• AML/CFTR Part 2.3 AML/CFTR Part 2.3 MLRO and Deputy MLRO

    • AML/CFTR Division 2.3.A AML/CFTR Division 2.3.A Appointment of MLRO and Deputy MLRO

      • AML/CFTR 2.3.1 Appointment — MLRO and Deputy MLRO

        (1) A firm must ensure that there is at all times an MLRO and a Deputy MLRO for the firm.
        (2) Accordingly, the firm must, from time to time, appoint an individual as its MLRO and another individual as its Deputy MLRO.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.2 Eligibility to be MLRO or Deputy MLRO

        (1) The MLRO and Deputy MLRO for a firm:
        (a) must be employed at the management level by the firm, or by a legal person in the same group, whether as part of its governing body, management or staff; and
        (b) must have sufficient seniority, knowledge, experience and authority for the role, and in particular:
        (i) to act independently; and
        (ii) to report directly to the firm's senior management.
        (2) The MLRO for a QFC insurer (other than a QFC captive insurer) that is a company incorporated under the Companies Regulations 2005, or a QFC bank, must be ordinarily resident in Qatar.
        (3) In the case of any other firm:
        (a) if the firm proposes to appoint as MLRO an individual who is not ordinarily resident in Qatar, the firm must satisfy the Regulator that the MLRO function can be adequately exercised by an MLRO who is not resident in Qatar; and
        (b) if the Regulator considers that the MLRO function for the firm cannot be adequately exercised by an MLRO who is not resident in Qatar, the Regulator may direct the firm to appoint as MLRO an individual who is ordinarily resident in Qatar.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Division 2.3.B AML/CFTR Division 2.3.B Roles of MLRO and Deputy MLRO

      • AML/CFTR 2.3.3 General responsibilities of MLRO

        The MLRO for a firm is responsible for:

        (a) overseeing the implementation of the firm's AML/CFT policies, procedures, systems and controls in relation to this jurisdiction, including the operation of the firm's risk-based approach;
        (b) ensuring that appropriate policies, procedures, systems and controls are developed, established and maintained across the firm to monitor the firm's day-to-day operations:
        (i) for compliance with the AML/CFT Law, these rules, and the firm's AML/CFT policies, procedures, systems and controls; and
        (ii) to assess, and regularly review, the effectiveness of the policies, procedures, systems and controls in preventing money laundering and terrorism financing;
        (c) being the firm's key person in implementing the firm's AML/CFT strategies in relation to this jurisdiction;
        (d) supporting and coordinating senior management focus on managing the firm's money laundering and terrorism financing risks in individual business areas;
        (e) helping to ensure that the firm's wider responsibility for preventing money laundering and terrorism financing is addressed centrally; and
        (f) promoting a firm-wide view to be taken of the need for AML/CFT monitoring and accountability.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.4 Particular responsibilities of MLRO

        (1) The MLRO for a firm is responsible for:
        (a) receiving, investigating and assessing internal suspicious transaction reports for the firm;
        (b) making suspicious transaction reports to the FIU and telling the Regulator about them;
        (c) acting as central point of contact between the firm, and the FIU, the Regulator and other State authorities, in relation to AML and CFT issues;
        (d) responding promptly to any request for information by the FIU, the Regulator and other State authorities in relation to AML and CFT issues;
        (e) receiving and acting on government, regulatory and international findings about AML and CFT issues;
        (f) monitoring the appropriateness and effectiveness of the firm's AML/CFT training programme;
        (g) reporting to the firm's senior management on AML and CFT issues;
        (h) keeping the Deputy MLRO informed of significant AML/CFT developments (whether internal or external); and
        (i) exercising any other functions given to the MLRO, whether under the AML/CFT Law, these rules or otherwise.
        (2) If the Regulator issues guidance, the MLRO must bring it to the attention of the firm's senior management. The firm must make and keep a record of:
        (a) whether the senior management took the guidance into account;
        (b) any action that the senior management took as a result; and
        (c) the reasons for taking or not taking action.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.5 Role of Deputy MLRO

        (1) The Deputy MLRO for a firm acts as the firm's MLRO during absences of the MLRO and whenever there is a vacancy in the MLRO's position.
        (2) When the Deputy MLRO acts as MLRO, these rules apply in relation to the Deputy MLRO as if the Deputy MLRO were the MLRO.
        (3) However, to remove any doubt, rule 2.3.2 (2) (Eligibility to be MLRO or Deputy MLRO) does not apply in relation to the Deputy MLRO of a QFC insurer (other than a QFC captive insurer) that is a company incorporated under the Companies Regulations 2005 or a QFC bank when the Deputy MLRO acts as MLRO.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.6 How MLRO must carry out role

