Iran Press TV
Wednesday, 25 December 2019 6:32 PM
The governor of the Central Bank of Iran (CBI) has said that China and Russia have urged Tehran to adopt a series of rules by the global money laundering watchdog FATF to allow trade between Iran and allies …
Read More
Russia, China want Iran to adopt FATF rules: Chief banker
FATF requirements: PTI govt to hire bank to scrutinise CDNS deposits
PHOTO: REUTERS
ISLAMABAD: The government has decided to hire a commercial bank to scrutinise Rs4 trillion deposits of four million Pakistanis placed with the Central Directorate of National Savings (CDNS) after the Financial Action Task Force (FATF) pointed…
Read More
Ex-DBKL senior deputy director denies buying cows with ill-gotten gains
Former deputy director of Kuala Lumpur City Hall Sabudin Mohd Salleh posted bail.
IPOH: A former deputy director of Kuala Lumpur City Hall (DBKL) pleaded not guilty in the Sessions Court here today to three counts of money laundering, involving RM276,400.
S…
Read More
PM Imran increases pays, perk of FIA personnel
In this file photo, Wajid Zia calls on PM Imran Khan in Islamabad. PHOTO: PID
ISLAMABAD: Prime Minister Imran Khan on Tuesday directed the interior ministry to send him a summary for approval of a request from the Federal Investigation Agency (FIA) to bring…
Read More
Banks allowed to register all foreign currency loans
PHOTO: FILE
KARACHI: The State Bank of Pakistan (SBP) has empowered commercial banks to deal in foreign currency loans of all sizes which are obtained from abroad by the corporate entities operating in the country.
Previously, loans aggregating to over $1 …
Read More
Simple Way to Understand Financial Action Task Force(FATF) and its Recommendations:When, Why, What, How and Whom
This article summarizes what FATF is and what it stands for. Further, it outlines FATF Recommendations and classifies them into two categories: Recommendations that are applicable to Financial Institutions and Country as a whole.
Why and When?
As international awareness and concern began to raise regarding money laundering, there was a need for serious action. As a result. Group of Seven nations launched the FATF at its annual economic summit in Paris. Then after, this multinational group started working toward a coordinated effort against international money laundering. Today, FATF is an international global standard-setter on money laundering and providing guidance to the governing bodies around the globe to combat money laundering, terrorist financing and other related threats to protect the integrity of the international financial system.
What?
The main goals of FATF is the following:
- To expand its global network of anti-money laundering and anti-terrorist financing by increasing its membership, through the development of regional bodies like APG and cooperation with an international organization.
- To monitor the implementation of its FATF recommendations among its members’ countries. Currently, FATF has adopted FATF Methodology 2013 where it evaluates its member or any country on the basis of two methods:1. Technical Compliance and 2. Effectiveness Assessment provides a comprehensive analysis of to what extent a country is compliant with the FATF Recommendations and how successful it is maintaining a robust AML/CFT system.
if You want to know more about FATF Methodology, please follow the article here.
How and Whom?
Initially, FATF has introduced 40 Recommendations to combat money laundering and after 9/11, they also targeted anti-terrorism financing, hence the introduction of an additional 9 recommendations. We have classified these recommendations in such a way that there are some recommendations that are applicable to the country and those which are applicable to the financial institutions only. One more thing we added here is that we have compiled suggestions that if financial institutions could follow can comply with those recommendations.
Recommendation applicable to any Financial Institutions:
The following table shows the recommendations that are applicable to all Financial Institutions, requirements of that recommendation. We have also listed suggestions that if any financial institution follows, can easily meet the conditions required by FATF recommendations. Also, the main point to remember is that these recommendations are the basis for a robust AML/CFT program in any organization.
| FATF Rec. No | FAFT Recommendations | Particulars | Suggestions to meet these recommendations?? |
| 10. | Customer due diligence | Financial institutions should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names.
Financial institutions should be required to undertake customer due diligence (CDD) measures when: (i) establishing business relations; (ii) carrying out occasional transactions:(i) above the applicable designated threshold or (ii) that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16; (iii) there is a suspicion of money laundering or terrorist financing; or (iv) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. The CDD measures to be taken are as follows: (a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information. (b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements, this should include financial institutions understanding the ownership and control structure of the customer. (c) Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship. (d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. |
Financial Institutions should have explicit AML/CFT Policy and Manual detailing the provisions of CDD including identification of Beneficial owner. |
| 11. | Record-keeping | Financial institutions should be required to maintain, for at least five years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information requests from the competent authorities | FIs can either include this in AML/CFT policy or guideline or can have separate record retention policy. Anyway, a complete and accurate record of the transaction should be kept so that it may serve as evidence if the situation warrants. |
| 12. | Politically exposed persons | Financial institutions should determine whether a customer or beneficial owner is politically exposed persons (PEPs) and need to perform the following:
(a) have appropriate risk-management systems to determine whether the customer or the beneficial owner is a politically exposed person; (b) obtain senior management approval for establishing (or continuing, for existing customers) such as business relationships; (c) take reasonable measures to establish the source of wealth and source of funds; and (d) conduct enhanced ongoing monitoring of the business relationship. |
CDD Mechanism in AML/CFT Policy should be risk-based. That is, the Simplified CDD mechanism will be applicable for low and medium risk customers while Enhanced CDD mechanism will be applicable for high-risk customers like PEP, hidden beneficial owners. ECDD mechanism should include the methodology for the identification of high-risk customers and what sort of documents to be collected to perform a higher level of Customer Due Diligence. For e.g., asking for the supporting document for the source of income, citizenships of family members and so on. |
| 13. | Correspondent banking | Financial institutions should be required, in relation to cross-border correspondent banking and other similar relationships, in addition to performing normal customer due diligence
measures, to: (a) gather sufficient information about a respondent institution to understand fully the nature of the respondent’s business and to determine from publicly available information the reputation of the institution and the quality of supervision, including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action; (b) assess the respondent institution’s AML/CFT controls; (c) obtain approval from senior management before establishing new correspondent relationships; (d) clearly, understand the respective responsibilities of each institution; and (e) with respect to “payable-through accounts”, be satisfied that the respondent bank has conducted CDD on the customers having direct access to accounts of the correspondent bank and that it is able to provide relevant CDD information upon request to the correspondent bank. |
FIs should develop a proper questionnaire for these corresponding banks for getting information about what is their organization structure, who are beneficiaries, what is their AML/CFT status and so on. Through this questionnaire, they need to require correspondent banks to submit other necessary documents like a copy of their registration documents, license, AML/CFT policy and so on.
If any FIs want to avoid doing above, then they can ask the correspondent bank to furnish them with Wolfsberg Questionnaire. This questionnaire is good tool to do comprehensive CDD of any correspondent bank. |
| 15. | New technologies | Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. | There should be a clause in the policy that prior to launching and new product, it should be reviewed by AML/CFT Unit to identify any type of AML/CFT issues. Only after their approval, product should be launched. |
| 16. | Wire transfer | Countries should ensure that financial institutions include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain. Countries should ensure that financial institutions monitor wire transfers for the purpose of detecting those which lack the required originator and/or beneficiary information and take appropriate measures. | There should be a mechanism mentioned in the Manual that every SWIFT message should be screened for the availability of this information by the SWIFT Unit, if not that messages should be rejected. As per(Anti-Money Laundering Prevention Act) ALPA, there is a requirement to obtain beneficiary details for the wire transfer from and above NPR.75,000. |
| 18. | Internal controls and foreign branches and subsidiaries | Financial institutions should be required to ensure that their foreign branches and majority-owned subsidiaries apply AML/CFT measures consistent with the home country requirements implementing the FATF Recommendations through the financial groups’ programs against money laundering and terrorist financing | This recommendation requires the implementation of policies and manuals in all of the branches, subsidiaries of FIs. This is a very difficult thing to do, therefore, FIs should conduct massive training at regular intervals. Further, different Standard Operating Procedures relating to Account Opening, Remittance, Transaction Monitoring based on AML/CFT policy should be developed. |
| 19. | Higher-risk countries | Financial institutions should be required to apply enhanced due diligence measures to business relationships and transactions with natural and legal persons, and financial institutions, from countries for which this is called for by the FATF. The type of enhanced due
diligence measures applied should be effective and proportionate to the risks. |
This recommendation can be implemented effectively if the organization used automation for the purpose of name screening. Different software is available in the market that can be used for name screening. |
| 20. | Reporting of suspicious transactions | Financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of criminal activity, or are related to terrorist financing, it should be required, by law, to report promptly its suspicions to the financial intelligence unit (FIU) | This is a very important task. The best way is for this is to have good AML Software with a lot of Scenarios created to monitor transactions relating to SWIFT, remittance, Cash, Card that will trigger alerts based on the logic of the scenarios. These alerts when reviewed will help to identify suspicious transactions.
