ANTIMONEY LAUNDERING AND COUNTERING FINANCING OF TERRORISM PRESENTED

ANTI-MONEY LAUNDERING AND COUNTERING FINANCING OF TERRORISM PRESENTED BY JOHN NKEMAKONAM AKUJIEZE CERTIFIED COMPLIANCE OFFICER AND FELLOW GAFM LL. B, LL. M, B. L, MBA

Outline Section 1: Introduction Section 2: Anti-Money Laundering (AML)/Countering Financing of Terrorism (CFT) Section 3: Components of AML/CFT NAICOM Guidelines Section 4: Know Your Policy Holder Section 5: Suspicious, Currency & Foreign Transactions Section 6: Political Exposed Persons (PEPs) Section 7: Internal Control & Record Keeping Section 8: Sanctions Provisions Section 9: Staff Responsibilities Section 10: Questions and Answers

Objectives At the end of the session, given the right level of participation, –We would be able to have a better understanding of the concept of Money Laundering and Terrorist Financing. –We would be able to learn the sound principles of AML/CFT –We would at all material times ensure that the Company is in full compliance with all statutes, regulations and guidelines and adhere to sound and recognized practices. –We would ensure that the company would not become a victim of illegal activities perpetrated by its customers.

SECTION 1 - INTRODUCTION The Financial Action Task Force (on Money Laundering) (FATF), also known by its French name, Groupe d'action financière (GAFI), is an intergovernmental organization founded in 1989 on the initiative of the G 7 to develop policies to combat money laundering. In 2001, its mandate expanded to include terrorism financing. There are currently 37 members of the FATF; 35 jurisdictions and 2 regional organisations (the Gulf Cooperation Council and the European Commission). These 37 Members are at the core of global efforts to combat money laundering and terrorist financing. The original FATF Forty Recommendations were drawn up in 1990 as an initiative to combat the misuse of financial systems by persons laundering drug money. In 1996 the Recommendations were revised for the first time to reflect evolving money laundering typologies In October 2001 the FATF expanded its mandate to deal with the issue of the financing of terrorism, and took the important step of creating the Eight Special Recommendations on Terrorist Financing. These Recommendations contain a set of measures aimed at combating the funding of terrorist acts and terrorist organisations, and are complementary to the Forty Recommendations. A key element in the fight against money laundering and the financing of terrorism is the need for countries systems to be monitored and evaluated, with respect to these international standards. As a member of the GIABA, Nigeria has an obligation to implement FATF policies in order to combat money laundering and terrorist financing.

INTRODUCTION (Contd. ) Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)) Regulations was first introduced in 2006 as KYC Guidelines and Guidance Notes, under the provisions of the Money Laundering (Provision) Act 2004. The Regulation was revised and reintroduced in 2011 as AML/CFT Guidelines for the Insurance Industry, under the provisions of the Money Laundering (Provision) Act 2011, and Terrorism Prevention Act 2011. Further revised and reissued in 2012 as AML/CFT Guidelines for the Insurance Industry, to meet Due Diligence requirements of the FATF 40 Recommendations (R. 5 of the 2003 version). Revised again in 2013 as AML/CFT Regulations, under the Provisions of the Money Laundering (Prohibition) Act 2011(as amended) and Terrorism Prevention Act 2011(as amended). The Regulations (2013) is applicable to all Insurance Institutions in Nigeria including their Agents and Insurance Brokers, and to all insurance transactions. The revised AML/CFT Regulations are therefore critical for ensuring compliance with the extant AML/CFT regime. Effective compliance with the Regulations requires that stakeholders should be sufficiently exposed to its provisions.

Outline of NAICOM’s AML/CFT Regulations 2013 Part I-Objectives and Application Part II-AML/CFT Institutional Policy and Programme Part III-Customer Due Diligence Measures Part IV-Suspicious Transactions (STR) and Currency Transaction Report (CTR) Part V-AML/CFT Training Part VI-Designation of Compliance and Reporting Officers Part VII-Internal Control Measures and Record Keeping Part VIII-Other High Risk Activities Part IX- Sanctions

