Customer Due Diligence (CDD) Measures

- Apply CDD when establishing business relationships, dealing with occasional customers, and when
suspicious of money laundering/terrorism financing.
- Identify and verify customers, including natural persons acting on behalf of customers and beneficial
owners.
- Obtain information on purpose and intended nature of business relations.
- Verify identity before establishing business relationships.
- For occasional customers/walk-in customers, obtain CNIC copy or conduct biometric verification for
transactions above 0.5 million rupees or online transactions.
- If CDD measures are not completed, do not open accounts or provide services, and consider filing a
suspicious transaction report (STR) if circumstances are suspicious.

Key Requirements

- Identify and verify customers, including natural persons and beneficial owners.
- Obtain necessary documents and information.
- Verify identity through reliable sources.
- Complete CDD measures before establishing business relationships.
- Consider filing an STR if CDD process may tip-off the customer.

Additional Points

- Banks/DFIs are responsible for verifying identities and maintaining records.

- Customers should not be obligated to bear the cost of verification.
- Reasonable measures should be taken to understand the nature of the customer's business and
ownership structure.
- The identity of beneficial owners and senior managing officials should be verified.
- Information on the purpose and intended nature of business relations should be obtained.

Ongoing Monitoring

- Monitor business relationships with customers to ensure transactions are consistent with their risk
profile and business.
- Obtain information on complex, unusual, or large transactions without apparent economic or lawful
purpose.
- Periodically review and update customer information, especially for higher-risk customers.
- Revise customer profiles keeping in view KYC/CDD spirit and document revisions.

Account Requirements

- Do not open or maintain anonymous, fictitious, or numbered accounts.

- Identify and assess ML/TF risks in new products, services, and business practices.
- Perform CDD on all joint account holders.
- Open government accounts only with special resolution/authority from the concerned administrative
department.
- Ensure existing customers meet CDD requirements, and monitor relationships continuously.
Dormant Accounts

- Allow credit entries in dormant accounts, but debit transactions require account activation and CNIC
verification.

Prohibitions

- Do not allow personal accounts for business purposes, except for proprietorships and small businesses.
- Do not allow personal accounts to be used for charity purposes.

Special Requirements

- Implement policies for Politically Exposed Persons (PEPs) and their associates.
- Conduct enhanced due diligence for NGOs/NPOs/Charities and ensure legitimate use of accounts.
- Review and monitor existing relationships with NGOs/NPOs/Charities.
- Apply enhanced due diligence to customers from jurisdictions identified by FATF.

Asset Side Customers

- Assess controls on asset products and related customers to ensure effective implementation of due
diligence requirements.

Correspondent Banking

- Assess the suitability of the respondent bank, including their KYC policy, management, ownership,
business activities, geographical presence, AML/CFT measures, and regulatory supervision.
- Determine the reputation of the respondent bank and assess their AML/CFT responsibilities.
- Obtain senior management approval before establishing a new correspondent banking relationship.
- Ensure the respondent bank has performed adequate CDD measures on third parties with access to
payable-through accounts.
- Apply enhanced due diligence for banks in jurisdictions with inadequate AML/CFT standards.
- Do not enter into relations with shell banks.

Wire Transfers/Fund Transfers

- Identify and verify the originator and beneficial owner(s) of funds.

- Record adequate details of the wire transfer, including the purpose and relationship between the
originator and beneficiary.
- Include originator and beneficiary information in the message or payment instruction.
- Verify the identity of the beneficiary if not previously done.
- Adopt risk-based policies for handling incomplete originator or beneficiary information.
- Be cautious when dealing with institutions that don't comply with wire transfer standards.
- Intermediary institutions must maintain required originator and beneficiary information, keep records,
and have risk-based policies for handling incomplete information.
Reporting of Transactions (STRs/CTRs)

- Banks/DFIs must report suspicious transactions and currency transactions related to money laundering
or financing of terrorism.
- Implement internal policies, procedures, and controls to meet AML Act obligations.
- Pay attention to complex, large, or unusual transactions with no apparent economic or lawful purpose.
- Use technology to upgrade systems and procedures, and implement automated Transaction
Monitoring Systems (TMS).
- Adequate staff and training are critical for effective monitoring and reporting.
- Report STRs regardless of amount, and CTRs for transactions above PKR 2 million.
- Document the basis for deciding whether to file an STR.
- Intimate the number of STRs reported to FMU on a bi-annual basis.
- Maintain secrecy regarding reported suspicious transactions.

Record Keeping

- Maintain records of transactions, analysis, and identification data for at least 10 years.
- Records must be sufficient to reconstruct individual transactions and provide evidence for prosecution.
- Retain records longer if involved in litigation or required by court or competent authority.
- Supply information and records to relevant authorities upon request.

Internal Controls, Policies, Compliance, Audit, and Training

- Formulate and implement AML/CFT policies, procedures, and controls approved by the Board of
Directors.
- Include CDD measures, record retention, correspondent banking, wire transfers, risk assessment, and
suspicious transaction detection.
- Consider money laundering and financing of terrorism threats from new technologies.
- Apply AML/CFT policies to foreign branches and subsidiaries, adhering to higher standards.
- Develop a compliance program, appoint a compliance officer, and ensure access to customer records.
- Incorporate procedures for rejected account opening cases, challenged risk ratings, and closed
accounts due to ML/TF risks.
- Assign monitoring of compliance and AML/CFT functions to a Management Committee.
- Regularly assess the effectiveness of compliance and AML/CFT functions.
- Maintain an independent audit function and implement employee due diligence and training
programs.

Suspicious Transactions (Red Alerts)

- Examples of suspicious transactions include those that don't make economic sense, are inconsistent
with customer profile, or exhibit unusual patterns.
- These may include large or frequent transactions, unexpected repayments, back-to-back loans, and
structuring of deposits or withdrawals to avoid reporting thresholds.
Suspicious Transactions (Red Alerts)

- Transactions involving large amounts of cash, unusual patterns, or locations of concern.

- Examples include:
- Exchanging small notes for larger ones.
- Large cash transactions in personal or business accounts.
- Multiple credit slips or cash deposits.
- Large wire transfers to locations of concern.
- Transactions with unidentified parties.
 - Accounts with suspicious activity, such as structured deposits or withdrawals.
- Customers providing false information or reluctant to provide information.
- Accounts with offshore companies or multiple signature authorities.
- Transactions related to terrorism organizations or non-profit organizations with no logical economic
purpose.

These examples are not exhaustive, and banks/DFIs should consider other transactions that may
indicate money laundering or financing of terrorism.