Money laundering and terrorism financing (ML/FT) continues to be a plague to the global financial system and has been recognised as a crime worldwide. Through laundering illicit proceeds, ML/FT corrodes the financial market and ultimately affect the political, economic and social stability of a country. Therefore, combating ML/FT has, in recent year, become a global effort for most countries where effective measures and approaches are adopted to mitigate the ML/FT risks.
In Malaysia, the primary law governing ML/FT is the Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA). Pursuant to the AMLA, the financial services authorities in Malaysia such as Bank Negara Malaysia (BNM) and Labuan Financial Services Authority (LFSA) have issued various AML/CFT regulations and guidelines which encompass measures and approaches in combating ML/FT to regulate the financial services industry.
Any financial institution regulated by the financial services authority which is operating in Malaysia is bound to comply with all AML/CFT regulations and guidelines to prevent themselves from being used as a vehicle by the criminals to launder illegal proceeds. This is pertinent to promote and uphold the integrity and transparency of the financial market.
This Anti-Money Laundering and Counter Financing Terrorism Manual (“AML Manual”) is drafted in accordance to the AMLA and the AML/CFT guidelines issued by the BNM and LFSA with an objective to ensure all members of Unicoin Digital Capital Exchange (UDCX) understands and complies with the requirements and obligations imposed on them under the law.
(a) This manual aims at assisting all members of UDCX to:-
(i)Understand the legal requirements of AML/CFT laws and regulations and the consequences of non-compliance;
(ii)Understand and comply with their obligations under the AML/CFT laws and regulations;
(iii)Understand and able to apply “Know your Client” (KYC), Customer Due Diligence (CDD) and Risk-based Approach (RBA) knowledge in the client identification and verification process; and
(iv)Create an effective compliance culture and high ethic within the organisation
(b) It is expressly stated that this manual provides the general and minimum criteria to be adhered by its members under normal circumstances. It is the responsibility of the management to establish additional AML/CFT control as well as upgrading this manual where necessary depending on the circumstances.
(a) Unicoin Digital Capital Exchange (UDCX) is an exchange for Digital Assets jointly promoted by Pride Holding and Partners. UDCX, that will be based in Labuan, Malaysia, is an Exchange (Digital Assets) that brings buyers and sellers together to buy, sell and trade various Digital Assets. This is a fully electronic exchange with an automated trading system developed by our software partner, AX1 system. The system which is based upon the blockchain technology allows the buyers and sellers to send, receive and trade in our state-of-an-art platform and associated digital wallet.
(b) Pride Holding is a non-banking, private network of multi-national companies headquartered in Dubai, United Arab Emirates. Pride Group began its journey as a small financial-intermediary investment firm in the UAE in 1987 and has grown to a thriving conglomerate of over 10,000 employees in over 43 countries and across five continents. Currently, the group has over 3,000 independent representatives, affiliates and brokers under its vast umbrella who benefit from its brand identity as well as burgeoning network.
(c) We are well-positioned to continue with our growth story and make a difference in the ever-shifting business landscape. Our strategic advantages include:
(i) Our proud heritage which consists of 25 years of commitment to financial market.
(ii) Broad global footprint with presence in over 43 countries and across 5 continents.
(iii) Diversifying the economy into multiple industries ranging from finance to healthcare.
(iv) Constant innovation to gain a competitive edge and remain as market leaders.
(v) Our corporate philosophy that aims to strike a healthy balance between our business success as well as an impact on society.
(d) Pride Group is also actively involved in promotion and expansion of exchange operation globally and holds considerable experience and expertise regarding the same. We have our presence in various countries in different parts of the world and are continuously promoting the exchange operation expertise in various region and areas all over the world.
(a) UDCX recognizes its AML/CFT roles and is committed to comply and implement the AML/CFT laws and regulations in its business dealings.
(b) In this regard, UDCX has developed its AML manual based on the requirements set by the BNM and LFSA as well as some international agencies such as the FATF. This is pertinent in deterring criminals from abusing its services to launder illicit proceeds. In addition, UDCX recognizes the importance of continuous vigilance in developing a robust AML/CFT framework and full cooperation with the authorities in the implementation of AML/CFT laws and regulations to achieve its purposes.
(c) UDCX and its subsidiaries and branches shall make all endeavours to understand their responsibilities under this AML Manual and comply with the same in order to build an excellent compliance culture within the organisation.
With these basic tenets in place, Unicorn may conduct its business with high compliance ethics and integrity which are essential to prevent from it from being abused by criminals as an ML/FT vehicle.
Money Laundering is the process of converting illegal proceeds derived from criminal activities into legal proceeds by disguising its origin. Criminal activities, i.e., smuggling, trafficking, prostitution, robbery, corruption and others can generate significant amount of illegal proceeds. Therefore, criminals have to launder money in order to defeat audit trail by financial institution in order to legitimise the ill-gotten funds.
Terrorism financing is the process of providing financial support to terrorists or terrorist organisation to carry out terrorism in order to propagate an ideology. Besides than illegal proceeds, the source of fund for terrorism financing can be derived from legal proceeds such as salary, business revenues, donation and others.
