Customer Due Diligence
Pakistan The content in the Customer Due Diligence section is valid for
Contact
Syed Faraz Anwer
+92 21 32426711
syed.faraz.anwer@pk.pwc.co
m however, have defined their own internal monetary thresholds.
State Life Building,
1-C; I.I.Chundrigar Road,
Karachi
GFC/KYC AML/Customer Due Diligence/2018-07-20
the following calendar year:
#N/A
15) Are there minimum transaction thresholds, under which
customer due diligence is not required?
If Yes, what are the various thresholds in place?Are there
minimum transaction thresholds, under which customer due
diligence is not required?
If Yes, what are the various thresholds in place?
The AML/CFT regulations
(http://www.sbp.org.pk/l_frame/Revised-AML-CFT-Regulations.pdf)
specify monetary thresholds for transactions executed by occasional
customers/ walk-in customers and online transactions. Organisations,
16) What are the high level requirements for verification of
customer identification information (individuals and legal
entities)?
As per the State Bank of Pakistan's AML/CFT Regulations (para 3 of
Regulation 1: Customer Due Diligence), for identity and due diligence
purposes, at a minimum, the following information shall also be obtained,
verified and recorded on the relevant KYC/CDD form or account opening
form:
a) full name as per identity document;
b) CNIC/Passport/NICOP/POC/ARC number or where the customer is
not a natural person, the registration/incorporation number or business
registration number (as applicable);
c) existing residential address, registered or business address (as
necessary), contact telephone number(s) and e-mail (as applicable);
d) date of birth, incorporation or registration (as applicable);
e) nationality or place of birth, incorporation or registration (as
applicable);
f) nature of business, geographies involved and expected type of counter-
parties (as applicable);
g) purpose of account;
h) type of account;
i) source of earnings;
j) expected monthly credit turnover (amount and no. of transactions); and
k) normal or expected modes of transactions.
Verification of the identity of the customers shall be completed before
business relations are established including verification from the National
Database & Registration Authority (NADRA), wherever required. In
addition, there are defined documentation requirements to be fulfilled in
relation to different categories of customers. For further details, please
refer to the revised Annexure I of the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/bprd/2017/CL29-Annex.pdf
17) Where copies of identification documentation are provided,
Page 1
 Customer Due Diligence
Pakistan
Contact
Syed Faraz Anwer
+92 21 32426711
syed.faraz.anwer@pk.pwc.co
m for customers under these regulations.
State Life Building,
1-C; I.I.Chundrigar Road,
Karachi
GFC/KYC AML/Customer Due Diligence/2018-07-20
what are the requirements around independent verification or
authentication?
As per paragraph 4 of Regulation 1 of the State Bank of Pakistan's
AML/CFT Regulations, the bank/development finance institution shall
verify identity documents of the customer(s) from relevant
authorities/document issuing bodies or where necessary using other
reliable, independent sources and retain on record, copies of all reference
documents used for identification and verification. The particulars/CNIC
of such persons must be verified from the National Database Registration
Authority (NADRA) through VeriSys or bio-metric technology.
Verification of the identity of the customers and beneficial owners shall be
completed before business relations are established including verification
of a Computerized National Identity Card/National Identity Card for
Overseas Pakistanis/Pakistan Origin Card from NADRA, where required
For further details, please refer to the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/l_frame/Revised-
AML-CFT-Regulations.pdf.
18) What are the high level requirements around beneficial
ownership (identification and verification)?
As per paragraphs 7 and 8 of Regulation 1 of the State Bank of Pakistan's
AML/CFT Regulations, banks/development finance institutions (DFIs)
shall take reasonable measures to obtain information to identify and verify
