Pakistan Post (AML and CFT) Regulations 2020

TO BE PUBLISHED IN GAZETTE OF PAKISTAN EXTRA-ORDINARY Government of Pakistan Ministry of Communications Pakistan Post (AML and CFT) Supervisory Board Islamabad, the 30th September, 2020

S.R.O. No. 949(i)/2020. - In exercise of the powers conferred by clause (c) of sub-section (2) of section 6A of the Anti-Money Laundering Act, 2010 (VII of 2010), the Pakistan Post (AML and CFT) Supervisory Board is pleased to make the following Regulations, namely:-

Chapter-I

1. Short Title, Extent and Commencement. - 1) These regulations shall be called the Pakistan Post (AML and CFT) Regulations, 2020.

2. These Regulations shall apply to Pakistan Post.
3. These Regulations shall come into force at once.

2. Definitions. - (1) In these Regulations, unless there is anything repugnant in the subject or context, - (a) "AML and CFT" means Anti-Money Laundering and Countering Financing of Terrorism; (b) "AML Act" means the Anti-Money Laundering Act, 2010 (VII of 2010), as amended from time to time; (c) "Client" or "Customer" means any person or legal arrangement engaging for the purposes of requesting, acquiring, or using any products or services or carrying out any transaction or business with Pakistan Post; (d) "Close associate" of a PEP means: (i) an individual known to have joint beneficial ownership of a legal person or a legal arrangement or any other close business relationships with a PEP; or (ii) any individual(s) who have beneficial ownership of a legal person or a legal arrangement which is set up for the benefit of a PEP; or (iii) an individual who is reasonably found or believed to be closely connected with a PEP for any other reason, either socially or professionally; (e) "Enhanced Due Diligence" or "EDD" means taking additional CDD measures and may include the measures set out in sub-regulation (17) of regulation 4; (f) "FATF" means the Financial Action Task Force; (g) "Family member" of a PEP includes— (i) a spouse of the PEP; (ii) lineal descendants and ascendants of the PEP; (h) "Financial Services" means the financial services offered by Pakistan Post, which include but not limited to savings bank services, payment of pension, money remittance, collection of utility bills and other such services under agency functions. (i) "ML" means Money Laundering; (j) "MoI" means Ministry of Interior, Government of Pakistan. (k) "MoFA" means Ministry of Foreign Affairs, Government of Pakistan. (l) "NACTA" means National Counter Terrorism Authority, Government of Pakistan; (m) "Pakistan Post" means the Pakistan Post Office Department (PPOD), an attached department of Ministry of Communications, Government of Pakistan including its circles, associated with issuance, management, marketing, registration, replacement, sale and discharge of Financial Services. (n) "Politically Exposed Person" or "PEP" means any individual who is or has been entrusted with a prominent public function in Pakistan, a foreign country or an international organization and includes but it is not limited to (i) Heads of states, heads of governments, Ministers and Deputy or Assistant Ministers; (ii) Members of Parliament or Provincial Assembly or National Assembly; (iii) Members of Supreme Courts, of constitutional courts or of any judicial body the decisions of which are not subject to further appeal except in exceptional circumstances; (iv) Government employees of BPS-21 or equivalent and above; (v) Ambassadors; (vi) Military officers with a rank of Lieutenant General or higher and its similar rank in other services; (vii) Directors and Members of the board or secretary or equivalent function of an international organization; (viii) Members of the governing bodies of political parties; (ix) Members of the board or equivalent function in corporations, departments or bodies that are owned or controlled by the state. (o) "Reasonable measures" means appropriate measures which are commensurate with the money laundering or terrorist financing risks; (p) "Senior Management" means officers of Pakistan Post holding positions as Director General, Additional Directors General, Dy. Directors General, Postmasters General, General Managers or equivalent officers (q) "Simplified Due Diligence" or "SDD" means taking reduced CDD and may include the measures set out in sub-regulation (20) of regulation 4; (r) "SRO" means Statutory Regulatory Order; (s) "STR" means Suspicious Transaction Report; (t) "Supervisory Board" means Pakistan Post (AML and CFT) Supervisory Board constituted under Pakistan Post (AML and CFT) Rules, 2020, as amended from time to time; (u) "TF" means financing of terrorism; (v) "UNSC Act" means United Nations (Security Council) Act, 1948 (XIV of 1948), as amended from time to time; (2) The words and expressions used in these regulations but not defined herein shall have the meanings assigned thereto in the AML Act, as amended from time to time.

