Declaration of offsite Monitoring Questionnaire for Accountants
Declaration of offsite Monitoring Questionnaire for Accountants: ACCOUNTING POPULATION DETERMINATION SURVEY FORM
Does the accounting firm provide, now or in the future, any of the following services to clients? Check all that apply
- Buying and selling of real estate
- Managing of client money, securities or other assets
- Management of bank, savings or securities accounts
- Organization of contributions for the creation, operation or management of companies
- Creating, operating or management of companies, trusts or waqf
- Acting as a formation agent of legal persons
- Buying and selling of business entities
- Acting as a director or secretary of a company, a partner of a partnership
- Arranging for another person to act as a director or secretary of a company, a partner of a partnership
- Acting as a trustee of an express trust or performing the equivalent function for a waqf
- Arranging for another person to act as a trustee of an express trust or performing the equivalent function for a waqf
- Acting as a nominee shareholder for another person
- Arranging for another person to act as a nominee shareholder for another person
- Providing a registered office, business address or accommodation, correspondence or administrative address for a company, partnership, trust or waqf
INHERENT VULNERABILITIES
- Entity Characteristics
- For the purposes of serving its clients, does the entity maintain ongoing relationships with regulated financial institutions or other regulated professional service providers (e.g. referrals)?
Yes | No |
Products and Services
- Does the entity offer any of the following products or services?
- Sale of pre-formed companies to clients (shelf companies)
- Formation of companies to hold assets
- Formation of companies as layers in an ownership structure
- Formation of companies with complex or opaque ownership
- Acting as a nominee director of a client’s company
- Arranging for another person to act as a nominee director of a client’s company
- Formation of trusts/waqf as layers in an ownership structure
- Formation of trusts/waqf with complex or opaque structures
- Formation of trusts/waqf with undefined beneficiaries or classes of beneficiaries
- Acting as the trustee of a client’s trust/waqf
- Arranging for another person to act as a trustee of a client’s trust/waqf
- Formation of companies, trusts or waqfs in jurisdictions outside Pakistan
- Providing a registered office or a business address, a correspondence address, or an administrative address for a company, or a partnership, or any other legal person or arrangement
- Managing client funds (other than sums paid as fees for professional services), accounts, securities, or other assets
- Operational of pooled accounts of client funds
- Transfer of beneficial interest in land or other real estate property
- Transaction on behalf of a client in relation to creating, operating, and managing a company or trust/waqf
- Transaction on behalf of any other person in relation to the buying, transferring, or selling of a company or trust/waqf
Yes | No |
What percentage of the entity’s business do the products and services listed above represent?
0% (None) | 1%-10% | 10%-25% | 25%-50% | 50%-75% | 75%-100% |
How many transactions (payment for services by a client) are processed each year on average?
Nature of Client Relationships
Does the entity maintain ongoing client relationships?
Yes | No |
How many new clients has the entity served in the past year?
How many existing clients has the entity served in the past year?
What percentage of the entity’s business are high-risk clients?
0% (None) | 1%-10% | 10%-25% | 25%-50% | 50%-75% | 75%-100% |
Which sorts of high-risk clients are served? (Check all that apply)
Domestic Politically Exposed Persons
Foreign Politically Exposed Persons
High Net Worth Individuals
Corporations or trusts with opaque or complex ownership
Clients with negative media articles
What percentage of the entity’s business is non-resident clients?
0% (None) | 1%-10% | 10%-25% | 25%-50% | 50%-75% | 75%-100% |
If the business has foreign clients, where are these clients located (country)? List the top 5
Geographic Reach
Does the entity have activities relating to high risk jurisdictions?
Yes | No |
Does the entity have activities relating to countries or areas of concern?
Yes | No |
What percentage of the entity’s activities relate to the high-risk jurisdictions and areas or countries of concern outlined above?
0% (None) | 1%-10% | 10%-25% | 25%-50% | 50%-75% | 75%-100% |
Delivery Channels
Does the entity have a non-face-to-face business model or onboard clients without face-to-face interaction?
Yes | No |
Does the entity use third party intermediaries or agents to onboard clients?
Yes | No |
Does the entity accept any of the following types of payments?
Yes | No |
MITIGATING CONTROLS
Risk Assessment
Enterprise Risk Assessment
Does the entity have a documented ML/TF risk assessment?
Yes | No |
Has the risk assessment considered different types of risk?
Yes | No |
Is the risk assessment reviewed and updated on a regular basis?
Yes | No |
Client Risk Assessment
Does the entity assign documented risk ratings to its clients or categories of clients?
