• FC FC Financial Crimes

    • FC-A FC-A Introduction

      • FC-A.1 FC-A.1 Purpose

        • FC-A.1.1

          This Module applies, to all conventional bank licensees, a comprehensive framework of Rules and Guidance aimed at combating money laundering and terrorist financing. In so doing, it helps implement the 40 Recommendations on money laundering and 9 Special Recommendations on terrorist financing, issued by the Financial Action Task Force (FATF), and the requirements of the Basel Committee "Customer Due Diligence for Banks" paper, that are relevant to conventional bank licensees. (Further information on these can be found in Chapter FC-10.)

        • FC-A.1.2

          The Module requires conventional bank licensees to have effective anti-money laundering ('AML') policies and procedures, in addition to measures for combating the financing of terrorism ('CFT'). The Module contains detailed requirements relating to customer due diligence, reporting and the role and duties of the Money Laundering Reporting Officer (MLRO). Furthermore, examples of suspicious activity are provided, to assist conventional bank licensees monitor transactions and fulfil their reporting obligations under Bahrain law.

      • FC-A.2 FC-A.2 Module History

        • Changes to the Module

          • FC-A.2.1

            This Module was first issued in July 2004 as part of the conventional principles volume. All regulations in this volume have been effective since this date. All subsequent changes are dated with the month and year at the base of the relevant page and in the Table of Contents. Chapter UG-3 of Module UG provides further details on Rulebook maintenance and control.

          • FC-A.2.2

            A list of recent changes made to this Module is detailed in the table below:

            Module Ref. Change Date Description of Changes
            FC 01/04/05 Update to reflect revised FATF 40 + 9 recommendations
            FC-1.4 01/07/05 Technology abuse update
            FC-1.1 01/07/05 Nominee a/c clarification
            FC-1.3 FC-2.2 FC-5.2 01/07/05 Clarifications on risk-based approach, record keeping, and STRs
            FC-6.1 01/07/05 New references to "terrorist financing"
            FC-7.1 01/07/05 Prompt access to records is a rule
            FC-2.2 01/10/05 Up to date CDD documentation requirement
            FC-1.8 01/10/05 Location of correspondent
            FC-1.9 01/10/05 Location of introducer
            FC-4.2, FC-4.3 01/10/05 Requirement to report to Board
            FC 01/10/05 Reordering of sections
            FC-1.11.1 01/01/06 New text for syndicated business
            FC-1.1.3, FC-1.2.8,
            FC-1.2.11, FC-3.1.4
            01/01/06 Correction of minor typos

        • Evolution of the Module

          • FC-A.2.3

            Prior to the introduction of Volume 1 (Conventional Banks) of the BMA Rulebook, the BMA had issued various circulars containing requirements covering different aspects of financial crime. These requirements were consolidated into Version 01 of this Module. Some of these requirements remain in their original form; others have since been updated. These circulars and their original location in this Module are listed below:

            Circular Ref. Date of Issue Module Ref. (Version 01) Circular Subject
            BC/17/97 10 Nov 1997 FC-B.1 Money Laundering
            OG/308/89 14 Oct 1989 FC-B.1 Money Laundering
            EDBC/6/01 14 Oct 2001 FC-1, FC-4–FC-7 Re: Money Laundering Regulation
            BC/1/02 27 Jan 2002 FC-3 FATF Special Recommendations on Terrorism Financing
            BC/3/00 5 Mar 2000 FC-1.5 Re: Accounts for Charity Organisations

    • FC-B FC-B Scope of Application

      • FC-B.1 FC-B.1 License Categories

        • FC-B.1.1

          This Module applies to all conventional bank licensees, including branches of banks incorporated outside of Bahrain, and Bahrain-incorporated subsidiaries of overseas groups.

        • FC-B.1.2

          The Rules and Guidance in this Module are in addition to and supplement the requirements contained in Decree Law No. (4) of 2001 with respect to the prevention and prohibition of the laundering of money ("The AML Law"). The AML Law imposes obligations on persons generally in relation to the prevention of money laundering. All conventional bank licensees are under the statutory obligations of that Law, a copy of which is contained in Part B of Volume 1, under 'Supplementary Information'. Nothing in this Module is intended to restrict the application of the AML Law.

      • FC-B.2 FC-B.2 Overseas Subsidiaries and Branches

        • FC-B.2.1

          Conventional bank licensees must apply the requirements in this Module to all their branches and subsidiaries operating both in the Kingdom of Bahrain and in foreign jurisdictions. Where local standards differ, the higher standard must be followed. Conventional bank licensees must pay particular attention to procedures in branches or subsidiaries in countries that do not or insufficiently apply the FATF Recommendations and Special Recommendations.

        • FC-B.2.2

          Where another jurisdiction's laws or regulations prevent a conventional bank licensee (or any of its foreign branches or subsidiaries) from applying the same standards contained in this Module or higher, the licensee must immediately inform the BMA in writing.

        • FC-B.2.3

          In such instances, the BMA will review alternatives with the conventional bank licensee. Should the BMA and the licensee be unable to reach agreement on the satisfactory implementation of this Module in a foreign subsidiary or branch, the conventional bank licensee may be required by the BMA to cease the operations of the subsidiary or branch in the foreign jurisdiction in question.

    • FC-1 FC-1 Customer Due Diligence

      • FC-1.1 FC-1.1 General Requirements

        • Verification of Identity and Source of Funds

          • FC-1.1.1

            Conventional bank licensees must establish effective systematic internal procedures for establishing and verifying the identity of their customers and the source of their funds. Such procedures must be set out in writing and approved by the licensee's Board of Directors. They must be strictly adhered to.

          • FC-1.1.2

            Conventional bank licensees must implement the customer due diligence measures outlined in Chapters FC-1, FC-2 and FC-3 when:

            (a) establishing business relations with a new or existing customer;
            (b) a change to the signatory or beneficiary of an existing account or business relationship is made;
            (c) a significant transaction takes place;
            (d) there is a material change in the way that the bank account is operated or in the manner in which the business relationship is conducted;
            (e) customer documentation standards change substantially;
            (f) the conventional bank licensee has doubts about the veracity or adequacy of previously obtained customer due diligence information;
            (g) carrying-out one-off or occasional transactions above BD 6,000, or where several smaller transactions that appear to be linked fall above this threshold;
            (h) carrying out wire transfers irrespective of amount; or
            (i) there is a suspicion of money laundering or terrorist financing.

          • FC-1.1.3

            For the purposes of this Module, "customer" includes counterparties such as financial markets counterparties, except where financial institutions are acting as principals where simplified due diligence measures may sometimes apply. These simplified measures are set out in Section FC-1.11.

          • FC-1.1.4

            The BMA's specific minimum standards to be followed with respect to verifying customer identity and source of funds are contained in Section FC-1.2. Enhanced requirements apply under certain high-risk situations: these requirements are contained in Sections FC-1.3 to FC-1.8 inclusive. Additional requirements apply where a conventional bank licensee is relying on a professional intermediary to perform certain parts of the customer due diligence process: these are detailed in Section FC-1.9. Simplified customer due diligence measures may apply in defined circumstances: these are set out in Section FC-1.11.

