(b) In AML 6.2.3, situations that the Relevant Person may take into account include, for example, accepting subscription monies during a short offer period; executing a time critical transaction, which if not executed immediately, would or may cause a customer to incur a financial loss due to price movement or loss of opportunity; and when a customer seeks immediate insurance cover.
(c) When complying with AML 6.2.1, a Relevant Person should also, where appropriate, consider AML 6.6.1 regarding failure to conduct or complete CDD and Chapter 13 regarding STRs and tipping off.
(d) [intentionally omitted].
6.3. Conducting Customer Due Diligence
6.3.1. Obligation to verify and understand
In conducting CDD required by AML 6.1.1, a Relevant Person must:
(a) verify the identity of the customer and any person acting on behalf of the customer, including his authorisation to so act, based on original or properly certified documents, data or information issued by or obtained from a reliable and independent source;
(a-a) verify the identity of any beneficial owner(s) of the customer;
(b) obtain information on and understand the purpose and intended nature of the business relationship;
(c) understand the customer's sources of funds;
(d) understand the customer's sources of wealth; and
(e) conduct on-going due diligence of the customer business relationship under AML 6.4.1.
6.3.2. Customer obligation for life insurance
In complying with AML 6.3.1 for life insurance or other similar policies, a Relevant Person must:
(a) verify the identity of customers as soon as reasonably practicable before or during the establishment of a business relationship and when transactions for occasional customers are being conducted;
(a-a) verify the identity of any named beneficiaries of the insurance policy at the time of pay-out;
(b) verify the identity of the persons in any class of beneficiary, or where these are not identifiable, ensure that it obtains sufficient information to be able to verify the identity of such persons at the time of pay-out;
(c) if a beneficiary of the insurance policy who is a legal person or a legal arrangement presents a higher risk, take enhanced measures which should include reasonable measures to identify and verify the identity of the beneficial owner of the beneficiary, at the time of pay-out;
(d) take reasonable measures to determine whether the beneficiaries of the insurance policy and/or, where required, the beneficial owner of the beneficiary, are PEPs, at the latest, at the time of the pay-out, and, in cases of higher risks, inform senior management before the pay-out of the policy proceeds, conduct enhanced scrutiny on the whole business relationship with the policyholder, and consider making a STR; and
(e) include the beneficiary of a life insurance policy as a relevant risk factor in determining whether enhanced CDD measures are applicable.
6.3.3. Customer is a Politically Exposed Person
Where a customer, or a beneficial owner of the customer, is a PEP, a Relevant Person must ensure that, in addition to AML 6.3.1 it also:
(a) increases the degree and nature of monitoring of the business relationship, in order to determine whether the customer's transactions or activities appear unusual or suspicious; and
(b) obtains the approval of senior management to commence a business relationship with the customer.
6.3.4. Existing customer becoming a Politically Exposed Person
A Relevant Person must not continue its business relationship with an existing customer if the customer (or a beneficial owner of the customer) becomes a PEP, unless the Relevant Person obtains the approval of its senior management.
Guidance on conducting Customer Due Diligence
(a) A Relevant Person should, in complying with AML 6.3.1(a), and adopting the RBA, obtain, verify and record, for every customer who is a natural person, the following identification information:
(i) full name (including any alias);
(ii) date of birth;
(iii) nationality;
(iv) legal domicile; and
(v) current residential address (not a P.O. box).
(b) Items (i) to (iii) above should be obtained from a current valid passport or, where a customer does not possess a passport, an official identification document which includes a photograph. The concept of domicile generally refers to the place which a person regards as his permanent home and with which he has the closest ties or which is his place of origin.
