S.R.0 924(1)/2020.— In exercise of powers conferred under section 6A of the Anti-Money Laundering Act, 2010 (VII of 2010) read with clause 1(iii) of Schedule IV to the said Act, Federal Board of Revenue is pleased to make the following Regulations in respect of the Designated Non-Financial Businesses and Professions(DNFBPs), namely Rules for DNFBPs for Anti Money Laundering and Countering Financing of Terrorism
Short title application and commencement.—(1) These regulations may be called the Federal Board of Revenue Anti Money Laundering and Countering Financing of Terrorism Regulations for DNFBPs, 2020.
(2) These Regulations shall apply to real estate agents, jewelers and Accountants.
(3) They shall come into force at once.
Definitions.— (1) In these regulations, unless there is anything repugnant in the subject or the context—
(a) “Accountants” means, other than those regulated by Institute of Chartered Accountants of Pakistan (ICAP) and Institute of Cost and Management Accountants of Pakistan (ICMAP), sole practitioners, partners or employed professionals within professional firms when they carry out the activities as specified in the AML Act in section 2, in clause (xii) in sub clause (c) or (d) ;
Explanation.- The term “Accountants” is not meant to refer to ‘internal’ professionals that are employees of other types of businesses, nor to professionals working for government agencies, who may already be subject to AML/CFT measures;
(b) AML Act” means the Anti-money Laundering Act, 2010 (VII of 2010);
(c) “AML/CFT” means Anti-Money Laundering and Countering Financing of Terrorism;
(d) “AML/CFT Regulatory Authority” for purposes of these regulations means the Federal Board of Revenue or FBR;
(e) “close associate” of a PEP means-
(i) an individual known to have joint beneficial ownership of a legal person or a legal arrangement or any other close business relations with the PEP;
(ii) an individual who has sole beneficial ownership of a legal person or a legal arrangement which is known to have been set up for the benefit of the PEP;
(iii) an individual who is reasonably found or believed to be closely connected with the PEP for any other reason, either socially or professionally.
(f) “Customer or client” means any natural person, legal person or legal arrangement engaging a Real Estate Agent, Jeweler or Accountant for the purposes of requesting, acquiring, or using any services or carrying out any transaction or business with a Real Estate Agent, Jeweler or Accountant;
(g) “DNFBP” for purposes of these regulations, means real estate agents, jewelers and accountants as defined in these regulations.
(h) “Enhanced Due Diligence” or “EDD” means taking additional CDD and may include the steps to be taken as given in these regulations;
(i) ” Family Member” family member of a politically exposed person includes-
(i) a spouse of the PEP;
(ii) lineal ascendants and descendants and siblings of the PEP;
(j) Federal Board of Revenue” means the Federal Board of Revenue (FBR) established under the Federal Board of Revenue Act, 2007;
(I) ” ML” means money laundering;
(in) “Politically Exposed Persons” or “PEPs” means any individual who is or has been entrusted with a prominent public function either domestically or by a foreign country, or in an international organization and includes but is not limited to:
(i) for foreign PEPs, Head of state or of government, senior politicians, senior government officials, judicial or military officials, senior executives of state owned corporations and political party officials; for domestic PEPs, Heads of State or of government, senior politicians, senior government officials, judicial or military officials, senior executives of state owned corporations, political party officials; and
(iii) for international organizations PEPs, members of senior management or individuals who have been entrusted with equivalent functions;
(n) “Real Estate Agent” includes builders, real estate developers and property brokers and dealers when execute a purchase and sale of a real property, participate in a real estate transaction capacity and are exercising professional transactional activity for undertaking real property transfer;
(o) “reasonable measures” means appropriate measures which are commensurate with the money laundering or terrorist financing risks;
(p) “Senior Managing Official” means an officer or employee of the reporting entity or DNFBP with sufficient knowledge of the reporting entity’s risk exposure, and of sufficient authority, to take decisions affecting its risk management and mitigation, including chief executive officer or managing director, deputy managing director, chief operating officer, company secretary, chief financial officer, chief compliance officer and chief regulatory officer and any holder of such positions by whatever name called;
(q) “Simplified due diligence” or “SDD” means taking reduced CDD measures and may include the measures set out in these Regulations.
(r) “STR” means the report on suspicious transaction specified under Section 7 of the AML Act; and
(s) “TF” means financing of terrorism.
