ISLAMABAD: National Savings (AML and CFT) Supervisory Board for National Savings Schemes has issued SRO 956(I)/2020 for identification and verification of customers, beneficial owners of saving schemes.
According to the SRO regulations shall be called the National Savings (AML and CFT) Regulations, 2020.
The chapter III of the regulations explained the identification and verification of customers and beneficial owners.
Identification and verification.- (1) Central Directorate of National Savings (CDNS) shall –
(a) conduct CDD in the circumstances and matters set out in subsection
(1) of section 7A of AML Act; and
(b) for the purposes of conducting CDD as required under sub-section
(2) of section 7A of the AML Act in the circumstances set out under sub-section (1) of the said section 7A comply with sub-regulations (2) to (18) of regulation 4.
(2) CDNS shall –
(a) identify the customer; and
(b) verify the identity of that customer using reliable and independent documents, data or information as set out in sub-regulation (9) of regulation 4.
(3) Where the customer is represented by an authorized agent or representative, CDNS shall –
(a) identify every person who acts on behalf of the customer;
(b) verify the identity of such person by using reliable and independent documents, data or information as set out in sub-regulation (9) of regulation 4; and
(c) verify the authority of the person who is acting on behalf of the customer.
(4) CDNS shall also identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owner by using reliable and independent documents, data or sources of information as set out in regulation (9) of regulation 4, such that CDNS is satisfied that it knows who the beneficial owner is.
(5) For customers that are legal persons or legal arrangements, CDNS shall understand the nature of such customer’s business and its ownership and control structure.
(6) For customers that are legal persons or legal arrangements, CDNS shall identify the customer and verify its identity by obtaining the following information, in addition to the information required in sub-regulation (9) of regulation 4, namely:
(a) name, legal status and proof of existence;
(b) the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement; and
(c) the address of the registered office and, if different, a principal place of business.
(7) For customers that are legal persons, CDNS shall identify and take reasonable measures to verify the identity of beneficial owners by –
(a) identifying the natural person, if any, who ultimately has a direct or indirect controlling ownership interest, as defined under relevant laws, in a legal person; and
(b) to the extent that there is doubt under clause (a), as to whether the person with the controlling ownership interest is the beneficial owner or where no natural person exerts control through ownership interests, the identity of the natural person, if any, exercising control of the legal person or arrangement through other means; and
(c) where no natural person is identified under clause (a) or clause (b), the identity of the relevant natural persons who hold the position of senior managing official.
(8) For customers that are legal arrangements, CDNS shall identify and take reasonable measures to verify the identity of beneficial owners as follows, namely:-
(a) for trusts, the identity of the settlor, the trustee, the protector, if any, the beneficiaries or class of beneficiaries, and any other natural persons exercising ultimate effective control over the trust, including through a chain of control or ownership;
(b) for waqfs and other types of legal arrangements, the identity of persons in equivalent or similar positions as specified in clause (a); and
(c) where any of the persons specified in clause (a) or (b) is a legal person or arrangement, the identity of the beneficial owner of that legal person or arrangement shall be identified.
(9) For the purposes of verification of identity of customers or beneficial owners in sub-regulations (2) to (8), reliable and independent document, data or sources of information includes –
(a) For a natural person, a copy of:
(i) Computerized National Identity Card (CNIC) issued by NADRA; or
(ii) National Identity Card for Overseas Pakistanis (NICOP) or passport for non-residents or overseas Pakistanis or those who have dual nationality; or
(iii) Pakistan Origin Card (POC) or passport for Pakistanis who have given up Pakistan nationality; or
(iv) Form B or Juvenile card to children under 18 years of age; or
(v) where the natural person is a foreign national, either an Alien Registration Card (ARC) or a passport having valid visa on it or any other proof of legal stay along with passport.
(b) for a legal person, a certified copy of –
(i) resolution of board of directors for opening of account specifying the persons authorized to open and operate the account (not applicable for single member company);
(ii) memorandum of association;
(iii) articles of association, wherever applicable;
(iv) certificate of incorporation;
(v) Securities and Exchange Commission of Pakistan (SECP) registered declaration for commencement of business as required under the Companies Act, 2017 (XIX of 2017), as applicable;
(vi) list of directors required to be filed under the Companies Act, 2017 (XIX of 2017), as applicable;
(vii) identity documents as per clause (a) of all the directors, beneficial owners and persons authorized to open and operate the account.
