Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Search Search

FINANCIAL INTELLIGENCE CENTRE ACT: INDEX TO SUBSIDIARY LEGISLATION

Financial Intelligence Centre (Prescribed Thresholds) Regulations

Financial Intelligence Centre (General) Regulations

FINANCIAL INTELLIGENCE CENTRE (PRESCRIBED THRESHOLDS) REGULATIONS

[Section 58]

Arrangement of Regulations

    Regulation

    1.    Title

    2.    Interpretation

    3.    Monitoring compliance

    4.    Request for information

    5.    Customer identification requirements

    6.    Wire transfers and transfers relating to virtual assets

    7.    Currency transactions

    8.    Financial instrument reporting at borders

    9.    General penalty

    10.    Contravention by principal officer of body corporate or unincorporated body

    11.    Revocation of SI No. 52 of 2016

        SCHEDULE

SI 53 of 2022.

1.    Title

These Regulations may be cited as the Financial Intelligence Centre (Prescribed Threshold) Regulations.

2.    Interpretation

In these Regulations, unless the context otherwise requires—

"Centre" has the meaning assigned to the word in the Act;

"Competent Authority" has the meaning assigned to the words in the Act;

"Council" has the meaning assigned to the word in the Constitution;

"Director-General" has the meaning assigned to the words in the Act;

"Originator" has the meaning assigned to the word in the Act;

"Registrar of Companies" means the person appointed as Registrar under the Patents and Companies Registration Agency Act, 2020;

"Reporting Entity" has the meaning assigned to the words in the Act;

"Supervisory Authority" has the meaning assigned to the words in the Act;

"Transaction" has the meaning assigned to the word in the Act;

"Virtual Asset" has the meaning assigned to the words in the Act;

"Virtual Asset Service Provider" has the meaning assigned to the words in the Act;

"Wire Transfer" has the meaning assigned to the words in the Act; and

"Zambia Revenue Authority" means the Zambia Revenue Authority established under the Zambia Revenue Authority Act.

3.    Monitoring compliance

The Centre and a Supervisory Authority shall monitor and ensure compliance by a Reporting Entity with the Reporting Entity’s obligations under these Regulations.

4.    Request for information

The Director-General may request a Reporting Entity to furnish financial information on a transaction relating to a threshold amount specified in these Regulations, whether conducted as a single transaction or as several transactions that appear to be linked.

5.    Customer identification requirements

A Reporting Entity may identify and verify the identity of a customer, by means of a passport, a driver’s licence, national identification document or a Refugee Identification Card, where a customer who is neither an account holder nor in an established business relationship with a financial service provider, wishes to carry out a transaction in an amount less than or equal to one thousand United States dollars, whether denominated in Zambian Kwacha or a foreign currency.

6.    Wire transfers and transfers relating to virtual assets

    (1) The threshold of a wire transfer transaction undertaken by a financial service provider for the purposes of section 26 of the Act and the threshold of a transfer relating to virtual assets is an amount equal to, or above, the Kwacha equivalent of one thousand United States dollars, whether denominated in Zambian Kwacha or a foreign currency.

    (2) A financial service provider undertaking a wire transfer or a transfer relating to virtual assets in an amount below the Kwacha equivalent of one thousand United States dollars, whether denominated in Zambian Kwacha or a foreign currency, shall obtain and maintain the following information—

    (a)    for the originator, the name and account number of the originator where an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction; or

    (b)    for the beneficiary, the name and account number of the beneficiary where an account is used to process the transaction or, in the absence of an account, a unique transaction reference number which permits traceability of the transaction.

    (3) A financial service provider shall verify the information under sub-regulation (2) where there is a suspicion of money laundering or terrorism or proliferation financing.

    (4) A financial service provider undertaking a wire transfer or a transfer relating to virtual assets in an amount equal to, or above, the amount referred to under sub-regulation (1), shall identify and verify the identity of the originator as follows—

    (a)    for an individual, the full name, address or, in the absence of address, the national identity number, or date and place of birth of the individual by comparing the particulars with—

        (i)    the individual’s driving licence, passport or national identification document bearing the individual’s pictorial image;

        (ii)    a reference from the individual’s employer, a professional, customary authority or existing customer of the financial service provider that has known that individual for at least a year;

        (iii)    a reference obtained from the individual’s foreign bank, where possible, in the case of a non-resident or foreigner;

        (iv)    an original or certified true copy of the latest Council or applicable rates or utility bill receipt; or

        (v)    information which is obtained from any other independent source, if it is accurate and reasonably necessary taking into account any other law or guidelines concerning the verification of identities;

    (b)    for a body corporate—

        (i)    by comparing the submitted details of the body corporate with a certified true copy of its certificate of incorporation issued by the Registrar of Companies or other relevant authority;

        (ii)    reviewing the tax payer identification number (TPIN) issued by the Zambia Revenue Authority and other information held by the Register of Companies or other relevant register; and

        (iii)    except for statutory bodies, the particulars of each person exercising direct or indirect control, for purposes of identifying the beneficial owner;

    (c)    for a partnership, obtain from an individual acting or purporting to act on its behalf—

        (i)    the name of the partnership;

        (ii)    business address;

        (iii)    the partnership agreement;

        (iv)    the full names, address, and date and place of birth of each partner, including the person who exercises direct or indirect control or management of the partnership for purposes of identifying the beneficial owner; and

    (d)    for the beneficiary—

        (i)    obtain and maintain the full name of the beneficiary;

        (ii)    obtain and maintain the account number of the beneficiary or, in the absence of an account number, a unique reference number; and

        (iii)    include the information from sub-regulation (4)(a), (b) and (c) in the message or payment from accompanying the transfer.

    (5) A beneficiary financial service provider shall—

    (a)    verify the identity of the beneficiary, if the identity has not been previously verified by a financial service provider in accordance with sub-regulation (4); and

    (b)    keep and maintain a record of the information under sub-regulation (4)(d)(i) and (ii) for at least 10 years from the date of the relevant transaction.

    (6) An originating Virtual Asset Service Provider shall, when conducting a transfer of virtual assets to a beneficiary, obtain and maintain the following information—

    (a)    the name of the originator and the beneficiary;

    (b)    where an account is used to process the transfer of virtual assets by—

        (i)    the originator, the account number of the originator; or

        (ii)    the beneficiary, the account number of the beneficiary;

    (c)    the address of the originator, the originator’s driving licence, passport or national identification document bearing the originator’s pictorial image and evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and

    (d)    where an account is not used to process the transfer of virtual assets, the unique transaction reference number that permits traceability of the transaction.

    (7) An originating Virtual Asset Service Provider shall, before conducting the transfer of virtual assets, verify the information provided under sub-regulation (6) by means of reliable and independent source documents, data or information.

    (8) An originating Virtual Asset Service Provider shall provide the information under sub-regulation (6) to the beneficiary Virtual Asset Service Provider or Reporting Entity simultaneously or concurrently with the transfer of virtual assets.

    (9) An originating Virtual Asset Service Provider may provide the information under sub-regulation (6) to the beneficiary Virtual Asset Service Provider or a Reporting Entity, where applicable, directly by attaching the information to the transfer of virtual assets or providing the information indirectly.

    (10) An originating Virtual Asset Service Provider shall ensure that transfers of virtual assets are conducted using a system which prevents the unauthorised disclosure of the information under sub-regulation (6) to a person other than the originating Virtual Asset Service Provider, the beneficiary Virtual Asset Service Provider or the Reporting Entity.

