last updated: 21/07/2020

1.0 Purpose and Overview of The Policy and Manual

This Policy and Manual has been formulated by Built to reinforce the broad AML/CFT legal requirements and more importantly, to provide best-practice guidance to Built’s staff on how to implement the relevant legal provisions. Money laundering (ML) has been defined as the process whereby criminals attempt to or conceal the illegal origin of illegitimate ownership of property and assets that are the fruits or proceeds of their criminal activities. It is, thus, a derivative crime. Financing of Terrorism (FT) is a reverse form of money laundering and may involve both legitimate and illegitimate money. It is characterized by concealment of the origin or intended criminal use of the funds. Money laundering and terrorist financing are global phenomena and there has been growing recognition in recent times, and indeed, well-documented evidence, that both money laundering and terrorist financing pose major threats to international peace and security and could seriously undermine national development and progress. Consequently, concerted global efforts have been made to check these crimes. Financial Institutions, in particular, have come under unprecedented regulatory pressure to enhance their monitoring and surveillance systems with a view to preventing, detecting and responding appropriately to money laundering and terrorist financing. This Manual covers the following key areas:

1.1 Money Laundering

Money laundering involves taking criminal proceeds and disguising their illegal source in anticipation of ultimately using the criminal proceeds to perform legal and illegal activities. Simply put, money laundering is the process of making dirty money look clean.

1.2 Stages of Money Laundering

Traditionally, it has been accepted that Money Laundering occurs in three separate/fundamental stages

1.3 Terrorist Financing

Terrorism can be defined as the unlawful use of force against persons or property to intimidate or coerce a government, the civilian population or any segment thereof, in the furtherance of political or social objectives. Terrorist acts are criminal in nature and constitute a serious threat to the individuals’ lives and freedom. Terrorist funding relates to provision or collection of funds to carry out an act of killing or seriously injuring a civilian with the objective of intimidating a section of the people or compelling a government to do or to abstain from doing any act.

1.4 Difference Between Money Laundering and Terrorist Financing

The most basic difference between money laundering and terrorist financing involves the origin or source of the funds. Terrorist financing uses funds for an illegal political purpose, but the money is not necessarily derived from illicit proceeds. It could be from a genuine source as well. On the other hand, money laundering always involves the proceeds of illegal activity or a predicate offense committed.

1.5Anti-Fraud

Built Financial Technologies will continually strive to ensure that all of its products, services and payment processes are carried out and reported honestly, accurately, transparently and accountably and that all decisions are taken objectively and free of personal interest. Built will not condone any behaviour that falls short of these principles. All staff of Built have a responsibility for putting these principles into practice and for reporting any breaches they discover. This document applies to any irregularity, or suspected irregularity, involving employees as well as Directors, shareholders, vendors, consultants, contractors, outside agencies doing business with employees of such agencies, and /or any other parties with a business relationship with the Built Financial Technologies.

2.0AML/CFT Institutional Policy Framework

2.1General Guidelines

Built Financial Technologies is committed to complying with AML/CFT obligations in order to actively prevent any transaction that otherwise facilitates criminal activity or terrorism. Built will, therefore, formulate and implement internal controls and other procedures to deter criminals from using its facilities for money laundering and terrorist financing, thus ensuring that it meets its obligations under the law.The internal control measures include:

3.0Anti-Money Laundering Reporting Officer’s Designation and Duties

Built Financial Technologies shall appoint a responsible official as an Anti-Money Laundering Reporting Officer (AMLRO) who shall be a key management personnel of the accountable institution and who will operationally report to the Board in accordance with section 41(1) (b) of the Anti-Money Laundering Act, 2008 (Act749) as amended, Regulation 5(1) of L.I. 1987 and Part A 1.0 of the Bank of Ghana and Financial Intelligence Centre AML/CFT & P Guideline for Banks and Non-Bank Financial Institutions in Ghana July 2018. He shall be equipped with the relevant competence, authority and independence to implement the institution’s AML/CFT compliance programme. He or she shall be equipped with the relevant competence, authority and independence to implement the institution’s AML/CFT compliance programme.The duties of the AML Reporting Officer shall include but not limited to the following:

