COMPLIANCE & KYC/AML POLICY

COMPLIANCE & KYC/AML POLICY

Prepared by: Compliance Division

Approved by: Board of Directors

Prepared in:

July 2009

1st Updated in:

April 2010

2nd Updated in:

March 2013

COMPLIANCE & KYC/AML POLICY

SECTION
A

TABLE OF CONTENTS
CONTENTS
COMPLIANCE POLICY

PAGE
NO.
4-7

1. Compliance Policy
2. Introduction
3. Purpose
4. Objectives
5. Role of Compliance Function
6. Definition
7. Maintenance and updating of the Compliance Policy
8. Role & Responsibilities of Compliance Officer
9. Reporting Lines
10.Authorities & Independence of Compliance
11. Relationship with Internal Audit & Regulatory Bodies
12. Framework to Follow
13. Compliance Testing for SBP/Regulatory Requirements
B

KNOW YOUR CUSTOMER/ANTI MONEY LAUNDERING POLICY

1. Objectives
2. Purpose
3. Definition of Money Laundering
4. Scope
5. Internal Operational Procedures
6. Responsibilities
7. AML & KYC General Policies
8. Account Opening & Customer Profiling (KYC/CDD)
8.1 Customer Due Diligence
9. Timing of Verification
10. Enhance Due Diligence
10.1 Third Party Mandate Holders
10.2 Use of Personal Account for Business Purposes
11. Simplified Due Diligence
12. Transaction with non account holders
12.1 Transaction made by Non- account holders on behalf of Customer account
13. Account of Politically Exposed Persons
14. Accounts of NGOs/NPOs/Trusts/Societies/Clubs/Associations/Charities
15. Review & Monitoring
15.1 Self Monitoring
15.2 Direct Monitoring
15.3 Monthly Compliance Certificate
15.4 Reporting of Transactions
15.5 Updating
16. Record Keeping
17. Correspondent Banking
18. Wire Transfers
19. Hold Mail Accounts
20. High Risk Customers
21. Unacceptable Customers
22. Employee Due Diligence
23. Review of Products and Services
24. AML Training & Awareness
25. Audit
26. Insider Trading

8-21

COMPLIANCE & KYC/AML POLICY

Annexure

Annex-A

KYC Form Individual/Joint Account

Annex-B

KYC Form Business Account

Annex-C

Customer Risk Profiling Form

Annex-D

Guide for Risk Profiling

Annex-E

Rules for filling Risk Profiling Form

Annex-F

EDD Form

Annex-G Examples of suspicious activities

Annex-H Key Definitions
Annex-I

Minimum Documents to be Obtained

Annex-J

High Risk Elements and Recommendation for EDD

Annex-K General High Risk Scenarios/Factor

Annex-L General Low Risk Scenarios/Factor

22-51

COMPLIANCE & KYC/AML POLICY

SECTION-A

COMPLIANCE POLICY

1) WHAT IS COMPLIANCE POLICY?

Compliance means Respecting and adhering all the regulations and supervisory expectations relevant to a
financial institution.

2) INTRODUCTION
Compliance is one of the main functions of a bank, the guardian of an institutions soul and ethics.
Good compliance can enhance reputation through improved services and efficient implementation of new
business initiatives.
3) PURPOSE:
The purpose of this policy is to outline objectives of compliance policy; role of compliance function;
definition of compliance; roles and responsibilities of compliance officers; reporting line and independence
of compliance function; relationship with internal audit and regulatory bodies; and requirements of SBP and
other relevant laws and regulations.
4) OBJECTIVES:
The objectives of the compliance policy are to:
Ensure Banks compliance to all the relevant laws and regulations
Ensure that the Banks business is conducted with highest levels of integrity and ethical standards
5) ROLE AND SCOPE OF COMPLIANCE FUNCTION
The role of compliance function is to advise Senior Management on compliance of rules and regulations;
provide guidance in this respect throughout the organization; identify measure and assess compliance risk
along with monitoring, testing and reporting at appropriate levels.
It is to be understood that compliance is not a function merely confined to the Compliance Division rather it
is the duty of each employee /executive in the Bank to ensure compliance with all the internal /external
directives/laws. Accordingly, every member of the staff is responsible for the identification, reporting,
control and compliance with regulations in his/her area of activity. The simple principle is that we must
know and remain within the law and comply with internal policies and procedures, which have been
developed to ensure that a satisfactory system of internal controls is in place to attain our business objectives.
All staff must keep themselves abreast of the requirements and ensure compliance with aspects related to
their work. We must never act in a manner that can be detrimental to the Banks reputation. Board of
Directors of the Bank is the apex body in the Bank therefore it is overall responsible for the management of
Banks compliance risk. Board is responsible to oversee the implementation of the compliance policy and
assess how the Bank manages its compliance risk through perusal of Internal Audit and Compliance reports.
6) DEFINITION
Compliance is concerned with the legality and integrity with which business is conducted throughout the
Bank. In other words, compliance within the bank is to ensure that the bank conducts its business with full
regard to all applicable regulatory requirements and at the highest ethical standards. The compliance function
is an integral part of internal controls. The compliance policy of Summit Bank Limited (SMBL) sets out the
framework of the Banks standards and practices in the matter of compliance. The key risks associated with
the compliance function are reputational and regulatory. As a new institution, we need to pay particular
attention to this aspect. We need to build and maintain our reputation. Non-compliance with regulations can
create a negative image and expose the Bank to punitive actions by the regulators.
7) MAINTENANCE AND UPDATING OF THE COMPLIANCE POLICY

The basic responsibility of maintaining and updating this policy resides with the Group Head of
Compliance and Control, who will update the policy in consultation with the Head of Compliance.
The review and updating of this policy shall be an on-going process to ensure continuous alignment
4

COMPLIANCE & KYC/AML POLICY

of the Banks businesses with the Bank-wide strategy and the internal and external dynamics in
which the Bank operates. Such factors shall include the developments, changes and trends required
by laws applicable within the banking industry.
The President & CEO shall be authorized to allow interim approval of any proposed changes in this
policy and their implementation only in cases where the changes do not require any material
amendments to the bank-wide strategy and are required to be affected promptly. However, any such
changes shall be subject to subsequent ratification by the Board of Directors.
As a policy, this document, in its entirety, shall be reviewed at least annually and updated, if
necessary. The responsibility for regular updating of this rests with the Group Head of Compliance
& Control. However, if there is not any material change, only Management approval to document
the review will suffice.

8) ROLES AND RESPONSIBILITIES/ REGULATORY REQUIREMENT OF COMPLIANCE

OFFICERS
The role and responsibilities of Compliance Officers are governed by Regulation G-1 (D) of Prudential
Regulations for Corporate and Commercial Banking which requires that;
Banks / DFIs shall put in place a Compliance Program to ensure that all relevant laws are complied with, in
letter and spirit, and, thus, minimizes legal and regulatory risks. For this purpose, the Board of Directors, or
Country Manager in case of foreign banks, shall appoint / designate a suitably qualified and experienced
person as Compliance Officer on a countrywide basis, who may be assisted by other Compliance Officers
down the line. The Head of Compliance will report directly to the President / Chief Executive Officer of the
bank / DFI. The Compliance Officers will primarily be responsible for banks / DFIs effective compliance
relating to:
(a) SBP Prudential Regulations.
(b) Relevant provisions of existing laws and regulations.
(c) Guidelines for KYC.
(d) Anti money laundering laws and regulations.
(e) Timely submission of accurate data / returns to regulator and other agencies.
(f) Monitor and report suspicious transactions to President / Chief Executive Officer of the bank /
DFI and other related agencies.
Banks / DFIs are, however, free to add other areas of compliance under the responsibilities of Compliance
Officer and consider setting up a compliance committee under him, as they deem fit to protect the interest of
the institution.
Accordingly, Compliance Division at SMBL has been entrusted with the following additional responsibilities
beside the above-mentioned functions mandated by State Bank of Pakistan;
Receipt of all SBP Circulars and ensuring circulation to relevant divisions/functions and compliance
thereof
Compliance of the directives of the Board/CEO
Handling Customer complaints
Conducting training for the staff at all levels on compliance issues especially on KYC and AML
In order to discharge its aforementioned responsibilities effectively, Compliance Division will perform the
following functions to proactively manage the compliance risk;
Provide guidance to Division/ Department Heads towards ensuring that policy and procedure manuals
and SOPs are in line with regulatory requirements and sufficiently address internal control requirements.
Assist the management in identifying and assessing potential compliance issues including new products/
business development
Provide guidance, advice and educate the staff on compliance issues
Assess the appropriateness of banks compliance-related policies
Monitor Compliance by:
o Performing sufficient and representative compliance testing, including post checks; and
o Making inquiries into compliance incidents, and carrying out further investigations as appropriate
Undertake off-site reviews at appropriate frequencies to assess compliance of regulatory rules and
customers activities against their respective KYCs. Further, On-Site visits to branches shall be
conducted by Regional Compliance Unit as per the approved plan.
5

COMPLIANCE & KYC/AML POLICY

Maintain regular liaison with Internal Audit Division and review reports from internal and external
auditors/regulatory agencies towards ensuring that the compliance functions activities remain relevant
to and address changing requirements.
Use the off-site and on-site reviews to access the training needs based on which training programs will
be developed. Complete records of the training conducted by Compliance Division will be given to the
Training Department of the HR for their record and perusal.
Communicate with Senior Management/ Division/Group Heads on compliance matters.
In conjunction with HR, prepare an annual training plan and arrange and conduct training accordingly.
Training plans will also be developed in conjunction with HR for new staff to ensure that training
relevant to their area of activity includes topics relating to Compliance. In particular, these would cover
KYC/AML and Regulatory Reporting requirements. Such training will be arranged/conducted within six
months of joining of new staff.
Reporting the compliance issues and suspicious transaction to the President & CEO/ Board and relevant
authorities
Liaise with the SBP on compliance issues

9) REPORTING LINES
As per the requirements of the Prudential Regulations Compliance Division of a Bank should have a direct
reporting line to the President & CEO. In compliance of the spirit of the PR, Compliance Division of
Summit Bank Limited works under a dedicated Head and report to the Group Head-Compliance & Control
who reports directly to the President & CEO.
10) AUTHORITIES & INDEPENDENCE OF COMPLIANCE
The Chief Compliance Officer (Head of Compliance Division) shall:
Have full access to all records and documents of the Bank required in performance of his / her duties
Be independent from influence from any quarter within the Bank. Any attempt to influence findings of a
compliance incident will be reported to Board of Directors immediately
Directly obtain clarifications on any statutory/ regulatory issue from concerned authorities. He/she shall
also obtain, as necessary, legal opinion on the matters of interpretation and implementation of the
regulations
Seek assistance, with the consent of the President & CEO, from the external auditors or consultants in
carrying out his/her duties
Directly coordinate with IT in the development of MIS Reports for the Compliance function
Have unrestricted access to the Board of Directors in case of need
11) RELATIONSHIP WITH INTERNAL AUDITORS & REGULATORY BODIES
Compliance Division will keep a close liaison with the A&ICD. The periodic internal audit reports of
branches and different divisions shall be perused to assess potential compliance issues and to suggest
remedial actions to the relevant quarters through consultation. Similarly findings of the compliance testing
will also be shared with A&ICD. A&ICD will also conduct independent audit of the Compliance Division to
assess efficacy of the compliance program.
Compliance Division will also liaise with the regulatory authorities especially State Bank of Pakistan in
replying to any queries / requests for information. Any ambiguity/queries raised by different quarters within
the Bank will also be taken up by the Compliance Division with the relevant regulatory authority to seek
clarifications.
12) FRAMEWORK TO FOLLOW
Compliance is an important mechanism that supports effective governance. Compliance with regulatory
requirement and the organizations own policies are a critical component of effective risk management. For
this purpose, a Compliance Program Framework has been developed that define the roles, responsibilities
and activities performed by Compliance Division. The Compliance Division has been divided into four units:
Regulatory Compliance
Anti- Money Laundering Unit
Regional Compliance
Review & Procedure
6

COMPLIANCE & KYC/AML POLICY

13) COMPLIANCE TESTING FOR SBP/REGULATORY REQUIREMENTS

Compliance Division will conduct on-site visit of braches as per their schedule approved by the Group Head
on quarterly basis. Further, off-site monitoring will also be done as per the Compliance Program approved by
the Management.

COMPLIANCE & KYC/AML POLICY

SECTION-B

KYC/AML POLICY

01. Objectives
To protect itself from the increasing danger of organized criminal activity and money laundering, it is
essential for the Bank to have clearly laid down policies on Know Your Customer and Anti- Money
Laundering (AML).
Through the implementation of these policies and procedures, the Bank will have an adequate system of
controls for effective prevention of money laundering and ensuring that there is consistency in our treatment
of customers.

02. Purpose
The main purpose of this policy is to define the SBP requirements on KYC/AML, the responsibilities of
branchs staff and Compliance Officers with regards to transaction monitoring/ reporting.
Towards this end, this policy also defines the system for customer identification, record keeping, compliance
monitoring and internal and external reporting of suspicious or unusual transactions.