(2) All other expressions used but not defined in these regulations shall have the meaning assigned thereto under the AML Act and the Income Tax Ordinance, 2001 (XLIX of 2001).
Registration and market entry control of DNFBPs.- (1) Every DNFBP shall be registered with the Board.
(2) The DNFBP shall provide any information or documentation that may be required by the Board for the purposes of registration or keeping the DNFBP registration up to date, including but not limited to criminal records of the senior management and beneficial owners
(3) The DNFBP shall notify the Board if it ceases operations as a DNFBP within thirty business days after ceasing operations, in the form and manner that may be required by the Board, and the Board shall deregister the DNFBP if the appropriate information is provided.
Risk assessment and mitigation by DNFBPs.- (1)The DNFBPs shall take appropriate steps in accordance with section 7F of the AML Act to identify, assess, and understand their risks for customers, countries or geographic areas, and products, services, transactions or delivery channels. This includes being required to-
(a) document their risk assessment
(b) consider all the relevant risk factors before determining what is the level of overall risk and the appropriate level and type of mitigation to be applied;
(c) keep the assessment up to date
(d) have appropriate mechanisms to provide risk assessment information to Board.
(2) The DNFBPs shall:
(a) have policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate risks that have been identified in its own risk assessment and any other risk assessment publicly available or provided by FBR;
(b) monitor the implementation of those controls and to enhance them if necessary; and
(c) take enhanced measures to manage and mitigate the risks where higher risks are identified.
(3) the DNFBP may take simplified measures to manage and mitigate risks, if lower risks have been identified. Simplified measures shall not be permitted whenever there is a suspicion of ML/TF.
New products, practices and technologies.- (1) The DNFBP shall-
(a) identify and assess the ML and TF risk that may arise in the development of new products, businesses and practices, including new delivery mechanism, and the use of new and pre-existent technology; and
(b) prior to the launch or use of product, practice or technology, DNFBP shall undertake the risk assessment and take appropriate measures to manage and mitigate the risks.
Record keeping by DNFBPs.— (1) The records maintained by DNFBPs as set out in section 7C of the AML Act shall be sufficient to permit reconstruction of individual transactions including the nature and date of the transaction, the type and amount of currency involved and the customer involved in the transaction so as to provide, when necessary, evidence for prosecution of criminal activity.
(2) The record may be maintained in paper or electronic form or on microfilm.
(3) The records of identifications data obtained through CDD, including EDD process, including copies of identification documents, application forms, verification documents and other documents along with business correspondence, and results of any analysis undertaken shall be maintained for a minimum period of five years after the business relationship is terminated.
(4) The DNFBPs shall retain such records till disposal of case where transactions, customers or instruments are involved in litigation or the same are required by a court of law or other competent authority, the DNFBP shall retain such records until such time as the litigation is resolved or until the court of law or competent authority indicates that the records no longer need to be retained
(5) The DNFBP shall satisfy promptly any enquiry or order from Board, designated law enforcement Agencies and FMU, for supply of ODD information and transaction records as per the relevant provisions of AML Act.
(6) Copies of documents mentioned in sub-regulation (1) of this Regulation shall be stamped “Original seen” by the Real Estate Agents, Jewelers and Accountants after viewing the original documents.
(7) The Real Estate Agents, Jewelers and Accountants shall keep a list of all such customers where the business transaction was refused or needed to be closed either on account of failure of the customer to provide the relevant documents under sub-regulation (1) of this regulation or the original document for viewing as required under sub-regulation (2) of this regulation.
Compliance program.- (1) In order to implement compliance programs as set out in section 7G of the AML Act, the regulated person shall implement the following internal policies, procedures and control, namely:-
(a) compliance management arrangements, including the appointment of a compliance officer at the management level, as the individual responsible for the regulated person compliance with these Regulations, the AML Act and other directions and guidelines issued under the aforementioned regulations and laws;
(b) screening procedures when hiring employees to ensure the integrity and conduct, skills, and expertise of such employees to carry out their functions effectively;
(c) an ongoing employee training program; and
(d) an independent audit function to test the system.
(2) For purposes of sub-regulation (1)(d) testing the system includes an assessment of the adequacy and effectiveness of the policies, controls and procedures adopted by the regulated person to comply with the requirements of these regulations; and to make recommendations in relation to those policies, controls and procedures.
