• AML/CFTR Chapter 4 AML/CFTR Chapter 4 Know your customer

    • AML/CFTR Part 4.1 AML/CFTR Part 4.1 Know your customer — general

      Note for Part 4.1

      Principle 3 (see rule 1.2.3) requires a firm to know each of its customers to the extent appropriate for the customer's risk profile.

      Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.1.1 Know your customer principle — general

        The know your customer principle requires every firm to know who its customers are, and to have the necessary customer identification documentation, data and information to evidence this.

        Note Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.1.2 Overview of CDD requirements

        (1) As a general rule, a firm must not establish a business relationship with a customer unless:
        (a) all the relevant parties (including any beneficial owner) have been identified and verified; and
        (b) the purpose and intended nature of the business expected to be conducted with the customer has been clarified.
        (2) Once an ongoing relationship has been established, any regular business undertaken with the customer must be assessed at regular intervals against the expected pattern of activity of the customer. Any unexpected activity can then be examined to decide whether there is a suspicion of money laundering or terrorism financing.
        (3) If the firm does not obtain satisfactory evidence of identity for all the relevant parties, the firm must not establish the business relationship or carry out a transaction with or for them and must consider making a suspicious transaction report to the FIU.
        (4) This rule provides a simplified explanation of some of the customer due diligence requirements in this Chapter and is subject to the more detailed provisions of this Chapter.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.1.3 Customer identification documents

        The application of CDD to a customer should result in the firm obtaining a set of documents which are collectively known as the 'customer identification documents'. These documents, which are summarised in figure 4.1.3, form the basis of the firm's knowledge of the customer and should drive the risk-profiling and therefore the intensity of the CDD and ongoing monitoring the firm must conduct for the customer.

        Figure 4.1.3 Customer identification documents

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 4.2 AML/CFTR Part 4.2 Know your customer — key terms

      • AML/CFTR 4.2.1 What is customer due diligence?

        (1) Customer due diligence (or CDD), in relation to a customer of a firm, is all of the following measures:
        (a) identifying the customer;
        (b) verifying the customer's identity using reliable, independent source documents, data or information;
        (c) establishing whether the customer is acting on behalf of another person (in particular whether the customer is acting as a trustee);
        (d) obtaining information about the sources of the customer's wealth and funds;
        (e) obtaining information about the purpose and intended nature of the business relationship.
        Note For paragraphs (d) and (e), see generally Part 4.6 (Customer identification documentation). For the extent and detail of the information to be obtained, see rule 4.6.3 (Risks associated with the economic activity — general), rule 4.6.4 (2) (Risks associated with the economic activity — source of wealth and funds) and rule 4.6.5 (2) (Risks associated with the economic activity — purpose and intended nature of business relationship).
        (2) If the customer is acting on behalf of another person (A), CDD also includes:
        (a) verifying that the customer is authorised to act on behalf of A;
        (b) identifying A; and
        (c) verifying A's identity using reliable, independent source documents, data or information.
        (3) If the customer is a legal person or legal arrangement, CDD also includes:
        (a) verifying that any person (B) purporting to act on behalf of the customer is authorised to act on behalf of the customer;
        (b) identifying B;
        (c) verifying B's identity using reliable, independent source documents, data or information;
        (d) verifying the legal status of the customer;
        (e) taking reasonable measures, on a risk-sensitive basis:
        (i) to understand the customer's ownership and control structure; and
        (ii) to establish the individuals who ultimately own or control the customer, including the individuals who exercise ultimate effective control over the customer; and
        (f) establishing whether B is a beneficial owner.
        (4) If the customer is a legal person or legal arrangement, and a person purporting to act on behalf of the customer is not a beneficial owner of the customer, CDD also includes:
        (a) identifying the beneficial owner; and
        (b) verifying the beneficial owner's identity using reliable, independent source documents, data or information.
        (5) For subrule (3) (e) (ii), examples of the measures required include:
        (a) if the customer is a company — identifying the individuals with a controlling interest and the individuals who comprise the mind and management of the customer; and

        Note See rule 4.6.8 (Customer identification documentation — corporations).
        (b) if the customer is a legal arrangement — identifying the parties to the arrangement, including the person exercising effective control over the arrangement.

        Note See rule 4.3.9 (Extent of CDD — legal persons and arrangements) and rule 4.6.11 (Customer identification documentation — legal arrangements).
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.2.2 What is ongoing monitoring?

        Ongoing monitoring, in relation to a customer of a firm, consists of:

        (a) scrutinising transactions conducted under the business relationship with the customer to ensure that the transactions are consistent with the firm's knowledge of the customer, the customer's business and risk profile, and, where necessary, the source of the customer's wealth and funds; and
        (b) reviewing the firm's records of the customer to ensure that documents, data and information collected during CDD and ongoing monitoring for the customer are kept up-to-date and relevant.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.2.3 Who is an applicant for business?

