Chat with us!
Resources

Table of Contents

Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) and Countering Proliferation Financing (CPF) Policy and Procedure Manual

Key Highlights

Risk-Based Client Classification

Clients are classified into three risk categories:

  • High Risk: PEPs, non-residents, virtual asset service providers
  • Medium Risk: Clients whose identity is not easily verifiable
  • Low Risk: Clients with easily identifiable sources of wealth

Customer Due Diligence

Three levels of due diligence are applied:

  • Standard Due Diligence: For all new clients
  • Enhanced Due Diligence: For high-risk clients
  • Simplified Due Diligence: For low-risk clients

Suspicious Transaction Monitoring

All suspicious transactions must be reported regardless of amount. Red flags include:

  • Transactions involving high-risk countries
  • Transactions involving shell companies
  • Transactions involving virtual assets
  • Complex and unusually large transactions

Record Keeping

All client information is retained for a minimum of 5 years post-transaction, including:

  • Identification data and risk profiles
  • Account and financial details
  • Transaction records (nature, date, type, number)
  • Communication records with clients

1. BACKBONE AML/KYC POLICY

Introduction

Drawing significantly from the recommendations of the Basel Committee on Banking Regulations and Supervisory Practices, Financial Action Task Force Recommendations, provisions of the Money Laundering (Prevention & Prohibition) Act, 2022, Central Bank of Nigeria (CBN) Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destructions in Financial Institutions) Regulations 2022. The management of Backbone Finance Inc. ("The Company") has come up with the following measures in the attainment of its objectives of ensuring full compliance and to safeguard the Company from being used as a tool for financial crime. The Company sets specific procedures for monitoring client onboarding, account classification, and KYC documentation.

Objective

The objective of this policy is to provide Anti-Money Laundering, Combating the Proliferation of Terrorism and Countering Proliferation (AML, CFT & CPE) compliance guidelines for Backbone Finance Inc. "The Company" under the regulatory purview of the CBN. Also, to diligently enforce AML, CFT, CPE measures and ensure effective compliance.

This Policy shall apply to every customer or client of the Company.

Interpretation

  • Customer- A customer which shall be used interchangeably with Client in this policy may be defined as follows:
    • A person or entity that maintains an account and/or has a business relationship with the Company or on whose behalf an account is maintained.
    • A person or entity connected with a financial transaction that can pose significant reputational or other risks to the Company, such as a wire transfer or issue of a high-value demand draft as a single transaction.
  • Regulators- The Regulator refers to the Central Bank of Nigeria (CBN) and other Regulators as Backbone may from time to time be subject to.
  • Politically Exposed Persons (PEPs): Individuals who are or have been entrusted with prominent public function or anybody relating to them e g. President, Governors, Local Government/ Local Government Development Agency Chairmen and their vice/deputy, senior politicians, senior government, judicial and military officials, senior executives of state-owned corporations, important political party officials such as Party Chairmen, etc, members of Royal Families, etc. Persons related to PEPs for the sake of this policy include:
    • the spouse, civil partner, or life partner;
    • the previous spouse, civil partner, or life partner, if applicable;
    • children and stepchildren and their spouse, civil partner, or life partner;
    • parents;
    • siblings and stepsiblings and their spouse, civil partner, or life partner;
    • Close associates; and
    • Staff, both domestic and corporate
  • KYC: Know Your Customers
  • Suspicious Transaction: Activity of a Client which does not fit the profile or knowledge of the Client or goes outside his regular transaction pattern.
  • Beneficial owner: a person who ultimately owns or controls a Company or a person on whose behalf a transaction is being conducted.
  • Virtual Asset (VA): A digital representation of value that can be digitally traded, or transferred, and can be used for payment or investment purposes. Virtual assets do not include digital representations of fiat currencies (e.g. naira, dollars, etc.), securities, and other financial assets that are already covered elsewhere in the Financial Action Task Force (FATF) Recommendations. Examples of virtual assets include Bitcoin, Ethereum, etc.
  • Virtual Asset Service Provider (VASP): means any entity that has a business or conducts one or more of the following activities for or on behalf of another natural or legal person:
    • Exchange between virtual assets and fiat currencies.
    • Exchange between one or more forms of virtual assets.
    • transfer of virtual assets.
    • safekeeping and/or administration of virtual assets or instruments enabling control over virtual assets; and participation in and provision of financial services related to an issue and/or sale of a virtual asset.
    • individual or corporate body registered by the CBN to trade Virtual Assets in the capital market.

