Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

BANK OF BOTSWANA

BANKING SUPERVISION DEPARTMENT

[Image of Bank of Botswana logo]

GUIDELINES ON IDENTIFICATION, MONITORING AND REPORTING OF SUSPICIOUS TRANSACTIONS

DECEMBER 20, 2021

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

TABLE OF CONTENTS

1. AUTHORITY, SCOPE AND PURPOSE ................................................................................. 3 (a) Authority ............................................................................................................................. 3 (b) Purpose of the Guidelines ................................................................................................... 3 (c) Scope ................................................................................................................................... 3
2. DEFINITION OF TERMS ..................................................................................................... 3
3. IDENTIFICATION, MONITORING AND REPORTING OF SUSPICIOUS TRANSACTIONS ..................................................................................................................... 7 (a) Customer Acceptance Policy .............................................................................................. 7 (b) Ongoing Customer Monitoring for Suspicious Transactions and Activities ....................... 11 (c) Reporting of Suspicious Transactions ................................................................................ 12
4. PROHIBITION AGAINST DISCLOSURE OF SUSPICIOUS TRANSACTION REPORTING INFORMATION TO UNAUTHORISED PERSONS ........................................ 13
5. INTERRUPTION OF TRANSACTIONS BY THE FINANCIAL INTELLIGENCE AGENCY ................................................................................................................................. 14 Annexure ..................................................................................................................................... 15

2

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

1. AUTHORITY, SCOPE AND PURPOSE

(a) Authority

1.1 These guidelines are issued by the Bank of Botswana (Bank), pursuant to its authority as provided for in Section 4(2) of the Bank of Botswana Act (Cap. 55:01). The guidelines are also issued pursuant to the Bank’s authority provided for in Section 44(1)(b) of the Financial Intelligence Act, 2019 (Cap. 08:07), (FI Act), which empowers the Bank to issue instructions or guidelines to help an institution comply with the FI Act.

(b) Purpose of the Guidelines

1.2 The purpose of these guidelines is to provide guidance for the implementation of Section 33 of the FI Act, which requires specified entities to report suspicious transactions to the Financial Intelligence Agency (FIA). The guidelines are specifically intended to provide guidance to banks, bureaux de change, micro-finance deposit-taking institutions, money or value transfer services and electronic service providers (MVTS/EPS) and any other qualifying institutions as may be determined from time to time (herein referred to as institutions) on measures to detect, monitor and report suspicious transactions.

1.3 The guidelines should not be viewed as a substitute for an institution’s own judgement based on its knowledge and experience, as well as the specific circumstances of a financial transaction, but should be read in conjunction with other standards and anti-money laundering and countering the financing of terrorism (AML/CFT) country legislations, including the FI Act and applicable regulations.

(c) Scope

1.4 These guidelines shall apply to any bank licensed by the Bank under the Banking Act (Cap. 46:04) (Banking Act); other financial institutions established under separate acts of parliament or granted exemption certificates, but falling within the purview of the Bank’s supervision in accordance with Section 53(2) of the Banking Act or their respective statutes; bureaux de change licensed by the Bank under the Bureaux de Change Regulations 2004; micro-finance deposit-taking institutions licensed or issued with an exemption certificate by the Bank; and MVTS and electronic payments service providers licensed under the Electronic Payment Services Regulations (2019); and any other qualifying institutions as may be determined from time to time.

2. DEFINITION OF TERMS

2.1 In this document, unless the context otherwise requires:

(a) Agency is the Financial Intelligence Agency established under the FI Act.

(b) Bank is the Bank of Botswana, established under the Bank of Botswana Act (Cap. 55:01).

3

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(c) Beneficial owner means a natural person who ultimately owns or controls a customer or a natural person on whose behalf a transaction is being conducted, including a natural person who exercises ultimate effective control over a legal person or arrangement,

(i) in relation to a legal person - a beneficial owner is a natural person who either directly or indirectly holds at least 10 percent of the shares, voting rights or other ownership interest, provided that to the extent that there is doubt as to whether the person identified hereunder is the beneficial owner, the natural person exercising control of the legal person through other means shall be the beneficial owner; or

(ii) is a person who holds the position of senior managing official where no natural person was identified as a beneficial owner in terms of subparagraph (i);

(iii) a natural person who, directly or indirectly, ultimately owns or controls a customer; or the natural person on whose behalf a transaction is being conducted. It also includes natural persons who exercise ultimate effective control over a legal person or legal arrangement;

(iv) a beneficial owner also means an ultimate beneficiary of proceeds of a life insurance policy or other related investment services when an insured event covered by the policy occurs; and

(v) in the case of a trust; beneficial owner is the settlor, trustee, protector if any, a beneficiary of a trust or a class of beneficiaries, where the individuals benefiting from the trust have yet to be determined or any other natural person exercising ultimate effective control over the trust by means of direct or indirect ownership or by other means, such as he or she has the power, alone or jointly with another person or with the consent of another person, to:

• dispose of, advance, lend, invest, pay or apply trust property or property of the trust;
• vary or terminate the trust;
• add or remove a person as a beneficiary or to or from a class of beneficiaries;
• appoint or remove a trustee or give another person control over the trust; or
• direct, withhold consent or to overrule the exercise of a power referred to above.

(vi) In relation to other legal arrangements similar to trusts, beneficial owner is the natural person holding equivalent or similar positions to the settlor, a trustee, a protector, or a beneficiary.

(d) Criminal activity refers to all criminal acts that would constitute a predicate offence for money laundering or, at a minimum, to those offences that would constitute a predicate offence.

