Back Custom print Link Text Only Rich Text Print

  • FC-2 FC-2 AML / CFT Systems and Controls

    • FC-2.1 FC-2.1 General Requirements

      • FC-2.1.1

        Conventional bank licensees must take reasonable care to establish and maintain appropriate systems and controls for compliance with the requirements of this Module and to limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the BMA.

      • FC-2.1.2

        The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.

    • FC-2.2 FC-2.2 Ongoing Customer Due Diligence and Transaction Monitoring

      • Risk Based Monitoring

        • FC-2.2.1

          Conventional bank licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

        • FC-2.2.2

          Conventional bank licensees' risk-based monitoring systems should therefore be configured to help identify:

          (a) transactions which do not appear to have a clear purpose or which make no obvious economic sense;
          (b) significant or large transactions not consistent with the normal or expected behaviour of a customer; and
          (c) unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.

      • Automated Transaction Monitoring

        • FC-2.2.3

          Conventional bank licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as "significant" and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the conventional bank licensee for five years after the date of the transaction.

        • FC-2.2.4

          The BMA would expect larger conventional bank licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-4 and FC-7, regarding the responsibilities of the MLRO and record-keeping requirements.

      • Unusual Transactions or Customer Behaviour

        • FC-2.2.5

          Where a conventional bank licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the occasional transactions threshold of BD 6,000. Furthermore, conventional bank licensees must examine the background and purpose to those transactions and document their findings.

        • FC-2.2.6

          The investigations required under FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-7.1.1(b)).

        • FC-2.2.7

          Conventional bank licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.

        • FC-2.2.8

          When an existing customer closes one account and opens another, the conventional bank licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

        • FC-2.2.9

          Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-7, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

        • Maintaining Documentation

          • FC-2.2.10

            Conventional bank licensees must take reasonable steps to ensure that they receive and maintain up-to-date copies of the identification documents specified in Chapter FC-1. Conventional bank licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.

          • FC-2.2.11

            Conventional bank licensees must review and update their customer due diligence information at least every three years. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the conventional bank licensee must take steps to obtain updated copies as soon as possible.