Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing) Regulations for Designated Non-Financial Businesses and Professions, 2024

B 813 Federal Republic of Nigeria Official Gazette No. 102 Lagos - 17th June, 2024 Vol. 111 Government Notice No. 44 The following is published as supplement to this Gazette : S.I. No. Short Title Page 39 Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction for Designated Non￾Financial Businesses and Professions, and Other Related Matters) Regulations, 2024 .. .. .. .. .. .. .. .. B815-855 Printed and Published by The Federal Government Printer, Lagos, Nigeria FGP 70/112024/350 Annual Subscription from 1st January, 2024 is Local : N100,000.00 Overseas : N130,000.00 [Surface Mail] N150,000.00 [Second Class Air Mail]. Present issue N3,500 per copy. Subscribers who wish to obtain Gazette after 1st January should apply to the Federal Government Printer, Lagos for amended Subscriptions. Extraordinary

B 814

B 815 ECONOMIC AND FINANCIAL CRIMES COMMISSION (ANTI￾MONEY LAUNDERING, COMBATING THE FINANCING OF TERRORISM AND COUNTERING PROLIFERATION FINANCING OF WEAPONS OF MASS DESTRUCTION FOR DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS, AND OTHER RELATED MATTERS) REGULATIONS, 2024 ARRANGEMENT OF REGULATIONS Regulation : PART I—OBJECTIVES, SCOPE AND APPLICATION

1. Objectives.
2. Scope.
3. Application. PART II — DESIGNATION OF NON-FINANCIAL BUSINESSES AND PROFESSIONS
4. Designation of DNFBPs.
5. Registration and supervision of DNFBPs.
6. Entry Controls.
7. Role of Special Control Unit against Money Laundering (SCUML). PART III — OBLIGATIONS OF DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS (DNFBPS)
8. Compliance with existing laws and regulations.
9. Obligations to establish AML, CFT and CPF programmes.
10. Predicate offences to money laundering.
11. Identification, assessment and management of ML, TF and PF risks.
12. Cooperation with regulators and law enforcement agencies. PART IV — COMPLIANCE RESPONSIBILITIES
13. Board of directors of DNFBPs.
14. Designation and duties of compliance officers.
15. Employees of DNFBPs.
16. Design and implementation of comprehensive AML, CFT and CPF training programmes.
17. Independent testing and controls.
18. Record keeping of documents or data collected under the customer identification process.
19. Sanctions screening.
20. Risk assessment framework.
21. Classification of customers.
22. New technology and non-face-to-face transactions.

B 816 23. Timing of verification. 24. Failure to complete customer due diligence. 25. Application of customer due diligence measures on existing customers. 26. On-going due diligence. 27. Complex transactions PART V — CUSTOMER DUE DILIGENCE MEASURES 28. General principles of customer due diligence. 29. Standard customer due diligence. 30. Simplified due diligence measures. 31. Enhanced due diligence measures. 32. Reliance on third parties. 33. Relationship with anonymous or fictitious customers. 34. Beneficial ownership. PART VI — MANDATORY TRANSACTION REPORTS 35. Suspicious transaction reports. 36. Currency transaction reports. 37. Cash-based transaction reports to be filed with SCUML. 38. Other AML, CFT and CPF reports to be rendered. PART VII — MISCELLANEOUS 39. Penalties for non-compliance. 40. Sector specific guidelines and reporting requirements. 41. Revocation and savings provisions. 42. Interpretation. 43. Citation. SCHEDULES

B 817 ECONOMIC AND FINANCIAL CRIMES COMMISSION (ANTI￾MONEY LAUNDERING, COMBATING THE FINANCING OF TERRORISM AND COUNTERING PROLIFERATION FINANCING OF WEAPONS OF MASS DESTRUCTION FOR DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS, AND OTHER RELATED MATTERS) REGULATIONS, 2024 [15th Day of May, 2024] In exercise of the powers conferred on me by section 28 of the Money Laundering (Prevention and Prohibition) Act, No. 14, 2022 and section 95 of the Terrorism (Prevention and Prohibition) Act, No. 15, 2022, and all other powers enabling me in that behalf, I, LATEEF OLASUNKANMI FAGBEMI, SAN, Attorney-General of the Federation and Minister of Justice, make the following Regulations — PART I — OBJECTIVES, SCOPE AND APPLICATION

1. The objectives of these Regulations are to — (a) provide implementation guidelines for the registration and effective supervision of Designated Non-Financial Businesses and Professions (DNFBPs) ; (b) make provisions for administrative sanctions for DNFBPs ; (c) strengthen the existing system for combatting Money Laundering, Terrorism Financing and Proliferation Financing ; (d) make provisions for developing sector specific guidelines for supervision of DNFBPs ; and (e) make provisions for the development of strategies to enhance compliance culture for DNFBPs.
2. These Regulations cover the relevant provisions of the MLPPA, TPPA and any other relevant laws or regulations that provides for — (a) Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction (AML, CFT and CPF) Policy ; (b) the establishment and development of Compliance Unit and functions ; (c) the Compliance Officer designation and duties ; (d) the requirement to co-operate with the competent or supervisory authorities ; (e) the conduct of Customer Due Diligence ; (f ) monitoring and filing of suspicious transactions reports to the Nigerian Financial Intelligence Unit (NFIU) ; (g) filing of Currency Transaction Reports (CTRs) and Cash Based Transaction Reports (CBTRs) to the Special Control Unit against Money Laundering (SCUML) and other reporting requirements ; (h) record keeping ; (i) AML, CFT and CPF employee training ; and (j) Administrative Sanctions. S. I. No. 39 of 2024 Commence￾ment Objectives Scope

B 818 3. These Regulations apply to — (a) DNFBPs as listed under section 30 of the Money Laundering (Prevention and Prohibition) Act, 2022; and (b) other businesses and professions as may be designated by the Minister. PART II — DESIGNATION OF NON-FINANCIAL BUSINESSES AND PROFESSIONS 4.—(1) The businesses and professions listed under section 30 of the MLPPA and under the First Schedule to these Regulations shall continue to exist as Designated Non-Financial Businesses and Professions (DNFBPs) as it relates to AML, CFT, CPF obligations as prescribed in these Regulations. (2) As from the commencement of these Regulations, the following businesses shall continue to exist as DNFBPs as it relates to AML, CFT, CPF obligations as prescribed in these Regulations — (a) dealers in precious stones and metals ; (b) dealers in real estate, estate developers, estate agents and brokers ; (c) hospitality industry ; (d) consultants and consulting companies ; (e) construction companies ; (f ) importers and dealers in cars or any other automobiles ; (g) dealers in mechanized farming equipment and machineries ; (h) practitioners of mechanized farming ; (i) mortgage brokers ; (j) pool betting ; and (k) lottery business including fixed odds, pari-mutuel, sports lottery (betting), and scratch card gaming and other forms of gaming. (3) As from the commencement of these Regulations, the following professions shall continue to exist as DNFBPs in Nigeria as it relates to AML, CFT, CPF obligations as prescribed in these Regulations — (a) law firms, notaries and other independent legal practitioners; (b) accountants and accounting firms; (c) trust and company service providers; (d) tax consultants; and (e) estate surveyors and valuers. 5.—(1) The Special Control Unit Against Money Laundering (SCUML) shall be responsible for the registration, monitoring and supervision of the activities of DNFBPs in Nigeria in relation to Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing (AML, CFT and CPF) pursuant to the provisions of MLPPA, TPPA, these Regulations and any other relevant law or regulations. (2) Existing businesses and professions prior to the coming into effect of MLPPA shall register with SCUML within three months from the date of commencement of the MLPPA. (3) New businesses and professions shall, before the commencement of business, register with SCUML. Application Designation of DNFBPs First Schesdule Registration and supervision of DNFBPs

B 819 (4) DNFBPs operating in the free trade zones in Nigeria shall register with SCUML and be subject to registration, conduct of customer due diligence and reporting obligations. 6.—(1) A Government Licensing Authority and Self-Regulatory Body shall conduct a comprehensive AML/CFT/CPF and criminal background checks for market entry control as part of their comprehensive fit and proper person due diligence and this shall be conducted prior to issuing an operating or professional license. (2) Where a Designated Non-Financial Business or Profession (DNFBP) subsector does not have a statutorily chartered Self-Regulatory Body (SRB) or a primary licensing authority, SCUML shall be responsible for the conduct of its entry control measures and criminal background checks as part of registration process of DNFBPs. (3) For the purpose of market control, and in ensuring that criminals and their associates do not hold, or become the beneficial owners of a significant, or controlling interest, or hold a management function in DNFBPs the following factors shall be considered — (a) whether the persons were — (i) convicted of any offence involving dishonesty or fraud, (ii) convicted of money laundering, terrorism or proliferation financing offences, (iii) found guilty of serious misconduct in relation to professional duties, (iv) subjects of any proceeding of a criminal nature or have been notified of any impending proceedings or an investigation, which may lead to such proceedings, (v) a subject of any justified complaint relating to regulated activities ; (vi) dismissed, asked to resign from employment or a position of trust, fiduciary appointment or similar position because of questions about their honesty and integrity, and (vii) beneficial owners, significant shareholders, directors or senior management staff in an entity that has been investigated, disciplined, suspended or criticized by a regulatory or professional body, a court or tribunal, whether publicly or privately; and (b) where the persons were disqualified by the Companies and Allied Matters Act (CAMA) or any other legislation or regulation, from acting as directors or serving in a managerial capacities. (4) SCUML shall — (a) conduct screening using the United Nations Consolidated List and Nigerian Sanctions List which shall be updated periodically ; (b) put in place measures to identify natural persons who ultimately or effectively own or control the applicant for license or on whose behalf a license application is been processed; and Entry Controls

