AML — Anti-Money Laundering & Combating Financial Crime
AML-A AML-A Introduction
AML-A.1 AML-A.1 Purpose
Executive Summary
AML-A.1.1
This Module is a comprehensive framework of rules and guidance aimed at combating money laundering and terrorist financing and applies to all
Capital Market Licensees . In so doing, it helps implement the FATF Recommendations on combating money laundering and financing of terrorism and proliferation, issued by the Financial Action Task Force (FATF), that are relevant toCapital Market Licensees . It also helps implement IOSCO guidance in this area. The Module also contains measures relating to the combating of fraud in the capital market.Amended: January 2022
Amended: July 2016
October 2010AML-A.1.2
The Module requires
Capital Market Licensees to have effective anti-money laundering ('AML') policies and procedures, in addition to measures for combating the financing of terrorism ('CFT'). The Module contains detailed requirements relating to customer due diligence, reporting and the role and duties of the Money Laundering Reporting Officer (MLRO). Furthermore, examples of suspicious activity are provided, to assistCapital Market Licensees monitor transactions and fulfil their reporting obligations under Bahrain Law and this Module.Amended: January 2022
October 2010Legal Basis
AML-A.1.3
This Module contains the Central Bank of Bahrain ('CBB') Directive (as amended from time to time) regarding the combating money laundering and terrorism financing and is issued under the powers available to the CBB under Article 38 of the Central Bank of Bahrain and Financial Institutions Law 2006 ('CBB Law'). The Directive in this Module is applicable to all
Capital Market Licensees .Amended: January 2022
Amended: July 2011
October 2010AML-A.1.4
For an explanation of the CBB's rule-making powers and different regulatory instruments, see section UG-1.1.
October 2010AML-A.2 AML-A.2 Module History
Evolution of Module
AML-A.2.1
This Module was first issued in October 2010. Any material changes that have subsequently been made to this Module are annotated with the calendar quarter date in which the change is made; Chapter UG-3 provides further details on Rulebook maintenance and version control.
October 2010AML-A.2.2
Prior to the introduction of this Module, the CBB had issued various regulatory instruments containing requirements covering different aspects of financial crime. The CBB issued Ministerial Order No. 1 of 2004 with Respect to Directives Relating to the Prevention & Prohibition of Money Laundering at the Bahrain Stock Exchange (BSE) and this Order was applicable to the BSE, issuers of
Securities , brokerage firms and offices, registration offices, issue underwriters, establishments accredited with receiving money relating to the subscription ofSecurities , custodians ofSecurities , banks accredited for clearance of transactions carried out at the BSE, dealers inSecurities , and all other entities concerned with dealing inSecurities .October 2010AML-A.2.3
A list of recent changes made to this Module is detailed in the table below:
Module Ref. Change Date Description of Changes AML-A.1.3 07/2011 Clarified legal basis. AML-7.1 07/2011 Clarified the Rules dealing with substantial shareholdings. AML-4.2.3 10/2014 Updated method of submitting STRs. AML-4.4 10/2014 Updated relevant authorities information. AML 07/2016 Updated to reflect February 2012 update to FATF Recommendations. AML-4.2.3 07/2016 Updated instructions for STR. AML-1.2.9A 01/2017 Added guidance paragraph on CR printing AML-9.2.1AA 04/2017 Added Paragraph on Implementing and complying with the United Nations Security Council resolutions requirement. AML-1.1.2A 10/2017 Added new paragraph on the verification of identity and source of funds. AML-1.1.2B 10/2017 Added new paragraph on the verification of identity and source of funds. AML-1.2.7 10/2017 Amended paragraph. AML-1.2.8A 10/2017 Added new paragraph on legal entities or legal arrangements CDD. AML-2.2.10 – AML-2.2.11 10/2017 Amended paragraphs on On-going CSS and Transaction Monitoring. AML-3.1.4A 10/2017 Added paragraph on combining the MLRO or DMLRO position with any other position within the licensee. AML-B.2.4 01/2018 Amended paragraph. AML-1.8.1 01/2018 Amended paragraph. AML-1.10.1 01/2018 Deleted sub-paragraph (a). AML-4.2.6 01/2018 Amended paragraph. AML-9.1.4 01/2018 Amended paragraph. AML-9.2.2 01/2018 Deleted paragraph. AML-1.1.2 07/2018 Deleted Sub-paragraph (a). AML-1.10.2 07/2018 Amended Paragraph deleting cross reference. AML-1.10.3 07/2018 Deleted Paragraph. AML-1.10.9 07/2018 Deleted Paragraph. AML-1.10.1 01/2019 Amended references. AML-3.3.2 01/2019 Amended references. AML-3.3.4 — AML-3.3.5 01/2019 Amended references. AML-1.2.9A 10/2019 Amended reference. AML-1.9.2 10/2019 Amended authority name. AML-3.1.8 10/2019 Amended authority name. AML-3.2.1 10/2019 Amended authority name. AML-4.2.3 10/2019 Amended authority name. AML-4.4.2 10/2019 Amended authority name. AML-7.1.2 10/2019 Deleted Paragraph. AML-9.2.1AA 10/2019 Added a new Paragraph on Terrorist Financing. AML-B.1.1 01/2020 Added “ crypto-asset licensees”. AML-B.1.3 01/2020 Deleted Paragraph. AML-B.3 01/2020 Deleted Section. AML-C 01/2020 Added new Chapter “Risk Based Approach”. AML-1 01/2020 Rename the Chapter to “Customer Due Diligence”. AML-1.1.1 01/2020 Amended Paragraph on procedures approval. AML-1.1.2 01/2020 Added sub-paragraph (i). AML-1.1.14 – AML-1.1.16 01/2020 Added new paragraphs on “Suspicious Wallet Addresses”. AML-1.2.1 01/2020 Added sub-paragraph (n). AML-1.2.5 01/2020 Added new sub-paragraph (f). AML-1.3.4 01/2020 Added new paragraph. AML-1.4.7 01/2020 Added new paragraph. AML-1.5.4 01/2020 Deleted paragraph. AML-1.9 01/2020 Rename the section to “Shell financial Institutions”. AML-1.9.1 01/2020 Amended paragraph. AML-1.11 01/2020 Added new section “Enhanced Due Diligence for Correspondent Accounts” AML-2.2.1 01/2020 Amended Paragraph. AML-2A 01/2020 Added new chapter. AML-3.1.5 01/2020 Amended Paragraph. AML-3.1.5A 01/2020 Added Paragraph. AML-3.1.7 01/2020 Amended sub-Paragraph (a). AML-3.3.2 01/2020 Amended Paragraph. AML-3.3.5 01/2020 Amended Paragraph on report submission date. AML-3.3.2A – AML-3.3.2E 01/2020 Added Paragraphs. AML-6.1.1A – AML-6.1.1C 01/2020 Added Paragraphs. AML-8.1.1 01/2020 Deleted Paragraph. AML-8.1.1A 01/2020 Added Paragraph. AML-11.1.2 01/2020 Added Paragraph. AML-2.1.3 & AML-2.1.4 04/2020 Added new Paragraphs on KPIs compliance with AML/CFT requirements. AML-5.1.6A 01/2021 Added a new Paragraph on requirements to hire new employees. AML-A.1.3 01/2022 Amended Paragraph to replace financial crime with money laundering and terrorism financing. AML-C 01/2022 New revised risk-based approach (RBA). AML-1.1 01/2022 Amended Section to introduce additional rules for non-resident customers, amendments to customers onboarded prior to full completion of customer due diligence, digital onboarding etc. AML-1.2 01/2022 Amended Section to include E-KYC and electronic documents law requirements. AML-1.3.2 01/2022 Amended Paragraph on enhanced due diligence requirements for customers identified as having higher risk profile. AML-1.4 01/2022 Amended Section to introduce detailed requirements for digital onboarding and related requirements. AML-1.5.2 01/2022 Amended Paragraph on onboarding non-Bahraini PEPs using digital ID applications. AML-1.10.8A 01/2022 Added a new Paragraph on not applying simplified CDD in situations where the licensee has identified high ML/TF/PF risks. AML-2.2.5 01/2022 Amended Paragraph. AML-3.3.1B 01/2022 Amended Paragraph. AML-3.3.2 01/2022 Amended Paragraph. AML-3.3.5 01/2022 Amended Paragraph. AML-3.3.6 01/2022 Deleted Paragraph. AML-5.1.6A 01/2022 Deleted Paragraph. AML-9.2.5 01/2022 Amended reference to Paragraph. AML 01/2022 Changed Licensee name to Capital Market Licensees across Module. AML-C.2.9 01/2023 Minor amendment to Paragraph. AML-9.2.4(c) 01/2023 Added a new Sub-paragraph on reporting any frozen assets or actions taken. AML-1.1.17 10/2023 Amended Sub-Paragraph on the enhanced diligence for the non-resident accounts. AML-1.1.23 10/2023 Deleted Paragraph. AML-1.1.24 10/2023 Added a new Paragraph on CDD and Customer onboarding requirements. AML-1.4.14 10/2023 Deleted Paragraph. AML-1.12 10/2023 Added a new Section on reliance on third parties for customer due diligence. AML-1.2.1 01/2024 Amended Paragraph on customer due diligence. Superseded Requirements
AML-A.2.4
This Module supersedes the following provisions contained in Circulars or other regulatory instruments:
Circular/other references Provision Subject Resolution No. 1 of 2004 All In respect of the Directives Relating to the Prevention and Prohibition of Money Laundering at the Bahrain Stock Exchange October 2010AML-A.3 AML-A.3 Interaction with Other Modules
AML-A.3.1
All
Capital Market Licensees must comply with all the other relevant Modules in Volume 6 in addition to other applicable laws, rules and regulations.Amended: January 2022
October 2010AML-B AML-B Scope of Application
AML-B.1 AML-B.1 Scope of Application
AML-B.1.1
This Module contains the CBB's Directive relating to Anti-Money Laundering and Combating of Financial Crime and is issued under the powers available to the CBB under Article 38 of the CBB Law. The Directive under this Module is applicable to all
Capital Market Licensees and relevantPersons , including but not limited to issuers ofSecurities or anyPerson acting on their behalf, licensed exchanges, licensed market operators, licensed clearing houses, depositories, investment firms, collective investment undertakings, business trusts, listed companies,crypto-asset licensees , anyPerson acting for or on behalf of listed companies,Persons accredited with receiving money relating to the subscription ofSecurities , custodian ofSecurities , settlement banks, dealers inSecurities , share registrars, lead managers, underwriters, professional advisors, listing agents, auditors, financial analysts, credit rating agencies and any otherPerson concerned with dealing inSecurities , irrespective of whether suchPerson is aCapital Market Licensees or not. These rules are issued by way of a legally-binding Directive.Amended: January 2022
Amended: January 2020
Added: October 2010AML-B.1.2
Capital Market Licensees that are subsidiaries of an overseas based group may apply additional AML/CFT policies and procedures, provided they satisfy the minimum requirements contained in this Module.Amended: January 2022
Added: October 2010AML-B.1.3
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.1.4
The requirements of this Module are in addition to and supplement Decree Law No. (4) of 2001 with respect to the Prevention and Prohibition of the Laundering of Money; this Law was subsequently updated, with the issuance of Decree Law No. 54 of 2006 with respect to amending certain provisions of Decree No. 4 of 2001 (collectively, 'the AML Law'). The AML Law imposes obligations generally in relation to the prevention of money laundering and the combating of the financing of terrorism, to all
Persons resident in Bahrain (including financial services firms such asCapital Market Licensees ). AllCapital Market Licensees are therefore under the statutory obligations of that Law, in addition to the more specific requirements contained in this Module. Nothing in this Module is intended to restrict the application of the AML Law (a copy of which is contained in Part B of Volume 6 Capital Markets), under 'Supplementary Information'. Also included in Part B is a copy of Decree Law No. 58 of 2006 with respect to the protection of society from terrorism activities ('the anti-terrorism law').Amended: January 2022
Added: October 2010AML-B.2 AML-B.2 Overseas Subsidiaries and Branches
AML-B.2.1
Capital Market Licensees must apply the requirements in this Module to all their branches and subsidiaries operating both in the Kingdom of Bahrain and in foreign jurisdictions. Where local standards differ, the higher standard must be followed.Capital Market Licensees must pay particular attention to procedures in branches or subsidiaries in countries that do not or insufficiently apply theFATF Recommendations and do not have adequate AML/CFT procedures, systems and controls (see also Section AML-9.1).Amended: January 2022
Amended: July 2016
Added: October 2010AML-B.2.2
Where another jurisdiction's laws or regulations prevent a
Capital Market Licensee (or any of its foreign branches or subsidiaries) from applying the same standards contained in this Module or higher, theCapital Market Licensee must immediately inform the CBB in writing.Amended: January 2022
Added: October 2010AML-B.2.3
In such instances, the CBB will review alternatives with the
Capital Market Licensees . Should the CBB and theCapital Market Licensees be unable to reach agreement on the satisfactory implementation of this Module in a foreign subsidiary or branch, theCapital Market Licensees may be required by the CBB to cease the operations of the subsidiary or branch in the foreign jurisdiction in question.Amended: January 2022
Added: October 2010AML-B.2.4
Financial groups must implement groupwide programmes against money laundering and terrorist financing, including policies and procedures for sharing information within the group for AML/CFT purposes, which must also be applicable, and appropriate to, all branches and subsidiaries of the financial group. These must include:
(a) The development of internal policies, procedures and controls, including appropriate compliance management arrangements, and adequate screening procedures to ensure high standards when hiring employees;(b) An ongoing employee training programme;(c) An independent audit function to test the system;(d) Policies and procedures for sharing information required for the purposes of CDD and money laundering and terrorist financing risk management;(e) The provision at group-level compliance, audit, and/or AML/CFT functions of customer, account and transaction information from branches and subsidiaries when necessary for AML/CFT purposes; and(f) Adequate safeguards on the confidentiality and use of information exchanged.Amended: January 2018
Added: July 2016AML-B.3 AML-B.3 Definitions [This Section was deleted in January 2020]
Deleted: January 2020
Added: October 2010AML-B.3.1
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.2
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.3
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.4
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.5
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Amended: July 2016
Added: October 2010AML-B.3.6
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Amended: July 2016
Added: October 2010AML-B.3.7
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.8
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.9
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-B.3.10
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-C AML-C Risk Based Approach
AML-C.1 AML-C.1 Risk Based Approach
AML-C.1.1
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.1.2
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.1.3
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.1.4
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.1.6
Capital Market Licensees must perform enhanced measures where higher ML/TF/PF risks are identified to effectively manage and mitigate those higher risks.Added: January 2022AML-C.1.7
Capital Market Licensees must maintain and regularly review and update the documented risk assessment. The risk management and mitigation measures implemented by aCapital Market Licensee must be commensurate with the identified ML/TF/PF risks.Added: January 2022AML-C.1.8
Capital Market Licensees must allocate adequate financial, human and technical resources and expertise to effectively implement and take appropriate preventive measures to mitigate ML/TF/PF risks.Added: January 2022AML-C.2 AML-C.2 Risk Assessment
AML-C.2.1
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.2
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.3
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.4
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.5
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.6
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.2.7
Capital Market Licensees must ensure that it takes measures to identify, assess, monitor, manage and mitigate ML/TF/PF risks to which it is exposed and that the measures taken are commensurate with the nature, scale and complexities of its activities. The risk assessment must enable thelicensee to understand how, and to what extent, it is vulnerable to ML/TF/PF.Added: January 2022AML-C.2.8
In the context of the risk assessment, “proliferation financing risk” refers to the potential breach, non-implementation or evasion of the targeted financial sanctions obligations referred to in FATF Recommendation 7.
