Faysal Bank CAAML/CFT Framework &

Sanction Program
CPU Training

CAAML Unit, Compliance Function

CPU Training
Client Acceptance & AML / CFT - Overview

FBL has policies, procedures / processes, systems and controls in place to

mitigate the risk of the bank being used to facilitate financial crime, money
laundering and terrorist financing.

Details of these are as follows:

- CAAML Policy (contained in Chapter 17 of Compliance Manual)
- CAAML Procedures
- Automated AML Solution
- Automated Sanction Screening System
 Why are AML/CFT Standards & Procedures
necessary?

Compliance breaches may impact the reputation,

sustainability or growth of the bank. If FBL does not
adhere to laws and regulations, its licenses to undertake
financial services may be negatively affected. Non-
compliance can lead to FBL being subject to fines and its
directors and employees being subjected to convictions
punishable by fines and/or imprisonment.
To whom do CAAML / CFT Policies and Procedures Apply?

All employees working in customer facing

businesses, support functions and control
functions etc. AML is for everyone.

All payment processing units (relevant units) of

FBL must monitor payments processed by them,
or executed through them to detect unusual or
suspicious transactions that may indicate money
laundering or terrorist financing or a sanction
violation.
Who to contact for Further Information?

-AML Team for reporting of Currency Transactions and suspicions

of money laundering, terrorist financing or for seeking guidance
on Anti Money Laundering/ Terrorist Financing policies and
procedures applicable to business, especially customer due
diligence.

-CAAML Advisory for assistance and advisory on Top 100

Depositors review and any matter relating to New Client Take –on
en.Safewatch, and Periodic and Even Driven Reviews.

-Trade & Sanctions Advisory for assistance and advisory on trade,

remittance & cross border transactions where a sanctioned
element has been identified.
 SBP AML / CFT Regulations
- SBP has compiled its existing AML / CFT
Regulations contained in various Circulars and
Prudential Regulations into a comprehensive
AML/CFT Regulations revised from time to time.

- Also a major circular by SBP in this regard is on

the Review of Top 100 Depositors at Branch
Level.
What is Customer Due Diligence (CDD)?

Customer Due Diligence is the first line of defense in

combating money laundering. It is about creating and
maintaining an adequate body of information on customers,
and independently checking and confirming parts of that
information, especially customer’s identities.

Every client must be owned by a relationship officer of the

Business line. The relationship officer will be responsible for
the client‘s KYC, due diligence and ensuring that FBL is
safeguarded against criminal activities like money laundering
and terrorist financing and drug trafficking etc in this regard.
When are CDD Measures to be Applied?

-When establishing business relationship;

-While dealing with occasional customers/ walk-in customers.
- While Handling Ongoing Transactions
- Periodically as per the cycle of reviews of PDN, Neutral, IR and
PEP mentioned in CAAML Procedures
-In other situations/scenarios when there is suspicion of money
laundering/financing of terrorism, regardless of threshold.
CDD Measures for Establishing Business Relationship

Information on the Purpose and Intended

Nature of Business Relations

Branches / BUs shall obtain from customers

information as to the purpose and intended
nature of business relations, which should be
duly recorded in the Customer Profile Form
(CPF) and RAF and Customer Relationship Form
(CRF).
 Anonymous or Fictitious Account

Anonymous accounts shall not be opened or maintained or

accounts in the name of fictitious persons or numbered accounts.

Joint Accounts

In the case of joint accounts, CDD measures on all of the joint

account holders shall be performed as if each of them were
individual customers of the bank/DFI.
 What is Enhanced Due Diligence (EDD) ?

- While dealing with certain clients who pose increased risk, the bank should undertake
Enhanced Due Diligence (EDD) depending upon customer’s background, country of
origin, public or high profile position, nature of business etc to fine tune its risk
management towards the specific risks.

- Enhanced Due Diligence (EDD) may consist of asking more detailed information on
client’s identification information; undertake more intensive verification and monitoring
a client’s transactions and activities more closely. SBP also requires the Banks to conduct
enhanced due diligence when dealing with high-risk customer, business relationship or
transaction including the following:
1. Non-resident customers;
2. Legal persons or arrangements including non-governmental organizations (NGOs) /
not for profit organizations (NPOs) and trusts/charities;
3. Customers belonging to High Risk Countries where CDD/KYC and AML regulations are
lax;
4. Customers with links to offshore tax heavens;
5. Customers in cash based businesses and Customers dealing in high-value items etc
6. High net worth customers with no clearly identifiable source of income.
When to conduct Enhanced Due Diligence (EDD)?

