MONEY LAUNDERING AND TERRORIST FINANCING CONTROL POLICY

    Interpretation and Preliminary

  • The headings of the paragraphs contained in this Money Laundering and Terrorist Financing Control Policy are for the purpose of convenience and reference only and shall not be used in the interpretation of nor modify nor amplify the terms of this Money Laundering and Terrorist Financing Control Policy nor any paragraph hereof. Unless a contrary intention clearly appears :
    1. words importing :
      1. any one gender include the other gender;
      2. the singular include the plural and vice versa; and
      3. natural persons include created entities (corporate or unincorporated) and the state and vice versa.
    2. the following terms and/or expressions shall have the meanings assigned to them hereunder and cognate expressions shall have corresponding reasons :
      1. “Adoption Date” means the date upon which the Money Laundering and Terrorist Financing Control Policy is approved by the company NUMMI and its Executive Unit;
      2. “Client” means a person or persons or institution that holds or maintains a relationship with the Company or expresses or indicates an intention to do so (including but not limited to a consultant, broker, counterparty, vendor or other service provider);.
      3. “Competent Authorities” means all public authorities with designated responsibilities for combating ML/TF including Financial Intelligence Units; the authorities that have the function of investigating and/or prosecuting money laundering, associated predicate offences and terrorist financing, and seizing/freezing and confiscating criminal assets; authorities receiving reports on cross-border transportation of currency and bearer-negotiable instruments; and authorities that have AML/CFT supervisory or monitoring responsibilities aimed at ensuring compliance by financial institutions and Designated Non-Financial Businesses and Professions (DNFBPs) with AML/CFT requirements. Public Authorities, including financial supervisors established as independent non-governmental authorities with statutory powers. Self- Regulated Bodies (SRBs) are not to be regarded as a competent authority..
      4. “Correspondent Banking” means the provision of banking services by one bank (the “correspondent bank”) to another bank (the “respondent bank”). Large international banks typically act as correspondents for a number of other banks around the world. Respondent banks may be provided with a wide range of services, including cash management (e.g. interest-bearing accounts in a variety of currencies), international wire transfers, cheque clearing, payable-through accounts and foreign exchange services.
      5. “Designated Non-Financial Businesses and Professions (DNFBP)” means the following which fall within the FATF definition of DNFBP: Casinos; Real estate agents; Dealers in precious metals and dealers in precious stones; Lawyers, notaries, other independent legal professionals and accountants, when they prepare for or carry out transactions for their client concerning the following activities – buying and selling of real estate; managing of client money, securities or other assets; management of bank, savings or securities accounts; organisation of contributions for the creation, operation or management of companies; and creation, operation or management of legal persons or arrangements, and buying and selling of business entities; Trust and company service providers – acting as a formation agent of legal persons; acting as (or arranging for another person to act as) a director or secretary of a company, a partner of a partnership, or a similar position in relation to other legal persons; providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal person or arrangement; acting as (or arranging for another person to act as) a trustee of an express trust or performing the equivalent function for another form of legal arrangement; and acting as (or arranging for another person to act as) a nominee shareholder for another person.
      6. “Employees” means permanent Employees; temporary Employees or secondees; contractors; non-permanent Employee; and consultants (excluding consultants providing external assurance services) of the Company regardless of specific job responsibilities, department or location.
      7. “Company” means NUMMI.
      8. “Money Laundering” means any act that changes or disguises the criminal nature or the location of the proceeds of a crime so that it appears as though the funds originated from a legitimate source.
      9. “Money Laundering Offence” means an offence that is committed when an act or transaction takes place that involves the proceeds of crime. This includes – Acquiring, using or possessing the proceeds of crime; Assisting anyone to retain or control the proceeds of crime; Using the proceeds of crime to make funds available to anyone; and/or Entering into any arrangement or transaction or performing any other act in connection with the proceeds of crime which is likely to conceal or disguise its nature, source, location, disposition or movement or which will enable anyone to avoid prosecution or remove or diminish the proceeds of crime. An offence is committed if someone knows they are dealing with the proceeds of crime, or if they should reasonably have known that they are dealing with it, but chose to ignore it. This definition is based on Money Laundering offences contained in South African legislation. Money Laundering offences may be different in other jurisdictions, depending on the applicable local legislation.
      10. “Payable through accounts” means correspondent accounts that are used directly by third parties to transact business on their own behalf established or managed in an institution’s name or for third party institutions which Clients may access independently to carry out their own transactions.