Added: January 2022AML-C.2.9
The risk assessment must be properly documented, regularly updated and communicated to the
capital market licensees senior management.Licensees must have in place policies, controls and procedures, which are approved by senior management, to enable them to manage and mitigate the risks that have been identified. In conducting its risk assessments, thecapital market licensees must consider quantitative and qualitative information obtained from the relevant internal and external sources to identify, manage and mitigate these risks. This must include consideration of the risk and threat assessments using, national risk assessments, sectorial risk assessments, crime statistics, typologies, risk indicators, red flags, guidance and advisories issued by inter-governmental organisations, national competent authorities and the FATF, and AML/CFT/CPF mutual evaluation and follow-up reports by the FATF or associated assessment bodies.Amended: January 2023
Added: January 2022AML-C.2.10
Capital Market Licensees must assess country/geographic risk, customer/investor risk, product/ service/ transactions risk and distribution channel risk taking into consideration the appropriate factors in identifying and assessing the ML/TF/PF risks, including the following:a) The nature, scale, diversity and complexity of its business, products and target markets;b) Products, services and transactions that inherently provide more anonymity, ability to pool underlying customers/funds, cash-based, face-to-face, non face-to-face, domestic or cross-border;c) The volume and size of its transactions, nature of activity and the profile of its customers;d) The proportion of customers identified as high risk;e) Its target markets and the jurisdictions it is exposed to, either through its own activities or the activities of customers, especially jurisdictions with relatively higher levels of corruption or organised crime, and/or deficient AML/CFT/CPF controls and listed by FATF;f) The complexity of the transaction chain (e.g. complex layers of intermediaries and sub intermediaries or distribution channels that may anonymise or obscure the chain of transactions) and types of distributors or intermediaries;g) The distribution channels, including the extent to which theCapital market licensee deals directly with the customer and the extent to which it relies (or is allowed to rely) on third parties to conduct CDD and the use of technology; andh) Internal audit, external audit or regulatory inspection findings.Added: January 2022Country/Geographic risk
AML-C.2.11
Country/geographic area risk, in conjunction with other risk factors, provides useful information as to potential ML/TF/PF risks. Factors that may be considered as indicators of higher risk include:
(a) Countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports, as not having adequate AML/CFT/CPF systems;(b) Countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country;(c) Countries identified by credible sources as having significant levels of corruption or organized crime or other criminal activity, including source or transit countries for illegal drugs, human trafficking and smuggling and illegal gambling;(d) Countries subject to sanctions, embargoes or similar measures issued by international organisations such as the United Nations Organisation; and(e) Countries identified by credible sources as having weak governance, law enforcement, and regulatory regimes, including countries identified by the FATF statements as having weak AML/CFT/CPF regimes, and for which financial institutions should give special attention to business relationships and transactions.Added: January 2022Customer/Investor risk
AML-C.2.12
Categories of customers which may indicate a higher risk include:
(a) The business relationship is conducted in unusual circumstances (e.g. significant unexplained geographic distance between the financial institution and the customer).(b) Non-resident customers;(c) Legal persons or arrangements that are personal asset-holding vehicles;(d) Companies that have nominee shareholders or shares in bearer form;(e) Businesses that are cash-intensive;(f) The ownership structure of the company appears unusual or excessively complex given the nature of the company’s business;(g) Customer is sanctioned by the relevant national competent authority for non-compliance with the applicable AML/CFT/CPF regime and is not engaging in remediation to improve its compliance;(h) Customer is a PEP or customer’s family members, or close associates are PEPs (including where a beneficial owner of a customer is a PEP);(i) Customer resides in or whose primary source of income originates from high-risk jurisdictions;(j) Customer resides in countries considered to be uncooperative in providing beneficial ownership information; customer has been mentioned in negative news reports from credible media, particularly those related to predicate offences for AML/CFT/CPF or to financial crimes;(k) Customer’s transactions indicate a potential connection with criminal involvement, typologies or red flags provided in reports produced by the FATF or national competent authorities;(l) Customer is engaged in, or derives wealth or revenues from, a high-risk cash-intensive business;(m) The number of STRs and their potential concentration on particular client groups;(n) Customers who have sanction exposure; and(o) Customer has a non-transparent ownership structure.Added: January 2022Product/Service/Transactions risk
AML-C.2.13
An overall risk assessment should include determining the potential risks presented by product, service, transaction or the delivery channel of the
Capital market licensees . ACapital market licensees should assess, using an RBA, the extent to which the offering of its product, service, transaction or the delivery channel presents potential vulnerabilities to placement, layering or integration of criminal proceeds into the financial system.Added: January 2022AML-C.2.14
Determining the risks of product, service, transaction or the delivery channel offered to customers may include a consideration of their attributes, as well as any associated risk mitigation measures. Products and services that may indicate a higher risk include:
(a) Private banking;(b) Anonymous transactions (which may include cash);(c) Non-face-to-face business relationships or transactions;(d) Payment received from unknown or un-associated third parties;(e) Products or services that may inherently favour anonymity or obscure information about underlying customer transactions;(f) The geographical reach of the product or service offered, such as those emanating from higher risk jurisdictions;(g) Products with unusual complexity or structure and with no obvious economic purpose;(h) Products or services that permit the unrestricted or anonymous transfer of value (by payment or change of asset ownership) to an unrelated third party, particularly those residing in a higher risk jurisdiction; and(i) Use of new technologies or payment methods not used in the normal course of business by theconventional bank licensee .Added: January 2022Distribution channel risk
AML-C.2.15
A customer may request transactions that pose an inherently higher risk to the
conventional bank licensee . Factors that may be considered as indicators of higher risk include:(a) A request is made to transfer funds to a higher risk jurisdiction/country/region without a reasonable business purpose provided; and(b) A transaction is requested to be executed, where thelicensee is made aware that the transaction will be cleared/settled through an unregulated entity.Added: January 2022AML-C.2.16
Capital market licensees should analyse the specific risk factors, which arise from the use of intermediaries and their services. Intermediaries’ involvement may vary with respect to the activity they undertake and their relationship with theCapital market licensees .Capital market licensees should understand who the intermediary is and perform a risk assessment on the intermediary prior to establishing a business relationship.Licensees and intermediaries should establish clearly their respective responsibilities for compliance with applicable regulation.Added: January 2022AML-C.3 AML-C.3 [This Section was deleted in January 2022].
AML-C.3.1
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.3.2
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.3.3
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2020AML-C.1.5
Capital Market Licensees must implement Risk Based Approach (RBA) in establishing an AML/CFT/CPF program and conduct ML/TF/PF risk assessments prior to and during the establishment of a business relationship and, on an ongoing basis, throughout the course of its relationship with the customer. Thelicensee must establish and implement policies, procedures, tools and systems commensurate with the size, nature and complexity of its business operations to support its RBA.Added: January 2022AML-1 AML-1 Customer Due Diligence Requirements
AML-1.1 AML-1.1 General Requirements
Verification of Identity and Source of Funds
AML-1.1.1
Capital Market Licensees must establish effective systematic internal procedures for establishing and verifying the identity of their customers and the source of their funds. Such procedures must be set out in writing and approved by theCapital Market Licensees senior management and must be strictly adhered to.Amended: January 2022
Amended: January 2020
Amended: July 2016
Added: October 2010AML-1.1.2
Capital Market Licensees must implement the customer due diligence measures outlined in Chapter AML-1 when:(a) [This Sub-paragraph was deleted in July 2018];(b) Establishing business relations with a new or existing customer;(c) A change to the signatory or beneficiary of an existing account or business relationship is made;(d) Customer documentation standards change substantially;(e) TheCapital Market Licensees has doubts about the veracity or adequacy of previously obtained customer due diligence information;(f) A significant transaction takes place (as per rule AML-2.2.3);(g) There is a material change in the way that an account is operated or in the manner in which the business relationship is conducted;(h) There is a suspicion ofMoney Laundering or terrorist financing; or(i) Carrying outaccepted crypto-assets transfers and/or wire transfers irrespective of value and/or amount.Amended: January 2022
Amended: January 2020
Amended: July 2018
Added: October 2010AML-1.1.2A
Capital Market Licensees must understand, and as appropriate, obtain information on the purpose and intended nature of the business relationship.Amended: January 2022
Added: October 2017AML-1.1.2B
Capital Market Licensees must conduct ongoing due diligence on the business relationship, including:(a) Scrutinizing transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution's knowledge of the customer, their business and risk profile, including, where necessary, the source of funds; and(b) Ensuring that documents, data or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records, particularly for higher risk categories of customers.Amended: January 2022
Added: October 2017AML-1.1.2C
A
capital market licensee must also review and update the customers’ risk profile based on their level of ML/TF/PF risk upon onboarding and regularly throughout the life of the relationship. The risk management and mitigation measures implemented by acapital market licensee must be commensurate with the risk profile of the customer or type of customer.Added: January 2022AML-1.1.3
For the purposes of this Module, 'customer' includes counterparties such as financial markets counterparties, except where
Capital Market Licensees are acting as principals where simplified due diligence measures may apply. These simplified measures are set out in section AML-1.10.Amended: January 2022
October 2010AML-1.1.4
The CBB's specific minimum standards to be followed with respect to verifying customer identity and source of funds are contained in section AML-1.2. Enhanced requirements apply under certain high-risk situations: these requirements are contained in sections AML-1.3 to AML-1.7 inclusive. Additional requirements apply where a
Capital Market Licensee is relying on a professional intermediary to perform certain parts of the customer due diligence process: these are detailed in section AML-1.8. Simplified customer due diligence measures may apply in defined circumstances: these are set out in section AML-1.10.Amended: January 2022
October 2010Verification of Third Parties
AML-1.1.5
Capital Market Licensees must obtain a signed statement, in hard copy or through digital means from all new customers confirming whether or not the customer is acting on his own behalf or not. This undertaking must be obtained prior to conducting any transactions with the customer concerned.Amended: January 2022
Added: October 2010AML-1.1.6
Where a customer is acting on behalf of a third party, the
Capital Market Licensees must also obtain a signed statement from the third party, confirming they have given authority to the customer to act on their behalf. Where the third party is a legal person, theCapital Market Licensees must have sight of the original Board resolution (or other applicable document) authorising the customer to act on the third party's behalf and retain a certified copy.Amended: January 2022
Added: October 2010AML-1.1.7
Capital Market Licensees must establish and verify the identity of the customer and (where applicable) the party/parties on whose behalf the customer is acting, including the Beneficial Owner of the funds. Verification must take place in accordance with the requirements specified in this Chapter.Amended: January 2022
Added: October 2010AML-1.1.8
Where capital market services are provided to a minor or other person lacking full legal capacity, the normal identification procedures as set out in this Chapter must be followed. In the case of minors,
Capital Market Licensees must additionally verify the identity of the parent(s) or legal guardian(s). Where a third party on behalf of a person lacking full legal capacity wishes to open business relations, theCapital Market Licensee must establish the identity of that third party, as well as the person conducting the business.Amended: January 2022
Added: October 2010Anonymous and Nominee Accounts
AML-1.1.9
Capital Market Licensees must not establish or keep anonymous accounts or accounts in fictitious names. WhereCapital Market Licensees maintain a nominee account, which is controlled by or held for the benefit of another person, the identity of that person must be disclosed to theCapital Market Licensees and verified by it in accordance with the requirements specified in this Chapter.Amended: January 2022
Added: October 2010Timing of Verification
AML-1.1.10
Capital Market Licensees must not commence a business relationship or undertake a transaction with a customer before completion of the relevant customer due diligence (‘CDD’) measures specified in Chapter AML-1.Capital Market Licensees must also adopt risk management procedures with respect to the conditions under which a customer may utilise the business relationship prior to verification. However, verification may be completed after receipt of funds in the case of non face-to-face business, or the subsequent submission of CDD documents by the customer after undertaking initial customer due diligence provided that no disbursement of funds takes place until after the requirements of this Chapter have been fully met.Amended: January 2022
Added: October 2010Incomplete Customer Due Diligence
AML-1.1.11
Where a
Capital Market Licensee is unable to comply with the requirements specified in Chapter AML-1, it must consider whether to terminate the relationship or not proceed with the transaction. If it proceeds with the transaction (to avoid tipping off the customer), it should additionally consider whether it should file a Suspicious Transaction Report.Amended: January 2022
Added: October 2010AML-1.1.12
See also Chapter AML-4, which covers the filing of Suspicious Transaction Reports.
October 2010AML-1.1.13
The CBB will monitor the application of these requirements to
Capital Market Licensees existing customer base.Amended: January 2022
Added: October 2010Suspicious Wallet Addresses
AML-1.1.14
A
crypto-asset licensee must establish and implement policies for identification of wallet addresses that are suspected of ML/TF (suspicious wallet addresses).Added: January 2020AML-1.1.15
A
crypto-asset licensee must not establish or continue business relationship with or transact with suspicious wallet addresses referred to in Paragraph-1.1.14.Added: January 2020AML-1.1.16
Where a
crypto-asset licensee identifies or becomes aware of a suspicious wallet address, it must immediately file a Suspicious Transaction Report (STR) and also notify the CBB.Added: January 2020Non-Resident Accounts
AML-1.1.17
Capital Market Licensees that establish a business relationship or transact or deal with non-resident customers must have documented criteria for acceptance of business with such persons. For non-resident customers, assessed as high risk,licensees must ensure the following:(a) Ensure there is a viable economic reason for the business relationship;(b) Perform enhanced due diligence where required in accordance with Paragraph AML-1.1.24;(c) Obtain and document the country of residence for tax purposes where relevant;(d) Obtain evidence of banking relationships in the country of residence;(e) Obtain the reasons for dealing with licensee in Bahrain;(f) Obtain an indicative transaction volume and/or value of incoming funds; and(g) Test that the persons are contactable without unreasonable delays.Amended: October 2023
Added: January 2022AML-1.1.18
Capital Market Licensees must not accept non-residents customers from high risk jurisdictions subject to a call for action by FATF.Added: January 2022AML-1.1.19
Capital Market Licensees must take adequate precautions and risk mitigation measures before onboarding non-resident customers from high risk jurisdictions. Thelicensees must establish detailed assessments and criteria that take into consideration FATF mutual evaluations, FATF guidance, the country national risk assessments (NRAs) and other available guidance on onboarding and retaining non-resident customers from the following high-risk jurisdictions:(a) Jurisdictions under increased monitoring by FATF;(b) Countries upon which United Nations sanctions have been imposed except those referred to in Paragraph AML-1.1.18; and(c) Countries that are the subject of any other sanctions.Added: January 2022AML-1.1.20
Capital Market Licensees must establish systems and measures that are proportional to the risk relevant to each jurisdiction and this must be documented. Such a document must show the risks, mitigation measures for each jurisdiction and for each non-resident customer.Added: January 2022AML-1.1.21
Capital Market Licensees must establish a comprehensive documented policy and procedures describing also the tools, methodology and systems that support the licensee’s processes for:(a) The application of RBA;(b) Customer due diligence;(c) Ongoing transaction monitoring; and(d) Reporting in relation to their transactions or dealings with non-resident customers.Added: January 2022AML-1.1.22
Capital Market Licensees must ensure that only the official/government documents are accepted for the purpose of information in Subparagraphs AML-1.2.1 (a) to (f) in the case of non-resident customers.Added: January 2022AML-1.1.23
[This Paragraph has been deleted in October 2023].