Yes | No |
Has the risk assessment considered different drivers of client risk?
Yes | No |
Are customer risk ratings kept up to date?
Yes | No |
Policies, Procedures and Systems
Policies
Does the entity have a documented AML/CFT compliance program?
Yes | No |
Was the AML/CFT Policy developed to mitigate risks identified in the risk assessment?
Yes | No |
Are controls in place to prevent breaches of the AML/CFT Policy?
Yes | No |
How many breaches of the AML/CFT Policy have been identified?
Procedures and Systems
Has the entity put in place procedures or systems to support the implementation of the AML/CFT Policy?
Yes | No |
Are there procedures or systems in place to carry out obligations under the AML/CFT Policy?
Yes | No |
Are the entity’s procedures or systems updated periodically?
Yes | No |
Customer Due Diligence
Client Identification
Does the entity identify and verify all its clients’ identities in the situations required by the AMLA and FBR Regulations?
Yes | No |
Does the entity make and keep records of customer identification and verification?
Yes | No |
Check all that apply
Name
Address
Nationality and residency status
Occupation
Purpose of account
Third parties exerting control over the client
On how many occasions has the entity observed a potential client attempting to provide fraudulent identification documents?
Has the entity rejected clients with incomplete client identification and/or verification?
Yes | No |
If so, on how many occasions?
How many clients have not been identified or had their identify verified due to the likelihood of tipping off the client?
Legal Persons and Arrangements
Does the entity identify its clients who are legal persons and legal arrangements in the situations required in the AMLA and FBR Regulations?
Yes | No |
Does the entity identify and verify the identity of the natural person(s) representing the legal person or legal arrangement?
Yes | No |
Does the entity make and keep records of customer identification of legal persons and arrangements?
Yes | No |
Check all that apply
Name
Business address
Articles of Incorporation, Partnership Agreement, Trust Agreement etc.
Nature of business
Purpose of account
Does the entity identify and take reasonable measures to identify all ultimate beneficial owners who own 25% of more of the legal person or legal arrangement?
Yes | No |
Ongoing Due Diligence
Are client identification and beneficial ownership files kept up to date?
Yes | No |
If yes, how frequently are the files updated:
Multiple times per year | Every year | Every two years | More than every two years | Ad hoc/variable timeframe | When there are changes to the client’s profile | When there are changes to the business model or risk exposure | When there are changes to the legislation or regulations |
Is there ongoing due diligence to verify that transactions are consistent with the customer’s risk profile?
Yes | No |
Is the frequency and depth of ongoing due diligence conducted on the basis of client risk?
Yes | No |
Enhanced Measures
Identify High Risk Clients and Situations
Does the entity identify high risk clients and situations?
Yes | No |
Check all that apply
Foreign Politically Exposed Persons
Domestic Politically Exposed Persons
Legal persons with complex or opaque ownership structures
High net worth individuals
Non-face-to-face clients
Professional service providers
Non-profit organizations
Clients seeking aggressive tax planning
How many clients have been identified as foreign politically exposed persons?
How many clients have been identified as domestic politically exposed persons?
Does the entity identify and assess the risks of new technologies?
Yes | No |
Does the entity identify clients or transactions related to high risk countries or areas/countries of concern or the border areas of KP and Balochistan as well as South Punjab?
Yes | No |
How many transactions related to high risk countries or areas/countries of concern or the border areas of KP and Balochistan as well as South Punjab have taken place?
What is the value of those transactions (PKR)?
Have potential clients been rejected or existing clients been closed due to high risk factors?
Yes | No |
If yes, How many potential clients have been rejected?
If yes, How many existing clients have been closed?
Application of Enhanced Measures
Does the entity apply enhanced mitigating controls to address high risks?
Yes | No |
Check all that apply
Obtaining more information (client ID, beneficial ownership, transaction purpose etc)
Updating customer information more frequently
Taking reasonable measures to identify the client’s source of wealth and funds
Increasing the degree and level of transactions monitoring
Obtaining the approval of senior management of the business relationship
Is the application of enhanced measures variable in relation to the identified risk of the client or situation?
Yes | No |
Does the entity’s senior management have ongoing oversight re: high risk clients and situations?
Yes | No |
If yes, Is the entity’s senior management approval required prior to onboarding high risk clients and transacting in high risk situations?
Yes | No |
Targeted Financial Sanctions
Targeted Financial Sanctions Designated Persons Listings
Does the entity screen clients against the UN targeted financial sanctions designated lists for terrorist financing (UNSCR 1267 and its successor resolutions)?