        An applicant for business, in relation to a firm, is a person seeking to form a business relationship, or carry out a one-off transaction, with the firm.

        Examples of applicants for business

        1 A person dealing with a firm on his or her own behalf is an applicant for business for the firm.
        2 If a person (A) is acting as agent for a principal (for example, as an authorised manager of a discretionary investment service for clients) in dealing with a firm and A deals with the firm in his or her own name on behalf of a client of the principal, A (and not the client) is an applicant for business for the firm.
        3 If a person (B) provides funds to a firm and wants an investment purchased with the funds to be registered in the name of another person (for example, a grandchild), B (and not the other person) is an applicant for business for the firm.
        4 If an intermediary introduces a client to a firm as a potential investor and gives the client's name as the investor, the client (and not the intermediary) is an applicant for business for the firm.
        5 If a person seeks advice from, or access to an execution-only dealing service with, a firm in his or her own name and on his or her own behalf, the person is an applicant for business for the firm.
        6 If a professional agent introduces a third party to a firm so the third party can be given advice or make an investment in his or her own name, the third party (and not the professional agent) is an applicant for business for the firm.
        7 If an individual claiming to represent a company, partnership or other legal person applies to a firm to conduct business on behalf of the legal person, the legal person (and not the individual claiming to represent it) is an applicant for business for the firm.
        8 If a company manager or company formation agent (C) introduces a client company to a firm, the client company (and not C) is an applicant for business for the firm.
        9 If a trust is introduced to a firm, the settlor of the trust is an applicant for business for the firm.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.2.4 What is a business relationship?

        A business relationship means a regular relationship between a customer and a firm in connection with a service that the customer receives from the firm.

        Note A relationship that, when contact is established, is reasonably expected by a firm to be merely transitory does not constitute a business relationship.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.2.5 What is a one-off transaction?

        A one-off transaction, in relation to a firm, is a transaction carried out by the firm for a customer otherwise than in the course of a business relationship with the customer.

        Examples

        1 a one-off foreign currency transaction
        2 an isolated instruction to purchase shares
        3 a one-off wire transfer
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 4.3 AML/CFTR Part 4.3 Customer due diligence and ongoing monitoring

      • AML/CFTR 4.3.1 Firm to assess applicants for business

        A firm must decide, from the outset of its dealings with an applicant for business, whether the person is seeking to establish a business relationship with the firm or is an occasional customer seeking to carry out a one-off transaction.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.2 When CDD required — basic requirement

        (1) A firm must conduct CDD for a customer when:
        (a) it establishes a business relationship with the customer;
        (b) it conducts a one-off transaction for the customer with a value (or, for transactions that are or appear (whether at the time or later) to be linked, with a total value) of at least QR 50,000;

        Note A firm must have systems and controls to identify one-off transactions that are linked to the same person (see rule 4.3.15 (1)).
        (c) it suspects the customer of money laundering or terrorism financing; or
        (d) it has doubts about the veracity or adequacy of documents, data or information previously obtained in relation to the customer for the purposes of identification or verification.
        Note CDD must also be conducted under rule 3.3.8 (Powers of attorney) and rule 3.3.10 (Wire transfers).
        (2) This rule is subject to:
        •   rule 3.4.9 (Introducers)
        •   rule 3.4.10 (Group introductions)
        •   rule 3.4.11 (Intermediaries)
        •   rule 4.3.4 (When CDD may not be required — acquired businesses)
        •   rule 5.2.2 (2) (Firm must ensure no tipping-off occurs).
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.3 Firm unable to complete CDD for customer

        (1) This rule applies if a firm cannot complete CDD for a customer.

        Examples
        1 the firm is unable to verify the customer's identity using reliable, independent source, data or information
        2 the customer exercises cancellation or cooling-off rights
        (2) The firm:
        (a) must immediately terminate any relationship with the customer;
        (b) must not establish a relationship with, or carry out a transaction with or for, the customer; and
        (c) must consider whether it should make a suspicious transaction report to the FIU.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.4 When CDD may not be required — acquired businesses

