Minimum Requirements for Licensed Insurance Companies and Brokers on Managing Money Laundering and Terrorist Financing Risk

Reserve Bank of Fiji Insurance Supervision Policy Statement No: 13 MINIMUM REQUIREMENTS FOR LICENSED INSURANCE COMPANIES AND INSURANCE BROKERS FOR THE MANAGEMENT OF MONEY LAUNDERING AND TERRORIST FINANCING RISK NOTICE TO INSURANCE COMPANIES AND INSURANCE BROKERS LICENSED UNDER THE INSURANCE ACT 1998 Reserve Bank of Fiji April 2025 (Revised)

1 PART 1: PRELIMINARY 1.0 Introduction 1.1 This Policy is issued under Section 3(a) of the Insurance Act 1998, Section 36(b)1 of the Financial Transactions Reporting Act 2004 (FTR Act 2004 or ‘the FTR Act”) and sections 35, 36 and 37 of Financial Transactions Reporting Regulations 2007 (“FTR Regulations”) to all Licensed Insurance Companies (“LIC”) and Licensed Insurance Brokers (“LIB”) licensed by the Reserve Bank of Fiji. 1.2 The Policy issued in 2018 has been amended to incorporate the relevant provisions of the FTR Act 2004 and the FTR Regulations 2007, and the Financial Action Task Force (“FATF”) 40 recommendations relevant to LICs and LIBs. 2.0 Objective of the Policy 2.1 The objective of this Policy is to ensure that each LIC and LIB has in place a comprehensive Money Laundering/Terrorist Financing (“ML/TF”) Risk Management Framework that is aligned to its strategy and business plans, and commensurate with the size, complexity and nature of its operations in Fiji. 2.2 The Policy therefore sets out the minimum requirements on establishing a risk management framework, comprising of systems, structures, processes and people within which the institution identifies, assesses, mitigates and monitors money laundering and terrorist financing risk. 3.0 Background to the Approach 3.1 Money laundering and terrorism financing (ML/TF) risk continues to be an on￾going threat which has the potential to adversely affect the country’s reputation and investment climate and may lead to economic and social consequences. The globalisation of the financial services industry and advancement in technology has posed challenges to regulators and law enforcement agencies, as criminals have become more sophisticated in utilising financial institutions to launder illicit funds and use them as conduits for ML/TF activities. 3.2 The insurance sector2 is potentially at risk of being misused for money laundering and the financing of terrorism. Criminals look for ways of concealing the illegitimate origin of funds. The products and transactions of insurers and intermediaries can provide the opportunity to launder money or to finance terrorism. 3.3 Insurers and intermediaries can be involved, knowingly or unknowingly, in money laundering and the financing of terrorism. This exposes them to legal, operational and reputational risks. The insurance sector should therefore take adequate 1 Section 36 (b) the relevant supervisory authority of a financial institution may be examined and supervise the financial institution, and regulate and verify, through regular examinations, that a financial institution complies with the requirements of this Act. 2 The insurance sector includes insurers, reinsurers and intermediaries.

2 measures to prevent its misuse by money launderers and those financing terrorism. 3.4 In formulating the requirements of this policy, reference has been made to the recommendations of the International Association of Insurance Supervisors (IAIS) Core Principle No. 22; the Financial Action Task Force (“FATF”) 40 Recommendations relevant to insurers and intermediaries and Application Paper on Combating Money Laundering and Terrorist Financing, October 2013. 4.0 Applicability Applicability to Branches of Local Insurers, Subsidiaries3 and Intermediaries4 4.1 The policy applies to LICs agents or a network of agents as if the agent were the entity itself. 4.2 LICs are required to closely monitor its branches and subsidiaries which may be operating in jurisdictions with inadequate AML/CFT laws. 4.3 LICs are required to ensure that its branches and subsidiaries apply AML/CFT measures in a manner that is consistent with the AML/CFT requirements in Fiji. Where the minimum AML/CFT requirements of the host country are less stringent than those of Fiji, the reporting institution must apply Fiji’s AML/CFT requirements, to the extent that host country laws and regulations permit. 4.4 If the host country does not permit the proper implementation of AML/CFT measures in a manner that is consistent with the AML/CFT requirements in Fiji, the LIC is required to apply appropriate additional measures to manage the ML/TF risks, and report to their supervisors in Fiji on the AML/CFT gaps and additional measures implemented to manage the ML/TF risks arising from the identified gaps. PART 2: REQUIREMENTS OF THE POLICY 5.0 Risk-Based Approach 5.1 In meeting its obligations under this Policy, each LIC and LIB must undertake a risk-based approach and in this regard comply with the requirements of the Fiji Financial Intelligence Unit (“FIU”)’s Policy Advisory on Risk Based Approach5 . 5.2 At a minimum, each LIC and LIB before providing product or service6 , should identify, assess and understand its ML/TF risk with regard to the following: a. customer types; 3 Refer to subsidiaries conducting insurance business 4 Section 2 Insurance Act 1998 Interpretation – Intermediaries means agent or broker 5 Reference 5/2007, Date: 22/06/07, Risk Based Approach 6 Guideline 5, Date:18/01/18, New Technologies