B 820 (c) put in place measures to determine if the natural person who ultimately or effectively own or control the applicant for license or on whose behalf a license application is being processed is a Politically Exposed Person. (5) Government Licensing authorities and SRBs shall verify information they receive from applicant for license refered to in subregulation (4) of this regulation by cross referencing it against criminal database held by Law Enforcement Agencies, adverse media reports from credible and reliable sources, as well as feedback received from international counterpart SRBs. (6) DNFBPs shall comply with the entry control requirements applicable to their respective subsectors, as may be provided in guidelines issued by SCUML. 7.—(1) SCUML shall — (a) register and certify designated non-financial businesses and professions in Nigeria in accordance with the provisions of the MLPPA, other relevant laws, and applicable regulations ; (b) monitor and supervise designated non-financial businesses and professions in accordance with the provisions of MLPPA, relevant laws and applicable regulations ; (c) impose administrative sanctions to ensure compliance with MLPPA and these Regulations ; (d) take necessary enforcement measures to ensure compliance with MLPPA, relevant laws and applicable regulations ; (e) conduct off-site, on-site and on the spot checks, inspection of designated non -financial businesses and professions for the purposes of money laundering control, combating the financing of terrorism and countering proliferation financing ; (f ) establish and maintain a comprehensive database of DNFBPs in Nigeria ; (g) receive Cash Based Transaction Reports (CBTRs) and Currency Transaction Reports (CTRs) from designated non-financial businesses and professions in accordance with the provisions of MLPPA ; (h) sensitize designated non-financial businesses and professions of their responsibilities under MLPPA ; (i) recommend to the Minister to designate as DNFBP, any other business or profession not listed under section 30 of MLPPA and First Schedule to these Regulations ; and (j) perform other functions necessary to fulfill its responsibilities under the MLPPA or any other relevant laws and applicable regulations. (2) The relevant Self-Regulatory Organisations (SROs) and Trade Associations, in consultation with SCUML, shall — (a) develop internal compliance systems, and sensitization and training programs for their members ; (b) monitor members to ensure compliance with the MLPPA, TPPA and these Regulations ; and (c) apply relevant sanctions on its members, including suspension, revocation or withdrawal of licenses of members for non-compliance with AML, CFT and CPF laws and regulations, subject to section 21 (1) and (2) of the MLPPA. Role of SCUML First Schedule

B 821 PART III — OBLIGATIONS OF DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS (DNFBPS) 8.—(1) Designated Non-Financial Businesses and Professions shall conduct their businesses in compliance with the provisions of the MLPPA, TPPA, these Regulations and other relevant laws and regulations. (2) Subject to the provisions of section 11(4) of MLPPA, the reporting and Customer Due Diligence (CDD) obligations of law firms, notaries and other independent legal professionals, audit firms, accountants and accounting firms shall arise where they render services to and carry out transactions for any client concerning — (a) buying and selling of real estate within or outside Nigeria ; (b) managing of client money, securities or other assets ; (c) management of bank savings or securities accounts ; (d) organization of contributions for the creation, operation or management of companies ; (e) creation, operation or management of legal persons or arrangements and buying and selling of business entities ; (f ) acting as a formation agent of a legal person or entity ; (g) acting as or arranging for another person to act as a trustee of an express trust or performing the equivalent function for another form of legal arrangement ; or (h) acting as or arranging for another person to act as a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons, entities or arrangements ; (3) For the purpose of these Regulations, the reporting and other compliance obligations of trust and company service providers, registered as trustees shall arise when — (a) acting as a formation agent of legal persons ; (b) acting as or arranging for another person to act as a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons ; (c) providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal person or arrangement ; (d) acting as or arranging for another person to act as a trustee of an express trust or performing the equivalent function for another form of legal arrangement ; or (e) acting as or arranging for another person to act as a nominee shareholder for another person. 9.—(1) In order to monitor and ensure compliance, a DNFBP shall establish and implement AML, CFT and CPF programmes designed on a risk-based approach tailored to the size of their business, and integrate its customers or clients into these programmes. Compliance with existing laws and regulations Obligations to establish AML, CFT and CPF programs

B 822 (2) The programs referred to in sub-regulation (1) of this regulation shall include — (a) internal policies, procedures and controls, based on the DNFBP’s assessment of the ML, TF and PF risks associated with its business and having regard to the size of its business, and which shall be designed and implemented to reasonably anticipate and prevent ML, TF and PF; (b) Customer Due Diligence; (c) application of due diligence proportionate to the identified risk ; (d) compliance management arrangements, including the appointment of a Compliance Officer at the management level ; (e) establishment of an independent Internal Audit Unit to ensure compliance with the AML, CFT and CPF program ; (f ) rendition of Cash Transaction Reports (CTRs) to SCUML ; (g) rendition of Cash Based Transaction Reports (CBTRs) to SCUML ; (h) rendition of Suspicious Transactions Reports (STRs) on ML, TF and PF to the NFIU in compliance with the provisions of section 7 of MLPPA and section 84 of the TPPA ; (i) regular training and retraining for its employee ; (j) record keeping, preservation, retrieval, and communication of records in accordance with the provisions of section 8 of MLPPA ; (k) centralization of information collected ; and (l) initiating or putting in place counter measures proportionate to identified risks. (3) DNFBPs, their subsidiaries and branches shall implement group-wide programs against ML, TF and PF, to all branches and subsidiaries of the group, as well as the measures set out in sub-regulation (2) above, including — (a) policies and procedures for sharing information required for the purposes of CDD and ML, TF and PF risk management ; (b) provision at group-level, audit and/or AML, CFT and CPF functions of the information as included in sub-regulation (3) above from branches and subsidiaries when necessary for AML, CFT and CPF purposes. Similarly branches and subsidiaries shall receive such information from these group￾level functions when relevant and appropriate to risk management ; and (c) adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off. (4) DNFBPs shall put in place a structure that ensures the operational independence of the Chief Compliance Officer (CCO) and Compliance Officers. (5) DNFBPs shall promptly comply with requests for information made by SCUML and other relevant Authorities pursuant to section 9 of MLPPA. (6) DNFBPs shall design comprehensive training programs for board members (where applicable), management and staff to establish full awareness of their obligations and also to equip them with relevant skills required for the effective discharge of their AML, CFT and CPF obligations.

B 823 (7) The timing, coverage and content of the employee training program shall be designed to meet the needs of the DNFBP to ensure compliance with the requirements and provisions of these Regulations. (8) DNFBPs shall provide comprehensive training programs for employees, compliance officers and as part of the orientation program for new employees and those posted to the front office and branch offices. (9) An AML, CFT and CPF training program shall be developed under the guidance of the Compliance Officer in collaboration with senior Management. (10) The basic elements of the AML, CFT and CPF training program of DNFBPs shall include — (a) AML, CFT and CPF Laws and Regulations ; (b) the nature of ML, TF and PF offences ; (c) ML, TF and PF ‘red flags’ and suspicious transactions, including trade￾based money laundering typologies ; (d) reporting requirements ; (e) Customer Due Diligence ; (f ) risk-based approach to AML, CFT and CPF; and (g) record keeping and retention policy. (11) DNFBPs shall submit their annual AML, CFT and CPF employee training programme to SCUML at the beginning of each year not later than 31st March of the year. (12) DNFBPs that are regulated in Nigeria, with branches, subsidiaries, agencies, or representative offices operating in foreign jurisdictions shall ensure that these branches, subsidiaries, agencies, or representative offices apply AML and CFT measures that are equivalent to the MLPPA and these Regulations. (13) A DNFBP shall, in particular, ensure that the requirement under this regulation is observed by its branches, subsidiaries, agencies, or representatives offices that operate in foreign jurisdictions which do not, or insufficiently, apply AML and CFT-measures equivalent to those of the MLPPA and these Regulations. (14) DNFBPs with branches, majority-owned subsidiaries, agencies, or representative offices operating in foreign jurisdictions shall ensure that — (a) branches, majority-owned subsidiaries, agencies, or representative offices apply AML and CFT measures that are equivalent to the MLPPA and these Regulations, where the minimum AML and CFT requirements of the host country are less strict than those of the MLPPA and these Regulations, to the extent that host country laws and regulations permit ; and (b) if the host country does not permit the proper implementation of AML and CFT measures consistent with the requirements of the MLPPA and these Regulations, the DNFBP group shall apply appropriate additional measures to manage the ML and TF risks, and inform SCUML.