        • Verification of Third Parties

          • FC-1.1.5

            Conventional bank licensees must obtain a signed statement from all new customers confirming whether or not the customer is acting on their own behalf or not. This undertaking must be obtained prior to conducting any transactions with the customer concerned.

          • FC-1.1.6

            Where a customer is acting on behalf of a third party, the conventional bank licensee must also obtain a signed statement from the third party, confirming they have given authority to the customer to act on their behalf. Where the third party is a legal person, the conventional bank licensee must have sight of the original Board resolution (or other applicable document) authorising the customer to act on the third party's behalf, and retain a certified copy.

          • FC-1.1.7

            Conventional bank licensees must establish and verify the identity of the customer and (where applicable) the party/parties on whose behalf the customer is acting, including the Beneficial Owner of the funds. Verification must take place in accordance with the requirements specified in this Chapter.

          • FC-1.1.8

            Where financial services are provided to a minor or other person lacking full legal capacity, the normal identification procedures as set out in this Chapter must be followed. In the case of minors, licensees must additionally verify the identity of the parent(s) or legal guardian(s). Where a third party on behalf of a person lacking full legal capacity wishes to open an account, the licensee must establish the identity of that third party as well as the intended account holder.

        • Anonymous and Nominee Accounts

          • FC-1.1.9

            Conventional bank licensees must not establish or keep anonymous accounts or accounts in fictitious names. Where conventional bank licensees maintain a nominee account, which is controlled by or held for the benefit of another person, the identity of that person must be disclosed to the conventional bank licensee and verified by it in accordance with the requirements specified in this Chapter.

        • Timing of Verification

          • FC-1.1.10

            Conventional bank licensees must not commence a business relationship or undertake a transaction with a customer before completion of the relevant customer due diligence measures specified in Chapters FC-1, FC-2 and FC-3. However, verification may be completed after receipt of funds in the case of non face-to-face business, or the subsequent submission of CDD documents by the customer after initial face-to face contact, providing that no disbursement of funds takes place until after the requirements of this Chapter have been fully met.

        • Incomplete Customer Due Diligence

          • FC-1.1.11

            Where a conventional bank licensee is unable to comply with the requirements specified in Chapters FC-1, FC-2 and FC-3, it must consider whether to terminate the relationship or not proceed with the transaction, and additionally, consider whether it should file a suspicious transaction report.

          • FC-1.1.12

            See also Chapter FC-5, which covers the filing of suspicious transaction reports.

      • FC-1.2 FC-1.2 Face-to-face Business

        • Natural Persons

          • FC-1.2.1

            If the customer is a natural person, conventional bank licensees must obtain and record the following information (in hard copy or electronic form), before providing financial services of any kind:

            (a) full legal name and any other names used;
            (b) full permanent address (i.e. the residential address of the customer; a post office box is insufficient);
            (c) date and place of birth;
            (d) nationality;
            (e) passport number (if the customer is a passport holder);
            (f) CPR or Iqama number (for residents of Bahrain or GCC states);
            (g) telephone/fax number and email address (where applicable);
            (h) occupation or public position held (where applicable);
            (i) employer's name and address (if self-employed, the nature of the self-employment);
            (j) type of account, and nature and volume of anticipated business dealings with the conventional bank licensee;
            (k) signature of the customer(s); and
            (l) source of funds.

          • FC-1.2.2

            See Part B, Volume 1 (Conventional Banks), for Guidance Notes on source of funds (FC-1.2.1(1)) and requirements for residents of Bahrain (FC-1.2.1(c) & (f)).

          • FC-1.2.3

            Conventional bank licensees must verify the information in Paragraph FC-1.2.1 (a) to (f) by the following methods below; at least one of the copies of the identification documents mentioned in (a) and (b) below must include a clear photograph of the customer:

            (a) confirmation of the date of birth and legal name, by taking a copy of a current valid official original identification document (e.g. birth certificate, passport, CPR or Iqama);
            (b) confirmation of the permanent residential address by taking a copy of a recent utility bill, bank statement or similar statement from another licensee or financial institution, or some form of official correspondence or official documentation card, such as CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of the conventional bank licensee; and
            (c) where appropriate, direct contact with the customer by phone, letter or email to confirm relevant information, such as residential address information.

          • FC-1.2.4

            Any document copied for the purpose of identification verification must be an original. An authorised official of the licensee must certify the copy, by writing on it the words 'original sighted', together with the date and his signature. Equivalent measures must be taken for electronic copies.

          • FC-1.2.5

            Identity documents which are not obtained by an authorised official of the licensee in original form (e.g. due to a customer sending a copy by post following an initial meeting) must instead be certified (as per FC-1.2.4) by one of the following from a GCC or FATF member state:

            (a) a lawyer;
            (b) a notary;
            (c) a chartered/certified accountant;
            (d) an official of a government ministry;
            (e) an official of an embassy or consulate; or
            (f) an official of another licensed financial institution or of an associate company of the licensee.

          • FC-1.2.6

            The individual making the certification under FC-1.2.5 must give clear contact details (e.g. by attaching a business card or company stamp). The conventional bank licensee must verify the identity of the person providing the certification through checking membership of a professional organisation (for lawyers or accountants), or through checking against databases/websites, or by direct phone or email contact.

        • Legal Entities or Legal Arrangements (such as trusts)

          • FC-1.2.7

            If the customer is a legal entity or a legal arrangement such as a trust, the conventional bank licensee must obtain and record the following information from original identification documents, databases or websites, in hard copy or electronic form, to verify the customer's legal existence and structure:

            (a) the entity's full name and other trading names used;
            (b) registration number (or equivalent);
            (c) legal form;
            (d) registered address and trading address (where applicable);
            (e) type of business activity;
            (f) date and place of incorporation or establishment;
            (g) telephone, fax number and email address;
            (h) regulatory body or listing body (for regulated activities such as financial services and listed companies);
            (i) name of external auditor (where applicable);
            (j) type of account, and nature and volume of anticipated business
            dealings with the conventional bank licensee; and
            (k) source of funds.

          • FC-1.2.8

            The information provided under FC-1.2.7 must be verified by obtaining certified copies of the following documents, as applicable (depending on the legal form of the entity):

            (a) certificate of incorporation and/or certificate of commercial registration or trust deed;
            (b) memorandum of association;
            (c) articles of association;
            (d) partnership agreement;
            (e) Board resolution seeking the banking services (only necessary in the case of private or unlisted companies);
            (f) identification documentation of the authorised signatories to the account (certification not necessary for listed companies);
            (g) copy of the latest financial report and accounts, audited where possible (audited copies do not need to be certified); and
            (h) list of authorised signatories of the company for the account and a Board resolution (or other applicable document) authorising the named signatories or their agent to operate the account (resolution only necessary for private or unlisted companies).

          • FC-1.2.9

            Documents obtained to satisfy the requirements in FC-1.2.8 above must be certified in the manner specified in FC-1.2.4 to FC-1.2.6.

          • FC-1.2.10

            The documentary requirements in FC-1.2.8 above do not apply in the case of listed companies: see Section FC-1.11 below. Also, the documents listed in FC-1.2.8 above are not exhaustive: for customers from overseas jurisdictions, documents of an equivalent nature may be produced as satisfactory evidence of a customer's identity.

          • FC-1.2.11

            Conventional bank licensees must also obtain and document the following due diligence information. These due diligence requirements must be incorporated in the licensee's new business procedures:

            (a) enquire as to the structure of the legal entity or trust sufficient to determine and verify the identity of the ultimate beneficial owner of the funds, the ultimate provider of funds (if different), and the ultimate controller of the funds (if different);
            (b) ascertain whether the legal entity has been or is in the process of being wound up, dissolved, struck off or terminated;
            (c) obtain the names, country of residence and nationality of Directors or partners (only necessary for private or unlisted companies);
            (d) require, through new customer documentation or other transparent means, updates on significant changes to corporate ownership and/or legal structure;
            (e) obtain and verify the identity of shareholders holding 20% or more of the issued capital (where applicable). The requirement to verify the identity of these shareholders does not apply in the case of listed companies;
            (f) in the case of trusts or similar arrangements, establish the identity of the settlor(s), trustee(s), and beneficiaries (including making such reasonable enquiries as to ascertain the identity of any other potential beneficiary, in addition to the named beneficiaries of the trust); and
            (g) where a licensee has reasonable grounds for questioning the authenticity of the information supplied by a customer, conduct additional due diligence to confirm the above information.

          • FC-1.2.12

            For the purposes of Paragraph FC-1.2.11, acceptable means of undertaking such due diligence might include taking bank references; visiting or contacting the company by telephone; undertaking a company search or other commercial enquiries; accessing public and private databases (such as stock exchange lists); making enquiries through a business information service or credit bureau; confirming a company's status with an appropriate legal or accounting firm; or undertaking other enquiries that are commercially reasonable.

      • FC-1.3 FC-1.3 Enhanced Customer Due Diligence: General Requirements

        • FC-1.3.1

          Enhanced customer due diligence must be performed on those customers identified as having a higher risk profile, and additional inquiries made or information obtained in respect of those customers.

        • FC-1.3.2

          The additional information referred to in Paragraph FC-1.3.1 might include documents (either in hard copy or electronic format) relating to the following:

          (a) evidence of a person's permanent address through the use of a credit reference agency search or through independent verification by home visit;
          (b) a personal reference (e.g. by an existing customer of the conventional bank licensee);
          (c) another licensed entity's reference and contact with the concerned licensee regarding the customer;
          (d) documentation outlining the customer's source of wealth;
          (e) documentation outlining the customer's source of income; and
          (f) independent verification of employment, or public position held.

        • FC-1.3.3

          In addition to the general rule contained in Paragraph FC-1.3.1 above, special care is required in the circumstances specified in Sections FC-1.4 to FC-1.9 inclusive.

      • FC-1.4 FC-1.4 Enhanced Customer Due Diligence: Non face-to-face Business and New Technologies

        • FC-1.4.1

          Conventional bank licensees must establish specific procedures for verifying customer identity where no face-to-face contact takes place.

        • FC-1.4.2

          Where no face-to-face contact takes place, conventional bank licensees must take additional measures (to those specified in Section FC-1.2), in order to mitigate the potentially higher risk associated with such business. In particular, conventional bank licensees must take measures:

          (a) to ensure that the customer is the person they claim to be; and
          (b) to ensure that the address provided is genuinely the customer's.

        • FC-1.4.3

          There are a number of checks that can provide a conventional bank licensee with a reasonable degree of assurance as to the authenticity of the applicant. They include:

          (a) telephone contact with the applicant on an independently verified home or business number;
          (b) with the customer's consent, contacting an employer to confirm employment, via phone through a listed number or in writing; and
          (c) salary details appearing on recent bank statements.

        • FC-1.4.4

          Financial services provided via post, telephone or internet pose greater challenges for customer identification and AML/CFT purposes. Conventional bank licensees must establish procedures to prevent the misuse of technological developments in money laundering or terrorist financing schemes. Specifically, banks which provide significant electronic and internet banking services to their customers, should connect a programme to such systems to highlight all unusual transactions so as to enable the concerned bank to report such transactions. Conventional bank licensees must also ensure that they comply with any e-commerce laws and/or BMA regulations issued from time to time.

      • FC-1.5 FC-1.5 Enhanced Customer Due Diligence: Politically Exposed Persons ("PEPs")

        • FC-1.5.1

          Conventional bank licensees must have appropriate risk management systems to determine whether a customer is a Politically Exposed Person ('PEP'), both at the time of establishing business relations and thereafter on a periodic basis. Licensees must utilize publicly available databases and information to establish whether a customer is a PEP.

        • FC-1.5.2

          Conventional bank licensees must establish a client acceptance policy with regard to PEPs, taking into account the reputational and other risks involved. Senior management approval must be obtained before a PEP is accepted as a customer.

        • FC-1.5.3

          Where an existing customer is a PEP, or subsequently becomes a PEP, enhanced monitoring and customer due diligence measures must include:

          (a) analysis of complex financial structures, including trusts, foundations or international business corporations;
          (b) a written record in the customer file to establish that reasonable measures have been taken to establish both the source of wealth and the source of funds;
          (c) development of a profile of anticipated customer activity, to be used in on-going monitoring;
          (d) approval of senior management for allowing the customer relationship to continue; and
          (e) ongoing account monitoring of the PEP's account by senior management (such as the MLRO).

        • FC-1.5.4

          "Politically Exposed Persons" means individuals who are, or have been, entrusted with prominent public functions in Bahrain or a foreign country, such as Heads of State or government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations or important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar to PEPs themselves. The definition is not intended to cover middle-ranking or more junior officials in the foregoing categories. Bahraini PEPs would include all Ministers, all MPs, and all Ministry officials with the rank of Undersecretary or above.

      • FC-1.6 FC-1.6 Enhanced Due Diligence: Charities, Clubs and Other Societies

        • FC-1.6.1

          Financial services must not be provided to charitable funds and religious, sporting, social, cooperative and professional societies, until an original certificate authenticated by the relevant Ministry confirming the identities of those purporting to act on their behalf (and authorising them to obtain the said service) has been obtained. For Clubs and Societies registered with the General Organisation for Youth and Sports (GOYS), conventional bank licensees must contact GOYS to clarify whether the account may be opened in accordance with the rules of GOYS.

        • FC-1.6.2

          Conventional bank licensees are reminded that clubs and societies registered with GOYS may only have one account with banks in Bahrain.

        • FC-1.6.3

          Charities should be subject to enhanced transaction monitoring by banks. Conventional bank licensees should develop a profile of anticipated account activity (in terms of payee countries and recipient organisations in particular).

        • FC-1.6.4

          Conventional bank licensees must report all payments and transfers of BD 3,000 (or equivalent in foreign currencies) and above, from accounts held by charities registered in Bahrain. The report must be submitted to the BMA's Compliance Unit (see FC-5.3 for contact address), giving details of the amount transferred, account name, number and beneficiary name account and bank details. Conventional bank licensees must ensure that such transfers are in accordance with the spending plans of the charity (in terms of amount, recipient and country).