Deleted: October 2023
Added: January 2022AML-1.1.24
Capital Market Licensees must follow the below CDD and customer onboarding requirements:Enhanced Due Diligence Digital Onboarding Bahrainis and GCC nationals (wherever they reside) and expatriates resident in Bahrain No Yes Others Yes Yes Added: October 2023AML-1.2 AML-1.2 Face-to-Face Business
Natural Persons
AML-1.2.1
If the customer is a natural
Person ,Capital Market Licensees must identify the person’s identity and obtain the following information before providing capital market services, as described in paragraph AML-1.1.2:(a) Full legal name and any other names used;(b) Full permanent address (i.e. the residential address of the customer; a post office box is insufficient);(c) Date of birth;(d) Nationality;(e) Passport number (if the customer is a passport holder);(f) Current CPR or Iqama number (for residents of Bahrain or GCC states) or government issued national identification proof;(g) Telephone/fax number and email address (where applicable);(h) Occupation or public position held (where applicable);(i) Employer's name and address (if self-employed, the nature of the self-employment);(j) Type of account, and nature and volume of anticipated business dealings with theCapital Market Licensees ;(k) Signature of the customer(s);(l) Source of funds;(m) Source ofSecurities ;(n) Reason for opening the account; and(o) Place of birth.Amended: January 2024
Amended: January 2022
Amended: January 2020
Added: October 2010AML-1.2.1A
Capital Market Licensees obtaining the information and customer signature electronically using digital applications must comply with the applicable laws governing the onboarding/business relationship including but not limited to the Electronic Transactions Law (Law No. 54 of 2018) for the purposes of obtaining signatures as required in Subparagraph AML-1.2.1 (k) above.Added: January 2022AML-1.2.2
See the Guidance Notes (filed under Supplementary Information in Part B of Volume 6) for further information on source of funds (rule AML-1.2.1 (l)) and CDD requirements for Bahrain residents (rule AML-1.2.1 (c) & (f)).
October 2010AML-1.2.3
Capital market licensees must verify the information in Paragraph AML-1.2.1 (a) to (f), by the following methods below; at least one of the copies of the identification documents mentioned in (a) and (b) below must include a clear photograph of the customer:(a) Confirmation of the date of birth and legal name, by use of the national E-KYC application and if this is not practical, obtaining a copy of a current valid official original identification document (e.g. birth certificate, passport, national identity card, CPR or Iqama);(b) Confirmation of the permanent residential address by use of the national E-KYC application and if this is not practical, obtaining a copy of a recent utility bill, bank statement or similar statement from another licensee or financial institution, or some form of official correspondence or official documentation card, such as national identity card or CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of the licensee; and(c) Where appropriate, direct contact with the customer by phone, letter or email to confirm relevant information, such as residential address information.Amended: January 2022
Added: October 2010AML-1.2.4
Any document copied or obtained for the purpose of identification verification in a face-to-face customer due diligence process must be an original. An authorised official of the
Capital Market Licensees must certify the copy, by writing on it the words 'original sighted', together with the date and his name and signature. Equivalent measures must be taken for electronic copies.Amended: January 2022
Added: October 2010AML-1.2.5
Identity documents which are not obtained by an authorised official of the
Capital Market Licensees in original form (e.g. due to a customer sending a copy by post following an initial meeting) must instead be certified (as per rule AML-1.2.4) by one of the following from a GCC or FATF member state:(a) A lawyer;(b) A notary;(c) A chartered/certified accountant;(d) An official of a government ministry;(e) An official of an embassy or consulate;(f) An official of another licensed financial institution or of an associate company of the licensee.Amended: January 2022
Amended: January 2020
Added: October 2010AML-1.2.6
The individual making the certification under rule AML-1.2.5 must give clear contact details (e.g. by attaching a business card or company stamp). The
Capital Market Licensee must verify the identity of thePerson providing the certification through checking membership of a professional organisation (for lawyers or accountants), or through checking against databases/websites, or by direct phone or email contact.Amended: January 2022
Added: October 2010Legal Entities or Legal Arrangements (such as trusts)
AML-1.2.7
If the customer is a legal entity or a legal arrangement such as a company or trust, the
Capital Market Licensee must obtain and record the following information from original identification documents, databases, or websites, in hard copy or electronic form, identify the customer and to take reasonable measures to verify its identity;(a) The entity's full name and other trading names used;(b) Registration number (or equivalent);(c) Legal form and status and proof of existence;(d) Registered address and trading address (including a branch where applicable);(e) Objectives and type of business activity;(f) Date and place of incorporation or establishment;(g) Telephone, fax number and email address;(h) Regulatory body or listing body (for regulated activities such as financial services and listed companies);(hh) The names of the relevant persons having a senior management position in the legal entity or legal arrangement;(i) Name of external auditor (where applicable);(j) Type of account, and nature and volume of anticipated business dealings with theCapital Market Licensee ;(k) Source of funds; and(l) Legal representative, such as Trustees or trusts.Amended: January 2022
Amended: October 2017
Added: October 2010AML-1.2.8
The information provided under rule AML-1.2.7 must be verified by obtaining certified copies of the following documents, as applicable (depending on the legal form of the entity):
(a) Certificate of incorporation and/or certificate of commercial registration or trust deed;(b) Partnership agreement;(c) Board resolution seeking the capital market services (only necessary in the case of private or unlisted companies);(d) Identification documentation of the authorised signatories of the account (certification not necessary for companies listed in a GCC/FATF state);(e) Copy of the latest financial report and accounts, audited where possible (audited copies do not need to be certified);(f) List ofPersons authorised to do business on behalf of the company and in the case of the opening of an account, a Board resolution (or other applicable document) authorising the namedPersons to operate the account (resolution only necessary for private or unlisted companies); and(g) Memorandum and Articles of Association.Amended: July 2016
Amended: April 2016
October 2010AML-1.2.8A
For customers that are legal persons,
Capital Market Licensees must identify and take reasonable measures to verify the identity ofbeneficial owners through the following information:(a) The identity of the natural person(s) who ultimately have a controlling ownership interest in a legal person, and(b) To the extent that there is doubt under (a) as to whether the person(s) with the controlling ownership interest is thebeneficial owner (s), or where no natural person exerts control of the legal person or arrangement through other means; and(c) Where no natural person is identified under (a) or (b) above, the identity of the relevant natural person who holds the position of senior managing official.Amended: January 2022
Added: October 2017AML-1.2.9
Documents obtained to satisfy the requirements in rule AML-1.2.8 above must be certified in the manner specified in rules AML-1.2.4 to AML-1.2.6.
October 2010AML-1.2.9A
For the purpose of Subparagraph AML-1.2.8(a), the requirement to obtain a certified copy of the commercial registration, may be satisfied by obtaining a commercial registration abstract printed directly from the Ministry of Industry, Commerce and Tourism's website, through "SIJILAT Commercial Registration Portal".
Amended: October 2019
Added: January 2017AML-1.2.10
The documentary requirements in rule AML-1.2.8 above do not apply in the case of listed companies from countries which are members of FATF/GCC: see section AML-1.8 below. Also, the documents listed in rule AML-1.2.8 above are not exhaustive: for customers from overseas jurisdictions, documents of an equivalent nature may be produced as satisfactory evidence of a customer's identity.
October 2010AML-1.2.11
Capital Market Licensees must also obtain and document the following due diligence information. These due diligence requirements must be incorporated in theCapital Market Licensees new business procedures:(a) Enquire as to the structure of the legal entity or trust sufficient to determine and verify the identity of the ultimate beneficial owner of the funds orSecurities , the ultimate provider of funds orSecurities (if different), and the ultimate controller of the funds orSecurities (if different);(b) Ascertain whether the legal entity has been or is in the process of being wound up, dissolved, struck off or terminated;(c) Obtain the names, country of residence and nationality of Directors or partners (only necessary for private or unlisted companies);(d) Require, through new customer documentation or other transparent means, updates on significant changes to corporate ownership and/or legal structure;(e) Obtain and verify the identity of shareholders holding 20% or more of the issued capital (where applicable). The requirement to verify the identity of these shareholders does not apply in the case of FATF/GCC listed companies;(f) In the case of trusts or similar arrangements, establish the identity of the settlor(s), trustee(s), and beneficiaries (including making such reasonable enquiries as to ascertain the identity of any other potential beneficiary, in addition to the named beneficiaries of the trust); and(g) Where aCapital Market Licensee has reasonable grounds for questioning the authenticity of the information supplied by a customer, conduct additional due diligence to confirm the above information.Amended: January 2022
Added: October 2010AML-1.2.12
For the purposes of rule AML-1.2.11, acceptable means of undertaking such due diligence might include taking bank references; visiting or contacting the company by telephone; undertaking a company search or other commercial enquiries; accessing public and private databases (such as stock exchange lists, if they are listed); making enquiries through a business information service or credit bureau; confirming a company's status with an appropriate legal or accounting firm; or undertaking other enquiries that are commercially reasonable.
October 2010AML-1.2.13
In cases where a
Capital Market Licensee is providing investment management services to a regulated mutual fund, and is not responsible for receiving investors' funds (being paid into the fund), it may limit its CDD to confirming that the administrator of the fund is subject to FATF-equivalent customer due diligence measures (see section AML-1.7 for applicable measures). Where there are reasonable grounds for believing that investors' funds being paid into the fund are not being adequately verified by the administrator, then theCapital Market Licensee should consider terminating its relationship with the fund.Amended: January 2022
Added: October 2010AML-1.3 AML-1.3 Enhanced Customer Due Diligence: General Requirements
AML-1.3.1
Enhanced customer due diligence must be performed on those customers identified as having a higher risk profile, and additional inquiries made or information obtained in respect of those customers.
October 2010AML-1.3.2
Capital Market licensees should examine, as far as reasonably possible, the background and purpose of all complex, unusual large transactions, and all unusual patterns of transactions, which have no apparent economic or lawful purpose. Where the risks of money laundering or terrorist financing are higher,capital Market licensees should conduct enhanced CDD measures, consistent with the risks identified. In particular, they should increase the degree and nature of monitoring of the business relationship, in order to determine whether those transactions or activities appear unusual or suspicious. The additional inquiries or information referred to in Paragraph AML-1.3.1 include:(a) Obtaining additional information on the customer (e.g. occupation, volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner;(b) Obtaining additional information on the intended nature of the business relationship;(c) Obtaining information on the source of funds or source of wealth of the customer;(d) Obtaining information on the reasons for intended or performed transactions;(e) Obtaining the approval of senior management to commence or continue the business relationship;(f) Conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination;(g) Taking specific measures to identify the source of the first payment in this account and applying RBA to ensure that there is a plausible explanation in any case where the first payment was not received from the same customer’s account;(h) Obtaining evidence of a person's permanent address through the use of a credit reference agency search, or through independent governmental database or by home visit;(i) Obtaining a personal reference (e.g. by an existing customer of theCapital Market Licensee );(j) Obtaining another licensed entity’s reference and contact with the concernedlicensee regarding the customer;(k) Obtaining documentation outlining the customer’s source of wealth;(l) Obtaining additional documentation outlining the customer’s source of income; and(m) Obtaining additional independent verification of employment or public position held.Amended: January 2022
Added: October 2010AML-1.3.3
In addition to the general rule contained in rule AML-1.3.1 above, special care is required in the circumstances specified in sections AML-1.4 to AML-1.8 inclusive.
October 2010AML-1.3.4
Additional enhanced due diligence measures for non-resident account holders may include the following:
(a) References provided by a regulated bank from a FATF country;(b) Certified copies of bank statements for a recent 3-month period; or(c) References provided by a known customer of the bank licensee.Added: January 2020AML-1.4 AML-1.4 Enhanced Customer Due Diligence: Non Face-to-Face Business and New Technologies
AML-1.4.1
Capital Market Licensees must establish specific procedures for verifying customer identity where no face-to-face contact takes place.Amended: January 2022
Added: October 2010AML-1.4.2
Where no face-to-face contact takes place,
Capital Market Licensees must take additional measures (to those specified in section AML-1.2), in order to mitigate the potentially higher risk associated with such business. In particular,Capital Market Licensees must take measures:(a) To ensure that the customer is thePerson they claim to be; and(b) To ensure that the address provided is genuinely the customer's.Amended: January 2022
Added: October 2010AML-1.4.3
There are a number of checks that can provide a
Capital Market Licensees with a reasonable degree of assurance as to the authenticity of the applicant. They include:(a) Telephone contact with the applicant on an independently verified home or business number;(b) With the customer's consent, contacting an employer to confirm employment via phone through a listed number or in writing;(c) Salary details appearing on recent bank statements.(d) Independent verification of employment (e.g.: through the use of a national E-KYC application, or public position held;(e) Carrying out additional searches (e.g. internet searches using independent and open sources) to better inform the customer risk profile;(f) Carrying out additional searches focused on financial crime risk indicator (i.e. negative news);(g) Evaluating the information provided with regard to the destination of fund and the reasons for the transaction;(h) Seeking and verifying additional information from the customer about the purpose and intended nature of the transaction or the business relationship; and(i) Increasing the frequency and intensity of transaction monitoring.Amended: January 2022
Added: October 2010AML-1.4.4
Capital market services provided using digital channels or internet pose greater challenges for customer identification and AML/CFT purposes.