        (1) This rule applies if a firm acquires the business of another firm, either in whole or as a product portfolio (for example, the mortgage book).
        (2) The firm is not required to conduct CDD for all customers acquired with the business if:
        (a) all customer account records are acquired with the business; and
        (b) due diligence inquiries before the acquisition did not give rise to doubt that the AML/CFT procedures followed for the business were being conducted in accordance with the AML/CFT Law and these rules or the law of another jurisdiction that has an effective AML/CFT regime.
        (3) However, if the AML/CFT procedures followed by the acquired business were not conducted (or it is not possible to establish whether they were conducted) in accordance with the AML/CFT Law and these rules or the law of another jurisdiction that has an effective AML/CFT regime, the firm's senior management must prepare or approve, and document, an action plan that ensures that the firm conducts CDD for all of the customers acquired with the business as soon as possible.
        (4) Also, if subrule (3) does not apply, but full customer records are not available to the firm for all of the customers acquired with the business, the firm's senior management must prepare or approve, and document, an action plan that ensures that the firm conducts CDD for all of the customers for whom full customer records are not available to the firm as soon as possible.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.5 Timing of CDD — establishment of business relationship

        (1) A firm must conduct CDD for a customer before it establishes a business relationship with the customer.
        (2) However, the CDD may be conducted during the establishment of the relationship if:
        (a) this is necessary in order not to interrupt the normal conduct of business; and

        Examples of where it may be necessary in order not to interrupt the normal conduct of business
        1 non-face-to-face business
        2 securities transactions
        (b) there is little risk of money laundering or terrorism financing and these risks are effectively managed;

        Examples of measures to effectively manage risks
        1 limiting the number, types and amount of transactions that may be conducted during the establishment of the relationship
        2 monitoring large or complex transactions being carried out outside the expected norms for the relationship
        (c) the CDD is completed as soon as practicable after contact is first established with the customer; and
        (d) the CDD is conducted in accordance with the policies, procedures, systems and controls on the use of the business relationship even before the customer's identity is verified.
        Note Under rule 2.1.3 (2) (g), a firm must have policies, procedures, systems and controls that set out the conditions that must be satisfied to permit a customer to use the business relationship even before the customer's identity (or the identity of the beneficial owner of the customer) is verified.
        (3) Also, CDD may be conducted for the beneficiary under a life insurance contract after the business relationship has been established if they are conducted at or before:
        (a) the time of payout; or
        (b) the time the beneficiary exercises a right vested under the contract.
        (4) In addition, CDD for a bank account holder may be conducted after the account has been opened if there are adequate safeguards in place to ensure that:
        (a) the account is not closed before they are completed; and
        (b) no payments are made from the account, and no other transactions are carried out by or on behalf of the account holder, before they are completed.
        (5) If the firm establishes a business relationship with the customer under subrule (2), (3) or (4) but cannot complete CDD for the customer, the firm:
        (a) must immediately terminate any relationship with the customer;
        (b) must not carry out a transaction with or for the customer; and
        (c) must consider whether it should make a suspicious transaction report to the FIU.
        (6) Subrule (5) (c) does not apply if the firm:
        (a) is a lawyer, notary, other legal professional, accountant, auditor, tax consultant or insolvency practitioner; and
        (b) is:
        (i) providing legal advice to the client; or
        (ii) defending or representing the client in, or concerning, legal proceedings, including providing advice on instituting or avoiding legal proceedings.
        Note For lawyers, notaries, other legal professionals and accountants, see rule 5.2.4 on giving advice and tipping-off.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.6 Timing of CDD — one-off transactions

        (1) A firm must conduct CDD for a customer before it conducts a one-off transaction for the customer.
        (2) If the firm cannot complete CDD for the customer, the firm:
        (a) must immediately terminate any relationship with the customer;
        (b) must not carry out the transaction with or for the customer; and
        (c) must consider whether it should make a suspicious transaction report to the FIU.
        (3) Subrule (2) (c) does not apply if the firm:
        (a) is a lawyer, notary, other legal professional, accountant, auditor, tax consultant or insolvency practitioner; and
        (b) is:
        (i) providing legal advice to the client; or
        (ii) defending or representing the client in, or concerning, legal proceedings, including providing advice on instituting or avoiding legal proceedings.
        Note For lawyers, notaries, other legal professionals and accountants, see rule 5.2.4 on giving advice and tipping-off.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.7 When CDD required — additional requirement for existing customers

        (1) A firm must also conduct CDD for existing customers at other appropriate times on a risk-sensitive basis.
        (2) Without limiting subrule (1), a firm must conduct CDD for an existing customer if there is a material change in the nature or ownership of the customer.
        (3) Without limiting subrule (2), a firm must decide whether to conduct CDD for a customer if:
        (a) the firm's customer documentation standards change substantially;
        (b) there is a material change in the way an account is operated or in any other aspect of the business relationship with the customer;
        (c) a significant transaction with or for the customer is about to take place; or
        (d) the firm becomes aware that it lacks sufficient information about the customer.
        Note See rule 3.3.4 (Products with fictitious or false names or no names).
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.8 Extent of CDD — general requirement

