ANTI MONEY-LAUNDERING (AML) POLICY

The objective of KNOW YOUR CUSTOMER (KYC) guidelines is to prevent banks from being used, intentionally or unintentionally, by criminal elements for money laundering activities. KYC procedures also enable banks to know/understand their customers and their financial dealings better, which in turn, help them to manage their risks prudently.

Financial institutions need to implement effective ‘Know-Your-Customer’ (KYC) standards as an essential part of risk management practices.

A key challenge in implementing sound KYC policies and procedures is how to put in place an effective approach. The legal and reputational risks are global in nature and as such, it is essential that each financial institution develop a global risk management program supported by policies that incorporate KYC standards.

It is important that the adoption of customer acceptance policy and its implementation should not become too restrictive and must not result in denial of services to general public especially to those who are financially or socially disadvantaged.

The term ‘money laundering activities’ cover not only the criminals who try to launder their ill-gotten gains, but also the bank/financial institutions and their employees who participate in their transactions and have knowledge that the property is criminally derived. “Knowledge” includes the concept of conscious avoidance of knowledge.

Definition of a Customer

For the purpose of KYC policy, a customer may be defined as:

    - A person or entity that maintains an account and/or has a business relationship with InnovateCorp Ltd.

    - On whose behalf the account is maintained (i.e. the beneficial owner).

    - Beneficiaries of transactions conducted by professional intermediaries, such as stock brokers, charted accountants, solicitors etc. as permitted under the Law.

    - Any person or entity connected with a financial transaction, which can pose significant reputation or any other risks to InnovateCorp Ltd, for example, a wire transfer or issue of high value demand draft as a single transaction.

KYC policy includes the following eight key elements:

1. Customer Identification Procedures

2. Monitoring of Transactions

3. Risk Management

4. Training Program

5. Internal Control System

6. Record Keeping

7. Evaluations of KYC guidelines by internal audit and inspection system; and

8. Duties / responsibilities and accountability

Indicative Guidelines

Accounts of companies and firms

InnovateCorp Ltd’s Compliance Department needs to be vigilant against business entities being used by individuals as a front for maintaining accounts with banks.

InnovateCorp Ltd’s may examine the control structure of the entity, determine the source of funds and identify the natural persons who have controlling interest and who comprise the management. These requirements may be moderated according to the risk perception e.g. in the case of a public company it will not be necessary to identify all the shareholders.

Customer Identification Procedure (CIP)

CIP can only be carried out, inter alia, on the following stages:

- While establishing the relationship;

- While carrying out a financial transaction;

 - When InnovateCorp Ltd has a doubt about the authenticity/veracity or the adequacy of the previously obtained customer identification data.

Customer identification means identifying the customer and verifying his/her identity by using reliable, independent source documents, data or information.

InnovateCorp Ltd needs to obtain sufficient information necessary to establish, to its satisfaction, the identity of each new customer, whether regular or occasional, and the purpose of the intended nature of business relationship.

Being satisfied means that InnovateCorp Ltd must be able to satisfy the competent authorities that due diligence was observed based on the risk profile of the customer in compliance with the extant guidelines in place.

Risk Assessment

An effective KYC program should be put in place by establishing appropriate procedure and ensuring their effective implementation. It should cover proper management oversight, systems and controls, segregation of duties, training and other related matters. Responsibility should be explicitly allocated within the company for ensuring that the company’s policies and procedures are implemented effectively.

The nature and extent of due diligence will depend on the risk perceived by InnovateCorp Ltd. Customer profile will be a confidential document and details contained therein shall not be divulged for cross selling or any other purpose.

InnovateCorp Ltd’s internal audit and compliance have an important role in evaluating and ensuring adherence to the KYC policies and procedures. The compliance function should provide an independent evaluation of the InnovateCorp Ltd’s own policies and procedures, including legal and regulatory requirements. It should be ensured that the audit machinery is staffed adequately with individuals who are well versed in such policies and procedures.

Internal inspectors should specifically check and verify the application of KYC procedures at the branched/offices and comment on the lapses observed in this regard.

Specially Designated Nationals and Sanctioned Parties Screening

All customers are to be screened through various independent risk intelligence databases.

Customer identification

Natural persons

For customers that are natural persons, InnovateCorp Ltd should obtain sufficient identification (passport, ID, government identification, etc.) data to verify the identity of the customer, his address/location (utility bill, bank statement, etc.) as well as his recent photograph (if possible).

Legal persons

For customers that are legal persons or entities, InnovateCorp Ltd should verify the legal status of the legal person/entity through proper and relevant documents, verify that any person purporting to act on behalf of the legal person/entity is so authorized and, identify and verify the identity of that person. InnovateCorp Ltd should understand the ownership and control structure of the customer and determine who are the natural persons who ultimately control the legal person. If InnovateCorp Ltd decides to accept such accounts, in terms of the customer acceptance policy, it should take reasonable measures to identify who the beneficial owner(s) is/are.

For new accounts:

KYC procedure should be the key principle for identification of an individual/corporate account. The customer identification should entail verification through an introductory reference from an existing account holder/ a person known to the bank or on the basis of documents provided by the customer.

Recordkeeping

All identification documentation and services records shall be kept for a minimum period of no less than 7 years.

Training

All new employees shall receive anti-money laundering training as part of the mandatory new-hire training program. All applicable employees are also required to complete AML training annually. Participation in additional targeted training programs is required for all employees with day to day AML responsibilities.

Administration

For the purposes of this AML Policy, InnovateCorp Ltd shall appoint an AML Compliance Officer. InnovateCorp Ltd’s AML Compliance Officer shall be responsible for the administration, revision, interpretation, and application of this Policy. The AML Policy will be reviewed annually and revised as needed. The duties of the AML Compliance Officer with respect to the AML Policy shall include, but shall not be limited to, the design and implementation of, as well as, updating the Policy as required; training of officers and employees; monitoring the compliance of InnovateCorp Ltd affiliates, maintaining necessary and appropriate records; and independent testing of the operation of the Policy.