03. Definition
Money Laundering is defined as the process by which criminals attempt to conceal the true origin and
ownership of the proceeds of their criminal activities. If undertaken successfully, it also allows the
perpetrator(s) to maintain control of those proceeds and, ultimately, provides a legitimate cover for their
source of income. Detailed guidelines /trainings will be developed by the Compliance Division for
understanding the typologies of money laundering.
The first step in the laundering process is for criminals to attempt to get the proceeds of their crimes into a
bank or other financial institution, sometimes using a false identity. They can then transfer the proceeds to
other accounts, here or abroad, or use it to buy other goods or services.
It eventually appears to be like any legally earned money and becomes difficult to trace back to its criminal
past. The criminals can then invest or spend it or, as is often the case, use it to fund more criminal activities.
The laundering process is often described as taking place in three stages:3.1 Placement
Placement, being the first stage is the means by which funds derived from a criminal activity are introduced
into the financial system, either directly or through using other retail businesses. This can be in the form of
large sums of cash or a series of smaller sums. Initial proceeds of drug trafficking or street sales of drugs are
always in cash.
3.2 Layering
The aim of the second stage is to disguise the transaction through a succession of complex financial
transactions with the purpose of erasing as quickly as possible all links with its unlawful origin. The funds
may be converted into shares, bonds or any other easily negotiable asset or may be transferred to other
accounts in other jurisdictions.
3.3 Integration
Complex integration schemes then place the laundered funds back into the economy through real estate,
business assets, securities and equities, in such a way that they reenter the financial system appearing as
normal business funds that have been legitimately earned.
The largest amount of criminal money that needs to be laundered comes from the sale of illegal drugs,
primarily heroin, cocaine and cannabis.

COMPLIANCE & KYC/AML POLICY

04. Scope
These policies and procedures are in compliance with Anti Money Laundering Regulations, reporting of
suspicious transactions etc. applicable in the country. They are applicable to Head Office and all Bank
branches / booths which need to ensure compliance with these policies and procedures.
Money launderers, need the worlds banking systems to launder the proceeds of their crimes and all banks in
all countries are vulnerable. Cash based societies and countries without fully comprehensive anti-money
laundering programs (comprising legislation, regulation and financial sector procedures) are especially
attractive to the launderers.
Thus, our own degree of vigilance must reflect these potential vulnerabilities. Cash payments arising from
drug related crimes are by no means the only risk. Fraud, for example, does not generate any cash, but the
extensive proceeds still need to be laundered. Corruption by various individuals and companies including
public officials inevitably involves fraud or theft and handling the proceeds of large scale corruption can
produce a serious reputational risk for the bank. In addition, preventative measures put in place by
International Financial Institutions over the past decade have resulted in the need for criminals to use more
complex routes to gain access to the financial system, rather than placing their cash directly into the bank. It
must be stressed that all of the banks products and services are at risk from being used by criminals to
launder the proceeds of their crime.

05. Internal Operational Procedures

Detailed instructions to deal with letter of thanks, issuance of cheque book, dormant accounts etc shall be
part of Banks internal policies i.e Operational Manuals, SOP, etc. Respective stakeholder(s) / Group(s) of
the bank shall be responsible for its custody and updation, as and when necessary.

06. Responsibilities
Adherence to the money laundering policies and procedures is the responsibility of the Management who has
delegated this responsibility to the Group Head of Compliance & Control along with the Head of
Compliance. The GH-C&C shall act as the Reporting Officer for all money-laundering cases and shall ensure
monitoring and compliance with these policies and procedures. Compliance Division will perform
compliance off-site testing of KYC/AML practices on an ongoing basis to ensure that these policies are
being complied with at branches in letter and spirit through adequate sample or complete checking
depending on the volume of transactions. Further, onsite testing will be performed by Compliance Division
to review the performance of branches. The schedule and visits to branches shall be planned in accordance
with the last Internal Audit Rating/Compliance Rating, SBP Observations and branch size.
The detailed plan for off-site and on-site reviews is covered in the Compliance Program separately, which is
derived from the Compliance Policy of the Bank.
Prudential Regulations (PR) on Anti Money Laundering and Combating the Financing of Terrorism
(AML/CFT) Regulations issued by State Bank of Pakistan make it mandatory for every Commercial Bank /
Financial Institution to put in place procedures to combat Money Laundering. A Commercial Bank would
render itself liable for imposition of heavy penalties by SBP if these regulations are not strictly complied
with. It is obligatory on SMBL, its management and staff to follow the procedures strictly as outlined in
these prudential regulations as well as Anti-Money Laundering Act of 2010.
There are personal obligations on every member of management and staff that:
It is an offence to assist anyone whom you know, or suspect to be, laundering money generated illegally.
In the financial sector, assistance can be provided by, for example, opening a bank account, accepting
deposits, making transfers/payments, advancing a loan, issuing/accepting letters of credit.
If you know or suspect that a transaction is related to any illegal activity, you must report it in order to
get protection against a charge of knowingly assisting a criminal to launder the proceeds of his/her
crime.
In the case of drug trafficking or terrorist financing, if you form a suspicion of money laundering in the
course of your employment or business activity, you must report it, even if you are not handling the
transaction or funds in question, otherwise you will be alleged for the offence of collusion.
Suspicious transactions should be reported if there is a reasonable suspicion that the transaction in
question has not been able to justify its economic sense and/or appeared to be derived from or derived to
9

COMPLIANCE & KYC/AML POLICY

an illegal source. However, important to understand that any information regarding reporting or
investigations of transaction to the customer is a criminal offence and the person responsible will have to
bear serious legal consequences.
The procedures bank has developed to combat Money Laundering include:
Awareness raising and training of staff.
The verification of new client identification and know your customer (KYC) and his business.
Retention of records.
Recognition and reporting suspicions of money laundering.
Physical verification of business on sample basis. However, where proof of business is not applicable
eg. Sole Proprietorship, partnerships, etc; physical verification would be mandatory in such cases.
The bank is not committing an offence if it does not know or suspect that funds relate to drugs, terrorism or
other serious crime. However, if upon investigation it is proved that transaction(s) were / are conducted in
connivances with a staff or were in knowledge of the staff; the respective person(s) will be responsible.
The bank is committing an offence if it knows or suspects that someone is involved in any serious crime and
the staff:
assists them to obtain control or retain their proceeds, or
gives them any help in investing or transferring those proceeds, or
advises them that the Bank, is suspicious of their activities.
In practice, of course, the bank staff is not likely to know and may not realize or suspect that there was
anything suspicious about a transaction until it is all over and the customer has gone away. If that happens,
the staff's duty is clear. We must report our suspicion; we will not be criticized that we were not suspicious
immediately.
If we do not report our suspicion and the funds are related to drugs or terrorism, we will have committed an
offence of failure to report. If we do not report our suspicion concerning any criminal money, whether
relating to drugs, terrorism, or any other serious crime including transactions apparently placed and layered
to evade tax, we may also need to defend an action against us for deliberately assisting the criminal.
If transaction founds to be suspicious, the branch management i.e OM/BM etc must report it to Compliance
Division (CD). The CD will immediately scrutinize and if deemed fit, report to Financial Monitoring Unit
(FMU) after making consultation with Business Head (if necessary). The Compliance Division may also
approach senior management for their expertise & guidelines.

07. Anti Money Laundering (AML) & Know Your Customer (KYC) General Policies
In accordance with SBP regulations for the prevention of Money Laundering and KYC, the following
policies will be adopted:
All the documents prescribed in the Prudential Regulations (updated from time to time) would be
obtained from each customer desirous of opening an account with the Bank. For this purpose, branches
are strictly advised to follow the SOP for account opening and any other instructions given by the
Management. Every possible effort would be made to ensure genuineness of the customer including
verification of identity documents/customers antecedents through independent sources i.e. Verisys and
personal visits by Bank officials where desirable
Transactions will only be undertaken with customers whose identity and business are either known or
can be verified
Transactions will only be processed that make sense in relation to the business of the customer. In case
the business place is not verifiable through an independent and authentic source, physical verification
of the business place must be conducted.
All transactions will be routinely scrutinized for any suspicious activity
The Compliance Division will be immediately informed by the branches, of all suspicious activity,
which will be fully investigated by them
The GH-C&C along with HOC shall coordinate with each other in all investigations and report to the
Senior Management (P & CEO) and relevant regulatory authorities
Personal accounts should strictly never be used for business transactions.
Staff will be adequately trained in the key aspects i.e.
o Know your customers identity and business.
10

COMPLIANCE & KYC/AML POLICY

o
o
o
o

Ensure that transactions make sense.

Know what to do when a situation of suspicious transactions arises.
Know how the situation will be reported and investigated.
Know the consequences for not reporting or being involved in money laundering activities.

Effective internal audit shall be carried out to ensure policies and procedures are being complied with. For
this purpose, adequate procedures for the verification of the identity of all new customers shall be applied
and documents obtained as stipulated in SBP Prudential Regulation (copy attached), and any other
subsequent changes made in relevant SBP regulations and account opening SOP of the Bank.

08. Account Opening and Customer Profiling (KYC/CDD)

Keeping our bank's slogan in sight Committed to You, anybody without the discrimination of religion,
race, cast, creed, profession can open an account with SMBL provided the bank can reasonably determine
legal customer's identity and legitimate source of income through including but not limited to documents,
references or personal visits. Account opening procedures detailing types and requirements for various types
of customers as circulated by the Country Operations through Manuals /SOPs as amended from time to time
would be adopted which presently include:
Personal attendance/contact with the customer.
Proper introduction (Optional)
Scrutiny of original identification documents.
Completion of standard application form.
Verification of any photograph where applicable.
Approval of account opening by Operations/Branch Mangers
Verification of address of the account holder through sending letter of thanks for all customer accounts.
Issuance of cheque books/starter cheque books strictly in accordance with the SOPs
Completion of documentation formalities for various types of customers as per the SOP on account
opening.
8.1 Customer Due Diligence
Customer due diligence or CDD in broader terms includes;
identifying the customer and verifying the customers identity on the basis of documents, data or
information obtained from customer and/or from reliable and independent sources;
identifying, where there is a beneficial owner who is not the customer, and taking adequate measures, to
verify his identity so that the bank/DFI is satisfied that it knows who the beneficial owner is, including,
in the case of a legal person, trust or similar legal arrangement, measures to understand the ownership
and control structure of the person, trust or arrangement;
understanding and, as appropriate, obtaining information on the purpose and intended nature of the
business relationship; and
monitoring of accounts/transactions on ongoing basis to ensure that the transactions being conducted are
consistent with the banks/DFIs knowledge of the customer, their business and risk profile, including,
where necessary, the source of funds and, updating records and data/ information to take prompt action
when there is material departure from usual and expected activity through regular matching with
information already available with bank/DFI.
Bank would do due diligence when;
establishing business relationship;
conducting occasional transactions above rupees one million whether carried out in a single operation or
in multiple operations that appear to be linked;
carrying out occasional wire transfers (domestic / cross border) regardless of any threshold;
there is suspicion of money laundering / terrorist financing; and
there is a doubt about the veracity or adequacy of available identification data of the customer.
Following minimum due diligence measure will be applied according to Regulation-1 of Prudential
Regulations for AML/CFT;
It is prohibited to open and maintain anonymous accounts or accounts in the name of fictitious persons
or numbered accounts.
All reasonable efforts shall be made to determine identity of every prospective customer. For this
purpose, minimum set of documents to be obtained by the bank from various types of customers /
11

COMPLIANCE & KYC/AML POLICY

account holder(s), at the time of opening account, as prescribed in Annexure-I of the Prudential
Regulations for AML/CFT.
Bank shall identify the beneficial ownership of accounts/ transactions by taking all reasonable measures.
For all customers, bank would determine whether the customer is acting on behalf of another person,
and should then take reasonable steps to obtain sufficient identification data to verify the identity of that
other person. All efforts shall be properly recorded/documented and considered as integral part of
Customers Due Diligence and filed with the account opening documents.
Where the customer(s) has requested to open a joint account, the CDD of all the joint account holders
shall be performed as required for an individual account.
For customers that are legal persons or for legal arrangements, bank will take reasonable measures to (i)
understand the ownership and control structure of the customer (ii) determine that the natural persons
who ultimately own or control the customer. This includes those persons who exercise ultimate effective
control over a legal person or arrangement. The identity of all natural persons who are acting on behalf
of the legal person shall be verified and properly documented (atleast CNIC duly marked original seen
and their Nadra Verisys). Further, authority of such persons who act on behalf of the customer shall be
verified through documentary evidence including specimen signature of the persons so authorized.
Reasonable measures should be taken to verify the identity of the beneficial owners of the account. The
bank should identify the ownership structure i.e. the natural persons who ultimately owns the account
and perform necessary due diligence to verify the details provided to the bank by the customer.
The Bank shall obtain in writing from the customer the purpose and intended nature of business relations
desired from the account.
Government accounts would not be opened in the personal names of the government official(s). Any
such account, which is to be operated by an officer of the Federal / Provincial / Local Government in his
/ her official capacity, shall be opened only on production of a special resolution / authority from the
concerned administrative department duly endorsed by the Ministry of Finance or Finance Department
of the concerned Government.
Account of Autonomous entities and armed forces including their allied offices may be opened on the
basis of special resolution/authority from the concerned administrative department or highest
executive/management committee of that entity duly endorsed by their respective unit of finance.
However, while opening an account, any rules/regulations or procedures as laid down in the governing
laws of such entity relating to opening and maintaining an account shall be taken in to account.
The branch should perform Enhanced Due Diligence (EDD) while establishing relationship with
NGOs/NPOs/Trust/Charities/ Societies/ Foundation etc. The branch will also conduct Customer Due
Diligence (CDD) of its authorized signatories, members of its governing bodies, trustees, directors,
beneficial owner, etc.