      11. “Politically Exposed Persons (PEPs)” means any individual who is or has previously been entrusted with a prominent public function, including :
        1. Heads of state, heads of government, ministers and deputy or assistant ministers; Member of Parliament or National Legislatures; Senior officials of major political parties; Senior judicial officials, i.e. members of supreme courts, constitutional courts or other high-level judicial bodies; Members of the Boards of Central Banks; Senior members of Diplomatic Corps e.g. ambassadors and charges d’affaires; Heads and high-ranking officers holding senior positions in the armed forces; Senior Executives of State-owned enterprises i.e. members of the administrative, management or supervisory bodies; and Heads of Supranational Organisations e.g. United Nations, International Monetary Fund and the World Bank.
        2. Holders of public functions that do not meet the above-referenced standards of seniority, prominence or importance (and are therefore not automatically categorised as PEPs) e.g. middle ranking or more junior officials, could still represent a heightened reputational and/or ML risk and should be assessed on a case-by-case basis when identifying PEPs, either when establishing or during the course of an ongoing business relationship.
        3. In accordance with the guidance from the FATF in respect of PEPs, distinction is made between Foreign and Domestic PEPs. In this regard, the FATF suggests that the risk is likely to be greater in relation to a Foreign PEP who seeks to establish a relationship with a bank beyond the jurisdiction in which they hold the public position.
        4. The following further definitions are applicable when considering PEPs :
          1. Foreign PEPs: Individuals who are or have been entrusted with prominent public functions by a foreign country, for example Head of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.
          2. Domestic PEPs: Individuals who are or who have been entrusted domestically with prominent public functions, for example Head of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state-owned corporations, important political party officials.
          3. International Organisation PEPs: Persons who are or have been entrusted with a prominent function by an international organisation; members of senior management or individuals who have been entrusted with equivalent functions i.e. directors, deputy directors and members of the board or equivalent functions.
          4. A family member refers to those individuals who are related to a PEP either directly (consanguinity) or through marriage or similar (civil) forms of partnership. This will include a spouse, a partner (i.e. someone equivalent at national law to a spouse), children and their spouses or partners, siblings and parents.
          5. A known close associate of a PEP are those individuals who are closely connected to a PEP, either socially or professionally. This will include :
            • Any individual who is known to have joint beneficial ownership of a legal entity or legal arrangement, or any other close business relations with the PEP (including financial advisors or persons acting in a financial fiduciary capacity); and.
            • Any individual who has sole beneficial ownership of a legal entity or legal arrangement which is known to be set up for the benefit of the PEP.
        5. In determining whether a person is a known close associate of a PEP, reference need only be had to any information already held by the Company or that which is widely or publicly known.
      12. “Regulatory requirements” means the following South African requirements or their equivalent in all jurisdictions within which the Company operates :
        1. Statutory requirements – all Acts of Parliament;
        2. Regulatory requirements – all regulations promulgated by Parliament in respect of the Acts of Parliament; and.
        3. Supervisory requirements – all additional requirements laid down by supervisors or regulators.
      13. “Sanctions Lists” means the sanctions lists as described in the Company Sanctions Policy.
      14. “Self-Regulatory Body (SRB)” means a body that represents a profession (e.g. lawyers, notaries, other independent legal professionals or accountants), and which is made up of members from the profession, has a role in regulating the persons that are qualified to enter and who practice in the profession, and also performs certain supervisory or monitoring type functions.
      15. “Senior Management approval” means approval by Employees responsible for the management oversight of any of the SBG points of representation or those business unit heads or equivalent Executive level officials who are considered Senior Management for the purposes of providing approval or refusal to on-board new Clients or to transact with existing Clients. The individual who assumes this role may differ across different business units.
      16. “Shell Bank” means a bank that has no physical presence in any jurisdiction and is not affiliated with a regulated non-shell bank. ‘Physical presence’ for this purpose means a place of that business that :
        1. is maintained by a bank.
        2. is located at a fixed address in a country in which a bank is authorised to conduct banking activities.
        3. employs one or more individuals on a full-time basis at that location.
        4. maintains operating records relating to its banking activities at that location; and.
        5. is subject to inspection by the bank authority that licensed the bank to conduct banking activities.
      17. “Supervisors” means the designated competent authorities or non-public bodies with responsibilities aimed at ensuring compliance by financial institutions and/or DNFBPs with requirements to combat ML/TF, including the power to supervise and sanction financial institutions or DNFBPs in relation to the AML/CFT requirements. These competent authorities or non-public bodies should also be empowered by law to exercise the functions they perform and be supervised by a competent authority in relation to such functions.
      18. “Terrorist activity” means any act involving an element of violence or disruption, intended to threaten the national security or territorial integrity of any country, intimidate the public or unduly compel persons or institutions to act in a particular manner with the aim of furthering a political, religious, ideological or philosophical motive, including an act which constitutes an offence within the scope of, and as defined in one of the following treaties :
        1. Convention for the Suppression of Unlawful Seizure of Aircraft (1970).
        2. Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1971).