      • FC-1.7 FC-1.7 Enhanced Due Diligence: "Pooled Funds"

        • FC-1.7.1

          Where conventional bank licensees receive pooled funds managed by professional intermediaries (such as investment and pension fund managers, stockbrokers and lawyers or authorised money transferors), they must apply CDD measures contained in Section FC-1.9 to the professional intermediary. In addition, conventional bank licensees must verify the identity of the beneficial owners of the funds where required as shown in Paragraphs FC-1.7.2 or FC-1.7.3 below.

        • FC-1.7.2

          Where funds pooled in an account are not co-mingled (i.e. where there are "sub-accounts" attributable to each beneficiary), all beneficial owners must be identified by the conventional bank licensee, and their identity verified in accordance with the requirements in Section FC-1.2.

        • FC-1.7.3

          For accounts held by intermediaries resident in Bahrain, where such funds are co-mingled, the conventional bank licensee must make a reasonable effort (in the context of the nature and amount of the funds received) to look beyond the intermediary and determine the identity of the beneficial owners or underlying clients, particularly where funds are banked and then transferred onward to other financial institutions (e.g. in the case of accounts held on behalf of authorised money transferors). Where, however, the intermediary is subject to equivalent regulatory and money laundering regulation and procedures (and, in particular, is subject to the same due diligence standards in respect of its client base) the BMA will not insist upon all beneficial owners being identified provided the bank has undertaken reasonable measures to determine that the intermediary has engaged in a sound customer due diligence process, consistent with the requirements in Section FC-1.8.

        • FC-1.7.4

          For accounts held by intermediaries from foreign jurisdictions, the intermediary must be subject to requirements to combat money laundering and terrorist financing consistent with the FATF 49 Recommendations and the intermediary must be supervised for compliance with those requirements. The bank must obtain documentary evidence to support the case for not carrying out customer due diligence measures beyond identifying the intermediary. The bank must satisfy itself that the intermediary has identified the underlying beneficiaries and has the systems and controls to allocate the assets in the pooled accounts to the relevant beneficiaries. The due diligence process contained in Section FC-1.8 must be followed.

        • FC-1.7.5

          Where the intermediary is not empowered to provide the required information on beneficial owners (e.g. lawyers bound by professional confidentiality rules) or where the intermediary is not subject to the same due diligence standards referred to above, a bank must not permit the intermediary to open an account or allow the account to continue to operate, unless specific permission has been obtained in writing from the BMA.

      • FC-1.8 FC-1.8 Enhanced Due Diligence for Correspondent Banking Relationships

        • FC-1.8.1

          The customer due diligence measures outlined under Section FC-1.2 must be carried out in the normal way on the respondent bank. Conventional bank licensees which intend to act as correspondent banks must gather sufficient information (e.g. through a questionnaire) about their respondent banks to understand the nature of the respondent's business. Factors to consider to provide assurance that satisfactory measures are in place at the respondent bank include:

          a) Information about the respondent bank's ownership structure and management;
          b) Major business activities of the respondent and its location (i.e. whether it is located in a FATF compliant jurisdiction) as well as the location of its parent (where applicable);
          c) Where the customers of the respondent bank are located;
          d) The respondent's AML/CFT controls;
          e) The purpose for which the account will be opened;
          f) Confirmation that the respondent bank has verified the identity of any third party entities that will have direct access to the correspondent banking services without reference to the respondent bank (e.g. in the case of "payable through" accounts);
          g) The extent to which the respondent bank performs ongoing due diligence on customers with direct access to the account, and the condition of bank regulation and supervision in the respondent's country (e.g. from published FATF reports). Banks should take into account the country where the respondent bank is located and whether that country abides by the FATF 40+ 9 Recommendations when establishing correspondent relationships with foreign banks. Banks should obtain where possible copies of the relevant laws and regulations concerning AML/CFT and satisfy themselves that respondent banks have effective customer due diligence measures consistent with the FATF 40+ 9 Recommendations;
          h) Confirmation that the respondent bank is able to provide relevant customer identification data on request to the correspondent bank; and
          i) Whether the respondent bank been subject to a money laundering or terrorist financing investigation.

        • FC-1.8.2

          Conventional bank licensees must implement the following additional measures, prior to opening a correspondent banking relationship:

          a) Complete a signed statement that outlines the respective responsibilities of each institution in relation to money laundering detection and monitoring responsibilities; and
          b) Ensure that the correspondent banking relationship has the approval of senior management.

        • FC-1.8.3

          Conventional bank licensees must refuse to enter into or continue a correspondent banking relationship with a bank incorporated in a jurisdiction in which it has no physical presence and which is unaffiliated with a regulated financial group (i.e. "shell banks", see Section FC-1.10). Banks must pay particular attention when entering into or continuing relationships with respondent banks located in jurisdictions that have poor KYC standards or have been identified by the FATF as being "non-cooperative" in the fight against money laundering/terrorist financing.

      • FC-1.9 FC-1.9 Introduced Business from Professional Intermediaries

        • FC-1.9.1

          A conventional bank licensee may only accept customers introduced to it by other financial institutions or intermediaries, if it has satisfied itself that the financial institution or intermediary concerned is subject to FATF-equivalent customer due diligence measures. Where conventional bank licensees delegate part of the customer due diligence measures to another financial institution or intermediary, the responsibility for meeting the requirements of Chapters FC-1 and FC-2 remains with the conventional bank licensee, not the third party.

        • FC-1.9.2

          Conventional bank licensees may only accept introduced business if all of the following conditions are satisfied:

          (a) the customer due diligence measures applied by the introducer are consistent with those required by the FATF 40 + 9 Recommendations;
          (b) a formal agreement is in place defining the respective roles of the licensee and the introducer in relation to customer due diligence measures. The agreement must specify that the customer due diligence measures of the introducer will comply with the FATF 40 + 9 Recommendations;
          (c) the introducer is able to provide all relevant data pertaining to the customer's identity, the identity of the customer and beneficial owner of the funds and, where applicable, the party/parties on whose behalf the customer is acting; also, the introducer has confirmed that the licensee will be allowed to verify the customer due diligence measures undertaken by the introducer at any stage; and
          (d) written confirmation is provided by the introducer confirming that all customer due diligence measures required by the FATF 40 + 9 Recommendations have been followed and the customer's identity established and verified. In addition, the confirmation must state that any identification documents or other customer due diligence material can be accessed by the conventional bank licensee and that these documents will be kept for at least five years after the business relationship has ended.

        • FC-1.9.3

          The conventional bank licensee must perform periodic reviews ensuring that any introducer on which it relies is in compliance with the FATF 40 + 9 Recommendations. Where the introducer is resident in another jurisdiction, the conventional bank licensee must also perform periodic reviews to verify whether the jurisdiction is in compliance with the FATF 40 + 9 Recommendations.

        • FC-1.9.4

          Should the conventional bank licensee not be satisfied that the introducer is in compliance with the requirements of the FATF 40 + 9 Recommendations, the licensee must conduct its own customer due diligence on introduced business, or not accept further introductions, or discontinue the business relationship with the introducer.