(viii) any other documents as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the detail of its activities, sources and usage of funds in order to assess the risk profile of the prospective customer.
(c) for a legal arrangement, certified copies of –
(i) the instrument creating the legal arrangement;
(ii) registration documents and certificates;
(iii) the legal arrangement’s by-laws, rules and regulations;
(iv) documentation authorizing any persons to open and operate the account;
(v) identity document as per clause (a) of sub-regulation (9) of the authorized persons, beneficial owners and of the members of governing body, board of trustees or executive committee, if it is ultimate governing body, of the legal arrangement; and
(vi) any other documents as deemed necessary including its annual accounts and financial statements or disclosures in any form which may help to ascertain the subject of the trust, the detail of its activities, sources and usage of funds in order to assess the risk profile of the prospective customer.
(d) In respect of government institutions and entities not covered above, –
(i) CNICs of the authorized persons; and
(ii) letter of authorization from the concerned authority.
(10) CDNS shall verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting occasional transactions.
(11) CDNS may complete verification of the identity of the customer and the beneficial owner after the establishment of the business relationship, provided that –
(a) this occurs as soon as reasonably practicable;
(b) this is essential not to interrupt the normal conduct of business; and
(c) the risks are proven to be low.
(12) CDNS shall have and implement risk management procedures concerning the conditions under which a customer may utilize the business relationship prior to verification.
(13) CDNS shall conduct ongoing due diligence on the business relationship, including –
(a) scrutinizing transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with CDNS’s knowledge of the customer, their business and risk profile, including where necessary, the source of funds; and
(b) undertaking reviews of existing records and ensuring that documents, data or information collected for the CDD purposes are kept up-to-date and relevant, particularly for higher risk categories of customers.
(14) CDNS shall apply CDD requirements to existing customers on the basis of materiality and risk, and shall conduct ongoing due diligence on such existing relationships at appropriate times, taking into account whether and when CDD measures have previously been undertaken and the adequacy of the data and documents previously obtained.
(15) CDNS shall apply the countermeasures sanctioned by the Federal Government, pursuant to recommendations by the National Executive Committee, when called upon to do so by the FATF.
(16) CDNS shall apply EDD in the following circumstances, including but not limited to –
(a) business relationships and transactions with natural persons or legal persons and legal arrangements when the ML and TF risks are higher;
(b) business relationships and transactions with natural persons or legal persons and legal arrangements from countries for which this is called for by the FATF; and
(c) PEPs and their close associates and family members.
(17) EDD measures may include, but shall not be limited to, the following measures, namely:-
(a) obtaining additional information on the customer (e.g. volume of assets, information available through public databases, internet, etc.), and updating more regularly the identification data of customer and beneficial owner;
(b) obtaining additional information on the intended nature of the business relationship;
(c) obtaining information on the source of funds or source of wealth of the customer;
(d) obtaining information on the reasons for intended or performed transactions.
(e) obtaining the approval of Senior Management to commence or continue the business relationship; and
(f) conducting enhanced monitoring of the business relationship by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination.
(18) In relation to clause (c) of sub-regulation (16), CDNS shall –
(a) implement appropriate risk management systems to determine if a customer or beneficial owner is a PEP or a close associate or family member of a PEP, both prior to establishing a business relationship or conducting a transaction, and on an on-going basis throughout the course of the business relationship;
(b) at a minimum, apply the following EDD measures –
(i) obtain approval from senior management to establish or continue a business relationship where the customer or a beneficial owner is a PEP, close associate or family member of a PEP or subsequently becomes a PEP, close associate and family member of a PEP;
(ii) take reasonable measures to establish the source of wealth and the source of funds of customers and beneficial owners identified as a PEP, close associate or family member of a PEP; and
(iii) conduct enhanced ongoing monitoring of business relations with the customer or beneficial owner identified as a PEP, close associate and family member of a PEP.
(19) CDNS may allow the application of SDD only where lower risks have been identified through an adequate analysis through its own risk assessment and any other risk assessments publicly available or provided by Supervisory Board in accordance with subregulation (3) of regulation 3 and commensurate with the lower risk factors.
(20) SDD measures may include but shall not be limited to –
(a) verifying the identity of the customer and the beneficial owner after the establishment of the business relationship;
(b) reducing the degree of on-going monitoring and scrutinizing transactions; and
(c) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship but inferring the purpose and nature from the type of transactions or business relationship established.