        3. Convention on the Prevention and Punishment of Crimes against Internationally Protected Persons, including Diplomatic Agents (1973).
        4. International Convention against the Taking of Hostages (1979).
        5. Convention on the Physical Protection of Nuclear Material (1980).
        6. Protocol for the Suppression of Unlawful Acts of Violence at Airports Serving International Civil Aviation, supplementary to the Convention for the Suppression of Unlawful Acts against the Safety of Civil Aviation (1988).
        7. Convention for the Suppression of Unlawful Acts against the Safety of Maritime Navigation (2005).
        8. Protocol for the Suppression of Unlawful Acts against the Safety of Fixed Platforms located on the Continental Shelf (2005).
        9. International Convention for the Suppression of Terrorist Bombings (1997); and.
        10. International Convention for the Suppression of the Financing of Terrorism (1999).. Furthermore, including any other act: intended to cause death or serious bodily injury to a civilian, or to any other person not taking an active part in the hostilities in a situation of armed conflict, when the purpose of such act, by its nature or context, is to intimidate a population, or to compel a Government or an international organisation to do or to abstain from doing any act.
      19. “Terrorist Financing” means engaging in certain commercial acts or transactions relating to property, financial or other services or economic support where these will be used to :
        1. commit or facilitate the commission of terrorist activity.
        2. benefit any entity which either commits or attempts to commit a terrorist activity.
        3. benefit any person identified in terms of the United Nations Security Control Council (UNSC) list.
        4. facilitate the retention or control of the property mentioned above by or on behalf of any entity which commits or facilitates the commission of terrorist activity, or any person identified in terms of the UNSC list.
        5. convert, conceal or disguise the nature, source, location, disposition, movement, ownership or interest that anyone may have in such property; and/or.
        6. move such property across jurisdictions or transfer it to a nominee.
      20. “Ultimate Beneficial Owner” means the natural person(s) who ultimately owns or controls a Client and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.

    Disclaimer

    • This Money Laundering and Terrorist Financing Control Policy is published in compliance with the provisions of the regulatory requirements and is provided solely for the Company.
    • The Money Laundering and Terrorist Control Policy is confidential to the Company and is prepared solely for the purpose (s) set out in the regulatory requirements and set out in the Policy Statement of the Money Laundering and Terrorist Control Policy. No person may refer to or make use of the names of the Advisors or the Money Laundering and Terrorist Control Policy for any other purpose, disclose or refer to them in any prospectus or other document, or make them available or communicate them to any other party. No other party is entitled to rely on our Money Laundering and Terrorist Control Policy for any purpose whatsoever and the Advisors accept no duty of care or liability to any other party who is shown or gains access and privilege to this Money Laundering and Terrorist Control Policy.
    • The Money Laundering and Terrorist Control Policy is based upon the information provided by the Company, the regulatory requirements and various third parties.
    • In compiling this Money Laundering and Terrorist Control Policy the Advisors have accepted and relied on some documents and representations availed to them. In the event the documents and or representations form part and are admissible in Court processes, the authors of such documents or representation would have to confirm these in the relevant Court processes.
    • The Money Laundering and Terrorist Control Policy has relied on various regulatory requirements; however it is noteworthy that virtual currency is under various administrative tests and reconstructive measures to stabilize the regulatory framework. Therefore, the forecasts of the prospective regulatory frameworks are uncertain at this point and until such is introduced or of common fact the current regulations shall stand. When such regulatory frameworks are introduced or known, the Advisors shall place the Policy under review.
    • The Advisors reserve their right to amend the Policy should there be any inaccuracy or fault in the contents thereof.
    • For convenience purposes, this document may have been made available in electronic (digital) format as well as hard copy format. It is restricted that only the document marked “Money Laundering and Terrorist Control Policy” shall be regarded as definitive.

    Policy Statement

    • The business of the Company is built on trust and integrity as perceived by our stakeholders, especially our clients, shareholders and regulators.
    • An important element of trust and integrity is ensuring that the Company conducts its business in accordance with the values and Code of Ethics that the Company has adopted, and in compliance with applicable laws, rules and standards.