the identities of the beneficial owner(s). Where the customer is not a
natural person, the bank/DFI shall (i) take reasonable measures to
understand the ownership and control structure of the customer in order
to understand the purpose and intended nature of the business relations
and (ii) determine the natural person(s) who ultimately own or control the
customer. Verification of the identity of the beneficial owner(s) shall be
completed before business relations are established including verification
from the National Database Registration Authority (NADRA), where
required.
For further details, please refer to the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/l_frame/Revised-
AML-CFT-Regulations.pdf.
19) In what circumstances are reduced/simplified due diligence
arrangements available?
Detailed guidelines on general low risk scenarios/factors and their
disposition are available in section 'F' (paragraphs 7-9) of the State Bank
of Pakistan's 'AML/CFT Guidelines on Risk Based Approach for Banks &
DFIs'. The guidelines can be accessed at:
http://www.sbp.org.pk/l_frame/AML-CFT-Guidelines-
RiskBasedApproach.pdf.
Moreover, detailed guidelines regarding reduced / simplified due diligence
arrangements for branchless banking accounts are discussed in the '
Page 2
 Customer Due Diligence
Pakistan
Contact
Syed Faraz Anwer
+92 21 32426711
syed.faraz.anwer@pk.pwc.co
m high risk elements and recommendations for enhanced due diligence for
State Life Building,
1-C; I.I.Chundrigar Road,
Karachi
GFC/KYC AML/Customer Due Diligence/2018-07-20
Paragraph 4' of the State Bank of Pakistan's Branchless Banking
Regulations. The regulations can be accessed at:
http://www.sbp.org.pk/bprd/2016/C9-Annx-A.pdf.
Furthermore, detailed guidelines on Simplified Due Diligence of on Low
Risk Bank Accounts (Asaan Account) has also been published by the State
Bank of Pakistan under BPRD Circular No. 11 dated June 22, 2015. The
guidelines can be accessed at:
http://www.sbp.org.pk/bprd/2015/C11-Guidelines.pdf
20) In what circumstances are enhanced customer due
diligence measures required?
Section 'D' (paragraphs 4-6) of the State Bank of Pakistan's 'AML/CFT
Guidelines on Risk Based Approach for Banks & DFIs' provides specific
certain customer types (e.g. NPOs, NGOs, charities, associations, house
wife accounts, landlords, proprietorships, self-employed professionals, on-
line transactions, cash, wire transfers, etc). Paragraph 5 provides high risk
elements/factors categorised into customers, products and delivery
channels and geography or locations.
For further details, please refer to the guidelines which can be accessed at:
http://www.sbp.org.pk/l_frame/AML-CFT-Guidelines-
RiskBasedApproach.pdf.
21) In what circumstances are additional due diligence required
for Politically Exposed Persons (‘PEPs’)?
Paragraph 29 of Regulation 1 of the State Bank of Pakistan's (SBP)
AML/CFT Regulations covers in detail the due diligence measures
required for PEPs.
In relation to PEPs and their close associates or family members,
banks/development finance institutions (DFIs) shall:
a) implement appropriate internal policies, procedures and controls to
determine if a customer or beneficial owner is a PEP;
b) obtain approval from the bank's senior management to establish or
continue business relations where the customer or a beneficial owner is a
PEP or subsequently becomes a PEP;
c) establish, by appropriate means, the sources of wealth or beneficial
ownership of funds, as appropriate, including the bank/ DFI's own
assessment to this effect; and
d) conduct during the course of the business relationship, enhanced
monitoring of business relations with the customer.
For further details, please refer to the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/l_frame/Revised-
AML-CFT-Regulations.pdf.
22) What enhanced due diligence must be performed for
Page 3
 Customer Due Diligence
Pakistan
Contact
Syed Faraz Anwer
+92 21 32426711
syed.faraz.anwer@pk.pwc.co
m correspondent banking relations, to satisfy them that their respondent
State Life Building,
1-C; I.I.Chundrigar Road,
Karachi
GFC/KYC AML/Customer Due Diligence/2018-07-20
correspondent banking relationships (cross-border banking
and similar relationships)?
