CBB Consultation on Proposed Amendments to Module FC Volume 3 for Insurance Licensees

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 1 of 6 Industry Comments General Comments: Ref CBB’s Response An Insurance Company noted that it might be a good opportunity to review the scope of applicability to general insurance. Considering the low risk with general insurance products, the level of applicability of requirements is too high and disproportionate to the risk. As CBB would note that international best practices on this are either to exclude General insurance from scope or to have a lower set of requirements so that the resources are focused primarily on areas where the money laundering risk is high i.e. Life & Savings insurance. FATF acknowledges this fact in their 40 recommendations by excluding general insurance from definition of financial institution. FI as per FATF definition covers only “Underwriting and placement of life insurance and other investment related insurance”. GR1 This is an FATF requirement and must be met. However, licensees may apply simplified customer due diligence where the premium due is a single payment not exceeding BD 6,000 or total premiums due for a single customer do not exceed BD 6,000 per year as mentioned in Paragraph FC-1.6.1 in Module FC of the CBB Rulebook for Volume 3. The definition Financial Institutions also applies both to insurance undertakings and to insurance intermediaries (agents and brokers), mentioned in the FATF paper. IAIS has not excluded general insurance from the scope and even provides examples of cases of general insurance where money laundering was involved as shown in Appendix FC (iv) under Part B. An Insurance Company noted that with reference to KYC verification, Bahrain has a unique benefit in the GCC of having the Ministry of Industry and Commerce publishing the Commercial registration details of all businesses. This CR register provides a lot of information which are required under KYC like CR no., address, date of incorporation, validity of licence, capital, owners & % of shareholding, and Directors and authorized persons. Since this is from the Ministry, this could be used as an authentic source and this GR2 Licensees are responsible for verifying the accuracy of their KYC information obtained by any means.

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 2 of 6 will save of practical difficulties that companies face to validate the same information from other means. An Insurance Company noted that CBB has provided some useful guidance in Part B under the supplemental notes. It will be highly useful and help standardization if CBB can publish sample KYC forms in the same section under Part B. GR3 Disagree. Each Insurance Licensee has to have its own due diligence procedure and own KYC forms that would comply with the CBB requirements. An Insurance Company noted that the return of funds through the same method of payment creates a customer centricity gap. It should be noted that this does not seem appropriate for a long term insurance product (e.g. during a life policy of 20 years clients status will change along with account details and methods of payment and therefore for a return in funds, it would be difficult to determine the appropriate method of payment). This rule will make it difficult for them to accommodate life style changes the customers might have during the long term duration of the product. While they understand what the rule is trying to achieve however they feel that this control does not take into consideration the long term nature of our product. GR4 This is an FATF requirement and must be met. An Insurance Company noted that in relation to the widened definition of PEPs, they need to understand what their day to day client screening obligation is. If it remains to be the screening of clients against databases which would show hits of related parties to the PEPs, then they have no concerns. GR5 Licensees are required to obtain this information to be compliant by any means. An Insurance Company noted that the proposed amendments requires the production of an annual risk assessment report however it is not clarifying what this "risk assessment" should include. We request more clarity in understanding on the expectations of what the risk assessment should include or otherwise the design a standardised template which licensees should follow. GR6 The risk assessment should be based on the firm’s judgment. An Insurance Company noted that they feel that while the changes proposed to the FC module are in the view of meeting the 2012 FATF recommendations, they believe it does not fully capture the essence of the recommendations around "Risk Based Approach (RBA)" advised in the FATF recommendations. They would be expected to perform an annual risk assessment however the proposed changes do not provide a guidance on how this assessment should affect the AML program, this would include the intensity of the GR7 Each licensee must work out its own AML risk assessment as part of good risk management.