    (11) An originating Virtual Asset Service Provider shall, for at least 10 years, keep records of complete information on the originator and beneficiary which accompanies each transfer of virtual assets.

    (12) A beneficiary Virtual Asset Service Provider shall, on receipt of a transfer of virtual assets, collect and record the following information—

    (a)    the name of the originator and the beneficiary;

    (b)    where an account is used to process the transfer of virtual assets by—

        (i)    the originator, the account number of the originator; or

        (ii)    the beneficiary, the account number of the beneficiary;

    (c)    the address of the beneficiary, the number of a Government issued document evidencing the beneficiary’s identity or the beneficiary’s customer identification number or date and place of birth; and

    (d)    where an account is not used to process the transfer of virtual assets, the unique transaction reference number that permits traceability of the transaction.

    (13) A beneficiary Virtual Asset Service Provider shall verify the accuracy of information on the beneficiary provided under sub-regulation (6) by means of reliable and independent source documents, data or information.

    (14) A beneficiary Virtual Asset Service Provider shall keep a record, for at least 10 years, of all information relating to the originator and beneficiary which accompanies each transfer of virtual assets.

    (15) A Competent Authority may, by notice in writing, require an originating Virtual Asset Service Provider or a beneficiary Virtual Asset Service Provider to provide information in respect of a transfer of virtual assets undertaken.

    (16) An originating Virtual Asset Service Provider or a beneficiary Virtual Asset Service Provider which receives a notice under sub-regulation (15) shall comply with that notice within the period and in the manner specified in the notice.

    (17) A batch file relating to a transfer of virtual assets shall contain the name, account number or unique reference number of the beneficiary that is traceable in the beneficiary country.

    (18) Sub-regulation (12) does not apply to an individual transfer of virtual assets relating to batch file transfers of virtual assets from a single originator if—

    (a)    the batch file contains—

        (i)    the name of the originator;

        (ii)    where an account is used to process the transfer of virtual assets by the originator, the account number of the originator; or

        (iii)    the address of the originator, the number of an issued Government document evidencing the originator’s identity or the originator’s customer identification number or date and place of birth; and

    (b)    the individual transfers of virtual assets carry the account number of the originator or a unique reference number.

    (19) A beneficiary Virtual Asset Service Provider shall have effective—

    (a)    procedures to obtain information under sub-regulation (4) in the messaging or payment and settlement system or equivalent system used to effect a transfer of virtual assets; and

    (b)    systems in place to detect missing required information on both the originator and beneficiary.

    (20) An originating Virtual Asset Service Provider shall not execute transfers of virtual assets where the originating Virtual Asset Service Provider is unable to obtain and maintain information on the originator and beneficiary as required under this regulation.

    (21) A beneficiary Virtual Asset Service Provider shall, where a beneficiary Virtual Asset Service Provider detects, when receiving transfers of virtual assets, that information on the originator required under this regulation is missing or incomplete, either reject the transfer of virtual assets or request the complete information of the originator.

    (22) A beneficiary Virtual Asset Service Provider shall adopt risk-based policies and procedures for determining—

    (a)    whether to execute, reject or suspend a transfer of virtual assets; and

    (b)    the resulting procedures applicable, where the required originator or beneficiary information is incomplete.

    (23) A beneficiary Virtual Asset Service Provider shall, where an originating Virtual Asset Service Provider regularly fails to supply the information specified under this regulation on the originator, adopt reasonable measures to remedy the non-compliance before—

    (a)    rejecting any future transfers of virtual assets from that originating Virtual Asset Service Provider;

    (b)    restricting its business relationship with that originating Virtual Asset Service Provider; or

    (c)    terminating its business relationship with that originating Virtual Asset Service Provider.

    (24) A beneficiary Virtual Asset Service Provider that intends to restrict or terminate its business relationship with an originating Virtual Asset Service Provider shall report its decision to the Centre or any other designated Supervisory Authority.

    (25) A beneficiary Virtual Asset Service Provider shall consider incomplete information about the originator as a factor in assessing whether a transfer of virtual assets, or any related transaction, is suspicious and where it is determined that the transaction is suspicious, the suspicious transaction shall be reported to the Centre in accordance with the Act.

    (26) An intermediary Virtual Asset Service Provider shall—

    (a)    take reasonable measures to identify transfers of virtual assets that lack the required originator or beneficiary information; and

    (b)    adopt risk-based policies and procedures for determining—

        (i)    when to execute, reject or suspend a transfer of virtual assets; and

        (ii)    the procedures to be applied, where the required originator or beneficiary information is incomplete.

    (27) A Virtual Asset Service Provider shall comply with the requirements under this regulation in the countries in which that Virtual Asset Service Provider operates, either directly or through the agents of the Virtual Asset Service Provider.

    (28) A Virtual Asset Service Provider that controls both the originating Virtual Asset Service Provider and the beneficiary Virtual Asset Service Provider shall consider the information from both the originating Virtual Asset Service Provider and the beneficiary Virtual Asset Service Provider to determine whether a suspicious activity report should be filed to the Centre and the relevant authority.

    (29) A Virtual Asset Service Provider that determines under sub-regulation (28) that there is suspicious transaction shall file the suspicious transaction report in the country from which the transfer of virtual assets originated or to which the transfer of virtual assets was destined and submit the relevant transaction information available to the Centre and the relevant authorities in the country from which the transfer originated or to which it was destined.

    (30) An intermediary Virtual Asset Service Provider shall keep a record, for at least 10 years, of all the information received from the originating Virtual Asset Service Provider, Reporting Entity or other intermediary.

7.    Currency transactions

A Reporting Entity shall not later than three working days after the transaction, report a currency transaction equal to or above the kwacha equivalent of ten thousand United States dollars, whether denominated in Zambian kwacha or a foreign currency in the Form set out in the Schedule.

8.    Financial instrument reporting at borders

    (1) A person leaving or entering Zambia with an amount in cash, negotiable bearer instruments or both, exceeding the kwacha equivalent of five thousand United States dollars, whether denominated in Zambian Kwacha or foreign currency, shall declare to a customs officer that amount in accordance with the Customs and Excise Act.

    (2) A customs officer may inquire into the source of funds declared under sub-regulation (1) from the Centre as soon as practicable.

9.    General penalty

A person who contravenes any provision of these Regulations which is not an offence and for which a sanction is not provided is liable to an administrative sanction provided under the Act.

10.    Contravention by principal officer of body corporate or unincorporated body

Where a contravention under these Regulations is committed by a body corporate or unincorporate body, with the knowledge, consent or connivance of a director, manager, shareholder or partner of that body corporate or unincorporate body, that director, manager, shareholder or partner is liable to an administrative sanction provided under the Act.

11.    Revocation of SI No. 52 of 2016

The Financial Intelligence Centre (Prescribed Threshold) Regulations, 2016, is revoked.

