Implementation Guidance on AML/CFT Policies

Frequently Asked Questions and Answers (FAQs)

Introduction
The FAQs are intended to provide clarification to the provisions under the AML/CFT Policies and
does not replace the provisions under the AML/CFT Policies. Any updates to the FAQs will be
notified to the reporting institutions from time to time.

Should you have additional queries relating to the AML/CFT Policies, please submit your queries via
any of the following means:

a) Mail : Director
Financial Intelligence and Enforcement
Department
Bank Negara Malaysia
Jalan Dato’ Onn
50480 Kuala Lumpur
b) Email : [email protected]

No. Questions Answers

All Sectors

Applicability to Foreign Branches and Subsidiaries

1. Is the requirement to submit Foreign branches and subsidiaries are required to

Suspicious Transaction Report comply with the STR requirements imposed by laws of
(STR) extended to foreign the host country.
branches and subsidiaries in the
host country? Foreign branches and subsidiaries are only required to
submit the STR to the FIED of BNM if permitted by the
host country.

Risk Based Approach (RBA)

2. How frequent must the RIs The RIs are expected to conduct risk assessment on a
conduct risk assessment? periodic basis and increase the frequency when there is
change in the level of risks that they faced. RIs may refer
to guidance documents issued by Financial Action Task
Force (FATF) on the RBA which is available on the FATF
website http://www.fatf-gafi.org/.

3. What is the National Risk NRA is an assessment of the country’s ML/TF risks
Assessment (NRA)? arising from threats related to prevailing crimes

1
No. Questions Answers

(domestic and foreign crimes) and vulnerabilities of

various sectors to ML/TF risks. In addition, the NRA also
analyse the threats of TF to the country and its
vulnerabilities to TF activities. It is an initiative driven by
the National Coordination Committee to Counter Money
Laundering (NCC).

The assessment methodology is based on sources such

as statistics and reports from various agencies, surveys
conducted among law enforcement agencies and RIs
and credible external reports. The findings are validated
by the NCC.

Results of NRA will be communicated to the RIs,

supervisors, regulators and law enforcement agencies to
assist in prioritising the deployment of resources to tackle
high-impact risks in a more effective and targeted
manner.

The NRA will be reviewed periodically to reflect changes

in the environment and future ML/TF threats and
vulnerabilities.

4. Do we need to assess the In profiling the customers, RIs are required to consider
ML/TF risks based on all the only relevant factors under Paragraph 12.4.2. In cases
criteria specified in Paragraph where some of the criteria are irrelevant to the RI’s
12.4.2? business, those criteria need not be taken into
consideration in profiling and assessing the risks of the
customers.

Customer Due Diligence (CDD)

5. What are the processes Pursuant to Section 16 of the AMLA, CDD is a process of
involved in conducting CDD? identifying, verifying and monitoring the customers to
identify and assess potential ML/TF risks associated with
them and/or their transactions. CDD is carried out at the
following stages:

2
No. Questions Answers

1) On-boarding stages (for new customers)

2) Throughout business relationship after the customers
have been on-boarded (for existing customers)
3) At the point of transaction (for occasional transaction,
transactions exceeding certain threshold imposed or
when there is suspicion of ML/TF)

CDD involves three processes:

1) Identification of the customer and Beneficial Owner

(BO) so that the RIs know who they are dealing with.
2) Verification of the customer (and BO) to ensure that
the customer (and BO) is the person who claims to
be the person as per the identification document(s).
3) Continuously monitor the customer based on the
patterns of transactions conducted to identify and
detect potential changes or anomalies that could
indicate the need for further review of the customer’s
ML/TF risks.

6. Who are ”persons conducting ”Persons conducting the transactions” refer to any
the transactions”? person conducting transaction such as person depositing
into another customer’s account or person undertaking
transaction on behalf of another person.

7. In relation to the opening of Foreign central banks are not included as part of the
account, are foreign central exempted legal persons. Therefore, RIs are required to
banks included under the list of obtain the necessary statutory documents relating to the
exempted legal persons? incorporation of the foreign central bank including
identifying and verifying the person authorized to act on
behalf of or conduct transactions on behalf of the foreign
central bank.

8. In
1 the event that the authorized Yes, the RIs may rely on Form 49 if the authorized
person
6 and the Director is the person and Director is the same person.
same
. person, can the RIs rely
on Form 49?

3
No. Questions Answers

Enhanced CDD (ECDD)

9. What
1 does it mean by “obtaining Obtaining additional information during the ECDD means
5
additional information on the that the RIs are required to obtain other information that
.
customer and beneficial owner” can demonstrate or support the type of transactions or
during the ECDD? volume that the customers are carrying out.

The information may be in the form of size and sources

of assets, sources of wealth or other information
obtained through either commercially or publicly
available databases such as websites and news report.

For example:
(1) An international trading company that is actively
involved in export and import of goods is expected to
have a high volume of cross-border payments and
receipts. Information on the volume of trade and
destinations may be inferred from the company’s
financial statement and accounts published (for listed
company) or lodged with the Suruhanjaya Syarikat
Malaysia.
(2) For a domestic PEP, in determining the sources or
wealth or assets, RI may take into consideration
information that may indicate the level of salary
earned by Malaysian public servant of a similar
position and businesses carried out by the domestic
PEP before he/she is appointed for that position or
currently undertaking.

10. For
1 ECDD, can the Branch If within the context of the reporting institution, the Branch
7
Manager approve transactions Manager of a branch is considered as a “Senior
. higher risk customers?
with management”, then the Branch Manager can approve
transaction with higher risk customers.

11. Is the factors listed under ‘higher The factors are not exhaustive. RIs may incorporate
risk’ exhaustive for the purpose other factors relating to the customer risks, country or
of ascertaining the level of geographical risks and product/service or transaction
ML/TF risks? risks.

4
No. Questions Answers

12. Why do RIs need to ensure that The requirement to ensure that customer’s information is
the documents/ data/ updated and relevant is to ensure that the RI know who
information remain updated and they are dealing with, whether they still exist and whether
relevant? their ML/TF risks remain the same or has changed due
to changes in their profile.

This knowledge is also required in the event that there

are investigations carried out on the customer by law
enforcement authorities in Malaysia or overseas, and the
information is needed to facilitate the investigation.

13. What
1 does the requirement of It means that CDD requirements need to be applied to
6
CDD on existing customers those customers that were on-board prior to the coming
.
based on materiality and risk into force of the AMLA which is 15 January 2002, based
means? on their materiality and level of risks posed.

Guidance in assessing the materiality and risks of the

customer is provided under Paragraph 13.7 of the
AML/CFT Policies – Sector 1, Paragraph 13.9 of the
AML/CFT Policies – Sector 2, Paragraph 13.7 of the
AML/CFT Policies – Sector 3, Sector 4 and Sector 5.

Politically Exposed Persons (PEPs)

14. Will
1 BNM be providing the list of BNM will not be providing the list of PEPs. RIs are
7
PEPs? If no, then do we need to required to establish their own list of PEPs based on
.
have a complete list of PEPs? broad parameters provided in the AML/CFT policies
taking into consideration RIs’ own risk appetite. RIs may
work with their associations to develop the parameters
for the PEPs list.

15. Do members of the Royal The definition of domestic PEPs includes individuals who
Families fall under the category are entrusted with prominent public function. Therefore if
of PEPs? a royal family member falls under this category, they are
included under the definition of domestic PEPs.

5
No. Questions Answers

16. How do we assess the ML/TF In assessing the ML/TF risks posed by domestic PEPs,
risk level of a domestic PEP or a RIs need to take into consideration the position/role of
person entrusted with a the person, known businesses activities that they are
prominent function by an currently involved in or carried out prior to being
international organisation? appointed to that position. This should be compared to
the amount, frequency and type of transactions that they
intend to conduct.

For example:
(1) A high risk domestic PEP is a person who has
substantial authority over or access to state
assets and funds, policies and operations,
including control over regulatory approvals and
awarding licences and concessions.
(2) A low risk domestic PEP is a retiree or spouse of
a PEP who carries out transactions expected of a
person in a similar position in terms of volume
and frequencies of transactions.

17. If a RI has an overseas branch, The key principle behind the requirement that a
can the Country Head / Country transaction / business relationship with PEPs is required
Manager of that branch approve to be approved by Senior Management at the Head
transaction / business Office is to ensure that the Senior Management is aware
relationship with a PEP? of the transaction / business relationship that the RI is
having with the PEPs and ML/TF risks associated with
that transaction / business relationship.

If based on the RI’s internal policies, the Country Head /

Country Manager is considered as Senior Management,
the Country Head / Country Manager may approve
transaction / business relationship with PEPs. However,
the RI must put in place monitoring and reporting
mechanism to ensure that the Senior Management at the
Head Office is aware of the ML/TF risks exposures
arising from transaction / business relationship with that
PEP.

6
No. Questions Answers

18. Should
2 legal person / legal If the beneficial owner is a foreign PEP, the LPLA should
arrangements
1 (LPLA) be be classified as high risk throughout the relationship.
classified
. as high risk if the
beneficial owner is a foreign If the beneficial owner is a domestic PEP / person
PEP or domestic PEP / person entrusted with a prominent function by an international
entrusted with a prominent organization, during the on-boarding stage, the LPLA
function by an international should be assessed as high risk. However, throughout
organisation which is assessed the relationship, the LPLA may be re-rated as lower risk
as high risk. taking into consideration factors such as type of
activities, sources of funds, type of transaction, amount
of transaction and beneficiaries of the fund.

In the case where the domestic PEP is a

shareholder/director of an exempt legal person, RI need
not identify/verify the domestic PEP in assessing the risk
of the LP. Therefore, the risk rating for the exempt LP is
dependent on LP’s businesses and activities.

High Risk Jurisdictions

19. What
2 are countries that are Please refer to the FATF website http://www.fatf-
6
listed by FATF as having on- gafi.org/topics/high-riskandnon-cooperativejurisdictions/
.
going or substantial ML/TF risks which publishes the Public Statement three times a year.
or countries with strategic
AML/CFT deficiencies that pose
a risk to the international
financial system?

20. Are customers from countries At the on-boarding stage, all customers / transactions
having on-going / substantial from countries having on-going / substantial ML/TF risks
ML/TF risks should be treated must be classified as high risk and ECDD must be
as high risk throughout the conducted on those customers / transactions.
duration of business relationship
with the RIs? After on-boarding, ML/TF risks of that customer may be
adjusted to a lower risk taking into consideration factors
such as pattern of transactions conducted throughout the
business relationship, volumes and type of transactions

7
No. Questions Answers

conducted. However, the risk level should not be at the

same level with other regular customers who are not
from countries having on-going / substantial ML/TF risks.
For example, the level of risks posed by a customer from
Iran should not be at the same level with the risks posed
by a Malaysian customer with similar type of
transactions/business relationship.

Please refer to Appendix A.

Failure to Complete CDD

21. In the case of existing customer In principle, RIs should terminate the business relation
/ potential customer, can the RI with the existing customer / should not commence the
proceed with the transaction on-boarding of potential customer if the RIs are unable to
without completing the CDD? comply with the CDD requirement. Therefore, if the
customer refuses to provide his ID, this can constitute as
failure to complete CDD and the RI shall not continue
dealing with the customer.

However, in the case where there is a suspicion of

ML/TF activities and the RI believes that by completing
the CDD would tip off the customer, RIs may proceed
with the transaction without completing the CDD and
must immediately lodge an STR.

Record Keeping

22. What are the forms of records Records must be kept in a form that is admissible under
that should be kept? section 3 of the Evidence Act 1950.

Board of Directors / Senior Management

23. What is the rationale of The purpose of employee screening is to ensure that the
conducting the screening of employee does not abuse his position or be vulnerable /
employee’s financial history? used as a conduit to facilitate ML/TF activities. Therefore,
RIs are expected to assess their employees’ vulnerability
to money laundering, fraud and bribery risks, and use the
various sources of information to assist in the screening
process.

8
No. Questions Answers

24. What
2 is the difference between Compliance officer at the Head Office is the appointed
4 appointment of a compliance reference point for AML/CFT matters within the RI and
the
.
officer at management level at with the regulator/supervisor. The CO must be at a senior
the Head Office and designation management level with access to the Board so that
of a compliance officer at matters relating to AML/CFT can be easily escalated and
management level at each brought to the attention of the Board members.
branch or subsidiary or business
unit? A designated compliance officer refers to any person
designated within the branch / subsidiary / business unit
to facilitate the functions performed by the compliance
officer at the Head Office. They generally do not deal
with the regulator/supervisor.

25. For
2 the designation of a Designation of a compliance officer at each branch /
5
compliance officer at subsidiary level can be made formally or informally,
.
management level at each depending on the practice of the RIs as long as they are
branch or subsidiary, does it aware and understand their roles and accountability as a
need to be done formally (i.e. designated compliance officer. Where the RI adopts a
appointment letter etc)? formal practice, then a letter of appointment must be
given to the designated CO. If informal, the RI needs to
incorporate the designated CO’s roles within the person’s
job scope / description.

26. When does screening Screening procedures shall take place at the initial hiring
procedures for employees takes of the employees and during the duration of their
place? employment in order to ensure the most updated profile
and information of the employee.

Independent Audit Functions

27. With
2 regard to Board’s roles and The function may be delegated to other Board level
2
responsibilities for audit function, committees (i.e. audit or risk) so long as the committee is
is the expectation imposed on independent and the AML/CFT findings or issues relating
full Board? Can it be delegated to the adequacy and implementation of the AML/CFT
to other Board level committees policies and procedures are ultimately tabled to the
(i.e. audit or risk)? Board.

9
No. Questions Answers

Suspicious Transaction Report

28. Must the RI file a STR when An investigation order under section 48 must be
there is an investigation order incorporated as a red flag that will trigger the need for the
issued under section 48 of the RI to review the customer and/or transactions. Based on
AMLA? the results of the review, RI may decide whether or not to
lodge an STR. Rationales for the decision taken must be
clearly documented.

29. Can internal STR be discussed It is the discretion of the CO to establish mechanism to
by an internal committee? evaluate internal STR which can include internal
committee or other means. However, the ultimate
decision to submit the STR still remains with the
Compliance Officer. The committee must have proper
controls to mitigate the risk of leakage of information and
must be subject to the terms of confidentiality/secrecy
provision.

Countering Financing of Terrorism

30. When is the RI required to Checks should be conducted during every CDD process.
conduct checks on the names of RI should be aware that the 1267 Consolidated List
customer against the 1267 database is updated regularly by the United Nations
Consolidated List database? Security Council (UNSC).

RIs are advised to subscribe to RSS feed of the UNSC

1267 website http://www.un.org/sc/committees/1267/ or
at minimum, RIs are expected to check the website every
2 weeks for any updates.

31. What
3 are the United Nations Please refer to BNM’s AML/CFT microsite which provides
3
Security Council Resolutions detailed explanation on the UNSCRs.
.
(UNSCR) 1267 (1999), UNSCR
1373 (2001) and orders issued
under sections 66B and 66C of
the AMLA?

10
No. Questions Answers

32. Are
3 RIs required to check listing In relation to a unilateral sanction such as those by the
4 other countries for the US Department of Treasury, RIs may refer to those lists
by
.
purposes of conducting CDD for when conducting CDD. However, decision on whether to
example the OFAC list issued by conduct transaction with person listed under the
the U.S. Department of unilateral list should be based on RI’s own assessment
Treasury? and its risk appetite.

Declaration of Specified Entities and Reporting Requirements (Order) 2014

33. What is the Anti-Money The Order is issued under section 66B and 66D of the
Laundering and Anti-Terrorism AMLA where the Minister of Home Affairs declared the
Financing (Declaration of listed entities as “specified entities” after finding that the
Specified Entities and Reporting entity has knowingly committed, attempted to commit,
Requirements) Order 2014 participated in committing or facilitating the commission
(Order 2014)? of a terrorist act.

For further details, please refer to BNM’s AML/CFT

microsite.

34. Is the RI required to submit Yes, the RIs are required to submit periodic reporting
periodic reporting form even form even there is no match at every six months
there is no match with the interval period.
specified entity?

35. If the RI does not have an The obligation to submit the periodic reporting only
account opening services such applies to RIs who are in possession / control of the
as money services business funds.
licencee, are they still required
to submit the period reporting
form?

36. Where can I get the periodic Please refer to BNM’s AML/CFT microsite
reporting form? http://amlcft.bnm.gov.my/ which provides the periodic
reporting form.

11
No. Questions Answers

Sector 1 & 2

Risk Based Approach (RBA)

37. Who should conduct Independent control testing may be conducted by any
independent control testing for party within the RIs that is not involved in
the purpose of monitoring the operationalisation and implementation of the risk
implementation of risk control controls.
and mitigation?

38. For banks and insurance, can Yes, it can be delegated to a board committee level.
the reporting of ML/TF risks be
submitted to other committees
(i.e. Audit or Risk Committee)
and not the full Board?

39. What type of “exposures” must Reporting of the exposures to customers and BO from
be reported to BNM? Is there a higher risk countries is meant to provide understanding
template to submit a report on on the extent of the RI's exposures to higher risk
exposure to customers and countries at the industry level.
beneficial owners from high risk
countries? The exposures could be based on the type of
transactions conducted, type of currencies exchanged,
originating and destination countries for wire transfers.
BNM has provided a template to the RIs for reporting on
exposures to customers and BO from high risk
jurisdictions (Refer Appendix B).

40. Is AML/CFT Sector 2 still No, general insurance and general takaful have been
applicable to general insurance excluded as reporting institutions under the AMLA. The
and general takaful? only requirements that are still applicable on them are
requirements under Part VIA of the AMLA.
(FOR SECTOR 2 ONLY)

Customer Due Diligence (CDD)

41. What are ‘occasional ‘Occasional transactions’ refer to transactions carried out
transactions’? by the following:

(1) non-account holders (for example walk-in customers

12
No. Questions Answers

conducting remittance via Bureau de Change)

(2) account holders who conducts transactions that is not
normal and customary to the account profile of the
customer

42. Who are covered as authorised In normal circumstances, when a legal person open the
signatories? What are the account and authorize another person to conduct
documents that the bank must transactions on the customer’s behalf, the bank shall
obtain during treasury related obtain documentary evidence pertaining to the
transactions? appointment of such person and the specimen
signatories and recognized digital signature of the person
(FOR SECTOR 1 ONLY) appointed.

For treasury related transactions, the bank shall obtain

name of the authorized dealer, documentary evidence
authorizing the person to act on behalf of the legal
person & authorized telephone number to carry out the
transaction.

Financial Group

43. Who can be appointed as the Any person within the financial group who is able to fulfill
Group Compliance Officer? the requirements of a Group CO under paragraph 26.2
Sector 1 can be appointed.

Sector 3

Risk Based Approach (RBA)

44. Is there a template to conduct There is no specific template provided. However, a

risk assessment? (sector 3 and guidance is attached as Appendix I of the AML/CFT –
5) Sector 3 to assist MSB licencees to conduct risk
assessment, in particular to assess the level of the
ML/TF risks and the application of ML/TF risk controls.
Appendix I is meant to facilitate MSB’s understanding
and should not be treated as the sole reference in
conducting the ML/TF risk assessment as the list of
factors/examples/parameters is not exhaustive.

13
No. Questions Answers

Alternatively, since the type of products and services

offered by MSB licencees are quite generic, MSB
licencees may wish to take up the issue at the
association level to formulate a common set of
parameters/factors to assess the ML/TF risks for the
MSB Sector.

Please refer to Appendix C.

45. As the requirement for RBA is BNM is aware of the existing data limitation in the MSB
new, does this requirement take industry. Taking this into consideration and to facilitate
effect immediately? Can MSB data gathering for the purpose of risk assessment, MSB
licencees request for a delay in licencees are given until 31 December 2014 to collect
implementation? data from its customers / transactions. Please see
Appendix II of the AML/CFT policy – Sector 3 for
guidance on the type of information to be collected.

Beginning 1 January 2015, MSB licencees are required

to conduct risk assessment based on the information
collected during the year 2014.

Customer Due Diligence (CDD)

46. What are the thresholds in  Pursuant to paragraph 13.2.3 of the AML/CFT –
conducting CDD to our Sector 3, the following CDD threshold is applicable to
customers? Can we conduct money changing and wholesale currency transaction:
CDD to all our customers
regardless of the thresholds Threshold CDD Requirements
specified by BNM? Are we RM3,000 to Identify the customer/beneficial
allowed to make a photocopy of RM10,000 owner by sighting and keying-in their
the identification information to identification information.
facilitate subsequent data More than Identify and verify the identity of the
capturing? RM10,000 customer/beneficial owner by
sighting, keying-in and making a
copy of their identification
documents.

14
No. Questions Answers

 Pursuant to paragraph 13.2.4, the following CDD

threshold is applicable to remittance transaction:

Threshold CDD Requirements

Below Identify the customer/beneficial
RM3,000 owner by sighting and keying-in their
identification information.
RM3,000 Identify and verify the identity of the
and above customer/beneficial owner by
sighting, keying-in and making a
copy of their identification
documents.

Over and above what is prescribed under the AML/CFT –

Sector 3, MSB licencees are allowed to adopt a more
stringent approach in conducting CDD for their
customers. This may include conducting CDD on all
customers / transactions irrespective of the threshold
and making a copy of all customers’ identification
documents.

47. What are the expectations of MSB licencees are required to take reasonable
conducting CDD on beneficial measures to identify and verify beneficial owners
owners especially when most of especially when they have knowledge based on previous
the customers are walk-in transactions or publicly available information that the
customers? customer (i.e. person conducting the transaction) is
acting on behalf of the beneficial owner.

(a) Exchange transactions with the representative of

BO (e.g. a domestic PEP) are allowed if MSB
licencees are able to comply with the CDD
requirements on beneficial owners and his/her
representative.
(b) Where there is a partial disclosure of the identity
i.e. name of the beneficial owner by the
representative, MSB licencees are allowed to
perform the exchange transactions with the

15
No. Questions Answers

representative; and must consider lodging a STR

on the representative including information on the
BO to the FIED.
(c) Where there is no disclosure of the identity i.e.
name of the beneficial owner by the
representative, MSB licencees are allowed to
perform the exchange transactions with the
representative; and must lodge a STR on the
representative to the FIED.

If the customer is unable to provide or refuse to provide

the information and/or documents, MSB licencee must
not perform the transaction for the customer.

48. What identification is allowed to To verify the identity of the customers, the following
verify the identity of customers identification documents are allowed:
conducting remittance
transaction? Can we accept (a) For remittance transaction <RM3,000
certified true copy of an - Photocopies of identification documents are
identification document? allowed
(b) For remittance transaction >RM3,000 by foreign
workers and the funds are remitted to their home
country
- Photocopies of identification documents with
words "Original ID sighted by (employer's
name)" are allowed
(c) For other remittance transaction >RM3,000
- Only original identification documents are
allowed

49. Does
1 the requirement to Yes, wholesale money changers are required to conduct
conduct
3 CDD apply to money CDD on their customers i.e. other MSB licencees.
services
. business licencees who
are
. sourcing or clearing foreign
currencies?

16
No. Questions Answers

50. What are the expectations of If the customer of a MSB licencee is conducting a
conducting CDD for remittance transaction on behalf of a group of foreign workers, the
transacted by a third party on MSB licencees may:
behalf of a group of foreign
workers? a. Obtain some form of declaration from the
representative (in lieu of a letter of authority) to
confirm that he/she is conducting remittance
transactions on their behalf.
b. Obtain a list of foreign worker names, their
remittance amounts as well as a photocopy of
their identification documents.

Based on the RI’s risks assessment of the customer, RIs

may consider setting a limit for the amount remitted and
restrict the remittance only for the home country.

Others

Applicability – Applicable to Sector 5

51. Does the definition of reporting No. Lawyer and accountant refer to sole practitioners,
institution include in-house partners or employed professional within professional
lawyers and accountants? firms. It is not meant to refer to “internal” professionals
that are employees of other types of business, or
professionals working for government agencies.

CDD – Applicable to Sector 1 and 3

52. How are BDCs and MSB To identify and verify the identity of legal person, MSB
licencees required to conduct licencees can rely on information obtained from the
CDD on legal person? SSM. For this purpose MSB licencees can use either the
corporate profiles obtained from SSM or other
documents such as Form 49 and 24.

Wire Transfer – Applicable to Sector 1, 3 and 4

53. What is the expectation for the If the customer is an existing customer of the RI, then the
CDD to be conducted on CDD information that has been collected needs to be
existing and walk-in customers updated (for example, purpose of transaction) to reflect
during a wire transfer? the wire transfer transaction. However, there is no need

17
No. Questions Answers

to obtain documents to support the customer’s purpose

of transaction.

However, in the case of a walk-in customer, the RI needs

to conduct the full CDD, and depending on the threshold,
these information needs to be transmitted together with
the wire transfer in accordance with the requirements
under this provision.

54. What is the meaning of “Money MVTS comprises electronic money provider which offer
or Value Transfer Service” funds transfer facility or remittance services. Examples of
(MVTS)? MVTS include PayPal, Western Union and MoneyGram.

Third Party Reliance – Applicable to Sector 1, 2, 4 and 5

55. Can RIs rely on third parties to In principle, RI must conduct CDD on its customers.
conduct CDD on beneficiary’s However, in circumstances where a third party (such as
account? lawyers, fund managers, accountants) was appointed to
act on the customer’s behalf, RIs may rely on the third
party to conduct CDD on their customers.

However, the reliance must be based on a relationship

that is governed by an arrangement that clearly specifies
the rights, responsibilities and expectations of all parties
and satisfies the requirements stated under Paragraph
21 of the AML/CFT policies – Sector 1, Paragraph 16 of
the AML/CFT Policies – Sector 2, Paragraph 18 of the
AML/CFT Policies – Sector 4 and Paragraph 16 of the
AML/CFT Policies –Sector 5.

Notwithstanding the reliance, accountability shall remain

with the RIs.

56. Who
3 is a “third party”? Please see the definition of “third parties” under the
6 respective AML/CFT policies. Generally, third parties are
. parties that RI relies on in conducting CDD and meet the
requirements under the policy. Examples of third parties
are:

18
 No. Questions Answers

i. Banking institutions
ii. Insurers
iii. Lawyers and accountants that carry out
activities related to buying and selling of
properties and business entities, managing
funds / money for the clients, creating and
operating companies. Please see P.U. (A)
340/2004 and P.U. (A) 293/2006 for details.

For banking institutions which are part of a financial

group, they may rely on a third party which is part of the
same financial group provided that the conditions stated
under paragraph 21.8 Sector 1 are met.

Third parties do not include agents, outsourcing parties

or foreign entities providing services to the RI.

Cash Threshold Report (CTR) – Applicable to Sector 1 and 5 (RIs that have been invoked
under Section 14(a) of the AMLA)

57. Can
2 a CTR be submitted by the It is the discretion of the CO to establish mechanism to
9
operations side of the RI and not submit CTR, including leveraging on other functions of
. compliance officer (CO)?
the the RI. It is the duty of the CO to ensure RI’s compliance
with regard to RI’s obligation to submit CTR as ultimate
accountability still rests with the CO.

58. For RI who submits CTR via the RI must submit CTR within 5 working days of the
FINET, can the CTR considered transactions. The CTR must be successfully submitted
to have been submitted once and received by BNM. Mere uploading of the CTR in the
uploaded in the FINET? FINET is not considered as submission to BNM. The CO
must monitor to ensure that the submission process has
been completed.

Bank Negara Malaysia

19
 Appendix A

COUNTER MEASURES
Enhanced CDD • Limit business
applies relationship
(Automatic) • Review and amend, if
Countries having necessary terminate,
on-going or correspondent
substantial ML/TF relationship
risks • Conduct increased
Apply
external audit
countermeasures,
• Report summary
proportionate to
exposures to FIED
the risk
HIGH RISK • Other measures specified
by Bank Negara Malaysia
COUNTRIES

HIGH Enhanced CDD

Countries having
strategic AML/CFT Assess risks
deficiencies
LOW Normal CDD
 Appendix B
BANK NEGARA MALAYSIA Telephone 60(3) 2698 8044 Jalan Dato' Onn
CENTRAL BANK OF MALAYSIA Facsimile 60(3) 2698 7467 50480 Kuala Lumpur
60(3) 2691 6108 Malaysia
Web www.bnm.gov.my

Our Reference:
29 January 2014
To:
All Commercial Banks,
All Islamic Banks,
All Investment Ba n ks, and
All Development Fina n cial Institutio n s

Tuan/Puan,

Summary Report on Exposure to Customers and Beneficial Owners

from High Risk Countries

Reference is made to the above matter.

2. Pursuant to paragraph 23.3 ( d) of Anti-Money Laundering and Counter

Financing of Terrorism (AML/CFT) for Ban king and Deposit-Taking Institutions (Sector
1 ), reporting institutions are required to submit a report with a summary of exposure to
customers and beneficial owners from countries identified by T he Financial Action
T ask Force (FATF) or the Govern ment of Malaysia as having on-going or substantial
money lau ndering and terrorist fin an cing (ML/TF) risks on an annual basis.

3. A public statemen t issued by FATF on 18 October 2013 has identified

several countries as having strategic AML/CFT deficiencies based on the following
category:

a. Jurisdiction s subject to a FATF call on its members and other

jurisdictions to apply counter-measures to protect the international
financial system from the on-going and substantial ML/TF risks
eman ating from the jurisdictions.

b. Jurisdictions with strategic AML/CFT deficiencies that have not made

sufficient progress in addressing the deficiencies or have not
committed to an action plan developed with the FATF to address the
deficiencies.

4. In this regard, reporting institutions are required to submit a summary

report in relation to transactions with customers an d beneficial owners from the
countries concerned. Kindly complete the summary report (attached as Appendix) and
submit via email to [email protected], 03- 26988044 ext. 7367) and
[email protected], 03-26988044 ext. 8095) before 28 February 2014.

Thank you.
C...Y: g� � �
n e a
= ' n

·� '':-1
.

(Abd. Rahman Abu Bakar)

Pengarah
5/03/5

Financial Intelligence and Enforcement Department

 SULIT Appendix 1 of 2

Reporting Institution :
Officer's Name :
Designation :
E-mail :
Telephone :

Guides to complete the survey

- This survey is divided into Part 1 and Part 2
- Please answer all questions below with mandatory fields marked in yellow
- Please provide amount as at 31 December 2013 (except for Question 3 & 4 which require full year data)
- Please input "n/a" for unused text field and "0" for unused number field
- For any inquiries, kindly contact Muhammad Hazrool bin Haidzir (ext 7367) or Asraf Mohd Hafizi (ext 8095)

PART 1
Customers and beneficial owners from jurisdictions subject to a FATF call on its members and other jurisdictions to
apply counter-measures to protect the international financial system from the on-going and substantial money
laundering and terrorist financing (ML/TF) risks emanating from the jurisdictions.

QUESTION 1: Iran North Korea

No. of customer and account balance by: Account balance Account balance
No. of No. of
- product/services used, & @ 31 Dec 2013 @ 31 Dec 2013
customers customers
- customer profile (RM) (RM)
1. Savings Account
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
2. Current Account
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
3. Fixed Deposit Account
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
4. Foreign Currency Account
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman

1 of 3
 Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
5. Housing Loan
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
6. Personal Loan
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
7. Hire Purchase
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
8. Credit Card
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
9. CDS Account
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
10. Investment Account
Individual Expatriate
Foreign Labour

2 of 3
 Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
11. Debit Card
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
12. Safe Deposit Box
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs
13. Others
Individual Expatriate
Foreign Labour
Government Representative
PEP
Student
Businessman / Businesswoman
Housewife
Retiree
Others (please specify)
Legal Person Resident Company/Business
Foreign Company/Business
NGOs

QUESTION 2:
Funds transferred to/received from in 2013 Iran North Korea

Total funds transferred to (in RM)

Total funds received from (in RM)

QUESTION 3:
Transactions with correspondent bank (operating in these Iran North Korea
countries) in 2013 (in RM)
Bank 1:
Bank 2:
Bank 3:
Bank 4:
Bank 5:
Bank 6:
Bank 7:
Bank 8:
Bank 9:
Bank 10:

3 of 3
 SULIT Appendix 2 of 2

PART 2
Customes and beneficial owners from jurisdictions with strategic AML/CFT deficiencies that have not made sufficient progress in addressing the deficiencies or have
not committed to an action plan developed with the FATF to address the deficiencies.

Algeria Ecuador Ethiopia Indonesia Kenya Myanmar

No. of customer and account balance by:
Account balance Account balance Account balance @ Account balance @ Account balance @ Account balance
- product/services used No. of No. of No. of No. of No. of No. of
@ 31 Dec 2013 @ 31 Dec 2013 31 Dec 2013 31 Dec 2013 31 Dec 2013 @ 31 Dec 2013
customers customers customers customers customers customers
(RM) (RM) (RM) (RM) (RM) (RM)
1. Savings Account
2. Current Account
3. Fixed Deposit Account
4. Foreign Currency Account
5. Housing Loan
6. Personal Loan
7. Hire Purchase
8. Credit Card
9. CDS Account
10. Investment Account
11. Debit Card
12. Safe Deposit Box
13. Others

No. of customer and account balance by: Pakistan Syria Tanzania Turkey Yemen
- product/services used
Account balance Account balance Account balance @ Account balance @ Account balance @
No. of No. of No. of No. of No. of
@ 31 Dec 2013 @ 31 Dec 2013 31 Dec 2013 31 Dec 2013 31 Dec 2013
customers customers customers customers customers
(RM) (RM) (RM) (RM) (RM)
Remark: Details of breakdown are drawn from FINS
drop down menu
1. Savings Account
2. Current Account
3. Fixed Deposit Account
4. Foreign Currency Account
5. Housing Loan
6. Personal Loan
7. Hire Purchase
8. Credit Card
9. CDS Account
10. Investment Account
11. Debit Card
12. Safe Deposit Box
13. Others

1 of 1
 Appendix C
Examples of Risk Assessment Factors

1. Type of Customer
Individual Legal person / legal arrangement
Resident Non-Resident
Non-Higher Risk Countries Higher Risk Countries
Non-PEP Higher Risk Domestic PEP / Foreign PEP

Low Risk High Risk

2. Type of transaction relative to customer

Normal frequency / value High frequency & high value or value kept to
<RM3K

Low Risk High Risk

3. Mode of delivery
Over the counter / face-to-face Internet based / phone based

Low Risk High Risk

4. Destination country (for remittance)

Non-Higher Risk Countries Higher Risk Countries
Own country Other country that appear unrelated

Low Risk High Risk

5. Sender / Country of origin

Same sender / same country Different senders / different countries

Low Risk High Risk

6. Conduct of transaction
Normal amount / transaction Large amount broken into small transactions
High number of inward transactions,
followed by immediate withdrawal

Low Risk High Risk