KYC.IO

Global Regulations and Requirements for KYC Onboarding
(powered by KYC-Chain)

KYC to onboard domestic persons

nameaddress

KYC to onboard international persons

nameaddresspermanent addressdate of birthplace of birthnationalitytax identification numbersocial security numbersignaturesource of fund

corporate requirements

articles of incorporationby-lawsofficial addresslist of directors or partners list of principal stockholderscontact numbersbeneficial owner

National ID card name

No national identity card.

Does the country have Esignature Laws?

Electronic Commerce Act of 2000

E-sig law files

What year did the relevant AML laws and regulations become effective?

2001

Further details on AML regime

Philippine Republic Act (“R.A.”) No. 9160 otherwise known as The Anti Money Laundering Act of 2001 (“AMLA”) was signed into law on 29 Sept 2001 and took effect on 17 Oct 2001. The Implementing Rules and Regulations took effect on 2 April 2002. On 7 March 2003, R.A. No. 9194 (An Act Amending R.A. No. 9160) was signed into law and took effect on 23 March 2003. The revised Implementing Rules and Regulations took effect on 7 Sept 2003. R.A. 10365, which amends certain provisions of R.A. 9160, was signed into law on 15 Feb 2013 and took effect on 19 April 2013

Who is the regulator for AML controls for Banking

The Anti Money Laundering Council (“AMLC”) of the Philippines

Link to site

http://www.amlc.gov.ph/

Other financial Services

N/A

Website of Regulator

N/A

Financial Sector regulator

N/A

Practical Guidance for AML

Anti Money Laundering Act (“AMLA”) at a Glance” summary: http://www.amlc.gov.ph/amla.html The Bangko Sentral ng Pilipinas (“BSP” (local central bank)) issues “Key Prudential Regulations” on Money Laundering for bank and non-bank financial institutions regulated by the BSP

Practical guidance PDF's

key_aml.asp

Is there a requirement to verify the identity of customers retroactively?

Retroactive details

No. It should be noted that under R.A. 9160, only Covered Institutions are mandated by the AMLA to submit covered and suspicious transaction reports to the AMLC. These are: a) banks and all other entities, including their subsidiaries and affiliates, supervised and regulated by the BSP (or Philippine Central Bank); b) insurance companies and all other institutions supervised or regulated by the Insurance Commission; and c) securities dealers, “pre-need” companies, foreign exchange corporations and other entities supervised or regulated by the Philippine Securities and Exchange Commission. In addition to the above list per R.A. 9160, Covered Institutions under R.A 10365 now also include the following: a) jewellery dealers in precious metals and stones for transactions in the amount of PHP1m (approx. USD21,280) and above; b) company service providers which, as a business, provide any of the following services to third parties: a. acting as a formation agent of juridical persons; b. acting as a director or corporate secretary of a company, a partner of partnership, or a similar in relation to other juridical persons; c. providing a registered office, business address or accommodation, correspondence or administrative address for a company, a partnership or any other legal persons or arrangements; and d. acting as a nominee shareholder for another person; c) Persons who provide any of the following services: a. managing of client money, securities or other assets; b. management of bank, savings or securities accounts; c. organization of contributions for the creation, operation or management of companies; and d. creation operation or management of juridical persons or arrangements, and buying and selling business entities. Only Covered Institutions are required to establish and record the true identity of their clients based on official documents. They shall maintain a system of verifying their legal existence and organisational structure, as well as the authority and identification of all persons purporting to act on their behalf. Covered Institutions shall establish appropriate systems and methods based on internationally compliant standards and adequate internal controls for verifying and recording the true and full identity of their customers.

Has the country been the subject of FATF mutal evaluation in the last 3 years?

Are there minimum transaction thresholds (Y/N)

More details on minimum transaction thresholds.

None. The AMLA defines ‘covered transactions’ as single transactions in cash or other equivalent monetary instruments involving a total amount in excess of PHP500,000 (approx. USD10,640) within one banking day, except for jewellery dealers in precious metals and stones who are required to report a single transaction equal to PHP1m (approx. USD21,280) or above. Regardless of whether these are covered transactions, the establishment and recording of the true identity of clients of Covered Institutions would cover all their clients

What are the requirements for customer identification information for individuals

The following minimum information/documentation shall be obtained from individual customers: name; present address; permanent address; date and place of birth; nationality; nature of work and name of employer or nature of self-employment/business; contact numbers; tax identification number, social security system number or government services and insurance system number; specimen signature; source of funds; and names of beneficiaries in cases of insurance contracts.

Details to be Collected on Corporates

The following minimum information/documentation shall be obtained from customers that are corporate or judicial entities, including shell companies and corporations: articles of incorporation/partnership; by-laws; official address or principal business address; list of directors/partners; list of principal stockholders owning at least 2% of the capital stock; contact numbers; beneficial owners, if any; and verification of the authority and identification of the person purporting to act on behalf of the client.

What are the high level requirements around beneficial ownership (identification and verification)?