Capital Market Licensees must identify and assess the money laundering or terrorist financing risks relevant to any new technology or channel and establish procedures to prevent the misuse of technological developments inMoney Laundering or terrorist financing schemes. The risk assessments must be consistent with the requirements in Section AML-C.2.Capital Market Licensees which provide screen based trading or online services to their customers must set-up programmes or systems to highlight unusual transactions to enable theCapital Market Licensees to report all such transactions.Amended: January 2022
Added: October 2010New Products, Practices and Technologies
AML-1.4.5
Capital Market Licensees must identify and assess the money laundering or terrorist financing risks that may arise in relation to:(a) The development of new products and new business practices, including new delivery mechanisms; and(b) The use of new or developing technologies for both new and pre-existing products.Amended: January 2022
Added: April 2016AML-1.4.6
For purposes of Paragraph AML-1.4.5, such a risk assessment must take place prior to the launch of the new products, business practices or the use of new or developing technologies.
Capital Market Licensees must take appropriate measures to manage and mitigate those risks.Amended: January 2022
Added: April 2016AML-1.4.7
Capital Market Licensees , while complying with the requirements of Paragraphs AML-1.4.5 and AML-1.4.6, must pay special attention to new products, new business practices, new delivery mechanisms and new or developing technologies that favor anonymity.Amended: January 2022
Added: January 2020Enhanced Monitoring
AML-1.4.8
Customers on boarded digitally must be subject to enhanced on-going account monitoring measures.
Added: January 2022AML-1.4.9
The CBB may require a
licensee to share the details of the enhanced monitoring and the on-going monitoring process for non face-to-face customer relationships.Added: January 2022Licensee’s digital ID applications
AML-1.4.10
Capital Market Licensees may use its digital ID applications that use secure audio-visual real time (live video conferencing/live photo selfies) communication means to identify the natural person.Added: January 2022AML-1.4.11
Capital Market Licensees must maintain a document available upon request for the use of its digital ID applications that includes all the following information:(a) A description of the nature of products and services for which the proprietary digital ID application is planned to be used with specific references to the rules in this Module for which it will be used;(b) A description of the systems and IT infrastructure that are planned to be used;(c) A description of the technology and applications that have the features for facial recognition or biometric recognition to authenticate independently and match the face and the customer identification information available with the licensee. The process and the features used in conjunction with video conferencing include, among others, face recognition, three-dimensional face matching techniques etc;(d) “Liveness” checks created in the course of the identification process;(e) A description of the governance arrangements related to this activity including the availability of specially trained personnel with sufficient level of seniority; and(f) Record keeping arrangements for electronic records to be maintained and the relative audit.Added: January 2022AML-1.4.12
Capital Market Licensees that intends to use its digital ID application to identify the customer and verify identity information must meet the following additional requirements:(a) The digital ID application must make use of secure audio visual real time (live video conferencing/ live photo selfies) technology to (i) identify the customer, (ii) verify his/her identity, and also (iii) ensure the data and documents provided are authentic;(b) The picture/sound quality must be adequate to facilitate unambiguous identification;(c) The digital ID application must include or be combined with capability to read and decrypt the information stored in the identification document’s machine readable zone (MRZ) for authenticity checks from independent and reliable sources;(d) Where the MRZ reader is with an outsourced provider, thelicensee must ensure that such party is authorized to carry out such services and the information is current and up to date and readily available such that thelicensee can check that the decrypted information matches the other information in the identification document;(e) The digital ID application has the features for allowing facial recognition or biometric recognition that can authenticate and match the face and the customer identification documents independently;(f) The digital ID solution has been tested by an independent expert covering the governance and control processes to ensure the integrity of the solution and underlying methodologies, technology and processes and risk mitigation. The report of the expert’s findings must be retained and available upon request;(g) The digital ID application must enable an ongoing process of retrieving and updating the digital files, identity attributes, or data fields which are subject to documented access rights and authorities for updating and changes; and(h) The digital ID application must have the geo-location features which must be used by thelicensee to ensure that it is able to identify any suspicious locations and to make additional inquiries if the location from which a customer is completing the onboarding process does not match the location of the customer based on the information and documentation submitted.Added: January 2022AML-1.4.13
Capital Market Licensees using its digital ID application must establish and implement an approved policy which lays down the governance, control mechanisms, systems and procedures for the CDD which include:(a) A description of the nature of products and services for which customer due diligence may be conducted through video conferencing or equivalent electronic means;(b) A description of the systems, controls and IT infrastructure planned to be used;(c) Governance mechanism related to this activity;(d) Specially trained personnel with sufficient level of seniority; and(e) Record keeping arrangements for electronic records to be maintained and the relative audit trail.Added: January 2022AML-1.4.14
[This Paragraph has been deleted in October 2023]
Deleted: October 2023
Added: January 2022AML-1.4.15
Capital Market Licensees must ensure that the information referred to in Paragraph AML-1.2.1 is collected in adherence to privacy laws and other applicable laws of the country of residence of the customer.Added: January 2022AML-1.4.16
Capital Market Licensees must ensure that the information referred to in Subparagraphs AML-1.2.1 (a) to (f) is obtained prior to commencing the digital verification such that:(a) Thelicensee can perform its due diligence prior to the digital interaction/communication and can raise targeted questions at such interaction/communication session; and(b) Thelicensee can verify the authenticity, validity and accuracy of such information through digital means (See Paragraph AML-1.4.18 below) or by use of the methods mentioned in Paragraph AML-1.2.3 and /or AML-1.4.3 as appropriate.Added: January 2022AML-1.4.17
Capital Market Licensees must also obtain the customer’s explicit consent to record the session and capture images as may be needed.Added: January 2022AML-1.4.18
Capital Market Licensees must verify the information in Paragraph AML-1.2.1 (a) to (f) by the following methods below:(a) Confirmation of the date of birth and legal name by digital reading and authenticating current valid passport or other official original identification using machine readable zone (MRZ) or other technology which has been approved under paragraph FC-1.4.10, unless the information was verified using national E-KYC application;(b) Performing real time video calls with the applicant to identify the person and match the person’s face and /other features through facial recognition or bio-metric means with the office documentation, (e.g. passport, CPR);(c) Matching the official identification document, (e.g. passport, CPR) and related information provided with the document captured/displayed on the live video call; and(d) Confirmation of the permanent residential address by, unless the information was verified using national E-KYC application capturing live, the recent utility bill, bank statement or similar statement from anotherlicensee or financial institution, or some form of official correspondence or official documentation card, such as national identity card or CPR, from a public/governmental authority, or a tenancy agreement or record of home visit by an official of thelicensee .Added: January 2022AML-1.4.19
For the purposes of Paragraph AML-1.4.18, actions taken for obtaining and verifying customer identity could include:
(a) Collection: Present and collect identity attributes and evidence, either in person and/or online (e.g., by filling out an online form, sending a selfie photo, uploading photos of documents such as passport or driver’s license, etc.);(b) Certification: Digital or physical inspection to ensure the document is authentic and its data or information is accurate (for example, checking physical security features, expiration dates, and verifying attributes via other services);(c) De-duplication: Establish that the identity attributes and evidence relate to a unique person in the ID system (e.g., via duplicate record searches, biometric recognition and/or deduplication algorithms);(d) Verification: Link the individual to the identity evidence provided (e.g., using biometric solutions like facial recognition and liveness detection); and(e) Enrolment in identity account and binding: Create the identity account and issue and link one or more authenticators with the identity account (e.g., passwords, one-time code (OTC) generator on a smartphone, etc.). This process enables authentication.Added: January 2022AML-1.4.20
Not all elements of a digital ID system are necessarily digital. Some elements of identity proofing and enrolment can be either digital or physical (documentary), or a combination, but binding and authentication must be digital.
Added: January 2022AML-1.4.21
Sufficient controls must be put in place to safeguard the data relating to customer information collected through the video conference and due regard must be paid to the requirements of the Personal Data Protection Law (PDPL). Additionally, controls must be put in place to minimize the increased impersonation fraud risk in such non face-to-face relationship where there is a chance that customer may not be who he claims he is.
Added: January 2022Overseas branches
AML-1.4.22
Where
Capital Market Licensees intend to use a digital ID application in a foreign jurisdiction in which it operates, it must ensure that the digital ID application meets with the requirements under Paragraph AML-B.2.1.Added: January 2022AML-1.5 AML-1.5 Enhanced Customer Due Diligence: Politically Exposed Persons ('PEPs')
AML-1.5.1
Capital Market Licensees must have appropriate risk management systems to determine whether a customer or beneficial owner is aPolitically Exposed Person ('PEP') , both at the time of establishing business relations and thereafter on a periodic basis.Capital Market Licensees must utilise publicly available databases and information to establish whether a customer is aPEP .Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.5.2
Capital Market Licensees must establish a client acceptance policy with regard toPEPs , taking into account the reputational and other risks involved. Senior management approval must be obtained before aPEP is accepted as a customer.Capital Market Licensees must not accept a non-Bahraini PEP as a customer based on customer due diligence undertaken using digital ID applications.Amended: January 2022
Added: October 2010AML-1.5.3
Where an existing customer is a
PEP , or subsequently becomes aPEP , enhanced monitoring and customer due diligence measures must include:(a) Analysis of complex financial structures, including trusts, foundations or international business corporations;(b) A written record in the customer file to establish that reasonable measures have been taken to establish both the source of wealth and the source of funds;(c) Development of a profile of anticipated customer activity, to be used in on-going monitoring;(d) Approval of senior management for allowing the customer relationship to continue; and(e) On-going account monitoring of thePEP's account by senior management (such as the MLRO).October 2010AML-1.5.3A
In cases of higher risk business relationships with such persons, mentioned in Paragraph AML-1.5.1,
Capital Market Licensees must apply, at a minimum, the measures referred to in (b), (d) and (e) of Paragraph AML-1.5.3.Amended: January 2022
Added: July 2016AML-1.5.3B
The requirements for all types of
PEP must also apply to family or close associates of suchPEPs .Added: July 2016AML-1.5.3C
For the purpose of Paragraph AML-1.5.3B, 'family' means spouse, father, mother, sons, daughters, sisters and brothers. 'Associates' are persons associated with a
PEP whether such association is due to the person being an employee or partner of thePEP or of a firm represented or owned by thePEP , or family links or otherwise.Added: July 2016AML-1.5.4
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Amended: July 2016
October 2010AML-1.6 AML-1.6 Enhanced Due Diligence: Charities, Clubs and Other Societies
AML-1.6.1
Capital market services must not be provided to charitable funds and religious, sporting, social, cooperative and professional and other societies, until an original certificate authenticated by the relevant Ministry confirming the identities of those purporting to act on their behalf (and authorising them to obtain the said service) has been obtained. For clubs and societies registered with the General Organisation for Youth and Sports (GOYS),
Capital Market Licensees must contact GOYS to clarify whether the account may be opened in accordance with the rules of GOYS.Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.6.2
Capital Market Licensees are reminded that clubs and societies registered with GOYS may only have one account with banks in Bahrain.Amended: January 2022
Added: October 2010AML-1.6.3
Charities should be subject to enhanced transaction monitoring by
Capital Market Licensees .Capital Market Licensees should develop a profile of anticipated account activity (in terms of payee countries and recipient organizations in particular).Amended: January 2022
Added: October 2010AML-1.6.4
Capital Market Licensees must provide a monthly report of all payments and transfers of BD3,000 (or equivalent in foreign currencies) and above, from accounts held by charities registered in Bahrain. The report must be submitted to the CBB's Compliance Unit (see section AML-4.4 for contact address), giving details of the amount transferred, account name, number and beneficiary name account and bank details.Capital Market Licensees must ensure that such transfers are in accordance with the spending plans of the charity (in terms of amount, recipient and country).Amended: January 2022
Added: October 2010AML-1.6.5
Article 20 of Decree Law No. 21 of 1989 (issuing the Law of Social and Cultural Societies and Clubs and Private Organisations Operating in the Area of Youth and Sport and Private Institutions) provides that
Capital Market Licensees may not accept or process any incoming or outgoing wire transfers from or to any foreign country on behalf of charity and non-profit organisations licensed by the Ministry of Social Development, until an official letter by the Ministry authorising the receipt or remittance of the funds has been obtained by the concernedCapital Market Licensees .Amended: January 2022
Added: October 2010AML-1.6.6
The receipt of a Ministry letter mentioned in rule AML-1.6.5 above does not exempt the concerned
Capital Market Licensees from conducting normal CDD measures as outlined in other parts of this Module.Amended: January 2022
Added: October 2010AML-1.7 AML-1.7 Enhanced Due Diligence: 'Pooled Funds'
AML-1.7.1
Where
Capital Market Licensees receive pooled funds managed by professional intermediaries (such as investment and pension fund managers, stockbrokers and lawyers or authorized money transferors), they must apply CDD measures contained in section AML-1.8 to the professional intermediary. In addition,Capital Market Licensees must verify the identity of the beneficial owners of the funds where required as shown in rules AML-1.7.2 and AML-1.7.3 below.Amended: January 2022
Added: October 2010AML-1.7.2
Where funds pooled in an account are not co-mingled (i.e. where there are 'sub-accounts' attributable to each beneficiary), all beneficial owners must be identified by the
Capital Market Licensees and their identity verified in accordance with the requirements in section AML-1.2.Amended: January 2022
Added: October 2010AML-1.7.3
For accounts held by intermediaries, where such funds are co-mingled, the
Capital Market Licensees must make a reasonable effort (in the context of the nature and amount of the funds received) to look beyond the intermediary and determine the identity of the beneficial owners or underlying clients, particularly where funds are banked and then transferred onward to other financial institutions (e.g. in the case of accounts held on behalf of authorized money transferors). Where, however, the intermediary is subject to equivalent regulatory andMoney Laundering regulation and procedures (and, in particular, is subject to the same due diligence standards in respect of its client base) the CBB will not insist upon all beneficial owners being identified, provided the bank has undertaken reasonable measures to determine that the intermediary has engaged in a sound customer due diligence process, consistent with the requirements in section AML-1.8.Amended: January 2022
Added: October 2010AML-1.7.4
For accounts held by intermediaries from foreign jurisdictions, the intermediary must be subject to requirements to combat
Money Laundering and terrorist financing consistent with the FATF Recommendations and the intermediary must be supervised for compliance with those requirements. TheCapital Market Licensees must obtain documentary evidence to support the case for not carrying out customer due diligence measures beyond identifying the intermediary. TheCapital Market Licensees must satisfy itself that the intermediary has identified the underlying beneficiaries and has the systems and controls to allocate the assets in the pooled accounts to the relevant beneficiaries.Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.7.5
Where the intermediary is not empowered to provide the required information on beneficial owners (e.g. lawyers bound by professional confidentiality rules) or where the intermediary is not subject to the same due diligence standards referred to above, a
Capital Market Licensees must not permit the intermediary to open an account or allow the account to continue to operate, unless specific permission has been obtained in writing from the CBB.Amended: January 2022
Added: October 2010AML-1.8 AML-1.8 Introduced Business from Professional Intermediaries
AML-1.8.1
A
Capital Market Licensees must only accept customers introduced to it by otherCapital Market Licensees , financial institutions or intermediaries, if it has satisfied itself that the introducer concerned is subject to FATF-equivalent measures and customer due diligence measures. WhereCapital Market Licensees delegate part of the customer due diligence measures to an introducer, the responsibility for meeting the requirements of Chapters 1 and 2 remains with theCapital Market Licensee , not the introducer.Amended: January 2022
Amended: January 2018
Added: October 2010AML-1.8.2
Capital Market Licensees may only accept introduced business if all of the following conditions are satisfied:(a) The customer due diligence measures applied by the introducer are consistent with those required by the FATF Recommendations;(b) A formal agreement is in place defining the respective roles of theCapital Market Licensees and the introducer in relation to customer due diligence measures. The agreement must specify that the customer due diligence measures of the introducer will comply with the FATF Recommendations;(c) The introducer is able to provide all relevant data pertaining to the identity of the customer and beneficial owner of the funds and, where applicable, the party/parties on whose behalf the customer is acting; also, the introducer has confirmed that theCapital Market Licensee will be allowed to verify the customer due diligence measures undertaken by the introducer at any stage; and(d) Written confirmation is provided by the introducer confirming that all customer due diligence measures required by the FATF Recommendations have been followed and the customer's identity established and verified. In addition, the confirmation must state that any identification documents or other customer due diligence material can be accessed by theCapital Market Licensee and that these documents will be kept for at least five years after the business relationship has ended.Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.8.3
The
Capital Market Licensees must perform periodic reviews ensuring that any introducer on which it relies is in compliance with the FATF Recommendations. Where the introducer is resident in another jurisdiction, theCapital Market Licensees must also perform periodic reviews to verify whether the jurisdiction is in compliance with the FATF Recommendations.Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.8.4
Should the
Capital Market Licensees not be satisfied that the introducer is in compliance with the requirements of the FATF Recommendations, theCapital Market Licensees must not accept further introductions or discontinue the business relationship with the introducer.Amended: January 2022
Amended: July 2016
Added: October 2010AML-1.9 AML-1.9 Shell Financial Institutions
Accounts with Shell Financial Institutions
AML-1.9.1
Capital Market Licensees must not establish business relations withshell financial institutions which have no physical presence or 'mind and management' in the jurisdiction in which they are licensed and which are unaffiliated with a regulated financial group.Capital Market Licensees must not knowingly establish relations with otherCapital Market Licensees or financial institutions that have relations withshell financial institutions .Amended: January 2022
Amended: January 2020
Amended: July 2016
Added: October 2010AML-1.9.2
Capital Market Licensees must make a Suspicious Transaction Report to the Financial Intelligence Directorate, Ministry of Interior and the Compliance Directorate of the CBB if they are approached by ashell financial institutions or an institution they suspect of being ashell financial institutions .Amended: January 2022
Amended: January 2020
Amended: October 2019
Added: October 2010AML-1.10 AML-1.10 Simplified Customer Due Diligence
AML-1.10.1
Capital Market Licensees may apply simplified customer due diligence measures, as described in paragraphs AML-1.10.2 to AML-1.10.8, if:(a) [This Subparagraph was deleted in January 2018];(b) The transaction concerns the sale of aSecurity listed on a licensed exchange, issued as a result of an initial public offering after January 2006, and the customer already holds an investor number and an allotment letter. Furthermore, the licensed exchange should have advised the broker (by circular) that all necessary customer due diligence information and copies of all original identification documents will be made available upon request without delay;(c) The customer is a company listed on a GCC or FATF member state stock exchange with equivalent disclosure standards to those of a licensed exchange;(d) The customer is a financial institution whose entire operations are subject to AML/CFT requirements consistent with the FATF Recommendations and it is supervised by a financial services supervisor in a FATF or GCC member state for compliance with those requirements;(e) The customer is a financial institution which is a subsidiary of a financial institution located in a FATF or GCC member state, and the AML/CFT requirements applied to its parent also apply to the subsidiary;(f) The customer is the Central Bank of Bahrain ('CBB'), a licensed exchange, or a licensee of the CBB; or(g) The customer is a Ministry of a GCC or FATF member state government, a company in which a GCC government is a majority shareholder, or a company established by decree in the GCC.Amended: January 2022
Amended: January 2019
Amended: January 2018
Amended: July 2016
Added: October 2010AML-1.10.2
For customers falling under category (b) in rule AML-1.10.1, the customer's name and contact information must be recorded. However, the verification, certification and due diligence requirements (contained in rules AML-1.2.3, AML-1.2.5, AML-1.2.6, AML-1.2.8, AML-1.2.9 and AML-1.2.11), may be dispensed with.
