• AML/CFTR Part 3.3 AML/CFTR Part 3.3 Product risk

    Notes for Part 3.3

    1 This Part relates to the risks posed by the types of products offered by a firm.
    2 Product includes the provision of a service (see Glossary).
    Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.1 Risk assessment for product risk

      (1) A firm must assess and document the risks of money laundering, terrorism financing and other illicit activities posed by the types of products it offers (and proposes to offer).

      Examples of types of products
      1 savings accounts
      2 e-money products
      3 payable-through accounts
      4 wire transfers
      5 life insurance contracts
      (2) The intensity of the CDD and ongoing monitoring conducted in relation to a particular type of product must be proportionate to the perceived or potential level of risk posed by the type of product.

      Example

      The level of deposits and the volume of transactions and operations that a customer has may affect the intensity of CDD and ongoing monitoring.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.2 Policies etc for product risk

      A firm must have policies, procedures, systems and controls to address the specific risks of money laundering, terrorism financing and other illicit activities posed by the types of products it offers (and proposes to offer).

      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.3 Scoring business relationships — types of products

      A firm must include, in its methodology, a statement of the basis on which business relationships with customers will be scored, having regard to the types of products it offers (and proposes to offer) to them.

      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.4 Products with fictitious or false names or no names

      (1) A financial institution must not permit any of its products to be used if the product:
      (a) uses a fictitious or false name for a customer; or
      (b) does not identify the customer's name.
      (2) Subrule (1) does not prevent the financial institution from providing a level of privacy to the customer within the financial institution itself by not including the customer's name or details on the account name or customer file if:
      (a) records of the customer's details are kept in a more secure environment in the firm itself; and
      (b) the records are available to the financial institution's senior management and MLRO, and to the Regulator and FIU.
      (3) Without limiting subrule (1), if the financial institution has numbered accounts, the financial institution must maintain them in a way that enables it to fully comply with the AML/CFT Law and these rules.

      Example for subrule (3)

      The financial institution could properly identify the customer for an account in accordance with the AML/CFT Law and these rules and make the customer identification records available to the MLRO, other appropriate officers and employees, the Regulator and the FIU.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.5 Correspondent banking relationships generally

      (1) Before a bank (the correspondent) establishes a correspondent banking relationship with a bank (the respondent) in a foreign jurisdiction, the correspondent must do all of the following:
      (a) gather sufficient information about the respondent to understand fully the nature of its business;
      (b) decide from publicly available information the respondent's reputation and the quality of its regulation and supervision;
      (c) assess the respondent's AML/CFT policies, procedures, systems and controls, and decide that they are adequate and effective;
      (d) obtain senior management approval to establish the relationship;
      (e) document the respective responsibilities of the respondent and correspondent, including in relation to AML and CFT matters;
      (f) be satisfied that, in relation to the respondent's customers that will have direct access to accounts of the correspondent, the respondent:
      (i) will have conducted CDD for the customers and verified the customers' identities;
      (ii) will conduct ongoing monitoring for the customers; and
      (iii) will be able to provide to the correspondent, on request, the documents, data or information obtained in conducting CDD and ongoing monitoring for the customers.
      (2) Without limiting subrule (1) (b), in making a decision for that provision, the correspondent must consider all of the following:
      (a) whether the respondent has been the subject of any investigation, or civil or criminal proceeding, relating to money laundering or terrorism financing;
      (b) the respondent's financial position;
      (c) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each foreign jurisdiction in which it operates;
      (d) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
      (e) if the respondent is a subsidiary of another legal person — the following additional matters:
      (i) the other person's domicile and location (if different);
      (ii) its reputation;
      (iii) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each jurisdiction in which it operates;
      (iv) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
      (v) its ownership, control and management structure (including whether it is owned, controlled or managed by a PEP).
      (3) If the correspondent establishes a correspondent banking relationship with the respondent, the correspondent must:
      (a) if the respondent is in a high risk jurisdiction — conduct enhanced ongoing monitoring of the volume and nature of the transactions conducted under the relationship; and
      (b) in any case — at least annually review the relationship and the transactions conducted under it.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.6 Shell banks

      (1) A shell bank must not be established in, or operate in or from, this jurisdiction.

