ADDITIONAL MEASURES FOR PREVENTING MONEY LAUNDERING IN CREDIT INSTITUTIONS

1. General provisions

1.1 The regulation governing money laundering prevention in Estonia, including the Money Laundering Prevention Act (hereinafter MLPA), has been developed based on the European Union Directive on Prevention of the Use of the Financial System for the Purpose of Money Laundering (91/308/EEC). Besides, competent Estonian authorities have confirmed that based on the provisions of the European Parliament and European Union Council Directive 2001/97/EC - i.e. the so-called second money laundering Directive - the Estonian regulation governing money laundering prevention would be modified in 2002.

1.2 Besides the specified documents, the provisions of the UN 1988 Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances (the Vienna Convention) and the Council of Europe 1990 Convention on Laundering, Search, Seizure and Confiscation of the Proceeds of Crime (the Strasbourg Convention), the ratification acts whereof have been passed by the Riigikogu, shall be observed on money laundering prevention in Estonia.

1.3 Punishments for money laundering offences are provided for by the Penal Code adopted on 06.06.2001 (Articles 394-396), which based on the ratification act will be enforced from 01.09.2002.

1.4 FATF (Financial Action Task Force on Money Laundering) formed in 1989 with the aim of preventing money laundering is the principal international organisation focusing on money laundering prevention aspects, which directs the international policy of combating money laundering and develops methodological recommendations for fighting against money laundering. 31 countries and regional organisations are members of FATF.1 The 40 FATF recommendations for money laundering prevention form the most important international standard, the principles whereof are included in the respective legislation of FATF member countries and the countries that are members of regional organisations, including Estonia.

1.5 The delegations of FATF and of its associated organisations monitor the implementation of recommendations in various countries. Based on the visits and received material, the compliance of the money laundering prevention policy of countries with the internationally accepted practice is assessed. Based on the results, the countries are divided according to cooperation readiness into co-operative and non-cooperative countries and territories (NCCT). Although the FATF documents regulating money laundering prevention are of advisory character, the 40 FATF recommendations should be fully implemented besides the EU member states also in EU candidate states pursuant to the meeting of EU ministers of economics, finance, internal affairs and justice held on 16-17.10.2001.

1.6 The Basel Banking Supervision Committee of the Bank for International Settlements (BIS) develops standards and guidelines with the aim of increasing stability in the monetary and financial area. The BIS document Customer due diligence for banks, published in October 2001, stipulates, inter alia, the know your customer principle, the implementation whereof is nowadays considered good practice in the areas related to finance.

1.7 The following recommendations are based on the above-specified legislation and other published opinions and are directed at the formation of single and common behaviour and understandings in the activity of credit and financial institutions (hereinafter financial institutions) related to the implementation of legislation regulating money laundering prevention.

1.8 The regulation stipulated in these Guidelines provides recommendations for the events when the identification obligation arises from MLPA. In other cases the recommendations stipulated in these Guidelines shall be applicable based on the prudence principle.

1.9 Depending on circumstances,2 the persons or persons' representatives, who wish to use a service of a financial institution without opening an account or entering into any other agreement serving as the basis for customer relationship.


Part 2
Identification of natural persons on creating relationship


2.1 Natural persons are identified on the basis of a document bearing a photo, issued by a government agency, where at least the person's name and his date of birth or personal identification code are entered. The requirements set to the identity documents are provided in § 9 (1) of MLPA. The documents that are known to be easily forged or purchased should be avoided.

2.2 The following data of the document submitted for identification shall be verified:

  • validity of document based according to its scope of use and expiry date;
  • resemblance and age of the person with the person's appearance on the photo in the document;
  • compliance of the identity code with the gender of the document holder. In respect of codes assigned to foreign natural persons, embassies or any other competent institutions should be consulted.

    2.3 On identification, a copy is made from the pages of the document serving as the basis for identification, which contain the information necessary for identification (personal data and entries) pursuant to § 9 (1) of MLPA, and the following personal data are registered pursuant to § 11 (1) of MLPA:
  • name, personal identification code and/or date of birth of natural person;
  • category, number, date of issue, place of issue and validity of the document used for identification;
  • person's place of residence or location.

    If the document submitted by the person contains no such data, the person's actual place of residence should be established by questioning, and, if required, the truth of the information served on the address in respect of the county, town, street, house and apartment number should be verified with reliable sources as soon as possible. The serving of a post office box number, poste restante address or any other similar data is unacceptable on the identification of natural persons.

    2.4 If it is impossible to verify all personal data based on the submitted document, the customer shall be requested to submit such data. If data is missing or any suspicions arise in respect of the truth of information provided in the data submitted, the financial institution may upon its own initiative, prior to opening an account, verify the truth of the submitted data with reliable sources. The data and references required for the identification of customers shall be verified only on the basis of original documents, respective certificates etc. of authorities.

    2.5 Only in special cases3 copies of documents or information submitted by intermediaries shall be accepted. In such case a respective note shall be added to the copies of documents confirming identification, and as soon as possible the data and documents shall be verified with the original sources.

    2.6 A financial institution shall not maintain anonymous accounts or accounts in fictitious names.

    2.7 The introduction of a customer by the management of a financial institution or persons accepted thereby may facilitate the identification of the customer, but it shall not substitute the above-specified identification procedures.

    2.8 Personal acquaintance with a customer or the fact that a customer is well-known publicly shall not serve as the basis for the non-observance of the above-described identification procedure. The identity of all public figures (incl. statesmen, members of the Government, politicians and persons directly related to them, renowned business and cultural persons, etc.)shall be established since any exception may jeopardise the reputation of the financial institution which is a party to transaction.

    2.9 The same identification procedures shall be observed on identifying minors. In such case also the personal data of or their parent or parents, or guardian or guardians shall be verified.

    2.10 If an account is opened to a non-resident, at least the same requirements equivalent to those set to residents shall be applied.

    2.11 Besides identification, the customer's activity profile shall also be established on opening an account. For this purpose, the major areas of activity and potential payment habits of the customer shall be established. It is also important to know the customer's business partners or other persons to whom and from whom payments can move, likewise location thereof. The establishment of the location of business partners and other relevant persons is important since in a number of countries the regulation governing money laundering prevention is inadequate and therefore enables the movement of also illegally acquired funds.

    2.12 The customer identification is not a single action, the changes in his personal data as well as area of activity shall be regularly updated at least once a year.

    2.13 If the identification obligation is not observed, a pecuniary punishment shall be applied pursuant to § 395 of the Penal Code.


    2.14 Representatives

    2.14.1 A financial institution shall establish whether the person acts in his own or other person's name and/or on his or other person's account. If the person acts in the name and/or on the account of another person, the financial institution shall also identify the person in whose name and/or on whose account transactions are conducted.

    2.14.2 In the case of transactions conducted through representatives, incl. attorneys, notaries, auditors, accountants, tax consultants, real estate agents, it is essential to primarily identify the representative pursuant to the legislation and the requirements of these Guidelines. Thereupon, the represented person shall be identified, his name, origin, place of residence and date of birth and/or personal identification code shall be established.

    2.14.3 Besides, financial institutions shall, pursuant to § 10 of MLPA, establish any other information they consider necessary for the entering into and maintenance of such customer relationship.

    2.14.4 If customer relationship is created by a representative, a confirmation shall be acquired from such representative in addition to the other data and documents required for identification, that he is not acting in his own interests, but he performs the duties arising from his position, which are based on the contractual relationship concluded between him and the represented person. The scope of powers granted to the representative shall be specified (whether this is a long-term relationship or powers have been granted for a single transaction only, for instance, for opening an account).

    2.14.5 A financial institution shall observe the terms of the powers granted to representatives and provide services only within the scope of the granted rights of representation.