Amended: July 2018
October 2010AML-1.10.3
[This Paragraph was deleted in July 2018].
Deleted: July 2018
October 2010AML-1.10.4
For customers falling under categories (c) to (g) in rule AML-1.10.1, the information required under rule AML-1.2.7 (for legal entities) must be obtained. However, the verification, certification and due diligence requirements (contained in rules AML-1.2.3, AML-1.2.5, AML-1.2.6, AML-1.2.8, AML-1.2.9 and AML-1.2.11), may be dispensed with.
October 2010AML-1.10.5
Capital Market Licensees wishing to apply simplified due diligence measures as allowed for under categories (c) to (g) of rule AML-1.10.1 must retain documentary evidence supporting their categorization of the customer.Amended: January 2022
Added: October 2010AML-1.10.6
Examples of such documentary evidence may include a printout from a regulator's website, confirming the licensed status of an institution, and internal papers attesting to a review of the AML/CFT measures applied in a jurisdiction.
October 2010AML-1.10.7
Capital Market Licensees may use authenticated SWIFT messages as a basis for confirmation of the identity of a financial institution under rule AML-1.10.1 (d) and (e) where it is dealing as principal. For customers coming under rule AML-1.10.1 (d) and (e),Capital Market Licensees must also obtain and retain a written statement from the parent institution of the subsidiary concerned, confirming that the subsidiary is subject to the same AML/CFT measures as its parent.Amended: January 2022
Added: October 2010AML-1.10.8
Simplified customer due diligence measures must not be applied where a
Capital Market Licensee knows, suspects, or has reason to suspect, that the applicant is engaged inMoney Laundering or terrorism financing or that the transaction is carried out on behalf of anotherPerson engaged inMoney Laundering or terrorism financing.Amended: January 2022
Added: October 2010AML-1.10.8A
Simplified customer due diligence measures must not be applied in situations where the licensee has identified high ML/TF/PF risks.
Added: January 2022AML-1.10.9
[This Paragraph was deleted in July 2018].
Deleted: July 2018
October 2010AML-1.11 AML-1.11 Enhanced Due Diligence for Correspondent Accounts
AML-1.11.1
This Section, AML1.11, applies to a
Capital Market Licensee when it providescorrespondent account services or characteristic similar tocorrespondent account services .Amended: January 2022
Added: January 2020AML-1.11.2
When providing
correspondent account services ,Capital Market Licensee , must gather sufficient information (e.g. through a questionnaire) about theirrespondent financial institution to understand the nature of the respondent's business. Factors to consider to provide assurance that satisfactory measures are in place at therespondent financial institution includes:(a) Information about therespondent financial institution’s ownership structure and management;(b) Major business activities of therespondent financial institution and its location (i.e. whether it is located in a FATF compliant jurisdiction) as well as the location of its parent (where applicable);(c) Where the customers of therespondent financial institution are located;(d) Therespondent financial institution AML/CFT controls;(e) The purpose for which the account will be opened;(f) Confirmation that the respondent financial institution has verified the identity of any third party entities that will have direct access to the account without reference to the respondent financial institution (payable through account);(g) The extent to which the respondent financial institution performs on-going due diligence on customers with direct access to the account (payable through account), and the condition of regulation and supervision in the respondent financial institution’s country (e.g. from published FATF reports).Capital Market Licensees must take into account the country where the respondent financial institution is located and whether that country abides by the FATF Recommendations when establishing correspondent relationships with foreign entities.Capital Market Licensees must obtain where possible copies of the relevant laws and regulations concerning AML/CFT and satisfy themselves that the respondent financial institution have effective customer due diligence measures consistent with the FATF Recommendations;(h) Confirmation that the respondent financial institution is able to provide relevant customer identification data on request to theCapital Market Licensees ; and(i) Whether the respondent financial institution has been subject to a money laundering or terrorist financing investigation.Amended: January 2022
Added: January 2020AML-1.11.3
Capital Market Licensees must implement the following additional measures, prior to opening a correspondent account:(a) Complete a signed statement that outlines the respective responsibilities of each institution in relation to money laundering detection and monitoring responsibilities; and(b) Ensure that the correspondent relationship has the approval of senior management.Amended: January 2022
Added: January 2020AML-1.11.4
Where the
correspondent account services involve apayable through account ,Capital Market Licensees must be satisfied that:(a) Therespondent financial institution has performed appropriate measures at least equivalent to those specified in Sections AML-1.1 to AML-1.8 (Customer Due Diligence) on the third party having direct access to the payable-through account; and(b) Therespondent financial institution is able to perform ongoing monitoring of its business relations with that third party and is willing and able to provide CDD information to theCapital Market Licensees upon request.Amended: January 2022
Added: January 2020AML-1.11.5
Capital Market Licensees must document the basis for their satisfaction that the requirements in Paragraphs AML-1.11.2, AML-1.11.3 and AML-1.11.4 are met.Amended: January 2022
Added: January 2020AML-1.11.6
Capital Market Licensees must not enter into or continue correspondent account services relationship with another financial institution that does not have adequate controls against money laundering or terrorism financing activities, is not effectively supervised by the relevant authorities or is ashell financial institution .Capital Market Licensees must pay particular attention when entering into or continuing relationships with respondents located in jurisdictions that have poor KYC standards or have been identified by the FATF as being ‘non-cooperative’ in the fight against money laundering/terrorist financing.Amended: January 2022
Added: January 2020AML-1.11.7
Capital Market Licensees must also take appropriate measures when establishing acorrespondent account services relationship, to satisfy themselves that theirrespondent financial institutions do not permit their accounts to be used byshell financial institutions .Amended: January 2022
Added: January 2020AML-1.11.8
In the case of
correspondent account services relationships, theCapital Market Licensee generally does not have direct relationships with the customers of therespondent financial institution . Therefore, there is no expectation or requirement for theCapital Market Licensee to apply CDD on arespondent financial institution’s customer, which is, instead the responsibility of therespondent financial institution . Nonetheless, it is consistent with the risk-based approach for theCapital Market Licensee to have some general sense of therespondent financial institution’s customer base as part of ascertaining the risks associated with therespondent financial institution itself.Amended: January 2022
Added: January 2020AML-1.12 Reliance on Third Parties for Consumer Due Diligence
AML-1.12.1
Licensees are permitted to rely on third parties to perform elements of CDD measures and recordkeeping requirements stipulated in Chapter AML-1 related to customer and beneficial owner identity, verification of their identity and information on the purpose and intended nature of the business relationship with thelicensee , subject to complying with the below:(a)Licensees remain ultimately responsible for CDD measures;(b)Licensees immediately obtain the relevant CDD information from the third party upon onboarding clients;(c) There is an agreement with the third party for the arrangement with clear contractual terms on the obligations of the third party;(d) The third party without delay makes available the relevant documentation relating to the CDD requirements upon request;(e)Licensees ensure that the third party is a financial institution that is regulated and supervised for, and has measures in place for compliance with, CDD and recordkeeping requirements in line with FATF Recommendations 10 and 11; and(f) For third parties based abroad,licensees must consider the information available on the level of country risk.Added: October 2023AML-1.12.2
Where a
licensee relies on a third-party that is part of the same financial group, thelicensee can consider that:(a) The requirements under Subparagraphs AML-1.12.1 (d) and (e) are complied with through its group programme, provided the group satisfies the following conditions:(i) The group applies CDD and record keeping requirements consistent with FATF Recommendations 10, 11 and 12 and has in place internal controls in accordance with FATF Recommendation 18; and(ii) The implementation of CDD, record keeping and AML/CFT measures are supervised at a group level by a financial services regulatory authority for compliance with AML/CFT requirements consistent with standards set by the FATF.(b) The requirement under Subparagraph AML-1.12.1 (f) is complied with if the country risk is adequately mitigated by the group’s AML/CFT policies.Added: October 2023AML-1.12.3
This Section does not apply to outsourcing or agency arrangements in which the outsourced entity applies the CDD measures on behalf of the delegating
licensee , in accordance with its procedures.Added: October 2023AML-2 AML-2 AML/CFT Systems and Controls
AML-2.1 AML-2.1 General Requirements
AML-2.1.1
Capital Market Licensees must implement programmes against money laundering and terrorist financing which establish and maintain appropriate systems and controls for compliance with the requirements of this Module and which limit their vulnerability to financial crime. These systems and controls must be documented and approved and reviewed annually by the Board of theCapital Market Licensees . The documentation, and the Board's review and approval, must be made available upon request to the CBB.Amended: January 2022
Amended: July 2016
Added: October 2010AML-2.1.2
The above systems and controls, and associated documented policies and procedures should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.
October 2010AML-2.1.3
Capital Market Service Providers must incorporate Key Performance Indicators (KPIs) to ensure compliance with AML/CFT requirements by all staff. The performance against the KPIs must be adequately reflected in their annual performance evaluation and in their remuneration (See also Paragraph HC-10.5.3).Added: April 2020AML-2.1.4
In implementing the policies, procedures and monitoring tools for ensuring compliance with Paragraph AML-2.1.3,
Capital Market Service Providers should consider the following:(a) The business policies and practices should be designed to reduce incentives for staff to expose theCapital Market Service Providers to AML/CFT compliance risk;(b) The performance measures of departments/divisions/units and personnel should include measures to address AML/CFT compliance obligations;(c) AML/CFT compliance breaches and deficiencies should be attributed to the relevant departments/divisions/units and personnel within the organisation as appropriate;(d) Remuneration and bonuses should be adjusted for AML/CFT compliance breaches and deficiencies; and(e) Both quantitative measures and human judgement should play a role in determining any adjustments to the remuneration and bonuses resulting from the above.Added: April 2020AML-2.2 AML-2.2 On-going Customer Due Diligence and Transaction Monitoring
Risk Based Monitoring
AML-2.2.1
Capital Market Licensees must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clients and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions including transactions inaccepted crypto-assets .Amended: January 2022
Amended: January 2020
Added: October 2010AML-2.2.2
Capital Market Licensees risk-based monitoring systems should therefore be configured to help identify:(a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;(b) Significant or large transactions not consistent with the normal or expected behaviour of a customer; and(c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.Amended: January 2022
Added: October 2010Automated Transaction Monitoring
AML-2.2.3
Capital Market Licensees must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flow of funds. In the absence of automated transaction monitoring systems, all transactions above BD6,000 must be viewed as 'significant' and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by theCapital Market Licensees for five years after the date of the transaction.Amended: January 2022
Added: October 2010AML-2.2.4
The CBB would expect larger
Capital Market Licensees to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters AML-3 and AML-6, regarding the responsibilities of the MLRO and record-keeping requirements. Where theCapital Market Licensee is not receiving funds — for instance where it is simply acting as agent on behalf of a principal, and the customer is directly remitting funds to the principal — then theCapital Market Licensee may agree with the principal that the latter should be responsible for the daily monitoring of such transactions.Amended: January 2022
Added: October 2010Unusual Transactions or Customer Behaviour
AML-2.2.5
Where a
Capital Market Licensee's risk-based monitoring systems identify significant or abnormal transactions (as defined in paragraph AML-2.2.2 and rule AML-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the transactions threshold of BD6,000. Furthermore,Capital Market Licensees must examine the background and purpose to those transactions and document their findings. In the case of one-off transactions where there is no ongoing account relationship, theCapital Market Licensees must file a Suspicious Transaction Report (STR) if it is unable to verify the source of funds to its satisfaction (see Chapter AML-4).Amended: January 2022
Added: October 2010AML-2.2.6
The investigations required under rule AML-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also rule AML-6.1.1 (b)).