4.0Co-operation with Competent Authorities for Information

Built Financial Technologies shall comply promptly with requests, and pursuant to the law, provide information to the competent authority or other relevant government agency. Built’s procedures for responding to authorized requests for information on money laundering and terrorist financing shall include:

(a)immediately searching institutional records to determine whether or not it maintains or has maintained any account for, or has engaged in any transaction with each individual, entity, or organization named in the request;

(b)reporting promptly to the requesting authority the outcome of the search and

(c)protecting the security and utmost confidentiality of any such requests.

4.1Conditions for Acceding to Such Request

The formal request so made shall not be acceded to unless:

(a.)With the prior approval of the Chief Executive Officer, the General Counsel or a Key Management Personnel of Built Financial Technologies.

(b.)With the express written permission of the customer or individual involved

(c.)It is an Order from a Court of competent Jurisdiction.

(d.)It is request from the Law Enforcement Agencies, eg, EOCO

(e.)It is a directive from Bank of Ghana.

(f.)It is a request from the Financial Intelligence Centre, Ghana

(g.)It is a request from the Securities and Exchange Commission

4.2Data Protection

Built Financial Technologiess is registered under the Data Protection Act of Ghana, Act 2012 (Act 843). To this end, Built is mindful of and shall be guided by all the eight thematic areas of the Act.

5.0Know Your Customer (KYC)/Client Programme (Due Diligence Procedure)

5.1What is ‘’Know Your Customer’’ Requirement?

‘’Know Your Customer’’ (KYC) requirement entails obtaining full particulars of the identity of a customer and having adequate knowledge of the purpose for which the customer desires to establish a business relationship with a financial institution. Having adequate knowledge of a customer and applying it to all transactions initiated by the customer is an effective way of avoiding being used to launder the proceeds of crime and recognizing suspicious activities.Thus, Built Financial Technologies shall establish clear and written procedures for verifying the identity of persons who open new accounts. The procedures should state the types of information the institution will collect from customers and how it will verify each customer’s identity.

5.2Customer Acceptance Policy

Built Financial Technologies will not establish a business relationship until all relevant counterparties to the relationship have been identified and the nature of the business they intend to conduct has been duly ascertained. Once an on-going business relationship has been established and the normal operation confirmed, any inconsistent activity would be investigated to determine whether there is a suspicion of money laundering.

5.3The Requirement to Obtain Identification Evidence

The first requirement of knowing your customer for money laundering purposes is that the Built should be satisfied that a prospective customer is who he/she claims to be. Built shall not carry out, or agree to carry out, any financial business or provide advice to a customer or potential customer, unless Built is certain about who that person actually is. If the customer is acting on behalf of another, e.g. the funds are being supplied by someone else, or the investment is to be held in the name of someone else, we have an obligation to verify the identity of both the customer and the agent/trustee unless the customer is itself a regulated financial institution within the country.

5.4The Nature and Level of the Business to be Conducted

Adequate information should be obtained on the nature of the business that the customer intends to undertake, including the expected or predictable pattern of transactions. The information collected at the outset for this purpose should include:

Adequate steps should be taken to keep the information up to date as the opportunities arise, e.g. when an existing customer opens a new account on the Built software. Such information obtained during any contact with the customer should be recorded and kept in the customer’s file to ensure, as far as practicable, that current customer information is readily available to the Compliance Officer or relevant regulatory bodies.

