ISLAMABAD: In order to maintain the integrity of its regulated financial sector in respect to preventing and combating money laundering and terrorism financing, the Securities and Exchange Commission of Pakistan (SECP) notified the SECP Anti Money Laundering (AML) and Countering Financing of Terrorism (CFT) Regulations, 2018.
Now the SECP has issued guidelines to supplement the regulations by elaborating on the general requirements of the legislation to help regulated persons (RPs) as defined under the regulations in understanding their AML/CFT obligations and establishing an effective AML/CFT regime.
These guidelines are applicable to all RPs conducting relevant financial business and explain the general requirements of the legislation to help RPs in applying national AML/CFT measures, developing an effective AML/CFT risk assessment and compliance framework suitable to their business, and in particular, in detecting and reporting suspicious activities.
The guidelines are based on Pakistan AML/CFT legislation and reflect, so far as applicable, the 40 recommendations and guidance papers issued by the Financial Action Task Force (FATF).
The guidelines require RPs to transition from one size fits all to a risk-based approach and hereby adopt AML/CFT risk assessment and compliance framework. The AML/CFT program entails identification and assessment of ML/TF risks in relation to customers; country or geographic area; products, services and transactions; and delivery channels: designing and implementing policies, controls and procedures to manage and mitigate the ML/TF risks, evaluation of mitigating controls and monitor the implementation of systems.
Under the risk-based approach the RPs are required to take enhanced measures where risks are higher for example high-risk countries, politically exposed persons (PEPs), legal persons or legal arrangement; cross-border correspondent relationships and simplified measures may be permitted such as under regulation 11 (2) (a) and (b) and 12(2) (c) to (g) of the regulations. However, simplified measures are not permitted whenever there is a suspicion of ML/TF.
Also, the regulated persons should update risk assessment every 12 to 18 months and establish their risk tolerance and the extent of AML/CFT controls should depend on nature, scale and complexity of the RPs risk factors, volume and size of transactions.
Whereas, the AML/CFT compliance framework requires RPs to develop and implement policies, procedure, controls that are commensurate with risks identified. Further, an effective AML /CFT governance and compliance regime require the board of directors to oversee the policies of risk, risk management and compliance.
In addition, the three lines of defense namely business unit; AML/CFT chief officer and internal audit function should be equipped with resources for independent evaluation of the effectiveness of compliance with AML/CFT policies and procedure.
There should adequate systems, internal policies, procedures and controls, customer due-diligence measures, record keeping procedures; group-wide AML/CFT programs; screening procedures and employee training program along with policies and procedures to prevent the misuse of technological development in ML/TF schemes.
The guidelines also focus on the enquiries on an unusual transaction and subsequent reporting of STR/CTR along with the sanctions that are applicable. They require RPs not to form a business relationship with the individuals/entities and their associates that are either, sanctioned under the Security Council resolutions adopted by Pakistan or prescribed under the Anti-Terrorism Act, 1997. In order to further guide the regulated persons’ links to a relevant organization such as FATF, UNSC Sanction Committee, NACTA etc. are mentioned as well as red flag/alerts are also annexed for each sector.