October 2010AML-2.2.7
Capital Market Licensees must consider instances where there is a significant, unexpected or unexplained change in customer activity.Amended: January 2022
Added: October 2010AML-2.2.8
When an existing customer closes one account and opens another, the
Capital Market Licensees must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter AML-1, the missing or out-of-date information must be obtained and re-verified with the customer.Amended: January 2022
Added: October 2010AML-2.2.9
Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters AML-1 and AML-6, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.
October 2010Ongoing Monitoring
AML-2.2.10
Capital Market Licensees must take reasonable steps to:(a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with thecapital market licensee 's knowledge of the customer, their business risk and risk profile; and(b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter AML-1, by undertaking reviews of existing records, particularly for higher risk categories of customers.Capital Market Licensees must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.Amended: January 2022
Amended: October 2017
Added: October 2010AML-2.2.11
Capital Market Licensees must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out-of-date, theCapital Market Licensees must take steps to obtain updated copies as soon as possible.Amended: January 2022
Amended: October 2017
Added: October 2010AML-2.2.12
Capital Market Licensees must in addition to rules AML-2.2.10 and AML-2.2.11, maintain information and documents in respect to client transactions such as date of execution, value of transaction, type ofSecurities and identity of the counterparty.Amended: January 2022
Added: October 2010AML-2A AML-2A: Money Transfers and Accepted Crypto-asset Transfers
AML-2A.1 AML-2A.1 Applicability and CBB’s Approach to Transfer of Accepted Crypto-assets
AML-2A.1.1
The requirements of this Section, AML-2A.1, applies to
Capital Market Licensees (includingCrypto-asset licensees as well as third party service providers) if they act as anordering financial institution ,intermediary financial institution orbeneficiary financial institution .Amended: January 2022
Added: January 2020AML-2A.1.2
A third party service provider that provides
accepted crypto-asset transfers and/or electronic transfer of funds (wire transfer) on behalf of aCapital Market Licensee , irrespective of whether the third-party service provider is licensed by the CBB or not, must comply with the requirements of Paragraph AML-2A.1. ACapital Market Licensee is ultimately responsible for the functioning and activities of the third-party service provider and must ensure that the third party service provider meets all regulatory obligations as specified in this Section.Amended: January 2022
Added: January 2020CBB’s Approach to Transfer of Accepted Crypto-assets
AML-2A.1.3
As with financial payment methods,
accepted crypto-assets can be used to quickly move (transfer) funds globally and to facilitate a range of financial activities. Similar to mobile or internet based payment services and mechanism,accepted crypto-assets can be used to transfer funds in a wide geographical area with a large number of counterparties.Added: January 2020AML-2A.1.4
The CBB considers transactions involving transfer of
accepted crypto-assets as functionally analogous to wire transfer. Therefore,Capital Market Licensees (includingcrypto-asset licensees ), whenever their transaction, whether in fiat currency oraccepted crypto-assets , involves (i) a traditional wire transfer, or (ii) anaccepted crypto-asset transfer, must comply with the requirements of Paragraph AML-2A.2 unless stated otherwise.Amended: January 2022
Added: January 2020AML-2A.2 AML-2A.2 Transfer of Accepted Crypto-assets and Wire Transfer
Accepted Crypto-asset Transfer to be Considered as Cross Border Transfer
AML-2A.2.1
Capital Market Licensees (includingcrypto-asset licensees ) must consider all transfers ofaccepted crypto-assets as cross-border transfer rather than domestic transfer.Amended: January 2022
Added: January 2020Outward Transfers
AML-2A.2.2
Capital Market Licensees must include all requiredoriginator information and requiredbeneficiary information details with the accompanying transfer ofaccepted crypto-assets and/or wire transfer of funds they make on behalf of their customers.Amended: January 2022
Added: January 2020AML-2A.2.3
For purposes of this Section,
originator information refers to the information listed in Subparagraphs AML-2A.2.7 (a) to (c) and beneficiary information refers to the information listed in Subparagraphs AML-2A.2.7 (d) and (e).Added: January 2020Inward Transfers
AML-2A.2.4
Capital Market Licensees must:(a) Maintain records (in accordance with Chapter AML-6 of this Module) of alloriginators information received with an inward transfer; and(b) Carefully scrutinize inward transfers which do not containoriginator information (i.e. full name, address and account number or a unique customer identification number).Capital Market Licensees must presume that such transfers are ‘suspicious transactions’ and pass them to the MLRO for review for determination as to possible filing of STR, unless (i) theordering financial institution is able to promptly (i.e. within two business days) advise thelicensee in writing of the originator information upon thelicensee’s request (Refer to Paragraph AML-2A.2.5); or (ii) theordering financial institution and the licensee are acting on their own behalf (as principal).Amended: January 2022
Added: January 2020AML-2A.2.5
The period of 2 business days provided to
ordering financial institution by theCapital Market Licensees under Paragraph AML-2A.2.4(b)(i) to furnish theoriginator information is only applicable while undertaking fund transfer (traditional wire transfer) and must not be used in case of transfer ofaccepted crypto-assets .Amended: January 2022
Added: January 2020AML-2A.2.6
While undertaking accepted crypto-asset transfer, a
Capital Market Licensees must ensure that theordering financial institution transmits theoriginator andbeneficiary information immediately (Refer to Paragraph AML-2A.2.9).Amended: January 2022
Added: January 2020Accepted Crypto-asset Transfer and Cross Border Wire Transfer
AML-2A.2.7
Information accompanying all
accepted crypto-asset transfer as well as wire transfer must always contain:(a) The name of theoriginator ;(b) The originator account number (e.g. IBAN or crypto-asset wallet) where such an account is used to process the transaction;(c) The originator’s address, or national identity number, or customer identification number, or date and place of birth;(d) The name of thebeneficiary ; and(e) The beneficiary account number (e.g. IBAN or crypto-asset wallet) where such an account is used to process the transaction.Added: January 2020AML-2A.2.8
Where a
Capital Market Licensees undertakes a transfer ofaccepted crypto-asset , it is not necessary for the information referred to in Paragraph AML-2A.2.7 to be attached directly to theaccepted crypto-asset transfers itself. The information can be submitted either directly or indirectly.Amended: January 2022
Added: January 2020AML-2A.2.9
A
Capital Market Licensee while undertaking transfer ofaccepted crypto-asset must ensure that the requiredoriginator andbeneficiary information is transmitted immediately and securely.Amended: January 2022
Added: January 2020AML-2A.2.10
For the purposes of Paragraph AML-2A.2.9, “Securely” means that the provider of the information must protect it from unauthorized disclosure as well as ensure that the integrity and availability of the required information is maintained so as to facilitate recordkeeping and the use of such information by
financial institution . The term “immediately” means that the provider of the information must submit the required information simultaneously or concurrently with the transfer itself of theaccepted crypto-asset .Added: January 2020AML-2A.2.11
The CBB recognises that unlike traditional fiat currency wire transfer, not every
accepted crypto-asset transfer involves (or is bookended by) two institutions (crypto-asset entities or financial institution). In instances in which anaccepted crypto-asset transfer involves only one financial institution on either end of the transfer (e.g. when anordering financial institution sendsaccepted crypto-assets on behalf of its customers, theoriginator , to abeneficiary that is not a customer of abeneficiary financial institution but rather an individual user who receives theaccepted crypto-asset transfer using his/her own distributed ledger technology (DLT) software, such as an unhosted wallet), the financial institution must still ensure adherence to Paragraph AML-2A.2.7 for their customer. The CBB does not expect that financial institutions, when originating anaccepted crypto-asset transfer, would submit the required information to individual users who are not financial institutions. However, financial institutions receiving anaccepted crypto-asset transfer from an entity that is not a financial institution (e.g. from an individual accepted crypto-asset user using his/her own DLT software, such as an unhosted wallet), must obtain the required originator information from their customer.Added: January 2020Domestic Wire Transfer
AML-2A.2.12
Information accompanying domestic wire transfers must also include
originator information as indicated for cross-border wire transfers, unless this information can be made available to thebeneficiary financial institution and the CBB by other means. In this latter case, theordering financial institution need only include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to theoriginator or thebeneficiary .Added: January 2020AML-2A.2.13
For purposes of Paragraph AML-2A.2.12, the information should be made available by the
ordering financial institution within three business days of receiving the request either from thebeneficiary financial institution or from the CBB.Added: January 2020AML-2A.2.14
It is not necessary for the recipient institution to pass the originator information on to the
beneficiary . The obligation is discharged simply by notifying thebeneficiary financial institution of the originator information at the time the transfer is made.Added: January 2020Responsibilities of Ordering, Intermediary and Beneficiary Financial Institutions
Ordering Financial Institution
AML-2A.2.15
The
ordering financial institution must ensure that wire transfers as well asaccepted crypto-asset transfers contain required and accurate originator information, and requiredbeneficiary information.Added: January 2020AML-2A.2.16
The
ordering financial institution must maintain alloriginator andbeneficiary information collected in accordance with Paragraph AML-6.1.1.Added: January 2020AML-2A.2.17
The
ordering financial institution must not execute the wire transfer oraccepted crypto-asset transfer if it does not comply with the requirements of Paragraphs AML-2A.2.15 and AML-2A.2.16.Added: January 2020Intermediary Financial Institutions
AML-2A.2.18
For cross-border wire transfers and
accepted crypto-asset transfers, financial institutions processing an intermediary element of such chains of wire transfers and/oraccepted crypto-asset transfers must ensure that alloriginator andbeneficiary information that accompanies a wire transfer andaccepted crypto-asset transfer is retained with it.Added: January 2020AML-2A.2.19
Where technical limitations prevent the required
originator orbeneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, a record must be kept, for at least five years, by the receiving intermediary institution of all the information received from theordering financial institution or anotherintermediary financial institution .Added: January 2020AML-2A.2.20
An
intermediary financial institution must take reasonable measures to identify cross-border wire transfers andaccepted crypto-asset transfer that lack requiredoriginator information or requiredbeneficiary information.Added: January 2020AML-2A.2.21
An
intermediary financial institution must have effective risk-based policies and procedures for determining:(a) When to execute, reject, or suspend a traditional wire transfer lacking requiredoriginator or requiredbeneficiary information; and(b) The appropriate follow-up action.Added: January 2020Beneficiary Financial Institution
AML-2A.2.22
A
beneficiary financial institution must take reasonable measures to identify cross-border wire transfers as well asaccepted crypto-asset transfer that lack requiredoriginator or requiredbeneficiary information. Such measures may include post-event monitoring or real-time monitoring where feasible.Added: January 2020AML-2A.2.23
For wire transfers as well as
accepted crypto-asset transfer, abeneficiary financial institution must verify the identity of thebeneficiary , if the identity has not been previously verified, and maintain this information in accordance with Paragraph AML-6.1.1.Added: January 2020AML-2A.2.24
A
beneficiary financial institution must have effective risk-based policies and procedures for determining:(a) When to execute, reject, or suspend a traditional wire transfer lacking requiredoriginator or requiredbeneficiary information; and(b) The appropriate follow-up action.Added: January 2020AML-3 AML-3 Money Laundering Reporting Officer (MLRO)
AML-3.1 AML-3.1 Appointment of MLRO
AML-3.1.1
Capital Market Licensees must appoint a Money Laundering Reporting Officer ("MLRO"). The position of the MLRO is a controlled function and the MLRO is an approvedPerson .Amended: January 2022
Added: October 2010AML-3.1.2
For details of CBB's requirements regarding controlled functions and approved
Persons , see the relevant licensing Module, such as MAE, CSD, or MIR Module. Amongst other things, approvedPersons require CBB approval before being appointed, which is granted only if they are assessed as 'fit and proper' for the function in question. A completed Form 3 must accompany any request for CBB approval.October 2010AML-3.1.3
The position of the MLRO must not be combined with functions that create potential conflicts of interest, such as an internal auditor or business line head. The position of the MLRO may not be outsourced.