Regulation 2 (Correspondent Banking) of the State Bank of Pakistan's
(SBP) AML/CFT Regulations cover this area in detail.
For further details, please refer to the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/l_frame/Revised-
AML-CFT-Regulations.pdf.
23) Are relationships with shell banks specifically prohibited?
Yes. As per paragraph 4 of Regulation 2 of the State Bank of Pakistan's
(SBP) AML/CFT Regulations, no bank/development finance institution
(DFI) shall enter into or continue correspondent banking relations with a
shell bank and shall take appropriate measures when establishing
banks do not permit their accounts to be used by shell banks.
For further details, please refer to the AML/CFT Regulations which can be
accessed at: http://www.sbp.org.pk/l_frame/Revised-
AML-CFT-Regulations.pdf.
24) In which circumstances are additional due diligence
required for non face-to-face transactions and/or
relationships?
In dealing with non face-to-face transactions and/or relationships,
adequate measures have been adopted by organisations. Additional due
diligence may be required when:
a) transactions do not make economic sense or are inconsistent with the
customer's business or profile;
b) transactions involving locations of concern & wire transfer(s); and
c) transactions involving unidentified parties.
Page 4
 Customer Due Diligence
India
Contact
Dhruv Chawla
+91 (0) 8130166550
dhruv.chawla@in.pwc.com
PricewaterhouseCoopers Pvt.
Ltd.
The Millenia, Tower D, 7th
Floor, 1&2 Murphy Road,
Ulsoor, Bangalore - 560008
India
GFC/KYC AML/Customer Due Diligence/2018-07-20
The content in the Customer Due Diligence section is valid for
the following calendar year:
#N/A
15) Are there minimum transaction thresholds, under which
customer due diligence is not required?
If Yes, what are the various thresholds in place?Are there
minimum transaction thresholds, under which customer due
diligence is not required?
If Yes, what are the various thresholds in place?
Where a transaction is carried out by a non-account based customer (e.g.
walk-in customer) and the amount of the transaction is lower than
INR50,000 (approx. USD735), the customer's identity and address do not
require verification. However, if a bank has reason to believe that a
customer is intentionally structuring a transaction into a series of
transactions below the threshold of INR50,000 (approx. USD735) to
avoid detection, the bank should verify the identity and address of the
customer and also consider filling in a suspicious transaction report.
Verification of identity must be conducted in respect of all cross-border
payments.
16) What are the high level requirements for verification of
customer identification information (individuals and legal
entities)?
The banking entity, financial institution (FI) or intermediary must verify
and maintain the records in respect of the identity and the current address
of the customer. The documents required are:
Individuals:
For opening accounts of individuals, banks/FIs should obtain one certified
copy of an 'officially valid document' (e.g. passport, driving licence,
Permanent Account Number (PAN) Card, Voter's Identity Card issued by
the Election Commission of India, job card issued by NREGA duly signed
by an officer of the State Government, letter issued by the Unique
Identification Authority of India containing details of name, address and
Aadhaar number or any other document as notified by the Central
Government) and one recent photograph.
Corporates:
a) Certificate of incorporation;
b) Memorandum and Articles of Association;
c) a resolution from the Board of Directors and Power of Attorney granted
to its managers, officers or employees to transact on its behalf; and
d) an officially valid document in respect of managers, officers or
employees holding legal authority to transact on its behalf.
Partnership firm:
a) registration certificate;
Page 5
 Customer Due Diligence
India
Contact
Dhruv Chawla
+91 (0) 8130166550
dhruv.chawla@in.pwc.com
PricewaterhouseCoopers Pvt.
Ltd.
The Millenia, Tower D, 7th
Floor, 1&2 Murphy Road,
Ulsoor, Bangalore - 560008
India
GFC/KYC AML/Customer Due Diligence/2018-07-20
b) partnership deed; and
c) an officially valid document in respect of the person holding legal
authority to transact on its behalf.