      Note Shell bank is defined in rule 1.3.8.
      (2) A financial institution must not enter into, or continue, a correspondent banking relationship or correspondent securities relationship with a shell bank.
      (3) A financial institution must not enter into, or continue:
      (a) a correspondent banking relationship with a bank in any jurisdiction if the bank is known to permit its accounts to be used by a shell bank; or
      (b) a correspondent securities relationship with a firm in any jurisdiction if the firm is known to permit its accounts to be used by a shell bank.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.7 Payable-through accounts

      (1) The rule applies if:
      (a) a bank (the correspondent) has a correspondent banking relationship with a bank (the respondent) in a foreign jurisdiction; and
      (b) under the relationship, a customer of the respondent who is not a customer of the correspondent may have direct access to an account of the correspondent.
      (2) The correspondent must not allow the customer to have access to the account unless the correspondent is satisfied that the respondent:
      (a) has conducted CDD for the customer and verified the customer's identity;
      (b) conducts ongoing monitoring for the customer; and
      (c) can provide to the correspondent, on request, the documents, data and information obtained in conducting CDD and ongoing monitoring for the customer.
      (3) If:
      (a) the correspondent asks the respondent for documents, data or information mentioned in subrule (2) (c); and
      (b) the respondent fails to satisfactorily comply with the request;
      the correspondent must immediately terminate the customer's access to accounts of the correspondent and consider making a suspicious transaction report to the FIU.
      (4) Payable-through accounts are correspondent accounts that are used directly by third parties to transact business on their own behalf.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.8 Powers of attorney

      (1) This rule applies to a power of attorney if it authorises the holder to exercise control over assets of the grantor.
      (2) Before becoming involved in or associated with a transaction involving the power of attorney, a firm must conduct CDD for both the holder and the grantor.
      (3) For subrule (2), the holder and the grantor are both taken to be customers of the firm.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.9 Bearer negotiable instruments

      (1) In this rule:
      bearer negotiable instrument means:
      (a) a monetary instrument in bearer form such as a traveller's cheque;
      (b) a negotiable instrument, including cheque, promissory note, and money order that is either in bearer form, endorsed without restriction, made out to a fictitious payee, or otherwise in such form that title thereto passes upon delivery;
      (c) an incomplete instrument including a cheque, promissory note and money order signed, but with the payee's name omitted;
      (d) a bearer share; or
      (e) a share warrant to bearer.
      (2) A firm must have adequate AML/CFT customer due diligence policies, procedures, systems and controls for risks related to the use of bearer negotiable instruments.
      (3) Before becoming involved in or associated with a transaction involving the conversion of a bearer negotiable instrument, or the surrender of coupons for a bearer negotiable instrument for payment of dividend, bonus or a capital event, a firm must conduct enhanced CDD for the holder of the instrument and any beneficial owner.
      (4) For subrule (3), the holder and any beneficial owner are taken to be customers of the firm.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.10 Wire transfers

      (1) This rule applies to a transaction conducted by a financial institution (the ordering financial institution) by electronic means on behalf of a person (the originator) with a view to making an amount of money available to a person (the recipient) at another financial institution (the beneficiary financial institution).
      (2) This rule applies to the transaction whether or not:
      (a) the originator and recipient are the same person;
      (b) the transaction is conducted through intermediary financial institutions; or
      (c) the ordering financial institution, the beneficiary financial institution or any intermediary financial institution is outside Qatar.
      (3) However, this rule does not apply to a transaction conducted using a credit or debit card if:
      (a) the card number accompanies all transfers flowing from the transaction; and

      Examples of transfers that may flow from the transaction
      1 withdrawals from a bank account through an ATM
      2 cash advances from a credit card
      3 payments for goods and services
      (b) the card is not used as a payment system to effect a money transfer.
      (4) Also, this rule does not apply:
      (a) to transfers from 1 financial institution to another; or
      (b) if the originator and recipient are both financial institutions acting on their own behalf.
      (5) If the ordering financial institution is in Qatar, it:
      (a) must obtain and keep full originator information; and
      (b) must conduct CDD for the originator;
      unless the beneficiary financial institution and all intermediary financial institutions (if any) are in Qatar and the transaction involves the transfer of less than QR 3,500.