4

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(e) Credible source refers to any reliable sources of information such as international institutions, authoritative publications and mutual evaluation or detailed assessment reports.

(f) Customer includes a natural person, an unincorporated body, a legal arrangement, a legal person or a body corporate who has entered into or is in the process of entering into a business relationship or carries out a single or occasional transaction with an institution. Customer identification and verification for occasional customers should be conducted for occasional customers conducting single or occasional transactions of at least P10 000.00, including situations where the transaction is carried out in a single operation or in several operations that appear to be linked.

(g) Financial offence means money laundering, financing an act of terrorism, financing of proliferation of arms of or nuclear, biological, chemical (NBC) weapons or acquisition of property from the proceeds of any other offence.

(h) Legal arrangement is an express trust or other similar arrangement.

(i) Legal person is any entity, other than natural person, created by law and recognised as a legal entity having distinct identity, legal personality, duties and rights, that can establish a relationship with a financial institution or otherwise own property. Legal person can include companies, body corporate, foundations, partnerships, or associations and similar other entities that have legal personality. In addition, legal person can include non-profit organisations (NPOs) such as churches, foundations, associations or cooperative societies.

(j) Money laundering offence has the same meaning assigned to it under the Proceeds and Instruments of Crime Act (Cap. 08:03) and means:

(i) engaging, directly or indirectly, in a transaction that involves money, or other property, that is, the proceeds of a serious offence, whether committed in Botswana or elsewhere; or

(ii) receiving, in possession of, concealing, disguising, transferring, converting, disposing of, removing from or bringing into Botswana any property which, in whole or in part, directly or indirectly represents the proceeds of any crime, where she or he knows, suspects or has reasonable grounds for knowing or suspecting, that the property is derived or realised, in whole or in part, directly or indirectly from any confiscation offence or foreign serious crime-related activity.

(k) Money laundering offence refers not only to the primary offence or offences but also to predicate or ancillary offences.

(l) Predicate offence means, among others,

• participation in an organised criminal group and racketeering;
• trafficking in human beings and migrant smuggling;

5

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

• sexual exploitation, including sexual exploitation of children;
• illicit trafficking in narcotic drugs and psychotropic substances;
• illicit arms trafficking;
• illicit trafficking in stolen and other goods;
• corruption and bribery;
• fraud;
• counterfeiting currency;
• counterfeiting and piracy of products;
• murder, grievous bodily injury;
• kidnapping, illegal restraint and hostage-taking;
• robbery or theft;
• smuggling (including in relation to customs and excise duties and taxes);
• tax crimes (related to direct taxes and indirect taxes);
• extortion;
• forgery;
• piracy; and
• insider trading and market manipulation.

(m) Property has the same meaning assigned to it under the FI Act and it means money or any other movable, immovable, corporeal or unincorporeal thing whether located in Botswana, or elsewhere and includes any rights securities and any interest in privileges and claims over that thing.

(n) Suspicious transaction has the same meaning assigned to it under the FI Act and means a transaction which

(i) is inconsistent with a customer’s known legitimate business, personal activities or with the normal business for the type of account which the customer holds;

(ii) gives rise to a reasonable suspicion that it may involve the commission of financial offence;

(iii) gives rise to a reasonable suspicion that it may involve property connected to the financing of an act of terrorism, or to be used to finance an act of terrorism or proliferation of arms of war or NBC weapons, whether or not the property represents the proceeds of an offence;

(iv) is made in circumstances of unusual or unjustified complexity;

(v) appears to have no economic justification or lawful objective;

(vi) is made by or on behalf of a person whose identity has not been established to the satisfaction of the person with whom the transaction is made;

(vii) gives rise to a feeling of apprehension or mistrust about its legality;

(viii) gives a suspicion that a transaction may relate to activities prohibited by the law; or

6

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(ix) gives rise to suspicion for any other reason.

(o) Terrorist means a person who commits an act of terrorism or is a member of a terrorist group.

(p) Act of terrorism has the same meaning as defined in the Counter-Terrorism Act, 2014.

(q) Terrorist financing refers to the financing of terrorist acts and also terrorist organisations or individual terrorists, even in the absence of a link to a specific terrorist act or acts.

(r) Terrorist group means a structured group of two or more persons, existing for a period of time and acting in concert with the aim of committing acts of terrorism.

(s) Transaction is an arrangement between a customer and a financial institution or accountable institution and includes a deposit, withdrawal or transfer between accounts, opening an account, issuing a passbook, renting a safe deposit box, exchange of currency, extension of credit; purchase and sale of any stock, bond, certificate of deposit or other monetary instrument or investment security or any other payment; transfer or delivery by or through or to any person by whatever means effected; an arrangement between persons; or a proposed transaction.

(t) Ultimate effective control means where ownership and control are exercised through a chain of ownership or by means of control other than direct.

(u) Ultimate control means the ability to make binding decisions and impose resolutions. Control can be acquired by several means (for example, owning a controlling block of shares).

(v) Verify means establishing the truth of information received from the customer on the basis of documents or information obtained from a reliable source which is independent of the person whose identity is being verified.

3. IDENTIFICATION, MONITORING AND REPORTING OF SUSPICIOUS TRANSACTIONS

(a) Customer Acceptance Policy

3.1 An institution should develop and implement clear customer-acceptance policies and procedures to identify the types of customers that are likely to pose higher risk of money laundering and terrorist financing.

3.2 Such policies and procedures should require basic due diligence for all customers and commensurate due diligence as the level of risk associated with the customer varies.

