New AML/CFT Guidelines applicable to microfinance institutions in Myanmar
5 January 2023
On 13 September 2022, the Myanmar Microfinance Business Supervisory Committee issued Directive No. 4/2022 titled “Directive for microfinance institutions on risk-based management of anti-money laundering and combating the financing of terrorism” (“Directive”).
The Directive applies to licensed microfinance institutions (“MFIs”) and their members including individuals, organisations and companies participating in the MFI. It also applies to an MFI’s board of directors, senior management, managers, compliance officers, and employees. The Directive also applies to others, including banks and financial institutions, in their dealings with MFIs.
Some of the key points of the Directive are highlighted below.
Obligations under the Directive
The Directive provides that MFIs must formulate policy and prepare procedures in order to implement anti-money laundering and combating the financing of terrorism (“AML/CFT”) processes required by the Government. These should include the following:
- Identify and evaluate AML/CFT-related risks arising from MFI activities
- Recognise the information of the members of the MFIs and carefully monitor the members
- Monitor and supervise the operations of MFIs and the cash transactions of members
- Report suspicious activities to the competent authorities
- Maintain records in accordance with the provisions of the Anti-Money Laundering Law
- Formulate policies and procedures for existing members and service distribution channels in the organisation and geographical region that are adaptable to related risks
- Have transparent communication with all employees and compile necessary evidence
- Carry out occasional reviews of MFIs’ risk environment
- Manage AML/CFT risks with a clear responsibility and accountability process and step-by-step reporting systems for all individuals and divisions involved in the process
MFIs must also be aware of specific money laundering methods as set out in the Directive as well as certain factors relating to the financing of terrorism. The Directive also notes that MFIs must assign specific duties and powers to their employees to ensure that their financial services/products and service distribution channels are not used for money laundering or terrorism financing. AML/CFT policies and standards must be formulated and effectively implemented.
The Directive also sets out the levels of risk management that an MFI is expected to exercise, namely, identification, assessment, management, and monitoring.
Requirements relating to MFI management and employees
The Directive sets out responsibilities of an MFI’s management team and its compliance officer.
The management team is responsible for ensuring that the employees of the MFI consistently comply with the MFI’s AML/CFT policies and procedures.
Specifically, the management team shall:
- establish and maintain effective compliance practices regarding AML/CFT financial crimes
- include AML/CFT procedures as part of the MFI’s daily operating procedures and ensure these procedures are successfully implemented and sufficiently applied
- guide the compliance officer in the event of the detection of procedural issues related to AML/CFT and the need to amend or change the procedures
- monitor the effectiveness of the policies, procedures, regulations and controls relating to AML/CFT as formulated by the MFI, and submit a report on the same to the MFI’s board
- ensure that risk assessments relating to the clients/members, partners/organisations, products/ services and technology are up to date
- direct the compliance officer of the MFI to obtain all AML/CFT-related information including corresponding bank and financial institutions information
- upon learning that the MFI’s activities are linked to suspicious circumstances, transactions and instructions relating to AML/CFT, promptly inform the compliance officer
- ensure that the MFI’s officials understand and implement risk-based AML/CFT duties and processes in their daily operations
- provide training on AML/CFT to relevant employees of the MFI
The management team shall establish a monitoring system to check whether the MFI effectively implements AML/CFT policies and procedures. The system must include the following:
- Maintain up to date client due diligence (“CDD”) processes including the activities, information and documents of members and clients
- Constantly monitor and review the various products and services of the MFI
- Constantly monitor and review the effectiveness of staff awareness and training on AML/CFT
- Monitor and enforce AML/CFT regulatory compliance programmes through review teams including internal and external audits
- Exercise an appropriate information management system and keep it up to date
- Regular communication between the compliance officer and Senior Management Team
- Communicate with legislative and enforcement agencies as required
The Directive also provides that the management team must identify the number of risk factors based on the conditions encountered in operations, with risks divided into high, medium and low. For example, high-risk factors include newly joined members, applicants for membership through current members, Politically Exposed Persons, members who have attempted abuse in the past, and members who carry out electronic money transfers.
The Directive sets out the functions of an MFI’s compliance officer which include verifying information received from employees, submitting suspicious reports to the Myanmar Financial Intelligence Unit (“FIU”), assisting the management team in developing a culture of effective AML/CFT compliance, and maintaining comprehensive risk management policies.
Implementation of a risk-based strategy
The MFI must adopt a risk-based strategy which will entail classifying the risk level of its members as high, medium or low. This assessment is based on the personal information of its members or customers and their financial behaviour. The MFI must also determine the risk for non-citizen members and clients based on the Corruption Perception Index and financial information as conducted by the Financial Action Task Force (“FATF”) and Transparency International, and information provided by the competent authorities and law enforcement agencies.
Additionally, the MFI must evaluate the AML/CFT risks based on the member’s country of residence. The Directive sets out considerations for an MFI conducting business with shareholders from a country identified internationally as high risk, including verifying information according to established protocols and the requirements of the FIU and other law enforcement authorities. If necessary, suspicious transaction reports must be submitted to the FIU.
As part of a risk-based strategy, the MFI’s compliance officer must identify sources of information relating to terrorism finance, such as press releases, information from competent authorities, information from the FIU and FATF, and court decisions. Additionally, MFIs must process risk assessments, maintain a CDD checklist, perform action monitoring processes, report suspicious activities and coordinate with the FIU and other supervisory authorities.
The Directive notes that companies and structures which will be considered high risk are as follows:
- Companies with undisclosed beneficiaries
- Unregistered companies that do not require the beneficial owner to be disclosed
- Companies that are not required to have physical headquarters or a branch in a country but do business in another country
- Corporates connected with trusts or special mechanisms
- Businesses providing financial services
- Real estate agencies
- Gemstones and valuable goods traders