New AML/CFT Guidelines applicable to microfinance institutions in Myanmar: Allen & Gledhill

30 January 2023

On 13 September 2022, the Myanmar Microfinance Business Supervisory Committee issued Directive No. 4/2022 titled “Directive for microfinance institutions on risk-based management of anti-money laundering and combating the financing of terrorism” (“Directive”).

The Directive applies to licensed microfinance institutions (“MFIs”) and their members including individuals, organisations and companies participating in the MFI. It also applies to an MFI’s board of directors, senior management, managers, compliance officers, and employees. The Directive also applies to others, including banks and financial institutions, in their dealings with MFIs.

Some of the key points of the Directive are highlighted below.

Obligations under the Directive

The Directive provides that MFIs must formulate policy and prepare procedures in order to implement anti-money laundering and combating the financing of terrorism (“AML/CFT”) processes required by the Government. These should include the following:

Identify and evaluate AML/CFT-related risks arising from MFI activities

Recognise the information of the members of the MFIs and carefully monitor the members

Monitor and supervise the operations of MFIs and the cash transactions of members

Report suspicious activities to the competent authorities

Maintain records in accordance with the provisions of the Anti-Money Laundering Law

Formulate policies and procedures for existing members and service distribution channels in the organisation and geographical region that are adaptable to related risks

Have transparent communication with all employees and compile necessary evidence

Carry out occasional reviews of MFIs’ risk environment

Manage AML/CFT risks with a clear responsibility and accountability process and step-by-step reporting systems for all individuals and divisions involved in the process

MFIs must also be aware of specific money laundering methods as set out in the Directive as well as certain factors relating to the financing of terrorism. The Directive also notes that MFIs must assign specific duties and powers to their employees to ensure that their financial services/products and service distribution channels are not used for money laundering or terrorism financing. AML/CFT policies and standards must be formulated and effectively implemented.

The Directive also sets out the levels of risk management that an MFI is expected to exercise, namely, identification, assessment, management, and monitoring.

Requirements relating to MFI management and employees

The Directive sets out responsibilities of an MFI’s management team and its compliance officer.

Management team

The management team is responsible for ensuring that the employees of the MFI consistently comply with the MFI’s AML/CFT policies and procedures.

Specifically, the management team shall:

establish and maintain effective compliance practices regarding AML/CFT financial crimes

include AML/CFT procedures as part of the MFI’s daily operating procedures and ensure these procedures are successfully implemented and sufficiently applied

guide the compliance officer in the event of the detection of procedural issues related to AML/CFT and the need to amend or change the procedures

monitor the effectiveness of the policies, procedures, regulations and controls relating to AML/CFT as formulated by the MFI, and submit a report on the same to the MFI’s board

ensure that risk assessments relating to the clients/members, partners/organisations, products/services and technology are up to date

direct the compliance officer of the MFI to obtain all AML/CFT-related information including corresponding bank and financial institutions information

upon learning that the MFI’s activities are linked to suspicious circumstances, transactions and instructions relating to AML/CFT, promptly inform the compliance officer

ensure that the MFI’s officials understand and implement risk-based AML/CFT duties and processes in their daily operations

provide training on AML/CFT to relevant employees of the MFI

The management team shall establish a monitoring system to check whether the MFI effectively implements AML/CFT policies and procedures. The system must include the following:

Maintain up to date client due diligence (“CDD”) processes including the activities, information and documents of members and clients

Constantly monitor and review the various products and services of the MFI

Constantly monitor and review the effectiveness of staff awareness and training on AML/CFT

Monitor and enforce AML/CFT regulatory compliance programmes through review teams including internal and external audits

Exercise an appropriate information management system and keep it up to date

Regular communication between the compliance officer and Senior Management Team

Communicate with legislative and enforcement agencies as required

The Directive also provides that the management team must identify the number of risk factors based on the conditions encountered in operations, with risks divided into high, medium and low. For example, high-risk factors include newly joined members, applicants for membership through current members, Politically Exposed Persons, members who have attempted abuse in the past, and members who carry out electronic money transfers.

Compliance officer

The Directive sets out the functions of an MFI’s compliance officer which include verifying information received from employees, submitting suspicious reports to the Myanmar Financial Intelligence Unit (“FIU”), assisting the management team in developing a culture of effective AML/CFT compliance, and maintaining comprehensive risk management policies.

Implementation of a risk-based strategy

The MFI must adopt a risk-based strategy which will entail classifying the risk level of its members as high, medium or low. This assessment is based on the personal information of its members or customers and their financial behaviour. The MFI must also determine the risk for non-citizen members and clients based on the Corruption Perception Index and financial information as conducted by the Financial Action Task Force (“FATF”) and Transparency International, and information provided by the competent authorities and law enforcement agencies.

Additionally, the MFI must evaluate the AML/CFT risks based on the member’s country of residence. The Directive sets out considerations for an MFI conducting business with shareholders from a country identified internationally as high risk, including verifying information according to established protocols and the requirements of the FIU and other law enforcement authorities. If necessary, suspicious transaction reports must be submitted to the FIU.

As part of a risk-based strategy, the MFI’s compliance officer must identify sources of information relating to terrorism finance, such as press releases, information from competent authorities, information from the FIU and FATF, and court decisions. Additionally, MFIs must process risk assessments, maintain a CDD checklist, perform action monitoring processes, report suspicious activities and coordinate with the FIU and other supervisory authorities.

High-risk companies

The Directive notes that companies and structures which will be considered high risk are as follows: