Global Anti-Money Laundering, Combating

Financing of Terrorism, Countering

Proliferation Financing & Know Your
Customer Policy

Confidential

Strictly f
Contents
1. Overview.............................................................................................................................................................5
1.1. Objectives ...................................................................................................................................................5
1.2. Scope and Applicability...............................................................................................................................5
1.3. Dispensations & Waivers ............................................................................................................................6
2. Roles and Responsibilities ..................................................................................................................................6
2.1. Board of Directors ......................................................................................................................................6
2.2. Board Compliance & Conduct Committee (BCNCC) ...................................................................................6
2.3. Compliance Committee of Management (CCM) ........................................................................................7
2.4. Chief Compliance Officer (CCO)..................................................................................................................7
2.5. Senior Management ...................................................................................................................................7
2.6. Three Lines of Defense Model ....................................................................................................................7
2.6.1. First Line of Defense – Business & Operations ...................................................................................8
2.6.2. Second Line of Defense – Compliance................................................................................................8
2.6.3. Third Line of Defense - Internal Audit ................................................................................................8
3. Financial Crime Risk Framework.........................................................................................................................8
3.1. Financial Crime Risk Appetite .....................................................................................................................8
3.1.1. Overall Risk Appetite Statement ........................................................................................................8
3.1.2. Unacceptable Customers & Transactions...........................................................................................9
3.1.3. Entity wide Internal Risk Assessment .............................................................................................. 10
3.1.4. New Technologies, Products & Services.......................................................................................... 11
3.1.5. Country Risk Assessment ................................................................................................................. 11
4. Customer Due Diligence (CDD) ........................................................................................................................ 11
4.1. Identification & Verification (ID&V) ........................................................................................................ 12
4.1.1. Identification & Verification of Natural Persons Acting on Behalf of Customer ............................. 12
4.1.2. Identification & Verification of Ultimate Beneficial Owners (UBO) of Legal Entities & Arrangements
12
4.1.3. Timing of Verification ...................................................................................................................... 14
4.2. Due Diligence Standards.......................................................................................................................... 14
4.2.1. Client Risk Assessment & Profiling ...................................................................................................... 14
4.2.2. Enhanced Due Diligence (EDD) ............................................................................................................ 14
4.2.3. Politically Exposed Persons (PEPs)....................................................................................................... 18
4.2.4. NGOs/NPOs/Charities.......................................................................................................................... 21

Page | 2
 4.2.5. Trade Finance Customers .................................................................................................................... 21
4.2.6. Trade Based Money Laundering .......................................................................................................... 22
4.2.7. Government Accounts & Accounts of Autonomous Bodies................................................................ 23
4.2.8. Correspondent Banking ....................................................................................................................... 24
4.2.9. Branchless Banking (BB) ...................................................................................................................... 24
4.2.10. Wire Transfers/Fund Transfers ............................................................................................................ 26
4.2.11. Incomplete CDD Measures .................................................................................................................. 27
4.2.12. Employee Due Diligence ...................................................................................................................... 27
4.2.13. Reliance on 3rd party Financial Institutions for CDD Measures ........................................................... 28
5. AML/CFT Monitoring ....................................................................................................................................... 28
5.1. Ongoing Monitoring (Customers & Transactions)................................................................................... 28
5.1.1. Customer Screening............................................................................................................................. 28
5.1.2. Expired Identification Documents ....................................................................................................... 29
5.1.3. Ongoing Monitoring ............................................................................................................................ 29
5.1.4. Transaction Monitoring ....................................................................................................................... 30
5.1.5. Reporting of Transactions (STRs/CTRs) ............................................................................................... 30
5.2. Combating Financing of Terrorism (CFT) Desk and List Management .................................................... 31
5.3. Use of personal accounts for business purposes .................................................................................... 31
5.4. ML/TF Red Flags ...................................................................................................................................... 32
5.4.1. Transactions which do not make economic sense .............................................................................. 32
5.4.2. Transactions Inconsistent with the Customer’s Business ................................................................... 32
5.4.3. High Value Cash Transactions.............................................................................................................. 33
5.4.4. Transactions involving structuring to avoid reporting or identification requirement ........................ 33
5.4.5. Transactions involving accounts .......................................................................................................... 34
5.4.6. Transactions involving transfers to and from abroad ......................................................................... 35
5.4.7. Investment Related Transactions ........................................................................................................ 36
5.4.8. Transactions Involving Unidentified Parties ........................................................................................ 36
5.4.9. Transactions Involving Embassy and Foreign Consulate Accounts ..................................................... 36
5.4.10. Characteristics of the Customer or His/ Her Business Activity ............................................................ 37
5.4.11. Transactions Linked to Locations of Concern ...................................................................................... 37
5.4.12. Miscellaneous Transactions................................................................................................................. 37
6. Sharing Information at Group Level ................................................................................................................ 38
7. Training & Development ................................................................................................................................. 38

Page | 3
8. Record Management ....................................................................................................................................... 39
9. Annexures ........................................................................................................................................................ 41
10. Definitions ................................................................................................................................................... 48

Page | 4
1. Overview
HBL is licensed by the State Bank of Pakistan (SBP) as a commercial bank and is registered with the Securities
and Exchange Commission of Pakistan. It is also listed on the Pakistan Stock Exchange. HBL’s compliance
structure is based on a strong foundation of local and international regulatory requirements and best
practices. Accordingly, HBL ensures meticulous compliance with all applicable laws and regulations governing
Anti-Money Laundering (AML), Combating Financing of Terrorism (CFT) & Combating Proliferation Financing
(CPF) activities; including, but not limited to:

▪ Anti-Money Laundering (AML) Act 2010, as updated up to September 2020.

▪ Anti-Terrorism Act (ATA) 1997, updated up to July 2020;
▪ SBP’s AML/CFT/CPF Regulations updated up to June 2021;
▪ AML/CFT Guidelines on Risk Based Approach, updated up to December 2019;
▪ AML/CFT Sanctions Rules, updated up to October 2020 (as covered under Sanctions Compliance Policy);
▪ Counter-measures for High-Risk Jurisdiction Rules 2020, updated as of October 2020;
▪ Framework for Managing Risks of Trade Based Money Laundering (TBML) and Terrorist Financing (TF),
issued by SBP in October 2019; and
▪ National Risk Assessment (NRA), updated up to 2019.

Keeping in view its international presence and the importance of countering Money Laundering (ML), Terrorist
Financing (TF) & Proliferation Financing (PF) risks in jurisdictions that it operates in, HBL aims to comply with
international standards, Financial Action Task Force (FATF) recommendations and Wolfsberg Group’s
guidelines in the areas of ML/TF/PF.

HBL Pakistan shall ensure that it complies with any updates to the SBP’s AML/CFT/CPF Regulations as and
when these are updated and the policy should be read in conjunction with these regulations as amended from
time to time. International locations are to ensure compliance with their relevant regulations as amended
from time to time along with the instructions given in Section 1.2. “Scope and Applicability”.

1.1. Objectives
The primary objective of this policy is to establish governing principles and minimum requirements to
protect HBL (also referred as “Bank” or “the bank”) from being used as a conduit for ML, TF (including
Transnational TF), and PF activities. This policy requires the bank and its staff to comply with applicable
laws and regulatory requirements, including those related to identification and reporting of suspicious
activities. This policy also aims to enhance awareness of staff regarding their obligations with regards to
the conduct of business in accordance with the applicable AML/CFT/CPF laws, rules, and regulations;
both local and international.

1.2. Scope and Applicability

This policy sets out the minimum requirements & standards to be adopted by the bank’s domestic and
international branches. Compliance with this Policy and the related procedures is mandatory and applies
to:

▪ All of HBL’s domestic & international branches.

▪ All employees, including contractual and outsourced, working on behalf of the bank; and
▪ The Board of Directors of the bank.

Page | 5
 All international branches & subsidiaries must also comply with the AML/CFT/CPF & KYC regulations
applicable in the jurisdiction in which they operate and shall follow the higher standard between this
policy and local regulations to the extent that the laws of the host country or jurisdiction so permit.

Where the laws of the host country conflict with the AML/ CFT requirements of Pakistan so that the
overseas branch is unable to fully observe the higher standards, HBL through its head office shall report
this to the State Bank of Pakistan and comply with further directions as may be issued.

In accordance with Approval Framework for Policies and Associated Documents (AFPAD), this Policy shall
act as a Global Policy, and shall apply to the bank’s domestic and overseas operations. Each international
branch is responsible for identifying any inconsistency in this policy vis-à-vis statutory/regulatory
framework of the host country and developing an addendum to this policy that incorporates all local
regulatory requirements. Any addendum to this policy developed by an international branch must be
approved by the BoD in accordance with local regulations, after concurrence of the local policy owner.

HBL subsidiaries should use this policy as a guiding document while developing their own policy.

1.3. Dispensations & Waivers

Exception(s) to this policy must be recommended by Head - FCC with concurrence of the Chief
Compliance Officer (CCO) and President & CEO, through the Board Compliance and Conduct Committee
(BCNCC) for Board approval. Exceptions to any regulatory requirements shall not be granted.

2. Roles and Responsibilities

Compliance Committee of Management (CCM) is responsible for maintaining and promoting a strong
compliance culture by ensuring that all employees understand their responsibilities with respect to
compliance and feel comfortable in raising any event of non-compliance without any fear of negative
consequences. In this respect, the senior management should create an enabling compliance culture that not
only ensures that its employees comply with legal & regulatory requirements, standards and market best
practices but also encourages the required ethical conduct that underlies such requirements. The “Board
Compliance & Conduct Committee (BCNCC)” assists the Board in overseeing implementation of FCC
framework along with governance over AML, CFT, CPF & KYC controls.

2.1. Board of Directors

The Board is responsible for:

▪ Approving the bank’s Internal Risk Assessment Report (IRAR);

▪ Approving the AML/CFT/CPF & KYC Policy and overseeing its effectiveness;
▪ Overseeing that the AML/CFT/CPF & KYC Policy is effectively communicated enterprise-wide; and
▪ Ensuring (through management) that Financial Crime Compliance (FCC) within Global Compliance
(GC) is adequately supported with sufficient capacity, authority and independence to exercise its
responsibility effectively.

2.2. Board Compliance & Conduct Committee (BCNCC)

The BCNCC supports the Board on:

Page | 6
 ▪ Inculcating a compliance and conduct culture in the bank;
▪ Directions on enterprise-wide design of compliance program;
▪ Overseeing the bank’s compliance with legal & regulatory requirements, internal policies and
procedures;
▪ Reviewing reports and significant issues in domestic/overseas jurisdictions and related mitigating
plans; and
▪ Overseeing implementation of SBP’s Framework for Managing Risks of Trade Based Money
Laundering (TBML) and Terrorist Financing (TF).

2.3. Compliance Committee of Management (CCM)

The CCM is responsible for:

▪ Implementation of an enterprise-wide Financial Crime Compliance (FCC) program;

▪ Ensuring senior management focuses on the AML/CFT/CPF issues and their resolution;
▪ Promoting high levels of compliance culture and addressing weaknesses, if any;
▪ Ensuring required ownership from the first line of defense and other functions; and
▪ Monitoring implementation of time-bound action plan developed for mitigation of governance, risk
and control weaknesses identified in the IRAR.

2.4. Chief Compliance Officer (CCO)

CCO is responsible for evaluating the adequacy and effectiveness of Compliance controls over
AML/CFT/CPF & KYC risks. Based on findings noted in the IRAR, independent monitoring and reviews,
CCO through BCNCC, shall advise the Board on adequacy and strength of the AML/CFT/CPF & KYC controls
to mitigate respective risks.

2.5. Senior Management

HBL’s senior management (Ex-Co and extended leadership team) is responsible for:

▪ Establishing an appropriate culture of compliance and conduct at all levels in the bank by way of clear
and effective communication;
▪ Implementing AML/CFT/CPF & KYC policy, Procedures and controls in their respective business areas;
▪ Ensuring that ML/TF/PF/TBML risks are identified, assessed, monitored, adequately controlled and
reported in accordance with regulatory and internal requirements;
▪ Ensuring that the bank has implemented effective AML/CFT/CPF controls (preventive measures)
related to ML, TF & PF;
▪ Ensuring that appropriate disciplinary actions are initiated in case of violations of this Policy or
related policies and procedures;
▪ Overseeing timely completion of AML/CFT/CPF & KYC training requirements; and
▪ Effective, enterprise-wide implementation of three lines of defense model.

2.6. Three Lines of Defense Model

HBL gives utmost importance to preventing the bank from being used as a channel, directly or indirectly,
for ML/TF/PF purposes and considers compliance of AML/CFT/CPF Regulations as everyone’s
responsibility within the bank. The 'three lines of defense' model in HBL defines relationships among
various functions and clearly demarcates their responsibilities. The detailed roles and responsibilities of

Page | 7
 the three lines are discussed in Compliance Program; however, a brief description with respect to
AML/CFT/CPF & KYC risks is as under:

2.6.1. First Line of Defense – Business & Operations

The bank’s business units and operations (support and back-office) functions act as the first line
of defense and carry the primary responsibility for identifying, managing, and mitigating
AML/CFT/CPF & KYC risks as part of the bank’s day-to-day operations. The first line also designs
and executes controls required to manage these risks.

2.6.2. Second Line of Defense – Compliance

FCC within the Compliance function acts as a part of second line of defense and provides advice,
educates, guides, supports, monitors, and challenges the first line of defense to ensure
AML/CFT/CPF & KYC risks are adequately identified and managed. FCC also closely coordinates
with other risk management functions of the bank to monitor the adequacy and efficacy of
AML/CFT/CPF & KYC risks controls, as required.

2.6.3. Third Line of Defense - Internal Audit

Internal Audit (IA) is the third line of defense for the bank. It reports to; and is responsible for
providing independent assurance to the Board and the Board Audit Committee on the quality,
effectiveness and adequacy of governance, risk management and control environment including
effectiveness of the first and second lines of defense to achieve organizational risk management
and control objectives.

3. Financial Crime Risk Framework

3.1. Financial Crime Risk Appetite
HBL’s risk appetite comprises of the following elements:

3.1.1. Overall Risk Appetite Statement

HBL has developed a comprehensive internal risk assessment methodology which is set out in its
IRAR. A summarized version of this methodology is as follows:

Step 1: Conducting an inherent risk assessment on the applicable risk dimensions, i.e.; Products
& Services, Customers, Geographies & Delivery Channels.

Step 2: Assessing the control framework, considering the design and operational effectiveness of
all relevant financial crime controls.

Step 3: Determining residual risks based on the assessed inherent risks identified, and the control
environment.

The bank believes that its key inherent risks include:

▪ Being located in a jurisdiction (Pakistan) that is currently under monitoring by FATF for
implementation/improvement of AML/CFT laws, rules & regulations.
▪ Increased vulnerability to ML/TF threats including transnational terrorist financing (TF) as per
NRA 2019

Page | 8
 ▪ A majority of its customers and transactions relate to retail banking, specifically deposits &
trade finance, both of which are considered high risk by external bodies, including FATF and
Wolfsberg.

The residual risk is determined by comparing the overall inherent risks with the quality of the
controls in place to mitigate them, as shown in the following table:

Control Evaluation
Residual risk matrix
Adequate Needs Improvement Deficient

High Medium High High

Inherent Risks Medium Low Medium Medium

Low Low Low Low

Taking into account the factors described above, its own business strategy and the risk
environment in which the bank operates, HBL’s overall risk appetite is “Medium”. The bank’s
appetite is driven by an acceptance that it operates in a high-risk jurisdiction, but that it will
implement a strong control environment to mitigate these risks, as shown below.

Inherent Risk Control Evaluation Residual Risk

High Adequate Medium

3.1.2. Unacceptable Customers & Transactions

HBL will not conduct business with or on behalf of individuals or entities that it believes are
engaged in illicit activities or present an unacceptably high risk to the bank. Details of these are
set out below.

HBL will not, at any time, open the following type of accounts or establish relationships with the
following types of customers:

▪ Numbered accounts, or accounts in the name of anonymous or fictitious persons, or benami

accounts;
▪ Where the bank is not able to satisfactorily complete required CDD or EDD measures;
▪ Unauthorized financial service providers, dealers in financial instruments, unregistered
charities or businesses engaged in providing Hundi/Hawala services;
▪ Persons (individuals or entities) involved in unauthorized defense procurement;
▪ Shell Banks/Companies and Bearer Share Companies;
▪ Casinos and other businesses associated with gambling, both legal and illegal;

Page | 9
 ▪ Government accounts opened in the personal names of government officials;
▪ Pawnbrokers;
▪ Storage facilities for any form of Virtual Assets (VAs), including cryptocurrency and non-
fungible tokens (NFTs), whether in hosted or un-hosted wallets;
▪ Virtual Asset Service Providers; including those dealing in VAs, Convertible Virtual Currencies
(CVCs), Designated Contract Markets; digital assets trading platforms; and any providers
engaged in exchange services between virtual currencies and flat currencies;
▪ Customers who are nationals of or are resident in jurisdictions having country level
embargoes/sanctions by UN, OFAC or Local/Host country sanctions; and
▪ Nationals or residents, whether individuals or corporates, of Israel or any other country which
may be notified by the Government of Pakistan (Relevant for HBL-Pakistan only, other
countries to follow their own applicable laws/regulations on the subject).

The following types of transactions fall outside of HBL’s risk appetite:

▪ Payments that appear to relate to any form of illegal activity, including money laundering,
proliferation financing, terrorist financing, human trafficking, slavery, wildlife smuggling and
corruption;
▪ Payments that do not appear to have a legitimate purpose, including payments without
underlying justification/transactional documents and payments lacking transparency
regarding originator and beneficiary;
▪ Payments involving businesses associated with gambling;
▪ Payments involving trading in virtual assets such as virtual currencies, non-fungible tokens
(NFTs) etc.;
▪ Payments from foreign nationals (individuals or majority-owned entities) in the accounts of
political parties; and
▪ Requests from occasional/walk-in customers for financial instruments such as pay order,
demand drafts, call deposit receipts, etc. requested by occasional/walk-in customers and
requests from bearers of prize bonds.

3.1.3. Entity wide Internal Risk Assessment

SBP has emphasized on the application of risk-based approach (RBA) to ensure that measures to
prevent or mitigate ML, TF & PF are appropriate to the identified ML, TF and PF risks. RBA should
allow for efficient allocation of resources across AML/CFT/CPF regime and the implementation of
risk-based measures.

Bank shall conduct an Enterprise-Wide Internal Risk Assessment Report (IRAR), which should
cover ML/TF/PF risks including Transnational TF and other emerging risks to and from Bank. IRAR
shall identify, assess, and understand inherent ML/TF/PF risks at entity level for customers,
products & services, geographies, delivery channels, technologies and different categories of
employees etc. IRAR should factor in the results of National Risk Assessment (NRA), major
international/ domestic financial crimes and terrorism incidents that have probability of posing
ML/TF/PF risks to the entity itself or to the larger financial sector.

IRAR shall also assess the control environment that the bank has in terms of design and
effectiveness, including AML/CFT/CPF & KYC and Sanctions policies, effectiveness of reporting
(CTRs, STRs) and Targeted Financial Sanctions (TFS). Based on the identified inherent risks and the

Page | 10
 assessed control environment, the residual risks on ML/TF/PF will be evaluated and the bank will
make further decisions on different areas of business / operations, including changes in policies
for the application of due diligence measures as per evaluated risk ratings in each risk dimension
or based on regulatory instructions.

The BCNC will review Internal Risk Assessment Report comprising of assessment on Money
Laundering, Terrorist Financing, Proliferation Financing including Transnational TF risks and Trade
Based Money Laundering risks along with a time bound action plan, if any and recommend to the
Board for approval.

IRAR shall be conducted once every two years unless circumstances change or relevant new
threats emerge. Further, IRAR will be renewed if the NRA is updated at a national level for HBL
Pakistan. Other locations will also be required to conduct IRAR based on their local NRAs as and
when these are updated for their jurisdictions.

3.1.4. New Technologies, Products & Services

Prior to the launch or use of new products or services, operations in new jurisdictions, and
business practices including delivery mechanisms, HBL shall identify and assess the ML/TF/PF risks
that may arise in relation to their development for both new and pre-existing products, especially
those that have vulnerability with regard to ML/TF/PF risks and identity theft, anonymity and
cyber-crimes. Further, ML/TF/PF risk assessments shall be undertaken prior to the launch or use
of such products, services, business practices & technologies, and operations in new jurisdictions.
Appropriate measures, including revisiting, and where possible, amending the proposed
design/controls/decisions shall be taken to manage and mitigate the identified risks.

3.1.5. Country Risk Assessment

Both domestic branches and foreign locations can be characterized as high-risk based on
assessment of different factors. Geographic risks, both foreign and domestic, shall feed into a
client’s risk assessment and due diligence procedures as a risk factor. The details regarding factors
that contribute to a country’s risk are defined in detail, in the bank’s Country Risk Rating
methodology, whereas the factors that contribute towards a domestic area’s classification as
high-risk are defined in the bank’s Domestic High Risk Jurisdictions methodology. Both these
documents are dynamic in nature and should be reviewed annually. Both documents shall take
into consideration the obligations set out in the Counter Measures for High-Risk Jurisdictions
Rules 2020 as issued by Ministry of Finance, Government of Pakistan.

4. Customer Due Diligence (CDD)

Customer Due Diligence (CDD) is a basic requirement that involves the identification and verification of
customers, as required under Section 7A the AML Act 2010. CDD helps the bank identify and obtain basic
information about its customers profile, including expected financial activity, source of funds and other vital
information. CDD includes:

▪ Identification & Verification (ID&V)

▪ Due Diligence Standards

Page | 11
4.1. Identification & Verification (ID&V)
HBL shall apply ID&V measures when establishing business relationships. Every customer, beneficial
owner and occasional customer shall be identified and verified on the basis of documents, data or
information obtained from reliable and independent sources, wherever practical. All efforts shall be
made to understand and, as appropriate, obtain information on the purpose and intended nature of the
business relationship, for due diligence measures including risk profiling and ongoing monitoring of
business activities.

For identification of customer/occasional customer, HBL shall, at a minimum, obtain information

mentioned in Annexure-I. For the purposes of verification of identity of the customer and occasional
customer, at minimum, documents mentioned in the Annexure-II shall be obtained.

Identities of the customers (natural persons) and ultimate beneficial owners (natural persons) of legal
entities shall be verified from relevant authority’s databases i.e.; NADRA for HBL Pakistan. Other reliable,
independent sources may also be used, for example, information bureaus such as WorldCheck (where
necessary). Copies of all reference documents used for identification and verification shall be retained
on record.

In Pakistan, the Bank shall conduct biometric verification for all Pakistani citizens and Afghan refugees
holding Proof of Registration (PoR) Cards before establishing new relationships, except in cases where
allowed by the SBP as set out in the FAQs on use of biometric technology, issued via its BPRD Circular
Letter 20 of 2017. Other countries should conduct identity verification as per their local regulatory
requirements.

Identification and verification using non face to face methods such as digital onboarding may be applied,
in accordance with home/host country standards.

4.1.1. Identification & Verification of Natural Persons Acting on Behalf of Customer

In cases where a natural person(s) is acting on behalf of another customer, for example in cases
involving a mandate, a power of attorney, as an authorized agent/representative or for cases
involving legal customers or arrangements, the bank shall identify and verify such natural persons
using the prescribed methods and record the same in the system. Moreover, the bank shall seek
information regarding:

▪ The name, legal form and proof of existence,

▪ Powers (legal basis or authority) that regulate and bind the legal person or arrangement, as
well as the names of the relevant persons having a senior management position in the legal
person or arrangement.
▪ The address of the registered office and if different, a principal place of business.

In addition, the bank shall also seek to understand the nature of the customer’s business and
ownership & control structure.

4.1.2. Identification & Verification of Ultimate Beneficial Owners (UBO) of Legal Entities &
Arrangements
Reasonable measures shall be taken to obtain information for identification and verification of
the identities of the ultimate beneficial owner(s) in relation to a customer, using relevant
information or data obtained from reliable sources. UBOs, in relation to a customer, are identified

Page | 12
as those holding 25% or more shares, voting rights or exercise controls, either directly or
indirectly, in the legal entity/arrangement.

For legal persons, HBL shall identify the customers and verify their identity by obtaining the
information as set out in the relevant AML/CFT/CPF procedures manual in each country.

In case there is doubt as to whether the person(s) with controlling ownership interest is/are the
ultimate beneficial owner(s) or where no natural person exerts control through ownership
interests, the identity of the natural persons (if any) exercising control of the legal person or
arrangement shall be identified and verified through other means. Where no natural person is
identified, the identity of the relevant natural person who holds the position of senior managing
official shall be verified along with other due diligence measures.

For customers that are legal arrangements, Bank shall identify and take reasonable measures to
verify identity of beneficial owners through following information:

▪ For trusts; identity of the settlor, trustee(s), protector (if any), beneficiaries or class of
beneficiaries, and any other natural person exercising ultimate effective control over the trust
(including through a chain of control/ownership as ascertained during CDD/EDD.
▪ For other types of legal arrangements, identity of the persons in equivalent or similar
positions.
▪ If either of the above are also legal arrangements, then the identification and verification of
the beneficial owner of that legal arrangement will also be performed.

Bank shall obtain the ultimate beneficial ownership information from legal entities, i.e.; natural
persons or individuals who ultimately own or control the company, that are required to maintain
such information.

In case of an entity with abbreviated name or title, the bank shall satisfy itself that the subject
name/title is in accordance with the constituent documents of the entity. No account/relationship
shall be allowed in abbreviated name in cases where entity has its complete name (non-
abbreviated) in the constituent documents.

For customers whose accounts are dormant, the bank may allow credit entries in such accounts
without changing their dormancy status. Debit transactions/withdrawals shall not be allowed
until the account is activated on the request of the account holder. However, this restriction shall
not apply to permissible debits, i.e.; debits under the recovery of loans, markup, permissible bank
charges, government duties & levies, and instructions issued under any law or from a court of law.

Before activation, the bank shall conduct biometric verification of the account holder, and review
and update KYC/Customer Information File (CIF) in the system. Bank may use NADRA Verisys and
a formal request as per permitted modes of communication (for example, through registered
email address, mobile number or written request) for activation of dormant account by
customers. Bank should retain NADRA Verisys for record keeping requirements (digitally or hard
copy). International Branches shall follow the dormant account activation process as per
regulatory guidelines applicable in their respective jurisdiction. However, an identification process
should be in placed before activation of account, at minimum.

Page | 13
 4.1.3. Timing of Verification
Verification of identity of the customers and beneficial owners must be completed before
business relations are established. Hence, the process with respect to Annexure I & II must be
completed before establishment of any business relationship. For accounts opened via branches,
biometric verification needs to be performed before opening the account. However, for Digital
Account Opening (DAO) the time frame for biometric verification of account a prescribed by the
SBP and failure to complete this verification will lead to account being blocked for debit
transactions until the requirement for biometric verification is complied with.

4.2. Due Diligence Standards

Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) is a risk driven process of obtaining
and reviewing sufficient information about a customer to reasonably ascertain the customer’s account
activities and the associated inherent AML risks. This assessment process facilitates assignment of a client
risk rating and determines appropriate level of scrutiny required. CDD/EDD measures are applied when:

▪ Establishing business relationship,

▪ Dealing with occasional/walk-in customers (in which case their CNIC numbers or local identity
number in other countries shall be captured in the system),
▪ There is suspicion of money laundering/financing of terrorism regardless of threshold, and
▪ There are doubts about the veracity or adequacy of previously obtained customer identification
information.

4.2.1. Client Risk Assessment & Profiling

HBL shall risk assess each customer before classifying them on different risk levels based on the
quantified risk scoring/Rule based model. HBL’s Customer Risk Rating Methodology (CRRM) is
based on two assessment models, as follows:

Rule Based Assessment Model: Customers high risk by default (including those with specific
criteria of client acceptance) for which the first line of defense must conduct EDD.

Algorithm Based Assessment Model: Customer’s risk rated based on the following factors:

▪ Customer Profiles
▪ Geographic Risks
▪ Delivery Channels
▪ Products and Services

These factors lead to each customer being rated as high, medium or low, based on the score
assigned at the time of on-boarding/periodic reviews/event-based reviews.

4.2.2. Enhanced Due Diligence (EDD)

EDD measures are called for when the bank assesses a customer to be inherently high risk,
requiring the bank to obtain additional information or enhance the applied level of controls, as
the case may be.

HBL shall apply EDD measures which shall include but not be limited to one or more of the
following measures:

Page | 14
▪ Obtaining information on the customer (e.g., occupation, volume of assets, information
available through public databases, internet, etc.), and updating identification data of the
customer and beneficial ownership;
▪ Obtaining information on the intended nature of the business relationship/ transactions;
▪ Obtaining information on the source of funds or source of wealth of the customer;
▪ Obtaining additional information on the reasons for intended or performed transactions and
purpose of transaction;
▪ Taking necessary measures to establish the source of funds and wealth involved in the
transaction or business relationship to be satisfied that they do not constitute the proceeds
from/for crime
▪ Obtaining approval of the senior management (GM and above) to commence or continue the
business relationship or execute the high-risk financial transaction.
▪ Clearance from Compliance through CCO or his/her delegate wherever required, who may be
Head FCC, Head Regulatory or any direct report of the CCO in-line with the Risk Appetite, or
any additional clearance requirement under this policy;
▪ Conducting enhanced monitoring of the business relationship by reviewing its nature and
frequency of controls applied and selecting patterns of transactions that need further
examination
▪ Where available, requiring the first payment to be deposited through an account in the
customer’s name with a bank subject to similar CDD standards.
▪ Significant information and documents that are required to be obtained at the time of
performing EDD in connection with the essential data points and checks are listed in the table
below:

ENHANCED DUE DILIGENCE MATRIX

Customer Type Risk Approval Level Type of Document & Process

Politically Exposed Default EDD – Business For Individuals Only:
Persons (PEPs) High Group Head and Source of Wealth (Accumulated)
Foreign Nationals Default Clearance from
Head FCC ▪ Wealth Return, or
(Non-Residents) High
▪ Inheritance or property
Unemployed High Risk – EDD & documents, or
Conditional
Approval of ▪ Self-declaration as per
High
Business Head Annexure III, or
Individuals

▪ Any Supporting Document

High Net Worth and Conditional High Risk – EDD &
Ultra High Net High Approval of Source of Funds / Income
Worth Individuals Business Head ▪ Bank Statement, and
Landlords Conditional High Risk – EDD & ▪ Assessment of tax or wealth
High Approval of return
Business Head Address Verification
Self Employed Conditional High Risk – EDD & ▪ Utility Bills, or
High Approval of ▪ Rental Agreement, or
Business Head

Page | 15
 Customer Type Risk Approval Level Type of Document & Process
Minor Conditional High Risk – EDD & ▪ Property Document
High Approval of
First transaction through banking
Business Head
Channel
Student Conditional High Risk – EDD &
▪ Cheque/ Payment instruments
High Approval of
for transfer/ clearing containing
Business Head
the details or information on
Housewife Conditional High Risk – EDD & paper.
High Approval of ▪ If there is no other account to
Business Head execute the first transaction
through banking channel, an
Non-Resident Conditional As per Country Risk undertaking to be obtained as
(Nationals) High Guidelines per Annexure IV
Foreign Nationals Conditional As per Country Risk Adverse Media
(Resident) High Guidelines ▪ WorldCheck reports

Money Service For Legal Entities only

Businesses EDD – Business
Controlling Person:
(MSB)/Money or Default Group Head and
Value Transfer High Clearance from ▪ Identity Documents
Service Businesses Head FCC ▪ Sanctions Screening
(MVTS)
Operating Locations and Customer
Vostro Accounts Default EDD – Business Type (Walk In/Referral/Solicited)
(Financial High Group Head and
▪ Only Information to be
Institution) Clearance from
Head FCC obtained.
Hedge Funds Default EDD – Business Government Approval where
High Group Head and needed, based on entity type
Clearance from (Foreign / Local / Private / Public),
Head FCC for NGO / NPO / Trusts etc.
Business

Private Default EDD – Business ▪ Approval as per applicability,

Equity/Venture High Group Head and such as Ministry of Interior,
Capital Businesses Clearance from Economic Affairs Division etc.
Head FCC
Source of Donation
Investment Advisors Default EDD – Business
High Group Head and ▪ Supporting Documents
Clearance from
Head FCC Names of Major Donors (Charitable
Institutes & Organizations)
Mutual Funds Default EDD – Business
High Group Head and ▪ List of Donors with Addresses
Clearance from Details of foreign students in
Head FCC relation to Madaris? If yes, details
Credit Card Services Default EDD – Business ▪ Details with nationality, and
Companies High Group Head and ▪ Identity details
Clearance from
Head FCC

Page | 16
 Customer Type Risk Approval Level Type of Document & Process
Precious Metals / Default EDD – Business ▪ In case of any Sanctions hit,
Gems / Jewelers High Group Head and customer will not be onboarded
Clearance from or will be de-risked.
Head FCC
Source of Funds / Income
Authorized/Licensed Default EDD – Business
▪ Bank Statement
Arms & Ammunition High Group Head and
Clearance from
Address Verification
Head FCC
▪ Physical Verification Reports
Arts Default EDD – Business
Galleries/Dealers High Group Head and First transaction through banking
Clearance from channel
Head FCC ▪ Cheque/ Payment instruments
Rent a car Service Default EDD & Approval for transfer/ clearing containing
High from Business Head the details or information on
paper.
Hotels & Other Default EDD & Approval ▪ If no other account to execute
accommodation High from Business Head the first transaction through
Used Car Dealer Default EDD & Approval banking channel, an
High from Business Head undertaking that customer has
no existing/previous banking
Real Estate / Default EDD & Approval relationship with reasoning
Construction High from Business Head
Adverse Media
Travel Agent / Default EDD & Approval
Operator High from Business Head ▪ WorldCheck reports

General Trading Default EDD & Approval Vostros & MSBs

High from Business Head
▪ Wolfsburg or internal
Trade Customers Conditional As per Risk Profiling questionnaire
High Mechanism of SBP ▪ Identification documents of
TBML guidelines Directors and UBOs
subject to EDD ▪ AML policy statement
along with Business ▪ Assessment through AML Call
Head Approval/ ▪ Physical visit for MSBs, as
AML Clearance required.
NGO, INGO, Trust EDD - Business
Default Group Head and
High clearance from
Head AML
Legal Structure

Charity, Clubs, Default EDD - Business

Association High Group Head and
clearance from
Head AML
Madrasah / Masjid / Default EDD - Business
Religious Entities High Group Head and
clearance from
Head AML

Page | 17
 Customer Type Risk Approval Level Type of Document & Process
Off-shore Entities Default EDD & Approval of
High Business Head
Free Zone Offshore Default EDD & Approval of
High Business Head
Free Zone Onshore Default EDD & Approval of
High Business Head
Branch Default EDD & Approval of
Office/Liaison Office High Business Head
of entities
incorporated abroad
Sole Proprietors Conditional EDD & Approval of
High Business Head
Embassies Conditional As per Country Risk
High Guidelines

Note: Any customer assessed as High Risk through Customer Risk Rating Mode through algorithm,
will also be subjected to same documentation requirement as described in above table under
individual or entity, as the case may be. The business head approval will also be required in such
High-Risk relationships.

4.2.3. Politically Exposed Persons (PEPs)

PEPs are individuals who are or have been entrusted with a prominent public function either
domestically or by a foreign country, or in an international organization and includes but is not
limited to:

▪ Domestic and foreign PEPs which include heads of state or of government, senior politicians,
senior government officials, judicial or military officials, senior executives of state-owned
corporations and important political party officials;
▪ Members of senior management or individuals who have been entrusted with equivalent
functions in international organizations

SBP states that middle ranking or more junior individuals in the above referred categories should
not be included in the definition of PEPs.

SBP requires that family members and close associates of PEPs also be subject to enhanced due
diligence. These are defined below:
▪ Family members of PEPs include direct family members, i.e.; spouses, siblings & lineal
descendants and ascendants of the PEP.
▪ Close Associates of PEPs include:
o Any individual(s) known to have joint beneficial ownership of a legal person or a legal
arrangement or any other close business relations with a PEP;
o Any individual(s) who have beneficial ownership of a legal person or a legal arrangement
which is known to have been set up for the benefit of a PEP;

Page | 18
 o Any individual(s) who is reasonably known to be closely connected with the PEP for any
other reason, including socially or professionally.

4.2.3.1. PEP Categorization

At minimum, following persons or beneficial owners of the account would be considered
as PEP including non-individual relationships. Taking a risk-based approach to PEP
onboarding, PEPs have been divided into two categories:

Category ‘A’: Political PEPs are PEPs that hold elected office and include

▪ Heads of States such as President and Prime Minister of Pakistan & Azad Jammu
Kashmir (AJK);
▪ Provincial Governors and Chief Ministers;
▪ Federal Ministers including Ministers of State and Provincial Ministers, including
those of AJK;
▪ Members of National Assembly, Senate and Provincial assemblies;
▪ Federal, State and Provincial Ministers and Advisors and Special Assistants to Chief
Ministers, Governors, President and Prime Minister;
▪ Heads of political parties at Federal or Provincial level and their central executive
committee or governing body members;
▪ Nazims and Mayors; and
▪ Heads and Leaders of Trade Unions.

This category requires approval from respective Group Business Head along with Head
FCC at the time of onboarding.

Category ‘B’: Service PEPs are PEPs that hold prominent government positions and
include:

▪ All Justices of Supreme Court, Federal Shariat Court and High Courts, Federal
Ombudsmen, Banking Ombudsmen.;
▪ Attorney General of Pakistan and Advocate Generals;
▪ Senior-most Federal and Provincial Secretaries;
▪ High Ranking Officials (3 star & above) of Armed Forces/Paramilitary, including:
o Pakistan Army: Equivalent to or above the rank of Lieutenant General (3 Star);
o Pakistan Navy: Equivalent to or above the rank of Vice Admiral;
o Pakistan Air Force: Equivalent to or above the rank of Air Marshal;
o Head of Pakistan Rangers;
▪ Heads (including Provincial Heads) and Deputy Heads of investigative agencies
including Intelligence Bureau, FIA, NAB, etc.;
▪ Divisional & Deputy Commissioners;
▪ All Inspector Generals of Police include IGs (Special Charge) and Additional Inspector
Generals of Police;
▪ Heads of state-owned enterprises, corporations and autonomous bodies such as PIA,
PSO, SSGC, PEPCO, OGDC, PPL, Civil Aviation, etc.;

Page | 19
 ▪ Heads of Government established Boards, Commissions, Bureaus, Authorities (such
as NADRA, WAPDA, NHA), Programs such as (BISP) and national level committees,
etc.;
▪ Heads of regulatory authorities, such as SECP, PTA, Election Commission, PEMRA,
NEPRA, OGRA, Competition Commission, and Bait-ul-mal, etc.;
▪ Governor and Deputy Governor of the State Bank of Pakistan;
▪ Chairman FBR (Federal Board of Revenue), Chief Commissioner Income Tax and
Collector of Customs;
▪ Vice Chancellors of Universities established under Government Acts;
▪ Heads of International Organization and agencies that exercise genuine political or
economic influence, e.g., UN, IMF, WB; WTO, ILO, etc.;
▪ Senior Diplomats i.e., Ambassadors, High Commissioners, Counsel General, Chargés
d’affaires only;
▪ Head of International and local sporting bodies e.g., FIFA, ICC, PCB, PHF, etc.;

The list above is non-exhaustive

This category has been further divided into three sub-categories under a defined process.

▪ “B1-Active Service PEPs”,

▪ “B2-Retired Service PEPs for less than 3 years” and
▪ “B3-Retired Service PEP for 3 years and more”

For Category ‘B’ cases, if any adverse media is found, the case shall be subject to Category
‘A’ approval process. All Category ‘B’ cases shall be approved by Senior Regional Chief
(SRC) and cleared by Head FCC at the time of onboarding.

The same principles for classification for both categories stated above would apply for
foreign PEPs.

4.2.3.2. Declassifying PEPs

Upon being classified as a PEP, the classification must be retained:

▪ At least five years for Category A - Political PEPs after the individual ceases to hold
office, and;
▪ At least three years for Category B – Service Level PEPs after the individual ceases to
hold office.

After the lapse of stated periods, PEP classification can be removed for PEPs where the
risks appear demonstrably reduced. This decision will also require approval from the
Group Business Head and the Head – FCC.

However, the following PEPs will remain PEPs without the option of declassification
throughout their life:

▪ Former Heads of State, President and Prime Minister

▪ Former Governors and Chief Ministers,
▪ Former Heads of Armed Forces

Page | 20
 Declassified PEPs will be marked as high-risk and continue to be monitored and risk-
assessed as per bank’s policy.

