The purpose of this Compliance Manual is to set forth MFS AFRICA LIMITED’s (“MFS”), procedures to combat money laundering and terrorist financing (hereinafter collectively “Money Laundering”) in accordance with International law. It is the policy of the company to develop, administer, and maintain a written Anti Money Laundering (AML) and Countering the Financing of Terrorism (CFT) compliance program. MFS operates a money transfer hub, which connects contracted and licensed clients (Money Transmission Operators (MTOs) and Mobile Network Operators (MNOs)) who operate from global jurisdictions and are authorised to do so by the concerned local regulatory body.
MFS is a Payment Intermediary Service provider duly incorporated under the laws of Mauritius and is regulated under the Financial Services Commission (FSC), with register number C109007483.
This Compliance Manual is kept under periodical review by MFS, and you may from time to time be notified of revisions to its terms.
The principles, regulations and guidance adopted in this compliance policy are:
- Financial Intelligence and Anti-Money Laundering Act 2002
- FSC Code on the prevention of Money Laundering & Terrorist Financing 2012
- FinCen (FIN-2016-G001)
- Wolfsburg Principles on correspondent banking 2002
MFS’s CORPORATE COMPLIANCE POLICY
MFS begins this Manual with a short summary of its corporate compliance policy:
a) To conduct business in conformity with high ethical standards;
b) To establish and implement a "Customer Due Diligence for Know Your Consumer" program in accordance with this Manual and as future supplements;
c) To be alert to transactions or other consumer activities that may be indicative of drug trafficking, money laundering, terrorist financing or other criminal activity;
d) To co-operate promptly and courteously with law enforcement authorities within the confines of applicable law;
e) To comply with the record keeping and reporting requirements of the Regulations;
f) To maintain all records required by the Regulations for at least seven (7) years;
g) To refuse to establish a business relationship with any client who fails to provide proper identification or other information required to comply with a requirement of the Regulations;
2. MONEY LAUNDERING
2.1 What is Money Laundering?
Money laundering is a process intended to mask the benefits derived from criminal conduct so that they appear to have originated from a legitimate source.
Terrorists require funds to carry out acts of terrorism, and terrorist financing provides the funds needed. Sources of terrorist financing may be legitimate or illegitimate. It may be derived from criminal activities such as kidnapping, extortion, fraud or drug trafficking. It may also be derived from legitimate income such as membership dues, sale of publications, donations from persons or entities sympathetic to their cause, and sometimes income from legitimate business operations belonging to terrorist organizations. The prevention of money laundering and terrorist financing is a key focus of regulatory authorities in developed countries. The prevention of money laundering inhibits the movement of funds derived from criminal activity and restricts the availability of money to fund terrorist activities.
Criminals operate across jurisdictions and without regard to national borders. To be successful, anti-money laundering measures need to be global. As such there are global standards agreed by countries of the Financial Action Task Force (FATF). These standards are implemented in Mauritius through Financial Intelligence and Anti-Money Laundering Act 2002 and the FSC Code on the prevention of Money Laundering & Terrorist Financing 2012.
The company shall take necessary steps to ensure that shareholders, clients and intermediaries and other partners with whom we do business, shall not be party to illegal and money laundering transactions. The company shall undertake activities and measures necessary to combat money laundering, including reporting of suspicious transactions to the authorities.
2.2 Terrorist financing
Terrorist financing is the act of providing financial support to acts of terror, terrorists or terrorist organisations to enable them to carry out terrorist acts. Unlike other criminal organisations, the primary aim of terrorist groups is non-financial. Yet, as with all organisations, terrorist groups require funds to carry out their primary activities. This simple fact – the need for funds – is key in fighting terrorism. Follow the money. Follow the financial trail. This is the core objective of all measures that aim to identify, trace, and curb terrorist financing.
There are similarities and differences between money laundering and terrorist financing.
- Terrorist financing is an activity that supports future illegal acts, whereas money laundering generally occurs after the commission of illegal acts;
- Legitimately derived property is often used to support terrorism, whereas the origin of laundered money is illegitimate;
- Terrorist groups are often engaged in other forms of criminal activity which may in turn fund their activities;
- Both money laundering and terrorist financing require the assistance of the financial sector.
The key to the prevention of both money laundering and terrorist financing is the adoption of adequate CDD measures by all Businesses both at the commencement of every relationship and on an on-going basis thereafter.
