By Ahmad Jamal Assegaf, Lubis Ganie Surowidjojo
Background
Indonesia’s Financial Services Authority (Otoritas Jasa Keuangan/ OJK) has issued Circular Letter No. 47/SEOJK.04/2017 on the Implementation of Anti-Money Laundering and Prevention of Terrorism Financing Programmes Within Capital Market Sector (Circular No. 47/2017). This circular letter serves as the technical provisions for implementation of anti-money laundering and prevention of terrorism financing (AML-PTF) within the capital market sector as mandated in Article 68 of Regulation No. 12/POJK.01/2017 on the Implementation of Anti-Money Laundering and Prevention of Terrorism Financing Programs Within Financial Sector.
Circular No. 47/2017 applies to financial services providers within the capital markets sector, namely securities companies engaged in securities underwriting business activity, securities brokerage, investment management and commercial banking as a custodian with respect to the prevailing laws and regulations in the capital markets sector (hereinafter collectively referred to as Providers).
Scope of Circular No. 47/2017
Development of products and services along with the growing use of information technology in the financial services sector has increased the risks of Providers being used as the medium for money laundering and terrorism financing. In regard to that, Circular No. 47/2017 aims to strengthen the quality of AML-PTF programme implementation, using a risk-based approach. This legal update will discuss about the implementation of the risk-based approach and the AML-PTF programmes within the capital markets sector.
Risk-based approach
Under this circular letter, Providers are required to implement AML-PTF programmes through a risk-based approach. In implementing the AML-PTF programmes, Section II. 1b Circular No. 47/2017 regulates that Providers in the capital markets sector should refer to and take into account the risks listed under the National Risk Assessment and Sectoral Risk Assessment. Pursuant to Section II. 2b of Circular No. 47/2017, Providers are also obligated to conduct a risk management process in order to comprehend, assess, administer and mitigate any identified risks prior to taking any decisions. It is important for Providers to differentiate inherent risks and residual risks in conducting the risk assessment process. Section II. 2c of Circular No. 47/2017 defines inherent risks as risks linked to an event that occurs in the course of doing business prior to the implementation of any risk-management measures. Meanwhile, residual risks are risks that remain after the risk management measures have been implemented.
In regards to AML-PTF, Section II.2d of Circular No. 47/2017 defines a risk-based approach as a process that consist of these following matters:
1. Identification of risks, which includes four risk factors namely:
a) customers;
b) state or geographical area;
c) product, services, or transactions; and
d) delivery channels
2. Management and mitigation of risks, which should be implemented through internal controls and suitable policies according to the identified risks.
3. Monitoring of customers, transactions and business relations in accordance with the assessed risk levels.
Moreover, Section II.3 of Circular No. 47/2017 provides that Providers should conduct six steps in implementing the risk-based approach, namely:
1. Identification, comprehension and assessment of inherent risks;
2. Determination of risk tolerance;
3. Formulation of measures to minimise and mitigate risks;
4. Evaluation of residual risks;
5. Implementation of a risk-based approach; and
6. Review and evaluation of the implementation of a risk-based approach.
AML-PTF Programmes
The risk-based approach as mentioned above is to be used as the underlying principle for the implementation of AML-PTF programmes. Section I.5 of Circular No. 47/2017 provides that implementation of a risk-based approach in AML-PTF programmes should at least cover:
a) Active supervision by the Board of Directors (BoD) and Board of Commissioners (BoC);
b) mplementation of policies and procedures;
c) Internal controls;
d) Information management system; and
e) Improvements in human resources and training.
As for the implementation of policies and procedures as referred to in point b, Section IV Circular No. 47/2017 provides that such policy and procedure consists of these following activities:
a) Identification and verification of prospective customer, customer and beneficial owner;
b) Declination and termination of business relations with prospective customers who refuse to participate in AML-PTF programmes;
c) Maintenance of accurate data in relation to transactions, the administration of customer due diligence processes, as well as policies and procedures;
d) Data monitoring and updates, the proposal and realisation of data updates must be reported to the OJK;
e) Reporting to senior officials, BoDs and BoCs regarding the implementation of AML-PTF programmes.
Circular No. 47/2017 has been in force since September 6, 2017.
T: (62-21) 831-5005, 831-5025
F: (62-21) 831-5015, 831-5018