When dealing with customers who are acting as trustee, nominee, agent or in any capacity for and on behalf of another, Covered Institutions shall verify and record the true and full identity of the person(s) on whose behalf a transaction is being conducted. Covered Institutions shall retain accounts only in the true and full name of the account owner or holder. The provisions of existing Philippine laws regarding anonymous accounts, accounts under fictitious names, and all other similar accounts shall be prohibited.

What circumstances are enhanced customer due diligence measures required?

None stated in local regulations or guidance.

How should FI's deal with Politically exposed persons

None stated in local regulations or guidance.

What enhanced due diligence must be performed for correspondent banking relationships?

Nothing specific mentioned in local regulations or guidance for due diligence procedures performed for correspondent banking relationships. Nonetheless, when dealing with customers who are acting as

Are relationships with banks who might be considered a 'shell' and without substance permitted?

No. However dealings with shell companies and corporations, being legal entities which have no business substance in their own right, but through which financial transactions may be conducted, should be undertaken with extreme caution.

In what circumstances is additional due diligence required for non face-to-face transactions and/or relationships?

No new bank accounts shall be opened and created without face-to-face contact and full compliance with the above mentioned requirements. In case a Covered Institution has doubts when dealing with customers who are acting as trustee, nominee, agent or in any capacity for and on behalf of another, that they are being used as dummies in circumvention of existing laws, they shall immediately make the necessary inquiries to verify the status of the business relationship between the parties

To whom are SAR's made? (suspicious activity reports)

AMLC

Link to website of SAR reporting

http://www.amlc.gov.ph/assistance.html

Other Suspicious or unusual transactions obligations.

Covered transactions are single transactions in cash or other equivalent monetary instruments involving a total amount in excess of PHP500,000 (approx. USD10,640) within one banking day, except for jewellery dealers in precious metals and stones which requires to report a single transaction amounting to PHP1m (approx. USD21,280) and above. . Suspicious transactions are transactions with Covered Institutions, regardless of the amounts involved, where any of the following circumstances exists: a) there is no underlying legal/trade obligation, purpose or economic justification; b) the client is not properly identified; c) the amount involved is not commensurate with the business or financial capacity of the client; d) the transaction is structured to avoid being the subject of reporting requirements under the AMLA; e) there is a deviation from the client’s profile/past transactions; f) the transaction is related to an unlawful activity/offense under the AMLA; and/or g) transactions similar or analogous to the above. The Land Transportation Authority and all its Registries of Deeds are required to submit to AMLC report on all real estate transactions involving an amount in excess of PHP500,000 (approx. USD10,640).

Are there any de-minimis thresholds below which transactions do not need to be reported?

PHP500,000

Are there any penalties for non compliance with reporting requirements e.g. tipping off?

Failure to keep records is committed by any responsible official or employee of a Covered Institution who fails to maintain and safely store all records of all transactions of the institution, including closed accounts, for five years from the date of the transaction/closure of the account. The penalty is six months to one year imprisonment or a fine of not less than PHP100,000 (approx. USD2,130) but not more than PHP500,000 000 (approx. USD10,640), or both. Malicious reporting is committed by any person who, with malice or in bad faith, reports/files a completely unwarranted report or false information relative to money laundering transaction against any person. Penalty is six months to four years imprisonment and a fine of not less than PHP100,000 (approx. USD2,130) but not more than PHP500,000 (approx. USD10,640), at the discretion of the court. The offender is not entitled to avail the benefits of the Probation Law. If the offender is a corporation, association, partnership or any judicial person, the penalty shall be imposed upon the responsible officers, as the case may be, who participated in, or allowed by their gross negligence, the commission of the crime. If the offender is a judicial person, the court may suspend or revoke its license. If the offender is an unknown, he shall, in addition to the penalties prescribed, be deported without further proceedings after serving the penalties prescribed. If the offender is a public official or employee, he shall, in addition to the penalties prescribed, suffer perpetual or temporary absolute disqualification from office, as the case may be. Breach of confidentiality: When reporting covered or suspicious transactions to the AMLC, Covered Institutions and their officers/employees are prohibited from communicating directly or indirectly, in any manner or by any means, to any person/entity/media, the fact that such report was made, the contents thereof, or any other information in relation thereto. In case of violation thereof, the concerned official and employee of the Covered Institution shall be criminally liable. Neither may such reporting be published or aired in any manner or form by the mass media, electronic mail or other similar devices. In case of a breach of confidentiality published or reported by media, the responsible reporter, writer, president, publisher, manager and editor-in-chief shall also be held criminally liable. The penalty is 3 to 8 years imprisonment and a fine of not less than PHP500,000 (approx. USD10,640) but not more than PHP1m (approx. USD21,280).

Are there any requirements (legal or regulatory) to use automated Suspicious Transaction monitoring technology?

Is there a requirement to obtain authority to proceed with a current/ongoing transaction that is identified as suspicious?

