kyc.io - Global Regulations and Requirements for KYC Onboarding

KYC to onboard domestic persons

legal documents that created the relationshiplegal opinionnameproof of existencename of senior managementaddress of registered office/principal place of businessrisk profile of relationship

KYC to onboard international persons

legal documents that created the relationshiplegal opinionnameproof of existencename of senior managementaddress of registered office/principal place of businessrisk profile of relationship

National ID card name

Carte de identitate

National ID Photo

back of national id photo back

Does the country have Esignature Laws?

Bangladesh Information and Communication Technology Act 2006

E-sig law files

What year did the relevant AML laws and regulations become effective?

2013

Further details on AML regime

The Money Laundering Prevention Act (“MLPA”) 2002, is the primary AML law in Bangladesh. Since then, several amendments have been made and in 2012 a new Money Laundering Prevention Act was passed. There is also the Anti-Terrorism Act (“ATA”) which came into effect in 2009 and was amended in 2012 and 2013.

Who is the regulator for AML controls for Banking

Bangladesh Financial Intelligence Unit

Link to site

https://www.bb.org.bd/bfiu/index.ph

Other financial Services

Insurance Development & Regulatory Authority of Bangladesh for insurance, Securities and Exchange Commission for asset management companies, Microcredit Regulatory Authority for non-government micro-finance institutions

Website of Regulator

http://www.idra.org.bd/idra-org/index.htm, http://www.sec.gov.bd/,http://www.mra.gov.bd/

Financial Sector regulator

N/A

Practical Guidance for AML

Yes, the Money Laundering & Terrorist Financing Risk, Management Guidelines have been established to outline the legal and regulatory framework for anti-money laundering and combating the financing of terrorism (“AML”/“CFT”) requirements and systems across the financial services sector

Practical guidance PDF's

Retroactive details

Not specifically mentioned but Bangladesh Bank directed all banks to complete KYC by 31 Mar 2010.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Yes

PDF of FATF review

default.aspx

Are there minimum transaction thresholds (Y/N)

No

More details on minimum transaction thresholds.

No. According to the provision of section 25 (1d) of the MLPA 2012, FIs have to immediately report any suspicious, unusual or doubtful transactions, likely related to money laundering, to the Bangladesh Bank (“BB”). The BB has the power to call STRs from FIs related to the financing of terrorism according to section 15(a) of the Anti-terrorism (Amendment) Act, 2012.

What are the requirements for customer identification information for individuals

For customers that are legal persons, legal entities or legal arrangements, the Reporting Organization-Financial Institution (“RO-FI”) should verify identity through the following information: a) verify the legal documents that has created the relationship; b) if necessary take legal opinion; c) name, legal form and proof of existence; d) the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement; e) the address of the registered office and, if different, a principal place of business; and f) consider the risk profile of the relationship.

Details to be Collected on Corporates

For customers that are legal persons, legal entities or legal arrangements, the Reporting Organization-Financial Institution (“RO-FI”) should verify identity through the following information: a) verify the legal documents that has created the relationship; b) if necessary take legal opinion; c) name, legal form and proof of existence; d) the powers that regulate and bind the legal person or arrangement, as well as the names of the relevant persons having a senior management position in the legal person or arrangement; e) the address of the registered office and, if different, a principal place of business; and f) consider the risk profile of the relationship.

What are the high level requirements around beneficial ownership (identification and verification)?

For customers that are Legal persons, the RO-FI shall identify and take reasonable measures to verify the identity of beneficial owners through the following information: a) the identity of the natural person(s) (if any) who ultimately has a controlling ownership or interest in a legal person; b) to the extent that there is doubt under (a) as to whether the person(s) with the controlling ownership or interest is the beneficial owner(s) or (b) where no natural person exerts control through ownership interests, the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means; and c) where no natural person is identified under (a) or (b) above, the identity of the relevant natural person who holds the position of senior managing official. For customers that are Legal arrangements, the RO-FI shall identify and take reasonable measures to verify the identity of beneficial owners through the following information: a) for trusts, the identity of the settlor, the trustee(s) the protector (if any), the beneficiaries or class of beneficiaries, and any other natural person exercising ultimate effective control over the trust including through a chain of control/ownership; and b) for other types of legal arrangements, the identity of persons in equivalent or similar positions

What circumstances are enhanced customer due diligence measures required?

Banks should conduct Enhanced Due Diligence (“EDD”) under the following circumstances: a) individuals or legal entities scored with high risk; b) individuals who are identified as PEPs, influential persons and chief executives or top level officials of any international organization; c) transactions identified with unusual in regards to its pattern, volume and complexity which have no apparent economic or lawful purposes; and d) while establishing and maintaining business relationship and conducting transaction with a person (including legal representative, financial institution or any other institution) of the countries and territories that do not meet international standard in combating money laundering and terrorism financing (such as the countries and territories enlisted as High-Risk and Non-Cooperative Jurisdictions in the Financial Action Task Force’s Public Statement).

