Regulation for Banks on Prevention of Money Laundering and Financing of Terrorism

Office of the President Bodu Thakurufaanu Magu Malé, Maldives Phone: 3323701, 3336137 Fax: 3325500 Website: Email: gazette.gov.mv@gov.mv

Regulation for Banks on Prevention of Money Laundering and Financing of Terrorism

• Documents such as laws and regulations published in the Gazette, announcements and notifications issued by government offices, and press releases are listed here. • The Gazette is published every Monday and Thursday. • The deadline for submitting documents for publication in the Monday Gazette is before 12:00 noon on the preceding Thursday. The deadline for submitting documents for publication in the Thursday Gazette is before 12:00 noon on the Tuesday of the current week. Documents are requested to be sent to the email address gazette.gov.mv@gov.mv. • Documents submitted for publication in the Gazette must be formatted in Microsoft Word.

Regulation Number: 8R2015 Volume: 44 Number: 15 Date: 24 Rabeeul Awal 1436 - 15 January 2015 Thursday

3

MALDIVES MONETARY AUTHORITY Malé, Maldives

Regulation for Banks on Prevention of Money Laundering and Financing of Terrorism

First Chapter Preliminary Provisions

This regulation is a regulation formulated and issued under Article 75(3)(h) of Act No. 10/2014 (Prevention of Money Laundering and Financing of Terrorism Act).

Definition. 1 This regulation shall be known as the "Regulation for Banks on Prevention of Money Laundering and Financing of Terrorism".

Name. 2

Commencement of Application of Regulation. 3 This regulation shall come into effect from 15 January 2015.

Scope of Application of Regulation. 4 This regulation shall apply to all banks licensed under the Banking Act of the Maldives, unless otherwise stated in this regulation.

Every bank shall comply with this regulation. Furthermore, the Board of Directors of such a bank shall ensure that the subsidiaries, branches, employees, agents, and any third parties to whom any work of such a bank has been entrusted, act in accordance with the provisions of this regulation.

Responsibility for Compliance with Regulation. 5 (a) (b) Banks may apply a risk-based approach in complying with this regulation.

Second Chapter Customer Due Diligence Measures

No bank shall maintain an account not attributable to any specific person, or an account under a name that is not attributable to any specific person, or a pseudonym.

Prohibitions. 6 (a) A bank operating in the Maldives shall not establish a business relationship with banks that are registered in a foreign country but do not have an office in that country and are not regulated by the banking regulatory authority of that country. Furthermore, if a business relationship has previously been established with such a bank, such relationship shall not be continued after the commencement of this regulation.

(b) In the following circumstances, every bank shall take the due diligence measures specified in this regulation with respect to the customer receiving goods and services.

Circumstances Requiring Customer Due Diligence. 7 (a) When establishing a business relationship with a customer receiving goods and services; (b) When conducting a single transaction or a series of linked transactions, if the amount is equal to or exceeds 50,000/- (Fifty Thousand) Rufiyaa, or if the total amount of the transaction is unknown at the time of execution but becomes known or equals the amount specified in this article; (c) When transferring funds out of the country or transferring funds within the Maldives; (d) Even if these circumstances do not require customer due diligence measures under this regulation, and regardless of the amount involved in the transaction, if there is suspicion that money laundering or terrorism financing activities are being conducted; (e) If there is suspicion that information previously obtained about the customer receiving goods and services is incomplete, or if doubts arise regarding the accuracy of such information.

(f)

In the circumstances specified in this regulation where banks are required to take due diligence measures with respect to the customer receiving goods and services, every bank shall perform the following actions.