      • FC-1.10 FC-1.10 Shell Banks

        • FC-1.10.1

          Conventional bank licensees must not establish business relations with banks, which have no physical presence or "mind and management" in the jurisdiction in which they are licensed ("shell banks"). Banks must not knowingly establish relations with banks that have relations with shell banks.

        • FC-1.10.2

          Conventional bank licensees must make a suspicious transaction report to the Anti-Money Laundering Unit and the Compliance Unit if they are approached by a shell bank or an institution they suspect of being a shell bank.

      • FC-1.11 FC-1.11 Simplified Customer Due Diligence

        • FC-1.11.1

          Conventional bank licensees may apply simplified customer due diligence measures, as described in Paragraphs FC-1.11.2 to FC-1.11.8, if:

          (a) the customer is the Bahrain Monetary Agency ('BMA'), the Bahrain Stock Exchange ('BSE') or a licensee of the BMA;
          (b) the customer is a Ministry of a Gulf Cooperation Council ('GCC') or Financial Action Task Force ('FATF') member state government, a company in which a GCC or FATF government is a majority shareholder, or a company established by decree in the GCC;
          (c) the customer is a company listed on a GCC or FATF member state stock exchange with equivalent disclosure standards to those of the BSE;
          (d) the customer is a financial institution whose entire operations are subject to AML/CFT requirements consistent with the FATF Recommendations / Special Recommendations and it is supervised by a financial services supervisor in a FATF or GCC member state for compliance with those requirements;
          (e) the customer is a financial institution which is a subsidiary of a financial institution located in a FATF or GCC member state, and the AML/CFT requirements applied to its parent also apply to the subsidiary; or
          (f) the customer is a borrower in a syndicated transaction where the agent bank is a financial institution whose entire operations are subject to AML/CFT requirements consistent with the FATF Recommendations / Special Recommendations and it is supervised by a financial services supervisor in a FATF or GCC member state for compliance with those requirements;
          (g) the transaction is a one-off or occasional transaction not exceeding BD 6,000 (or equivalent in other currencies), or one of a number of transactions which are related and, when taken together, do not exceed BD 6,000 per year (or equivalent in other currencies).

        • FC-1.11.2

          For customers falling under categories a–f specified in Paragraph FC-1.11.1, the information required under Paragraph FC-1.2.1 (for natural persons) or FC-1.2.7 (for legal entities or legal arrangements such as trusts) must be obtained. However, the verification and certification requirements in Paragraphs FC-1.2.3 and FC-1.2.8, and the due diligence requirements in Paragraph FC-1.2.11, may be dispensed with. Where the account is a correspondent banking relationship, enhanced due diligence applies. Refer to Section FC-1.8.

        • FC-1.11.3

          For customers falling under category (g) in paragraph FC-1.11.1, the customer's name and contact information must be recorded. However, the verification, certification and due diligence requirements in Paragraphs FC-1.2.3, FC-1.2.8 and FC-1.2.11 may be dispensed with. As a matter of prudence, it is recommended that identification documentation is checked by the Conventional Bank Licensee. Conventional bank licensees may, of course, continue to apply the verification, certification and due diligence requirements mentioned in Paragraph FC-1.11.2 for their own purposes.

        • FC-1.11.4

          Conventional bank licensees wishing to apply simplified due diligence measures as allowed for under Paragraph FC-1.11.1 must retain documentary evidence supporting their categorisation of the customer.

        • FC-1.11.5

          Examples of such documentary evidence may include a printout from a regulator's website, confirming the licensed status of an institution, and internal papers attesting to a review of the AML/CFT measures applied in a jurisdiction.

        • FC-1.11.6

          Conventional bank licensees may use authenticated SWIFT messages as a basis for confirmation of the identity of a financial institution under FC-1.11.1 (d) and (e) where it is dealing as principal. For customers coming under Paragraph FC-1.11.1 (d) and (e), conventional bank licensees must also obtain and retain a written statement from the parent institution of the subsidiary concerned, confirming that the subsidiary is subject to the same AML/CFT measures as its parent.

        • FC-1.11.7

          Simplified customer due diligence measures must not be applied where a conventional bank licensee knows, suspects, or has reason to suspect, that the applicant is engaged in money laundering or terrorism financing or that the transaction is carried out on behalf of another person engaged in money laundering or terrorism financing.

        • FC-1.11.8

          Simplified customer due diligence measures must not be applied where a conventional bank licensee knows, suspects, or has reason to suspect, that transactions are linked, such that they exceed the threshold specified in Paragraph FC-1.11.1(g).

    • FC-2 FC-2 AML / CFT Systems and Controls

      • FC-2.1 FC-2.1 General Requirements

        • FC-2.1.1

          Conventional bank licensees must take reasonable care to establish and maintain appropriate systems and controls for compliance with the requirements of this Module and to limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the BMA.

        • FC-2.1.2

          The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.

      • FC-2.2 FC-2.2 Ongoing Customer Due Diligence and Transaction Monitoring

        • Risk Based Monitoring

          • FC-2.2.1

            Conventional bank licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

          • FC-2.2.2

            Conventional bank licensees' risk-based monitoring systems should therefore be configured to help identify:

            (a) transactions which do not appear to have a clear purpose or which make no obvious economic sense;
            (b) significant or large transactions not consistent with the normal or expected behaviour of a customer; and
            (c) unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.

        • Automated Transaction Monitoring

          • FC-2.2.3

            Conventional bank licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as "significant" and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the conventional bank licensee for five years after the date of the transaction.

          • FC-2.2.4

            The BMA would expect larger conventional bank licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-4 and FC-7, regarding the responsibilities of the MLRO and record-keeping requirements.

        • Unusual Transactions or Customer Behaviour

          • FC-2.2.5

            Where a conventional bank licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the occasional transactions threshold of BD 6,000. Furthermore, conventional bank licensees must examine the background and purpose to those transactions and document their findings.

          • FC-2.2.6

            The investigations required under FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-7.1.1(b)).

          • FC-2.2.7

            Conventional bank licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.

          • FC-2.2.8

            When an existing customer closes one account and opens another, the conventional bank licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

          • FC-2.2.9

            Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-7, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

          • Maintaining Documentation

            • FC-2.2.10

              Conventional bank licensees must take reasonable steps to ensure that they receive and maintain up-to-date copies of the identification documents specified in Chapter FC-1. Conventional bank licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.

            • FC-2.2.11

              Conventional bank licensees must review and update their customer due diligence information at least every three years. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the conventional bank licensee must take steps to obtain updated copies as soon as possible.

    • FC-3 FC-3 Money transfers and alternative remittances

      • FC-3.1 FC-3.1 Electronic transfers

        • Outward Transfers

          • FC-3.1.1

            Conventional bank licensees must include all required originator information details with the accompanying electronic transfers of funds they make on behalf of their customers. Non-routine transfers must not be batched, if batching increases the risks of money laundering or terrorist financing. This obligation does not apply where the transfer is made by a bank acting as principal or acting on behalf of another bank as principal such as in the case of payment of spot FX transactions.