Customer Acceptance Policy (CAP)

It highlights the criteria for the determination of the basis upon which Backbone shall enter into a relationship with a customer. The criteria are as follows:

  • The Company shall accept customers strictly in accordance with this policy.
  • No account shall be opened in an anonymous or false name.
  • Responsible Units within the Company shall ensure that Clients provide relevant documents and other information depending on risk categories.
  • The Sales Executive shall oversee the closure of an existing account when it becomes clear that it is impossible to apply the proper customer due diligence measures. This includes when it becomes impossible to verify the identity of the customer or obtain the documents necessary for risk categorization due to the customer's lack of cooperation or the unreliability of the data/information provided to the authorized Sales Executive. However, the Sales Executive must make sure that these measures do not subject the Client to any form of embarrassment.
  • The Sales Executive shall escalate to the Heads of Sales and Customer Service any difficulty in obtaining necessary KYC documents from Clients.
  • In case an account must be closed on the above-mentioned ground, the authorized officer shall do so only after receiving written approval from the Managing Director.
  • The Client shall be given prior reasonable notice before the closure of his/her account and shall also be informed of the reasons for the closure of his account.
  • The Sales Executive, Compliance and Risk team shall make necessary checks before opening a new account to ensure that the identity of the customer does not match with any person with a known criminal background or with banned entities.
  • All the teams concerned shall therefore exercise caution when dealing with transactions that involve people or entities whose names are on the Nigerian Sanctions List or UN Consolidated Sanctions Lists as published periodically. The Sales team shall also take caution when dealing with Clients from countries categorized as high-risk by the FATF such as Cambodia, Burkina Faso, Venezuela, etc.
  • The Sales team shall liaise with the Compliance/Risk Team to ascertain if the prospective individual or entity desirous of establishing a relationship with the company is not in any way involved in any unlawful activity.
  • Responsible units within the Company Shall prepare a profile for every new customer and shall maintain the profile of each new customer.
  • The nature and extent of due diligence shall depend on the risk perceived by the Compliance/Risk team However, the Company shall continue to follow strictly with its Data Privacy Policy concerning Customer information. The Company shall be mindful that the adoption of the Customer Acceptance Policy and its implementation shall be subject to regulatory disclosure and shall not result in the denial of its services to the general public

1.0 Customer Identification/Know Your Customer Procedure (CI/KYC)

Customer identification/KYC means identifying a person and verifying the identity of a client by using reliable, independent source documents or information. The Sales Executive needs to obtain sufficient information necessary to establish, to his satisfaction, the identity of each new Client and the purpose of the intended nature of the business relationship. The Sales Executive, Compliance and Risk teams must be able to assure management that due diligence was observed based on the risk profile of the Client in compliance with the existing guidelines.

In addition to the risk profiling, the nature of information/documents required would also depend on the type of customer (individual, corporate, etc.). For customers that are natural persons, the Sales Executive shall obtain sufficient documentation to verify the identity of the customer, his address/location, as well as a photo ID.

The teams involved shall also conduct physical verification of the customers' address where there is unclarity/likelihood of inaccuracy of documents evidencing the address of the customer and subsequently complete the required address verification form. For body corporate, the Relationship Manager shall verify the legal status of the entity through proper and relevant documents/online checks and shall also verify that any person purporting to act on behalf of the entity is so authorized. He shall also take the necessary steps to verify the identity of that person. (See Appendix1 for requirement guidelines)

If the authorized Sales Executive decides to accept such accounts in terms of the Customer Acceptance Policy, he shall take reasonable measures to identify the beneficial owner(s) and to verify his/her/their identity in a manner that he is satisfied that he knows who the beneficial owner(s) is/are. An indicative list of the nature and type of documents/information that may be relied upon for customer identification is given in Annexure II.

2.0 Monitoring of Transactions

Continuous monitoring is an essential ingredient of effective KYC procedures, and the extent of monitoring should be according to the risk sensitivity of the account. The Head of Operations in conjunction with the Risk department shall pay special attention to all complex, unusually large transactions and all unusual patterns which have no apparent economic or visible lawful purpose. Transactions that involve large amounts of cash inconsistent with the size of the balance maintained may indicate that the funds are being 'washed' through the account. Such transactions shall be reported to the Head of Compliance who then reports to Management and files the necessary regulatory reports.

High-risk accounts shall be subjected to intensive monitoring. The directives concerning cash transactions and the regulatory threshold limit (included in Appendix III) must be adhered to by the departments concerned, with utmost strictness. According to the extant laws, a correct record of all transactions—both deposits and withdrawals—must be maintained and provided to the Head of Compliance within the time frame specified in Appendix III. The information provided should include complete customer details, such as name, account number, account opening date, and amount deposited/withdrawn.

