CUSTOMER DUE DILIGENCE (CDD)

& ANTI-MONEY LAUNDERING (AML) / COMBATING

FINANCING OF TERRORISM (CFT)
POLICY

(2012)

Version: 1.1.1
Date of Revision: 30-Oct-2012

Compliance and Controls Group Page 1

 INTRODUCTION:
In line with AML (Anti Money Laundering) Act 2010 and Revised AML / CFT (Combating Financing
of Terrorism) regulations along with international best practices, where Banks / DFIs (Development
Financial Institutions) are required to adopt risk based approach to prevent the possible use of MCB
Bank as a conduit for money laundering or terrorist financing activities. Amid increasing focus of banks
and regulatory bodies on curbing ML (Money Laundering) / FT (Financing of Terrorism) activities, banks are
required to have comprehensive CDD & AML / CFT policy as a guideline for business, while establishing a
business relationship with a new customer and maintaining and continuing relationship with existing
customers in order to identify, assess, manage and mitigate risk on an ongoing basis. It has been decided to
revise the existing CDD & AML Policy with effect from October 31, 2012.

To further strengthen the regulatory framework to curb Money Laundering and Terrorist Financing
SBP (State Bank of Pakistan) has issued revised AML /CFT regulations for BANKS & DFIs, covering the
following aspects;

Name of Area Covered Regulation Covers

Regulation
Regulation - 1 Customer Due Diligence CDD Measures for Identifying,
Verifying and Accepting new
customers and maintaining
relationship with existing customers.
Regulation - 2 Correspondent Banking CDD measures for establishing and
maintaining
relationship with Correspondent and
Respondent Banks / Financial
Institutions (FIs)
Regulation - 3 Wire Transfers / Fund Transfers Responsibilities of Ordering,
Intermediary and Beneficiary
Institutions (as applicable) involved in
processing wire transfers / fund
transfer.
Regulation - 4 Reporting of Transactions (STRs / Guidelines for Reporting of Complex,
CTRs) Unusually Large, and out of pattern
Transactions and Currency
Transactions.
Regulation - 5 Record Keeping Maintenance & Retention of
Customer and Transactions related
records.
Regulation - 6 Internal Controls, Policies, Requirements relating to
Compliance, Audit and development of Controls, Policies,
Training Procedures, Training and programs to
ensure compliance with AML / CFT
regulations.

SCOPE:
This policy applies to each and every business segment and concerned employees to effectively mitigate the
risk of ML / FT.

Bank is prone to the risk of being misused by criminal elements for their ulterior motives. To address the
risks stemming from customers, this policy will be a guiding document for concerned employees towards
managing the customers risks in an effective way using the risk based approach.

Compliance and Controls Group Page 2

 MCB Bank has further refined Customer Due Diligence process using the risk based approach, through the
introduction of a sophisticated Customer Risk Profiling Forms. Under the Customer Due Diligence
process, various sets of documents will be developed and provided to the branches / field offices from
time to time to ensure execution of the process and identification of risks attached to each customer for
effective mitigation of ML / TF risk.

Given the huge size of undocumented sector in the economy, execution of due diligence process is complex
and time consuming. Faced with regulatory burden and to contain the customer related risks, it has
become inevitable to conduct proper due diligence of each existing and prospective customer.

OBJECTIVES OF POLICY INCLUDE

1. Ensuring that only bona fide and legitimate customers are accepted
2. Verifying the identity of customers using reliable and independent sources
3. Ongoing Monitoring of customer accounts and transactions to prevent or detect potential ML / TF
activities
4. Implementing Customer Due Diligence process using risk based approach.
5. To effectively manage customer-driven risks by using procedures in HandBook.
6. Managing reputational, operational, legal and concentration risks, etc.

