Bank Indonesia Regulation 11/28/PBI/2009 on Anti Money Laundering and Combating Financing of Terrorism for Commercial Banks

Unofficial Translation BANK INDONESIA REGULATION NUMBER: 11/28/PBI/2009 CONCERNING IMPLEMENTATION OF ANTI MONEY LAUNDERING AND COMBANTING THE FINANCING OF TERRORISM PROGRAM FOR COMMERCIAL BANK WITH THE BLESSINGS OF THE ONE ALMIGHTY GOD GOVERNOR OF BANK INDONESIA, Considering: a. whereas with the increasing complexities of banking products, activities, and information technology, the risk of banks to be used for committing crimes of money laundering and financing of terrorism increases; b. whereas the increase in risks confronted by banks needs to be balanced with improvement in the quality of implementation of risk management associated with programs for anti money laundering and combating the financing of terrorism; c. whereas implementation of risk management associated with programs for anti money laundering and combating the financing of terrorism shall adhere to the generally accepted principles adopted internationally; d. whereas the prevailing provisions concerning the Implementation of Know Your Customer Principles needs to be improved;

Unofficial Translation

• 2 - e. now therefore pursuant to considerations referred to in letter a, letter b, letter c, and letter d, it is deemed necessary to enact regulation concerning the implementation of anti money laundering and combating the financing of terrorism program for commercial bank in a Bank Indonesia Regulation; In view of : 1. Act Number 7 of 1992 concerning Banking (State Gazette of the Republic of Indonesia of 1992 Number 31, Supplement to the State Gazette of the Republic of Indonesia Number 3472) as amended by Act Number 10 of 1998 (State Gazette of Republic of Indonesia of 1998 Number 182, Supplement to the State Gazette of the Republic of Indonesia Number 3790);

2. Act Number 23 of 1999 concerning Bank Indonesia (State Gazette of the Republic of Indonesia of 1999 Number 66, Supplement to the State Gazette of the Republic of Indonesia Number 3843) as amended by Act Number 3 of 2004 (State Gazette of the Republic of Indonesia of 2004 Number 7, Supplement to the State Gazette of the Republic of Indonesia Number 4357);
3. Act Number 15 of 2002 concerning the Crime of Money Laundering (State Gazette of the Republic of Indonesia of 2002 Number 30, Supplement to the State Gazette of the Republic of Indonesia Number 4191) as amended with Act Number 25 of 2003 (State Gazette of the Republic of Indonesia of 2003 Number 108, Supplement to the State Gazette of the Republic of Indonesia Number 4324);

Unofficial Translation

• 3 -

4. Act Number 15 of 2003 concerning Government Regulation Replacement of Act Number 1 of 2002 concerning Eradication of the Crime of Terrorism to be the Law (State Gazette of the Republic of Indonesia of 2003 Number 45 and Supplement to the State Gazette of the Republic of Indonesia Number 4284);
5. Act Number 21 of 2008 concerning Islamic Banking (State Gazette of the Republic of Indonesia of 2008 Number 94, Supplement to the State Gazette of the Republic of Indonesia Number 4867); HAS DECREED: Has decreed : BANK INDONESIA REGULATION CONCERNING IMPLEMENTATION OF ANTI MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM PROGRAM FOR COMMERCIAL BANK. CHAPTER I GENERAL PROVISIONS Article 1 The terminology used in this Bank Indonesia Regulation has the following meaning:
6. Bank is a Commercial Bank as referred to in Act Number 7 of 1992 concerning Banking as amended with Act Number 10 of 1998, including

Unofficial Translation

• 4 - Branch Offices of Foreign Banks, and Act Number 21 of 2008 concerning Syariah Banking.

2. Money Laundering is money laundering as referred to in Act that governs Criminal Act of Money Laundering.
3. Financing of Terrorism is the use of assets, directly or indirectly, for terrorist activities as referred to in Act that governs Criminal Act of Money Laundering.
4. Customer is a party that utilizes banking services and owns an account at the Bank.
5. Walk in Customer, hereinafter referred to as WIC, is a user of Banking services that does not own accounts in the Bank, however it does not include parties that are instructed or assigned by Customer to engage in a transaction for the benefit of the said Customer.
6. Existing Customers are Customers that have business relationships with Banks at the time this Bank Indonesia regulation comes into force.
7. Customer Due Diligence, hereinafter referred to as CDD, is activities in the form of identification, verification, and monitoring performed by Banks to ensure that transactions correspond to Customer’s profiles.
8. Enhanced Due Diligence, hereinafter referred to as EDD, is a more comprehensive CDD performed by Banks while engaging high risk customers, including that of a Politically Exposed Persons, with respect to the probability of money laundering and terrorism financing.
9. Suspicious Financial Transactions are suspicious financial transactions as referred to in the Act that governs the Criminal Act of Money Laundering.
10. Center for the Reporting and Analysis of Financial Transactions, hereinafter referred to as PPATK, is PPATK as referred to in the Act that governs the Criminal Act of Money Laundering.

Unofficial Translation

• 5 -

11. Anti Money Laundering and Combating the Financing of Terrorism hereinafter referred to as APU and PPT, are efforts to prevent and eradicate criminal acts of money laundering and terrorism financing. .
12. Beneficial Owner is any person that owns funds, controls Customer transactions, confer power of attorney with regards to engaged transactions, and/or controls through a legal entity or an agreement.
13. Financial Action Task Force Recommendations, hereinafter referred to in as FATF Recommendations, are standards for the prevention and eradication of money laundering and terrorist financing issued by FATF.
14. State/Government Agency is an agency that has executive, judicative and legislative powers.
15. Politically Exposed Person, hereinafter referred to as PEP, is a person that is entrusted with public authority, including State Officials as referred to in laws and regulations that governs State Officials, and /or a person, whether an Indonesia national or a foreign national, registered as members of a political party that has influence on the party’s policies and operations.
16. Shell Bank are Banks that do not have physical presence in the jurisdiction where the Banks are established and obtained operational license, and are not affiliated with a financial service business group that is subjected to an effective consolidated supervision. .
17. Correspondent Banking are activities of correspondent Banks to provide payment and other banking services to respondent Banks, based on a written agreement. .
18. Cross Border Correspondent Banking is Correspondent Banking where the domicile of one of the correspondent bank or respondent bank is located outside the territories of the Republic of Indonesia.
19. Transferring Banks are banks that transmit funds transfer orders.

Unofficial Translation

• 6 -

20. Intermediary Banks are banks that forwards fund transfer orders from Transferring Banks.
21. Recipient Banks are banks that receive funds transfer orders. Article 2 (1) Banks are obliged to implement APU and PPT program. (2) In implementing APU and PPT Program, Banks shall adhere to the provisions stipulated in this Bank Indonesia Regulation. Article 3 (1) APU and PPT Program shall be an integral part in the implementation of risk management in its entirety. (2) The Implementation of APU and PPT Program referred to in paragraph (1) shall at minimum include: a. active supervision of the Board of Directors and the Board of Commissioners; b. policies and procedures; c. internal control; d. management information system; and e. human resources and training. CHAPTER II ACTIVE SUPERVISION OF THE BOARD OF DIRECTORS AND THE BOARD OF COMMISSIONERS

Unofficial Translation

• 7 - Article 4 Active supervision by the Board of Directors shall at minimum include: a. ensuring the Bank has policies and procedures for APU and PPT Program; b. recommends written policies and procedures of APU and PPT Program to the Board of Commissioners; c. ensuring that the implementation of APU and PPT Program is based on established written policies and procedures; d. ensuring that work units assigned to implement policies and procedures for APU and PPT Program are separated from work units assigned to monitor its implementations; e. establishing special work units assigned to implement APU and PPT Program and/or appointing an officer duly responsible for APU and PPT Program at the Head Office; f. supervise the compliance of work units in implementing APU and PPT Program; g. ensuring branch offices and sub-branch offices of the Bank possess employees assigned to carry out the functions of the special work unit or the officer duly responsible for implementation of APU and PPT Program; h. ensuring that written policies and procedures for APU and PPT Program are in line with changes and developments in products, services and information technology of the Bank as well as in line with development in modus for money laundering or terrorist financing; and i. ensuring that all employees, particularly employees of related work units and new employees, have participated in periodic training related to APU and PPT Program.