3.0 Due Diligence

4.1 Customer Due Diligence: This shall be carried out in the following circumstances.

  • When a customer is onboarded/business relationship is established. Upon onboarding, necessary measures shall be taken to confirm the validity of the KYC documents provided in line with the provisions of Appendix II;
  • a customer carries out a transaction from $10,000, N5,000,000 (for an individual), or N10,000,000 (for a body corporate) or their equivalents or such other thresholds to be determined by the Regulators from time to time;
  • a VASP carries out a transaction above $1,000 or its equivalent. Including where the transaction is carried out in a single operation or several operations that appear to be linked;
  • There is a suspicion of money laundering, terrorism financing, proliferation financing, or any other red flag as may be stated in Appendix IV;
  • There are doubts as to the KYC documentation previously obtained from the Client;
  • There is a change in the way the account is operated; and
  • The account officer determines that there is no sufficient information about an existing Client.

4.2 Ongoing Due Diligence:

This is carried out in the course of the relationship with a customer. This includes scrutinizing the transactions undertaken by the customer to ensure that the transactions conducted are consistent with the knowledge of the client.

4.3 Enhanced Due Diligence (EDD):

EDD is a higher level of scrutiny than Customer Due Diligence. The primary purpose of EDD is to gather information about the Client's history, reputation, business, address, lifestyle, and in the case of a corporate entity, the beneficial owners among other things. This shall apply to all High-Risk Clients.

Considerations/Procedures to be Adopted for Enhanced Due Diligence
  1. Risk-based approach must be adopted while conducting EDD.
  2. Information about the concerned account must be obtained from verified and reliable sources.
  3. Investigate the source of funds of the account owner and the ultimate beneficiaries.
  4. Pay attention to ongoing transactions involving such accounts.
  5. Examine and assess the adverse media and market reputation of the account owner or the ultimate beneficiaries.
  6. On-site visits to be conducted to confirm the address and sometimes confirm the activities going on in the address.
  7. Internal Control/Risk Team to prepare a report on the findings from the above consideration and same is to be shared with management.
  8. Approval of the MD is required to open a new account or maintain an existing account for high- risk client.
  9. The Head of Compliance shall escalate to the appropriate regulator where necessary.
  10. Identify and take reasonable steps to verify the identity of a beneficial owner, using relevant information or data obtained from reliable sources to satisfy itself that it knows who the beneficial owner is through methods including:
    1. For legal persons;
      1. Identify and verify the natural persons, where they exist, that have ultimate controlling ownership interest in a legal person, taking into cognizance the fact that ownership interest can be so diversified that there may be no natural persons, whether acting alone or with others, exercising control of the legal person or arrangement through ownership.

Enhanced Dule Diligence shall be performed for higher risk customers, business relationships or transactions including:

  1. non-resident customers;
  2. Private banking customers;
  3. Legal persons or legal arrangements such as trusts that are personal- assets vehicles;
  4. Companies that have nominee-shareholders or shares in bearer form;
  5. Politically Exposed Persons ("PEP") as defined in item 3 above;
  6. Cross- border banking and business relationships;
  7. Any other businesses, activities or professions that may be prescribed by regulatory, supervisory or competent authorities

4.4 Simplified/Reduced Due Diligence:

This level of due diligence shall be adopted for lower risk category of clients only where lower risk has been identified through an adequate analysis of the risks in the following instances of:

  1. financial institution that is compliant with AML/CFT requirements;
  2. Where information on the clients or the beneficial owners is publicly available;
  3. The risk of money laundering, terrorist financing, and proliferation financing is lower.

Roles and Responsibilities of Relevant Team Members

Roles and Responsibilities of Relevant Teams

  1. Management- The Organization's policies and procedures cover management oversight, systems and controls, segregation of duties, training, and other related matters. To ensure the effective implementation of this policy, Management shall explicitly allocate responsibilities within the various units/departments.
  2. Chief Compliance Officer (CCO)

    The financial institution shall designate a Chief Compliance Officer with the relevant competence, authority and independence to implement the Company's AML, CFT and CPF compliance program. The Chief Compliance Officer who shall be appointed at the management level shall have the following duties:

    • Ensure adherence to AML/CFT regulation during the onboarding of new Clients.
    • Develop an AML/CFT/CPF Compliance Program and ensure adherence
    • The Head of Compliance in conjunction with the CRO shall ensure compliance with threshold limits in line with Regulatory provisions on AML/CFT.
    • Rendering "Nil" returns to the CBN and NFIU where necessary to ensure compliance
    • Filing other regulatory returns with the CBN and other relevant and supervisory authorities
    • Receiving and vetting suspicious transaction reports from staff
    • Receiving and escalating where necessary client complaints from the Customer Services department
    • Coordinating the training of Board, management and staff in AML/CFT/CPF awareness, detection methods and reporting requirements
    • Serving as liaison officer to the CBN and any other regulator Backbone may be subject to from time to time.
    • Serving as a point of contact for all employees on issues relating to money laundering, terrorist financing, and proliferation financing
  3. Internal Audit – The Internal Audit and Compliance functions have a key role in establishing evaluating, maintaining and ensuring procedures, policies and control to prevent ML, PF and PE, which have regard to their ML or TF risks and the size of the business and communicate these to their employees

    The procedures, policies and control established by Backbone shall cover operational matters including the CDD, record retention, detection of unusual and suspicious transaction and reporting obligation.