4.2.4. NGOs/NPOs/Charities
HBL shall conduct EDD (including obtaining senior management approval) while establishing
relationship with Non-Governmental Organizations (NGOs)/Not-for-Profit Organizations (NPOs)
and Charities to ensure that these accounts are used for legitimate purposes and the transactions
are commensurate with the stated objectives and purposes.

Accounts shall be opened in the name of relevant NGO/INGO/NPO as per their constituent
documents. The individuals who are authorized to operate these accounts and all members of
their governing bodies shall be subject to CDD separately. HBL shall ensure that these persons are
not affiliated with any proscribed/designated entity or person, whether under the same name or
a different name.

In case of advertisements through newspapers or any other medium, especially when bank
account number is mentioned for donations, Relevant Business segment shall ensure that title of
the account is same as that of the entity soliciting donations. In case of any difference, immediate
caution should be marked on such accounts by engaging relevant team in Operations and the
matter considered for filing Internal STR as per process mentioned in AML/CFT/CPF and Sanctions
Procedure document.

Personal accounts shall not be allowed to be used for charity purposes/collection of donations.

All existing relationships of NGOs/INGOs/NPOs/Charities shall be reviewed and monitored to

ensure that these organizations, their authorized signatories, members of their governing body
and the beneficial owners are not linked with any proscribed/designated entity or person,
whether under the same name or a different name. In case of any positive match, the bank would
consider filing STR and/or take other actions as per law.

Business shall ensure at the time of on-boarding and also during the relationship that:

▪ The entity has operations in line with the articles and memorandum/trust deed/rules etc.;
and
▪ The funds are utilized in the manner and in the areas as was stated in the documents and
recorded at the time of CDD.

4.2.5. Trade Finance Customers

Bank shall undertake CDD measures for asset side/trade finance customers as prescribed in the
AML/CFT/CPF Regulations and ensure monitoring of such customers with regard to ML/TF/PF
risks. The bank has also implemented SBP’s Framework for Managing Risk of Trade Based Money
Laundering (TBML) and Terrorist Financing (TF) which was issued in October 2019.

A dedicated Trade Compliance Advisory (TCA) Unit exists to facilitate the Business on trade
transactions. For all transactions being escalated, TCA ensures that appropriate controls are in
place to deal with TBML through a risk-based approach, which relates to analysis of the risks in
relation to the parties involved, the type of transaction and monetary values of the transaction
and other areas. TCA also ensures that due diligence is conducted at the time of trade advisory by

Page | 21
 acquiring relevant details such as details of local and international counter parties, line of business
of customer, nature of goods in which the client or counterparty is dealing in, and details on
counter party geographies, amongst others.

HBL must ensure that high risk customers are subjected to EDD and high-risk trade transactions
undergo more extensive documentary/diligence checks. The use of Trade Finance to obscure the
illegal movement of funds includes methods to misrepresent the price, quality or quantity of
goods. Generally, these techniques rely upon collusion between the seller and buyer, since the
intended outcome from such arrangements is obtaining a benefit in excess of what would be
expected from an arm’s length transaction. The transfer of value may be accomplished in a variety
of techniques as mentioned below:

▪ Over & under-invoicing of goods by the exporter;

▪ Multiple invoicing for goods;
▪ Over and under-shipment of goods;
▪ Describing goods on the invoice and other documentation as being of a higher quality than
actual;
▪ Supply of dual-use goods; and
▪ Third Party Payments.

In order to mitigate TBML risk, the bank must ensure that due diligence with reference to trade is
being conducted at the time of customer on-boarding by acquiring relevant details, which
includes, but is not limited to:

▪ Details of customer’s interest in trade products and services of the bank;

▪ Detail of local and international counterparties;
▪ Line of business of customer;
▪ Nature of goods in which client or counterparty is dealing in; and
▪ Detail of counterparty geographies.

The trade in dual-use items/goods, software and technology that can be used for both civilian and
military applications and/or can contribute to the proliferation of Weapons of Mass Destruction
(WMD) – is subject to controls to prevent the risks that these items may pose for both national,
international security and the bank. It is the responsibility of the first line of defense to potentially
identify the customers at the time of onboarding CDD/KYC customer who deal in such goods and
monitor them throughout the business relationship.

4.2.6. Trade Based Money Laundering

As per SBP Trade Based Money Laundering (TBML) Guidelines, bank is required to ensure that
risk-based approach is adopted while conducting CDD of trade-related customers. Bank shall
capture the relevant information about trade related activities of the customer and incorporate
it in the Customer’s Risk Profile giving due weightage to various risk factors. The assessment for
risk profiling may include, but is not limited to the following:

▪ The goods/services in which the customer usually trade in and prices thereof, where available;
▪ Customer’s key buyers and suppliers;
▪ Annual volume of trade transactions of customer;

Page | 22
 ▪ Trade cycle of the customer;
▪ The countries of origin of goods in which the customer trades;
▪ The jurisdictions/countries of business;
▪ Modes of transportation for goods;
▪ Port(s) of loading/discharge;
▪ Usual mode of trade and terms of payments;
▪ Related business concerns (domestic as well as international) and third parties such as
shipping agents, insurance companies, inspection companies etc.;
▪ Active membership of customer with Chamber of Commerce/Trade Association;
▪ Person(s) authorized to sign on behalf of customer;
▪ Legal structure of the customer;
▪ Ultimate beneficial owner of the customer/transactions along with his/her stakes in the trade
transactions, directly or indirectly; and
▪ Conduct of customer’s personal PKR/FCY Account.

The Control Framework to Manage Trade Related ML/TF Risks must include the following
components as base-line standards:

▪ Price related Due Diligence;

▪ Transaction level due diligence as per Foreign Exchange Manual;
▪ High Risk Transactions and Enhanced Due Diligence;
▪ Development and Maintenance of Goods related MIS;
▪ Transaction Monitoring;
▪ Suspicious Transaction Reporting;
▪ Technology Based Solutions;
▪ Staffing Requirements;
▪ Risk Awareness and Trade related ML/TF Risks Training;
▪ Collaboration with Stakeholders including Customs, Shipping Companies etc.; and
▪ Internal Audit as third line of defense.

4.2.7. Government Accounts & Accounts of Autonomous Bodies

Government accounts shall not be opened in the personal names of the government official(s).
Under the existing statutory and legal framework, no government ministry, division,
department/attached departments, and subordinate offices can operate their bank accounts
other than the principal account of the federal/ provincial government residing at the SBP. The
list of all such entities falling in the above-mentioned categories shall be available at the Finance
Division’s website, www.finance.gov.pk

HBL shall open and maintain accounts of autonomous bodies, incorporated under an act of
Parliament or the Companies Act 2017, after obtaining necessary approval/resolution from their
respective board/ governing bodies; or constituted through a cabinet resolution/ notification of
federal or a provincial government, after obtaining a no objection certificate (NOC) issued by the
Finance Division or relevant finance departments of the provinces, as the case may be with
respective Business Head sign-off.

Page | 23
4.2.8. Correspondent Banking
The bank shall take following measures in line with functions and powers prescribed under
relevant law, for providing correspondent banking services:

▪ Assess the suitability of respondent bank by taking following steps:

▪ Gather adequate information about the respondent bank to completely understand the
nature of the respondent bank’s business, including but not limited to the following, where
applicable:
▪ Major business activities;
▪ Their geographical presence/jurisdiction (country) of correspondence;
▪ AML policy;
▪ Information about the respondent bank’s management and ownership;
▪ ML/TF/PF prevention and detection measures;
▪ ML/TF/PF controls and procedures;
▪ Purpose for which the account or service shall be used;
▪ Identity of any third party that shall use correspondent banking services (i.e., in case of
payable through accounts); and
▪ Condition of the banking regulation and supervision in the respondent’s country.
▪ Determine from any available sources’ reputation of the respondent bank and, as far as
practicable, quality of supervision over the respondent bank, including where possible
whether it has been the subject of money laundering or financing of terrorism investigation
or regulatory action; and
▪ Assess respondent bank in the context of sanctions/embargoes and advisories about risks.
▪ Clearly understand and document the respective AML/CFT/CPF responsibilities of each bank;
▪ Obtain approval of senior management, before establishing new correspondent banking
relationship; and
▪ HBL shall not offer payable-through accounts nor shall it allow nesting of accounts;
▪ Bank shall apply enhanced due diligence when establishing or continuing correspondent
relationships with banks/financial institutions pertaining to high-risk countries & jurisdictions
as per the Financial Crime Country Risk Guidelines.
▪ HBL shall not enter into or continue correspondent banking relations with a shell bank and
shall take appropriate measures when establishing correspondent banking relations to satisfy
itself that respondent banks do not permit their accounts to be used by shell banks. HBL shall
further ensure that its platform is not used by any shell bank for execution or provision of
financial services.
▪ In case where HBL is availing correspondent banking services from a bank/financial institution
abroad, the CDD measures specified above shall be applied, as considered necessary to
mitigate ML/TF/PF risks.

4.2.9. Branchless Banking (BB)

BB provides a convenient and cost-effective alternative to conventional branch-based banking.
BB includes mobile wallet accounts, wallet-to-wallet transfers, account-to-person transfers,
person-to-person transfers, merchant and bill payments, cash in and cash outs, and receipt of
home remittances. Although branchless banking products are retail in nature, HBL offers these
products under a separate business segment in view of its rapid growth. BB accounts are for

Page | 24
individuals only and shall not be opened in the name of legal persons and legal arrangements,
high-risk customers and high-risk geographies as identified by the bank in the process of internal
ML/TF risk assessment. Risk-Based Customer Due Diligence include following:

▪ Risk Assessment and Mitigation: In line with SBP regulations, BB is a part of HBL’s IRAR
together with other business segments;
▪ Simplified Due Diligence: As per Branchless Banking Regulations, HBL shall adopt simplified
due diligence procedures for BB accounts, except:
o When there is a suspicion of money laundering or financing of terrorism;
o In case certain high-risk factors are identified by the SBP or by HBL in its own internal risk
assessment; or as per international standards viz-a-viz FATF Recommendations, etc.; or
o In relation to customers that are from or in jurisdictions which have been identified for
inadequate AML/CFT measures by FATF or identified by the bank itself having poor
AML/CFT standards, or otherwise identified by the SBP.
▪ For the purpose of Simplified Due Diligence, HBL shall:
o Categorize BB accounts in two levels; Level-0 (Basic Banking Account with low KYC
requirements and low transaction limits) and Level-1 (Entry Level account with simplified
KYC requirements commensurate with transaction limits);
o Onboard and monitor agents as per criteria laid down in “Framework for Branchless
Banking Agent Acquisition & Management’ issued vide BPRD Circular No. 06 dated 21st
June 2016, as amended from time to time. Agent accounts including level-2 account
holders shall be treated as full-fledged KYC/CDD accounts and are subject to SBP’s
AML/CFT Regime as amended from time to time;
o Not open BB accounts on behalf of other individuals and shall not allow operation in these
accounts to any individual on behalf of the account holder;
o Apply simplified Customer Due diligence (CDD) measures for level-0 and level-1 accounts.
The simplified CDD measures shall be commensurate with lower risk factors and these
procedures shall not be applicable on specific higher risk scenarios;
o Verify the identity of the customers before opening of their accounts;
o Not keep anonymous accounts or accounts in obvious fictitious names;
o Undertake CDD measures when there are doubts about the veracity or adequacy of
previously obtained customer identification data;
o Understand and, if required, obtain information on the purpose and intended nature of
the business relationship;
o Not allow agents to perform elements of CDD measures including identification of the
customer, identification of the beneficial owner and understanding the nature of business
to introduce business etc. Role of BB agent is only limited to facilitate the customers and
to forward their information to HBL through electronic channel. HBL shall conduct all CDD
measures by itself;
o Not open account where it is unable to comply with relevant CDD measures at the time
of account opening;
o Not conduct the transaction; and terminate the business relationship; and file Suspicious
Transaction Report (STR) in relation to a customer, where it is unable to comply with
relevant CDD measures at the time of performing the transactions of customers;

Page | 25
 o Not pursue the CDD process and instead file an STR, where the bank forms a suspicion of
money laundering or terrorist financing, and it reasonably believes that performing the
CDD process shall tip-off the customer; and
o Scrutinize transactions undertaken throughout the course of the relationship through
Automated Transaction Monitoring System (ATMS) to ensure that the transactions are
consistent with Bank’ knowledge of the customers, their business and risk profile,
including, where necessary, the source of funds; and report suspicious transaction
including attempted transactions to Financial Monitoring Unit (FMU) as per law.
▪ Types of BB Accounts: KYC requirements, transactional limits, record retention and Bank’s
responsibilities applicable to ‘level 0’and level ‘1’ accounts are tabulated in the Branchless
Banking Regulations issued by SBP which shall be covered in the Branchless Banking
Procedures;
▪ Domestic Funds Transfers: Minimum requirements applicable to funds transfer service for
Account to Person and Person to Person are tabulated in the Branchless Banking Regulations
which shall be covered in the Branchless Banking Procedures. Further/specific details are
covered in the internal procedures of Branchless Banking;

4.2.10. Wire Transfers/Fund Transfers

Wire/fund transfers are used to electronically transfer funds from one account to another, either
locally or across borders. The following requirements shall apply to HBL, as per functions and
powers prescribed under relevant law, during the course of sending or receiving funds by wire
transfer except for transfers and settlements between local banks where both are acting on their
own behalf as originator and the beneficiary of the wire transfers.