October 2010AML-3.1.4
Subject to rule AML-3.1.3, however, the position of the MLRO may otherwise be combined with other functions in the
Capital Market Licensees , such as that of Compliance Officer, in cases where the volume and geographical spread of the business is limited and, therefore, the demands of the function are not likely to require a full time resource. Rule AML-3.1.7 requires that the MLRO is a Director or employee of theCapital Market Licensees , so the function may not be outsourced to a third-party employee.Amended: January 2022
Added: October 2010AML-3.1.4A
For purposes of Paragraphs AML-3.1.3 and AML-3.1.4 above,
Capital Market Licensees must clearly state in the Application for Approved Person Status — Form 3 — when combining the MLRO or DMLRO position with any other position within theCapital Market Licensees .Added: January 2022AML-3.1.5
Unless exempted by the CBB, a
Capital Market Licensees must appoint deputy MLRO to act for the MLRO in his/her absence. The deputy MLRO must be resident in Bahrain unless otherwise agreed with the CBB.Amended: January 2022
Added: October 2010AML-3.1.5A
Where a
Capital Market Licensees seeks an exemption from appointment of Deputy MLRO, from the CBB, it must provide in writing, to the satisfaction of the CBB, the nature, scale and complexity of their business and the alternative arrangements that theCapital Market Licensees shall implement when the MLRO is not available to carry out thecontrolled function .Added: January 2022AML-3.1.6
Capital Market Licensees should note that although the MLRO may delegate some of his functions, either to other employees of theCapital Market Licensees or even (in the case of larger groups) to individuals performing similar functions for other group entities, the responsibility for compliance with the requirements of this Module remains with theCapital Market Licensees and the designated MLRO. The deputy MLRO should be able to support the MLRO discharge his responsibilities and to deputise for him in his absence.Amended: January 2022
Added: October 2010AML-3.1.7
So that he can carry out his functions effectively,
Capital Market Licensees must ensure that their MLRO:(a) Is a Director or a member of senior management of theCapital Market Licensees ;(b) Has a sufficient level of seniority within theCapital Market Licensees , has the authority to act without interference from business line management and has direct access to the Board and senior management (where necessary);(c) Has sufficient resources, including sufficient time and (if necessary) support staff, and has designated a replacement to carry out the function should the MLRO be unable to perform his duties;(d) Has unrestricted access to all transactional information relating to any financial services provided by theCapital Market Licensees to that customer, or any transactions conducted by theCapital Market Licensees on behalf of a customer;(e) Is provided with timely information needed to identify, analyze and effectively monitor customer accounts;(f) Has access to all customer due diligence information obtained by theCapital Market Licensees ; and(g) Is resident in Bahrain.Amended: January 2022
Added: October 2010AML-3.1.8
In addition,
Capital Market Licensees must ensure that their MLRO is able to:(a) Monitor the day-to-day operation of its policies and procedures relevant to this Module; and(b) Respond promptly to any reasonable request for information made by the Financial Intelligence Directorate, or the CBB.Amended: January 2022
Amended: October 2019
Added: October 2010AML-3.1.9
If the position of the MLRO falls vacant, the
Capital Market Licensee must appoint a permanent replacement (after obtaining CBB approval), within 120 calendar days of the vacancy occurring. Pending the appointment of a permanent replacement, theCapital Market Licensees must make immediate interim arrangements (including the appointment of an acting MLRO) to ensure continuity in the MLRO function's performance. These interim arrangements must be approved by the CBB. Any action taken by the Deputy MLRO will be regarded as having the same authority as if it had been done by the MLRO.Amended: January 2022
Added: October 2010AML-3.2 AML-3.2 Responsibilities of the MLRO
AML-3.2.1
The MLRO is responsible for:
(a) Establishing and maintaining theCapital Market Licensee 's AML/CFT policies and procedures;(b) Ensuring that theCapital Market Licensees complies with the AML Law, any other applicable AML/CFT legislation and this Module;(c) Ensuring day-to-day compliance with theCapital Market Licensee 's own internal AML/CFT policies and procedures;(d) Acting as theCapital Market Licensee 's main point of contact in respect of handling internal Suspicious Transaction Reports from theCapital Market Licensee 's staff (refer to section AML-4.1) and as the main contact for the Financial Intelligence Directorate, the CBB and other concerned bodies regarding AML/CFT;(e) Making external Suspicious Transaction Reports to the Financial Intelligence Directorate and the Compliance Directorate (refer to section AML-4.2);(f) Taking reasonable steps to establish and maintain adequate arrangements for staff awareness and training on AML/CFT matters (whether internal or external), as per Chapter AML-5;(g) Producing annual reports on the effectiveness of theCapital Market Licensee 's AML/CFT controls, for consideration by senior management, as per rule AML-3.3.3 and following-up on the status of any anomaly identified or remedial measure required by the CBB;(h) On-going monitoring of what may, in his opinion, constitute high-risk customer accounts; and(i) Ensuring that theCapital Market Licensee maintains all necessary CDD, transactions, STR and staff training records for the required periods (refer to section AML-6.1).Amended: January 2022
Amended: October 2019
Amended: July 2016
Added: October 2010AML-3.3 AML-3.3 Compliance Monitoring
Annual Compliance Review
AML-3.3.1
Capital Market Licensees must take appropriate steps to identify and assess their money laundering and terrorist financing risks (for customers, countries or geographic areas; and products, services, transactions or delivery channels). They must document those assessments in order to be able to demonstrate their basis, keep these assessments up to date, and have appropriate mechanisms to provide risk assessment information to the CBB. The nature and extent of any assessment of money laundering and terrorist financing risks must be appropriate to the nature and size of the business.Amended: January 2022
Added: July 2016AML-3.3.1A
Capital Market Licensees should always understand their money laundering and terrorist financing risks, but the CBB may determine that individual documented risk assessments are not required, if the specific risks inherent to the sector are clearly identified and understood.Amended: January 2022
Added: July 2016AML-3.3.1B
A
Capital Market Licensee must review the effectiveness of its AML/CFT procedures, systems and controls at least once each calendar year. The review must cover theCapital Market Licensees and its branches and subsidiaries both inside and outside the Kingdom of Bahrain. ACapital Market Licensee must monitor the implementation of those controls and enhance them if necessary. The scope of the review must include:(a) A report, containing the number of internal reports made in accordance with section AML-4.1, a breakdown of all the results of those internal reports and their outcomes for each segment of theCapital Market Licensee 's business, and an analysis of whether controls or training need to be enhanced;(b) A report, indicating the number of external reports made in accordance with section AML-4.2 and, where aCapital Market Licensee has made an internal report but not made an external report, noting why no external report was made;(c) A sample test of compliance with this Module's customer due diligence requirements; and(d) A report as to the quality of theCapital Market Licensee 's anti-money laundering procedures, systems and controls and compliance with the rules of alicensed exchange andlicensed clearing house orcentral depository , AML Law and this Module.Amended: January 2022
Amended: July 2016
Added: October 2010AML-3.3.2
The reports listed under rule AML-3.3.1B (a) and (b) must be made by the MLRO. The sample testing and report required under rule AML-3.3.1B (c) and (d) must be made by the
Capital Market Licensee 's external auditorsor a consultancy firm approved by the CBB.Amended: January 2022
Amended: January 2020
Amended: January 2019
Added: October 2010AML-3.3.2A
In order for a consultancy firm to be approved by the CBB for the purposes of Paragraph AML-3.3.2, such firm should provide the CBB’s Compliance Directorate with:
(a) A sample AML/CFT report prepared for a financial institution;(b) A list of other AML/CFT related work undertaken by the firm;(c) A list of other audit/review assignments undertaken, specifying the nature of the work done, date and name of the licensee; and(d) An outline of any assignment conducted for or in cooperation with an international audit firm.Added: January 2020AML-3.3.2B
The firm should indicate which personnel (by name) will work on the report (including, where appropriate, which individual will be the team leader) and demonstrate that all such persons have appropriate qualifications in one of the following areas:
(a) Audit;(b) Accounting;(c) Law; or(d) Banking/Finance.Added: January 2020AML-3.3.2C
Capital Market Licensees must ensure that the personnel conducting the review are qualified, skilled and have adequate experience to conduct such a review. At least two persons working on the report (one of whom should be the team leader) must have:(a) A minimum of 5 years professional experience dealing with AML/CFT issues; and(b) Formal AML/CFT training.Amended: January 2022
Added: January 2020AML-3.3.2D
Submission of a curriculum vitae for all personnel to be engaged on the report is encouraged for the purposes of evidencing the above requirements.
Added: January 2020AML-3.3.2E
Upon receipt of the above required information, the CBB Compliance Directorate will assess the firm and communicate to it whether it meets the criteria required to be approved by the CBB for this purpose. The CBB may also request any other information it considers necessary in order to conduct the assessment.
Added: January 2020AML-3.3.3
The reports listed under rule AML-3.3.1B must be submitted to the
Capital Market Licensee 's Board for it to review and commission any required remedial measures and copied to theCapital Market Licensee 'ssenior management .Amended: January 2022
Amended: July 2016
Added: October 2010AML-3.3.4
The purpose of the annual compliance review is to assist a
Capital Market Licensee 's Board and senior management to assess, amongst other things, whether internal and external reports are being made (as required under Chapter AML-4), and whether the overall number of such reports (which may otherwise appear satisfactory) does not conceal inadequate reporting in a particular segment of theCapital Market Licensee 's business (or, where relevant, in particular branches or subsidiaries).Capital Market Licensees should use their judgement as to how the reports listed under rule AML-3.3.1B (a) and (b) should be broken down in order to achieve this aim (e.g. by branches, departments, product lines, etc).Amended: January 2022
Amended: January 2019
Added: October 2010AML-3.3.5
Capital Market Licensees must instruct their external auditor to produce the report referred to in rule AML-3.3.1B (c) and (d). The report must be submitted to the CBB by the 30th of June of the following year. The findings of this review must be received and acted upon by theCapital Market Licensee .Amended: January 2022
Amended: January 2020
Amended: January 2019
Added: October 2010AML-3.3.6
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: October 2010AML-4 AML-4 Suspicious Transaction Reporting
AML-4.1 AML-4.1 Internal Reporting
AML-4.1.1
Capital Market Licensees must implement procedures to ensure that staff who handle customer business (or are managerially responsible for such staff) make a report promptly to the MLRO if they know or suspect that a customer (or aPerson on whose behalf a customer may be acting) is engaged inMoney Laundering or terrorism financing, or if the transaction or the customer's conduct otherwise appears unusual or suspicious. These procedures must include arrangements for disciplining any member of staff who fails, without reasonable excuse, to make such a report.Amended: January 2022
Added: October 2010AML-4.1.2
Where
Capital Market Licensees internal processes provide for staff to consult with their line managers before sending a report to the MLRO, such processes must not be used to prevent reports reaching the MLRO, where staff have stated that they have knowledge or suspicion that a transaction may involveMoney Laundering or terrorist financing.Amended: January 2022
Added: October 2010AML-4.2 AML-4.2 External Reporting
AML-4.2.1
Capital Market Licensees must take reasonable steps to ensure that all reports made under section AML-4.1 are considered by the MLRO (or his duly authorised delegate). Having considered the report and any other relevant information, if the MLRO (or his duly authorised delegate), still suspects that aPerson has been engaged inMoney Laundering or terrorism financing, or the activity concerned is otherwise still regarded as suspicious, he must report the fact promptly to theRelevant Authorities . Where no report is made, the MLRO must document the reasons why.Amended: January 2022
Added: October 2010AML-4.2.2
To take reasonable steps, as required under rule AML-4.2.1,
Capital Market Licensees must:(a) Require the MLRO to consider reports made under Section AML-4.1 in the light of all relevant information accessible to or reasonably obtainable by the MLRO;(b) Permit the MLRO to have access to any information, including Know Your Customer information, in theCapital Market Licensee 's possession which could be relevant; and(c) Ensure that where the MLRO, or his duly authorised delegate, suspects that aPerson has been engaged inMoney Laundering or terrorist financing, a report is made by the MLRO which is not subject to the consent or approval of any otherPerson .Amended: January 2022
Added: October 2010AML-4.2.3
Reports to the
Relevant Authorities made under rule AML-4.2.1 must be sent to the Financial Intelligence Directorate at the Ministry of the Interior, and the CBB's Compliance Directorate using the Suspicious Transaction Reporting Online System (Online STR system). STRs in paper format will not be accepted.Amended: October 2019
Amended: July 2016
Amended: October 2014
October 2010AML-4.2.4
Capital Market Licensees must report all suspicious transactions or attempted transactions. This reporting requirement applies regardless of whether the transaction involves tax matters.Amended: January 2022
Added: October 2010AML-4.2.5
Capital Market Licensees must retain all relevant details of STRs submitted to theRelevant Authorities , for at least five years.Amended: January 2022
Amended: July 2016
Added: October 2010AML-4.2.6
In accordance with the AML Law,
Capital Market Licensees , their Directors, officers and employees:(a) Must not warn or inform ('tipping off') their customers, the beneficial owner or other subjects of the STR when information relating to them is being reported to theRelevant Authorities ; and(b) In cases whereCapital Market Licensees form a suspicion that transactions relate to money laundering or terrorist financing, they must take into account the risk of tipping-off when performing the CDD process. If theCapital Market Licensee reasonably believes that performing the CDD process will tip-off the customer or potential customer, it may choose not to pursue that process, and must file an STR.Amended: January 2022
Amended: January 2018
Amended: July 2016
Added: October 2010AML-4.3 AML-4.3 Reporting to the SRO
AML-4.3.1
The MLRO, whenever he becomes aware or believes, or has reason to believe that a client is involved in a
Money Laundering offence, shall in addition to the reporting in section AML-4.2, inform the SRO on which the transaction is taking place, or where theSecurities or cash is being held, in which case the SRO must, unless instructed otherwise by aRelevant Authority , stop the execution of the suspicious transaction and anySecurity deposited with the SRO or otherCapital Market Licensee .Amended: January 2022
Added: October 2010AML-4.4 AML-4.4 Contacting the Relevant Authorities
AML-4.4.1
Reports made by the MLRO or his duly authorised delegate under Section AML-4.2 must be sent electronically using the Suspicious Transaction Reporting Online System (Online STR system).
Amended: October 2014
October 2010AML-4.4.2
The
relevant authorities are:
Financial Intelligence Directorate (FID)
Ministry of Interior
P.O. Box 26698
Manama, Kingdom of Bahrain
Telephone: + 973 17 749397
Fax: + 973 17 715502
E-mail: bahrainfid@moipolice.bhDirector of Compliance Directorate
Central Bank of Bahrain
P.O. Box 27
Manama, Kingdom of Bahrain
Telephone: 17 547107
Fax: 17 535673
E-mail: Compliance@cbb.gov.bhAmended: October 2019
Added: October 2014AML-5 AML-5 Staff Training and Recruitment
AML-5.1 AML-5.1 General Requirements
AML-5.1.1
Capital Market Licensees must take reasonable steps to provide periodic training and information to ensure that staff who handle customer transactions, or are managerially responsible for such transactions, are made aware of:(a) Their responsibilities under the AML Law, this Module, and any other relevant AML/CFT laws and regulations;(b) The identity and responsibilities of the MLRO and his deputy;(c) The potential consequences, both individual and corporate, of any breach of the AML Law, this Module and any other relevant AML/CFT laws or regulations;(d) TheCapital Market Licensee 's current AML/CFT policies and procedures;(e)Money Laundering and terrorist financing typologies and trends;(f) The type of customer activity or transaction that may justify an internal report in accordance with section AML-4.1;(g) TheCapital Market Licensee 's procedures for making an internal report as per section AML-4.1; and(h) Customer due diligence measures with respect to establishing business relations with customers.Amended: January 2022
Added: October 2010AML-5.1.2
The information referred to in rule AML-5.1.1 must be brought to the attention of relevant new employees of
Capital Market Licensees and must remain available for reference by staff during their period of employment.Amended: January 2022
Added: October 2010AML-5.1.3
Relevant new employees must be given AML/CFT training within three months of joining a
Capital Market Licensee .Amended: January 2022
Added: October 2010AML-5.1.4
Capital Market Licensees must ensure that their AML/CFT training for relevant staff remains up-to-date and is appropriate given theCapital Market Licensee 's activities and customer base.Amended: January 2022
Added: October 2010AML-5.1.5
The CBB would normally expect AML/CFT training to be provided to relevant staff at least once a year.
October 2010AML-5.1.6
Capital Market Licensees must develop adequate screening procedures to ensure high standards when hiring employees. These procedures must include controls to prevent criminals or their associates from being employed byCapital Market Licensees .Amended: January 2022
Amended: July 2016
Added: October 2010AML-5.1.6A
[This Paragraph was deleted in January 2022].