Money laundering involves three stages, namely, placement, layering and integration. Placement is the first stage which involves the act of placing the illegal proceeds into the financial system. After successfully placing the illegal proceeds into the financial system, criminals will proceed to the second stage, layering. This is the time where the illegal proceeds will be restructured and layered into smaller portion through multiple transactions across different jurisdictions to disguise the origin and to defeat the detection by financial institution. The last stage is integration where the illegal proceeds are successful laundered and returned to the financial system with a legitimate nature.
9. UDCX adopts risk-based approach (RBA) in its client on-boarding, which is a measure to identify, understand and assess the risk profile of the client and mitigate the risk identified with appropriate risk mitigation methods.
10. The key features of RBA involve the following:
(a) Risk Profiling
(i) UDCX shall collect the client’s profile and consider the risks by taking into account the following:
(1) Customer risk
(2) occupation of the client
(3) nationality of the client
(4) PEP identity
(ii) Geographical risk:
(1) origin of the client
(2) place of business
(iii) Product and services risk
(iv) type of products and services acquired by the client
(v) Delivery channels
(1) Face-to-face relationship
(2) Non face-to-face relationship
(vi) Geographical risk:
(b) Risk Assessment
(i) UDCX shall assess the client’s risk by doing the following:
(1) refer to the client’s profile earlier collected and consider all the risks identified;
(2) assess and determine the level of overall risk (low, medium or high) according to its risk appetite;
(3) determine the appropriate risk mitigation method against the risk identified; and
(4) document the risk assessment and findings for on-going monitoring purpose.
(c) Risk Mitigation
Where a higher risk client is identified, UDCX shall take appropriate mitigating method to mitigate and manage the risk by conducting enhanced due diligence (EDD) on the client.
It is important for UDCX to apply the principle of “Know Your Client” (KYC) in its business dealings. In order to know each of the client, UDCX shall conduct Customer Due Diligence (CDD) on its client.
UDCX is required to conduct identification and verification on its client before, during and after the establishment of the business relationship.
(a) UDCX shall take steps to understand their client on the below circumstances:
(i) during the establishment of a business relationship;
(ii) any changes of the client’s profile or CDD;
(iii) there is suspicion or doubt in the transaction; and
(iv) on a case by case basis as the Compliance Officer thinks fit.
which include the background of the client, full structure of the organisation, the ultimate beneficial owner, nature and purpose of the business, source of fund and source of wealth.
(b) This can be done by conducting customer due diligence (CDD) on each client through established identification and verification process and procedure by UDCX.
(i) Identification and verification of client includes the below:
(ii) identify and verify the identity of the client using reliable and independent source of documents, data or information;
(iii) identify and verify the identity of a nominee or representative purporting to act on behalf of the client and further verify its authority;
(iv) identify and verify the beneficial owner and if the client is a legal entity, the ownership and control structure of the organization;
(v) understand the nature and purpose of the business; and
(vi) conduct on-going monitoring on the client throughout the business relationship to ensure the transaction is consistent with UDCX’s knowledge on the client, its business and risk profile as well as the source of fund
(a) Natural Person
When conducting CDD on a natural person, UDCX shall obtain the below:
(i) Full name;
(ii) Passport or Identification document bearing a photograph of the client;
(iii) Residential or mailing address;
(iv) Date of birth;
(v) Nationality; and
(vi) Purpose of transaction.
(b) Legal Entity
(i) Where the client is a legal entity, UDCX shall obtain the below:
(ii) Name, legal form and proof of existence such as the Certificate of Incorporation or Establishment, Constitutions or other documentary proof;
(iii) Registered office address, if different, the principle place of business;
(iv) Powers that regulate and bind the client such directors’ resolution; and
(v) Name of the senior management.
15. UDCX shall take steps to ensure that it is fully satisfied with the ownership and control structure of the legal entity as well as the identity of its beneficial owner(s) by obtaining the below:
(a) Confirmation of the ultimate beneficial owner or effective controller;
(b) Identity of the directors;
(c) Identity of the shareholders or partners with equity interest of more than twenty-five percent (25%);
(d) Proof of authority of a nominee or representative such as a letter of authorisation or directors’ resolution;
(e) Such other information or documents as may be required by the Compliance Officer from time to time.
16. Where there is an absence or there is impractical to identify any beneficial owner in a legal entity, UDCX may obtain the identity of the senior management.
17. Where there is suspicion or doubt in the process of identification and verification of a legal entity, UDCX shall take the below steps:
(a) conduct a basic search or enquiry on the background of the legal entity to ensure it is not in the process of dissolution or liquidation or bankruptcy; and
(b) verify the authenticity of the information provided by the legal entity with relevant authorities.
18. Please refer to the FIRST SCHEDULE of this AML Manual for the detailed provisions pertaining to this part which shall be subjected to any amendment from time to time by the Compliance Officer as the Compliance Officer deems fit and proper.
19. UDCX is allowed to exercise simplified due diligence (SDD) towards a lower risk client, provided such low risk classification is pursuant to the standards and guidelines issued by relevant authorities.