09. Timing of Verification

Verification of the identity of the customers and beneficial owners shall be completed before business
relations are established including verification of CNIC/NICOP/POC from NADRA wherever required for
customers under these regulations.
However, in exceptional cases, banks/ DFIs may allow business relationship without prior verification if the
deferral of completion of the verification of the identity of the customer and beneficial owner is essential in
order not to interrupt the normal conduct of business operations and the risks can be effectively managed.
With reference to the exception, the deferrals although allowed in exceptional cases, shall only be given on
case to case basis after obtaining justified reason(s) for the deferral, and are subject to the approval of the
Head of Business or its delegates. In this regard, an authority delegation matrix must be in place and part of
the account opening SOP.
Cases where any exception is allowed, following should also be observed;
Verification shall be completed as soon as it is reasonably practicable but not later than 5 business days
from the date of opening of the account.
No debit will be allowed or cheque book is issued until positive verification is completed.
Half yearly list is to be maintained by banks/DFIs highlighting all accounts/deposits where the business
relationship needed to be closed on account of negative verification.
At the time of reviewing the KYC form, the supplementary documents with the AOF should also be
reviewed and if found expired, valid documents should be obtained and verified accordingly. The same
should be attached in customers file and records to be updated for audit purposes.
12

COMPLIANCE & KYC/AML POLICY

10. Enhanced Due Diligence (EDD)

EDD would be applied to all the high risk customers according to the risk profiling guidelines given in
Annexure-D. High risk elements identified by SBP and recommended actions for EDD is given in AnnexureJ and Annexure-K.
Furthermore to elaborate, EDD will be performed as per assigned total risk ratings of 141 points and more or
on the following professions mandatorily:
PEP, NGO, NPO, Charity, Trust, Club, Society, Association, Welfare Organization, Arms &
Ammunition, Exchange Companies and Correspondent Banks.
Housewife accounts
Proprietorships and self employed individuals/ professionals
Landlords
Examples of such EDD (as given in AML/CFT Guidelines) measures may also include:
Obtaining additional information on the customer (occupation, volume of assets, address, information
available through public databases, internet, etc);
Reducing interval for updating and reviewing customer risk profile;
Reducing interval for updating the identification data of customer and beneficial owner;
Obtaining additional information on the intended nature of the business relationship;
Obtaining information on the reasons for intended or performed transactions;
Obtaining additional information on the sources of funds or sources of wealth of the customer;
Obtaining the approvals of senior management to commence or continue the business relationship
(necessary for PEP, NGO, NPO, Charity, Trust, Club, Society, Association, Welfare Organization,
Exchange Companies, Arms & Ammunition, Correspondent Bank whereas others if deemed necessary
by the branch);
Conducting enhanced monitoring of the business relationship, by increasing the number and timing of
controls applied and selecting patterns of transactions that need further examination;
A signatory who is neither a beneficial owner nor a key principal may also be verified if they were the
principal contact with the bank/DFI acting on behalf of directors or owners with whom the bank/DFI
had little or no direct contact; and
Documentary evidence may be sought to support transaction where possible,
e.g. purchase of property etc.
10.1 Third Party Mandate Holders
An account holder may choose to grant a third party mandate to another person (individual or corporate). It is
necessary to establish the relationships between account holder and the mandate holder and also the reason
for the mandate and the same should be documented in the KYC form. The identity of the mandate holder
should be verified in the same manner as is used for the account holder. The branch must also complete a
separate KYC/CDD Form for the mandate holder as well. The Third Party Mandate Form should be signed
and placed on the Customer File. Any change of address of the account holder(s) must be notified directly by
the account holder(s). Where a Power of Attorney exists, the original must be seen and copied by the branch
for the file. A Third Party Mandate must also be completed with full supporting documentation as mentioned
above.
10.2 Use of personal accounts for Business purposes
SBP has strictly prohibited use of personal accounts for business transactions. For small businesses,
proprietorships and professions where constituent legal document are not available to prove his business, in
such case the branch should document the same in the call report and the Business KYC Form mentioning
the fact that the person is doing the business in his/her individual name. An undertaking shall also be
obtained from the customer, stating that he/she does not have a documented business and neither he/she is
maintaining a business account in any financial institution.
Personal visit of the business place by the branch staff would be necessary in these cases. For this purpose,
the importance of knowing the customer and intended use of the account becomes even more important. To
this end the branch must satisfy itself that the transactions relate to the legitimate business of the customer or
there is a justifiable explanation for out of pattern transactions. Branch also must document the explanation
preferably through getting some documentary evidence from the customer for the transaction otherwise
13

COMPLIANCE & KYC/AML POLICY

appropriate notation must be made in the daily transactions list of the branch by branch or operations
manager.
In order to curtain the personnel account use for business transactions, a threshold has been introduced
whereby if average monthly credit turnover in any such account exceeding Rs. 5M or above, a new separate
account shall be opened for business related transactions.
Further, personal accounts are strictly prohibited for collection of charities and donations.

11. Simplified Due Diligence (SDD)

As per SBP instructions, there may be circumstances where the risk of money laundering or financing of
terrorism may be low, for example where information on the identity of the customer and the beneficial
ownership is publicly available. In such circumstances, and provided there has been an adequate analysis of
the risk by the banks/DFI, SDD measures may be applied. Examples of such low risk scenarios/factors are
given in Annexure-L.
In respect of general low risk elements mentioned at Para (7) above, Banks/ DFIs may perform such SDD
measures as it considers adequate to effectively establish the identity of the customer, a natural person
appointed to act on behalf of the customer and any beneficial owner. The SDD measures should be in
accordance with predefined criteria within AML/CFT policy of a bank/DFI and should commensurate with
the low risk factors e.g. the SDD measures could relate only to customer acceptance measures or to aspects
of on-going monitoring.
Examples of such SDD measures may include:
Decreasing the frequency of customer identification updates;
Reducing the degree of on-going monitoring and scrutinizing transactions based on a reasonable
monetary threshold; and
Not collecting specific information (no exemption shall be presumed in respect of minimum documents
prescribed in Annexure-I of AML/CFT Regulations) or carrying out specific measures to understand
the purpose and intended nature of the business relationship, but intended purpose and nature of account
may be ascertained from the relationship established or from the type of transactions.
However, on branch discretion if it is ascertained that any account is risky then the factor mentioned above,
SDD shall not applicable and instead CDD/EDD would be conducted based on respective risk category.

12. Transactions with Non-account holders

SMBL only does business with the customers it knows very well. Therefore, significant transactions with
non-account holders should be discouraged. However, payment of utility bills and statutory obligations like
encashment of DSCs/SSC and sale /purchase of national prize bonds etc. will be allowed for non-account
holders. For other services such as purchase of remittance instruments e.g. POs, DDs and MTs etc; risk based
AML measures would be taken. Transactions up to Rs. 25,000 may be allowed for all non-account holders
after production of CNIC. For transactions exceeding Rs. 25,000 but less than Rs. 100,000, the transaction
may be allowed to the customer after getting a copy of the CNIC and filling out a walk-in customer form. No
transaction would be allowed exceeding Rs 100,000 without getting customers account opened and getting
all the due diligence formalities completed as per the bank's policy.
For facilitating home remittances under various international tie-ups with reputable exchange companies
duly approved by senior management/SBP, over-the-counter cash payments of up to Rs 500,000/- may be
made to non-account holders after proper identification as per the bank's procedures. President and/or COO
are authorized to allow over the counter cash payments in excess of Rs. 500,000/- for home remittances.
12.1 Transaction made by Non- account holders on behalf of Customer account
Transactions made by non-account holders in the customer accounts maintained at the bank, it is necessary to
obtain the copy of CNIC, duly marked as Original Seen, after seeing the original CNIC and record them
for MIS and future reference. This is also applicable for branches that process transactions on behalf of other
branches as well. In this regard following is applicable:

14

COMPLIANCE & KYC/AML POLICY

Name and CNIC No. of originator shall be captured in system and made accessible along with
transaction details at corresponding branch if Cash transactions above Rs. 1 Million whether carried out
in a single or multiple operations that appeared to be linked
Online transaction on behalf of an account holder irrespective of the threshold.

13. Account of Politically Exposed Persons (PEPs)

Accounts of persons directly or indirectly i.e. related to any political party or activity shall be categorized as
PEP. This is equally applicable for domestic as well as international personnel. Furthermore, in relation to
PEPs and their close associates or family members, the bank shall obtain approval from the Head of Business
or his/her delegates and senior management (Senior management means the officer(s) not below the rank
of Executive Vice President as designated by the board of a bank for the purpose of AML/CFT regulations)
to establish or continue business relations where the customer or a beneficial owner is a PEP or subsequently
becomes a PEP.
Politically exposed persons or PEPs are individuals who are entrusted with prominent public functions
either domestically or by a foreign country, or in an international organization, for example Heads of State or
of government, senior politicians, senior government, judicial or military officials, senior executives of state
owned corporations/departments/autonomous bodies. This does not intend to cover middle ranking or more
junior individuals in the foregoing categories;
In relation to the above, the Branches Managers/Operations Managers shall make all possible efforts to
confirm that the person is PEP or not PEP. However, in case he/she recognizes that the subject person(s) is
PEP at the time of account opening or during the relationship, the same should be communicated to the Head
of Business for approval / further guidance.
Further, before opening an account or continue relationship, the EDD shall be conducted to verify, by
appropriate means, the sources of wealth or beneficial ownership of funds; including obtaining a selfdeclaration to this effect and conduct enhanced monitoring of business relations with the customer during the
course of business relations.

14. Accounts of NGOs/NPOs/Trusts/Societies/Clubs/Associations/Charities

No account of any entity mentioned above shall be opened or continued without prior approval from the
Head of Business or his/her delegates and Senior Management (Senior management means the officer(s)
not below the rank of Executive Vice President as designated by the board of a bank for the purpose of
AML/CFT regulations). The approval shall mean the satisfaction with the purpose of account and that this
account will be used for legitimate purposes and the transactions will be commensurate with the stated
objectives of the entity. The branch should perform Enhanced Due Diligence (EDD) while establishing
relationship with NGOs/NPOs/Trust/Charities/ Societies/ Foundation etc.
Further, required documents shall be obtained as prescribed in the SOP for account opening. In this regard,
CDD shall be performed of the entity, members of its governing bodies, its signatories and all the beneficial
owners. Further, details of all signatories and beneficial owners shall be entered in to the system so as to
ensure that they are not linked to any proscribed entities by filtering them through the OFAC and/or Other
lists and avenues available.
In case the customer brings account-opening form duly signed, his signature should be obtained in presence
of Bank officer and compared with the one appearing in the form and CNIC. From the information captured
in the Account Opening Form (AOF)/Know Your Customer Form (KYCF), the officers responsible for
supervision of account opening procedures in the Bank will make an initial assessment of customers risk
profile.
In order to have effective monitoring, all accounts will be profiled as per Know Your Customer Forms
(KYCFs) Annexures A (Individuals/Joint Accounts) and B (Business Accounts). All KYCFs have to be
signed by the Operations Manager and Branch Manager. The profiling exercise will include assigning a risk
profile to customers based on the guidelines given at Annexure C. The profiling will be based on customers
nature of business, geographical area of business operations, beneficial owner and source of funds etc.
Various forms, guidance, explanatory notes mentioned in the policy may be updated by Compliance Division
in consultation with all the relevant divisions depending on the changing market/regulatory requirements.

