Instruction No. 001/2022-CSBF Amending and Complementing Certain Provisions of Instruction No. 006/2007-CSBF on the Prevention and Fight Against Money Laundering and Terrorist Financing

[Logo: CENTRAL BANK OF MADAGASCAR]

CENTRAL BANK OF MADAGASCAR

BANKING AND FINANCIAL SUPERVISION COMMISSION

Instruction No. 001/2022-CSBF Amending and Complementing Certain Provisions of Instruction No. 006/2007-CSBF on the Prevention and Fight Against Money Laundering and Terrorist Financing

---

The Banking and Financial Supervision Commission (CSBF),

Having regard to Law No. 2020-011 of September 1, 2020 on banking law,

Having regard to Law No. 2020-005 of September 1, 2020 on insurance,

Having regard to Law No. 2018-043 of February 13, 2019 on the fight against money laundering and terrorist financing,

Having regard to Law No. 2017-026 of February 8, 2018 on microfinance,

Having regard to Law No. 2016-056 of February 2, 2017 on electronic money and electronic money institutions,

DECIDES

Article 1 - Purpose This instruction aims to amend and/or complement certain provisions of Instruction No. 006/2007-CSBF on the prevention and fight against money laundering and terrorist financing, referred to as the "AML/CFT Instruction".

Section 1 – Amended Provisions

Article 2- The provisions of Articles 2, 3, 7, 8, 9, 11, 12, 15, 17, 18, 19, 20, 23, 25, 26, 27, 28, 30, 32, 33, 34, 35, 36, 37, 39, 41, 45, 46, 48, 49 and 50 of the AML/CFT Instruction are amended and/or complemented as follows:

« Article 2. new – Subject institutions must exercise constant vigilance and establish internal organization and procedures to ensure compliance with the provisions of Law No. 2018-043 of February 13, 2019, generally with any legal and regulatory provisions relating to the fight against money laundering and terrorist financing, and with this instruction, particularly regarding preventive measures and those ensuring the reporting of suspicious transactions stipulated in Articles 4, 7 to 13 and 19 to 20.

The Board of Directors of the subject institution defines the AML/CFT policy of the subject institution. The policy is risk-based and defines, in particular, the main AML/CFT measures as well as the roles and responsibilities of all stakeholders within the institution.

* See glossary

---

In the context of implementing the risk-based AML/CFT policy provided for in the preceding paragraph, the General Management is responsible for:

• implementing the guidance described in the policy by establishing appropriate internal organization and procedures provided for in Article 5 of the aforementioned Instruction No. 006/2007-CSBF;
• putting in place appropriate vigilance and control measures and ensuring that personnel are adequately trained to comply with them;
• ensuring that the necessary resources and funding are available to support the implementation of internal procedures;
• assessing risks by taking into account the risks and vulnerabilities inherent to the sector, determined by the national risk assessment provided for in Article 5 of the aforementioned Law No. 2018-043, particularly risk factors related to clients, geographic areas, products and services, transactions and distribution channels, including the use of new technologies.

Subject institutions must develop an AML/CFT program, including:

• the establishment of a system for centralizing information on client identity, ordering parties, beneficial owners and proxy holders, economic beneficiaries, account signatories, representatives of natural or legal persons, and on suspicious transactions;
• the planning of continuous training for employees on the importance of AML/CFT, based on internal policies and procedures that promote a high degree of ethics and professionalism for employees assigned to the AML/CFT framework and in direct contact with clients;
• the entities and/or persons responsible for internal control tasked with ensuring the application and effectiveness of measures adopted for the implementation of legal and regulatory provisions on AML/CFT;
• the annual evaluation of the AML/CFT program. »

Subject institutions must identify, assess and understand all money laundering and terrorist financing risks to which they are exposed and develop measures proportionate to these risks to manage and mitigate them appropriately. To this end, the risk assessment must enable subject institutions to:

• identify specific AML/CFT threats they may face and the business areas that are most vulnerable;
• assess and mitigate the likelihood of these threats occurring and their potential impact on their activities;
• determine risk appetite and tolerance;
• manage residual risks arising from threats and vulnerabilities that institutions have been unable to mitigate;
• track between initially identified threats and vulnerabilities, measures taken, and new or updated risks that require changes in policies, procedures and controls.