    • The Policy is designed to comply with applicable statutory and regulatory obligations across the Company, ensuring that :
      1. the risks arising from Money Laundering and Terrorist Financing are prevented and managed;
      2. the relevant statutory and regulatory obligations are complied with;
      3. the Company and its Employees are protected from legal, regulatory and reputational risks and or administrative penalties that may result from the instances or perceptions of Money Laundering and Terrorism Financing;
      4. the reputation and integrity of the Company is protected by taking all reasonable steps to prevent its use for Money Laundering and Terrorism Financing;
      5. the “Know Your Client” principles are endorsed as a cornerstone of the Company’s business practices; and
      6. the framework that will enable the recognition, investigation and reporting of suspicious activity and all reportable transactions to competent authorities.
    • The Company supports global efforts to combat Money Laundering and Terrorist Financing and is committed to establishing and maintaining appropriate policies and procedures to assist it in complying with Anti-Money Laundering and Combating the Financing of Terrorism control requirements in each jurisdiction in which it operates. By adopting a risk-based approach the Company is in a position to provide a framework that can assist in identifying the degree of potential ML/TF risks posed to it.
    • The Company may decline or terminate any business relationships or transactions in accordance with local regulatory requirements where there appears to be a risk of its services being abused for the purposes of ML/TF.

    Applicability

    • The Policy applies to all Employees of the Company regardless of location or business unit.
    • The Policy reflects the Company’s minimum requirements in respect of AML/CFT controls and may be supplemented in a local jurisdiction/business line policy or procedure. The local Compliance function in each of the Company’s jurisdiction must be consulted in respect of the existence of any local policies or procedures applicable to it.
    • In the event of any conflict between the local and Company Policy, this Policy shall take preference. Where a local jurisdiction or business line requires stricter controls, those stricter controls will apply.

    Policy

    • This Policy sets out the Company’s minimum requirements with regard to :
      1. Customer Due Diligence (which includes KYC; Screening and Enhanced Due Diligence);
      2. Reporting;
      3. Monitoring;
      4. Record-keeping; and
      5. Training.
    • Customer Due Diligence (CDD) :
      1. CDD dictates the information required to determine whether to establish or continue a business relationship with a Client.
      2. The Company must, as a minimum, perform CDD prior to the establishment of a relationship with a Client or prior to concluding a single transaction.
      3. CDD at Client on-boarding refers to the vetting of a Client prior to engaging in a new business relationship in order to ensure that :
        1. appropriate Client identification and verification is performed; and
        2. there is no current information that suggests that the Client could already be linked to an activity that would render the relationship high risk from a ML/TF perspective or that renders the Client undesirable.
    • CDD Procedures within the business are risk-based and divided into three (3) stages :
      1. Know Your Client (KYC): the identification and verification of certain Client information for AML/CFT control purposes at the point of establishment of a relationship or prior to the concluding a single transaction, including the maintenance and retention of that Client information throughout the lifetime of the business relationship or as prescribed by the regulator.
      2. KYC comprises the following :
        1. Identification;
        2. Verification; and
        3. Profiling – source of income, source of funds or wealth.
      3. Screening: Clients and transactions must be screened in accordance with the requirements contained in the Company’s Sanctions Policy and against the following risk criteria so as to ascertain the risk rating of a Client”
        1. Type of Client;
        2. Geography;
        3. Occupation or business;
        4. Product type; and
        5. Politically Exposed Persons (PEPs).
      4. Enhanced Due Diligence (EDD) is to be conducted on all Clients that have been identified as being potentially high risk.
      5. All Clients must be categorised according to the ML/TF risks they pose to the Company and in accordance with the applicable risk criteria. In this regard Clients may be categorised as being either low risk; medium risk; or high risk and will be subject to the appropriate level of due diligence in accordance with the risk classification.
      6. Simplified Due Diligence may be applied in instances where local regulation provides for this and the following minimum requirements have been met :
        1. The Client is rated as low risk from an AML/CFT perspective;
        2. The risk of the product being utilised for ML/TF is low;
        3. The income of the Client falls within certain financial thresholds prescribed by local regulatory requirements; and
        4. Adequate and effective procedures must be established and maintained as prescribed within this Policy in relation to the on-boarding of low risk Clients or review of these Clients once the prescribed transaction thresholds have been breached.
      7. Standard Due Diligence is applicable to Clients rated as medium risk (i.e. neither low or high risk). Standard Due Diligence consists of the application of standard CDD requirements applicable to each Client type and does not constitute reduced/simplified or Enhanced Due Diligence.