15

COMPLIANCE & KYC/AML POLICY

15. Review and Monitoring

15.1 Self Monitoring
A check of operations will be made on a monthly basis, jointly by Branch Manager and Operations Manager
for accounts whose transactions volumes exceed the information captured in the KYC form after allowing
for a reasonable tolerance to ascertain that they are generally in line with the information captured in the
KYCF. Foreign currency and Non- Resident Accounts will require special attention. Any transaction in the
dormant/inoperative accounts will only be authorized after approval by the Head of Business or his/her
delegates, following the prescribed procedure laid down in the relevant SOP/SPM.
As Branch Managers are in the best position to know their customers, they must review daily report of
transactions in customers account in excess of Rs.0.5M. Any abnormal or suspicious transaction will be
reported to Compliance Division. For occasional transactions in the accounts above Rs 1 million, the file
maintained for this purpose must contain documentary evidence or the daily statement must contain a proper
notation by branch manager/operations manager giving the justification/purpose of such large transaction.
Documentary evidence of the monthly checks should be kept in a separate file. Officers from Compliance
Division /Internal Audit will check the compliance of above.
Similarly, the CPU-Trade Finance shall report all such remittance transactions to Compliance Division,
which fails to or apparently fails to complete the satisfactory CDD. In this regard, the SOP for CPU-Trade
shall include the activities to be performed by the branches and HO in relation to the remittances (Both
inward and outward)
The transactions, which are out of character or are inconsistent with the history, pattern, or normal operation
of the account including through heavy deposits, withdrawals and transfers, shall be viewed with suspicion,
would be properly investigated and referred to Compliance Officer for possible reporting to FMU under
AML Act.
At the time of reviewing the KYC form, the supplementary documents with the AOF should also be
reviewed and if found expired, valid documents should be obtained and verified accordingly. The same
should be attached in customers file and records to be updated for audit purposes.
15.2 Direct Monitoring of Daily Transactions by Compliance Division
Compliance Officers will review daily report of transactions (cash/transfers) in excess of Rs.2 m or
equivalent. Compliance Division will perform off-site monitoring of all transactions, including high risk
accounts and remittance transactions on random basis. The basic objective is to ascertain the overall
activities in the branches and implementation of policies. However, the branches, considering being the real
execution point of transactions, would be responsible to ensure that bank or any of its officers are never
involved in facilitating opening of accounts of persons/individuals with unverifiable source of income or
facilitating transactions with no economic sense or those not matching with the customers profile.
Branches are responsible for promptly attending to any queries raised by Compliance Division, preferably
within two business day or earlier if required by Compliance Division.
The Compliance Division shall have full access to all internal information regarding the transaction/account
and obtain any external confirmations as necessary to conclude whether the transaction should be reported to
the relevant authorities.
All the bank staff, particularly those engaged in customer services, retail operations, investment activity and
funds management shall apply due care and judgment in identifying suspicious activities and report any such
activity to the Head of their Division/Branch Manager and Compliance Division.
Compliance Division will scrutinize and investigate the transaction as appropriate to verify the origin of
funds to assess possible money laundering activity. The Head of Compliance Division and Group Head
Compliance & Control will review the report and will discuss it with the relevant officers and management
as appropriate. Such deliberations and interaction shall be properly recorded. Once the necessary
investigations are complete, he will submit his report to President & CEO with his recommendations based
on which a decision will be taken on actions needed in the light of relevant SBP regulations and other
regulatory obligations.
16

COMPLIANCE & KYC/AML POLICY

If the GH and HOC decide to make a report to the legal/regulatory authorities, he shall complete the standard
report form and submit it with the consent of the President & CEO. In the event that there is some urgency,
he shall contact the relevant authority by telephone and/or fax. If it is decided not to make a formal report to
the regulatory authorities, the Bank shall still prepare the report and maintain the same as the Banks internal
record, detailing the rationale of the decision.
The Compliance Division shall prepare a status report on bi-annual basis and submit the same to the Senior
Management regarding the number of reports on suspicious activities received from each part of the Banks
business and the action taken on such reports. The HOC will follow-up the implementation of any decisions
taken by Senior Management to rectify any deficiencies.
Under no circumstances may any staff of the Bank warn or inform the customers/or other irrelevant parties
when information relating to such customer is being reported to the regulatory authorities. Any breach of this
duty shall be subject to disciplinary action as per HR policies of the bank and this would also breach the code
of ethics. Any staff suspected of involvement will immediately be put under surveillance and appropriate
steps taken by the Management in accordance with local regulations.
15.3 Monthly Compliance Certificate by Branches
All the branches will furnish a monthly compliance certificate to the Compliance Division confirming that
there have been no deviations from this policy or if some deviation/exception has been made state the
exception, competent authority which approved the exception and Resolution Target Date.
15.4 Reporting of Transactions
All STRs, including attempted transactions, should be reported regardless of the amount of the transactions;
and, the CTRs should be reported above the reporting threshold of Rs. 2.5 million as per requirements of
AML Act. Further, the basis of deciding whether an STR is being filed or not shall be documented and kept
on record together with all internal findings and analysis done in relation to a suspicion irrespective of the
fact that transaction is subsequently reported or not.
For reporting purposes, as desired by the Regulator, without disclosing the contents of STRs, shall intimate
to State Bank of Pakistan on bi-annual basis the number of STRs reported to FMU. The status report
(indicating No. of STRs only) shall reach to Director, BPRD within seven days of close of each half year.

15.5 Updating
Wherever considered necessary contact should be established with the customer to clarify any pertinent point
and KYCF updated if required. Suitable action should be initiated where satisfactory explanations cannot be
found. An evidence of the above exercise should be kept in a separate file as a permanent record duly
initialed by both branch and operations manager of the branch. Such records should clearly indicate date of
review, account number of customers reviewed and an overall assessment against each one categorized into
satisfactory or unsatisfactory. Specific actions taken in cases marked unsatisfactory should also be
mentioned.
Especially, attention would be given to profiles and transactions of customer posing higher than average risk.
The KYC forms, both hard copies and the in the system should be updated with details justification and
reviewed at the set frequency. A detailed guideline on Customer Risk Profiling has been given as AnnexureD
The KYCF/CDD Form shall be signed by the customer/authorized signatories (in case of company/business)
at the time of account opening and whenever there is a change in the customers profile. The signed copy
shall be kept in the record as per policy. However, during the course of relationship, if at the time of
reviewing, if there is no change in the customers profile, the KYCF/CDD Form shall not be subject to
customers signature but BM/OM signature will be mandatorily required along with the date and stamp(if
available) to ensure KYCs/CDD was performed at the set interval.

17

COMPLIANCE & KYC/AML POLICY

16. Record Keeping

KYCFs of all customers should be kept along with Account Opening Forms. All the relevant record for
transaction monitoring must also be kept in a separate file for review by compliance division /SBP.
All relevant information concerning customer accounts particularly documents obtained to verify the identity
of the customer shall be recorded and retained. It shall be a condition of the account opening mandate that
the customer will inform the bank and provide all necessary documents for any changes to the information
supplied. The Bank shall also maintain a detailed statement of customer accounts in electronic format for
easy access and review of the transactions in the accounts.
As per Regulation # 5, the record retention period is as follows:
For account holders in relation to evidence of identity and business relationships, transaction records, ten
years from the end of the relationship with the customer.
Records relating to suspicious transactions reported by the Bank are required to be retained till such time
as permission from State Bank is obtained to destroy such record. Similarly, customers or accounts
involve litigation or it is required by court of law or other competent authority, shall only by destroy
after the permission from the respective authority.
All customer account opening documents shall be subject to regular review and update. This will be the
responsibility of the Branch Manager/Operations Manager.
The Bank should maintain for at least ten years the following records for inspection by the regulatory
authorities:
Anti-money laundering monitoring reports reviewed as well as submitted by the branches to the
Management or any agency/regulator. This also includes the routine transaction monitoring done by the
branches. Further, any record shall only be destroyed with the permission of the Management and as per
the Record Retention Policy of the Bank.

17. Correspondent Banking

The Bank shall not act as correspondent bank until sufficient information about the respondent bank has been
obtained to understand fully the nature of respondents business as mentioned in Prudential Regulation # 2.
Factors to consider include:
Information about the respondent banks management, major business activities, where they are located.
The purpose of the account.
The identity of any third party entities that will use the correspondent banking services
The banking regulatory and supervisory environment in the respondents country. Particular attention
needs to be paid to the quality of supervision by the relevant supervisory authorities when establishing
correspondent relationships with foreign banks. Particular care should be exercised for banks located in
jurisdictions that have poor KYC standards
Respondent banks should have effective customer acceptance and KYC policies for prevention of
money-laundering. Correspondence shall be conducted to confirm that adequate due diligence standards
are employed by the respondent bank.
The Bank shall not enter into a correspondent banking relationship with a bank incorporated in a
jurisdiction in which it has no physical presence and which is unaffiliated with a regulated financial
group (i.e. shell banks).
Correspondent Banking Relationship shall only be established or continued with the approval from the Head
of Business and Senior Management (Senior management means the officer(s) not below the rank of
Executive Vice President as designated by the board of a bank for the purpose of AML/CFT regulations).
This would also be applicable at the time of reviewing the relationship and performing periodical KYC/CDD
for the correspondent bank.
The responsibility of the satisfactory due diligence before establishing correspondent banking relationship
rests with the Financial Institutions Department. In this regard and in light of the regulations, FID shall
prepare a comprehensive SOP for the process, which should be reviewed by Compliance Division and
approved by Senior Management.

18

COMPLIANCE & KYC/AML POLICY

18. Wire Transfers/ Fund Transfer

In cases of outward remittances, sufficient due diligence will be undertaken by the Bank on: the client, origin
of the funds, and purpose of remittance. Following details shall be recorded up to the satisfaction, before
processing the payment:
Obtain and verify details of the originator
Obtain details of the beneficial owners
Date, type, currency and amount of the wire transfer
Value date
Purpose
Details of the beneficiary institution
Relationship between originator and beneficiary
The following information shall be included in the transfer details:
The name of the wire transfer originator, account number, address, CNIC/Passport number, date or place
of birth or where originator is a legal person/ company, necessary details such as registration number
and date & place of incorporation and STAN(System Track Audit Number)
The name of the beneficiary.
The address of the beneficiary.
The account number of the beneficiary.
For all inward transfers, the instructions received shall be reviewed to confirm that:
The remittance is in line with the pattern of the account/ the information captured in KYCF.
Name and address/ or bank reference of remitter is available in the message.
Wire transfers with incomplete originator information may be seen with suspicion which may require
reporting to FMU or termination of the transaction. Bank should remain careful from financial
institutions which do not comply with aforesaid requirements by limiting or terminating business
relationship.
Where the bank is acting as an intermediary institution in passing onward message or payment instruction, it
shall maintain all the required originator information with the wire transfer.
CPU-Trade will make all possible efforts for satisfactory due diligence before execution of any transaction,
and in case there are any doubts, the same will be immediately reported to the Compliance Division of the
bank. For meticulous compliance, CPU-Trade shall prepare a complete SOP for the process.

19. Hold Mail Accounts

Hold mail accounts will NOT be accepted unless approved by Branch Manager/Operations Manager, who
will note the justification on the KYCF. If approved and accepted, the full address shall be obtained and
verified through a letter sent by registered post/courier. Customers will also have to agree to visit the Bank at
least twice a year to review and collect all their statements/ advices.
All Hold Mail accounts will be reviewed at least once in six months by the Branch/Operations Manager to
ensure that the above requirement is met. In case of non-compliance, a letter will be sent to the customer
giving him 30 days time to meet the requirement. If satisfactory resolution is not achieved, the branch
management would need to include such an account in its fortnightly review and take necessary action
towards blocking the account.

20. High Risk Customers

The following categories of relationship pose higher than average risk and require additional caution and
scrutiny:
Politically exposed persons which include senior government officials, senior executive of a government
owned / controlled company, politicians and their family members or related companies or business
associations.
Accounts of moneychangers/exchange companies.
Clubs, societies, Trusts, NGOs and charitable organizations. (PF Trust Accounts Excluded)
19

COMPLIANCE & KYC/AML POLICY

Accounts opened under power of attorney.

Non-resident accounts.
Accounts of foreign nationals.
Accounts of customers conducting business in countries that are known for drug production and
transshipment.
Arms dealers
Cash Intensive businesses

All the accounts in the above categories may only be opened after taking Compliance opinion on AML risks
involved with the entity and the persons associated. Further, the responsibility regarding completion and
scrutiny of documents rests with the Branches and CPU-Account Opening.
It is mandatory that all accounts categorized as High Risks shall be opened after the approval of Senior
Management as defined in the account opening SOP.
Even after opening of such accounts, branches are required to exercise more frequent monitoring of
transactions of such accounts and updating of information in KYCF shall be done to ensure enhanced due
diligence.

21. Unacceptable Customer

A number of customer types have been identified to be of very high susceptibility to money laundering and
terrorist financing. These customer types are prohibited from opening an account.
Entities falling under the sanction, appearing in the internationally accepted embargo list such as US
Treasury (OFAC) etc.
Entities/individuals banned by the regulatory authorities.
Anonymous/ Fictitious/ Numbered accounts
Known beneficiaries of corruption or illegal activities.
Accounts where Due Diligence could not be completed or do not have verifiable source of income.
Shell companies.
Government accounts in personal names of the government officials.
OFAC sanctioned countries, governments, entities and individuals.
Offshore Companies Companies formed and only operating outside Pakistan.
Special name accounts- account using a number or a name (set of characters) that is not the actual name
of the customer (primary holder of the account).
Further details can also be found at Annexure- K.

