Main
>
Legal Framework
>
14. GENERAL OBLIGATIONS
FINANCIAL SERVICES LEGISLATION
RULES
ANTI-MONEY LAUNDERING AND COUNTER-TERRORIST FINANCING AND SANCTIONS RULES
Entire Act

14. GENERAL OBLIGATIONS

14.1. Training and Awareness

14.1.1. Training and Other Obligations

A Relevant Person must implement screening procedures to ensure high standards when hiring employees.

A Relevant Person must take appropriate measures to ensure that its employees:

  1. (a) are made aware of the law relating to money laundering;
  2. (b) are regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering;
  3. (c) understand its policies, procedures, systems and controls related to money laundering and any changes to these;
  4. (d) understand the types of activity that may constitute suspicious activity in the context of the business in which an employee is engaged and that may warrant a notification to the MLRO under AML 13.7.3;
  5. (e) understand its arrangements regarding the making of a notification to the MLRO under AML 13.7.3;
  6. (f) are aware of the prevailing techniques, methods and trends in money laundering relevant to the business of the Relevant Person;
  7. (g) understand the risk of tipping-off and how to avoid informing a customer or potential customer that it is or may be the subject of a STR;
  8. (h) understand the roles and responsibilities of employees in combating money laundering, including the identity and responsibility of the Relevant Person’s MLRO and deputy, where applicable; and
  9. (i) understand the relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions described in Chapter 13.

14.1.2. Appropriate measures

In determining what measures are appropriate under AML 14.1.1 Relevant Person must take account of:

  1. (a) the nature of its business;
  2. (b) its size; and
  3. (c) the nature and extent of the risks of money laundering to which its business is subject. The AFSA may impose additional training requirements in respect of all, or certain, relevant employees of a Relevant Person.

Guidance on training and awareness

  1. (a) All relevant employees of a Relevant Person be given appropriate AML training as soon as reasonably practicable after commencing employment with the Relevant Person. A relevant employee means a member of the senior management or operational staff, any employee with customer contact, or any employee who handles (or may handle) customer monies or assets, and any other employee who might encounter money laundering in the business.
  2. (b) Relevant Persons should take a RBA to AML training. AML training should be provided by a Relevant Person to each of its relevant employees at intervals appropriate to the role and responsibilities of the employee. In the case of an Authorised Firm, training should be provided to each relevant employee at least annually.
  3. (c) AML training provided by a Relevant Person need not be in a formal classroom setting, rather it may be via an online course or any other similarly formal and documented manner.

14.2. Groups, branches and subsidiaries

14.2.1. Application of policies to Group entities

A Relevant Personwhich is a Centre Participant (excluding recognised or registered entities that are branches) must ensure that its policies, procedures, systems and controls required by AML 4.1.1 apply to:

  1. (a) all of its branches or Subsidiaries established in a jurisdiction other than the AIFC; and
  2. (b) all of its Group entities that are Centre Participants.

14.2.2. Equality of other jurisdictions

The requirement in AML 14.2.1 does not apply if the Relevant Person can satisfy the AFSA that the relevant branch, Subsidiary or Group entity is subject to regulation, including AML, by a Financial Services Regulator or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATF Recommendations and is supervised for compliance with such regulations. Where the law of another jurisdiction does not permit the implementation of policies, procedures, systems and controls consistent with those of the Relevant Person, the Relevant Person must:

  1. (a) inform the AFSA in writing; and
  2. (b) apply appropriate additional measures to manage the money laundering risks posed by the relevant branch or Subsidiary.

14.2.3. Communication and documentation

In relation to the Group entities referred to in AML 14.2.1, a Relevant Person must:

  1. (a) communicate the policies and procedures (and RBA where relevant) which it establishes and maintains in accordance with these Rules to its Group entities, branches and Subsidiaries; and
  2. (b) document the basis for its satisfaction that the requirement in AML 14.1.1(b) is met.

14.2.4. Enforcement

In relation to an Authorised Firm, if the AFSA is not satisfied in respect of AML compliance of its branches and Subsidiaries in a particular jurisdiction, it may take action, including making it a condition on the Authorised Firm’s Licence that it must not operate a branch or Subsidiary in that jurisdiction.

14.3. Group policies

14.3.1. Group policy compliance

A Relevant Person which is part of a Group must ensure that it:

  1. (a) includes the provisions in policies and procedures of the Group concerning information sharing between Group entities on the Group’s compliance, audit and AML functions. The information that is being shared should include CDD information that had been reviewed for money laundering risk mitigation purposes and analysis (if any) of transactions or activities which appear unusual;
  2. (a-a) understands the policies and procedures covering the sharing of information between Group entities, particularly when sharing CDD information;
  3. (b) has in place adequate safeguards on the prevention of tipping-off and the confidentiality and use of information exchanged  between Group entities;
  4. (c) remains aware of the money laundering risks of the Group as a whole and of its exposure to the Group and takes active steps to mitigate such risks;
  5. (d) contributes to a Group-wide risk assessment to identify and assess money laundering risks for the Group;
  6. (e) provides its Group-wide compliance, audit and AML functions with customer account and transaction information from branches and subsidiaries for AML purposes; and
  7. (f) ensures that its branches and majority-owned subsidiaries in host countries implement the requirements of the AIFC, to the extent that host country laws and regulations permit. If the host country does not permit the proper implementation of the measures above, financial groups should apply appropriate additional measures to manage the money laundering risks, and inform the AFSA of such measures.