Chapter-II

Risk Assessment and Mitigation

3. Measures of risk mitigation.- (1) Pakistan Post shall take appropriate steps to identify, assess, and understand its risks (for customers, countries or geographic areas; and products, services, transactions or delivery channels), including: (a) documenting its risk assessments; (b) considering all relevant risk factors before determining what is the level of overall risk and the appropriate level and type of mitigation to be applied; (c) keeping these assessments up to date; and (d) having appropriate mechanisms to provide risk assessment information to Supervisory Board. (2) Pakistan Post shall: (a) have policies, controls and procedures, which are approved by Senior Management, to enable them to manage and mitigate the risks that have been identified in its risk assessment and any other risk assessment publicly available or conducted by Supervisory Board; (b) monitor the implementation of those controls and to enhance them if necessary; (c) take appropriate measures to manage and mitigate the risks where higher risks are identified. (3) Pakistan Post may take SDD measures to manage and mitigate risks if lower risks have been identified. SDD measures shall not be permitted whenever there is a suspicion of ML and TF. (4) Pakistan Post shall: (a) identify and assess the ML and TF risks that may arise in the development of new products and business practices, including new delivery mechanism, and the use of new and developing technology for new and existing products. (b) prior to the launch or use of products, practices or technologies, undertake the risk assessment and take appropriate measures to manage and mitigate the risks.