22. Employee Due Diligence

A comprehensive employee due diligence policy and procedure shall be implemented/ carried out at the time
of hiring all employees permanent, contractual, or through outsourcing. This shall include but not limited to
verification of antecedents and screening procedures to verify that person being inducted/ hired has a clean
history. In this regard a detailed and comprehensive SOP shall be prepared by the HR Division and approved
by the Management for meticulous compliance.

23. Review of Products and Services

Every new product or service that Summit Bank intends or plans to introduce shall be reviewed by
Compliance Division so as to identify and assess ML/FT risks that may arise in relation to new products,
services, business practices and delivery mechanisms including the review of existing products and services
on on-going basis.
In this regard, before the launch of any new product/service the product brief and operating SOP shall be
submitted to Compliance Division bearing signatures of Head of Operations, Head of Risk, Head of I.T. and
Head of Internal Control Unit confirming that all the pre launch requirements has been completed and
checked. . Furthermore, once detail Program/Manual/SOP is prepared, the same should also be vetted by all
stakeholders including Compliance Division. The Head of Compliance shall review the same and put his/her
comment in writing and sign off the document accordingly.

20

COMPLIANCE & KYC/AML POLICY

For existing products/services, the stakeholder/business owner of the product/service shall review the same
as per the Compliance Program and submit the same to Head of Compliance for his/her review and
comments.

24. AML Training and Awareness

All the staff in the branches in particular and rest of the Bank in general shall be adequately trained to ensure
that they are:
Aware of their responsibilities viz a viz various money laundering regulations issued by SBP and other
agencies. This shall include their responsibility for obtaining sufficient evidence of identity, recognizing
and reporting knowledge for suspicion of Money Laundering.
Know the identity and responsibilities of the Compliance Officers.
The potential effect on the bank, its employees and customers, of any breach of the law or regulations.
Analysis of abnormal/out of patterns transaction & alerts generated thereof for possible reporting of
suspicions transactions.
It shall be the duty of the GH-C&C and HOC to ensure that staff members are provided with regular (atleast
on annual basis) training in accordance with the above stated objectives.
To ensure that staff is kept abreast of developments in the money laundering techniques and prevention
measures, communications shall be issued by the Compliance Division. Relevant AML/CFT training
combined with optimum use of technology is becoming inevitable due to ever changing nature of methods
and trends in illicit activities. In this connection, the bank will test the capability and knowledge of the
relevant staff through online training and testing on periodic basis, ideally at least once a year
All records of training shall be properly maintained. HR will maintain a record of staff trained on
Compliance/AML issues.
Furthermore, AML Unit of Compliance Division will also consolidate records of all STRs raised/reported by
them and would use them as training tools to educate branch staff/front end staff for future cautions.
However, it will be ensured and AML Unit Head would be responsible not to share any STR or customer
information with any staff during the training.

25. Audit
Internal Audit function in line with Code of Corporate Governance shall regularly assess the effectiveness of
the Compliance & KYC/AML policy, Compliance program, Banks internal policies and its compliance with
regulatory requirements.

26. Insider Trading

"Insider" means- a person who is a director, chief executive, managing agent, chief accountant, secretary or
auditor of a listed company or the beneficial owner holding directly or indirectly not less than 10% of the
shares of a listed company; or a person who, is connected with the company or is deemed to have been
connected with the company, and who is reasonably expected to have access, by virtue of such connection, to
unpublished price sensitive information in respect of securities of the company who has received or has had
access to such unpublished price sensitive information. Any employee either on his own behalf or on behalf
of any other person is prohibited from sharing, dealing, trading, communicating or counseling in securities of
a company listed on a stock exchange on the basis of any unpublished price sensitive information.

21

COMPLIANCE & KYC/AML POLICY

Annexure - A
KNOW YOUR CUSTOMER (KYC) FORM / QUESTIONAIRE
Individual/Joint Account
Account No.

Account Title

Branch

Customer Identity
Full Name

Address and telephone numbers abroad (if any)

Account Holders Address confirmed

Yes

No

Reason for Opening of Account

Normal or expected Mode of Transaction

Source of Income
Salary

Business (Self employed)

Commission

Others (Please Specify)

Remittance from abroad

Approximate monthly income

Years of service with present employer/years business established (if self employed)
Nature of business (If self employed)
Shop

Wholesaler

Estate Agent

Commission Agent

Others (Please Specify)

Business Name

Brief Description of Business Activities (Product, geographic areas of operations, suppliers and clientele)

Existing Relationship
Does the customer presently maintain an account with SMBL

Yes

No

If Yes
Account No.

Branch Name

22

COMPLIANCE & KYC/AML POLICY

Introduction Verification (If any)

Introducers Name

Account No.

Introducers Confirmation
Obtained

Yes

Relationship with the Customer

No

Introducers Address

Introducers Risk Rating

Any mail returned during last six months

Yes

NO

Compliance Check
Checked to confirm that the individual account holder/Beneficial Owner is/(are) not appearing in following lists
SBP-UN Sanction List

Hold Mail

OFAC List

Yes

No

Other (specify)

Reasons (if any)

How the Account was Opened

Walk In
Marketed By

Referred By

Please also mention the name and other relevant details of the referrer if any

Initial Deposit (In addition to cash deposited to open the account)

Amount ___________________________________ Source___________________________________
Expected Monthly Volume of Transaction (Rs) (Total Debits and Credits)
Less than 1 M
1-5 M
5- 25 M
25-100 M

100500 M

Over 500 M

Expected Monthly Transaction Activity) (Total Debits and Credits)

1-10
10-25
25-50
50-100

100-500

Over 500

Documents Obtained as per policy and attached with Account Opening Form

Yes

No

Customers Statement: I/We undertake that the information mentioned in the KYC form is
true and genuine. Further, I am responsible that in case of any change in my business /
source of funds, I/We shall inform the bank immediately.

Customers Signature:________________, ________________, _________________

Enhance Due Diligence Required

Yes

No

Verification
BDO Name and signature

Date

Account Opening Officer Name and signature

Date

Branch Manager/ Operation Manager Name and Signature

Date

Next Review Date: __________________

23

COMPLIANCE & KYC/AML POLICY

Annexure - B
KNOW YOUR CUSTOMER (KYC) FORM/ QUESTIONAIRE
Business Account
Account No.

Branch

Customer Identity
Account Title

Details (Address) of domestic and foreign branches (if any)

Account Holders Address confirmed

Yes

No

Normal or expected Mode of Transaction

Reason for Opening Account

Collections

Expenses

Facility based

Provident fund/gratuity

Others (Please Specify)

Years business established

Nature of business
Trading

Manufacturing

Financial Service

Other Services

Others (Please specify)

Brief Description of Business Activities (Product, geographic areas of operations, suppliers and clientele)

Existing Relationship
Does the customer presently maintain an account with SMBL
If Yes
Account No.

Yes

No

Branch Name

Introduction Verification (If any)

Introducers Name

Introducers Confirmation Obtained

Introducers Address

Account No.

Yes

No

Relationship with the Customer

Introducers Risk Rating

High

Any mail returned during last six months

Medium
Yes

NO

Compliance Check
Checked to confirm that the individual account holder/Beneficial Owner is/(are) not appearing in following lists
SBP-UN Sanction List

OFAC List

Low

Other (specify)

24

COMPLIANCE & KYC/AML POLICY

Hold Mail

Yes

No

Reasons (if yes)

How the Account was Opened

Walk In
Marketed By

Referred By

Please also mention the name and other relevant details of the referrer if any

Initial Deposit (In addition to cash deposited to open the account)

Amount ___________________________________ Source___________________________________
Expected Monthly Volume of Transaction (Rs) (Total Debits and Credits)
Less than 1 M
1-5 M
5- 25 M
25-100 M

100500 M

Over 500 M

Expected Monthly Transaction Activity (Total Debits and Credits))

1-10
10-25
25-50
50-100

100-500

Over 500

Documents Obtained as per policy and attached with Account Opening Form

Yes

No

Customers Statement: I/We undertake that the information mentioned in the KYC form is
true and genuine. Further, I am / We are responsible that in case of any change in my
business / source of funds, I/We shall inform the bank immediately.

Customers Signature:__________________, __________________, _______________

(Authorized Signatories)

Enhance Due Diligence Required

Yes

No

Verification
BDO Name and signature

Date

Account Opening Officer Name and signature

Date

Branch Manager/ Operation Manager Name and Signature

Date

Next Review Date:________________

25

COMPLIANCE & KYC/AML POLICY

Annexure C
Customer Risk Profiling Form
Account Title:__________________________________________________________________

Risk Determinants

Customer

Business &
Relationships

Products & Services

Channels

Locations

Transaction Pattern
carries the risk of
being suspicious
Any other risk factor

Risk Variables/Determinants

Assigned
Risk
Rating (0-20)

Exceptions in getting KYC related information from

customer
High net worth customer or high value transactions
Politically exposed person, its close associate or
family member
Relatively complex control/ ownership structure
Beneficial ownership of funds may not belong to
customer
Reliability of verification measures
Hold Mail
Age of business
Counter parties i.e. customers/suppliers of the
account holders are not known or in high risk areas
Use of products & services which entail non face-toface conduct
Customer seeks private banking or other riskier
services
Excessive use of funds remitting instruments
Customer subscribes for International/ foreign
products & services
Large wire-in/wire-out or inland online transfers
Level of cash based transactions
Element of anonymity in transactions
Customer is based or linked to High Risk
Jurisdictions as per FATF
Customer's link to offshore centers or tax heavens
Customer is based or linked to UN Sanctioned
Countries
Name matches with databases i-e World Check,
OFAC, EU lists etc.
Transaction Pattern is not very clear and carries an
inherent risk. Further, the pattern is in line with the
examples defined in the Annexure G of the policy
Any determinant which the branch thinks to be
known and recorded.
Define the risk and rate each one of them
individually.

Total Risk Rating

Compliance Check
26

COMPLIANCE & KYC/AML POLICY

Checked to confirm that the individual account holder/Beneficial Owner is/(are) not appearing in following lists
SBP-UN Sanction List

OFAC List

Other (specify)

Low Risk Scale: 0-80

Medium Risk Scale: 81-140

High Risk Scale: 141 and above*

Customer Risk Profiling: High* / Medium / Low

(tick one)

*Following accounts, irrespective of the risk points achieved shall be marked as high risk:
NGO/NPO, Trusts, Clubs, Associations, Charities.
Enhance Due Diligence Required

Yes

No

(If yes, please fill in the EDD form)

Next Review Date:

Prepared by:

_____________________
Account Opening Officer

Reviewed by:

_____________________
Operation Manager

Approved by:

_____________________
Branch Manager

ANNEXURE D
27

COMPLIANCE & KYC/AML POLICY

GUIDE FOR RISK PROFILING

The High Risk Accounts must be reviewed half yearly.
The Medium Risk Accounts should be reviewed yearly.
The Low Risk Accounts may be reviewed after every two year.
All accounts when deviated from their profile as per the bank's record, should be reviewed
irrespective of their next review date.
High Risk Accounts will normally be characterized by nature of account, suspicious
conduct and transactions.
Regardless of risk weights, if any customer is categorized in Medium/High risk based on
respective below profiles, the same should be adhered conservatively.
Following Risk Assessment Key will be used:
Each determinant in the CRP (Customer Risk Profiling) form shall have individual risk
score (0/5/10/20) based on inherent risk associated with it. The total score shall determine
the overall risk rating of the customer i.e. Low/Medium/High.
FOR INDIVIDUAL ACCOUNTS:
Beneficial Owner
High Risk

Where the beneficial owner is not the account operator and either of them
(beneficial owner or account operator) is resident abroad
Medium Risk Where the beneficial owner is not the account operator and both are resident
in Pakistan
Low Risk
Where the account operator is the beneficial owner
Resident / Non Resident Accounts:
High Risk
High Risk
Low Risk

Pakistani or foreign nationals not living in Pakistan

Foreign nationals resident in Pakistan
Pakistani nationals resident in Pakistan

Source of Funds/Source Of Wealth/Countries:

High Risk:

Persons receiving income from several sources (local and international) for
consultancy/services rendered.
Account activity consisting of funds un-related to main declared source of
income and apparently not within wealth status of individual.
Persons receiving funds, which are not earned by him/her or is appeared not
to be the beneficial owner of the funds.
Medium Risk: Account activity consisting of funds un-related to main declared source of
income but within wealth status of individual, monthly remittances from
abroad for family support,
28

COMPLIANCE & KYC/AML POLICY

Low Risk:

Salaried person, pensioners, monthly savings accounts, investment income

return, rent from customer owned property,

Inward / Outward Remittances:

High Risk:

Frequent actual inward/outward remittances not commensurate with

customer's financial standing or; Inward/outward remittances from/to the
countries/territories designated as non-cooperative by Financial Action Task
Force (FATF) (currently nil)
Medium Risk: Frequent intended or actual inward/outward remittances commensurate with
customer's financial standing
Low Risk:
No or minimal intended or actual inward/outward remittance
Hold Mail:
High Risk
High Risk-High Profile Persons
High Risk:

Politicians, Senior Government Officials, Government Officials In Key

Public /PSE Posts, Persons associated with Trusts, Charitable
Organizations, Clubs, Societies, Social Welfare Organizations Etc.(OR
PUBLICLY KNOWN Affiliation with religious/social welfare groups),
Housewives, Self employed individuals, Free lancers, Professionals,
Landlords.

