Financial Crime World

Title: New AML/CFT/CPF Regulations by State Bank of Pakistan: Strengthening Financial Compliance

Building a Robust Financial Sector: New Regulations from SBP

In order to fortify Pakistan’s financial sector against money laundering, terrorist financing, and proliferation financing, the State Bank of Pakistan (SBP) has issued new regulations, known as the Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Countering Proliferation Financing (CPF) regulations. These regulations apply to SBP Regulated Entities (REs) and will become effective from September 30, 2020.

Enhancing Financial Transparency: Key Objectives

The comprehensive guidelines aim to:

  • Enhance risk management.
  • Improve customer due diligence and reporting mechanisms.
  • Ensure greater financial transparency.
  • Conform with international standards enforced by the Financial Action Task Force (FATF).

Penalties for Non-Compliance: Violators of these regulations will face penal and administrative actions under the applicable laws, regulations, and the AML/CFT Sanctions Rules, 2020.

Regulations for SBP REs: Size, Nature, and Complexities

SBP REs, which include banks, development finance institutions (DFIs), microfinance banks (MFBs), exchange companies, payment systems operators (PSOs), payment service providers (PSPs), electronic money institutions (EMIs), and third-party payment service providers (TPSPs), are required to comply with the instructions according to their size, nature of business, and the complexities of their operations.

Key Components of the New Regulations

Regulation 1 - Risk-Based Approach

Banking entities must implement a risk-based approach to AML/CFT to evaluate risks associated with their:

  • Customers
  • Products
  • Services
  • Delivery channels
  • Technologies
  • Employees

New controls must be developed to mitigate potential liabilities.

Regulation 2 - Customer Due Diligence (CDD)

Entities must conduct CDD for their:

  • New customers
  • Occasional customers

CDD measures should align with their business model, clientele, financial services provided, and geographical locations. Identity verification using reliable and independent documents, such as passports, national identity cards, or proof of registration cards for Afghan refugees, is mandatory.

Regulation 3 - Outsourcing Activities

Activities, including risk management and KYC process outsourcing, are allowed if they comply with specified guidelines.

Implementing Technology and Automation

SBP REs are encouraged to use technology and automation in their regulatory compliance efforts to maintain efficiency.

Adequate Management Information Systems

Entities must have adequate management information systems to ensure effective oversight, monitoring, and accountability within their organizations. The Board of Directors retains the ultimate responsibility for safeguarding financial security and maintaining a robust compliance framework.