5.5Risk-based Approach to KYC

Built Financial Technologies adopt a risk-based approach in implementing its KYC policy in respect of categorizing customers into a three-tier risk rating. Built Financial Technologies will rely on an objective risk rating template in achieving this results. The factors to be used in the risk rating shall include geographical location of the customer or where the entity business is situate, object of the entity, nationality of the customer, customer type, and the product or service being offered the customer among others. Customers or accounts to be classified as high risk shall be subjected to enhanced due diligence and constant monitoring of its transactions thereof. They shall include but not limited to:

For such high risk entities, the KYC approach should involve customer risk profiling and assignment of specific risk rates, and the resort to Enhanced Customer Due Diligence techniques (ECDD). The ECDD techniques should include but not limited to:

5.6Third Party Payments

Pursuant to Section 23 (7) of the Anti-Money Laundering Amendment Act 2008 (Act749), all third parties making transactions (deposits and withdrawals) on another person’s account, shall be required to have authorization for the holders of Built Accounts on the software.All third parties must go through a verification process to be accepted.

5.7Financial Inclusion

Built Financial Technologies believes that access to Built facilities and other financial services is a necessary requirement for most adults. As such, socially and financially disadvantaged applicants resident in Ghana should not be precluded from opening accounts or obtaining other financial services merely because they do not possess evidence to identify themselves. Where a financial institution has reasonable grounds to conclude that an individual client is not able to produce the detailed evidence of his identity and cannot reasonably be expected to do so, the institution may accept as identification evidence, a letter or statement from a person in a position of responsibility who knows the client and can confirm that the client is who he/she says he/she is, including confirmation of his permanent address. The ID of the guarantor shall be obtained and verified.

5.8Source of Wealth and Source of Funds

Source of Wealth refers to the total wealth or the majority of the wealth of a customer, the activities which have generated or contributed to a customer’s accumulation of funds and assets. Source of wealth therefore describes how a customer acquired their total wealth over time i.e. the source(s) through which the wealth was generated. All legitimate assets that can be confirmed are valued and included within the individual’s net worth summary. Source of Funds nonetheless refers to the origin of the particular funds or assets which are the subject of the business relationship between Built and its client. The transactions Built is required to undertake on behalf of the client - the amounts being deposited or remitted. The information obtained should be substantive, relevant and be able to establish the fund’s origin and the method and or circumstances under which the funds were acquired. A prospective customer who wishes to open account on the Built Software shall at the onboarding stage, be obliged to furnish Built with the Source of his or her Wealth and or Source of his or her Funds before business relationship is established. Built Financial Technologies, as part of conducting Enhanced Due Diligence (EDD) on its high risk customers – individuals and entities or its business partners, shall collect and verify information relating to their Source of Wealth and or Source of Funds.

MANUAL

6.0Leading Issues on Identity

6.1Definition of Identity

Identity is defined as a set of attributes, including names used, date of birth, physical features, and the residential address at which a customer may be located, all of which can uniquely identify a natural or legal person. For a natural person, the date of birth should be obtained as an important identifier in support of the name. However, it is not mandatory to verify the date of birth provided by the customer.

6.2Timing of Verification of Identity

Identity must be verified whenever a business relationship is to be established, or a one-off transaction or series of linked transactions is undertaken. For the purpose of this manual, the definition of transactions includes the giving of advice. However, advice does not include the provision of information about the availability of products of services or to a first interview/discussion prior to establishing a relationship. Once identification procedures have been satisfactorily completed, and the business relationship established, as long as contract or activity is maintained and records concerning that customer are kept, no further evidence of identity is needed when any transaction or activity is subsequently undertaken.

6.3Persons whose Identities should be verified

(a)Customers: Sufficient evidence of the identity must be obtained to ascertain that a customer is who he/she claims to be.

(b)A person acting on behalf of others: The obligation is to obtain sufficient evidence of their identities.

(c)Furthermore there is no obligation to look beyond the client where:

(d)Higher risk businesses undertaken for private companies (i.e. those not listed on the stock exchange): Adequate evidence of identity and address should be verified in respect of:

(e)Officers of Built should be alert to circumstances that might indicate any significant changes in the nature of the business or its ownership and make enquiries accordingly.

(f)Trusts: Built Officials should obtain and verify the identity of those providing funds for the trust, i.e. the settler(s) and those who are authorized to invest or transfer funds, or make decisions on behalf of the trust, i.e. the principal trustees and controllers who have power to remove the trustees.