High Net Worth Individuals

Extremely wealthy persons but whose source of wealth/explanation of how
it was earned is not credible
Such persons are often served by personal/private bankers
Enquiries about the source of their wealth are discouraged
Market Reputation:
High:
Bad Reputation in Society
Medium:
Unknown in Society
Low:
Good Reputation in Society
No Risk:
Extremely good reputation supported by documented due diligence
Nature Of Business ( if self employed)
High Risk Businesses
Any cash intensive business
Import/Export of drugs, weapons, cigarettes
Exchange companies
Brokers/dealers
Travel agencies
Fund managers
Offshore subsidiaries of corporations
Art and antique dealers
Real estate dealers/agents
Car/Boat/Plane dealerships
Jewel/Gem/Precious metal dealers
29

COMPLIANCE & KYC/AML POLICY

Used Truck/Auto/machine part manufactures

Arms and ammunition dealers

30

COMPLIANCE & KYC/AML POLICY

FOR BUSINESSES ACCOUNTS

Beneficial Owner
High Risk
Medium
Low

Where the beneficial owner is not the account operator and either of them
(beneficial owner or account operator) is resident abroad
Where the beneficial owner is not the account operator and both are
resident in Pakistan
Where the account operator is the beneficial owner

Source of Funds/Source of Wealth/Countries/Jurisdictions Doing Business With

High:

Medium:
Low:

Funds emanating from Narcotic producing countries (e.g. Iran,

Afghanistan, South America) and formerly non-cooperative FATF
jurisdictions: Russia, Liechtenstein, Israel, Lebanon, Philippines, Bahamas,
Cayman Islands, Panama, Cook Islands, Dominica, Marshall Islands,
Nauru, Niue, St Kitts and Nevis, Antigua, Barbuda, St. Vincent and the
Grenadines)
High Values from European countries and North America (USA).
Low values from other countries

Nature of Business
High Risk Businesses
Any cash intensive business
Import/Export of drugs, weapons, cigarettes
Exchange companies
Brokers/dealers
Trusts, NGOs, NPOs, Charitable Organizations,
Associations
Travel agencies
Fund managers
Offshore subsidiaries of corporations
Art and antique dealers
Real estate dealers/agents
Car/Boat/Plane dealerships
Jewel/Gem/Precious metal dealers
Used Truck/Auto/machine part manufactures
Arms and ammunition dealers

Clubs,

Welfare

Resident / Non Resident Company

High Risk:
Companies and Corporations incorporated abroad and having their
representative office in Pakistan
Medium Risk: Companies and Corporations incorporated abroad and doing full fledge
business in Pakistan.
Low Risk:
Companies and Corporations incorporated in Pakistan
Resident / Non Resident Partners / Directors
High Risk:
Non Resident Partners/Directors
Medium Risk: Resident foreign nationals will come under medium risk category
Low Risk:
Resident Pakistani nationals
31

COMPLIANCE & KYC/AML POLICY

Business Region Clientele / Suppliers, Branch Locations

High Risk:

Businesses having their clients/suppliers/branch offices located in

Outside Pakistan:

Drug Producing Countries

E.g. Columbia, the Golden Triangle in Asia, Peru, Afghanistan etc.
Drug Transshipment Countries
E.g. Aruba, Hong Kong, Spain, Thailand, Turkey etc.
Bank Secrecy Havens
E.g. Switzerland, Caymans, Greece, Luxembourg, Panama, Singapore etc.
Emerging nations seeking hard currency investment
E.g. Eastern Europe, Russia,

Within Pakistan
FATA, FANA, PATA
Medium Risk: Businesses having their clients/suppliers/branch offices located in countries
other the ones mentioned above
Low Risk:
Domestic company with no foreign connections
Hold Mail:
High Risk
High Public Profile of partners /directors
High Risk:

Politicians, Senior Government Officials, Government Officials In Key

Public /PSE Posts, Trusts, Charitable Organizations, Clubs, Societies,
Social Welfare Organizations Etc. (OR PUBLICLY KNOWN Affiliation
with religious/social welfare groups

High Net worth Individuals

Extremely wealthy persons but whose source of wealth/ explanation of how it was
earned is not credible
Such persons are often served by personal/private bankers
Inquiries about the source of their wealth are discouraged
Market Reputation: Company/ Partners & Directors:
High:
Medium:
Low:
No Risk:

Bad Reputation in Market

Unknown in Market
Good Reputation in Market
Extremely good reputation supported by documented Due Diligence

Age of Business:
High
Medium
Low
No Risk

Less than one Year

1 To 5 Years
Over 5 Years
Government Corporations

32

COMPLIANCE & KYC/AML POLICY

ANNEXURE E

Rules for Filling Risk Profiling Form

Low Risk:
If the total risk score is less than 80
Medium Risk: If the total risk score is between 81 and 140
High Risk:
If the total risk score is between 141 and above
Rule 1: Each Element can be scored between 0 to 20 as follows:
Risk Level

Points Earned

No risk
Low
Moderate
High

0
5
10
20

Note: Rating/Scoring of each determinant/variable is to be derived from Guide for

Risk Profiling- Annexure D.
Examples:
i. If the business age of the customer is 4 years, the rating assigned against Age of
Business in CRP form would be 10.
ii. If the account holder is identified as PEP at the time of account opening or during
course of business relationship, the rating against PEP in CRP would be 20.
iii. If the account is opened by a customer who is involved in a cash intensive business
such as Boutique Owner, Restaurant Owner, Poultry Business etc, the rating
against Level of cash based transactions would be 20.
iv. If the customer has provided all the KYC related information and documentation,
the rating in CRP form against Exception in getting KYC related information
from customer would be 0.
v. If the customer is a salaried individual and have no other source of income, the
rating in CRP Form against High Net Worth Customer would be 0.
Rule 2: The total score of the matrix will identify the resultant risk rating of the customer
as defined above.
Examples:
1. After assigning rating to each and every determinant/variable in the CRP Form of
the customer the total risk rating lies in the range 0-80, the account would be
termed as Low Risk and would be reviewed after two years.
2. After assigning rating to each and every determinant/variable in the CRP Form of
the customer the total risk rating lies in the range of 81-140, the account would be
termed as Medium Risk and would be reviewed annually.

33

COMPLIANCE & KYC/AML POLICY

3. After assigning rating to each and every determinant/variable in the CRP Form of the
customer the total risk rating lies in the range of 141 and above, the account would be
termed as High Risk and would be reviewed semi annually.
However, during the course of relationship and before the review date, in case there is a
change in customers profile or there is a change in his/her behavior, the branch shall
immediately perform KYC/CDD and shall fill in the revised CRP form and co-ordinate
with the relevant person/officer/department for uploading the same in to the system. Proper
documented record and system generated vouchers shall be filed with the Account
Opening Form and related documents for records and audit purposes.
Rule 3: The determinants which are categorized as High Risk in the risk profiling
guidelines, shall have the highest rating i.e. 20, similarly those determinants which are
categorized as medium, low or no risk shall earn points as 10, 5 and 0 respectively.
Rule 4: The risk rating may be changed during the course of relationship. The respective
branch on such occasions shall fill in the updated CRP form and send the same to CPU for
updating it in to the system. However, the responsibility of the same to ensure that it has
been updated rests with the respective branch only.

34

COMPLIANCE & KYC/AML POLICY

EDD Form

ANNEXURE F

Business relationship involving Higher Risk

(Account Number)

Title of Account:

Account Type:
Individual

Business Individual

Sole Proprietor

Joint Stock

Trust/NGO/Welfare Association

Others
Client Details (If not individual/Business Individual/Sole Proprietor):
Trustees/Directors/Members :

Please state the name of Country of Residence if

other than Pakistan:

3. Please state the name of Country of

Origin if other than Pakistan:

Nature of business and details of Beneficial Owner: (Beneficial owners are the directors and stake
holders of the company. The details here shall include the source of income if other than the
account mentioned above, their brief profile and market reputation).

KYC Extracts: (Summary of KYC that includes source of income, nature of business
and other business details)

Source of Assets Deposited:

Details of mandate if given:

Based on your investigation state/ explain the reason for the account getting the risk point for the
above marked monitor(s):

Incase of any signatory who is neither a beneficial owner nor a key principal shall also be
verified if they were the principal contact with the bank/DFI acting on behalf
of directors or owners with whom the bank/DFI had little or no direct contact:

10 Means of Information collected: (Please mark as many as relevant)

Call to customer
Review of Account Statement
Review of Transaction
Internal knowledge of Customer Business
Other Source Nadra Verisys & Internet
35

COMPLIANCE & KYC/AML POLICY

11 Customer Verification:

NTN

Annual Report

E-CIB

Internet

12 Market Feedback (Kindly also provide additional information about the asset i.e Nature/Volume etc):

13 Conclusion

Based on our enhanced due diligence of the subject account we conclude that:
The conduct of account is satisfactory with no material suspicious activity with
reference to AML regulation.
The account has abnormal activity and the account needs further investigation.
(Nb: In case the account is concluded to be marked in this category, it should be
immediately referred to Compliance Division).
CERTIFIED THAT THE ABOVE IS TRUE TO THE BEST OF OUR KNOWLEDGE
Prepared by BDO / Relationship Manager:

Countersigned by CRO/Acc Opening Officer:

Approved by Branch Manager:

Countersigned by Operation Manager:

Enclosure: Supporting documentation (Please list all if available)

36

COMPLIANCE & KYC/AML POLICY

Annexure G
Examples or Characteristics of Suspicious Transactions (Red Alerts)
That May Be a Cause for Increased Scrutiny for AML/CFT Purposes
The following are examples or characteristics of possible suspicious transactions for
money laundering or financing of terrorism. This list of situations may be taken as a means
of highlighting the basic ways in which money may be laundered. The examples provided
are not exhaustive and may serve only as guidance for the branches to recognize
suspicious activities.
While each individual situation may not be sufficient to suggest that money laundering is
taking place, a combination of such situations may be indicative of such a transaction. A
customer's declarations regarding the background of such transactions shall be checked for
plausibility and explanation offered by the customer may be accepted after reasonable
scrutiny.

1. Transactions which do not make economic sense or inconsistent with customers

business or profile
i) A customers relationship having a large number of accounts with the same bank,
frequent transfers between different accounts or exaggeratedly high liquidity;
ii) Transactions in which assets are withdrawn immediately after being deposited, unless
the customer's business activities furnish a plausible reason for immediate withdrawal;
iii) Transactions that cannot be reconciled with the usual activities of the customer, for
example, the use of Letters of Credit and other methods of trade finance to move money
between countries where such trade is not consistent with the customer's usual business;
iv) Provision of bank guarantees or indemnities as collateral for loans between third parties
that are not in conformity with market conditions;
v) Unexpected repayment of an overdue credit without any plausible explanation;
vi) Back-to-back loans without any identifiable and legally admissible purpose;
vii) Paying in large third party cheques endorsed in favour of the customer;
viii) Substantial increases in deposits of cash or negotiable instruments by a professional
firm or company, using client accounts or in-house company or trust accounts, especially if
the deposits are promptly transferred between other client company and trust accounts;
ix) High velocity of funds through an account, i.e., low beginning and ending daily
balances, which do not reflect the large volume of funds flowing through an account;
x) Mixing of cash deposits and monetary instruments in an account in which such
transactions do not appear to have any relation to the normal use of the account;
xi) Multiple transactions carried out on the same day at the same branch of a financial
institution but with an apparent attempt to use different tellers;
xii) The structuring of deposits through multiple branches of the same bank or by groups
of individuals who enter a single branch at the same time;
xiii) The deposit or withdrawal of cash in amounts which fall consistently just below
identification or reporting thresholds;
xiv) The deposit or withdrawal of multiple monetary instruments at amounts which fall
consistently just below identification or reporting thresholds, if any, particularly if the
instruments are sequentially numbered;
xv) Customers making large and frequent deposits but cheques drawn on the accounts are
mostly to counter-parties not normally associated with customers business;
37

