Guidelines Summarizing the Main Legal Obligations of Other Financial Institutions

Bank of the Republic of Haiti

GUIDELINES FOR FINANCIAL INSTITUTIONS

These guidelines summarize the main legal obligations to which financial institutions are subject, and highlight the measures they must inevitably take, in accordance with the provisions of the law of November 11, 2013, penalizing money laundering and terrorist financing, and the law of September 28, 2016, amending the law of November 11, 2013.

The Bank of the Republic of Haiti (BRH), within the framework of its general or periodic inspections, will verify the mechanisms put in place to detect and prevent money laundering and terrorist financing, and will take all sanctions and measures in case of non-compliance with legal and regulatory obligations.

These guidelines apply to: a) development finance companies; b) leasing companies; c) credit card companies; d) investment promotion companies; and e) any other entity designated by the BRH.

1. Prevention Program

The prevention program must reflect the nature, scope, and complexity of the institution concerned and must include the following elements:

1. policies, procedures, and internal controls, including compliance control mechanisms, and appropriate procedures during employee hiring, to ensure it is carried out according to rigorous criteria;
2. the centralization of information on the identity of clients, principals, beneficial owners, beneficiaries and proxy holders, agents, and on suspicious transactions;
3. the designation of a compliance officer and the designation of compliance officers at the level of the central administration, each branch, and each agency;
4. the development of a continuous training program for employees;
5. an internal control mechanism to verify compliance, observance, and the effectiveness of adopted measures;
6. the implementation of an independent testing mechanism for compliance with anti-money laundering measures; and

---

7. an ad hoc risk classification based on the activities of the financial institution concerned as well as its clientele.

The prevention program must be approved by the board of directors of the financial institution.

1.1. Policies, Procedures, and Internal Control Mechanisms

Financial institutions are required to develop a prevention program comprising written policies, procedures, and internal control mechanisms that allow for the consideration of risk factors and the assessment of money laundering and terrorist financing risks presented by their activities. Before establishing a business relationship with a client, the financial institution is required, based on its client acceptance policy, to examine the reputation risks associated with the client's profile and the nature of the business relationship.

Policies, procedures, and mechanisms must be approved by the board of directors and kept up to date. They must be clearly communicated to all executives involved in dealing with clients. Policies and procedures must cover all reporting obligations, document filing, document retention, client identification, control, risk assessment, and risk mitigation that apply to the financial institution.

Policies, procedures, and mechanisms must apply to all branches and subsidiaries, if it is a group as defined in Article 13 of the law of May 14, 2012. In this case, these institutions must include policies and procedures for information sharing within the group for the purpose of customer due diligence and management of money laundering and terrorist financing risks. Adequate guarantees regarding confidentiality and the use of exchanged information must be put in place.

Financial institutions are also required to develop appropriate selection procedures guaranteeing the recruitment of employees according to rigorous criteria.

1.2. Centralization of Information

Financial institutions must have an IT system allowing the centralization of data on the identity of clients, principals, beneficial owners, beneficiaries and proxy holders, agents, and on suspicious transactions.

1.3. Appointment of a Compliance Officer

Any financial institution must proceed with the appointment of a compliance officer. This officer must be a senior executive of the institution, selected based on competence, experience, integrity, and professional ethics. He or she must report directly to the board of directors for all matters related to anti-money laundering.

---

The compliance officer's duties are: a) to ensure the application of legislation and regulations; b) to enforce internal procedures and methods for combating money laundering and terrorist financing; c) to identify deficiencies and make necessary recommendations; d) to propose training programs on a periodic basis; e) to serve as the liaison with the Financial Intelligence Unit (FIU/UCREF); f) to prepare and forward suspicious transaction reports to the FIU; g) to ensure that transaction reports are completed and forwarded to the FIU within the required deadlines; h) to receive and follow up on information requests from the FIU and any other authority acting in the framework of combating money laundering and terrorist financing; i) to exercise due diligence vis-à-vis clients.

1.4. Continuous Training

The prevention program must include a training component. All employees who are in contact with clients, who have knowledge of operations carried out by clients, or who handle funds in any way, or who are responsible for implementing or monitoring the compliance regime, must understand reporting obligations, client identification, and record-keeping.

The training program must be documented in writing and kept up to date. The modalities regarding the frequency and methodology of training should be established. Each new employee must be trained before starting to work with clients. Updates to the program should take place periodically to keep all stakeholders informed of legislative and regulatory changes. The training methodology will depend on the size of the financial institution and the complexity of its activities.