(3) For purposes of (a) the regulated person shall ensure that the compliance officer shall –
(a) reports directly to the board of directors or chief executive officer or committee;
(b) has timely access to all customer records and other relevant information which they may require to discharge their functions, as well as any other persons appointed to assist the compliance officer;
(c) be responsible for the areas including, but not limited to-
(i) ensuring that the internal policies, procedures and controls for prevention of MUTF are approved by the board of directors of the regulated person and are effectively implemented;
(ii) monitoring, reviewing and updating AML/CFT policies and procedures, of the regulated person;
(iii) providing assistance in compliance to other departments and branches of the regulated person;
(iv) timely submission of accurate data/ returns as required under the applicable laws;
(v) monitoring and timely reporting of Suspicious and Currency Transactions to FMU; and
(vi) such other responsibilities as the regulated person may deem necessary in order to ensure compliance with these regulations.
(a) policies and procedures for sharing information required for the purposes of CDD and risk management;
(b) the provision, at group-level compliance, audit, and/or AML & CFT functions, of customer, account, and transaction information from branches and subsidiaries when necessary for AML & CFT purposes; and
(c) adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.
Customer Due Diligence (CDD) and Beneficial Ownership.— (1) DNFBPs shall conduct CDD in the circumstances and matters set out in section 7A(1) of the AML Act when they engage in the following activities, namely:-
(a) Real Estate Agents- when they are involved in transactions for a client concerning the buying and selling of real estate;
(b) Jewelers and Dealers in precious metals and stones – when they engage in any cash transaction with a customer or client equal to or above Rs. 2 Million; and
(c) Accountants when they prepare for, or carry out, transactions for their clients concerning the activities described in section 2(xii)(c) and (d) of the AML Act.
(2) The DNFBP shall identify the customer whether entering into a business relationship or conducting an occasional transaction, and whether natural or legal person or legal arrangement and verify that customers identity using reliable, independent sources documents, data or information as required under these regulations.
(3) The DNFBP shall identify the beneficial owner and take reasonable measure to verify the identity of the beneficial owner by using reliable and independent document, data or sources of information as set out in these Regulations, such that the DNFBP is satisfied that it knows who the beneficial owner is.
(4) Where the customer is represented by an authorized agent or representative, the DNFBP shall –
(a) Identify every person who acts on behalf of the customer,
(b) Verify the identity of that person by using reliable and independent documents, data or information as set out in these regulations; and
(c) Verify the authority of that person to act on behalf of the customer.
(5) The DNFBP shall understand and as appropriate obtain information on the purpose and intended nature of the business relationship.
(6) The DNFBPs shall conduct ongoing due diligence on the business relationship, including—
(a) scrutinizing transactions undertaken throughout the course of that relationship to ensure that the transaction being conducted are consistent with the DNFBPs knowledge of the customer, their business and risk profiles, including where necessary, the source of funds; and
(b) ensuring that documents, data, or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records, particularly for higher risk categories of customers.
(7) For customers that are legal persons or legal arrangements, the DNFBP shall understand the nature of the customer’s business and its ownership and control structure.
(8) For customers that are legal persons and legal arrangements, the DNFBPs shall identify the customer and verify its identity by obtaining the following information in addition to the information required under sub-regulation (4):
(a) name, legal form and proof of existence;
(b) the powers that regulate and bind the legal persons or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement; and
(c) the address of the registered office and, if different, a principal place of business.
(9) For customers that are legal persons, the DNFBP shall identify and take reasonable measures to verify the identity of the beneficial owners through the following information using reliable and independent documents data or information as set out in sub section 12:
(a) Identifying the natural person if any who ultimately has a controlling ownership interests as defined under relevant laws in a legal persons; and
(b) to the extent that there is doubt under clause (a) as to whether the person with the controlling ownership interest is the beneficial owner or where no natural persons exerts control through ownership interest, identity of the natural person if any exercising control of the legal persons or arrangements through other means; and
(c) where no natural person is identified under (a) or (b) above, the identity of the relevant natural person who holds the position of senior managing official,
(10) For customers that are legal arrangements, the DNFBPs shall identify and take reasonable measures to verify the identity of beneficial owners through the following information using reliable and independent documents data or information as set out in sub —regulation 12, namely:-
(a) for trust, the identity of the settler, the trustee(s), the protector (if any), the beneficiaries or class of beneficiaries, and any other natural persons exercising ultimate effective control over the trust (including through a chain of control/ownership);
(b) for Waqf and other types of legal arrangements, the identity of persons in equivalent or similar positions as specified in (a); and
(c) Where any of the persons specified in clause (a) or (b) is a legal person or arrangement, the identity of the beneficial owner of that legal person or arrangement shall be identified.
