Main
>
Legal Framework
>
6. CUSTOMER DUE DILIGENCE
FINANCIAL SERVICES LEGISLATION
RULES
ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING AND SANCTIONS RULES
Figure 1 – The Risk Based Approach
Figure 2 – Customer Risk Assessment
Entire Act

6. CUSTOMER DUE DILIGENCE

6.1. Conducting Customer Due Diligence

6.1.1. Obligation to conduct Customer Due Diligence

A Relevant Person must:

(a) conduct CDD under AML 6.3.1 for each of its customers including when the customer is carrying out occasional transactions the value of which singularly or in several linked operations (whether at the time or later), equal or exceed USD 15,000; and

(a-a) conduct CDD under AML 6.3.1 for each of its customers including when the customer is
carrying out occasional transactions with Digital Assets the value of which singularly or in several linked operations (whether at the time or later), equal or exceed USD 1,000; and

(b) in addition to (a) and (a-a), conduct EDD under AML 7.1.1 in respect of:

(i) each customer it has assigned as high risk;

(ii) business relationships and transactions with persons from countries with high geographical risk factors.

6.1.2. Conducting Simplified Due Diligence

(a)A Relevant Person may conduct SDD in accordance with AML 8.1.1 by modifying the CDD under AML 6.3.1 for any customer it has assigned as low risk. A Relevant Person must not conduct SDD measures in specific high-risk scenarios or when there is a suspicion of money laundering;

(b)A Relevant Person must ensure that assignment of low risk is based on an adequate risk analysis and SDD is commensurate with the risk level identified.

Guidance on Customer Due Diligence

(a)A Relevant Person should conduct CDD in a manner proportionate to the customer's money laundering risks identified under Chapter 6. When the money laundering risks are identified as high, a Relevant Person must conduct EDD under Chapter 7.

(b)This means that all customers are subject to CDD under AML 6.3.1. However, for high risk customers, additional EDD measures should also be conducted under AML 7.1.1.

(c)The broad objective is that the Relevant Person should know at the outset of the relationship who its customers (and, where relevant, beneficial owners) are, where they operate, what they do and their expected level of activity. In addition to AML 6.1.1(a), a Relevant Person must obtain documents on the legal form and the powers that regulate and bind the legal person or arrangement. The Relevant Person must then consider how the profile of the customer’s financial behaviour builds up over time, allowing the Relevant Person to identify transactions or activity that may be suspicious.


6.2. Timing of Customer Due Diligence

6.2.1. Establishment of business relationship

A Relevant Person must conduct CDD measures:

  1. (a) when it is establishing a business relationship with a customer; and
  2. (b) after establishing a business relationship with a customer.

6.2.2. After the establishment of a business relationship

A Relevant Person must also conduct appropriate CDD if, at any time:

  1. (a) in relation to an existing customer, it doubts the veracity or adequacy of documents, data or information obtained for the purposes of CDD;
  2. (b) it suspects money laundering; or
  3. (c) there is a change in the risk rating applied by the Relevant Person to an existing customer, or it is otherwise warranted by a change in circumstances of the customer

6.2.3. Establishing a business relationship before Customer Due Diligence is complete

A Relevant Person may establish or retain a business relationship with a customer before completing the verification required by AML 6.3.1 if the following conditions are met:

  1. (a) deferral of the verification of the customer or beneficial owner is necessary in order not to interrupt the normal conduct of a business relationship;
  2. (b) risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification have been adopted and are in place; and there is little risk of money laundering occurring and any such risks identified can be effectively managed by the Relevant Person;
  3. (c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and
  4. (d) subject to (c), the relevant verification is completed as soon as reasonably practicable before or during the establishment of a business relationship and when transactions for occasional customers are being conducted; and in any event, no later than 30 days after the establishment of a business relationship.

6.2.4. Inability to complete Customer Due Diligence within 30 days

Where a Relevant Person is not reasonably able to comply with the 30-day requirement in AML 6.2.3(d), it must, prior to the end of the 30-day period:

  • (a) document the reason for its non-compliance;
  • (b) complete the verification in AML 6.2.3 as soon as possible; and
  • (c) record the non-compliance event.

6.2.5. Cessation of business

The AFSA may specify a period within which a Relevant Person must complete the verification required by AML 6.2.3 failing which the AFSA may direct the Relevant Person to cease any business relationship with the customer.

