Know Your Customer And Anti-Money Laundering/ Combating Terrorist Financing Policy Of Sunrise Bank Limited

Transcription

1 Know Your Customer And Anti-Money Laundering/ Combating Terrorist Financing Policy Of Sunrise Bank Limited September 2013

2 Table of Contents S.N. Particular Page no. Introduction 1 Need of KYC/AML/CFT Policy 1 General guideline 2 Categorization of Customers on Risk Based Approach 3 Shell Entities 5 Non-residential 5 Appointment of the KYC & MLPO 6 Effective internal controls 6 Validity of the Policy 6 Procedures KYC/AML/CFT Policy 7 1 Customer identification Process (CIP) Specific Identification issues Determination of Beneficial Owner of the Customer 10 2 Customer Acceptance Policy (CAP) Delayed Verification Refusal of Account Opening request 13 3 Customer Due Diligence- Using Risk-Based Approach Enhanced CDD for Higher Risk Customers Simplified CDD for Lower Risk Customers Reliance on Intermediaries 14

3 3.4 Termination of Customer Relationship 14 4 Supervision & Monitoring of transactions 14 5 Record- keeping/retention 15 6 Reporting responsibility of various reports Suspicious Transaction Report/ing Threshold Transaction Report/ing Other report/ing 16 7 Risk Management Awareness and training of staff 16 8 Policies and Procedures on Wire Transfers 17 9 Policies and Procedures on Cross Border Correspondent Banking and Similar Relationships Prohibition on Tipping Off and Protection from Liability Code of conduct of employees Internal Policies, Procedures, Systems and Controls Misuse of New Technology Prevention and Cancellation Amendment 20

4 Annexes Annex 1 Annex 2 Annex 3a & 3b Procedure regarding Customer Due Diligence (Know Your Customer) Information to be disclosed while applying in banks and financial institutions for loan KYC form (For Individual & Institution) Annex 4 Annex 5 Annex 6 Annex 7 Annex 8 Enhanced Customer Due Diligence Form Suspicious Transaction Report (STR) Form for Banks and Financial institutions Internal Record Form of STR Submission for Banks and Financial Institutions Threshold Transaction Report (TTR) Form for Banks and Financial institutions AML Questionnaire Annex 9 US Patriot Act Annex 10 An Indicative List of Politically Exposed Persons (PEP)

5 Acronyms AML BFI BM C & MLPD CDD CEO CFT CIAA CIB DMLI ECDD FIU GoN KYC MLPO NBA NRB OI SWIFT Anti Money Laundering Banks and Financial Institutions Branch Manager Compliance and Money Laundering Prevention Department Customer Due Diligence Chief Executive Officer Combating Terrorism Financing Commission for the Investigation of Abuse of Authority Credit Information Bureau Department of Money Laundering Investigation Enhanced Customer Due Diligence Financial Information Unit Government of Nepal Know Your Customer Money Laundering Prevention Officer Nepal Bankers Association Nepal Rastra Bank Operations In-charge Society for the Worldwide Interbank Financial Telecommunication

6 Introduction This Know Your Customer/Anti Money Laundering/Combating Terrorist Financing (KYC/AML/ CFT) policy of Sunrise Bank Limited ( the Bank ) has been designed in line with KYC/AML Policy designated by Nepal Bankers Association (NBA), NRB Act 2002, Asset (Money) Laundering Prevention Act 2008 (first amendment 2011, second amendment 2013), Asset (Money) Laundering Prevention Rules 2009, Directive No. 19 of Unified Directives 2070 issued by NRB and AML/CFT Directives issued by FIU Nepal. The existing KYC Policy of the Bank shall be replaced by this policy as the existing policy was designed before the introduction of Asset (Money) Laundering Prevention Act 2008 and due to this it has several shortcomings. It is very important to ensure that the Bank has adequate AML/CFT/KYC controls and procedures in place so that all customers are dealt with, or with whom a relationship is established, are adequately known to the Bank. Furthermore, it is mandatory to ensure that assets earned through illegal activities are not run through the financial system in the country in general and the Bank in particular for the benefit of the criminals, irrespective of where the crime was committed. Financial Institution s activities cannot remain within the countries only, in order to survive, association with the international Financial Institutions is a must, and we should implement the similar process that adopted to combat the Money Laundering internationally. There have been frequent enquiries from our agents/correspondents banks regarding our policy and procedures to deal with customer due diligence (CDD) and money laundering/ terrorism financing and measures taken by us to prevent such activities. This policy has been designed with a purpose of fulfillment of domestic policies, satisfying correspondent banks requirement and to prevent the bank from being a vehicle of the money laundering and terrorism financing. The "Asset (Money) Laundering Prevention Act, 2008 (amended 2011 and 2013)" prohibits the financial Institutions in collecting deposits which are earned by the customer through illegal sources, the financial Institutions should also not be involved by helping the concealing, transforming, transfers, burying the originating source, or misrepresentation of such illegally earned money. As provisioned by the above Act, staff of financial institutions should inform immediately the description of such money to FIU established according to the act and the concerned authority to control/monitor deflection of currency or money laundering. FIU is an independent body established by Government of Nepal (GoN) to regulate the policies for preventing money laundering activities in Nepal in line with international norms. Accordingly FIU has issued a directive on prevention of money laundering to all BFIs as well as Money Changers. The directive requires BFIs to prepare and implement policies/guidelines/manuals for prevention of money laundering covering detail procedures of customer identification, customer acceptance/transaction, transactions monitoring, suspicious transaction reporting, risk management, etc. Need of KYC/ AML/ CFT Policy Main reasons why the bank needs KYC/AML/CFT policy in place and to maintain tight controls to avoid its involvement in money laundering/ terrorism financing are as follows: To protect the Bank s reputation and the integrity of banking system by reducing the likelihood of bank becoming a vehicle for or a victim of financial crime and suffering consequential reputational damage. To constitute an essential part of sound risk management system e.g. by providing the basis for identifying, limiting and controlling risk exposure in assets and liabilities including asset under management. The Financial Institution cannot sustain without having compliance with the requirement of local laws and framework set by the regulator. The Financial Action Task Force (FATF) established by countries of the Group of Seven (G7) has come up with strong recommendations towards prevention of Money Laundering and CDD.