Next, is to educate all the staff involved in different areas of FIs to identify the suspicious transactions and report to Compliance. |
| 21. | Tipping-off and confidentiality | Financial institutions, their directors, officers, and employees should be:
(a) protected by law from criminal and civil liability for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, if they report their suspicions in good faith to the FIU, even if they did not know precisely what the underlying criminal activity was, and regardless of whether illegal activity actually occurred; and (b) prohibited by law from disclosing (“tipping-off”) the fact that a suspicious transaction report (STR) or related information is being filed with the FIU. These provisions are not intended to inhibit information sharing under Recommendation 18. |
There should be a clear definition of whistleblowing and breach of confidentiality in the policy. Whistleblowing against suspicious transactions should be encouraged while leaking of confidential information to the customer or third party for the personal benefit should be severely reprimanded. |
| FATF Special Recommendations on Terrorist Financing(Other 9 recommendations) | |||
| 44. | Reporting suspicious transactions related to terrorism | If financial institutions, or other businesses or entities subject to anti-money laundering obligations, suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by terrorist organizations, they should be required to report their suspicions promptly to the competent authorities. | There should be a proper mechanism of how STR should be reported. It is better to use AML solution with clear workflow for reporting suspicious transaction which ensure anonymous reporting to authorized individual so that proper action can be taken. |
(Extracted from FATF Recommendations 2012 Updated)
[stextbox id=’alert’]ARE YOU PLANNING TO TAKE ANY PROFESSIONAL CERTIFICATION EXAM LIKE CAMS, CISA, CISSP, CER OR OTHERS, SOONER OR LATER. TO HELP YOU IN THIS JOURNEY, WE HAVE JUST A MOBILE APP FOR YOU, WITH TON OF FEATURES AND “ABSOLUTELY FREE”.ALSO, CHECKOUT OUR YOUTUBE VIDEO PRESENTATION FOR THIS APP WHICH ALSO INCLUDES GREAT TIPS ON PASSING THESE EXAMS. [/stextbox]
https://youtu.be/gCECAs-hzp8
Recommendations that are applicable to Country As Whole:
The following tables show the recommendations that are applicable to the whole country. These recommendations are the basis for developing an appropriate institutional framework for AML/CFT regime. The country will be evaluated negatively or positively based on the compliance to these recommendations.
| Recommendation
No |
FAFT Recommendations | Particulars |
| 1. | Assessing risks and applying a risk-based approach | Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, |
| 2. | National cooperation and coordination | Countries should ensure that policy-makers, the financial intelligence unit (FIU), law enforcement authorities, supervisors and other relevant competent authorities should be able exchange information to curve ML/CFT |
| 3. | Money laundering offence | Countries should apply the crime of money laundering to all serious offences, with a view to including the widest range of predicate offences. |
| 4. | Confiscation and provisional measures | Countries should adopt measures
to freeze or seize and confiscate the following, (a) property laundered, (b) proceeds in money laundering or predicate offences, (c) property that is used or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations, or (d) property of corresponding value. |
| 5. | Terrorist financing offence | Countries should criminalise terrorist financing |
| 6. | Targeted financial sanctions related to terrorism and terrorist financing | Countries should implement targeted financial sanctions regimes to comply with United Nations Security Council resolutions and freeze without delay the funds or other assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to or for the benefit of, any person or entity either (i) designated by, or under the
authority of, the United Nations Security Council |
| 7. | Targeted financial sanctions related to proliferation | Countries should implement targeted financial sanctions to comply with United Nations Security Council resolutions relating to the prevention, suppression and disruption of proliferation of weapons of mass destruction and its financing. |
| 8. | Non-profit organisations | Countries should review the adequacy of laws and regulations that relate to non-profit organisations which the country has identified as being vulnerable to terrorist financing abuse. |
| 9. | Financial institution secrecy laws | Countries should ensure that financial institution secrecy laws do not inhibit implementation of the FATF Recommendations. |
| 14. | Money or value transfer services | Countries should take measures to ensure that natural or legal persons that provide money or value transfer services (MVTS) are licensed or registered, and subject to effective systems for monitoring. |
| 17. | Reliance on third parties | Countries may permit financial institutions to rely on third parties to perform elements of the CDD measures ensuring following
criteria should be met are as follows: (a) A financial institution relying upon a third party should immediately obtain the necessary information concerning elements (a)-(c) of the CDD measures set out in Recommendation 10. (b) Financial institutions should take adequate steps to satisfy themselves that copies of identification data and other relevant documentation relating to the CDD requirements will be made available from the third party upon request without delay. (c) The financial institution should satisfy itself that the third party is regulated, supervised or monitored for, and has measures in place for compliance with, CDD and record-keeping requirements in line with Recommendations 10 and 11. (d) When determining in which countries the third party that meets the conditions can be based, countries should have regard to information available on the level of country risk. |
| 22. | NFBPs: customer due diligence | The customer due diligence and record-keeping requirements set out in Recommendations 10, 11, 12, 15, and 17, apply to designated non-financial businesses and professions (DNFBPs) in the following situations:
(a) Casinos – when customers engage in financial transactions equal to or above the applicable designated threshold. (b) Real estate agents – when they are involved in transactions for their client concerning the buying and selling of real estate. (c) Dealers in precious metals and dealers in precious stones – when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. (d) Lawyers, notaries, other independent legal professionals and accountants – when they prepare for or carry out transactions for their client concerning the following activities: Trust and company service providers – when they prepare for or carry out transactions for a client concerning the following activities: |
| 23. | DNFBPs: Other measures | The requirements set out in Recommendations 18 to 21 apply to all designated non-financial businesses and professions, subject to the following qualifications:
(a) Lawyers, notaries, other independent legal professionals and accountants should be required to report suspicious transactions when, on behalf of or for a client, they engage in a financial transaction in relation to the activities described in paragraph (d) of Recommendation 22 (b) Dealers in precious metals and dealers in precious stones should be required to report suspicious transactions when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. (c) Trust and company service providers should be required to report suspicious transactions for a client when, on behalf of or for a client, they engage in a transaction in relation to the activities referred to in paragraph (e) of Recommendation 22. |
| 24. | Transparency and beneficial ownership of legal persons | Countries should ensure that there is adequate, accurate and timely
information on the beneficial ownership and control of legal persons. In particular, countries that have legal persons that are able to issue bearer shares or bearer share warrants, or which allow nominee shareholders or nominee directors, should take effective measures to ensure that they are not misused for money laundering or terrorist financing. |
| 25. | Transparency and beneficial ownership of legal arrangements | Countries should ensure that there is adequate, accurate and timely information on express trusts, including information on the settlor,
trustee and beneficiaries, that can be obtained or accessed in a timely fashion by competent authorities. |
| 26. | Regulation and supervision of financial institutions | Competent authorities or financial supervisors should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in, a financial institution. Countries should not approve the establishment, or continued operation, of shell banks |
| 27. | Powers of supervisors | Supervisors should have adequate powers to supervise or monitor, and ensure compliance by, financial institutions with requirements to combat money laundering and terrorist financing, including the authority to conduct inspections. They should be authorized to compel production of any information from financial institutions |
| 28. | Regulation and supervision of DNFBPs | Designated non-financial businesses and professions should be subject to regulatory and supervisory measures as set out below.