        (1) A firm must:
        (a) decide, consistently with these rules, the extent of CDD for a customer on a risk-sensitive basis depending on, among other factors, the customer risk, the product risk, the interface risk and the jurisdiction risk; and
        (b) be able to demonstrate to the Regulator that the extent of the is appropriate in view of the risks of money laundering and terrorism financing.
        (2) Without limiting subrule (1), a firm must conduct enhanced CDD for a customer if, for example, the business relationship of the customer is assessed as carrying a higher money laundering or terrorism financing risk.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.9 Extent of CDD — legal persons and arrangements

        (1) This rule applies if a firm is required to conduct CDD for a legal person (other than a corporation) or a legal arrangement.
        (2) If the firm identifies the class of persons in whose main interest the legal person or legal arrangement is established or operated as a beneficial owner, the firm is not required to identify all the members of the class.
        (3) However, if the CDD is required to be conducted for a legal arrangement and the beneficiaries and their contributions have al been decided, the firm must identify each beneficiary who is to receive at least 20% of the funds of the arrangement (by value).

        Note See also rule 4.6.11 (Customer identification documentation — legal arrangements).
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.10 CDD for beneficiaries of life insurance policies — general

        (1) A financial institution must conduct the either of the following measures on each beneficiary of a life insurance policy or other investment-related insurance policy as soon as the beneficiary is identified or designated:
        (a) for an identified beneficiary (whether a natural or legal person or a legal arrangement) — recording the beneficiary's name;
        (b) for a beneficiary designated by characteristics or class (for example, spouse or children at the time that the insured event occurs) or by some other means (for example, under a will)) — obtaining enough information about the beneficiary to satisfy the financial institution that it will be able to establish the identity of the beneficiary at the time of the payout.
        (2) The institution must verify the identity of each beneficiary at the time of the payout.
        (3) In deciding whether enhanced CDD is applicable, a financial institution must consider the beneficiary of a life insurance policy as a risk factor. If the financial institution decides that a beneficiary who is a legal person or a legal arrangement presents a higher risk, the enhanced CDD should include reasonable measures to identify, and verify the identity of, the beneficiary's beneficial owner at the time of payout.
        (4) If a financial institution is unable to comply with this rule, it must consider making a suspicious transaction report to the FIU.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.11 CDD for PEPs as beneficiaries of life insurance policies

        (1) Before making a payout from a life insurance policy, a financial institution must take reasonable measures to determine whether the beneficiary, or the beneficial owner of the beneficiary, of the policy is a PEP.
        (2) If the beneficiary or its beneficial owner is a PEP and the PEP presents a higher risk, the firm:
        (a) must inform its senior management;
        (b) must conduct enhanced CDD of its business relationship with the policyholder; and
        (c) must make a suspicious transaction report to the FIU.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.12 CDD for purchaser and vendor of real estate

        A DNFBP acting as real estate agent in relation to a transaction for the sale of real property must conduct CDD on both the buyer and seller of the property (even if the DNFBP acts for only 1 of the parties to the transaction).

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.13 Ongoing monitoring required

        (1) A firm must conduct ongoing monitoring for each customer.

        Note See rule 4.2.2 (What is ongoing monitoring?).
        (2) Without limiting subrule (1), the firm must pay special attention to all complex, unusual large transactions, or unusual patterns of transactions, that have no apparent or visible economic or lawful purpose.

        Examples
        1 significant transactions relative to the business relationship with the customer
        2 transactions that exceed set limits
        3 very high turnover inconsistent with the size of the balance
        4 transactions that fall outside the regular pattern of an account's activity
        (3) The firm must examine as far as possible the background and purpose of a transaction mentioned in subrule (2) and must make a record of its findings.
        (4) A record made for subrule (2) must be kept for at least 10 years after the day it is made.
        (5) This rule is subject to rule 5.2.2 (2) (Firm must ensure no tipping-off occurs).
        (6) In this rule:
        transaction, in relation to insurance business, means the insurance product itself, the premium payment and the benefits.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.14 Procedures for ongoing monitoring

        (1) A firm must have policies, procedures, systems and controls for ongoing monitoring for its customers.
        (2) The systems and controls:
        (a) must flag transactions for further examination; and
        (b) must provide for:
        (i) the prompt further examination of these transactions by a senior independent person;
        (ii) appropriate action to be taken on the findings of the further examination; and
        (iii) if there is knowledge or suspicion of money laundering or terrorism financing raised by the findings — a report to be made promptly to the firm's MLRO.
        (3) The monitoring provided by the systems and controls may be:
        (a) in real time (that is, transactions are reviewed as they take place or are about to take place); or
        (b) after the event (that is, transactions are reviewed after they have taken place).
        (4) The monitoring may be, for example:
        (a) by reference to particular types of transactions or the customer's risk profile;
        (b) by comparing the transactions of the customer, or the customer's risk profile, with those of customers in a similar peer group; or
        (c) through a combination of those approaches.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.3.15 Linked one-off transactions

        (1) A firm must have systems and controls to identify one-off transactions that are linked to the same person.