7

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

3.3 Institutions should collect customer information to facilitate the understanding of the purpose and intended nature of the business relationship or transaction.

3.4 Where, in accordance with an institution’s money laundering and terrorist financing and proliferation financing (ML/TF/PF) risk assessment, risk is assessed to be low, simplified customer due diligence (CDD) measures may be applied.

3.5 When conducting CDD for customers rated low risk, institutions should conduct simplified due diligence measures, including the following:

(i) verifying the identity of the customer and beneficial owner after establishment of a business relationship;

(ii) updating CDD information every five years from the date customer information was collected;

(iii) reducing the degree of ongoing monitoring and scrutinising transactions; and

(iv) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business, but inferring the purpose from the type of transactions or business relationship established.

3.6 Simplified CDD measures are not acceptable if there is suspicion of ML/TF/PF or where specific higher-risk scenarios apply.

3.7 Where ML/TF/PF risk is assessed to be high, an institution should conduct enhanced CDD measures to mitigate and manage identified risks; and increase the degree and nature of monitoring of the business relationship to determine whether those transactions or activities appear unusual or suspicious.

3.8 When conducting CDD for customers rated high risk, the enhanced CDD measures taken by an institution should include the following:

(i) reviewing and updating documents, data, identification information of customer and beneficial owner collected during customer due diligence, every year;

(ii) collecting additional information on the intended purpose of the business;

(iii) requesting information on the sources of funds or of the wealth of the customer;

(iv) finding out reasons for the intended or performed transactions;

(v) obtaining approval of senior management to begin or continue a business relationship; and

8

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(vi) conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination. Patterns of transactions means activities that are conducted in an account, and includes deposits (cash deposits, or other electronic deposits), withdrawals from the account (over the counter-withdrawals or any other electronic platforms), in-coming and outgoing international and domestic transfers, and any other activity conducted in the account.

3.9 When assessing ML/TF risk, an institution should consider the factors relevant to the situation, such as a customer’s background, occupation, source of income and wealth, country of origin or residence, products used, nature and purpose of accounts, and linked accounts, and business activities.

3.10 Examples of potentially higher-risk ML/TF situations are as follows:

(a) Customer risk factors:

(i) the business relationship is conducted in unusual circumstances (for instance, significant unexplained geographic distance between the financial institution and the customer);

(ii) prominent influential persons;

(iii) non-resident account;

(iv) legal persons or legal arrangement that is personal asset-holding vehicles;

(v) companies that have nominee shareholders;

(vi) businesses that are cash-intensive;

(vii) the ownership of the company appears unusual or complex, given the nature of the company’s business;

(viii) companies operating in high-risk countries, including the location of the entity, the supply chain and production operations;

(ix) companies delivering products or services in high-risk countries;

(x) real estate clients;

(xi) company service providers, lawyers and accountants; and

(xii) dealers in precious metals.

9

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(b) Country or geographical risk factors:

(i) countries identified by credible sources, such as mutual evaluations or detailed assessment reports or published follow-up reports as not having adequate AML/CFT/PF systems;

(ii) countries subject to sanctions, embargos or similar measures issued by the United Nations;

(iii) countries identified by credible sources as having significant levels of corruption or other criminal activity; and

(iv) countries or geographical areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

(c) Product, service, transaction or delivery channel risk factors:

(i) private banking;

(ii) wealth management banking;

(iii) anonymous transactions, which may include cash;

(iv) non-face-to-face business relationship or transactions;

(v) payment received from unknown or un-associated third parties;

(vi) payments and proceeds related to crypto-assets and other related activities; and

(vii) product with an investment feature.

3.11 An institution’s customer-acceptance policy should define circumstances in which an institution will not accept a new business relationship or would terminate one.

3.12 When an institution is unable to complete CDD measures, it should not open the account, commence business relations or perform the transaction.

3.13 In situations where verification is completed after the establishment of the business relationship, an institution should adopt adequate risk management procedures with respect to the conditions and restrictions under which a customer may utilise the banking relationship prior to verification.

3.14 In situations where an account has been opened prior to verification, where problems of verification arise during the course of the establishment of a business relationship that cannot be resolved, an institution should close or otherwise block access to the account. In cases

10

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

where there are problems with completion of CDD measures, an institution should consider filing a suspicious activity report.

3.15 If an institution has a suspicion that transactions relate to ML/TF/PF, and that there is a risk of tip-off if enhanced CDD is performed, the institution should choose not to pursue that process, and instead conduct simplified CDD and file a suspicious activity report with FIA.

3.16 If an institution has suspicion that transactions relate to ML/TF/PF, it should file a suspicious transaction report in the format and within timelines stipulated by the FI Act. Once a suspicious transaction has been filed, an institution should monitor the account and submit monitoring reports to FIA when directed to do so by the Agency.

3.17 An institution shall ensure that the customer’s records remain accurate, up to date and relevant by undertaking regular reviews of existing records and updating the CDD information. Keeping up-to-date information enhances an institution’s ability to effectively monitor the account for unusual or suspicious activities. Moreover, keeping up-to-date records provides the competent authorities, law enforcement agencies or FIA with information necessary for performing their mandates.

(b) Ongoing Customer Monitoring for Suspicious Transactions and Activities

3.18 Ongoing customer monitoring is an important aspect of an effective and sound AML/CTF risk management. An institution can effectively manage its risks if it understands the normal and reasonable financial pattern of its customers, necessary to identify abnormal activities.

3.19 An institution should have a monitoring system that detects unusual or suspicious transactions and patterns of activity. The system should be commensurate with the size, activities and complexity as well as risks inherent in the institution’s business activities.