Trust:
a) registration certificate;
b) trust deed; and
c) an officially valid document in respect of the person holding a power of
attorney to transact on its behalf.
Unincorporated association or a body of individuals:
a) resolution of the managing body of such association or body of
individuals;
b) power of attorney granted to transact on its behalf;
c) an officially valid document in respect of the person holding legal
authority to transact on its behalf; and
d) such information as may be required by the bank/FI to collectively
establish the legal existence of such an association or body of individuals.
17) Where copies of identification documentation are provided,
what are the requirements around independent verification or
authentication?
Certified copies of an official valid document(s) may be used. The copies
need to be verified by seeing the original document(s) and stamped as
'original(s) seen and verified'.
18) What are the high level requirements around beneficial
ownership (identification and verification)?
The banking entity, financial institution (FI) or intermediary should take
reasonable measures to identify the beneficial owner(s) and verify
his/her/their identity in a manner so that it is satisfied that it knows who
the ultimate beneficial owner(s) is/are.
a) If the client is a company, the beneficial owner is the natural person(s),
who, whether acting alone or together, or through one or more juridical
person(s), has/have a controlling ownership interest or who exercises
control through other means.
b) Where the client is a partnership firm, the beneficial owner is the
natural person(s), who, whether acting alone or together, or through one
or more juridical person(s), has/have ownership of/entitlement to more
than 15% of capital or profits of the partnership.
c) Where the client is an unincorporated association or body of
individuals, the beneficial owner is the natural person(s), who, whether
acting alone or together, or through one or more juridical person(s),
has/have ownership of/entitlement to more than 15% of the property or
capital
or profits of the unincorporated association or body of individuals.
d) Where the client is a trust, the identification of beneficial owner(s) shall
include identification of the author of the trust, the trustee(s), the
Page 6
 Customer Due Diligence
India
Contact
Dhruv Chawla
+91 (0) 8130166550
dhruv.chawla@in.pwc.com
PricewaterhouseCoopers Pvt.
Ltd.
The Millenia, Tower D, 7th
Floor, 1&2 Murphy Road,
Ulsoor, Bangalore - 560008
India
GFC/KYC AML/Customer Due Diligence/2018-07-20
beneficiaries with 15% or more interest in the trust and any other natural
person(s) exercising ultimate effective control over the trust through a
chain of control or ownership.
e) Where the client or the owner of the controlling interest is a company
listed on a stock exchange or is a subsidiary of such a company, it is not
necessary to identify and verify the identity of any shareholder(s) or
beneficial owner(s) of such companies.
19) In what circumstances are reduced/simplified due diligence
arrangements available?
If an individual customer does not have any of the 'officially valid
documents' (see below) as proof of identity, then banks/financial
institutions are allowed to adopt 'simplified measures' in respect of 'low
risk' customers, taking into consideration the type of customer, business
relationship, nature and value of transactions based on the overall money
laundering and terrorist financing risks involved.
Examples of 'officially valid documents' include: passport, driving licence,
Permanent Account Number (PAN) Card, Voter's Identity Card issued by
the Election Commission of India, job card issued by NREGA duly signed
by an officer of the State Government, letter issued by the Unique
Identification Authority of India containing details of name, address and
Aadhaar number or any other document as notified by the Central
Government, etc.
20) In what circumstances are enhanced customer due
diligence measures required?
Customers that are likely to pose a higher than average risk to the bank
may be categorised as medium or high risk depending on the customer's
background, nature and location of activity, country of origin, source of
