The Central Bank of Nigeria (CBN) released the new 2023 Customer Due Diligence (CDD) guidelines in furtherance of its more enhanced regulatory framework and to ensure stricter compliance.
This article will be focused on the notable provisions of these guidelines including :-
– Their Objectives and Application.
– Core CDD provisions
What are the objectives of the CDD 2023 Guidelines?
The objectives of these guidelines are to —
(a) provide additional customer due diligence measures for financial institutions (FI) under the regulatory purview of the CBN to further their compliance with relevant provisions of the Money Laundering (Prevention and Prohibition) Act (MLPPA), 2022, Terrorism(Prevention and Prohibition) Act (TPPA), 2022, Central Bank of Nigeria(Anti-Money Laundering, Combating the Financing of Terrorism and Countering Proliferation Financing of Weapons of Mass Destruction in Financial Institutions) Regulations, 2022 (CBN AML, CFT and CPF Regulations) and international best practices.
(b) enable the CBN enforce compliance with customer due diligencemeasures in line with the CBN AML, CFT and CPF Re-gulations.
(c). complement the relevant provisions of the CBN AML, CFT and CPF Regulations on customer due diligence measures and additional customer due diligence measures for specific customers and activities.
What is the applicability scope of these guidelines?
These guidelines shall be read in conjunction with the CBN AML, CFT and CPF Regulations and will also be applicable to all Financial Institutions (FIs) under the regulatory purview of the Central Bank of Nigeria.
What are the most notable CDD provisions of these guidelines?
They are as follows :-
– FIs shall not establish or keep anonymous accounts, numbered accounts or accounts in fictitious names
– FIs shall undertake CDD measures when:
(a) establishing business relationships;
(b) carrying out occasional transactions above the applicable and designated threshold of US$1,000 or its equivalent in other currencies or as may be determined by the CBN from time to time, including where the transaction is carried out in a single or several transactions or operations that appear to be linked ;
(c) carrying out occasional transactions that are wire transfers, including cross-border and domestic transfers between FIs and when credit or debit cards are used as a payment method to effect money transfer ;
(d) there are doubts as to the veracity or adequacy of previously obtained customer identification data ;
(e) there is a suspicion of ML, TF and PF regardless of any exemptions or any other thresholds referred to in these Regulations or the CBN AML,CFT and CPF Regulations.
– FIs shall establish internal processes and procedures for conducting CDD measures for all potential and existing customers, including occasional customers.
-CDD measures shall include —
(a) customer identification and verification of identity ;
(b) identification and verification of identity of beneficial owners (BOs) ;
(c) understanding nature and purpose of business ;
(d) understanding the sources of funds ;
(e) conducting ongoing due diligence on the business relationship and monitoring for suspicious activities.
– FIs shall identify their customer (whether permanent or occasional, and whether natural or legal persons or legal arrangements) and obtain the following information —
(a) for individuals —
(i) legal name and any other names used (such as maiden name),
(ii) permanent address (full physical address),
(iii) residential address (where the customer can be located),
(iv) telephone number, e-mail address and social media handle,
(v) date and place of birth,
(vi) Bank Verification Number (BVN),
(vii) Tax Identification Number (TIN),
(viii) nationality,
(ix) occupation, public position held and name of employer,
(x) an official personal identification number or other unique identifier contained in an unexpired document issued by a government agency,that bears a name, photograph and signature of the customer such as a passport, national identification card, residence permit, social security records or drivers’ license,
(xi) type of account and nature of the banking relationship,
(xii) signature,
(xiii) politically exposed persons (PEPs) status .
(b) for legal persons and legal arrangements —
(i) name of institution,
(ii) mailing address,
(iii) e-mail and social media address,
(iv) phone numbers,
(v) registration number,
(vi) registered address,
(vii) business address,
(viii) valid identification, such as tax identification number,
(ix) nature and purpose of business or activities,
(x) certified true copy of docu-mentary evidence confirming legalexistence such as certificate of incorporation,
(xi) certified true copy of memorandum and articles of association or other similar documents,
(xii) certified true copy of the list of directors and shareholders or similar documents,
(xiii) board resolution to open the account,
(xiv) identification of those who have authority to operate the account,
(xv) legal documents indicating persons exercising control or significant influence over the legal persons and legal arrangement’s assets,
(xvi) valid means of identification of persons mentioned in sub-paragraph (xv) of this paragraph,
(xvii) names and identification documents of the relevant persons having a senior management position in the legal persons and legal arrangements,
(xviii) the original documents referred to in subparagraphs (x) to
(xiv) of this paragraph, shall be sighted and documented.