B 824 (15) DNFBP Groups shall implement group-wide policies, procedures, and controls against ML and TF which are applicable to all branches and subsidiaries of the DNFBP group which shall include — (a) the measures set out in section 10(1) of the MLPPA, and EFCC (AML, CFT and CPF) Regulations as amended (SCUML-R) ; (b) policies and procedures for sharing information required for the purposes of CDD and ML and TF risk management ; (c) the provision, at group-level, of compliance, audit of AML and CFT functions, of customer, account and transaction information from branches and subsidiaries when necessary for AML and CFT purposes, including information and analysis of transactions or activities which appear suspicious in accordance with section 7(1) of the MLPPA, if such analysis was done; and (d) adequate safeguards on confidentiality and use of information exchanged. (16) Information and analysis of transactions or activities which appear suspicious shall include STRs and their underlying information and the fact that STRs have been filed. (17) Branches and subsidiaries of a financial group shall receive information where relevant and appropriate for the management of ML and TF risks. (18) DNFBPs that are regulated in Nigeria with branches, foreign subsidiaries, agencies, or representative offices operating in foreign jurisdictions shall ensure that— (a) branches, subsidiaries, agencies, or representative offices apply AML and CFT measures that are equivalent to the MLPPA and these Regulations; (b) this requirement is observed by its branches, subsidiaries, agencies, or representative offices that operate in foreign jurisdictions which do not, or insufficiently, apply AML and CFT measures equivalent to those of the MLPPA and these Regulation; and (c) SCUML receive information, if any of its branches, subsidiaries, agencies, or representative offices operating in a foreign jurisdiction is unable to observe required equivalent AML and CFT measures prohibited by the laws, policies, or other measures of the foreign jurisdiction. In such instances, a DNFBP shall apply appropriate additional measures to manage the ML and TF risks. 10.—(1) DNFBPs shall in the course of their business activities, identify and report to the NFIU, any suspicious transaction relating to the following criminal activities — (a) participation in an organized criminal group ; (b) racketeering, terrorism, terrorist financing ; (c) trafficking in persons, smuggling of migrants, sexual exploitation, sexual exploitation of children ; (d) illicit trafficking in narcotic drugs and psychotropic substances ; Predicate offences to money laundering

B 825 (e) illicit arms trafficking, illicit trafficking in stolen goods ; (f ) corruption, bribery, fraud, currency counterfeiting ; (g) counterfeiting and piracy of products, environmental crimes ; (h) murder, grievous bodily injury ; (i) kidnapping, hostage taking, robbery or theft ; (j) smuggling (including in relation to customs and excise duties and taxes), tax crimes (relating to direct taxes and indirect taxes) ; (k) extortion, forgery, piracy ; (l) insider trading and market manipulation; or (m) any other criminal act specified in the Act or any other law in Nigeria including any act, wherever committed in so far as such an act is deemed unlawful if committed in Nigeria. (2) In these Regulations, terrorism financing offences — (a) extend to any person or entity, within or outside Nigeria, in any manner, who, directly or indirectly, and willingly provides, solicits, acquires, collects, receives, possesses, or makes available, property, funds or other services or attempts to provide, solicit, acquire, collect, receive, possess or make available, property, funds or other services with the intention or knowledge, or having reasonable grounds to believe that it will be used, in full or in part to finance any act of terrorism, terrorist or terrorist group in line with relevant sections of TPPA ; and (b) are predicate offences for money laundering and shall apply regardless of whether the person or entity alleged to have committed the offence is in the same country or a different country from the one in which the terrorist or terrorist organization is located, or the terrorist act occurred or will occur. 11. DNFBPs shall — (a) adopt a risk-based approach in the identification and assessment of ML, TF and PF risks in line with relevant laws and regulations ; (b) take appropriate steps to identify, assess and understand ML, TF and PF risks for their customers, countries or geographic areas of operations, services, products and delivery channels ; (c) have policies, controls and procedures approved by their management to mitigate identified risks ; (d) monitor the implementation of the policies, controls and procedures referred to under paragraph (c) of this sub-regulation ; and (e) apply enhanced measures to manage higher risks and simplified measures to manage lower risks. 12. DNFBPs shall — (a) cooperate with regulators and law enforcement agencies in the implementation of a robust AML, CFT and CPF regime in Nigeria ; (b) render statutory reports to appropriate authorities as required by law and in the frequency prescribed under the Second Schedule to these Regulations ; and (c) guard against any act that may cause a customer or client to avoid compliance with the AML, CFT and CPF legislation. Identification, assessment and management of ML, TF and PF risks Cooperation with regulators and law enforcement agencies Second Schedule

B 826 PART IV — COMPLIANCE RESPONSIBILITIES 13.—(1) The Board of Directors shall be responsible for providing leadership and direction in the management of ML, TF and PF compliance risks. (2) The Board of Directors shall approve the issuance of compliance guidelines or manuals on AML, CFT and CPF. (3) The compliance guidelines or manuals issued under sub-regulation (2) of this regulation shall be reviewed periodically. (4) The Board of Directors shall oversee the implementation of the policies contained in the compliance guidelines or manuals. 14.—(1) DNFBPs shall designate Compliance Officers at management level with the relevant competencies, authority and independence to implement their AML, CFT and CPF compliance programmes. (2) A Compliance Officer shall — (a) develop the compliance strategy, policy, structure and processes ; (b) implement the DNFBPs AML, CFT and CPF compliance initiatives and programmes ; (c) report periodically on AML, CFT and CPF compliance matters to management ; (d) report non-compliance and other potential risk exposures to management immediately and establish prompt mechanisms for resolutions ; (e) collaborate with stakeholders and other regulators for the development and implementation of compliance programmes ; (f ) enhance the AML, CFT and CPF compliance culture in the DNFBP through the — (i) development of appropriate compliance awareness programmes ; and (ii) training of employees in AML, CFT and CPF awareness, detection methods and reporting requirements ; (g) ensure the implementation of AML, CFT and CPF regulatory requirements into operations regulations ; (h) ensure that all the new and existing AML, CFT and CPF regulations, guidance and directives are communicated to employees ; (i) oversee the DNFBP’s identification and assessment of their ML/TF/PF risks prior to the development and introduction of new products and new business practices ; (j) monitor day to day compliance with applicable AML, CFT and CPF laws and regulations ; (k) receive and vet transaction reports from employees ; (l) assist the Chief Compliance Officer, where applicable, in organizing AML, CFT and CPF regulator reports ; (m) serve as a liaison officer between the DNFBP and regulators ; and (n) ensure implementation of screening procedures to guarantee high standards when hiring employees, which shall include — (i) criminal background checks, Board of Directors of DNFBPs Designation and duties of compliance officers

B 827 (ii) targeted financial sanction screening, (iii) employment history, (iv) reference checks, and (v) education verification. (3) Where a DNFBP operates more than one business location or branch, it shall designate a Chief Compliance Officer at the Head Office at management level. (4) The Chief Compliance Officer designated pursuant to sub-regulation (3) of this regulation shall — (a) coordinate the identification, assessment and management of compliance risks ; (b) supervise the work of Compliance Officers and compliance functions of the DNFBP ; (c) ensure continuous training of Compliance Officers on AML, CFT and CPF ; and (d) serve as a liaison officer between the DNFBP and Regulators. 15.—(1) Employees of a DNFBP shall — (a) adhere to the AML,CFT and CPF compliance policy guidelines of the DNFBP ; (b) conduct businesses in accordance with applicable AML,CFT and CPF laws, regulations and corporate policies ; and (c) maintain the highest ethical standards in the performance of their duties. (2) Employees shall not proffer advice or render other assistance to individuals or institutions who attempt to violate or evade anti-money laundering, counterterrorist financing and counter proliferation financing laws, regulations and corporate policies. (3) Employees shall not disregard signs disclosing that a customer seeks to engage in a relationship or transaction other than for a lawful purpose. (4) Employees shall avoid conflict of interest in establishing relationships with individuals or entities who may pose ML, FT and PF risks to the DNFBP. 16.—(1) DNFBPs shall design and implement a comprehensive AML, CFT and CPF training programmes to — (a) make employees aware of their obligations under the AML, CFT and CPF laws and regulations ; and (b) equip the employees with relevant skills required for the effective discharge of their AML, CFT and CPF compliance tasks. (2) DNFBPs shall develop and implement the appropriate training for employees to keep pace with the dynamism of money laundering, terrorism and proliferation financing challenges. (3) The employee training programme shall be developed by the AML, CFT and CPF Compliance Officer under the directive of management. Employees of DNFBP Design and implementation of comprehensive AML, CFT and CPF training programmes

B 828 (4) The training program referred to in sub-regulation (3) of this regulation shall include — (a) a description of the nature and processes of money laundering, terrorist and proliferation financing, including new developments, emerging trends, techniques and methods in ML, TF and PF ; (b) an overview of legal obligations contained in the relevant laws ; (c) reporting requirements ; (d) customer due diligence ; (e) enhanced customer due diligence on high risk persons ; (f ) risk-based approach to AML, CFT and CPF ; (g) record keeping ; (h) general understanding of the AML, CFT and CPF policy and procedures ; (i) verification and recognition of suspicious customer transactions ; and (j) reporting suspicious transactions to the NFIU. (5) For the purposes of ensuring maximum compliance with the training requirements on current AML, CFT and CPF laws and regulations, employees of DNFBPs shall undergo at least, one AML, CFT and CPF training in a year. 17. (1) DNFBPs shall perform regular independent testing to — (a) assess the adequacy of the AML, CFT and CPF policies and programmes ; and (b) review the AML, CFT and CPF policies to enable the entity identify gaps and deficiencies. (2) The independent testing requirement shall be performed — (a) internally, by the internal audit department or unit; or (b) externally, by a consultant appointed by the DNFBP’s AML, CFT and CPF procedures. (3) DNFBPs shall carry out on a regular basis, independent review of their AML, CFT and CPF programme. (4) The independent review of the AML, CFT and CPF programme of a DNFBP referred to in sub-regulation (3) of this regulation may be performed by — (a) its internal audit and inspection departments where they have the requisite AML, CFT and CPF knowledge or experience ; or (b) qualified and experienced AML, CFT and CPF consultant, appointed by the DNFBP. (5) The Audit Report shall specifically comment on the robustness of the internal policies, controls and processes, and make constructive suggestions, where necessary, to strengthen the policy and implementation. 18.—(1) DNFBPs shall ensure that information, document or data collected under the customer identification process are kept up-to- date and relevant by undertaking regular reviews of existing records, particularly the record in respect of higher risk business relationships or categories of customers. Independent testing and controls Record keeping of documents or data collected under the customer identification process

