Instruction No. 001/2023-CSBF amending Instruction No. 006/2007-CSBF on the prevention and fight against money laundering and terrorist financing, as amended by Instruction No. 001/2022-CSBF of June 27, 2022

BANKY FOIBEN'I MADAGASIKARA COMMISSION DE SUPERVISION BANCAIRE ET FINANCIERE

INSTRUCTION No. 001/2023-CSBF amending Instruction No. 006/2007-CSBF on the prevention and fight against money laundering and terrorist financing, as amended by Instruction No. 001/2022-CSBF of June 27, 2022

The Banking and Financial Supervision Commission (CSBF),

Having regard to Law No. 2020-011 of September 1, 2020 on banking law,

Having regard to Law No. 2018-043 of February 13, 2019 on the fight against money laundering and terrorist financing,

Having regard to Law No. 2017-026 of February 8, 2018 on microfinance,

Having regard to Law No. 2016-056 of February 2, 2017 on electronic money and electronic money institutions,

Having regard to Instruction No. 001/2022-CSBF of June 27, 2022 amending and supplementing Instruction No. 006/2007-CSBF on the prevention and fight against money laundering and terrorist financing,

DECIDES

Article 1. – Purpose The present instruction aims to amend and/or supplement certain provisions of Instruction No. 006/2007-CSBF on the prevention and fight against money laundering and terrorist financing, as amended by Instruction No. 001/2022-CSBF of June 27, 2022, referred to as the "AML/CFT Instruction".

Section 1 – Amended Provisions

Article 2. – The provisions of Articles 11, 17, 19, 21, 22, 32, 34, and 46 of the AML/CFT Instruction are amended and/or supplemented as follows:

New Article 11 - Subject establishments may, under the conditions defined in Article 16(e) of the aforementioned Law No. 2018-043, resort to third parties to ensure the identification of their clientele. In all cases, subject establishments remain responsible for the identification of their clientele.

When the third parties belong to the same financial group, subject establishments must ensure that:

• the group implements vigilance obligations regarding clientele, document retention, and AML/CFT programs;
• the effectiveness of this implementation is controlled at the group level by a competent authority;
• the group's AML/CFT policies allow for satisfactory mitigation of the highest identified risks.

New Article 17 - Subject establishments must ensure the identity and address of their clients, as well as their beneficial owners, in the following situations:

• before establishing a contractual relationship, opening an account or passbooks, holding securities, values, or bonds, assigning a safe deposit box, or establishing any other business relationship;
• as soon as possible for existing clients, and at the latest when a significant transaction occurs, when identification document standards change substantially, when a significant modification occurs in how the account operates, and when the establishment realizes it lacks information on an existing client;
• when they have doubts regarding the accuracy or relevance of previously obtained data;
• as soon as there is a suspicion of money laundering or terrorist financing regarding the clients.

Verification must be updated whenever there is a change, particularly regarding the client's status, situation, nature of the business relationship, and other relevant information that could generally affect the business relationship.

Identification and identity verification obligations will be considered fulfilled by subject establishments upon obtaining and retaining all of the following information elements:

• surname;
• first name(s);
• age or date of birth;
• address;
• mobile phone number;
• profession.

In addition to the client segmentation applied internally, subject establishments must define policies and apply procedures for client classification prior to entry and throughout the business relationship. Client classification must align with each client's profile and exposure to money laundering and/or terrorist financing risk.

Client classification criteria are set by circular of the CSBF President.

Subject establishments must assign a money laundering and/or terrorist financing rating to each client based on identified risks, particularly related to the client's profile, geographic factor, transaction types, and sectors of activity.

The rating to be applied for a client may be low, medium, or high.

Documents, data, or information collected as part of the client identification process must be kept up to date and subject to regular verification of their relevance, by reviewing existing files, particularly for client categories presenting higher risk.

New Article 19 - The identification of a legal person or a legal entity without legal personality is carried out based on the original or a certified copy of any official act or extract from the registry confirming its name, legal form, and registered office, as well as the powers of persons acting on its behalf, notably by producing the articles of association and any document establishing that it has been legally registered and has a real existence at the time of identification.

Subject establishments ensure, under the same conditions set forth in paragraph 2 of the preceding article, the true identity and address of persons authorized to act on behalf of the legal person or legal structure to be identified.

Subject establishments must possess the necessary information to understand the ownership and control structure of the legal person and the legal entity without legal personality and determine the natural persons who ultimately own or control them. To this end, they must:

• request the information on the legal person specified in paragraph 1 of this article and obtain the names of persons holding management positions;
• verify whether the client's beneficial owner is a legal person or a legal structure and take adequate measures regarding their identity.