COMPLIANCE & KYC/AML POLICY

xvi) Extensive or increased use of safe deposit facilities that do not appear to be justified
by the customer's personal or business activities;
xvii) Goods or services purchased by the business do not match the customer's stated line
of business;
xviii) A retail business has dramatically different patterns of currency deposits from
similar businesses in the same general location;
xix) Loans are made for, or are paid on behalf of, a third party with no reasonable
explanation;
xx) Suspicious movements of funds occur from one financial institution to another, and
then funds are moved back to the first financial institution.
xxi) The deposit of excess balance in the accounts linked to credit cards/store value cards
xxii) Unusual pattern of purchase through credit cards/store value cards etc.
2. Transactions involving large amounts of cash
i) Exchanging an unusually large amount of small-denominated notes for those of higher
denomination;
ii) Purchasing or selling of foreign currencies in substantial amounts by cash settlement
despite the customer having an account with the bank;
iii) Frequent withdrawal of large amounts by means of cheques, including travelers
cheques;
iv) Large cash withdrawals from a previously dormant/inactive account, or from an
account which has just received an unexpected large credit locally or from abroad;
v) Large cash withdrawals made from a personal or business account not normally
associated with customers profile;
vi) Company transactions, both deposits and withdrawals, that are denominated by
unusually large amounts of cash, rather than by way of debits and credits normally
associated with the normal commercial etc;
vii) Depositing cash by means of numerous credit slips by a customer such that the amount
of each deposit is not substantial, but the total of which is substantial;
viii) The deposit of unusually large amounts of cash by a customer to cover requests for
bankers' drafts, money transfers or other negotiable and readily marketable money
instruments;
ix) Customers who together, and simultaneously, use separate tellers to conduct large cash
transactions or foreign exchange transactions
x) Large cash deposits made to the account of an individual or legal entity when the
apparent business activity of the individual or entity would normally be conducted in
cheques or other payment instruments.
3. Transactions involving locations of concern & wire transfers
i) Transactions involving foreign currency exchanges or deposits that are followed within a
short time by wire transfers to locations of specific concern (for example, countries
identified by national authorities/international bodies, UN or FATF etc.);
ii) A personal or business account through which a large number of incoming or outgoing
wire transfers take place without logical business or other economic purpose, particularly
when this activity is to, through or from locations of specific concern (as mentioned
above);
iii) The use of multiple accounts to collect and then funnel funds to a small number of
foreign beneficiaries, both individuals and businesses, particularly when these are in
locations of specific concern (as mentioned above);

38

COMPLIANCE & KYC/AML POLICY

iv) Obtaining credit instruments or engaging in commercial financial transactions

involving movement of funds to or from locations of specific concern when there appears
to be no logical business reasons for dealing with those locations (as mentioned above);
v) The opening of accounts of financial institutions from locations of specific concern (as
mentioned above);
vi) The business relationships conducted in unusual circumstances e.g. significant
unexplained geographic distance between the bank and the customer;
vii) The receipt of small or large amounts (in cash, using online or otherwise) from various
locations from within the country especially if such deposits are subsequently transferred
within a short period out of the account and/or to a destination not normally associated
with the customer;
viii) Substantial increase in cash deposits by a customer without apparent cause, especially
if such deposits are subsequently transferred within a short period out of the account
and/or to a destination not normally associated with the customer;
ix) Building up large balances, not consistent with the known turnover of the customer's
business, and subsequent transfer to account(s) held overseas;
x) Transfer of money abroad by an interim customer in the absence of any legitimate
reason;
xi) Repeated transfers of large amounts of money abroad accompanied by the instruction
to pay the beneficiary in cash;
xii) Large and regular payments that cannot be clearly identified as bona fide transactions,
from and to countries or geographic areas areas identified by credible sources;
as having significant levels of corruption, or other criminal activity
as providing funding or support for terrorism activities
as associated with the production, processing or marketing of narcotics or other
illegal drugs etc.
xiii) Wire transfers ordered in small amounts in an apparent effort to avoid triggering
identification or reporting requirements;
xiv) Wire transfers to or for an individual where information on the originator, or the
person on whose behalf the transaction is conducted, is not provided with the wire transfer,
when the inclusion of such information would be expected;
xv) Use of multiple personal and business accounts or the accounts of non-profit
organizations or charities to collect and then funnel funds immediately or after a short time
to a small number of foreign beneficiaries.
xvi) Customer who generally use credit cards/store value cards out of their defined
geographical location or locations prone to money laundering and terrorist financing.
4. Transactions involving unidentified parties
i) Provision of collateral by way of pledge or guarantee without any discernible plausible
reason by third parties unknown to the bank and who have no identifiable close
relationship with the customer;
ii) Transfer of money to another bank without indication of the beneficiary;
iii) Payment orders with inaccurate information concerning the person placing the orders;
iv) Use of pseudonyms or numbered accounts for effecting commercial transactions by
enterprises active in trade and industry;
v) Customers holding in trust of shares in an unlisted company whose activities cannot be
ascertained by the bank;
vi) Customers who wish to maintain a number of trustee or clients' accounts that do not
appear consistent with their type of business, including transactions that involve nominee
names.
5. Other suspicious accounts or customers
39

COMPLIANCE & KYC/AML POLICY

i) Large sums deposited through cheques or otherwise in newly opened accounts which
may be suspicious;
ii) The customers who are reluctant to provide minimal information or provide false or
misleading information or, when applying to open an account, provide information that is
difficult or expensive for the bank to verify;
iii) An account opened in the name of a moneychanger that receives structured deposits;
iv) Customers whose deposits contain counterfeit notes or forged instruments;
v) An account operated in the name of an offshore company with structured movement of
funds;
vi) Accounts that receive relevant periodical deposits and are dormant at other periods.
These accounts are then used in creating a legitimate appearing financial background
through which additional fraudulent activities may be carried out;
vii) A dormant account containing a minimal sum suddenly receives a deposit or series of
deposits followed by daily cash withdrawals that continue until the sum so received has
been removed;
viii) An account for which several persons have signature authority, yet these persons
appear to have no relation among each other (either family ties or business relationship);
ix) An account opened by a legal entity or an organization that has the same address as
other legal entities or organizations but for which the same person or persons have
signature authority, when there is no apparent economic or legal reason for such an
arrangement (for example, individuals serving as company directors for multiple
companies headquartered at the same location, etc.)
x) An account opened in the name of a recently formed legal entity and in which a higher
than expected level of deposits are made in comparison with the income of the promoter of
the entity;
xi) An account opened in the name of a legal entity that is believed to be involved in the
activities of an association or foundation whose aims are related to the claims or demands
of a terrorism organization;
xii) An account opened in the name of a legal entity, a foundation or an association, which
may be linked to a terrorism organization and that shows movements of funds above the
expected level of income;
xiii) Shared address for individuals involved in cash transactions, particularly when the
address is also a business location and/or does not seem to correspond to the stated
occupation (for example student, unemployed, selfemployed, etc.);
xiv) Stated occupation of the customer is not commensurate with the level or type of
activity (for example, a student or an unemployed individual who receives or sends large
numbers of wire transfers, or who makes daily maximum cash withdrawals at multiple
locations over a wide geographic area);
xv) Regarding non-profit or charitable organizations, financial transactions for which there
appears to be no logical economic purpose or in which there appears to be no link between
the stated activity of the organization and the other parties in the transaction;
xvi) A safe deposit box is opened on behalf of a commercial entity when the business
activity of the customer is unknown or such activity does not appear to justify the use of a
safe deposit box;
xvii) Safe deposit boxes are used by individuals who do not reside or work in the
institution's service area despite the availability of such services at an institution closer to
them;
xviii) Unexplained inconsistencies arising from the process of identifying or verifying the
customer (for example, regarding previous or current country of residence, country of
issue of the passport, countries visited according to the passport, and documents furnished
to confirm name, address and date of birth);
40

COMPLIANCE & KYC/AML POLICY

xix) Official embassy business is conducted through personal accounts.

xx) Large deposits on pretext of transfer/disposition of property.
xxi) Frequent and unusual advance payments against imports.
The Appendix G shares with the branches the examples and scenarios through which
money laundering could take place. These shall be taken in to account by the branches at
the time of account opening and during the course of relationship and any deviation or
slightest suspicion shall be immediately investigated and the same shall be reported to the
Compliance Division for further action and reporting if necessary.
Apart from the scenario as mentioned in Appendix G, there may be other avenue for
money launderers which might be used for their illicit means. The branches officers,
specially Tellers, Operation and Branch Managers shall remain vigilant at all times and
shall review the customer activities on daily basis. Any deviation from the customer
profile or any abnormal behavior noted, shall be immediately reported to the Compliance
Division.

41

COMPLIANCE & KYC/AML POLICY

Annexure H
KEY DEFINITIONS MEANING AND INTERPRETATIONS
The Annexure covers the definition which must be known to the person dealing with
KYC/CDD, AML/CFT and general operations in Bank Accounts. It is recommended that
one should have complete understanding of the concepts and the desired results before
dealing with customers/employees/stakeholders.
1. Beneficial owner in relation to a customer of a bank/ DFI, means the natural
person(s) who ultimately own(s) or controls a customer or the person on whose behalf a
transaction is being conducted and includes the person(s) who exercise(s) ultimate
effective control over a person or a body of persons whether incorporated or not;
2. Beneficiary means the person to whom or for whose benefit the funds are sent or
deposited in bank;
3. Beneficiary institution means the financial institution that receives the funds on
behalf of the wire transfer or fund transfer beneficiary;
4. Control in relation to a legal person, means the power to exercise a controlling
influence over the management or the policies of the undertaking, and, in relation to
shares, means the power to exercise a controlling influence over the voting power attached
to such shares;
5. Correspondent bank means the bank in Pakistan which provides correspondent
banking services to bank or financial institution situated abroad and vice versa;
6. Correspondent banking means provision of banking services by one bank
(correspondent) to another bank (respondent) including but not limited to opening and
maintaining accounts in different currencies, fund transfers, cheque clearing, payable
through accounts, foreign exchanges services or similar other banking services;
7. Cross-border wire transfer means a wire transfer where the ordering institution and
the beneficiary institution are located in different countries or jurisdictions;
8. Currency Transaction Report or CTR means as defined under AML Act;
9. Customer means a person having relationship with the bank which includes but not
limited to holding of deposit/deposit certificate/ or any instrument representing
deposit/placing of money with a bank/DFI, availing other financial services, locker
facility, safe deposit facility, or custodial services from the bank/DFI;
10. Customer due diligence or CDD in broader terms includes;
a) identifying the customer and verifying the customers identity on the basis of
documents, data or information obtained from customer and/or from reliable and
independent sources;
b) identifying, where there is a beneficial owner who is not the customer, the beneficial
owner and taking adequate measures, to verify his identity so that the bank/DFI is satisfied
42

COMPLIANCE & KYC/AML POLICY

that it knows who the beneficial owner is, including, in the case of a legal person, trust or
similar legal arrangement, measures to understand the ownership and control structure of
the person, trust or arrangement;
c) understanding and, as appropriate, obtaining information on the purpose and intended
nature of the business relationship; and
d) monitoring of accounts/transactions on ongoing basis to ensure that the transactions
being conducted are consistent with the banks/DFIs knowledge of the customer, their
business and risk profile, including, where necessary, the source of funds and, updating
records and data/ information to take prompt action when there is material departure from
usual and expected activity through regular matching with information already available
with bank/DFI.
11. Domestic wire transfer means any wire transfer where the originator and
beneficiary institutions are located in Pakistan regardless the system used to effect such
wire transfer is located in another jurisdiction;
12. Dormant or in-operative account means the account in which no transaction has
been taken place from last one year;
13. FATF Recommendations means the Recommendations of Financial Action Task
Force as amended from time to time;
14. FMU means financial monitoring unit established under the AML Act;
15. Fund transfer/wire transfer means any transaction carried out by financial
institution on behalf of originator person by way of electronic means or otherwise to make
an amount of money available to beneficiary person at another beneficiary institution,
irrespective of whether the originator and the beneficiary are the same person;
16. Government entity means federal or provincial government, a ministry within such
a government, a local government or an agency specially established by any such
government, or a department, organization or corporation owned or controlled by such
government under federal, provincial or local law;
17. Intermediary institution is an intermediary in the wire transfer payment chain; that
receives and transmits a wire transfer on behalf of the ordering institution and the
beneficiary institution, or another intermediary institution;
18. Monetary threshold expressed in Pak rupee includes a reference to the equivalent
amount expressed in any other currency;
19. Money laundering and financing of terrorism or ML/TF has the same meaning
as ascribed to them in AML Act;
20. Occasional customer or walk-in-customer means the person conducting
occasional transactions and is not a customer; having relationship with the bank/DFI;
21. Occasional transaction or walk-in-transaction means a transaction carried by or
on behalf of a person who is not a customer; having relationship with the bank/DFI;

43

COMPLIANCE & KYC/AML POLICY

22. Online transaction means deposit or withdrawal of cash using different branches of
a bank through electronic means;
23. Ordering institution means the financial institution that initiates a wire transfer on
the instructions of the wire transfer originator in transferring the funds;
24. Originator means the person who allows or places the order to initiate a fund
transfer/wire transfer or an online transaction;
25. Payable-through account means an account maintained at the correspondent bank
by the respondent bank which is accessible directly by a third party to effect transactions
on its own (respondent banks ) behalf;
26. Person has the same meaning as ascribed to it under the AML Act, 2010;
27. Politically exposed persons or PEPs are individuals who are entrusted with
prominent public functions either domestically or by a foreign country, or in an
international organization, for example Heads of State or of government, senior
politicians, senior government, judicial or military officials, senior executives of state
owned corporations/departments/autonomous bodies. This does not intend to cover middle
ranking or more junior individuals in the foregoing categories;
28. Respondent bank means the bank or financial institution outside Pakistan to whom
correspondent banking services in Pakistan are provided and vice versa;
29. Risk refers to risk associated with money laundering and financing of terrorism;
30. Senior management means the officer(s) not below the rank of Executive Vice
President as designated by the board of a bank/DFI for the purpose of AML/CFT
regulations;
31. Shell bank means a bank that has no physical presence (mind and management), in
the country in which it is incorporated and licensed and/or which is not affiliated with a
regulated financial services group that is subject to effective consolidated supervision; and
32. Supplementary Document means additional supporting document that were
provided at the account opening/last KYC review. E.g contractual employment
validity of 12 month.
33. Suspicious transaction report or STR means as defined under AML Act.