SECTION 2 – ANTI-MONEY LAUNDERING AND COUNTERING FINANCING OF TERRORISM Money Laundering is the criminal practice of filtering ill-gotten gains or ‘dirty’ money through a series of transactions so that the funds are ‘cleaned’ to look like proceeds from legal activities Money Laundering is the process of integrating the proceeds of crime into the legitimate stream of financial commerce. profi such are as drug Most crimes motivated t, trafficking, extortion, by frau smuggling and sales. d, Others such as terrorism are not necessarily arms motivated by profit. Most countries have made money laundering a crime in an effort to prevent criminals from profiting from their activities. Money laundering is the process that criminals use to erase the connection between the crime and the money, concealing the criminal source of the funds A 7 process to make illegitimate funds appear legitimate

HOW IS MONEY LAUNDERED? The methods and techniques of money laundering are depicted in the three (3) stages associated with the crime as shown in the former slide. The Three (3) stages could occur concurrently or overtime. The 3 stages are: Placement This is the first stage in the money laundering process in which the proceed of crime is introduced into the legitimate economy. The introduction of the proceeds of crime could be through the products and services offered by Financial Institutions (FIs). Examples include through Banks, insurance companies or stock broking firms. It could also be through Designated Non. Financial Institutions (DNFIs) such as Casinos, On-line gaming, Supermarkets, Hotels, Estate and Property sectors. This is the most visible stage of money laundering. In order to avoid visibility and suspicion proceeds of crime are often times broken down into smaller units of transactions by an individual in a technique called structuring.

HOW IS MONEY LAUNDERED? (Contd. ) Layering This is the second level in the chain of events. This is the stage at which complex layers of transactions are conducted to achieve the following. I. Concealment and disguise of the source and origin of the proceeds. II. Separating the proceeds from the beneficiaries III. Breaking the audit trail The key success factor for layering is to be able to erase or break the transaction trail. This is referred to as breaking the audit trail Once the trail between the source of the proceeds of crime and the ultimate beneficial owner is broken and cannot be recreated by law enforcement agencies the perpetrators move to the last stage. Integration This is the last stage where the proceeds of crime have now changed form. They have been converted into legal assets. The legal assets are now reintroduced as legitimate proceeds.

Some stories you have heard. . . ? Money Laundering: EFCC arrests Zenith (Properties) MD Daily Trust, October 22, 2012 Between 2001 and 2010 Nigeria ranked 7 th of top 10 developing countries with illicit financial outflows to tax havens Business World Online, Feb. 25, 2013 CBN revokes the licenses of 101 BDCs for money laundering offences CBN website , February , 2014 B. . . Others arraigned over N 4 b Ibori loot. www. plateaustate. gov. ng/newsletter=357 January 18, 2013 Dutch firm laundered money for Libyan regime of Gadafi Wall street Journal March 27, 2014 EFCC arraigns account officer of an old generation Bank for failure to carry out customer due diligence (CDD) on BDC customer Punch , February 11, 2014 US Regulators, under pressure from Congress, look to punish bankers for ML Compliance Complete, March 11, 2013 Soc. Gen stays in talks over potential US sanctions breach Compliance Complete March 7, 2013 Money laundering: Nigeria seeks repatriation of $450 m Laundered by Abacha Guardian , March , 2014 Nigeria removed from FATF grey list - FATF October, 2013

What is Terrorist Financing? Terrorist financing provides funds for terrorist activity. The main objective of terrorist activity is to intimidate a population or compel a government to do something by killing, seriously harming or endangering one or more persons; causing substantial property damage that is likely to seriously harm one or more persons; or seriously interfering with or disrupting essential services, facilities or systems. There are two main sources of terrorist financing – financial support from countries, organizations or individuals, and revenue-generating activities that may include criminal activities. The second source, revenue generating activities, may involve drug trafficking, human trafficking, theft, robbery and fraud to generate money. Funds raised to finance terrorism usually have to be laundered and thus anti-money laundering processes in Insurance and other reporting industries are important in the identification and tracking of terrorist financing activities

Difference Between Terrorist Financing and Money Laundering

Section 3: Components of an Effective AML Program A documented and written KYP/AML policy. Appointment of a Chief Compliance Officer A comprehensive Know Your Policy Holder (KYP) program: Customer identification requirements, identification of High Risk Businesses and accounts, profiling of customer, identification of politically exposed persons. Enhanced Due Diligence (EDD) process for high risk accounts. Monitoring of account activities. Procedures to review and report suspicious transactions to management and government authorities. AML/CFT training: Staff training to increase money laundering awareness. Well documented Compliance/Internal Control procedures. Quality Assurance/Internal Audit Review Program. An experienced Anti-Money Laundering Compliance Unit. Close interaction with law enforcement, NAICOM, SEC, NFIU and Other Regulators.