(a) Casinos should be subject to a comprehensive regulatory and supervisory regime that ensures that they have effectively mplemented the necessary AML/CFT measures. At a minimum: (b) Countries should ensure that the other categories of DNFBPs are subject to effective systems for monitoring and ensuring compliance with AML/CFT requirements. This should be performed on a risk-sensitive basis. This may be performed by (a) a supervisor or (b) by an appropriate self-regulatory body (SRB), provided that such a body can ensure that its members comply with their obligations to combat money laundering and terrorist financing. |
| 29. | Financial intelligence units | Countries should establish a financial intelligence unit (FIU) that serves as a national centre for the receipt and analysis of: (a) suspicious transaction reports; and (b) other information
relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis. |
| 30. | Responsibilities of law enforcement and investigative authorities | Countries should ensure that designated law enforcement authorities have responsibility for money laundering and terrorist financing investigations within the framework of national
AML/CFT policies. |
| 31. | Powers of law enforcement and investigative authorities | When conducting investigations of money laundering, associated predicate offences and terrorist financing, competent authorities should be able to obtain access to all necessary documents and information for use in those investigations, and in prosecutions and related actions. |
| 32. | Cash couriers | Countries should have measures in place to detect the physical cross-border transportation of currency and bearer negotiable instruments, including through a declaration system and/or
disclosure system. |
| 33. | Statistics | Countries should maintain comprehensive statistics on the STRs received and disseminated; on money laundering and terrorist financing investigations, prosecutions and convictions; on property frozen, seized and confiscated; |
| 34. | Guidance and feedback | The competent authorities, supervisors and SRBs should establish guidelines, and provide feedback, which will assist financial institutions and designated non-financial businesses and
professions in applying national measures to combat money laundering and terrorist financing, and, in particular, in detecting and reporting suspicious transactions. |
| 35. | Sanctions | Countries should ensure that there is a range of effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, available to deal with natural or legal persons covered by Recommendations 6, and 8 to 23, that fail to comply with AML/CFT requirements. |
| 36. | International instruments | Countries should take immediate steps to become party to and implement fully the Vienna Convention, 1988; the Palermo Convention, 2000; the United Nations Convention against
Corruption, 2003; and the Terrorist Financing Convention, 1999 |
| 37. | Mutual legal assistance | Countries should rapidly, constructively and effectively provide the widest possible range of mutual legal assistance in relation to money laundering, associated predicate offences and terrorist financing investigations, prosecutions, and related proceedings.. |
| 38. | Mutual legal assistance: freezing and confiscation | Countries should ensure that they have the authority to take expeditious action in response to requests by foreign countries to identify, freeze, seize and confiscate property laundered;
proceeds from money laundering, predicate offences and terrorist financing; instrumentalities used in, or intended for use in, the commission of these offences; or property of corresponding value. |
| 39. | Extradition | Countries should constructively and effectively execute extradition requests in relation to money laundering and terrorist financing, without undue delay. Countries should also take all
possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organisations. |
| 40. | Other forms of international cooperation | Countries should ensure that their competent authorities can rapidly, constructively and effectively provide the widest range of international cooperation in relation to money laundering, associated predicate offences and terrorist financing. |
| FATF Special Recommendations on Terrorist Financing(Other 9 recommendations) | ||
| 41. | Ratification and implementation of UN instruments | Countries should also immediately implement the United Nations resolutions relating to the prevention and suppression of the financing of terrorist acts, particularly United Nations Security Council Resolution 1373. |
| 42. | Criminalising the financing of terrorism and associated money laundering | Each country should criminalise the financing of terrorism, terrorist acts and terrorist organisations. Countries should ensure that such offences are designated as money laundering predicate offences. |
| 43. | Freezing and confiscating terrorist assets | Each country should also adopt and implement measures, including legislative ones, which would
enable the competent authorities to seize and confiscate property that is the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organizations. |
| 45. | International Co-operation | Countries should also take all possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organisations, and should have procedures in place to extradite, where possible, such individuals |
| 46. | Alternative Remittance | Each country should take measures to ensure that persons or legal entities, including agents, that provide a service for the transmission of money or value, including transmission through an informal money or value transfer system or network, should be licensed or registered and subject to all the FATF Recommendations that apply to banks and non-bank financial institutions. |
| 47. | Wire transfers | Countries should take measures to require financial institutions, including money remitters, to include accurate and meaningful originator information (name, address and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain. Countries should take measures to ensure that financial institutions, including money remitters,
conduct enhanced scrutiny of and monitor for suspicious activity funds transfers which do not contain complete originator information (name, address and account number) |
| 48. | Non-profit organisations | ountries should review the adequacy of laws and regulations that relate to entities that can be abused for the financing of terrorism. Non-profit organisations are particularly vulnerable, and countries
should ensure that they cannot be misused: (i) by terrorist organisations posing as legitimate entities; (ii) to exploit legitimate entities as conduits for terrorist financing, including for the purpose of escaping asset freezing measures; and (iii) to conceal or obscure the clandestine diversion of funds intended for legitimate purposes to terrorist organisations. |
| 49. | Cash Couriers | Countries should have measures in place to detect the physical cross-border transportation of currency and bearer negotiable instruments, including a declaration system or other disclosure obligation. Countries should ensure that their competent authorities have the legal authority to stop or restrain currency or bearer negotiable instruments that are suspected to be related to terrorist financing or money laundering, or that are falsely declared or disclosed. |
(Extracted from FATF Recommendations 2012 Updated)
Thank you for reading and please share the article if you have found it useful.
Go to the following article to know about what is FATF Mutual Evaluation and is it necessary for a country:
What is the Mutual Evaluation 2020 and What Should Nepalese Financial Institutions Should Watch Out For and THE GREAT PARADOX !!!
If you are in Banking Industry or are following current news update, you might head that Nepal is near threshold of mutual evaluation by APG. Previously, we were unscathed by skin, that is we saved ourselves from being in blacklist, but, still we are not out of danger. So, let us explore, what is mutual evaluation, how it is carried out and what Financial Instituitions should do to tip the scale of this assessment to positive side. finally, let us understand , why is this important and why we should welcome it.
Mutual Evaluation of Nepal is carried by Asia-Pacific Group on Money Laundering(APG) as Nepal is one of member of this group. Mutual Evaluation simply means analysis of anti-money laundering and combating terrorism financing regime of Nepal based on the recommendation of FATF(Financial Action Task Force). The evaluation is usually carried through onsite inspection by the special team of experts who makes a detailed analysis country status on the basis relevant AML/CFT rules and regulation, guidelines and other institutional framework to prevent ML and TF.
Since the last Mutual Evaluation of Nepal was done in 2010, it is worth to ponder upon major deficiencies in AML/CFT regime of Nepal highlighted by the report. You can download this report by following this link. The key findings for the reports were:
- Terrorist Financing was not criminalized.
- The mechanism for freezing the assets of terrorist were not legally binding.
- FIU, Nepal lacks sufficient autonomy and administrative resources to carry out its operations.
- STR and TTR and not adequately reported.
- AML/CFT preventive measures are not applicable to postal saving banks, commodities brokers, lawyers, accountants, a person acting as real estate agents and precious metal/gem dealers.
- Poor mechanism for customer identification and verification.
- Nepal has not mutual legal assistance law to share information relating to ML and TF to other countries, neither, it has used the Extradition Act 1988 to handover criminals to relevant countries.
- Various loopholes, limitation of scope, incongruent definitions in the Anti-Money Laundering Act of Nepal.
Source: Mutual Evaluation Report Of Nepal(July 2011)
Introduction to Methodology of Mutual Evaluation.
The mutual evaluation is based upon FATF Methodology 2013 for assessing compliance with FATF recommendations and the effectiveness of AML/CFT Systems. You can download the document from here. The FATF Methodology requires two components.
-
Technical Compliance Assessment:
This examines the overall infrastructure of the AML/CFT regime of the country that is what are laws and regulations of country regarding AML/CFT, how comprehensive are they. Further, how powerful are competent authorities to implement these laws and regulations.
2. Effective Assessment:
Technical assessment is more paper-oriented, while effective assessment evaluates the implementation that is how effective are those laws and regulations, do they produce desired results or not. It identifies the degree to which the country has implemented FATF recommendation by defining 11 sets of outcomes that must be achieved by country to have a robust AML/CFT system.
FATF Recommendations:
As said earlier, Mutual Evaluation is based on FATF Recommendations, so it is imperative that we know about these Recommendations. Therefore, to make easier to understand, I have divided these FATF Recommendations into two groups. Those recommendations are specifically applicable to the country and those recommendations that are applicable to financial institutions(FIs) only. Further, we will be also sharing mechanisms that financial institutions should apply to comply with FATF recommendations.
Recommendation applicable to any Financial Institutions:
The following table shows the recommendations that are applicable to all Financial Institutions, requirement of that recommendation. We have also listed suggestions that if any financial institution follows, can easily meet the conditions required by FATF recommendations. Also, the main point to remember is that these recommendations are the basis for a robust AML/CFT program in any organization.
| FATF Rec. No | FAFT Recommendations | Particulars | How to meet these recommendations?? |
| 10. | Customer due diligence | Financial institutions should be prohibited from keeping anonymous accounts or accounts in obviously fictitious names.
