Central Bank of Haiti

GUIDELINES FOR SAVINGS AND CREDIT COOPERATIVES

These guidelines summarize the main legal obligations to which savings and credit cooperatives (SCCs) are subject, and highlight the measures they must inevitably take, in accordance with the provisions of the Decree of April 30, 2023, sanctioning money laundering, terrorist financing, and the financing of proliferation of weapons of mass destruction.

The Central Bank of Haiti (BRH), as part of its annual and ad hoc inspections, will verify the mechanisms put in place by these institutions to detect and prevent money laundering, terrorist financing, and proliferation, and will take all sanctions and measures in case of non-compliance with legal and regulatory obligations.

1. Prevention Program

SCCs are required to implement a prevention program for money laundering, terrorist financing, and proliferation.

This program must reflect the nature, scale, and complexity of the institution's activities and must include the following elements:

a) policies, procedures, and internal controls, including compliance control mechanisms, and appropriate procedures during employee hiring, to ensure it is carried out according to stringent criteria;

b) the centralization of information on client identities, beneficial owners, principals, beneficiaries, and proxy holders, agents, and on suspicious transactions;

c) the appointment of a compliance officer and the designation of compliance officers at the central administration, each branch, and service point;

d) the development of a continuous training program for employees;

e) an internal control mechanism to verify compliance, observance, and the effectiveness of measures adopted for the enforcement of laws sanctioning money laundering, terrorist financing, and proliferation;

f) the establishment of an independent compliance control testing mechanism for anti-money laundering;

g) risk assessment and risk classification based on the SCC's activities and clientele; and

h) the handling of suspicious transactions.

The prevention program must be approved by the SCC's board of directors.

---

1.1. Policies, Procedures, and Methods

SCCs are required to develop a compliance program comprising written policies, procedures, and methods that enable the identification of risk factors and the assessment of money laundering and terrorist financing risks associated with their activities.

Policies, procedures, and methods must be approved by the board of directors and kept up to date. They must be clearly communicated to all management personnel involved in client interactions.

Policies and procedures must cover all reporting, record-keeping, document retention, client identification, control, assessment, and risk mitigation obligations applicable to the SCC. They must be integrated into the SCC's overall risk management strategy and include appropriate steps to prevent, detect, assess, monitor, manage, and continuously mitigate money laundering and terrorist financing risks related to clients, countries or geographic areas, or products, services, new technologies, operations, and distribution channels.

Policies and procedures must also cover the handling of international sanctions (United Nations list or others), and the procedures for freezing assets in the context of combating terrorist financing and proliferation.

Policies, procedures, and methods must apply to all service points.

SCCs are also required to develop appropriate selection procedures ensuring the recruitment of employees according to stringent criteria.

1.2. Centralization of Information

SCCs must establish an IT system enabling data centralization.

1.3. Appointment of a Compliance Officer

Every SCC must appoint a compliance officer. This officer must be a senior executive of the institution, selected based on competence, experience, integrity, and professional ethics. They must understand the institution's functions and structure, and be aware of the risks and vulnerabilities related to money laundering and terrorist financing in their sector of activity, as well as the trends and typologies characterizing these threats. They must report directly to the board of directors on all matters related to combating money laundering, terrorist financing, and proliferation.

The compliance officer's responsibilities include:

• ensuring the enforcement of legislation and regulations;
• enforcing internal procedures and methods;
• identifying deficiencies and making appropriate recommendations;

---

1.4. Risk Assessment

The prevention and compliance program must include an assessment of money laundering and terrorist financing risks. This risk-based approach must include the following elements:

a) identification and assessment of risks related to the institution's activities;

b) implementation of certain measures to mitigate identified risks;

c) updating client identity and beneficial owner information;

d) enhanced monitoring of financial transactions presenting higher risks.

Risk assessment is an analysis of the money laundering and terrorist financing threats and weaknesses presented by the SCC's activities. This assessment varies notably according to the cooperative's size, geographic location, and activities conducted.

Risk assessment requires that employees be well-versed in the institution's activities and exercise judgment to evaluate money laundering risks. This assessment must not be static and must be updated at least every twelve (12) months.

SCCs must consider the nature and activities of their clients. Knowing one's client goes beyond verifying identity or keeping verification documents. It involves understanding who the clients are, what activities they conduct, their operational models, and how they manage their affairs. Furthermore, identification verification information must be reviewed at least every two (2) years for high-risk situations and every three (3) years for low-risk cases. Risk mitigation measures must be included in policies and procedures.