7 General guidelines: Money Laundering/Combating for Terrorism Financing: In the process of money laundering, the source of illegally obtained funds is obscured through a succession of transfers and deals in order that same funds can eventually be made to appear as legitimate income. Through money laundering small as well as large amounts of illegally obtained money is given the appearance of having originated from a legitimate source. But it is not necessary that large amounts of money is laundered in one go in the process. There are numerous events where large amounts of money are broken into small parts and integrated to a big sum again at the end, for burying the originating source by making complex transactions. It is also not necessary that only the illegally earned money transformed as clean money is called money laundering. Legally earned money exchanging hand for the purpose of financing for illegal activities also constitutes a part of money laundering. Therefore, the fund involved in the illegal activities at the beginning or at the end can be marked as money laundering. Illegally earned money does not only comprise of the source of money from drug trafficking, prostitution, illegal arms dealing and terrorist activities but also includes money collected through corruption, tax evasion, other criminal sources where the owner can not disclose the originating source of fund, e.g. theft, where they are required to clean the money as it has been earned as a legitimate source. Customer Due Diligence (CDD): Due Diligence of a customer is a process involving either the performance of an investigation of a business or person, or the performance of an act with a certain standard of care. Know your customer (KYC): Know your customer (KYC) is the due diligence and bank regulation that bank must perform to identify their clients and ascertain relevant information pertinent to doing financial business with them. Know Your Customer policies are becoming increasingly important globally to prevent theft, fraud, money laundering and terrorist financing. One aspect of KYC checking is to verify that the customer is not on any list of known fraudsters, terrorists or money launderers, persons regarded as high-risk owing to negative reports in the media about them or in public records. Categorization of Customers on Risk Based Approach Risk Profile: High Risk Profile: High Risk Profiles (HRP) includes Domestic High Risk persons as well as Foreign High Risk persons as identified by the Money Laundering Prevention Act 2008 (amendment 2013) and Unified Directives 2070 issued by NRB as High risk". Further, persons involved in or suspected to involve in activities such as money laundering, drug trafficking, terrorism financing, having propensity or history of public corruption, organized crime, fraud, human rights abuses, non-existent or inadequate financial regulation, fictitious or unrecognized jurisdictions that issue fraudulent financial services licensing, and international sanction (including special measures, financial havens with banking secrecy uncooperative tax havens, weak regulatory framework for alternative remittance systems, and offshore financial centers). This list also includes alerts for pseudo official or non-governmental jurisdictions or entities that issue camouflage or spurious passports. Customers who are in the CIB blacklist and whose accounts and/or lockers have been blocked by NRB, FIU, DMLI, CIAA, Nepal Police or any law enforcing authority shall also be considered as high risk customers. The Bank shall apply Enhanced CDD for customers that are likely to pose a higher risk of money laundering or terrorist financing including for politically exposed persons (PEPs) and non face to face customers.