4.2.10.1. Responsibility as an Ordering Institution

▪ HBL as an ordering institution (whether for domestic or cross border wire transfer)
shall: identify and verify the originator and obtain details of beneficial owner(s) of
funds;
▪ Record adequate details of the wire transfer so as to permit its reconstruction,
including the date of the wire transfer, the type and amount of currency involved, the
value date, the purpose and details of the wire transfer beneficiary and the
beneficiary institution, and relationship between originator and beneficiary, as
applicable, etc;
▪ Include following information in the message or payment instruction which should
accompany or remain with the wire transfer throughout the payment chain:
o Name of the originator;
o Originator’s account number (or unique reference number which permits
traceability of the transaction);
o Originator’s applicable identity document number;
o Name of the beneficiary;
o Beneficiary’s applicable identity document number;
▪ Where several individual cross-border wire transfers from a single originator are
bundled in a batch file for transmission to beneficiaries, the batch file shall contain
required and accurate originator information (originator’s account number or unique

Page | 26
 transaction reference number) and full beneficiary information that is fully traceable
within the beneficiary country.

4.2.10.2. Responsibility as a Beneficiary Institution

▪ Verify identity of the beneficiary and record this information;
▪ Adopt risk-based internal policies, procedures and controls for identifying and
handling in-coming wire transfers that are not accompanied by complete originator
or beneficiary information. The incomplete originator or beneficiary information may
be considered as a factor in assessing whether to execute or terminate the
transaction, and in assessing whether the transaction is suspicious and merits
reporting to FMU; and
▪ Limit or prohibit relationships or transactions with institutions that do not comply
with the standard requirements set out for wire transfers.

4.2.10.3. Responsibility as an Intermediary Institution

▪ In passing onward, the message or payment instruction, maintain all the required
originator and beneficiary information with the wire transfer;
▪ Keep a record of all the information received from the ordering financial institution
or another intermediary financial institution, as per relevant record keeping
requirements;
▪ Take reasonable measures, which are consistent with straight-through processing, to
identify cross-border wire transfers that lack required originator information or
beneficiary information; and
▪ Have risk-based policies and procedures for determining when to execute, reject, or
suspend a wire transfer lacking required originator or beneficiary information.

4.2.11. Incomplete CDD Measures

In compliance with legal and regulatory requirements, in case the bank is not able to satisfactorily
complete required CDD measures, account shall not be opened, nor any service provided.
Consideration shall be given if the circumstances are suspicious so as to warrant filing of a
Suspicious Transaction Report (STR).

If the bank is unable to satisfactorily comply with CDD measures of an existing customer,
relationship shall be terminated and reporting of suspicious transaction be considered as per law.
Further, the bank shall serve a prior notice and record cogent reasons for terminating business
relationships.

In cases where the bank forms suspicion of money laundering, terrorist financing or other criminal
activity, and reasonably believes that performing the CDD process shall tip-off the customer, it
shall not pursue the CDD process, and instead file an STR with FMU (or as applicable in case of
international locations).

4.2.12. Employee Due Diligence

HBL has a comprehensive employee due diligence/screening policy and procedure in place to
ensure high standards and integrity which is followed at the time of hiring all employees, whether
permanent, contractual, or through outsourcing to ensure high standards. This includes but is not
limited to screening of all employees against lists of designated and proscribed individuals, on an

Page | 27
 ongoing basis, and maintaining proper record of screening. Accordingly, employees shall be
disqualified from service if they are designated/proscribed or associated directly or indirectly with
such persons.

The bank shall also ensure that no employee is or has been convicted, involved in any fraud,
forgery, financial crime etc. and is or was not associated with any illegal activities involving the
banking business, foreign exchange business, financial dealing or other employment. In this
regard, the bank shall obtain appropriate responses from candidates during their onboarding
process and verify their antecedents as per obtained information. Employees will be disqualified
from services if they have been found to have provided false information regarding their previous
employment or activities.

HBL shall ensure compliance with SBP’s Fitness & Proprietary Test (F&PT) criterion required for
sponsor shareholders & board approval and senior management.

4.2.13. Reliance on 3rd party Financial Institutions for CDD Measures

All CDD measures are to be carried out by HBL’s staff. The CDD measures as required under
Annexures I & II will not be carried out by a 3rd party Financial Institution, unless recommended
by the CCO and approved by the board. In such cases, the ultimate responsibility of the CDD
measures carried out will rest with HBL, including ongoing monitoring of transactions & reporting
of STRs/CTRs.

HBL shall also ensure that the 3rd party Financial Institution:

▪ Has appropriate measures in place for compliance with CDD, record keeping, data security
and privacy requirements as prescribed by SBP in its AML/CFT/CPF Regulations and other
instructions issued from time to time;
▪ Is a regulated, supervised and monitored Financial Institution;
▪ Is not located or based in a High-Risk Jurisdiction as per the bank’s Country Risk Rating
Methodology.

5. AML/CFT Monitoring
As per regulatory requirements and best international practices, the bank is required to implement a risk-
based AML/CFT/CPF monitoring mechanism, which is divided into different monitoring processes at various
stages of the customer life-cycle management.

5.1. Ongoing Monitoring (Customers & Transactions)

Ongoing Monitoring comprises of event-based and periodic review for customer relationships and
transactions.

5.1.1. Customer Screening

As part of the onboarding process, branches perform due diligence in line with this policy,
complying with the regulatory requirements. The due diligence process includes sanction
screening from the applicable sanction regimes as per the “Sanctions Compliance Policy” of the
bank. The process also encompasses screening of the local lists in the respective jurisdiction. (For
Pakistan – ATA proscribed persons).

Page | 28
5.1.2. Expired Identification Documents
With respect to HBL Pakistan, SBP has issued Regulations that allow banks to block accounts
without valid Identity Document (after serving one-month prior notice) for all debit transactions/
withdrawals, irrespective of mode of payment, until the subject regulatory requirement is
fulfilled. However, debit block from the accounts shall be removed upon submission of valid
identity document and verification of the same. However, in case of expiry of CNIC or other ID
documents in low-risk accounts, bank may allow continuity of relationship/operation in the
account after three months of the expiry. Bank shall obtain the ID renewed CNIC/ID documents
within the stipulated time period after three months from the date of expiry.

5.1.3. Ongoing Monitoring

HBL business segments/branches shall ensure that they update customer information as part of
the Customer Risk Profiling (CRP) on an ongoing basis. In addition, they shall also periodically
update the CDD information/profiles in respect of their customers and beneficial owners to
ensure that it is up to date, especially for higher risk categories as defined in this policy. Where
such profiles are revised, the underlying reasons for change will be documented and customers
will be contacted for provision of revised/updated information, or documents etc. as necessary.
Such revision may be on the basis of the bank’s own ongoing monitoring or on request of a
customer update their records such as their registered postal address, email address,
mobile/telephone numbers, or other information.

All business relations with customers shall be monitored on an ongoing basis in order to ensure
that the transactions are consistent with Bank’s knowledge of the customers, their business, risk
profile and the sources of funds/wealth.

Bank shall obtain information and examine, as far as possible, the background and purpose of all
complex, unusual large transactions, and all unusual patterns of transactions, which have no
apparent economic or visible lawful purpose. The background and purpose of these transactions
shall be inquired, and findings shall be documented with a view to making this information
available to the relevant competent authorities when required.

Bank shall periodically review the adequacy of information obtained in respect of customers and
beneficial owners, and ensure that the information is kept up to date, particularly for higher risk
categories of customers, as follows:

Risk Rating CDD/CRP update frequency

High Once every year
Medium Once every 2 years
Low Once every 3 years

The above defined review frequency is based on industry norms; however, this may change based
on any specific regulation and best practices with the approval of Chief Compliance Officer (CCO).

Regardless of predefined frequencies, if any material change in the relationship or customer’s

profile occurs, or observed, in terms of transaction volumes/pattern, address, etc., KYC review

Page | 29
 shall be triggered immediately. In relation to above review, customers’ profiles shall be revised
keeping in view the spirit of KYC(CDD/EDD) and the basis of revision documented; customers may
be consulted, if necessary.

HBL branches/businesses shall keep records of their customers updated with regard to their
postal and email address or registered mobile and landline number, for ensuring efficient and
reliable communications.

In case any account needs to be closed due to incomplete CDD, bank shall follow the usual account
closure process. Further, the business may escalate the matter to FCC as an internal STR if there
are obvious reasons to do so, including unusual and un-explainable large transactions. The bank
shall maintain a record in the shape of a central MIS, of all accounts involuntarily closed by
branches/business segments on CDD deficiencies.

If any of the local regulators in international locations do not allow termination of account on CDD
related deficiencies, branches may still raise internal STR/SAR with their respective AML Unit
based on the rationale mentioned above.

5.1.4. Transaction Monitoring

HBL has implemented adequate, reliable, efficient automated systems and technologies
proportionate to the ML/TF/PF risks posed to the bank’s business and operational models. The
current transaction monitoring system is FCCM Oracle 8.0.4 that provides risk-based transaction
monitoring. Based on the coverage assessment with known typologies and IRAR, HBL has
implemented AML/TF scenarios under different customer segments with dynamic parameters.

The parameters and scenarios are reviewed for stability and suitability commensurate to the
business/risk on ongoing basis. Transaction monitoring scenario/parameter optimization is an
important activity that should be performed at least annually.

A team of AML professionals under the AML Monitoring Department in FCC, Global Compliance
has been given the task to handle the alerts as per Standard Operating Procedures of the
Compliance Department. The team is required to:

▪ Pay special attention to all complex, unusually large transactions, and all unusual patterns of
transactions, which have no apparent economic or visible lawful purpose. The background
and purpose of such transactions shall, as far as possible, be examined, the findings
established in writing, which shall assist the relevant authorities in the inspection and
investigation.
▪ View transactions, which are out of character or are inconsistent with the history, pattern, or
normal operation of the account including through heavy deposits, withdrawals and transfers,
with suspicion, investigate properly and where required, report to FMU under the AML Act.

Any alerts that require investigation are escalated to case management for a SAR/No SAR
decision.

5.1.5. Reporting of Transactions (STRs/CTRs)

HBL shall:

Page | 30
 ▪ Comply with the provisions of Section 7 of the AML Act, rules and regulations issued for
reporting suspicious transactions/currency transactions in the context of ML/TF & PF.
▪ Implement appropriate internal policies, procedures and controls for meeting its obligations
under AML Act.
▪ Make use of technology and upgrade systems and procedures in accordance with the
changing profile of various risks. Accordingly, HBL has implemented automated Transaction
Monitoring Systems (TMS) capable of producing meaningful alerts based on pre-defined
parameters/thresholds and customer profile, for analysis and possible reporting of suspicious
transactions. Criteria for management of such alerts is available in the FCC Procedures
document.
▪ Place adequate number of analysts for monitoring and reporting purpose. Moreover, steps
shall be taken to develop knowledge and skills of staff and utilize technology solutions
required for effective Targeted Financial Sanctions (TFS) monitoring and reporting of
suspicious transactions.
▪ Ensure that STRs, including actual or attempted structured transactions, are reported
regardless of the amount of the transactions; and the CTRs are reported for the transactions
of rupees two million and above as per requirements of the AML Act.
▪ Document the basis of deciding whether an STR is being filed or not and keep on record
together with all internal findings and analysis done in relation to a suspicion irrespective of
the fact that transaction is subsequently reported or not.
▪ Strictly prohibit the employees to disclose the fact to the customer or any other quarter that
a suspicious transaction or related information is being or has been reported to any authority,
except if required by law. This shall be made part of Code of Ethics to be signed by employees
and directors of the bank.
▪ Not assign reporting of suspicious transactions/currency transactions in the context of money
laundering, financing of terrorism or financing of proliferation to outsourced employees.

5.2. Combating Financing of Terrorism (CFT) Desk and List Management

The Combatting Financing of Terrorism (CFT) function is responsible for CFT related controls along with
management and governance of relevant lists in compliance of legal & regulatory framework.

CFT Desk shall;

▪ Through adverse media and desktop review processes, analyze actual/potential terrorist incidents in
conjunction with country directly or indirectly for assessing the TF risk exposed through bank’s
customers, products, services or delivery channels and take appropriate measure that include
incident reporting to SBP & reporting of SAR to FMU (If warranted);
▪ Ensure that no new relationship should be established with Designated/Proscribed Individuals and
Entities directly or indirectly;
▪ Ensure that local and international relevant lists are updated timely and appropriate actions that
include regulatory reporting, freezing/de-freezing are undertaken timely in compliance of regulatory
& legal framework;

5.3. Use of personal accounts for business purposes

The bank shall not allow personal accounts to be used for business purposes except proprietorships,
small businesses and professions where constituent documents are not available and the bank is satisfied

Page | 31
 with KYC profile of the account holder, purpose of relationship and expected turnover of the account
keeping in view financial status and nature of business of that customer. The International Branches shall
follow regulatory guidelines in their respective jurisdictions which may be more stringent.

The first line of defense shall monitor such accounts/relationships to ensure that their turnovers remain
within the acceptable limits as per the bank’s procedures and where there is a turnover breach, either a
regular business account shall be opened immediately or having a valid rationale recorded in the
customer KYC comments or filing an internal STR as per the bank’s implemented process.

5.4. ML/TF Red Flags

Red Flags are risk indicators for ML/TF/PF; which are related, but not limited to customer profiles,
documentation, transactions, sanctions and goods. These must be analyzed and/or escalated, even if the
transactions otherwise appear in order. Such indicators may also be taken as a means of highlighting the
ways in which money may be laundered or financed for illegal/illegitimate activities. While each
individual situation may not be sufficient to suggest that ML/TF/PF is taking place, a combination of such
situations may be indicative of such transactions.

5.4.1. Transactions which do not make economic sense

▪ A customer-relationship that does not appear to make economic sense, for example, a
customer having a large number of accounts with the same financial institution, frequent
transfers between different accounts or exaggeratedly high liquidity;
▪ Transactions in which assets are withdrawn immediately after being deposited unless the
customer's business activities furnish a plausible reason for immediate withdrawal;
▪ Transactions that cannot be reconciled with the usual activities of the customer, for example,
the use of Letters of Credit and other methods of trade finance to move money between
countries where such trade is not consistent with the customer's usual business;
▪ Transactions which, without plausible reason, result in the intensive use of what was
previously a relatively inactive account, such as a customer's account which shows virtually
no normal personal or business-related activities but is used to receive or disburse unusually
large sums which have no obvious purpose or relationship to the customer and/or his
business;
▪ Provision of bank guarantees or indemnities as collateral for loans between third parties that
are not in conformity with market conditions;
▪ Unexpected repayment of an overdue credit without any plausible explanation; or
▪ Back-to-back loans without any identifiable and legally admissible purpose.

