(1) A financial institution or person engaged in other business activity shall undertake customer due diligence measures that involves identifying and verifying the identity of a customer when —
(a) establishing business relations with a customer;
(b) carrying out occasional transactions equal to or exceeding Ten Thousand United States Dollars or its equivalent in Eastern Caribbean Dollars or wire transfers;
(c) funds transfers are conducted and related messages are sent;
(d) transferring funds which do not contain complete originator information;
(e) there is a suspicion of money laundering or other criminal conduct;
(f) there is doubt about the veracity or adequacy of previously obtained customer identification data;
(g) in the case of a gaming operator, carrying out financial transactions equal to or exceeding eight thousand dollars.
(Substituted by Act 9 of 2011 and by Act 16 of 2021)
(2) A financial institution or a person engaged in other business activity shall ensure that any document, data or information collected under the customer due diligence process is kept up-to-date and relevant by undertaking routine reviews of existing records particularly for high risk categories of customers or business relationships.
(3) A financial institution or person engaged in other business activity shall —
(a) perform enhanced customer due diligence, proportionate to the high risks identified, including —
(i) high risk categories of customers, business relationships or transactions in respect of countries that have not implemented the recommendations of the Financial Action Task Force,
(ii) business relationships or transactions with natural or legal persons, including financial institutions, from countries for which enhanced customer due diligence is required by the Financial Action Task Force;
(b) perform reduced or simplified customer due diligence —
(i) where there are low risks of money laundering, terrorist financing or proliferation financing, consistent with a country's assessment of its money laundering, terrorist financing and proliferation financing risks,
(ii) where adequate checks and controls exist in a country's national anti-money laundering, counter-terrorist financing or counter-proliferation financing system,
(iii) on customers resident in another country, where the country is in compliance with and has implemented the recommendations of the Financial Action Task Force;
(c) not perform reduced or simplified customer due diligence where there is a suspicion of money laundering or other criminal conduct.
(Substituted by Act 16 of 2021)
(4) The customer due diligence measures to be taken under this section are as follows —
(a) subject to subsection (11), identifying a customer and verifying a customer's identity using reliable, independent source documents, data or information;
(b) subject to subsection (11), identifying the beneficial owner, and taking reasonable measures to verify the identity of the beneficial owner such that the financial institution or person engaged in other business activity is satisfied that it knows who the beneficial owner is and for legal persons and arrangements this should include financial institutions taking reasonable measures to understand the ownership and control structure of the customer; (Amended by Act 9 of 2011)
(c) obtaining information on, examining and understanding as far as possible, the background, purpose and intended nature of the business relationship; (Substituted by Act 16 of 2021)
(d) conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the financial institution's or person engaged in other business activity knowledge of the customer, their business and risk profile, including, where necessary, the source of funds. (Amended by Act 9 of 2011)
(5) A financial institution of person engaged in other business activity shall apply each of the customer due diligence measures under subsection (4)(a) to (d), but may determine the extent of such measures on a risk sensitive basis depending on the type of customer, business relationship or transaction.
(6) Where the financial institution or person engaged in other business activity is unable to comply with paragraphs (a) to (c) of subsection (4), the financial institution or person engaged in other business activity shall not open the account, commence business relations or perform the transaction; or shall terminate the business relationship; and shall consider making a suspicious transaction report in relation to the customer.
(6A) If a financial institution or person engaged in other business activity has a suspicion of money laundering or other criminal conduct and reasonably believes that performing customer due diligence under subsection (1) tips-off a customer, that financial institution or person engaged in other business activity shall not perform customer due diligence and shall make a suspicious transaction report in relation to that customer. (Inserted by Act 16 of 2021)
(7) A financial institution or person engaged in other business activity may rely on intermediaries or other third parties to perform paragraphs (a) to (c) of subsection (4) of the customer due diligence process or to introduce business, provided that the criteria set out in subsection (8) are met.
(8) The criteria that should be met for the purposes of subsection (7) are as follows —
(a) a financial institution or a person engaged in other business activity relying upon an intermediary or third party shall immediately obtain the necessary information in paragraphs (a) to (c) of subsection (4) of the customer due diligence process;
(b) a financial institution or a person engaged in other business activity shall take adequate steps to satisfy themselves that copies of identification data and other relevant documentation relating to the customer due diligence and record-keeping requirements will be made available from the intermediary or third party upon request without delay; (Amended by Act 16 of 2021)
(c) a financial institution or person engaged in other business activity shall be satisfied that the intermediary or third party is regulated and supervised for, and has measures in place to comply with, the customer due diligence and record-keeping requirements under this Act; (Substituted by Act 16 of 2021)
(d) a financial institution or person engaged in other business activity shall consider information available on the level of risk of the country in which an intermediary or a third party is located. (Inserted by Act 16 of 2021)
(9) For higher risk categories, a financial institution or person engaged in other business activity shall perform enhanced due diligence.
(10) Where there are low risks, a financial institution or person engaged in other business activity may apply reduced or simplified measures.
(11) A financial institution or person engaged in other business activity shall verify the identity of the customer and beneficial owner before or during the course of establishing a business relationship or conducting transactions for occasional customers.
(12) A financial institution or person engaged in other business activity shall complete the verification as soon as reasonably practicable following the establishment of the relationship, where the money laundering, terrorist financing and proliferation financing risks are effectively managed and where this is essential not to interrupt the normal conduct of business. (Amended by Act 16 of 2021)
(13) The measures that are taken by the financial institution or person engaged in other business activity must be consistent with any guidelines issued by the Authority.
(14) This section applies to all new customers and existing customers on the basis of materiality and risk, and a financial institution or person engaged in other business activity shall conduct customer due diligence on existing relationships at appropriate times. (Amended by Act 16 of 2021)
(15) Where a financial institution or person engaged in other business activity relies on intermediaries or other third parties pursuant to subsection (14), the ultimate responsibility for customer identification and verification remains with the financial institution or person engaged in other business activity relying on the third party.