OBLIGATIONS AND DECISIONS FOR COUNTRIES

1. 2.1Countries should have national AML/CFT policies which are informed by the risks identified, and are regularly reviewed.
2. 2.2Countries should designate an authority or have a co-ordination or other mechanism that is responsible for national AML/CFT policies.
3. 2.3Mechanisms should be in place to enable policy makers, the Financial Intelligence Unit (FIU), law enforcement authorities, supervisors and other relevant competent authorities to co-operate, and where appropriate, co-ordinate and exchange information domestically with each other concerning the development and implementation of AML/CFT policies and activities. Such mechanisms should apply at both policymaking and operational levels.
4. 2.4Competent authorities should have similar co-operation and, where appropriate, coordination mechanisms to combat the financing of proliferation of weapons of mass destruction.
5. 2.5Countries should have cooperation and coordination between relevant authorities to ensure the compatibility of AML/CFT requirements with Data Protection and Privacy rules and other similar provisions (e.g. data security / localisation).10For the purposes of technical compliance, the assessment should be limited to whether there are mechanisms in place enabling co-operation and co-ordination between the relevant authorities.

1. 3.1ML should be criminalised on the basis of the Vienna Convention and the Palermo Convention (see Article 3(1)(b)&(c) Vienna Convention and Article 6(1) Palermo Convention11Note in particular the physical and material elements of the offence.)
2. 3.2The predicate offences for ML should cover all serious offences, with a view to including the widest range of predicate offences. At a minimum, predicate offences should include a range of offences in each of the designated categories of offences12Recommendation 3 does not require countries to create a separate offence of “participation in an organised criminal group and racketeering”. In order to cover this category of “designated offence”, it is sufficient if a country meets either of the two options set out in the Palermo Convention, i.e. either a separate offence or an offence based on conspiracy..
3. 3.3Where countries apply a threshold approach or a combined approach that includes a threshold approach13Countries determine the underlying predicate offences for ML by reference to (a) all offences; or (b) to a threshold linked either to a category of serious offences or to the penalty of imprisonment applicable to the predicate offence (threshold approach); or (c) to a list of predicate offences; or (d) a combination of these approaches., predicate offences should, at a minimum, comprise all offences that:
   1. fall within the category of serious offences under their national law; or
   2. are punishable by a maximum penalty of more than one year’s imprisonment; or
   3. are punished by a minimum penalty of more than six months’ imprisonment (for countries that have a minimum threshold for offences in their legal system).
4. 3.4The ML offence should extend to any type of property, regardless of its value, that directly or indirectly represents the proceeds of crime.
5. 3.5When proving that property is the proceeds of crime, it should not be necessary that a person be convicted of a predicate offence.
6. 3.6Predicate offences for money laundering should extend to conduct that occurred in another country, which constitutes an offence in that country, and which would have constituted a predicate offence had it occurred domestically.
7. 3.7The ML offence should apply to persons who commit the predicate offence, unless this is contrary to fundamental principles of domestic law.
8. 3.8It should be possible for the intent and knowledge required to prove the ML offence to be inferred from objective factual circumstances.
9. 3.9Proportionate and dissuasive criminal sanctions should apply to natural persons convicted of ML.
10. 3.10Criminal liability and sanctions, and, where that is not possible (due to fundamental principles of domestic law), civil or administrative liability and sanctions, should apply to legal persons. This should not preclude parallel criminal, civil or administrative proceedings with respect to legal persons in countries in which more than one form of liability is available. Such measures are without prejudice to the criminal liability of natural persons. All sanctions should be proportionate and dissuasive.
11. 3.11Unless it is not permitted by fundamental principles of domestic law, there should be appropriate ancillary offences to the ML offence, including: participation in; association with or conspiracy to commit; attempt; aiding and abetting; facilitating; and counselling the commission.

Ordering financial institutions

1. 16.1 Financial institutions should be required to ensure that all cross-border wire transfers of USD/EUR 1 000 or more are always accompanied by the following:
   1. Required and accurate56 Accurate” is used to describe information that has been verified for accuracy; i.e. financial institutions should be required to verify the accuracy of the required originator information. originator information:
      1. the name of the originator;
      2. the originator account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction; and
      3. the originator’s address, or national identity number, or customer identification number, or date and place of birth.
   2. Required beneficiary information:
      1. the name of the beneficiary; and
      2. the beneficiary account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction.
2. 16.2 the beneficiary account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction.
3. 16.3 If countries apply a de minimis threshold for the requirements of criterion 16.1, financial institutions should be required to ensure that all cross-border wire transfers below any applicable de minimis threshold (no higher than USD/EUR 1 000) are always accompanied by the following:
   1. Required originator information:
      1. the name of the originator; and
      2. the originator account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction.
   2. Required beneficiary information:
      1. the name of the beneficiary; and
      2. the beneficiary account number where such an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction
4. 16.4 The information mentioned in criterion 16.3 need not be verified for accuracy. However, the financial institution should be required to verify the information pertaining to its customer where there is a suspicion of ML/TF.
5. 16.5 For domestic wire transfers57 This term also refers to any chain of wire transfers that takes place entirely within the borders of the European Union. It is further noted that the European internal market and corresponding legal framework is extended to the members of the European Economic Area. , the ordering financial institution should be required to ensure that the information accompanying the wire transfer includes originator information as indicated for cross-border wire transfers, unless this information can be made available to the beneficiary financial institution and appropriate authorities by other means.
6. 16.6 Where the information accompanying the domestic wire transfer can be made available to the beneficiary financial institution and appropriate authorities by other means, the ordering financial institution need only be required to include the account number or a unique transaction reference number, provided that this number or identifier will permit the transaction to be traced back to the originator or the beneficiary. The ordering financial institution should be required to make the information available within three business days of receiving the request either from the beneficiary financial institution or from appropriate competent authorities. Law enforcement authorities should be able to compel immediate production of such information.
7. 16.7 The ordering financial institution should be required to maintain all originator and beneficiary information collected, in accordance with Recommendation 11.
8. 16.8 The ordering financial institution should not be allowed to execute the wire transfer if it does not comply with the requirements specified above at criteria 16.1-16.7.