5.4.2. Transactions Inconsistent with the Customer’s Business

▪ The currency transaction patterns of a business show a sudden change inconsistent with
normal activities;
▪ A large volume of cashier’s cheques, money orders, or funds transfers is deposited into, or
purchased through, an account when the nature of the accountholder’s business would not
appear to justify such activity;
▪ A retail business has dramatically different patterns of currency deposits from similar
businesses in the same general location;
▪ Unusual transfers of funds occur among related accounts or among accounts that involve the
same or related principals; or

Page | 32
 ▪ Goods or services purchased by the business do not match the customer’s stated line of
business.

5.4.3. High Value Cash Transactions

▪ Large cash withdrawals made from a business account not normally associated with cash
transactions;
▪ Large cash deposits made to the account of an individual or legal entity when the apparent
business activity of the individual or entity would normally be conducted in cheques or other
payment instruments;
▪ Mixing of cash deposits and monetary instruments in an account in which such transactions
do not appear to have any relation to the normal use of the account;
▪ The deposit or withdrawal of cash in amounts which fall consistently just below identification
▪ The presentation of uncounted funds for a transaction. Upon counting, the transaction is
reduced to an amount just below that which would trigger reporting or identification
requirements;
▪ The deposit or withdrawal of multiple monetary instruments at amounts which fall
consistently just below identification or reporting thresholds, if any, particularly if the
instruments are sequentially numbered;
▪ Exchanging an unusually large number of small-denominated notes for those of higher
denomination;
▪ Purchasing or selling of foreign currencies in substantial amounts by cash settlement despite
the customer having an account with the financial institution;
▪ Frequent withdrawal of large cash amounts that do not appear to be justified by the
customer's business activity;
▪ Large cash withdrawals from a previously dormant/inactive account, or from an account
which has just received an unexpected large credit from abroad;
▪ Company transactions, both deposits and withdrawals, that are denominated by unusually
large amounts of cash, rather than by way of debits and credits normally associated with the
normal commercial operations of the company, e.g., cheques, letters of credit, bills of
exchange, etc.;
▪ Depositing cash by means of numerous credit slips by a customer such that the amount of
each deposit is not substantial, but the total of which is substantial;
▪ The deposit of unusually large amounts of cash by a customer to cover requests for bankers'
cheques, money transfers or other negotiable instruments;
▪ Customers whose deposits contain counterfeit notes or forged instruments;
▪ Customers making large and frequent cash deposits, but cheques drawn on the accounts are
mostly to individuals and firms not normally associated with their business; or
▪ Customers who together, and simultaneously, use separate branches/booths to conduct large
cash transactions or foreign exchange transactions.

5.4.4. Transactions involving structuring to avoid reporting or identification requirement

▪ Structuring transactions are conducted to evade reporting and identification requirements. A
person structures a transaction by breaking down a single currency sum exceeding the
specified threshold into smaller amounts that may be conducted as a series of transactions at
or less than a specified amount. Money launderers and criminals have developed many ways

Page | 33
 to structure large amounts of currency to evade the reporting and identification
requirements. Unless currency is smuggled out of a country or commingled with the deposits
of an otherwise legitimate business, any money laundering scheme that begins with a need
to convert the currency proceeds of criminal activity into more legitimate-looking forms of
financial instruments, accounts, or investments, will likely involve some form of structuring.
Bank employees should be aware of and alert to the following structuring schemes:
o A customer makes currency deposit or withdrawal transactions, so that each is less than
the CTR filing threshold;
o A customer uses currency to purchase official bank cheques, money orders, or traveler’s
cheques with currency in amounts less than the specified amount to avoid having to
produce identification in the process;
o Deposits are structured through multiple branches of the bank or by groups of people
who enter a single branch at the same time;
o A person customarily uses the automated teller machine capable of accepting deposits,
to make several deposits below a specified threshold;
o Multiple transactions carried out on the same day at the same branch of a financial
institution but with an apparent attempt to use different tellers; or
o The structuring of deposits through multiple branches of the same financial institution
or by groups of individuals who enter a single branch at the same time.
▪ In addition, structuring may occur before a customer brings the funds to the bank. In these
instances, the bank may be able to identify the aftermath of structuring. Deposits of money
instruments that may have been purchased elsewhere might be structured to evade the
reporting and record keeping requirements. These instruments are often numbered
sequentially in groups totaling less than the specified amount; bear the same handwriting (for
the most part) and often the same small mark, stamp, or initials; or appear to have been
purchased at numerous places on the same or different days.

5.4.5. Transactions involving accounts

▪ Accounts that receive relevant periodical deposits and are dormant at other periods. These
accounts are then used in creating a legitimate appearing financial background through which
additional fraudulent activities may be carried out;
▪ A dormant account containing a minimal sum suddenly receives deposit or series of deposits
followed by daily cash withdrawals that continue until the sum so received has been removed;
▪ When opening an account, the customer refuses to provide information required by the bank,
attempts to reduce the level of information provided to the minimum or provides information
that is misleading or difficult to verify;
▪ An account for which several persons have signature authority, yet these persons appear to
have no relation among each other (either family ties or business relationship);
▪ An account opened by a legal entity or an organization that has the same address as other
legal entities or organizations but for which the same person or persons have signature
authority, when there is no apparent economic or legal reason for such an arrangement (for
example, individuals serving as company directors for multiple companies headquartered at
the same location, etc.);

Page | 34
 ▪ An account opened in the name of a recently formed legal entity and in which a higher-than-
expected level of deposits are made in comparison with the income of the promoter of the
entity;
▪ The opening by the same person of multiple accounts into which numerous small deposits are
made that in aggregate are not commensurate with the expected income of the customer;
▪ An account opened in the name of a legal entity that is involved in the activities of an
association or foundation whose aims are related to the claims or demands of a terrorist
organization;
▪ An account opened in the name of a legal entity, a foundation or an association, which may
be linked to a terrorist organization and that shows movements of funds above the expected
level of income;
▪ Matching of payments out with credits paid in by cash on the same or previous day;
▪ Substantial increases in deposits of cash or negotiable instruments by a professional firm or
company, using client accounts or in-house company or trust accounts, especially if the
deposits are promptly transferred between other client company and trust accounts;
▪ High velocity of funds through an account, i.e., low beginning and ending daily balances, which
do not reflect the large volume of funds flowing through an account;
▪ Multiple depositors using a single account;
▪ Accounts opened in the name of an exchange company that receives structured deposits; or
▪ Accounts operated in the name of an offshore company with structured movement of funds.

5.4.6. Transactions involving transfers to and from abroad

▪ Wire transfers ordered in small amounts in an apparent effort to avoid triggering
identification or reporting requirements;
▪ Wire transfers to or for an individual where information on the originator, or the person on
whose behalf the transaction is conducted, is not provided with the wire transfer, when the
inclusion of such information would be expected;
▪ Use of multiple personal and business accounts or the accounts of non-profit organizations or
charities to collect and then funnel funds immediately or after a short time to a small number
of foreign beneficiaries;
▪ Foreign exchange transactions that are performed on behalf of a customer by a third party
followed by wire transfers of the funds to locations having no apparent business connection
with the customer or to countries of specific concern;
▪ Transfer of money abroad by an interim customer in the absence of any legitimate reason. An
interim customer is one who is not a regular customer of the financial institution in question,
or does not maintain an account, deposit account, safe deposit box, etc.;
▪ A customer which appears to have accounts with several financial institutions in the same
locality, especially when the financial institution is aware of a regular consolidated process
from such accounts prior to a request for onward transmission of the funds elsewhere;
▪ Repeated transfers of large amounts of money abroad accompanied by the instruction to pay
the beneficiary in cash;
▪ Large and regular payments that cannot be clearly identified as bona fide transactions, from
and to countries associated with (i) the production, processing or marketing of narcotics or
other illegal drugs or (ii) criminal conduct;

Page | 35
 ▪ Substantial increase in cash deposits by a customer without apparent cause, especially if such
deposits are subsequently transferred within a short period out of the account and/or to a
destination not normally associated with the customer;
▪ Building up large balances, not consistent with the known turnover of the customer's
business, and subsequent transfer to account(s) held overseas;
▪ Cash payments remitted to a single account by a large number of different persons without
an adequate explanation;
▪ Funds transfer activity occurs to or from a financial secrecy haven without an apparent
business reason or when the activity is inconsistent with the customer’s business or history;
▪ Many small, incoming transfers of funds are received, or deposits are made using cheques
and money orders. Almost immediately, all or most of the transfers or deposits are wired to
another city or country in a manner inconsistent with the customer’s business or history;
▪ Incoming funds transfers with limited content and lack of remitter’s information; or
▪ Unusually large number and variety of beneficiaries are receiving funds transfers from one
company;

5.4.7. Investment Related Transactions

▪ Purchasing of securities to be held by the financial institution in safe custody, where this does
not appear appropriate given the customer's apparent standing;
▪ Requests by a customer for investment management services where the source of funds is
unclear or not consistent with the customer's apparent standing;
▪ Larger or unusual settlements of securities transactions in cash form; or
▪ Buying and selling of a security with no discernible purpose or in circumstances which appear
unusual.

5.4.8. Transactions Involving Unidentified Parties

▪ Provision of collateral by way of pledge or guarantee without any discernible plausible reason
by third parties unknown to the financial institution and who have no identifiable close
relationship with the customer;
▪ Transfer of money to another financial institution without indication of the beneficiary;
▪ Payment orders with inaccurate information concerning the person placing the orders;
▪ Use of pseudonyms or numbered accounts for effecting commercial transactions by
enterprises active in trade and industry;
▪ Holding in trust, shares in an unlisted company whose activities cannot be ascertained by the
bank; or
▪ Customers who wish to maintain a number of trustee or clients' accounts that do not appear
consistent with their type of business, including transactions that involve nominee names.

5.4.9. Transactions Involving Embassy and Foreign Consulate Accounts

▪ Official embassy business is conducted through personal accounts;
▪ Account activity is not consistent with the purpose of the account;
▪ Accounts are funded through substantial currency transactions; or
▪ Accounts directly fund personal expenses of foreign nationals without appropriate controls.

Page | 36
5.4.10. Characteristics of the Customer or His/ Her Business Activity
▪ Funds generated by a business owned by individuals of the same origin or involvement of
multiple individuals of the same origin from countries of specific concern acting on behalf of
similar business types;
▪ Shared address for individuals involved in cash transactions, particularly when the address is
also a business location and/or does not seem to correspond to the stated occupation (for
example student, unemployed, self-employed, etc.);
▪ Stated occupation of the transactor is not commensurate with the level or type of activity (for
example, a student or an unemployed individual who receives or sends large numbers of wire
transfers, or who makes daily maximum cash withdrawals at multiple locations over a wide
geographic area);
▪ Regarding non-profit or charitable organizations, financial transactions for which there
appears to be no logical economic purpose, or in which there appears to be no link between
the stated activity of the organization and the other parties in the transaction;
▪ A safe deposit box is opened on behalf of a commercial entity when the business activity of
the customer is unknown, or such activity does not appear to justify the use of a safe deposit
box; or
▪ Unexplained inconsistencies arising from the process of identifying or verifying the customer
(for example, regarding previous or current country of residence, country of issue of the
passport, countries visited according to the passport, and documents furnished to confirm
name, address and date of birth).

5.4.11. Transactions Linked to Locations of Concern

▪ Transactions involving foreign currency exchanges that are followed within a short time by
wire transfers to locations of specific concern (for example, countries designated by national
authorities, FATF High Risk countries and territories, etc.);
▪ Deposits are followed within a short time by wire transfers of funds, particularly to or through
a location of specific concern (for example, countries designated by national authorities, FATF
High Risk and territories, etc.);
▪ A business account through which a large number of incoming or outgoing wire transfers take
place and for which there appears to be no logical business or other economic purpose,
particularly when this activity is to, through or from locations of specific concern;
▪ The use of multiple accounts to collect and then funnel funds to a small number of foreign
beneficiaries, both individuals and businesses, particularly when these are in locations of
specific concern;
▪ A customer obtains a credit instrument or engages in commercial financial transactions
involving movement of funds to or from locations of specific concern when there appears to
be no logical business reasons for dealing with those locations;
▪ The opening of accounts of financial institutions from locations of specific concern; or
▪ Sending or receiving funds by international transfers from and/or to locations of specific
concern.

5.4.12. Miscellaneous Transactions

▪ Purchase of bank cheques on a large scale by an interim customer;

Page | 37
 ▪ Extensive or increased use of locker facilities that do not appear to be justified by the
customer's personal or business activities;
▪ Lockers are used by individuals who do not reside or work in the institution’s service area
despite the availability of such services at an institution closer to them;
▪ Unusual traffic patterns in the lockers area. For example, more individuals may enter, enter
more frequently, or carry bags or other containers that could conceal large amounts of
currency, monetary instruments, or valuable items;
▪ A customer rents multiple lockers to park large amounts of currency, monetary instruments,
or high-value assets awaiting conversion to currency, for placement into the financial system;
▪ Loans are made for, or are paid on behalf of, a third party with no reasonable explanation;
▪ To secure a loan, the customer purchases a certificate of deposit using an unknown source of
funds, particularly when funds are provided via currency or multiple monetary instruments;
▪ A customer purchases several open-end stored value cards for large amounts. Purchases of
stored value cards are not commensurate with normal business activities;
▪ Suspicious movements of funds occur from one financial institution to another, and then
funds are moved back to the first financial institution;
▪ Purchase of real estate on price higher that the determinable value; or
▪ A series of purchases of real estate within relatively short span of time.

