Back Custom print Link Text Only Rich Text Print

  • FC-2 FC-2 AML / CFT Systems and Controls

    • FC-2.1 FC-2.1 General Requirements

      • FC-2.1.1

        Insurance licensees must implement programmes against money laundering and terrorist financing which establish and maintain appropriate systems and controls for compliance with the requirements of this Module and which limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the CBB.

        Amended: October 2015
        Amended: January 2007

      • FC-2.1.2

        Where the insurance licensee is an unincorporated entity, the annual review and approval should be undertaken by the most senior person with oversight responsibilities for the licensee, such as its General Manager or managing partner.

        Amended: October 2007

      • FC-2.1.3

        The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.

        Amended: October 2007

      • FC-2.1.4

        Insurance licensees must incorporate Key Performance Indicators (KPIs) to ensure compliance with AML/CFT requirements by all staff. The performance against the KPIs must be adequately reflected in their annual performance evaluation and in their remuneration (See also Paragraph HC-5.4.3).

        Added: April 2020

      • FC-2.1.5

        In implementing the policies, procedures and monitoring tools for ensuring compliance with Paragraph FC-2.1.4, insurance licensees should consider the following:

        (a) The business policies and practices should be designed to reduce incentives for staff to expose the insurance licensee to AML/CFT compliance risk;
        (b) The performance measures of departments/divisions/units and personnel should include measures to address AML/CFT compliance obligations;
        (c) AML/CFT compliance breaches and deficiencies should be attributed to the relevant departments/divisions/units and personnel within the organisation as appropriate;
        (d) Remuneration and bonuses should be adjusted for AML/CFT compliance breaches and deficiencies; and
        (e) Both quantitative measures and human judgement should play a role in determining any adjustments to the remuneration and bonuses resulting from the above.
        Added: April 2020

    • FC-2.2 FC-2.2 On-going Customer Due Diligence and Transaction Monitoring

      • Risk-Based Monitoring

        • FC-2.2.1

          Insurance licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

        • FC-2.2.2

          Insurance licensees' risk-based monitoring systems should therefore be configured to help identify:

          (a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;
          (b) Significant or large transactions not consistent with the normal or expected behaviour of a customer; and
          (c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular patter of a customer's account activity.
          Amended: January 2007

      • Automated Transaction Monitoring

        • FC-2.2.3

          Insurance licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as 'significant' and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the insurance licensee for five years after the date of the transaction.

          Amended: January 2007
          Amended: October 2007
          Amended: April 2008

        • FC-2.2.4

          The CBB would expect larger insurance licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-3 and FC-6, regarding the responsibilities of the MLRO and record-keeping requirements.

          Amended: January 2007

      • Unusual Transactions or Customer Behaviour

        • FC-2.2.5

          In instances where an insurance licensee’s risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the transactions threshold of BD 6,000. Furthermore, insurance licensees must examine the background and purpose to those transactions and document their findings.

          Amended: January 2022

        • FC-2.2.6

          The investigations required under FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-6.1.1(b)).

          Amended: October 2007
          Amended: April 2008

        • FC-2.2.7

          Insurance licensees must consider instances where there is a significant, unexpected or unexplained change in the behaviour of policyholders' account (e.g., early surrenders). Insurance licensees must be extra vigilant to the particular risks involved in the buying and selling of second hand endowment policies, as well as the use of single premium unit-linked policies. Insurance licensees must check any reinsurance or retrocession to ensure that monies are paid to bona fide reinsurance entities at rates commensurate with the risks underwritten.

          Amended: January 2007

        • FC-2.2.8

          When an existing customer cancels a policy and applies for another, the insurance licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

          Amended: January 2007

        • FC-2.2.9

          Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-6, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

          Amended: January 2007

      • On-going Monitoring

        • FC-2.2.10

          Insurance licensees must take reasonable steps to:

          (a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the Insurance licensee's knowledge of the customer, their business risk and risk profile; and
          (b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter FC-1, by undertaking reviews of existing records, particularly for higher risk categories of customers. Insurance licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.
          Amended: October 2017
          Amended: January 2007

        • FC-2.2.11

          Insurance licensees must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the insurance licensee must take steps to obtain updated copies as soon as possible.

          Amended: October 2017