Unofficial Translation

• 8 - Article 5 Active supervision by the Board of Commissioners shall at minimum include: a. approval of policies and procedures of APU and PPT Program Implementations; and b. supervise over the execution of the assigned responsibilities of the Board of Directors in implementing APU and PPT Program. Article 6 (1) Banks are obliged to establish a special work unit and/or appoint an officer of the Bank duly responsible for implementing APU and PPT Program. (2) The special unit and/or officer of the Bank referred to in paragraph (1) shall be responsible to the Compliance Director. (3) Banks are obliged to ensure that the special work unit and/or the officer of the Bank responsible for implementing APU and PPT Program referred to in paragraph (1), has sufficient capability and authority to access all Customers’ data and other relevant information. Article 7 Officers of the special work unit or the officer responsible for the APU and PPT Program are obliged to: a. ensure the availability of systems that supports APU and PPT Program; b. monitor the updating of Customer’s profiles and Customer’s transactions profiles; c. perform coordination and monitoring of the implementation of policies for APU and PPT Program with relevant work units that interacts with Customers;

Unofficial Translation

• 9 - d. ensure that policies and procedures are in line with the development of the most recent APU and PPT Program, the Bank’s product risk, activities and complexities of the Bank’s business, and the Bank’s transaction volume; e. receive reports from work units that interacts with Customers of financial transactions that have the potential to be red flagged (suspicious) and perform analysis of the said reports; f. prepare Suspicious Transactions Report and other reports as stipulated in the Act concerning the Criminal Act of Money Laundering to be submitted to PPATK with prior approval by the Compliance Director; g. monitors that:

1. there exist an effective communication mechanism within every work units associated with special work units or officer responsible for implementing APU and PPT Program but at the same time can maintain information secrecy;
2. relevant work units performs functions and duties in preparing reports concerning indications of Suspicious Transactions prior to submitting such report to the special work unit or the officer responsible for implementing APU and PPT Program;
3. high risk areas associated with APU and PPT can be identified effectively in accordance to prevailing regulations and adequate information sources; and h. monitor, analyze and recommends training requirements of APU and PPT Program for Bank’s employees.

Unofficial Translation

• 10 - CHAPTER III POLICIES AND PROCEDURES Article 8 (1) In implementing APU and PPT Program, Banks are required to have in place written policies and procedures that cover at least the following: a. request of information and documents; b. Beneficial Owner; c. document verifications; d. simplified CDD; e. termination of relationship and transaction refusal; f. provisions concerning high risk areas and PEP; g. implementations of CDD by a third party; h. updating and monitoring; i. Cross Border Correspondent Banking; j. funds transfer; and k. administration of documents. (2) The policies and procedures referred to in to in paragraph (1) shall consider the information technology factor that has the potential to be misuse by money launderers or in the financing of terrorism. (3) Banks are required to incorporate policies and procedures for APU and PPT Program in an Implementing Guidelines of APU and PPT Program. (4) Banks are required to implement written the policies and procedures referred to in paragraph (1) consistently and continuously. (5) The Implementing Guidelines of APU and PPT Program referred to in paragraph (3) must be approved by the Board of Commissioners.

Unofficial Translation

• 11 - Article 9 Banks are required to implement CDD procedure when: a. engaging business relationship with potential Customers; b. engaging business relationship with WIC; c. the Bank doubts the accuracy of information provided by Customers, parties receiving power of attorneys, and/or beneficial owners; or d. there are unusual financial transactions related with money laundering and/or terrorist financing. Article 10 (1) In accepting Customers, Banks shall be required to utilize a risk based approach by classifying Customers based on the risk level of money laundering or financing of terrorism might occur. (2) Classification of Customers based on risk level as referred to in paragraph (1) shall be conducted at minimum by analyzing: a. Customer’s identity; b. Customer’s business location; c. Customer’s profile; d. transaction amount; e. Customer’s business activities; f. ownership structure of a Customer that is a body corporate; and g. other information that may be used to measure risk level of a Customer. (3) Provisions concerning the classification of Customer risk shall be stipulated further in a Bank Indonesia Circular Letter.

Unofficial Translation

• 12 - Article 11 (1) Prior to entering a business relationship with Customers, Banks are required to request information that would enable Banks to identify the profile of the prospective Customer. (2) The identity of prospective customers as referred to in paragraph (1) must be attested through the existence of supporting documents. (3) Banks are required to scrutinize the validity of supporting documents for the identity of prospective customers as referred to in paragraph (2). (4) Banks shall not open or maintain anonym or fictitious accounts. (5) Banks are required to conduct face to face meeting with prospective Customers at the initiation of a business relationship in order to ascertain the accuracy of the identity of prospective Customers. (6) Banks are required to be vigilant with respect to transactions or business relationships originating or associated with countries that have not implemented FATF recommendations adequately. Part One INFORMATION AND DOCUMENT REQUEST Article 12 Banks shall identify and classify prospective Customers into groups of natural persons, body corporate, or Beneficial Owners. Article 13 (1) The Information referred to Article 11 paragraph (1) shall at minimum include: a. For Customer classified as natural persons:

1. Customer identity that includes:

Unofficial Translation

• 13 - a) full name including aliases, if any; b) document identity number validated by providing such document; c) address printed in the identity card; d) current address including telephone number, if any; e) place and date of birth; f) nationality; g) occupation; h) gender; and i) marital status .

2. identity of Beneficial Owners, if a Customer is acting on behalf of Beneficial Owners;
3. sources of funds;
4. average income;
5. purposes and objectives of business relationship or transaction to be performed by Prospective Customer with the Bank; and
6. other information that may enable Banks to ascertain the profile of prospective customers. b. For Customer, that is body corporate other than Banks:
7. name of the company;
8. operational license number from an authorized agency;
9. address where a company is located;
10. place and date of the company’s establishment;
11. form of legal entity of the company;
12. identity of Beneficial Owners;
13. Sources of funds;
14. purposes and objectives of business relationship or transaction to be performed by Prospective Customer with the Bank; and

Unofficial Translation

• 14 -

9. other relevant information. (2) Prior to engaging in transactions with WIC, Banks are required to ask for: a. all the information referred to in paragraph (1) for WIC who is a natural person or a body corporate that engages in transaction in the amount equal to or greater than Rp 100,000,000.00 (one hundred million rupiah) or its equivalent, that is executed as a 1 (one) time transaction or multiple transactions within 1 (one) business day. b. Information referred to in paragraph (1) Letter a Number 1), Number 2), and Number 3) for WIC who is a natural person engaging in transaction in an amount of less than Rp 100,000,000.00 (one hundred million rupiah) or its equivalent. c. Information referred to in paragraph (1) Letter b Number 1) and Number 3) for WIC that is a body corporate engaging transaction in an amount of less than Rp 100,000,000.00 (one hundred million rupiah) or its equivalent. Article 14 For Customers who are natural persons and WIC as referred to in Article 13 paragraph (2) Letter a, the information referred to in Article 13 paragraph (1) Letter a Number 1) must be supported by Customer identity documents and signature specimen. Article 15 (1) For Customers that is a body corporate, the information referred to in Article 13 paragraph (1) Letter b Number 1), Number 2), Number 3), Number 4), Number 5), Number 6), and Number 7) must be supported by Company identity documents and:

Unofficial Translation

• 15 - a. For customers classified as micro and small business enterprises shall be added with:

1. signature specimen and power of attorney conferred to parties assigned to have authority to act for and on behalf of the company in engaging business relation with the Bank;
2. Tax Register Number for Customers obliged to have Tax Register Number in accordance to prevailing laws and regulations; and
3. Business Location Permit (SITU) or other documents required by authorized institution. b. For customers not classified as micro and small business enterprise, in addition to documents referred to in letter a number 2) and number 3), shall be added with:
4. financial statements or descriptions of the company’s business activities;
5. management structure of the company;
6. ownership structure of the company; and
7. identity documents of members of the Board of Directors authorized to represent the company for engaging a business relationship with the Bank. (2) For Customers in the form of Banks, submitted documents shall at least include: a. deed of establishment/article of association of the Bank; b. operational license from authorized agency; and c. signature specimen and power of attorney conferred to parties assign to act for and on behalf of the Bank in engaging a business relationship with the Bank.