General Requirements of NAICOM AML/CFT 2013 All Insurance Institutions must have an AML/CFT program as a condition for license renewal Development of electronic data base for all records retention and preservation. Direct employees in writing to comply with the laws and regulations Assure all employees of protection from victimization for making confidential report to Chief Compliance Officer File training report on or before 31 st Dec of the preceding year Identify and Report any proceed of crime to NFIU Conduct Risk classification for all Policy Holders All staff members and agents must attend minimum of two training in year Render Monthly Report on PEP transaction Sanction against erring Staff/Director Establishment of a sanction Desk Officer to conduct name matching from sanction list. Penalty of not less than a One Million Naira (N 1, 000) and additional Ten Thousand Naira (N 10, 000. 00) for each day the offence subsists

Section 4: KNOW YOUR POLICY HOLDER (KYP)

Essential Elements of a Sound KYP Regime Customer Acceptance policy Customer Identification Policy Ongoing Monitoring of Accounts (i. e. PEPs) and transactions Risk Management March 12, 2017 Risk Management

Customer Acceptance Policy (CAP) The following Customer acceptance policy (CAP) indicates the criteria for acceptance of customers by the company: Opening an Account /Issuing a Policy • No policy shall be incepted in Anonymous, Fictitious or Pseudo Names. • No policy shall be issued in the names of persons with a criminal background and/or having connections with terrorist organizations. Parameters of Risk Perception • The parameters of risk perception shall be clearly defined in terms of the nature of business, location of policyholder and his clients, mode of payments, volume of transaction, social and financial status etc. this will enable categorization of the customers into Low (level 1), Medium (level 2) and High Risk (level 3). • No financial sector business is immune from the activities of criminal elements. The level of Money Laundering Risk that the Company is exposed to by a customer relationship depends on but is not limited to: – Type of the customer and nature of business – Type of product/service availed by the customer – Country where the customer is domiciled

Customer Acceptance Policy (CAP) Continued • • • Customers requiring high level of monitoring for example political exposed persons (Pe. Ps) are categorized as High Risk (Level III). Senior management approval in writing must be obtained before entering into any business transaction with a high risk customer. Documents and other information shall be collected from the customer depending on perceived risk and keeping in mind the requirements of the MLPA, 2011 and NAICOM AML/CFT Regulation 2013 and other regulatory guidelines issued by the NAICOM and other statutory bodies from time to time. Members of staff in the Underwriting and Reinsurance departments shall consult the company’s Sanctions Desk to ensure that the Company’s prospective policyholders and/or existing ones are not in any way involved in terrorist financing and that they do not appear on any sanctions list.

Customer Acceptance Policy (CAP) Continued The risk to the customer shall be assigned on the following basis. Low Risk (Level I) Individuals (other than High Net worth clients) and entities whose identities and source of wealth can be easily identified and/or transaction in their accounts by and large conform to the known profile may be categorized as low risk. The illustrative example of low risk customers could be salaried employees whose salary structures are well defined, and people belonging to the lower economic strata of the society. Others include Government owned companies and departments, regulators and statutory bodies, Public companies (listed on the stock exchange or similar situation) that are subject to regulatory disclosures, Financial institutions provided they are subject to AML/CFT&P requirements, Customers whose identity and source of wealth can be easily identified and their transactions by and large conform to the known profile e. t. c. In all these cases only the basic requirements of verifying the identity and location of the customers shall be met. The Company should prepare a profile for each customer based on risk categorization.

Customer Acceptance Policy (CAP) Continued Medium risk (level II) Customers that are likely to pose a higher than average risk to the Company may be categorized as medium or high risk depending on the customer’s background, nature and location of business activity, country of origin, sources of funds and the client profile etc: such as his personal business /industry, where he lives or his place of business, and if he has a history of unlawful trading / business activity. Medium risks include but is not limited to the following Bank Financial Institution, Stock brokerage Firms, Import / Export Companies, Gas Stations, Car / Boat / Plane Dealership, Electronics Dealership (wholesale), Travel agency e. t. c High Risk (Level III) Members of staff must carry out an Enhanced Due Diligence (EDD) for high risk customers, especially those for where the sources of funds are not clear. The example of customers requiring this higher level of due diligence includes Politically Exposed persons (PEPs), Financially Exposed Persons (FEPs), High Net worth Individuals, Non Resident Customers, Trusts, Charities, NGOs and Organizations receiving donations e. t. c Senior Management approval in writing must be obtained before any transaction is carried out with a High Risk Customer.