      8. EDD requirements are applicable to Clients identified as being high risk, including PEPs. This includes, but not limited to :
        1. Confirmation of KYC information obtained on the Client and related parties (where applicable) and obtaining additional verification of the Client’s KYC details, i.e. re-verification of residential or trading address, verification of income or source of wealth;
        2. Obtaining additional information on the intended nature of the business relationship;
        3. Ensuring enhanced monitoring of the business relationship, (such as increasing the frequency and timing of controls applied and selecting patterns of transactions that require further examination);
        4. Obtaining Ultimate Beneficial Ownership information for all high-risk entities;
        5. Gathering of publicly available information to assess potential reputational risk; and
        6. Obtaining Senior Management approval to enter into or continue with the relationship where there is an adverse finding, or the Client is a match on a Sanctions List, and or the Client is a PEP (this includes the escalation of matters to the appropriate business committees that have been established for decision-making in respect of high risk relationships).
      9. Adequate EDD procedures must be established and maintained for the on-boarding and review of high risk PEPs which includes :
        1. Appropriate risk-management systems to determine whether the Client or the beneficial owner is a PEP; and
        2. Ensuring that the origin of wealth and source of funds are appropriately identified and verified where necessary.
      10. EDD: Correspondent Banking :
        1. The Company must ensure that adequate and effective controls are in place to avoid the establishment of correspondent banking relationships with Shell banks;
        2. The Company must, in relation to cross-border correspondent banking and other similar relationships, in addition to performing standard CDD, also :
          1. Gather sufficient information about a correspondent institution to understand fully the nature of the correspondent’s business, and to determine from publicly available information the reputation of the institution and the quality of supervision, including whether it has been subject to a ML/TF investigation or regulatory action;
          2. Assess the correspondent bank’s AML/CFT controls;
          3. Clearly understand the respective responsibilities for each institution in respect of the particular arrangement/transaction;
          4. Confirm whether the correspondent bank offers ‘payable-through accounts’ and be satisfied that the correspondent bank has conducted CDD on clients who have direct access to accounts of the correspondent bank, and that it is able to provide relevant CDD information upon request. In the instance where a correspondent bank offers payable-through accounts, these relationships must be escalated to the Company’s Money Laundering, Terrorist Financing and Sanctions Control Department (ML/RFC) for consideration and approval.
      11. Ongoing due diligence refers to the periodic review of the Client to ensure that the identification and verification information relating to the Client is still current and relevant and includes periodic and regular screening of the Client against the relevant risk criteria to ensure that the risk rating of the Client is still applicable.
        1. The Company’s Entities Department should ensure that ongoing due diligence is performed based on a Client’s assigned risk rating. In this regard, as a minimum, periodic Client reviews must be performed in accordance with the following time periods :
          1. high risk: on an annual basis;
          2. medium risk: every two (2) years; and
          3. low risk: every three (3) years.
        2. The Company must establish and maintain adequate procedures to ensure that all Client acceptance information and supporting documents are reviewed and updated periodically by the Company where there is an ongoing business relationship with the Client, as defined in the supporting AML Standards referred to in 6.1 below.
        3. In this regard the following events trigger a need to review Client information:
          1. Periodic review of the Client;
          2. Where the Client voluntarily advises the Company that its KYC information has changed;
          3. Where an existing Client takes out a new product or opens a new account;
          4. Where a relationship manager or account executive conducts a review on the Client in the normal course of business and ascertains that the Client information has changed;
          5. When a transaction of significance takes place;
          6. Where there is a material change in the way an account is operated;
          7. When the Company becomes aware that it lacks sufficient information about an existing Client;
          8. Country risk caution alerts from bodies such as the Financial Action Task Force (FATF) and the International Monetary Fund (IMF). These can include warnings about territories that have been judged by FATF as posing substantial ML/TF risk to the international financial system or as having strategic deficiencies with insufficient progress to address. Conversely, they can include notifications of improvements in national regimes;
          9. Significant adverse news arising from, but not limited to, litigation, sanctions breaches and or fines, regulatory breaches and or fines;
          10. Significant change in ownership and or control and or nature of business and or location of business (KYC risk, jurisdictional risk, beneficial ownership risk, industry sector risk and product risk) including de-listings and de-regulation; and or
          11. Company alerts due to concerns arising (e.g. notices or directives on sanctions issues).
      12. Prohibitions. It is prohibited to :
        1. Open and maintain anonymous, pseudonym, numbered accounts or accounts in obviously fictitious names;
        2. Open accounts or enter into any relationship with Shell Banks; and or
        3. Open ‘payable through accounts’.
    • REPORTING
      1. Suspicious and unusual transaction reporting and co-operation with the authorities :
        1. The Company and its Employees must report suspicious and unusual transactions/activities to the competent authorities in accordance with the supporting AML Standards referred to in 6.1 below, and local requirements. In addition to reporting suspected proceeds of crime and the financing of terrorism, these reports should also include suspicions related to activities involving tax evasion and bribery, where this is required by local regulations. Designated Employees will co-operate with the authorities to the extent obliged by law.