(11) For the purposes of verification of identity of customer or beneficial owner in these regulations, reliable and independent document, data or sources of information includes –
(a) for a natural person, copy of –
(i) Computerized National Identity Card (CNIC) issued by NADRA; OR
(ii) National identity card for overseas Pakistanis (NICOP) and/or duly issued machine readable passport for non-resident/overseas Pakistanis or those who have dual nationalities; or
(iii) copy of Pakistan origin card (POC) issued by NADRA; and/or passport for Pakistanis who have given up Pakistan nationality; or
(iv) Form B or smart/juvenile card issued by NADRA to children under age of 18 years; or
(v) Where the natural person is a foreign national, either Alien Registration Card (ARC) issued by National Aliens Registration Authority (NARA), Ministry of Interior or Passport having valid visa on it or any other proof of legal stay along with the passport;
(b) For a legal person, certified copy of –
(i) Resolution of board of directors for opening of account specifying the person authorized to open and operate the account (not applicable for single member company);
(ii) Memorandum of Association;
(iii) Articles of Associations, wherever applicable;
(iv) Certificate of incorporation;
(v) Securities and Exchange Commission of Pakistan (SECP) registered declaration for commencement of business as required under the Companies Act, 2017 (XIX of 2017), as applicable;
(vi) List of directors required to be filed under the Companies Act, 2017 ( XIX of 2017), as applicable;
(vii) Identity documents as per sub-clause (a) of all the directors, beneficial owners and person authorized to open and operate the account; and
(viii) any other documents as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the detail of its activities, sources and usage of funds in order to assess the risk profile of the prospective customers
(c) For a legal arrangement, certified copies of –
(i) The instrument creating the legal arrangement;
(ii) Registration documents and certificates;
(iii) The Legal arrangement’s by laws, rules and regulations;
(iv) Documentation authorizing any person to open and operate the account;
(v) Identity document as per sub clause (a) above of the authorized persons, beneficial owners and of the members of governing bodies, board of trustees or executive committee, if it is ultimate governing body, of the legal arrangement; and
(vi) Any other document as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the subject of the truth, the detail of its activities, sources and usage of funds in order to assess the risk profile of the prospective customers;
(d) In respect of Government institutions and entities not covered here in above:
(i) CNICs of the authorized persons; and
(ii) Letter of authorization from the authority concerned.
(12) The DNFBP shall verify the identity of the customer and beneficial owner before establishing a business relationship or conducting an occasional transactions.
(13) The DNFBPs may complete verification after the establishment of the business relationship, provided that:-
(a) this occurs as soon as reasonably practicable;
(b) this is essential not to interrupt the normal conduct of business; and
(c) the risks are effectively managed.
(14) The DNFBPs shall adopt risk management procedures concerning the conditions under which a customer may utilize the business relationship prior to verification.
(15) The DNFBPs shall conduct on going due diligence on the business relationship, including:
(a) scrutinizing transactions undertaken throughout the course of
that relationship to ensure that the transaction being conducted are consistent with DNFBPs knowledge of the customer, there business and risk profile, including where necessary, the source of funds; and
(b) Undertaking reviews of existing records and ensuring that documents, data or information collected for the CDD purposes is kept up to date and relevant, particularly for higher risk categories of customers.
(16) The DNFBPs shall apply CDD requirements to existing customers on the basis of materiality and risk, and to conduct due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of data obtained.
(2) EDD measures may include but shall not be limited to the following measures:
(a) Obtaining additional information on the customer (e.g. volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner;
(b) Obtaining additional information on the intended nature of the business relationship;
(c) Obtaining information on the source of funds or source of wealth of the customer;
(d) Obtaining information on the reasons for intended or performed transactions.