20. SDD may be applied to the following entities:
(a) public listed companies or corporations listed in Bursa Malaysia;
(b) foreign public listed companies which are listed on recognised exchanges and not from a high-risk jurisdiction;
(c) foreign financial institutions that are not from a high-risk jurisdiction;
(d) government-linked companies in Malaysia;
(e) stated-owned enterprises in Malaysia;
(f) an authorised person, an operator of designated payment system, a registered person under the Financial Services Act 2013 and the Islamic Financial Services Act 2013;
(g) Persons licensed or registered under the Capital Markets and Services Act 2007;
(h) Licensed entities under the Labuan Financial Services and Securities Act 2010 and Labuan Islamic Financial Services and Securities Act 2010;
(i) Prescribed institutions under the Development Financial Institutions Act 2002.
21. It is expressly stated that SDD shall not apply in circumstances where higher risk is identified or the existence of suspicion or doubt. UDCX shall document the assessment and rationale behind such SDD decision and make available all relevant information if so requested by the authorities.
22. Where a client is identified with a higher risk, UDCX shall conduct enhanced due diligence (EDD) on the client by applying a higher degree of CDD to commensurate with the risk identified. EDD may include the below:
(a) Obtaining additional information on the client (i.e., source of fund and source of wealth of the client, intended volume and nature of the business, etc.);
(b) More regular update on the CDD of the client;
(c) Inquiring on the reason for certain transactions;
(d) Obtaining approval from the senior management for continuation of business relationship; and
(e) Conducting more frequent on-going monitoring on the business relationship by increasing the degree and frequency of controls and selecting transactions that require further analysis.
23. Extra vigilance shall be exercised during the establishment of a non-face-to-face business relationship through electronic devices due to the exposure of higher risk. The CDD conducted shall be as effective as a face-to-face business relationship. It is pertinent to ensure adequate monitoring and reporting measures to identify and mitigate any potential ML/FT risks.
24. For existing client, UDCX is required to conduct the usual CDD on the premise of materiality and risk to ensure that the CDD is always relevant and up-to-date. In assessing the materiality and risk of an existing client, UDCX may take into account the following:
(a) The nature, significance and circumstances of the transaction;
(b) Any material change in the transaction or the business relationship; and
(c) Inadequate or change of the client’s CDD.
25. UDCX may rely on a third party to conduct CDD or to introduce business, provided that such third party is not from a high-risk jurisdiction or identified by the Government of Malaysia as having strategic AML/CFT deficiencies. However, UDCX is aware that the ultimate responsibility and accountability of CDD shall remain with UDCX.
26. It is important for UDCX to establish sound policies and procedures to govern the reliance on third parties particularly those from a foreign jurisdiction having strategic AML/CFT deficiencies and will expose UDCX to higher ML/FT risk.
27. A relationship with any third party shall also be governed by a proper instrument which specifies the rights, obligations, liabilities and expectations between each other. It is crucial to ensure that the below criteria are duly considered:
(a) Integrity and reputation of the third party;
(b) Adequacy of the AML/CFT framework;
(c) Establishment of CDD process and procedure;
(d) Record keeping undertaking;
(e) Undertaking to furnish relevant information and document upon request;
(f) Regulated and supervised by relevant authorities.
28. A business relationship with a politically exposed person (PEP) tends to expose UDCX to a higher risk. This is because a PEP who holds a prominent public position may be influential and dominant enough to attract bribes and corruption by using their special position.
29. PEPs include the family members, i.e., parents, spouse, parents-in-law, siblings, children and relatives as well as close associates, i.e., business partners, representatives, close friends and financially independent individuals.
30. PEPs can be classified into domestic PEPs and foreign PEPs.
Individuals who have been entrusted with a prominent public position domestically.
Individuals who have been entrusted with a prominent public position in a foreign country.
33. When a PEP is identified in the establishment of a business relationship, UDCX shall exercise EDD and document the assessment and findings.
34. Where a client is identified to be connected with a jurisdiction identified by the FATF, other international AML bodies or the Government of Malaysia as having substantial AML/FCT deficiencies, UDCX are required to exercise EDD on such client.
35. Establishing a business relationship with a client connected with high risk jurisdiction will expose UDCX to further reputational and regulatory risk, therefore appropriate measures must be taken to mitigate the risk.
36. In addition to the EDD, UDCX may take the below measures:
(a) Limiting the business relationship or financial transaction with the client connected with a high-risk jurisdiction;
(b) Conducting enhanced external audit by increasing the intensity and frequency for branches and subsidiaries of UDCX located in a high-risk jurisdiction; and
(c) Conducting such other measures as may be specified by the authorities from time to time.
37. Upon the completion of identification and verification of client and the establishment of business relationship, UDCX shall conduct on-going monitoring on its client in accordance to the risk level. This shall include the below:
(a) Scrutinising transactions throughout the business relationship to ensure its consistency with Uncoin’s knowledge on the client and the client’s business and risk profile and if necessary, the source of fund;
(b) Screening transactions undertaken by the client to ensure all transactions with compromised digital assets addresses or its equivalent are identified and prohibited. A digital assets address is considered compromised if there is suspicion that it is being used for the purpose of fraud, identity theft, extorting ransom or any other crimes; and
(c) Ensuring the client’s CDD is relevant and up-to-date, inter alia, the high risk client.