SCCs are also required to apply due diligence measures to existing clients based on the risks they represent.

---

1.5. Continuous Training

The prevention and compliance program must include a training component. All employees who interact with clients, have knowledge of client transactions, handle funds in any way, or are responsible for implementing or monitoring the compliance regime must understand reporting obligations, client identification, and record-keeping.

The training program must be documented in writing and kept up to date. Procedures regarding the frequency and method of training should be established. It should specify participant categories, topics to be covered, and training session frequency. Each new employee must be trained before beginning work with clients. Program updates should occur periodically to keep all stakeholders informed of legislative and regulatory changes. The training method will depend on the SCC's size and the complexity of its activities.

1.6. Internal Control Mechanisms and Independent Testing

SCCs must exercise constant vigilance and establish an organizational structure and internal procedures to ensure compliance with legal provisions and enable operations managers to prevent and identify any attempts at money laundering or terrorist financing. One of the roles of this control is to prevent the financial system from being used for money laundering, terrorist financing, or proliferation, and to minimize the risks faced by institutions.

This internal control system must include, among other things:

• a control mechanism for internal anti-money laundering, terrorist financing, and proliferation policies, procedures, and methods;
• a structure ensuring the confidentiality of information processing;
• measures to identify money laundering, terrorist financing, and proliferation risk elements, and systems for assessing these risks;
• a monitoring system that can ensure control over money laundering, terrorist financing, and proliferation risks;
• a centralized documentation and information system;
• an information system on compliance initiatives, deficiencies in this area, and corrective measures taken.

The control system in place must extend to all components of the institution. Every institution is therefore required to take necessary measures to guarantee the strict application of existing policies, procedures, and methods, especially those related to money laundering, terrorist financing, and proliferation.

During periodic independent tests regarding compliance with internal procedures or risk monitoring, a specific verification on the money laundering, terrorist financing, and proliferation aspect must be conducted by the cooperative's internal audit.

Inspections may specifically apply to the following areas:

• assessment of the quality of risk management and control for all operations and across all branches and service points;
• interviews with operations staff and their supervisors to evaluate their level of knowledge and adherence to the institution's adopted anti-money laundering, terrorist financing, and proliferation procedures;
• compliance with account opening and closing procedures;
• review of a sample of document filing forms and suspicious financial transaction report forms;
• verification of the record-keeping system;
• existence of supporting documents attached or referenced to accounting records;
• branches' and operations managers' knowledge of the clientele, considering the following: professional activity, account functioning, financial situation, and accounting/financial documentation consistent with granted credits and business volumes. Particular attention must be paid to the economic justification of transactions and their adequacy with the known situation of the clientele;
• staff's knowledge of internal anti-money laundering rules.

The results of any inspection must be reported to the board of directors. Depending on the cooperative's hierarchical structure, matters related to measures taken or to be taken and related timelines must be known and disclosed to executing personnel.

1.7. Handling of Suspicious Transactions

SCCs must develop and implement policies regarding the identification and follow-up of unusual or suspicious transactions. These policies must define what is considered suspicious or unusual and provide examples in this regard.

Identification of unusual or suspicious transactions can be done through transaction monitoring, information from third parties (journals, internet, etc.), and the SCC's knowledge of the client's environment.

2. Client (Member) Identification and Due Diligence Obligation

In accordance with the provisions of the Decree of April 30, 2023, SCCs are required to identify their clients (members, auxiliary members), their clients' agents, proxy holders, beneficial owners, and verify their identity using documents, data sources, or independent and reliable information during:

1. the establishment of a business relationship;

---

2. the execution of occasional transactions exceeding the regulatory threshold or in case of repeated distinct transactions for an individual amount below the regulatory threshold, or when the lawful origin of funds is uncertain or it involves a funds transfer;

3. electronic transfer transactions (funds transfers);

4. multiple cash transactions, both in gourdes and foreign currencies, when they exceed in total the established threshold and are carried out by and for the account of the same person within a day or at an unusual frequency;

5. the existence of suspicion of money laundering;

6. the existence of suspicion of terrorist financing;

7. doubts regarding the accuracy or relevance of previously obtained client identification data.

SCCs must pay particular attention to client knowledge standards to preserve their reputation and the integrity of the financial system. To avoid exposure to reputational risk, operational risk, and legal risk, SCCs must have appropriate policies, methods, and procedures taking into account, among other things, the following:

a) clear conditions for accepting new clients;

b) precise rules on client and agent identification and constant monitoring;

c) constant monitoring of high-risk accounts;

d) appropriate procedures and means for risk management;

e) due diligence measures for clientele.