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 3 of 6 AML program and resource allocation. Specific Comments: Reference to the draft Directive: Comments REF CBB’s Response FC-1.1.2B Insurance licensees must conduct ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. An Insurance Company noted that they believe that conducting ongoing due diligence for the long term business (Life – Investment Unit Linked Policies) only. However, for Life Term Assurance and General Business they don’t see any risk for AML purposes. Imposing AML requirements for Life Term Assurance and General Business could complicate the business process and affect the industry negatively. SP1 Disagree. This is a FATF requirement and must be met for any financial institution and any business model with no exception. FC-1.1.14 See also Chapter FC-4, which covers the filing of suspicious transaction reports. Regarding the return of funds to the counterparty, if funds are received in cash, funds should be returned in cash. If funds are received by wire transfer, they should be returned by wire transfer. An Insurance Company noted that the customer has the option to choose the method of returning the money (in which format cash, cheque, wire transfer) and this is part of the service they provide to their customers, as such they don’t agree to limit it to the method of receiving the money, specially that the company as part of its due diligence and checks conducted check this matter carefully and if any suspicions are raised it will be reported directly to the authorities. SP2 Disagree. This is a FATF requirement and must be met. However, the Rule will be clarified to explain that the reference to funds returned deals in instances where the due diligence requirements could not be fulfilled and that the transaction must therefore be cancelled, returning the funds paid (such as premiums) by the customer. This does not refer to any benefits paid out from insurance policies issued to customers.

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 4 of 6 An Insurance Company noted that it would be administratively cumbersome to check the payment mode of the client at the time of refund. A way to control could be to specify a cash limit, say, BHD 1,000/- for accepting premiums in cash and/or refund (possibly in FC 2.2.1 where currently it suggests to have cash limits and amount suggestion is based on similar limit set by SAMA in their AML regulation) SP3 See SP2. FC-1.2.8 The information provided under FC-1.2.7 must be verified by obtaining certified copies of the following documents, as applicable (depending on the legal form of the entity): (a) Certificate of incorporation and/or certificate of commercial registration or trust deed; (b) Memorandum of association; (c) Articles of association; (d) Partnership agreement; (e) Board resolution seeking the insurance services (only necessary in the case of private or unlisted companies); (f) Identification documentation of the authorised An Insurance Company noted that with regards to the existing regulations, they just have one comment in relation to section FC 1.2.8, whereby the law requires the companies to verify the information in relation to the Entity's name/registration number by obtaining certified copies. They request the Financial Crime Module to allow the companies to extract the data from a public database to verify the information ( Eg. Ministry of industry and Commerce). SP4 See GR2.

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 5 of 6 signatories of the insurance contract; (g) Copy of the latest financial report and accounts, audited where possible (audited copies do not need to be certified); and (h) List of authorised signatories of the company for the insurance contract and a Board resolution (or other applicable document) authorising the named signatories or their agent to receive any proceeds from the insurance contract or to modify the terms of the contract (resolution only necessary for private or unlisted companies). FC-1.5.3B The requirements for all types of PEP must also apply to family or close associates of such PEPs. FC-1.5.3C For the purpose of Paragraph FC-1.5.3B, ‘family’ means spouse, father, mother, sons, daughters, sisters and brothers. ‘Associates’ are persons associated with a PEP whether such association is due to the person being an employee or An Insurance Company noted that the PEP procedure will be applied to their customers only, they don’t agree to extend the check to their family members and close associates as in general the AML risk in insurance industry is very remote and it will be extremely difficult to require additional information about family members as such they don’t believe an extensive checks need to be conducted for family members. SP5 This is a FATF requirement and does not allow for any flexibility in implementation. Licensees are required to obtain this information to be compliant.

Consultation on Proposed Amendments to Module FC Volume 3 Insurance Licensees Industry Comments and Feedback Volume 3 December 2014 Page 6 of 6 partner of the PEP or of a firm represented or owned by the PEP, or family links or otherwise. FC-3.3.1 Insurance licensees must take appropriate steps to identify and assess their money laundering and terrorist financing risks (for customers, countries or geographic areas; and products, services, transactions or delivery channels). They must document those assessments in order to be able to demonstrate their basis, keep these assessments up to date, and have appropriate mechanisms to provide risk assessment information to the CBB. The nature and extent of any assessment of money laundering and terrorist financing risks must be appropriate to the nature and size of the business. An Insurance Company noted that this is a welcome provision but being a new process, it would be good to provide a guidance document on how to undertake this and sample templates. SP6 The risk assessment should be based on the firm’s judgment.