38. In conducting on-going monitoring, UDCX shall consider the economic circumstances and the purpose of a transaction or business relationship which:
(a) Appears unusual; and
(b) Casts doubt on the legality of the transaction, especially with regard to complex and large transaction or when high risk client is involved.
39. The degree and frequency of on-going monitoring shall commensurate with the risk level of each client based on the RBA. Higher degree and frequency of on-going monitoring shall apply on high risk client while for lower risk client, a lower degree and frequency.
40. When there is any new products, services or practices in the market such as new digital assets, electronic platforms, devices, systems, information technologies or delivery channels, Unicoin shall assess and identify its potential ML/FT risks by taking the below steps:
(a) Conduct risk assessment before the adoption of such new products, services and practices;
(b) Adopt appropriate measures to mitigate the potential ML/FT risks; and
(c) Document the assessment and findings.
41. UDCX shall establish sound management information system (MIS) in conducting the CDD. A sound MIS is crucial in providing support to an organisation with accurate and timely information in the detection of potential ML/FT risks.
42. It is important to ensure that the MIS commensurate with the size, nature, scale and complexity of an organisation and its ML/FT risk profile and appetite. The MIS shall be, at the minimum, able to capture information of multiple transactions over a certain period, large transactions, unusual or dubious transaction patterns, client’s risk profiles, transactions exceeding a particular threshold, etc. The MIS shall also be able to aggregate the client’s transactions from multiple accounts and/or different systems.
43. Please refer to the SECOND SCHEDULE of this AML Manual for the detailed provisions pertaining to this part which shall be subjected to any amendment from time to time by the Compliance Officer as the Compliance Officer deems fit and proper.
44. Suspicious transaction means a transaction which appears to be:
(c) Not having a clear economic purpose;
(d) Involving proceeds from unlawful activities; and
(e) Indicating the client might involve in ML/FT.
45. UDCX may establish an internal red flag list to detect suspicious transaction or alternatively refer to the sample of red flags established by the authorities such as BNM and LFSA.
46. Where a suspicious transaction is detected, UDCX shall promptly submit a suspicious transaction report (STR) to the BNM with all relevant information which gives rise to the doubt in the filing of STR, including but not limited to:
(a) Nature and circumstances surrounding the transaction;
(b) Business background of the person conducting the transaction which appears to be connected to ML/FT;
(c) All CDD information and document of the client;
(d) Such other information as may be required by the authorities.
47. UDCX shall establish a sound reporting system for the submission of STR to the BNM.
Where a suspicious transaction is detected, an internal suspicious transaction report (ISTR) shall first be submitted by the staff who discovers the suspicious transaction to the Compliance Officer at the head office within a reasonable time upon which the Compliance Officer shall carefully evaluate the ISTR with all relevant information and document available. This evaluation process shall take place within a reasonable time and shall be documented. Full cooperation shall be rendered by all members of UDCX to the Compliance Officer during the evaluation stage.
Upon the receipt of an ISTR, if the Compliance Officer is satisfied that there is sufficient ground for the suspicion, the Compliance Officer shall have absolute discretion to determine an external reporting, which is the suspicious transaction report (STR) to the authorities. An STR shall be submitted within the next working day, from the date the Compliance Officer establishes the suspicion, to the BNM. Conversely, if the Compliance Officer thinks that the suspicion is vague or unsustainable and no STR is required, the assessment and findings shall be documented.
50. An STR shall be submitted to the below parties:
Financial Intelligence and Enforcement Department
Bank Negara Malaysia
Jalan Dato’ Onn
50480 Kuala Lumpur
Fax: +603-2693 3625
Email: [email protected]
Supervision and Enforcement Department
Labuan Financial Services Authority
Level 17, Main Office Tower
Financial Park Complex
87000 Labuan F.T.
Attention to: Anti-Money Laundering Compliance Unit
Email: [email protected]
51. Utmost care must be exercised in handling and filing STR to safeguard its privacy and confidentiality.
52. Where there is an inquiry from the authorities as such the BNM or LFSA against an STR, UDCX shall fully cooperate and make full and frank disclosure of all additional information and document requested promptly without delay.
53. Where a suspicion is detected, UDCX shall take appropriate measures to avoid tipping off. Tipping off is any action which has the effect of prejudicing investigation by the authorities and tantamount to an offence under the law. In such circumstances, UDCX is required not to:
(a) Disclose to any party that a suspicion has been detected;
(b) Disclose to any party that STR will or has been filed; and
(c) Conduct CDD on the client which might raise suspicion on the client;
where UDCX may proceed with any on-going transaction and the business relationship to avoid tipping off.
54. Under AMLA, UDCX is required to keep relevant records which include documents, accounts, files, business correspondence and information of the business relationship with its client for a period of not less than six (6) years following the date of completion of the transaction or the date of termination of the business relationship. In addition to that, all such records must be up-to-date.
55. Please refer to the THIRD SCHEDULE of this AML Manual for the detailed provisions pertaining to this part which shall be subjected to any amendment from time to time by the Compliance Officer as the Compliance Officer deems fit and proper.