(e) Obtaining the approval of senior management to commence or continue the business relationship;
(f) Conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;
(3) In relation to Sub Regulation 1 (c) above, the DNFBPs shall:
(a) implement appropriate risk management systems to determine if a customer or beneficial owner is a PEP or a close associate or a family member of a PEP, both prior to establishing a business relationship or conducting a transaction, and periodically throughout the course of the business relationship;
(b) Apply at minimum the following EDD measures:
(i) obtain approval from senior management to establish or continue a business relations where the customer or a beneficial owner is a PEP, close associate or family member of a PEP or subsequently becomes a PEP, close associate and family member of PEP;
(ii) take reasonable measure to establish the source of wealth and the source of funds of customers and beneficial owners identified as a PEP, close associate or family member of a PEP;
(iii) conduct enhanced ongoing monitoring of business relations with the customer or beneficial owner identified as PEP. Close associate and family member of a PEP; and
(iv) establish, by appropriate means, the sources of wealth or beneficial ownership of funds as specified in the relevant Schedule under the head source of funds.
Simplified Due Diligence (SDD).- (1) The DNFBPs may apply SDD, when identifying and verifying the identity of a customer or beneficial owner, only where lower risks have been identified through an adequate analysis through its own risk assessment and any other risk assessments publically available or provided by FBR or in accordance with these regulations and commensurate with the lower risk factors.
(2) SDD measures may include but shall not be limited to the following measures, namely:-
(a) verifying the identity of the customer and the beneficial owner after the establishment of the business relationship;
(b) Reducing the degree of on-going monitoring and scrutinizing transactions.
(c) Not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring the purpose and nature from the type of transactions or business relationship established.
(3) DNFBP shall not apply any SDD whenever there is a suspicion of money laundering or terrorist financing.
Counter Measures against high risk countries. — (1) Regulated persons shall apply the countermeasures indicated by the Federal Government, pursuant to recommendations by the National Executive Committee, whenever required.
Reliance on Third Parties.- (1) The DNFBPs may rely on a third party for identification of customer and CDD as set out in this Regulation, provided relying DNFBP;
(a) will remain liable for any failure to apply such indicated CDD measures above;
(b) immediately obtain from the third party the required information concerning CDD as set out in these Regulations;
(c) the reporting entity shall keep those copies of identification as set out in Regulation 6; and
(d) satisfy itself that the Third Party is supervised by an AML/CFT regulatory Authority or an equivalent foreign authority and has measures in place for compliance with AML Act obligation of CDD and record keeping.
(2) Where a DNFBP relies on a third party that is part of the same corporate group, the DNFBP may deem the requirement of sub-regulation (1) of 12 to be met if –
(a) the corporate group applies CDD and record keeping requirements in accordance with AML Act and regulations made their under;
(b) the implementations of requirements in paragraph (a) above is supervised by an AML/CFT regulatory authority or an equivalent foreign authority; and
(c) the corporate group has adequate, measures in place to mitigate any higher country risks.
(3) subject to Regulation 11, when determining in which country a third party may be based, the DNFBP shall have regard to available information on the level of country risk.
Targeting Financial Sanctions (TFS).—(1) Pursuant to section 7H of the AML Act, in order to comply with TFS, the DNFBP shall:-
(a) Develop mechanism, processes and procedures for screening and monitoring customers and potential customers to detect any matches or potential matches with the stated designated/proscribed person – or if beneficial owners of the designated/proscribed person
Explanation.- For the purposes of this section the expression associates means persons and entities acting on behalf of, or at the direction, or for the benefit, of proscribed or designated entities and individuals that may be determined on the basis of appropriate screening of sanctions lists, disclosed nominee/beneficiary information, publicly known information, Government or regulatory sources or reliable media information, etc.
Reporting of STR and CTR.—(1) The DNFBP shall file STR and CTR to FMU, as per requirements prescribed by FMU as required under section 7 of AN_ Act.
Monitoring and compliance.— (1) The record to be maintained and
furnished by the Accountants, Real Estate Agents and Jewelers under these rules and as required by AML Act shall be subject to inspection by FBR, as laid down in section 6A(2)(f) of AML Act, who may be assisted by other law enforcement agencies.
Sanctions.—(1) Any violation of any provision of these regulations shall be subject to sanctions issued under the AML Act.