Regulation on Prevention of Money Laundering and Financing of Terrorism for Securities Related Businesses

Regulation Number: 24R2016

• Regulations and rules shall be published in the Gazette on Mondays and Thursdays of each week. • The deadline for submitting regulations and rules for publication in the Monday Gazette is before 12:00 noon on the Thursday of the previous week. The deadline for submitting regulations and rules for publication in the Thursday Gazette is before 12:00 noon on the Tuesday of the current week. • Requests for publication of regulations and rules in the Gazette should be sent to: legalaffairs@po.gov.mv

Office of the President Bodu Tharufaanu Magu Malé, Maldives Phone: 6334 333 Fax: 0274 331 Website: www.mv.gov.gazette Volume: 45 Number: 51 Date: 27 Jumada al-Akhirah 1437 - 5 April 2016 Tuesday

Regulation on the Conduct of Securities Related Businesses in the Prevention of Money Laundering and Financing of Terrorism

Volume: 45 Number: 51 Government Gazette

Maldives Monetary Authority Malé, Maldives.

Regulation on the Conduct of Securities Related Businesses in the Prevention of Money Laundering and Financing of Terrorism

Chapter One Preliminary Provisions

This regulation is a regulation issued under Article 75(h)(3) of Law No. 10/2014 (The Prevention of Money Laundering and Financing of Terrorism Act).

1. Introduction This regulation shall be known as "Regulation on the Conduct of Securities Related Businesses in the Prevention of Money Laundering and Financing of Terrorism".

2. Name This regulation shall come into effect from the date of its publication in the Government Gazette.

3. Commencement of Regulation This regulation shall apply to securities-related businesses holding a license issued by the Capital Market Development Authority, unless otherwise stated in this regulation.

4. Scope of Application Every licensed entity shall comply with this regulation. The Board of Directors of the licensed entity shall ensure that its subsidiaries, branches, employees, agents, and any third party entrusted with any work on behalf of the entity comply with the provisions of this regulation.

5. Compliance Licensed entities may apply a risk-based approach to compliance with this regulation.

Chapter Two Customer Due Diligence Measures

6. Prohibited Acts No licensed entity shall maintain an account not attributable to specific persons or a name not attributable to any specific person, such as a pseudonym or anonymous account.

7. Circumstances Requiring Customer Due Diligence Licensed entities shall apply the customer due diligence measures specified in this regulation to customers in the following circumstances:

(a) When establishing a business relationship with a customer; or When conducting a single transaction or linked transactions amounting to 50,000/- (Fifty Thousand) Rufiyaa or more. If the total amount of the transaction is unknown at the time of execution, due diligence measures shall be applied once the amount is known or when the total amount of linked transactions reaches the threshold specified in this Article.

(b) Even if the circumstances do not require customer due diligence under this regulation, and regardless of the transaction amount, if there is suspicion of money laundering or terrorist financing activities; or

(c) If there is suspicion that previously obtained information about the customer is incomplete or if doubts arise regarding the accuracy of such information.

8. Identification of Customers, Beneficial Owners, and Third Parties In circumstances where customer due diligence is required under this regulation, every licensed entity shall:

(a) Identify the customer and verify their identity; (1) Identify the beneficial owner of the customer and verify their identity based on independent, reliable sources; and (2) Understand the nature of the business relationship and the purpose of the single transaction.

(b) In cases where the customer has appointed a representative to establish a business relationship or conduct a single transaction, every licensed entity shall: (1) Identify the representative appointed to act on behalf of the customer and verify their identity based on independent, reliable sources; and (2) Verify the authority to act as a representative by obtaining and retaining a copy of the relevant documents (such as Power of Attorney or similar official document) and confirming that the copy is identical to the original.

(c) Licensed entities shall obtain and record information regarding customers, beneficial owners, and third parties as specified in paragraphs (a) and (b) of this Article, without limitation to the following information: (1) Full name and any other names used to address the person; (2) Number of the document indicating identity (e.g., ID card number, passport number, visa number, company registration number, or business registration number); (3) Registered address, business address, or permanent address, current address, and contact information; and (4) Country of incorporation, registration, or nationality.