Each member in the Board of Directors shall:
(a) Understand their roles and responsibilities in managing the ML/FT risks in the organisation;
(b) Aware of the ML/FT risks associated with the business strategies, delivery channels and geographical coverage of its products and services;
(c) Understand the AML/CFT legal framework as well as the industry’s standard practices; and
(d) Recognise the importance of a robust AML/CFT framework and its effective implementation to safeguard the organisation from ML/FT risks.
57. The members of the Board of Directors have the below roles and responsibilities:
(a) ensure accountability and oversight for establishing AML/CFT policies and minimum standards;
(b) approve AML/CFT policies and procedures within the organisation such as RBA, CDD, record keeping, on-going due diligence, reporting of suspicious transactions and combating the financing of terrorism;
(c) establish appropriate mechanisms to ensure the AML/CFT policies and procedures are regularly reviewed and assessed in line with organisation’s changes and developments in the products and services, technologies and ML/FT trends;
(d) establish an effective AML/CFT internal control system and maintain adequate oversight of the overall AML/CFT regime;
(e) define the lines of authority and responsibility for implementing the AML/CFT measures and ensure that there is a separation of power and independency between those implementing the policies and procedures and those enforcing the controls;
(f) ensure effective internal audit function in assessing and evaluating the robustness and adequacy of AML/CFT internal controls;
(g) assess the implementation of AML/CFT policies and procedures through regular reporting and updates by the Senior Management and Audit Committee; and
(h) establish management information systems (MIS) that is reflective of the nature of the reporting institution’s operations, size of business, complexity of business operations and structure, risk profiles of products and services offered and geographical coverage.
The senior management is accountable for the implementation of AML/CFT framework established by the Board.
59. The roles and responsibilities of the senior management are as follows:
(a) aware and understand the ML/FT risks associated with business strategies, delivery channels and geographical coverage of its products and services in line with the organisation’s changes and developments in the products and services, technologies and ML/FT trends;
(b) formulate AML/CFT policies and procedures to ensure they are relevant with the risks profiles, nature of business, complexity, volume of the transactions undertaken by the reporting institution and its geographical coverage;
(c) establish robust AML/CFT framework and risk management and ensure its effective implementation;
(d) undertake review and propose to the Board the necessary enhancements to the AML/CFT framework to ensure its relevance with the organisation’s risk profiles, institutional and group business structure, delivery channels and geographical coverage;
(e) provide regular periodic reporting to the Board on the level of ML/TF risks exposed in the organisation, effectiveness and adequacy of the risk management and internal controls;
(f) allocate adequate resources to effectively implement and administer the AML/CFT framework in line with the size and complexity of the reporting institution’s operations and risk profiles;
(g) appoint compliance officer;
(h) provide AML/CFT awareness training for its employees at all level throughout the organisation;
(i) ensure proper channel of communication to effectively implement the AML/CFT policies and procedures to all levels of employees;
(j) ensure that AML/CFT issues raised are addressed in a timely manner; and
(k) ensure the integrity of its employees by establishing appropriate employee assessment system.
60. A Compliance Officer (CO) shall be appointed who acts as a referee for any AML/CFT matters within UDCX. The CO shall possess sufficient stature, authority and seniority within UDCX as well as sufficient knowledge and expertise to participate and is capable to make effective decisions relating to any AML/CFT issues arise.
61. The CO, being the AML/CFT primary and sole contact referee, is responsible to oversee and supervise all AML/CFT activities within UDCX and is vested with the authority to act without interference from the business operation line.
62. A CO shall be a “fit and proper” person in discharging its responsibilities effectively where the below criteria are considered:
(a) Probity, personal integrity and reputation;
(b) Competency and capability;
(c) Soundness of judgment; and
(d) Financial standing
63. A CO must be based in Malaysia.
64. A CO’s duties and responsibilities include the below:
(a) Ensure UDCX has in place adequate AML/CFT policies and procedures;
(b) UDCX’s compliance with the AML/CFT requirements to facilitate proper implementation of the AML/CFT policies and procedures;
(c) Ensure appropriate AML/CFT policies and procedures such as CDD, on-going monitoring, record keeping, filing of suspicious transaction report are implemented effectively;
(d) The AML/CFT regime is regularly assessed to ensure its relevancy and adequacy to align with the evolution of AML/CFT trends;
(e) The suspicious transaction reporting channel within UDCX is secured and confidential;
(f) All members of UDCX is well aware and understand their AML/CFT responsibilities under this AML Manual and is able to apply the knowledge in the daily operation;
(g) Proper evaluation of internal suspicious transaction report before submitting it to the BNM and LFSA;
(h) Identification of potential ML/FT risks associated with new products or services arising out of UDCX’s operational changes such as the emergence and adoption of new technologies or processes.
65. An appointment or change of CO shall be notified in writing within ten (10) working days to the BNM which includes the name, designation, office address, office telephone number, fax number, e-mail address and such other information as may be required by the authorities.
66. The Board shoulders the responsibility of ensuring regular audit of UDCX’s AML/CFT regime, its compliance, effectiveness, relevancy and discrepancies.