The conditions for applying this article are set by circular of the President of the CSBF. »

---

« Article 3 new – Information on the Correspondents of the Financial Intelligence Service known as Sampana Malagasy Iadiana amin'ny Famotsiam-bola (SAMIFIN) and the Banking and Financial Supervision Commission (CSBF)

Subject institutions must communicate to SAMIFIN and the CSBF the identity of their executives and officials authorized to file Suspicious Transaction Reports (STRs)* provided for in Articles 27 and 28 of the aforementioned Law No. 2018-043. »

« Article 7 new – Group-level policies and procedures

Subject institutions put in place group-level policies and procedures at the parent company level or, where applicable, at the level of the umbrella structure of networked microfinance institutions, ensuring that their subsidiaries, branches and affiliated institutions are effectively protected against AML/CFT risks. These policies and procedures are adapted to take into account the specifics of each subsidiary, branch and affiliated institution: country of establishment, nature of activities carried out. They include provisions enabling the communication to the headquarters or central body of the information necessary for the effective prevention of money laundering and terrorist financing across the entire group.

Branches and subsidiaries established abroad communicate to their headquarters the provisions of the host country that oppose the implementation of all or part of these policies and procedures. The headquarters informs SAMIFIN and the CSBF.

Subject institutions must pay particular attention to all transactions with entities whose standards are inadequate and take into account the list of countries and entities whose legal and administrative framework is deemed non-compliant with FATF* recommendations. »

« Article 8 new - The entire set of updated internal rules relating to AML/CFT is organized to be accessible, upon simple request, to any person entitled to know them, in particular SAMIFIN and the CSBF.

Institutions affiliated with an umbrella structure must transmit to it their updated written internal rules, which it validates as appropriate.

The organization, internal procedures and AML/CFT program of subject institutions must be subject to an annual evaluation, the results of which are communicated to SAMIFIN and the CSBF. The annual evaluation is also required at the group level when subject institutions belong to a group. »

« Article 9 new - Each subject institution designates an AML/CFT officer who ensures the consistency and effectiveness of its prevention framework and reports directly to management on its mission. To this end, it is incumbent upon them, in particular, to advise management and, where applicable, employees of the institution in the development and implementation of policies and procedures put in place under the aforementioned Law No. 2018-043, generally any legal and regulatory provision relating to AML/CFT, and this instruction, in staff training, in the assessment of suspicious cases and, generally, on all matters relating to the fight against money laundering and terrorist financing.

---

The money laundering and terrorist financing prevention officer must have the resources and independence necessary to carry out the missions assigned to them in the first paragraph of this article. To this end, the entirety of their duties as well as those of their collaborators must be precisely formalized and prevent any conflict of interest with the missions defined in the first paragraph. The officer and their collaborators must have access to client identification data as well as all information they deem necessary to carry out their missions.

When a subject institution has subsidiaries, branches or affiliates, it designates an AML/CFT officer competent for the entire group and specially tasked with the proper application of the provisions of this instruction.

When the size of the subject institution does not justify entrusting the responsibility for the prevention framework against money laundering and terrorist financing to a specifically designated person, the executive body* ensures, under the control of the Board of Directors, the coordination of all devices contributing to the exercise of this mission. »

« Article 11 new – Use of third-party services

Subject institutions may, under the conditions defined in Article 16 point e of the aforementioned Law No. 2018-043, rely on third parties* to ensure the identification of their clients. In all cases, subject institutions remain responsible for the identification of their clients. »

« Article 12 new – Subject institutions must:

• request from the aforementioned third parties information relating to the identification of each client, beneficial owner and the purpose and nature of each business relationship thus established, as well as copies of identification data and other relevant documents related to client due diligence;
• ensure that third parties have appropriate mechanisms to make the collected information available to the subject institution, upon first request.