Intermediary financial institutions

9. 16.9 For cross-border wire transfers, an intermediary financial institution should be required to ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it.
10. 16.10 Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the intermediary financial institution should be required to keep a record, for at least five years, of all the information received from the ordering financial institution or another intermediary financial institution.
11. 16.11 Intermediary financial institutions should be required to take reasonable measures, which are consistent with straight-through processing, to identify cross-border wire transfers that lack required originator information or required beneficiary information.
12. 16.12 Intermediary financial institutions should be required to have risk-based policies and procedures for determining: (a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and (b) the appropriate follow-up action.

Beneficiary financial institutions

13. 16.13 Beneficiary financial institutions should be required to take reasonable measures, which may include post-event monitoring or real-time monitoring where feasible, to identify cross-border wire transfers that lack required originator information or required beneficiary information.
14. 16.14For cross-border wire transfers of USD/EUR 1 000 or more58 Countries may adopt a de minimis threshold for cross-border wire transfers (no higher than USD/EUR 1 000). Countries may, nevertheless, require that incoming cross-border wire transfers below the threshold contain required and accurate originator information. , a beneficiary financial institution should be required to verify the identity of the beneficiary, if the identity has not been previously verified, and maintain this information in accordance with Recommendation 11.
15. 16.15 Beneficiary financial institutions should be required to have risk-based policies and procedures for determining: (a) when to execute, reject, or suspend a wire transfer lacking required originator or required beneficiary information; and (b) the appropriate follow-up action.

Money or value transfer service operators

16. 16.16 MVTS providers should be required to comply with all of the relevant requirements of Recommendation 16 in the countries in which they operate, directly or through their agents.
17. 16.17In the case of a MVTS provider that controls both the ordering and the beneficiary side of a wire transfer, the MVTS provider should be required to:
    1. take into account all the information from both the ordering and beneficiary sides in order to determine whether an STR has to be filed; and
    2. file an STR in any country affected by the suspicious wire transfer, and make relevant transaction information available to the Financial Intelligence Unit.

Implementation of Targeted Financial Sanctions

18. 16.18 Countries should ensure that, in the context of processing wire transfers, financial institutions take freezing action and comply with prohibitions from conducting transactions with designated persons and entities, as per obligations set out in the relevant UNSCRs relating to the prevention and suppression of terrorism and terrorist financing, such as UNSCRs 1267 and 1373, and their successor resolutions.

1. 18.1 Financial institutions should be required to implement programmes against ML/TF, which have regard to the ML/TF risks and the size of the business, and which include the following internal policies, procedures and controls:
   1. compliance management arrangements (including the appointment of a compliance officer at the management level);
   2. screening procedures to ensure high standards when hiring employees;
   3. an ongoing employee training programme; and
   4. an independent audit function to test the system.
2. 18.2 Financial groups should be required to implement group-wide programmes against ML/TF, which should be applicable, and appropriate to, all branches and majority-owned subsidiaries of the financial group. These should include the measures set out in criterion 18.1 and also:
   1. policies and procedures for sharing information required for the purposes of CDD and ML/TF risk management;
   2. the provision, at group-level compliance, audit, and/or AML/CFT functions, of customer, account, and transaction information from branches and subsidiaries when necessary for AML/CFT purposes. This should include information and analysis of transactions or activities which appear unusual (if such analysis was done)61This could include an STR, its underlying information, or the fact that an STR has been submitted.. Similarly, branches and subsidiaries should receive such information from these group-level functions when relevant and appropriate to risk management62The scope and extent of the information to be shared in accordance with this criterion may be determined by countries, based on the sensitivity of the information, and its relevance to AML/CFT risk management.; and
   3. adequate safeguards on the confidentiality and use of information exchanged, including safeguards to prevent tipping-off.
3. 18.3

   Financial institutions should be required to ensure that their foreign branches and majority-owned subsidiaries apply AML/CFT measures consistent with the home country requirements, where the minimum AML/CFT requirements of the host country are less strict than those of the home country, to the extent that host country laws and regulations permit.

   If the host country does not permit the proper implementation of AML/CFT measures consistent with the home country requirements, financial groups should be required to apply appropriate additional measures to manage the ML/TF risks, and inform their home supervisors.