Unofficial Translation

• 16 - Article 16 (1) For prospective Customers other than a natural person and a body corporate as referred to in Article 13, Article 14 and Article 15, Banks are required to request information as referred to in Article 13 paragraph (1) Letter b. (2) For prospective Customers referred to in paragraph (1) the following provisions shall apply: a. For potential Customers in the form of foundations, documents submitted must at least include:

1. license of business activity/purpose of the foundation;
2. description of activities performed by the foundation;
3. management structure of the foundation; and
4. identity documents of members of management authorized to represent the foundation in engaging business relationship with the Bank. b. For Customers in the form of associations, documents submitted must at least include:
5. proof of registration at the authorized agency;
6. names of the organizer; and
7. parties authorized to represent the association in engaging business relationship with the Bank. Article 17 (1) For prospective Customers in the form of State/Government Agencies, International Agencies, and foreign country representatives, Banks are required to request information concerning the name and place of domicile of the agencies or representatives concerned.

Unofficial Translation

• 17 - (2) Information referred to in paragraph (1) must be supported with the following documents: a. the appointment letter for parties authorized to represent the agency or representative in engaging a business relationship with the Bank; and b. signatures specimen. Part Two BENEFICIAL OWNER Article 18 (1) Banks are required to ensure if a prospective Customer or WIC is representing Beneficial Owners in opening a business relationship or engaging a transaction. (2) If a prospective Customer or WIC represents a Beneficial Owner in opening business relationship or engaging transactions, Banks are obliged to execute CDD procedures against Beneficial Owners that are as strict as CDD procedures for a potential Customer or WIC. Article 19 (1) Banks are required to obtain evidence of the identity and/or other information regarding a Beneficial Owners, such as: a. for Beneficial Owner who is a natural person:

1. Identity documents referred to in Article 13 Letter a;
2. Legal relationship between potential Customers or WIC with Beneficial Owners which is demonstrated with a letter of assignment, agreements, power of attorney, or other forms; and
3. Statements from potential Customers or WIC concerning the accuracy of the identity of as well as funds sources from

Unofficial Translation

• 18 - Beneficial Owners. b. for Beneficial Owners in the form of body corporate, foundations, or associations:

1. documents referred to in Article 15 and Article 16 paragraph (2);
2. documents and/or information on the identity of owners or ultimate controller of the company, foundation, or association; and
3. statements from potential Customers or WIC concerning the accuracy of the identity as well as funds sources from Beneficial Owners. (2) In the event, a potential Customer is another domestic Bank that represent a Beneficial Owner, then documents concerning Beneficial Owner, shall be in the form of written statements from the other domestic Bank that verifications have been established by the concerned Bank. (3) In the event, a potential Customer is another foreign Bank that implements APU and PPT Program that is at least equal to this Bank Indonesia regulation and the Bank is representing a Beneficial Owner, then documents concerning Beneficial Owners shall be in the form of written statements from the foreign Bank that verifications have been established by the concerned foreign Bank.. (4) In the event, Banks suspects or cannot assure the identity of Beneficial Owners, then Banks are obliged to refuse to open business relationship or transact with potential Customers or WIC. Article 20 The obligations for submission of documents and/or information on the owner’s identity or ultimate controller of Beneficial Owner as referred to in Article 19

Unofficial Translation

• 19 - paragraph (1) Letter b Number 2) shall not apply to Beneficial Owner in the form of: a. government agency; or b. companies listed at the Stock Exchange. Part Three DOCUMENT VERIFICATION Article 21 (1) Banks shall be required to scrutinize the accuracy of supporting documents and perform verifications of supporting documents containing information referred to in Article 13 and Article 17 paragraph (1), based on documents and/or other sources of information that are reliable and independent as well as to ensure that the data are updated data. (2) Banks may conduct interviews with prospective Customer to analyze and ensure the legality and accuracy of documents referred to in paragraph (1). (3) If in doubt, Banks shall be required to request to prospective Customers to provide more than one identity documents issued by an authorized party, to ensure the accuracy of a potential Customer’s identity. (4) Banks are required to complete the verification process of a prospective Customers identity and Beneficial Owners before Banks can open business relations with prospective Customers or before engaging in transactions with WIC. (5) In certain circumstances, Banks may engage in business relations prior to the verification process as referred to in paragraph (4) is completed. (6) The verification process as referred to in paragraph (5) must be completed no longer than:

Unofficial Translation

• 20 - a. 14 (fourteen) business days after a business relationship is effective, for Customers who is a natural person. b. 90 (ninety) business days after a business relationship is effective, for Customers in the form of a body corporate. Part four SIMPLIFIED CDD Article 22 (1) Banks may implement CDD procedures that are more simplified than CDD procedures referred to in Article 13, Article 14, Article 15, Article 16, Article 18, and Article 19 for prospective Customers or transactions having a low level of risk for the occurrence of money laundering or financing of terrorism and that meets the following criteria: a. the purpose for the opening of account is for the payment of salaries; b. Customers in the form of a public company subjected to regulations concerning performance disclosure obligations; c. Customers in the form of State/Government Agencies; or d. Transactions for the cashing of cheques by WIC that is a body corporate. (2) Banks are required to prepare and file Customers’ list that are subjected to simplified CDD. (3) For a prospective Customers who is a natural person that meets the provisions referred to in paragraph (1), Banks shall be required to request information as referred to Article 13 paragraph (1) letter a number 1) letter a), letter b), letter c), letter d), and letter e). (4) For prospective Customers in the form of a body corporate that meets the provisions referred to in paragraph (1), Banks are required to requests:

Unofficial Translation

• 21 - a. information as referred to in Article 13 paragraph (1) letter b number

1. and number 3); and b. documents referred to in Article 15 paragraph (1) letter a number 1) for a micro enterprise and small enterprises, and Article 15 paragraph (1) Letter b Number 4), for companies not classified as small business enterprise. (5) For WIC of a company that meets the provisions as referred to in paragraph (1), the Bank shall be obliged to request for information as referred to in Article 13 paragraph (1) Letter b Number 1 and Number 3. (6) Regular CDD procedure as referred to in paragraph (1) shall not be effective if there is a suspicion on a transaction to be use in committing money laundering and/or financing of terrorism. Part Five TERMINATION OF BUSINESS RELATIONSHIP OR TRANSACTION REFUSAL Article 23 (1) Banks shall be obliged to refuse business relationship with prospective Customers and/or engage in transactions with WIC, in the event the prospective Customers or WIC: a. do not meet provisions as referred to in Article 11, Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, and Article 19; b. is known to provide false identity and/or information; or c. is a shell Bank or Banks that allows its accounts to be used by shell Banks. (2) Banks may refuse or cancel transactions, and/or terminate business relationship with Existing Customers in the event: a. the criteria referred to in paragraph (1) are met;