Chapter-III

Customer and Beneficial Owner Identification and Verification

4. Identification and verification.- (1) Pakistan Post shall: (a) conduct CDD in the circumstances and matters set out in sub-section (1) of section 7A of AML Act; and (b) for the purposes of conducting CDD as required under sub-section (2) of section 7A of the AML Act in the circumstances set out under sub-section (1) of the said section 7A, Pakistan Post shall comply with sub-regulations (2) to (18) of regulation 4. (2) Pakistan Post shall: (a) Identify the customer; and (b) Verify the identity of that customer using reliable and independent documents, data or information as set out in sub-regulation (9) of regulation 4. (3) Where the customer is represented by an authorized agent or representative, Pakistan Post shall: (a) Identify every person who acts on behalf of the customer; (b) Verify the identity of such person by using reliable and independent documents, data or information as set out in sub-regulation (9) of regulation 4; and (c) Verify the authority of the person who is acting on behalf of the customer. (4) Pakistan Post shall also identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owner by using reliable and independent documents, data or sources of information as set out in sub-regulation (9) of regulation 4, such that Pakistan Post is satisfied that it knows who the beneficial owner is. (5) For customers that are legal persons or legal arrangements, Pakistan Post shall understand the nature of such customer's business and its ownership and control structure. (6) For customers that are legal persons or legal arrangements, Pakistan Post shall identify the customer and verify its identity by obtaining the following information, in addition to the information required in sub-regulation (9) of regulation 4, namely: (a) name, legal form and proof of existence; (b) the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement; and (c) the address of the registered office and, if different, a principal place of business. (7) For customers that are legal persons, Pakistan Post shall identify and take reasonable measures to verify the identity of beneficial owners by: (a) identifying the natural person(s) (if any) who ultimately has a direct or indirect controlling ownership interest (as defined under relevant laws) in a legal person; and (b) to the extent that there is doubt under clause (a) as to whether the person(s) with the controlling ownership interest is the beneficial owner(s) or where no natural person exerts control through ownership interests, the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means; and (c) where no natural person is identified under clause (a) or clause (b), the identity of the relevant natural persons who hold the positions of senior management. (8) For customers that are legal arrangements, Pakistan Post shall identify and take reasonable measures to verify the identity of beneficial owners as follows: (a) for trusts, the identity of the settler, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other natural person(s) exercising ultimate effective control over the trust, including through a chain of control/ownership; (b) for waqfs and other types of legal arrangements, the identity of persons in equivalent or similar positions as specified in clause (a). (c) Where any of the persons specified in clause (a) or clause (b) is a legal person or arrangement, the identity of the beneficial owner of that legal person or arrangement shall be identified. (9) For the purposes of verification of identity of customers or beneficial owners as required in sub-regulations (2) to (8), reliable and independent documents, data or sources of information includes: (a) For a natural person, a copy of: (i) Computerized National Identity Card (CNIC) issued by NADRA; or (ii) National Identity Card for Overseas Pakistanis (NICOP) and/or Passport issued by NADRA for Nonresident / overseas Pakistanis or those who have dual nationality; or (iii) Pakistan Origin Card (POC) issued by NADRA and/or Passport for Pakistanis who have given up Pakistan nationality; or (iv) Form B or Juvenile card issued by NADRA to children under 18 years of age; or (v) where the natural person is a foreign national, either an Alien Registration Card (ARC) issued by NADRA or a Passport having valid visa on it or any other proof of legal stay along with passport. (b) For a legal person, a certified copy of: (i) resolution of board of directors for opening of account specifying the persons authorized to open and operate the account (not applicable for single member company); (ii) memorandum of association; (iii) articles of association, wherever applicable; (iv) certificate of incorporation; (v) Securities and Exchange Commission of Pakistan (SECP) registered declaration for commencement of business as required under the Companies Act, 2017 (XIX of 2017), as applicable; and (vi) list of directors required to be filed under the Companies Act, 2017 (XIX of 2017), as applicable; (vii) identity documents as per clause (a) above of all the directors, beneficial owners and persons authorized to open and operate the account(s). (viii) any other documents as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the details and nature of its activities, sources and usage of funds in order to assess the risk profile of the prospective customer; (c) For a legal arrangement, certified copies of - (i) the instrument creating of the legal arrangement; (ii) registration documents and certificates; (iii) the legal arrangement's by-laws, rules and regulations; (iv) documentation authorizing any persons to open and operate the account; (v) identity documents as per clause (a) of sub-regulation (9) of the authorized persons, beneficial owners and of the members of governing body of the legal arrangement; and (vi) any other documents as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the subject of the trust, the details and nature of its activities, sources and usage of funds in order to assess the risk profile of the prospective customer; (d) In respect of government institutions and entities not covered above: (i) CNICs of the authorized persons; and (ii) letter of authorization from the concerned authority. (10) Pakistan Post shall verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting occasional transactions. (11) Pakistan Post may complete the verification of the identity of the customer and the beneficial owner after the establishment of the business relationship, provided that: (a) this occurs as soon as reasonably practicable; (b) this is essential not to interrupt the normal conduct of business; and (c) the risks are proven to be low. (12) Pakistan Post shall have and implement risk management procedures concerning the conditions under which a customer may utilize the business relationship prior to verification. (13) Pakistan Post shall conduct ongoing due diligence on the business relationship, including: (a) scrutinizing transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with Pakistan Post's knowledge of the customer, their business and risk profile, including where necessary, the source of funds; and (b) undertaking reviews of existing records and ensuring that documents, data or information collected for the CDD purposes are kept up-to-date and relevant, particularly for higher risk categories of customers. (14) Pakistan Post shall apply CDD requirements to existing customers on the basis of materiality and risk, and shall conduct ongoing due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of the data and documents previously obtained. (15) Pakistan Post shall apply the countermeasures sanctioned by the Federal Government, pursuant to recommendations by the National Executive Committee when required. (16) Pakistan Post shall apply EDD in the following circumstances, including but not limited to: (a) business relationships and transactions with customers when the ML and TF risks are higher; (b) business relationships and transactions with natural persons or legal persons and legal arrangements from countries for which this is called for by the FATF; and (c) PEPs and their close associates and family members. (17) EDD measures may include, but shall not be limited to, the following measures: (a) Obtaining additional information on the customer (e.g. volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner; (b) Obtaining additional information on the intended nature of the business relationship; (c) Obtaining information on the source of funds or source of wealth of the customer; (d) Obtaining information on the reasons for intended or performed transactions. (e) Obtaining the approval of Senior Management to commence or continue the business relationship; and / or (f) Conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination. (g) Conducting enhanced verification of identity using biometric verification (18) In relation to clause (c) of sub-regulation (16), Pakistan Post shall: (a) implement appropriate risk management systems to determine if a customer or a beneficial owner is a PEP or a close associate or family member of a PEP, both prior to establishing a business relationship or conducting a transaction, and on an on-going basis throughout the course of the business relationship; (b) at a minimum, apply the following EDD measures: (i) obtain approval from Senior Management to establish or continue a business relationship where the customer or a beneficial owner is a PEP, close associate or family member of a PEP or subsequently becomes a PEP, close associate or family member of a PEP; (ii) take reasonable measures to establish the source of wealth and the source of funds of customers and beneficial owners identified as a PEP, close associate or family member of a PEP; and (iii) conduct enhanced ongoing monitoring of business relations with the customer or beneficial owner identified as a PEP, close associate and family member of a PEP. (19) Pakistan Post may allow the application of SDD when identifying and verifying the identity of a customer or beneficial owner only where lower risks have been identified through an adequate analysis through its own risk assessment and any other risk assessments publicly available or provided by Supervisory Board in accordance with sub-regulation (3) of regulation 3 and commensurate with the lower risk factors. (20) SDD measures may include but shall not be limited to: (a) Verifying the identity of the customer and the beneficial owner after the establishment of the business relationship; (b) Reducing the degree of on-going monitoring and scrutinizing transactions; (c) Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship but inferring the purpose and nature from the type of transactions or business relationship established.