3.20 The system should provide business units, risk and compliance officers with timely information needed to identify, analyse, monitor and effectively report suspicious transactions. In establishing scenarios for identifying unusual activities, an institution should consider a customer’s risk profile, CDD information, and other information obtained from law enforcement and other authorities.

3.21 An institution should have mechanisms in place to identify transactions that do not reflect known economic activity, that involve large cash deposits or that are not consistent with the customer’s normal and expected transactions.

3.22 An institution should monitor cross-sectional products and services in order to identify and mitigate emerging risk patterns.

3.23 An institution’s suspicious transaction monitoring processes should be audited by an institution’s internal auditor, group internal auditor or external auditor to ensure that it is appropriate and used effectively by the bank.

11

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(c) Reporting of Suspicious Transactions

3.24 The process for identifying, analysing and reporting suspicious transactions should be clearly specified in an institution’s AML/CFT policies and procedures.

3.25 The policies and procedures should contain a clear description of obligations and instructions for the monitoring, analysis, investigation and reporting of suspicious activities as well as guidance on completion of suspicious reports.

3.26 The procedures should abide by the principle of confidentiality, ensure that the reports contain relevant, accurate information and are produced and submitted in a timely manner.

3.27 Institutions that are using automated suspicious monitoring systems are encouraged to adopt the examples (attached in the annexure) into their respective scenarios for risk monitoring.

3.28 If, during the establishment or course of a customer relationship, or when conducting occasional transactions, an institution suspects that transactions are related to money laundering or terrorist financing, the financial institution should verify the identity of the customer and the beneficial owner, whether permanent or occasional, and irrespective of any exemption or any designated threshold that might otherwise apply, submit a suspicious transaction report or suspicious activity report to FIA in accordance with the FI Act.

3.29 An institution should allocate resources focusing on areas that are highly vulnerable to ML/TF/PF risks.

3.30 In accordance with Section 12(1)(a) of the FI Act, an institution shall designate a compliance officer, at management level, who shall be in charge of the implementation of internal programmes and procedures, including maintenance of records and reporting of suspicious transactions. The compliance officer shall, at all times have timely access to customer identification data, transaction records and other relevant information necessary for identifying, analysing, monitoring and effectively reporting suspicious transactions within a reasonable timeframe.

3.31 In accordance with Section 33 of the FI Act, specified entities are required to report suspicious transactions to FIA. All suspicious transactions, including attempted transactions, should be reported regardless of the amount of the transaction.

3.32 In accordance with the FI Act, an institution shall report a suspicious transaction during the establishment a business relationship, during the course the business relationship or when conducting occasional transactions.

3.33 Suspicious transactions or suspicious activity should be reported to FIA as soon as possible, but no later than five working days. Five working days must be from the date a transaction was conducted. If the suspicion arose as a result of trends identified on a monthly basis, a suspicious transactions should be reported immediately and not later than five working days from the date an alert was triggered by the bank’s suspicious transaction monitoring system.

12

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

3.34 In accordance with Regulation 20(1) of the FI Regulations, an institution shall report an STR in the prescribed form and shall send it electronically to the Agency by means of an internet-based reporting portal provided by the agency for this purpose. A sample of an STR form is attached as an annex to the Financial Intelligence Regulations, 2019.

3.35 In terms of Regulation 20(2) of the FI Regulations, an institution that does not have the technical capability or, for any reason, unable to file a report to FIA in the manner required, shall complete the required form in writing and send it by facsimile to the Director General, at the number specified, in writing, by the Agency from time to time or hand-deliver it to the agency or send it through any other method determined by the Agency.

3.36 An institution completing an STR is required to fully complete all fields in the form with the relevant information in accordance with Section 38 of the FI Act. As much detail as possible should be provided on the circumstances giving rise to the suspicion. Where an institution encounters any difficulties in filling the STR forms or in submitting the report, such institution should contact the FIA.

3.37 An institution is required to ensure that records of every report made are kept for at least 20 years, once a suspicious transaction has been reported to the Agency.

3.38 Once a suspicion has been raised in relation to an account or relationship, in addition to reporting the suspicious activity, an institution should ensure that appropriate action is taken to adequately mitigate the risk of the institution being used for criminal activities. This may include a review of either the risk classification of the customer or account or of the entire relationship. Appropriate action may necessitate escalation to the appropriate level of decision-maker to determine how to handle the relationship, taking into account any other relevant factors, such as cooperation with law enforcement agencies or FIA.

3.39 In accordance with Section 41(1) of the FI Act, an institution that fails to make an STR commits an offence and shall be liable to a fine not exceeding P5 000 000, or suspension or revocation of a licence as may be imposed by the Bank.

3.40 A person who fails to make a report or continues with a suspicious transaction commits an offence and shall be liable to a fine not exceeding P3 000 000, or imprisonment for a term not exceeding 20 years or both in accordance with Section 41(2) of the FI Act.

4. PROHIBITION AGAINST DISCLOSURE OF SUSPICIOUS TRANSACTION REPORTING INFORMATION TO UNAUTHORISED PERSONS

4.1 In accordance with Section 41(3) of the FI Act, no person who is directly or indirectly involved in the reporting of a suspicious transaction shall disclose to any other person involved in the transaction or any unauthorised third party that the transaction has been reported.

4.2 A person who makes an unauthorised disclosure commits an offence and shall be liable to a fine not exceeding P2 000 000 or to imprisonment for a term not exceeding 15 years, or both, in accordance with Section 41(4) of the FI Act.