(c) A Relevant Person should, in complying with AML 6.3.1(a), and adopting the RBA, obtain, verify and record, for every customer which is a legal person, the following identification information:
(i) full business name and any trading name;
(ii) registered or business address;
(iii) date of incorporation or registration;
(iv) place of incorporation or registration;
(v) a copy of the certificate of incorporation or registration;
(vi) a valid commercial or professional licence;
(vii) the identity of the directors, partners, trustees or equivalent persons with executive authority of the legal person or the relevant natural person who is a member of senior management; and
(viii) for a trust, a certified copy of the trust deed to ascertain the nature and purpose of the trust and documentary evidence of the appointment of the current trustees.
(d) In complying with AML 6.3.1(a), it may not always be possible to obtain original documents. Where identification documents cannot be obtained in original form, for example, because a Relevant Person has no physical contact with the customer, the Relevant Person should obtain a copy certified as a true copy by a person of good standing such as a registered lawyer or notary, a chartered accountant, a bank manager, a police officer, an employee of the person's embassy or consulate, or other similar person. Downloading publicly-available information from an official source (such as a regulator or government website) is sufficient to satisfy the requirements of AML 6.3.1.(a) CDD information and research obtained from a reputable company or information- reporting agency may also be acceptable as a reliable and independent source, as would banking references and, for lower risk customers, information obtained from researching reliable and independent public information found on the internet or on commercial databases.
(e) For higher risk situations, identification information is to be independently verified, using both public and non-public sources.
(f) In complying with AML 6.3.1(c) a Relevant Person is required to «understand» a customer's source of funds. This means understanding where the funds for a particular service or transaction will come from (e.g. a specific bank or trading account held with a specific financial institution) and whether that funding is consistent with the customer's source of wealth. The best way of understanding the source of funds is by obtaining information directly from the customer, which will usually be obtained during the on- boarding process. The Relevant Person should keep appropriate evidence of how they were able to understand the source of funds, for example, a copy of the customer account opening form, customer questionnaire or a memo of a call with the relationship manager at a financial institution.
(g) In complying with AML 6.3.1(d) a Relevant Person is required to «understand» a customer's source of wealth. For a natural person, this might include questions about the source of wealth in an application form or customer questionnaire. The understanding may also be gained through interactions with the relationship manager at a financial institution. It could also be gained by obtaining information from a reliable and independent publicly available source, for example, from published accounts or a reputable news source. The understanding need not be a dollar for dollar account of the customer's global wealth, but it should provide sufficient detail to give the Relevant Person comfort that the customer's wealth is legitimate and also to provide a basis for subsequent on-going due diligence. The understanding of the customer's source of wealth should be clearly documented.
(h) Understanding a customer's sources of funds and wealth is also important for the purposes of conducting on-going due diligence under AML 6.3.1(e) Initial funding of an account or investments from an unknown or unexpected source may pose a money laundering risk. Similarly, a sound understanding of the customer's source of funds and wealth also provides useful information for a Relevant Person's transaction monitoring programme.
(i) An insurance policy which is similar to a life policy would include life-related protection, or a pension, or investment product which pays out to the policy holder or beneficiary upon a particular event occurring or upon redemption.
Guidance on identification and verification of beneficial owners
(a) In determining whether an individual meets the definition of a beneficial owner or controller, regard should be had to all the circumstances of the case.
(b) When identifying beneficial owners, a Relevant Person is expected to adopt a substantive (as opposed to form over substance) approach to CDD for legal persons. Adopting a substantive approach means focusing on the money laundering risks of the customer and the product/service and avoiding an approach which focusses purely on the legal form of an arrangement or sets fixed percentages at which beneficial owners are identified (or not).
(c) A Relevant Person should take all reasonable steps to establish and understand a corporate customer's legal ownership and control and to identify the beneficial owner. An approach based only on defined thresholds without regard to the relevant risks in defining the beneficial owner may result in inadequate determination of beneficial ownership, for example, a criminal «gaming» the system by always keeping his financial interest below the relevant threshold.
A Relevant Person must consider a customer’s risk rating and the source of funds when reviewing transactions as required by AML 6.4.1.
