Main
>
Legal Framework
>
Amendments to the AIFC AML Rules (Annex 2)
CONSULTATION PAPERS
Consultation Paper on Enhancing AIFC Islamic Banking Business Rules
Annex 1 (Comparative table of proposed amendments to the AML Rules) (AIFC Rules No.FR0008 of 2017)
Amendments to the AIFC GEN Rules (Annex 2)
*Amendments to the AIFC Glossary (Annex 3)
*Amendments to the AIFC Conduct of Business Rules (Annex 3)
*Amendments to the AIFC General Rules (Annex 3)
Amendments to the AIFC FSFR (Annex 1)
Amendments to the AIFC GEN (Annex 2)
Amendments to the AIFC AMI (Annex 3)
Amendments to the AIFC COB (Annex 4)
Amendments to the AIFC MAR (Annex 5)
Amendments to the AIFC GLO (Annex 6)
Consultation paper on Enhancing AIFC Market and Recognition Frameworks in the AIFC
Consultation paper on Proposed AIFC Recovery and Resolution Framework
Consultation paper on proposed Guidance on Establishment of Collective Investment Scheme for Fund Managers
Consultation Paper on Proposed Amendments to the AIFC Asset management Framework
Back to Article

Amendments to the AIFC AML Rules (Annex 2)

5. CUSTOMER RISK ASSESSMENT

5.1. Assessing customer AML risks

Conduct of the customer risk assessment

When undertaking a risk-based assessment of a customer under AML 5.1.1 a Relevant Person must:

(a)identify the customer, and any beneficial owner(s) and any person acting on behalf of a customer;

(b)obtain information on the purpose and intended nature of the business relationship;

(c)consider the type of customer, its ownership and control structure, and its beneficial ownership (if any);

(d)consider the nature of the customer's business relationship with the Relevant Person;

(e)consider the customer's country of origin, residence, nationality, place of incorporation or place of business;

(f)consider the relevant product, service or transaction;

(g)consider the beneficiary of a life insurance policy, where applicable; and

(h)consider the outputs of the business risk assessment under Chapter 5.

6. CUSTOMER DUE DILIGENCE

6.1. Undertaking Customer Due Diligence

Undertaking Simplified Due Diligence

A Relevant Person may undertake SDD in accordance with AML 8.1.1 by modifying the CDD under AML 6.3.1 for any customer it has assigned as low risk. Simplified measures should not be conducted whenever there is a suspicion of money laundering and/or terrorist financing.

6.2. Timing of Customer Due Diligence

Establishing a business relationship before Customer Due Diligence is complete

A Relevant Person may establish a business relationship with a customer before completing the verification required by AML 6.3.1 if the following conditions are met:

(a) deferral of the verification of the customer or beneficial owner is necessary in order not to interrupt the normal conduct of a business relationship;

(b) risk management procedures concerning the conditions under which a customer may utilise the business relationship prior to verification have been adopted and are in place; and there is little risk of money laundering occurring and any such risks identified can be effectively managed by the Relevant Person;

(c) in relation to a bank account opening, there are adequate safeguards in place to ensure that the account is not closed and transactions are not carried out by or on behalf of the account holder (including any payment from the account to the account holder) before verification has been completed; and

(d) subject to (c), the relevant verification is completed as soon as reasonably practicable and in any event, no later than 30 days after the establishment of a business relationship.

6.3. Undertaking Customer Due Diligence

Verification of obligations

In undertaking CDD required by AML 6.1.1, a Relevant Person must:

(a) verify the identity of the customer, and of any beneficial owner(s) and any person acting on behalf of a customer, including his authorisation to so act, based on original or properly certified documents, data or information issued by or obtained from a reliable and independent source;

(b) obtain information on the purpose and intended nature of the business relationship;

(c) understand the customer's sources of funds;

(d) understand the customer's sources of wealth; and

(e) undertake on-going due diligence of the customer business relationship under AML 6.4.1.

Customer obligation for life insurance

In complying with AML 6.3.1 for life insurance or other similar policies, a Relevant Person must:

(a) verify the identity of any named beneficiaries of the insurance policy; and

(b) verify the identity of the persons in any class of beneficiary, or where these are not identifiable, ensure that it obtains sufficient information to be able to verify the identity of such persons at the time of pay-out of the insurance policy;.

(c) if a beneficiary of the insurance policy who is a legal person or a legal arrangement presents a higher risk, take enhanced measures which should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of pay-out; and

(d) take reasonable measures to determine whether the beneficiaries of the insurance policy and/or, where required, the beneficial owner of the beneficiary, are PEPs, at the latest, at the time of the pay-out, and, in cases of higher risks, inform senior management before the pay-out of the policy proceeds, conduct enhanced scrutiny on the whole business relationship with the policyholder, and consider making a suspicious transaction report.

Guidance on identification and verification of beneficial owners

(a) In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case.

(b) When identifying beneficial owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not).