SCHEDULE

[Regulation 7]

FINANCIAL INTELLIGENCE CENTRE (GENERAL) REGULATIONS

[Section 58]

Arrangement of Regulations

    Regulation

PART I
PRELIMINARY

    1.    Title

    2.    Interpretation

PART II
ACCESS AND DISSEMINATION OF INFORMATION

    3.    Dissemination and disclosure of suspicious transactions

    4.    Access to information

    5.    Request for information

    6.    Freezing account and suspending transaction

PART III
CUSTOMER DUE DILIGENCE

    7.    Identification and verification of customer identity

    8.    Risk-based application of customer due diligence

    9.    Low risk of money laundering, terrorism or proliferation financing

    10.    High risk of money laundering, terrorism or proliferation financing

    11.    Reliance on identification by third party

PART IV
MEASURES RELATING TO A NON-GOVERNMENTAL ORGANISATION AND OBLIGATIONS FOR AN ACCOUNTABLE INSTITUTION

    12.    Monitoring of non-governmental organisation by competent authority

    13.    Obligations of accountable institutions

PART V
RISK MANAGEMENT

    14.    Risk management systems

    15.    Internal programmes to combat money laundering, terrorism or proliferation financing and other serious offence

    16.    Measures for business relations and transactions emanating from countries that insufficiently comply with international standards

PART VI
GENERAL PROVISIONS

    17.    Reporting suspicious transactions

    18.    Compliance order

    19.    Certificate of appointment and identity card of inspector

    20.    Reporting entity to be registered or licensed

    21.    Oath and affirmation

    22.    General penalty

    23.    Contravention by principal officer of body corporate or unincorporate body

    24.    Revocation of S.I. No. 9 of 2016

        FIRST SCHEDULE

        SECOND SCHEDULE

        THIRD SCHEDULE

{mprestriction ids="2,3,5"}

        FOURTH SCHEDULE

SI 54 of 2022.

PART I
PRELIMINARY

1.    Title

These Regulations may be cited as the Financial Intelligence Centre (General) Regulations.

2.    Interpretation

In these Regulations, unless the context otherwise requires—

"account" has the meaning assigned to the word in the Act;

"accountable institution" has the meaning assigned to the words in the Act;

"beneficiary", in relation to a non-governmental organisation, means the person who receives a benefit, either directly or indirectly, for a charitable, religious, cultural, educational, political, social, fraternal or philanthropic purpose and, includes both the ultimate beneficiary and any intermediaries;

"beneficial owner" has the meaning assigned to the words in the Act;

"Centre" has the meaning assigned to the word in the Act;

"citizen" has the meaning assigned to the word in the Constitution;

"competent authority" has the meaning assigned to the words in the Act;

"council" has the meaning assigned to the word in the Constitution;

"designated nonfinancial business or profession" has the meaning assigned to the words in the Act;

"director" has the meaning assigned to the word in the Act;

"Director-General" means the Director-General of the Financial Intelligence Centre appointed under the Act;

"Egmont Group" means the international network of financial intelligence units established to promote and enhance international co-operation and information sharing among financial intelligence units relating to the fight against money laundering or financing of terrorism or proliferation or any other serious offence relating to money laundering, financing of terrorism or proliferation;

"financial service provider" has the meaning assigned to the words in the Act;

"foreign designated authority" has the meaning assigned to the words in the Act;

"intermediary institution" has the meaning assigned to the words in the Act;

"law enforcement agency" has the meaning assigned to the words in the Act;

"non-governmental organisation" has the meaning assigned to the words in the Non-Governmental Organisations Act, 2009;

"political party" has the meaning assigned to the words in the Constitution;

"public function" has the meaning assigned to the words in the Act;

"public office" has the meaning assigned to the words in the Act;

"proliferation financing" has the meaning assigned to the words in the Anti-Terrorism and Non-Proliferation Act, 2018;

"Registrar of Companies" means the person appointed as Registrar under the Patents and Companies Registration Agency Act, 2020;

"reporting entity" has the meaning assigned to the words in the Act;

"supervisory authority" has the meaning assigned to the words in the Act;

"suspicious transaction report" has the meaning assigned to the words in the Act;

"transaction" has the meaning assigned to the word in the Act; and

"Zambia Revenue Authority" means the Zambia Revenue Authority established under the Zambia Revenue Authority Act.

PART II
ACCESS AND DISSEMINATION OF INFORMATION

3.    Dissemination and disclosure of suspicious transactions

The Centre shall disseminate and provide information, following its analysis of suspicious transactions, to a law enforcement agency and a foreign designated authority for purposes of the Act in Form I set out in the First Schedule.

4.    Access to information

The Centre may, in exercising its functions under the Act and these Regulations, use electronic communication services to access, directly or indirectly, on a timely basis, financial, administrative and law enforcement information.

5.    Request for information

The Director-General shall request a reporting entity to provide financial information, in Form II set out in the First Schedule.

6.    Freezing account and suspending transaction

    (1) The Director-General shall order a reporting entity to freeze an account or suspend a transaction in Form III set out in the First Schedule.

    (2) The Centre shall serve a signed copy of a freezing or suspension order under sub-regulation (1) on a reporting entity where the account is held, or the transaction is processed or intended to be processed.

    (3) A reporting entity shall, on receipt of the freezing or suspension order issued under sub-regulation (1)—

    (a)    stop all activity on the account concerned with the exception of credits received into that account; and

    (b)    suspend the specified transaction for the duration specified in the order.

    (4) An order issued under this regulation shall remain in operation until—

    (a)    the expiration of the period of 15 days from the date of its issuance; or

    (b)    a judge, on application by a person aggrieved with the decision of the Director-General, issues an order discharging the freezing order issued by the Director-General.

    (5) The Centre may, for purposes of monitoring compliance, request a reporting entity to submit a statement of an account from the date of issuance of a freezing order and as at the date of discharge of the order.

PART III
CUSTOMER DUE DILIGENCE

7.    Identification and verification of customer identity

    (1) A reporting entity shall verify its customer’s identity as follows—

    (a)    for a natural person, the reporting entity shall verify the full name and physical address, and date and place of birth or a mobile number linked to a registered international mobile equipment identity number or sim card in place of a physical address by comparing these particulars with—

        (i)    the individual’s driving licence, passport or national identification document bearing the individual’s pictorial image;

        (ii)    a reference from the individual’s employer, a professional, customary authority or an existing customer of a reporting entity that has known that individual for at least a year;

        (iii)    references obtained from the individual’s foreign bank, where possible, in the case of a non-resident or non-citizen;

        (iv)    a Refugee Identification Card, in the case of a natural person with a refugee status;

        (v)    information obtained through a credit reference agency search;

        (vi)    an original or certified true copy of the latest council or applicable rates or utility bill receipt;

        (vii)    information which is obtained from any other independent source, if it is accurate and reasonably necessary taking into account any other law or guidelines concerning the verification of identities; or

        (viii)    a permit allowing a customer to reside in the Republic in addition to the information required under sub-regulation (1)(a)(i) to (vi), in the case of a customer who is a citizen of another country;

    (b)    for a body corporate—

        (i)    by comparing the submitted details of the body corporate with a certified true copy of its certificate of incorporation issued by the Registrar of Companies or another relevant authority;

        (ii)    reviewing the tax payer identification number issued by the Zambia Revenue Authority and other information contained in the Register of companies or other relevant register; and

        (iii)    except for statutory bodies, by verifying particulars of every person exercising direct or indirect control, for purposes of identifying the beneficial owner; and

    (c)    for a partnership, obtain from an individual acting or purporting to act on its behalf the—

        (i)    name of the partnership;

        (ii)    business address;

        (iii)    partnership agreement; and

        (iv)    full names, address, and date and place of birth of every partner, including the person who exercises direct or indirect control or management of the partnership for purposes of identifying the beneficial owner.