7.0Identification Procedures

7.1General Requirements

(a.)A prospective client signing up onto the Built software should at all times provide adequate identification evidence to show that he/she is a real person or organization (natural, corporate or legal). Where reliance is being placed on a third party to identify or confirm the identity of a prospective client, the overall legal responsibility for obtaining satisfactory identification evidence rest with the account-holding

(b.)The requirement in all cases is to obtain satisfactory evidence that a person of that name lives at the address given and the applicant is that person, or that the company has identifiable owners and that its representatives can be located at the address given.

(c.)Since no single form of identification can be fully guaranteed as genuine or representing correct identity, the identification process should be cumulative.

(d.)Adequate steps should be taken to avoid single or multiple fictitious applications or substitution (impersonation) fraud.

(e.)An introduction from a respected customer, personally known to a Director or Manager, or from a member of staff, will often provide some comfort but should not replace the need for identification evidence set out in this manual. Details of who initiated and authorized the introduction should be kept in the customer’s mandate file together with other records.

8.0Certification of Identification Documents

8.1aPostal

To guard against the dangers of postal interception and fraud, prospective customers should not be requested to send originals of valuable personal identity documents (such as international passport, identity card, driver’s licence. etc.) by post.

8.1bFace to Face Contact

Where there is no face-to-face contact with the customer, and documentary evidence is required, copies certified by a lawyer, notary public/court of competent jurisdiction, banker, accountant, senior public servant or person of appropriate seniority in the private sector, should be obtained. The person doing the certificate must be known and capable of being contacted, if necessary.

8.1cForeign Nationals

With respect to foreign nationals, the copy of international passport, national identity card or documentary evidence of address, should be certified by:

• An Embassy, Consulate or High Commission of the country of issue;
• A Lawyer, Attorney or Notary Public.

8.1dCertified Copies

Certified copies of identification evidence should be duly stamped, dated and signed: ‘’original sighted by me’’, by a senior officer of Built. Officers should always ensure that a good reproduction of photographic evidence of identity is obtained and failing that a copy of the evidence certified as providing a good likeness of the applicant.

9.0Establishing Identity

(a)Before signing up on the Built software, the following information should be provided by the person signing up.

(a)The information obtained should clearly establish that a person of that name exists at the address given and that the applicant is that person. Where an applicant has recently changed residence, the previous address should be validated.

(c)A risk-based approach should be adopted in verifying the identity of each customer. Thus, the extent and number of checks will vary, depending on the perceived riskiness of the service or business sought and whether the application is made in person or through a remote medium, such as telephone, post or the internet. Furthermore, the actual or anticipated source of funds, i.e. how the payment was made, from where and by whom, should always be recorded to provide an audit trail.

10.0Establishing Identity for Politically – Exposed Persons (PEPs)

10.1Who are Politically Exposed Persons?

These are persons who are or have occupied high public office (See AppendixIV for a comprehensive list of PEPs). There is, thus, a possibility that such persons may abuse their public powers for unjust and illicit personal gain through the receipt of bribes, frauds, etc. Business relationship with such PEPs or entities associated with them may expose Built to significant reputational and/or legal risks. Accepting and managing funds from corrupt PEPs will seriously damage Built’s reputation and could erode confidence in the financial system. Furthermore, the legal repercussions could be costly since, in certain circumstances, Built and/or its officers and staff may be liable to criminal sanctions against money laundering if they know, or should have known, that the funds in question derived from corruption or other predicate offences. Thus, all the relevant AML laws and regulations, including suspicious transaction reporting, tipping off, etc., apply.Heavy fines have been imposed on financial institutions for conducting business with PEPs without adequate KYC and enhanced due diligence procedures. Even in the absence of an explicit legal requirement, it is undesirable and unprofessional for a financial institution to accept or maintain a business relationship if the institution knows or must assume that the funds derive from corruption or misuse of public assets. In the circumstances, it is imperative on Officers representing Built when entering into a relationship with a person who is suspected of being a PEP to identify that personality fully as well as persons and entities that are clearly related to the PEP.