Deleted: January 2022
Added: January 2021AML-6 AML-6 Record Keeping
AML-6.1 AML-6.1 General Requirements
CDD and Transaction Records
AML-6.1.1
Capital Market Licensees must comply with the record-keeping requirements contained in the AML Law and in the CBB Law.Capital Market Licensees must therefore retain adequate records (including accounting and identification records), for the following minimum periods:(a) For customers, in relation to evidence of identity and business relationship records (such as application forms, account files and business correspondence, including the results of any analysis undertaken (e.g. enquiries to establish the background and purpose of complex, unusual large transactions)), for at least five years after the customer relationship has ceased; and(b) For transactions, in relation to documents enabling a reconstitution of the transaction concerned, for at least five years after the transaction was completed.Amended: January 2022
Amended: July 2016
Added: October 2010AML-6.1.1A
For the purposes of Subparagraph AML-6.1.1(b),
crypto-asset licensees must maintain all records of transactions in such form or manner that individual transactions can be reconstructed swiftly and the records can associate the transactions to a natural person.Added: January 2020AML-6.1.1B
Crypto-asset licensees must maintain information obtained through enhanced customer due diligence (refer CRA-7.1.3 of Module CRA), including information relating to the identification of the relevant customers, the public keys (or equivalent identifiers), addresses or accounts involved (or equivalent identifiers), the nature and date of transaction and the amount transferred.Added: January 2020AML-6.1.1C
Crypto-asset licensees relying solely on the public information available on the blockchain or other type of distributed ledger underlying theaccepted crypto-asset for record keeping in not sufficient for compliance with AML-6.1.1 and AML-6.1.1A. The information available on the blockchain or other type of distributed ledger may enable to trace transactions back to a wallet, though may not readily link the wallet address to the name of the customer and the beneficial owner.Crypto-asset licensees must ensure that additional information necessary to associate the wallet address to a natural person is maintained.Added: January 2020Compliance Records
AML-6.1.2
Capital Market Licensees must retain copies of the reports produced for their annual compliance review, as specified in rule AML-3.3.1, for at least five years.Capital Market Licensees must also maintain for five years reports made to, or by, the MLRO made in accordance with sections AML-4.1 and AML-4.2, and records showing how these reports were dealt with and what action, if any, was taken as a consequence of those reports.Amended: January 2022
Added: October 2010AML-6.1.3
When required to deliver the original copy of a record concerning any transaction, or a document pertaining thereto before the expiry of the prescribed period, the
Capital Market Licensees shall observe the following:(a) They shall maintain a complete copy of the delivered record or documents until the end of the period prescribed for maintaining the original records or documents.(b) They shall maintain a record of the delivered documents.Amended: January 2022
Added: October 2010Training Records
AML-6.1.4
Capital Market Licensees must maintain for at least five years, records showing the dates when AML/CFT training was given, the nature of the training, and the names of the staff that received the training.Amended: January 2022
Added: October 2010Access
AML-6.1.5
All records required to be kept under this section must be made available for prompt and swift access by the
Relevant Authorities or other authorisedPersons .October 2010AML-7 AML-7 General Requirements in Relation to Securities
AML-7.1 AML-7.1 General Requirements in Respect of Substantial Shareholding
AML-7.1.1
Any
Person whose ownership alone or his ownership together with that of his minor children, or any other accounts under his disposal, or the ownership of any of his associate or affiliate companies amounts to 5% or more of any listedSecurity of a joint stock company, must notify the licensed exchange forthwith, which must in turn notify the CBB of this fact and the CBB may declare the name of thePerson who owns such stake.Amended: July 2011
October 2010AML-7.1.2
[This Paragraph was deleted in October 2019].
Deleted: October 2019
Amended: July 2011
October 2010AML-7.1.3
All persons must obtain CBB prior written approval to execute any order that will bring their ownership alone or their ownership together with their minor children, or the accounts standing under their disposal to 10% or more in any listed
security . Any further increase of 1% or more shall also be subject to CBB prior written approval.Amended: July 2011
October 2010AML-7.1.4
Without prejudice to any greater penalty prescribed under the Prevention and Prohibition of the Money Laundering Law or any other law, a breach of the provisions of section AML-7.1 shall result in the cancellation of the transaction, and the
Person in breach must bear all costs arising in this connection.Amended: July 2011
October 2010AML-7.2 AML-7.2 Requirements for Listing
AML-7.2.1
No local or foreign company shall be listed on a Licensed Exchange, unless their documents of incorporation are complete and satisfy all legal requirements applicable in the Kingdom, or in their countries of incorporation to the extent that these are comparable to this Module, as the case may be.
October 2010AML-7.3 AML-7.3 Requirements for Offering
AML-7.3.1
No
Security shall be offered for public subscription in the Kingdom unless the issuing company is duly incorporated under the laws of the Kingdom, or the laws of its country of incorporation, as the case may be, satisfying all terms and conditions governing the public offering ofSecurities in the Kingdom, and abiding by the conditions and requirements stipulated under the Commercial Companies Law and the Disclosure Standards in force in the Kingdom.No
Security issued to the bearer shall be offered, listed, traded or deposited on a Licensed Exchange.October 2010AML-7.4 AML-7.4 Requirements for Deposit
AML-7.4.1
A
Security shall not be accepted in the Central Depository System unless its authenticity is approved by the concerned shares registrar and the client shall provide the Central Depository System with any amendment or change which may occur in such particulars.October 2010AML-8 AML-8 Acceptance of Cash
AML-8.1 AML-8.1 Acceptance of Cash
AML-8.1.1
[This Paragraph was deleted in January 2020].
Deleted: January 2020
Added: October 2010AML-8.1.1A
A
Capital Market Licensee , whether at the commencement of or during a business relationship, must not accept cash from a customer, whether for investment purpose or as payment for services provided by theCapital Market Licensee except for payment of one time or non-recurring fees (symbolic fees) with a value not exceeding Two Hundred Bahraini Dinars for the services provided by theCapital Market Licensee such as account opening fees, fees for providing statements, fees for printing documents and certificates of various types and such other services.Amended: January 2022
Added: January 2020AML-9 AML-9 NCCT Measures and Terrorist Financing
AML-9.1 AML-9.1 Special Measures for Non-Cooperative Countries or Territories ('NCCTs')
AML-9.1.1
Capital Market Licensees must give special attention to any dealings they may have with entities orPersons domiciled in countries or territories which are:(a) Identified by the FATF as being 'non-cooperative'; or(b) Notified toCapital Market Licensees from time-to-time by the CBB.Amended: January 2022
Added: October 2010AML-9.1.2
Whenever transactions with such parties have no apparent economic or visible lawful purpose, their background and purpose must be re-examined and the findings documented. If suspicions remain about the transaction, these must be reported to the
Relevant Authorities in accordance with section AML-4.2.October 2010AML-9.1.3
Capital Market Licensees must apply enhanced due diligence measures to business relationships and transactions with natural and legal persons, and financial institutions, from countries where such measures are called for by the FATF. The type of enhanced due diligence measures applied must be effective and proportionate to the risks.Amended: January 2022
Added: July 2016AML-9.1.4
With regard to jurisdictions identified as NCCTs or those which in the opinion of the CBB, do not have adequate AML/CFT systems, the CBB reserves the right to:
(a) Refuse the establishment of subsidiaries or branches or representative offices of financial institutions from such jurisdictions;(b) Limit business relationships or financial transactions with such jurisdictions or persons in those jurisdictions;(c) Prohibit financial institutions from relying on third parties located in such jurisdictions to conduct elements of the CDD process;(d) Require financial institutions to review and amend, or if necessary terminate, correspondent relationships with financial institutions in such jurisdictions;(e) Require increased supervisory examination and/or external audit requirements for branches and subsidiaries of financial institutions based in such jurisdictions; or(f) Require increased external audit requirements for financial groups with respect to any of their branches and subsidiaries located in such jurisdictions.Amended: January 2018
Added: July 2016AML-9.2 AML-9.2 Terrorist Financing
AML-9.2.1AA
Capital Market Licensees must implement and comply with United Nations Security Council resolutions relating to the prevention and suppression of terrorism and terrorist financing.Capital Market Licensees must freeze, without delay, the funds or other assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to or for the benefit of, any person or entity either (i) designated by, or under the authority of, the United Nations Security Council under Chapter VII of the Charter of the United Nations, including in accordance with resolution 1267(1999) and its successor resolutions as well as Resolution 2178(2014) or (ii) designated as pursuant to Resolution 1373(2001).Amended: January 2022
Amended: October 2019
Added: April 2017AML-9.2.1
Capital Market Licensees must comply in full with the provisions of the UN Security Council Anti-Terrorism Resolution No. 1373 of 2001 ('UNSCR 1373').Amended: January 2022
Added: October 2010AML-9.2.2
[This Paragraph was deleted in January 2018].
Deleted: January 2018
October 2010AML-9.2.3
A copy of UNSCR 1373 is included in Part B of Volume 6 (Capital Markets), under 'Supplementary Information' on the CBB Website.
October 2010AML-9.2.4
Capital Market Licensees must report to the CBB details of:(a) Funds or other financial assets or economic resources held with them which may be the subject of Article 1, Paragraphs (c) and (d) of UNSCR 1373;(b) All claims, whether actual or contingent, which theCapital Market Licensee has onPersons and entities which may be the subject of Article 1, Paragraphs (c) and (d) of UNSCR 1373; and(c) All assets frozen or actions taken in compliance with the prohibition requirements of the relevant UNSCRs, including attempted transactions.Amended: January 2023
Amended: January 2022
Added: October 2010AML-9.2.5
For the purposes of rule AML-9.2.4, 'funds or other financial resources' includes (but is not limited to) shares in any undertaking owned or controlled by the
Persons and entities referred to in Article 1, Paragraphs (c) and (d) of UNSCR 1373, and any associated dividends received by theCapital Market Licensees .Amended: January 2022
Added: October 2010AML-9.2.6
All reports or notifications under this section must be made to the CBB's Compliance Directorate.
October 2010AML-9.2.7
See section AML-4.3 for the Compliance Directorate's contact details.
October 2010AML-9.3 AML-9.3 Designated Persons and Entities
AML-9.3.1
Without prejudice to the general duty of all
Capital Market Licensees to exercise the utmost care when dealing withPersons or entities who might come under Article 1, Paragraphs (c) and (d) of UNSCR 1373,Capital Market Licensees must not deal with anyPersons or entities designated by the CBB as potentially linked to terrorist activity.Amended: January 2022
Added: October 2010AML-9.3.2
The CBB from time-to-time issues to
Capital Market Licensees lists of designatedPersons and entities believed linked to terrorism.Capital Market Licensees are required to verify that they have no dealings with these designatedPersons and entities, and report back their findings to the CBB. Names designated by the CBB includePersons and entities designated by the United Nations, under UN Security Council Resolution 1267 ('UNSCR 1267').Amended: January 2022
Added: October 2010AML-9.3.3
Capital Market Licensees must report to theRelevant Authorities , using the procedures contained in section AML-4.2, details of any accounts or other dealings with designatedPersons and entities, and comply with any subsequent directions issued by theRelevant Authorities .Amended: January 2022
Added: October 2010AML-10 AML-10 Enforcement Measures
AML-10.1 AML-10.1 Regulatory Penalties
AML-10.1.1
Without prejudice to any other penalty imposed by the CBB Law, the AML Law No. 4 or the Penal Code of the Kingdom of Bahrain, failure by a
Capital Market Licensees to comply with this Module or any direction given hereunder shall result in the levying by the CBB, without need of a court order and at the CBB's discretion, of a fine of up to BD20,000.Amended: January 2022
Added: October 2010AML-10.1.2
Module MIE provides further information on the CBB's general approach to enforcement and the criteria taken into account prior to imposing such fines (see section MIE-3.1). Other enforcement measures may also be applied by the CBB in response to a failure by a
Capital Market Licensees to comply with this Module; these other measures are also set out in Module MIE.Amended: January 2022
Added: October 2010AML-10.1.3
The CBB will endeavour to assist
Capital Market Licensees to interpret and apply the requirements of this Module.Capital Market Licensees may seek clarification on any issue by contacting the Compliance Directorate (see section AML-4.3 for contact details).Amended: January 2022
Added: October 2010AML-10.1.4
Without prejudice to the CBB's general powers under the law, the CBB may amend, clarify or issue further directions on any provision of this Module from time-to-time, by notice to its
Capital Market Licensees .Amended: January 2022
Added: October 2010AML-11 AML-11 AML/CFT Guidance and Best Practice
AML-11.1 AML-11.1 Guidance Provided by International Bodies
FATF Recommendations
AML-11.1.1
The Recommendations (see www.fatf-gafi.org) together with their associated interpretative notes and best practices papers issued by the Financial Action Task Force (FATF), provide the basic framework for combating
Money Laundering activities and the financing of terrorism.Amended: July 2016
October 2010AML-11.1.2
The
Relevant Authorities in Bahrain believe that the principles established by these Recommendations should be followed byCapital Market Licensees in all material respects, as representing best practice and prudence in this area.Amended: January 2022
Amended: July 2016
Added: October 2010Other Website References Relevant to AML/CFT
AML-11.1.3
The following lists a selection of other websites relevant to AML/CFT:
(a) The Middle East North Africa Financial Action Task Force: www.menafatf.org;(b) The Egmont Group: www.egmontgroup.org;(c) The United Nations: www.un.org/terrorism;(d) The UN Counter-Terrorism Committee: www.un.org/Docs/sc/committees/1373/;(e) The UN list of designated individuals: www.un.org/Docs/sc/committees/1267/1267ListEng.htm;(f) The Wolfsberg Group: www.wolfsberg-principles.com; and(g) The Association of Certified Anti-Money Laundering Specialists: www.acams.org.October 2010AML-12 AML-12 Fraud
AML-12.1 AML-12.1 General Requirements for the Detection and Prevention of Fraud
AML-12.1.1
Capital Market Licensees must ensure that they allocate appropriate resources and have in place systems and controls to deter, detect, and record instances of fraud or attempted fraud.Amended: January 2022
Added: October 2010AML-12.1.2
Fraud may arise from internal sources originating from changes or weaknesses to processes, products and internal systems and controls. Fraud can also arise from external sources, for instance through false invoicing or advance fee frauds. Further guidance — and occasional investor alerts — can be found on the CBB's website (www.cbb.gov.bh).
October 2010AML-12.1.3
Any actual or attempted fraud incident (however small) must be reported to the appropriate authorities (including the CBB) and followed up. Monitoring systems must be designed to measure fraud patterns that might reveal a series of related fraud incidents.
October 2010AML-12.1.4
Capital Market Licensees must ensure that aPerson of sufficient seniority is given overall responsibility for the prevention, detection and remedying of fraud within the organisation.Amended: January 2022
Added: October 2010AML-12.1.5
Capital Market Licensees must ensure the effective segregation of functions and responsibilities between different individuals and departments, such that the possibility of financial crime is reduced and that no single individual is able to initiate, process and control a transaction.Amended: January 2022
Added: October 2010AML-12.1.6
Capital Market Licensees must provide regular training to their management and staff, to make them aware of potential fraud risks.Amended: January 2022
Added: October 2010
