Back Custom print Link Text Only Rich Text Print

  • FC-2 FC-2 AML/CFT Systems and Controls

    • FC-2.1 FC-2.1 General Requirements

      • FC-2.1.1

        Investment firm licensees must implement programmes against money laundering and terrorist financing which establish and maintain appropriate systems and controls for compliance with the requirements of this Module and which limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the CBB.

        Amended: October 2014
        Amended: January 2007

      • FC-2.1.2

        The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.

      • FC-2.1.3

        Investment firm licensees must incorporate Key Performance Indicators (KPIs) to ensure compliance with AML/CFT requirements by all staff. The performance against the KPIs must be adequately reflected in their annual performance evaluation and in their remuneration (See also Paragraph HC-5.3.3).

        Added: April 2020

      • FC-2.1.4

        In implementing the policies, procedures and monitoring tools for ensuring compliance with Paragraph FC-2.1.3, investment firm licensees should consider the following:

        (a) The business policies and practices should be designed to reduce incentives for staff to expose the investment firm licensees to AML/CFT compliance risk;
        (b) The performance measures of departments/divisions/units and personnel should include measures to address AML/CFT compliance obligations;
        (c) AML/CFT compliance breaches and deficiencies should be attributed to the relevant departments/divisions/units and personnel within the organisation as appropriate;
        (d) Remuneration and bonuses should be adjusted for AML/CFT compliance breaches and deficiencies; and
        (e) Both quantitative measures and human judgement should play a role in determining any adjustments to the remuneration and bonuses resulting from the above.
        Added: April 2020

    • FC-2.2 FC-2.2 On-going Customer Due Diligence and Transaction Monitoring

      • Risk Based Monitoring

        • FC-2.2.1

          Investment firm licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

          Amended: January 2007

        • FC-2.2.2

          Investment firm licensees' risk-based monitoring systems should therefore be configured to help identify:

          (a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;
          (b) Significant or large transactions not consistent with the normal or expected behaviour of a customer; and
          (c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.
          Amended: January 2007

        • Automated Transaction Monitoring

          • FC-2.2.3

            Investment firm licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as 'significant' and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the licensee for five years after the date of the transaction.

            Amended: January 2007

          • FC-2.2.4

            The CBB would expect larger investment firm licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-3 and FC-6, regarding the responsibilities of the MLRO and record-keeping requirements. Where the investment firm licensee is not receiving funds — for instance where it is simply acting as agent on behalf of a principal, and the customer is directly remitting funds to the principal — then the investment firm licensee may agree with the principal that the latter should be responsible for the daily monitoring of such transactions.

            Amended: January 2007

        • Unusual Transactions or Customer Behaviour

          • FC-2.2.5

            Where a licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the transactions threshold of BD 6,000. Furthermore, investment firm licensees must examine the background and purpose to those transactions and document their findings. In the case of one-off transactions where there is no on-going account relationship, the licensee must file an STR if it is unable to verify the source of funds to its satisfaction (see Chapter FC-4).

            Amended: January 2022
            Amended: January 2007

          • FC-2.2.6

            The investigations required under Paragraph FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-6.1.1(b)).

            Amended: January 2007

          • FC-2.2.7

            Investment firm licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.

          • FC-2.2.8

            When an existing customer closes one account and opens another, the licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

          • FC-2.2.9

            Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-6, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

        • On-going Monitoring

          • FC-2.2.10

            Investment firm licensees must take reasonable steps to:

            (a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the investment firm licensee's knowledge of the customer, their business risk and risk profile; and
            (b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter FC-1, by undertaking reviews of existing records, particularly for higher risk categories of customers Investment firm licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.
            Amended: October 2017

          • FC-2.2.11

            Investment firm licensees must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the licensee must take steps to obtain updated copies as soon as possible.

            Amended: October 2017