8 Enhanced CDD should include reasonable measures to establish the source of wealth and source of funds of customers. Note: PEP means a politically exposed person. PEPs are individuals who have been entrusted with prominent public functions in Nepal and a foreign country including Heads of State or of government, Ministers, First class officer and all civil officials above that post of Nepal Government or Government's institutions, leaders of political parties, high portfolio holders of private and social sector Officials. The term also means the close family members, close associates of such people themselves. An indicative list of PEP is given in Annex 10 for reference. Enhanced CDD should be applied to high risk customers at each stage of the CDD process. No high risk customer should be accepted as a customer unless the Branch Manager of the branch has formally accepted the relationship with this type of customer. Relevant factors in determining if a customer is high risk include if the person (natural or legal) is: a) establishing customer relationship other than face to face ; b) a non-resident, or if the nationality, current residency, and previous residency of the person suggests greater risk of money laundering or terrorist financing; c) connected with jurisdictions that lack proper standards in the prevention of money laundering or terrorist financing (as defined by FATF); d) a politically exposed person ("PEP") or linked to a PEP; e) a high net worth individual, especially if the potential customer is a private banking customer or the source of funds or source of wealth is unclear; f) engaged in a business that is particularly susceptible to money laundering or terrorism financing; g) a legal person or arrangement that is a personal asset holding vehicle; h) a legal person or arrangement whose ownership structure is complex with no visible economic or lawful purpose; i) a company with nominee shareholders or shares in bearer form; j) higher risk for other reasons based on relevant information such as jurisdictions identified as having high levels of corruption; and k) Jurisdictions involved in cash intensive business activities such as casinos, Jewellery shops, hotels/restaurant etc. Non face-to-face account relations referred to in Sub-clause (4) of this Clause include but are not limited to: a) business relationships concluded over the Internet or by other means such as through the post; b) Establishment of account relationship over the internet. c) Establishment of account relation through telephone banking or facsimile or similar means. Enhanced CDD procedures for non-face to face account relationship may include: a) certification of documents presented by a notary or other reliable person; b) requisition of additional documents to complement those that are required for face to face customers; c) development of independent verification measures and/or contact with the customer. Procedures for determining who is a PEP may include: a) seeking relevant information from the potential customer; b) referring to publicly available information; and

9 c) making access to commercial electronic databases of PEPs, if available. In applying enhanced due diligence, banks and financial institutions shall take care not to engage in unlawful discrimination on the basis of sex, race, color, marital status, religion, or national origin. Medium Risk Profile (MRP): Those customers falling neither in high risk profile nor in low risk profile are categorized as medium risk profile. Low Risk Profile (LRP): Bank may apply simplified customer due diligence procedures upon undertaking a documented risk assessment of the customer relationships. The bank or financial institution shall make the documents of the procedures and the risk assessment available to NRB upon request. The general rule is that customers must be subject to the full range of customer due diligence measures as provided in Nepal Rastra Bank's Directive/Circulars. In certain circumstances where the risk of money laundering or terrorist financing is lower, as determined by a risk assessment undertaken by the bank and financial institutions, where information on the identity of the customer and the beneficial owner of a customer is publicly available, or where adequate checks and controls exist elsewhere in national systems, simplified measures may be employed. Examples of customers, transactions, or products where the risk may be lower include: a) NRB regulated institutions b) Non-resident financial institutions that are subject to adequate regulation and supervision c) Public companies (or other legal persons or legal arrangements) quoted on an exchange regulated by the Securities Board of Nepal, and certain public companies quoted on a foreign exchange approved for this purpose by the FIU that is subject to adequate supervision and providing the company is subject to adequate regulatory disclosure requirements d) Small scale accounts and micro-credit accounts with an annual turnover of under rupees 1,00,000/- (one hundred thousand) Non-resident and foreign entities described in paragraphs (b) and (c) of Sub-clause (3) above may only qualify for reduced CDD if they are located in a jurisdiction that is implementing effectively the international standards on KYC/AML/CFT. In making this determination, banks and financial institutions should take into account the information available on whether these countries adequately apply the international standards on AML/CFT, including by examining the approved list provided by the NRB and reports, assessments and reviews published by FATF, FATF-Style Regional Bodies (FSRBs) such as Asia Pacific Group, International Monetary Fund, and World Bank publications. Simplified CDD measures are not acceptable whenever a customer based in a jurisdiction that has been identified by the FATF and/ or NRB as non-complying with the international standards on AML/CFT, or for which the Bank has independent credible reason to believe that s/he is not complying with the standards on AML/CFT, or for any reason where there is suspicion of money laundering or terrorist financing or specific higher risk scenarios apply.

10 Shell Entities A shell Entity serves as a vehicle for business transactions without itself having any significant assets or operations. Shell corporations are not in themselves illegal and they may have legitimate business purposes. However, they are a main component of the underground economy, especially those based in tax havens. A classic tax avoidance operation is based on the buying and selling through tax haven shell companies to disguise true profits. The firm does its international operations through this shell corporation, thus not having to report to its country the sums involved, avoiding any taxes. Non-residential A non-resident Nepali is a Nepali citizen who migrated to another country, a Nepali origin who was born outside Nepal, or a Nepali origin who resides outside Nepal. This often includes Nepali-born individuals (and also people of other nations with Nepali ancestry) but obtained citizenship of other countries. A Person of Nepali Origin is usually a person of Nepali origin who is not a citizen of Nepal. This category includes foreign spouses of Nepali nationals, regardless of ethnic origin. Appointment of the KYC & MLPO Head Compliance and MLPD will act as the Know Your Customer (KYC) & Money Laundering Prevention Officer (MLPO) for the Bank. All branches of the Bank will have Compliance & MLPO for that branch which shall be appointed by the Chief Executive Officer (CEO) of the bank. If no any staff of the branch has been appointed as Compliance & MLPO, the Branch Manager shall be deemed as the Compliance & MLPO for that branch. The branches shall monitor all transactions happening in the branch and report any unusual and/ or suspicious transaction to the Head Compliance and MLPD who in turn will provide information to the NRB/ FIU and other government bodies as required. Head Compliance and MLPD will also provide relevant information to the Management and Board of Directors of the Bank on periodic basis or as and when required. Effective internal controls Procedures have been drawn up to implement Anti-Money Laundering regulations taking into account the circumstance and requirement of the country. These procedures will be communicated to staff and shall form a part of the terms and conditions of employment of all staff. Staffs are required to confirm and declare that they have read and understood the policy. Head Compliance & MLPD shall confirm periodically and/or on need basis that procedures are being effectively implemented. Amendment of the Policy Directives/Circulars issued by FIU and NRB from time to time and the KYC/AML/CFT acts and laws of the country shall form integral parts of this policy and if any section/sub-section/clause of this policy contradicts with the country's related laws, FIU/NRB's directives, circulars; the latter shall be valid to the extent of contradiction.