10.2Due Diligence Procedures In Respect Of PEPs

To enable Built guard against inadvertently dealing with PEPs, in addition to the standardized KYC procedures, Officers should adopt the following processes:

10.3Other Higher Risk Accounts

For other higher risk accounts or customers, similar steps should be taken to ascertain the source of wealth/funds.

10.4Lower Risk Accounts

Even for lower risk accounts there is an overriding requirement for all Officers to satisfy themselves on the identity and address of the customer.

11.0Establishing Identity of Natural Persons Resident in Ghana

11.1Trusts, Nominees and Fiduciaries

The confirmation of name and address should be established by reference to a number of sources. The checks should be undertaken by cross validation that the applicant exists at the stated address either through the sighting of actual documentary evidence, or by undertaking electronic checks of suitable databases, or by a combination of the two. The primary responsibility for ensuring that the identification evidence is satisfactory rests with the Officers of Built Financial Technologies.

11.2Documentary Evidence of Identity

Care should be taken to ensure that documents submitted are originals in order to avoid the acceptance of forged documents. Copies of documents dated and duly signed, ‘original seen’ by a senior public servant or a person of comparable status in a reputable private organization may be accepted, pending the submission of the original documents.

11.3Checklist of Acceptable Documentary Evidence of Identity

Personal Identity Documents

11.4Physical Checks On Natural Persons Resident in Ghana

Built should have systems that enable it to establish the true identity and address of a customer and effective checks that protect against the substitution of identity by an applicant.

• Making telephone contact with the applicant prior to opening the account on an independently verified home or business number, or a call to the customer before transactions are permitted, utilizing a minimum of two types of personal identity information that had been previously provided during the setting up of the account; and
• Using card or account activation procedures.

11.5Electronic Checks

Where feasible, electronic checks may be used to verify evidence of identity and address through other different original sources as an alternative or supplement to the documentary evidence provided.

11.6Special Note On Non-Face-To-Face Identification

Non-face-to-face customers, whether resident or non-resident, pose increased potential risk of false identities and impersonation. Thus, extra care should be exercised in such cases by supplementing documentary or electronic evidence with additional checks to ascertain that each customer in the above category is actually who he claims to be.

11.7Establishing Identity: Legal Persons Trusts, Nominees and Fiduciaries Cautionary Note

Trusts, nominee companies and fiduciaries conduct a wide variety of commercial activities and often play important and legitimate roles in the global economy. However, the unique features of trusts which attract genuine operators and the anonymity and complexity of structures which they often provide, all tend to make them attractive for criminal activity. Accordingly, there have been general concerns about the misuse of corporate vehicles by criminals to disguise and convert the proceeds of their illegal activities and the use of trusts and other quasi-corporate entities to facilitate such misuse. Given that trusts and other quasi-corporate entities take different forms and are pervasive, the money laundering risk should be identified and managed on a service-by-service basis. Thus, customer identification procedures should be established to reflect the perceived Identity of the trustee(s), the settler(s), i.e. the provider of the funds, the controllers (who have the power to remove the trustees) beneficiaries, and signatories should be verified . The underlying evidence of identity should be kept together with the account- opening records.

12.1.1Receipt and Payment of Funds On Behalf Of Trusts

Built officials should check monies received or payments made on behalf of trusts to identify the source of the funds and the nature of the transactions and ensure that adequate due diligence has been observed Built on the underlying client and the origin of the funds.

13.0Identification Procedures for Corporate Entities

13.1General Principle

There is particular concern over the ease with which corporate entities could be created and dissolved in some jurisdictions which facilitates the use of these vehicles not only for legitimate purposes but also for criminal activities, such as money laundering. Given the potential risk of misuse of corporate vehicles and the AML protection afforded by factors such as the quality of available information, knowledge of the ultimate beneficial owners as well as the assets and their business objectives, Built officials should obtain beneficial ownership information and perform customer due diligence at the commencement, and during the course, of a business relationship. This is particularly the case at the wallet-opening stage. Furthermore, Built Management should painstakingly verify the legal existence of the company from official documents or sources and that those persons claiming to act on behalf of the company are duly authorized.

