In exercise of its powers to protect the integrity of the securities market against all forms of abuse,1, fraudulent and unfair trade practices, the Securities and Exchange Commission (SEC) reviewed, repealed, and updated the Securities and Exchange Commission (Capital Market Operators Anti-Money Laundering and Combating the Financing of Terrorism) (AML/CFT) Regulations 2013 (the 2013 Regulations) and introduced the SEC
AML/CFT Regulations 2022 (the 2022 Regulations). The 2022 Regulations were necessitated by a need to adequately combat and provide protection against fraud, reputational and other financial market risks and minimize the risk faced by the market on laundering the proceeds of crime.
This newsletter highlights key changes introduced to the 2022 Regulations
KEY CHANGES UNDER THE NEW REGULATIONS
Expansion of the Scope of Risks Covered
The scope of the 2013 Regulations covered money laundering and terrorism financing. However, the 2022 Regulations has been expanded to cover proliferation financing. 2, In addition, the 2022 Regulations has now expanded the definition of Capital Market Operators (CMOs) to include Virtual Asset Service Providers (VASPs)3, in view of SEC's New Rules on Issuance, Offering Platforms and Custody of Digital Assets. 4,
Institutional Policy Framework
CMOs are now required to adopt policies that show commitment towards complying with Anti-Money Laundering, Countering the Financing of Terrorism and Countering Proliferation Financing (AML/CFT/CPF) Obligations. Additionally, CMOs must implement internal controls that will deter criminals from using their facilities for AML/CFT/CPT related activities. 5, Foreign branches and subsidiaries of CMOs are also required to implement consistent AML/CFT/CPT policies and controls. 6,
Designation and Duties of Chief Compliance Officers (CCO)
The 2022 Regulations retain the requirement for CMOs to designate an AML/CFT/CPF Chief Compliance Officer (CCO). However, it introduces the following additional provisions. Notably, that the functions of the CCO be distinct from the functions of financial reporting, risk management and internal audit to ensure independence and efficiency of the CCO. Secondly the CCO is now required to report to the Board of Directors and directly to the Chief Executive Officer on AML/CFT/CPF related matters. 7, Lastly, the 2022 Regulations require the CCO to render weekly mandatory disclosure cash transactions returns (CTRs). 8, Also, returns on foreign exchange transactions are to be rendered daily to the SEC and the Nigerian Financial Intelligence Unit (NFIU). 9,
Identification and Reporting of Proceeds of Crime
The 2022 Regulations introduces the requirement for CMOs to identify and report any suspicious transactions arising from tax evasion and proliferation financing (Weapons of Mass Destruction), as well as criminal acts specified in the Money Laundering Prevention and Prohibition Act 2022 (MLPPA), Terrorism (Prevention and Prohibition Act, 2022 or any other Law to the NFIU. 10
Customer Due Diligence (CDD) Measures
The threshold requirement for undertaking CDD measures has been increased from $1000 to $1,000,000 (One Million US Dollars) and above or its equivalent. However, the threshold for VASPs is $1000. 11 In addition, the 2022 Regulations provide that virtual asset transfers are to be treated as cross-border transfers and subject to the requirement of cross-border wire transfers. 12 Thus, CMOs are required to adopt Enhanced Customer Due Diligence (ECDD) with respect to virtual asset transfers. 13
Furthermore, to prevent a customer tip off, a CMO is discouraged from proceeding with a CDD where it suspects an AML/CFT/CPT transaction and reasonably believes that performing the CDD will tip-off the customer. Where this occurs, the CMO is required to file a Suspicious Transaction Report (STR) to the Nigerian Financial Intelligence Unit (NFIU). 14
Enhanced Customer Due Diligence
CMOs are now required to adopt Enhanced Customer Due Diligence (ECDD) when dealing with entities in high risk-countries. In addition to ECDD measures, SEC reserves the right to call for countermeasures such as:
- limiting business relationships and financial transactions with the high-risk countries and persons there;
- reviewing, and if necessary terminating agreements, governing the correspondent banking or business relationships with financial institutions or counterpart institutions in the country;
- conducting enhanced external audit by increasing intensity and frequency for branches and subsidiaries of the reporting entities in the country;
- prohibiting the reporting entities from relying on third parties in that country to conduct due diligence.
Lower Risk Client Categorization
A simplified CDD process is adopted for lower risk categories of clients, business relationships or transactions. 15 The beneficial-owners of pooled-accounts held by Designated Non-Financial Businesses and Professions (DNFBPs),16 have now been excluded from the lower risk categories. 17 Consequently they will be subjected to ECDD.
