[ AMLC REGULATORY ISSUANCE (ARI) A, B AND C, NO. 2, S. 2018, September 28, 2018 ]
GUIDELINES ON DIGITIZATION OF CUSTOMER RECORDS
Adopted: 17 September 2018
Date Filed: 28 September 2018
Date Filed: 28 September 2018
By the authority vested upon the Anti-Money Laundering Council (AMLC) to implement measures as may be necessary and justified to counteract money laundering, in accordance with Section 7(7) of Republic Act (RA) No. 9160, also known as the Anti-Money Laundering Act of 2001, as amended (AMLA), the Council, in its Resolution No. 149, dated 11 September 2018, approved the adoption of the Guidelines on Digitization of Customer Records.
Section 1. Declaration of Policy.
It is hereby declared a policy that any revelation by any person of an ongoing investigation of the Anti-Money Laundering Council (AMLC) is considered inimical to the public interest as it leads to immediate movement of funds from accounts subject of investigation to another account, thereby depriving the State the opportunity to recover proceeds of unlawful activity.
Thus, covered persons should take measures to ensure that its officers and employees are aware of their respective responsibilities in maintaining the confidentiality of financial investigations, and that no officer or employee communicates to any person any information in relation to any request for details and documents by the AMLC in the course if its investigation.
Swift retrieval of documents is likewise essential in the AMLC s financial investigations. It is therefore declared a policy that covered persons should take measures to ensure that customer records are submitted in the manner, quality and period as would assist the AMLC in its prompt financial investigations and institution of legal actions.
Section 2. Definition of Terms.
Customer records shall refer to:
1. Those obtained by covered persons to established the true and full identity of customers in accordance with their Customer Due Diligence (CDD) policies and procedures, such as customer information files where the customers provide minimum information; copies or records of official identification documents or similar documents, establishing the true and full identity of customers; account files and business correspondence, including the results of any analysis undertaken, such as inquiries, to establish the background and purpose of complex, unusually large transactions, collectively referred to as CDD records or CDD documents; andOther terms used in these Guidelines shall be as defined under Republic Act (RA) No. 9160 or the Anti-Money Laundering Act of 2001, as amended (AMLA), its Implementing Rules and Regulations, and resolutions, directives and other issuances of the AMLC.
2. Account transaction histories or statements of accounts, whether in Philippine pesos or other currency.
Section 3. Duties of Covered Persons.
Under these Guidelines, covered persons shall:
a. In General.
Act promptly, and treat with utmost confidentiality all requests for information and/or documents, as well as orders, to provide customer records pursuant to the AMLC s functions to investigate or conduct bank inquiry;
b. Digitization of Customer Records.
Digitize all customer records in accordance with the timelines set in Section 6 hereof, including those pertaining to accounts existing prior to implementation period thereof, but excluding customer records of closed accounts beyond the five (5)-year record keeping requirement of the AMLA, as amended, and its Implementing Rules and Regulations.
The requirements to digitize all customer records existing prior to implementation period as stated in Section 6.a shall not apply to covered persons engaged in money service business operations as defined by issuance of the Bangko Sentral ng Pilipinas, except when the business model of said covered persons is such that the customer is able to open, keep and maintain an account as an electronic wallet or other similar electronic product or service;
c. Development and Access to Central Database.
Develop a central database of customer records to be maintained in their respective head offices or main branches of foreign banks operating in the Philippines, and authorized the compliance officer, or any duly authorized officer, or representative, to have direct, immediate, and unimpeded access to the database;
d. Security and Integrity of the Database.
Ensure compliance with prevailing laws related to data privacy, data protection and security in developing their respective databases, and their adoption of retrieval procedures;
e. Format of Customer Records
Keep all required customer records in their respective central databases, in such forms as may be admissible in court or as may be prescribed by the AMLC; and
f. Updating of Money Laundering and Financing of Terrorism Prevention Program.
Update its Money Laundering and Financing of Terrorism Prevention Program (MLPP) to ensure that the foregoing duties are properly established, and appropriate controls are in place, to ensure the confidentiality of the database as well as to prevent tipping-off. Said updated MLPP shall be duly approved by its Board of Directors, partners or owners, and the latter shall ensure its proper dissemination and implementation within the period mentioned in Section 6 of these Guidelines.Section 4. Submission of Digitized Customer Records to the AMLC.
a. Submission to the File Transfer and Reporting Facility (FTRF).Section 5. Compliance Checking.
Whenever requested, or directed to submit customer records, the compliance officer, or any duly authorized officer, or representative, shall submit the customer records extracted from the covered person s central database to the AMLC s FTRF, using their respective log-on credentials, or in such other mode as the AMLC may prescribed.
b. Complete, accurate, timely and secure submission of customer records.
Covered persons shall ensure complete, accurate, timely and secure submission of customer records, in accordance with the Implementing Rules and Regulations of the AMLA and other AMLC issuances.
a. The AMLC will ensure compliance by covered persons with these Guidelines through compliance checking or other modes that it may deem appropriate.Section 6. Implementation.
b. Parallel to Section 5.a, the Supervising Authorities and Appropriate Government Agencies are enjoined to ensure that covered persons within their respective supervisory or regulatory authorities comply with these Guidelines by issuing and/or updating their respective circulars, or rules and regulations.
a. Implementation of digitization of customer records.
Within six (6) months from effectivity of these Guidelines, covered persons shall update their MLPP to comply with the duties set forth under these Guidelines. Immediately upon effectivity of their updated MLPP, which in no case shall exceed six (6) months from effecttivity of these Guidelines, covered persons shall implement the digitization of all customer records that they will henceforth receive, create or open.
b. Period to complete digitization of customer records.
Within two (2) years from the expiration of the period stated in Section 6.a hereof, covered persons shall completely digitize all existing customer records and establish the central database that is accessible to the officers of covered persons mentioned in Section 3.c hereof.
c. Parallel updating of customer records and on-going monitoring of customers.
Implementation of these Guidelines shall run parallel to updating of customer records, as part of on-going monitoring of customers.Section 7. Compliance with Record-Keeping Requirements.
Digitization of customer records shall be without prejudice to the covered person s compliance with record-keeping and retrieval requirements under the AMLA, and its Implementing Rules and Regulations, and resolutions, directives and other issuances of the AMLC.Section 8. Sanctions and Penalties.
Non-compliance with the Guidelines shall subject the covered person to such administrative sanctions and penalties as provided under the AMLC s Rules on Imposition of Administrative Sanctions (RIAS), and shall be considered grave violations.Section 9. Amendment of the Rules on Imposition of Administrative Sanctions.
Since confidentiality of financial investigations is of paramount importance, breaches thereof shall constitute criminal offenses pursuant to the provisions of the AMLA and its Implementing Rules and Regulations. In particular, the AMLA prohibits any person from disclosing any information in relation to a covered or suspicious transaction report, including the financial investigations initiated by the AMLC as a result of its analysis of such reports.
The RIAS is hereby amended to include violations of these Guidelines as grave offenses, subject to the administrative sanctions for such offenses provided therein.
Section 10. Separability Clause.
If any provision of these Guidelines or the application thereof is held to be invalid, the other provisions of these Guidelines or the application thereof, shall not be affected thereby.
Section 11. Effectivity Clause.
These Guidelines shall take effect fifteen (15) days after its publication in a newspaper of general circulation.
FOR THE AMLC:
(SGD) MEL GEORGIE B. RACELA
Executive Director
Anti-Money Laundering Council Secretariat
(SGD) MEL GEORGIE B. RACELA
Executive Director
Anti-Money Laundering Council Secretariat