Identification of Customers Receiving Goods and Services, Beneficial Owners, and Third Parties. 8 (a) Identify the customer receiving goods and services and verify their identity; (1) Identify the beneficial owner of the customer receiving goods and services and verify their identity based on independent source documents; and (2) Understand the purpose and nature of the business relationship. (b) In cases where a customer receiving goods and services appoints a representative to act on their behalf for establishing a business relationship or conducting a single transaction, every bank shall perform the following actions: (1) Identify the person appointed to represent the customer receiving goods and services and verify their identity based on independent source documents; and (2) Verify that the person appointed to act as a representative of the customer receiving goods and services has the authority to do so; obtain a copy of the relevant documents (such as Power of Attorney or similar official document), retain it, and verify that the copy is a true copy of the original. (c) In accordance with the provisions of Article 8(a) and (b), banks shall obtain and record the following information regarding the customer receiving goods and services, beneficial owners, and third parties, without limiting the scope to only the following information: (1) Full name and any other names used to address the person; (2) Number of the document identifying the person (e.g., National ID card number, passport number, visa number; if a legal entity, registration number or business registration number); (3) Registered address or business address, or permanent address and current address, and contact information; and (4) Place of incorporation, registered place, or nationality of the company. (d) When a bank sends funds via wire transfer upon the instruction of a wire transfer originator, it shall perform the following actions: (1) Identify the wire transfer originator and verify their identity; (2) Include details of the originator, the beneficiary, the beneficiary institution, the date and amount of the wire transfer, and the type of currency in the message; however, to ensure the information is not limited, obtain and record all necessary information related to the wire transfer; and (3) Include the originator's name, address, ID card number or passport number or work permit number, and the originator's account number or a specific number assigned to these transactions in the transfer message or payment instruction. (e) When banks provide money or value transfer services and funds are sent through the bank at the request of the originator, the following shall be completed: (1) Identify the originator and verify their identity; (2) Include details of the originator, the beneficiary, the beneficiary institution, the date and amount of the transfer, and the type of currency in the message; however, to ensure the information is not limited, obtain and record all necessary information related to the transfer; and (3) Include the originator's name, address, ID card number or passport number or work permit number, and the originator's account number or a specific number assigned to these transactions in the transfer message or payment instruction. (f) When a bank acts as a beneficiary institution receiving funds from a beneficiary, it shall establish and implement appropriate internal policies, procedures, and controls to identify the beneficiary and manage the receipt of funds. This may include situations where the bank acts as a wire transfer beneficiary. (g) When a bank acts as an intermediary in the chain of a transaction involving fund transfers, the bank shall include all required information about the originator in the transfer message sent or the payment instruction accompanying the funds. (h) If the customer receiving goods and services is a legal entity or a partnership, the bank shall determine the nature of the business and how ownership of the business is distributed. (i) If the customer receiving goods and services is a legal entity, in addition to identifying the customer, the bank shall identify the directors of the company. (j) If the customer receiving goods and services is a partnership, in addition to identifying the customer, the bank shall identify the partners of the partnership. (k) If the customer receiving goods and services is a legal arrangement, the bank shall determine the nature of the business and how ownership is distributed. In addition to identifying the customer, the bank shall identify the beneficial owners and verify their identities. (l) If the customer receiving goods and services or the beneficial owner is a government agency, the bank is only required to verify that the person is a government agency, except in cases where there is suspicion that the transaction is for money laundering or terrorism financing. (m) Banks may apply simplified due diligence measures in relationships and transactions that are considered low-risk for money laundering or terrorism financing. (n) Banks shall continuously monitor the financial transactions of the customer receiving goods and services to detect unusual or atypical financial activities, and update the information identifying the customer to verify its accuracy. (o) Before establishing a correspondent banking relationship with a foreign financial institution, banks shall fulfill the requirements specified in Article 16(f) of the Act. (p) Every bank shall verify the identity of the customer receiving goods and services and the beneficial owner based on reliable, independent source documents.

Verification of Identity. 9 Verification of identity shall be performed before establishing a business relationship or conducting a single transaction. The bank must identify and verify the identity of the customer receiving goods and services or the beneficial owner.

Timing of Verification of Identity. 10 (a) A bank may establish a business relationship before verifying the identity of the customer receiving goods and services and the beneficial owner in the following circumstances: (1) It is essential to prevent hindrance to the bank's general business; (2) It is ensured that the risk of money laundering and terrorism financing is appropriately managed; and (3) There is no suspicion of money laundering or terrorism financing. (b) If a business relationship was established before the verification of the identity of the customer receiving goods and services or the beneficial owner, the bank must complete the verification process at the earliest opportunity. (c) If the due diligence measures required by this regulation cannot be completed by the bank, the bank shall not establish or maintain a business relationship or complete a single transaction. If this situation is considered a suspicious transaction, it shall be reported to the Financial Intelligence Unit as a suspicious transaction.

Failure to Complete Due Diligence Measures. 11

To mitigate risks of money laundering and terrorism financing arising from business relationships and transactions established without the customer appearing in person, banks shall establish appropriate policies and procedures.

Business Relationships and Transactions Established Without Customer Appearance. 12

In business relationships and transactions where the risk of money laundering and terrorism financing is considered high, in addition to the due diligence measures specified in this regulation, every bank shall take additional due diligence measures.