Identification and Verification of Clients
The 2022 Regulations retain the provisions on identification and verification of clients. CMOs are required to identify and verify the identity of all clients, using reliable, independently sourced, data or information. 18 Where the client is a Company, the CMOs are obligated to ascertain the ownership structure and the persons who ultimately own or control the Company. 19 However, where the client or owner of the controlling interest is a public company listed on a recognized stock exchange, and the risk assessment indicates the client to be low risk, it will not be necessary to identify and verify the shareholders of such public company. 20
An CMO is prohibited from establishing or maintaining business relationships or performing transactions where a customer does not comply with the relevant customer identification requirement. In such cases, a CMO must consider filing a transaction report to the NFIU in respect of such customer. 21
CMOs are required to manage transactions conducted through correspondent relationships by taking a riskbased approach. In this regard, a CMO shall: (x) gather sufficient information about a correspondent CMO to fully understand the nature of its business and to determine its reputation; (y) assess the respondent institution's AML/CFT/CPF controls; (z) obtain approval from its senior management before establishing new correspondent relationships; and (xx) clearly understand the AML/CFT/CPT responsibility of correspondent institution.
Additional provisions on the treatment of the relationship between CMOs and high-risk foreign banks (such as shell banks) have been included in the 2022 Regulations. 22 Consequently, CMOs are now required to;
- Comply with requirements of the United Nations Security Council Resolutions;
- Screen their records to identify assets of all clients associated with UN-sanctioned lists and report findings to the SEC and NFIU;
- Screen their records to identify assets of all clients proscribed for terrorism financing and proliferation finance (TF/PF) domestically and report findings to SEC, NFIU, and other relevant authorities within 24 hours. 23
- Identify and assess the AML/CTF/CPF risks emerging from virtual asset activities and operations of VASPs and adopt a commensurate risk-based approach to prevent or mitigate AML/CTF/CPF risks;
- Identify, assess and understand their AML/CTF/CPF risks for customers, delivery channels, countries or geographic areas, products and services; and apply mitigating measures that are commensurate to such risks;
- Strengthen their AML/CTF/CPF risk assessment models by developing an appropriate proxy. 24
Verification of Beneficial Ownership
Under the 2022 Regulations, CMOs are required to identify and verify a beneficial owner,25 using relevant data and information gotten from a reliable source. 26 Where a legal person is concerned, the beneficial owner is to be identified by determining the natural persons that have controlling interest, whether directly or indirectly in such legal person. If it is impracticable to determine the natural persons with controlling interests, then the CMO shall identify and take reasonable measures to verify the identity of the natural person who holds the senior management position in the legal person. 27
For other legal arrangements, such as a trust, CMOs must identify and verify the identity of the settlor, protector (where they exist) and trustee. 28 However, it will not be necessary to identify and verify the identity of shareholders/beneficial owners of a publicly listed company that is already subject to the stock exchange rules on disclosure requirements, or a majority owned subsidiary of such company such listed company. 29 Controlling interest for the purpose of this regulation is 5% ownership interest. 30 Notably, the obligation to identify the directors and all the signatories to an account as was required by the 2013 Regulations has now been expunged from the 2022 Regulations. 31
Travel Rule Requirements
As indicated above, virtual asset transfers are to be treated as cross-border transfers attracting ECDD. 32 Where a transfer originates from a VASP (Originating VASPs), the Originating VASPs must obtain and hold full and accurate information of the originator (full name, wallet address and physical address) and beneficiary (full name and wallet address). The beneficiary of a transfer (Beneficiary VASPs), in the same manner are required to obtain and hold full and accurate information of the originator and beneficiary. In any case, both the originating VASPs, and the beneficiary VASPs must make this data available to competent authorities on request. 33 The foregoing rules apply to both VASPs and non-VASP CMOs when engaging in virtual asset transfer transactions. 34
For cross border transfers below $1000 (one thousand US dollars.), CMOs are to ensure that the transfer includes the names and wallet address of the originator and beneficiary. In this case, CMOs are only required to verify such information if there is suspicion of money laundering or terrorist financing. 35
Measures to Prevent the Misuse of New Technologies and Non-Face-to-Face Transaction
The 2022 Regulations incorporate the provisions of the 2013 regulations on misuse of technology. The 2022 Regulations provide that in deploying new technologies, products, or business practices, CMOs must assess risks, and ensure that appropriate measures are taken to continuously mitigate such risks, and that these measures are documented. 36
Keeping and Maintenance of Regulations
In line with the Nigeria Data Protection Regulation 2019, 37 CMOs are to keep specific records for at least five (5) years after the termination of an account or business relationship and make these records available to the SEC or other competent authorities within 48 hours of request. The records envisaged include a) the identification data and risk profiles of their clients/beneficial owner; b) Their account files; c) CDD information and business correspondent; d) Result of any analysis taken, etc. 38
Sanctions for Non-Compliance
The monetary penalty of NGN500,000 (Five Hundred Thousand Naira) no more, applicable for [the offence of non-compliance with the provisions of Regulation by CMOs provided under the 2013 regulation, has been expunged. 39 The 2022 regulation merely provides that an appropriate penalty shall be imposed where there has been a contravention. The effect of this change is that the 2022 Regulations take into consideration the changing economic realities and the gravity of the provisions that may have been contravened.