    The Compliance Officer and Internal Control are to have timely access to CDD information, accounts and transaction records including information and all analysis of transactions and activities and other relevant information.

    The Head of the internal audit shall conduct routine checks to ensure adherence to the KYC policies and procedures and may comment on the lapses if any observed in this regard. This lapse/remedial steps taken shall be escalated to Management on a monthly basis and a report shall be presented to the Audit and Risk Management Committee quarterly.

4.0 TRAININGS

Training encompassing applicable money laundering laws, current trends in money laundering activities, and the Company's policies/ procedures to combat money laundering shall be conducted for all staff members periodically (quarterly). The Compliance Officer with the assistance of the HR Department, shall determine the frequency of training and identify personnel to be trained.

There shall also be relevant training for frontline staff and any other staff dealing with customers.

5.0 RISK-BASED CLASSIFICATION OF CLIENTS

Customers of the Company shall be categorized into 3 risk categories in line with the CBN's three- tiered KYC framework as follows:

  1. High-Risk Clients: All non-resident Clients, PEPs, and those resident in grey/blacklisted countries (for non-compliance with AML/CFT Rules or FATF Recommendations) must be categorised as high-risk. Enhanced due diligence must be conducted for all customers classified as high-risk.
  2. Medium Risk Clients: These are Clients who are likely to pose higher than average risk but are not high risk. They may open and operate their accounts either physically or virtually.
  3. Low-Risk Clients: They are face-to-face clients who are resident in Nigeria and are able to open and operate their accounts virtually or physically with appropriate and easily verifiable documentation. Low-risk clients also include the clients listed in Clause 4.4 (a-f) of this Policy.

Figure 1: Client classification

Risk CategoryFeaturesKYC
Low Risk
  1. Persons whose identities and sources of wealth can be easily identified.
  2. Persons whose transactions conform to the known profile
  3. Nigerian citizens and residents
  4. No foreign remittance can be credited to this account

Examples include

  1. salaried employees whose salary structures are well-defined
  2. persons with small account balances/low turnover i.e accounts with a cumulative balance of N200,000; single deposit amount of N20,000 and maximum daily redemption of N30,000
  3. employees of government ministries, departments, parastatals apart from the Permanent Secretaries and Directors of these agencies
  4. Employees of government-owned companies whose income/source of funds are verifiable.
  5. Financial Institutions that are AML/CFT compliant
  6. Listed Companies
  7. Regulators/SROs
  8. statutory bodies
  9. Pension Fund Administrators
  1. Name
  2. passport photograph
  3. means of ID
  4. place and date of birth
  5. nationality
  6. gender
  7. home address & telephone number
  8. other KYC information
  9. relevant incorporation documents in the case of corporate bodies
Medium Risk
  1. Persons whose identity and source of wealth are not easily verifiable.
  2. Nigerian citizens temporarily resident abroad
  3. Persons who do not qualify as high-risk or low-risk
  4. Customer identification is subject to verification

Examples include:

  1. Persons with maximum cumulative balance of N400,000, single deposit of N40,000, and maximum daily redemption of N50,000
  2. Students and other persons abroad for a short/specific period.
  3. Persons employed in industries without formally registered bodies or regulators.
  1. passport photograph
  2. name
  3. place & date of birth
  4. means of ID
  5. nationality
  6. gender
  7. home address & telephone number
  8. other relevant KYC information.

N.B: Information provided is subject to verification

High Risk
  1. Persons living in or doing business in an industry or place known for unlawful trading/business activity e.g. drug production, trafficking or smuggling, and money laundering activities e.g. Bureau de Change, casinos, etc.
  2. Persons whose profile is perceived to be uncertain or dubious.
  3. Persons living or doing business in a country where FATF recommendations are not applicable or countries with no AML/CFT regulations.
  4. Virtual Asset Service providers
  5. Non-resident Customers
  6. Politically Exposed Persons (foreign and international) and persons or companies related to them
  7. Complex legal arrangements e.g SPVs
  8. Companies that have nominee-shareholders
  9. non-face-to-face customers.

N.B

The approval of the Managing Director/CEO shall be obtained before opening a high-risk account.

All the above-listed information as well as Enhanced Due Diligence (EDD) and Customer Due Diligence (CDD)

6.0 Suspicious Transactions:

All suspicious transactions including attempted transactions are to be reported regardless of the amount involved. The requirement is to file STRs applies regardless of whether the transactions are considered to involve tax matters or other matters.