Chapter-IV

Reliance on Third Parties

5. Reliance on third party.- (1) Pakistan Post may rely on third party, as provided under section 7B of the AML Act, for identification of customer as set out in sub-regulation (1) to (10) of regulation 4, provided that Pakistan Post: (a) will remain liable for any failure to apply such indicated CDD measures above; (b) immediately obtain from the third party the required information and documents concerning CDD as set out in sub-regulation (9) of regulation 4; (c) the third party shall keep copies of identification information and documents as set out in clause (b) of sub-regulation (1); and (d) satisfies itself that the third party is supervised by an AML and CFT regulatory authority or an equivalent foreign authority and has measures in place for compliance with AML Act obligation of CDD and record keeping. (2) In addition to sub-regulation (1), when determining in which country a third party may be based, Pakistan Post shall have regard to available information on the level of country risk and in line with instructions by Supervisory Board.

Chapter-V

Internal Controls

6. Internal controls.- (1) In order to implement compliance programs, as required under Section 7G of AML Act, Pakistan Post shall have and implement the following internal policies, procedures and controls: (a) compliance management arrangements, including the appointment of a compliance officer at the management level, as the individual responsible for Pakistan Post compliance with these Regulations; (b) screening procedures when hiring employees to ensure the integrity, conduct, skills, and expertise of such employees to carry out their functions effectively; (c) an ongoing employee training program; and (d) an independent audit function to test the system. (2) For the purposes of complying with clause (d) of sub-regulation (1), testing the system includes an assessment of the adequacy and effectiveness of the policies, controls and procedures adopted by Pakistan Post to comply with the requirements of these Regulations and to make recommendations in relation to those policies, controls and procedures.

Chapter-VI

Targeted Financial Sanctions (TFS) Obligations

7. Targeted financial sanctions and obligations.- (1) In order to comply with TFS obligations under UNSC Act and/or Anti-Terrorism Act and any regulations made thereunder, as required under Section 7H of AML Act, Pakistan Post shall: (a) Develop mechanisms, processes and procedures for screening and monitoring customers and potential customers and beneficial owners of customers to detect any matches or potential matches with designated/proscribed persons in the SROs and Notifications issued by MoFA, NACTA and MoI. (b) If, during the process of screening or monitoring of customers or potential customers, a positive or potential match is found, Pakistan Post shall: (i) freeze the relevant funds and assets, without delay, in accordance with the respective SRO; (ii) not provide any services, property or funds to the person in question in accordance with the respective SRO; and (iii) reject the transaction or attempted transaction or the on boarding of the customer, if the relationship has not commenced. (2) In all cases referred to in clause (b) of sub-regulation (1), Pakistan Post shall report the results of, and actions taken based on, screening against the respective designations/prescriptions as well as attempted transactions to Supervisory Board and FMU. (3) Implement any other TFS-related obligations under the AML Act 2010, UNSC Act, 1948 and Anti-Terrorism Act, 1997 and any regulations made there under.

Chapter-VI

Reporting of STR and CTR

8. Reporting of STR and CTR.- (1) If Pakistan Post suspects or has reasonable grounds to suspect that funds are the proceeds of criminal activity or money laundering or related to terrorist financing it should promptly report the suspicious transactions, including attempted transactions, regardless of their value or amount, to the FMU through a STR as per the format prescribed by FMU as required under AML Act. (2) Pakistan Post shall file a CTR with FMU, as per format prescribed by FMU, for every currency transaction exceeding such amount as may be specified by the National Executive Committee by Notification in the official Gazette as required under sub-section (3) of section 7 of AML Act.

Chapter-VII

Record Keeping

9. Record keeping.- (1) The records maintained by Pakistan Post as set out in Section 7C of the AML Act shall be sufficient to permit reconstruction of individual transactions including the nature and date of the transaction, the type and amount of currency involved and the customer involved in the transactions so as to provide, when necessary, evidence for prosecution of criminal activity. (2) Where transactions, customers or instruments are involved in litigation or where relevant records are required by a court of law or other competent authority, Pakistan Post shall retain such records until such time as the litigation is resolved or until the court of law or competent authority indicates that the records no longer need to be retained. (3) The records of identification data obtained through CDD process, including copies of identification documents, account opening forms, Know Your Customer forms, verification documents, other documents and result of any analysis along with records of account files and business correspondence, shall be maintained for a minimum period of five years after termination of the business relationship. (4) Pakistan Post shall promptly provide any records, documents or information upon request from Supervisory Board, any investigating or prosecuting agency, or the FMU, as required under Section 25 of AML Act.

Chapter-VIII

Sanctions

10. Sanctions.- Any violation of any of provisions in these regulations will be subject to sanctions in accordance with the Rules regulating AML/CFT Sanctions 2020 and imposed by Supervisory Board according to clause (h) of sub-section (2) of Section 6A of AML Act.