        2. The Company must ensure that adequate and effective analysis processes and procedures are in place to analyse all suspicious and unusual transactions or activity in accordance with this Policy including any internal guidance issued in this regard, and subsequently report the transactions to their respective Financial Intelligence Units/Centres or other competent authorities.
        3. This reporting shall be done in accordance with the regulatory requirements applicable to the respective jurisdiction in which the Company operates and is not to be of lesser standard than that detailed in this Policy, the supporting AML Standards referred to in 6.1 below, or any other guidance issued in this regard.
        4. All Employees who have filed or intend to file a suspicious transaction/activity report should not discuss their suspicions with anyone other than their line manager, Compliance Employees within the applicable Company Department/Unit and the ML/TFC or the Head thereof.
        5. The suspicion must under no circumstances be discussed with the Client as this would constitute tipping off. Tipping off is the disclosure of information to any person that is likely to prejudice an actual or potential investigation into ML/TF activities and is a criminal offence.
        6. Section 6 of this Policy is applicable to Employees who fail to report a suspicious transaction/activity relating to ML/TF activities, in the instance where they knew or ought to have known of the suspicion.
      2. Terrorist Property Reporting :
        1. The Company and its Employees must report suspicious and unusual transactions/activities to the competent authorities in accordance with the supporting AML Standards referred to in 6.1 below, and local requirements. In addition to reporting suspected proceeds of crime and the financing of terrorism, these reports should also include suspicions related to activities involving tax evasion and bribery, where this is required by local regulations. Designated Employees will co-operate with the authorities to the extent obliged by law.
        2. The Company must ensure that adequate and effective analysis processes and procedures are in place to analyse all suspicious and unusual transactions or activity in accordance with this Policy including any internal guidance issued in this regard, and subsequently report the transactions to their respective Financial Intelligence Units/Centres or other competent authorities.
        3. This reporting shall be done in accordance with the regulatory requirements applicable to the respective jurisdiction in which the Company operates and is not to be of lesser standard than that detailed in this Policy, the supporting AML Standards referred to in 6.1 below, or any other guidance issued in this regard.
        4. All Employees who have filed or intend to file a suspicious transaction/activity report should not discuss their suspicions with anyone other than their line manager, Compliance Employees within the applicable Company Department/Unit and the ML/TFC or the Head thereof.
        5. The suspicion must under no circumstances be discussed with the Client as this would constitute tipping off. Tipping off is the disclosure of information to any person that is likely to prejudice an actual or potential investigation into ML/TF activities and is a criminal offence.
      3. Cash Threshold Reporting :
        1. Each of the Company’s Department’s must ensure that adequate and effective controls are in place to submit Cash Threshold Reports in jurisdictions where such reporting obligation exists.
        2. Cash Threshold Reports must be made to the competent authorities in accordance with the regulatory requirements applicable to each jurisdiction in which the Company operates.
    • MONITORING AND MANAGEMENT INFORMATION
      1. Structural Monitoring :
        1. This type of monitoring focuses specifically on the adequacy of governance structures, resources and supporting documentation including policies, processes and procedures.
      2. Routine Monitoring :
        1. This type of monitoring focuses specifically on the business adherence to policies, processes and procedures and will include monitoring on the following AML/CFT pillars :
          1. Customer Due Diligence;
          2. Reporting;
          3. Training; and
          4. Record-keeping.
      3. Special Monitoring :
        1. This is a focused monitoring review pertaining to a specific Department usually as a result of :
          1. Such Department having been identified as high risk for ML/TF;
          2. Significant breaches pertaining to AML/CFT controls being found to have occurred in a particular Department; and or
          3. A request from management or the regulator.
      4. Special monitoring may consist of a combination of structural and routine monitoring. All Departments must regularly provide Management Information (MI) pertaining to the AML/CFT pillars referred to in 4.5.2 above to the applicable compliance committees and or internal ML/TF control functions, which in turn will collate and present same to the ML/TFC Department and or the relevant Department Management and Board Committees.
    • Record-Keeping Obligations :
      1. The Company must compile and maintain records of all Client acceptance and verification documentation for a minimum of five years after the termination of the relationship with the Client, or in instances of a non-Client conducting a single transaction, such records must be kept for at least five years after the date of the single transaction.
      2. This record-keeping shall be done in accordance with the regulatory requirements of the relevant jurisdiction and is not to be of a lesser standard than that detailed in this Policy and the supporting Anti-Money Laundering Standards referred in 6.1 below.
      3. Records in relation to payments and transactions must be sufficiently retained in such a manner to ensure the reconstruction of individual transactions (including the amounts and types of currency involved) so as to provide evidence for prosecution of criminal activity (if necessary).