2.1. Information Required for Identification

Identifying a natural person according to Article 36 of the Decree of April 30, 2023 implies "obtaining full first and last name, date and place of birth, and primary home address".

Regarding information verification, Article 36 of the aforementioned decree specifies that: "verification of a natural person's identity requires the presentation of an original, valid official document bearing a photograph, of which a copy is taken. Verification of their address is carried out by presenting a document capable of proving it or by any other means".

SCCs must require identification of natural persons by presenting official documents. Information must be collected on the permanent address of identified persons.

Non-resident natural persons must be identified in the same manner as residents. Minor children must be presented by a parent, SCC member, otherwise documentary proof of the child's identity and their legal guardian must be provided.

---

During client identification, a copy of all documents must be made, classified, and centralized by SCCs. Formal controls must be performed regarding the signature, any anomalies on the photograph, and the potential client's physical appearance.

When the client is a legal entity (auxiliary member), identification and identity verification cover "the corporate name, proof of its legal constitution, the registered office address, the identity and powers of directors and corporate officers or their legal equivalents abroad", according to Article 38 of the Decree of April 30, 2023.

Identification also covers, whether for a natural or legal person, the intended object and nature of the business relationship. SCCs must verify client identities using documents, data, or information from reliable and independent sources.

If SCCs cannot comply with the provisions above, they may neither establish nor maintain a business relationship, nor execute an operation for the client. They will determine, in this case, whether to file a suspicious transaction report with the Central Unit for Financial Intelligence (UCREF) or to establish an internal confidential report in accordance with Article 43 of the Decree of April 30, 2023.

2.2. Identification Documents

The following documents and papers must be required during account opening, execution of significant cash transactions (i.e., for a total sum equal to or greater than the threshold established by the BRH), for a high-amount occasional operation, for any transaction carried out under unusually complex or unjustified conditions, for any transaction that appears to lack economic justification or a lawful purpose, or any other transactions.

2.2.1. Natural Persons

a) one (1) original, valid official document bearing a photograph (national ID card, passport, or driver's license);

b) nationality, country of residence, profession, public office and/or employer name, address (full address must be obtained, a P.O. box number is not sufficient), telephone, email;

c) one (1) document proving address: electricity bill, water bill, tax notice, bank statement, etc.

2.2.2. Minor Children

a) birth certificate or archive extract;

b) one (1) original, valid official document bearing a photograph (national ID card, driver's license, or passport) identifying one of the parents and one (1) document proving the parent's address, or

c) one (1) original, valid official document bearing a photograph (national ID card, driver's license, or passport) of the legal guardian and one (1) document proving the guardian's address;

d) court order homologating the family council, if applicable.

---

2.2.3. Legal Entities

Civil Companies

a) contract or agreement creating the company duly registered with the Ministry of Commerce and Industry;

b) company address (full address must be obtained, a P.O. box number is not sufficient), telephone, email;

c) copy of the tax registration card and business license certificate;

d) name(s) and first name(s) of partners;

e) one (1) document authorizing one or more partners to conduct financial transactions and operations;

f) one (1) original, valid official document bearing a photograph (national ID card, passport, or driver's license) identifying proxy partners or beneficial owners;

g) name, first name, profession, address of proxy partners, telephone, email;

h) one (1) document proving the address of proxy partners (electricity bill, water bill, tax notice, bank statement, etc.).

Other Commercial Enterprises

a) copies of the business license certificate, tax registration card, and professional identity card;

b) address (full address must be obtained, a P.O. box number is not sufficient), telephones, email;

c) name(s) and first name(s) of owners and beneficial owners;

d) one (1) document from the owner(s) authorizing persons to conduct financial transactions and operations;

e) one (1) original, valid official document bearing a photograph (national ID card, driver's license, or passport) identifying proxy holders and beneficial owners;

f) name, first name, profession, address of proxy holders and beneficial owners, telephone, email;

g) one (1) document proving the address of proxy holders (electricity bill, water bill, or any other official document, etc.).

Clubs, Associations, Charitable Organizations, Churches

In the case of such entities, SCCs must verify the identity of at least two (2) signatories, in addition to the entity itself. The responsible persons to be identified must be those who control the assets totally or partially, i.e., members of the executive body or committee, the president, a director, the treasurer, and all authorized signatories.

3. Beneficial Owners

SCCs are required to identify the identity of beneficial owners in accordance with the provisions of Articles 40 to 42 of the Decree of April 30, 2023.