B 829 (2) DNFBPs shall maintain necessary records of transactions, both domestic and international, for at least five years, following completion of the transaction. (3) The provisions of sub-regulation (2) of this regulation shall apply regardless of whether the transaction or business relationship is on-going or has been terminated. (4) The records of transactions required to be maintained by DNFBPs under sub-regulation (2) of this regulation shall include — (a) the risk profile of each customer or beneficial owner ; (b) the data obtained through the customer due diligence process including the name, address, National Identification Number (NIN), nature and date of the transaction ; (c) the type and amount of currency involved ; (d) the identifying number of any account involved in the transaction ; (e) official identification documents, including International Passports, National Identity Cards issued by National Identity Management Commission (NIMC), Driver’s License issued by Federal Road Safety Corps (FRSC), or Voter’s Card issued by Independent National Electoral Commission (INEC); (f ) business correspondences ; and (g) result of any analysis undertaken on documents or records listed in this sub-regulation. (5) DNFBPs shall implement specific procedures for retaining internal records of transactions, both domestic or international, to ensure swift compliance with information requests from the competent authorities, and such records shall be sufficient to permit reconstruction of individual transactions, including the amounts and types of currency involved so as to provide, where necessary, evidence for the prosecution of criminal activities. (6) Where the records relate to on-going investigations or transactions which have been the subject of a disclosure, the DFNBPs shall retain the records for a period of at least five years after the case has been closed. 19. DNFBPs shall — (a) screen their customers transactions in line with United Nations Consolidated List and Nigeria Sanctions List to ensure that proscribed individuals and entities do not have control and access to DNFBPs whether directly or indirectly ; (b) without delay, implement targeted financial sanction in relation to terrorism financing and proliferation financing, as provided under the TPPA and Regulations ; and (c) report to the NFIU without delay, any frozen asset or action taken, in compliance with the United Nations Security Resolutions and other successive resolutions. 20.—(1) DNFBPs shall, in collaboration with SCUML, periodically assess the ML, TF and PF risks inherent in their systems and develop measures to safeguard the DNFBPs from being used to launder proceeds of crime, terrorism financing or proliferation financing. Sanctions screening Risk assessment framework

B 830 (2) The risk assessment referred to in sub-regulation (1) of this regulation shall be conducted on customers, products or services, geographical locations and delivery channels to ensure that the identified risks are properly mitigated. (3) DNFBPs shall adopt risk-based approaches that are commensurate with the specific risks of ML, TF and PF identified in the risk assessment. 21. Prior to establishing business relationship with prospective customers, DNFBPs shall — (a) carry out a formal assessment on the customer and classify them as either “high”, “medium” or “low” risks ; and (b) where applicable, deploy — (i) simplified due diligence, for low-risk customers, (ii) standard due diligence, for medium risk customers, or (iii) enhanced due diligence, for high-risk customers. 22.—(1) DNFBPs shall take appropriate measures to prevent the misuse of technological developments in ML, TF and PF schemes including the use of — (a) internationally accepted credit or debit cards ; and (b) mobile telephone banking systems. (2) DNFBPs shall have policies and procedures in place to address specific risks associated with non-face-face business relationships or transactions. 23.—(1) DNFBPs shall verify the identity of a customer, beneficial owner and occasional customer before or during the course of establishing a business relationship or conducting transactions with them. (2) DNFBPs shall complete the verification of the identity of a customer and beneficial owner following the establishment of business relationship, only where — (a) an acceptable time span for obtaining satisfactory evidence of identity is determined by the nature of the business, the geographical location of the parties and whether it is possible to obtain the evidence before commitments are entered into or the transactions is consummated ; (b) it is essential not to interrupt the normal business conduct of the customer such as non-face-to-face business transactions ; or (c) the money laundering, terrorism financing or proliferation financing risks can be effectively managed. (3) DNFBPs shall, upon coming into contact with a client, obtain identification to — (a) agree with client to carry out an initial transaction ; or (b) reach an understanding, whether binding or not, with the clients to carry out future transactions. (4) Where the client fails to supply the required information as stipulated in sub-regulation (3) of this regulation, the DNFBPs shall — (a) discontinue the business activity ; and (b) without delay, file an STR to the NFIU. Classification of customers New technology and non￾face-to-face transactions Timing of verification

B 831 (5) Where a client, customer or a beneficiary is permitted to utilise the business relationship prior to verification, the DNFBPs shall adopt risk management procedures concerning the conditions under which this may occur. (6) The conditions referred to in sub-regulation (5) of this regulation shall include — (a) a limitation of the number, types, or amount of transactions that can be performed ; and (b) the monitoring of large or complex transactions being carried out outside the expected norms for that type of relationship. (7) A DNFBP shall take reasonable measures to verify the identity of the beneficial owner, appropriately understand and obtain information of the objectives, purpose and intended nature of the business relationship. 24. A DNFBP shall — (a) not carry out any transaction, in the event of failure or inability to complete verification of relevant information or data; and (b) understand and obtain information on the objectives, purpose and intended nature of the business relationship and such information shall include — (i) business, occupation and employment, (ii) anticipated nature of activity, (iii) anticipated level of transaction volume, (iv) source of funds and sources of wealth, (v) identity of beneficial owners, and (vi) registered address and business location. (3) A DNFBP shall for customers that are legal persons or legal arrangements — (a) understand the nature of the customer’s business and its ownership and control structure ; (b) identify the customer and verify the identity through the following information — (i) name, legal form and proof of existence, (ii) the powers that regulate and bind the legal person or arrangement, and names of the persons having a senior management position in the legal person or arrangement, and (iii) the address of the registered office, and if different, the principal place of business ; (c) identify and take reasonable measures to verify the identity of beneficial owners through the following information, the — (i) identity of any natural person who ultimately owns at least 5% of the issued shares in the legal entity, (ii) identity of any natural person who controls the customer or a natural person who exercises at least 5% of the voting rights in the legal entity either directly or indirectly, Failure to complete customer due diligence

B 832 (iii) identity of any natural person who holds a right, either directly or indirectly to appoint or remove majority of the directors(or similar positions) of the legal entity, (iv) identity of any natural person who ultimately directs a transaction, being the person on whose behalf the transaction is being conducted, and (v) identity of any natural person who exercises, either directly or indirectly, significant influence or control over the legal person; (d) identify and take reasonable measures to verify the identity of beneficial owners through the following information — (i) for trusts, the identity of the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other person exercising ultimate effective control over the trust (including through a chain of control or ownership), and (ii) for other types of legal arrangements, the identity of persons in equivalent or similar positions. (4) DNFBP’s shall complete the verification of the identity of a customer and beneficial owner following the establishment of [the] business relationship, only where — (a) an acceptable time span for obtaining satisfactory evidence of identity is determined by the nature of the business, the geographical location of the parties and whether it is possible to obtain the evidence before commitments are entered into or the transactions is consummated. Provided that the timespan referred to above does not exceed a period of one month ; and (b) it is essential not to interrupt the normal business conduct of the customer such as non face-to-face business transactions; or where the ML, TF and PF risks can be effectively managed. (5) A DNFBP that has already commenced a business relationship under sub-regulation (1) of this regulation shall terminate the business relationship and render an STR to the NFIU. 25.—(1) DNFBPs shall apply CDD measures on existing customers on the basis of materiality and risks, and conduct CDD on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of the data obtained. (2) In addition to undertaking CDD on a regular basis depending on the risk classification of the customer, CDD on existing customers shall also be undertaken where — (a) a business transaction of significant value, in relation to the customer’s profile, takes place ; (b) the DNFBPs becomes aware that information about an existing customer is no longer adequate ; or (c) there is a suspicion of ML and TF. Application of customer due diligence measures on existing customers

B 833 26. DNFBPs shall perform on-going due diligence on all business relationships, and — (a) monitor and verify all requested changes to the business relationship ; (b) monitor changes or transactions inconsistent with the profile of the customer or beneficial owner ; and (c) review the transactions to determine if there are unusual or suspicious reasons to terminate the relationship, and file and send STRs to the NFIU. 27. —(1) DNFBPs shall monitor complex or unusually large transactions, and unusual patterns of transactions that have no apparent economic justification or visible lawful purpose. (2) The background and purpose of the transactions referred to in sub￾regulation (1) of this regulation shall as far as possible, be examined, the findings established in writing, and any suspicion made available to the NFIU. PART V — CUSTOMER DUE DILIGENCE MEASURES 28.—(1) DNFBPs shall put in place customer due diligence (CDD) measures, which shall be monitored by a chief compliance officer. (2) DNFBPs shall conduct customer due diligence on a risk sensitive basis to ensure that limited resources are focused on the higher risk accounts or transactions. (3) Where a DNFBP is dealing with an agent or an intermediary in a business relationship, it shall ensure that it obtains accurate information on the ultimate beneficial owners and related parties in the business relationship or transaction. (4) Where a DNFBP is dealing with customers that are legal persons or arrangements, it shall identify and take reasonable measures to verify the identity of beneficial owners through the following information for — (a) trusts, the identity of the settlor, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other natural person exercising ultimate effective control over the trust (including through a chain of control or ownership); or (b) other types of legal arrangements, the identity of persons in equivalent or similar positions. (5) Where a DNFBP is dealing with customers that are legal persons or arrangements, it shall — (a) understand the nature of the customer’s business and its ownership and control structure; (b) identify the customer and verify its identity through the name, legal form and proof of existence, the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement, and the address of the registered office and, if different, the principal place of business; (c) identify the natural person(s) (if any) who is the beneficial owner of the legal person, and On-going due diligence Complex transactions General principles of customer due diligence