Unofficial Translation

• 22 - b. Banks have reservations on the accuracy of information concerning the Customer; or c. account usage is inconsistent with profiles of the Customer. (3) Banks are required to document prospective Customers, Customers, or WIC that meets the criteria referred to paragraph (1) and paragraph (2). (4) Banks are obliged to report prospective Customers or Existing Customers referred to in paragraph (1) and paragraph (2) in the Suspicious Financial Transactions Report in the event transactions performed are irregular or suspicious. Part Six POLITICALLY EXPOSED PERSON AND HIGH RISK AREA Article 24 (1) Banks are required to scrutinize the existence of Customers and Beneficial Owners that met the high risk criteria or PEP. (2) Customers and Beneficial Owners that meets the high risk criteria or PEP shall be listed in a separate list. (3) In the event Customers or Beneficial Owners are classified as high risk or PEP, then Banks shall perform: a. periodic EDD by at least conducting analysis of information concerning Customers or Beneficial Owners, sources of funds, purpose of transactions, and business relationship with related parties; and b. stricter monitoring against Customers or Beneficial Owners. (4) The Obligations of Banks referred to in paragraph (2) shall also be applied to Customers and WIC, who:

Unofficial Translation

• 23 - a. utilize high risk banking products to facilitate money laundering or financing of terrorism; b. perform transactions with high risk countries; or c. perform transactions inconsistent with its risk profiles. (5) In the event, Banks intend to enter into a business relationship with prospective Customers classified as high risk or PEP, Banks are required to appoint a senior officer duly responsible for the business relationship with such Customers . (6) The senior officer referred to paragraph (4) shall be authorized to: a. approve or refuse a prospective Customers classified as high risk or PEP; and b. decide to continue or terminate business relationship with Customers or Beneficial Owners classified as high risk or PEP. Part Seven CDD IMPLEMENTATION BY THIRD PARTY Article 25 (1) Banks may utilize results of CDD performed by third party against prospective customers that are Customers of the third party concerned. (2) The CDD results referred to in paragraph (1) may be utilized by Banks if the third party: a. has CDD procedures in accordance to prevailing regulations; b. has a cooperation with the Bank in the form of a written agreement; c. is subjected to supervisions from authorities in accordance to prevailing regulation;

Unofficial Translation

• 24 - d. is willing to meet requests for information and copies of supporting documents any time it is required by the Bank in the implementation of APU and PPT Program; and e. reside in a country that has implement FATF Recommendations. (3) Banks shall perform identification and verification of the result of CDD performed by third party as referred to paragraph (1). (4) Banks that utilize results of CDD from a third party as referred to paragraph (1) shall be responsible to implement administration of documents as referred to in Article 39. Article 26 (1) In the event Banks acts as selling agent of products of other financial institutions, Banks are required to meet the request for information of CDD results and copies of documents any time these are needed by the other financial institution in its implementation of APU and PPT Program. (2) The obligation of the Bank as referred to in paragraph (1) shall be based on cooperation with the bank upon a written agreement. Part Eight UPDATING AND MONITORING Article 27 (1) Banks shall update data of the information and documents as referred to in Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, and Article 19, as well as administer such information and documents. (2) In updating data as referred to in paragraph (1), Banks are required to: a. monitor Customers’ information and documents; b. prepare reports on data updating; and

Unofficial Translation

• 25 - c. prepare reports on the realization of data updating. (3) Reports referred to in paragraph (2) letter b and letter c shall be subject to approval from the Board of Directors. Article 28 (1) Banks shall maintain database of Terrorist List which is based on publish data by the United Nations (UN) and received from Bank Indonesia every 6 (six) months. (2) Banks shall periodically ensure names of Customers that exhibit similarities to the names contained in the database of Terrorist List. (3) Should there be similarities in the Customer’s name with the names listed in the database of Terrorist List Banks shall be required to ensure compatibility of the Customer’s identification with other relevant information. (4) Should there be similarity in Customers’ name and other relevant information with the names listed in the database of Terrorist List, Bank shall be required to report such Customer in the report of Suspicious Financial Transactions. Article 29 (1) Banks shall continuously monitor conformity between Customer transactions with Customer profiles and shall administer documents as referred to in Article 39. (2) Banks shall analyze overall transactions that do not conform to the risk profile of Customers.

Unofficial Translation

• 26 - (3) Banks may request information concerning the background and purpose of transactions that are inconsistent with the profile of Customers, in consideration of provisions of anti tipping-off as stipulated in The Act concerning Criminal Act of Money Laundering. (4) Banks shall continuously monitor business relationship/transactions with Customers and/or Banks that comes from a country where its APU and PPT Program is considered inadequate. Article 30 Banks shall perform CDD on existing Customers in accordance to the Risk Based Approach, in the event: a. there is significant increase in the values of a transaction; b. there is significant modification on a customer’s profile; c. information of a customer’s profiles described in the Customer Identification File is not furnished with documents as referred to in Article 14, Article 15, Article 16, Article 17 paragraph (2), Article 18, and Article 19; and/or d. anonym accounts or accounts with fictitious names are used. Part Nine CROSS BORDER CORRESPONDENT BANKING Article 31 (1) Prior to providing Cross-border Correspondent Banking services, Banks shall request information concerning: a. profiles of prospective Recipient Banks and/or Intermediary Banks; b. reputations of Recipient Banks and/or Intermediary Banks based on information that is accountable;

Unofficial Translation

• 27 - c. level of compliance of APU and PPT Program in a country where the Recipient Banks and/or Intermediary Banks reside; and d. other relevant information required by Banks in identifying the profile of prospective Recipient Banks and/or Intermediary Banks. (2) Information sources for ensuring the validity of information referred to paragraph (1) shall be based on adequate public information issued and established by authorities Article 32 Banks shall perform CDD against Existing Recipient Banks and or Intermediary Banks adjusted with Risk Based Approach if: a. there are substantial modifications on the profiles of a Recipient Bank and/or Intermediary Bank; and/or b. available information on profiles of a Recipient Bank and/or Intermediary Bank have yet to be supported with information as referred to in Article 31 paragraph (1). Article 33 In the event, there are Customers that have access to Payable Through Accounts in Cross Border Correspondent Banking services, Transferring Banks shall ensure: a. Recipient Banks and/or Intermediary Banks has performed adequate CDD and monitoring processes, at minimum similar with standards stipulated in this Bank Indonesia Regulation; and b. Recipient Banks and/or Intermediary Banks are willing to provide identification data Transferring of the Customer concerned, if requested by the Transferring Bank.

Unofficial Translation

• 28 - Article 34 Transferring Banks providing Cross Border Correspondent Banking services shall be required to: a. document all Cross Border Correspondent Banking transactions; b. refuse to have dealings and/or continue dealings of Cross Border Correspondent Banking with shell Banks; and c. ensure that Recipient Banks and/or Intermediary Banks do not authorize the use of accounts by Shell Banks when engaging business dealings associated with Cross Border Correspondent Banking. Part Ten FUNDS TRANSFER Article 35 (1) In performing funds transfer activities in the Indonesian region the following shall be required to be performed by Banks: a. Transferring Banks shall be required to:

1. obtain information and perform identification as well as verification on Customers or WIC acting as transferor, which shall at minimum cover: a. Name of Customers or WIC acting as transferor ; b. Account number or identities of Customers or WIC, acting as transferor; and

Unofficial Translation

• 29 - c. Transaction dates, effective dates, currency types, and nominal.