6. Sharing Information at Group Level

Branches outside Pakistan need to add in their policies the following protocols as per their local legal &
regulatory requirements, as follows:

▪ Policies and procedures for sharing information at a group level required for the purposes of CDD and risk
management;
▪ The provision, at group-level compliance, audit, and/or AML & CFT functions, of customer, account, and
transaction information from branches and subsidiaries when necessary for AML & CFT purposes.
▪ Adequate safeguards on the confidentiality and use of information exchanged at group-level, including
safeguards to prevent tipping-off.

All subsidiaries should be guided by and shall aim to follow the above guidelines subject to their respective
Boards and local regulations. However, sharing of customers’ and supervisory information shall only be
possible wherever legal statutes of a country permit the same.

7. Training & Development

Adequate training and development of staff is a key factor in their growth and success, enabling and equipping
them to perform their assigned tasks with the tools they need. Adequately training and developing the bank’s
staff in the areas of AML/CFT/CPF is recognized as a core focus area by the Board and Management.

The bank has implemented a suitable annual training program for relevant employees, which is developed
after a formal training needs assessment in the area of AML/CFT/CPF. The Annual Training Program ensures
training sessions are conducted for sponsor shareholders, BoD, senior management, line management, and
field staff.

HBL ensures that content of training and methodology used is updated with regard to emergent risks
identified by the bank through IRAR, updates on National Risk Assessment (NRA) threats & vulnerabilities,

Page | 38
 update on international standards and best practices including by FATF in the area of AML/CFT/CPF,
regulatory/ supervisory updates, update on legal framework, issuance and sharing of guiding documents and
analysis by government specially FMU, MOFA, NACTA in the areas of AML/ CFT/ CPF.

Training is imparted to improve knowledge and skills of Bank staff in the area of AML/CFT/CPF. Training to
employees directly/indirectly responsible for AML/CFT/CPF enables them to understand new developments,
money laundering and financing of terrorism techniques, methods and trends. The training includes their
responsibilities relating to AML/CFT especially requirements relating to TFS, CDD and analysis of abnormal
/out of pattern transactions and alerts generated thereof for possible reporting of suspicious transactions.
HBL realizes that the relevant AML/CFT training combined with optimum use of technology is becoming
inevitable due to ever changing nature of methods and trends in illicit activities. It is also important to test the
capability and knowledge of the relevant staff on periodic basis. Therefore, HBL also uses online trainings and
AML/CFT tests of varying nature that are available in the market offering opportunity for banks to equip their
staff with relevant skills as per respective roles and responsibilities within the institution.

HBL, from time to time, also plans and arranges outreach and awareness sessions covering ML/TF/PF risks and
the AML/ CFT obligations including TFS for TF & PF and STR/CTR for its staff. These outreach and awareness
sessions also take feedback from the staff regarding any issues in implementing AML/CFT/CPF procedures for
improvements in design that adequately cover the risks while ensuring ease of implementation.

8. Record Management
Records are a vital part of the CDD process, and adequate record capturing, refresh and retrieval are vital
when it comes to ensuring compliance with regulatory requirements. Records also form vital evidence for law
enforcement when investigating accounts and account holders for possible involvement in ML/TF/PF
activities. Following are requirements for record management:

▪ The bank shall ensure compliance with the record keeping instructions for maintaining record of
documents and information obtained digitally or in hard form for CDD and other purposes;
▪ Records of identification data obtained through CDD process, including but not limited to copies of
identification documents, account opening forms, KYC forms, verification documents and other
documents along with records of account files and business correspondence, shall be maintained for a
period of ten years after the business relationship is ended. The identification records shall be maintained
in document as originals or copies attested by the bank.
▪ The bank shall maintain all records on transactions, both domestic and international, including the results
of any analysis undertaken (e.g., inquiries to establish the background and purpose of complex, unusual
or large transactions) and shall also keep and maintain all records related to STRs and CTRs filed by it for
a minimum period of ten years from completion of the transaction;
▪ For the purpose of STRs, all related customer records other than transactions, including those related to
account opening shall be retained even after 10 years of termination/closure of relationship.
▪ The records retained shall be sufficient to permit reconstruction of individual transactions including the
nature and date of the transaction, the type and amount of currency involved and the type and identifying
number of any account involved in the transactions so as to provide, when necessary, evidence if required
by Law Enforcement Agencies and other relevant authorities as per the law for prosecution of criminal
activity. The transaction records shall be maintained in paper or electronic form or on microfilm, as
admissible as evidence in a court of law.

Page | 39
▪ Those records where transactions, customers or accounts are involved in litigation, or where such records
are required by court or other competent authority shall be retained for longer period; until they are no
longer needed and the bank is given explicit permission to destroy these records;
▪ The bank shall satisfy itself in a timely manner, on any enquiry or order from the relevant competent
authorities including law enforcement agencies and FMU for supply of information and records as per law.

Page | 40
9. Annexures
Annexure-I
(List of Information Required for Customer Identity)

Basic Identification Information

▪ Full name as per identity document

▪ Mother’s Maiden name
▪ Date of Birth
▪ Place of Birth
▪ Permanent Address
▪ Identity document number, whichever applicable
▪ Date of expiry of applicable identity document

Other basic information

▪ Father/ spouse name as per identity document

▪ Date of issuance of applicable identity document
▪ Contact Number: Mobile Number (s)/ Land Line Number
▪ Purpose of account/ transaction/ business relation
▪ Beneficial ownership/ controlling rights

Other relevant Information for natural persons, as applicable

▪ Current/ Mailing Address

▪ Personal Email Address (as applicable)
▪ Nationality – Resident/ Non-Resident Status
▪ FATCA/ CRS Declaration, wherever required
▪ Profession/ Source of Income/ Funds: Salary, Business, investment income
▪ Next of Kin
▪ Attested Passport Size Photo (in case of Photo Account instructions)
▪ Live Photo (in case of digital onboarding)

Information for Legal Persons/ Legal Arrangements

▪ Registration/ incorporation number or business registration number (as applicable)

▪ Date of incorporation or registration of legal person or arrangement (as applicable)
▪ Place of incorporation or registration of legal person or arrangement (as applicable)
▪ National Tax Number (NTN)
▪ Nature of business, geographies involved and expected type of counter-parties (as applicable)
▪ Registered or business address
▪ Intended nature of business relations
▪ Purpose of account or transaction (where accounts are not maintained and transactions are done by walk
in/ occasional customers)
▪ Type of account/ financial transaction/ financial service
▪ Expected monthly credit turnover (amount and No. of transactions)

Page | 41
▪ Normal or expected modes of transactions/ delivery channels
▪ Wherever instructed/ advised, regulatory limits imposed such as: credit and debits/ deposit and
withdrawals/ execution of financial transaction/ types of financial services allowed/ restricted.

Additional Information in case of “Trusts”

▪ Whether the Trust is a Public Trust or Private Trust including foreign and national trust
▪ Trust Deed whereby the Trust has been created;
▪ Details of Settlor (this shall also be available in the Trust Deed);
▪ Objects of the trust (this shall also be available in the Trust Deed);
▪ Trustee of the trust (whether trustee is associated person of the settlor);
▪ Description of each class or type of beneficiary (this information may also be checked from Trust Deed);
▪ Details of any possibility of influence of any other person on trustee regarding management and control
of trust property;
▪ In the case of “Private Trust” if the beneficiary of a trust is also the beneficial owner of the trust,
identification and verification of the beneficiary is required otherwise the name and CNIC of each
beneficiary of a trust should be obtained.

Page | 42
 Annexure-II

Minimum Documents to be obtained for

Identification of Customer/ Occasional Customer

Sr. No. Type of Customers Documents/ papers to be obtained.

1) Individuals (including ▪ Copy of the applicable valid identity document

Walk in/ Occasional
customers)

2) Joint Account ▪ Copy of the applicable valid identity document for each joint account
holder
▪ In the case of joint accounts, CDD measures on all of the joint account
holders shall be performed as if each of them is an individual customer of
the Bank.

3) Sole ▪ Copy of the applicable valid identity document;

▪ Any one of the following documents:
Proprietorship
o Registration certificate for registered concerns
o Sales tax registration or NTN certificate, wherever applicable
o Certificate or proof of membership of trade bodies etc., wherever
applicable
o Declaration of sole proprietorship on business letterhead
o Account opening requisition on business letterhead

4) Small businesses and ▪ Copy of the applicable valid identity document of the account holder/s
professions including ▪ Any one of the following documents:
freelance o Registration certificate for registered concerns.
o Sales tax registration or NTN certificate, wherever applicable.
professionals
o Certificate or proof of membership of trade bodies etc., wherever
applicable.
o Proof of source of funds/ income

5) Partnership ▪ Copy of the applicable valid identity document of all partners and
authorized signatories
▪ All of the following documents:
o Attested copy of ‘Partnership Deed’ duly signed by all partners of the
firm.
o Attested copy of Registration Certificate with Registrar of Firms. In
case the partnership is unregistered, this fact shall be clearly
mentioned on the Account Opening Form.
o Authority letter, in original, signed by all partners for opening and
operating the account.

Page | 43
Sr. No. Type of Customers Documents/ papers to be obtained.

6) Limited Liability ▪ Copy of the applicable valid identity document of all partners and
Partnership authorized signatories
▪ All of the following documents:
(LLP)
o Certified Copies of:
▪ Limited Liability Partnership Deed/ Agreement
▪ LLP-Form-III having detail of partners/ designated partner in case
of newly incorporated LLP.
▪ LLP-Form-V regarding change in partners/ designated partner in
case of already incorporated LLP.
▪ Authority letter signed by all partners, authorizing the person(s)
to operate LLP account.
7) Limited Companies/ ▪ Copy of the applicable valid identity document of all directors and
Corporations authorized signatories
▪ Certified copies all of the following documents:
o Resolution of Board of Directors for opening of account specifying the
person(s) authorized to open and operate the account;
o Memorandum and Articles of Association;
o Certified copy of Latest ‘Form-A/Form-B’
o Incorporate Form II in case of newly incorporated company and Form
A/ Form C whichever is applicable; and Form 29 in already
incorporated companies
8) Branch Office or Liaison ▪ Copy of the applicable valid identity document of senior official and/ or
Office of Foreign authorized signatories
Companies ▪ All of the following documents:
o Copy of permission letter from relevant authority i.e.; Board of
Investment
o List of directors on company letterhead or prescribed format under
relevant laws/ regulations.
o Certified copies all of the following documents:
▪ Form II about particulars of directors, Principal Officer etc. in case
of newly registered branch or liaison office of a foreign company
▪ Form III about change in directors, principal officers etc. in already
registered foreign companies branch or liaison office of a foreign
company
o Letter from Principal Officer of the entity authorizing the person(s) to
open and operate the account.
9) Trust, Clubs, Societies ▪ Copy of the applicable valid identity document of:
and Associations etc. o All members of Governing Body/ Board of Directors/ Trustees/
Executive Committee, if it is ultimate governing body,
o all authorized signatories
o settlor, the trustee(s), the protector (if any), and the beneficiaries
o Declaration from Governing Body/ Board of Trustees/ Executive
Committee/ sponsors on ultimate control, purpose and source of
funds etc.
▪ Certified copies all of the following documents:
o Certificate of Registration/ Instrument of Trust

Page | 44
Sr. No. Type of Customers Documents/ papers to be obtained.

o By-laws/ Rules & Regulations

o Resolution/ Documentation of the Governing Body/ Board of
Trustees/ Executive Committee, if it is ultimate governing body,
authorizing any person(s) to open and operate the account
10) NGOs/ NPOs/ Charities ▪ Photocopy (after original seen) of the applicable identity documents of all
members of Governing Body/ Board of Directors/ Trustees/ Executive
Committee, if it is ultimate governing body, and authorized signatories.
▪ Certified copies all of the following documents:
o All relevant Registration documents/ Certificate of Incorporation/
license issued by SECP, as applicable
o Memorandum & Article of Association
o Incorporation Form II in case of newly incorporated company and
Form B-29 in case of already incorporated company
o Resolution of the Governing Body/ Board of Directors/ Trustees/
Executive Committee, if it is ultimate governing body, for opening of
account authorizing the person(s) to operate the account
▪ Annual accounts/ financial statements or disclosures in any form, which
may help to ascertain the detail of its activities, sources and usage of funds
in order to assess the risk profile of the prospective customer
11) Agents Accounts ▪ Copy of the applicable valid identity document of the agent and principal
▪ Certified copy of ‘Power of Attorney’ or ‘Agency Agreement’
▪ The relevant documents/ papers from Sr. No. 2 to 10, if agent or the
principal is not a natural person
12) Executors and ▪ Copy of the applicable valid identity document of the Executor/
Administrators Administrator
▪ Certified copy of Letter of Administration or Probate

13) Minor Accounts ▪ Copy of the applicable valid identity document of the minor and his/her
parent or natural or Court Appointed Guardian
▪ Certified copy of order of appointment of Guardian appointed by Court, if
applicable
14) Mentally Disordered ▪ Copy of applicable valid identity documents of mentally disordered person
Person Account and court appointed manager under the applicable laws related to mental
health
▪ Certified true copy of court order for appointment of manager for mentally
disordered person.
▪ Verification of identity document through biometric verification from
NADRA for both persons i.e.; mentally disordered person and the manager
appointed by court.
▪ Verification of court order from the concerned court (to be obtained by
bank).
▪ Account would be opened in the name of mentally disordered person and
the same will be operated by the court appointed manager.
▪ All CDD requirements should be conducted / completed for both persons
▪ In case of change of manager by the court, the CDD formalities will be
conducted for the new appointed manager by the bank afresh.