funds and client profile, etc. Banks may apply enhanced due diligence
measures based on the risk assessment, thereby requiring intensive due
diligence for higher risk customers, especially those for whom the sources
of funds is not clear. Examples of customers requiring enhanced due
diligence measures may include:
a) non-resident customers;
b) high net worth individuals;
c) trusts, charities, NGOs and organisations receiving donations;
d) companies having a close family shareholding or beneficial ownership;
e) firms with 'sleeping partners';
f) politically exposed persons of foreign origin;
g) non face-to-face customers;
h) those with a high risk reputation (based on publicly available
information); and
i) correspondent banking relationships.
21) In what circumstances are additional due diligence required
for Politically Exposed Persons (‘PEPs’)?
Banks should gather sufficient information on any person/customer of
this category intending to establish a relationship and check all the
Page 7
 Customer Due Diligence
India
Contact
Dhruv Chawla
+91 (0) 8130166550
dhruv.chawla@in.pwc.com
PricewaterhouseCoopers Pvt.
Ltd.
The Millenia, Tower D, 7th
Floor, 1&2 Murphy Road,
Ulsoor, Bangalore - 560008
India
GFC/KYC AML/Customer Due Diligence/2018-07-20
information available on the person in the public domain. Banks should
verify the identity of the person and seek information about their source of
funds before accepting the PEP as a customer. The decision to open an
account for a PEP should be taken at a senior level and this procedures
should be clearly stipulated in the bank's customer acceptance policy.
Banks should also subject such accounts to enhanced monitoring on an
ongoing basis. The above may also be applied to the accounts of the family
members or close relatives of PEPs. In the case of an existing customer or
the beneficial owner(s) of an existing account subsequently becoming a
PEP, banks should obtain senior management approval to continue the
business relationship and subject the account to the customer due
diligence measures as applicable to the customers of a PEP category
including enhanced monitoring on an ongoing basis. These instructions
are also applicable to accounts where a PEP is the ultimate beneficial
owner. Furthermore, banks should have appropriate ongoing risk
management procedures for identifying and applying enhanced customer
due diligence to PEPs, customers who are close relatives of PEPs and
accounts of which a PEP is the ultimate beneficial owner.
22) What enhanced due diligence must be performed for
correspondent banking relationships (cross-border banking
and similar relationships)?
a) banks should gather sufficient information to fully understand the
nature of the business of the respondent bank. Banks should try to
ascertain, from publicly available information, whether the respondent
bank has been subject to any money laundering or terrorist financing
investigation or regulatory action.
b) the bank should also be satisfied that the respondent bank has verified
the identity of all customers having direct access to its accounts and is
undertaking ongoing due diligence on them. The bank should also ensure
that the respondent bank is able to provide the relevant customer
identification data immediately upon request.
c) additionally, in order to monitor and review 'at par' cheque facilities
extended to walk-in-customers of cooperative banks through
correspondent banking arrangements and to assess the risks including
credit risk and reputation risk arising associated with such arrangements,
banks should retain the right to verify the records maintained by these
cooperative banks/societies for compliance with the existing instructions
on KYC and AML under such arrangements.
23) Are relationships with shell banks specifically prohibited?
Yes. Guidance issued by the local regulator prohibits entering into a
correspondent relationship with shell banks. Shell banks are not
permitted to operate in India. Banks should also guard against
establishing relationships with respondent foreign financial institutions
that permit their accounts to be used by shell banks.
24) In which circumstances are additional due diligence
Page 8
 Customer Due Diligence