13

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

5. INTERRUPTION OF TRANSACTIONS BY THE FINANCIAL INTELLIGENCE AGENCY

5.1 In accordance with Section 40 of the FI Act, the Agency shall, where it has reasonable grounds to suspect that a transaction may involve the commission of a financial offence, direct the specified party or person who made the report not to proceed with the transaction for such period not exceeding 10 working days as shall be stated in the notice, in order to allow the agency to make the necessary inquiries concerning the transaction.

5.2 An institution that continues with a transaction against instructions of the agency shall be liable to a: fine not exceeding P5 000 000; a suspension or revocation of licence or registration; or both as may be imposed by the Bank.

Issued this 20th day of December, 2021

[Signature]

DIRECTOR BANKING SUPERVISION DEPARTMENT

14

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

Annexure

EXAMPLES OF POTENTIALLY SUSPICIOUS TRANSACTIONS¹

1. INTRODUCTION

1.1 The annexure provides examples of potentially suspicious activities, or "red flags", for money laundering and terrorist financing. These lists are not exhaustive and only serve as a guide to help an institution to identify potential money laundering and terrorist financing schemes. Management’s focus should be on reporting suspicious activities or transactions, rather than on determining whether the activities or transactions are actually linked to money laundering, terrorist financing or a specific crime.

1.2 Indicators must be assessed in the context in which the transaction occurs. An institution’s knowledge of industry and clients as well as overall judgment play a key role in determining whether an indicator is relevant in the context of a particular transaction or activity.

2. GENERAL

2.1 The following are examples of common indicators that may point to a suspicious transaction or activity for all entities included in these guidelines.

(a) Suspicious Customer Behaviour

(i) A customer uses unusual or suspicious identification documents that cannot be readily verified;

(ii) A customer uses different tax identification numbers with variations of his or her name;

(iii) A customer is unwilling to provide personal background information, opens an account without identification, references or a local address;

(iv) A customer’s permanent address is outside the bank’s service area or outside Botswana;

(v) An entity is reluctant when establishing a relationship to provide complete information about the nature and purpose of its business, anticipated account activity, prior banking relationships, the names of its officers and directors, or information on its business location;

(vi) A customer’s background differs from that which would be expected on the basis of his or her business activities;

¹ Source – Banking (Anti-Money Laundering) Regulations, 2003, which were repealed in 2018. 15

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(vii) A customer is a trust, shell company or private investment company that is reluctant to provide information on controlling parties and primary/ultimate beneficiaries. Beneficial owners may hire nominee shareholders to establish shell companies and open bank accounts for those shell companies while shielding the owner’s identity;

(viii) A customer or group tries to persuade a bank employee not to file required reports or maintain required records;

(ix) A customer is reluctant to furnish identification when purchasing negotiable instruments in recordable amounts;

(x) A customer is reluctant to proceed with the transaction after discussing record keeping or reporting duties with the institution;

(xi) A customer has an unusual or excessively nervous demeanour;

(xii) A customer appears to have a hidden agenda or behaves abnormally, such as bypassing the chance to obtain a higher interest rate on a large account balance;

(xiii) A customer opens an account in the name of a family member and makes large deposits not consistent with the known legitimate sources of income of a family member;

(xiv) A customer claims to be a law enforcement agent conducting an undercover/covert operation when there are no valid indications to support that;

(xv) A customer admits or makes statements about involvement in criminal activities;

(xvi) A customer offers you money, gratuities or unusual favours for the provision of services that may appear unusual or suspicious;

(xvii) A customer has vague knowledge of or presents confusing or inconsistent details about the transaction, including, for example, the amount of a deposit;

(xviii) A customer provides excessive or unusually detailed explanation to justify the transaction;

(xix) A customer is secretive and reluctant to meet in person;

(xx) A customer appears to have accounts with several financial institutions in one area for no apparent reason;

(xxi) A customer appears to have recently established a series of new relationships with different financial entities;

16

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(xxii) A customer wants to make settlements with cheques drawn by, or remittances from third parties, without reasonable justification;

(xxiii) A customer is accompanied and watched in a manner that is inconsistent with local practices and norms;

(xxiv) Transactions carried out on behalf of minors, incapacitated persons or other persons who, although not included in these categories, appear to lack the economic capacity to make such purchases;

(xxv) Transactions involving persons who are on trial or have been sentenced for crimes or who are publicly known to be linked to criminal activities involving illegal enrichment, or there are suspicions of the person’s involvement in such activities and that these activities may be considered to underlie money laundering;

(xxvi) Transactions involving an individual whose address is unknown or is merely a correspondence address (for example, a post-office box, shared office or shared business address, etc.), or where the details are believed or are likely to be false;

(xxviii) Several transactions involving the same party or those undertaken by groups of persons who may have links to one another (for example, family ties, business ties, persons of the same nationality, persons sharing an address or having the same representatives or attorneys, etc.); and

(xxix) Transactions taking place through intermediaries who are foreign nationals or individuals who are non-resident for tax purposes.