14.4. Notifications

14.4.1. Notification obligation

A Relevant Person must inform the AFSA in writing as soon as possible if, in relation to its activities carried on as part of the AIFC or in relation to any of its branches or Subsidiaries, it:

  1. (a) receives a request for information from a regulator or agency responsible for AML, CFT, or sanctions compliance in connection with potential money laundering or sanctions contravention;
  2. (b) becomes aware, or has reasonable grounds to believe, that a money laundering event has occurred or may have occurred in or through its business;
  3. (c) becomes aware of any money laundering or sanctions matter in relation to the Relevant Person or a member of its Group which could result in adverse reputational consequences to the Relevant Person; or
  4. (d) becomes aware of a significant contravention of these Rules or a contravention of the relevant Kazakhstan legislation by the Relevant Person or any of its employees.

14.5. Record keeping

14.5.1. Obligation to keep records

A Relevant Person must maintain the following records:

  1. (a) a copy of all documents and information obtained in conducting initial and on-going CDD;
  2. (b) the supporting records (consisting of the original documents or certified copies) in respect of the customer business relationship, including transactions;
  3. (c) notifications made under AML 13.7.3;
  4. (d) STRs and any relevant supporting documents and information, including internal findings and analysis;
  5. (e) any relevant communications with the FIU; and
  6. (f) the documents in AML 14.5.2,
  7. for at least six years from the date on which the notification or report was made, the business relationship ends or the transaction is completed, whichever occurs last.

14.5.2. Documentation obligation

A Relevant Person must document, and provide to the AFSA on request, any of the following:

  1. (a) the risk assessments of its business undertaken under AML 4.1.1;
  2. (b) how the assessments in (a) were used for the purposes of complying with AML 5.1.1</a>(a);
  3. (c) the risk assessments of the customer undertaken under AML 5.1.1; and
  4. (d) the determinations made under AML 5.1.1.

14.5.3. Location of Records

Where the records referred to in AML 14.5.1 are kept by the Relevant Person in the care of an entity that is not a Centre Participant, a Relevant Person must:

  1. (a) take reasonable steps to ensure that the records are held in a manner consistent with these Rules;
  2. (b) ensure that the records are easily accessible to the Relevant Person; and
  3. (c) upon request by the AFSA, ensure that the records are available for inspection within a reasonable period.

14.5.4. Data protection legislation

A Relevant Person must:

  1. (a) verify if there is secrecy or data protection legislation that would restrict access withoutdelay to the records referred to in AML 14.5.1 by the Relevant Person, the AFSA, or applicable Kazakhstan law; and
  2. (b) where such legislation exists, obtain without delay certified copies of the relevant records and keep such copies in a jurisdiction which allows access by those persons identified in (a).

14.5.5.Training records

A Relevant Person must be able to demonstrate that it has complied with the training and awareness requirements in Chapter 14 through appropriate measures, including the maintenance of relevant training records.

Guidance on record keeping

  1. (a)The records required to be kept under AML 14.5 may be kept in electronic format, if such records are readily accessible and available to respond promptly to any AFSA requests for information. Authorised Persons are reminded of their obligations in GEN 5.9.
  2. (b)If the date on which the business relationship with a customer has ended remains unclear, it may be taken to have ended on the date of the completion of the last transaction.
  3. (c)The records maintained by a Relevant Person should be kept in such a manner that:
  4. (i)the AFSA, or another competent authority are able to assess the Relevant Person’s compliance with legislation applicable in the AIFC;
  5. (ii)any transaction which was processed by or through the Relevant Person on behalf of a customer or other third party can be reconstructed;
  6. (iii)any customer or third party can be identified; and
  7. (iv)the Relevant Personcan satisfy any regulatory enquiry or court order to disclose information within the time indicated in such enquiry or court order.
  8. (d)In complying with AML 14.5.3, Authorised Persons are reminded of their obligations in GEN 5.9.
  9. (e)"Appropriate measures" in AML 14.5.5 may include the maintenance of a training log setting out details of:
  10. (i)the dates when the training was given;
  11. (ii)the nature of the training; and
  12. (iii)the names of employees who received the training.

14.6. Audit

14.6.1. Audit obligation

An Authorised Person must ensure that its audit function, established under GEN 5.5.1 includes regular reviews and assessments of the effectiveness of the Authorised Person's AML policies, procedures, systems and controls, and its compliance with its obligations in these Rules. Guidance on audit

  1. (a) The review and assessment undertaken for the purposes of AML 14.6.1 may be undertaken:
  2. (i) internally by the Authorised Person's internal audit function; or
  3. (ii) by a competent firm of independent auditors or compliance professionals.
  4. (b) The review and assessment undertaken for the purposes of AML 14.6.1 should cover at least the following:
  5. (i) sample testing of compliance with the Authorised Person's CDD arrangements;
  6. (ii) an analysis of all notifications made to the MLRO to highlight any area where procedures or training may need to be enhanced; and
  7. (iii) a review of the nature and frequency of the dialogue between the senior management and the MLRO.

14.7. Communication with the Regulator

14.7.1. Communication obligation

A Relevant Person must:

  • (a) be open and cooperative in all its dealings with the Regulator; and
  • (b) ensure that any communication with the Regulator is conducted in the English language.

14.8. Employee Disclosures

14.8.1. Protection

A Relevant Person must ensure that it does not prejudice a person who discloses any information on behalf of the Relevant Person regarding money laundering to the AFSA or to any other relevant body involved in the prevention of money laundering.

A Relevant Person and a person, who submits a STR on behalf of the Relevant Person, are not subject to any civil liability or criminal prosecution under the Kazakhstan law resulting from the submission of the STR, even if they did not know precisely what the criminal activity was, and regardless of whether illegal activity actually occurred.

Guidance on Protection for Disclosures

A "relevant body" in AML 14.8.1 would include the FIU.