India required for non face-to-face transactions and/or

relationships?
a) in the case of non face-to-face customers, banks must adopt specific and
adequate procedures to mitigate the higher risk involved in addition to
applying the usual customer identification procedures.

b) certification of all the documents presented should be insisted upon

and additional documents may be called for in such cases. In the case of
Contact cross-border customers, there is the additional difficulty of matching the
customer with the documentation and the bank may have to rely on third
Dhruv Chawla party certification/ introduction. In such cases, it must be ensured that the
third party is a regulated and supervised entity and has adequate KYC
+91 (0) 8130166550
systems and controls in place. Additionally, the first transaction should be
dhruv.chawla@in.pwc.com through a cheque issued from an existing bank account.

PricewaterhouseCoopers Pvt.
Ltd.
The Millenia, Tower D, 7th
Floor, 1&2 Murphy Road,
Ulsoor, Bangalore - 560008
India

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 9

 Customer Due Diligence

Malaysia The content in the Customer Due Diligence section is valid for
the following calendar year:
#N/A

15) Are there minimum transaction thresholds, under which

customer due diligence is not required?
If Yes, what are the various thresholds in place?Are there
minimum transaction thresholds, under which customer due
diligence is not required?
Contact If Yes, what are the various thresholds in place?
Alex Tan In broad terms, there is no minimum threshold for the following:

+60 3 2173 1338 a) establishing businesses relationships;

alex.tan@my.pwc.com
Level 10, 1 Sentral, Jalan
Rakyat,
Kuala Lumpur Sentral, PO
Box 10192,
50706 Kuala Lumpur,
Malaysia
b) wire transfers;
c) if there is suspicion of ML/TF; and
d) if there is doubt about the veracity or adequacy of previously obtained
information.
Otherwise:
For banks and deposit taking institutions:

a) money changing and wholesale currency business - RM3,000 (approx.

USD670) and above;
b) occasional transactions - RM50,000 (approx. USD11,146) and above in
a single transaction or several transactions in a day that appear to be
linked; and
c) cash transactions - RM50,000 (approx. USD11,146) and above in a day.

For insurance and takaful:

May perform simplified customer due diligence on customer, beneficial

owner and beneficiary if:

a) all insurance policies are sold with premium amount below RM5,000
(approx. USD1,114); or
b) any single premium insurance policy is below RM10,000 (approx.
USD2,230).

For money service businesses:

a) money changing and wholesale currency business - RM3,000 (approx.

USD670) and above:
a. RM3,000 (approx. USD670) to RM10,000 (approx. USD2,230),
sighting and keying in customer/beneficial owner identification
information; and
b. above RM10,000 (approx. USD2,230), sighting and keying in
customer/beneficial owner identification information and making a copy
of identification document.

For licensed casino:

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 10

 Customer Due Diligence

Malaysia
Any transaction involving RM10,000 (approx. USD2,230) and above (e.g.
exchange cash for cash chips, exchange cash/vouchers for chip warrants,
request for cheques or wire transfers for payments of winnings/capital,
use of membership cards/temporary cards in respect of e-cash out facility,
etc.). Customer due diligence is also required on the third party when
customer requests RM10,000 (approx. USD2,230) and above to be paid to
a third party.
Contact
For licensed gaming outlets:
Alex Tan
Appropriate thresholds are decided internally based on their own risk
+60 3 2173 1338
assessment. Thresholds are not publicly disclosed.
alex.tan@my.pwc.com
For dealers in precious metals and stones:
Level 10, 1 Sentral, Jalan
Rakyat, Any cash transaction equivalent to RM50,000 (approx. USD11,146) and
Kuala Lumpur Sentral, PO above, either as a single transaction or multiple transactions on a given
Box 10192, day.
50706 Kuala Lumpur,
Malaysia 16) What are the high level requirements for verification of
customer identification information (individuals and legal
entities)?
Individuals:

Reporting institutions should obtain at least:

a) full name;
b) date of birth;
c) nationality; and
d) permanent and mailing address and NRIC/passport number.

Institutions should verify the identity, representative capacity, domicile,

legal capacity, occupation or business purpose of any person, as well as
other identifying information on that person, whether an occasional or
usual client, through the use of documents such as an identity card,
passport, birth certificate, driving licence, or any other official or private
photograph bearing document.

Where a particular individual is commonly known by two or more

different names, the individuals shall not use one of those names to open
an account with the reporting institution(s), unless he/she has disclosed
the other names to the reporting institution(s). The reporting institution
should make a record of the different names by which the individual is
commonly known as and upon request provide the information to the
competent authority.

Legal Entities:

Reporting institutions should require the company/business to provide

original documentation and copies should be made of each of the

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 11

 Customer Due Diligence

Malaysia following documents:

a) Memorandum and Articles of Association/Certificate of

Incorporation/partnership;
b) identification documents of directors/shareholders/partners;
c) authorisation for any person to represent the company/business;
d) identification document(s) of the person authorised to represent the
company/business in its dealing with the reporting institution; and
Contact e) registered office address and principle place of business.