3 b. the source of funds and source of wealth of customers; c. the business or occupation of customers; d. the types of products and services that it provides; e. the methods by which it delivers designated product and services; f. the intermediaries it has dealings with and the effectiveness of their ML/TF risk controls; and g. the foreign jurisdictions with which it has dealings with and the ML/TF risk controls of that country. 5.3 LICs and LIBs must document the measurement techniques that they have chosen, the reasons for their selection of measurement techniques and procedures associated, that will enable the assessment and quantification of ML/TF risk, and the impact on their operations. 6.0 Money Laundering/Terrorist Financing Risk Management Framework 6.1 Each LIC and LIB is required to establish an effective ML/TF Risk Management Framework. At a minimum licensed insurers and brokers risk management framework must establish requirements to comply with the requirements of the FTR Act, FTR Regulations and other policies and guidelines issued by the Reserve Bank or the FIU from time to time. The risk management framework must include procedures and systems in regards to the following: a. implementing customer identification requirements; b. implementing record keeping and retention requirements; c. implementing processes and systems for monitoring customers; d. implementing reporting requirements; e. making its officers and employees aware of the laws and policies for compliance with the AML/CTF standards; f. training its officers, employees and agents to recognize suspicious transactions; g. screening potential employees and monitoring fitness and propriety on an on-going basis; h. appointing a compliance officer to be responsible for ensuring the licensed entity’s compliance with the requirements of the FTR Act7 ; and i. establishing an audit function to test its procedures and systems to comply with the requirements. 7 Refer to Section 21.2 of FTR Act and Section 31 of FTR Regulations.

4 6.2 LICs and LIBs must prepare a customer profile for its business relationships by collating all the information obtained through CDD measures. This will determine the level and type of ongoing monitoring, and support its decision whether to enter into, continue, or terminate a business relationship. Where the appropriate level of CDD is not possible, LICs must not enter into a business relationship or carry out an occasional transaction or to terminate an already-existing business relationship; and consider filing a suspicious transaction report in relation to the customer. 6.3 Each LIC and LIB is required to develop as part of its ML/TF Risk Management Framework, an Anti-Money Laundering/Combating of Financing of Terrorism (“AML/CFT”) Policy that outlines the LIC’s and LIB’s approach to managing ML/TF risk and the processes involved. At a minimum, the internal AML/CFT Policy must include measures for: a. Customer Due Diligence (CDD), in compliance with sections 4, 6 & 7 of the FTR Act, sections 7 to16 and 22 of the FTR regulations and the Fiji Financial Intelligence Unit (“FIU”)’s Policy Advisories issued from time to time (Refer to Advisory on Customer Identification & Verification8 , Identification and Verification of Customers for Insurance Providers9 , Customer Identification for Employer Funded Group Life Policies10 as well as Guidelines on Politically Exposed Persons (PEPs)11 . b. The requirement for CDD does not apply to a customer in respect of a person carrying on the business of an insurer for the issue of a non￾investment type insurance policy such as travel insurance policy. c. Relationships with Licensed Insurance Agents i. for any business transactions conducted through its agents, LIC’s must enforce requirements on their agents to comply with the requirements of CDD of LIC’s including Recognition and Reporting of Suspicious Transactions as required. ii. LIC’s are required to set out the processes that must be undertaken by the agents in conducting CDD as well as appropriate enforceable action by LICs in its arrangement or agreement with the agents for failure to conduct CDD. d. Record Keeping and Retention as per the requirements of sections 8 and 9 of the FTR Act; e. On-going Monitoring of Transactions as per the requirements of sections 10 and 11 of the FTR Act and sections 17 & 18 of the FTR Regulations; 8 Refer to Guideline 4 – FTRA on Customer Identification & Verification 9 Reference 1/2008, Date: 23/01/2008, Identification and Verification of Customers for Insurance Providers 10 Reference 2/2008, Date: 24/11/2008, Identification and Verification of Clients and Beneficiaries of Employer Funded Group Life Insurance Policies 11 Guideline 7, Date: 31/03/18, Politically Exposed Persons (PEPs)