- There is reason to believe that the customer has been refused banking
facility by another bank / DFI.

- Opening correspondent bank’s accounts

- Dealing with non-face-to-face /on-line customers. Adequate measures in

this regard should be put in place, independent verification by a reliable
third party, client report from the previous bank/ DFI of the customer etc.

- Establishing business relationship or transactions with counterparts from

or in countries not sufficiently applying FATF recommendations

- Dealing with politically exposed persons or customers holding public or

high profile positions.
 Who are Politically Exposed Persons (PEPs) ?

- Politically Exposed Persons (PEP‘s) means natural persons who

are or have been entrusted with prominent public functions and
whose substantial or complex financial or business transactions
may represent an enhanced money laundering risk.

- This includes government officials, senior executives of a

government owned company, politicians, important political party
officials, etc., and their close family members or close associates.

- All PEP accounts should be approved by CAAML Advisory &

Senior Management as per the Approval Matrix given in the
CAAML Procedures.
 EDD on NGOs/NPOs/ Charities’ accounts

- Business should conduct enhanced due diligence (including

obtaining senior management approval) while establishing
relationship with Non-Governmental Organizations (NGOs)/Not-
for-Profit Organizations (NPOs) and Charities to ensure that these
accounts are used for legitimate purposes and the transactions
are commensurate with the stated objectives and purposes.

- The accounts should be opened in the name of relevant

NGO/NPO as per title given in its constituent documents of the
entity. The individuals who are authorized to operate these
accounts and members of their governing body should also be
subject to comprehensive CDD. All such accounts must be
approved by CAAML Advisory and Senior Management.
 How to Deal with Prospective Clients on
Sanction Lists / Official Lists / CPL ?
The US Government publishes a list of Specially Designated
Nationals and Blocked Persons/Sanctions which contains the
names of known terrorist and terrorist associates. This list is
called OFAC SDN and is made available on Intranet.
Every account (whether individual or corporate or Remittance)
must be checked against this list and SDN List before it is
opened.

FBL also maintains an Internal list called Concerned

Party List (CPL) which includes names that FBL may
designate as unsuitable to do business with.
 What is Risk Based Approach ?

- In compliance with SBP’s Risk Based Approach

Guidelines Annexed to the AML/CFT Regulations, FBL
has a CAAML Policy and underlying procedures which
present a risk based approach to CDD at the time of on-
boarding a client, periodic risk reviews and ongoing
monitoring.

- Following slides outline the Risk Based Approach

(RBA) employed by FBL to risk classify the clients.
 What is the process of Risk Assessment ?

The following areas are considered when deciding whether to

open a client account and during the course of the relationship
with the client if any circumstances change:
(a) Client background;
(b) Client‘s business or activities;
(c) Client‘s products and services needs; and
(d) The source and nature of the client‘s funds or assets.

All customer accounts are categorized in three risk buckets

1) Pre-Define Neutral
2) Neutral
3) Increase Risk and PEP; through the Risk Assessment Form(RAF).
 What is meant by Periodic Review ?

Bank shall periodically review the adequacy of customer information obtained in respect of
customers and beneficial owners and ensure that the information is kept up to date,
particularly for higher risk categories of customers. Further Near Due/Overdue Report is
available on CBS 8.5 for tracking accounts due for review.

The clients who on the basis of requirements as set in Client Risk Assessment Chart have
been classified as increased risk must be reviewed at least annually, unless different time
intervals have been set or a known change in the client's circumstances give reason to an
earlier review.

In the same way all neutral risk accounts should be reviewed at least once every three
years unless a different time interval have been set or a known change in client’s
circumstances give reason to an earlier review.