-FIs shall verify the identity of customers and BOs using reliable, independent source documents, data or information (identification data).
FIs shall verify the identity of individuals by confirming the —
(a) date of birth from a valid official document, such as birth certificate, passport, identity card and national or social security records.
(b) residential address through physical visitation and use of other sources, including utility bill, tax assessment, bank statement, or letter from a public authority ;
(c) contact details provided by the customer through positive feedback from phone call, email or physical letter to the residential address ;
(d) validity of the official documentation provided through certification by an authorized person such as embassy official, notary public (in the caseof foreign nationals) ;
(e) phone numbers, particularly for wallet providers, through independent process, including validation against the NCC database or geo-mapping.
– FIs shall verify the identity of a legal person or legal arrangement by —
(a) undertaking search on public registries or databases such as CAC or similar database, other commercial enquiries and through any other available sources of information to confirm —
(i) the existence of the legal person or legal arrangement,
(ii) whether the legal person or legal arrangement has not been, or is not in the process of being diss-olved, struck off, wound up or terminated,
(iii) the information on the directors and shareholders or persons or entities holding similar positions, including their PEP status,
(iv) information on person with significant control,
(v) information on BO, and its PEP status,
(b) reviewing a copy of the latest annual report, audited accounts or relevant financial statement, where applicable ;
(c) reviewing a copy of the board resolution or applicable resolution ;
(d) utilizing the documentation from a reliable independent source proving the name, form and current existence of the customer ;
(e) utilizing an independent information verification process, such as accessing public and private databases ;
(f ) obtaining prior bank references, where applicable ;
(g) visiting the entity,
(h) confirming the contact details provided through phone call, email and physical letter to the business address.
-When conducting CDD measures in relation to customers that are legal persons or legal arrangements, FIs shall —
(a) understand the ownership and control structure ;
(b) at the time of establishing new relationships or whenever there is a change in ownership, identify and verify the identity of the BOs who exercise control through ownership or controlling interest, including voting rights ;
(c) subject all account signatories, Directors and BOs to the requirements for identification and verification of individuals provided in regulations 6 and 7 of these Regulations ;
– FIs shall verify —
(a) that any person purporting to act on behalf of a customer is so authorized ;
(b) the identity of the person purporting to act on behalf of a customer.
– The verification referred to in the preceding sub-regulation shall be done through confirmation from the customer the third party is purporting to represent and from other independent sources.
– FIs shall understand and obtain sufficient information on the nature and purpose of the business that its customer intends to undertake, including expected or predictable patterns of transactions. FIs shall be at alert to circumstances that may indicate any significant changes in the nature of a business or its ownership.
– FIs shall understand and obtain sufficient information on the source of funds into the customer’s account.
The information to be obtained before the commencement of the relationship shall include—
(a) details of occupation,empl-oyment or business activities and sources of wealth and income ;
(b) expected origin of the funds to be used in the operation of the account during the relationship.
– FIs shall conduct ongoing due diligence on a business relationship and scrutinize transactions under-taken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the —
(a) FI’s knowledge of the customer ;
(b) customer’s business and risk profile ;
(c) source of funds.
FIs shall take reasonable steps to keep the information up-to-date, and as the need arises, including where an existing customer opens a new account.
– FIs shall apply CDD requirements to existing customers on the basis of materiality and risk and continue to conduct due diligence on such existing relationship at appropriate times.
The appropriate time to conduct CDD for existing customers include, but not limited to when —
(a) transaction of significant value or an unusual transaction occurs ;
(b) there is significant change in the customer’s profile ;
(c) there is a material change in the way that the account is operated ;
(d) the FIs become aware that it lacks sufficient information about an existing customer.
– FIs shall adhere to e-KYC requirements as stipulated in the CBN Guidelines on e-KYC and the CDD measures stipulated in these Regulations(where applicable) as it relates to digital products, and cust-omer onboarding.
– FIs shall conduct initial risk assessment for each prospective customer to ascertain the customer’s risk profile.
The application of CDD measures may be standard, simplified or enhanced depending on the risks posed by each customer, transaction, products or service resulting from a customer risk assessment.