The relationship between subject institutions and third parties is governed by an agreement whose model must be submitted to the prior authorization of the CSBF. »

« Article 15 new – Reports are established under the responsibility of the executive body, at least one of whom signs each of said reports. They are sent, on paper, no later than the end of February each year to the General Secretariat of the CSBF.

For networked microfinance institutions, the umbrella structure establishes a summary report on the information required by Annex 2 concerning the entire network, which is sent, on paper, no later than the end of April each year to the General Secretariat of the CSBF. »

---

« Article 17 new - Subject institutions must verify the identity and address of their clients, as well as their economic beneficiaries, in the following situations:

• before establishing a contractual relationship, opening an account or passbooks, holding securities, bonds or certificates, assigning a safe deposit box or establishing any other business relationship;
• as soon as possible for existing clients, and at the very least when a significant transaction occurs, when standards relating to client identification documents change substantially, when a significant modification occurs in how the account operates and when the institution realizes it lacks information on an existing client;
• when they have doubts regarding the accuracy or relevance of previously obtained data.

Verification must be updated whenever there is a change, particularly regarding the client's status, situation, the nature of the business relationship and other relevant information that may generally affect the business relationship.

Identification and identity verification obligations will be considered fulfilled by subject institutions upon obtaining and retaining all of the following information elements:

• surname;
• first name(s);
• age or date of birth;
• address;
• mobile phone number;
• profession.

In addition to the client segmentation applied within them, subject institutions must define policies and apply procedures regarding client classification before entry and throughout the business relationship. Client classification must align with each client's profile and exposure to money laundering and/or terrorist financing risk.

Client classification criteria are set by circular of the President of the CSBF.

Subject institutions must assign a money laundering and/or terrorist financing rating to each client based on identified risks, particularly related to client profile, geographic factor, transaction types, and business sectors.

The rating applied to a client may be low, medium, or high. »

« Article 18 new – Identity verification of a natural person is carried out by checking any valid original official document bearing a photograph, a copy of which is taken, such as: national identity card, driver's license, student card, military card, kara-pokontany, voter card, which allows verification of the person's identity.

Verification of professional and residential address is carried out by checking any document capable of proving it. If it is a commercial natural person, they are required to additionally provide any document attesting to their registration in the Commercial Register. »

---

« Article 19 new - Identification of a legal person or a legal entity without legal personality is carried out based on the original or a certified copy of any official act or extract from a registry recording its name, legal form and registered office, as well as the powers of persons acting on its behalf, notably by producing the statutes and any document establishing that it has been legally registered and has a real existence at the time of identification.

Subject institutions ensure, under the same conditions set out in paragraph 2 of the previous article, the true identity and address of persons authorized to act on behalf of the legal person or legal structure to be identified.

Subject institutions must possess the necessary information to understand the ownership and control structure of the legal person and the legal entity without legal personality and determine the natural persons who ultimately own or control them.

In the context of verifying the identity of their corporate clients, subject institutions are obligated to suspend ongoing business relationships if it turns out that the documents required in paragraph 1 above are forged. »

« Article 20 new – Subject institutions must define clear policies and procedures for accepting new clients, including in particular the description of different types of clients likely to represent a risk higher than average and taking into account the client classification and risk rating modalities provided for in Articles 17 paragraphs 4 to 6 of this instruction. »

Admission of any new client must be approved by a hierarchical superior of the client relationship manager.

« Article 23 new – When a subject institution offers the possibility to open an account or carry out any other operation remotely, it must put in place adapted measures to guarantee client identification.

These measures may notably include authentication of presented identification documents, request for additional documents, possibility of independent verification of the client's situation by a third party of established reputation, requirement of a first payment through an account opened in the client's name at a bank subject to FATF recommendations or sending a letter with acknowledgment of receipt to the client's address.

