In a Zambian context, “Financial Institution” is any legal entity registered by the Patents and Company Registration Agency (PACRA) and licensed and regulated by the Pensions and Insurance Authority and, for Commercial Banks, by the Central Bank of Zambia -BOZ.
The Banking and Financial Services Act under Section 8 stipulates what a bank operating in Zambia can do. These financial institutions, commercial banks in particular, conduct one or more of the following activities or operations on behalf of customers;
• Accept deposit of funds, lending, leasing, transfer of money or value
• Issue and manage means of payment (credit and debit cards, checks, IMOs, drafts, guarantees
• Money and currency changing, safe keeping and administration of cash
• Trading in money markets instruments, checks, bonds, treasury bills, Forex, etc.
Cognizant of the fact that financial institutions in Zambia are governed and regulated by laws, regulations and rules which have been put in place by the Zambian government, regulatory and legislative bodies, there is no doubt that the challenges facing the banks are considerable and growing. Externally, the regulatory environment is constantly changing and becoming ever more demanding. Whilst internally, as commercial banks within the country expand into more complex products and new markets, all banks without exception are faced with a wide range of risks that must be managed prudently and diligently.
Zambian banks, therefore, should be committed to ensuring full compliance to all local laws and regulations of the land if they are expected to survive longer. All employees, from executives to bank tellers alike, must undertake serious commitments to compliance which should be declared as one of the zero tolerance items that the bank must hold in high priority.
The board and senior management must demonstrate great ability to identify, measure, monitor and control risk in the different functions of the bank. In that spirit, all banks must have a fully dedicated compliance department or function whose role is to ensure regulatory compliance, conduct compliance monitoring activities on a regular basis, as well as provide compliance functions to all bank departments and staff. Banks should not therefore compromise compliance issues in their greater pursuit for more customers and company revenue by growing the balance books.
Among the risks compliance teams need to manage are the Anti-Money Laundering (AML), Financial Crime Risk (FCR) and Counter Terrorist Financing (CTF).
As Zambian nationals may be aware, banks in Zambia face not only banking regulators, but also specialized regulators among which are the Central Bank of Zambia – (BOZ), the AML Authority/ AML Investigations Unit (AMLIU) currently under the auspices of the Drug Enforcement Commission (DEC). Also the Anti-Corruption Commission (ACC) and Zambia Police Service (ZPS) feature prominently.
The latest agency on the block is the Financial Intelligence Centre (FIC). Financial Intelligence Centre Act (FICA) No. 46 of 2010 is another great Zambian government initiative and process of establishing additional regulations to create a stronger environment of compliance in Zambia. FIC became operational on April 1, 2011 via a Statutory Instrument (S.I.) Number 22 of 2011. Through FICA, the Government of the Republic of Zambia (GRZ) hopes to prevent the misuse of public funds, the abuse of the financial system, and emphasize enhanced transparency and protection of the integrity of the financial system. GRZ is attaching critical importance to placing a strong oversight mechanism and developing a comprehensive and integrated approach to combat ML, TF and serious FCR.
Notable changes under FICA
• FIC is the sole designated agency for the receipt, requesting, analyzing and disseminating of Suspicious Transaction Reports (STRs) to relevant Law Enforcement Agencies (LEA) and other regulators. Now all STRs will have to be submitted to the FIC instead of AMLIU at DEC as was the case under the Prohibition and Prevention of money Laundering Act of 2001 (PPMLA)
• Definition of reporting entities has been expanded to include among others banks, financial institutions, real estate agents, lawyers, accountants and casinos
• Report & submit STRs on suspected and attempted ML, FT & FCR
• List of supervisory authorities has been expanded
• The LEA to which FIC will have to disseminate STRs has been expanded to include ZPS, ACC, Zambia Revenue Authority (ZRA), Department of Immigration (DOI), AMLIU and DEC
• STR must be given to FIC if any bank and other reporting entity suspects or has reasonable grounds to suspect that any property was a proceed of crime or related to or linked to crime
• Currency Transaction Reports (CTR) above certain proscribed limits will have to be reported. The threshold to be advised in due course bearing in mind that Zambia is a cash economy.
• Banks and other reporting entities are required to ensure policies exist in which said entities are expected to comply with record retention of ten years after termination of a relationship.
• FIC will soon introduce the prescribed threshold amounts which will be shared to all stakeholders before the end of the year – 2011.
• For now, banks will continue submitting STRs to AMLIU
• FIC will advise in writing as to the actual date when banks will be required to commence submitting STRs to the FIC
• FIC is finalizing the draft STR form which they have already shared with various stake holders for comments
• FIC finalizing reporting guidelines on the FIC Website and will advise when they are ready
• CTR form will be finalized by FIC and submitted to banks for comments once the threshold has been established
• FIC will be meeting with all reporting entities for further consultations on STRs and CTR forms.