(d) In some circumstances no threshold should be used when identifying beneficial owners because it may be important to identify all underlying beneficial owners to ensure that they are not associated or connected in some way. This may be appropriate where there are a small number of investors in an account or fund, each with a significant financial holding and the customer-specific risks are higher. However, where the customer-specific risks are lower, a threshold can be appropriate. For example, for a low-risk corporate customer which, combined with a lower-risk product or service, a percentage threshold may be appropriate for identifying «control» of the legal person for the purposes of the definition of a beneficial owner.
(e) For a retail investment fund, which is widely-held and where the investors invest via pension contributions, the manager of the fund is not expected to look through to underlying investors where there are none with any material control or ownership levels in the fund. However, for a closely-held fund with a small number of investors, each with a large shareholding or other interest, a Relevant Person should identify and verify each of the beneficial owners, depending on the risks identified as part of its risk-based assessment of the customer.
(f) Where a Relevant Person carries out identification and verification in respect of actual and potential beneficial owners of a trust, the identification and verification should include the trustee, settlor, the protector, the enforcer, beneficiaries, other persons with power to appoint or remove a trustee and any person entitled to receive a distribution (whether or not such person is a named beneficiary). For legal arrangements other than a trust, the identification and verification should include persons in positions similar to those in a trust exercising ultimate effective control over the legal arrangement (including through a chain of control or ownership) and entitled to receive a distribution (whether or not such person is a named beneficiary).
(g) A Relevant Person should identify and take reasonable measures to verify the identity of the natural person(s) (if any) who ultimately has a controlling ownership interest in a legal person to the extent that there is doubt under verification as to whether the person(s) with the controlling ownership interest is the beneficial owner(s). If no natural person exerts control through ownership interests, the Relevant Person should identify and take reasonable measures to verify the identity of the natural person(s) (if any) exercising control of the legal person or arrangement through other means.
(h) Where no natural person is identified as a beneficial owner who ultimately has a controlling ownership interest (or who has control through other means) in a legal person, the relevant natural person who holds the position of a member of senior management should be identified as such and verified.
Guidance on Politically Exposed Persons
(a) Individuals who have, or have had, a high political profile, or hold, or have held, public office, can pose a higher money laundering risk to a Relevant Person as their position may make them vulnerable to corruption. This risk also extends to members of their families and to their close associates. PEP status itself does not incriminate individuals or entities. It does, however, put the customer into a higher risk category.
(b) Generally, a PEP presents a higher risk of money laundering because there is a greater risk that such person, if he/she was committing money laundering, would attempt to place his/her money offshore where the customer is less likely to be recognised as a PEP and where it would be more difficult for law enforcement agencies in his/her home jurisdiction to confiscate or freeze his/her criminal property.
(c) Corruption-related money laundering risk increases when a Relevant Person deals with PEPs. Corruption may involve serious crimes and has become the subject of increasing global concern. Customer relationships with family members or close associates of PEPs involve similar risks to those associated with PEPs themselves.
(d) After leaving office PEPs may remain a higher risk for money laundering if they continue to exert political influence, directly or indirectly, or otherwise pose a risk of corruption.
6.4. On-going Customer Due Diligence
6.4.1. On-going obligation
When conducting on-going CDD under AML 6.3.1, a Relevant Person must, using the RBA:
(a) monitor and review transactions undertaken during the course of its customer relationship to ensure that the transactions are consistent with the Relevant Person’s knowledge of the customer, its business, its risk rating, and its source of funds;
(b) pay particular attention to any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose;
(c) enquire into the background and purpose of the transactions in (b);
(d) periodically review the adequacy of the CDD information it holds on customers and beneficial owners to ensure that the information is kept up to date, particularly for customers with a high-risk rating;
(e) periodically review each customer to ensure that the risk rating assigned to a customer under AML 5.1.1(b) remains appropriate for the customer in light of the money laundering risks; and
(f) at appropriate times apply CDD to existing customers based on materiality and risk considering whether and when CDD has been previously conducted and the adequacy of the CDD information obtained.
