Back Custom print Link Text Only Rich Text Print

  • FC-2.2 FC-2.2 Ongoing Customer Due Diligence and Transaction Monitoring

    • Risk Based Monitoring

      • FC-2.2.1

        Licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of customers and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.

        October 2010

      • FC-2.2.2

        Licensees' risk-based monitoring systems should therefore be configured to help identify:

        (a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;
        (b) Significant or large transactions not consistent with the normal or expected behavior of a customer; and
        (c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.
        October 2010

    • Automated Transaction Monitoring

      • FC-2.2.3

        Licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as "significant" and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the licensee for five years after the date of the transaction.

        October 2010

      • FC-2.2.3A

        In the case of trust service providers (or any other licensee that does not handle customer funds) such licensees should monitor bank statements and other records to ensure that they are aware of "significant" transactions on a timely basis.

        Added: April 2013

      • FC-2.2.4

        The CBB would expect larger licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-4 and FC-7, regarding the responsibilities of the MLRO and record-keeping requirements.

        October 2010

    • Unusual Transactions or Customer Behaviour

      • FC-2.2.5

        Where a licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in Paragraphs FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the transactions threshold of BD 6,000. Furthermore, licensees must examine the background and purpose to those transactions and document their findings. In the case of one-off transactions where there is no ongoing account relationship, the licensee must file an STR if it is unable to verify the source of funds to its satisfaction (see Chapter FC-5).

        Amended: January 2022
        October 2010

      • FC-2.2.6

        The investigations required under Paragraph FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also Subparagraph FC-7.1.1 (b)).

        October 2010

      • FC-2.2.7

        Licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.

        October 2010

      • FC-2.2.8

        When an existing customer closes one account and opens another, the licensee must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.

        October 2010

      • FC-2.2.9

        Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-7, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.

        October 2010

    • On-going Monitoring

      • FC-2.2.10

        Licensees must take reasonable steps to:

        (a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the licensee's knowledge of the customer, their business risk and risk profile; and
        (b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter FC-1, by undertaking reviews of existing records, particularly for higher risk categories of customers. Licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.
        Amended: October 2017
        October 2010

      • FC-2.2.11

        Licensees must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the licensee must take steps to obtain updated copies as soon as possible.

        Amended: October 2017
        October 2010