The information required to verify the identity of the beneficial owner of a client that is a legal person or legal entity without legal personality is as follows:

• for legal persons: i) the identity of natural persons who ultimately hold a significant participation; ii) the identity of natural persons exercising control over the legal person by other means, provided that, after applying point i), there are doubts as to whether the person(s) with a controlling participation are the beneficial owner(s) or if no natural person exercises control through a participation; iii) the identity of the natural person holding the position of senior managing official, when no natural person is identified under the implementation of points i) and ii) above;
• for legal entities without legal personality: i) the identity of the settlor of the trust (fiduciary operations), the trustee(s) (agents or administrators), the protector, if any, the beneficiaries or category of beneficiaries, and any other natural person ultimately exercising effective control over the trust; ii) the identity of persons occupying equivalent or similar positions for other types of legal structures.

In the framework of verifying the identity of their corporate clientele, subject establishments are obligated to suspend ongoing business relationships if it turns out that the documents required in paragraph 1 above are forged.

New Article 21 - Subject establishments must be equipped with adequate risk management systems to determine whether a potential client or their beneficial owner is a politically exposed person* or whether an existing client or their beneficial owner becomes a politically exposed person during the business relationship. The status of PEP for the three categories defined in Article 4, point 21 of Law No. 2018-043 of February 13, 2019 on the fight against money laundering and terrorist financing may be extended after the cessation of function or title, based on a risk assessment conducted by the subject establishment.

Authorization from the executive body is required before establishing or continuing a business relationship with a politically exposed person or an existing client who has become a politically exposed person.

New Article 22 - Subject establishments must take all reasonable* measures to identify the origin of the wealth* and funds of clients and beneficial owners identified as politically exposed persons.

They must apply enhanced vigilance measures towards politically exposed persons through the implementation of a risk-based assessment of the business relationship, particularly regarding those holding prominent public functions at the national level.

New Article 32 - Particular vigilance in the identification of the origin and beneficial owner of funds and enhanced vigilance measures

Subject establishments must adopt particular vigilance aimed notably at establishing the origin and beneficial owner of the sums in question regarding:

• all fund transfers, regardless of the receiving or executing medium or the technical procedure used;
• all operations originating from or destined for financial institutions that are not subject to obligations at least equivalent to those provided by this instruction regarding client identification or transaction monitoring, or that are located in countries that do not apply or insufficiently apply the FATF Recommendations.

Fund, securities, or value transfers must be executed in strict compliance with current regulations and in particular foreign exchange regulations.

Subject establishments must apply enhanced vigilance measures towards transactions made by:

• a Politically Exposed Person (PEP);
• Non-Profit Organizations (NPOs), foundations, Non-Governmental Organizations.

In accordance with the provisions of Article 16(f) of Law No. 2018-043 of February 13, 2019 on the fight against money laundering and terrorist financing, subject establishments are required to consider the beneficiary of a life insurance contract as a relevant risk factor to determine whether enhanced vigilance measures are applicable.

When the beneficiary of the life insurance contract is a legal person or a legal entity without legal personality and the subject establishment establishes that it presents a higher risk, the latter takes additional and enhanced vigilance measures regarding the business relationship, including appropriate measures to identify and verify the identity of the beneficial owner of the life insurance contract at the time of benefit payment.

New Article 34 - For all wire transfers, subject establishments of the ordering party must obtain and retain information regarding the ordering party of the wire transfer and the beneficial owners of the wire transfers, referred to as complete information and listed below, and verify the accuracy of this information:

• their name;
• their bank account details;
• and their address.

In accordance with the provisions of Article 16(d) of Law No. 2018-043 of February 13, 2019, if subject establishments, intermediaries, or beneficiaries receive electronic transfers that do not contain complete information on the ordering party, they take arrangements to obtain the missing information from the issuing institution or the beneficiary in order to complete and verify it.

Subject establishments incorporate these arrangements into their policy document to decide when to execute, reject, or suspend electronic transfers not accompanied by the required information on the ordering party or beneficiary and the consequent appropriate actions.

New Article 46 - All documents relating to both national and international operations, including transactions that were not completed and those carried out with occasional clients, must be retained for the following durations or longer if a competent authority requests it in specific cases and for the fulfillment of their mission:

• for client identity documents: for at least 5 years after account closure or cessation of relations;
• for documents relating to operations carried out by clients and reports on transaction monitoring: at least 5 years after execution of the operation; this information must be sufficiently recorded to allow reconstruction of the transactions;
• for account books, commercial correspondence carried out by clients, and any analysis of client operations: at least 5 years after cessation of business relations.

The probative value of electronic archiving is admitted for document retention, subject to proof to the contrary by any interested party in case of dispute. »

Section 2 - Miscellaneous and Final Provisions

Article 3 – All provisions contrary to this instruction are hereby repealed.

Article 4 – The CSBF President is authorized to specify by circular the implementation modalities of the provisions of this instruction.

Article 5 – This instruction enters into force upon its notification to the professional associations of banks, microfinance institutions, and electronic money establishments and its publication on the BFM website.

Done in Antananarivo, on July 4, 2023

For the Commission, THE PRESIDENT, Aivo H. ANDRIANARIVELO