Authority to inquire into Bank Deposits: Notwithstanding the provisions of R.A. 1405 (Law on Secrecy of Bank Deposits), as amended, R.A. No. 6426, as amended, R.A. No. 8791, and other laws, the AMLC may inquire into or examine any particular deposit or investment with any banking institution or non-bank financial institution upon order of any competent court in cases of violation of this act when it has been established that there is probable cause that the deposits/investments are involved/related to an unlawful activity as defined in Sec. 3(i) of the AMLA or a money laundering offense under Sec. 4 thereof; except that no court order shall be required in cases involving kidnapping for ransom; drug trafficking and related offenses; and hijacking, destructive arson and murder, including those perpetrated by terrorists against non-combatant persons and similar targets.

Does the local legislation allow transactions to be monitored outside the jurisdiction?

Is there a legal requirement for a bank’s external auditor/other external organisation to report on the bank’s AML systems and controls?

If an external report on the bank’s AML systems and controls is required: a) how frequently must the report be provided?

N/A

To whom should the report on AML systems be submitted?

N/A

Is an AML system part of the financial statement audit?

N/A

What are the requirements for the content of this external report on a bank’s AML systems and controls? Does it require: a) sample testing of KYC files? b) sample testing of SAR reports? c) examination of risk assessments?

N/A

Data Protection Laws And Personal Data

personal data as defined under Section 3(g) of RA 10173 refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. From the definition it likely covers information used for KYC purposes, and the specific exemption only applies to agencies, etc. that are implementing anti-money laundering laws;

Data Protection for Corporate Data

Data protection for "sensitive Data" and additional protections.

the Data Protection law likewise provides a separate definition for “sensitive personal information” such that it refers to personal information: a. about an individual’s race, ethnic origin, marital status, age, colour, and religious, philosophical or political affiliations; b. about an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings; c. issued by government agencies peculiar to an individual which includes, but not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and d. specifically established by an executive order or an act of Congress to be kept classified.

Do any restrictions on the transfer of credit reports exist?

Transfer of credit records by duly authorised entities to non-authorised ones is regulated and prohibited, unless written consent or authorisation is obtained (See RA 9510, An Act Establishing the Credit Information System). With regards to criminal records and medical data, there are no specific provisions addressing these specific types of information/reports, other than those mentioned falling within the ambit of personal information and sensitive personal information. (Sections 3(g) and 3(l), RA 10173)

Regulator Acronym

AMLC

Year of last FATF mutual evaluation

N/A

Field 67

nameaddresspermanent addressaddress and date of birth received; contact numberverification of signaturespecific&adequate measures

National ID card details

No national identity card.

National ID source

N/A

Passport Photo

practical Guidance yes / no

Legal Requirement

Requirement to proceed

Yes

requirement to use automated suspicious transaction tools

Who are SARS made to?

AMLC

shell banks

EDD for correspondent banking

PDF of case law

Minimum transactions

PHP 500,000

Min transaction USD

10640

Personal Data protection

Personal Data Protection Act

http://www.gov.ph/downloads/2012/08aug/20120815-RA-10173-BSA.pdf

key restrictions

No restrictions are noted.

Summary

Section 8 specifies that all signature must use a digital certificate. Summary of law The Philippines provides for the enforceability of digital signatures. While parties are free to agree between themselves that electronic signature will be binding, that agreement could increase the enforceability risk. For all practical purposes, digital signatures should be used.

If the AML laws and/or regulations became effective in the last 2 years, what were the requirements of the previous AML regime?

N/A

Non financial sector (e.g. casinos, high value goods etc.)

N/A

Does the country have a risk based approach?

None stated in local regulations or guidance.

Where copies of identification documentation are provided, what are the requirements around independent verification or authentication?

Individuals: Covered Institutions shall require customers to produce original documents of identity issued by an official authority, bearing a photograph of the customer. Examples of such documents are identity cards and passports. Corporate/Judicial Entities: Before establishing business relationships, Covered Institutions shall endeavour to ensure that the customer is a corporate or judicial entity which has not been or is not in the process of being dissolved or wound up, or that its business or operations have not been or are not in the process of being closed, shut down, phased out, or terminated. Applicable to all types: No new accounts shall be opened and created without face-to-face contact and full compliance with the above mentioned requirements. Though it is not defined in the local regulations or guidance, as a common business practice, banks and other institutions require copies of original documents to be certified as true copies by the issuing agency (e.g. copies of Articles of Incorporation/Partnership should be certified by the Securities and Exchange Commission), or by an independent lawyer or public notary (in the case of certifications and affidavits issued by an individual).

Is there case law, other constitutional law or any other laws or regulations that may impact upon the transfer of information to this jurisdiction?

Transfer of information is restricted and subject to the provisions of Presidential Decree (PD) No 1718, issued in 1980, that restricts the transfer of information vital to Philippine national interests to foreign jurisdictions. In this regard, prior approval from the Office of the President of the Philippines must first be obtained before any such transfer is made.

List of case law, constitutional law or any other laws or regulations that may impact upon the transfer of information.

Yes, the Philippines has a Bank Secrecy Law (RA 1405), which provides that all deposits with banks or banking institutions in the Philippines are considered confidential, and may only be inquired into and examined upon written permission of the depositor, or upon order of the courts.