Guidance on timing of Customer Due Diligence

  1. (a) For the purposes of AML 6.2.2(a), examples of situations which might lead a Relevant Person to have doubts about the veracity or adequacy of documents, data or information previously obtained could be where there is a suspicion of money laundering in relation to that customer, where there is a material change in the way that the customer's account is operated, which is not consistent with the customer's business profile, or where it appears to the Relevant Person that a person other than the customer is the real customer.
  2. (b) In AML 6.2.3, situations that the Relevant Person may take into account include, for example, accepting subscription monies during a short offer period; executing a timecritical transaction, which if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity; and when a customer seeks immediate insurance cover.
  3. (c) When complying with AML 6.2.1, a Relevant Person should also, where appropriate, consider AML 6.6.1 regarding failure to conduct or complete CDD and Chapter 13 regarding STRs and tipping off.

6.3. Conducting Customer Due Diligence

6.3.1. Obligation to verify and understand

In conducting CDD required by AML 6.1.1,a Relevant Person must:

  1. (a) verify the identity of the customer and any person acting on behalf of the customer, including his authorisation to so act, based on original or properly certified documents, data or information issued by or obtained from a reliable and independent source;
  2. (a-a)  verify the identity of any beneficial owner(s) of the customer;
  3. (b)obtain information on and understand the purpose and intended nature of the business relationship;
  4. (c)understand the customer's sources of funds;
  5. (d)understand the customer's sources of wealth; and
  6. (e)conduct on-goingdue diligence of the customer business relationship under AML 6.4.1.

6.3.2. Customer obligation for life insurance

In complying with AML 6.3.1 for life insurance or other similar policies, a Relevant Person must:

  1. (a)verify the identity of customers as soon as reasonably practicable before or during the establishment of a business relationship and when transactions for occasional customers are being conducted;
  2. (a-a)  verify the identity of any named beneficiaries of the insurance policy at the time of pay-out;
  3. (b)verify the identity of the persons in any class of beneficiary, or where these are not identifiable, ensure that it obtains sufficient information to be able to verify the identity of such persons at the time of pay-out;
  4. (c)if a beneficiary of the insurance policy who is a legal person or a legal arrangement presents a higher risk, take enhanced measures which should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of pay-out;
  5. (d)take reasonable measures to determine whether the beneficiaries of the insurance policy and/or, where required, the beneficial owner of the beneficiary, are PEPs, at the latest at the time of the pay-out, and, in cases of higher risks, inform senior management before the pay-out of the policy proceeds, conduct enhanced scrutiny on the whole business relationship with the policyholder, and consider making a STR; and
  6. (e)include the beneficiary of a life insurance policy as a relevant risk factor in determining whether enhanced CDD measures are applicable.


6.3.3. Customer is a Politically Exposed Person

Where a customer, or a beneficial owner of the customer, is a PEP, a Relevant Person must ensure that, in addition to AML 6.3.1 it also:

  1. (a) increases the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious; and
  2. (b) obtains the approval of senior management to commence a business relationship with the customer.

Guidance on undertaking Customer Due Diligence

  1. (a) A Relevant Person should, in complying with AML 6.3.1(a), and adopting the RBA, obtain, verify and record, for every customer who is a natural person, the following identification information:
  2. (i) full name (including any alias);
  3. (ii) date of birth;
  4. (iii) nationality;
  5. (iv) legal domicile; and
  6. (v) current residential address (not a P.O. box).
  7. (b) Items (i) to (iii) above should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.
  8. (c) A Relevant Person should, in complying with AML 6.3.1(a), and adopting the RBA, obtain, verify and record, for every customer which is a legal person, the following identification information:
  9. (i) full business name and any trading name;
  10. (ii) registered or business address;
  11. (iii) date of incorporation or registration;
  12. (iv) place of incorporation or registration;
  13. (v) a copy of the certificate of incorporation or registration;
  14. (vi) a valid commercial or professional licence;
  15. (vii) the identity of the directors, partners, trustees or equivalent persons with executive authority of the legal person or who holds the position of senior managing official; and
  16. (viii) for a trust, a certified copy of the trust deed to ascertain the nature and purpose of the trust and documentary evidence of the appointment of the current trustees.
  17. (d) In complying with AML 6.3.1(a), it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because a Relevant Person has no physical contact with the customer, the Relevant Person should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an employee of the person's embassy or consulate, or other similar person. Downloading publicly available information from an official source (such as a regulator or government website) is sufficient to satisfy the requirements of AML 6.3.1(a) CDD information and research obtained from a reputable company or informationreporting agency may also be acceptable as a reliable and independent source, as would banking references and, for lower risk customers, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
  18. (e) For higher risk situations, identification information is to be independently verified, using both public and non-public sources.
  19. (f) In complying with AML 6.3.1(b) a Relevant Person is required to "understand" a customer's source of funds. This means understanding where the funds for a particular service or transaction will come from (e.g. a specific bank or trading account held with a specific financial institution) and whether that funding is consistent with the customer's source of wealth. The best way of understanding the source of funds is by obtaining information directly from the customer, which will usually be obtained during the onboarding process. The Relevant Person should keep appropriate evidence of how they were able to understand the source of funds, for example, a copy of the customer account opening form, customer questionnaire or a memo of a call with the relationship manager at a financial institution.
  20. (g) In complying with AML 6.3.1(c) a Relevant Person is required to "understand" a customer's source of wealth. For a natural person, this might include questions about the source of wealth in an application form or customer questionnaire. The understanding may also be gained through interactions with the relationship manager at a financial institution. It could also be gained by obtaining information from a reliable and independent publicly available source, for example, from published accounts or a reputable news source. The understanding need not be a dollar for dollar account of the customer's global wealth, but it should provide sufficient detail to give the Relevant Person comfort that the customer's wealth is legitimate and also to provide a basis for subsequent on-going due diligence. The understanding of the customer's source of wealth should be clearly documented.
  21. (h) Understanding a customer's sources of funds and wealth is also important for the purposes of undertaking on-going due diligence under AML 6.3.1(d) Initial funding of an account or investments from an unknown or unexpected source may pose a money laundering risk. Similarly, a sound understanding of the customer's source of funds and wealth also provides useful information for a Relevant Person's transaction monitoring programme.
  22. (i) An insurance policy which is similar to a life policy would include life-related protection, or a pension, or investment product which pays out to the policy holder or beneficiary upon a particular event occurring or upon redemption.