      Note Full originator information is defined in the Glossary.
      (6) To remove any doubt, the ordering financial institution needs only to comply with subrule (5) once for the originator.
      (7) If the ordering financial institution is in Qatar and the beneficiary financial institution or any intermediary financial institution is outside Qatar, the ordering financial institution must include full originator information and full recipient information in a message or payment form accompanying the transfer.

      Note Full recipient information is defined in the Glossary.
      (8) However, if several separate transfers from the same originator are bundled in a batch file for transmission to several recipients in a foreign jurisdiction, the ordering financial institution needs only to include the originator's account number or unique reference number in relation to each individual transfer if the batch file (in which the individual transfers are batched) contains full originator information, and full recipient information for each recipient, that is fully traceable in the foreign jurisdiction.
      (9) If the ordering financial institution, the beneficiary financial institution and all intermediary financial institutions (if any) are in Qatar, the ordering financial institution must include full originator information and full recipient information in a message or payment form accompanying the transfer unless:
      (a) the transaction involves the transfer of less than QR 3,500; or
      (b) both of the following conditions are satisfied:
      (i) full originator information and full recipient information can be made available to the beneficiary financial institution, the Regulator, the FIU and law enforcement authorities within 3 business days after the day the information is requested;
      (ii) law enforcement authorities can compel immediate production of the information.
      (10) Each intermediary financial institution (if any) must ensure that all information relating to the originator and recipient that the financial institution receives in a message or payment form accompanying the transfer is transmitted to the next financial institution.
      (11) If the beneficiary financial institution is in Qatar and is aware that full originator information or full recipient information has not been provided in a message or payment form accompanying the transfer (and is not fully traceable using a batch file as mentioned in subrule (8)), it must:
      (a) either:
      (i) reject the transfer; or
      (ii) obtain the missing or incomplete information from the ordering financial institution; and
      (b) using a risk-sensitive approach, decide whether a suspicious transaction report should be made to the FIU.
      (12) If the ordering financial institution has regularly failed to provide the required information about the originators or recipients of transactions and the beneficiary financial institution is in Qatar, the beneficiary financial institution:
      (a) must take appropriate steps to ensure that the ordering financial institution does not contravene this rule; and
      (b) must report the matter to the FIU.
      Examples of steps
      1 issuing warnings and setting deadlines for the provision of information
      2 rejecting future transfers from the ordering financial institution
      3 restricting or terminating any business relationship with the ordering financial institution
      (13) Despite anything in these rules, no money or value may be transferred by electronic means to a person listed:
      (a) under a relevant resolution of the UN Security Council; or
      (b) in a Terrorist Designation Order published by the National Counter Terrorism Committee of the State.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.11 Additional obligations of firms involved in wire transfers