5 f. Protection of persons and information in suspicious transaction reports as per the requirements under Section 19 and 20 of the FTR Act; g. Recognition and Reporting of Suspicious Transactions in compliance with the requirements of sections 14 and 18 of the FTR Act and section 24, 27 and 28 of the FTR regulations; h. Reporting of cash transactions as per the requirements under section 13 of the FTR Act and section 25, 27 and 28 of the FTR regulations; i. the development of new products, new business practices, including new delivery mechanism and the use of new or developing technologies for both new and pre-existing products. Furthermore, LICs must undertake a risk assessment including assessing ML/TF risk prior to the launch of a product, process or new technology, and implement appropriate measures to manage and mitigate these risks; and j. AML/CFT training program for all its officers and employees as per Section 21 of the FTR Act and Section 33 of the FTR regulations. 6.4 Furthermore, each LIC and LIB must ensure that its internal AML/CFT Policy complies with all the relevant requirements outlined in the FIU’s Policy Guidelines and Policy Advisories. 6.5 The AML/CFT Policy must be documented, easily understood, auditable, accessible to all staff and reflective of the size, complexity and nature of the LIC’s and LIB’s ML/TF risk profile and exposure. Furthermore, the AML/CFT Policy must be approved by the Board or its proxy. 6.6 LICs and LIBs must regularly review and update the documents, data or information collected under their internal AML/CFT Policy so that it complies with the prevailing regulatory requirements with regards to ML/TF risk, for example, changes or additions to FIU policy guidance notes. 7.0 Role and Responsibilities of the Board 7.1 The ultimate responsibility and accountability for ensuring the LIC and LIB compliance with this Policy, and the AML/CFT laws such as the FTR Act and FTR Regulations, FIU Policy Guidelines and Policy Advisories rests with the LIC’s and LIB’s Board or its proxy. 7.2 At a minimum, the Board or its proxy is required to: a. Ensure the safety and soundness of the LIC and LIB; b. Ensure that an appropriate, adequate and effective system for ML/TF risk management and internal control is established, implemented, maintained and documented by Senior Management. Procedures must be in line with

6 the requirements of the FTR Act, FTR Regulations, FIU’s Policy Advisories and Guidelines; c. Identify and understand the ML/TF risks faced by the LIC& LIB; d. Ensure that ML/TF risks are appropriately managed by Senior Management; e. Approve the policies and procedures for the evaluation and management of ML/TF risk; f. Review and approve the ML/TF Risk Management Framework annually or whenever there are changes in circumstances that could impact on ML/TF risk; and g. Monitor and review functions of the Internal Audit Function. 8.0 Roles and Responsibilities of Senior Management 8.1 The responsibilities of the Senior Management include, at a minimum: a. developing effective internal policies, procedures and controls that identify, measure, manage and monitor the ML/TF risk faced by the LIC and LIB; b. effectively implementing the ML/TF risk management framework approved by the Board; c. ensure that the LIC and LIB complies with the FTR Act and FTR Regulations, and FIU’s policy advisories and guidelines; d. monitoring appropriateness, adequacy and effectiveness of the ML/TF risk management system on an on-going basis; e. monitoring changes to AML/CFT standards and laws and informing the board of any policies/procedures that require changes; f. ensure that employees are free of criminal offences involving fraud and dishonesty and have necessary competence to carry out their duties; g. ensure that all officers and employees are provided with training on an on-going basis with regards to AML/CFT laws and the company’s internal policies and procedures relating to AML/CFT standards; h. assist and cooperate with the relevant law enforcement authorities in Fiji such as Financial Intelligence Unit and Fiji Police Force, in investigating money laundering and terrorist financing activities; and i. establish effective reporting to the Board on all relevant requirements.