B 834 (d) to the extent that there is doubt as to who is the beneficial owner(s) or where no natural person exerts control through ownership interests. A DNFBP shall require the — (i) identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means, and (ii) identity of the relevant natural person who holds the position of senior managing official. 29. Standard due diligence shall be conducted for all customers, where a — (a) new business relationship is established ; and (b) customer carries out occasional cash transactions in excess of $1,000 or its equivalent. 30.—(1) Where a business relationship or transaction is, upon the conduct of a risk assessment, determined to be low risk, the DNFBPs may apply reduced or simplified measures such as — (a) verifying the identity of the customer and the beneficial owner after the establishment of the business relationship, except where the transaction amount is above the thresholds specified in section 11 of the MLPPA for individuals and corporate bodies ; (b) reducing the frequency of customer identification updates; (c) reducing the degree of on-going monitoring and scrutinizing transactions, based on a reasonable monetary threshold ; and (d) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring the purpose and nature from the type of transactions or business relationship established. (2) Low risk situations may involve the following circumstances, where the — (a) risk of money laundering, terrorism financing or proliferation financing is lower ; (b) identity of the customer and the beneficial owners of the transactions or the business relationship is publicly available ; (c) adequate checks and controls exist elsewhere in national system ; or (d) volume transacted in the business relationship or transaction is considered low. (3) The simplified customer due diligence measures shall not apply to a customer where there is suspicion of ML, TF and PF. 31.—(1) A DNFBP shall, in line with FATF standards, apply enhanced due diligence measures, proportionate to the risks, business relationships and transactions with natural and legal persons, including financial institutions as applicable to affected jurisdictions. (2) The types of measures that a DNFBP shall implement in relation to higher risk countries and jurisdictions include the following — (a) obtaining additional information on the customer (e.g. occupation, volume; Standard customer due diligence Simplified due diligence measures Enhanced due diligence measures

B 835 (b) of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner; (c) obtaining additional information on the intended nature of the business relationship; (d) obtaining information on the source of funds or source of wealth of the customer; (e) obtaining information on the reasons for intended or performed transactions; (f ) obtaining the approval of senior management to commence or continue the business relationship; (g) conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination ; (h) requiring the first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards ; and (i) any other measures that may be set out in guidance issued by SCUML. (3) Enhanced due diligence shall be conducted for all customers, where — (a) there is a suspicion of ML/TF/PF ; (b) the DNFBP has doubts about the veracity or adequacy of previously obtained customer identification data ; (c) there are reasonable grounds to suspect that the amount involved in a transaction is the proceeds of a crime or an illegal act ; (d) a customer or the beneficial owner of a customer is a politically exposed person ; or (e) transactions with customers who are not physically present. (4) Where higher risk of ML, TF and PF is identified, the DNFBPs shall apply a higher level of monitoring measures on such transactions in line with the provisions of MLPPA, TPPA and these Regulations. (5) A DNFBP shall apply enhanced due diligence, proportionate to the identified risks, to business relationships and transactions with natural or legal persons (including financial institutions) from countries for which this is called for by the FATF. (6) SCUML shall proportionate to the identified risks, call for specific countermeasures to be applied by DNFBPs against high-risk countries, including the mandatory application of enhanced due diligence measures. (7) The specific countermeasures referred to in sub-regulation (6) of this regulation may include — (a) limiting business relationships or financial transactions with the high￾risk countries or with persons located in the country concerned ; (b) prohibiting reporting entities from relying on third parties located in the country concerned to conduct elements of the due diligence process ; and (c) conducting any other measures as may be specified by SCUML.

B 836 (8) For the purposes of this regulation, “high-risk countries” means — (a) countries which are subject to a call for application of countermeasures by the FATF ; (b) countries identified by SCUML or other competent authorities as having strategic deficiencies in their AML and CFT regimes or posing a risk to the AML and CFT regime of Nigeria ; (9) SCUML shall publish the list of high-risk countries and publish any subsequent updates on its official website and the list of high-risk countries shall be updated by SCUML where there is any — (a) amendment to the FATF’s list of countries subject to a call for countermeasures; or (b) revision to the list identified by SCUML. (10) A DNFBP shall implement countermeasures proportionate to the identified risks when called for by SCUML. (11) DNFBPs may apply additional countermeasures including — (a) stringent measures for identifying clients and enhancement of advisories, including jurisdiction-specific financial advisories to DNFBPs for identification of the beneficial owners before business relationships are established with individuals or companies from that jurisdiction ;
(b) enhanced relevant reporting mechanisms or systematic reporting of financial transactions on the basis that financial transactions with such countries are more likely to be suspicious ; and (c) limit business relationships or financial transactions with the identified country or persons in that country. 32.—(1) DNFBPs may rely on third parties to — (a) identify a customer and verify that customer’s identity using reliable independent source documents, data or information ; (b) identify a beneficial owner and take reasonable measures to verify the identity of the beneficial owner ; and (c) understand and obtain information on the purpose and intended nature of the business relationship. (2) Where a DNFBP relies on a third party as stated in sub-paragraph (1) of this regulation to conduct CDD or to introduce business, the responsibility for CDD measures shall remain with the DNFBP which shall include to — (a) obtain immediately the necessary information concerning measures (a)-(c) of sub-paragraph (1) of this regulation ; (b) take steps to satisfy itself that copies of identification data and other relevant documentation relating to the measures in (a)-(c) of sub￾paragraph (1) will be made available from the third party upon request without delay; and (c) satisfy itself that the third party is regulated, and supervised for compliance with CDD and record-keeping requirements in line with the requirements set out in sections 4 and 8 of the MLPPA. Reliance on third parties

B 837 (3) In choosing third party introducers, a DNFBP shall take into account available information relating to the level of risk associated with the countries in which the third parties are established. (4) A DNFBP may rely on third parties that are part of the same group, provided that the DNFBP — (a) immediately obtain the necessary information concerning elements (a)-(c) of the CDD measures set out in sub-paragraph (1) ; (b) take steps to satisfy themselves that copies of identification data and other relevant documentation relating to CDD requirements shall be made available from the third party upon request without delay ; and (c) satisfy itself that the third party is regulated, supervised or monitored for having measures in place for compliance with CDD and record-keeping requirements in line with sections 4 and 8 of the MLPPA respectively. 33.—(1) DNFBPs shall not establish business relationship with anonymous or fictitious clients, customers or persons. (2) DNFBPs shall take appropriate measures to identify and know the customer, client or person they are dealing with, through — (a) an established customer due diligence policies ; and (b) clear, written and risk based client or customer acceptance policies and procedures, which provisions shall include dealings with different client or customer profiles. (3) DNFBPs shall — (a) identify a customer, whether existing or occasional, natural or legal person, or any other form of legal arrangements, using identification documents as prescribed in relevant laws and regulations ; (b) verify the identity of the customer using reliable, independent source documents, data or information ; and (c) identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owner using relevant information or data obtained from a reliable source such that the DNFBP, is satisfied that it knows who the beneficial owner is. (4) In this regulation “reasonable measures” includes visitation to the address provided by the customer to verify its authenticity. 34. DNFBPs shall — (a) comply with beneficial ownership verification and reporting obligations for persons holding significant shareholding or exercising control on the DNFBP in accordance with sections 119 to 123 of Companies and Allied Matters Act ; (b) identify and verify the beneficial owners when transacting with legal persons or legal arrangements, where a legal person or legal arrangement is a significant shareholder in a corporate entity transacting with a DNFBP ; and Relationship with anonymous or fictitious customers Beneficial ownership

B 838 (c) be required to ensure that all CDD information and transaction records are available promptly upon request by the competent authority. PART VI — MANDATORY TRANSACTION REPORTS 35.—(1) Where the DNFBP suspects ML/TF activities, and it reasonably believes that performing the CDD process may lead to an unintentional tip-off to the customer, beneficial owner, or other subjects, the DNFBP is permitted not to pursue the CDD process and instead, shall file an STR to the NFIU, pursuant to section 7(2) (c) of MLPPA. (2) A director, officer and employee of a DNFBP, who discloses to a customer or beneficiary that a STR or any other related information is to be reported, or has been reported to the NFIU commits an offence and is liable on conviction to the penalty provided under section 7(10) of MLPPA. (3) A DNFBP and their directors, officers and employees shall not be liable to criminal or civil action for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, if they report their suspicions in good faith to the NFIU, and this protection shall be available even if they did not know precisely what the underlying criminal activity was, and regardless of whether the illegal activity actually occurred. (4) DNFBPs shall ensure that there is a clear procedure for staff to report suspicious transactions involving ML, TF and PF without delay to the NFIU. (5) Suspicious transactions, including attempted transactions, shall be reported to the NFIU regardless of the amount involved, and the report shall include any action taken on the suspicious activity by the DNFBP. (6) DNFBPs shall adhere to the reporting format provided by the NFIU and develop internal procedures for the purpose of filing confidential STRs to the NFIU. (7) In these Regulations, “Suspicious Transaction” includes — (a) a transaction which is unusual because of its size or volume, type or pattern ; (b) a transaction which is suggestive of known money laundering methods ; (c) a transaction which is or are inconsistent with the client’s or customer’s known legitimate, normal business or personal activities ; or (d) activities that lack obvious economic justification. 36.—(1) DNFBPs shall file reports on currency transactions above — (a) N5,000,000 or its equivalent, in the case of individual ; or (b) N10,000,000 or its equivalent, in the case of a body corporate, to SCUML within seven days, from the date of the transaction. (2) Where there are no transactions, DNFBPs shall file nil report on a monthly basis to SCUML electronically in the format provided by SCUML. Suspicious transaction reports Currency transaction reports

