• AML/CFTR Chapter 7 AML/CFTR Chapter 7 Providing documentary evidence of compliance

    Note for Chapter 7

    Principle 6 (see rule 1.2.6) requires a firm to be able to provide documentary evidence of its compliance with the requirements of the AML/CFT Law and these rules.

    Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 7.1 AML/CFTR Part 7.1 General record-keeping obligations

      • AML/CFTR 7.1.1 Records about compliance

        (1) A firm must make the records necessary:
        (a) to enable it to comply with the AML/CFT Law and these rules; and
        (b) to demonstrate at any time whether the firm has complied with the AML/CFT Law and these rules.
        (2) Without limiting rule (1) (b), the firm must make the records necessary to demonstrate how:
        (a) the key AML/CFT principles in Part 1.2 have been complied with;
        (b) the firm's senior management has complied with responsibilities under the AML/CFT Law and these rules;
        (c) the firm's risk-based approach has been designed and implemented;
        (d) each of the firm's risks have been mitigated;
        (e) CDD and ongoing reviews were conducted for each customer; and
        (f) CDD and ongoing monitoring were enhanced where required by the AML/CFT Law or these rules.
        Examples of records that must be kept
        1 documents and data obtained while conducting CDD
        2 account files
        3 business correspondence
        4 results of analysis of suspicious transaction reports
        Note See also rule 5.1.10 for reporting records to be made by MLRO and rule 4.3.13 (4) for records on monitoring of complex, unusual or large transactions.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 7.1.2 How long records must be kept

        (1) All records made by a firm for the AML/CFT Law or these rules must be kept for at least 10 years after the day they are made.
        (2) All records made by a firm in relation to a customer for the purposes of the AML/CFT Law or these rules must be kept for at least the longer of the following:
        (a) if the firm has (or has had) a business relationship with the customer — 10 years after the day the business relationship with the customer ends;
        (b) if the firm has not had a business relationship with the customer or had a business relationship with the customer and carried out a one-off transaction for the customer after the relationship ended — 10 years after the day the firm last completed a transaction with or for the customer.
        (3) If the day the business relationship with the customer ended is unclear, it is taken to have ended on the day the firm last completed a transaction with or for the customer.
        (4) This rule is subject to rule 5.1.8 (Obligation not to destroy records relating to customer under investigation etc).
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 7.1.3 Retrieval of records

        (1) A firm must ensure that all types of records kept for the AML/CFT Law and these rules can be retrieved without undue delay.
        (2) Without limiting subrule (1), a firm must establish and maintain systems that enable it to respond fully and quickly to inquiries from the FIU and law enforcement authorities about:
        (a) whether it maintains, or has maintained during the previous 10 years, a business relationship with any person; and
        (b) the nature of the relationship.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

    • AML/CFTR Part 7.2 AML/CFTR Part 7.2 Particular record-keeping obligations

      • AML/CFTR 7.2.1 Records for customers and transactions

        (1) A firm must make and keep records in relation to:
        (a) its business relationship with each customer; and
        (b) each transaction that it conducts with or for a customer.
        (2) The records must:
        (a) comply with the requirements of the AML/CFT Law and these rules;
        (b) enable an assessment to be made of the firm's compliance with:
        (i) the AML/CFT Law and these rules; and
        (ii) its AML/CFT policies, procedures, systems and controls;
        (c) enable any transaction effected by or through the firm to be reconstructed;
        (d) enable the firm to comply with any request, direction or order by a competent authority, judicial officer or court for the production of documents, or the provision of information, within a reasonable time;
        (e) indicate the nature of any evidence that it obtained in relation to an applicant for business, customer or transaction; and
        (f) for any such evidence — include a copy of the evidence itself or, if this is not practicable, information that would enable a copy of the evidence to be obtained.
        (3) This rule is additional to any provision of the AML/CFT Law or any other provision of these rules.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)

      • AML/CFTR 7.2.2 Training records

        A firm must make and keep records of the AML/CFT training provided for the firm's officers and employees, including, as a minimum:

        (a) the dates the training was provided;
        (b) the nature of the training; and
        (c) the names of the individuals to whom the training was provided.
        Derived by QFCRA RM/2019-8 (as from 1st February 2020)