Adopted: 08 April 2015
Date Filed: 17 April 2015The BSP reiterates its adoption of the policy of the State set forth in Republic Act No. 9160 or the Anti-Money Laundering Act (AMLA) of 2001, as amended, to protect the integrity and confidentiality of bank accounts and to ensure that the Philippines in general and the covered persons, in particular, shall not be used, respectively, as a money-laundering site and conduit for the proceeds of an unlawful activity.
In line with said policy, the BSP directed all its supervised covered persons to adopt and effectively implement a sound AML/CFT risk management system that identifies, assesses, monitors and controls risks associated with money laundering (ML) and terrorist financing (TF). Part of that risk management system is the adoption of a risk-based Money Laundering and Terrorist Financing Prevention Program (MLPP) designed in accordance with the institution’s corporate structure and risk profile.
In 2013, R.A. No. 10365 amended RA No. 9160, which inserted a provision that states
“the provision of this law shall not be construed or implemented in a manner that will discriminate against certain customer types, such as politically- exposed persons, as well as their relatives, or against a certain religion, race or ethnic origin, or such other attributes or profiles when used as the only basis to deny these persons access to the services provided by the covered persons.” Further, covered persons who commit said discriminatory act shall be subject to appropriate sanctions by their respective regulators.
Accordingly, pursuant to Subsection X805.2 of the Manual of Regulations for Banks (MORB), in relation to R.A. No. 9160, as amended and its revised implementing rules and regulations (RIRR), BSP-supervised covered persons are directed to review their existing MLPP and establish a policy on non- discrimination of customers. In doing so, please be guided by the following:
- Customer identification (Section X806 of the MORB) – A covered person shall maintain a system of verifying the true identity of their customers, and in case of corporate and juridical entities, require a system of verifying their legal existence and organizational structure as well as the authority and identification of all persons acting on their behalf. Along this line, it shall formulate a risk-based and tiered customer acceptance policy, customer retention policy and customer identification process that involves reduced customer due diligence (CDD) for potentially low risk clients and enhanced CDD for higher risk customers.
Covered persons shall establish appropriate systems and methods based on internationally compliant standards and adequate internal controls for verifying and recording the true and full identity of their customers. (Section 9.a.1 of the RlRR of RA. No. 9160, as amended)
The customer acceptance policy should ensure that the financially or socially disadvantaged are not denied access to financial services while at the same time prevent suspicious individuals or entities from opening an account.
In cases of customers who are politically exposed persons (PEPs), covered persons shall endeavor to establish and record the true and full identity of PEPs, as well as their immediate family members and the entities related to them and establish a policy on what standard of due diligence will apply to them taking into consideration their position and the risks attendant thereto.
- Subsequent to customer acceptance and still part of customer due diligence, is the risk and materiality based on-going monitoring of customer’s accounts and transactions (Subsec. X806.3 of the MORB). For this, covered persons are expected to have a system (manual or electronic) that will enable it to understand the normal and reasonable account activity of customers and to detect unusual or suspicious patterns of account activity.
In reviewing its existing policies as to what standard of due diligence will apply to its customers, including PEPs, the covered person shall take into account its own risk appetite, risk profiling methodology and the risk management system in place. The risk appetite is the covered person’s self- assessment of how much residual risk it can take considering various factors, such as the number and effectiveness of personnel involved in preventing ML/TF, as well as the robustness and efficiency of its AML electronic or manual monitoring system. On the other hand, the risk profiling methodology is based on standards and criteria set forth by the covered person in classifying their customers as high, normal or low risk for money laundering at the time of customer acceptance or thereafter, whenever circumstances warrant. The risk profile assessed for each customer will determine the standard of due diligence to be applied. Hence, customers classified as high risk are required to be subjected to enhanced due diligence procedures and monitoring, in accordance with the covered person's alerts management system.
In carrying out their policies and procedures for customer acceptance and on-going monitoring of customer's activities and transactions, covered persons are expected to adopt mechanisms or measures aimed at ensuring that said policies and procedures shall not be construed and implemented in a manner
that will discriminate against certain customer types, such as PEPs, as well as their relatives, or against a certain religion, race or ethnic origin, or such other attributes or profiles. These measures should be adequately and timely cascaded to all concerned officers and staff.
For guidance and compliance.
(SGD) NESTOR A. ESPENILLA, JR.
Deputy Governor