          • FC-3.1.2

            For the purposes of this Chapter, "Originator Information" means:

            a) The name of the payer;
            b) The address of the payer; and
            c) The account number of the payer (where funds are being remitted from an account with your bank).

          • FC-3.1.3

            It is not necessary for the recipient institution to pass the originator information on to the payee. The obligation is discharged simply by notifying the recipient institution of the originator information at the time the transfer is made.

        • Inward Transfers

          • FC-3.1.4

            Banks must:

            a) Maintain records (in accordance with Chapter FC-7 of this Module) of all originator information received with an inward transfer; and
            b) Carefully scrutinise inward transfers which do not contain originator information (i.e. full name, address and account number or a unique customer identification number). Licensees must presume that such transfers are "suspicious transactions" and pass them to the MLRO for review for determination as to possible filing of an STR, unless (a), the sending institution is able to promptly (i.e. within two business days) advise the licensee in writing of the originator information upon the licensee's request; or (b) the sending institution and the licensee are acting on their own behalf (as principals).

      • FC-3.2 FC-3.2 Remittances on behalf of other Money Transferors

        • FC-3.2.1

          Whenever a conventional bank licensee uses the services of Authorised Money Transferors to effect the transfer of funds for a customer to a person or organisation in another country, that licensee must, in respect of the amount so transferred, maintain records of:

          a) The identity of its customer(s) in accordance with Chapters FC-1 and FC-7 of this Regulation; and
          b) The exact amount transferred for each such customer (particularly where a single transfer is effected for more than one customer).

        • FC-3.2.2

          Conventional bank licensees must be able to produce this information for inspection immediately upon request by the BMA.

        • FC-3.2.3

          Conventional bank licensees must not transfer funds for customers to a person or organisation in another country by any means other than through an Authorised Money Transferor. Where a licensee is found to be in contravention of this rule, the Agency will not hesitate to impose sanctions upon that licensee (and in serious cases may revoke that licensee's licence).

    • FC-4 FC-4 Money Laundering Reporting Officer (MLRO)

      • FC-4.1 FC-4.1 Appointment of MLRO

        • FC-4.1.1

          Conventional bank licensees must appoint a Money Laundering reporting officer ("MLRO"). The MLRO must be approved by the BMA prior to his appointment. The conventional bank licensee must notify the Agency of the appointment of the MLRO, using the MLRO form (Appendix FC-4).

        • FC-4.1.2

          The position of MLRO must not be combined with functions that create potential conflicts of interest, such as an internal auditor or business line head. The position of MLRO may not be outsourced.

        • FC-4.1.3

          Subject to Paragraph FC-4.1.2, however, the position of MLRO may otherwise be combined with other functions in the conventional bank licensee, such as that of Compliance Officer, in cases where the volume and geographical spread of the business is limited and, therefore, the demands of the function are not likely to require a full time resource. Paragraph FC-4.1.6 requires that the MLRO is a Director or employee of the licensee, so the function may not be outsourced to a third party employee.

        • FC-4.1.4

          Conventional bank licensees must appoint a deputy MLRO to act for the MLRO in his absence. The deputy MLRO must be resident in Bahrain unless otherwise agreed with the BMA.

        • FC-4.1.5

          Conventional bank licensees should note that although the MLRO may delegate some of his functions, either within the licensee or even possibly (in the case of larger groups) to individuals performing similar functions for other group entities, that the responsibility for compliance with the requirements of this Module remains with the licensee and the designated MLRO.

        • FC-4.1.6

          So that he can carry out his functions effectively, conventional bank licensees must ensure that their MLRO:

          (a) is a Director or a member of senior management of the licensee;
          (b) has a sufficient level of seniority within the conventional bank licensee, has the authority to act without interference from business line management and has direct access to the Board and senior management (where necessary);
          (c) has sufficient resources, including sufficient time and (if necessary) support staff, and has designated a replacement to carry out the function should the MLRO be unable to perform his duties;
          (d) has unrestricted access to all transactional information relating to any financial services provided by the conventional bank licensee to that customer, or any transactions conducted by the conventional bank licensee on behalf of a customer;
          (e) is provided with timely information needed to identify, analyse and effectively monitor customer accounts;
          (f) has access to all customer due diligence information obtained by the conventional bank licensee; and
          (g) is resident in Bahrain.

        • FC-4.1.7

          In addition, conventional bank licensees must ensure that their MLRO is able to:

          (a) monitor the day-to-day operation of its policies and procedures relevant to this Module; and
          (b) respond promptly to any reasonable request for information made by the Anti-Money Laundering Unit or the BMA.

        • FC-4.1.8

          If the position of MLRO falls vacant, the conventional bank licensee must appoint a permanent replacement (after obtaining BMA approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, the licensee must make immediate interim arrangements (including the appointment of an acting MLRO) to ensure continuity in the MLRO function's performance. These interim arrangements must be approved by the BMA.

      • FC-4.2 FC-4.2 Responsibilities of the MLRO

        • FC-4.2.1

          The MLRO is responsible for:

          (a) establishing and maintaining the conventional bank licensee's AML/CFT policies and procedures;
          (b) ensuring that the licensee complies with the AML Law and any other applicable AML/CFT legislation and regulations;
          (c) ensuring day-to-day compliance with the licensee's own internal AML/CFT policies and procedures;
          (d) acting as the conventional bank licensee's main point of contact in respect of handling internal suspicious transaction reports from the licensee's staff (refer to Section FC-5.1) and as the main contact for the Financial Intelligence Unit, the BMA and other concerned bodies regarding AML/CFT;
          (e) making external suspicious transaction reports to the Financial Intelligence Unit and Compliance Unit (refer to Section FC-5.2);
          (f) taking reasonable steps to establish and maintain adequate arrangements for staff awareness and training on AML/CFT matters (whether internal or external), as per Chapter FC-5;
          (g) producing annual reports on the effectiveness of the licensee's AML / CFT controls, for consideration by senior management, as per Paragraph FC-4.3.3;
          (h) on-going monitoring of what may, in his opinion, constitute high-risk customer accounts; and
          (i) maintaining all necessary CDD, transactions, STR and staff training records for the required periods (refer to Section FC-7.1).

      • FC-4.3 FC-4.3 Compliance monitoring

        • Annual Compliance Review

          • FC-4.3.1

            A conventional bank licensee must review the effectiveness of its AML/CFT procedures, systems and controls at least once each calendar year. The review must cover the conventional bank licensee and its branches and subsidiaries both inside and outside the Kingdom of Bahrain. The scope of the review must include:

            (a) a report, containing the number of internal reports made in accordance with Section FC-5.1, a breakdown of all the results of those internal reports and their outcomes for each segment of the licensee's business, and an analysis of whether controls or training need to be enhanced;
            (b) a report, indicating the number of external reports made in accordance with Section FC-5.2 and, where a conventional bank licensee has made an internal report but not made an external report, noting why no external report was made;
            (c) a sample test of compliance with this Module's customer due diligence requirements; and
            (d) a report as to the quality of the conventional bank licensee's anti-money laundering procedures, systems and controls, and compliance with the AML Law and this Module.