Financial institutions should be required to undertake customer due diligence (CDD) measures when: (i) establishing business relations; (ii) carrying out occasional transactions:(i) above the applicable designated threshold or (ii) that are wire transfers in the circumstances covered by the Interpretive Note to Recommendation 16; (iii) there is a suspicion of money laundering or terrorist financing; or (iv) the financial institution has doubts about the veracity or adequacy of previously obtained customer identification data. The CDD measures to be taken are as follows: (a) Identifying the customer and verifying that customer’s identity using reliable, independent source documents, data or information. (b) Identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements, this should include financial institutions understanding the ownership and control structure of the customer. (c) Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship. (d) Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. |
Financial Institutions should have explicit AML/CFT Policy and Manual detailing the provisions of CDD including identification of Beneficial owner. |
| 11. | Record-keeping | Financial institutions should be required to maintain, for at least five years, all necessary records on transactions, both domestic and international, to enable them to comply swiftly with information requests from the competent authorities | FIs can either include this in AML/CFT policy or guideline or can have separate record retention policy. Anyway, a complete and accurate record of the transaction should be kept so that it may serve as evidence if the situation warrants. |
| 12. | Politically exposed persons | Financial institutions should determine whether a customer or beneficial owner is politically exposed persons (PEPs) and need to perform the following:
(a) have appropriate risk-management systems to determine whether the customer or the beneficial owner is a politically exposed person; (b) obtain senior management approval for establishing (or continuing, for existing customers) such as business relationships; (c) take reasonable measures to establish the source of wealth and source of funds; and (d) conduct enhanced ongoing monitoring of the business relationship. |
CDD Mechanism in AML/CFT Policy should be risk-based. That is, the Simplified CDD mechanism will be applicable for low and medium risk customers while Enhanced CDD mechanism will be applicable for high-risk customers like PEP, hidden beneficial owners. ECDD mechanism should include the methodology for the identification of high-risk customers and what sort of documents to be collected to perform a higher level of Customer Due Diligence. For e.g., asking for the supporting document for the source of income, citizenships of family members and so on. |
| 13. | Correspondent banking | Financial institutions should be required, in relation to cross-border correspondent banking and other similar relationships, in addition to performing normal customer due diligence
measures, to: (a) gather sufficient information about a respondent institution to understand fully the nature of the respondent’s business and to determine from publicly available information the reputation of the institution and the quality of supervision, including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action; (b) assess the respondent institution’s AML/CFT controls; (c) obtain approval from senior management before establishing new correspondent relationships; (d) clearly, understand the respective responsibilities of each institution; and (e) with respect to “payable-through accounts”, be satisfied that the respondent bank has conducted CDD on the customers having direct access to accounts of the correspondent bank and that it is able to provide relevant CDD information upon request to the correspondent bank. |
FIs should develop a proper questionnaire for these corresponding banks for getting information about what is their organization structure, who are beneficiaries, what is their AML/CFT status and so on. Through this questionnaire, they need to require correspondent banks to submit other necessary documents like a copy of their registration documents, license, AML/CFT policy and so on.
If any FIs want to avoid doing above, then they can ask the correspondent bank to furnish them with Wolfsberg Questionnaire. This questionnaire is good tool to do comprehensive CDD of any correspondent bank. |
| 15. | New technologies | Countries and financial institutions should identify and assess the money laundering or terrorist financing risks that may arise in relation to (a) the development of new products and new business practices, including new delivery mechanisms, and (b) the use of new or developing technologies for both new and pre-existing products. In the case of financial institutions, such a risk assessment should take place prior to the launch of the new products, business practices or the use of new or developing technologies. | There should be a clause in the policy that prior to launching and new product, it should be reviewed by AML/CFT Unit to identify any type of AML/CFT issues. Only after their approval, product should be launched. |
| 16. | Wire transfer | Countries should ensure that financial institutions include required and accurate originator information, and required beneficiary information, on wire transfers and related messages, and that the information remains with the wire transfer or related message throughout the payment chain. Countries should ensure that financial institutions monitor wire transfers for the purpose of detecting those which lack the required originator and/or beneficiary information and take appropriate measures. | There should be a mechanism mentioned in the Manual that every SWIFT message should be screened for the availability of this information by the SWIFT Unit, if not that messages should be rejected. As per(Anti-Money Laundering Prevention Act) ALPA, there is a requirement to obtain beneficiary details for the wire transfer from and above NPR.75,000. |
| 18. | Internal controls and foreign branches and subsidiaries | Financial institutions should be required to ensure that their foreign branches and majority-owned subsidiaries apply AML/CFT measures consistent with the home country requirements implementing the FATF Recommendations through the financial groups’ programs against money laundering and terrorist financing | This recommendation requires the implementation of policies and manuals in all of the branches, subsidiaries of FIs. This is a very difficult thing to do, therefore, FIs should conduct massive training at regular intervals. Further, different Standard Operating Procedures relating to Account Opening, Remittance, Transaction Monitoring based on AML/CFT policy should be developed. |
| 19. | Higher-risk countries | Financial institutions should be required to apply enhanced due diligence measures to business relationships and transactions with natural and legal persons, and financial institutions, from countries for which this is called for by the FATF. The type of enhanced due
diligence measures applied should be effective and proportionate to the risks. |
This recommendation can be implemented effectively if the organization used automation for the purpose of name screening. Different software is available in the market that can be used for name screening. |
| 20. | Reporting of suspicious transactions | Financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of criminal activity, or are related to terrorist financing, it should be required, by law, to report promptly its suspicions to the financial intelligence unit (FIU) | This is a very important task. The best way is for this is to have good AML Software with a lot of Scenarios created to monitor transactions relating to SWIFT, remittance, Cash, Card that will trigger alerts based on the logic of the scenarios. These alerts when reviewed will help to identify suspicious transactions.
Next, is to educate all the staff involved in different areas of FIs to identify the suspicious transactions and report to Compliance. |
| 21. | Tipping-off and confidentiality | Financial institutions, their directors, officers, and employees should be:
(a) protected by law from criminal and civil liability for breach of any restriction on disclosure of information imposed by contract or by any legislative, regulatory or administrative provision, if they report their suspicions in good faith to the FIU, even if they did not know precisely what the underlying criminal activity was, and regardless of whether illegal activity actually occurred; and (b) prohibited by law from disclosing (“tipping-off”) the fact that a suspicious transaction report (STR) or related information is being filed with the FIU. These provisions are not intended to inhibit information sharing under Recommendation 18. |
There should be a clear definition of whistleblowing and breach of confidentiality in the policy. Whistleblowing against suspicious transactions should be encouraged while leaking of confidential information to the customer or third party for the personal benefit should be severely reprimanded. |
| FATF Special Recommendations on Terrorist Financing(Other 9 recommendations) | |||
| 44. | Reporting suspicious transactions related to terrorism | If financial institutions, or other businesses or entities subject to anti-money laundering obligations, suspect or have reasonable grounds to suspect that funds are linked or related to, or are to be used for terrorism, terrorist acts or by terrorist organizations, they should be required to report their suspicions promptly to the competent authorities. | There should be a proper mechanism of how STR should be reported. It is better to use AML solution with clear workflow for reporting suspicious transaction which ensure anonymous reporting to authorized individual so that proper action can be taken. |
(Extracted from FATF Recommendations 2012 Updated)
[stextbox id=’alert’]ARE YOU PLANNING TO TAKE ANY PROFESSIONAL CERTIFICATION EXAM LIKE CAMS, CISA, CISSP, CER OR OTHERS, SOONER OR LATER. TO HELP YOU IN THIS JOURNEY, WE HAVE JUST A MOBILE APP FOR YOU, WITH TON OF FEATURES AND “ABSOLUTELY FREE”.ALSO, CHECKOUT OUR YOUTUBE VIDEO PRESENTATION FOR THIS APP WHICH ALSO INCLUDES GREAT TIPS ON PASSING THESE EXAMS. [/stextbox]
https://youtu.be/gCECAs-hzp8
Recommendations that are applicable to Country As Whole:
The following tables show the recommendations that are applicable to the whole country. These recommendations are the basis for developing an appropriate institutional framework for AML/CFT regime. The country will be evaluated negatively or positively based on the compliance to these recommendations.
