In an evolving regulatory landscape, money laundering and terrorism financing (TF) pose growing threats to the credibility of international financial systems. To mitigate risk and vulnerabilities, Labuan International Business and Financial Centre (Labuan IBFC) is reinforcing existing measures and introducing new measures to effectively combat these threats.
To adhere to anti-money laundering (AML) and counter-financing terrorism (CFT) international standards, the Labuan Financial Services Authority (Labuan FSA), which is the statutory body responsible for the development and administration of Labuan IBFC, is working to ensure that financial institutions in the domicile remain in compliance with Labuan IBFC’s laws and regulations.
To comply with the Organisation for Economic Cooperation and Development (OECD)’s regulations, Labuan FSA enacted the following policies which are applicable to all Labuan IBFC licensed entities:
- Guidelines on AML and CFT and Targeted Financial Sanctions (TFS) for Labuan IBFC Key Reporting Institutions
- Guidelines on Beneficial Ownership for Labuan Legal Persons and Legal Arrangements
- Guidelines on Digital Governance Framework
- Guiding Principles on Business Continuity Management
Labuan IBFC provides a business-conducive environment for companies looking to expand into Asia in a cost-effective manner. The domicile offers a variety of financial and business services through Labuan IBFC – from investment holding companies for multinational structures, financial licenses for industry players, fund or capital structures for business expansion and investment, comprehensive fintech licenses, to wealth management structures for business succession and wealth preservation.
We understand that AML/CFT compliance can be complex and challenging as it varies by jurisdiction, risk environment, and has been made more complex due to emerging fintech innovations. Hence, we have summarised key points of the relevant guidelines and proposed our solutions to develop and implement an effective AML/CFT programme.
- Banking
- Insurance
- Leasing
- Money Broking
- Commodity Trading
- Credit Token Companies
- Company Management Business
- Wealth Management
- Digital Financial Services
- Trust Companies
- Capital Market
- Exchange
- Requirement for Digital Financial Business – e-Know Your Customer (KYC)
- Prohibition of Suspicious Transaction Reporting (STR) disclosure to KRIs reported counterparties
- Clarification of KRIs’ duties in handling requests from Legal Enforcement Agencies
- Sanction lists and reporting duties of KRIs
(1) APPOINTMENT AND RESPONSIBILITIES OF A COMPLIANCE OFFICER
A Compliance Officer has the following responsibilities:
- Compliance with AML/CFT requirements.
- Proper implementation of AML/CFT policies by Labuan IBFC KRI.
- Effective implementation of appropriate AML/CFT procedures, including CDD, record-keeping, ongoing due diligence, suspicious transaction reports, and combating the financing of terrorism.
- Regular assessment of AML/CFT mechanism.
- Ensuring channels of communication within the KRI are secure and information is kept confidential.
- Awareness of Labuan IBFC KRI’s AML/CFT measures, including policies, control mechanisms and reporting channels, is cascaded to all employees.
- Establishment and maintenance of relevant internal criteria to identify and detect suspicious transactions.
- Evaluation of internally generated suspicious transaction reports before reporting to the Financial Intelligence and Enforcement Department (FIED) of Bank Negara Malaysia, and the AML Policy Unit of Labuan FSA.
- Proper identification of ML/TF risks associated with new products or services or risks arising from Labuan IBFC KRI’s operational changes, including the introduction of new technology and processes.
- Compliance with any other obligations that are imposed under the Guidelines.
(2) PROCEDURES AND CONTROLS
AML/ CFT Compliance Programme
1. Notification requirements for Compliance Officer (CO):
- Financial integrity is now an additional qualifying criterion for CO
- Vacancy of CO to be notified within 10 working days*
- Replacement CO to be identified and appointed within 30 days*
2. Ongoing employee assessment system including periodic staff re-screening:
- Applicable upon hiring of employee and throughout the course of employment
- Employee assessment covers employee’s personal information (including criminal records, employment and financial history) and clear parameters/circumstances to trigger re-screening of employees during the course of employment
- Trust Officer employment – adherence of roles and responsibilities under Guidelines for Labuan Trust Officers issued by Labuan FSA
3. Independent audit function:
- Board to determine audit scope and frequency, commensurate to the Labuan IBFC KRI’s ML/TF risks and vulnerabilities
- Audit scope – at minimum, includes:
- compliance with AMLA, including underlying circulars and guidelines;
- compliance with Labuan KRI’s internal policies and procedures;
- adequacy and effectiveness of AML/ CFT programme; and
- reliability, integrity and timeliness of internal/regulatory reporting and management of information systems.