Alex Tan 17) Where copies of identification documentation are provided,

+60 3 2173 1338
alex.tan@my.pwc.com
Level 10, 1 Sentral, Jalan
Rakyat,
Kuala Lumpur Sentral, PO
Box 10192,
50706 Kuala Lumpur,
Malaysia
what are the requirements around independent verification or
authentication?
Original documents must be provided and the reporting institution should
make copies, as required. Certified true copies/duly notarised copies may
be accepted.
18) What are the high level requirements around beneficial
ownership (identification and verification)?
The reporting institution must identify and verify the beneficial owner(s).
They should conduct customer due diligence on the natural person that
ultimately owns or controls the customer's transaction when they suspect
the transaction is conducted on behalf of a beneficial owner(s) and not the
customer who is conducting such a transaction. The customer due
diligence conducted should be as stringent as that imposed on an
individual customer.

19) In what circumstances are reduced/simplified due diligence

arrangements available?
Simplified due diligence applies to the following:

Reporting institutions are exempted from obtaining a copy of the

Memorandum and Articles of Association or certificate of incorporation
and from identifying and verifying the directors and shareholders of the
legal person which fall under the following categories:

a) public listed companies or corporations listed in Bursa Malaysia;

b) foreign public listed companies:
a. listed in recognised exchanges; and
b. not listed in higher risk countries;
c) foreign financial institutions that are not from higher risk countries;
d) government-linked companies in Malaysia;
e) state-owned corporations and companies in Malaysia;
f) an authorised person, an operator of a designated payment system, a
registered person, as the case may be, under the FSA and the IFSA;
g) persons licensed or registered under the Capital Markets and Services
Act 2007;
h) licensed entities under the Labuan Financial Services and Securities Act
2010 and Labuan Islamic Financial Services and Securities Act 2010; or
i) prescribed institutions under the Development Financial Institutions
Act 2002.

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 12

 Customer Due Diligence

Malaysia 20) In what circumstances are enhanced customer due

diligence measures required?
Local AML guidance requires an enhanced customer due diligence process
for higher risk categories of customers, business relationships or
transactions. Enhanced due diligence should include at least obtaining
more detailed information from the customer and through publicly
available information, in particular, on the purpose of the transaction and
source of funds and obtaining approval from the senior management of
Contact the reporting institution before establishing the business relationship with
the customer.
Alex Tan
Examples of higher risk customers are:
+60 3 2173 1338
alex.tan@my.pwc.com a) individuals with high net worth;
b) non-resident customers;
Level 10, 1 Sentral, Jalan c) individuals from locations known for their high rates of crime (e.g. drug
Rakyat, producing, trafficking, smuggling, etc.);
Kuala Lumpur Sentral, PO d) countries or jurisdictions with inadequate AML/CFT laws and
Box 10192, regulations as highlighted by the FATF;
50706 Kuala Lumpur, e) politically exposed persons (PEPs);
Malaysia f) legal arrangements that are complex (e.g. trusts, nominee companies,
etc.); and
g) cash based businesses and businesses/activities identified by the FATF
as of higher money laundering and/or terrorist financing risk.

21) In what circumstances are additional due diligence required

for Politically Exposed Persons (‘PEPs’)?
Once a PEP (local and foreign) is identified, the reporting institution
should take reasonable and appropriate measures to establish the source
of wealth and funds of such a person.

22) What enhanced due diligence must be performed for

correspondent banking relationships (cross-border banking
and similar relationships)?
Section 20 of the sectorial guidelines for banks and financial institutions
deals with correspondent banking:

S. 20.1 "Reporting institutions providing correspondent banking services

to respondent banks are required to take the necessary measures to ensure
that it is not exposed to the threat of ML/TF through the accounts of the
respondent banks such as being used by shell banks".