    (2) The requirements under sub-regulation (1) apply to an individual acting on behalf of the customer in establishing an account or a business relationship with a reporting entity.

    (3) A reporting entity shall, where the legal arrangement is a trust, verify the particulars obtained in respect of the trust by comparing the name of the trustee, the settler, beneficiary and any other natural person exercising ultimate effective control over the trust, with the trust deed or other founding document in terms of which the trust is created.

    (4) A reporting entity shall, where an individual, legal person or legal arrangement is deceased or ceases to exist respectively, verify the particulars referred to under this regulation by comparing those particulars with information that can reasonably be utilised to achieve such verification and is obtained by reasonably practicable means, taking into account any other applicable laws or guidelines concerning the verification of identities applicable to the reporting entity.

    (5) A reporting entity shall, where an individual seeks to establish an account or a business relationship with a reporting entity on behalf of an individual, a legal person or a legal arrangement, in addition to the other steps as may be applicable under sub-regulation (1), obtain from the individual a power-of-attorney, a service level agreement or other proof of that individual’s authority to act on behalf of the individual, legal person or legal arrangement.

    (6) A reporting entity shall update customer documents, data or information periodically in order to ensure that the verification process provides accurate information for purposes of the Act and these Regulations.

    (7) An update referred to under sub-regulation (6) shall be occasioned by a change in—

    (a)    the authorised signatories;

    (b)    the purpose of account or business relationship;

    (c)    the scope of terms and conditions applicable to the account or customer profile;

    (d)    declared income and actual account or business transaction activity;

    (e)    the nature of business;

    (f)    business operational address;

    (g)    customer address details;

    (h)    customer contact details;

    (i)    shareholding structure;

    (j)    management or board structure; or

    (k)    any other material aspects of, or likely to affect, an account.

8.    Risk-based application of customer due diligence

A reporting entity may adapt the nature and extent of application of the customer due diligence measures specified in regulation 7 commensurate with the level of the money laundering, terrorism or proliferation financing risk associated with the products, services, delivery channels, customer, geographical location, country risk, business relationship or transaction.

9.    Low risk of money laundering, terrorism or proliferation financing

    (1) A reporting entity may apply simplified customer due diligence measures in circumstances specified in the Second Schedule where the reporting entity determines that the risk of money laundering, terrorism or proliferation financing is low.

    (2) A reporting entity may, in applying simplified customer due diligence measures—

    (a)    verify the identity of the customer and the beneficial owner after the establishment of the business relationship;

    (b)    reduce the frequency of customer identification updates;

    (c)    reduce the degree of ongoing monitoring and scrutinising of transactions; and

    (d)    infer the purpose and nature from the type of transaction or business relationship established and not collect specific information or carry out specific measures to understand the purpose and intended nature of the business relationship.

    (3) A reporting entity shall, where a reporting entity applies simplified customer due diligence measures, prove the low risk to the satisfaction of the Centre or the supervisory authority.

    (4) Simplified measures undertaken under this regulation shall be commensurate with the lower risk factors.

    (5) Simplified measures shall not be applied where there is a suspicion of money laundering, terrorism or proliferation financing, or where there is a specific higher risk scenario of money laundering, terrorism or proliferation financing.

    (6) A reporting entity shall, where the risk factors are identified in relation to a customer as set out in the Second Schedule, complete the verification of the customer’s identity as soon as reasonably practicable after the commencement of the business.

10.    High risk of money laundering, terrorism or proliferation financing

    (1) A reporting entity shall apply enhanced identification, verification and ongoing due diligence measures in circumstances set out in the Second Schedule when dealing with high risk customers or in circumstances where the reporting entity reasonably considers the risk of money laundering, terrorism or proliferation financing to be high.

    (2) Enhanced due diligence measures taken by a reporting entity under sub-regulation (1) shall include—

    (a)    examining the background and purpose of a transaction; and

    (b)    increasing the degree and nature of monitoring of business relationships made, to determine whether the transaction or business relationship is suspicious.

11.    Reliance on identification by third party

    (1) A reporting entity may rely on a third party to perform customer identification where that third party is established in, or subject to, the jurisdiction of the States that—

    (a)    have established financial intelligence units which are members of the Egmont Group;

    (b)    are not subject to monitoring by the Financial Action Task Force’s International Cooperation Review Group or Regional Review Group; or

    (c)    are not subject to United Nations sanctions or other applicable sanctions.

    (2) A reporting entity shall, where a reporting entity relies on a third party to perform customer identification, immediately provide the Centre with the—

    (a)    contract or agreement between the reporting entity and third party;

    (b)    third party’s—

        (i)    full name, if the third party is a natural person; or

        (ii)    registered name, if the third party is a company;

    (c)    name under which the third party conducts business;

    (d)    full name and contact particulars of the individual who exercises control over access to copies of the customer identification information and other documents relating to the obligation of due diligence;

    (e)    address where such information and documents are kept; and

    (f)    full name and contact particulars of the individual who liaises with the third party on behalf of the reporting entity concerning the retention of that information and documents.

    (3) Where a reporting entity relies on a third party to perform customer identification, the reporting entity shall ensure that the third party maintains copies of customer identification information and other documents relating to the obligation of due diligence for at least 10 years from the end of the business relationship between the reporting entity and its customer.

PART IV
MEASURES RELATING TO A NON-GOVERNMENTAL ORGANISATION AND OBLIGATIONS FOR AN ACCOUNTABLE INSTITUTION

12.    Monitoring of non-governmental organisation by competent authority

    (1) A competent authority shall rely on the measures set out in the Third Schedule to monitor compliance by a non-governmental organisation for purposes of enforcing compliance for preventing or combating terrorist financing abuse of a non-governmental organisation.

    (2) The measures under sub-regulation (1) apply to a non-governmental organisation that primarily engages in raising or disbursing funds for charitable, religious, cultural, educational, social or fraternal purposes, or for the carrying out of other types of good works.

13.    Obligations of accountable institutions

An accountable institution is subject to the obligations set out in the Fourth Schedule.

PART V
RISK MANAGEMENT

14.    Risk management systems

A reporting entity shall implement risk management systems to identify high risk customers whose activities may pose a high risk of money laundering, terrorism or proliferation financing including—

    (a)    enhanced identification of high risk customers or activities engaged in by high risk customers by taking into account—

        (i)    the nature and business of the customer;

        (ii)    customer activities, transaction patterns and operations;

        (iii)    geographic location of the customer or transaction;

        (iv)    the magnitude of customer assets that a reporting entity handles;

        (v)    third parties that may be involved in the customer’s activities;

        (vi)    the beneficial ownership of an entity and their impact on risk;

        (vii)    the volume of cash used by a customer in transactions; and

        (viii)    any other indicators that may be relevant; and

    (b)    enhanced verification and enhanced ongoing due diligence of high risk customers including—

        (i)    seeking additional information to substantiate the customer’s identity or the beneficial ownership of an entity; and

        (ii)    obtaining additional information about the intended nature, purpose and value of a given transaction.