1.5. Internal Control Mechanism

Financial institutions must exercise constant vigilance and have an internal organization and procedures designed to ensure compliance with the provisions of the law and to enable operations managers to prevent and identify any attempt at money laundering or terrorist financing. One of the roles of this control is to prevent the use of the financial system for money laundering or terrorist financing and to minimize the risks faced by institutions.

This internal control system must contain, among other things: a) a mechanism for controlling internal policies, procedures, and methods for combating money laundering and terrorist financing; b) a structure guaranteeing the confidentiality of information processing; c) measures for identifying elements related to money laundering and terrorist financing risks and systems for assessing these risks;

---

d) a surveillance system that can guarantee control over money laundering and terrorist financing risks; e) a centralized documentation and information system; f) a system for information on compliance initiatives, deficiencies in this area, and corrective measures taken.

The control system in place must extend to all components of the institution. Every institution is therefore required to take necessary measures to guarantee the strict application of policies, procedures, and methods in force, especially those related to money laundering and terrorist financing.

During periodic independent tests regarding compliance with internal procedures or good risk monitoring, a specific check on the money laundering aspect must be carried out by the institution's internal audit.

Checks may specifically apply to the following points: a) the assessment of the quality of risk management and control for all operations and in all branches; b) interviews with employees in charge of operations and their supervisors to assess their level of knowledge and respect for the anti-money laundering and terrorist financing procedures adopted by the institution; c) the review of a sample of document filing forms and forms for reporting suspicious financial transactions; d) a verification of the record-keeping system; e) the existence of supporting documents attached or referenced to accounting records; f) the knowledge of the clientele by branches and operations managers, taking into account the following elements: professional activity, account functioning, financial situation, and accounting and financial documentation consistent with credits granted and business volumes processed. Particular attention must be paid to the economic justification of operations and their adequacy with the known situation of the clientele; g) periodic reviews of all correspondent banking relationships established with foreign financial institutions to detect high-risk partners; h) the knowledge by collaborators of internal anti-money laundering rules.

The results of any check must be reported to the board of directors. Depending on the institution's hierarchical structure, issues related to measures taken or to be taken and the schedules provided for this purpose must be known and disclosed to executing personnel.

2. Client Identification

Financial institutions are required to identify their clients, their clients' agents, proxy holders, and beneficial owners, and to verify their identity using documents, data sources, or independent and reliable information. Client identification takes place during:

---

1. the establishment of the business relationship;
2. occasional transactions equal to or greater than the threshold established by laws and regulations;
3. multiple cash transactions, both in gourdes and foreign currencies, when they exceed in total the established threshold and are carried out by and for the account of the same person within a day or with unusual frequency;
4. the existence of suspicion of money laundering or terrorist financing, regardless of any exemption or threshold provided in laws and regulations;
5. the existence of suspicion of terrorist financing, regardless of any exemption or threshold provided in laws and regulations;
6. the existence of doubt regarding the truthfulness or relevance of previously obtained client identification data.

Financial institutions must pay particular attention to standards related to customer knowledge to preserve their reputation and the integrity of the banking and financial system. To avoid exposure to reputation risk, operational risk, and legal risk, financial institutions must have policies, mechanisms, and procedures taking into account, among other things, the following elements:

a) clear conditions for client acceptance; b) precise rules on the identification of clients and their agents; c) appropriate procedures and means for risk management; d) vigilance measures for clientele.

The identification of a natural person according to Article 18 of the law penalizing money laundering and terrorist financing of November 11, 2013, implies "obtaining the full name, date and place of birth, and address of their main residence."

Regarding the verification of information, Article 18 of the aforementioned law specifies that: "the verification of the identity of a natural person requires the presentation of an original official document currently valid and bearing a photograph, a copy of which is taken. The verification of their address is carried out by the presentation of a document capable of proving it."

Non-resident natural persons must be identified in the same manner as residents.

When the client is a legal entity, the identification and verification of identity concerns "the corporate name, proof of its legal constitution, the address of the headquarters, the identity of the directors, and knowledge of the provisions governing the power to bind the legal entity," according to Article 18 of the law of November 11, 2013.

Identification must also cover, whether for a natural or legal person, the intended object and nature of the business relationship.

---

During client identification, a copy of all documents must be made, classified, and centralized by financial institutions. Formal checks must be performed regarding the signature, any anomalies on the photograph, and the physical appearance of the potential client.