For low risks customers —
(a) FIs may adopt simplified CDD measures only where lower risks have been identified through an adequate assessment and analysis of the risks, and the simplified CDD measures shall be forwarded to the CBN for approval before implementation by the FI ;
(b) notwithstanding the application of simplified CDD on customer identification and verification, the customer is not exempt from ongoing monitoring for other CDD measures ;
(c) the simplified measures shall be commensurate with the lower risk factors but are not acceptable whenever there is suspicion of ML, TF or PF, or where specific higher risk scenarios apply.
For high risks customers —
(a) arising from an initial assessment of a customer, particular attention shall be focused on those customers identified as having a higher risk profile ;
(b) customers with higher risk profile include, but not limited to, nonresident customers, MVTS providers, private banking customers, non-face-to-face customers, and PEPs.
—FIs shall comply with Tiered KYC measures as stipulated in the CBN circulars on TKYC and the CBN AML, CFT and CPF Regulations.
Tiered KYC shall apply to individuals only and shall not apply to legal persons and legal arrangements.
-FIs shall perform enhanced CDD for customers, business relationship or transactions with higher ML, TF, and PF risks.
The enhanced CDD shall include, but not limited to :
(a) obtaining additional information on the customer including occupation, volume of assets, information available through public databases, internet, and updating more regularly the identification data of the customer and BO ;
(b) obtaining additional information on the intended nature of the business relationship ;
(c) obtaining information on the source of funds and source of wealth of the customer ;
(d) obtaining information on the reasons for intended or performed transactions;
(e) obtaining the approval of senior management to commence or continue the business relationship ;
(f ) conducting enhanced monitoring of the business relationship, by increasing the number and timing of controls applied, and selecting patterns of transactions that need further examination ;
(g) requiring the first payment to be carried out through an account in the customer’s name with a bank subject to similar CDD standards.
– FIs may rely on the identification and verification steps that it had previously undertaken, unless it has doubts about the veracity of that information or where there is a material change in the circumstances or profile of the customer.
The situations that may lead a FI to have doubts about the veracity of an information include where there is a —
(a) suspicion of ML, TF or PF in relation to that customer ;
(b) material change in the way that the customer’s account is operated, which is not consistent with the customer’s business profile.
– A FI that is unable to comply with the CDD measures pursuant to these Regulations shall—
(a) not be permitted to open the account, commence business relations or perform the transaction with the concerned persons ;
(b) be required to render a Suspicious Transaction Report (STR) to the Nigerian Financial Intelligence Unit (NFIU).
-In addition to the provisions of regulation 27 of the CBN AML, CFT and CPF Regulations where a FI relies on other FIs and DNFBPs to conduct its CDD, it shall —
(a) immediately obtain the necessary information concerning the identification and verification of the customer and BO and the purpose and intended nature of the business relationship ;
(b) take adequate steps to satisfy itself that copies of identification data and other relevant docu-mentation relating to the CDD requirements is going to be made available from the third party upon request without delay ;
(c) satisfy itself that the third party is regulated, supervised or monitored for, and has measures in place for compliance with, the CDD and record keeping requirements set out in these Regulations and the CBN AML, CFT and CPF Regulations ;
(d) ensure that adequate KYC provisions are applied to the third party in order to obtain account information for competent authorities.
Notwithstanding the conditions specified in sub-regulation (1) (a) to
(d) of this regulation, the ultimate responsibility for customer identification and verification shall be with the FI relying on the third party.
– FIs shall obtain and verify the identity of the customer, beneficial owner and occasional customers before or during the course of establishing a business relationship or conducting transactions for them.
FIs are permitted to complete the verification of the identity of the customer and BO following the establishment of the business based on criteria set out in regulation 22 of the CBN AML, CFT and CPF Regulations.
Where a FI suspects that a transaction relates to ML, TF or PF and it believes that performing the CDD process may tip-off the customer,it shall:
(a) not pursue the CDD process ;
(b) file an STR to the NFIU, immediately.
FIs shall ensure that their employees are aware of, and sensitive to, the issues referred to in subregulation (1) of this regulation when conducting CDD.
– In addition to the provisions of regulation 35 of the CBN AML, CFT and CPF Regulations, FIs shall :
(a) keep all records obtained through CDD measures, account files and business correspondence, and results of any analysis undertaken, either in electronic or written form for at least five years following the termination or cessation of the business relationship or after the date of the occasional transaction ;
(b) ensure that documents, data or information collected under the CDD process is kept up-to-date and relevant, by undertaking reviews of existing records of customers as stipulated below or whenever the need arises:
(i) for high risk customers, every 12months,
(ii) for medium risk customers, every 18months, and
(iii) for low risk customers, every 3years.
This piece concludes here