Guidance on identification and verification of beneficial owners

  1. (a) In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case.
  2. (b) When identifying beneficial owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not).
  3. (c) A Relevant Person should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. There are no explicit ownership or control thresholds in defining the beneficial owner because the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so a Relevant Person must adopt the RBA and pursue on reasonable grounds an approach which is proportionate to the risks identified. A Relevant Person should not set fixed thresholds for identifying the beneficial owner without objective and documented justification. An overly formal approach to defining the beneficial owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold.
  4. (d) In some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a beneficial owner.
  5. (e) For a retail investment fund, which is widely-held and where the investors invest via pension contributions, the manager of the fund is not expected to look through to underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, a Relevant Person should identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer.
  6. (f) Where a Relevant Person carries out identification and verification in respect of actual and potential beneficial owners of a trust, this should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution, whether or not such person is a named beneficiary.
  7. (g) Where no natural person is identified as a beneficial owner, the relevant natural person who holds the position of senior managing official should be identified as such and verified.

Guidance on Politically Exposed Persons

  1. (a) Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to their close associates. PEP status itself does not incriminate individuals or entities. It does, however, put the customer into a higher risk category.
  2. (b) Generally, a foreign PEP presents a higher risk of money laundering because there is a greater risk that such person, if he/she was committing money laundering, would attempt to place his/her money offshore where the customer is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his/her home jurisdiction to confiscate or freeze his/her criminal property.
  3. (c) Corruption-related money laundering risk increases when a Relevant Person deals with PEPs. Corruption may involve serious crimes and has become the subject of increasing global concern. Customer relationships with family members or close associates of PEPs involve similar risks to those associated with PEPs themselves.
  4. (d) After leaving office PEPs may remain a higher risk for money laundering if they continue to exert political influence, directly or indirectly, or otherwise pose a risk of corruption.

6.3.4. Existing customer becoming a Politically Exposed Person

A Relevant Person must not continue its business relationship with an existing customer if the customer (or a beneficial owner of the customer) becomes a PEP, unless the Relevant Person obtains the approval of its senior management.