| Recommendation
No |
FAFT Recommendations | Particulars |
| 1. | Assessing risks and applying a risk-based approach | Countries should identify, assess, and understand the money laundering and terrorist financing risks for the country, |
| 2. | National cooperation and coordination | Countries should ensure that policy-makers, the financial intelligence unit (FIU), law enforcement authorities, supervisors and other relevant competent authorities should be able exchange information to curve ML/CFT |
| 3. | Money laundering offence | Countries should apply the crime of money laundering to all serious offences, with a view to including the widest range of predicate offences. |
| 4. | Confiscation and provisional measures | Countries should adopt measures
to freeze or seize and confiscate the following, (a) property laundered, (b) proceeds in money laundering or predicate offences, (c) property that is used or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organisations, or (d) property of corresponding value. |
| 5. | Terrorist financing offence | Countries should criminalise terrorist financing |
| 6. | Targeted financial sanctions related to terrorism and terrorist financing | Countries should implement targeted financial sanctions regimes to comply with United Nations Security Council resolutions and freeze without delay the funds or other assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to or for the benefit of, any person or entity either (i) designated by, or under the
authority of, the United Nations Security Council |
| 7. | Targeted financial sanctions related to proliferation | Countries should implement targeted financial sanctions to comply with United Nations Security Council resolutions relating to the prevention, suppression and disruption of proliferation of weapons of mass destruction and its financing. |
| 8. | Non-profit organisations | Countries should review the adequacy of laws and regulations that relate to non-profit organisations which the country has identified as being vulnerable to terrorist financing abuse. |
| 9. | Financial institution secrecy laws | Countries should ensure that financial institution secrecy laws do not inhibit implementation of the FATF Recommendations. |
| 14. | Money or value transfer services | Countries should take measures to ensure that natural or legal persons that provide money or value transfer services (MVTS) are licensed or registered, and subject to effective systems for monitoring. |
| 17. | Reliance on third parties | Countries may permit financial institutions to rely on third parties to perform elements of the CDD measures ensuring following
criteria should be met are as follows: (a) A financial institution relying upon a third party should immediately obtain the necessary information concerning elements (a)-(c) of the CDD measures set out in Recommendation 10. (b) Financial institutions should take adequate steps to satisfy themselves that copies of identification data and other relevant documentation relating to the CDD requirements will be made available from the third party upon request without delay. (c) The financial institution should satisfy itself that the third party is regulated, supervised or monitored for, and has measures in place for compliance with, CDD and record-keeping requirements in line with Recommendations 10 and 11. (d) When determining in which countries the third party that meets the conditions can be based, countries should have regard to information available on the level of country risk. |
| 22. | NFBPs: customer due diligence | The customer due diligence and record-keeping requirements set out in Recommendations 10, 11, 12, 15, and 17, apply to designated non-financial businesses and professions (DNFBPs) in the following situations:
(a) Casinos – when customers engage in financial transactions equal to or above the applicable designated threshold. (b) Real estate agents – when they are involved in transactions for their client concerning the buying and selling of real estate. (c) Dealers in precious metals and dealers in precious stones – when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. (d) Lawyers, notaries, other independent legal professionals and accountants – when they prepare for or carry out transactions for their client concerning the following activities: Trust and company service providers – when they prepare for or carry out transactions for a client concerning the following activities: |
| 23. | DNFBPs: Other measures | The requirements set out in Recommendations 18 to 21 apply to all designated non-financial businesses and professions, subject to the following qualifications:
(a) Lawyers, notaries, other independent legal professionals and accountants should be required to report suspicious transactions when, on behalf of or for a client, they engage in a financial transaction in relation to the activities described in paragraph (d) of Recommendation 22 (b) Dealers in precious metals and dealers in precious stones should be required to report suspicious transactions when they engage in any cash transaction with a customer equal to or above the applicable designated threshold. (c) Trust and company service providers should be required to report suspicious transactions for a client when, on behalf of or for a client, they engage in a transaction in relation to the activities referred to in paragraph (e) of Recommendation 22. |
| 24. | Transparency and beneficial ownership of legal persons | Countries should ensure that there is adequate, accurate and timely
information on the beneficial ownership and control of legal persons. In particular, countries that have legal persons that are able to issue bearer shares or bearer share warrants, or which allow nominee shareholders or nominee directors, should take effective measures to ensure that they are not misused for money laundering or terrorist financing. |
| 25. | Transparency and beneficial ownership of legal arrangements | Countries should ensure that there is adequate, accurate and timely information on express trusts, including information on the settlor,
trustee and beneficiaries, that can be obtained or accessed in a timely fashion by competent authorities. |
| 26. | Regulation and supervision of financial institutions | Competent authorities or financial supervisors should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in, a financial institution. Countries should not approve the establishment, or continued operation, of shell banks |
| 27. | Powers of supervisors | Supervisors should have adequate powers to supervise or monitor, and ensure compliance by, financial institutions with requirements to combat money laundering and terrorist financing, including the authority to conduct inspections. They should be authorized to compel production of any information from financial institutions |
| 28. | Regulation and supervision of DNFBPs | Designated non-financial businesses and professions should be subject to regulatory and supervisory measures as set out below.
(a) Casinos should be subject to a comprehensive regulatory and supervisory regime that ensures that they have effectively mplemented the necessary AML/CFT measures. At a minimum: (b) Countries should ensure that the other categories of DNFBPs are subject to effective systems for monitoring and ensuring compliance with AML/CFT requirements. This should be performed on a risk-sensitive basis. This may be performed by (a) a supervisor or (b) by an appropriate self-regulatory body (SRB), provided that such a body can ensure that its members comply with their obligations to combat money laundering and terrorist financing. |
| 29. | Financial intelligence units | Countries should establish a financial intelligence unit (FIU) that serves as a national centre for the receipt and analysis of: (a) suspicious transaction reports; and (b) other information
relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis. |
| 30. | Responsibilities of law enforcement and investigative authorities | Countries should ensure that designated law enforcement authorities have responsibility for money laundering and terrorist financing investigations within the framework of national
AML/CFT policies. |
| 31. | Powers of law enforcement and investigative authorities | When conducting investigations of money laundering, associated predicate offences and terrorist financing, competent authorities should be able to obtain access to all necessary documents and information for use in those investigations, and in prosecutions and related actions. |
| 32. | Cash couriers | Countries should have measures in place to detect the physical cross-border transportation of currency and bearer negotiable instruments, including through a declaration system and/or
disclosure system. |
| 33. | Statistics | Countries should maintain comprehensive statistics on the STRs received and disseminated; on money laundering and terrorist financing investigations, prosecutions and convictions; on property frozen, seized and confiscated; |
| 34. | Guidance and feedback | The competent authorities, supervisors and SRBs should establish guidelines, and provide feedback, which will assist financial institutions and designated non-financial businesses and
professions in applying national measures to combat money laundering and terrorist financing, and, in particular, in detecting and reporting suspicious transactions. |
| 35. | Sanctions | Countries should ensure that there is a range of effective, proportionate and dissuasive sanctions, whether criminal, civil or administrative, available to deal with natural or legal persons covered by Recommendations 6, and 8 to 23, that fail to comply with AML/CFT requirements. |
| 36. | International instruments | Countries should take immediate steps to become party to and implement fully the Vienna Convention, 1988; the Palermo Convention, 2000; the United Nations Convention against
Corruption, 2003; and the Terrorist Financing Convention, 1999 |
| 37. | Mutual legal assistance | Countries should rapidly, constructively and effectively provide the widest possible range of mutual legal assistance in relation to money laundering, associated predicate offences and terrorist financing investigations, prosecutions, and related proceedings.. |
| 38. | Mutual legal assistance: freezing and confiscation | Countries should ensure that they have the authority to take expeditious action in response to requests by foreign countries to identify, freeze, seize and confiscate property laundered;
proceeds from money laundering, predicate offences and terrorist financing; instrumentalities used in, or intended for use in, the commission of these offences; or property of corresponding value. |
| 39. | Extradition | Countries should constructively and effectively execute extradition requests in relation to money laundering and terrorist financing, without undue delay. Countries should also take all
possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organisations. |
| 40. | Other forms of international cooperation | Countries should ensure that their competent authorities can rapidly, constructively and effectively provide the widest range of international cooperation in relation to money laundering, associated predicate offences and terrorist financing. |
| FATF Special Recommendations on Terrorist Financing(Other 9 recommendations) | ||
| 41. | Ratification and implementation of UN instruments | Countries should also immediately implement the United Nations resolutions relating to the prevention and suppression of the financing of terrorist acts, particularly United Nations Security Council Resolution 1373. |
| 42. | Criminalising the financing of terrorism and associated money laundering | Each country should criminalise the financing of terrorism, terrorist acts and terrorist organisations. Countries should ensure that such offences are designated as money laundering predicate offences. |
| 43. | Freezing and confiscating terrorist assets | Each country should also adopt and implement measures, including legislative ones, which would
enable the competent authorities to seize and confiscate property that is the proceeds of, or used in, or intended or allocated for use in, the financing of terrorism, terrorist acts or terrorist organizations. |
| 45. | International Co-operation | Countries should also take all possible measures to ensure that they do not provide safe havens for individuals charged with the financing of terrorism, terrorist acts or terrorist organisations, and should have procedures in place to extradite, where possible, such individuals |
| 46. | Alternative Remittance | Each country should take measures to ensure that persons or legal entities, including agents, that provide a service for the transmission of money or value, including transmission through an informal money or value transfer system or network, should be licensed or registered and subject to all the FATF Recommendations that apply to banks and non-bank financial institutions. |
| 47. | Wire transfers | Countries should take measures to require financial institutions, including money remitters, to include accurate and meaningful originator information (name, address and account number) on funds transfers and related messages that are sent, and the information should remain with the transfer or related message through the payment chain. Countries should take measures to ensure that financial institutions, including money remitters,
conduct enhanced scrutiny of and monitor for suspicious activity funds transfers which do not contain complete originator information (name, address and account number) |
| 48. | Non-profit organisations | ountries should review the adequacy of laws and regulations that relate to entities that can be abused for the financing of terrorism. Non-profit organisations are particularly vulnerable, and countries
should ensure that they cannot be misused: (i) by terrorist organisations posing as legitimate entities; (ii) to exploit legitimate entities as conduits for terrorist financing, including for the purpose of escaping asset freezing measures; and (iii) to conceal or obscure the clandestine diversion of funds intended for legitimate purposes to terrorist organisations. |
| 49. | Cash Couriers | Countries should have measures in place to detect the physical cross-border transportation of currency and bearer negotiable instruments, including a declaration system or other disclosure obligation. Countries should ensure that their competent authorities have the legal authority to stop or restrain currency or bearer negotiable instruments that are suspected to be related to terrorist financing or money laundering, or that are falsely declared or disclosed. |
(Extracted from FATF Recommendations 2012 Updated)
How Country is Rated in Mutual Evaluation:
We have already discussed there are two criteria on the basis of which country is evaluated:
Technical assessment:
Here assessors will evaluate the level of compliance that the country has with each recommendation. There are four possible levels of compliance as seen from the following table.