15.    Internal programmes to combat money laundering, terrorism or proliferation financing and any other serious offence

The type and extent of measures that a reporting entity shall undertake for the prevention of money laundering, terrorism or proliferation financing and any other serious offence relating to money laundering, terrorism or proliferation financing that is risk-based includes—

    (a)    identifying the money laundering, terrorism or proliferation financing risks that are relevant to the business in which the reporting entity is engaged;

    (b)    assessing the identified risks;

    (c)    designing and implementing controls to manage and mitigate the assessed risks;

    (d)    monitoring and improving the effective operation of the controls;

    (e)    keeping a record of the process indicated in paragraphs (a) to (d);

    (f)    establishing and implementing a policy based on the assessed risks which sets out procedures that a reporting entity implements for carrying out appropriate identification, verification, customer due diligence, and ongoing monitoring; and

    (g)    identifying and handling wire transfers that are not accompanied by complete originator information by obtaining and verifying missing information from the ordering institution or the beneficiary in relation to a wire transfer on the basis of the risk associated with the transaction.

16.    Measures for business relations and transactions emanating from countries that insufficiently comply with international standards

    (1) A reporting entity shall, with regard to business relations and transactions with persons and arrangements from, or in, countries that do not, or insufficiently, apply the relevant international standards to combat money laundering, terrorism or proliferation financing and any other serious offence relating to money laundering, terrorism or proliferation financing—

    (a)    take into account risks arising from the deficiencies in the regime for combating money laundering, terrorism or proliferation financing and any other serious offence relating to money laundering, terrorism or proliferation financing in any given country;

    (b)    consider publicly available information for identifying countries which do not, or insufficiently, apply the relevant international standards to combat money laundering, terrorism or proliferation financing and any other serious offence relating to money laundering, terrorism or proliferation financing; and

    (c)    examine the background and purpose of the transaction.

    (2) A reporting entity shall, if a transaction has no apparent economic or lawful purpose—

    (a)    examine the background and purpose of the transaction;

    (b)    record the findings and retain the record of transaction; and

    (c)    submit, on request, to the Centre, a supervisory authority or law enforcement agency the record referred to under paragraph (b).

PART VII
GENERAL PROVISIONS

17.    Reporting suspicious transactions

    (1) A report of a suspicious transaction by a financial service provider and for a designated nonfinancial business or profession shall be in Form IV and Form V, respectfully, set out in the First Schedule and submitted to the Centre by confidential cover—

    (a)    through electronic communication systems and services;

    (b)    through a designated physical, postal or electronic mail address provided by the Centre; or

    (c)    by courier or in person to the designated officer of the Centre.

    (2) A report referred to under sub-regulation (1) shall contain a full description of the suspicious transaction and state the reason why it is considered suspicious.

18.    Compliance order

The Director-General shall, for the purposes of section 37C of the Act, serve a compliance order in Form VI set out in the First Schedule.

19.    Certificate of appointment and identity card of inspector

The Director-General shall issue an inspector appointed under section 11A of the Act with—

    (a)    a certificate of appointment in Form VII set out in the First Schedule; and

    (b)    an identity Card in Form VIII set out in the First Schedule.

20.    Reporting entity to be registered or licensed

    (1) A reporting entity shall be registered or licensed by a designated supervisory authority for the purposes of the Centre supervising and enforcing compliance under the Act and these Regulations.

    (2) A virtual asset service provider shall, where the reporting entity is a virtual asset service provider that is a legal person, be registered or licensed in the jurisdiction where the virtual asset service provider is created.

    (3) Where the reporting entity is a virtual asset service provider that is a natural person, the virtual asset service provider shall be registered or licensed in the jurisdiction where the place of business of the virtual asset service provider is located.

    (4) A person who contravenes this regulation is liable to an administrative sanction provided under the Act.

21.    Oath and affirmation

The Director-General shall administer oaths or affirmations in Form IX set out in the First Schedule.

22.    General penalty

A person who contravenes any provision of these Regulations which is not an offence and for which a sanction is not provided is liable to an administrative sanction provided under the Act.

23.    Contravention by principal officer of body corporate or unincorporate body

Where a contravention under these Regulations is committed by a body corporate or unincorporate body, with the knowledge, consent or connivance of the director, manager, shareholder or partner of the body corporate or unincorporate body, that director, manager, shareholder or partner is liable to an administrative sanction provided under the Act.

24.    Revocation of S.I. No. 9 of 2016

The Financial Intelligence Centre (General) Regulations, 2016, are revoked.

FIRST SCHEDULE

[Regulations 3, 5, 6, 17, 18, 19 and 21]

PRESCRIBED FORMS

FORM I

[Regulation 3]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

DISSEMINATION AND DISCLOSURE OF SUSPICIOUS TRANSACTIONS

Reference No.

Your Reference (1)

Name of the law enforcement agency

The information provided in this Form is for intelligence purposes only. This information should not be used or disseminated for evidential or judicial purposes and should not be disclosed to an unauthorised person without the prior written consent of the Financial Intelligence Centre.

Subject matter being disseminated/disclosed

Total number of pages disseminated including this one

If you did not receive the number of pages indicated, please contact the undersigned immediately.

Name ...................................................

Signature .............................................

                Director-General

Date ..................................

FORM II

[Regulation 5]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

REQUEST FOR INFORMATION

Reference No.

To (Addressee):

Pursuant to section 10 of the Financial Intelligence Centre Act, 2010, you are requested to provide information according to the attached checklist in respect of the following person(s):

Name:

The information requested should be treated in strict confidentiality and should not be communicated directly or indirectly to any person involved in or assigned with the suspicious transaction or to an unauthorised third party.

Information Required:

    1.    ...................................................................................................................................

    2.    ...................................................................................................................................

Frequency:

...................................................................................................................................

...................................................................................................................................

.......................................................................

Period to be covered by information:

.................................................................................................................................................

.................................................................................................................................................

.......................................................................

Signature .............................................

Name ..................................................

                Director-General

Date ...........................

FORM III

[Regulation 6(1)]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

FREEZING ORDER ( ) SUSPENSION ORDER ( )

To (Addressee):

In accordance with section 10(3) of the Financial Intelligence Centre Act, 2010, you are directed to freeze the account suspend the transaction* described below with immediate effect:

Description of account/transaction*

............................................................................................................................................

............................................................................................................................................

............................................................................................................................................

............................................................................................................................................

............................................................................................................................................

............................................................................................................................................

You are advised that failure to comply with this directive constitutes an offence contrary to section 10(5) and (6) of the Financial Intelligence Centre Act, 2010.

Signature ............................................

Name ..................................................

                Director-General

Date ...............................................

FORM IV

[Regulation 17(1)]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

SUSPICIOUS TRANSACTION REPORT
FINANCIAL SERVICE PROVIDER

FORM V

[Regulation 17(1)]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

SUSPICIOUS TRANSACTION REPORT
DESIGNATED NONFINANCIAL BUSINESS OR PROFESSION

FORM VI

[Regulation 18]

(To be completed in duplicate)

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

COMPLIANCE ORDER

(1) Here state the name of reporting entity to which Compliance Order is issued

To: The Executive Director

........................................................................................................ (1)

Address:............................................................................................ (2)

(2) Here insert address of reporting entity to which Compliance Order is issued

TAKE NOTICE that the Financial Intelligence Centre has issued this Compliance Order based on the following grounds (3):

    (a)    ..............................................................................................

    (b)    ..............................................................................................

(3) Here state the grounds on which the Compliance Order is being issued

    (c)    ..............................................................................................