2. document all funds transfer transactions. b. Intermediary Banks shall forward messages and or funds transfer instructions, as well as administer information received from Transferring Banks. c. Recipient Banks shall ensure completeness of information of Customers and WIC acting as transferor Transferring as referred to in Letter a. (2) The provision referred to in paragraph (1) shall also apply to the transfer of funds through the use of cards such as debit cards, credit cards, and ATM cards. Article 36 (1) In engaging cross border funds transfer activities, in addition to the provisions referred to in Article 35 paragraph (1) Letter a, Transferring Banks shall be required to obtain information regarding addresses, or place and date of birth. (2) Transferring Banks shall submit written information referred to in paragraph (1) to intermediary Banks and/or a recipient Banks within 3 (three) business days based on a written inquiries from intermediary Banks and/or a recipient Banks. Article 37 In the event, the information referred to in Article 35 cannot be met, by using a risk based approach, Banks may: a. refuse to transfer funds;

Unofficial Translation

• 30 - b. cancel funds transfer transaction; and/or c. Terminate business relationship with existing customers. Article 38 In the event there are funds transfer that meets the suspicious criteria as referred to in the Act concerning The Criminal Act of Money Laundering, Banks shall be required to report such funds transfer as Suspicious Financial Transactions. Part Eleven DOCUMENT ADMINISTRATION Article 39 (1) Banks shall administer: a. documents associated with Customers or WIC data no less than 5 (five) years as of:

1. the termination of business relationship or transactions with Customers or WIC; or
2. the discovery of irregularities between transactions and economic purpose and/or business objectives. b. Customers’ or WIC documents associated with financial transactions within the period stipulated in Act concerning Company Documentations. (2) Associated documents as referred to in paragraph (1) shall at least include: a. Identity of Customers or WIC; and b. Transactions information including but not limited to types and total currency used, date of transaction’s instruction, transaction’s origin and purposes, as well as account number associated with the transactions..

Unofficial Translation

• 31 - (3) Banks shall provide information and/or documents referred to in paragraph (1) to Bank Indonesia and/other authorities as ordered by Laws and Regulations, when required. CHAPTER IV INTERNAL CONTROL Article 40 (1) Banks shall have an effective internal control system. (2) Implementations of effective internal control shall among other be demonstrated by : a. establishment of limits and responsibilities of work units associated with the implementation of APU and PPT Program; and b. examinations by the internal audit work unit with respect to the effective implementations of APU and PPT Program. CHAPTER V MANAGEMENT OF INFORMATION SYSTEM Article 41 (1) Banks shall be required to have information system that would enable effective identification, analysis, monitoring, and reporting concerning transaction characteristics performed by the Bank’s Customers. (2) Banks are required to have and maintain Single Customer Identification file that consist of information referred to in Article 13, Article 16, and Article 17 paragraph (1). CHAPTER VI HUMAN RESOURCE AND TRAINING Article 42

Unofficial Translation

• 32 - To prevent Banks to be used as media or targets of money laundering or financing of terrorism involving internal parties of the Bank, Banks shall be required to implement screening procedures in the hiring of new employees. Article 43 Banks shall organize continuous training regarding: a. implementations of laws and regulations associated with APU and PPT Program; b. techniques, methods and typologies of money laundering or terrorist financing; and c. policies and procedures for the implementation of APU and PPT Program as well as roles and responsibilities of employees to assist in the eradication of money laundering or terrorist financing. CHAPTER VII APU AND PPT PROGRAM IMPLEMENTATION FOR BRANCH OFFICE OF FOREIGN BANKS

Article 44 (1) Banks incorporated in Indonesia shall forward policies and procedures for APU and PPT Program to its entire network of foreign offices and subsidiaries, and monitor its implementations. (2) In the event the country where the Bank’s network of foreign offices and subsidiaries resides as referred to in paragraph (1) have APU and PPT provisions that are stricter than the provisions in this Bank Indonesia Regulation, then the network of foreign offices and subsidiaries shall adhere to provisions issued by the authority of such countries.

Unofficial Translation

• 33 - (3) In the event the country where the Bank’s network of foreign offices and subsidiaries resides as referred to in paragraph (1) have yet to comply with FATF recommendations or have comply with FATF recommendations however have standards for APU and PPT Program that are less strict than the provisions in this Bank Indonesia Regulation, then the network of foreign offices and subsidiaries shall implement APU and PPT Program in accordance to provisions in this Bank Indonesia Regulation. (4) In the event implementations of APU and PPT Program as referred to in this Bank Indonesia Regulation will instigate violations against laws and regulations of the countries where the network of foreign offices and subsidiaries resides, then the officer of such offices or subsidiaries shall inform to its head office and Bank Indonesia that the foreign office or subsidiaries cannot implement APU and PPT Program as accordance to this Bank Indonesia Regulation. CHAPTER VIII REPORTING Article 45 In the implementations of APU and PPT Program, Banks are required to submit: a. Action plan of implementation of APU and PPT program as part of the report concerning implementation of duties of Compliance Director in December 2010; b. Guidelines for the Implementation of APU and PPT Program as referred to in Article 8 paragraph (3) no later than 12 (twelve) months as of the enactment of this Bank Indonesia Regulation; c. Report of data updating activities as referred to in Article 27 paragraph (2) letter b, which shall be submitted annually as part of the report concerning

Unofficial Translation

• 34 - implementation of duties of Compliance Director, and for the first time it shall be accommodated in the December 2010 report.; and d. Report on the realization of data updating as referred to in Article 27 paragraph (2) letter c, which shall be submitted as part of the report concerning implementation of duties of Compliance Director, and for the first time it shall be accommodated in the December 2011 report ; and e. changes to the Implementing Guidelines of APU and PPT Program as referred to in Article 8 paragraph (3), no later than 7 (seven) business days as of the changes being taken. Article 46 (1) Banks shall be required to submit to PPATK reports of Suspicious Financial Transactions, cash transactions, and other reports as stipulated in Act concerning The Criminal Act of Money Laundering. (2) Banks’ obligations to report Suspicious Financial Transactions shall also apply to transaction suspected to be associated with terrorism or financing of terrorism. (3) Submission of reports as referred to in paragraph (1) shall be conducted in accordance to provisions issued by PPATK. Article 47 Submissions of guidelines and reports as referred to in Article 45 shall be addressed to: a. the relevant Bank Supervision Directorates, Bank Indonesia, Jl. M.H. Thamrin No. 2 Jakarta 10350, for Banks having head office is located in the administrative area of Bank Indonesia’s Head Office;

Unofficial Translation

• 35 - b. the local Bank Indonesia Office, for Banks having head office outside the administrative area of Bank Indonesia’s Head Office. CHAPTER IX MISCELLANEOUS PROVISIONS Article 48 Banks are required to take the necessary action to prevent the misappropriations of technological development in the schemes of money laundering or financing of terrorism. . Article 49 Banks are required to cooperate with law enforcement and authorities in the eradication of money laundering and/or financing of terrorism. CHAPTER X SANCTIONS Article 50 (1) Banks deemed late in submitting guidelines as referred to in Article 45 letter b and Suspicious Financial Transaction Report as referred to in Article 46 paragraph (1), shall be liable for financial penalties in the amount of Rp1,000,000.00 (one million rupiah) per day of delay per report. (2) Banks failing to submit guidelines or Suspicious Financial Transactions Report as referred to paragraph (1) after 1 (one) month as of the deadline for report submission shall be liable for administrative sanctions and financial penalties in the amount of Rp50,000,000.00 (fifty million rupiah). (3) Banks that: a. do not implement commitments to settle audit finds of Bank Indonesia

Unofficial Translation

• 36 - within 2 (two) audit periods; and/or b. do not implement commitments that have been conveyed in the plans for data updating activities as referred to in Article 27 paragraph (2) letter b, shall be liable for financial penalties no more than Rp100,000,000.00 (one hundred million rupiah) (4) Banks that do not implement provisions as stipulated in an Article 2, Article 4, Article 5, Article 6, paragraph (3), Article 7, Article 8, Article 9, Article 11, Article 12, Article 13, Article 14, Article 15, Article 16, Article 17, Article 18, Article 19, Article 21 paragraph (1), paragraph (4), and paragraph (6), Article 22 paragraph (2), Article 23 paragraph (1), paragraph (3), and paragraph (4), Article 24, Article 25 paragraph (3), Article 26 paragraph (1), Article 27, Article 28, Article 29 paragraph (1), paragraph (2), and paragraph (4), Article 30, Article 31, Article 32, Article 33, Article 34, Article 35, Article 36, Article 38, Article 39, Article 40, Article 41, Article 42, Article 43, Article 44, Article 45, Article 48, Article 49, and/or Article 51 of this Bank Indonesia Regulation, shall be liable for administrative sanctions, in the form of but not limited to: a. written notices; b. downgrading of Bank soundness rating; c. cease and desist order of specified business activities; d. inclusion of the management, employees, and/or shareholders of the Bank in the list of persons that is assigned a predicate of “unfit” in the fit and proper test assessment or in Bank Indonesia administrative list as stipulated in applicable Bank Indonesia Regulations; and/or e. dismissal of the Bank’s management.