B 839 (3) DNFBPs shall render reports in writing on domestic transfers involving foreign currencies by a person or body corporate, of a sum exceeding US$10,000 or its equivalent to SCUML within seven days from the date of the transaction. 37.—(1) DNFBPs shall fill a Standard Data Form as may be provided by SCUML on all cash transactions in excess of US$1,000 or its equivalent. (2) DNFBPs shall forward the completed Standard Data Form to SCUML not later than seven days in accordance with the relevant provisions of MLPPA. (3) Where there are no cash transactions, DNFBPs shall file nil report on a monthly basis to SCUML in a format prescribed by SCUML. (4) The Standard Data Form may be amended by Economic and Financial Crimes Commission (EFCC) as the need arises. 38.—(1) DNFBPs shall render to SCUML — (a) transactions conducted for and on behalf of public sector on a monthly basis ; (b) transactions conducted for and on behalf of politically exposed persons on a monthly basis ; (c) trainings conducted for employees on a yearly basis ; and (d) DNFBPs’ Training Plan on an annual basis. (2) Where there are no such transactions, a nil report shall be filed to ensure compliance with this regulation. PART VII — MISCELLANEOUS 39.—(1) A DNFBP who fails to comply with the provisions of these Regulations shall be sanctioned in accordance with the relevant provisions of the MLPPA and TPPA. (2) SCUML may apply administrative sanctions specified in the Third Schedule to these Regulations, where there is a breach of the reporting requirements under these Regulations, the relevant provisions of MLPPA, the TPPA, and any other relevant laws or regulations. (3) An existing DNFBP that fails to comply with section 6 (1)(a)(ii) of MLPPA and register with SCUML within three months after coming into effect of MLPPA in line with regulation 4(2) of these Regulations is liable to administrative sanctions specified in the Third Schedule to these Regulations. (4) A new DNFBP that fails to comply with section 6 (1)(a)(i) of MLPPA and register with SCUML before commencement of business shall be liable to administrative sanctions specified in the Third Schedule to these Regulations. (5) The payment of fines prescribed under the Third Schedule to these Regulations shall be accompanied by evidence of registration and filing of reports required under MLPPA. Cash-based transaction reports to be filed with SCUML Other AML, CFT and CPF reports to be rendered Penalties for non￾compliance Third Schedule Third Schedule Third Schedule Third Schedule

B 840 (6) A Self-regulatory organization and relevant regulatory authorities shall, upon the recommendation of SCUML, withdraw, revoke or suspend the practicing license of a professional where there is persistent and deliberate breach of the provisions of these Regulations, the relevant provisions of MLPPA, TPPA and any other relevant laws or regulations. (7) Where an SRO imposes sanctions against its member pursuant to these Regulations, the SRO shall file a report of the sanctions imposed and the infraction by the erring member to SCUML within 14 days from the date of imposition of the sanction. (8) All monies received from DNFBPs as administrative sanctions pursuant to this regulation shall be paid into the EFCC recovery account for onward transmission to the Consolidated Revenue Funds Account of the Federal Government of Nigeria. 40.—(1) SCUML may issue sector specific guidelines to DNFBPs for the implementation of customer due diligence requirements and other relevant provisions of MLPPA and these Regulations. (2) Casino, lottery and pool betting companies seeking registration with SCUML shall hold an operating license or an approval in principle to operate from a competent State or Federal Authority by providing details of persons holding significant or controlling interest, or holding a management position, or being an operator of a casino, lottery or betting company; and which information shall be updated with the SCUML and the State or Federal Authority when there is a change in persons holding significant interest, management position or operating the casino, lottery or betting company. (3) Casinos shall verify the identity of their customers when their customers engage in financial transactions equal to or above USD 1,000 or its equivalent in Naira or any other currency. (4) Real-estate agents, brokers and developers shall verify the identity of their clients including the purchasers and the vendors when involved in transactions for the sale or purchase of the property. (5) Information required under this regulation shall include name, address, occupation, source of funds, account details and NIN. (6) Dealers in precious metals, stones and jewelries shall verify the identity of their clients when they engage in any cash transaction with a customer of an amount equal to or above USD 1,000 or its equivalent in Naira or any other currency. (7) Financial transactions above specified thresholds under these Regulations shall include situations when the transactions are carried out in a single or several operations that appear to be linked. (8) Lawyers, notaries, other independent legal professionals and accountants shall comply with and apply all CDD requirements as set out in the MLPPA and these Regulations when they prepare for or carry out transactions for their clients concerning the activities set out in Regulation 8(2) of these Regulations. Sector specific guidelines and reporting requirements

B 841 (9) Trust and company service providers shall comply with and apply all CDD requirements as set out in the MLPPA and these Regulations when they prepare for or carry out transactions for their clients concerning the activities set out in Regulation 8(3) of these Regulations. 41.—(1) The Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction for Designated Non-Financial Business and Professions, and other Related Matters) Regulations, 2022 is revoked. (2) Without prejudice to section 6 of the Interpretation Act, the revocation of the Regulations specified in sub-regulation (1) of this regulation shall not affect anything done or purported to be done under or pursuant to the revoked Regulations. 42. In these Regulations — “Acts” means Money Laundering (Prevention and Prohibition) Act, 2022 and Terrorism (Prevention and Prohibition) Act, 2022 ; “AML, CFT and CPF” means Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing ; “Accounts” includes a facility or an arrangement by which a financial institution — (a) accepts deposits of currency, (b) allows withdrawals of currency or transfers into or out of the account, (c) pays cheques or issue payment orders drawn on a financial institution or cash dealer by a person or collect cheques or payment orders on behalf of a person, and (d) supplies a facility or an arrangement for a safe deposits box ; “Applicant for Business” means the person or company seeking to establish a ‘business relationship’ or an occasional client undertaking a ‘one off’ transaction whose identity must be verified ; “as soon as reasonably practicable” means as soon as possible ; “Beneficial owner” refers to — (a) the natural person who ultimately owns or controls a customer ; (b) the natural person on whose behalf a transaction is being conducted ; and (c) a person who exercises ultimate effective control over a legal person or arrangement ; “Beneficiary” means those natural persons, or groups’ persons, a legal person or arrangement who are entitled to benefit from any trust arrangement ; “Business Group” means a group that consists of a parent company or any other type of legal person exercising control and coordinating functions over the rest of the group, together with branches or subsidiaries that are subject to AML and CFT policies and procedures at the group level ; Revocation and savings provisions Interpretation

B 842 “Business relationship” means an arrangement between a person and a Financial Institution or Designated Non-Financial Institution for the purpose of concluding a transaction ; “Business relationship” means any arrangement between a Designated Non￾Financial Institution and a customer, client or business which purpose is to facilitate the carrying out of a transaction between the parties on a frequent, habitual or regular’ basis ; “BVN” means Bank Verification Number ; “Central Bank” means Central Bank of Nigeria ; “Competent authority” means any agency or institution concerned with combating money laundering, terrorist financing or proliferation financing under the Acts or under any other laws or regulations ; “Correspondent banking” means the provision of banking services by one bank (the correspondent bank) to another bank (the respondent bank) ; “CAC” means the Corporate Affairs Commission ; “CBT Reports” means Cash Based Transaction Reports required by section 5 of MLPPA ; “CBTRs” means Cash Based Transaction Reports ; “CDD” means Customer Due Diligence ; “CTR” means Currency Transaction Report in accordance with section 10 of MLPPA ; “Current AML and CFT legislation” means the Money Laundering (Prevention and Prohibition) Act, 2022 and Terrorism (Prevention and Prohibition) Act, 2022 ; “Customer” includes client; “Cross-border transaction” means any transaction where the originator and beneficiary are located in different jurisdictions ; “Dealers in high value goods” means a person or business that deals with a single or a set of goods or items worth over five million naira ; “DNFBPs” includes — (a) Designated Non-Financial Businesses and Professions which shall be as defined under the MLPPA and shall include other businesses and professions as may be designated by the Minister of Industry, Trade and Investment; and (b) dealers in jewelry, cars and luxury goods, chartered accountants, audit firms, tax, clearing and settlement companies, legal practitioners, hotels, casinos, supermarkets, consultants and consulting firms, dealers in mechanized farming equipment and machineries, mortgage brokers, practitioners of mechanized farming, pool betting, higher value dealers, construction companies or such other business undertakings as the Minister of Industry, Trade and Investment or other appropriate regulatory authority may from time to time designate ; “ECDD” means Enhanced Customer Due Diligence ; “EFCC” means Economic and Financial Crimes Commission ; “False disclosure” means a misrepresentation of the value of currency or bearer negotiable instruments being transported, or a misrepresentation of other relevant data which is asked for in the disclosure or otherwise requested by the authorities ;