67. The scope of independent audit shall include, at the minimum:
(a) Compliance with the internal and external AML/CFT framework;
(b) Adequacy and relevancy of the AML/CFT regime within UDCX; and
(c) Reliability, integrity and timeliness of the internal and regulatory reporting management information systems.
68. Audit shall be conducted at least once a year and the auditor shall submit a written audit report to the Board to highlight the audit result with relevant recommendations and corrective measures undertaken. This audit report shall then be submitted to the Supervision and Enforcement Department of the LFSA within three (3) months upon the completion of the internal audit and within ten (10) days after the submission to the Board.
69. UDCX shall establish an employee screening procedure and system upon the hiring of an employee and throughout the course of employment which includes the employee’s personal information such as financial standing, past employment history, family background and criminal record.
70. This is to ensure and preserve the integrity and ethic of its employee in the organisation.
71. Compliance training and awareness programme are the key in ensuring compliance to the AML/CFT regime to avoid ML/FT threats. It serves as the foundation to build a healthy compliance culture within an organisation. Such compliance training such be conducted on a regular basis and supplemented with refresher courses to keep its members abreast to the latest development of AML/CFT framework. All members of UDCX shall be educated and implanted with sufficient knowledge and understanding of their AML/CFT responsibilities and liabilities under the laws and regulations.
72. UDCX shall ensure its AML/CFT policies and procedures are easily accessible to its members which shall contain, at the minimum:
(a) The AML/CFT policies and procedures issued by the BNM and LFSA as well as the relevant international bodies; and
(b) UDCX’s internal AML/CFT policies and procedures.
73. All training programme shall be documented.
74. UDCX is required to maintain sanctions list which contain individuals and entities sanctioned by the United Nations Security Council (UNSC). Besides than the UN Sanctions List, UDCX shall maintain such orders as may be issued under Section 66B and Section 66C of the AMLA by the Malaysian Minister of Home Affairs.
75. UDCX shall ensure the UN Sanctions List and orders under the AMLA are always relevant and updated and easily accessible by its members.
76. Screening shall be performed on all new and existing clients against the UN Sanctions List and order under the AMLA and where there is a match, UDCX shall take reasonable and appropriate steps to identify and verify the match. Upon confirmation that the match is genuine, UDCX shall promptly:
(a) Freeze the client’s funds or block the transaction, where necessary;
(b) Reject the business relationship;
(c) Terminate the business relationship; and
(d) File STR to the authorities.
77. Any instances of non-compliance may become an offence under the AMLA which leads to an enforcement action or prosecution such as penalties or criminal sanctions against UDCX’s members.
78. Please refer to the FORTH SCHEDULE of this AML Manual for the detailed provisions pertaining to this part (if any) which shall be subjected to any amendment from time to time by the Compliance Officers the Compliance Officer deems fit and proper.
(Shall be taken and construed as an integral part of the AML Manual)
When conducting CDD on a natural person, UDCX shall obtain the below:
In the process of identification and verification of client, UDCX’s members shall obtain the below:
a. At least one of the identification documentations provided must contain a clear photograph of the client;
b. Confirmation of the legal name and date of birth by referring to an original current valid official identification document
It is expressly stated that all identification documents shall be ORIGINAL and shall be dated, signed and marked as “original sighted” by UDCX’s staff. Photocopy of identification document is NOT acceptable.
Some examples of accepted identification documents are as follows:
a. Passport (with valid visa for expatriate);
b. Labour card;
c. Driving license;
d. ID issued by the government departments;
e. Marine landing permit issued by the Local Ministry of Interior Department of Naturalization & Residency.
With respect to legal entity, it is pertinent for UDCX to understand the ownership and the control structure of the organization which can be achieved by collecting the below:
a. Full name or other trading names used;
b. Registration number;
c. Date and jurisdiction of incorporation or establishment;
d. Legal form;
e. Registered address (and trading address where applicable);
f. Business activity;
g. Type of account with UDCX;
h. Nature and level of business relationship with UDCX;
i. Regulated or listing status (for regulated entity);
j. Name of external auditor (where applicable);
k. Source of fund.
Where the client is a private company or corporation, UDCX shall obtain the below:
a. Certificate of Incorporation and/or Certificate of Commercial Registration;
b. Memorandum and Articles of Association and any amendments;
c. Board resolution seeking firming services and appointing the authorized signatories to the account;
d. Copies of latest audited financial reports and accounts, where possible;
e. Names, nationality, country of residence and date of birth of the directors;
f. Identification documents of the directors
g. Identity of shareholders holding five percent (5%) or more of the issued capital;
h. List of authorized signatories and identity of the authorized signatories to the account (as per above); and
i. The ownership and control structure of the legal entity or trust to identity of its ultimate beneficial owner or effective controller (if different).
Where the client is a public or listed company, UDCX shall obtain the below:
a. Certificate of Incorporation and/or Certificate of Commercial Registration;
b. Memorandum and Articles of Association and any amendments;
c. Board resolution seeking firming services;
d. Copies of latest audited financial reports and accounts, where possible;
e. Names, nationality and date of birth of the directors and officers; and
f. List of authorized signatories and identification documents of the authorized signatories to the account (as per above).