    2.14.6 A representative shall be able to comprehensively answer the questions in respect of the activity of his principal and non-involvement of his principal in criminal activity, besides, the representative shall be able to persuasively confirm that he has identified his principal and is aware and confident of the legal origin of his principal's funds.


    2.15 Civil law partnerships

    2.15.1 On identifying civil law partnerships4 the aim shall be set to identify all members of a civil law partnership or their representatives on the same bases that apply to customers who are natural persons.
    2.15.2 Data in respect of the members of civil law partnerships and their representatives shall be maintained and regularly updated. Also, in the case of civil law partnerships, clubs, etc. the objective of their activity and the origin of the funds they use shall be established.


    Part 3
    Identification of legal persons on creating relationship


    3.1 For the identification of legal persons the data in respect of the legal status, management, all representatives, major shareholders. objectives of activity and activity profile of the person, likewise the rights of the person to assume obligations shall be established.

    3.2 In the case of legal persons in private law, primarily, their passive legal capacity shall be verified by way of obtaining a certificate from the state register or the customer itself or from both (original copy) in respect of the registration of the legal person and legal status thereof. Based on legal status, legal persons shall submit the Articles of Associations registered with the state register, extract from the register in respect of the authorised signatories and the resolution of the competent body or person in respect of the use of a financial service, likewise the location of activity and contact data of the legal person. All the documents submitted in respect of representation of a legal person shall be issued or confirmed by respective authorities up to 30 days prior to submitting thereof to the financial institution.

    3.3 In respect of legal persons in public law and international organisations the documents serving as the basis for their activity shall be established and they shall be requested to submit the relevant documents. If need be, the data contained in the documents, which are required for the creation of customer relationship, shall be verified.

    3.4 Each natural person acting on behalf and account of a legal person, who have the right to operate the funds of the legal person, shall be identified pursuant to the requirements provided in § 9 of MLPA and Part 2 of these Guidelines.

    3.5 If the right to operate the funds of a legal person is granted to a representative, the bases, scope and term of the representative's powers shall be established.

    3.6 Additionally, on identifying legal persons, information in respect of their shareholders, partners and other persons who have control over or any other essential impact on such legal persons shall be requested.

    3.7 On identifying non-resident legal persons, credit and financial institutions shall, to the extent possible, observe the same requirements which apply to resident customers, considering the peculiarities arising from the non-resident customer's country of residence and legal status.

    3.8 On accepting the documents confirming the registration of non-resident legal persons and the representatives' powers, it shall be verified that such documents comply with the requirements stipulated by the Estonian legislation.

    3.9 In a number of states (regions and countries with low tax rates) the standards for the identification of customers, registration and maintenance of documents are lower than those in Estonia, therefore special attention shall be paid to the contents and way of presentation of documents of the companies registered in such countries5.

    3.10 On verifying the powers of a legal person's representatives, it shall be established whether the representative knows his customer. The document confirming the rights of representation shall not be restricted to the signature verification, but it shall stipulate that the person has been explained his rights and obligations (the representative must know the essence and objective of the represented person's expression of will, also he must be able to answer any other relevant questions).

    3.11 The data and documents submitted in respect of the persons whose country of origin is entered in the list of countries prepared by FATF, which do not contribute sufficiently to prevent money laundering, (non-cooperative countries and territories)6, or in the case of countries declared tax exempt and low tax rate territories by the Estonian Taxation Board, shall be examined with special attention7.

    3.12 If the submitted data are insufficient for the identification of the person or its representative, additional documents and information shall definitely be requested and the data shall be verified with reliable sources8. To verify the data, the companies that are members of the same group with the financial institution, which might have additional information in respect of the activity of the customer or its transaction partners, shall be consulted. Only after the person has been completely identified services can be provided to such person.