11 Procedures KYC /AML / CFT Policy The importance of ensuring that the Bank has adequate controls and procedures in place so that all customers being dealt with or with whom a relationship is established are adequately known to the Bank has been a fact that has been increasingly recognized over the years. Adequate and appropriate customer due diligence on new and existing customers are key parts of these controls. Without proper due diligence the Bank can become subject to the reputational, operational, legal and concentration risks, which can result in significant financial loss. Therefore, Know Your Customer and Anti Money (Asset) Laundering/ Combating Terrorist Financing (KYC/AML/ CFT) policy should be viewed from a much wider prospect, not just the simple account opening and AML process. KYC/AML/ CFT safeguards go beyond simple account opening and record keeping and require banks to formulate a customer acceptance policy, identification of beneficial owner, end of customer relationship and a tiered customer identification program that involves more enhanced customer due diligence for higher risk accounts, and includes proactive account monitoring for identifying suspicious activities. Further, sound KYC/ AML/ CFT procedures must be seen as a critical element in the effective management of risks. The Bank has formulated the KYC/AML policy incorporating the following key elements: Customer Identification Procedure (CIP) Customer Acceptance Policy (CAP) Customer Due Diligence ("CDD"), including a risk-based approach. Supervision & Monitoring of Transactions Record-keeping/Retention Reporting Responsibility of Various Reports Risk Management (RM) Policies and Procedures on Wire Transfers Policies and Procedures on Cross Border Correspondent Banking and Similar Relationships Prohibition on Tipping Off and Protection from Liability Code of conduct of Employees Internal Policies, Procedures, Systems and Controls Prevention and Cancellation Bank ensures that if any branch or subsidiaries operate in jurisdictions outside Nepal that will follow requirements of this Policy and other prevailing laws of the country and NRB/ FIU regulations. 1. Customer Identification Procedure (CIP) The Customer: The person or entity that maintains an account with the bank or those on whose behalf an account is maintained i.e. beneficial owner; any person or entity connected with the bank who can pose significant reputational or other risk to the bank. Customer Identification: A process of identifying the customer and verifying his/her identity by using reliable, independent supporting documents, data or information. The designated staff needs to obtain

12 sufficient information necessary to establish the identity of each new customer and the purpose of the intended nature of relationship. Being satisfied means that MLPO must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the exact guidelines in place. Such a risk based approach is considered necessary to avoid disproportionate cost to the Bank and a burdensome regime for the customers. Besides the risk perception, the nature of information/documents required would also depend on the type of the customer. For customers that are natural persons the MLPO should obtain citizenship certificate and other identification documents to verify the identity of the customer, his/her address/location and also his/her recent photograph(s). Citizenship certificate must be obtained mandatorily and no accounts should be opened without its verification. In case of legal entities, the bank shall deal only with customers who are engaged in legitimate personal or business activities. The bank shall establish to its satisfaction that it is dealing with a real (natural) person or legal (artificial) person having proper identification and existence (natural, corporate or legal) and verify the identity, if required, of those persons who have power to operate the bank account of the legal person. The customer must be physically present at the Bank / in front of bank's relationship officer (RO) or any bank staff at the time of account opening, and no accounts shall be opened on non face to face basis unless approved by the Branch Manager who will take consent from Head- Compliance & MLPD before such approval. Verification of the original citizenship certificate and/or passport must also be done on face to face basis. When dealing with accounts along with mandate, identification procedures and verifications of residential address will be applied to both the customer and mandatee. KYC form of both of the account holder and the mandatee should be obtained. Full KYC details along with photograph of the guardian must be obtained while opening Minor Account along with the birth certificate of the minor. Due diligence of the beneficiary ownership should be done when the transaction from Trust Account and Non Government Organization is done. In case of legal person, prior to establishing a relationship with a customer, basic background information as in the KYC form shall be obtained concerning the nature of the customer s business and sources of income, expected level of turnover/transactions of the account and reasons for opening the account. A separate sheet may be used for obtaining such information if needed. The information may not be required to mention simultaneously while interviewing the client, if so required. But this information, where needed shall be a part of the documents to make a complete set of the documents required. Transactions on accounts shall be monitored for consistency with the expected normal activity as specified by the customer or subsequently updated by the Bank. The information of the customer shall be updated on a periodical basis, for the low risk category client and on annually for the customers graded as high risk. Account opening for one off transaction must be avoided. Account under investigation by government agencies or the bank itself shall be closed only after taking consent from Compliance and MLPD even when the customer requests for the closing accounts.