Subject institutions make available to their clients tools enabling them to:

• correctly provide information elements on their identity;
• receive via any means leaving a written trace a confirmation of remote account opening. »

« Article 25 new – Subject institutions are not authorized to maintain anonymous accounts, nor accounts under fictitious names. »

---

« Article 26 new – Identification of occasional clients* is carried out under the conditions provided for in Articles 17 to 19 of this instruction:

• for any transaction involving an amount exceeding 3 million MGA and in case of repetition in a short period* of distinct transactions between which a link appears to exist for a cumulative amount equal to or greater than 3 million MGA;
• when the institution suspects money laundering and terrorist financing even for a transaction of lesser importance.

Identification of occasional clients is carried out via a valid original official document with a photograph, a copy of which must be retained by subject institutions.

For non-resident occasional clients or those traveling in Madagascar, identification is established based on a document attesting to their identity and address of stay or usual address in Madagascar.

Under risk-based vigilance measures, subject institutions must monitor occasional client transactions, reclassify them as regular clients if necessary, and carry out client identification obligations defined in Articles 17 to 19 of this instruction. »

« Article 27 new - In application of Article 15 of the aforementioned Law No. 2018-043, if the client does not appear to be acting for their own account, the subject institution investigates by all means the identity of the person on whose behalf they are acting. After verification, if doubt persists regarding the beneficial owner's identity, it must terminate the banking relationship and file a suspicious transaction report as provided for in Articles 27 and 28 of the aforementioned Law No. 2018-043.

« Article 28 new – In accordance with the provisions of Article 15 of the aforementioned Law No. 2018-043, no client may invoke professional secrecy to refuse to communicate the identity of the beneficial owner.

This obligation also applies to lawyer clients, public or private accountants, persons having received a delegation of public authority and mandate holders of subject institutions. »

« Article 30 new – Recording of characteristics of transactions exceeding a threshold

The characteristics of the transaction are recorded in writing in a document that must state the information collected, concerning in particular:

• the origin and destination of the funds as well as the purpose of the transaction;
• the identity of the ordering party* and the beneficial owner(s), the beneficiary(ies), with indication of name, address, profession...;
• the characteristics of the transaction regarding the criteria set out in Article 29;
• where applicable, the terms and conditions of account operation, with precision of the opening date, closure date or last movements, name of mandate holders and references of inactive accounts.

The confidential report established for this purpose must be retained by subject institutions. SAMIFIN and the CSBF may obtain communication of this document and related documents upon simple request by any means leaving a written trace.

Subject institutions may establish a threshold for each type of transaction performed by their clients, based on products and distribution channels, identified risk areas, client profile and/or typology.

The thresholds applied must appear in the internal AML/CFT vigilance policies and procedures.

---

Subject institutions must communicate the aforementioned thresholds and/or internal ceilings to the CSBF prior to all existing and possible transactions.

The President of the CSBF, on the advice of Professional Associations, may set by circular thresholds for each category of subject institution. »

« Article 32 new – Particular vigilance regarding identification of the origin and effective beneficiary of funds and enhanced vigilance measures

Subject institutions must adopt particular vigilance aimed notably at establishing the origin and effective beneficiary of the funds concerned regarding:

• all fund transfers, regardless of the receipt medium or execution method or technical process used;
• all operations originating from or destined to financial institutions that are not subject to obligations at least equivalent to those provided for in this instruction regarding client identification or transaction monitoring or that are located in countries that do not apply or insufficiently apply FATF recommendations.

Fund, securities or value transfers must be executed in strict compliance with current regulations and in particular foreign exchange regulations.

Subject institutions must apply enhanced vigilance measures regarding transactions made by:

• a Politically Exposed Person (PEP);
• Non-Profit Organizations (NPOs), foundations, Non-Governmental Organizations. »

« Article 33 new – Subject institutions must have an automated transaction monitoring system for unusual transactions involving electronic money.

Anomalies observed linked to the circulation of electronic money must be communicated to the issuing institution, SAMIFIN and the CSBF.

Subject institutions must establish internal limits on electronic money transactions, which are established based on the risk profile of their clients and take into account »