Where the client is a partnership, UDCX shall obtain the below:
a. Partnership agreement;
b. Partnership registration documents;
c. Names, nationality, country of residence and date of birth of the partners;
d. Identification documents of the partners (as per above); and
e. List of authorized signatories and identification documents of the authorized signatories to operate the account (as per above.)
No business relationship can be established with any charity, society, club and trust.
No business relationship can be established with any shell bank.
Enhanced due diligence shall be conducted during the establishment of correspondent banking relationship. UDCX shall carefully analyse the correspondent bank’s reputation, business activity, AML/CFT framework and whether was or is a subject to ML/FT investigation or disciplinary action.
Extra care shall be exercised and the below shall be obtained:
a. Ownership and management structure;
b. Valid license;
c. Business activity and clientele;
d. Purpose of account;
e. Location of business;
f. Audited financial statement and report;
g. Regulatory approval.
A signed statement shall be obtained from all new clients:
1. Confirming that the client is acting for themselves and the ultimate beneficial owner of the capital or fund;
2. Source of fund, if the cash transaction exceeds the threshold of USD2K.
It is important for UDCX’s staff to satisfy that the client’s source of fund for cash transaction exceeding the threshold of USD2K by obtaining the below:
1. A declaration signed by the client;
2. Documentary proof establishing the source of fund;
3. Analysis of initial disclosure of source of fund and level of business.
*for e.g., employment contract, lease contract, sale contract, certificate, official document from a government ministry, etc.
Once the nature and level of business has been established for the account, it is no longer necessary for the source of fund to be documented for every receipt of USD fund, provided that the fund is within the parameter of common business dealing.
Any exceptions to the CDD mentioned hereunder shall be must be approved in writing with the rationale of such exception by the senior management such as the Head of Business Line.
(shall be taken and construed as an integral part of the AML Manual)
In order to effectively perform the identification and verification of client and to mitigate ML/FT risk in the establishment of a business relationship, UDCX has in place an automatic name screening system to screen and filter the names of the clients against the below lists:
1. United Nations (UN) Sanctions List;
2. Bank Negara Malaysia Sanctions List;
3. Orders issued under Section 66B and Section 66C of the AMLA;
4. OFAC Sanctions List;
5. European Union (EU) Sanctions List;
6. Internal Watch List; and
7. Such other lists issued by relevant authorities from time to time.
Where there is a possible match, any on-going transaction shall be withheld or blocked and report shall be submitted to the Compliance officer for further action.
In performing screening, the below methodologies are adopted:
“SYMEX”, Systematic Money Exchange Solution, from Mighty Systems is the largest and most popular Enterprise Software among the Money Exchange Companies in Gulf, Far East and West. “SYMEX” today is a software solution accepted everywhere by Money Exchange business as it meets total requirements of the numerous complex operations of the trade.
SYMEX allows blacklisted names checking in Transfer, Draft, FC Modules etc. AML and compliance integration is done with recent integration through world-known World-Check database. AML, Money Laundering Act and Compliance rules are embedded with reports like Remittance etc.
Wynyard Group is a market leader in high consequence crime fighting and security software, used by law enforcement and national security agencies, critical infrastructure operations and major corporations. Its advanced crime analytics, advanced cyber threat analytics and investigations case management platform helps solve growing big data and security problems including organised and transnational crime, new generation extremism and high consequence cyber-crime.
The customer details and their transactions are screened in WYNYARD system to identify any possible ML/FT risks.
World-Check advanced features such as name matching accuracy has reduced remediation time to support a simplified and accelerated customer due diligence process. World Check allows 100% sanctions, watch and regulatory list coverage screening. It satisfies the demands for KYC, AML, CFT, PEP due diligence.
The USA PATRIOT Act requires that all persons and companies doing business in the U.S. to comply with the OFAC Regulations. UDCX also uses OFAC Analyzer for the AML/CTF compliance screening of transactions.
OFAC Analyzer allows the screening of all names against the sanctioned and blacklist names which fall under OFAC, EU, UN, SDN list, BIS list, FBI, OSFI, HMS, OFCL etc.