13.2Identification Requirements

The underlying principles of customer identification for natural persons also apply to corporate entities, especially where the identification and verification of natural persons is involved in the relationship with corporate entities. For corporate entities, the following information should be obtained:

• Registered corporate name and any trading names used;
• Registration or incorporation number;
• Principal place of business operations;
• Mailing address;
• Contact telephone and fax numbers;
• Names of Directors and secretary as specified in Form 3;
• Original or certified copy of the certificate of incorporation and the Regulations
• The nature of the company’s business and its legitimacy; and
• The resolution of the Board of Directors to open an account and identification of the signatories to the account.

Built Management should verify the information obtained by, at least, one of the following methods:

• Reviewing a copy of the latest report and accounts (audited, if available) for established companies;
• Conducting an enquiry through a business information service or an undertaking from a reputable and known firm of lawyers or accountants certifying the documents submitted;
• Undertaking a company search and/or other commercial enquiries to see that the institution has not been, or is not in the process of being, dissolved, struck off, wound up or terminated;
• Utilising as and when available independent information verification processed, such as accessing public and private databases;
• Visiting the corporate entity, where feasible; and
• Contacting the corporate entity by telephone, mail or e-mail.

13.3Due Diligence Procedures for High Risk Business

For private companies and other legal entities undertaking higher risk business, Built Management should, in addition to the usual requirements for companies, seek to lift the corporate veil and identify those who have ultimate control over the business and the company’s assets. Identification evidence is required for those shareholders who have significant shareholding (as defined by competent authority) and those who are mandated to manage funds, accounts or investments without further authorization and are thus in a position to override internal procedures and control measures. In keeping with a risk-based approach, identification evidence should be obtained not only for the principal beneficial owners and those who exercise control over the assets of the company but also the non-executive directors. Built Management should undertake a visit to the place of business if the volume is large enough not only to confirm the existence of the business and the nature and purpose but also its legitimacy. An international business company which is registered in an offshore jurisdiction but operates out of a different jurisdiction requires particular attention. Accordingly, such companies should be subjected to rigorous customer due diligence procedures.

13.4Identification Procedure for Foreign Financial Institutions

Confirmation of existence and regulated status of a foreign financial institution should be carried out by checking with, at least, one of the following sources:

• The home country Central Bank or relevant supervisory body; or
• Another office, subsidiary, branch, or correspondent bank in the same country; or
• A local correspondent bank of the overseas institution; or
• Evidence of its licence or authorization to conduct financial and/or banking business.

International publications and directories or any of the international business information services may also be used to reinforce any of the above sources.

14.0Identification Procedures for Other Institutions and Bodies

14.1aClubs and Societies

With respect to applications made on behalf of clubs or societies, Built Management should be satisfied about the legitimate purpose of each organization by sighting its constitution. The identification requirements prescribed for natural persons apply to the key officers of clubs and societies.

14.1bCharity

When processing an application by a charity to open an account, Built Management should satisfy itself that the charity is registered and has a legitimate purpose by sighting its constitution. Satisfactory evidence of the identity of the authorized signatories if they are not already known to the institution, in keeping with the due diligence requirements for natural persons, should be obtained

14.1cReligious Organization

Built Management should verify the identity of a religious organization by confirming its status with the company registry. The identity of the signatories to its account should also be duly verified.

14.1dGovernment and its agencies

For Governments and their Agencies, Officers should establish the status of the applicant before opening an account on the Built wallet. A certified copy of the resolution or other document authorizing the opening of the account or undertaking the transaction should be obtained in addition to evidence that the official representing the agency has the relevant authority to act.

14.1eForeign Embassies and Consulates

In respect of Foreign Consulates, there is need to verify the status of applicants requesting to open accounts or undertake transactions in the names of resident Foreign Consulates and any supporting documents by reference to the relevant Government Ministry or competent authority