        Note See rule 4.2.5 (What is a one-off transaction?).
        (2) If a firm knows or suspects, or has reasonable grounds to know or suspect, that a series of linked one-off transactions involves money laundering or terrorism financing, the firm must make a suspicious transaction report to the FIU.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 4.4 AML/CFTR Part 4.4 Enhanced CDD and ongoing monitoring

      • AML/CFTR 4.4.1 Enhanced CDD and ongoing monitoring — general

        A firm must, on a risk-sensitive basis, conduct enhanced CDD and enhanced ongoing monitoring:

        (a) in cases where it is required to do so under the AML/CFT Law or these rules;
        (b) if required by the Regulator or the NAMLTF Committee;
        (c) in cases where FATF calls upon its members to require enhanced CDD and enhanced ongoing monitoring; and
        (d) in any other case that by its nature can present a higher risk of money laundering or terrorism financing.

        Note Enhanced CDD or enhanced ongoing monitoring is required under:

        •   rule 2.1.3 (2) (b) (Matters to be covered by policies etc)
        •   rule 3.2.4 (Persons associated with terrorist acts etc — enhanced CDD and ongoing monitoring)
        •   rule 3.2.5 (c) and (f) (Measures for PEPs)
        •   rule 3.3.5 (3) (a) (Correspondent banking relationships generally)
        •   rule 3.3.9 (3) (Bearer shares and share warrants to bearer)
        •   rule 3.3.12 (3) (a) (Correspondent securities relationships generally)
        •   rule 3.5.1 (2) examples (Risk assessment for jurisdiction risk)
        •   rule 3.5.5 (Jurisdictions with impaired international cooperation)
        •   rule 3.5.6 (Non-cooperative, high risk and sanctioned jurisdictions)
        •   rule 3.5.7 (1) (b) (Jurisdictions with high propensity for corruption)
        •   rule 4.3.8 (2) (Extent of CDD — general requirement)
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.4.2 Measures required for enhanced CDD or ongoing monitoring

        A firm that is required to conduct enhanced CDD or enhanced ongoing monitoring must include the following measures, as appropriate to either or both requirements:

        (a) obtain additional information about the customer (for example, profession, volume of assets and information available through public databases and open sources);
        (b) update customer identification and beneficial owner identification;
        (c) obtain additional information on the purpose and intended nature of the business relationship;
        (d) obtain additional information on the sources of the customer's wealth and funds;
        (e) obtain information on the reasons for the expected transactions or the transactions that have been carried out;
        (f) obtain senior management approval before establishing or continuing a business relationship;
        (g) implement additional and continuous controls by identifying transactions and patterns of transactions that need additional scrutiny and review;
        (h) make the first of any required payments to the customer through an account in a bank that is regulated and supervised (at least for AML and CFT purposes) by the Regulator or by an equivalent regulatory or governmental authority, body or agency in another jurisdiction.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.4.3 Measures in addition to enhanced CDD and ongoing monitoring

        In addition to the enhanced CDD and enhanced ongoing monitoring in this Part, a firm must conduct, on a risk-sensitive basis:

        (a) countermeasures proportionate to the risks specified in circulars published by the NAMLTF Committee based on relevant findings of international organisations, governments and other bodies; and
        (b) other measures determined by the NAMLTF Committee on its own initiative.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 4.5 AML/CFTR Part 4.5 Simplified CDD and ongoing monitoring

      • AML/CFTR 4.5.1 Simplified CDD — general

        Except if there is a suspicion of money laundering or terrorism financing, a firm may conduct, for a customer, simplified CDD under rules 4.5.2 to 4.5.4 when:

        (a) it establishes a business relationship with the customer; or
        (b) it conducts a one-off transaction for the customer to which rule 4.3.2 (1) (b) (When CDD required — basic requirement) applies.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.5.2 Customer with low level of risk

        A firm may conduct simplified CDD for a customer who presents a low level of risk. The CDD must be commensurate to the level of risk and may include:

        (a) despite rule 4.3.5, verifying the identity of the customer or beneficial owner after (rather than before) the business relationship has been established;
        (b) despite rule 4.3.6, verifying the identity of the customer or beneficial owner after (rather than before) a one-off transaction with a value of at least QR 50,000;
        (c) reducing the intensity, extent and frequency of updates of customer identification; and
        (d) not collecting information, or not carrying out measures, to determine the purpose and intended nature of the business relationship, and instead inferring that purpose and nature from the transactions carried out under that relationship.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.5.3 Listed, regulated public companies

        A firm may conduct simplified CDD for a customer if the customer is a public company whose securities are listed on a regulated financial market that subjects public companies to disclosure obligations consistent with international standards of disclosure.