      4. All Client identification information and data obtained through the Customer Due Diligence process (e.g. copies or records of official identification documents such as identification cards, passports, driving licenses or similar documents), account files and relevant business correspondence must be retained.
      5. All records must be stored securely against fire, water and systems damage.
      6. In cases where records are kept by a third party, the Company should ensure that such records are kept in accordance with applicable legislative requirements.
      7. All records must be capable of being retrieved without delay and such process must be outlined in the respective business-specific operating/minimum standards. Due to the ongoing nature of criminal investigations, all documentation relating to the analysis of suspicious transaction/activity reports, or the notes relating to alert closures, must be retained in accordance with the requirements contained in the Reporting of Suspicious and Unusual Transactions Module of the supporting Anti-Money Laundering Standards referred to in 6.1 below.
    • Training and Awareness Requirements :
      1. The Company shall ensure that all relevant Employees are trained on its AML/CFT controls and framework.
      2. Training must be applicable to the roles and responsibilities of Employees, as defined in the supporting AML Standards referred in 6.1 below.
      3. The training requirements shall equally apply to third parties who carry out some of the AML/CFT control functions of the Company.

    ROLES AND RESPONSIBILITIES

    • Board of Directors: In addition to the roles and responsibilities assigned by law and regulations, the Board shall have the following responsibilities in terms of this Policy:
      1. The Company Board of Directors (or a Board Committee or other appropriately empowered risk oversight body on the Board’s behalf) must ensure that there is an effective framework for managing AML/CFT compliance risk.
      2. The Board of Directors of each of the Company’s regulated subsidiary companies is similarly responsible for ensuring that there is a framework for managing that legal entity’s AML/CFT compliance risk. The Board of Directors of the Company and each of its subsidiary companies must encourage a culture of compliance.
    • Board Committees: Company Risk and Capital Management Committee (GRCMC)
      1. The GRCMC must:
        1. approve the Policy;
        2. have ultimate oversight to ensure that AML/CFT control measures are implemented within the Company. This responsibility can be delegated, but not subrogated to management; and
        3. have oversight of AML/CFT control issues within the Company.
    • Board Committees: Company Audit Committee :
      1. The responsibilities of the Company Audit Committee (GAC) are detailed in its mandate and include noting and endorsement of the Policy once it has been approved by the GRCMC.
      2. In accordance with its mandate, Company Compliance is responsible for providing assurance to the GAC that AML/CFT controls are being appropriately managed throughout the Company.
    • Company Management Committee: The Company Management Committee must ensure that the required AML/CFT control framework is in place throughout the Company.
    • Business Line and Legal Entity Executive Management : Business line and legal entity Executive Management must :
      1. assess its risk of exposure to ML/TF and develop appropriate processes and procedures by adhering to this Policy as a minimum;
      2. appoint the necessary Employees to adequately deal with AML/CFT control within the Company; and
      3. ensure that in instances where the Company outsources certain operational processes, the regulatory responsibility for AML/CFT control remains with Executive Management of the Company undertaking the outsourcing. Executive Management must also ensure that the third party has adequate resources and procedures in place to enable the Company to meet its requirements with regard to the Company’s AML/CFT minimum standards.
    • Governance Committees: The Company Risk Oversight Committee and the Company Compliance Committee each have formal responsibilities in relation to compliance risk oversight, including that of ML/TF risk, as detailed in their respective mandates.
    • Company Compliance Function:
      1. Company Compliance is responsible for assisting Executive Management in effectively managing the compliance risk faced by the Company by :
      2. developing, reviewing and maintaining this Policy;
      3. monitoring adherence to this Policy;
      4. raising awareness in terms of this Policy;
      5. advising Employees, line managers and business unit heads of this Policy where necessary;
      6. putting in place the compliance infrastructure detailed in the Company Compliance Risk Management Standard (Compliance Standard);
      7. performing the activities detailed in the Compliance Standard; and
      8. where appropriate, in line with divisional or jurisdictional requirements or procedures, fulfil additional support or approval requirements.
    • The Company Money Laundering, Terrorist Financing & Sanctions Control Department (Company ML/TFC)
      1. Company ML/TFC must:
        1. support the Board of Directors, Executive and Senior Management, and Employees in promoting AML/CFT control cultures throughout the Company. This includes the development and maintenance of an adequate and effective corporate governance structure as it relates to AML/CFT control as well as the co-ordination of the overall AML/CFT control framework.
        2. develop, maintain and ensure the implementation of this Policy. It is however the responsibility of the Company to perform the necessary implementation thereof.
        3. provide guidance and support in respect of AML/CFT matters and requirements.