    3.13 Intermediaries

    3.13.1 A person who has a legal obligation to identify his customer can be in intermediary. If a foreign financial institution providing securities intermediation services to its customers on its behalf is an intermediary, the current legislation of a respective country governing the providing of financial services shall be consulted: whether and how the providing of services is regulated (for instance: is it a licenced activity? what requirements apply for the customer identification?). If it is established that the respective country applies lower criteria than those applied in Estonia, no services shall be provided in Estonia to such customer without additional identification.

    3.13.2 An intermediary shall confirm that he has identified his customer and is convinced about the legal origin of the customer's funds. The intermediary shall be able to comprehensively answer the questions in respect of the activity of his customer and his non-involvement in criminal activity.

    3.14 Safe deposit boxes, interim accounts

    The general customer identification obligation shall extend to safe deposit boxes and use of interim accounts, likewise to any other similar actions.


    Part 4
    Creation of relationship without direct contact


    4.1 The customer relationship of a credit institution shall be governed by unattested agreements pursuant to § 89 (2) of the Credit Institutions Act (CIA), i.e. a customer or his representative shall, upon establishing customer relationship, be personally present to sign the agreement.

    4.2 In special cases9, financial institutions can create customer relationship also without direct contact. In such case, a comprehensive written confirmation in respect of the customer identification data submitted by post, e-mail or via any other channels shall be obtained from reliable sources.

    4.3 On creating customer relationship without direct contact, all related and later risks shall be assessed.


    Part 5
    Identification of persons on conducting transactions


    5.1 If the amount of a single transaction or the amount of successive transactions exceeds the limit stipulated by the legislation or internal procedure rules of a financial institution, the person or his representative shall be identified.
    5.2 Regardless of the amount of transaction, nature thereof or partner thereto, the person or representative shall be identified if the activity of the persons related to the transaction is unusual or the transaction circumstances are suspicious. The internal procedure rules of a financial institution shall contain the descriptions of suspicious and unusual transactions.
    5.3 In the case of financial services provided via the Internet, telephone and post, the compliance of the customer's behaviour with his activity profile and payment habits shall be assessed similarly to that of a customer who has a direct contact with the financial institution.
    5.4 On processing the payment instructions that arrive electronically, the verification system enabling the analysis of the essence of payments and compliance thereof with the principal activity of the customer, shall be implemented Also, credit institutions shall implement measures for regular (at least once a year) checking and updating of the customers who use electronic services, in order to avoid the use of services by unidentified persons.


    Part 6
    Implementation of 'know your customer' principle


    6.1 A financial institution shall implement the 'know your customer' principle in all transactions with the customer in order to adequately assess the compliance of the customer's transactions with his principal activity and/or payment habits.

    6.2 In order to decide whether a transaction is of suspicious or unusual nature, a financial institution shall pay particular attention to its knowledge of the customer and its economic activity. Circumstances, which are suspicious or unusual in respect of one customer, may be totally normal (business) activity of another customer.

    6.3 On creating customer relationship, likewise on conducting transactions, attention shall be paid to the fact whether this is done in the branch of the place of residence or location of the customer. If the customer's behaviour is unusual, it should definitely be required why the customer did not turn to the branch of his residence or location.

    6.4 A financial institution shall assess the essence and objective of the customer's transactions and actions based on its general work experience, in order to establish the potential connection of the transaction or funds used to money laundering or any other offence. Besides, respective instruction and training of employees shall be ensured.

    6.5 The transformation, transfer of funds or performance of legal actions which are the result of tax offences shall be treated similarly to all criminal offences against property on preventing money laundering. Thus, it shall be checked whether tax returns and any other potential movements in customers' accounts related thereto comply with the profile and extent of their activity.

    6.6 § 11 (4) of MLPA allows a financial institution to refuse to conduct a transaction if the person, regardless of respective request, fails to submit the documents certifying the legal origin of the funds which are the object of transaction.


    Part 7
    Internal security measures


    7.1 A financial institution shall, pursuant to § 13 of MLPA, establish internal security measures, which shall contain particular activity guidelines for the identification of suspicious and unusual transactions in all areas of activity. The internal procedure rules shall contain the descriptions of suspicious and unusual transactions.