      (1) A firm that acts as an intermediary financial institution in a cross-border wire transfer and a firm (the beneficiary financial institution) that makes money available to the recipient after the cross-border wire transfer must take reasonable measures, on a risk-sensitive basis, to identify transfers to this jurisdiction that lack full originator information or full recipient information. The measures may include following-up (whether during, or after, the transfer) on information that is lacking about the originator or recipient.
      (2) A firm that acts as intermediary financial institution or beneficiary financial institution must develop, establish and maintain policies, procedures, systems and controls to determine:
      (a) when to execute, reject or suspend a wire transfer that lacks the full originator information or full recipient information; and
      (b) when to take appropriate follow-up action.
      (3) A firm that acts as intermediary financial institution in a cross-border wire transfer must ensure that all originator and recipient information accompanying the transfer is retained with it.
      (4) A firm that acts as ordering financial institution, intermediary financial institution or beneficiary financial institution must keep full originator information and full recipient information for at least 10 years after:
      (a) if the firm acted as ordering financial institution—the day the originator asked the firm to make the wire transfer;
      (b) if the firm acted as intermediary financial institution—the day the firm transmitted the information to another intermediary or to the beneficiary financial institution; or
      (c) if the firm acted as beneficiary financial institution—the day the money received via wire transfer is made available to the recipient.
      (5) If a wire transfer between 2 financial institutions in Qatar (domestic wire transfer) is necessary to effect a cross-border wire transfer and, because of technical limitations, the full originator information and full recipient information cannot remain with the domestic wire transfer, the intermediary financial institution to which the domestic wire transfer is made must, if the intermediary financial institution is a firm, make and keep a record of the information received by it from the ordering financial institution or other intermediary financial institution in relation to the transaction. The record must be kept for 10 years after the day it is made.
      (6) If a cross-border wire transfer is effected by the same firm as both ordering and beneficiary financial institutions, or if a firm controls both the originator and recipient of the wire transfer, the firm must take into account the information obtained from both sides of the transfer in considering whether to make a suspicious transaction report. If the firm suspects that the transfer may involve money laundering or terrorism financing, it must:
      (a) make a report in each jurisdiction affected by the transfer; and
      (b) make available, to the FIU (or its equivalent) in the jurisdiction, information relevant to the transfer.
      (7) For wire transfers of more than QR 3,500, the beneficiary financial institution must verify the identity of the recipient before making money available, except if the recipient's identity has previously been verified.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR 3.3.12 Correspondent securities relationships generally

      (1) Before a firm (the correspondent) establishes a correspondent securities relationship with another firm (the respondent) in a foreign jurisdiction, the correspondent must do all of the following:
      (a) gather sufficient information about the respondent to understand fully the nature of its business;
      (b) decide from publicly available information the respondent's reputation and the quality of its regulation and supervision;
      (c) assess the respondent's AML/CFT policies, procedures, systems and controls, and decide that they are adequate and effective;
      (d) obtain senior management approval to establish the relationship;
      (e) document its responsibilities and those of the respondent, including in relation to AML and CFT matters;
      (f) be satisfied that, in relation to the respondent's customers that will have direct access to accounts of the correspondent, the respondent:
      (i) will have conducted CDD for the customers and verified the customers' identities; and
      (ii) will conduct ongoing monitoring for the customers; and
      (iii) will be able to provide to the correspondent, on request, the documents, data or information obtained in conducting CDD and ongoing monitoring for the customers.
      (2) Without limiting subrule (1) (b), in making a decision for that provision, the correspondent must consider all of the following:
      (a) whether the respondent has been the subject of any investigation, or civil or criminal proceeding, relating to money laundering or terrorism financing;
      (b) the respondent's financial position;
      (c) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each foreign jurisdiction in which it operates;
      (d) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
      (e) if the respondent is a subsidiary of another legal person—the following additional matters:
      (i) the other person's domicile and location (if different);
      (ii) its reputation;
      (iii) whether it is regulated and supervised (at least for AML and CFT purposes) by a regulatory or governmental authority, body or agency equivalent to the Regulator in each jurisdiction in which it operates;
      (iv) whether each foreign jurisdiction in which it operates has an effective AML/CFT regime;
      (v) its ownership, control and management structure (including whether it is owned, controlled or managed by a PEP).
      (3) If the correspondent establishes a correspondent securities relationship with the respondent, the correspondent must:
      (a) if the respondent is in a high risk jurisdiction—conduct enhanced ongoing monitoring of the volume and nature of the transactions conducted under the relationship; and
      (b) in any case—at least annually review the relationship and the transactions conducted under it.
      Derived by QFCRA RM/2019-8 (as from 1st February 2020)