Guidance on on-going Customer Due Diligence
(a) In complying with AML 6.4.1 a Relevant Person should undertake a periodic review to ensure that non-static customer identity documentation is accurate and up-to-date. Examples of non-static identity documentation include passport number and residential/business address and, for a legal person, its share register or list of partners.
(b) A Relevant Person should undertake a review under AML 6.4.1(d) particularly when:
(i) the Relevant Person changes its CDD documentation requirements;
(ii) an unusual transaction with the customer is expected to take place;
(iii) there is a material change in the business relationship with the customer; or
(iv) there is a material change in the nature or ownership of the customer.
(c) The degree of the on-going due diligence to be conducted will depend on the customer risk assessment carried out under AML 5.1.1.
(d) A Relevant Person’s transaction monitoring policies, procedures, systems and controls, which may be implemented by manual or automated systems, or a combination of these, are one of the most important aspects of effective CDD. Whether a Relevant Person should undertake the monitoring by means of a manual or computerised system (or both) will depend on a number of factors, including:
(i) the size and nature of the Relevant Person’s business and customer base; and
(ii) the complexity and volume of customer transactions.
6.5. Checking sanctions lists
6.5.1. Sanctions list review
A Relevant Person must review its customers, their business and transactions against UNSC sanctions lists and against any other Kazakhstan Sanctions List when complying with AML 6.4.1(d).
6.6. Failure to conduct or complete Customer Due Diligence
6.6.1. Prohibitions
Where, in relation to any customer, a Relevant Person is unable to conduct or complete the requisite CDD in accordance with AML 6.3.1 it must, to the extent relevant:
(a) not carry out a transaction with or for the customer through a bank account or in cash;
(b) not open an account or otherwise provide a service;
(c) not otherwise establish a business relationship or carry out a transaction;
(d) terminate any existing business relationship with the customer;
(e) [intentionally omitted]; and
(f) consider whether the inability to conduct or complete CDD necessitates the making of a STR (see Chapter 13).
A Relevant Person is prohibited from knowingly keeping anonymous accounts or accounts in obviously fictitious names.
6.6.2. Exceptions
A Relevant Person is not obliged to comply with AML 6.6.1(a) to (e) if:
(a) to do so would amount to «tipping off» the customer, in contravention of the AML Law; or
(b) the FIU directs the Relevant Person to act otherwise.
Guidance on failure to conduct or complete Customer Due Diligence
(a) Where CDD cannot be completed, it may be appropriate not to carry out a transaction pending completion of CDD. Where CDD cannot be conducted, including where a material part of the CDD, such as identifying and verifying a beneficial owner cannot be conducted, a Relevant Person should not establish a business relationship with the customer.
(b) A Relevant Person should note that AML 6.6.1 applies to both existing and prospective customers. For new customers, it may be appropriate for a Relevant Person to terminate the business relationship before a product or service is provided. The Relevant Person should be careful not to «tip off» the customer.
(c) A Relevant Person should adopt the RBA for CDD of existing customers. For example, if a Relevant Person considers that any of its existing customers have not been subject to CDD at an equivalent standard to that required by these Rules, it should adopt the RBA and take remedial action in a manner proportionate to the risks and within a reasonable period of time whilst complying with AML 6.6.1.
7. ENHANCED DUE DILIGENCE
7.1. Conducting Enhanced Due Diligence
7.1.1. Obligation to conduct Enhanced Due Diligence
A Relevant Person must conduct EDD where money laundering risks are higher.