    7.2 The procedure rules established for the observance by employees shall contain guidelines on refusing to conduct transactions or providing services in at least the following cases:
  • there is reasonable doubt that the customer does not act in his own name;
  • there is reasonable doubt that the funds which are the object of transaction have been derived from crime;
  • the customer's expression of will is unclear;
  • the customer is in a visibly indecisive state.

    7.3 The job descriptions of employees of a financial institution shall stipulate the obligation of notification of the contact person of the Financial Intelligence Unit of suspicious or unusual transactions.

    7.4 In case of suspicion, a financial institution shall verify the legal origin of funds prior to signing the agreement/conducting the transaction. In case of suspicion of illegal origin of the funds that are the object of transaction the contact person of the Financial Intelligence Unit shall be notified.

    7.5 A financial institution shall register and analyse all the cases of refusal to conduct transactions and the reports prepared in respect of suspicious or unusual transactions. Respective details and information shall be preserved for at least five years.

    7.6 The internal procedure rules and job descriptions of employees of a financial institution shall provide for the requirements pursuant to which employees are forbidden to inform customers (and persons who may be related to customers) of the reports prepared in respect of suspicious or unusual transactions.


    Part 8
    Preservation of data


    8.1 The customer identification data and any other information in respect of the development of customer relationship shall be preserved pursuant to § 12 of MLPA for at least five years upon the termination of customer relation, so that in the course of a later investigation the account holder and transaction data can be identified on the basis of such data.
    8.2 It shall be possible to identify the following transaction data:
  • origin of funds (provided they have been identified on conducting the transaction);
  • way of receipt of funds, for instance: in cash, by cheque or in any other way; further use of funds, for instance: cash withdrawal, payment for services; effecting of payment, etc.;
  • person who has submitted the instructions in respect of further use of funds;
  • beneficiary of the payment effected from the customer's account.

    8.3 With regard to investment services, information on the purchase and selling orders of the broker or any other intermediary, transaction order register, payment instructions and payment confirmations, correspondence in respect of transactions and other communication shall be preserved separately.

    8.4 With regard to investment services, information on the customer and assessment of his financial standing, receipt and origin of funds, names and addresses of the counterparties to transaction, structure of investments, their price, value and other relevant details shall be preserved separately.

    8.5 On providing investment services, the data on the financial standing of the customer, his needs for insurance services and agreements signed with the customer, including details of payment method and indemnities, post-sale transaction documents related to the agreement until the expiry of agreement, circumstances related to the termination of agreement and satisfaction of claims shall be preserved.

    8.6 A financial institution shall in its internal procedure rules provide for the procedure of archiving and preservation of data, so that money laundering offences can be investigated as efficiently as possible. When the term for data preservation starts expiring, all the data related to the cases under investigation shall be preserved until the proceeding of respective cases is terminated.

    8.7 If this is a case of a customer of a number of financial institutions that are members of the same group, it shall be sufficient if the updated data supporting identification of such customer are preserved in one of the financial institutions that are members of the same group, provided all the necessary data, if required, are available also to other members of the group and investigative bodies.

    8.8 Transaction data shall be preserved in all financial institutions that have been the initiators of transactions, intermediating or receiving parties or in any other way related to the transaction or operation.

    8.9 Companies of a group located in different countries shall take into account the rules of preventing money laundering and storage of data, which are applied by the parent company or a company of the group located in the country with the strictest legislation with regard to the prevention of money laundering. If any company of a group leaves the group, the issues related to the information preserved according to the rules of money laundering prevention shall also be settled.


    Part 9
    Activity in case of suspicion of money laundering


    9.1 If in a relationship with a customer circumstances arise which are unusual or in respect whereof suspicion of money laundering arises, the contact person of the Financial Intelligence Unit assigned by the manager of the financial institution shall be notified thereof immediately, and he shall decide upon the forwarding of information to the Financial Intelligence Unit. Information can be forwarded verbally, in writing or electronically. If a notice is forwarded verbally, it shall be repeated later, within the next working day, in writing. The Financial Intelligence Unit10 is in the administration area of the Ministry of Internal Affairs and is a structural unit of the Police Board.