    (d)    ..............................................................................................

TAKE NOTICE that you are required to undertake the following action within the stipulated time frame (4):

    (a)    ..............................................................................................

    (b)    ..............................................................................................

    (c)    ..............................................................................................

(4) Here state the action to be undertaken and the time frame for each action

TAKE NOTICE that failure to comply with this directive constitutes an offence contrary to section 37C(3), (5) and (6) of the Financial Intelligence Centre Act 2010.

Signature: ..........................................

Name: ................................................

                Director-General

Date: ................................................

FORM VII

[Regulation 19(a)]

(To be completed in duplicate)

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

CERTIFICATE OF APPOINTMENT AS INSPECTOR

(1) Here insert full names of inspector

TAKE NOTICE that (1) ...................................................................... of (2) .................................... has been appointed as an inspector by the Financial Intelligence Centre for a term of (3) ................................................ and has authority to perform the following functions as directed by the Financial Intelligence Centre pursuant to section 11B of the Financial Intelligence Centre Act, 2010:

(2) Here insert address of inspector

    (a)    ..............................................................................................

(3) Here insert period of appointment

    (b)    ..............................................................................................

    (c)    ..............................................................................................

    (d)    ..............................................................................................

Signature: ..........................................

Name: ................................................

                Director-General

Date: ................................................

FORM VIII

[Regulation 19(b)]

(To be completed in duplicate)

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

INSPECTOR IDENTIFICATION CARD

(1) Here insert full names of inspector

Full Name

(1): .....................................................................................................

(2) Here insert inspector's picture

                                                        

(3) Here insert designation

Designation (3): ...................................................................................

(4) Here insert card number

Card Number (4): .................................................................................

(5) Here insert period of appointment

Period of Appointment (5): ....................................................................

Signature: ..........................................

Name: ................................................

                Director-General

Date: ................................................

FORM IX

[Regulation 21]

The Financial Intelligence Centre

The Financial Intelligence Centre Act, 2010
(Act No. 46 of 2010)

The Financial Intelligence Centre (General) Regulations, 2022

OATH/AFFIRMATION

I ......................................................................., do swear/affirm that I will be faithful and bear allegiance to the President of the Republic of Zambia, and that I will preserve, protect and defend the Constitution of Zambia, as by law established.

SO HELP ME GOD.

.........................................

(Signature)

Sworn at .......................... this ............ day of ..........................., 20.....

Before me,

.....................................................
President                

SECOND SCHEDULE

[Regulations 9 and 10]

RISK FACTORS

PART I

A. A reporting entity shall take into account the risk factors specified in this Part where the reporting entity determines that the risk of money laundering or terrorism or proliferation financing is low.

1.    Customer risk factors include—

    (a)    a customer is subject to requirements to combat money laundering and terrorism or proliferation financing consistent with the provisions of the Act, has effectively implemented those requirements, and is effectively supervised or monitored in accordance with the Act to ensure compliance with those requirements;

    (b)    a customer is a public company listed on a stock exchange and subject to disclosure requirements through law or other enforceable means, which impose requirements to ensure adequate transparency of beneficial ownership; and

    (c)    a customer is a State enterprise, local authority or statutory body;

    (d)    a customer whose monthly income does not exceed ZMW10,000.00; and

    (e)    a customer whose monthly average withdrawals do not exceed ZMW10,000.00.

2.    Product, service, transaction or delivery channel risk factors include—

    (a)    a financial product or service that provides appropriately defined and limited services to certain type of customers so as to increase access for financial inclusion purposes;

    (b)    a transaction equal to or less than ZMW10,000.00;

    (c)    a life insurance policy where the annual premium is not more than ZMW5,000.00 or a single premium of not more than ZMW13,000.00 or such other higher amount determined by the Centre;

    (d)    a pension, superannuation or similar scheme providing retirement benefits to employees, where contributions are made by way of deduction from the wages or salaries and where the rules of such scheme do not permit assignment of member’s interest under the scheme;

    (e)    an insurance policy for a pension scheme where there is no surrender clause and the policy cannot be used as collateral;

    (f)    benefits of a product or related transaction which cannot be realised for the benefit of a third party except in the case of death, disablement, survival to a predetermined advanced age or other event; and

    (g)    a product of which during the contractual relationship, no accelerated payments are made, or surrender clauses or early termination takes place.

3.    Country risk factors include—

    (a)    a country identified by sources such as mutual evaluation or detailed assessment reports, as having an effective anti-money laundering and countering terrorism or proliferation financing; and

    (b)    a country identified by credible sources as having a low level of corruption or other criminal activity.

PART II

B. A reporting entity shall take into account the risk factors specified in this Part where the risk of money laundering or terrorism or proliferation financing may be high.

1.    Customer risk factors include—

    (a)    the business relationship conducted in unusual circumstances such as significant unexplained geographic distance between the financial institution and the customer;

    (b)    a non-resident customer;

    (c)    a private banking customer;

    (d)    a legal person or legal arrangement that is a personal asset holding vehicle established for holding assets for investment purposes;

    (e)    a prominent influential person;

    (f)    a customer who originates from a high risk country;

    (g)    a customer that performs a transaction on behalf of another person, whether the identity of such other person is disclosed or not;

    (h)    a company that has nominee shareholders or shares in bearer form;

    (i)    a business that is cash-intensive; and

    (j)    the ownership structure of the company appears unusual or excessively complex given the nature of the company’s business.

2.    Country or geographic risk factors include—

    (a)    countries identified by credible sources, such as mutual evaluation or detailed assessment reports or published follow-up reports, as not having adequate systems for combating money laundering, terrorism or proliferation financing;

    (b)    countries subject to sanctions, embargoes or similar measures issued by the United Nations, Financial Action Task Force or similar international organisation;

    (c)    countries identified by credible sources as having significant levels of corruption or other criminal activity; and

    (d)    countries or geographic areas identified by credible sources as providing funding or support for terrorist activities, or that have designated terrorist organisations operating within their country.

3.    Product, service, transaction or delivery channel risk factors include—

    (a)    private banking;

    (b)    anonymous transactions, which may include cash;

    (c)    non-face-to-face business relationships or transactions; and

    (d)    payment received from unknown or unassociated third parties.

THIRD SCHEDULE

[Regulation 12]

MEASURES TO APPLY TO A CLASS OF NON-GOVERNMENTAL ORGANISATION

Part A (Measures by Competent Authority)

1.    A competent authority shall identify a non-governmental organisation that is a legal person, arrangement or organisation that primarily engages in raising or disbursing funds for purposes such as charitable, religious, cultural, educational, social or fraternal, or for the carrying out of other types of good works.

2.    A competent authority shall use all relevant sources of information to identify the non-governmental organisations which, by virtue of their activities or characteristics, are likely to be at risk of terrorist financing abuse from among those that fall within the description of non-governmental organisations referred to in paragraph 1.

3.    An effective approach in identifying, preventing and combating terrorist financing abuse of non-governmental organisations shall involve the following elements—

    (a)    sustained outreach concerning terrorist financing issues;

    (b)    targeted risk-based supervision or monitoring;

    (c)    effective investigation and information gathering; and

    (d)    effective mechanisms for international co-operation.

4.    A competent authority shall put in place measures to identify the nature of threats posed by terrorist entities to the non-governmental organisations which are at risk as well as how terrorist actors abuse those non-governmental organisations.