Guidance on conducting Customer Due Diligence

  1. (a)A Relevant Person should, in complying with AML 6.3.1(a),and adopting the RBA, obtain, verify and record, for every customer who is a natural person, the following identification information:
  2. (i)full name (including any alias);
  3. (ii)date of birth;
  4. (iii)nationality;
  5. (iv)legal domicile; and
  6. (v)current residential address (not a P.O. box).
  7. (b)Items (i) to (iii) above should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.
  8. (c)A Relevant Person should, in complying with AML 6.3.1(a),and adopting the RBA, obtain, verify and record, for every customer which is a legal person, the following identification information:
  9. (i)full business name and any trading name;
  10. (ii)registered or business address;
  11. (iii)date of incorporation or registration;
  12. (iv)place of incorporation or registration;
  13. (v)a copy of the certificate of incorporation or registration;
  14. (vi)a valid commercial or professional licence;
  15. (vii)the identity of the directors, partners, trustees or equivalent persons with executive authority of the legal person or the relevant natural person who is a member of senior management; and 
  16. (viii)for a trust, a certified copy of the trust deed to ascertain the nature and purpose of the trust and documentary evidence of the appointment of the current trustees.
  17. (d)In complying with AML 6.3.1(a),it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because a Relevant Person has no physical contact with the customer, the Relevant Person should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an employee of the person's embassy or consulate, or other similar person. Downloading publicly-available information from an official source (such as a regulator or government website) is sufficient to satisfy the requirements of AML 6.3.1(a) CDD information and research obtained from a reputable company or information- reporting agency may also be acceptable as a reliable and independent source, as would banking references and, for lower risk customers, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
  18. (e)For higher risk situations, identification information is to be independently verified, using both public and non-public sources.
  19. (f)In complying with AML 6.3.1(c)a Relevant Person is required to "understand" a customer's source of funds. This means understanding where the funds for a particular service or transaction will come from (e.g. a specific bank or trading account held with a specific financial institution) and whether that funding is consistent with the customer's source of wealth. The best way of understanding the source of funds is by obtaining information directly from the customer, which will usually be obtained during the on-boarding process. The Relevant Person should keep appropriate evidence of how they were able to understand the source of funds, for example, a copy of the customer account opening form, customer questionnaire or a memo of a call with the relationship manager at a financial institution.
  20. (g)In complying with AML 6.3.1(d)a Relevant Person is required to "understand" a customer's source of wealth. For a natural person, this might include questions about the source of wealth in an application form or customer questionnaire. The understanding may also be gained through interactions with the relationship manager at a financial institution. It could also be gained by obtaining information from a reliable and independent publicly available source, for example, from published accounts or a reputable news source. The understanding need not be a dollar for dollar account of the customer's global wealth, but it should provide sufficient detail to give the Relevant Person comfort that the customer's wealth is legitimate and also to provide a basis for subsequent on-going due diligence. The understanding of the customer's source of wealth should be clearly documented.
  21. (h)Understanding a customer's sources of funds and wealth is also important for the purposes of conducting on-going due diligence under AML 6.3.1(e) Initial funding of an account or investments from an unknown or unexpected source may pose a money laundering risk. Similarly, a sound understanding of the customer's source of funds and wealth also provides useful information for a Relevant Person's transaction monitoring programme.
  22. (i)An insurance policy which is similar to a life policy would include life-related protection, or a pension, or investment product which pays out to the policy holder or beneficiary upon a particular event occurring or upon redemption.

Guidance on identification and verification of beneficial owners

  1. (a)In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case.
  2. (b)When identifying beneficial owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not).
  3. (c)A Relevant Person should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. An approach based only on defined thresholds without regard to the relevant risks in defining the beneficial owner may result in inadequate determination of beneficial ownership, for example, a criminal "gaming" the system by always keeping his financial interest below the relevant threshold.
  4. A Relevant Person must consider a customer’s risk rating and the source of funds when reviewing transactions as required by AML 6.4.1.
  5. (d)In some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners to ensure that they are not associated or connected in some way. This may be appropriate where there area small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-riskcorporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a beneficial owner.
  6. (e)For a retail investment fund, which is widely-held and where the investors invest via pension contributions, the manager of the fund is not expected to look through to underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, a Relevant Person should identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer.
  7. (f)Where a Relevant Person carries out identification and verification in respect of actual and potential beneficial owners of a trust, the identification and verification should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution (whether or not such person is a named beneficiary). For legal arrangements other than a trust, the identification and verification should include persons in positions similar to those in a trust exercising ultimate effective control over the legal arrangement (including through a chain of control or ownership) and entitled to receive a distribution (whether or not such person is a named beneficiary).
  8. (g)A Relevant Person should identify and take reasonable measures to verify the identity of the natural person(s) (if any) who ultimately has a controlling ownership interest in a legal person to the extent that there is doubt under verification as to whether the person(s) with the controlling ownership interest is the beneficial owner(s). If no natural person exerts control through ownership interests, the Relevant Person should identify and take reasonable measures to verify the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means.
  9. (h)Where no natural person is identified as a beneficial owner who ultimately has a controlling ownership interest (or who has control through other means) in a legal person, the relevant natural person who holds the position of a member of senior management should be identified as such and verified.