13 Any exceptions to customer identification procedures, or cases not explicitly provided for, shall be approved by Head Office and MLPD and reasons of such exceptional treatment must be documented. 1.1 Specific Identification issues: Trust, nominee and fiduciary accounts: Trust, nominee and fiduciary accounts may be used to circumvent customer identification procedures. While extra layers of security to protect the confidentiality of banks legitimate customers, it is essential that the true relationship is understood. MLPO and /or the concerned staff (such as BM, OI etc) should establish whether the customer is taking the name of another customer, acting as a front, or acting on behalf of another person as trustee, nominee or other intermediary. If so, a necessary precondition is, the receipt of satisfactory evidence of the identity of any intermediaries, and of the persons upon whose behalf they are acting, as well as details of the nature of the trust or other arrangements in place. Specifically the identification of a trust should include the trustees, settlers/grantors and beneficiaries. Corporate Vehicles: MLPO and /or the concerned staff (such as BM, OI etc) should be vigilant in preventing corporate business entities from being used by natural persons as a method of operating anonymous accounts. MLPO and /or the concerned staff (such as BM, OI etc) in conjunction with the respective Unit Head/Relationship Manager/Relationship Officer, should understand the structure of the company, determine the source of funds, and identify the beneficial owners and those who have control over the funds. Politically Exposed Persons (PEP): Accepting and managing funds from corrupt PEPs damage the Bank s reputation and may undermine public confidence in the ethical standards of entire financial sector, since such cases usually receive extensive media attention and strong political reaction, even if the illegal origin of the assets is often difficult to prove. MLPO and /or the concerned staff (such as BM, OI etc) should gather sufficient information from a new customer, verify with the list updated for PEPs and Associates, and also check publicly available information, in order to establish whether or not the customer is a PEP. It should be understood that the bank shall not deny opening the account of PEPs and their associates on the basis of just being PEPs and associates and they have high risk profile. However, once the person is identified as PEP or Associate the MLPO and /or the concerned staff (such as BM, OI etc) should be satisfied with the source of funds before accepting the account of PEP. The decision to open an account for PEP should be taken by Branch Manager of the particular branch. PIP consists relatives of PEP, high ranking government officials etc. Bank should conduct ECDD in case of PEP/PIP customer. Correspondent Financial Institution Bank will gather sufficient information through questionnaires about their respondent Financial Institutions in order to fully understand the nature of the respondent s business and their commitment towards AML. Factors to be considered for the same will include: Information about the respondent Financial Institution s management, major business activities, Location of the business, Its money laundering prevention and detecting efforts, The purpose of the account, effective customer acceptance and CDD policy, The correspondence financial institution should not be a shell Financial Institution, The correspondence financial institution should not be located in non-cooperating-countries and territories, The identity of any third party entities that will use the correspondent financial institution services,

14 The condition of Financial Institution regulation and supervision in the respondent s country 1.2 Determination of Beneficial Owner of the Customer The Bank shall take reasonable measures to determine if a customer is acting on behalf of one or more beneficial owners. If the Bank shall take reasonable steps to verify the identity of the beneficial owner(s) by using relevant information or data obtained from a reliable source such that the bank is satisfied that it knows the identity of the beneficial owner(s). The information to be obtained on a beneficial owner should be consistent with the requirements outlined in Annex 1 of this Policy. For public companies (or other legal persons or legal arrangements) quoted on an exchange regulated by law, and certain non-resident public companies subject to adequate regulatory disclosure requirements and quoted on a foreign exchange licensed by an appropriate regulatory authority that is subject to adequate supervision in a jurisdiction that is implementing effectively the international standards on AML/CFT, no further identification is necessary provided that the Bank obtains customer identification documents as outlined in Annex 1 of this Policy. In determining if there has been effective implementation in the jurisdiction, banks shall take into account the information available on whether these countries adequately apply the international standards on AML/CFT, including by examining the reports and reviews prepared by the Financial Action Task Force (FATF), FATF style regional bodies such as the Asia/Pacific Group on Money Laundering (APG), International Monetary Fund, and World Bank publications. For other customers that are legal persons or legal arrangements, bank shall take reasonable measures to understand the ownership and control structure of the customer, including the ultimate natural person who owns or controls a legal person, including natural persons with a controlling interest as described below: a) Subject to above description, with respect to companies, limited partnerships, or similar arrangements, identification should be made of each natural person that: i. owns directly or indirectly 10 percent or more of the vote or value of an equity interest in; ii. exercises management of the company, limited partnership or similar arrangement; and iii. controls or exercises control of the legal person or arrangement. b) With respect to a trust or similar arrangements, identification should be made of the settler, trustee, and beneficiary of the trust corpus. (1) In determining indirect ownership of equity interests: a) an equity interest held by a company, limited partnership, or similar arrangement and by a trust should be considered as being owned proportionately by its shareholders, partners, or vested beneficiaries; and b) an equity interest held by a family member should be considered as also being owned, in its entirety, by each family member (family members include brothers and sisters, spouse, grandfather/mother). (2) Legible copies should be made and retained of the relevant information. Note: Beneficial owner means the ultimate natural person who owns or controls money or property or customer or (on whose interest the transaction is carried out). It also means the ultimate natural person who controls or exercises such powers to a legal person or arrangement.

15 2. Customer Acceptance Policy (CAP) The Customer Acceptance Policy and its implementation are not to make operations too strict and as a result in denying of banking services to the general public. Nor can the link project any intrusive behavior on the transaction done by the client. Customer Acceptance Policy of the Bank will have the following implicit criteria for acceptance of customer. a) Account will be opened only in Natural person's name or Legal person's name that has been registered in the government/government approved entities. No account is opened in anonymous or fictitious/blank name(s). b) The minimum information and document required to be collected from customer for opening the account, purchase of foreign draft, and transfer of funds by any media accepting the fund by the customer from any media, or any transaction with the client or whatsoever reason has been mentioned in Annex 1. c) Additional information required to be obtained from the client while establishing borrowing relationship has been mentioned in Annex 2. d) Non face-to face customers account will not be opened unless approved by the Branch Manager (The accounts opened by the ROs of bank in foreign countries will be treated as the account opened on Face to Face basis.) e) Categorization of the client will be done in risk based approach. Under risk based approache client will be categorized in these groups: i. Low Risk Account ii. Medium Risk Account and iii. High Risk Account. f) Documentation requirements and other information must be collected in respect of different categories of customers depending on perceived risk and keeping in mind the requirements of NRB/ FIU directives/ circulars/ guidelines. g) The decision for refusing the request to open an account in the absence of minimum documents required shall be done by Branch Manager only. However, If an account has been opened with understanding that the required document will be submitted later, such account(s) are required to be closed if the client refused to submit the required document or was unable to verify the identity and/or due to non reliability of the data/information furnished. If the documents are not received within one month the process for account closure will be initiated. h) Necessary checks before opening a new account so as to ensure that the identity of the customer does not match with any person with non criminal background or with banned entities such as individual terrorists organizations, etc have to be conducted. For this purpose, Negative lists and Sensitive Person(s) will be prepared at the Head Office for circulation to all branches. The branch and the staff will contribute by providing information to make this list a complete list as far as possible. Inclusions into these lists will be, made by Head Compliance & MLPD at regular intervals and circulated as and when necessary. i) Banks won't accept as customers those persons whose identity and beneficial owner(s), as required in this Policy, cannot be verified/ assured or for whom sufficient information to form a customer risk profile cannot be gathered. In such cases, the Bank shall consider if suspicious transaction report (STR) shall be filed as required in the AML Directive on Suspicious Transactions and Risk Management issued by the FIU and related Directives/Circulars issued by NRB.

16 j) New account/ locker of a person (natural as well as legal person) shall not be opened whose account is already blocked by any law enforcing authority such as FIU, NRB, CIAA, DMLI etc. Staffs who are responsible for opening/ approving account relationship must ensure that a new customer is not in the blocked list database maintained and updated by Compliance Department. 2.1 Delayed Verification If verification of any documents is not possible in present, same can be done within certain time. If such verification can't be done in certain time frame such account shouldn't be continued and should be closed after getting approval from competent authority. 2.2 Refusal of Account Opening Request When staff designated to open new accounts finds the ground that the prospect client is not eligible to open an account with the Bank, s/he should refer the same to the Branch Manager. The Branch Manager should peruse and take appropriate decision as per this policy and give reasons for not opening of the account to the client, if the latter so requests. Such decisions should be properly documented. 3. Customer Due Diligence- Using Risk-Based Approach The Bank will create/establish a customer profile including a determination of the customer risk category [High (H), Medium (M) or Low (L)] for each customer. This profile will be supported with sufficient detail to enable the Bank to implement the CDD requirements of this Policy. The customer profile should be based upon sufficient knowledge of the customer (and beneficial owner(s) as applicable), including the customer's proposed business with the bank or financial institution, and where necessary the source of funds and source of wealth of the customer. KYC forms for natural and legal persons have been provided in Annexes 3a and 3b. 3.1 Enhanced CDD (ECDD) for Higher Risk Customers Banks shall apply ECDD for customers that are likely to pose a higher risk of money laundering or terrorist financing including for Politically Exposed Persons (PEPs), Politically Influential Person (PIP) and Non Face to Face customers and other customers as per the definition of high risk profile as mentioned in introduction part of this policy: Following procedure will be applied in ECDD of High Risk Clients. - Account shall be opened after obtaining approval from one step higher authority of any high risk profile customers. BM will be assigned for approval of this authority at branch level. BM must also sign on the AOF of high risk customer whose account is already opened/ already exists. - BM should ensure that proper KYC documents are received at the time of account opening i.e. Copy of Utility bills, Location map of client's residence; self certified copy of citizenship certificate mentioning Copied from the Original or ";Ssn adf]lhd gssn l7s 5" etc. among others. - BM/any staff should visit client's residence for verification of address as mentioned in AOF and prepare a visit report.

17 After the due diligence is completed; branch needs to submit form as per Annex 4 and keep a copy in the customer s AOF, maintain a separate file/ register, and send a scan copy to Compliance Department for record and reference. 3.2 Simplified CDD for Medium Risk & Lower Risk Customers Banks shall apply simplified customer due diligence procedures regarding Medium and Low risk client. Under simplified CDD, bank shall get information of clients as per KYC form and verified such information with original documents and past original verified stamp on such copied documents. Definition of Medium Risk & Low Risk client will be as per NRB directive. 3.3 Reliance on Intermediaries Bank may rely on or outsource the job to eligible third party intermediaries to perform the CDD requirements of this Policy. 3.4 Termination of Customer Relationship If a customer is unable to comply with the ECDD/ CDD (as applicable), including existing customer relationships established prior to the enactment of the Asset (Money) Laundering Prevention Act, 2008 and the requirements of this policy, the Bank may terminate the customer relationship and consider if it should file a suspicious transaction report as required in the AML Directives on Suspicious Transactions and Risk Management issued by the FIU and related NRB directives/circulars. 4. Supervision & Monitoring of Transactions Ongoing monitoring is an essential element of effective CDD procedures. Operations in charge/ BM can effectively control and reduce the risk only if they have an understanding of the normal and reasonable activity of the customer so that they have the means of identifying transactions that fall outside the regular pattern of activity. However, the extent of monitoring will depend on the risk sensitivity of the account. Operations In- Charge/ BM shall pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. The concerned Branch Manager may be prescribed with threshold limits, if required, for any accounts he/she is concerned with and pay particular attention to the transactions which exceed these limits. This must be explicitly reflected in the CDD form. The followings are the Illustrative example of activities that require special attention of BM/Operations In - Charge: Transaction that does not appear to make economic or commercial sense, Transactions that involve large amounts of cash inconsistent with the normal and expected activity of the customer or his/her profession. Very high account turnover inconsistent with the size of the balance maintained. Regular transactions of more than Rs.1.0 million but with multiple deposits of less than Rs. 1 million. Customers who usually prefer transactions in cash rather than in account transfers. Customers who usually prefer to transact during the rush hours or in the last minute.

18 High-risk accounts have to be subjected to intensive monitoring. Operations In-Charge/ BM should set key risk indicators for such accounts, taking note of the background of the customer, such as the sources of funds, the type of transactions involved and other risk factors. Operations In-Charge/ BM should put in place a system of periodical review of risk categorization of accounts and the need for applying enhanced due diligence measures. Operations In-Charge/ BM should ensure that a record of transactions in the accounts is preserved and maintained. It may also be ensured that transactions of suspicious nature and/or any other type of transaction notified are reported to the Head Compliance & MLPD at H.O. Operations In-Charge/ BM should ensure that their branch continue to maintain proper record of all transactions of Rs.1 million and above. The teller who processes the cash transaction of Rs. 1 million and above will seek the help of their supervisor for getting additional information from the customer regarding the sources/utilization of the fund being processed. The internal monitoring system will have an inbuilt procedure for reporting of such transactions and those of suspicious nature to Head Office immediately. The borrowing customers / deposit customers having high cash transaction will have to be identified by the KYC & AML Officer and must be noted in the CDD form so that the tellers and the supervisors are aware of the same. Transactions in the blocked accounts are strictly prohibited and the concerned staffs who have allowed transactions in such accounts shall be fully responsible for such transactions. Compliance & MLPD shall periodically review if any transaction has happened in blocked accounts and report to the management for needful instructions as soon as such transaction comes to its notice. 5. Record- keeping/retention of Documents Customer identification information must be completed on all customer files. This is the responsibility of the designated staff for prevention of Money Laundering. If for any reason the customer identification information requirements are not met in full, then the reasons why the Bank has been able nevertheless to satisfy itself that the requirements of the legislation are met will be documented by the Operations In-Charge/ BM at the Branch Level. Customer identification and transaction documentation will be retained for at least 5 years even after the closing of the account for any reason. Records will be kept of all suspicion reports made by staff and of all reports to the Financial Information Unit and/or authority for controlling deflection of currency. Where a suspicion report does not result in a report to the Financial Information Unit or authority for controlling deflection of currency the reasons for that decision will be documented. Records will be kept of all training given to staff including the date of the training nature of the training, and names of staff attending. Staff will sign for having received training. 6. Reporting responsibility of various reports: 6.1 Suspicious Transaction Reporting: Any staff of the concerned department of branch who identifies suspicious nature of transaction(s), as mentioned in this Policy and /or FIU NRB guidelines/directives/circulars should report immediately to the Head- Compliance & MLPD at head office in the prescribed STR form. Such suspicious transactions shall be immediately brought to the notice of executive management/ceo by Head- Compliance & MLPD. The concerned branch is fully responsible for identification and reporting of suspicious transactions. If any branch fails to identify and report such transactions, such branch and the concerned staff can be penalized for the same. After receiving

19 confirmation from branch, Head Compliance & MLPD will submit report to NRB as well as inform the BoD on quarterly basis. 6.2 Threshold Transaction Reporting: TTR report will be submitted to NRB by Compliance & MLPD. However, sources of fund in cash deposit of Rs. 1 million and above to be inserted by branch properly for accurate reporting. If source of fund of any transaction is missed out, concerned staff of branch will be penalized. 6.3 Other reporting: KYC & AML Officer is required to report information relating to suspicious transactions to the Board of Directors, and/or to Financial Information Unit at Nepal Rastra Bank, as per the Directive issued by Financial Information Unit/NRB from time to time after receiving the same from branches. The Bank will co-operate fully with all law enforcement activities and investigations within the scope of applicable laws and in consultation with the Bank's legal Department. Concerned staffs of the Bank are required to be careful not to tip off, either directly or indirectly any person suspected of illegal activity or subject to a suspicious report to Head Compliance & MLPD. The job of vigilance about the customer is not confined to the person responsible for opening the account or the Branch Manager but it applies to all other related staff such as the Teller or Head Teller as well. Reporting format and procedures will be as provided by FIU or NRB from time to time which are shown in Annexes 5, 6 and Risk Management The Bank shall ensure that an effective CDD program is in place by establishing appropriate procedures and ensuring their effective implementation. It shall cover proper management oversight, systems and controls, segregation of duties, training and other related matters. Operations In-Charge/ BM in consultation with Compliance & MLPD at Head Office may devise procedures for creating risk profiles of their existing and new customers and apply applicable KYC/ AML measures keeping in view the risks involved in a transaction, account or business relationship. Internal Auditor shall specifically check and verify the application of CDD procedures at least once in a year at the branches and comment on the lapses observed in this regard. The compliance status in this regard shall be put up to Audit Committee of the Bank on quarterly basis. 7.1 Awareness and Training to Staff Compliance & MLPD shall conduct an ongoing employee training programs so that all banking staffs are adequately trained in AML/CFT/KYC/CDD procedures. It is important that all concerned staff fully understand the rationale behind this policy and implement it consistently. All staffs who receive training of this policy require signing in the form stating that he/she has read and understood the policy of the Bank. As far as possible, all staffs will be trained of statutory and regulatory obligations, the nature of money laundering / financing to terrorism and the Bank's controls to counter it. All new staffs who join the bank initially must be provided compliance & KYC/AML/ CFT induction training by Compliance & MLPD. Such training shall be provided at least annually and on changes of responsibilities. Staff will be required to sign a memorandum, upon initial receipt and annually thereafter, confirming that they have read and understood the bank's KYC/AML policies and procedures. Staff may be tested on their understanding of AML/KYC policy and procedure as well as all other policies of the Bank by Compliance & MLPD on a periodical basis.

20 8. Policies and Procedures on Wire Transfers SrBL shall ensure that for all wire transfers, the Bank obtain and maintain full originator information and verify that the information is accurate and meaningful. a) Full originator information includes: i. the name of the originator: ii. the originator's account number (or a unique reference number if there is no account number); and iii. the originator's identification card number or address. b) For cross-border wire transfers (including batch transfers and transactions using a credit or debit card to effect a funds transfer), the ordering bank or financial should be required to include full originator information in the message or payment form accompanying the wire transfer, except in the circumstances provided for batch transfers. c) For domestic wire transfers, the ordering institution must include either: i. full originator information in the message or payment form accompanying the wire transfer; or ii. only the originator s account number, where no account number exists, a unique identifier, within the message or payment form. d) For wire transfers including transactions using a credit or debit card as a payment system to effect a money transfer or using any kind of cards, the Bank shall obtain the full information of such card holders if they are its clients. e) The requirements of paragraph (b) of Sub-cause (3) of Clause 8 may be used only if full originator information can be made available to the beneficiary institution and the FIU within three business days of receiving a request. f) If a cross-border wire transfer is contained within a batch transfer and is sent by bank same shall be treated as a domestic wire transfer. g) The Bank shall ensure that non-routine transactions are not batched as this would increase the risk of money laundering or terrorist financing. h) The Bank shall ensure that each intermediary and beneficiary institution in the payment chain maintain all the required originator information with the accompanying wire transfer. Bank shall identify and handle wire transfers that are not accompanied by complete originator information on the basis of perceived risk of money laundering and terrorist financing. Procedures to address these cases should include the bank first requesting the missing originator information from the financial institution that sent the wire transfer. If the missing information is not forthcoming, the bank shall consider whether, in all the circumstances, the absence of complete originator information creates or contributes to suspicion about the wire transfer or a related transaction. If the wire transfer is deemed to be suspicious, then it should be reported to the FIU. In addition, banks may decide not to accept the wire transfer. In appropriate circumstances, beneficiary institutions should consider restricting or terminating business relationships with financial institutions that do not comply with this Policy.