Decree No. 281 / 2008 Coll.
Decree on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing
Valid
Order
Effective from 01.09.2008
281
DECLARATION
of 1 August 2008
on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing
Pursuant to Section 56 of Act No. 253 / 2008 Coll., on certain measures against the legalisation of proceeds from crime and terrorist financing, hereinafter referred to as "the Act":
Subject matter
This Decree regulates the requirements for the introduction and application of:
(a) procedures for carrying out customer control and determining the scope of customer control appropriate to the risk of legalisation of the proceeds of crime and terrorist financing, depending on the type of client, business relationship, product or trade; and
(b) methods and procedures for risk assessment, risk management, internal control and control of compliance with obligations laid down by law;
applied under the system of internal principles, procedures and control measures by the persons referred to in Section 2, to whom the Czech National Bank of the Oversight 1 is exercised).
Personal scope
(1) The requirements laid down in this Decree apply to a credit or financial institution (hereinafter referred to as the "institution") which is:
(a) by the bank;
(b) savings and credit cooperatives;
(c) by a CSD of book-entry securities, by a person managing a central securities register maintained by a CSD of book-entry securities, by a person managing a separate record of investment vehicles or by a person keeping a record of a separate record of investment vehicles;
(d) the market operator for investment vehicles;
(e) a person authorised to provide investment services other than an investment intermediary;
(f) an investment company, a self-governing investment fund, a chief administrator of an investment fund, a pension company or a pension fund;
(g) a payment institution, a small-scale payment service provider, electronic money institutions or a small-scale electronic money issuer;
(h) by an insurance undertaking, reinsurance undertaking, insurance intermediary or a separate liquidator of claims in the course of life insurance activities, with the exception of an insurance intermediary for which the insurance undertaking is liable for damage caused by its business; or
(i) by a person authorised to conduct an exchange activity under the Exchange Act.
(2) The requirements laid down in this Decree shall also apply to the foreign legal or natural person referred to in paragraph 1 who operates in the territory of the Czech Republic through his branch, organisational unit or establishment, to the extent of his activity by that branch, organisational component or establishment.
Definition of terms
(1) For the purposes of this decree, an opaque ownership structure means a state where it is impossible to determine who is the actual owner of the client
(a) an extract from the Commercial Register, other similar records of the country of registered office of a foreign person not registered in the Commercial Register of the Czech Republic, and, if such records are not in the country of registered office of that Foreign Person, an officially certified social contract; or
(b) another instrument which has been established by a foreign person and which contains all its amendments; or
(c) a reliable source on which the institution relies reasonably.
(2) For the purposes of this Order, the country of origin shall be:
(a) any natural person of each State of which that person is a national and, at the same time, any other State in which he is registered for permanent or other residence;
(b) a legal person subject to obligations under Article 25 (4) of the Act or similar obligations, the State in which he has his registered office;
(c) a legal person who is not subject to obligations under Paragraph 25 (4) of the Act or similar obligations, the State in which he has his registered office and, at the same time, all States in which he has a branch, organisational component or establishment.
(3) The non-transparent ownership structure referred to in paragraph 1 shall not apply where the client is a company whose securities are admitted to trading on a European regulated market or on a foreign market similar to a regulated market and which is subject to disclosure requirements equivalent to those of European Union law.
(1) An institution shall apply a risk management approach based on an assessment of the risk of legalisation of proceeds from crime or terrorist financing.
(2) When establishing and implementing a system of internal principles, procedures and control measures, including client identification and control, institutions shall take into account recognised and proven principles and procedures in the field of preventing the legalisation of proceeds from crime and terrorist financing ("recognised standards'). The list of selected recognised standards is published by the Czech National Bank.
(3) A self-liquidator of claims in the performance of life insurance activities and a person authorised to conduct an exchange activity may not fulfil the requirements laid down in Article 5 (1) to (4) in relation to those activities. However, when identifying and evaluating a suspicious transaction, it shall take into account the nature of the transaction and the circumstances of its execution and the nature and volume of the client's usual business.
(4) An institution which, in respect of a client, applies an exemption from the obligation to identify or control a client in accordance with Section 13 of the Act shall not be obliged to comply with the requirements laid down in Section 5 of this Decree in respect of that client, to the extent applicable. However, when assessing risks under Section 13 (3) of the Act, institutions shall take into account at least the risk factors referred to in Section 5 (2) and the circumstances set out in Section 5 (3) (c) of this Decree.
Rules on customer acceptability, risk profile determination and other procedures
(1) Institutions under the risk management system related to the legalisation of proceeds from crime or terrorist financing shall establish and apply rules and procedures according to which, taking into account the client's risk profile,
(a) to categorise clients;
(b) decide whether to conduct a business or establish a business relationship with a client or terminate an existing business relationship with a client;
(c) identify the risk factors referred to in paragraph 2 for new clients and continuously during the duration of the business relationship for all clients; update the client's inclusion in the relevant risk category according to the information found; and
(d) take appropriate measures against clients for whom a risk factor has been identified (hereinafter referred to as "the risk client").