If financial institutions cannot comply with the provisions above, they cannot establish or maintain a business relationship, nor carry out an operation for the client. They will determine, in this case, whether it is appropriate to file a suspicious transaction report with the Financial Intelligence Unit (FIU/UCREF) or to establish an internal confidential report in accordance with Article 20 of the law of November 11, 2013.

2.1. Beneficial Owners

Financial institutions must take reasonable measures to obtain information on the true identity of the persons in whose interest a transaction is carried out, if there is any doubt that these clients might not be acting for their own account. Furthermore, a lawyer, notary, accountant, or securities broker acting as a financial intermediary cannot claim professional secrecy to avoid disclosing the identity of the beneficial owner, in accordance with the provisions of Article 19 of the law of November 11, 2013.

The identification of the beneficial owner(s) concerns first names, surname, and as far as possible, date and place of birth. In the case of legal entities, identification concerns the identity of the natural persons who ultimately hold a controlling interest in the company (at least 25%). Furthermore, information must be collected on their address.

Adequate measures must be taken to verify this data, as well as to update it when it appears that this data is no longer current.

If financial institutions cannot obtain the information mentioned in this section or their clients fail to communicate it or provide irrelevant or unbelievable information, they cannot establish or maintain a business relationship, nor carry out an operation for the client. They will determine, in this case, whether it is appropriate to inform the Financial Intelligence Unit (FIU/UCREF).

2.2. Politically Exposed Persons

A duty of vigilance must be exercised regarding politically exposed persons (PEPs), who are defined by Article 4 of the law of November 11, 2013, as persons exercising or having exercised important public functions in a foreign country or in Haiti or within or for the account of an international organization, as well as the family members of this person, or any other persons closely linked or associated with them (example: heads of state or government, high-ranking politicians, senior officials within public authorities, high-ranking magistrates or military officers, leaders of public enterprises or political parties; members of the senior management of an international organization: director, deputy director, members of the board of directors, and all persons exercising equivalent functions).

---

Financial institutions must have appropriate risk management systems to determine if the client is a politically exposed person. As soon as the client is identified as a politically exposed person, it is necessary to:

a) obtain senior management authorization before establishing or continuing a business relationship with the client; b) take all reasonable measures to identify the origin of funds; c) ensure enhanced and permanent monitoring of the business relationship.

In addition to PEPs, rigorous control must be applied to any person with a high net worth of uncertain or dubious origin.

3. Enhanced Due Diligence Measures

Financial institutions must apply, based on their risk assessment, enhanced due diligence measures in situations that, by their nature, may present a high risk of money laundering or terrorist financing.

Furthermore, as prescribed by Article 20 of the law of November 11, 2013, particular vigilance must be exercised regarding operations originating from establishments or financial institutions that are not subject to sufficient obligations regarding client identification or transaction monitoring.

4. Document Retention

Financial institutions are required to retain for a period of at least five (5) years, after the closure of accounts or the cessation of relations with the client, all documentation related to client identity as well as account books and business correspondence. Similarly, documents related to operations carried out by clients must be kept in the institution's archives for at least five (5) years after the execution of the transaction.

To this end, a document filing form for operations must be used for document retention.

This document retention, relating to national and/or international transactions carried out, will allow for a rapid response to information requests from competent authorities and to reconstruct individual transactions (including amounts and types of cash involved, if applicable) in order to provide, if necessary, evidence in case of criminal prosecution.

Similarly, a copy of systematic transaction reports and suspicious transaction reports must be kept and archived by the compliance officer.

---

5. Sanctions

In case of non-compliance with the obligations defined in the law or BRH regulations, notably:

a) serious lack of vigilance or non-compliance with client identification obligations; b) failure to file transaction or suspicious reports; c) disclosure to clients or third parties regarding actions taken in the prevention and detection of money laundering and terrorist financing; d) violation of obligations contained in the law of November 11, 2013 and that of September 28, 2016 and BRH regulations;

the BRH reserves the right to initiate any appropriate procedure and/or take all administrative measures in accordance with the law and regulations in force. Sanctions may be either fines or administrative sanctions (warning, suspension of activity, withdrawal of license, or permanent prohibition in the most serious cases) without prejudice to those provided by law, and those resulting from the civil or criminal liability of the financial institution which may be engaged due to the commission of the offense.

Port-au-Prince, August 27, 2020.

[Signature] Jean Baden Dubois Governor