(b) Suspicious Cash Transactions

(i) A customer comes into the banking hall/branch with another customer and they go to different tellers to conduct currency transactions of less than the reportable threshold (P10 000);

(ii) A customer makes several cash deposits that are less than P10 000 at different branches of a bank or orchestrates persons to do so on his behalf;

(iii) A customer makes unusual cash deposits through night deposit boxes and/or automatic deposit-taking machines (ADTMs), especially large sums that are not consistent with the customer’s business;

(iv) A customer conducts several cash deposits below P10 000 at an automated teller machine;

(v) A customer conducts frequent deposits of large amounts of currency for a business that generally does not generate large amounts of cash;

17

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(vi) A customer attempts to take back a portion of a cash deposit that exceeds P10 000 after learning that a currency transaction report will be filed on the transaction;

(vii) A corporate account has deposits or withdrawals primarily in cash rather than cheques;

(viii) A customer’s cash deposits often contain counterfeit, musty or, extremely dirty, notes;

(ix) A customer frequently deposits large sums of cash wrapped in currency straps stamped by other banks;

(x) A customer makes frequent purchases of monetary instruments for cash in amounts less than P10 000;

(vi) A customer makes frequent or large transactions and has no record of past or present employment experience;

(xii) A customer starts conducting cash transactions more frequently or in amounts larger than the previous normal transaction amounts for the client;

(xiii) A customer conducts a cash transaction for an amount that is unusual compared to amounts of past transactions;

(xiv) A customer’s account has a large number of small cash deposits and a small number of large cash withdrawals;

(xv) A customer frequently purchases traveller’s cheques, foreign currency drafts or other negotiable instruments with cash when this appears to be outside of normal activity for the client;

(xvii) A customer uses notes in denominations that are unusual for the client or industry, when the norm in that business is either much smaller or much larger denominations.

(xviii) A customer makes cash transactions of consistently rounded-off large amounts;

(xx) A customer presents notes that are packed or wrapped in a way that is uncommon for the client or the industry.

(xxi) Individuals involved in cash transactions share the same address, particularly when the address is also for a business location or does not seem to correspond to the stated occupation (for example, student, unemployed, self-employed, etc.)

18

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(c) Suspicious Employee Activity

(i) An employee exaggerates the credentials, background or financial ability and resources of a customer in written reports required by the bank;

(ii) An employee is frequently involved in unresolved exceptions or recurring exceptions on exception reports;

(iii) An employee lives a lavish lifestyle that cannot be supported by his or her source of income;

(iv) An employee frequently overrides internal controls or established approval authority or circumvents policy;

(v) An employee uses company resources to further private interests;

(vi) An employee assists transactions where the identity of the ultimate beneficiary or counter party is undisclosed; or

(vii) An employee avoids taking a leave.

(d) Suspicious Commercial Account Activity

2.2 Some businesses may be susceptible to the mixing of illicit funds with legitimate income. This is a very common method of money laundering. These businesses include those that conduct most of their business in cash, such as retail shops, restaurants, bars and vending-machine companies. Unusual or unexplained increase in cash deposits made by those entities may be indicative of suspicious activity.

(i) A business customer presents financial statements noticeably different from those of similar businesses;

(ii) A large business presents financial statements that are not prepared by an accountant;

(iii) A retail business that provides cheque cashing service does not make large withdrawals of cash against cheque deposits, possibly indicating that it has another source of cash;

(iv) A customer maintains an inordinately large number of accounts for the type of business purportedly being conducted;

(v) A corporate account shows little or no regular, periodic activity;

(vi) An account has a large volume of deposits in bank drafts, cashier’s cheques, money orders or wire transfers/electronic funds transfers, which are inconsistent with the client’s business;

19

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(vii) An account has deposits in combinations of cash and monetary instruments not normally associated with business activity;

(viii) A business does not want to provide complete customer due diligence information regarding its activities;

(ix) Representatives of a business avoid contact with the branch as much as possible, even when it would be more convenient for them;

(x) Deposits to or withdrawals from a corporate account are primarily in cash rather than in the form of debit and credit normally associated with commercial operations;

(xi) A customer maintains a number of trustee or client accounts that are not consistent with that type of business or not in keeping with normal industry practices;

(xii) A customer makes large-volume cash deposits from a business that is not normally cash-intensive;

(xiii) Small-one-location business makes deposits on the same day at different branches across a broad geographic area that does not appear practical for the business;

(xiv) There is a substantial increase in deposits of cash or negotiable instruments by a company offering professional advisory services, especially if the deposits are promptly transferred;

(xv) Asset acquisition is accompanied by security arrangements that are not consistent with normal practice;

(xvi) Unexplained transactions are repeated between personal and commercial accounts;

(xii) Account has close connections with other business accounts without any apparent reason for the connection.

(e) Means of Payment

(i) Transactions involving payments in cash or in negotiable instruments which do not state the true payer (for example, bank drafts), where the accumulated amount is considered to be significant in relation to the total amount of the transaction;

(ii) Transactions in which the party asks for the payment to be divided into smaller parts with a short interval between them;

(iii) Transactions where there are doubts as to the validity of the documents submitted with loan applications;

20

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(iv) Transactions in which a loan granted, or an attempt was made to obtain a loan, using cash collateral or where this collateral is deposited abroad;

(v) Transactions in which payment is made in cash, bank notes, bearer cheques or other anonymous instruments, or where payment is made by endorsing a third-party’s cheque; or

(vi) Transactions with funds from countries considered to be tax havens or considered to have weak AML/CFT control measures regardless of whether the customer is resident in the country or territory concerned or not.