44

COMPLIANCE & KYC/AML POLICY

ANNEXURE-I
MINIMUM DOCUMENTS TO BE OBTAINED FROM VARIOUS TYPES OF
CUSTOMERS / ACCOUNT HOLDER(S) UNDER AML/CFT REGULATIONS
Sr.
No.
1

Nature of
Account
Individuals

Sole Proprietors

Partnership

Limited
Companies
Corporations

Documents / papers to be obtained

A photocopy of any one of the following valid identity documents;
(i) Computerized National Identity Card (CNIC) issued by NADRA.
(ii) National Identity Card for Overseas Pakistani (NICOP) issued by NADRA.
(iii) Pakistan Origin Card (POC) issued by NADRA.
(iv) Alien Registration Card (ARC) issued by National Aliens Registration
Authority (NARA), Ministry of Interior (local currency account only).
(v) Passport; having valid visa on it or any other proof of legal stay along with
passport (foreign national individuals only).
(i) Photocopy of identity document as per Sr. No. 1 above of the proprietor.
(ii) Registration certificate for registered concerns.
(iii) Sales tax registration or NTN, wherever applicable.
(iv) Certificate or proof of membership of trade bodies etc, wherever applicable.
(v) Declaration of sole proprietorship on business letter head.
(vi) Account opening requisition on business letter head.
(i) Photocopies of identity documents as per Sr. No. 1above of all the partners and
authorized signatories.
(ii) Attested copy of Partnership Deed duly signed by all partners of the firm.
(iii) Attested copy of Registration Certificate with Registrar of Firms. In case the
partnership is unregistered, this fact shall be clearly mentioned on the Account
Opening Form.
(iv) Authority letter from all partners, in original, authorizing the person(s) to
operate firms account.
/

Branch Office
or
Liaison Office
of
Foreign
Companies

Certified copies from Company Secretary/Public Notary of:

(i) Resolution of Board of Directors for opening of account specifying the person(s)
authorized to open and operate the account.
(ii) Memorandum and Articles of Association.
(iii) Certificate of Incorporation.
(iv) Certificate of Commencement of Business, wherever applicable.
(v) Photocopies of identity documents as per Sr. No. 1 above of all the directors and
persons authorized to open and operate the account.
(vi) List of Directors on Form-A/Form-B issued under Companies Ordinance
1984, as applicable.
(vii) Form-29, wherever applicable;
(viii) For individual (natural person) shareholders holding 5% or above stake in
company/corporation, photocopies of identity document as per S. No. 1 above; and
(ix) For legal persons holding shares equal to 5% or above, in addition to any other
relevant document including certificate of incorporation, photocopies of identity
document as per S. No. 1 above of their individual shareholders holding 5% or more
stake.
(i) A copy of permission letter from relevant authority i-e Board of Investment.
(ii) Photocopies of valid passports of all the signatories of account.
(iii) List of directors on company letter head or prescribed format under relevant
laws/regulations.
(iv) A Letter from Principal Office of the entity authorizing the person(s) to open
and operate the account.

45

COMPLIANCE & KYC/AML POLICY

Trusts, Clubs,
Societies
and
Associations

NGOs/NPOs/
Charities

Agents
Accounts

Executors and
Administrators

10

Minor Accounts

(i) Certified copies of

(a) Certificate of Registration/Instrument of Trust
(b) By-laws/Rules & Regulations
(ii) Resolution of the Governing Body/Board of Trustees/Executive Committee, if it
is ultimate governing body, for opening of account authorizing the person(s) to
operate the account.
(iii) Photocopy of identity document as per Sr. No. 1 above of the authorized
person(s) and of the members of Governing Body/Board of Trustees /Executive
Committee, if it is ultimate governing body.
Certified copies of
(a) Registration documents/certificate
(b) By-laws/Rules & Regulations
(ii) Resolution of the Governing Body/Board of Trustees/Executive Committee, if it
is ultimate governing body, for opening of account authorizing
the person(s) to operate the account.
(iii) Photocopy of identity document as per Sr. No. 1 above of the authorized
person(s) and of the members of Governing Body/Board of Trustees /Executive
Committee, if it is ultimate governing body.
(iv) Any other documents as deemed necessary including its annual accounts/
financial statements or disclosures in any form which may help to ascertain the
detail of its activities, sources and usage of funds in order to assess the risk profile
of the prospective customer.
(i) Certified copy of Power of Attorney or Agency Agreement.
(ii) Photocopy of identity document as per Sr. No. 1 above of the agent and
principal.
(iii) The relevant documents/papers from Sr. No. 2 to 7, if agent or the principal is
not a natural person.
(i) Photocopy of identity document as per Sr. No. 1 above of the
Executor/Administrator.
(ii) A certified copy of Letter of Administration or Probate.
(i) Form-B, Birth Certificate or Student ID card (as appropriate) shall be obtained
from minor.
(ii) Photocopy of identity document as per Sr. No. 1 above of the guardian of the
minor.

Note:
1.
2.

3.

4.

5.

6.

The photocopies of identity documents shall invariably be attested by Gazetted officer/

Nazim/Administrator or an officer of bank/DFI after original seen.
In case of a salaried person, in addition to CNIC, an attested copy of his service card, or any other
acceptable evidence of service, including, but not limited to a certificate from the employer will be
obtained.
In case of an individual with shaky/immature signatures, in addition to CNIC, a passport size
photograph of the new account holder besides taking his right and left thumb impression on the
specimen signature card will be obtained.
In case of expired CNIC, account may be opened on the basis of attested copies of NADRA
receipt/token and expired CNIC subject to condition that Bank/DFI shall obtain copy of renewed CNIC
of such customer within 03 months of the opening of account. For CNICs which expire during the
course of the customers banking relationship, Banks/DFIs shall design/ update their systems which can
generate alerts about the expiry of CNICs at least 01 month before actual date of expiry and shall
continue to take reasonable measures to immediately obtain copies of renewed CNICs, whenever
expired.
In case the CNIC does not contain a photograph, bank/DFI shall obtain following:
(i) A duly attested copy of either driving license, service card, Nikkah Nama, birth certificate,
Educational degree/certificate, pension book, insurance certificate.
(ii) A photograph duly attested by gazetted officer/Nazim/Administrator/bank officer.
(iii) A copy of CNIC without photograph duly attested by the same person who attested the photograph.
Banks/DFIs shall obtain copies of CNICs of all the members of Governing and Executive Bodies of
DHA or ask for delegation of power to Administrator under section (7) & (8) of the Pakistan Defence
Housing Authority Order, 1980 and accept copy of CNIC of Administrator as well as authorized
46

COMPLIANCE & KYC/AML POLICY

7.

signatories for the purpose of opening accounts of DHA or similar other authorities subject to
compliance of other requirements.
The condition of obtaining Board Resolution is not necessary for foreign companies/entities belonging
to countries where said requirements are not enforced under their laws/regulations. However, such
foreign companies will have to furnish Power of Attorney from the competent authority for opening
bank accounts to the satisfaction of their banks.

47

COMPLIANCE & KYC/AML POLICY

Annexure- J
SPECIFIC HIGH RISK ELEMENTS AND RECOMMENDATIONS FOR EDD
S.NO
Customer
Recommendations for EDD
NPOs/NGOs/
In
relation to these customers, banks/DFIs may:
1
Charities, Trusts, Clubs,
Societies, and
Associations etc

Housewife accounts

Proprietorships and self

employed individuals/
professionals

Landlords

Products & Services

Online transactions

Delivery Channels
Cash

(i) obtain a declaration from Governing Body/Board of

Trustees/Executive Committee/sponsors on ultimate control,
purpose and source of funds etc;
(ii) obtain an undertaking from Governing Body/Board of
Trustees/Executive Committee /sponsors to inform the
bank/DFI about any change of control or
ownership during operation of the account; and
(iii) obtain a fresh Resolution of the Governing
Body/Executive Committee of the entity in
case of change in person(s) authorized to
operate the account.
In relation to housewife accounts, banks/DFIs
may
(i) obtain a self-declaration for source and
beneficial ownership of funds;
(ii) Update details of funds providers, if any
along with customers profile; and
(iii) Identify and verify funds providers if
monthly credit turnover exceeds an
appropriate threshold to be decided by
banks/DFIs.
In relation to these accounts, following measures
may be taken by banks/DFIs:
(i) The business transactions in personal accounts of
proprietors may only be permitted by linking it with
account/business turnover. For example, such customers
having monthly credit turnover of Rs. 5 million or above
may be required to open a separate account for business
related transactions; and
(ii) In order to verify the physical existence of
business or self-employment status, banks/DFIs may
conduct physical verification within 05 working days of
the opening of account and document the results
thereof on account opening form. In case of
unsatisfactory verification, bank/DFI may
consider reporting it to FMU and/or may
change risk profile, as appropriate.
In relation to such customers, banks/DFIs may apply any
recommend methods for assessment of source of
funds/income e.g. Passbook of
landholding records etc.
Recommendations for EDD
In relation to online transactions, Banks/DFIs
should pay special attention to geographical
factors/locations for movement funds.
Recommendations for EDD
In relation to cash transactions, Banks/DFIs may:
(i) monitor cash transactions on enhanced basis
by applying relatively stringent thresholds,
as deemed appropriate; and
(ii) pay special attention on cash based
transactions considering examples of Red
48

COMPLIANCE & KYC/AML POLICY

Wire transfers

Alerts given in Annexure-II to AML/CFT

regulations.
In relation to wire transfers, banks/DFIs may:
(i) monitor such transactions on enhanced basis
by applying relatively stringent thresholds,
as deemed appropriate; and
(ii) Ensure that funds transfers which are out of
character/ inconsistent with the history,
pattern, source of earnings and purpose,
shall be viewed with suspicion and properly
investigated for appropriate action, as per
law.

49

COMPLIANCE & KYC/AML POLICY

Annexure K
GENERAL HIGH RISK SCENARIOS/ FACTORS
Customers
Products and
Delivery Channels
Non-resident customers
Non-face-to-face
business
Correspondent banks
relationships or
accounts
transactions
Customers with links to
Cash intensive or
offshore tax havens
other forms of
Customers in high-value
anonymous
items etc
transactions
High net worth customers
Payment received
with no clearly identifiable
from unknown or
source of income
un-associated third
There is a doubt about the
parties
veracity or adequacy of
Private banking
available identification
relationships
data on the customer
There is reason to believe
that the customer has been
refused banking facilities
by another bank/ DFI
Companies that have
nominee shareholders or
shares in bearer form
Legal persons or
arrangements that are
personal asset holding
vehicles

Geography or Locations
The jurisdictions which
have been identified for
inadequate AML/CFT
measures by FATF or called for
by FATF for taking
counter-measures
Countries identified by
credible sources such as
mutual evaluations or
detailed assessment reports,
as having inadequate
AML/CFT standards
Countries subject to
sanctions, embargos, for
example, the United
Nations
Countries identified by
credible sources as having
significant levels of
corruption, or other criminal
activity
Countries or geographic
areas identified by credible
sources as providing
funding or support for
terrorism activities

50

COMPLIANCE & KYC/AML POLICY

Annexure L
GENERAL LOW RISK SCENARIOS/ FACTORS
Low risk
factors for
Customers

Low risk
factors for
Products
And Transaction
Channel

Low risk
factors for
Geography
or Locations

A financial institution regulated/ supervised by the State Bank of Pakistan

except exchange companies/ money remitters;
A Non-Bank Finance Company (NBFC) regulated/ supervised by
Securities and Exchange Commission of Pakistan (SECP) unless an entity is
notified for application of the requirements;
A government entity;
A foreign government entity;
Public administrations or enterprises;
An entity listed on any stock exchange in Pakistan; and
An entity listed on a stock exchange outside Pakistan that is
subject to regulatory disclosure requirements and its information
is publically available.
Basic Banking Accounts (BBA);
Low value accounts having monthly credit turnover up to Rs.
25,000;
Salary accounts of individuals subject to the condition that account is not
used for other than salary purposes;
Pension accounts for direct credit of pensions;
Remittance cards restricted to receive inward remittances only; and
Other financial products or services that provide appropriately defined
and limited services to certain types of customers so as to increase access to
financial services.
Country identified by credible sources such as mutual evaluation or
detailed assessment reports, as adequately complying with and having
effectively implemented the FATF Recommendations; and
Country identified by credible sources as having a low level of corruption,
or other criminal activity.

51