Yes | No |
Does the entity screen clients against national-level targeted financial sanctions lists for terrorist financing?
Yes | No |
Which national lists are checked?
Notification/SRO by the Ministry of Interior/ NACTA or Ministry of Foreign Affairs
United States (OFAC)
United Kingdom
European Union
Other
Does the entity screen clients against the UN targeted financial sanctions lists for proliferation financing (UNSCR 1718 and its successor resolutions, and UNSCR 2231)?
Yes | No |
Targeted Financial Sanctions Screening Procedures
Are all new and existing clients checked against designated persons sanctions lists whenever the lists are updated?
Yes | No |
How is screening done?
Manually against the published listings | Using in-house or third-party software solutions |
Is there an ongoing customer scanning/filtering process (automated or manual) for the designated persons sanctions lists?
Yes | No |
What frequency is the client database scanned?
Multiple times per day
Once a day
Once a week
Once a month
Client database is not scanned on an ongoing basis
Other timeframe:
Are beneficial owners checked against the designated persons sanctions lists?
Yes | No |
Targeted Financial Sanctions Matches
Does the entity maintain records of name matches against targeted financial sanctions designated persons lists?
Yes | No |
Check all that apply
Records are maintained of all true matches
Records are maintained of all false positives
Does the entity have policies in place to determine whether matches against the designated persons sanctions lists are true hits?
Yes | No |
Does the entity have policies in place to report any positive matches against the designated persons sanctions lists to the competent authorities?
Yes | No |
Have any designated financial sanctions name matches been reported?
True matches have been reported to competent authorities | True matches have not been reported to competent authorities | No true matches have been determined |
If matches have been reported, how many new client relationships have been rejected?
If matches have been reported, how many existing client relationships have been rejected?
If matches have been reported, what is the value of existing client assets that have been frozen?
Suspicious Transaction and Currency Transaction Reporting
Transaction Monitoring
Does the entity identify and monitor for suspicious transactions/activity?
Yes | No |
Check all that apply
Manually
Automatically
Does the entity have expected turnaround times to analyse suspicious transactions?
Yes | No |
If yes, what is the expected turnaround time from the time the transaction is processed (days):
Does the entity have a designated person responsible for filing suspicious transaction reports?
Yes | No |
Suspicious Transactions and Currency Transactions Reported
Has the entity reported suspicious transactions to the FIU?
Yes | No |
If yes, how many STRs have been filed:
Has the entity reported cash transactions to the FIU?
Yes | No |
If yes, how many CTRs have been filed:
Does the entity report attempted transactions that were not completed?
Yes | No |
Does the entity file STRs even when it does not suspect a specific crime that the transaction may be related to?
Yes | No |
Internal Controls
Compliance Officer
Has the entity appointed a compliance officer with responsibility for the implementation of the AML/CFT Policy and compliance program?
Yes | No |
Is the compliance officer at a management level?
Yes | No |
Does the compliance officer have access to all client and business files and records?
Yes | No |
Training
Does the entity have an AML/CFT training program?
Yes | No |
How is the training developed (check all that apply)
Developed in-house
Sourced from third parties
Does the training program cover the entirety of the AML/CFT compliance program?
Yes | No |
What does the training program cover (check all that apply)
Responsibilities of the entity and its employees under the AMLA/Regulations
Internal policies, procedures and processes
How to identify and report suspicious transactions to the FIU
Common methods used by money launderers and terrorist financiers
How many employees have AML/CFT responsibilities? (full-time equivalent positions):
Does every employee with AML/CFT responsibilities receive training?
Yes | No |
Who receives AML/CFT training (check all that apply)
Sole proprietor
New recruits
Frontline employees with customer interface
AML/CFT Compliance Officer and staff
Back office staff (if any)
Audit staff (if any)
Senior management (if any)
Board members (if any)
Audit
Is there an independent evaluation of the AML/CFT compliance program? (e.g. internal/external audit, or by staff)
Yes | No |
What frequency is audit?
Every year
Every two years
Other timeframe:
Does the audit program review all elements of the AML/CFT compliance program?
Yes | No |
Check all that apply
Does the audit function assess compliance with applicable laws, regulations and guidelines?
Does the audit function examine the adequacy of customer due diligence policies, procedures and processes?
Does the audit function perform testing (client files, unusual/suspicious transaction files, targeted financial sanctions name match files, etc.)?
Does the audit function examine the integrity and accuracy of information management and information technology systems used in the AML/CFT compliance program (including transaction monitoring systems if applicable)?
Yes | No |
Read more blogs here and to contact FBR click here.