          • FC-4.3.2

            The reports listed under Paragraph FC-4.3.1(a) and (b) must be made by the MLRO. The sample testing required under Paragraph FC-4.3.1(c) must be undertaken either by the licensee's internal audit function or its external auditors. The report required under Paragraph FC-4.3.1(d) must be made by the licensee's external auditors.

          • FC-4.3.3

            The reports listed under Paragraph FC-4.3.1 must be submitted to the licensee's Board, for it to review and commission any required remedial measures, and copied to the licensee's senior management.

          • FC-4.3.4

            The purpose of the annual compliance review is to assist a licensee's Board and senior management to assess, amongst other things, whether internal and external reports are being made (as required under Chapter FC-5), and whether the overall number of such reports (which may otherwise appear satisfactory) does not conceal inadequate reporting in a particular segment of the licensee's business (or, where relevant, in particular branches or subsidiaries). Conventional bank licensees should use their judgement as to how the reports listed under Paragraph FC-4.3.1(a) and (b) should be broken down in order to achieve this aim (e.g. by branches, departments, product lines, etc).

          • FC-4.3.5

            Conventional bank licensees must instruct their external auditors to produce the report referred to in Paragraph FC-4.3.1(d). The report must be submitted to the BMA by the 30th of April of the following year. The findings of this review must be received and acted upon by the licensee.

          • FC-4.3.6

            The external auditors may rely upon work performed by the licensee's internal audit function, as part of their procedures for producing the statement referred to in Paragraph FC-4.3.5.

    • FC-5 FC-5 Suspicious Transaction Reporting

      • FC-5.1 FC-5.1 Internal Reporting

        • FC-5.1.1

          Conventional bank licensees must implement procedures to ensure that staff who handle customer business (or are managerially responsible for such staff) make a report promptly to the MLRO if they know or suspect that a customer (or a person on whose behalf a customer may be acting) is engaged in money laundering or terrorism financing, or if the transaction or the customer's conduct otherwise appears unusual or suspicious. These procedures must include arrangements for disciplining any member of staff who fails, without reasonable excuse, to make such a report.

        • FC-5.1.2

          Where conventional bank licensees' internal processes provide for staff to consult with their line managers before sending a report to the MLRO, such processes must not be used to prevent reports reaching the MLRO, where staff have stated that they have knowledge or suspicion that a transaction may involve money laundering or terrorist financing.

      • FC-5.2 FC-5.2 External Reporting

        • FC-5.2.1

          Conventional bank licensees must take reasonable steps to ensure that all reports made under Section FC-5.1 are considered by the MLRO (or his duly authorised delegate). Having considered the report and any other relevant information the MLRO (or his duly authorised delegate), if he still suspects that a person has been engaged in money laundering or terrorism financing, or the activity concerned is otherwise still regarded as suspicious, must report the fact promptly to the relevant authorities. Where no report is made, the MLRO must document the reasons why.

        • FC-5.2.2

          To take reasonable steps, as required under Paragraph FC-5.2.1, conventional bank licensees must:

          (a) require the MLRO to consider reports made under Section FC-5.1.3 in the light of all relevant information accessible to or reasonably obtainable by the MLRO;
          (b) permit the MLRO to have access to any information, including know your customer information, in the conventional bank licensee's possession which could be relevant; and
          (c) ensure that where the MLRO, or his duly authorised delegate, suspects that a person has been engaged in money laundering or terrorist financing, a report is made by the MLRO which is not subject to the consent or approval of any other person.

        • FC-5.2.3

          Reports to the relevant authorities made under Paragraph FC-5.2.1 must be sent to the Anti-Money Laundering Unit at the Ministry of the Interior, with a copy sent to the BMA's Compliance Directorate. Reports must be made using the Suspicious Transaction Report (STR) form and related instructions, included in Part B of Volume 1 (Conventional Banks).

        • FC-5.2.4

          Conventional bank licensees must report all suspicious transactions or attempted transactions. This reporting requirement applies regardless of whether the transaction involves tax matters.

        • FC-5.2.5

          Conventional bank licensees must retain all relevant details of STRs submitted to the relevant authorities for at least five years.

        • FC-5.2.6

          In accordance with the AML Law, conventional bank licensees, their Directors, officers and employees must not warn or inform ("tipping off") their customers, the beneficial owner or other subjects of the STR when information relating to them is being reported to the relevant authorities.

      • FC-5.3 FC-5.3 Contacting the Relevant Authorities

        • FC-5.3.1

          Reports made by the MLRO or his duly authorised delegate under Section FC-5.2 must be sent to the Anti-Money Laundering Unit at the Ministry of the Interior and copied to the Compliance Unit at the Bahrain Monetary Agency at the following addresses:

          Anti-Money Laundering Unit
          General Directorate of Criminal Investigation
          Ministry of Interior
          P.O. Box 26698
          Manama, Kingdom of Bahrain
          Telephone: 17 718888
          Fax: 17 715818
          E-mail: aecd@batelco.com.bh or amlu@batelco.com.bh

          Head of Compliance Unit
          Bahrain Monetary Agency
          P.O. Box 27
          Manama, Kingdom of Bahrain
          Telephone: 17 547922
          Fax: 17 535673
          E-mail: cunit@bma.gov.bh; aljaber@bma.gov.bh

    • FC-6 FC-6 Staff Training and Recruitment

      • FC-6.1 FC-6.1 General Requirements

        • FC-6.1.1

          A conventional bank licensee must take reasonable steps to provide periodic training and information to ensure that staff who handle customer transactions, or are managerially responsible for such transactions, are made aware of:

          (a) their responsibilities under the AML Law, this Module, and any other relevant AML / CFT laws and regulations;
          (b) the identity and responsibilities of the MLRO and his deputy;
          (c) the potential consequences, both individual and corporate, of any breach of the AML Law, this Module and any other relevant AML / CFT laws or regulations;
          (d) the conventional bank licensee's current AML/CFT policies and procedures;
          (e) money laundering and terrorist financing typologies and trends;
          (f) the type of customer activity or transaction that may justify an internal STR;
          (g) the conventional bank licensee's procedures for making internal STRs; and
          (h) customer due diligence measures with respect to establishing business relations with customers.

        • FC-6.1.2

          The information referred to in Paragraph FC-6.1.1 must be brought to the attention of relevant new employees of conventional bank licensees, and must remain available for reference by staff during their period of employment.

        • FC-6.1.3

          Relevant new employees must be given AML/CFT training within three months of joining a conventional bank licensee.

        • FC-6.1.4

          Conventional bank licensees must ensure that their AML/CFT training for relevant staff remains up-to-date, and is appropriate given the licensee's activities and customer base.

        • FC-6.1.5

          The BMA would normally expect AML/CFT training to be provided to relevant staff at least once a year.

        • FC-6.1.6

          Conventional bank licensees must develop adequate screening procedures to ensure high standards when hiring employees. These procedures must include controls to prevent criminals or their associates from being employed by licensees.