2.3 The need to prevent Money Laundering and Terrorist Financing activities
The principal concern in relation to the operation of a Money Transfer Hub is to ensure that controls are in place to prevent (insofar as is reasonably possible) the use of the business for money laundering, terrorist financing, and related criminal activities.
The Money Transfer industry is subject to strict regulations designed to prevent money laundering and to bring those engaged in this illegal activity to justice. Failure to follow these regulations can result in severe civil and/or criminal penalties including fines and imprisonment. MFS has established strict standards of compliance with regulations and is committed to the combatting of money laundering which are summarised in this Anti Money Laundering Compliance Manual.
Most organised criminal activity is directly or indirectly aimed at making money. The ability to launder this money to prevent it being associated with criminal activity is a major concern for all organised crime groups.
2.4 The Regulations
The FSC Code on the prevention of Money Laundering & Terrorist Financing 2012 issued under section 18.1.a of the Financial Intelligence and Anti-Money Laundering Act 2002 (‘FIAML Act’) require relevant businesses to have:
- documented internal systems in place to prevent money laundering, report suspicious transactions and appoint a Money Laundering Reporting Officer;
- must apply appropriate Customer Due Diligence measures including identifying and verifying the identity of the Applicant for Business when establishing a business relationship;
- must implement effective on-going Customer Due Diligence measures and risk profiling procedures;
- must provide members of their staff with on-going AML/CFT training;
- must implement and maintain effective record keeping systems.
MFS does not disclose any non-public personal or financial information about its customers or end users to anyone except as permitted by law. We do not sell or exchange customer or end user lists or information. We collect and use the information we believe necessary to complete authorised transactions. Customer or end user information is utilised to evaluate process, administer and enforce the transactions being authorised.
We restrict access to non-public personal and financial information to those employees who need to know the information in the course of providing the financial services requested. We maintain physical, electronic and procedural safeguards in an effort to secure your non-public personal and financial information. We accord prospective and former customers and end users the same protection as our existing customers and end users in this regard.
3. CUSTOMER DUE DILIGENCE
All customers on-boarding the MFS Hub need to ensure and establish stringent procedures to verify the identity of their clients (end users) as required by their respective regulatory body. MFS shall perform Customer Due Diligence (“CDD”) procedures on all new customers based on seven principal components:
- Identification of the customer by obtaining certain information pertaining to the customer and, where the customer is not a natural person, certain other persons associated with that customer;
- Verifying the identification information obtained, through the use of advanced tools and techniques where possible;
- Where the customer is not a natural person, identifying and verifying the identity of its representatives;
- Determining if there exists any beneficial owner (other than the customer) and applying the identification procedures to those beneficial owners;
- Where business relations are to be established (as defined in the Notice), obtaining information as to the nature and purpose of the intended business relations;
- After business relations are established, conducting on-going monitoring of business relations; and
- After business relations are established, periodically review the adequacy of customer information.
MFS expects its partners (where applicable) to have similar if not the same level of CDD processes in place for their customers (end users). These will be reviewed as and when required in order for MFS to maintain its compliance obligations with its regulators and other hub partners.
3.1 New Customer policy
MFS shall not commence a business relationship with anonymous account(s) in fictitious names. MFS shall perform CDD measures on all representatives as if each of them were individually customers of MFS. MFS shall not open joint accounts.
3.2 Existing Customer policy
MFS shall periodically review the adequacy of identification information on the basis of materiality and risk, and to perform CDD measures on existing customers as may be appropriate.
As a general guideline, MFS shall perform CDD, when one or more of the following events take place:
- There are transactional pattern changes that are significant, having regard to the manner in which the relationship is ordinarily operated;
- There is a substantial change in MFS’s customer documentation standards;
- There is a material change in the way that business relations with the customer are conducted;
- MFS discovers it lacks adequate identification information on a customer, MFS will perform a CDD refresh
- MFS becomes aware that there may be a change in the ownership or constitution of the customer, or the person(s) authorised to act on behalf of the customer in its business relations with the company, and
- The risk profile of the customer changes according to MFS’s risk based approach.
3.3 Variations of CDD policy
3.3.1 Due diligence (DD)
The company shall apply standard due diligence measures in relation to customers that are deemed to be medium risk in line with MFS’s risk based approach.
3.3.2 Simplified due diligence
The company shall apply simplified due diligence measures in relation to customers that are deemed low risk in line with MFS’s risk based approach. Simplified due diligence is a lower CDD standard than standard due diligence and applied in line with customers perceived AML risk.