Customer Identification Procedure (CIP) Meaning of CIP • The first requirement of knowing your customer for anti-money laundering purposes is to be satisfied that a prospective customer is who he/she claims to be. • The second requirement of knowing the customer is to ensure that sufficient information is obtained on the nature of the business that the customer expects to undertake or any expected, or predictable pattern of transaction. • Customer identification means to identify the customer and verify his/her identity using reliable and independent documents such as utility bills or non documentary sources such as visitation or 3 rd party verification report. Members of staffs need to obtain sufficient information from the customer, which is necessary to establish, TO THEIR SATISFACTION the identity of each new customer, whether regular, occasional or walk-in and the purpose of the intended nature of relationship.

Risk Assessment Requirement AML/CFT poses numerous risks to the company. Equity Assurance therefore considers management of the following risks as critical to its stability. Regulatory and legal risk This is the risk the company faces as a result of violation of laws, rules and regulations designed to prevent ML/TF&P. Operational or transaction risk This arises when fraud and errors are not successfully controlled. The consequence is an adverse effect on the insurer’s ability to deliver its products and services. The risk can arise in any product that can be used to launder money or finance terrorism. Reputation risk Adverse and negative publicity on the insurer due to compliance and legal risks could result in reputation damage of the company. Underwriting risk The risk associated with perils covered by the insurance products and with the specific processes associated with the conduct of insurance business may be exceptionally high if launderers/terrorists are encouraged to do business with the company. Liquidity risk This can occur as a result of reputation risk on the insured (i. e. if the company is linked with AML/CFT infractions) and the resultant withdrawal/surrender/termination of policies resulting in high out of pocket expenses.

Monitoring Transactions Occasionally policyholders may seek to deliberately build up a degree of trust before they use their policy for criminal or and terrorist financing purpose. Both corporate and individual policyholders can be implicated in money laundering and terrorist financing, therefore any product or service offered by the company is a potential medium for either activity. The nature of the business must be established when the policy is requested and that is the initial yardstick by which staff will measure whether the policy is in line with the expectations or whether suspicious transactions are being passed through. It is the early period of a new policyholder relationship that represents the greatest vulnerability and warrants close attention. It is also vital that the company accepts every opportunity to update information on policyholders in order to maintain a high standard of monitoring. Attention should also be given to ensuring that documentation is reviewed on a regular basis and is automatically updated when events such as change of address, termination/surrender, or change of beneficial occurs. It is important there is steady stream of CDD information received and that policyholder information is requested and received from the insured.

Key Areas that a Good Compliance Manual Should Address All customers of the Company are screened against approved watchlists (OFAC List, PEP List, etc. ) Before establishing relationship, customers must be classified as High, Medium or Low Risk All High Risk Accounts will require additional due diligence and continuous monitoring Relationship with High Risk Customers (PEP/NGO/Agent, Insurance Brokers, Loss Adjuster etc) must be approved by the Executive Director, Technical & Operations before commencement. There is a PEP checklist to be filled in order to identify PEPs Before establishing relationship, Policy Holders must provide certain basic information

CUSTOMER INFORMATION REQUIRED In an effort to reduce money laundering, corruption, fraud and other financial crimes, both local and international regulators have come up with minimum customer information required to identify a client. In compliance to the regulations, all financial institutions have been directed to establish Customer Identification Programs (CIP). This simply means that for every customer who wants to open an account, we must have the following information: First name Last name Mother’s maiden name Date of birth Occupation Street address – not P. O. Box; not C/O; not P. M. B A valid means of identification BVN Nationality Telephone Email etc. 29 March 12, 2017

Documentation for Corporate Accounts 31 Copy of certificate of incorporation/Business registration Certified true copy of Form CO 7/CO 2 Certified true copy of Memo and Articles of Association 2 Passport size photographs of authorized mandates of the insured Photocopy of valid means of identification Board Resolution (signed by Two Directors or One Director and Company Secretary (Limited Liability Company) 2 Referees Resident permit (Non-Nigerians) Address Verification Document (where BVN is not available) KYC / Account Opening form & Risk Assessment Visitation report for premises March 12, 2017

Customer Information Required (contd. ) For Corporate Customers: get this additional information Incorporation/Registration number The type of the business The business address Foreigners residing in Nigeria: get this additional information Passport number Country of issuance Date of issuance Expiry date Combined Expatriate Residence Permit and Aliens Card (CERPAC resident permit) Bank Verification Number (BVN where available) For foreigners not resident in Nigeria Notarized means of ID & Utility Bill 30 March 12, 2017

GUIDELINES FOR FILLING UP THE KYP Policy Holder KYP Form The Application Form should be completed in ENGLISH and in BLOCK LETTERS. Forms should be filled with legible handwriting so as to avoid errors. Submit Proof of Identity document and a Proof of Address document. The signature on the KYC Form should be that of the insured.