7 9.0 Roles and Responsibilities of the AML/ CFT Compliance Officer 9.1 LIC and LIBs must comply with section 21(2) of the FTR Act and section 31 of the FTR Regulations which stipulates that the LIC and LIB must appoint an AML/ CFT compliance officer at the management level, to perform the following functions: a. be responsible for ensuring compliance with the FTR Act and FTR Regulations; b. be given appropriate and adequate authority and responsibility to implement the requirements of the FTR Act and FTR Regulations; and c. have the authority to act independently and to report to Senior Management above the compliance officer’s next reporting level. 9.2 The AML Compliance Officer and other employees designated by such officer must have timely access to customer identification data and other customer due diligence information, transaction records and other relevant information. 9.3 The AML Compliance Officer must report to the FIU, in the prescribed form and manner, any suspicious transactions under section 14 of the FTR Act, and Cash Transaction Reporting (CTR) according to the FIU Notices issued under the FTR (Amendment) Act 2022. 9.4 Furthermore, the AML Compliance Officer must ensure that all employees and officers are aware of the laws, procedures and policies relating to money laundering and financing of terrorism. As per section 21 (2) of the Act and section 33 (3) of the Regulations, staff training should include new developments, recent trends in money laundering and identification of suspicious transactions. 10.0 Roles and Responsibilities of the Internal Audit Function 10.1 Each LICs and LIB must, under section 21 (3) of the FTR Act and section 32 of the FTR regulations, establish an audit function12, to test its procedures and systems for combating money laundering and financing of terrorism. 10.2 The LIC’s and LIB’s audit function must be adequately resourced and independent, to test compliance (including sample testing) with the procedures, policies and controls required, including: a. attestation of the overall integrity and effectiveness of the written procedures, policies, systems, and controls and technical compliance with the Act and FTR Regulations; b. transaction testing in all areas of the LIC and LIB with emphasis on high￾risk areas, products and services to ensure that the LIC and LIB is complying with the Act and FTR Regulations; 12 An internal audit function that is independent of the activities audited should be sufficient.

8 c. assessment of the employees’ knowledge of procedures, policies, systems, and controls; d. assessment of the adequacy, accuracy, and completeness of employee training programmes; and e. assessment of the adequacy and effectiveness of LIC’s and LIB’s process for identifying and reporting suspicious transactions and activities, and other reporting requirements under the Act and FTR Regulations. 10.3 LIC and LIB must report to FIU any suspicious information or transaction noted during the internal audit. PART 3: OVERSIGHT AND IMPLEMENTATION ARRANGEMENTS 11.0 Oversight by the Reserve Bank of Fiji 11.1 For the purpose of this Policy, all licensed insurance companies are required to provide to the Reserve Bank of Fiji, its initial AML/CFT Policy within 30 days from the date of the implementation of this Policy. Each licensed insurance company must also provide a copy of the same whenever material changes are made to the Policy, and this must be submitted to the Reserve Bank of Fiji within 7 days of Board approval. 11.2 Non-compliance with this Policy may result in sanctions, as provided under section 80(c) of the Insurance Act, and further sanctions under the FTR Act and the FTR Regulations. 12.0 Reporting to the Reserve Bank of Fiji 12.1 The Reserve Bank may require from time to time, ML/TF risk management information, in a format specified, to meet the objectives of this policy. 13.0 Implementation Arrangements 13.1 The policy will be effective immediately, and will be reviewed as deemed necessary. Reserve Bank of Fiji April 2025 (Revised) Attach: Schedule: Interpretation

9 SCHEDULE Interpretation - (1) Any term or expression used in this Notice that is not defined in this Notice: a) which is defined in the Act shall, unless the context otherwise requires, have the meaning given to it by the Act; b) which is not defined in the Act and which is defined in any of the Reserve Bank of Fiji Policy Statements shall, unless the context otherwise requires, have the meaning given to it by those policy statements; and c) which is not defined in the Act or in any of the Reserve Bank of Fiji’s Policy Statements shall, unless the context otherwise requires, be interpreted in accordance with generally accepted accounting practice. (2) In this Notice, unless the context otherwise requires: Act: means the Financial Transactions Reporting Act 2004 unless otherwise specified. Intermediary: refers to an insurance agent or an insurance broker. Proxy: for the purpose of this Policy is relevant to LICs which operate as a branch in Fiji. In such cases, the responsibilities of the Board may be conferred on a Senior Official nominated and approved by the Head Office. The LIC must ensure that the Reserve Bank is notified of such nominations and any changes made therein. CEO’s are not to be delegated this responsibility. Senior Management: includes a person— i. who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the Company; ii. who has the capacity to affect significantly the Company’s financial standing; or iii. in accordance with whose instructions or wishes the Directors of the Company are accustomed to act, excluding advice given by the person in the proper performance of functions attaching to the person’s professional capacity or their business relationship with the Directors or the Company and includes General Managers or Chief Executive Officer and any other personnel deemed to have the delegation for decision making that has a significant impact.