3. EXAMPLES OF INDUSTRY-SPECIFIC INDICATORS

(a) Suspicious Wire Transfer Transactions

3.1 For entities that are involved in the business of wire transfers/electronic funds transfers (EFTs), (banks and MVTSs/EPS) consider the following indicators:

(i) Non-account holder sends wire transfer with funds that include numerous monetary instruments of less than P10 000 each;

(ii) An incoming wire transfer has instructions to convert the funds to cashier’s cheques and mail them to a non-account holder;

(iii) A wire transfer that moves large sums to secrecy havens;

(iv) An incoming wire transfer followed by an immediate purchase by the beneficiary of monetary instruments for payment to another party which is inconsistent with or outside the normal course of business for the customer;

(v) An increase in international wire transfer activity in an account with no history of such activity or where the stated business of the customer does not warrant it;

(vi) A customer frequently shifts purported international profits by wire transfer out of Botswana;

(vii) A customer receives many small incoming wire transfers and then orders a large outgoing wire transfer to another country;

(ix) A customer deposits funds into several accounts, usually in amounts of less-than P10 000.00 threshold, which are subsequently consolidated into a master account and transferred outside the country, particularly to or through a location of specific concern (e.g., countries designated by national authorities and FATF as non-cooperative countries);

(x) Wire transfers/EFTs are received from entities having no apparent business connection with the client;

21

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(xi) Size of wire transfers/EFTs is out of keeping with normal business transactions for that client;

(xii) Stated occupation of the client is not in keeping with the level or type of activity (for example a student or an unemployed individual who receives or sends large numbers of wire transfers/EFTs);

(xiii) A customer sends frequent wire transfers/EFTs to foreign countries, but business does not seem to have connection to destination country;

(xiii) A customer orders wire transfers/EFTs in small amounts in an apparent effort to avoid triggering identification or reporting requirements;

(xv) Wire transfers/EFTs do not have information about the beneficial owner or originator when the inclusion of this information is expected;

(xvi) A customer transfers or receives large sums of money via wire transfers/EFT to/from overseas locations with instructions to the foreign entity for payment in cash;

(xvii) A customer requests payment in cash immediately upon receipt of a large wire transfer/EFT;

(xviii) Large incoming wire transfers/EFTs from foreign jurisdictions are withdrawn immediately by company principals;

(xix) Beneficiaries of wire transfers/EFTs involve a large group of nationals of countries associated with terrorist activity;

(xx) A customer conducts transactions involving countries known as narcotic source countries or as trans-shipment points for narcotics, or that are known for highly secretive banking and corporate law practices; or

(xxi) A customer makes wire transfers/EFTs to free trade zones that are not in line with the customer’s business.

(b) Suspicious Safe Deposit Box Activity

(i) Customer’s activity increases in the safe deposit box area, possibly indicating the safekeeping of larger amounts of cash;

(ii) A customer accesses a safe deposit box after completing a transaction involving a large withdrawal of cash, or accesses a safe-deposit box before making cash deposits structured at or just under the P10 000.00 threshold to evade large-cash transaction requirements;

22

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(iii) A client’s access to the safety-deposit facilities increases substantially or is unusual considering their past usage or profile

(iv) The customer carries bags or other containers that could conceal large amounts of cash when visiting the safety deposit box; or

(v) A customer rents multiple safe-deposit boxes to store large amounts monetary instruments or high-value assets awaiting conversion to currency, for placement into the banking system. Similarly, a customer establishes multiple safe custody accounts to park large amounts of securities awaiting sale and conversion into currency, monetary instruments, outgoing funds transfers, or a combination thereof, for placement into the banking system.

(c) Other Suspicious Activity for Deposit-taking Institutions

3.2 Possible indicators of suspicious activities:

(i) A customer makes one or more cash deposits to general account of foreign correspondent bank (i.e., pay-through account);

(ii) A customer wishes to have credit and debit cards sent to international or domestic destinations other than his or her address;

(iii) A customer conducts an unusual number of foreign-currency conversion transactions;

(iv) A customer has no income stream but makes frequent large transactions or maintains a large account balance;

(v) A customer has numerous accounts and deposits cash into each of them, with the total credits being a large amount;

(vi) A client deposits large endorsed cheques in the name of a third party;

(vii) A client frequently makes deposits to the account of another person who is not an employer, employee, associate or family member;

(viii) A client frequently exchanges currencies without a reasonable business need;

(ix) Many unrelated individuals make payments to one account without reasonable explanation;

(x) Third parties make cash payments or deposit cheques to a client’s credit card;

(xi) A client frequently identifies deposits as proceeds of asset sales, but assets cannot be substantiated;

23

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(xii) A client acquires significant assets and liquidates them quickly with no explanation;

(xiii) A client pays in cash or deposits cash to cover bank drafts, money transfers or other negotiable and marketable money instruments; or

(xiv) A client purchases cashier’s cheques and money orders with large amounts of cash.

(d) Suspicious Activity in Credit Transactions

(i) Loans secured by pledged assets held by third parties unrelated to the borrower;

(ii) A borrower defaults on a cash-secured loan or any loan that is secured by assets that are readily convertible into cash;

(iii) To secure a loan, the customer purchases a certificate of deposit using an unknown source of funds, particularly when funds are provided via currency or multiple monetary instruments;

(iv) A customer requests loans to offshore companies or loans secured by obligations of offshore banks;

(v) Loans that lack a legitimate business purpose, provide the bank with significant fees for assuming little or no risk, or tend to obscure the movement of funds (e.g., loans made to a borrower and immediately sold to an entity related to the borrower);

(vi) Loans are made for, or are paid on behalf of, a third party with no reasonable explanation;

(vii) Individuals who unexpectedly repay problematic loans or who repeatedly pay off large loans early, particularly if they do so in cash with no plausible explanation for the source of funds;

(viii) A customer collateralises a loan with cash deposits and pays off the loan before maturity;

(ix) A customer’s loan proceeds are unexpectedly transferred offshore;

(x) A customer’s employment documentation lacks important details that would make it difficult for a financial institution to contact or locate the employer;

(xi) A customer has loans to or from offshore companies that are outside the ordinary course of its business;

(xii) A customer requests for a loan against assets held by another financial institution or a third party, when the origin of the assets is not known;

24

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(xiii) Loan transactions are entered into in situations where the customer has significant assets and the loan transaction does not make economic sense;

(xiv) A customer seems unconcerned with terms of credit or costs associated with completion of a loan transaction; or

(xv) A customer applies for loans on the strength of a financial statement reflecting major investments in or income from businesses incorporated in countries known for highly secretive banking and corporate law and the application is outside the ordinary course of business for the customer.