(d) If the customer is a legal entity or partnership, the licensed entity must determine the nature of the business and the ownership structure.

(e) If the customer is a legal entity, in addition to identifying the customer, the licensed entity must identify the directors.

(f) If the customer is a partnership, in addition to identifying the customer, the licensed entity must identify the partners.

(g) If the customer is a legal arrangement, the licensed entity must determine the nature of the business and the ownership structure. In addition to identifying the customer, the licensed entity must identify the beneficial owners and verify their identities.

(h) If the customer or the beneficial owner is a government agency, licensed entities are only required to verify that the person is a government agency, except in cases where there is suspicion that the transaction is related to money laundering or terrorist financing.

(i) Licensed entities may apply simplified due diligence measures for business relationships or single transactions considered low-risk for money laundering or terrorist financing.

(j) Licensed entities must continuously monitor the financial transactions of customers to detect unusual or non-standard financial activities. They must update information identifying the customer and verify the accuracy of such information.

(k) Every licensed entity must verify the identity of the customer and the beneficial owner based on independent, reliable sources.

9. Verification of Identity Licensed entities must identify and verify the identity of the customer or beneficial owner before establishing a business relationship or conducting a single transaction.

10. Timing of Verification If a licensed entity fails to fully comply with the due diligence measures required by this regulation, it shall not establish or maintain a business relationship or complete a single transaction. If the situation is deemed suspicious, it must be reported as a suspicious transaction to the Financial Intelligence Unit.

11. Failure to Perform Due Diligence Licensed entities must establish appropriate policies and procedures to mitigate risks of money laundering and terrorist financing arising from business relationships and transactions established without the customer physically present at the licensed entity's office.

12. Business Relationships and Transactions Established Without Customer Presence In conducting business relationships and transactions where the risk of money laundering or terrorist financing is considered high, licensed entities must apply additional due diligence measures beyond those specified in this regulation.

13. Additional Due Diligence Measures Every licensed entity must monitor customers and transactions with a high risk of money laundering or terrorist financing. Licensed entities must specifically identify the following customers and transactions as high-risk:

(1) Politically Exposed Persons; (2) Persons related to countries where appropriate measures to prevent money laundering and terrorist financing have not been implemented; (3) Business relationships and transactions established without the customer physically present at the licensed entity's office; and (4) Other customers and transactions specified by the Authority.

In circumstances considered high-risk for money laundering or terrorist financing, licensed entities must apply additional due diligence measures, including but not limited to:

(1) Obtaining additional information regarding the customer and beneficial owner, such as the source of wealth and source of funds, based on appropriate and reliable sources; (2) Obtaining approval from senior management of the licensed entity before establishing a business relationship or maintaining an existing one with the customer; and (3) Conducting enhanced monitoring of the business relationship and updating the information obtained to identify the customer and beneficial owner as required by regulation.

Licensed entities must apply due diligence measures as required by regulation regarding the business relationship with the customer. They must monitor transactions to ensure they are consistent with the customer's previously obtained information, risk profile, and business activities. If necessary, they must determine the source of funds.

14. Maintaining Due Diligence Measures The extent of due diligence measures applied must be commensurate with the risk profile of the customer and the type of transaction, considering the level of risk for money laundering and terrorist financing.

Transactions that are unusual compared to common transactions, involve unusually large amounts, or are conducted in an unusual manner, and appear to have no economic or lawful purpose, must be scrutinized with special attention by licensed entities.

15. Monitoring Transactions If a party conducting a transaction with a licensed entity resides in a country that does not cooperate with international standards for the prevention of money laundering and terrorist financing, licensed entities must pay special attention to transactions with such parties. This includes legal entities. The Financial Intelligence Unit shall inform licensed entities about such countries.

Chapter Three Record Keeping

16. Record Keeping All licensed entities must retain documents and records related to business, specifically those obtained during customer due diligence measures. This includes documents and records used to identify customers, beneficial owners, and other persons required to be identified under this regulation.

In addition to the information specified in paragraph (a) of this Article, licensed entities must retain the following information and records:

(1) Information obtained to identify persons and copies of documents related to such information; (2) Internal investigation documents and records obtained by the licensed entity regarding suspicious transactions; and (3) Records of suspicious transactions reported to the Financial Intelligence Unit.