    • FC-7 FC-7 Record Keeping

      • FC-7.1 FC-7.1 General Requirements

        • CDD and Transaction Records

          • FC-7.1.1

            Conventional bank licensees must comply with the record keeping requirements contained in the AML Law. Conventional bank licensees must therefore retain adequate records (including accounting and identification records), for the following minimum periods:

            (a) for customers, in relation to evidence of identity and business relationship records (such as application forms and business correspondence), for at least five years after the customer relationship has ceased; and
            (b) for transactions, in relation to documents enabling a reconstitution of the transaction concerned, for at least five years after the transaction was completed.

        • Compliance Records

          • FC-7.1.2

            Conventional bank licensees must retain copies of the reports produced for their annual compliance review, as specified in Paragraph FC-4.3.1, for at least five years. Licensees must also maintain for 5 years reports made to, or by, the MLRO made in accordance with Sections FC-5.1 and FC-5.2, and records showing how these reports were dealt with and what action, if any, was taken as a consequence of those reports.

        • Training Records

          • FC-7.1.3

            Conventional bank licensees must maintain for at least five years, records showing the dates when AML/CFT training was given, the nature of the training, and the names of the staff that received the training.

        • Access

          • FC-7.1.4

            All records required to be kept under this Section must be made available for prompt and swift access by the relevant authorities or other authorised persons.

          • FC-7.1.5

            Conventional bank licensees are also reminded of the requirements contained in Chapter LR-6 (Books and Records).

    • FC-8 FC-8 NCCT Measures and Terrorist Financing

      • FC-8.1 FC-8.1 Special Measures for Non-Cooperative Countries or Territories ('NCCTs')

        • FC-8.1.1

          Conventional bank licensees must give special attention to any dealings they may have with entities or persons domiciled in countries or territories which are:

          (a) identified by the FATF as being "non-cooperative"; or
          (b) notified to conventional bank licensees from time to time by the BMA.

        • FC-8.1.2

          Whenever transactions with such parties have no apparent economic or visible lawful purpose, their background and purpose must be re-examined and the findings documented. If suspicions remain about the transaction, these must be reported to the relevant authorities in accordance with Section FC-5.2.

      • FC-8.2 FC-8.2 Terrorist Financing

        • FC-8.2.1

          Conventional bank licensees must comply in full with the provisions of the UN Security Council Anti-terrorism Resolution No. 1373 of 2001 ('UNSCR 1373').

        • FC-8.2.2

          Any conventional bank licensee that wishes, intends or has been requested to do anything that might contravene, in its reasonable opinion, the provisions of UNSCR 1373 (and in particular Article 1, paragraphs c) and d) of UNSCR 1373) must seek, in writing, the prior written opinion of the BMA on the matter.

        • FC-8.2.3

          A copy of UNSCR 1373 is included in Part B of Volume 1 (Conventional Banks), under 'Supplementary Information'.

        • FC-8.2.4

          Conventional bank licensees must report to the BMA details of:

          (a) funds or other financial assets or economic resources held with them which may be the subject of Article 1, paragraphs c) and d) of UNSCR 1373; and
          (b) all claims, whether actual or contingent, which the conventional bank licensee has on persons and entities which may be the subject of Article 1, paragraphs c) and d) of UNSCR 1373.

        • FC-8.2.5

          For the purposes of Paragraph FC-8.2.4, 'funds or other financial resources' includes (but is not limited to) shares in any undertaking owned or controlled by the persons and entities referred to in Article 1, paragraph c) and d) of UNSCR 1373, and any associated dividends received by the licensee.

        • FC-8.2.6

          All reports or notifications under this Section must be made to the BMA's Compliance Unit.

        • FC-8.2.7

          See Section FC-5.3 for the Compliance Unit's contact details.

      • FC-8.3 FC-8.3 Designated Persons and Entities

        • FC-8.3.1

          Without prejudice to the general duty of all conventional bank licensees to exercise the utmost care when dealing with persons or entities who might come under Article 1, paragraphs (c) and (d) of UNSCR 1373, conventional bank licensees must not deal with any persons or entities designated by the BMA as potentially linked to terrorist activity.

        • FC-8.3.2

          The BMA from time to time issues to licensees lists of designated persons and entities believed linked to terrorism. Licensees are required to verify that they have no dealings with these designated persons and entities, and report back their findings to the BMA. Names designated by the BMA include persons and entities designated by the United Nations, under UN Security Council Resolution 1267 ("UNSCR 1267").

        • FC-8.3.3

          Conventional bank licensees must report to the relevant authorities, using the procedures contained in Section FC-5.2, details of any accounts or other dealings with designated persons and entities, and comply with any subsequent directions issued by the relevant authorities.

    • FC-9 FC-9 Enforcement Measures

      • FC-9.1 FC-9.1 Regulatory Penalties

        • FC-9.1.1

          Without prejudice to any other penalty imposed by the BMA Law, the Decree Law No. 4 or the Penal Code of the Kingdom of Bahrain, failure by a licensee to comply with this Module or any direction given hereunder shall result in the levying by the BMA, without need of a court order and at the BMA's discretion, of a fine of up to BD 20,000.

        • FC-9.1.2

          Module EN provides further information on the assessment of financial penalties and the criteria taken into account prior to imposing such fines (reference to Paragraph EN-5.1.4). Other enforcement measures may also be applied by the BMA in response to a failure by a licensee to comply with this Module; these other measures are also set out in Module EN.

        • FC-9.1.3

          The BMA will endeavour to assist conventional bank licensees to interpret and apply the rules and guidance in this Module. Conventional bank licensees may seek clarification on any issue by contacting the Compliance Unit (see Section FC-5.3 for contact details).

        • FC-9.1.4

          Without prejudice to the BMA's general powers under the law, the BMA may amend, clarify or issue further directions on any provision of this Module from time to time, by notice to its licensees.

    • FC-10 FC-10 AML / CFT Guidance and Best Practice

      • FC-10.1 FC-10.1 Guidance Provided by International Bodies

        • FATF: 40 Recommendations and 9 Special Recommendations

          • FC-10.1.1

            The Forty Recommendations (see www.fatf-gafi.org) and Nine Special Recommendations (together with their associated interpretative notes and best practices papers) issued by the Financial Action Task Force (FATF), provide the basic framework for combating money laundering activities and the financing of terrorism. FATF Recommendations 4–6, 8–11, 13–15, 17–19, 21–23, 25, 29–32 and 40 as well as Special Recommendations IV–IX, and the AML/CFT Methodology are specifically relevant to the banking sector.

          • FC-10.1.2

            The relevant authorities in Bahrain believe that the principles established by these Recommendations and Special Recommendations should be followed by licensees in all material respects, as representing best practice and prudence in this area.

        • Basel Committee: Statement on money laundering and Customer Due Diligence for banks

          • FC-10.1.3

            In December 1988, the Basel Committee on Banking Supervision issued a "Statement of Principles" followed by the Customer Due Diligence for Banks paper in October 2001 (with attachment dated February 2003 — see www.bis.org/publ/) with which internationally active banks of member states are expected to comply. These papers cover identifying customers, avoiding suspicious transactions, and co-operating with law enforcement agencies.

          • FC-10.1.4

            The BMA supports the above papers and the desirability of all conventional bank licensees adhering to their requirements and guidance.