Where a Relevant Person is required to conduct EDD under AML 6.1.1 it must, to the extent applicable to the customer:
(a) obtain and verify additional:
(i) identification information on the customer and any beneficial owner;
(ii) information on the intended nature of the business relationship; and
(iii) information on the reasons for a transaction;
(b) update more regularly the CDD information which it holds on the customer and any beneficial owners;
(c) verify information on:
(i) the customer's sources of funds;
(ii) the customer's sources of wealth;
(d) increase the degree and nature of monitoring of the business relationship, to determine whether the customer's transactions or activities appear unusual or suspicious;
(e) obtain the approval of senior management to commence a business relationship with a customer; and
(f) where applicable, require that any first payment made by a customer to open an account with a Relevant Person must be carried out through a bank account in the customer's name with:
(i) a bank;
(ii) a regulated Financial Institution whose entire operations are subject to regulation and supervision, including AML regulation and supervision, in a jurisdiction with AML regulations which are equivalent to the standards set out in the FATF Recommendations; or
(iii) a Subsidiary of a regulated Financial Institution referred to in (ii), if the law that applies to the parent ensures that the Subsidiary also observes the same AML standards as its parent.
Guidance on conducting Enhanced Due Diligence
(a) EDD measures are only mandatory to the extent that they are applicable to the relevant customer or the circumstances of the business relationship and to the extent that the risks would reasonably require it. Therefore, the extent of additional measures to conduct is a matter for the Relevant Person to determine on a case by case basis.
(b) For high risk customers, a Relevant Person should, in order to mitigate the perceived and actual risks, exercise a greater degree of diligence throughout the customer relationship and should endeavour to understand the nature of the customer's business and consider whether it is consistent and reasonable.
(c) A Relevant Person should be satisfied that a customer's use of complex legal structures and/or the use of trust and private investment vehicles, has a genuine and legitimate purpose.
(d) For EDD, where there is a beneficial owner, verification of the customer's source of funds and wealth may require enquiring into the beneficial owner's source of funds and wealth because the source of the funds would normally be the beneficial owner and not the customer.
(e) Verification of sources of funds might include obtaining independent corroborating evidence such as proof of dividend payments connected to a shareholding, bank statements, salary/bonus certificates, loan documentation and proof of a transaction which gave rise to the payment into the account.
(f) A customer should be able to demonstrate and document how the relevant funds are connected to a particular event which gave rise to the payment into the account or to the source of the funds for a transaction.
(g) Verification of sources of wealth might include obtaining independent corroborating evidence such as share certificates, publicly-available registers of ownership, bank or brokerage account statements, probate documents, audited accounts and financial statements, news items from a reputable source and other similar evidence. For example:
(i) for a legal person, this might be achieved by obtaining its financial or annual reports published on its website or news articles and press releases that reflect its financial situation or the profitability of its business; and
(ii) for a natural person, this might include documentary evidence which corroborates answers given to questions on the sources of wealth in an application form or customer questionnaire. For example, if a natural person attributes the source of his wealth to inheritance, he/she may be asked to provide a copy of the relevant will or grant of probate. In other cases, a natural person may be asked to provide sufficient bank or salary statements covering a number of years to draw up a picture of his/her sources of wealth.
(h) A Relevant Person might commission a third party report to obtain further information on a customer or transaction or to investigate a customer or beneficial owner in very high risk cases. A third party report may be particularly useful where there is little or no publicly-available information on a person or on a legal arrangement or where a Relevant Person has difficulty in obtaining and verifying information.
(i) In AML 7.1.1(f) circumstances where it may be applicable to require the first payment made by a customer in order to open an account with a Relevant Person to be carried out through a bank account in the customer's name with a financial institution specified in AML 7.1.1(f) include:
(i) where, following the use of other EDD measures, the Relevant Person is not satisfied with the results of due diligence; or
(ii) as an alternative measure, where one of the measures in AML 6.4.1 cannot be carried out.
8. SIMPLIFIED DUE DILIGENCE
8.1. Conduct of Simplified Due Diligence
8.1.1. Modifications to AML 6.3.1 for Simplified Due Diligence
Where a Relevant Person is permitted to conduct SDD under AML 6.1.2, modification of AML 6.3.1 may include:
(a) verifying the identity of the customer and identifying any beneficial owners after the establishment of the business relationship;
(b) deciding to reduce the frequency of, or as appropriate not undertake, customer identification updates;
(c) deciding not to verify an identified beneficial owner;
(d) deciding not to verify an identification document other than by requesting a copy;
(e) not enquiring as to a customer's source of funds or source of wealth;
(f) reducing the degree of on-going monitoring of transactions, based on a reasonable monetary threshold or on the nature of the transaction; or
(g) not collecting specific information or carrying out specific measures to understand the purpose and intended nature of the business relationship, but inferring such purpose and nature from the type of transactions or business relationship established.