Unofficial Translation

• 37 - CHAPTER XI TRANSITIONAL PROVISIONS Article 51 Banks that have in place Implementing Guidelines of Know Your Customer Principles shall adjust and improve such guidelines into The Implementing Guidelines for APU and PPT Program no later than 12 (twelve) months as of the enactment of this Bank Indonesia Regulation. CHAPTER XII CONCLUDING PROVISIONS Article 52 Implementation provisions concerning The Implementation of Anti Money Laundering and Combating the Financing of Terrorism Program shall be further stipulated in a Bank Indonesia Circular Letter. Article 53 (1) With the enactment of this Bank Indonesia Regulation, then Bank Indonesia regulation Number 3/10/PBI/2001 concerning Implementation of Know Your Customer Principles (State Gazette of the Republic of Indonesia of 2001 Number 78, Supplement to the State Gazette of the Republic of Indonesia Number 4107) as amended by Bank Indonesia Regulation Number 5/21/PBI/2003 (State Gazette of the Republic of Indonesia of 2003 Number 3, Supplement to the State Gazette of the Republic of Indonesia Number 4325), shall be revoked and declared no longer valid. (2) All Bank Indonesia Regulations that refer to the Regulation concerning the Implementation of Know Your Customer Principles hereinafter shall refer to this Bank Indonesia Regulation, unless stipulated separately.

Unofficial Translation

• 38 - Article 54 This Bank Indonesia Regulation shall come into force on the day of its enactment. For the public to be informed, it is ordered that this Bank Indonesia Regulation be promulgated in the State Gazette of the Republic of Indonesia. Enacted in Jakarta Dated July, 1 2009 Acting GOVERNOR OF BANK INDONESIA, MIRANDA S. GOELTOM STATE GAZETTE OF THE REPUBLIC OF INDONESIA YEAR OF 2009 NUMBER 106 DPNP

ELUCIDATION OF BANK INDONESIA REGULATION NUMBER 11 /28 /PBI/2009 CONCERNING PROGRAM IMPLEMENTATIONS FOR ANTI MONEY LAUNDERING ANDCOMBATING THE FINANCING OF TERRORISM FOR COMMERCIAL BANK

GENERAL In view of the increase in the criminal acts of money laundering and financing of terrorism through the use of financial institutions, it is deemed necessary that cooperation and attention from various parties be established in order to prevent and eradicate such criminal activities. In the mean time, the increasing complexities in the development of banking products, activities and information technology has amplify opportunities for criminals to manipulate banking instruments and products to aid them in committing criminal activities.. Hence, the role and cooperation from banks are required in providing assistance to law enforcers in implementing programs for anti money laundering and combating the financing of terrorism. It is hoped that the implementation of programs for anti money laundering and combating the financing of terrorism can mitigate various risks that might surface, such as legal risk, reputational risk, operational risk, and concentration risk.. In implementing programs for anti money laundering and financing of terrorism Banks shall adhere to international standards for the prevention and eradication of money laundering and/or financing of terrorism issued by The

• 2 - Financial Action Task Force on Money Laundering (FATF), referred to as 40 + 9 FATF Recommendations. The recommendations are also used by the international community in assessing a country’s compliance with respect to program implementations for anti money laundering and financing of terrorism. It is concluded that in efforts to support the prevention of criminal acts of money laundering and terrorist financing, prevailing Provisions of Bank Indonesia Regulation concerning Application of Know Your Customer Principles needs to be adjusted in accordance to international standards, which are more comprehensive.. These adjustments shall include but not limited to: a. Apply the term Customer Due Diligence in the identification, verification, and monitoring of customers;; b. Implementation of a Risk Based Approach; c. Provisions concerning prevention of financing of terrorism; d. Provisions concerning Cross Border Correspondent Banking; and e. Provision concerning fund transfer. With effective implementation of programs for anti money laundering and combating the financing of terrorism by banks, it is hoped that banks can operate soundly, hence, in the end will augment the resiliency and stability of the financial system.. ARTICLE BY ARTICLE Article 1 Self explanatory. Article 2 Paragraph (1)

• 3 - Money laundering as stipulated in Law Number 15 Year 2002 concerning the Crime of Money Laundering as amended by Law Number 25 Year 2003 shall mean the act of placing, transferring, disbursing, granting, donating, entrusting, carrying out of the country, exchanging, or other acts, of assets that is known or presume to derived from proceeds of criminal activities, with the intention to conceal, or obscure the origins of the asset hence as if the asset ar legitimate. Financing of Terrorism shall mean the utilization of assets, directly or indirectly, for terrorism activities as referred to in the Act concerning the Crime of Money Laundering. In this regard, it shall include attempt by a person to intentionally assist or provide leniencies by furnishing or lending money or goods or other assets to agents of terrorism as stipulated in Act number 15 of 2003 concerning Enactment into law of a Substitute Government Regulation Act Number 1 of 2002 concerning Eradication of the Criminal Acts of Terrorism Paragraph (2) Self explanatory. Article 3 Self explanatory. Article 4 Letter a Self explanatory.

• 4 - Letter b Self explanatory. Letter c Self explanatory. Letter d Self explanatory. Letter e Self explanatory. Letter f Self explanatory. Letter g Self explanatory. Letter h Self explanatory. Letter i Relevant unit shall mean, among other, work units hat interact, directly or indirectly, with Customers and/or WIC, such as front liner, marketing officer, and officer related to the management and development of information technology, as well as internal auditor.. Article 5 Self explanatory. Article 6 Paragraph (1) The establishment of a special unit and/or the appointment of an officer without establishing a special unit shall be conducted in accordance to the needs and complexities of issues of the Bank.

• 5 - Paragraph (2) Self explanatory. Paragraph (3) Sufficient capability shall include having experiences and knowledge concerning the development of AML and CFT regime. Article 7 Letter a System that supports shall mean systems that enable the identification of Customers, Suspicious Financial Transactions and other financial transactions as required under the Act concerning the Crime of Money Laundering. Letter b Self explanatory. Letter c Self explanatory. Letter d Self explanatory. Letter e Self explanatory. Letter f Self explanatory. Letter g Self explanatory. Letter h Self explanatory. Article 8 Paragraph (1)

• 6 - Letter a Self explanatory. Letter b Self explanatory. Letter c Self explanatory. Letter d Self explanatory. Letter e Self explanatory. Letter f Establishment of high risk areas shall be conducted in accordance to provisions of PPATK that governs guidelines for product identifications, customers, businesses, and high risk countries for provider of financial services and guidelines concerning the identification of suspicious financial transactions in connection with terrorism financing for provider of financial services. s. Letter g Self explanatory. Letter h Self explanatory. Letter i Self explanatory. Letter j Self explanatory. Letter k Self explanatory.