5.    A competent authority shall periodically re-assess the non-governmental organisation sector by reviewing new information on the sector’s potential vulnerabilities to terrorist activities.

6.    A competent authority shall identify appropriate points of contact and procedures to respond to international requests for information regarding particular non-governmental organisations suspected of terrorist financing or involvement in other forms of terrorist support.

7.    The Registrar for non-governmental organisations or any other competent authority shall promptly inform the Centre where there is information that a non-governmental organisation is—

    (a)    involved in terrorist financing abuse or is a front for fundraising by a terrorist organisation;

    (b)    being exploited as a conduit for terrorist financing, including for the purpose of escaping asset freezing measures, or other forms of terrorist support; or

    (c)    is concealing or obscuring the clandestine diversion of funds intended for legitimate purposes, but redirected for the benefit of terrorists or terrorist organisations.

8.    A competent authority shall without delay freeze, in accordance with the procedure and process provided for under the Anti-Terrorism and Non-Proliferation Act, No. 6 of 2018, the funds or other assets of, and to ensure that no funds or other assets are made available, directly or indirectly, to or for the benefit of, any person or entity, including a non-governmental organisation, that is either—

    (a)    designated by, or under the authority of, the United Nations Security Council under Chapter VII of the Charter of the United Nation, and resolution 1267 (1999) and its successor resolutions; or

    (b)    designated by that country pursuant to resolution 1373.

9.    A competent authority shall undertake targeted risk-based supervision or monitoring of a non-governmental organisation for purposes of enforcing compliance of measures for preventing or combating terrorist financing abuse of a non-governmental organisation.

Part B (Measures by Non-Governmental Organisations)

10.    A non-governmental organisation shall put in place targeted measures provided in this Part which are in line with the risk-based approach to safeguard themselves from potential terrorist financing abuse.

11.    A non-governmental organisation shall—

    (a)    maintain information on the purpose and objectives of their stated activities and the identity of the person who owns, controls or directs their activities, including senior officers, board members and trustees;

    (b)    issue annual financial statements providing breakdowns of incomes and expenditures;

    (c)    have in place appropriate controls to ensure that all funds are fully accounted for, and are spent in a manner that is consistent with the purpose and objectives of its stated activities;

    (d)    take reasonable measures to confirm the identity, credentials and good standing of beneficiaries and an associate non-governmental organisation and that they are not involved with or using the charitable funds to support terrorists or terrorist organisations; and

    (e)    maintain records of domestic and international transactions that are sufficiently detailed to verify that funds have been received and spent in a manner consistent with the purpose and objectives of the organisation.

12.    A non-governmental organisation shall make available to a competent authority the information in paragraph 11(a) to (e) when required.

13.    A non-governmental organisation shall carry out an assessment that estimates the risk of terrorism financing posed by its operations and business, its donors, its beneficiaries and any technology to its operation.

    (1) Organisational Risk Assessment

    (a)    The organisational risk assessment shall be—

        (i)    undertaken as soon as reasonably practicable after the non-governmental organisation commences operations;

        (ii)    recorded in order to demonstrate its basis; and

        (iii)    regularly reviewed and whenever necessary amended so as to keep the assessment up to date.

    (b)    The organisational risk assessment shall have regard to all relevant risk factors, including—

        (i)    the nature, scale and complexity of the non-governmental organisation’s activities;

        (ii)    any relevant findings of the most recent National Risk Assessment relating to the country;

        (iii)    the products and services provided by the non-governmental organisation;

        (iv)    the manner in which the products and services are provided, including whether the non-governmental organisation meets its beneficiaries; and

        (v)    any donor risk assessment, beneficiary risk assessment and technology risk assessment.

    (2) Donor Risk Assessment

    (a)    A non-governmental organisation shall carry out an assessment that estimates the risk of terrorism financing posed by the non-governmental organisation’s donor.

    (b)    A donor risk assessment shall be—

        (i)    undertaken prior to the establishment of a donor relationship with a donor;

        (ii)    recorded in order to demonstrate its basis; and

        (iii)    regularly reviewed, if appropriate, amended so as to keep the assessment up to date and details of any review shall be recorded.

    (c)    The donor risk assessment shall have regard to all relevant risk factors, including—

        (i)    the organisational risk assessment carried out under paragraph 13(1);

        (ii)    the location of the donor’s activities;

        (iii)    the risk factors that pose a higher risk of terrorism financing in relation to a donor relationship;

        (iv)    the involvement of any third parties in the donor relationship; and

        (v)    whether the non-governmental organisation and the donor have met during the donor relationship or its formation.

    (3) Beneficiary risk assessment

    (a)    A non-governmental organisation shall carry out an assessment that estimates the risk of terrorism financing posed by the non-governmental organisation’s beneficiary.

    (b)    A beneficiary risk assessment shall be—

        (i)    undertaken prior to the establishment of a beneficiary relationship with a beneficiary;

        (ii)    recorded in order to be able to demonstrate its basis; and

        (iii)    regularly reviewed if appropriate, amended so as to keep the assessment up to date and details of any review shall be recorded.

    (c)    The beneficiary risk assessment shall have regard to all relevant risk factors including—

        (i)    the organisational risk assessment carried out under paragraph 13(1);

        (ii)    the nature, scale, complexity and location of the beneficiary’s activities;

        (iii)    the persons to whom and the manner in which the products and services are provided;

        (iv)    the risk factors that pose a higher risk of terrorism financing in relation to a beneficiary;

        (v)    the involvement of any third parties within the beneficiary relationship and the process of remitting funds to the beneficiary; and

        (vi)    whether the non-governmental organisation and the beneficiary have met during the beneficiary relationship or its formation.

    (4) Technology risk assessment

    (a)    A non-governmental organisation shall carry out an assessment that estimates the risk of money laundering and terrorism financing posed by any technology to the non-governmental organisation’s business.

    (b)    The technology risk assessment shall be—

        (i)    undertaken as soon as reasonably practicable following the commencement of the measures specified in this Schedule or, where applicable, after the non-governmental organisation commences operations;

        (ii)    undertaken prior to the launch or implementation of new products, new business practices and delivery methods including new delivery systems;

        (iii)    undertaken prior to the use of new or developing technologies for both new and existing products and services;

        (iv)    recorded in order to be able to demonstrate its basis; and

        (v)    regularly reviewed and, if appropriate, amended so as to keep it up to date and details of any review shall be recorded.

    (c)    The technology risk assessment shall have regard to all relevant risk factors including—

        (i)    technology used by the non-governmental organisation to comply with Anti-Money Laundering/Combating Financing of Terrorism legislation;

        (ii)    the organisational risk assessment carried out under paragraph 13(1);

        (iii)    the products and services provided by the non-governmental organisation;

        (iv)    the manner in which the products and services are provided by the non-governmental organisation, considering delivery methods, communication channels and payment mechanisms;

        (v)    digital information and document storage;

        (vi)    electronic verification of documents; and

        (vii)    data and transaction screening systems.

14.    —

    (a)    A non-governmental organisation shall wherever feasible conduct transactions through regulated financial channels.

    (b)    A non-governmental organisation shall maintain information which may be publicly available either directly from the non-governmental organisation or through a relevant competent authority on the—

        (i)    purpose and objectives of their stated activities; and

        (ii)    identity of the person who owns, controls or directs activities of the non-governmental organisation, including senior officers, board members and trustees.