Page | 45
 Annexure III

(To be obtained from customers who do not have a formal wealth statement)

Date:

The Branch Manager

Habib Bank Limited
__________________________Branch

Subject: Declaration of Wealth

Dear Sir/Madam,

This refers to my account opening request at HBL, in the context of which I would like to inform you that there
is no formal document available with me to update you on my wealth. However, I hereby declare the following
details of wealth as follows, for the purpose of account opening:

1. Total Value of Assets owned: ______________________

a. Details of major Assets: (For example; bank balance, property, jewelry, cars, businesses etc.)
i. _______________________________________________________
ii. _______________________________________________________
iii. _______________________________________________________
iv. _______________________________________________________
v. ________________________________________________________
vi. ________________________________________________________

(Add more in case required)

2. Source of Wealth (For example; Inheritance, savings etc.): ______________________________________

3. Additional Information, if any: _____________________________________________________

Thanks,

Yours Sincerely,

________________________
Customer/Authorized Signatory

Page | 46
 Annexure IV

For Customers who do not maintain any account with any bank for conducting the first transaction
through a banking channel

Date:

The Branch Manager

Habib Bank Limited
__________________________Branch

Subject: First Payment by any channel other than own Cheque deposit

Dear Sir/Madam,

Due to the following reason (s), I cannot make initial deposit via check deposit in my new account no.
__________________ opened at HBL:

Please tick the relevant option

☐ I/we do not maintain an account in any bank.

☐ I/we do not maintain an account in any bank in Pakistan
☐ I/we will transfer the first payment through online banking from my/our account number ____________
maintain with ________________ (mention the name of the bank and account number)
☐ I/we am/are an existing customer of HBL and maintaining account no. _______________with
_______________ Branch
☐ Any other reason _________________________________________________________

Thanks,

Yours Sincerely,

________________________
Customer/Authorized Signatory

Page | 47
10. Definitions
As per AML/CFT/CPF Regulations, following definitions shall be adopted:

▪ “Act” means the Anti-Money Laundering Act 2010 as updated from time to time.
▪ “Bank” or “Banking Company” shall have the same meaning as under section 5 of the Banking
Companies Ordinance (BCO) 1962.
▪ “Banking Business” shall include the businesses stipulated under section 7 of BCO.
▪ “Banking” means the accepting, for the purpose of lending or investment, of deposits of money from
the public, repayable on demand or otherwise, and withdrawable by cheque, draft, order or
otherwise.
▪ “Beneficial Owner” shall have the same meaning as under section 2(iv) of the Act.
▪ “Beneficiary Institution” means the financial institution that receives the funds on behalf of the wire
transfer or fund transfer beneficiary.
▪ “Beneficiary” means the person to whom or for whose benefit the funds are sent or deposited in bank
or person who has beneficial interest in financial transaction to be executed.
▪ “Biometric Verification System” or “BVS” means the technology enabled system (verifiable from
NADRA or the relevant Government authority) that allows financial institutions to obtain biometrics
of the customers at the time of opening of account or conducting the transactions.
▪ “Branch” or “Branch Office” means any branch or branch office or other place of business of the bank,
authorized in terms of respective laws administered by SBP.
▪ “Business Relationship” shall have the same meaning as under section 2(v) of the Act.
▪ “Class of Beneficiaries” for beneficiary(ies) of trusts that are designated by characteristics or by class,
financial institutions shall obtain sufficient information concerning the beneficiary to satisfy the
financial institution that it shall be able to establish the identity of the beneficiary at the time of the
payout or when the beneficiary intends to exercise vested rights.
▪ “Close associate of a PEP” means—
o an individual known to have joint beneficial ownership of a legal person or a legal arrangement
or any other close business relations with a PEP;
o any individual(s) who have beneficial ownership of a legal person or a legal arrangement which is
known to have been set up for the benefit of a PEP; or
o an individual who is reasonably known to be closely connected with the PEP for any other reason,
including socially or professionally.
▪ “Company” shall have the same meaning as under section 2(vii) of the Act.
▪ “Competent Authorities” shall have the same meaning as under section 2(viii) of the Act.
▪ “Control” in relation to a legal person, means the power to exercise a controlling influence over the
management or the policies of the undertaking, and, in relation to shares, means the power to
exercise a controlling influence over the voting power attached to such shares.
▪ “Corporate Group” shall have the same meaning as under section 2(ix) of the Act.
▪ “Correspondent Bank” means the banks in Pakistan, which provide correspondent banking services
to banks or financial institution situated abroad and vice versa;
▪ “Correspondent Banking” means provision of banking services by one bank (correspondent) to
another bank (respondent) including but not limited to opening and maintaining accounts in different
currencies, fund transfers, cheque clearing, payable through accounts, foreign exchanges services or
similar other banking services.

Page | 48
▪ “Cross-Border Wire Transfer” means a wire transfer where the ordering institution and the beneficiary
institution are located in different countries or jurisdictions;
▪ “Currency Transaction Report (CTR)” shall have the same meaning as under section 2(xi) of the Act.
▪ “Customer” means a person (natural & legal) having relationship with the bank and availing financial
services from the bank which includes but not limited to holding of deposit/deposit certificate/or any
instrument representing deposit/placing of money with the bank, availing other financial services,
locker facility, safe deposit facility, or custodial services.
▪ “Deposit” shall include the deposits under Section 26A of BCO.
▪ “Designated Person (DP)” individual or entity designated under UNSC Act.
▪ “Domestic Wire Transfer” means any wire transfer where the originator and beneficiary institutions
are located in Pakistan regardless the system used to affect such wire transfer is located in another
jurisdiction.
▪ “Dormant or In-Operative Account” means the account in which no transaction has taken place during
the preceding one year.
▪ “Electronic Money Institution (EMI)” shall have the same meaning as under Section 2(1)(u) of Payment
Systems & Electronic Funds Transfer (PS&EFT) Act.
▪ “Exchange Companies” shall have the same meaning as under Sections 3, 3A and 3 AA of the Foreign
Exchange Regulations Act (FERA). SBP issues authorization/ license to REs known as ECs/ ECs-B to deal
in foreign exchange including foreign currency, foreign currency notes, transfers, coins, postal notes,
money orders, bank drafts, and traveler’s cheques to individuals only i.e., to natural persons. Since
ECs/ ECs-B don’t deal with legal person and legal arrangements and don’t maintain business
relationship (accounts) therefore those requirements in these regulations which pertains to legal
person and legal arrangement and business relationships shall not be applicable on them.
▪ “Family member of a PEP” includes—
o spouse of the PEP; and
o lineal descendants and ascendants of the PEP and siblings of PEP.
▪ “FATF Recommendations” mean the Recommendations of Financial Action Task Force as amended
from time to time.
▪ “Financial Institution” shall have the same meaning as under Section 2(xiv) of the Act.
▪ “FMU” means the Financial Monitoring Unit established under Section 6 of the Act;
▪ “Foreign Banking Company” means a banking company, not incorporated in Pakistan, which has a
branch or branches doing banking business in Pakistan under a license issued by SBP in this behalf.
▪ “Fund Transfer/ Wire Transfer” means any transaction carried out by financial institutions on behalf
of originator person by way of electronic means or otherwise to make an amount of money available
to beneficiary person at another beneficiary institution, irrespective of whether the originator and the
beneficiary are the same person.
▪ “Identity Document” means the following documents for identification of natural persons as
applicable:
o Valid CNIC/ SNIC/ NICOP/ SNICOP for Pakistani citizens;
o Valid Passport for foreign citizens;
o Valid POC for persons of Pakistani origin;
o Valid ARC for registered Aliens in Pakistan;
o Valid POR Card for Afghan refugees; and
o Valid Form-B/ Juvenile Card for Pakistani citizens who are minors.

Page | 49
▪ “Intermediary Institution” is an intermediary in the wire transfer payment chain; that receives and
transmits a wire transfer on behalf of the ordering institution and the beneficiary institution, or
another intermediary institution.
▪ “Microfinance Bank (MFB)” shall have the same meaning as under Section 2(ia) of Micro Finance
Institutions Ordinance 2001 (MFIO).
▪ “Monetary Threshold” expressed in Pakistani Rupees includes a reference to the equivalent amount
expressed in any other currency.
▪ “Money Laundering (ML)” shall have the same meaning as under Section 2 of the Act.
▪ “Non-Face to Face Transactions or business relationship” non-face-to-face interactions are considered
to occur remotely - meaning the parties are not in the same physical location and conduct activities
by digital or other non-physically present means, such as mail or telephone or internet.
▪ “Numbered Account” means account where the names of the customer and beneficial owner are
known to the bank but are substituted by an account number or code name in subsequent
documentation.
▪ “Occasional Customer” (also called walk in customer) means the person conducting occasional
transactions and is not a permanent customer; not having account/ permanent customer relationship
with the bank. For those SBP REs which do not maintain permanent customer relationship/ customer
accounts, every customer would be treated as occasional or walk in customer. Occasional/ Walk in
customers may have frequent visit for execution of transaction on counter of the bank.
▪ “Occasional Transactions” shall have the same meaning as under Section 2 (xxii) of the Act.
▪ “Online Transaction” means deposit or withdrawal of cash, fund transfers, payments against goods
and services, etc. using different branches of SBP REs through electronic means.
▪ “Ordering Institution” means the financial institution that initiates a wire transfer on the instructions
of the wire transfer originator for transferring the funds.
▪ “Originator” means the person who allows or places the order to initiate a fund transfer/ wire transfer
or an online transaction.
▪ “Outsourcing” means use of a third party (affiliated or un-affiliated) to perform activities, functions or
processes normally to save money, time and/or use the skills/technology of another entity on a
continuing basis that would normally be undertaken by the bank, now or in the future. However, it
does not cover consultancy services, purchase contracts for tangible/intangible items, for example,
contracts to purchase standardized products such as furniture, Software/IT solutions, ATM etc.
▪ “Payable-through Account” means an account maintained at the correspondent bank by the
respondent bank which is accessible directly by a third party to affect transactions on its own
(respondent bank’s) behalf.
▪ “Payment Services” mean the services that enable the customers to make payments for goods and
services, bill payments, fund transfers, cash deposit and withdrawal and any other service endorsed
by SBP from time to time.
▪ “Payment System” shall have the same meaning as under Section 2(1) (zd) of PS&EFT Act.
▪ “Politically Exposed Person (PEP)” means an individual who is or has been entrusted with a prominent
public function either domestically or by a foreign country, or in an international organization and
includes but is not limited to:
o for foreign PEPs, Heads of State or of government, senior politicians, senior government officials,
judicial or military officials, senior executives of state-owned corporations and important political
party officials;

Page | 50
 o for domestic PEPs, Heads of State or of government, senior politicians, senior government
officials, judicial or military officials, senior executives of state-owned corporations, important
political party officials;
o for international organization PEPs, members of senior management or individuals who have
been entrusted with equivalent functions; and
o Provided that middle ranking or more junior individuals in the above referred categories are not
included in the definition of PEPs.
▪ “Prescribed” means prescribed under applicable rules, circulars, directions, orders or by laws.
▪ “Proscribed Person (PP)” means an individual or entity proscribed under Anti-Terrorism Act 1997
(ATA)
▪ “PSOs/ PSPs” mean the same as defined in the Rules for PSOs/ PSPs issued and revised by SBP from
time to time.
▪ “Regulated Entities (REs)” mean financial institutions licensed/ authorized and regulated by the SBP
under any law administered by SBP, and includes:
o Banks;
o Development Finance Institutions (DFIs);
o Microfinance Banks (MFBs);
o Exchange Companies (ECs)/ Exchange Companies of ‘B’ Category (ECs-B);
o Payment Systems Operators (PSOs);
o Payment Service Providers (PSPs);
o Electronic Money Institutions (EMIs); and
o Third Party Payment Service Providers (TPSPs).
▪ “Regulations” means the AML/CFT/CPF Regulations for SBP REs
▪ “Respondent Bank” means the bank or financial institution outside Pakistan to whom correspondent
banking services in Pakistan are provided and vice versa.
▪ “Senior Management” means chief executive officer, managing director, deputy managing director,
chief operating officer, company secretary, chief financial officer, chief compliance officer, chief
regulatory officer, and any holder of such positions by whatever name called. REs many consider
Head of Regulatory Compliance reporting to Compliance Head or any direct reporting officer to
Compliance Head as part of “Senior Management”.
▪ “Settlor” are natural or legal persons who transfer ownership of their assets to trustees by means of
a trust deed or similar arrangement.
▪ “Shell Bank” means a bank that has no physical presence (mind and management) in the country in
which it is incorporated and licensed, and which is unaffiliated with a regulated financial group that is
subject to effective consolidated supervision.
▪ “State Bank of Pakistan (SBP)” means SBP established under Section 3 of the State Bank of Pakistan
Act, 1956 (XXXIII of 1956).
▪ “Third Party Payment Service Provider (TPSP)” shall have the same meaning as in SBP’s Regulations
for Mobile Banking Interoperability, updated from time to time.
▪ “Transfer” means sale, lease, purchase, mortgage, pledge, gift, loan or any other form of transfer of
right, title, possession or lien.
▪ “Trust” means an obligation annexed to the ownership of property and arising out of the confidence
reposed in and accepted by the owner or declared and accepted by him for the benefit of beneficiary.

Page | 51
▪ “Trustee” means any person who accepts the confidence of the author of the trust to the benefit of
the beneficiary.
▪ “Ultimate Effective Control” or” Ultimately Owns or Controls” means situations in which ownership/
control is exercised through a chain of ownership or by means of control other than direct control.

Other terms used in the policy but not defined here, shall have the same meaning as ascribed to them in
the Act. However, if not defined in the Act, shall have the meaning ascribed to them in the respective
laws/regulations/rules/circulars governing the subject.

Page | 52