c. Audit frequency – guided by circumstances such as:
- structural changes of the business;
- changes to transaction volume;
- new product or service or new delivery channel; and
- previous non-compliance(s) in relation to AML/CFT requirements.
d. Ensure Labuan FSA’s accessibility to audit findings
Customer Due Diligence (CDD)
1. Simplified CDD (where ML/TF risks are assessed as follows):
- Basic information (i.e., name, identity, IC number, address, date of birth, nationality, contact number, email address) to be obtained from customer/beneficial owner
- Proper processes in place:
- adequate analysis of ML/TF
- establish appropriate mechanisms/internal controls for effective ongoing monitoring of customers and transactions
- proper approval from the Board
- periodic review of ML/TF risks
2. Non-face-to-face (FTF) business relationship:
- Proper policies and procedures, effective implementation
- Usage of systems and technologies for AML/CFT compliance programme
- Appropriate measures imposed on the identification and verification of non-FTF customer’s identity, such as:
- establishing independent contact with customer;
- verifying customer’s information against reliable/ independent sources;
- requesting, sighting and maintaining records of additional documents required to perform FTF customer verifications; and
- effective monitoring and reporting mechanism to identify potential ML/ TF activities.
3. Cross-border wire transfer for Labuan IBFC KRI – amount involving foreign currency equivalent of MYR 3,000 and above requires the message/payment instruction to be accompanied by the following information:
- Originator information (i.e. name, account number, address, date and place of birth)
- Beneficiary information (i.e. name and account number)
Politically Exposed Person (PEP)
- Level of informal influence
- Whether PEP’s current functions are no longer linked to the same substantive matters
THE NEED FOR COMPLIANCE TRAINING AML/CFT REGULATIONS
Each jurisdiction has its own AML/CFT regulations, which operating companies, especially financial institutions, must comply with to remain ahead of any potential illegal activities and fraud. Building an effective AML/CFT compliance training programme is important in establishing the foundation for a strong compliance department.
A proper AML/CFT compliance training programme can help employees keep abreast of the latest AML/CFT rules and regulations and contribute towards preventing money laundering at all levels. Employees will be able to effectively recognize and report any suspicious ML/TF activities and transactions. They will be equipped with the right skills to handle the requirements of the customer verification process, the identification of risks associated with businesses, and the implementation of AML/CFT practices and measures.
At its core, AML/CFT awareness training also helps to align and ensure governance across a company, which can minimize risk, increase productivity, and help a company remain compliant with regulatory requirements.
Any person who fails to comply with the guidelines may be subject to an administrative penalty under Section 36G of the Labuan Offshore Financial Services Authority Act 1996 (“LFSAA”) and/or other enforcement actions provided under LFSAA and AMLA.
In this regard, Tricor, a licensed Labuan Trust Company, has launched the Tricor Training Academy to assist the Board of Directors of licensed entities to stay current with the latest changes in compliance and regulatory standards and requirements, which will be able to assist organizations to enhance their governance and compliance framework, including AML/CFT:
- Governance Compliance Review
- Compliance Audit – Monitor, Test, and Report
- Compliance Review – Policies, Procedures, and Processes
- Internal Audit Services
Tricor Axcelasia, a wholly owned subsidiary of Tricor Group, provides strategic business advisory and governance, risk & compliance (GRC) solutions to publicly listed companies, private companies, multinational corporations and government-linked entities. We help organisations in Malaysia and beyond build capabilities in strategic planning and execution by identifying and anticipating potential risks, and sharing comprehensive expertise in business management.