(2) The client's risk profile shall be compiled and evaluated by the institution at all times with respect to at least the following risk factors:
(a) the fact that one of the countries of origin of the client, the person who is dealing with the institution on behalf of the client, or one of the countries of origin of the actual owner of the client, is a State which does not apply measures insufficiently or at all against the legalisation of the proceeds of crime and terrorist financing, or a State which, on the basis of its assessment, considers the institution to be risky;
(b) the fact that, according to the information at the disposal of the institution, the object of the transaction has been transferred or is to be provided in connection with the transaction from a State which does not sufficiently or at all apply measures against the legalisation of the proceeds of crime and terrorist financing, or from a State which, on the basis of its assessment, considers that the transaction has been or is intended to be transferred or made available to that State in connection with the transaction;
(c) the registration of a client, a person who acts with an institution on behalf of a client, the actual owner of a client, the person with whom the client carries out the transaction, or, where the institution is known, the final recipient of the subject-matter of the transaction or the actual owner of the person with whom the client is engaged, on the list of persons and movements against which the sanction measures are applied in accordance with other legislation2);
(d) the opaque ownership structure of the client;
(e) the unclear origin of the client's funds;
(f) the fact that the client does not act on his or her account or that he or she conceals that he or she is following an order from a third party;
(g) the unusual way in which the transaction takes place, in particular with regard to the type of client, the subject matter, the amount and the manner in which the transaction is settled, the purpose of the business relationship and the object of the client's business;
(h) facts suggesting that the client is conducting a suspicious transaction;
(i) the fact that, according to the information available to the institution, the subject of the client's activities is associated with an increased risk of legalising the proceeds of crime or terrorist financing.
(3) When a business relationship is established with a client, as well as in the course of a business that is not part of a business relationship, institutions shall:
(a) identify and store information about the client to enable it to assess whether the client is a risk client;
(b) check the validity and completeness of client data and update them; and
c) pays more attention to trade
1. where any of the risk factors referred to in Article 5 (2) occur,
2. carried out with natural persons in the context of services based on individual access to the client, such services being provided by the institution only to those clients that meet the specific conditions laid down by the institution;
3. politically exposed persons,
4. where the institution is aware that the actual owner of the client is a politically exposed person or that the politically exposed person is involved in them differently; or
5. large volume or high level of complexity, in particular with regard to the type of client, subject, amount and manner of settlement of the transaction, purpose of the business relationship and subject matter of the client's business.
(4) For the provision of services based on individual access to a client in accordance with paragraph 3 (b), the following shall be considered: (c) point 2 shall be subject to prior approval by at least one employee of an institution whose functional classification is higher than the functional classification of the staff member or staff of the institution proposing to conclude a contract with the client. Where this is not possible in view of the size, management or number of staff of the institution which is a legal person, the statutory body of the institution shall approve the conclusion of such a business relationship.
(5) When performing a trade using means of distance communication, an institution shall establish and apply procedures to verify that the transaction is conducted with an already identified client.
The institution shall ensure that the person evaluating the suspected transaction has access to the information contained in the institution's information system to enable the rapid and effective search, monitoring and evaluation of the necessary information.
All approval and decision-making processes and control activities under the system of internal principles, procedures and control measures, including related responsibilities, powers, supporting documents and assessment of the evaluation report referred to in Article 8, shall be subject to retrofitting. In order to ensure this requirement, the institution shall establish and maintain an adequate information retention system, which shall also include information on findings made during customer checks and trade reviews and correspondence relating to transactions and business relationships. A retrofitting process must also be such as to conclude that there are no grounds to change the client's risk profile or to file a notice of suspected trade.
Evaluation report
(1) An institution shall, in the framework of internal control activities, draw up at least once a year a report evaluating the institution's activity in the field of preventing the legalisation of proceeds from crime and terrorist financing (hereinafter referred to as the "assessment report"), assessing whether:
(a) the procedures and measures applied by the institution to prevent the legalisation of proceeds from crime and terrorist financing are sufficiently effective;
(b) weaknesses have been identified in the institution's internal policies, procedures and control measures over the past period and what risks may arise for the institution.
(2) All conclusions and evaluations contained in the evaluation report must be duly justified. If the evaluation report is not processed by the contact person (3), the report shall contain the statement of the contact person on the completeness and accuracy of the evaluation report.
(3) The evaluation report shall also be drawn up in the territory of the Czech Republic by the branch, organisational component or establishment of the institution referred to in § 2 (2).
(4) The institution shall indicate in the assessment report the statistics on suspicious transaction notifications over the past period. This information shall be broken down by organisation or by business activities of the institution.
(5) In the event of deficiencies in the prevention of the legalisation of the proceeds of crime and the financing of terrorism, the institution shall make a proposal to eliminate them in the evaluation report.
(6) If the institution has a statutory body, that authority shall discuss the evaluation report no later than 4 months after the end of the period for which it is processed and shall comment on the deficiencies identified and the proposals contained therein. If the institution has a supervisory board, a management board or a supervisory commission, that body shall also carry out these duties. In the case of a branch, organisational component or establishment of an institution referred to in Article 2 (2), those obligations shall be fulfilled by the head of that branch, organisational component or establishment.
(7) The assessment report, together with the statement referred to in paragraphs 2 and 6, shall be kept by the institution for at least 5 years.
Repeal
Decree No. 247 / 2007 Coll., laying down certain requirements for the management and control system of banks and savings and credit cooperatives, is hereby repealed.
Efficacy
This Decree shall take effect on 1 September 2008.
Governor:
Doc. Ing. Tůma, CSc.
1) Article 44 of Act No. 6 / 1993 Coll., on the Czech National Bank, as amended.
2) For example, Act No 69 / 2006 Coll., on the implementation of international sanctions, as amended, Council Regulation (EU) No 267 / 2012 of 23 March 2012 concerning restrictive measures against Iran and repealing Regulation (EU) No 961 / 2010, as amended, Council Regulation (EC) No 329 / 2007 of 27 March 2007 concerning restrictive measures against the Democratic People's Republic of Korea, as amended.
3) Article 22 of Act No. 253 / 2008 Coll., on certain measures against the legalisation of proceeds from crime and terrorist financing, as amended.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 281 / 2008 Coll., on certain requirements for the system of internal principles, procedures and control measures against the legalisation of proceeds from crime and terrorist financing |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 15.08.2008 |
|---|---|
| Effective from | 01.09.2008 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0