In the same way all Predefined neutral risk accounts should be reviewed at least once
every five years unless a different time interval have been set or a known change in client’s
circumstances give reason to an earlier review.
 Top-100 Depositor’s Annual Review

SBP BPRD Circular Letter No BPRD/AML-01/2014-2001 dated February

06 2014 and SBP BPRD Circular No BPRD/AML-01/2016-2135 dated
Jan 25, 2016 requires the bank branches to review Top-100 Depositors
of their respective branch and the accounts closed during the relevant
year. In this regard following tasks need to be performed at Branch
level:
- Compare the expected monthly turnover as per KYC profile of the
customer against the actual average annual turnover
- During this process the branch should also view the activity of the
account / statement of account, and evidence of such review should
also be placed on record file of the cycle by retaining prints of the first
and last page of the statement of account and storing a soft copy of
statement should be kept in a separate folder with the Branch
Manager.
 What is Event Driven Review ?

An Event Driven Risk Review should be triggered by branch / BU in

case of out of pattern transaction having taken place in the
account, any adverse press found on an existing client and/ or in
case of any fresh demand for a new product, and/ or any change
observed with respect to geographical location i.e. from a
NEUTRAL risk country to an INCREASED risk country by an IR/ PEP
client.
Prohibition of personal accounts for business
purposes

- Banks/DFIs are required not to allow personal

accounts to be used for business purposes except
proprietorships, small businesses and professions
where constituent documents are not available and
the banks/DFIs are satisfied with KYC profile of the
account holder, purpose of relationship and expected
turnover of the account keeping in view financial
status & nature of business of that customer.
- In this regard, bank has a policy of not allowing a
personal account to be used for business transactions
if its quarterly turnover exceeds Rs. 25M/Quarter.
 Sanctioned and Increased Risk Countries
The list of Sanctioned and Increased Risk Countries on FBL Intranet

FBL must comply with all

sanctions laws and
regulations that apply to
them and to their
activities.

Under applicable laws,

FBL and its employees
are generally prohibited
from making funds and
economic resources
available, directly or
indirectly, to or for the
benefit of sanctions
targets.
 Specific High Risk Elements & Recommendations for EDD
Customer Recommendation
NPO/NGO/ In relation to these customers, banks/DFIs may:
Charities/Trust 1) Obtain a declaration from Governing Body on ultimate control, purpose
etc and source of funds.
2) Personal accounts shall not be allowed to be used for charity
purpose/collection of donations.

House wife 1) Identify the source and beneficial ownership of funds

accounts 2) Update the details of the funds providers along with customer’s profile.

3) Identify and verify the funds providers if monthly credit turnover

exceeds an appropriate threshold.

Proprietorships Business transactions in personal accounts of proprietors may only be

permitted by linking it with account/business turnover. For Example
customers having quarterly credit turnover of Rs. 25 Million or above may
be required to open a separate account for business related transactions.
 Specific High Risk Elements & Recommendations for EDD
Products & Services Recommendation
Online transactions & 1) Pay special attention to geographical factors/locations for movement of
Non face to face funds.
transactions. 2) Payments received from unknown or unassociated third parties
Non face to face business relationships or transactions.

Geography & Location Recommendation

Transactions with 1) Countries identified by credible sources as having significant levels of

countries identified by corruption such as Kenya, Cambodia, Haiti, Nigeria, Zimbabwe, Tanzania,
national Vietnam etc
authorities/UN/FATF etc. 2) Countries subjected to sanctions, embargoes etc.

Delivery Channels Recommendation

Cash 1) Monitor cash transactions

2) Depositing by means of numerous credit slips by a customer such that the
amount of each deposit is not substantial, but the total is.
3) customer uses separate tellers to conduct large cash transactions

Wire Transfers Ensure that funds transfers which are inconsistent with the history pattern,
source of earnings and purpose need to be viewed
CPU –Minimum CAAML Checks
CPU –Minimum CAAML Checks
CPU –Minimum CAAML Checks
CPU –Minimum CAAML Checks
 Areas requiring Increased Vigilance

While approving an account ( New Client Take on or Periodic/Event Driven Review)

increased vigilance is required by CPU User in the following scenarios;

Non-Resident Accounts-
It is to be ensured that all NRP Accounts are to be classified as Increased Risk.

Customers involved in Increased Risk Businesses-

It is to be ensured that all Customers involved in High Risk Businesses as defined in CPL are
classified as Increased Risk.