(shall be taken and construed as an integral part of the AML Manual)
|Step 1||Classifying the customer as individual or corporate|
|Step 2||Identification and verification of the client’s KYC documents|
|Step 3||Verification and collection of supporting documents such as the source of income, purpose of transaction etc.|
|Step 4||If the documents provided by the customer is satisfactory, the branch staff will enter the transaction details in SYMEX system.|
|Step 5||SYEMEX will do an automated compliance and blacklist screening before finishing the task. If the remitter name, beneficiary name or any other transaction details are matching against any of the blacklisted element as notified by the regulatory bodies, the SYMEX system will automatically block the transaction and rejection will be done from the branch itself. The front-end staff will file an ISTR on such rejected transactions and will hand over to the AML department of UDCX. Whenever such ISTR are received from branches, the AML department will do an in- depth investigation on the rejected transaction and will file an STR to the Labuan FSA.|
|Step 6||All TT’s made in branches are automatically pushed to the remittance software of the exchange and will be moved to the AML department for AML Compliance CTF check.|
|Step 7||AML department of our exchange do customer/ transaction screening and monitoring process with the help of Compliance Screening software’s like World Check, OFAC Analyzer, WYNYARD etc.|
|Step 8||Whenever an accepted transaction in SYMEX match any of the rules set in the WYNYARD Compliance Checking Software used by the AML department of UDCX, the transaction details are automatically pushed to the WYNYARD system. The AML department will check the transaction and if found no compliance issues, the payment will be approved for further bank processing. Else, if it’s having any compliance issue, the TT will be rejected by the AML department and will file an STR to Labuan FSA.|
|Step 9||After proper analysis and checking, if found any compliance issues in any TT’s, the particular TT will be rejected and will file an online STR to the Labuan FSA.|
|Step 10||If there is no compliance issue in the checked TT’s, the AML department will hand over the particular TT to the remittance department of the exchange for the further bank processing activities.|
TTs, MTs & Draft transactions - For all such types of transactions, non ICDD clients should fill up the application form and in all cases the transaction receipt should be compulsorily signed by the clients.
The application form should be completed with the following details:
1. Full name and address of remitter
2. Nationality of Remitter
3. Transferred amount in FC & LC
4. Method of payment (Cash or Cheque)
5. Identification documents
6. Name of the Beneficiary
7. Complete address of Beneficiary
8. Signature of the Remitter
9. Source of Fund (exceeding threshold of USD10K)
10. Purpose of Transfer (exceeding threshold of USD 2000)
Purpose of transfer should be correctly entered in the application and also captured in the system. Below are the options available in the system.
1. Personal needs
3. Investment in financial markets
4. Investment in Real Estate
5. Educational Expense
6. Medical Expense
Information pertaining to source of fund should be obtained on the application form from the client for transaction amount in excess of USD10k. In case of suspicion, documentary proof should be obtained and to ensure it is justifying the transaction amount.
For ICDD clients /Walk in clients, the details are to be entered in the system and signature shall be obtained from the customer on the transaction receipt and justifying the value of transaction. For CCDD (Corporate) clients also the above requirements shall be followed strictly.
For all Inward Transactions equivalent to or above USD10k to be paid in cash or in the form of Travellers cheque, Form No.2/2000/9 (Form for receipt of Transfer in cash) should be filled in and signed by the encashing cashier. Prior approval from the Central Bank‘s prior approval is required for:
Refusing to receive the transfer and remitting it. Freezing the transferred amount.
Refusing to carry out beneficiaries’ instruction.
For all Instant Money products, the Compliance Manual issued by the service provider shall be strictly followed.
ID copies for customers should be obtained in the following manner:
1. ICDD customers - No necessity to obtain ID copies, valid IDs are available in the ICDD file.
2. Renewed ID to be obtained in case of expiry
3. Non ICDD customer -
4. Above USD2k - Collect ID copies as mandated by Central Bank.
5. Below USD2k - Collect any id copy although not mandatory
Staff responsible for processing Instant Money transfers should ensure that the original ID of the beneficiary is verified and photocopy taken before processing any ‘Receive transactions”.
Note - Staff must take photocopy of ID and write “True copy of the Original”, affix company stamp and signed, after sighting the original of relevant valid ID filed.
For all currency exchange transactions, cashier should collect the basic details of client such as name and contact number.
Note - It is preferable to collect complete customer details including ID for all transactions.
For all currency exchange transaction above USD10k, cashier should ensure that the Currency Exchange Declaration Form is filled in and signed by the client. The original ID should be verified and photocopy attested stating “True Copy of the Original”, affix company stamp and signed. The purpose and source of fund should be captured in the form and should justify the exchange amount. If required should request for documentary proof.
Proper due diligence should be conducted prior to dealing with exchange companies and corporate. This is subject to review by Compliance department.
All export and import of currencies should be approved by the Management. UDCX will not import and/or export currencies from and/or to any of the sanctioned countries.
Monitoring the client’s transaction is one the most important AML/CFT components. Transaction monitoring can be conducted through automated or manual method to identify unusual transactions in a single or a set of transactions.
Transaction monitoring serves the below purposes:
1. to ensure that all transactions are in compliance to the local and foreign laws and regulations;
2. to assess the transactions of all clients to ensure they are in line with the client’s background and business profile;
3. to identify suspicious activity connected to ML/FT that may ultimately result in the filing of a Suspicious Transaction Report (STR);
4. to realign the risks associated to a customer, geographical, products and services and delivery channels;
In analysing transactions, the basic rule of “5Ws” shall apply:
1. Who - is the customer- individual or corporate, what is the profile of the customer?
2. What - product is the customer availing, remittance, currency exchange or any other product?
3. Where - is the customer remitting funds? Is the country a high-risk jurisdiction? Is there a valid reason for remitting funds?
4. Why - is the customer remitting funds? Does the transaction make economic sense and what is the exact purpose?
5. Whom –for whom the transaction is being conducted, who will benefit from the transaction? Who is the Ultimate beneficiary?
*Transactions shall be ideally monitored on the same or successive day to check if there is any breach of rules or suspicion.