Need to know and comply with the law
• Banks have to obtain a copy of FICA
• Banks have to study and note the proposed changes of reporting STR and CTR to FIC and not AMLIU – DEC
• Banks will await further guidance on effective date of reporting change and threshold to report
• FIC, ZPS, ZRA, DOI, DEC, ACC are escalation agencies.
A good compliance relationship with all global and local regulators is fundamental to any bank’s success. It is crucial that all banks in Zambia are adequately equipped to fight these risks.
Since most Zambian banks carry out international transactions, all staff needs to be trained and become aware of certain international trends and requirements, as well as organizations such as the Financial Action Task Force (FATF). FATF is an independent, inter-governmental body that develops and promotes policies to protect the global financial system against money laundering and terrorist financing. Recommendations issued by FATF define criminal justice and regulatory measures that should be implemented to counter these risks. These recommendations also include international co-operation and preventive measures to be taken by financial institutions and other organizations. Suffice it to say that the FATF Recommendations (40 + 9) are recognized as the global anti-money laundering (AML) and counter-terrorist financing (CFT) standard and bankers need to familiarize themselves with them.
In order to further strengthening the AML regulatory framework, Zambian Parliament passed a law known as the “Prohibition and Prevention of Money Laundering Act no. 14 of 2001.” In that Act, Part V Section 12, under the Duties of the Supervisory Authority, Subsection 4 states that “A supervisory Authority shall issue such directives as may be approved by the Anti-Money Laundering Unit which may be necessary for the regulated institutions to prevent and detect money laundering.” It should be noted that the Supervisory Authority for all banks in Zambia lie with the BOZ.
In Section 13, Duties of Regulated Institutions, Section 1 (c) states that a regulated institution shall comply with any directives issued to it by the supervisory authority with respect to money laundering activities; all commercial banks in Zambia therefore are designated ”regulated institutions.”
In exercise of the powers contained in Section 12(4) of the Prohibition and Prevention of Money Laundering Act number 14 of 2001, BOZ issued the Bank of Zambia Anti- Money Laundering Directives in 2004 (BOZ – AML Directives 2004). Part III of the BOZ AML Directives pertains to Customer Due Diligence (CDD) and other obligations relating to customer identification and verification.
Directors from bank supervision at BOZ have on several occasions clarified and confirmed that identification of directors, beneficial owners and management of corporate entities is a requirement under section 8(1) and (2) of the said BOZ directives. This further clarifies that in terms of management, the banks will acquaint themselves with all key management decision makers in the company. Management would ideally refer to those in top management. For listed companies on the Lusaka Stock Exchange (LUSE) and other equivalent markets like the New York Stock Exchange (NYSE), Johannesburg Stock Exchange (JSE), London Stock Exchange (LSE), information on shareholders is in the public domain and can easily be obtained to assist in the CDD process.
Banks, therefore, need to be in full compliance regarding the identification of directors, beneficial owners and management of private companies seeking to open transaction accounts with banks in Zambia. In fact, banks should go above and beyond to carry out the unwrapping process of the shareholding structures of certain complex entities. This is actually in line with BOZ clarification which is very categorical. BOZ has confirmed and advised the banks that AML BOZ directives only provide minimum standards and the banks should make every effort to obtain additional information that will enhance their knowledge of the clients. The unwrapping process is just one of the many ways the banks should demonstrate their efforts to obtain additional information that enhances their knowledge and understanding of their clients.
Banks in Zambia should emulate the advice of FATF, along with numerous member countries such as the United Kingdom and United States, which urge risk-based controls. The theory is that no financial institution can hope to detect all wrongdoing by customers, including money laundering and fraudulent transactions. But if an institution develops systems and procedures to detect, monitor and report the riskier customers and transactions, it will increase its chances of staying out of harm’s way from criminals and from government sanctions and penalties.
A risk-based approach requires institutions to have systems and controls that are commensurate with the specific risks of money laundering, terrorist financing and financial crime. Higher money laundering risks demand stronger controls than warranted by individuals or countries deemed to be of lower risk. However, all categories of risk — whether low, medium or high — must be mitigated by the application of controls, such as verification of customer identification (passports, National Registration Cards (NRCs), Know Your Customer (KYC) policies, and so on. Governments around the world believe that the risk-based approach is preferable to a more prescriptive approach in the area of anti-money laundering and terrorist financing because:
• It is more flexible -money laundering and terrorist financing risk varies across jurisdictions, customers, products and delivery channels, and over time.
• It is more effective – companies are better equipped than legislators to effectively assess and mitigate the particular money laundering and terrorist financing risks they face.
• It is more proportionate – A risk-based approach promotes a common sense and intelligent approach to fighting money laundering and terrorist financing rather than a “check the box” approach. No tick-backs please!
• It also allows firms to minimize the adverse impact of anti-money laundering procedures on their legitimate customers.
Banks need to assure the Central Bank of Zambia – Directorate of Bank Supervision their unflinching support and assurances that banks are fully compliant in terms of on-boarding of both individual and corporate customers in as far as CDD, documentation requirements, identification, verification, record keeping, storage and retrieval are concerned.