Accounts with Monthly turnover in excess of PKR 2 Million-

It is to be ensured all accounts monthly turnover greater than PKR 2 Mn are to be classified
as Neutral Risk.
 Increased Risk Businesses
The list of Increased Risk Businesses is available on FBL Intranet

All Customers involved in High Risk Businesses

are to be classified as Increased Risk.
 CBS 8.5 User Guide-Centralized Processing Units-New Client
Onboarding /Periodic Review and Event Driven Review

The User Guide is available at:

http://fblintranet.faysalbank.com/sites/Bankopedia/InsideFBL/Comp
liance%20Library/Userguides/User%20Guide%20Periodic%20Review
%20and%20Event%20Driven%20Review%20-%20CPU.pdf
 Foreign Account Tax Compliance Act (FATCA)
March 2019

CONFIDENTIAL
 FATCA On-going Due Diligence Procedure

CPU-AMU should continuously monitor any events of change in customer circumstances from
FATCA point of view since if a change in customer circumstances is identified, the Bank will
mandatorily obtain a new self-certification form from the customer.

Change in customer circumstances may take place in one of the following scenarios:
- Existing customer who is not a US Person, becomes a US Person due to changes in his/her KYC
- The customer who was not having any US Indicia is now identified as having US indicia
- Customer has changed his/her KYC details due to which he is now identified as a US Person or
a Non US Person with US Indicia
- US Person / Non US Person With US Indicia becomes a Non US person
- Changes in the customer De-Minimis limit at the end of the year
- Expiry of the existing FORM W8 BEN / BEN E forms.

Required Action by CPU in above cases:

- CPU/AMU is to follow all steps listed under responsibilities of CPU within FATCA SOP.
- Based on the revised documentation update the status in system as applicable.

33
Confidential
CPU Responsibilities- FATCA
• The CPU-AMU should ensure that any missing information/documentation is obtained
from the respective business unit who will obtain the same from the customer at the
time of onboarding/ review/ change in circumstances.

• CPU-AMU needs to ensure reasonableness and validity of the FATCA Self-Certification

Form to ensure there is no conflicting information.

• CPU-AMU must validate the FATCA status of the customer prior to authorization of the
account by assessing the FATCA self certification form and all related documentation.

• In the event where any FATCA information is missing, the CPU-AMU shall request the
RM/CCP to obtain this information from the customer. The account is not activated till
the pending documentation is submitted by the customer and subsequently verified by
the RM/CCP.

• If all information obtained and is correct, CPU-AMU authorizes the account and
completes the account activation.

34
Confidential
 COMMON REPORTING STANDARD (CRS)
March 2019

35
CONFIDENTIAL
 REASONABLENESS TEST- CPU Responsibilities

CPU-AMU needs to update CRS Status as per CRS Self-Certification Form in the Metadata
Field available on FM144.

Data from Part B of the

CRS Self-Certification Form
to be entered in the
relevant fields

CRS Person Status as per

Self-Certification Form

36
Confidential
Change in Customer Circumstances
Once a change in customer circumstances is identified, the Bank will mandatorily obtain a
new self-certification form from customers as the self-certification form collected from
customers at the time of their onboarding; or as a result of reviewing Pre-Existing Accounts
will not remain valid if there is a change in circumstances relating to the Account Holder’s
tax status, or other mandatory fields included in the self-certification forms.

A change in circumstances includes any changes, or additions; to the Account Holder’s

information already held on record i.e. collected by the Bank at the time of Account
Opening and Account Maintenance.

Examples of Change in Circumstances:

1. Change in Contact Details
2. Linked Account Opening Request
3. Request for Re-activation of Dormant Account
4. Addition of Mandate/ Signatory

37
Confidential
REASONABLENESS TEST- CPU Responsibilities
• The CPU-AMU should ensure that any missing information/documentation is obtained
from the respective business unit who will obtain the same from the customer.

• CPU-AMU needs to ensure Reasonableness of the CRS Self-Certification Form.

• In the event where any CRS information / documentation is missing, the CPU-AMU shall
request the RM/CCP to obtain this information from the customer. The account is not
activated till the pending documentation is submitted by the customer and
subsequently verified by the RM/CCP.

• CPU-AMU must validate the CRS status of the customer and document the confirmation
of the customer’s CRS status by assessing Part B of the Tax Residency Form –
Country/Jurisdiction of Residence for Tax Purpose and related Taxpayer Identification
Number.

• If all information obtained and is correct, CPU-AMU provides the sign off on the CRS Tax
Residency Form, authorizes the account opening and completes the account activation.

38
Confidential
Thank You