(e) Suspicious Trade Financing Transactions

(i) A customer seeks trade financing on the export or import of commodities whose stated prices are substantially more or less than those in a similar market situation;

(ii) A customer makes changes to a letter of credit beneficiary just before payment is to be made;

(iii) A customer changes the place of payment in a letter of credit to an accountant in a country other than the beneficiary’s stated location; or

(iv) A customer’s standby letter of credit is used as a bid or performance bond without the normal reference to an underlying project or contract, or in favour of unusual beneficiaries.

(f) Suspicious Investment Activity

(i) A customer uses an investment account as a pass-through vehicle to wire funds particularly to offshore locations;

(ii) An investor seems unconcerned about the usual decisions to be made about an investment account such as fees or suitable investment vehicles;

(iii) A customer wants to liquidate a large position through a series of small transactions; or

(iv) A customer deposits cash, money order, traveller’s cheques or counter cheques in amounts under P10 000 to fund an investment account.

(g) New Payment Methods (NPM): Mobile Payment Services, Internet Payment Services and Prepaid Cards

(i) Discrepancies between the information submitted by the customer and information detected by monitoring systems;

25

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(ii) individuals who hold an unusual volume of NPM accounts with the same provider;

(iii) A large and diverse source of funds (i.e., bank transfers, credit card and cash funding from different locations) used to fund the same NPM account(s);

(iv) Multiple reference bank accounts used to fund the same NPM account;

(v) Loading or funding of account always or frequently done by unrelated third parties, especially when followed by the immediate transfer of funds to unrelated bank account(s);

(vi) Numerous cash loading, just under a reporting threshold (i.e., structured loading of prepaid cards), of the same prepaid card(s), conducted by the same individual(s) on a number of occasions;

(vii) Multiple loading or funding of the same accounts, followed by ATM withdrawals shortly afterwards, over a short period of time;

(viii) Multiple withdrawals conducted at different ATMs (sometimes located in countries different from the jurisdiction where an NPM account was funded);

(ix) NPM account only used for withdrawals and not for point of sale or online purchases;

(x) A typical use of the payment product (including unexpected and frequent cross-border access or transactions);

(xi) Suspicious registrations on the subscriber network and MMT systems (terrorist suspects and prison sites/barred locations, irregular/fake IDs);

(xii) Frequent calls/texts/money transfers between known fraud/terrorist suspects and their associates;

(xiii) Agent commission fraud;

(xiv) Hoaxes and scams/schemes to defraud unsuspecting customers and agents e.g., from prison sites;

(xv) Facilitation of bribery and corruption payments;

(xvi) Facilitation of drug trafficking, terrorist financing and other illegal activities;

(xvii) Kidnapping - ransom payments demanded through MMT;

(xviii) Informal international agents - use of unregistered money transfer services to effect international transfers;

26

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(xix) Identity theft/impersonation fraud/unauthorised access to mobile banking accounts leading to fraudulent transfer of funds; and

(xx) Cake currency deposits.

(h) Foreign Exchange Dealers and Money Services Businesses

3.3 The foreign exchange and money services business sectors are vulnerable to money laundering due to the range of services offered, the variety of distribution channels, the high transfer speed and the fact that they are often cash intensive businesses. Entities involved in the money-services business, including foreign exchange dealers, money remitters, issuers of traveller’s cheques and post offices, should consider the following indicators:

(i) A customer requests a transaction at a foreign exchange rate that exceeds the posted rate;

(ii) A customer wants to pay transaction fees that exceed the posted fees;

(iii) A customer exchanges currency and requests the largest possible denomination bills in a foreign currency;

(iv) A customer knows little about address and contact details for payee or is reluctant to disclose this information;

(v) A customer wants a cheque issued in the same currency to replace the one being cashed;

(vi) A customer wants to exchange cash for numerous postal money orders in small amounts for numerous other parties;

(vii) A customer enters into transactions with counter parties in locations that are unusual for the customer;

(viii) A customer instructs that funds are to be picked up by a third party on behalf of the payee;

(ix) A customer makes large purchases of traveller’s cheques not consistent with known travel plans;

(x) A customer requests numerous cheques in small amounts and various names, which total the amount of the exchange; and

(xi) A customer requests that a large amount of foreign currency be exchanged to another foreign currency.

27

---

Guidelines on Identification, Monitoring and Reporting of Suspicious Transactions

(i) Miscellaneous Suspicious Customer Activity

(i) A customer who is a student uncharacteristically transfers or exchanges large sums of money;

(ii) An account shows high velocity in the movement of funds but maintains low beginning and ending daily balances;

(iv) A transaction involves offshore institutions whose names resemble those of well-known legitimate banks;

(v) A transaction involves unfamiliar countries or islands that cannot be found on a world atlas or map; and

(vi) An agent, attorney or financial advisor acts for another person without proper documentation such as a power of attorney.

28