8.1.2. Proportionality
The modification in AML 8.1.1 must be proportionate to the customer's money laundering risks.
Guidance on Simplified Due Diligence
(a) AML 8.1.1 provides examples of SDD measures. Other measures may also be used by a Relevant Person to modify CDD in accordance with the customer risks.
(b) A Relevant Person should not use a «one size fits all» approach for all its low risk customers. Notwithstanding that the risks may be low, the degree of CDD conducted needs to be proportionate to the specific risks identified on a case by case basis. For example, for customers where the money laundering risks are very low, a Relevant Person may decide simply to identify the customer and verify such information only to the extent that this is commercially necessary. On the other hand, a low risk customer which is undertaking a complex transaction might require more comprehensive SDD.
(c) For the avoidance of doubt, a Relevant Person is always required to identify beneficial owners, except for retail investment funds which are widely held, and investment funds where the investor invests via pension contributions. However, a Relevant Person may decide not to verify beneficial owners of a low risk customer.
(d) An example of circumstances where a Relevant Person might reasonably reduce the frequency of or, as appropriate, eliminate customer identification updates would be where the money laundering risks are low and the service provided does not offer a realistic opportunity for money laundering.
(e) An example of where a Relevant Person might reasonably reduce the degree of on-going monitoring and scrutinising of transactions, based on a reasonable monetary threshold or on the nature of the transaction, would be where the transaction is a recurring, fixed contribution to a savings scheme, investment portfolio or fund or where the monetary value of the transaction is not material for money laundering purposes given the nature of the customer and the transaction type.
9. RELIANCE AND OUTSOURCING
9.1. Reliance on a third party
9.1.1. Permitted reliance
A Relevant Person may rely on the following third parties to conduct one or more elements of CDD on its behalf:
(a) an Authorised Person;
(b) a law firm, notary, or other independent legal business, accounting firm, audit firm or insolvency practitioner or an equivalent person in another jurisdiction;
(c) a Regulated Financial Institution; or
(d) a member of the Relevant Person’s Group.
9.1.2. Reliance on information previously obtained
In AML 9.1.1, a Relevant Person may rely on the information previously obtained by a third party which covers one or more elements of CDD.
9.1.3. Extent of reliance
Where a Relevant Person seeks to rely on a person in AML 9.1.1, it may only do so if and to the extent that:
(a) it immediately obtains the necessary CDD information including customer and beneficial owner identification and verification documents, and information on the purpose and nature of the business relationship or transaction from the third party in AML 9.1.1;
(a-a) the third parties in AML 9.1.1 have taken necessary measures within the scope of CDD, particularly, customer identification and record keeping;
(b) it takes adequate steps to satisfy itself that certified copies of the documents used to conduct the relevant elements of CDD will be available from the third party on request without delay. It is deemed sufficient that the third party certifies the customer identification documents as «the true copy of the original»;
(b-a) regular assurance testing is carried out in respect of the third party arrangements, to ensure that the CDD documents can be retrieved without undue delay and that the documentation received is sufficient;
(c) the person in AML 9.1.1(b) to (d) is subject to regulation, including AML regulation, by a Financial Services Regulator or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATF Recommendations and it is supervised for compliance with such regulations;
(d) the person in AML 9.1.1 has not relied on any exception from the requirement to conduct any relevant elements of CDD which the Relevant Person seeks to rely on; and
(e) in relation to AML 9.1.2, the information is up to date.