| Level Compliance | Short Term | Details |
| Compliant | C | There are no shortcomings. |
| Largely compliant | LC | There are only minor shortcomings. |
| Partially compliant | PC | There are moderate shortcomings. |
| Non-compliant | NC | There are major shortcomings. |
| Not applicable | NA | A requirement does not apply, due to the structural, legal or institutional features of a country. |
(Source:FATF Risk Assessment Methodology, 2013)
Effectiveness Compliance:
As said earlier, the highest level of objective of effectiveness compliance is that country and financial institutions are free from threats of ML and TF. In order to achieve this objective, it has defined 11 outcomes that must be achieved to have an effective AML System in the country. These 11 outcomes are the basis of three interrelated intermediate goals of AML/CFT measure. All of this can be illustrated from the following figure:
(Source: FATF Risk Assessment Methodology, 2013)
For each immediate outcome there are four possible ratings effectiveness which is summarized as follows:
| Effectiveness ratings | Details |
| High level of effectiveness |
The Immediate Outcome is achieved to a very large extent. Minor improvements needed. |
| Substantial level of effectiveness |
The Immediate Outcome is achieved to a large extent. Moderate improvements needed. |
| Moderate level of effectiveness |
The Immediate Outcome is achieved to some extent. Major improvements needed. |
| Low level of effectiveness |
The Immediate Outcome is not achieved or achieved to a negligible extent. Fundamental improvements needed. |
(Source: FATF Risk Assessment Methodology, 2013)
On the basis of these evaluations, assessors will determine to make recommendations of measures that country should take to improve its AML/CFT system, including both the level of effectiveness and the level of technical compliance.
How Country is classified as High-Risk Jurisdiction
On the basis of mutual evaluation, FATF considers various critical AML/CFT deficiencies identified both in terms of technical compliance and effectiveness of measures in place, and any relevant progress made by the jurisdiction. If the FATF thinks that progress made by the country is not enough to meet its strategic deficiencies, the FATF develops an action plan with the jurisdiction to address the remaining strategic deficiencies. Further, FATF requires a high-level political commitment so that necessary changes can be made in the country’s legal and regulatory environment for implementation of that action plan.
However, if FATF deems that there is significant weakness in country AML/CFT regimes and Country had not made any progress to implement the action plan laid out by FATF then there is high probability that criminals can circumvent weak AML/CFT controls to successfully launder money or to move assets to finance terrorism through the financial system. Then after, FATF decides to label the country as high-risk jurisdiction. The FATF’s process helps protect the integrity of the international financial system by issuing a public warning about the AML/CFT risk arising from such jurisdictions. These public warnings also put pressure on the identified jurisdictions to rectify their deficiencies in order to maintain their position in the global economy.
The following are the consequences if the country is categorized as high-risk jurisdiction.
- FIs will not be able to conduct international transactions like foreign trade.
- FIs will loss correspondent banking relationships as the foreign bank will have to bear a higher cost of compliance while dealing with high-risk countries.
- The country will suffer from economic sanctions from international institutions like UN, EU, ADB and so on.
- The country will not receive grants, donations from other countries and institutions like IMF, World Bank.
- Complete Boycott from international financial markets.
- Country assets in overseas will be frozen.
Mutual Evaluation Paradox
It is undeniable that it is the duty of every FIs, individuals to protect the country from being classified as a high-risk jurisdiction. Here is a dilemma, regulatory bodies are telling that there is corruption, money laundering activities that FIs should watch and report through a large number of TTR and STR and also they are not in sufficient numbers. And, FIs are doing their best to comply with regulatory bodies just to avoid any recrimination. Our Question is has anybody stop is this logical. No doubt FIs should do their part, but is it not point to wonder, why there is so much predicate offense in our country like corruption, drug trafficking, human trafficking, tax evasion. Why the Government has not done anything about it. Is the government is incapable to bring strict laws regarding this predicate offense and ensure the safety of all of the Nepalese people? Why are there pending cases like Nirmal Rape and Murder Case, why powerful businessmen are never caught for tax evasion and it is always a burden for working-class people, why corrupt officials are using government funds as if it is their inheritance, Should not this worry us as citizens that we live in a country which has such high crime rates and nobody is taking responsibility for it. Also, why the Government and Regulatory bodies waited only for the last moment to bring all the changes. The last evaluation was done in 2010, they had 10 years to make necessary changes. Were they deliberately trying to avoid this or were ignorant or did not list this as the priority?
This is my personal opinion only, rather than trying to save our face in mutual evaluation through the introduction of immediate laws and regulations which implementation is not certain. Last, time, the same thing happened, our government introduces new laws immediately before mutual evaluation without any due consideration of its implementation. I still wonder about our cash threshold of NPR.10 Lakhs, did they made a detailed study on this or it was just conversion of Nepalese Rupees of USD 1000 which is the cash transaction threshold in the USA. Has Government published the National Risk Assessment for the general public which was the basis of Mutual Evaluation Report? It is rightly said those who do not have the answer become the question.
I think we should welcome this mutual evaluation, let these experts show us what we are lacking in creating the AML/CFT regime. They will tell us bitter truth about our situation in the country. Also, on the basis of this report, we can make our leaders of the nation accountable for things that they promised to do in international forums but have not done. Then only, we can pressurize them to make necessary reform.
It is right of each and every Nepalese Citizen to live in the country where their fundamental right guaranteed by the Constitution will be protected at any means necessary so they can leave in peace and prosper, and have a future for their coming generation. If the mutual evaluation can verify this as a true statement or illusion, then I am willing to swallow the hard pill. Are You?
IT IS TIME TO ASK QUESTIONS!!!
This is what I Call Mutual Evaluation Paradox.
Thank you for reading. Please share it if you have found it useful.
Thinking of Becoming Certified Anti-Money Laundering Specialist. Click Here !!!
Setting Up Ethical Hacking Lab Have Never Been So Easy. Even Your Grandparents Can Do This.
LEARN HOW TO SETUP ETHICAL HACKING LAB IN FEW EASY STEPS AT YOUR HOME.