Additional Due Diligence Measures. 13 (a) Every bank shall frequently monitor customers receiving goods and services and transactions that pose a high risk of money laundering and terrorism financing. The following customers and transactions shall be considered high risk: (1) Politically Exposed Persons; (2) Persons related to countries where appropriate measures to prevent money laundering and terrorism financing are not in place; (3) Business relationships and transactions established without the customer appearing in person; and (4) Other customers and transactions specified by the Authority. (b) In circumstances considered high risk for money laundering and terrorism financing, banks shall take additional due diligence measures. These measures may include, but are not limited to: (1) Obtaining additional information about the customer receiving goods and services and the beneficial owner; (2) Verifying the source of wealth and the source of funds of the customer receiving goods and services and the beneficial owner based on appropriate reliable sources; (3) Obtaining approval from senior management of the bank before establishing a business relationship with the customer receiving goods and services, or before continuing an existing business relationship; (4) Expanding the monitoring of the business relationship with the customer receiving goods and services and updating the information obtained to identify the customer and beneficial owner as required by the regulation. (c) Every bank shall take due diligence measures as required by the regulation regarding the business relationship with the customer receiving goods and services. Furthermore, the bank shall monitor transactions to ensure they are consistent with the information obtained about the customer, the risk profile, and the business activities conducted by the customer. If necessary, the bank shall determine the source of funds.

Maintaining Due Diligence Measures. 14 (a) The extent of due diligence measures taken shall be appropriate to the level of risk of money laundering and terrorism financing, considering the risk profile of the customer receiving goods and services and the type of transaction. (b) Banks shall pay special attention to transactions that are different from usual transactions, involve unusually large amounts, or are conducted in an unusual manner, if they appear to have no economic or legal purpose.

Monitoring Transactions. 15 (a) Banks shall pay special attention to business relationships and transactions with persons residing in countries that do not cooperate with international efforts to prevent money laundering and terrorism financing. This includes legal entities. The Financial Intelligence Unit shall inform banks of information regarding such countries.

Third Chapter Maintenance of Records

All banks shall retain documents and records related to business, and specifically documents and records obtained in the process of taking due diligence measures with respect to customers receiving goods and services. This includes documents and records obtained to verify the identity of customers receiving goods and services, beneficial owners, and other persons whose identity must be determined under this regulation.

Maintenance of Records. 16 (a) In addition to the information specified in Article 16(a), banks shall retain the following information and records: (1) Information obtained to identify persons and copies of documents obtained to verify identity; (2) Documents and records obtained for internal investigations related to suspicious transactions; (3) Records related to suspicious transactions reported to the Financial Intelligence Unit; and (4) Information obtained by the bank to fulfill the requirements specified in Article 16(f) of the Act before establishing a correspondent banking relationship with a foreign financial institution. (b) Records retained under this article shall be kept for the following periods: (1) Documents and records obtained in connection with a single transaction shall be kept for 5 (five) years from the date the transaction was completed. This includes information obtained to identify the customer receiving goods and services and other information obtained in connection with the single transaction. (2) Documents and records obtained in connection with a business relationship shall be kept for 5 (five) years from the date the relationship was terminated. This includes information obtained to identify the customer receiving goods and services, history of transactions, and other information and documents obtained regarding the business relationship. (3) Reports submitted to the Financial Intelligence Unit regarding suspicious transactions and related documents shall be kept for 5 (five) years from the date the report was submitted to the Financial Intelligence Unit, unless otherwise directed by the Financial Intelligence Unit.

Fourth Chapter Reporting and Monitoring

Every bank shall submit information to the Financial Intelligence Unit as directed by the Unit in fulfilling its responsibilities and tasks under the Act.

Sending Information to Financial Intelligence Unit. 17

Reporting Suspicious Transactions. 18 (a) If a bank suspects that specific funds or goods are proceeds of crime, or are related to money laundering or terrorism financing activities, or if there are grounds for such suspicion, the bank shall report this to the Financial Intelligence Unit as soon as possible and within 3 (three) working days without delay. (b) If a bank suspects that specific funds or goods belong to persons specified below, or are related to such persons, or if there are grounds for such suspicion, the bank shall report this to the Financial Intelligence Unit as soon as possible and within 3 (three) working days without delay: (1) Persons specified by the United Nations Security Council under Chapter Seven of the Charter of the United Nations; and (2) Other persons specified by the Financial Intelligence Unit.

Suspension of Transactions. 19 (a) No transaction that is suspected to be related to money laundering or terrorism financing activities, or related to proceeds of crime, shall be conducted by a bank after providing information to the Financial Intelligence Unit, unless directed otherwise by the Financial Intelligence Unit. (b) If the Financial Intelligence Unit considers a transaction reported under Article 19(a) to involve a serious or urgent matter, it may order the bank to hold the transaction for a period not exceeding 72 (seventy-two) hours. (c) If conducting the transaction specified in Article 19(a) is impossible, or if suspending the transaction would hinder efforts to identify the beneficiary, the bank shall immediately inform the Financial Intelligence Unit after conducting the transaction. (d) Every bank shall report transactions involving cash funds of 200,000/- (Two Hundred Thousand) Rufiyaa or more, and transactions involving foreign cash funds of an equivalent amount or more, or transactions of an amount specified by the Authority, and linked transactions...