Records retained under this Article must be kept for the following periods:

(1) Documents and records obtained in connection with a single transaction must be kept for 5 (five) years from the date the transaction was completed. This includes information obtained to identify the customer and other information related to the single transaction. (2) Documents and records obtained in connection with a business relationship must be kept for 5 (five) years from the date the relationship was terminated. This includes information obtained to identify the customer, transaction history, and other information related to the business relationship. (3) Reports of suspicious transactions submitted to the Financial Intelligence Unit must be kept for 5 (five) years from the date of submission, unless otherwise directed by the Financial Intelligence Unit.

Chapter Four Reporting and Monitoring

17. Submission of Information to the Financial Intelligence Unit Every licensed entity must submit information requested by the Financial Intelligence Unit to fulfill its responsibilities and tasks under the Law.

18. Reporting Suspicious Transactions If a licensed entity suspects that specific funds or property are proceeds of crime, or are related to money laundering or terrorist financing activities, or if there are grounds for such suspicion, it must report this to the Financial Intelligence Unit at the earliest opportunity and no later than 3 (three) working days after the suspicion arises or grounds are identified.

If a licensed entity suspects that specific funds or property belong to or are related to:

(1) Persons designated by the United Nations Security Council under Chapter VII of the UN Charter; or (2) Other persons designated by the Financial Intelligence Unit, it must report this to the Financial Intelligence Unit at the earliest opportunity and no later than 3 (three) working days after the suspicion arises or grounds are identified.

19. Suspension of Transactions Any transaction suspected to be related to money laundering or terrorist financing activities, or related to proceeds of crime, must not be conducted by licensed entities until the Financial Intelligence Unit gives specific instructions after the transaction information is submitted to the Financial Intelligence Unit.

If the Financial Intelligence Unit considers the matter submitted under paragraph (a) of this Article to involve a serious or urgent issue, it may order the licensed entity to suspend the transaction for a period not exceeding 72 (seventy-two) hours.

If suspending the transaction is impossible or if suspension would hinder efforts to identify the beneficial owner of the transaction, the licensed entity must immediately inform the Financial Intelligence Unit after conducting the transaction.

20. Reporting Cash Transactions Every licensed entity must report cash transactions of 200,000/- (Two Hundred Thousand) Rufiyaa or more, and foreign currency cash transactions of an equivalent amount or more, or other amounts specified by the Authority, to the Financial Intelligence Unit once a week. This also applies to the total amount of linked transactions that reach or exceed this threshold. For the purpose of this Article, cash transactions refer to transactions conducted with cash, checks, bank drafts, traveler's checks, and other bearer negotiable instruments.

21. Non-Disclosure of Information Submitted to the Financial Intelligence Unit A licensed entity, or a director, officer, or employee of a licensed entity, must not disclose to the customer or any third party under any circumstances that information regarding the customer has been or will be submitted to the Financial Intelligence Unit, or that a report regarding money laundering or terrorist financing has been or will be submitted to the Unit, or that an investigation into money laundering or terrorist financing is being or will be conducted.

Chapter Five Privileges for Reporting Entities

22. Privileges for Reporting Entities in Good Faith A licensed entity, or a director, officer, or employee of such entity, that submits reports and information in good faith in accordance with this regulation shall not be subject to any criminal or civil liability for breach of banking secrecy, professional secrecy, or contract. Nor shall administrative or corrective measures be taken against such persons.

23. Privileges for Entities Conducting Suspicious Transactions in Good Faith A licensed entity, or a director, officer, or employee of such entity, that conducts a transaction reported in good faith in accordance with the Law and this regulation shall not be subject to any criminal liability for money laundering or terrorist financing.

Privileges under this Article may be granted to any party conducting a transaction upon the request of an enforcement agency as specified in Article 27(r)(1) and Article 44 of the Law.

Chapter Six Implementing Programs for the Prevention of Money Laundering and Financing of Terrorism

Every licensed entity must implement the following to prevent money laundering and terrorist financing: