Application of the Risk Based Approach:

RECL in line with the SBP requirements, have adopted a risk-based approach to combating money laundering, terrorist financing and. By adopting a risk-based approach, we are able to ensure that measures to prevent or mitigate money laundering, terrorist financing and proliferation financing are commensurate with the identified risks. This will allow resources to be allocated in the most efficient ways. The principle is that resources should be directed in accordance with priorities so that the greatest risks receive the highest attention. Risk based approach requires to have a strong AML/KYC policy. The excerpts of the policy are provided below.

Introduction

Anti-money laundering and Combating the Financing of Terrorism (AML/CFT) Regulations This law regulates the rights and obligations of legal persons and natural persons in preventing and detecting money laundering and terrorist financing. The law also contains provisions regarding customer screening, identification, and verification of customers, and the reporting of unusual transactions.

Scope

The Pakistan – AML KYC Regulations’ report may be used as a reference to highlight information from “Anti-money Laundering and Combating the Financing of Terrorism (AML/CFT) Regulations” Under the guidelines from the State Bank of Pakistan and the aforementioned act(s), this document highlights the necessary requirements for AML and KYC procedures, in particular, Identity Verification required in Pakistan. These requirements are approximated from relevant information/laws/directives from the aforementioned document.

AML/KYC Policy

Our Anti-Money Laundering and Know Your Customer Policy (hereinafter “AML/KYC Policy”) is designated to prevent and mitigate possible risks of us being involved in any kind of illegal activity.

Both international and local regulations require us to implement effective internal procedures and mechanisms to prevent money laundering, terrorist financing and proliferation financing. Moreover, it also requires us to take actions in case of any form of suspicious activity of our customers.

AML/KYC Policy covers the following matters:

  • Identifying and Verifying the identity Procedures;
  • Name Screening
  • Monitoring Transactions.
  • Training the Employee
  • Risk categorization

Definitions

  • Document Verification: The process of verifying the authenticity of a   government-issued identity document.
  • Identity Verification: The process of verifying the identity of the client’s
  • Proof of Identity: Any government-issued identity document that can be used to identify an individual (natural person).
  • EDD: Enhanced Due Diligence (EDD) is a process that executes a greater level of scrutiny related to the potential business relationships.
  • Third-Party Diligence: Outsourcing of the due diligence process while assigning the task to an external party by the Client who is originally responsible for carrying out due diligence activities.
  • PEP: Politically Exposed Person (PEP) is a person with a higher risk for potential involvement in bribery/corruption.
  • Due Diligence: Refers to the measures taken to mitigate risk before entering into an agreement or carrying out a financial transaction with another party.

Identifying and Verifying the identity Procedures:

At RECL, we not only identify the customer but also verify the identity of the customer. It is mandatory for all customer to provide original identity documents for each transaction. Moreover, the primary documents provided by the customer for identity verification has to be the current ones.

Minimum attributes of the identity document – this is a valid one (should not be expired one), issued by the governmental authorities (such as NADRA, NARA, DGIPMI or any other governmental authority with a mandate to issue the IDs) with the following information: First Name and Last Name; Father Name, date of birth; customer’s photo, identity document serial number, Address, expiry date of the document, signature or thumb impression of the customer. The customer has to provide one of the following types of documents for identity verification (whichever applicable):

  • CNIC (For Pakistani National Who is residing in Pakistan).
  • NICOP (For Pakistani National Who is residing abroad).
  • POC (For a foreign national who has origin routes from Pakistan)
  • ARC (For a foreign national who was issued the ID card by the NARA due to whatever reason)
  • Passport of foreigner having valid visa on it.

Due Diligence Requirements

Name Screening:

At RECL we have strong name screening mechanism that does not allow the sanctioned/proscribed individual to conduct the transaction from our network. Moreover, each and every customer (occasional or frequent) has to go through the name screening process for his each and every transaction.

Due Diligence Requirements

Identity Verification Requirements

As per the requirements of the Pakistan regulations, these are the following ID attributes required for the purpose of identifying a natural person (Individual) from official documents.

  • Full name as per identity document;
  • CNIC/Passport/NICOP/POC/ARC number;
  • Existing residential address;
  • Date of birth;
  • Place of Birth

Compliant CDD Methods

We (Ravi Exchange) may apply one or more of the following measures at the request of the Client to perform Identity Verification on its behalf. Where an End-user is an individual, who does not present himself to the Client for verification in physical presence.

  • Ravi Exchange shall perform verification of the End-user’s identity on the basis of independent sourced documents that are highlighted in 5.3. These documents provide reasonable reliability to the confirmation of the identity in Pakistan. Ravi Exchange shall ensure that documents being utilized are photo-based biometric identification documents that suffice requirements for Identity Verification.
  • For the purpose of verifying the End-user’s identity, Ravi Exchange shall also verify the documents that are submitted. We utilize our specialized Document Verification service to perform checks on the authenticity of the document. This includes checks on security features such as holograms, tapered/crumpled edges, doctored elements, form inconsistencies, document expiration, MRZ, reflected colors and micro printing.

Documents Required for Verification

The following documents are considered in Pakistan as Proof of Identity: Identity Verification
  • Computerized National Identity Card (CNIC) issued by
  • National Identity Card for Overseas Pakistani (NICOP) issued by
  • Pakistan Origin Card (POC) issued by
  • Alien Registration Card (ARC) issued by National Aliens Registration Authority (NARA), Ministry of Interior (local currency account only).
  • Passport; having a valid visa on it or any other proof of legal stay along with passport (foreign national individuals only).
Address Verification
The following documents are considered in Pakistan as proof of address:
  • A current utility bill (such as gas, electricity, telephone or mobile phone bill); (issued no more than three months ago that shows the End-user’s address and name);
  • Bank statement (issued no more than three months ago that shows the End-user’s address and name);
  • A document issued by a government department that shows the End-user’s addressed and name.

Politically Exposed Persons and EDD Measures

As per the Enhanced Due Diligence requirements under Pakistan’s regulations, you are required to determine if your Customer is a Politically Exposed Person, holds a public office, or exhibits a higher risk profile. In order to fulfill your obligations, Ravi Exchange provides you it’s AML Screening service. The service screens an individual’s selected ID attributes of Name and DOB against watch lists of global regulatory authorities, foreign and domestic databases compromised PEPs and sanctioned individuals.

The service highlights the category of the PEP based on the degree of risks they pose and also any immediate family member, or a close associate of the PEP.

 

You may utilize such services as per your requirements. This includes before or after establishing a relationship with your Customer.

Timing of Verification

Identity Verification is not limited to a one-time, one instance process. In fact, it is required in multiple instances as per regulations. The application and choice of when to deploy Identity Verification procedures depend on your requirements and it’s conveyance to

You are to pursue Identity Verification when you onboard a new Customer. If you are dealing with transaction data, you should apply Identity Verification as per the monetary thresholds defined in Pakistan’s regulations. In other instances, Identity Verification becomes more important to employ if you face higher risks from your Customers. A high risk situation would be any instance where an Individual might represent above normal exposure of money laundering related threats to you.

Reliance on External Services

In the absence of explicit regulations, clients on their discretion, may seek the services of a third party for fulfilling AML/KYC obligations. Regardless of reliance on a third party, the client will remain liable for maintaining regulatory compliance as well as fulfilling AML and KYC obligations.

Record Retention

As per the Pakistan’s Act, you are required to retain data for not less than ten (10) years. These are a part of your AML and KYC obligations for due diligence. In the case where this information is processed, collected and managed by a relevant third-party. You are liable to collect all such necessary information (Due Diligence Data) from the third party without undue delay.

Name Screening:

At RECL we have strong name screening mechanism that does not allow the sanctioned/proscribed individual to conduct the transaction from our network. Moreover, each and every customer (occasional or frequent) has to go through the name screening process for his each and every transaction.

Monitoring Transactions:

The customers are known not only by verifying their identity (who they are) but, more importantly, by analyzing their transactional patterns (what they do). Therefore, we rely on data analysis as a risk-assessment and suspicion detection tool.

Training the Employee:

In order to keep the staff aware of the latest AML/CFT/CPF requirements we believe that each and every staff needs the training. In order to equip the staff with latest development a regular training session have been conducted on different area of compliance.

Risk categorization:

At RECL we believe that each customer and area of operations carries different risk and therefore we categorize each and every customer and area of operations in different manner. Due to risk categorization different control are established for conducting the transaction of different customers and for locations.