• 7 - Paragraph (2) The use of technology that has the potential for misuse for example are the opening of accounts, and/or transactions conducted through mail, fax, telephone, internet bank, or ATMs.. Paragraph (3) Implementing Guidelines for APU and PPT Program shall refer to the Standard Implementing Guidelines for APU and PPT Program stipulated in a Bank Indonesia Circular Letter. Paragraph (4) Self explanatory. Paragraph (5) Self explanatory. Article 9 Letter a In the case that an account is a joint account than CDD is performed against all account holders of such joint account. Letter b Self explanatory. Letter c A Beneficial Owner shall include: a. A person who own funds in the Bank; b. A person who controls Customer’s transactions; c. A person who gives the power of attorney to Customers to engage in a transaction; d. A person who controls a legal entity and transactions performed by such legal entity with the Bank; and/or

• 8 - e. A person who executes control by controlling transactions performed by Customer with Banks based on an agreement.. Letter d Extraordinary transactions are transactions that meets one of the criteria of suspicious financial transactions, however, still requires further investigation to ensure if such transaction shall be classified as suspicious financial transaction obliged to be reported to PPATK.. Article 10 Paragraph (1) In this matter, information both from Customers as well as other information that is publicly available . Paragraph (2) Self explanatory. Paragraph 3 Self explanatory. Article 11 Paragraph (1) Self explanatory. Paragraph (2) Self explanatory. Paragraph (3) Self explanatory. Paragraph (4)

• 9 - Fictitious accounts shall include Customer accounts registered under a name that is not in accordance to the information described in the Customer identity documents. Paragraph (5) Business relationship shall include the use of banking services through electronic medias. To ensure the legitimacy of a prospective Customer identity, Banks may be represented by other party that acts on behalf of the Bank and understands the basic principles of APU and PPT.. Paragraph (6) Self explanatory. Article 12 Self explanatory. Article 13 Paragraph (1) Letter a Number 1) Letter a) Self explanatory. Letter b) Self explanatory. Letter c) Self explanatory.

• 10 - Letter d) This information shall only be required for individual Customers whose residency address differs from the address described in the identity card Letter e) Self explanatory. Letter f) Self explanatory. Letter g) Information on occupation shall include name of company/institution, address of company/institution and the job position. Letter h) Self explanatory. Letter i) Self explanatory. Number 2) Self explanatory. Number 3) Self explanatory. Number 4) Self explanatory. Number 5) Self explanatory. Number 6) Self explanatory.

• 11 - Letter b Number 1) Self explanatory. Number 2) Operational licenses shall include other licenses that are equal to that of operational license, issued by an authorized agency. Number 3) Self explanatory. Number 4) Self explanatory. Number 5) Self explanatory. Number 6) Self explanatory. Number 7) Self explanatory. Number 8) Self explanatory. Number 9) Other information shall mean other information that may be used by the Bank in order to better discern the profile of a potential corporate Customer. Paragraph (2) Letter a Provisions in this paragraph shall apply to intermediaries or parties that obtained a power of attorney from Customers to

• 12 - perform transaction on behalf of the Customer, which transaction is classified as extraordinary or suspicious.. Letter b Self explanatory. Letter c Self explanatory. Article 14 Supporting documents for the identity of individual Customers who is an Indonesia National shall be the National Identity Card (KTP), Driver License (SIM), Tax Register Number (NPWP), or a valid passport. Whilst, supporting documents for the identity of individual Customers who is a foreign national shall be passports accompanied by Temporary Residence Permit in accordance to immigration provisions. Temporary Residence Permit may be substituted with other documents that can provide assurances to the Bank regarding the profile of the foreign national Customer concerned, such as reference letter from an individual who is an Indonesian National or from an Indonesian company/agency/government concerning the profile of the Customer concerned. Article 15 Paragraph (1) Supporting documents for Customers that is a body corporate shall be: a. Deed of establishment and/or articles of association of the company; and

• 13 - b. Operational licenses or other licenses issued by an authorized agency. For example: operational license from Bank Indonesia for Foreign Exchange Houses and Remittance Services, or a business license from the Ministry of Forestry for businesses in forestry/wood industry. Letter a Number 1) Customers classified as micro and small businesses enterprise are Customers who are a body corporate that meets the criteria of micro and small enterprise as stipulated in regulations concerning Micro, Small, and Medium Enterprise . Number 2) Self explanatory. Number 3) Self explanatory. Letter b Number 1) Description of business activity of a company shall include information regarding business sector, profiles of customers, business location and business phone number. Number 2) Self explanatory. Number 3) Self explanatory. Number 4) Members of the Board of Directors authorized to represent a company in engaging transactions with the Bank shall

• 14 - mean members of Directors who have an authorized signature. Paragraph (2) Self explanatory. Article 16 Paragraph (1) Self explanatory. Paragraph (2) Letter a Self explanatory. Letter b Associations shall include, non government organizations, religious associations, political parties, non-profit organizations. Article 17 Self explanatory. Article 18 Paragraph (1) Beneficial Owner in this paragraph shall include other Beneficial Owners related with a potential Customer or WIC, if there are more than one Beneficial Owners. Paragraph (2) If a Beneficial Owner is classified as PEP, then CDD procedure implemented shall be CDD procedure for PEP.

• 15 - Article 19 Paragraph (1) Letter a Self explanatory. Letter b Number 1) Self explanatory. Number 2) The ultimate owner or ultimate controller of a company, foundation or association shall be individuals who are, based on the Bank’s assessments, have and/or performs ultimate control in management decisions of such company. Identity documents of the ultimate owner/ultimate controller may be in the form of a statement or other documents containing information on the identity of the ultimate owner/ultimate controller. Number 3) Self explanatory. Paragraph (2) Self explanatory. Paragraph (3) Self explanatory. Paragraph (4) Self explanatory.

• 16 - Article 20 Letter a Government agencies referred to in this letter shall cover Government Agencies of the Republic of Indonesia and foreign government agencies. Letter b Self explanatory. Article 21 Paragraph (1) To ensure legitimacy of the identity of an individual Customer, the identity documents shall be in the form of valid documents containing a self picture issued by an authorized agency.. Paragraph (2) Self explanatory. Paragraph (3) More than one document identity shall mean, other than the National Identity Card, passport or driver license.. Paragraph (4) Self explanatory. Paragraph (5) Certain conditions shall include: a. Completeness of documents may not be met at the time a business relation is about to be conducted, for example due to documents still in process.; and b. if the risk level of potential Customer is low.

• 17 - Paragraph (6) Self explanatory. Article 22 Paragraph (1) This includes Risk level of a Customer’s country of origin. Letter a In this case, the account is an account owned by a company used for the periodic payment of employees’ salaries. Letter b Public companies referred to in this letter are companies listed in the stock exchange whereby information regarding the identity of the company and the Beneficial Owner of the company are published to the public.. Letter c Self explanatory. Letter d Self explanatory. Paragraph (2) Prepared list shall, among other, contain information regarding reasons for determination of risk, hence, being classified as low risk. Paragraph (3) Self explanatory. Paragraph (4) Self explanatory. Paragraph (5) Self explanatory. Paragraph (6)

• 18 - Self explanatory. Article 23 Self explanatory. Article 24 Paragraph (1) Classification of high risk category shall be conducted in accordance to the provisions of PPATK that governs guidelines for the identification of products, customers, businesses, and high risk countries for provider of financial services and guidelines concerning the identification of suspicious financial transactions related to the financing of terrorism for financial service providers. Paragraph (2) Preparation of a separate list shall be for the purpose of simplifying identification and monitoring.. Paragraph (3) Letter a Relevant parties shall mean: a. Company that is owned or managed by PEP; b. Family of PEP until the second layer; and/or c. Parties who are commonly and publicly known to have a close relationship with PEP. Letter b Self explanatory.

• 19 - Paragraph (4) Letter a High risk banking products shall include funds transfer, private banking, internet banking. Letter b High risk countries shall include countries identified as Tax Haven such as the British Virgin Island. Letter c Self explanatory. Paragraph (5) A senior officer shall mean an officer of the Bank having knowledge and experience on anti money laundering and financing of terrorism and holds high position within the Bank’s organization, for example division heads or department heads at the Bank’s head office or branch managers.. Paragraph (6) Letter a Self explanatory. Letter b In this case, particularly for Customers whose status changes from regular Customer to PEP or high risk, including Customers recently identified as PEP or high risk. . Article 25 Paragraph (1) Third party shall mean financial institution under the supervision of a sanctioned authority.