3.3.3 Enhanced due diligence (EDD)
The company shall, in addition to performing the CDD measures, perform enhanced CDD measures in relation to Politically Exposed Persons (“PEPs”) and customers that are deemed high risk in line with MFS’s risk based approach (RBA).
3.4 Non-face-to-face CDD policy
MFS’s multinational business model will result in the majority of customers having non-face to face CDD apply. Non-face to face CDD requires further verification to ensure compliance.
3.5 Tools and techniques for non-face-to-face CDD
As MFS customers are system linked to MFS (which includes pre-testing, multiple engagement and configuring/ aligning of systems) these tests via the API are an attestation to the customers identity. No customer will begin transacting without completion of system testing.
IP analysis. The IP address location is logged at several instances, notably at registration and at each transaction event. Our compliance team analyses the customer’s location at the time of registration on our system, with their documented Proof of Address to what the IP address location indicates they’re connecting from. This creates higher confidence and comfort in the documentation.
3.6 Name check against Sanction Lists
MFS must be aware of any transactions with or by individuals or entities identified in international watch/sanction lists, by reason of their suspected involvement in terrorism. Therefor MFS shall check its customers against recognized sanctions lists. The company makes use of reputable third parties to check customers (Entities and board of directors) against International Sanction lists (OFAC, EU, UN).
Entities or individuals that are beneficial owners of MFS’s customers shall also be checked against sanctions lists. The percentage of ownership being screened will depend on the customer’s perceived AML risk in line with MFS’s RBA.
The company will integrate this solution to its own system, thus automating name checks as part of registration and transacting processes.
MFS shall strictly adhere to the watch list requirement and check potential customer names against international watch lists and ensure that MFS does not have any business dealings with an individual listed. MFS uses the sanction lists provided by the UK and the US Treasury which incorporates OFAC, UN and EU. Please refer to ANNEX 5 for complete policies for all hub participants/partners
MFS requires their customers to have sanction screening processes in place to ensure the end users are not allowed to access the hub.
MFS by means of batch screening will provide an additional screening control beyond the controls provided by its partners.
- HUB partner loads a transfer with end user customer details. (Full names and date of birth required)
- The MFS system screens both the sender and receiver name against the integrated Sanction Lists
- Possible sanction hits are referred to the MFS compliance team.
- The MFS Compliance Team will email possible matches to their customers to investigate the possible match on their end user.
- Pending outcome of investigation, MFS will take appropriate action (either file a SAR/ Block end user)
3.7 Client on-boarding process
All customers need to undergo stringent due diligence process which involves completion of the Partner Application form and provision of all documents relating to the business:
- Certificate of Incorporation
- A copy of HMRC MLR Certificate, if applicable
- Company organogram showing Shareholder & Directorship structure information.
- A copy of a recent Utility bill/business bank account statement dated within the previous 3 months showing the trading address and the registered business address (if different)
- A copy of a valid passport/ national ID for all directors, shareholders and the MLRO/Compliance Officer.
- Proof of registration/authorisation to undertake money remittance or from the equivalent authority in the country of business operations
- A copy of most recent AML policies and procedures manual.
- A copy of latest audited accounts.
- A Wolfsburg questionnaire
Once provided, MFS compliance team verifies the information and is signed-off by the team. If approved, the Partner is passed on to the On-boarding team for systems integration.
4. ONGOING FRAUD PREVENTION
In addition to Customer Due Diligence, which primarily looks to prevent potential unidentified customers from becoming active customers, the company monitors transactions on an ongoing basis to prevent fraud and mitigate risk exposure where fraud has occurred.
Most of the ongoing analysis is automated by the company’s system and can be categorised into two types of measures: limit monitoring and behavioural monitoring.
4.1 Limit Monitoring
The company’s system has been developed, and continuously improved, with fraud prevention and risk mitigation in mind. Partners connected to the MFS Hub are expected to have their own monitoring controls as required by their licencing authorities in their country of operation. As a guideline, some of the risk management features should include:
- Transaction frequency limits. Frequency of use counts the number of transactions within a time frame as a means to detect suspicious behaviour and limit risk. Hub participants should undertake enhanced DD on the client if it exceeds the frequency. To the extent possible, they should inquire into the background and purpose of unusual transactions in and document their findings with a view to making this information available to the relevant competent authorities should the need arise.
- Amount limits. The system should apply per-transaction amount limits based on the Hub participants risk assessment/ product or regulatory requirement. In addition, the MFS system applies destination-specific rules for pay-out onto the receiving mobile wallet system where lower limits tend to apply, which must be respected too (e.g. max 500K CFA to Ivory Coast).