    9.2 The customer (likewise his representative and other related persons) in whose respect the Financial Intelligence Unit is notified of the arisen suspicion shall not be notified thereof.

    9.3 The background of each suspicious or unusual case shall be investigated to the utmost extent possible. The details of transaction shall be fixed and the circumstances that have arisen shall be analysed in order to establish the most standard features of transactions conducted most often. The principal issues that have to be addressed on analysing suspicious and unusual transactions are the following:
  • What gave rise to suspicion in the conducting of operations, transactions or any other circumstances?
  • Can you state that the financial institution really knows the customer or are additional data required in his respect?
  • Was the customer or his representative identified during the transaction or operation pursuant to the procedure provided? Was, at that time, the entire required information submitted or additional data had to be requested or specified in any other way?
  • Did recurrent events of suspicious operations and transactions occur?

    9.4 On consulting the contact person of the Financial Intelligence Unit, it should become clear whether this is a really unusual or suspicious operation or transaction. The activity differing from ordinary behaviour is not necessarily automatically suspicious. It is essential, on establishing unusual operations and transactions, to specify all circumstances that may have any relation to the given situation. If, pursuant to the internal procedure rules of a financial institution, the person's activity cannot be totally qualified as the activity that has to be reported to the Financial Intelligence Unit, the further activity of the customer shall be observed more closely. The Financial Intelligence Unit shall be notified as soon as reasonable doubt arises in respect of the customer's suspicious behaviour.

    9.5 The failure of the manager or contact person of a financial institution to notify the Financial Intelligence Unit of the suspicion of money laundering or submitting of incorrect data shall be punished pursuant to § 396 of the Penal Code.

    9.6 Although the majority of employees of a financial institution are under the obligation of professional secrecy, the managers and employees of the financial institution, pursuant to § 17 of MLPA, shall not be liable for the damage arising from the non-conducting of a transaction or undue conducting thereof, which is caused to the customer in relation to the notification of the Financial Intelligence Unit of the suspicion of money laundering. Also, they shall not be liable for the violation of the obligation of professional secrecy stipulated in the agreement, which occurred due to the notification of the Financial Intelligence Unit of the suspicion of money laundering.

    9.7 Pursuant to § 15 (2) of MLPA, the Financial Intelligence Unit may, in the case of reasonable doubt of money laundering, suspend the transaction or establish restrictions for the use of funds for up to two business days. Based on the written application of the Financial Intelligence Unit, financial institutions shall serve the Unit with any other information on transactions or persons related to money laundering suspicion.

    _______________________________________
    1 FATF member countries and the associated organisations are provided at the following web address:http://www1.oecd.org/fatf/Members_en.htm
    2 Circumstances leading to the identification of a person who has no customer relationship are, for instance, the person's unusual behaviour or wish to conduct transactions the conditions whereof are unusual.
    3 Such cases shall be governed by the internal procedure rules of financial institutions.
    4 Law of Obligations Act, § 580
    5 The processing of the documents of non-resident customers shall be governed by Regulation No. 97 in respect of foreign officials issued by the Minister of Justice on the basis of the Notarisation Act on 14 December 2001 (RTL, 2001, 132, 1921).
    6 The list of respective countries is provided at the following web address:http://www1.oecd.org/fatf
    7 Tax exempt and low tax rate territories: http://www.ma.ee/maksud/vleping/must_nim.shtml.
    8 For instance, state registers, supervision authorities and credit institutions, foreign representative offices of the Republic of Estonia, foreign representative offices in Estonia.
    9 The procedure for acting in special cases shall be governed by the internal procedure rules of financial institutions.
    10 At the time of enforcing the Guidelines the telephone number of the Financial Intelligence Unit is 6123 202.