The following are transactions that may be suspicious:

  1. Transactions involving high-risk countries vulnerable to ML/TF/PF
  2. transactions involving shell companies.
  3. transactions involving virtual assets or virtual asset service providers.
  4. large transaction activity involving monetary instruments such as bank drafts.
  5. transaction activity involving amounts that are just below the reporting threshold.
  6. where employees live luxurious lifestyles that cannot be justified by their salaries, do not comply with approved guidelines, or refuse to go on leave.
  7. Complex and unusually long transactions.

7.0 Customer Education

Implementing the above KYC procedures requires that the Relationship Manager request from the Client certain information that may be private/personal in nature, or which have never been called for from the client. This can sometimes lead to a lot of questioning by the Client as to the motive and purpose of collecting such information. Therefore, the concerned Relationship Manager needs to handle such situations tactfully while dealing with Clients and educate such Clients on the objectives of the KYC program.

The Company must have a clear and detailed Account Opening Form which will help the Relationship Manager adequately address enquiries. This account opening form must be signed by the Client to confirm the information so collected. The Relationship Manager must also ensure that Clients are informed about the company's minimum KYC requirements during the onboarding process.

8.0 KYC For Existing Accounts

It is the regulatory standard that existing accounts be reviewed at least once a year. To ensure compliance, all existing active clients of all business units in the Company shall be contacted through all possible means in order to update their records when necessary.

Minimum Standard for KYC

  1. Individual Client- An individual client shall provide the following minimum KYC documents:
    1. Bank account details (including account name, type, number, and date of account opening)
    2. A Federal Government recognized means of ID such as a Bank Verification Number (BVN), National Identification Number (NIN), International Passport, voter card, etc. which shall be validated through an accepted identification validation portal; provided that the identification number shall be obtained separately from, and in addition to other acceptable means of personal identification.
    3. Utility Bill or other proof of residential address
    4. Employment details and/or source of funds
  2. Corporate Entities - Incorporation/Registration documents of the entity, in addition to the BVN or any other Federal Government recognized identification number of at least one (1) director and all of the authorized signatories to the corporate entity's securities trading account.

9.0 Virtual Asset Service Providers:

Any account involving a virtual asset, or a virtual asset service provider shall be categorized as a high-risk account. Such account will only be opened, and mandates executed upon the conclusion of Enhanced Due Diligence by the relevant department. In addition to the information and documents stated above, the account officer shall ensure that such individual or corporate body has obtained the license/permit/approval of the CBN and/or other such regulatory body empowered to regulate transactions involving virtual assets.

10.0 Record Keeping

  1. In compliance with the provisions of the CBN Regulations and further to the Company's fiduciary duty to all its stakeholders, the Legal and Compliance Department shall ensure that all responsible units retain Clients' information for a minimum of 5 years post transaction or for longer if required.
  2. Upon the expiration of 5 years, Client's information shall be archived in electronic format for another period of 5 to 10 years.
  3. The information of Clients who were involved in larger volume, complex, or suspicious transactions shall be kept longer than 5 years and the electronic copy shall be kept for as long as is practicable.
  4. The Legal and Compliance Department shall also ensure that all stakeholders (Directors, Shareholders, Clients, and such other persons whose information the Company has recourse to) information within the custody of the Company are well kept and preserved in compliance with extant Corporate Governance Rules.
  5. Records, in this case, will include records of identification data, risk profile of the Client, account/financial details, or CDD information, nature, date, type, and number of transactions.
  6. Any information obtained during any meeting, discussion, or other communication with the clients shall be recorded and kept to ensure that current clients' information is readily accessible to Compliance Officers or relevant regulatory bodies

1. INTERNAL CONTROL POLICIES ON KYC

Introduction

The Management of Backbone Finance Inc. ["The Company") is responsible for maintaining an effective internal control system commensurate with the scale, nature, and complexity of the organization's operations. The Company is responsible for setting specific internal control requirements for customer onboarding. This policy sets out the objectives, roles and responsibilities, processes, and reporting procedures relating to Know Your Customer (KYC) documentation and Controls.

As a rule, a business relationship with Backbone will not be established until the identity of a potential customer has been satisfactorily established. Where a potential customer declines to provide any account initiation information, the relationship will not be established. In the case of an existing relationship, where the customer refuses to provide further information and documents required to update existing records, any relationship already established will be terminated. This policy is developed in line with the applicable regulatory requirements and is aligned with CBN's regulations of onboarding and updating client information.

Objective

The purpose of the internal control system is to provide reasonable assurance to Senior Management and the Board of Directors regarding measures taken with respect to all new and existing customer onboarding at Backbone. Customer for the purpose of our KYC policy is defined as:

  1. A person or entity that maintains an account and/or has a business relationship with Backbone.
  2. One on whose behalf the account is maintained (i.e. the beneficiaries)
  3. Beneficiaries of transactions conducted by professional intermediaries (3rd party accounts such as Lawyers, stockbrokers, etc.
  4. Any person or entity connected with a financial transaction, which can pose significant reputational or other risks to Backbone.