- Aggregation limits. The system should apply period-based aggregation limits. This limit restricts end users from bypassing amount limits by structuring transactions.
4.2 Suspicious Transaction Monitoring
Every employee at MFS Africa is responsible for protecting the company from money laundering activity. Company management is committed to training employees in the consequences of money laundering including criminal, civil and disciplinary penalties, up to and including termination, and the very significant reputational harm to the company and its main partners (Mobile Network Operators and Financial Institutions) in any connection with money laundering.
In view of the serious consequences of money laundering activities, the company has put in place adequate processes and systems to detect mitigate and report suspicious transactions as required by authorities.
4.3 Suspicious Activity Reports (“SARs”)
If an employee identifies a transaction or series of transactions that are unusual or suspicious they are required to immediately report to the Compliance Department via our internal report for suspicious activity, which captures:
(i.) Date and time of transaction
(ii.) Transaction reference
(iii.) Amount and currency
(iv.) End User ID
(v.) End user name
(vi.) Beneficiary name
(vii.) Beneficiary account number
(viii.) Sending country
(ix.) Destination country
(x.) Parties involved (including staff, counterparties, etc.)
(xi.) Reason for transaction (if any)
(xii.) Any other specific instructions
(xiii.) Watch list hit when the customer is a suspected PEP. See ANNEX II for the complete policy on PEPs.
The Compliance Department shall investigate the report and assess whether the matter should be reported to the relevant authorities.
- A confidential investigation will take place by the compliance department. No staff are permitted to advise anyone outside of compliance any details relating to the report. Any disclosure outside of compliance relating to a SAR is a breach of “tipping off” regulations.
The compliance department will either:
- File a SAR with regulators and await further instruction
- Not file a SAR and document why said action was taken.
Section 19 (1)(c) of the FIAML Act provides for the offence of ‘tipping off’ - which offence is committed when a person, knowingly or without reasonable excuse, warns or informs the owner of any funds of any report or any action that is to be taken in respect of any transaction concerning such funds.
After thorough investigation, if determined that a matter reported to Compliance Department is indeed a reportable matter, the company shall refer the matter to the relevant authority (FIU) via a Suspicious Activity Report (“SAR”) within 7 working days of the case being referred by the relevant staff.
After thorough investigation, if determined a matter reported to Compliance Department is deemed NOT a reportable matter, a memorandum shall be sent to all staff members notifying them of the following:
- Review of suspicious transaction report has determined that it is not necessary to make a formal report to the relevant authorities;
- Any relevant matters that the Compliance Department deems necessary to disclose about the investigation and the reasons for the decision;
- A reminder of the important of confidentiality in respect of this matter.
The Compliance Department shall maintain a full and proper record of each suspicious transaction report for at least seven (7) years after the date of the original report.
Record must contain at least the following:
- Copy of the Compliance Department’s report;
- Copies of any documentation reviewed as part of the investigation
- Copy of SAR filled with reference number with regulator.
- Correspondence with the authorities
5. COMPLIANCE MANAGEMENT ARRANGEMENT
5.1 MLRO responsibilities
(a) Ensuring a speedy and appropriate reaction to any matter in which money laundering or terrorist financing is suspected;
(b) Report all Suspicious activity reports to FIU and liaise with FSC for matters related to the regulatory requirements
(c) Advising and training senior management and staff on development and implementing internal policies, procedures and controls on AML/CFT;
(d) Carrying out, or overseeing the carrying out of, on-going monitoring of business relations and sample reviewing of accounts for compliance with these Guidelines; and
(e) Promoting compliance with these Guidelines, including in particular observance of the underlying principles on AML/CFT and taking overall charge of all AML/CFT matters within the organization.
5.2 Employees Hiring Screening
To ensure high standards when hiring employees, the Company has put in place stringent screening procedures.
- Continuous compliance training for staff.
- Record keeping: The company shall maintain a record keeping policy for document retention periods of
- A period of at least 7 years following termination of business relation for customer identification information, and other documents relating to the establishment of business relations, as well as account files and business correspondence; and
- At least 7 years following the completion of the transaction for records relating to a transaction, including any information needed to explain and reconstruct the transaction.
Annex 1 – Client On-Boarding Process
As the HUB operator MFS undertakes Due Diligence on all partners connecting to the hub. Once approved, the partner client is on-boarded to the hub.