CBB Volume 4: Contents
FC-2 AML/CFT Systems and Controls
FC-2.1 General Requirements
Investment firm licenseesG must implement programmes against money laundering and terrorist financing which establish and maintain appropriate systems and controls for compliance with the requirements of this Module and which limit their vulnerability to financial crime. These systems and controls must be documented, and approved and reviewed annually by the Board of the licensee. The documentation, and the Board's review and approval, must be made available upon request to the CBB.Amended: October 2014
Amended: January 2007
The above systems and controls, and associated documented policies and procedures, should cover standards for customer acceptance, on-going monitoring of high-risk accounts, staff training and adequate screening procedures to ensure high standards when hiring employees.
FC-2.2 On-going Customer Due Diligence and Transaction Monitoring
Risk Based Monitoring
Investment firm licenseesG must develop risk-based monitoring systems appropriate to the complexity of their business, their number of clientsG and types of transactions. These systems must be configured to identify significant or abnormal transactions or patterns of activity. Such systems must include limits on the number, types or size of transactions undertaken outside expected norms; and must include limits for cash and non-cash transactions.Amended: January 2007
Investment firm licensees'G risk-based monitoring systems should therefore be configured to help identify:(a) Transactions which do not appear to have a clear purpose or which make no obvious economic sense;(b) Significant or large transactions not consistent with the normal or expected behaviour of a customer; and(c) Unusual patterns of activity (relative to other customers of the same profile or of similar types of transactions, for instance because of differences in terms of volumes, transaction type, or flows to or from certain countries), or activity outside the expected or regular pattern of a customer's account activity.Amended: January 2007
Automated Transaction Monitoring
Investment firm licenseesG must consider the need to include automated transaction monitoring as part of their risk-based monitoring systems to spot abnormal or unusual flows of funds. In the absence of automated transaction monitoring systems, all transactions above BD 6,000 must be viewed as 'significant' and be captured in a daily transactions report for monitoring by the MLRO or a relevant delegated official, and records retained by the licenseeG for five years after the date of the transaction.Amended: January 2007
The CBB would expect larger investment firm licenseesG to include automated transaction monitoring as part of their risk-based monitoring systems. See also Chapters FC-3 and FC-6, regarding the responsibilities of the MLRO and record-keeping requirements. Where the investment firm licenseeG is not receiving funds — for instance where it is simply acting as agent on behalf of a principal, and the customer is directly remitting funds to the principal — then the investment firm licenseeG may agree with the principal that the latter should be responsible for the daily monitoring of such transactions.Amended: January 2007
Unusual Transactions or Customer Behaviour
Where a licensee'sG risk-based monitoring systems identify significant or abnormal transactions (as defined in FC-2.2.2 and FC-2.2.3), it must verify the source of funds for those transactions, particularly where the transactions are above the occasional transactions threshold of BD 6,000. Furthermore, investment firm licenseesG must examine the background and purpose to those transactions and document their findings. In the case of one-off transactions where there is no on-going account relationship, the licenseeG must file an STR if it is unable to verify the source of funds to its satisfaction (see Chapter FC-4).Amended: January 2007
The investigations required under Paragraph FC-2.2.5 must be carried out by the MLRO (or relevant delegated official). The documents relating to these findings must be maintained for five years from the date when the transaction was completed (see also FC-6.1.1(b)).Amended: January 2007
Investment firm licenseesG must consider instances where there is a significant, unexpected or unexplained change in customer activity.
When an existing customer closes one account and opens another, the licenseeG must review its customer identity information and update its records accordingly. Where the information available falls short of the requirements contained in Chapter FC-1, the missing or out of date information must be obtained and re-verified with the customer.
Once identification procedures have been satisfactorily completed and, as long as records concerning the customer are maintained in line with Chapters FC-1 and FC-6, no further evidence of identity is needed when transactions are subsequently undertaken within the expected level and type of activity for that customer, provided reasonably regular contact has been maintained between the parties and no doubts have arisen as to the customer's identity.
Investment firm licenseesG must take reasonable steps to:(a) Scrutinize transactions undertaken throughout the course of that relationship to ensure that transactions being conducted are consistent with the investment firm licensee'sG knowledge of the customer, their business risk and risk profile; and(b) Ensure that they receive and maintain up-to-date and relevant copies of the identification documents specified in Chapter FC-1, by undertaking reviews of existing records, particularly for higher risk categories of customers Investment firm licenseesG must require all customers to provide up-to-date identification documents in their standard terms and conditions of business.Amended: October 2017
Investment firm licenseesG must review and update their customer due diligence information at least every three years, particularly for higher risk categories of customers. If, upon performing such a review, copies of identification documents are more than 12 months out of date, the licenseeG must take steps to obtain updated copies as soon as possible.Amended: October 2017