Our approach to KYC is from a wider prudential, not just anti-money laundering, perspective. Sound KYC procedures must be seen as a critical element In the effective management of Financial Institution risks. KYC safeguards go beyond simple account opening and record-keeping and require that the relevant teams in Backbone formulate a customer acceptance policy and Account Opening form that provides relevant information which involves more extensive due diligence for higher-risk accounts and includes proactive account monitoring for suspicious activities.

To this end, the Backbone's KYC policies and procedures emphasize the following:

  1. Obtaining the necessary documents and information from every customer as specified in the Backbone's Operations Policy Manual.
  2. Prohibition of opening numbered or anonymous accounts or accounts in fictitious or pseudo names.
  3. Minimum acceptable identification evidence for low-risk and low-value accounts.
  4. Independent verification of the legal status of incorporated entities and sole proprietorships with the Corporate Affairs Commission.
  5. Screening of customer information against a database of individuals and entities subject to sanction (watch-list check) at the onboarding stage and quarterly customer database scan as required by the AML regulations.
  6. Identifying the customer as well as the beneficial owners and verifying the customer's identity using reliable, independent source documents, data, or information.
  7. Profiling of customers and risk rating such that transactions by customers are fairly predictable.
  8. Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution's knowledge of the customer, their business, and risk profile, including, where necessary, the source of funds.
  9. Customer information update whenever the need arises.
  10. Obligation to report to the regulatory authorities suspicious transactions, which may ultimately have a bearing on money laundering activities.

Onboarding of New Clients

Sales Executives are required to take reasonable and appropriate measures to establish the identities of their clients and others for whom they may open accounts and provide financial services. Sufficient information on the following must be obtained at the beginning of the relationship and periodically thereafter.

Individuals/Corporate Entity: Relationship Managers must take necessary steps to ensure that they know the person they are dealing with. They must confirm information such as beneficial owners, controllers, signatories, and directors.

Fund: Relationship Managers must know and trace the source of funds and nature of business as the case may be.

Location: Relationship Managers must verify the address of the customer or the place of business as applicable.

Procedure for Account Opening

Individual Account

  1. At the point of entry for all new clients, a set of account opening forms is provided for the client to complete. The Relationship Manager shall ensure that the client understands all the fields in the account opening form and fills it appropriately.
  2. Upon completion of the form, the Relationship Manager shall ensure that all the documents listed in the Customer Identification Procedure of the AML Policy is attached appropriately.
  3. The completed form is then forwarded by the Relationship Manager to the Customer Services team who confirms that the account opening form is properly filled and necessary documents attached.
  4. The Customer Services team shall ensure that the account opening documents are also approved by Internal Audit/Risk and Legal & Compliance.
  5. Upon necessary approvals for the account opening form, the Customer Services department shall ensure that the Client's account is opened internally and externally.
  6. Code is assigned to the customer within 24 hours.

Control Over Account Opening Forms

A. Sales Department/ Relationship Officer

  1. Ensure that the account opening form is properly completed by the Client and same is also accompanied by all necessary KYC documentation.
  2. In the case of an old account, the relationship officer shall communicate with the Client with regard to the need to update the Client's records.

B. Customer Service Department

  1. Confirm that the account opening form provided by the Sales Executive is properly completed and all accompanying documents provided.
  2. Return incomplete or inaccurate forms to the Sales Executive for rectification.
  3. Periodically review Client records to ensure that all KYC documentation is up to date and liaise with the relationship manager to obtain the necessary information or documents from the Client when needed.
  4. When an existing Client's records are updated, such Client; 's information shall be updated on all necessary platforms.
  5. Where physical verification of the account is carried out, the same is signed off on the account opening form as "Verified" or the account opening form shall be accompanied by a verification form duly filled and signed by the Relationship Manager.

C. Maker & Checker

The account opening process shall pass through 2 stages of approval before completion of onboarding i.e. approval by Risk/Internal Control and Legal &Compliance. This approval level ensures that the account opening form is accurately and properly completed and all required accompanying documents are attached. The Internal Control/Risk Management department shall periodically review customers' files to ensure that they are always complete.

After onboarding, the Client's mandate shall pass through Internal Control/Risk Management and Treasury before final execution. The Internal Control/Risk Management shall ensure that the account is funded and also confirm the completeness of KYC before approval of execution.