9.1.4. Reliance on Group member
Where a Relevant Person relies on a member of its Group, such Group member need not meet the condition in AML 9.1.3(c) if:
(a) the Group applies and implements a Group-wide policy on CDD and record keeping which is equivalent to the standards set by the FATF;
(b) where the effective implementation of those CDD and record keeping requirements and AML programmes are supervised at Group level by a Financial Services Regulator or other competent authority in a country with AML regulations which are equivalent to the standards set out in the FATF Recommendations; and
(c) the Group’s AML policies adequately mitigate any high geographical risk factors.
9.1.5. Obligation to remedy deficiencies
If a Relevant Person is not reasonably satisfied that a customer or beneficial owner has been identified and verified by a third party in a manner consistent with these Rules, the Relevant Person must immediately perform the CDD itself with respect to any deficiencies identified.
9.1.6. Responsibility for compliance
Notwithstanding the Relevant Person’s reliance on a person in AML 9.1.1, the Relevant Person remains responsible for compliance with, and liable for any failure to meet the CDD requirements in these Rules.
A Relevant Person must ensure that:
(a) a third party in AML 9.1.1 performed all appropriate CDD and record-keeping measures;
(b) the third party has an existing business relationship with the customer and that relationship is independent from the relationship to be formed by the customer with the Relevant Person; and
(c) the information provided by the third party satisfies the Relevant Person’s own CDD requirements.
Guidance on reliance
(a) [intentionally omitted]
(b) In complying with AML 9.1.3(a) «immediately obtaining the necessary CDD information» means obtaining all relevant CDD information, and not just basic information such as name and address of the customer or beneficial owner. Compliance can be achieved by having that relevant information sent by fax, email or other appropriate means. For the avoidance of doubt, a Relevant Person is not required automatically to obtain the underlying certified documents used by the third party to conduct its CDD. A Relevant Person must, however, under AML 9.1.3(b) ensure that the certified documents are readily available from the third party on request.
(c) A Relevant Person, in complying with AML 9.1.5, should fill any gaps in the CDD process as soon as it becomes aware that a customer or beneficial owner has not been identified and verified in a manner consistent with these Rules.
(d) If a Relevant Person acquires another business, either in whole or in part, the Relevant Person may rely on the CDD conducted by the business it is acquiring but would expect the Relevant Person to have done the following:
(i) as part of its due diligence for the acquisition, to have taken a reasonable sample of the prospective customers to assess the quality of the CDD conducted; and
(ii) to conduct CDD on all the customers to cover any deficiencies identified in (i) as soon as possible following the acquisition, prioritising high risk customers.
(e) Where a jurisdiction’s laws (such as secrecy or data protection legislation) would prevent a Relevant Person from having access to CDD information upon request without delay as referred to in AML 9.1.3(b) the Relevant Person should conduct the relevant CDD itself and should not seek to rely on the relevant third party.
(f) If a Relevant Person relies on a third party located in another jurisdiction, including the Republic of Kazakhstan, to conduct one or more elements of CDD, the Relevant Person must ensure that such other jurisdiction has AML regulations that are equivalent to the standards set out in the FATF Recommendations (see AML 9.1.3(c)).
(g) When assessing if AML regulations in another jurisdiction are equivalent to the FATF standards, a Relevant Person may consider a number of factors including, but not limited to: FATF membership, FATF Mutual Evaluation reports, FATF-style or IMF/World Bank evaluations, membership of an international or regional ‘group’, contextual factors such as political stability or the level of corruption, evidence of relevant criticism of a jurisdiction
including FATF advisory notices or independent and public assessments of the jurisdiction’s overall AML regime such as IMF/World Bank or other reports by reputable NGOs or specialized commercial agencies. A Relevant Person should, in making its assessment, rely only on sources that are up-to-date and that include the latest AML developments from a reliable and competent source. The assessment may also consider whether adequate arrangements exist for co-operation between the AML regulator in that jurisdiction and the AIFC. A Relevant Person must retain sufficient records of the sources and materials considered when undertaking this AML assessment.
