Customer Due Diligence Process - Compliance Commission

It is mandated by law, pursuant to section 6 of the Financial Transactions Reporting Act, 2018 (FTRA, 2018), that every financial institution shall undertake customer due diligence (CDD) measures when opening an account for or otherwise establishing a business relationship with a facility holder.  Details of the verification requirements, which apply to individuals corporate entity, partnership or unincorporated business, trust and other legal arrangement, exemption of verification, reliance on third party, beneficial owners, facilities established by telephone or internet, continued verification of accounts or transfer of records is outlined in Part lll of the Financial Transactions Reporting Regulations, 2018.

CDD is a process that enables the financial institution to know/understand its clients in order to service their needs. The essential elements in a CDD process is understanding the customer/client background, the purpose of the relationship, the expected activity, the source of funds and the source of wealth.

Moreover, CDD measures must take place where: 

  • doubts exist about the veracity or adequacy of previously obtained identification information of a facility holder;
  • there is a suspicion of activities relating to identified risks involving the facility holder or the facility holder’s account;
  • a person, who is neither a facility holder nor in an established business relationship with the financial institution wishes to carry out a transaction (to be referred to as an “occasional transaction”);
  • it is determined that an occasional transaction is being conducted on behalf of another person;

In these circumstances, the DNFBP’s shall apply due diligence measures, ensure the identification and verification of the facility holder; maintain adequate records and where necessary, carry out enhanced due diligence or rely on a third party.

DNFBP shall in accordance with legislation ensure that every facility holder’s due diligence requirements under sections 7 – 9 and 14 of the FTRA, 2018 are met with respect to facility holders and beneficial owners which the financial institution has a business relationship.

DNFBPs shall not establish or maintain an anonymous account or an account in a fictitious name.

Unless there is a suspicion of identified risks (in which case the full range of customer due diligence measures must be applied without regard to any monetary threshold) sections 6, 7, 10, 12 to 16 of the FTRA, 2018 shall apply to real estate agents and brokers, when they are involved as real estate broker in financial transactions for their client concerning the buying and selling of real estate, and with respect to both the vendor and purchasers. 

Please reference the CC Codes for further details including exemption from verification, procedures for failure to satisfactorily complete CDD, standard/simplified due diligence process and reliance on third party introducers requirements.

ENHANCED DUE DILIGENCE   

WHAT IS ENHANCED DUE DILIGENCE?

Enhanced due diligence (EDD) is an in-depth and extensive investigation of a client’s particular characteristics, risk factors and other available information and documentation. EDD procedures must be considered for clients designated as high risk, politically exposed persons (PEPs), cash intensive business and trusts, charities and complex organizations. EDD should be conducted on clients deemed to pose high risks for money laundering, terrorist financing and the financing of proliferation. EDD records/files or alerted transactions are subject to a higher, more frequent level of scrutiny.

New or existing clients that pose higher money laundering or terrorist financing risks tend to increase the overall risk profile to the financial institution. To this end, it is imperative that the financial institution mitigate and manage these risks.  As such, financial institutions must have well-defined escalation and EDD processes and procedures in place.

WHEN MUST EDD BE CARRIED OUT?

EDD is required where the customer and product/service combination are considered a much greater or high risk.  The EDD, as a higher level of due diligence, is required to mitigate the increased risk (i.e. increased opportunity for ML/TF through the service/product the firm is providing the client).  The EDD procedure is not one size fit all, instead, it depends on the nature and severity of the risks. As such, the additional due diligence can take many forms including additional information to verify the client’s identity; source of income; adverse media check etc. The additional checks are proportionate and relative to the risks identified.  In the situation of an existing client & the firm becomes aware of adverse media information it may engage investigative services to ascertain its credibility and inform the firm’s decision on the next steps/appropriate action.  EDD is a risk mitigating/risk management tool. There are a number of situations that can give rise to increased risks (for example, not meeting clients face to face; dealing with a PEP; offering Trust services etc.).

POLITICALLY EXPOSED PERSONS (PEPS) 

Caution must be taken when dealing with PEPs; a special category of High-Risk clients (Refer FATF Guidance on Politically Exposed Persons-Recommendations 12 and 22 – http://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf).

At the outset of the client/business relationship, DNFBPs should:

  • Identify all PEPs within the client data base;
  • Identify the Country that each PEP is associated;
  • Determine the type of PEP (i.e., foreign, domestic or person entrusted with a prominent function by an international organization);
  • Identify the type of business, industry, personal financial situation of each PEP;
  • Identify each PEPs affiliation, employment, association, etc.;
  • Develop a profile of each PEPs transactions;
  • Determine each PEPs expected vs actual transactions; and
  • Identify and investigate transactions that are outside the norm, or which are high risk.

Financial institutions are cautioned that PEPs may expose their businesses to significant risks. These risks, whether reputational, legal etc. can be extremely detrimental and costly. Such incidences usually occur when these persons abuse their public office. Hence, systems should be in place to ensure ongoing monitoring of PEPs.  Due to the continual evolution of the sanctions lists and PEPs databases (additions as well as deletions), these lists should be consulted as a part of the firm’s on-going monitoring of its clients.

ENHANCED DUE DILIGENCE FOR HIGH RISK CLIENTS 

In addition to the due diligence procedures for low risk clients, DNFBPs are required to perform enhanced due diligence in those circumstances where it knows or suspects that there is a greater propensity for illicit activity. This should become evident during the course of a risk categorization exercise where certain persons, products or services are deemed high risk.  Where the National Risk Assessment (NRA) of the country identifies high risk, DNFBPs should include the findings in their risk assessment and implement enhance measures to mitigate the risks.

The following activities should form part of the institution enhanced due diligence procedures to determine the circumstances in which a client is deemed to be high risk:

(1) Determining when the client is a high risk

Establish procedures to determine when, either during the establishment of the business relationship, or during the course of the relationship, the person is deemed high risk.

(2) Institute an approvals hierarchy for establishing relationships with high risk clients and PEPs depending on the size and
management structure of the firm

Approval must be obtained from Senior Management:

    a) establish the business relationship; and
    b) continue the relationship with the client who subsequent to establishing the relationship, is found to be or becomes high- risk.

(3) Develop a profile of the high-risk client and ascertain the expected activity. This profile should be regularly reviewed
and updated as necessary.

The process of determining a high risk profile would include how to deal with clients from jurisdictions whose AML standards are not equivalent to the requirements found in Bahamian law. This is particularly important when dealing with clients from high risk jurisdictions & areas that are undergoing political instability or have a history of such.

(4) Maintain on-going monitoring of transactions for high risk clients

DNFBP should ensure that all transactions are closely monitored on an ongoing basis. The procedures for monitoring high-risk clients should be reasonably capable of detecting any changes in the way the facility is being operated.  

ENHANCED DUE DILIGENCE FOR HIGHER RISK COUNTRIES:

DNFBPs should apply enhanced due diligence measures to business relationships and transactions with natural and legal persons and financial institutions from countries which FATF stipulates as high-risk countries. The type of enhanced due diligence applied should be effective and proportionate to the risks.   Information regarding advice and concerns about weaknesses in the AML systems of other countries may be obtained from the FATF website at http://www.fatf-gafi.org/.