        4. receive, evaluate and report suspicious or unusual transactions/activities to the competent authorities/supervisors and ensure full co-operation with the law enforcement agencies, including releasing information to them in terms of the Company’s legal obligations. Within the Company, this may be conducted by designated Compliance Employees.
      2. The Company Sanctions Desk:
        1. The Company Sanctions Desk (GSD) must develop and review the Company Sanctions Policy in order to mitigate sanctions risk within the Company.
        2. The GSD must guide the Company on whether to :
          1. exit or maintain any relationship, payment, transaction and/or activity relating to the services of the Company where the relationship, payment, transaction and/or activity is subject to sanctions; and/or
          2. refer the relationship, payment, transaction and/or activity to the Company Sanctions Review Committee (GSRC) for escalation and consideration where appropriate.
      3. The GSD must review applications from the Company for any exceptions to the minimum requirements of the Company Sanctions Policy. The GSD must, where appropriate, and provided that such application is made by the head of the applicable business area, refer transactions on appeal to the GSRC for consideration.
      4. The GSD will ensure that adequate training programs are developed for training of impacted Employees to effectively manage sanctions-related risks.
      5. The GSD may, in consultation with GSRC, from time to time, issue directives in relation to applicable sanctions. The directives are to be read as part of the Company Sanctions Policy and will apply to the whole Company unless otherwise specified.
    • Internal Audit:
      1. Company Internal Audit (GIA), in its capacity as the third line of defence, provides an independent assurance on the adequacy and effectiveness of risk management frameworks.
      2. GIA assists Executive Management in accomplishing their business objectives by bringing a systematic, disciplined, risk-based approach to the evaluation of compliance risk management, controls and governance processes. This may include but is not limited to undertaking Company-wide audits pertaining to AML/CFT control requirements, achieved through the completion of an annual risk-based audit plan.
      3. The GSD may, in consultation with GSRC, from time to time, issue directives in relation to applicable sanctions. The directives are to be read as part of the Company Sanctions Policy and will apply to the whole Company unless otherwise specified.GIA has the authority to independently determine the scope and extent of work to be performed across the Company, as mandated by the GAC.
      4. Where possible and in order to avert a possible duplication of effort, GIA may rely on the reviews performed by the Compliance Monitoring function.
    • Compliance Monitoring:
      1. Compliance Assurance function:
        1. Compliance monitoring activities are performed across the Company by dedicated Compliance Assurance resources to assess, on a risk-based approach in accordance with its annual plan, whether the Company is complying with relevant regulatory requirements, including that of AML/CFT.
        2. The results of these monitoring reviews, together with additional business Compliance monitoring and review activities, enable the Chief Compliance Officer to provide assurance to the GAC on the adequate and effective functioning of Compliance procedures and controls.
      2. Routine Compliance Monitoring:
        1. In addition to the Company Compliance Assurance function Business Compliance Officers perform regular monitoring activities within their respective business units.
        2. The monitoring program devised by the Business Compliance Officers is appropriate to the nature and scale of that business unit’s activities and must take due account of this Policy, applicable local legislation and industry best practice.
        3. Company ML/TFC also performs ad hoc monitoring to determine compliance with this Policy.
    • Business Compliance Officers (BCOs): The BCO must:
      1. Assist Company ML/TFC in ensuring that all regulatory requirements are managed effectively in their respective business units by conducting routine monitoring reviews within their business units in order to determine compliance with this Policy.
      2. Provide and drive the necessary awareness of AML/CFT within their respective business units.
      3. Provide advice to business on effective AML/CFT controls in accordance with this Policy.
    • Compliance Employees within the Company: Compliance Employees within the Company must co-ordinate and advise line management of the operation of policies and procedures, including the implementation and monitoring of compliance with this Policy.
    • Employees of the Company: All Employees of the Company must :
      1. familiarise themselves with the contents of the Policy;
      2. take responsibility for compliance with this Policy as it applies to them in accordance with their roles and responsibilities; and
      3. take responsibility for their compliance with laws, rules and standards, and their adherence to the Company’s procedures, systems and controls.
    • Non-Compliance and Breaches: Instances of non-compliance with this Policy that constitute material breaches of internal AML/CFT controls must be reported to the relevant compliance committees, BCO or to Company ML/TFC in accordance with the existing reporting processes.

    RELATED POLICIES AND PROCEDURES

    • The Company AML Standards comprise the following Modules :
      1. Customer Acceptance;
      2. Record-keeping;
      3. Reporting of Suspicious and Unusual Transactions;
      4. Training and Awareness;
      5. Monitoring and Management Information; and
      6. Roles and Responsibilities