    (c)    A non-governmental organisation shall have appropriate controls in place to ensure that all funds are fully accounted for and spent in a manner that is consistent with the purpose and objectives of the non-governmental organisation’s stated activities.

    (d)    A non-governmental organisation shall issue annual financial statements that provide detailed breakdowns of incomes and expenditures.

15.    —

    (a)    A non-governmental organisation shall be required to take reasonable measures to document the identity of each donor.

    (b)    A non-governmental organisation shall, in relation to each donor relationship, establish, record, maintain and operate the following procedures and controls—

        (i)    obtain and maintain information on the identity of the donor; and

        (ii)    take reasonable measures to establish the source of funds or donations.

    (c)    A non-governmental organisations shall, where the source of funds or donation is assessed as posing a higher risk of terrorism financing, obtain additional information from the donor.

    (d)    The procedures and controls referred to under sub-paragraph (b) shall be undertaken either before a donor relationship is entered into or during the formation of that donor relationship.

    (e)    Where the requirements referred to under sub-paragraph (a) are not met, the procedures and controls shall provide that—

        (i)    the donor relationship shall be terminated; and

        (ii)    the non-governmental organisation shall consider submitting a report to the Registrar for Non-Governmental Organisations or other relevant competent authority.

16.    —

    (a)    A non-governmental organisation shall be required to take reasonable measures to confirm the identity, credentials and good standing of the beneficiary.

    (b)    A non-governmental organisation shall, in relation to a new beneficiary relationship, establish, record, maintain and operate the following procedures and controls—

        (i)    obtain and maintain information on the identity of the beneficiary;

        (ii)    confirm the identity of the beneficiary using reliable, independent source documents, data or information; and

        (iii)    obtain information on the nature and intended purpose of the beneficiary relationship.

    (c)    The procedures and controls referred to under sub-paragraph (b) shall be undertaken either before a new beneficiary relationship is entered into or during the formation of that beneficiary relationship.

    (d)    In exceptional circumstances, the confirmation of the identity of the beneficiary may be undertaken after the formation of the beneficiary relationship if—

        (i)    it occurs as soon as reasonably practicable;

        (ii)    the delay is essential so as not to interrupt the normal course of remitting funds to the beneficiary;

        (iii)    the beneficiary has not been identified as posing a higher risk of terrorism financing;

        (iv)    the risks of terrorism financing are effectively managed;

        (v)    the non-governmental organisation has not identified any unusual activity or suspicious activity;

        (vi)    the non-governmental organisations’ senior management has approved the establishment of the beneficiary relationship and any subsequent activity; and

        (vii)    the non-governmental organisation ensures that the amount, type and number of transactions is appropriately limited and monitored.

    (e)    Except as provided in sub-paragraph (c), where the requirements of this paragraph are not met, the procedures and controls shall provide that the—

        (i)    beneficiary relationship shall proceed no further;

        (ii)    non-governmental organisation shall terminate the beneficiary relationship; and

        (iii)    non-governmental organisation shall consider making a report to the Registrar of Non-Governmental Organisations.

17.    —

    (a)    A non-governmental organisation shall be required to take reasonable measures to confirm the identity, credentials and good standing of each continuing donor, beneficiary or associate non-governmental organisation relationship.

    (b)    A non-governmental organisation shall, in relation to each continuing donor, beneficiary or associate non-governmental organisation relationship, record, maintain and operate the following procedures and controls—

        (i)    an examination of the background and purpose of the donor, beneficiary or associate non-governmental organisation relationship;

        (ii)    if satisfactory verification of the customer’s identity was not obtained or produced, requiring such verification to be obtained or produced;

        (iii)    if satisfactory verification of the customer’s identity was obtained or produced, a determination as to whether it is satisfactory; and

        (iv)    if confirmation of the beneficiary’s identity is not satisfactory for any reason, requiring that the non-governmental organisation takes measures to confirm the beneficiary’s identity.

    (c)    The procedures and controls shall be undertaken during a donor, beneficiary or associate non-governmental organisation relationship as soon as reasonably practicable.

    (d)    The non-governmental organisation shall keep written records of any examination, steps, measures or determination made or taken under this paragraph.

    (e)    Except as provided with regard to exemptions and simplified measures, where the requirements of this paragraph are not met within a reasonable timeframe, the procedures and controls shall provide that the—

        (i)    donor, beneficiary or associate non-governmental organisation relationship shall proceed no further;

        (ii)    non-governmental organisation shall consider terminating the donor, beneficiary or associate non-governmental organisation; and

        (iii)    non-governmental organisation shall consider making a report to the Registrar of Non-Governmental Organisations.

18.    Record Keeping by a non-governmental organisation

A non-governmental organisation shall keep for at least 10 years—

    (a)    a copy of the documents obtained or produced under risk-based assessments;

    (b)    identification information on donors, beneficiaries and associate non-governmental organisations;

    (c)    account files;

    (d)    a record of all transactions carried out by the non-governmental organisation in fulfilling its objectives; and

    (e)    such other records as are sufficient to verify that funds have been received and spent in a manner consistent with the purpose and objectives of the non-governmental organisation.

19.    A non-governmental organisation with information on a suspected case of terrorism financing may report it to a law enforcement agency, the Centre or any relevant competent authority.

FOURTH SCHEDULE

[Regulation 13]

OBLIGATIONS OF AN ACCOUNTABLE INSTITUTION

1.    Identification and Verification of Customer Identities

1.1    An accountable institution shall conduct customer due diligence at the time of opening an account for, or otherwise establishing a business relationship with a customer by—

    (a)    identifying the customer; and

    (b)    verifying the identity of the customer using reliable, independent source documents, data or information.

1.2    An accountable institution shall verify the full name and physical address, and date and place of birth or a mobile number linked to a registered international mobile equipment identity number or sim card in place of physical address by comparing the particulars with—

    (a)    the customer’s driving licence, passport or national identification document bearing the individual’s pictorial image; or

    (b)    information which is obtained from any other independent source, if it is accurate and reasonably necessary taking into account any other law or guidelines concerning the verification of identities.

1.3    An accountable institution shall verify the particulars of a body corporate by—

    (a)    comparing the submitted details of the body corporate with a certified true copy of its certificate of incorporation issued by the Registrar of Companies or another relevant authority;

    (b)    reviewing the tax payer identification number (TPIN) issued by the Zambia Revenue Authority and other information held by the Register of Companies or other relevant register; and

    (c)    except for statutory bodies, the particulars of every person exercising direct or indirect control, for purposes of identifying the beneficial owner.

1.4    Where the customer is a legal arrangement, an accountable institution shall verify the particulars obtained in respect of the trust by comparing the name of the trustee, the settlor, beneficiary and any other natural person exercising ultimate effective control over the trust, with the trust deed or other founding document in terms of which the trust is created.

2.    Request for information

The Director-General may request an accountable institution to provide information that the Centre may require for the performance of the Centre’s functions under the Act and these Regulations.

3.    Currency transactions

An accountable institution shall, not later than three working days after the transaction, report a currency transaction equal to or above the kwacha equivalent of USD10,000, whether denominated in Zambian kwacha or a foreign currency.

4.    Record Keeping

An accountable institution shall maintain a record with respect to the accountable institution’s customers and transactions for at least 10 years from the date of transaction. {/mprestriction}