Go To Full Article: https://siorik.com/learn-information-s…
Virtual Box: https://www.virtualbox.org/
Kali linux images: https://www.offensive-security.com/ka…
To check out laptop: https://amzn.to/2Bb66Xp
To check out external wireless card: https://amzn.to/2IM4hUY
Learn Information Security Management, Ethical Hacking Techniques and Choose Appropriate Information Security Career.
NowADays, Information Security has caught lot of peoples’ attention. Many don’t understand it, some interested give it A try, few serious ones make a career out of it.
I have prepared this article for Beginners who are thinking of adopting an Information Security Career for their bread and butter. But those who are veterans can also learn a thing or two about expanding their career. Also, I will show you the method to set up your own ethical hacking lab along with the prerequisites for it.[pullquote]Hackers like Steve Wozniak, Bill Gates, Steves Job were responsible for bringing down the monopoly of big computer giant like IBM and delivered computers in the hand of the general public.[/pullquote]
Before we start, I want to clear one thing, Information/Cyber Security is a respectable discipline like Science, Pharmacy, Accounting and it is upon us those who are keen to join this career or are already involved in this, to uphold this profession as a reputable one. Before the hacker term became derogatory, hackers were revered. So in this article, we will use terms like the perpetrator, attacker to identify people with malicious intent who want to gain access to another information system for their illegal private gain.
One may choose two options from the Information Security Career Path: Managerial and Technical Aspect.
- Managerial Aspect:
This category is for individuals who want to become Information Security Manager, Chief Information Security Officers, Information Security Auditors. They are responsible for the overall management of information security in the organization. Their jobs and responsibilities will include but are not limited to information security risk assessment and planning for its mitigation, setting up department structure, developing policy, guidelines, and procedures, conducting audits, reporting to management and other stakeholders and so on.
2. Technical Aspect:
The individuals in these categories are the ones who want to be ethical hackers, pentester, Vulnerability Analyst. The main responsibility is to find whether there is some kind of weakness, loopholes in existing Information Security Threats that might be leveraged by attackers to exploit the system. So, they fix these issues by patching the system, implementing new hardware or software or reconfiguring them.
It is impossible to say which one is better than another. It depends upon one country to another that is what kind of opportunities are available for these two categories. Nevertheless, both have their own advantages. If you like the managerial type we will secure a good position in an organization with a steady income but if you go for technical, you can work as a contractor or set up your own business and you will have more freedom.
Prerequisites for Information Security Professional
I am going to list the following minimum requirements for both categories that individuals need to fulfill before starting a successful career.
a. Credentials
It does not matter how much you know about a certain subject unless you can back it by appropriate certification. Nobody is going to offer you a job or a contract based on your knowledge only, they want proof of that knowledge. Hence, certification is a must. I am going to list out some certifications for each category that you might opt for.
It may be overwhelming at times when choosing which certification to go for. So, my suggestion is that you do a little bit of homework, you find out which certification is in demand in your region, look at job openings, it will give you some idea.
Now, if you are just starting out, here is my suggestion. If you want to go in the managerial sector, you may want to do CISA. CISA is easy and it is not that technical as other certifications. You can go to my article here to know about what CISA is all about and how to prepare for it.
Now, for the technical aspect, if you are at a beginner level, then go for Certified Ethical Hacking, it is straightforward and it provides you the basic concepts of all things like networking, database, web applications, social engineering, Internet of Things and many more. Further, you will be using ready-made tools for hacking so you don’t actually need the concepts of programming here. Therefore, this course will help you to build the foundation for your ethical hacking career. Another thing is, you can read it on your own and practice tools in your ethical hacking lab(I will tell you later in this article how to set up this lab) by yourself.
b. Knowledge about Basic ethical Hacking Tools:
Whichever, the area you may choose, one should have knowledge of basic ethical hacking tools like Nmap, Wireshark, Nessus and so on. Those who want to be ethical hackers will develop this knowledge about these tools gradually, while for managerial people, it is imperative that you know about these tools because without the of knowledge these tools, how can you recommend controls measures for different types of information security threats. It is advised that you think about CEH certification.
c. Knowledge of different operating systems.
Many of us know how to use windows very well but if you are seriously thinking about cybersecurity, you need to have knowledge of different operating systems like Linux, Mac, Android. Since, as an ethical hacker, you need to find different ways to gain access to your target so you need to expand your knowledge to use different penetration tools for different platforms.
c. Programming Skill:
As the name suggests, this skill should be acquired sooner or later if you want to be a skilled ethical hacker. Because, after you use penetration tools for long period of time, you may start to see its limitations in functionality. Therefore, you may want to devise your own custom tools to carry out operations of your choosing. Although, you can choose any programming language that you are comfortable with. But, it is preferable that you become accustomed to Python. The main benefit is that it is easy to learn and highly flexible as it has a wide variety of tools in its library that can be used for hacking anything.
d. Curiosity and Learning Aptitude.
Opposite of popular saying curiosity killed the Cat, you need to have a curious attitude. You should always break down matter in hand into the smallest part. That is to say, if you want to hack any website, you have to understand, what server type from it is being hosted, what language like Java, PHP is being used to build that website, who is the admin owner. You should have the patience to make a detail study all this thing. And in the next step, you will analyze all these variables and identify vulnerabilities in them in order to exploit them to compromise the website.
Let’s Get Techincal
Setting of Ethical Lab
If you want to say yourself as an information security expert, then you must set up an ethical hacking lab so that you can practice different hacking techniques by yourself and method that I will be teaching you later in this article series.
- Choosing Appropriate Gear
a. Computer
If you want to get started in ethical hacking, you need to have a computer with good hardware, it should be at least Intel Core I7 or equivalent, with 16 GB ram and good graphic cards. This is required because you may need to sometime run 5-6 virtual machines simultaneously and your computer should support that. You might have also heard that you don’t need a graphics card while doing hacking, well actually you need it, because sometimes you have to depend upon GPU rather than CPU to perform penetration testing like password cracking as they are much faster from GPU than CPU. So, this requirement can be fulfilled by using any Budget gaming laptop. Personally, I use a Dell G3 Gaming laptop, but you can choose any laptop that falls within your budget until and unless it meets the above requirement.
b. External Wireless Card
You may be wondering why I should buy an external wireless card if I have already had an in-built wireless card on my laptop. The answer is there are some inherent limitations in those wireless cards. You actually want that wireless card which you can configure to put it on monitor mode so that you can listen to another computer network traffic as well as perform packet injection, also there is a question of range that every wireless card does not support. I am currently using TP-Link 150 Mbps external wireless card.
Now you are all set, you now read to set up your own ethical hacking lab. So, watch the following video on how to set up an ethical hacking lab.
Now if you have followed the instructions properly, I believe you would have now ready-to-start lab.
So, you have set up a new lab. I know you are all excited; you are ready to do some damage. Ok, how about trying some Linux commands just to practice around. Some of you might not understand these commands right off the bat but, don’t worry, we will cover these commands in our next ethical hacking tutorials.
[stextbox id=’alert’] YOU CAN DOWNLOAD THIS LINUX COMMAND FILE BY SUBSCRIBING TO MY YOUTUBE CHANNEL AND THE MAILING LINE. THEN AFTER, YOU WILL RECEIVE A DOWNLOAD LINK IN YOU EMAIL.[/stextbox]
Bull’s Eye Model
All information security personnel should understand about Bull’s Eye Model. This Model simply states that to run any type of application say browser or ms word, it has to depend upon the systems which are made up of different hardware and software and they interact with each other through different networking devices and protocols. Therefore, when you are designing any information security policy, you should be able to address all types of information security threats in networks, systems, and applications by developing adequate control measures for them.
Now, for ethical hackers why is this important, look at the figure carefully, see the outer layer that surrounds the other layers. So, what does this mean? If an attacker can gain access to a network of the organization, then he/she can access all hardware and software components of the organization, finally, he/she can manipulate application for own purpose. Therefore, in this article and youtube series, I will be teaching you different ethical hacking methods to gain access to the network and then we will move eventually towards hacking other applications.
[stextbox id=’info’]YOU CAN WATCH SUMMARY VIDEO OF THIS ARTICLE HERE !!![/stextbox]
For the next article series, I will be writing different posts for information security management and ethical hacking. Let me give you a brief idea about this:
-
Information Security Management:
This will be all about how you can setup Information Security Management in your organization so that you can understand and manage information security threats. It will focus on how to perform risk assessment, identify different kinds of information security threats, proposing different types of mitigants. This will be more helpful to those who want to go for the managerial aspect of information security.