Customer Identification:
MCB Bank will serve only the genuine persons and all out efforts would be made to determine true identity
of every customer and minimum set of documents should be obtained from various types of customer(s), at
the time of opening account, as prescribed in Annexure-I of Anti-Money Laundering and Combating the
Financing of Terrorism (AML/CFT) Regulations for Banks & DFIs.
Customer relationship is only established on the strength of valid
CNIC/Passport/NICOP/POC/ARC number or where the customer is not a natural person, the
registration/ incorporation number or business registration number (as applicable);
For walk-in-customers / Occasional customers, all efforts should be made to establish and
validate the true-identity of the person(s) executing the transactions either for self or in case if the
person is acting on behalf of some other person complete originator information must be
obtained.
For non face-to-face customers, MCB Bank has put in place suitable operational procedures to establish
identity of the client from third party (an independent source).

Customer Verification
MCB Bank shall identify the beneficial ownership of accounts/ transactions by taking all reasonable
measures. Identity of the customer and beneficial owner will be verified using reliable independent sources.
Extra care should be taken where the customer is acting on behalf of another person, and should
then take reasonable steps to obtain sufficient identification data to verify the identity of that other
person.
For customers that are legal persons or for legal arrangements, branches are required to take reasonable
measures to (i) understand the ownership and control structure of the customer (ii) determine the natural
persons who ultimately own or control the customer. This includes those persons who exercise ultimate
effective control over a legal person or arrangement.
Identity documents, wherever required as per ANNEXURE 1 of Regulation -1 are to be invariably verified by
utilizing on-line facility of NADRA VERISYS. Verification of the identity of the customers and beneficial
owners shall be completed before business relationship is established or a transaction is processed.

Compliance and Controls Group Page 3

 In exceptional cases, deferral may be allowed in relation to verification of the identity of the
customer and beneficial owner. Business relationship without prior verification of Identity may be
allowed, if the deferral is essential in order not to interrupt the normal conduct of business
operations and the risks can be effectively managed. All requirements relating to verification of
identity shall however be completed within 5 business days from the date of opening of the
account.

Customer Acceptance: Customer will only be accepted once above given formalities have been completed
in letter and spirit. Following accounts will not be opened/maintained by MCB where;

a. Identity, beneficial ownership, or information on purpose and intended nature of

business relationship is not clear.
b. Name of the individual/organization appears in the Proscribed/Sanctioned entitys
Lists.
c. Proscribed entities and persons or to those who are associated with such entities and
persons, whether under the proscribed name or with a different name.
d. Anonymous / fictitious (Benami) or numbered accounts accounts.
e. Where MCB Bank is not able to satisfactorily complete required CDD measures,

ACCOUNTS AND TRANSACTIONS MONITORING

Business Groups should input Expected monthly credit turnover limits in the system keeping in view /
commensurate with the CDD profile of customer(s) after conducting customers interview and obtaining sign
off on the KYC / CDD form.
Such limits will be maintained to make sure that all transactions are consistent with the bank/ DFIs
knowledge of the customer, its business and risk profile and conducted in accordance with the AML / CFT
regulations put in place by SBP, instructions of Financial Monitoring Unit (FMU) and other applicable local
/international bodies.
Business must ensure that complete originator information along with unique transaction identifier is available
with every domestic and cross border transfer.
The MCB Bank shall pay special attention to all complex, unusually large and out-off pattern
transactions, which have no apparent economic or visible lawful purpose.
If MCB Bank suspects or has reasonable grounds to suspect that the funds are the proceeds of
criminal activities or have potential to be used for terrorist activities, it should report its suspicion
to FMU.
Currency Transactions (i.e. CTR) exceeding the prescribed limits as defined by FMU from time to time will be
reported to FMU through CCG.
All the outward swift messages will be screened as per defined procedures to prevent utilization of MCBs
channel by individuals / organizations in Proscribed/Sanctioned entitys list. Bank vide financial transactions
will be monitored through AML solution / Automated Transaction Monitoring System based on predefined rules
and thresholds.

In case of suspicion, branches should raise Suspicious Transaction Reports in keeping with AML Act 2010 and
AML / CFT regulations by SBP.
The employees of MCB Bank are strictly prohibited to disclose the fact to the customer that a suspicious
transaction or the related information has been reported to FMU or any other Law Enforcement Agency
(LEA).

