as real- time monitoring or, where not feasible, post-event monitoring within 5 (five) business days after the transaction. 5.4. The beneficiary FI shall have risk-based policies and procedures regarding wire transfers lacking required information for determining: 5.4.1. when to reject or suspend wire transfers. 5.4.2. appropriate follow-up action to be taken in accordance with the level of risk appetite for such wire transfers, including measures related to reassessing business relationships with the relevant FI with which it maintains a business relationship. 6. Business relations with foreign financial institutions 6.1. Before building business relations a FI obtains the following documents and information from the foreign FI, verifies them through reliable sources (sends requests to the authority exercising supervision of the foreign FI in question or official publications and other reliable sources whose sources are known), provides their risk assessment, develops a report on risks of building business relations and takes measures to manage risks: 6.1.1. copies of the charter of the foreign FI, or another document reflecting its legal status, as well as the permit issued for the FI by relevant public institutions of the country of registration. 6.1.2. a copy of the permit for building business relations from the authority of that country if provided for in international treaties seconded by the Republic of Azerbaijan or required with the legislation of the home country of the foreign FI (a financial markets supervisory authority or another authority). 6.1.3. information on managerial bodies of foreign FIs, organizational structure, beneficial owners, manager(s), on the person responsible for the anti-money laundering, countering the financing of terrorism, proliferation, and financing of proliferation of weapons of mass destruction, copies of their ID cards, as well as copies of certificates on beneficial ownership, as well as samples of notarized signatures of person(s) empowered to dispose of the account and an image of the stamp of a foreign FI. 6.1.4. copies of audited financial statements of the foreign FI for at least last financial year and an auditor opinion. 6.1.5. information on business reputation of the foreign FI, as well as whether any investigation is under way for any crime by the competent authority, present or past prosecution with respect to the foreign FI or its beneficial owners, any manager, and the person responsible for anti-money laundering, countering the financing of terrorism, proliferation, or financing of proliferation of weapons of mass destruction, information on supervisory measures in relation to the foreign FI over recent 5 (five) years and copies of documents confirming this information. 6.1.6. Information on the internal control system of the foreign FI on anti-money laundering, countering the financing of terrorism, proliferation, or financing of proliferation of weapons of mass destruction, including information on measures on KYC and approved related internal policies, rules, and procedures.

6.1.7. Information on the main activity direction, the business model of the foreign FI, types of services offered to customers and the current customer category (legal entities, individuals, foreign citizens, political figures etc.). 6.1.8. Information on types and number of operations conducted by the foreign FI over the requested period (at least recent 1 year, if is in operation less than one year, then the period of activity). 6.1.9. Information on the country of operation of the foreign FI (if the foreign FI is a part of a holding company, the country of registration of the holding company), countries of location of subsidiaries of the foreign FI with 50% and over share and branches, including countries of location of third parties that use their services, as well as regulation and supervision in the said countries (a normative legal frame on prevention of the legalization of criminally obtained property, the financing of terrorism, proliferation and financing of proliferation of weapons of mass destruction). 6.1.10. Information on countries of other FIs in business relations with the foreign FI and whether they are covered with state supervision in those countries. 6.1.11. Information on business reputation of other FIs using services of the foreign FI. 6.2. A decision on building and termination of business relations with foreign FIs

is taken by the competent managerial bodies of the FI. 6.3. Business relations with foreign FIs are formalized with a written agreement. 6.4. Building business relations is refused if: 6.4.1. documents and information specified in Item 6.1 herein for the purpose of building business relations are not delivered in full, or building business relations based on delivered information is considered risky in terms of money laundering, the financing of terrorism, proliferation, and financing of proliferation of weapons of mass destruction. 6.4.2. documents or information provided to build business relations contain inaccurate, distorted, or contradictory information. 6.4.3. the foreign FI is an institution that has no physical presence in any state or territory and/or is an institution licensed for relevant activity, but not covered with state supervision, and it is found out another FI with the same features will use its services. 6.5. Business relations are terminated if: 6.5.1. there is an appeal by the foreign FI. 6.5.2. it is found out that the documents provided when building business relations contain false information, the documents are found invalid, as well as information is received from the relevant authority on invalidity of those documents. 6.5.3. the license/registration for activities of the foreign FI is revoked. 6.5.4. it is impossible to take adequate measures against the legalization of criminally obtained property, the financing of terrorism, proliferation, and financing of proliferation of weapons of mass destruction based on a risk-based approach. 6.5.5. in other cases, provided for in the agreement on building business relations. 6.6. The documents and information specified in Item 6.1 herein are reobtained at least annually, verified through reliable sources (sending a request to the authority exercising supervision of the foreign FI or official publications and other reliable sources whose sources are known), risk assessed, a report on risks of continuing business relations is developed and measures are taken to manage risks. 6.7. The FI develops a register of foreign or domestic FIs with which business relations are built, places on its website and updated regularly. 6.8. Correspondent banking relations between FIs are regulated with the Regulation of the Central Bank ‘on opening maintaining and closing bank accounts.’ 7. Final provisions 7.1. FIs shall comply with the requirements of the Laws of the Republic of Azerbaijan on Prevention of the Legalization of Criminally Obtained Property and the Financing of Terrorism and on Targeted Financial Sanctions during wire transfers and have internal rules and procedures, preventive measures, including electronic monitoring systems on regulation of such operations, and business relations with foreign FIs in place. 7.2. The requirements of this Regulation on identification of the originator and the beneficiary during wire transfers apply to their authorized representatives too. 7.3. The ordering and beneficiary FIs may perform CDD measures even if the amount of wire transfer falls behind the amounts specified in Items 3.2 and 5.3 herein in accordance with the risk appetite. 7.4. In the case of an FI that controls both the ordering and beneficiary sides of a wire transfer, it shall take into account all the information from both the originator and the beneficiary sides in order to determine cases related to transactions carried out outside the Republic of Azerbaijan that may raise suspicion or provide sufficient grounds for suspicion that the property is obtained criminally

and/or will be used in the preparation, organization, or commission of a terrorist act, or in the financing of a terrorist or terrorist group (gang, organization), it shall file an STR and make relevant transaction information available to the financial intelligence unit in accordance with the legislation of any affected country by the suspicious wire transfer.