ACCOUNT CLOSURE: Clients' accounts are closed either directly by the client or upon an action initiated by the company. Upon the receipt of a written request from a client for an account closure, the head of Sales shall engage the client to know why he intends to close the account. Ultimately, accounts shall only be closed upon the approval of the MD first sought and obtained. The account Opening form is marked closed only after proper verification of the client's ledger account & clearance has been received from the Finance and Treasury regarding dues & margin if any.

Client's accounts may also be closed on an action initiated by the company in the following cases:

  1. If the client fails to provide proper documents as required under the rules & regulations of the CBN even after repeated requests by the company.
  2. If the client is declared insolvent under any law in Nigeria.
  3. If criminal cases are filed or pending against the Client and such information is not disclosed at the time of registration with the company

Appendix I: Customer Identification Requirements

1. Trust/Nominee or Fiduciary Accounts

A trust account is an account held by a third party (the trustee) for the benefit of another party (the beneficiary). Consequently, the Relationship Manager should determine whether a customer is acting on behalf of another person as a trustee/nominee or any other intermediary. If so, he shall insist on receipt of satisfactory evidence of the identity of the intermediaries and of the persons on whose behalf they are acting. He shall also obtain details of the nature of the trust or other arrangements in place.

While opening an account for a trust, the Relationship Manager should take reasonable precautions to verify the identity of the trustees and the settlers of the trust, guarantors, protectors, beneficiaries, and signatories. Beneficiaries should be identified when they are defined. In the case of a 'foundation,' steps should be taken to verify the founding managers, directors, and beneficiaries.

2. Accounts of Companies and Firms

The Sales Executive must be vigilant against business entities being used by individuals as a front for maintaining accounts with financial institutions (i.e. shell companies). He should examine the control structure of the entity, determine the source of funds, and identify the natural persons who have a controlling interest and the profile of their management staff. These requirements may be moderated according to the risk perception e.g., in the case of a public company it will not be necessary to identify all the shareholders. However, promoters, directors, and executives need to be identified adequately.

3. Accounts of Politically Exposed Persons (PEPs)

The Managing Director (M.D) shall approve to onboard a PEP, hence, the Head of Customer Service must notify the M.D of any PEP who seeks to open an account with the Company. In the case of an existing Client, the Managing Director/CEO must approve a continued relationship with such a Client.

The Head of Sales shall gather sufficient information on PEPs and check all the information available to the person in the public domain. He should verify the identity of the person and seek information about the sources of funds before seeking the MD's approval to onboard the PEP as a customer. The Risk/Internal Control department together with the Customer Service department shall put in place appropriate mechanisms to determine whether a Client is a PEP. The Compliance Officer shall render returns on the transactions carried out by the PEP to the NFIU.

4. Accounts of non-face-to-face customers

With the introduction of telephone and electronic banking, accounts are being opened for Clients without the need for the Client to walk in. In the case of non—face—to—face Clients, apart from applying the usual customer identification procedures, there must be specific and adequate procedures to mitigate the high risk involved. Certification of all the documents presented by Clients resident abroad shall be insisted upon and, if necessary, additional documents may be called for. Such documents shall be certified by a third party which may be a government body or a regulated and supervised entity with adequate KYC systems in place

APPENDIX-II: CUSTOMER IDENTIFICATION PROCEDURE

Highlighted below are information/documents that must be obtained and verified before the completion of the onboarding process.

A. Individual Accounts

  1. Legal name and any other names
  2. Means of identification e.g., international passport, residence permit issued by the Immigration Authorities, driver's license issued by the Federal Road Safety Commission (FRSC), Tax Clearance Certificate, birth certificate or sworn declaration of age, national identity card, permanent Voters' Card and Bank Verification Number (BVN)
  3. Permanent address evidenced by record of home visit in respect of non-Nigerians, confirmation from the electoral register, recent utility bill such as electricity, waste or water bill, driver's license issued by FRSC, bank statement or passbook containing current address, letter from a solicitor confirming recent house purchase or search report from the Land Registry, tenancy agreement, search reports on prospective client's place of employment and residence (as approved by senior management).
  4. Date of birth
  5. Source of funds

B. Corporate Account

  1. Name of the company;
  2. Trade or brand name if different from the incorporated name;
  3. Certificate of incorporation;
  4. Memorandum and Articles of Association;
  5. Status Report from CAC detailing particulars of Directors;
  6. Mailing address of the company and proof of address;
  7. Telephone number;
  8. Name, Addresses and Identity cards (government-issued: international passport, driver's license) of the Directors and their BVN;
  9. Board Resolution to open an account and identification of those who have authority to operate the account;
  10. Passport photo;
  11. Tax Identification Number (TIN);
  12. Special Control Unit Against Money Laundering (SCUML) registration(number, certificate or approval) for DNFBP; and
  13. Nature of Company's business