Compliance and Controls Group Page 4

 For customers / clients whose accounts are dormant, branches shall not allow debit entries in such accounts
until the account holder produces afresh attested copy of his/her CNIC and fulfill all other formalities for
activation of the account and bank/DFI is satisfied with CDD of the customer.

RISK MANAGEMENT
All relationships should be categorized with respect to their risk levels i.e. High, Medium and Low based on
the quantified risk profiling of customer (through available form in HandBook) for making effective decision
whether to perform Simplified Due Diligence (SDD) or Enhanced Due Diligence (EDD) both at the time of
opening and ongoing monitoring of business relationship.
The approval for opening of PEP and Non-Governmental Organizations (NGOs)/Not-for-Profit
Organizations (NPOs) and Charities account will be obtained from Senior Management after performing
EDD (Enhanced Due Diligence).
Personal accounts shall not be allowed to be used for charity purposes/collection of donations.
KYC / CDD will be reviewed / updated on the basis of predefined frequency, in accordance with the risk profile
of the customer.

High Risk At least Once in a Year or One off*

Medium Risk At least Once in 2 Years or One off*

Low Risk At least Once in 3 Years or One off*

*In case of any material change in the relationship or deviation from customer profile, CDD / EDD will be
conducted / updated immediately without lapse of above defined period.

Compliance & Internal Audit will counter-examine the relationships to ensure that due diligence procedures
are adhered to in letter and spirit by the concerned staff in business segments.

RECORD KEEPING
The records identification documents, account opening forms, KYC forms, verification documents and other
documents along with records of account files and business correspondence, shall be maintained for a
minimum period of ten years after the business relationship is ended.
MCB Bank shall also maintain for a minimum period of ten years all necessary records on transactions
for both domestic and cross-border from the date of completion of transaction(s).
The data relating to suspicious transactions and currency transactions reported by MCB Bank to FMU will be
retained for the period of at least ten years from the date of such reporting.

However records relating to customers, accounts or transactions will be retained for longer period, which involve
litigation or is required by court or other competent authority until otherwise instructed by the relevant body.

CORRESPONDENT BANKING and MSBs

The bank will establish correspondent banking relationships with only those foreign banks that have adequate
and effective AML / CFT systems and policies in line with the AML / CFT regulations relating to the country
in which Bank operates. Bank will pay special attention when establishing or continuing correspondent
relationship with banks/ financial institutions which are located in jurisdictions that have been identified
or called for by FATF for inadequate and poor AML/CFT standards in the fight against money laundering and
financing of terrorism.

Compliance and Controls Group Page 5

 Before establishing new correspondent banking relationship, approval from senior management shall be
obtained and CDD/EDD shall be conducted.
Ongoing CDD / EDD of respondent/correspondent banks and MSBs will be conducted using
riskbased approach following the process defined in the Handbook on the under noted frequency.

In High Risk Geography At least Once in 2 Year or Case to Case Basis

Medium Risk Geography At Least Once in 3 Years or -----do------

In Low Risk Geography At least Once in 4 Years or ------do------

Bank shall not enter into or continue correspondent banking relations with a shell bank and shall take appropriate
measures when establishing correspondent banking relations, to satisfy them that their respondent banks do not
permit their accounts to be used by shell banks.

FOREIGN BRANCHES AND SUBSIDIARIES

The above guidelines are equally applicable to MCB Banks Foreign Branches and Subsidiaries, in case of
foreign branches; MCB Bank will ensure compliance with regulations of SBP or the relevant regulations of the
host country, whichever are more exhaustive / stringent to the extent that the law of the host country or
jurisdiction so permits In case overseas branch or subsidiary is unable to fully observe the higher standards,
the bank/ DFI through its head office shall report this to the State Bank of Pakistan and comply with such
further directions as may be issued.

TRAINING
Suitable Employee Training Program will be put in place by Compliance and Control Group (CCG in consultation
with respective business groups for imparting training to the all the employees of MCB Bank on an annual basis
to enhance their capability to properly execute due diligence process for all type of relationships and identify
suspicious transactions (if any).

POLICY REVIEW PERIOD

The CDD & AML / CFT policy will be reviewed on as and when basis but not later than two years.

Compliance and Controls Group Page 6