S. 20.2 "In relation to cross-border correspondent banking and other

similar relationships, reporting institutions are required to:

a) gather sufficient information about a respondent bank to understand

fully the nature of the respondent bank's business and to determine, from
publicly available information, the reputation of the respondent bank and
the quality of supervision exercised on the respondent bank, including
whether it has been subject to a ML/TF investigation or regulatory action;
b) assess the respondent bank's AML/CFT controls against the AML/CFT

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 13

 Customer Due Diligence

Malaysia measures of the country or jurisdiction in which the respondent bank

operates;
c) obtain approval from senior management before establishing new
correspondent banking relationships; and
d) clearly understand the respective AML/CFT responsibilities of each
institution".

S. 20.3 "In relation to “payable-through accounts”, reporting institutions

Contact are required to satisfy themselves that the respondent bank:

Alex Tan a) has performed customer due diligence (CDD) obligations on its
customers that have direct access to the accounts of the reporting
+60 3 2173 1338
institution; and
alex.tan@my.pwc.com b) is able to provide relevant CDD information to the reporting institution
upon request".
Level 10, 1 Sentral, Jalan
Rakyat, S. 20.4 "Reporting institutions shall not enter into, or continue,
Kuala Lumpur Sentral, PO correspondent banking relationships with shell banks. Reporting
Box 10192, institutions are required to satisfy themselves that respondent banks do
50706 Kuala Lumpur, not permit their accounts to be used by shell banks".
Malaysia
For the non-financial institution sector, there is no specific guideline for
correspondent banking.

23) Are relationships with shell banks specifically prohibited?

For banks and other financial institutions, the guidelines state that they
should not establish or have any business relationships with shell banks.
There is no such prohibition for the non-financial sector.

24) In which circumstances are additional due diligence

required for non face-to-face transactions and/or
relationships?
Reporting institutions may establish non face-to-face business
relationships with its customers. Non face-to-face relationships can only
be established if the reporting institution has policies and procedures in
place to address any specific risks associated with non face-to-face
business relationships.

Reporting institutions are required to be vigilant in establishing and

conducting non face-to-face business relationships (e.g. through the
internet) and are required to establish appropriate measures for
identification and verification of customer identity that shall be as
effective as that for face-to-face customers and to implement monitoring
and reporting mechanisms to identify potential ML/TF activities.

Reporting institutions may use the following measures to verify the

identity of non face-to-face customer:

a) requesting additional documents to complement those which are

required for face-to-face customer;
b) developing independent contact with the customer; or

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 14

 Customer Due Diligence

Malaysia c) verifying the customer's information against any database maintained

by the authorities.

Contact
Alex Tan
+60 3 2173 1338
alex.tan@my.pwc.com
Level 10, 1 Sentral, Jalan
Rakyat,
Kuala Lumpur Sentral, PO
Box 10192,
50706 Kuala Lumpur,
Malaysia

GFC/KYC AML/Customer Due Diligence/2018-07-20 Page 15

 Customer Due Diligence

Malaysia

Contact
Alex Tan
+60 3 2173 1338
alex.tan@my.pwc.com
Level 10, 1 Sentral, Jalan
Rakyat,
Kuala Lumpur Sentral, PO
Box 10192,
50706 Kuala Lumpur,
Malaysia

At PwC United Kingdom, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 208,000
people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at
www.pwc.com/UK.

This publication has been prepared for general guidance on matters of interest only, and does not constitute professional advice. You should not act upon the
information contained in this publication without obtaining specific professional advice. No representation or warranty (express or implied) is given as to the
accuracy or completeness of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP, its members,
employees and agents do not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, in
reliance on the information contained in this publication or for any decision based on it.

© 2018 PricewaterhouseCoopers LLP. All rights reserved. In this document, “PwC” refers to the UK member firm, and may sometimes refer to the PwC network.
Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details.

Powered by TCPDF (www.tcpdf.org)