C. Partnership Firms

  1. Legal name;
  2. Address and proof of same;
  3. Names of all partners and their addressee;
  4. Telephone numbers of the firm and partners;
  5. Registration certificate, if registered;
  6. Partnership deed;
  7. Power of Attorney granted to a partner or an employee of the firm to transact business on its behalf.
  8. Any officially valid document identifying the partners and the persons holding the power of Attorney and his/her addresses

D. Accounts of Trusts & Foundations/Associations

  1. Names of trustees, settlers, beneficiaries, and signatories
  2. mailing address
  3. Names and addresses of the founder, the managers/directors, and the beneficiaries
  4. Telephone/fax number
  5. Certificate of registration, if registered
  6. document describing the purpose or objectives of the organization
  7. Power of Attorney granted to transact business on its behalf
  8. Any officially valid document to identify the trustees and beneficiaries

E. Foreign Client: In addition to the above,

  1. copy of international passport, national identity card, or proof of address certified by;
  • the embassy, consulate, or high commission of the country of issue
  • notary public or court of competent jurisdiction
  • where the original is cited, copies signed and stamped "original sighted by me" by senior management

Appendix III: Reporting Threshold

S/NName of ReportRegulatory ThresholdReporting Timeline
1Suspicious Transaction Report (STR)NilWithin 24 hours

Appendix IV: Suspicious Transactions

1 Potential suspicious transactions include:

  1. transactions involving high-risk countries vulnerable to ML/TF/PF subject to this being confirmed.
  2. transactions involving shell companies.
  3. transactions with correspondents that have been identified as higher risk.
  4. large transaction activity involving monetary instruments such as traveler's cheques, bank drafts, money orders, particularly those that are serially numbered.
  5. Complex and unusual transactions
  6. transaction activity involving amounts that are just below the stipulated reporting sum or enquiries that appear to test an institution's own internal monitoring or controls.
  7. other ML/TF/PF indicators approved by the FATF, GIABA etc.

2. Terrorist Financing "Red flags" includes

  1. where persons involved in a transaction share an address or phone number especially when the address is also a business address or does not correspond with the stated occupation, such as student, unemployed, or self-employed.
  2. transactions by a nonprofit or charitable organisation which appears to be of no logical economic purpose.
  3. Transactions by nonprofit or charitable organisation which has no link to the stated activity of the organization and other parties in the transaction.
  4. large volume of transactions through a business account, where there appears to be no logical business or other economic purpose for the transfers, particularly when this activity involves designated high- risk locations
  5. Where the stated occupation of the client is inconsistent with the type, balance and level of account activity
  6. Reference to the persons or entities listed in the UN list or Nigerian list of terrorists or terrorist organizations under the terrorism prevention (Freezing of International Terrorism Funds and Other Related Measures), Regulations
  7. Other money laundering, financing of terrorism and proliferation financing indicators published by FATF.

3. Employee Red Flags

When an employee

  1. exhibits a lavish lifestyle that cannot be justified by his salary.
  2. fails to comply with approved operating guidelines.
  3. is reluctant to go on leave or take a vacation

ANNEXURE 1

REGULATORY AND LEGAL FRAMEWORK

Nigerian Financial Institutions are monitored for money laundering by some organisations /agencies and under the provisions of the regulations specified below:

Institutional Framework – Local

  • Economic and Financial Crimes Commission (EFCC).
  • Nigerian Financial Intelligence Unit (NFIU).
  • National Drug Law Enforcement Agency (NDLEA).
  • Central Bank of Nigeria (CBN).
  • Independent Corrupt Practices Commission (ICPC).
  • Federal Inland Revenue Services (FIRS).

Institutional Framework International

  • Basel Committee on Banking Supervision.
  • Financial Action Task Force (FATF).
  • Inter-Governmental Group Against Money Laundering (GIABA).
  • Egmont Group (of Financial Intelligence Units)
  • United Nations Office of Drugs and Crime (UNODC).
  • The World Bank.
  • European Union.
  • Interpol.
  • The Joint Money Laundering Steering Group.

Legal Framework – Local

  • Money Laundering (Prevention & Prohibition) Act, 2022.
  • Terrorism (Prevention & Prohibition) Act, 2022.
  • CBN AML/CFT Regulations, 2022.
  • Terrorism Prevention (Freezing of International Terrorists Funds and Other Related Measures) Regulations, 2011.
  • Cybercrimes (Prohibition, Prevention, etc) Act, 2015.
  • Special Control Unit against Money Laundering AML/CFT Regulations for Designated Non-Financial Businesses and Professions in Nigeria, 2013.
  • Advance Fee Fraud and other Fraud Related Offences Act, 2006.
  • Bank's (recovery of Debt) and Financial Malpractices in Banks in Nigeria Act (as amended).
  • Banks and other Financial Institutions Act, 1991.
  • ICPC (Establishment) Act.