        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.5.4 Certain life insurance contracts

        A firm may conduct simplified CDD for a customer in relation to a life insurance contract if:

        (a) either:
        (i) the annual premium is not more than QR 3,000; or
        (ii) if there is a single premium — the premium is not more than QR 7,500;
        (b) the contract is in writing;
        (c) the beneficiary is not anonymous;
        (d) the nature of the contract allows for the timely CDD if there is a suspicion of money laundering or terrorism financing; and
        (e) the benefits of the contract or a related transaction cannot be realised for the benefit of third parties, except on death or survival to a predetermined advanced age, or similar events.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 4.5.5 Simplified ongoing monitoring

        This Part applies to ongoing monitoring in relation to a customer that presents a low level of risk. The ongoing measures must be commensurate to the level of risk and may include the reduction, based on a reasonable threshold determined by the firm, of the intensity, extent and frequency of:

        (a) the firm's scrutiny of the customer's transactions; and
        (b) the firm's review of its records of the customer.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 4.6 AML/CFTR Part 4.6 Customer identification documentation

      • AML/CFTR Division 4.6.A AML/CFTR Division 4.6.A Customer identification documentation — general

        • AML/CFTR 4.6.1 Elements of customer identification documentation

          Customer identification documentation relates to 2 distinct elements, namely:

          (a) the customer; and
          (b) the nature of the customer's economic activity.

          Note See rule 4.1.3 (Customer identification documents).

          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.2 Records of customer identification documentation etc

          (1) A firm must make and keep a record of all the customer identification documentation that it obtains in conducting CDD and ongoing monitoring for a customer.
          (2) Without limiting subrule (1), a firm must make and keep a record of how and when each of the steps of the CDD for a customer were satisfactorily completed by the firm.
          (3) This rule applies in relation to a customer irrespective of the nature and risk profile of the customer.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Division 4.6.B AML/CFTR Division 4.6.B Customer identification documentation — the economic activity

        • AML/CFTR 4.6.3 Risks associated with the economic activity — general

          (1) A firm must take into account that the risks associated with money laundering and the financing of terrorism arise from the fact that either:
          (a) the funds that are going to be put through a business relationship derive from crime and the business relationship will be used to channel these funds; or
          (b) proceeds of crime will be mixed with proceeds of legitimate economic activity to disguise their origin.
          (2) A firm must properly address these risks using the following approach:
          (a) identify the sources of the customer's wealth and funds;

          Note By establishing that the sources are not from criminal activity, the firm substantially mitigates the customer risk.
          (b) identify the purpose and intended nature of the business relationship.

          Note By establishing this, the firm can adequately monitor transactions conducted under the business relationship and assess how these correspond to transactions intended to be conducted under the relationship. In the assessment of where these differ, the firm can better work out whether money laundering or terrorism financing is taking place.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.4 Risks associated with the economic activity — source of wealth and funds

          (1) In conducting CDD for an applicant for business who is seeking to establish a business relationship, a firm must obtain, and document, information on the source of the applicant's wealth and funds.

          Note Information obtained can assist the firm in establishing the money laundering and terrorism financing risks posed by both the customer risk and the jurisdiction risk. In certain cases the product risk will also be affected by establishing the source of the wealth and funds.
          (2) The firm must obtain, and document, the information to an appropriate level having regard to the applicant's risk profile and must document this information.
          (3) If the applicant's risk profile is not low risk, the firm must verify the source of the applicant's wealth and funds using reliable, independent source documents, data or information, and must document this verification.
          (4) Information documented under this rule forms part of the firm's customer identification documentation.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.5 Risks associated with the economic activity — purpose and intended nature of business relationship

          (1) In conducting CDD for an applicant for business who is seeking to establish a business relationship, a firm must obtain, and document, information about the purpose and intended nature of the business relationship.
          (2) The extent and detail of this information must be sufficient to allow the firm:
          (a) to readily identify differences between the actual transactions conducted under the relationship and the stated purpose and intended nature of the relationship;
          (b) to increase information requirements to satisfy itself that money laundering or financing of terrorism has not taken place; and
          (c) if it is not satisfied about the information received — to consider making a suspicious transaction report to the FIU.
          (3) Information documented under this rule forms part of the firm's customer identification documentation.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR Division 4.6.C AML/CFTR Division 4.6.C Customer identification documentation — particular applicants for business