B 843 “Financial Group” means a group that consists of a parent company or of any other type of legal person exercising control and coordinating functions over the rest of the group, together with branches and subsidiaries that are subject to AML and CFT policies and procedures at the group level ; “Financial Institution” includes banks, body corporate, associations or group of persons, whether corporate or incorporate which carries on the business of investment and securities, a discount house, insurance institution, debt factorization and conversion firm, bureau de change, finance company, money brokerage firm whose principal business includes factoring, project financing, equipment leasing, debt administration, fund management, private ledger service, investment management, local purchase order financing, export finance, project consultancy, financial consultancy, pension funds management and such other business as the Central Bank or other appropriate regulatory authorities may from time to time designate ; “FATF” means Financial Action Task Force ; “Funds” refers to acquired assets of any kind whether tangible or intangible, movable or immovable, and legal documents or instruments in any form, including electronic or digital, evidencing title to or interest in such assets, including bank credits, travellers cheques, bank cheques, money orders, shares, securities, bonds, drafts or letters of credit ; “Immediately” means spontaneous, instantly, rapidly, straightaway, take action in a timely manner, without delay or within 72 hours ; “Hotels and Hospitality industry” means a groud of businesses engaged in providing hotel services, lodging and restaurants; “Legal persons” means bodies corporate, foundations, partnerships, associations, or any similar bodies that can establish a permanent client’s relationship with a Designated Non-Financial Businesses and Professions or otherwise own property ; “Legal practitioners, notaries public and accountants” means sole practitioners, partners or employed professionals within professional firms and does not refer to “internal” professionals that are employees of other types of businesses, nor to professionals working for government agencies, who are already subject to measures designed to combat money laundering ; “lottery” or “lotteries” have the same meaning as in the MLPPA and the TPPA, and includes any game, scheme, arrangement, system, plan, promotional competition or device for the distribution of prizes by lot or chance, or as a result of the exercise of skill and chance or based on the outcome of sporting events or any other game, scheme, arrangement, system, plan, competition or device, which the President may by notice in the Gazette declare to be lottery and which shall be operated according to a licence ; “Minister” means the Minister charged with responsibility for matters pertaining to Trade and Investment ; “MLPPA” means Money Laundering (Prevention and Prohibition) Act, 2022 ; “Money Service Business” includes currency dealers; money transmitters; cheque cashers; and issuers of travelers’ cheques, money orders or stored value ;

B 844 “NFIU” means Nigerian Financial Intelligence Unit and refers to the central unit responsible for receiving, requesting, analyzing and disseminating information to the competent authorities disclosures of financial information concerning the suspected proceeds of crime and potential financing of terrorism ; “NGO” means Non-Governmental Organization ; “NIN” means National Identification Number ; “NPO” means Non-Profit Organization ; “Non-profit Organization or Non-governmental Organization” means a legal entity or organization that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal purposes, or for the carrying out of other types of ‘social works; “One-off Transaction” means any transaction carried out other than in the course of an established business relationship .It is important to determine whether an applicant for business is undertaking a one-off transaction or whether the transaction is or will be part of a business relationship as this can affect the identification requirements; “pari-mutuel” refers to a system of betting on races whereby the winners divide the total amount bet, after deducting management expenses, in proportion to the sums they have wagered individually, and may be used to refer to a machine that records such bets and computes the payoffs ; “pari-mutuel machine” means an electronic machine that registers bets in pari-mutuel betting as they are made and calculates and posts the changing odds and final payoffs; “Person with significant control” means any person — (a) directly or indirectly holding at least 5% of the shares or interest in a company or limited liability partnership ; (b) directly or indirectly holding at least 5% of the voting rights in a company or limited liability partnership ; (c) directly or indirectly holding the right to appoint or remove a majority of the directors or partners in a company or limited liability partnership ; (d) otherwise having the right to exercise or actually exercising significant influence or control over a company or limited liability partnership ; or (e) having the right to exercise, or actually exercising significant influence or control over the activities of a trust or firm whether or not it is a legal entity, but would itself satisfy any of the first four conditions if it were an individual ; “PEPs” means Politically Exposed Persons” and includes — (a) Foreign PEPs - individuals who are or have been entrusted with prominent public functions by a foreign country, for example, Heads of State or government, senior politicians, senior government, judicial or military officials, senior executives of State owned corporations and important political party officials; (b) Domestic PEPs - individuals who are or have been entrusted domestically with prominent public functions, for example, Heads of State or government, senior politicians, senior government, judicial or military officials;

B 845 senior executives of State owned corporations and important political party officials; or (c) persons who are or have been entrusted with a prominent functions by an international organization and includes members of senior management such as directors, deputy directors and members of the board or equivalent functions; (Definifion of PEPs above is not intended to cover middle ranking or more junior individuals in the foregoing categories); “President” means the President of the Federal Republic of Nigeria ; “Proceeds” means any property or assets derived from or obtained, directly or indirectly, through the commission of an offence or an unlawful activity ; “Property” means assets of every kind, whether corporeal or incorporeal, moveable or immoveable, tangible or intangible, and legal documents or instruments evidencing title to, or interest in such assets ; “Public Officers” means individuals who are or have been entrusted with prominent public function, both within and outside Nigeria and those associated with them ; “Regulators” means competent regulatory authorities responsible for ensuring compliance of Financial Institutions and Designated Non-Financial Businesses and Professions with requirements to combat money laundering, terrorist financing and proliferation financing ; “Regulatory Authority” means an independent government body established by law to set standards in a specific field of activity or operation in a sectot of economy and ensure the compliance of those standard; “Relevant authority” means an authority, persons or body designated pursuant to legal framework with supervisory jurisdiction; “Risk” means an authority, person or body pursuant to an enabling legal framework with certain an supervisory jurisdiction; he risk of money laundering or terrorism financing ; “SCUML” means Special Control Unit against Money Laundering, a department under the EFCC ; “Self-Regulatory Organization” or “SRO” means a professional body or faith based organization registered under the Law that represents its members (e.g. lawyers, accountants, Doctors, Pharmacists, Nurses, Engineering, auditors, Estates, Car Dealers, Hotel owners, Transporters and other professional or religious organizations, and which is made up of members from the profession. A Self-Regulatory Organization has a role in regulating the persons that are qualified to enter and who practice in the profession, and also performs certain supervisory or monitoring type of functions; and such bodies should enforce rules to ensure that high ethical and moral standards are maintained by those practicing the profession ; “STR” means Suspicious Transactions Report ; “Suspicious” means a matter which is beyond mere speculations and is based on available facts ; “Suspicious Transaction” means a deal or business which is unusual because of its size, volume, type or pattern or otherwise suggestive of known money laundering or terrorist financing methods, and includes such transaction that

B 846 is inconsistent with a client’s or customers known, legitimate business or personal activities or normal business for that type of account or that lacks an obvious economic rationale ; “Terrorist” has the same meaning ascribed to it under the Terrorism (Prevention and Prohibition) Act, 2022 ; “Terrorist act” means a conduct which constitutes an offence under the Terrorism (Prevention and Prohibition) Act, 2022 ; “TPPA” means Terrorism (Prevention and Prohibition) Act, 2022 ; “Terrorism Financing” means financial support, in any form, of terrorism or of those who encourage, plan, or engage in terrorism ; “Those who finance terrorism” means any person, group, undertaking or other entity that provides or collects, by any means, directly or indirectly, funds or other assets that may be used, in full or in part, to facilitate the commission of terrorist acts, or to any persons or entities acting on behalf of, or at the direction of such persons, groups, undertakings or other entities and it includes those who provide or collect funds or other assets with the intention that they shall be used or in the knowledge that they are to be used, in full or in part, in order to carry out terrorist acts ; “Transaction” means — (a) acceptance of deposit and other repayable funds from the public ; (b) lending ; (c) financial leasing ; (d) money transmission service ; (e) issuing and managing means of payment, for example, credit and debit cards, cheques, travelers’ cheque and bankers’ drafts, etcetera ; (f ) financial guarantees and commitment ; (g) trading for account of customer (spot-forward, swaps, future options, etc.) in — (i) money market instruments (cheques, bills CDs, etc.), (ii) foreign exchange, (iii) exchange interest rate and index instruments, (iv) transferable securities, and (v) commodity futures trading; (h) participation in capital markets activities and the provision of financial services related to such issues ; (i) individual and collective portfolio management ; (j) safekeeping and administration of cash or liquid securities on behalf of clients ; (k) life insurance and all other insurance related matters ; and (l) money changing ; “Trustees” include paid professionals or companies or unpaid persons who hold the assets in a trust fund separate from their own assets. They invest and dispose of the assets in accordance with the settlor’s trust deed, taking into account any letter of wishes. There may also be a protector who may have power to veto the trustee’s proposals or remove them, or a custodian trustee, who holds the assets to the order of the managing trustees;

B 847 Citation “USD” means United States Dollars ; “Wire transfer” means any transaction carried out on behalf of a natural person or legal originator through a Financial Institution by electronic means with a view to making an amount of money available to a beneficiary or person at another financial institution, irrespective of whether the originator and the beneficiary are the same person ; and “Without delay” means immediately or not later than 72 hours. 43. These Regulations may be cited as Economic and Financial Crimes Commission (Anti-Money Laundering, Combating the Financing of Terrorism and Countering the Proliferation Financing of Weapons of Mass Destruction for Designated Non-Financial Businesses and Professions and Other Related Matters) Regulations, 2024.

B 848 SCHEDULES FIRST SCHEDULE [Regulations 4(1) and 7(1)(i)] DESIGNATED NON-FINANCIAL BUSINESSES AND PROFESSIONS (1) Business outfits dealing in jewelries ; (2) Car dealers ; (3) Dealers in luxury goods ; (4) Chartered accountants ; (5) Audit firms ; (6) Tax consultants ; (7) Clearing and forwarding companies ; (8) Legal practitioners ; (9) Hotels ; (10) Casinos ; (11) Supermarkets ; (12) Dealers in Precious Stones and Metals ; (13) Law Firms, notaries an and other independent legal professionals ; (14) Accountants and Accounting Firms ; (15) Trust and company service providers ; (16) Dealers in Real Estate, Estate Developers, Estate agents and brokers; (17) Estate surveyors and Valuers ; (18) Mortgage brokers ; (19) Hotels and Travel Agencies ; (20) Consultants and Consulting companies; (21) Construction Companies ; (22) Importers and Dealers in automobiles ; (23) Practitioners of mechanized farming ; (24) Pool betting and lottery ; and (25) Dealers in high value goods.