• 20 - Paragraph (2) Letter a CDD procedure shall include identification and verification of potential Customers. Letter b Self explanatory. Letter c Self explanatory. Letter d Information referred to in this letter shall at minimum contain information regarding full name as indicated in the identity card, , address or place and date of birth, identity card number and nationality of potential Customers. Letter e A country compliance with FATF Recommendations can be observe from the website http://www.fatf-gafi.org or http://www.apgml.org Paragraph (3) Ultimate responsibility of the identification and verification results of a potential Customer fully lies on the Bank. Paragraph (4) Self explanatory. Article 26 Self explanatory.

• 21 - Article 27 Paragraph (1) Self explanatory. Paragraph (2) Report on data updating shall include quantitative data and qualitative data. Quantitative data shall include statistics on the number of Customers whose data have been or have not been updated.. Qualitative data shall include obstacles, efforts undertaken by the Bank, and progress of such efforts. Paragraph (3) Self explanatory. Article 28 Paragraph (1) Terrorists List is a list of terrorist names recorded in the Resolution of the UN Security Council 1267. Banks may actively update Terrorist List based on the database of Terrorist List publish through internet media such as the UN http://www.un.org/sc/committees/1267/consolist.shtml or other common sources. Paragraph (2) Self explanatory. Paragraph (3) Other information shall include place and date of birth as well as the Customer’s address.

• 22 - Paragraph (4) A Customer’s name shall include Customer aliases. Other information shall include place and date of birth as well as the address. Article 29 Paragraph (1) Self explanatory. Paragraph (2) Transactions atypical from the Customer risk profile are transactions as stipulated in the Act concerning the Crime of Money Laundering. Paragraph (3) Self explanatory. Paragraph (4) Information concerning the adequacy of a Country’s APU and PPT program may be obtained from published information by foreign authorities such as the Financial Action Task Force on Money Laundering (FATF), Asia Pacific Group on Money Laundering (APG), the United Nations, etc. Article 30 Self explanatory. Article 31 Paragraph (1) Letter a

• 23 - Information on profiles of the Sender Bank and/or Intermediary Bank shall include the compositions of the Board of Directors and the Board of Commissioners, business activities, and generated income. Letter b In analyzing the reputation of Recipient Banks and/or Intermediary Banks, Banks are required to scrutinize negative reputation such as sanctions that have been imposed by the authority against such Banks and/or Intermediary Banks, in relation with violation of provisions issued by the authorities and/or FATF Recommendations. Letter c Level of compliance of a country’s APU and PPT Program may be observed from the risk rating of the country where the Bank resides regarding the possibilities of money laundering and/or financing of terrorism as issued by FATF or Asia Pacific Group on Money Laundering (APG). Letter d Other relevant information shall include: a. Ownership, controlling and structure of management, to ascertain the existence of PEP within the ownership structure or as controllers; b. financial position of the Recipient Bank and/or Intermediary Bank; and c. profiles of the principal/holding company and subsidiaries. Paragraph (2) National authorities for example are PPATK and Bank Indonesia, while foreign authorities for example are Financial Action Task Force

• 24 - on Money Laundering (FATF), Asia Pasific Group on Money Laundering (APG), the United Nations (UN), etc. Article 32 Self explanatory. Article 33 Payable Through Accounts are correspondent accounts utilized directly by third party to engange in transactions on behalf of the concerned third party. Article 34 Documentation activities shall mean documentation activities as referred to in Article 39 of this Bank Indonesia Regulation. Article 35 Paragraph (1) Letter a Documentation activities shall mean documentation activities as referred to in Article 39 of this Bank Indonesia Regulation. Sender Banks shall also include Banks that perform business activities as agent of money remittance services. Letter b Information shall mean information regarding a party who initially issued a fund transfer order. Letter c Self explanatory.

• 25 - Paragraph (2) The provisions shall exclude card utilizing transactions for the purpose of funds withdrawal through debit cards, ATM cards, as well as credit cards, in addition to payments for the purchase of goods and/or services. Article 36 Paragraph (1) Self explanatory. Paragraph (2) Information or written inquiry may be in the form of signed letters, as well as information or inquiries submitted through other electronic media.. Article 37 Self explanatory. Article 38 Self explanatory. Article 39 Paragraph (1) Documents may be administered in its original form, copies, electronic forms, microfilm or documents that may be used as evidence pursuant to prevailing laws.

• 26 - Paragraph (2) Self explanatory. Paragraph (3) Self explanatory. Article 40 Paragraph (1) To ensure effective implementation of APU and PPT program by Banks, Banks shall optimize existing Internal Audit Work Unit, among other, to perform compliance test (including the use of sample testing) towards APU and PPT related policies and procedures. Paragraph (2) Self explanatory. Article 41 Paragraph (1) Information system used must enable Banks to trace individual transactions if needed, whether for internal purpose and or Bank Indonesia, as well as in relation to judicial proceedings. Paragraph (2) Integrated Customer profiles shall mean Customer data profiles encompassing all accounts owned by an individual Customer at a Bank, such as saving accounts, deposits accounts, current accounts, and loans.. Article 42 The use of banking services as a media for committing money laundering and financing of terrorism may possibly involve the Bank’s employees.

• 27 - Hence, to prevent or to detect occurrences of money laundering conducted through Banks requires the implementation of Know Your Employee (KYE), including through screening procedures. Article 43 Self explanatory. Article 44 Paragraph (1) Self explanatory. Paragraph (2) In this case, Banks need to ensure that provisions of this Bank Indonesia regulation are less restrictive compare to provisions issued by relevant authorities in the place of jurisdiction of the Bank’s branch offices and subsidiaries abroad.. Paragraph (3) In this case, Banks need to ensure that provisions of this Bank Indonesia regulation are more restrictive compare to provisions issued by relevant authorities in the place of jurisdiction of the Bank’s branch offices and subsidiaries abroad. Paragraph (4) Self explanatory. Article 45 Letter a Action plans shall at minimum encompass implementing actions of APU and PPT programs in relation to compliance with provisions of

• 28 - this Bank Indonesia Regulation obliged to be carried out by Banks and completed within a certain time period. Matters required to be accommodated in action plans, among others, are establishing guidelines for APU and PPT, improving infrastructures related to information technology, setting up human resources and updating programs of Customers data. Bank may perform revisions of action plan on conditions there are changes occurring that are outside the control of the Bank Letter b Self explanatory. Letter c Self explanatory. Letter d Self explanatory. Letter e Self explanatory. Article 46 Self explanatory. Article 47 Self explanatory. Article 48 Self explanatory.

• 29 - Article 49 Included in cooperation with law enforcement referred to in this paragraph are submitting documents or information to law enforcement in relation to the identity of Customers suspected to engage in criminal activities categorized as predicate crime of money laundering in accordance to prevailing laws and regulations Article 50 Paragraph (1) Self explanatory. Paragraph (2) Regardless the imposition of financial penalties, Banks remains obliged to submit guidelines or reports of Suspicious Financial Transactions.. Paragraph (3) Letter a Self explanatory. Letter b Penalties shall be levied after Banks obtains 2 (two) written notices within an interval of 7 (seven) consecutive working days for each of the notices and Banks do not provide clarifications within 7 (seven) working days after the last written notice, as well as after considering affecting factors that instigate the un￾implementation of commitments . Paragraph (4) Self explanatory.

• 30 - Article 51 Self explanatory. Article 52 Self explanatory. Article 53 Self explanatory. Article 54 Self explanatory. SUPPLEMENT STATE GAZETTE OF REPUBLIC OF INDONESIA NUMBER