(c) A Relevant Person should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. There are no explicit ownership or control thresholds in defining the beneficial owner because the applicable threshold to adopt will ultimately depend on the risks associated with the customer, and so a Relevant Person must adopt the RBA and pursue on reasonable grounds an approach which is proportionate to the risks identified. A Relevant Person should not set fixed thresholds for identifying the beneficial owner without objective and documented justification. An overly formal approach to defining the beneficial owner may result in a criminal "gaming" the system by always keeping his financial interest below the relevant threshold.

(d) In some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer- specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower- risk product or service, a percentage threshold may be appropriate for identifying "control" of the legal person for the purposes of the definition of a beneficial owner.

(e) For a retail investment fund, which is widely-held and where the investors invest via pension contributions, the manager of the fund is not expected to look through to underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, a Relevant Person should identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer.For a corporate health policy with defined benefits, a Relevant Person need not identify the beneficial owners.

(f) Where a Relevant Person carries out identification and verification in respect of actual and potential beneficial owners of a trust, this should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution, whether or not such person is a named beneficiary.

(g) Where no natural person is identified as a beneficial owner, the relevant natural person who holds the position of senior managing official should be identified as such and verified.

6.4. Checking sanctions lists

6.5. Failure to conduct or complete Customer Due Diligence

Prohibitions

Where, in relation to any customer, a Relevant Person is unable to conduct or complete the requisite CDD in accordance with AML 6.3.1 it must, to the extent relevant:

(a) not carry out a transaction with or for the customer through a bank account or in cash;

(b) not open an account or otherwise provide a service;

(c) not otherwise establish a business relationship or carry out a transaction;

(d) terminate or suspend any existing business relationship with the customer;

(e) return any monies or assets received from the customer; and

(f) consider whether the inability to conduct or complete Customer Due Diligence necessitates the making of a Suspicious Activity Report (see Chapter 13).

A Relevant Person is prohibited from knowingly keeping anonymous accounts or accounts in obviously fictitious names.

PART A - INTRODUCTION

Comments to be addressed to:

R.Abdirassilov@aifc.kz


1.Scope and Purpose


1.1 This paper presents a proposed policy to be adopted by the Astana Financial Services Authority (the "AFSA") for the regulation of digital banking services in the Astana International Financial Services Centre (the "AIFC") (the "Framework").

1.2 Terms not defined herein have the meaning given to them in the AIFC Glossary.

1.3 The proposed Framework will aid the economic and social development of Kazakhstan by diversifying who provides banking services, what those banking services are and how Clients[1] use these services.

1.4 This will support the five-year programme for 'Digital Kazakhstan', which is seeking to improve the competitiveness of Kazakhstan’s economy and quality of life through the progressive development of the digital ecosystem. This programme also includes the development of financial technologies, non-cash payments and electronic commerce, as well as progressive regulations that create a vibrant environment to promote greater inclusion and innovation. The AFSA is being supported by and working with the European Bank of Reconstruction and Development (the "EBRD") in implementing aspects of the 'Digital Kazakhstan' programme within the AIFC. The AFSA and the EBRD are engaging consultants, such as Clifford Chance in this case, to assist it with this programme. The proposed Framework is a part of this programme.

1.5 The aim of the proposed Framework is to enhance and build on the existing regulatory framework in order to support the licensing of digital-only banks and to regulate banking services provided remotely (e.g. online; in a mobile app), in support of the introduction of "Open Banking".

1.6 The proposed Framework will provide regulatory certainty to Authorised Firms providing banking services, and to their Clients. It will also promote new and innovative ways for banking services to be provided in the AIFC. 


2. Background


2.1 Digital banking is transforming how banking services are provided around the world. It is expanding the ways that banking services can be offered, which is opening it up to clients that were previously under-served. This means that traditional banking products, such as accepting deposits and providing credit, do not need to be offered through physical branches, but can be provided remotely; for example, online or in a mobile app. Clients can therefore access more banking services in any location.

2.2 In addition, the concept of 'Open Banking' has gained traction over the past few years. This allows a client's banking data to be used not only by his or her own bank, but also by third party providers in order to enable the provision of new products and services which will benefit clients. It establishes a secure way for a wide variety of providers to access a client's banking information and receive improved financial services and other related services.

2.3 Over the past few years, an increasing number of jurisdictions have been putting in place the regulatory infrastructure to enable remote access through digital banking, and to develop 'Open Banking'. Against this background, the AIFC is seeking to put in place the proposed Framework so that Kazakhstan can benefit from these developments and become an attractive location for both local and international providers of such services.


[1]    As per the AFSA Glossary, "Clients" is a broad term including individuals, corporate and government bodies, which can be located within Kazakhstan or externally.

2. GUIDANCE ON KAZAKHSTAN CRIMINAL LAW

2.1. Kazakhstan criminal law

(a)Kazakhstan's criminal legislation, including the Criminal Code, applies to all Centre Participants and therefore Relevant Persons must be aware of their obligations in respect of the criminal law as well as these Rules. Relevant Kazakhstan criminal legislation includes the AML Law and the Criminal Code.

(b)Under Article 218 of the CriminalCode, a Person is criminally liable for the offence of money laundering if they knowingly receive, convert, conceal, possess, or use property representing the proceeds of criminal or administrative infractions of the law of Kazakhstan. The offence may be punished by a custodial sentence, confiscation of assets, and/or a fine.