        The MLRO for a firm must act honestly, reasonably and independently, particularly in:

        (a) receiving, investigating and assessing internal suspicious transaction reports; and
        (b) deciding whether to make, and making, suspicious transaction reports to the FIU.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Division 2.3.C AML/CFTR Division 2.3.C Reporting by MLRO to senior management

      • AML/CFTR 2.3.7 MLRO reports

        (1) The senior management of a firm must, on a regular basis, decide what reports should be given to it by the MLRO, and when the reports should be given to it, to enable it to discharge its responsibilities under the AML/CFT Law and these rules.
        (2) However, the MLRO must give the senior management a report that complies with rule 2.3.8 (Minimum annual report by MLRO) for each calendar year. The report must be given in time to enable compliance with rule 2.3.9 (2).
        (3) To remove any doubt, subrule (2) does not limit the reports:
        (a) that the senior management may require to be given to it; or
        (b) that the MLRO may give to the senior management on the MLRO's own initiative to discharge the MLRO's responsibilities under the AML/CFT Law and these rules.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.8 Minimum annual report by MLRO

        (1) This rule sets out the minimum requirements that must be complied with in relation to the report that must be given to the senior management by the MLRO for each calendar year (see rule 2.3.7 (2)).
        (2) The report must assess the adequacy and effectiveness of the firm's AML/CFT policies, procedures, systems and controls in preventing money laundering and terrorism financing.
        (3) The report must include the following for the period to which it relates:
        (a) the numbers and types of internal suspicious transaction reports made to the MLRO;
        (b) the number of these reports that have, and the number of these reports that have not, been passed on to the FIU;
        (c) the reasons why reports have or have not been passed on to the FIU;
        (d) the numbers and types of breaches by the firm of the AML/CFT Law, these rules, or the firm's AML/CFT policies, procedures, systems and controls;
        (e) areas where the firm's AML/CFT policies, procedures, systems and controls should be improved, and proposals for making appropriate improvements;
        (f) a summary of the AML/CFT training delivered to the firm's officers and employees;
        (g) areas where the firm's AML/CFT training programme should be improved, and proposals for making appropriate improvements;
        (h) the number and types of customers of the firm that are categorised as high risk;
        (i) progress in implementing any AML/CFT action plans;

        Note These provisions require action plans:
        •   rule 2.3.9 (b) (Consideration of MLRO reports)
        •   rule 4.3.4 (3) and (4) (When CDD may not be required — acquired businesses)
        •   rule 6.2.2 (3) (b) (Training must be maintained and reviewed).
        (j) the outcome of any relevant quality assurance or audit reviews in relation to the firm's AML/CFT policies, procedures, systems and controls;
        (k) the outcome of any review of the firm's risk assessment policies, procedures, systems and controls.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.9 Consideration of MLRO reports

        (1) The senior management of a firm must promptly:
        (a) consider each report made to it by the MLRO; and
        (b) if the report identifies deficiencies in the firm's compliance with the AML/CFT Law or these rules — approve an action plan to remedy the deficiencies.
        (2) For the report that must be given for each calendar year under rule 2.3.7 (2), the senior management must confirm in writing that it has considered the report and, if an action plan is required, has approved such a plan. The firm's MLRO must give the Regulator a copy of the report and confirmation before 1 June of the next year.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Division 2.3.D AML/CFTR Division 2.3.D Additional obligations etc of firm with non-resident MLRO

      • AML/CFTR 2.3.10 Annual reports

        A firm whose MLRO is not ordinarily resident in Qatar must report to the Regulator, in a form approved for this rule under the General Rules 2005, before 1 June in each year.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.11 Visits by non-resident MLRO

        A firm whose MLRO is not ordinarily resident in Qatar must ensure that the MLRO inspects the firm's operations in Qatar frequently enough to allow him or her to assess the accuracy and reliability of the information supplied to the Regulator in the reports required by rule 2.3.10.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 2.3.12 Regulatory Authority may direct firm to appoint resident MLRO

        (1) This rule applies if, for any reason, the Regulator considers that the MLRO function for a firm is not being adequately exercised by an individual who is not ordinarily resident in Qatar.
        (2) The Regulator may direct the firm:
        (a) to require the individual to be ordinarily resident in Qatar; or
        (b) to appoint another individual who is ordinarily resident in Qatar.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)