How should FI's deal with Politically exposed persons

Enhanced CDD measures include: a) obtaining additional information on the customer (occupation, volume of assets, information available through public databases, internet, etc.) and regularly updating the identification data of the customer and beneficial owner; b) obtaining additional information on the intended nature of the business relationship; c) obtaining information on the source of funds or source of wealth of the customer; d) obtaining information on the reasons for intended or performed transactions; e) obtaining the approval of senior management to commence or continue the business relationship when applicable; f) conducting regular monitoring of the business relationship, by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination; and g) making the concerned bank officials aware about the risk level of the customer. In addition to the above, banks should also perform the following: a) banks have to adopt the Risk Based Approach to determine whether a customer or the real beneficial owner of an account is a PEP; b) obtain senior managements’ approval before establishing such business relationship; c) take reasonable measures to establish the source of funds of a PEP’s account; d) monitor their transactions on a regular basis; and e) all provisions of Foreign Exchange Regulation Act, 1947 and issued rules and regulations by Bangladesh Bank under this act have to be complied with accordingly .

What enhanced due diligence must be performed for correspondent banking relationships?

Enhanced CDD measures include : a) obtaining additional information on the customer (occupation, volume of assets, information available through public databases, internet, etc.) and regularly updating the identification data of the customer and beneficial owner; b) obtaining additional information on the intended nature of the business relationship; c) obtaining information on the source of funds or source of wealth of the customer; d) obtaining information on the reasons for intended or performed transactions; e) obtaining the approval of senior management to commence or continue the business relationship when applicable; f) conducting regular monitoring of the business relationship, by increasing the number and timing of controls applied and selecting patterns of transactions that need further examination; and g) making the concerned bank officials aware about the risk level of the customer.

Are relationships with banks who might be considered a 'shell' and without substance permitted?

Yes

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

Financial institutions should consider the money laundering risks posed by the products and services they offer, particularly where there is no face-to-face contact with the customer, and devise their procedures to that risk with due regard. Where there is no face-to-face contact, and photographic identification would clearly be inappropriate, procedures to identify and authenticate the customer should ensure that there is sufficient evidence, either documentary or electronic, to confirm address and personal identity. At least one additional check should be undertaken to guard against impersonation. In the event that internal procedures require sight of a current passport or ID Card where there is no face-to face contact, then a certified true copy should be obtained.

To whom are SAR's made? (suspicious activity reports)

Bangladesh Bank from the CCU

Link to website of SAR reporting

https://www.bb.org.bd/bfiu/index.php

Other Suspicious or unusual transactions obligations.

Bank officials need to consider the confidentiality of the reporting of STRs/SARs. They should not behave/perform in a manner that might tip-off the customer as he/she (the customer) could become cautious.

Are there any de-minimis thresholds below which transactions do not need to be reported?

No

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Depending on the size, need and complexity of financial institutions, monitoring of unusual transactions may be automated, manual or both. Some financial institutions use specialized software to detect unusual transactions or activities, however, the use of such software can only be complemented with managerial oversight and cannot replace the need for constant monitoring of activity of the accounts of customers.

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

No.

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Not Available.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Not Available.

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

An external auditor may also play an important role in reviewing the adequacy of AML and CFT controls by communicating their findings and recommendations to management via the annual management letter, which accompanies the audit report. An external auditor would be risk-focused while developing their audit programs and conduct intensive reviews of higher risk areas where controls may be deficient. External auditors may report incidences of suspected criminal activity uncovered during audits in its audit report.

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

auditors can communicate their findings and recommendations to management via the annual management letter, which accompanies the audit report

To whom should the report on AML systems be submitted?

management

Is an AML system part of the financial statement audit?

yes

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

a) address the adequacy of AML/CFT risk assessment; b) examine/attest the overall integrity and effectiveness of the management systems and the control environment; c) examine the adequacy of Customer Due Diligence (CDD) policies, procedures and processes, and whether they comply with internal requirements; d) determine personnel adherence to the financial institutions AML/CFT policies, procedures and processes; e) perform appropriate transaction testing with particular emphasis on high risk operations (products, service, customers and geographic locations); f) assess the adequacy of the FIs processes for identifying and reporting suspicious activity; g) communicate the findings to the board and/or senior management in a timely manner; h) recommend corrective action for deficiencies; i) track previously identified deficiencies and ensure that management corrects them; and j) assess training adequacy, including its comprehensiveness, accuracy of materials, training schedule and attendance tracking.

Data Protection Laws And Personal Data

No

Data Protection for Corporate Data

No

Data protection for "sensitive Data" and additional protections.

No

Do any restrictions on the transfer of credit reports exist?

N/A

Regulator Acronym

BFIU

Year of last FATF mutual evaluation

2016

Field 67

documentary/electronic evidenceaddresspersonal identitycurrent passport/ID card

National ID card details

National ID card is compulsory for all citizens at the age of 18.

Compulsory?

National ID source

http://gbfcbd.blogspot.com/2012/03/national-id-card.html

Passport Photo

practical Guidance yes / no

Legal Requirement

Yes

Requirement to proceed

No

requirement to use automated suspicious transaction tools

No

Who are SARS made to?

CCU

shell banks

No

EDD for correspondent banking

Yes

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

No

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

Banks should take the necessary measures to review and update the KYC of the customer after a certain interval. This procedure shall be conducted every two years in the case of low risk customers and every year in the case of high risk customers

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

The RO-FI is required to conduct a series of independent checks and inquiries in addition to the identification documents provided by the customer or beneficial owner. RO-FI is also required to verify the person acting on behalf of the customer to make sure they are authorized and their identity is duly verified.

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

N/A

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

N/A