2. Ethical Hacking:
In this post, I will be sharing you with different techniques of ethical hacking that you can use to access network, web application, database, applications and also we will talk about different tools that will be used for social engineering, mobile hacking.
I like to finish this article with one last request, it depends upon you all whether these article series and youtube series will see the day of light or not. If you have found this article useful and think that it has been helpful to you or others in any way, please subscribe to my youtube channel if you have not already done so and please share this article so that others could also benefit from it.
Thank you all for your time.
Venturing Online Startup Companies: Pitfalls, Problems and Solutions
This article is dedicated to all those brave souls who are starting on their own, an online venture in todays’ challenging world of strict regulatory restrictions. This article will share you with ideas on how you can earn money online in this complicated and overwhelming regulatory environment.
I like to start with Money Laundering Concept. Hold On, you may be thinking; What, Why. But hear me out, this is one of the most important matters if you are starting out your online business. For those, who have only heard the term money laundering and terrorist financing. Here is a crash course for you. Money laundering is the process of hiding the source of illegal money to convert into legal money while Terrorist Financing is sending money to terrorists so that they can carry out terrorist activities. Nowadays, in the international sector, there is serious concern about these issues. Therefore, in order to counter them, organizations that deal with monetary transactions have two tools available to them:
- Know Your Customer:
It simply means to collect as much information from the customer possible so that an organization can know about his/her nature of business and predict his/her transaction pattern.
2. Transaction Monitoring
Here, you monitor the customer transaction to verify whether your prediction about customer transaction match with actual customer transaction. If it does not match, the organization will raise suspicious reports and file it to the Financial Intelligence Unit of their respective countries.
Now, this brings us to the major challenges faced by the online business who are just recently being incorporated. Let us say, you have found a perfect niche market, you have also set up your commercial site which has a quite good customer response, you have also created a product that has market feasibility. So far all good, now its time to sell your product to your customers from around the world. You find an online platform from where you can sell your goods like Shopify, sendOwl or any of your choice. The registration is quite easy in these virtual marketplaces, you can instantly put your product for the sale. But, now when it comes to select the payment gateway like PayPal, Stripe, which you need to handle money transactions from your customer. You get stuck.
Major Problems Posed by Payment Gateways:
- Problem in KYC
These payment gateways operate internationally who deals with customers from all around the world. This means that these gateways have to deal with the customer who is non-face to face meaning they never get to see the customer in person. So they have to rely on documents given by the customer for verification. Here is another problem, how can these gateways verify these documents as different countries have different laws and provisions for registering business and providing identification to individuals. Further, most of these documents are in the local language, also type and number of documents differ from one country to another. Since there is not an internationally accepted standard set of documents for KYC of individuals, payment gateways have adopted this solution. They provide facilities to customers and businesses belonging to certain countries who have good anti-money laundering and combating terrorist financing practices. So if you belong to those countries who are not listed by these payment gateways then this article for you.
- ONE IMPORTANT THING TO LOOKOUT:
This happened to me, some payment gateway does not tell you right away about money laundering regulations. They say that you are authorized to do transactions. Now, when your hard-earned money comes to these gateways, they will ask you for further documents. Now, even after you submitted your document, they will keep asking for further validation. It seems like nothing is good for them. Ultimately your money is stuck, you can see the balance but you cannot use it.
- Virtual Bank Account
Have you heard about Payoneer, it provides you virtual bank account usually located in the USA from where you can receive and send money. They also provided you with an international master card. Sounds Good, Right, but here is the catch. You can use these types of financial services so long as you work as a freelancer or consultant, where you get payments from your contractors but if you are using this to receive payment for the selling goods through payment gateways then you have to think twice. To start, they will not give you an international master card to withdraw money, further, you need to have accumulated certain balance in the account in order to make a wire transfer.
Next, what comes is from my personal experience. I have divided these articles for two types of people; 1. Ones who are involved in blogging 2. Ones who want to sell their products through e-commerce sites.
- Blogging:
You guys are in luck because you don’t have to face difficult situations like other guys which I am going to explain letter, but you may be facing same difficulties if you are thinking of selling goods online in the future. Here is how you can earn money online if you don’t already know:
- Google Adsense:
Everybody knows about this, but mind you it is really tough to get approval from Google Adsense as they are really picky when it comes to selecting publishers for posting their add. Also, you need to adhere to their rules always, otherwise, your account might get suspended for a prolonged period. Fear not, I will share you some tips that might be helpful for you.
a) Select your niche market. Write about the things that you are passionate about and you know other peoples want to read about it. Some niche markets are already saturated like online games since Adsense have already so many websites related to online games they may not be interested to add more. So, select your niche market carefully. If you are still confused about where to start your online business, then let me suggest to you the following books. The following books are highly sought books on startup. These books also share you tips, trick and experience of various entrepreneurs that will benefit you when you are starting on your own.
Note: I kindly request you to always buy original books so that you are compensating the author for his/her effort.
b) Avoid using the title of the post like the top ten, great tips, how-to and so on. Adsense will flag your content as “Scraped Content”.
c) Always write unique content, don’t copy-paste from others without giving credit. This is unethical practice.
d)Always, always and always write post by keeping your target audiences in mind. After all, if you cannot connect with your audiences, how can you generate web page traffic for getting approval from the AdSense.
e) There is not exact number, how many post should you have before you get approval from google adsense. Generally, many publishers would say around 30. However, I had only about 5-6 post when I got my approval. So from my experience, I believe that if you have post that belongs to particular niche and it is being ranked by google search engine, that is, if you post comes at first page while searching any terms relating to that particular niche. Then, you will get google adsense approval. So don’t sweat on creating lot of post but focus on writing few post in such a way that, it will be helpful for lot of people, they want to read thereby share it a lot.
- Affiliate Marketing:
I suggest you to opt for this earlier because it pays more than Google Adsense. In affiliate marketing, you are recommending products that you have used and you believe that it will be helpful to others also. Therefore, you should be true and recommend only that the products that you have used yourself. Don’t recommend the product for the sake of high commission. Always remember, in blogging, all that matters is your reputation, so you should avoid doing anything that will tarnish your credibility.
- Paid Marketing:
If you have already found any advertisers who are willing to pay for space on your website or blog, then you are very lucky, you can expect a steady income for longer period of time.
These are earning options that I can think of if you know about other venues, then please mention in the comment section so that others can also be benefitted from it.
2. Setting up E-Commerce Business:
I have to honest here, my knowledge for this is limited to the context of Nepal since I belong from this country. So, what I am going to describe in the following section may not be similar to your context, nevertheless, it will definitely broaden your perspective. OK, the following are the things you need to consider before setting your online business.
A. Target Customers:
Are your customers from your own country or international. if your customers are local then you don’t have to worry about foreign exchange regulations and you can easily sell your products.
B. Foreign Exchange Regulations
If your customers are from all around the world, then you might need to do a little bit of homework. See depending upon country, either there can be tight or relax foreign exchange provisions. In the case of Nepal, the Central Bank of Nepal has tight lease on foreign exchange, only a handful of institutions can deal with foreign exchange and most of them are financial institutions like banks, money changers and so on. However, if you are setting up an online site, you need to take a license that says that you are allowed to deal in foreign currencies. To opt for this license, you need to have a registered business as no individual can deal with foreign currency.
C. What’s Next:
Now you have a registered business, an online site and a forex license, its time to start selling your products. As I explained earlier, you need payment gateways and if you belong to countries similar to Nepal, you can kiss these international payment gateways goodbye. But the good news some banks provide you with electronic payment gateway, like Nabil Bank in Nepal, so that you are able to accept international card payment and sell your goods online to your international customers.
D. Bank Transfer:
If all else fails, that is, god forbids, if you are not able to able to secure foreign exchange license, then only option is asking your customer to pay via wire transfer for the products. Mind you, this is a very expensive option as banks usually have certain thresholds for transferring money as well as charges for wire transfers and your customer may not be encouraged to opt for this option. Therefore, it again depends upon the strength of your product. If people want it anyhow, they will be willing to pay any price to get it. So it depends on your marketing skills and quality of your product.
This is all that I have to share with you my knowledge regarding starting up an online business. This article might be helpful for those, who already have an idea about what kind of business, they want to start. But if you are the new blood, who is thinking of how to get started and want a push-up. I suggest you do a bit of research to find your stepping stone. Hey, We all have started in a similar way. So what’s a better way to start research than watch on documentaries and movies. I suggest you to watch the following documentaries and movie to get you heart pump up.
That’s all, and I hope you have found this article useful. If so then, please spread the word so that others might also be benefitted from this.