The passage of the Money Laundering (Prevention and Prohibition) Act, 2022 and now the 2022 Regulations have indeed shown the government's commitment towards ensuring protection from the risks money laundering, terrorism and proliferation pose in Nigeria. In addition, the applicability of the 2022 Regulations to proliferation financing and VASPs is a step in the right direction as it is in line with international best practices.
1. Section 13 (n) Investment and Securities Act 2007.
2. Proliferation financing is defined by the Financial Action Task Force (FATF) as the provision of funds or financial services used for the manufacture, acquisition, possession, development, export, trans-shipment, brokering, transport, transfer, stockpiling or use of nuclear, chemical or biological weapons and their means of delivery and related materials (including both technologies and dual-use goods used for non-legitimate purposes), in contravention of national laws or, where applicable, international obligations.
3. Regulation 98 of the 2022 Regulations.
4. Section 98 of the 2022 Regulations.
5. Regulation 3 (a) and (b) of the 2022 Regulations.
6. Regulation 3 (g) of the 2022 Regulations.
7. Regulation 3 (c) and (d) of the 2022 Regulations.
8. Regulation 4 (b) of the 2022 Regulations. Compare with Regulation 4 (b) of the 2013 Regulations.
9. Regulation 4 (d) 2022 Regulation. Compare with Regulation 4 (c) of the 2013 Regulations
10. Regulation 6 of the 2022 Regulations.
11. Regulation 15 (2) of the 2022 Regulations. Note that an occasional transaction for the purpose of this regulation means one or more transactions in which the total value exceeds $1000 (One Thousand US Dollars or its equivalent).
12. Regulation 15 (3) of the 2022 Regulations.
13. Regulation 15 (3) and 12 (2) (g) and (h) of the 2022 Regulations.
14. Regulation 24 (4) 2022 Regulations.
15. Regulation 13 of the 2022 Regulations.
16. "Designated Non-Financial Businesses and Professions" means dealers in jewelry, cars and luxury goods, chartered accountants, audit firms, tax consultants, clearing and settlement companies, legal practitioners, hotels, casinos, supermarkets, or such other businesses as the appropriate regulatory authorities may from time to time designate.
17. Compare Regulation 13(2) of the 2022 Regulations. Compare with Regulation 13 (2) (f) of the 2013 Regulations.
18. Regulation 9 (3) (b) of the 2022 Regulations.
19. Regulation 9 (5) of the 2022 Regulations.
20. Regulation 9 (6) of the 2022 Regulations.
21. Regulation 24 (3) 2022 Regulations.
22. Regulation 10 (4) of the 2022 Regulations and Regulation 10(1) of the 2013 Regulations.
23. Regulation 10 (1) of the 2022 Regulations.
24. Regulation 10 (3) of the 2022 Regulations.
25. For this purpose, a beneficial owner is a natural person who owns or controls a client, or on whose behalf a transaction is being conducted, including persons who exercise effective control over a legal person or arrangement.
26. Regulation 14 (1) of the 2022 Regulations.
27. Regulation 14 (1) (a) of the 2022 Regulations.
28. Regulation14 (1) (b) of the 2022 Regulations.
29. Regulation 14 (5) of the 2022 Regulations.
30. Regulation 14 (6) of the 2022 Regulations.
31. Regulation 34 (4) 2013 Regulations.
32. Regulation 15 (3) of the 2022 Regulations.
33. Regulation 15 (3) (a) (IV) and Regulation 15 (3) (b) of the 2022 Regulations.
34. Regulation 15 (3) (c) of the 2022 Regulations.
35. Regulation 15 (6) of the 2022 Regulations.
36. Regulation 19 (3) of the 2022 Regulations.
37. Regulation 8 of the Nigeria Data Protection Regulation 2019.
38. Regulation 21 (1) (b) of the 2022 Regulations.
39. Regulation 93 (3) (a) of the 2013 Regulations.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.