        • AML/CFTR 4.6.6 Customer identification documentation — individuals

          (1) This rule applies if an applicant for business for a firm is an individual.
          (2) If the individual's risk profile is low risk, the firm may satisfy the customer identification requirements by confirming the individual's name and likeness by sighting:
          (a) an official government-issued document that has the individual's name and a photograph of the individual;

          Examples
          1 a valid Qatari ID card
          2 a valid passport
          3 a valid driving licence with a photograph
          (b) a document from a reliable, independent source that bears the individual's name and a photograph of the individual; or
          (c) other documents from reliable, independent sources.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.7 Customer identification documentation — multiple individual applicants

          (1) This rule applies if 2 or more individuals are joint applicants for business for a firm.
          (2) The identities of all of them must be verified in accordance with these rules.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.8 Customer identification documentation — corporations

          (1) This rule applies if an applicant for business for a firm is a corporation.
          (2) If the corporation's risk profile is low risk, the firm may, subject to subrule (3), satisfy the customer identification requirements by:
          (a) either:
          (i) obtaining a copy of the certificate of incorporation or trade (or an equivalent document), which includes:
          (A) the corporation's full name; and
          (B) the corporation's registered number; or
          (ii) performing a search in the jurisdiction of incorporation and confirming all the matters that would be confirmed by a certificate (or equivalent document) mentioned in subparagraph (i);
          (b) confirming the corporation's registered office business address;
          (c) obtaining a copy of the corporation's latest available report and audited accounts; and
          (d) obtaining a copy of the board resolution authorising:
          (i) the establishing of the relationship with the firm; and
          (ii) persons to act on its behalf in relation to the relationship, including by operating any accounts.
          (3) If the corporation has a multi-layered ownership or control structure, the firm:
          (a) must obtain an understanding of the corporation's ownership and control at each level of the structure using reliable, independent source documents, data or information; and
          (b) must document its understanding of the corporation's ownership and control at each level of the structure.
          (4) Without limiting subrule (3), if the corporation has a multi-layered ownership or control structure, the customer identification requirements for each intermediate legal person must include reliable, independent source documents, data or information verifying:
          (a) the legal person's existence; and
          (b) its registered shareholdings and management.
          Example

          If corporation applicant for business (A) is a subsidiary of another corporation (B) that is in turn a subsidiary of a third corporation (C), the firm must comply with subrule (3) and (4) in relation to B as well as C.
          (5) The firm must conduct additional CDD if the corporation:
          (a) is incorporated in a foreign jurisdiction; or
          (b) has no direct business links to Qatar.
          (6) If the corporation, or the corporation's parent entity, is listed in a stock exchange that has disclosure requirements that enable the customer's or owner's identity to be verified in a fully transparent way, the firm:
          (a) need not identify, nor verify the identity of, the shareholders of the corporation or the shareholders of the parent entity; and
          (b) may instead satisfy the customer identification requirements by obtaining information from a public register, the corporation or parent entity itself, or other reliable sources.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.9 Customer identification documentation — unincorporated partnerships and associations

          (1) This rule applies if an applicant for business for a firm is an unincorporated partnership, or an association that conducts business (the applicant).
          (2) If the firm does not know the applicant's partners or directors, the firm must verify the identity of all of the partners or directors using reliable, independent source documents, data or information.
          (3) If the applicant is a partnership with a formal partnership agreement, the firm must obtain a mandate from the partnership authorising:
          (a) the establishing of the relationship with the firm; and
          (b) persons to act on behalf of the partnership in relation to the relationship, including by operating any accounts.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.10 Customer identification documentation — charities

          (1) This rule applies if an applicant for business for a firm is a charity.
          (2) The firm must conduct CDD for the charity according to its legal form.

          Examples of legal forms of charities
          1 company limited by shares
          2 trust
          3 unincorporated association
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.11 Customer identification documentation — legal arrangements

          (1) This rule applies if an applicant for business for a firm is a legal arrangement.
          (2) In conducting a risk assessment for the legal arrangement, the firm must take into account the different money laundering and terrorism financing risks that are posed by arrangements of different sizes and areas of activity. This subrule does not limit the matters the firm may take into account.