4. THE RISK BASED APPROACH

4.1. Obligations of the Risk-Based Approach

Obligation to conduct business and customer risk assessment

In order to identify and assess the risks of money laundering and terrorist financing a Relevant Person must conduct a business risk assessment and must also conduct customer risk assessments in accordance with Chapter 5 and keep these assessments up to date.

The risks of money laundering and terrorist financing that may arise in relation to the development of new products and new business practices, including new delivery mechanisms, and the use of new or developing technologies for both new and pre-existing products must be identified and assessed by a Relevant Person prior to the launch or use of such products, practices and technologies.

4.3. Internal policies, controls and procedures

Requirements of policies, controls and procedures

The policies, controls and procedures adopted by a Relevant Person under AML 4.1.1 must be:

(a) proportionate to the nature, scale and complexity of the activities of the Relevant

Person’s business;

(b) comprised of, at minimum, organisation of the development and maintenance of the policies, procedures, systems and controls required by AML 4.1.1, risk management, customer identification, transaction monitoring and studying, employees training and awareness programs;

(c) approved by its senior management; and

(d) monitored, reviewed and updated regularly.

12. SANCTIONS

12.1. Relevant United Nations resolutions and sanctions

Sanctions systems and controls

A Relevant Person must establish and maintain effective systems and controls to ensure that on an on-going basis it is properly informed as to, and takes reasonable measures to comply with, relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan. A Relevant Person must freeze without delay and without prior notice, the funds or other assets of designated persons and entities pursuant to relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan.

Notification obligation

A Relevant Person must report to the Committee on financial monitoring of the Ministry of Finance of the Republic of Kazakhstan any assets frozen or actions taken in compliance with the prohibition requirements of the relevant resolutions or sanctions issued by the United Nations Security Council or by the Republic of Kazakhstan, including attempted transactions.

A Relevant Person must immediately notify the AFSA when it becomes aware that it is:

(a) carrying on or about to carry on an activity;

(b) holding or about to hold money or other assets; or

(c) undertaking or about to undertake any other business whether or not arising from or in connection with (a) or (b),

for or on behalf of a person, where such carrying on, holding or undertaking constitutes or may constitute a contravention of a relevant sanction or resolution issued by the United Nations Security Council.

13. MONEY LAUNDERING REPORTING OFFICER, SUSPICIOUS TRANSACTIONS AND TIPPING OFF

13.7. Reporting

A Relevant Person must complete the AFSA's AML Return form on an annual basis and submit such form to the AFSA within four 4 months of its financial year end.

Threshold Transactions Controls

A Relevant Person must establish and maintain procedures, systems and controls to monitor, detect and report transactions above defined thresholds in accordance with the AML Law.

Suspicious Activity Controls

A Relevant Person must establish and maintain policies, procedures, systems and controls to monitor and detect suspicious activity or transactions in relation to potential money laundering or terrorist financing.

Immunity from liability for disclosure of information relating to money laundering transactions

The disclosure by a Relevant Person to the competent authorities of information relating to money laundering/terrorist financing is not a breach of the obligation of secrecy or non- disclosure or (where applicable) of any enactment by which that obligation is imposed.

Employee reporting to MLRO

A Relevant Person must have policies, procedures, systems and controls to ensure that whenever any employee, acting in the ordinary course of his employment, either:

(a) knows;

(b) suspects; or

(c) has reasonable grounds for knowing or suspecting,

that a person is engaged in or attempting money laundering or terrorist financing, that employee promptly notifies the Relevant Person’s MLRO and provides the MLRO with all relevant information within the employee's knowledge.

14. GENERAL OBLIGATIONS

14.1. Training and Awareness

Training and Other Obligations

A Relevant Person must implement screening procedures to ensure high standards when hiring employees.

A Relevant Person must take appropriate measures to ensure that its employees:

(a) are made aware of the law relating to money laundering and terrorist financing;

(b) are regularly given training in how to recognise and deal with transactions and other activities which may be related to money laundering or terrorist financing;

(c) understand its policies, procedures, systems and controls related to money laundering and any changes to these;

(d) understand the types of activity that may constitute suspicious activity in the context of the business in which an employee is engaged and that may warrant a notification to the MLRO under AML 13.7.3;

(e) understand its arrangements regarding the making of a notification to the MLRO under AML 13.7.3;

(a) are aware of the prevailing techniques, methods and trends in money laundering relevant to the business of the Relevant Person;

(b) understand the risk of tipping-off and how to avoid informing a customer or potential customer that it is or may be the subject of a SAR;

(c) understand the roles and responsibilities of employees in combating money laundering, including the identity and responsibility of the Relevant Person’s MLRO and deputy, where applicable; and

(d) understand the relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions described in Chapter 13.

Appropriate measures

In determining what measures are appropriate under AML 14.1.1 Relevant Person must take account of:

(a) the nature of its business;

(b) its size; and

(c) the nature and extent of the risks of money laundering and terrorist financing to which its business is subject.

The AFSA may impose additional training requirements in respect of all, or certain, relevant employees of a Relevant Person.