B 849 SECOND SCHEDULE [Regulations 12(b)] FREQUENCY OF STATUTORY REPORTS AND PROGRAMMES PEP Report. Testing of Adequacy of AML/CFT Compliance. Additional AML/CFT/ CPF Risks. Training Plan Employee Money Laundering and Training Programs. Returns on United Nations Security Council Resolutions (UNSCRs) and other Terrorism Financing Designated Sanction Lists Currency Transaction Report Reports on transactions of all customers who are PEPs irrespective of amount shall be filed and sent to SCUML monthly, and where there is no transaction involving PEPs, a nil report shall be filed. Reports on all transactions conducted for and on behalf of Politically Exposed Persons The CCO is required to test and determine the adequacy of the AML/ CFT framework and identify area of potential risks not covered by the AML/CFT regulations. The CCO is required to review, identify, and record other areas of potential money laundering risks not covered by the Regulation and the same to the Board Audit Committee (for publicly quoted DNFBPs). Capacity Development Department shall develop an action plan for training in collaboration with SCUML. Training/Capacity Development of every DNFBP is required to render quarterly returns on their level of compliance with the training plan to SCUML. DNFBPs are required to deploy appropriate software/technology for compliance. All transaction exceeding N5M for individual and N10M for body corporate shall be filed to SCUML on a weekly basis.Penalty:Each unreported transac￾tions shall attract a fine of N50,000 for each day of the breach. Monthly. Monthly. Bi-Annually (June and December). Quarterly. Annually. Annually. Bi-Annually. As the need arises. Weekly Item Description Frequency

B 850

1. Prohibition on acceptance and receipt of cash payments above the stipulated thresholds in section 2 of ML(PP)A 2022.
2. Identification of customers/client with valid official identification documents.
3. Declaration of business activities to SCUML.
4. Reporting of occasional cash transaction.
5. Put in place policies procedures and control to detect and report suspicious transaction
6. Filing of Suspicious Transaction Reports. Acceptance or receipt of cash payments above the stipulated thresholds in section 2 of ML(PP)A 2022. Failure to obtain valid official identification documents before commencement of business transaction. Failure to make declaration of business activities to SCUML. Failure to report cash transactions in excess of $1,000 or its equivalent in other currencies. Failure to put in place policy, procedures and control to detect and report suspicious transaction Failure to file Suspicious Transaction Report. A fine of N4,000,000 A fine of N2,000,000 A fine of N200,000 A fine of N50,000 for each unreported transaction. A fine of N2,000,000 A fine of N2,000,000 A fine of N2,000,000 A fine of N1,000,000 A fine of N100,000 A fine of N50,000 for each unreported transaction. A fine of N1,000,000 A fine of N1,000,000 In aggravated circumstances, criminal prosecution in accordance with the ML(PP)A

In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, criminal prosecution shall apply. THIRD SCHEDULE [Regulation 39 (2), (4) and (5)] ADMINISTRATIVE SANCTIONS FOR DNFBPs INTERNAL PROCEEDURES AND POLICIES S/N Required Offence Professions Businesses Other Penalties Action

B 851 7. Mandatory Disclosure by DNFBPs. 8. Conduct Targeted Financial Sanctions. 9. Registration for the Nigeria Sanction Committee Alert System. 10. Obtaining business or professional license for operating a Designated Non￾Financial Business and Profession. Failure to report any transactions, lodgment or transfer of funds in excess of N5million or its equivalent in the case of an individual or N10,000,000 or its equivalent in the case of body corporate, within seven(7) days of completion. Failure to Screen their customers and customer transactions in line with United Nations Consoli￾dated List and Nigeria Sanctions List to ensure that proscribed individuals and entities do not have control and access to DNFBPs whether directly or indirectly. Failure to register for the Nigeria Sanction Committee Alert System. Operating a Designated Non￾Financial Business and Profession without a requisite business or profession license. A fine of N100,000 for each unreported transaction. A fine of N1,000,000 A fine of N500,000 A fine of N2,000,000 A fine of N100,000 for each unreported transaction. A fine of N500,000 A fine of N300,000 A fine of N2,000,000 In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, criminal prosecution shall apply. In aggravated circumstances, a fine of N1,000,000 shall apply. In aggravated circumstances, criminal prosecution shall apply.

B 852 11. Mandatory Maintenance of records in a manner that permits reconstruction of individual transaction. 12. Communication of AML/CFT/CPF policies and Procedures to employees. 13. Appointment of Compliance Officers at management level with clearly defined roles and responsibilities. 14. Implement and approve annual AML/CFT/CPF Training for all categories of employee. Maintenance of records in a manner that permits reconstruction of individual transaction. Failure to ensure that every employee is trained on the DNFBP’s written AML/CFT/CPF policies and procedure with evidence of assigned undertaken of understanding. Failure to appoint a compliance officer at management level with clearly defined roles and responsibilities Failure to implement an approved annual AML, CF Tand CPF training for all categories of employees. N300,000 and a warning letter. A fine of N200,000 with evidence of a revised AML, CFT and CPF policies and procedures. A fine of N150,000 with evidence of a appointment of compliance officer at management level. N300,000 N200,000 and a warning letter. A fine of N100,000 with evidence of a revised AML, CFT and CPF policies and procedures. A fine of N150,000 with evidence of a appointment of compliance officer at management level. N150,000 N500,000 shall apply if the violation becomes recurrent after one (1) year a SCUML examiner observed the violation. Report to relevant SRO for additional punishment such as suspension, revocation or withdrawal of license. For non￾compliance for a period of six (6) months after examination, a fine of N500,000 with evidence of a revised AML, CFT and CPF policies and procedures. For non￾compliance for a period of six (6) months after examination, a fine of N500,000 with evidence of appointment of compliance officer at management level. Where the violation becomes recurrent for more than two (2) years maximum penalty of N1,000,000 shall apply.

B 853 15. Classification of Customers into Risk Categories and apply Customer Due Diligence accordingly. 16. Putin Place ML, TF and PF risk classification system in accordance with the National Risk Assessment and Risk Based Guidance issued by SCUML from time to time. 17. Obtain informa￾tion on beneficial owners in transac￾tions where the customer is an intermediary or representative of another party in all circumstances or form such representation may take. 18. Remedial Action￾Preparation and maintenance of records of observed deficiencies in the AML, CFT and policies and procedures of the DNFBPs and records of remedial actions taken by the Internal Audit Failure to classify customers into Risk Categories and apply Customer Due Diligence accordingly. Failure to classify ML, TF and PF risks. Failure to put in place guidelines for risk assessment and profiling of customers. Failure to carry out risk assessment and profiling of each customer. Failure to obtain information on beneficial owners in transactions where the customer is an intermediary or representative of another party in all circumstances or form such repre￾sentation may take. Failure to prepare and maintain records of observed deficiencies in the AML, CFT and CPF policies and procedures of the DNFBPs and records of remedial actions. Warning letter N250,000 N500,000 N100,000 and a warning letter. Warning letter N250,000 N250,000 N50,000 and a warning letter. A penalty of N500,000 shall apply if the violation becomes recurrent after one (1) year a SCUML examiner observed the violation. A penalty of N500,000 shall apply if the violation becomes recurrent after one(1)year a SCUML examiner observed the violation. A penalty of N1,000,000 shall apply if the violation becomes recurrent after one(1) year a SCUML examiner observed the violation. Report to relevant SRO for further necessary sanctions.

B 854 19. Management or compliance Officer shall not override approved AML/CFT/CPF controls. 20. Put in place mechanism for monitoring of Politically Exposed Persons transactions 21. Internal Audit shall have the competency to conduct oversight of AML, CFT and CPF compliance function of the DNFBP. 22. Inter Audit shall periodically review and conduct in dependent testing of compliance policies and procedures and follow up on the finding. Override of AML/ CFT/CPF controls by the management or compliance officer. Failure put in place mechanisms to monitor transactions linked to PEPs. Failure of the internal audit department to competently conduct oversightofthe compliance function. Failure of the Internal audit to periodically review and conduct independent testing of compliance policies and procedures and follow up on the finding. N500,000 N500,000 N250,000 N150,000 N250,000 N300,000 N150,000 N100,000 Suspension of professional license for two years where the persons involved are licensed professionals and are employed in such professional capacity. A penalty of N1,000,000 shall apply if the viola￾tion becomes recurrent after two (2) years that a SCUML examiner observed the violation Report to relevant SRO for additional punishment such as suspension, revocation or withdrawal of license. Where the violation becomes recurrent for more than two (2) years maximum penalty of N500,000 shall apply. For non￾compliance for a period of six (6) months after examination, a fine of N500,000 with evidence of compliance.

B 855 Note : These administrative sanctions shall separately apply for each infraction observed. 23. Review and update of AML/CFT/CPF Policies and Procedures after every three (3) years. A fine of N200,000 with evidence of a revised AML, CFT and CPF policies and procedures. A fine of N100,000 with evidence of a revised AML, CFT and CPF policies and procedures. In aggravated circumstances, a fine of N500,000 with evidence of a revised AML, CFT and CPF policies and procedures. MADE at Abuja this 15th day of May, 2024. LATEEF OLASUNKANMI FAGBEMI, SAN Honourable Attorney-General of the Federation and Minister of Justice EXPLANATORY NOTE (This note does not form part of these Regulations but is intended to explain its purport) These Regulations seek to provide implementation guidelines for the registration and effective supervision of Designated Non-Financial Businesses and Professions (DNFBPs), make provisions for administrative sanctions for DNFBPs, strengthen the existing system for combating money laundering, terrorists financing and proliferation financing against weapons of mass destruction, make provisions for developing sector specific guidelines for supervision of DNFBPs, and develop and enhance compliance culture and strategy for DNFBPs. Failure to review and update AML/ CFT/CPF Policies and Procedures after three (3) years.