          Examples

          Some legal arrangements have a limited purpose (for example, inheritance tax planning) or have a limited range of activities. Others have more extensive activities and connections including financial links with other jurisdictions.
          (3) The firm must, as a minimum, obtain the following information about the legal arrangement:
          (a) the arrangement's full name;
          (b) the nature and purpose of the arrangement;

          Examples of the nature of arrangements

          discretionary, testamentary, bare
          (c) the jurisdiction where the arrangement was established;
          (d) the identities of the parties to the arrangement;

          Examples of parties to a trust

          settlor, trustee, protector and beneficiary
          (e) the beneficial owner of the arrangement.
          Note Under rule 1.3.5 (1) (c) and 1.3.5 (4), the beneficial owner of a legal arrangement is the individual who ultimately owns, or exercises effective control over, the arrangement and includes:
          (a) if the beneficiaries and their distributions have al been decided — an individual who is to receive at least 20% of the funds of the arrangement; and
          (b) if the beneficiaries or their distributions have not al been decided — the class of individuals in whose main interest the arrangement is established or operated as beneficial owner; and
          (c) an individual who, directly or indirectly, exercises control over at least 20% (by value) of the property of the arrangement.
          (4) The firm must verify the identity of an applicant that is a legal arrangement using reliable, independent source documents, data or information that show:
          (a) the name, nature and proof of existence of the arrangement; and
          (b) the terms of the arrangement.
          (5) The firm must verify that any person purporting to act on behalf of the legal arrangement is so authorised, and must identify and verify the identity of that person.
          (6) The firm:
          (a) must understand, and if necessary obtain information on, the purpose and intended nature of the business relationship; and
          (b) must understand the nature of the business of the legal arrangement and its ownership and control structure.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.12 Customer identification documentation — clubs and societies

          (1) This rule applies if an applicant for business for a firm is a club or society (the applicant).
          (2) In conducting a risk assessment for the applicant, the firm must take into account the different money laundering and terrorism financing risks that are posed by clubs and societies of different types and areas of activity.
          (3) Subrule (2) does not limit the matters the firm may take into account.
          (4) If the applicant's risk profile is low risk, the firm must, as a minimum, obtain the following information about the applicant:
          (a) the applicant's full name;
          (b) the applicant's legal status;
          (c) the applicant's purpose, including any constitution;
          (d) the names of all of the applicant's officers.
          (5) The firm must also verify the identities of the applicant's officers who have authority:
          (a) to establish a relationship with the firm on the applicant's behalf; or
          (b) to act on behalf of the applicant for the relationship, including by operating any account or by giving instructions about the use, transfer or disposal of any of the applicant's assets.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.13 Customer identification documentation — governmental bodies

          (1) This rule applies if an applicant for business for a firm is a multi-jurisdictional entity, a government department or a local authority (the applicant).
          (2) The firm must, as a minimum, obtain the following information about the applicant:
          (a) the applicant's legal status;
          (b) the applicant's ownership and control, as appropriate;
          (c) the applicant's main address.
          (3) The firm must also verify the identities of the persons who have authority:
          (a) to establish a relationship with the firm on the applicant's behalf; or
          (b) to act on behalf of the applicant for the relationship, including by operating any account or by giving instructions about the use, transfer or disposal of any of the applicant's assets.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)

        • AML/CFTR 4.6.14 Other requirements for customer identification of legal persons

          (1) In addition to the customer identification documentation required for particular applicants under this Division, a firm must verify the identity of an applicant that is a legal person using reliable, independent source documents, data or information that show:
          (a) the name, legal form and proof of existence of the legal person;
          (b) the mandates, declarations, resolutions and other sources of power that regulate and bind the legal person;
          (c) the names of the persons holding senior management positions in the legal person; and
          (d) the address of the registered office of the legal person and, if different, its principal place of business.
          (2) The firm must verify that any person purporting to act on behalf of the legal person is so authorised, and must identify and verify the identity of that person.
          (3) The firm must:
          (a) understand, and if necessary obtain information on, the purpose and intended nature of the business relationship; and
          (b) understand the nature of the business of the legal person and its ownership and control structure.
          (4) For subrule (3) (b), the firm must identify, and verify the identity of:
          (a) the individual who is the beneficial owner of the legal person; or
          (b) if no individual can be identified as the beneficial owner of the legal person (or if there is doubt that an individual is the beneficial owner) — the legal person's most senior manager.
          Note Under rule 1.3.5 (1) (c) and 1.3.5 (3), the beneficial owner of a legal person is the individual who ultimately owns, or exercises effective control over, the person and includes, for a corporation:
          (a) an individual who, directly or indirectly, owns or controls at least 20% of the shares or voting rights of the corporation; and
          (b) an individual who, directly or indirectly, otherwise exercises control over the corporation's management.
          Derived by QFCRA RM/2019-8 (as from 1st February 2020)