Guidance on Politically Exposed Persons

  1. (a)Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to their close associates. PEP status itself does not incriminate individuals or entities. It does, however, put the customer into a higher risk category.
  2. (b)Generally, a PEP presents a higher risk of money laundering because there is a greater risk that such person, if he/she was committing money laundering, would attempt to place his/her money offshore where the customer is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his/her home jurisdiction to confiscate or freeze his/her criminal property.
  3. (c)Corruption-related money laundering risk increases when a Relevant Person deals with PEPs. Corruption may involve serious crimes and has become the subject of increasing global concern. Customer relationships with family members or close associates of PEPs involve similar risks to those associated with PEPs themselves.
  4. (d)After leaving office PEPs may remain a higher risk for money laundering if they continue to exert political influence, directly or indirectly, or otherwise pose a risk of corruption.

6.4. On-going Customer Due Diligence

6.4.1. On-going obligation

When conducting on-goingCDD under AML 6.3.1, a Relevant Person must, using the RBA:

  1. (a)monitor and review transactions undertaken during the course of its customer relationship to ensure that the transactions are consistent with the Relevant Person’s knowledge of the customer, its business, its risk rating, and its source of funds;
  2. (b)pay particular attention to any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose;
  3. (c)enquire into the background and purpose of the transactions in (b);
  4. (d)periodically review the adequacy of the CDD information it holds on customers and beneficial owners to ensure that the information is kept up to date, particularly for customers with a high-riskrating;
  5. (e)periodically review each customer to ensure that the risk rating assigned to a customer under AML 5.1.1(b)remains appropriate for the customer in light of the money laundering risks; and
  6. (f)at appropriate times apply CDD to existing customers based on materiality and risk considering whether and when CDD has been previously conducted and the adequacy of the CDD information obtained.

Guidance on on-going Customer Due Diligence

  1. (a)In complying with AML 6.4.1 a Relevant Person should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. Examples of non-static identity documentation include passport number and residential/business address and, for a legal person, its share register or list of partners.
  2. (b)A Relevant Person should undertake a review under AML 6.4.1(d) particularly when:
  3. (i)the Relevant Person changes its CDD documentation requirements;
  4. (ii)an unusual transaction with the customer is expected to take place;
  5. (iii)there is a material change in the business relationship with the customer; or
  6. (iv)there is a material change in the nature or ownership of the customer.
  7. (c)The degree of the on-going due diligence to be conducted will depend on the customer risk assessment carried out under AML 5.1.1.
  8. (d)A Relevant Person’s transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination of these, are one of the most important aspects of effective CDD. Whether a Relevant Person should undertake the monitoring by means of a manual or computerised system (or both)will depend on a number of factors, including:
  9. (i)the size and nature of the Relevant Person’s business and customer base; and
  10. (ii)the complexity and volume of customer transactions.

6.5. Checking sanctions lists

6.5.1. Sanctions list review

A Relevant Person must review its customers, their business and transactions against UNSC sanctions lists and against any other Kazakhstan Sanctions List when complying with AML 6.4.1(d).

6.6. Failure to conduct or complete Customer Due Diligence

6.6.1. Prohibitions

Where, in relation to any customer, a Relevant Person is unable to conduct or complete the requisite CDD in accordance with AML 6.3.1 it must, to the extent relevant:

  1. (a) not carry out a transaction with or for the customer through a bank account or in cash;
  2. (b) not open an account or otherwise provide a service;
  3. (c) not otherwise establish a business relationship or carry out a transaction;
  4. (d) terminate or suspend any existing business relationship with the customer;
  5. (e) [intentionally omitted]; and
  6. (f) consider whether the inability to conduct or complete CDD necessitates the making of a STR (see Chapter 13).
  7. A Relevant Person is prohibited from knowingly keeping anonymous accounts or accounts in obviously fictitious names.

6.6.2. Exceptions

A Relevant Person is not obliged to comply with AML 6.6.1</a>(a) to (e) if:

  1. (a) to do so would amount to "tipping off" the customer, in contravention of the AML Law; or
  2. (b) the FIU directs the Relevant Person to act otherwise.

Guidance on failure to conduct or complete Customer Due Diligence

  1. (a) Where CDD cannot be completed, it may be appropriate not to carry out a transaction pending completion of CDD. Where CDD cannot be conducted, including where a material part of the CDD, such as identifying and verifying a beneficial owner cannot be conducted, a Relevant Person should not establish a business relationship with the customer.
  2. (b) A Relevant Person should note that AML 6.6.1 applies to both existing and prospective customers. For new customers, it may be appropriate for a Relevant Person to terminate the business relationship before a product or service is provided. The Relevant Person should be careful not to "tip off" the customer.
  3. (c) A Relevant Person should adopt the RBA for CDD of existing customers. For example, if a Relevant Person considers that any of its existing customers have not been subject to CDD at an equivalent standard to that required by these Rules, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with AML 6.6.1.