Section 5 - Suspicious and Currency Transactions Regulation 17 -(2) Where in the process of establishing a business relationship, an insurance institution is unable to conclude the verification process because the customer or broker refused to provide the required document or information, such conduct shall be considered suspicious and shall be reported to NFIU immediately. (3) Where an insurance institution reasonably suspects that the source of funds is the proceeds of a criminal activity, it shall report it. (4) Where an insurance institution reasonably suspects that a transaction has a link with terrorism, it shall report its suspicion to NFIU immediately and without delay but not later than 24 hours. (5) It shall amount to reasonable suspicion under sub- regulation (4) of this regulation where the insurance institution has sufficient reasons to suspect that the funds in question (a) are intended to be used for an act of terrorism, notwithstanding that such funds derive from either legal or illegal sources; (b) are proceed of a crime related to terrorism financing; or (c) belong to a person, entity or organization considered as a terrorist. (6) Where an insurance institution makes a report to NFIU under subregulation (4) of this regulation, the report shall state (a) the information giving rise to the suspicion; (b) any information it has on a person through which the person can be identified; and

Suspicious and Currency Transactions Contd. (c) the nature or amount of funds or economic resources held by the insurance institution on behalf of the person at any time preceding five years to the time the suspicion in review arose. (7) Where an insurance institution is unable to ascertain the identity of the beneficiary or beneficial owner of a life or other investment related insurance product or where it is unable to determine risk factors applicable to the beneficiary or beneficial owner, it shall file an STR with NFIU immediately. (8) Structuring of financial transactions by an insurance institution or customer shall be reported as suspicious transactions to NFIU immediately after occurrence. (9) No insurance institution, its directors, officers or employees shall disclose the fact an STR or related information will be reported, or has been reported to NFIU or other appropriate authorities. (10) An insurance institution shall ensure that (a) there is a clear procedure for staff to report suspicion of money laundering and the financing of terrorism without delay to the Compliance Officer or Money Laundering Reporting Officer; and (b) there is a clear procedure for reporting suspicion of money laundering and the financing of terrorism without delay to NFIU.

Never Tip Off! Tipping off is where a person knowing or suspecting that a disclosure has been made to the NFIU, or a compliance officer, then discloses to any third person any matter that is likely to prejudice an investigation which might be conducted as a result. Simply, it is a criminal offence of disclosing a suspicious activity report (SAR/STR) to a third person that a SAR/STR has been made by any person to the police, NFIU or any Regulator/Law Enforcement if that disclosure might prejudice any money laundering investigation that might be carried out as a result of the SAR The offence could attract up to 3 years imprisonment more or athan fine N 1, 000 of N 500, 000 and andfive not years ban from profession

Section 6: Politically Exposed Persons (PEPS) Introduction Who is a Politically Exposed Person (PEP) Risk classification of a PEP account Due diligence procedures for PEP customers How to identify a PEP Additional controls and Procedure for monitoring PEP transactions What to do when we underwrite a policy for a PEP customer Why focus on PEPs 4 4 March 12, 2017

Who is a Politically Exposed Person? A politically Exposed Person (PEP) in line with the company’s KYC and Anti-Money Laundering Policy manual is an individual who occupies, has recently occupied, is actively seeking or is being considered for a senior position in the government of the country, state or local council or a political party, government owned corporation or in the armed forces or the Police. In 4 5 addition, this may include an immediate family member of the individual referred to above, a senior adviser closely associated with the individual or a legal entity owned 25% or more by the individual referred to above or his close associates as defined. This should also include accounts where any Am I a PEP?

Risk Classification of Peps Accounts PEPs are a special category of customers. PEPs are designated as high risk customers because of the proximity and influence they have over government assets. PEPs generally present a high risk for potential involvement in bribery and corruption. financial institutions view clients as such potential compliance risks and Perform monitoring of enhanced accounts that fall within this category. Most 4 7 March 12, 2017

How to Identify a PEP Have a good understanding of who a PEP is Put in place a good customer due diligence process Ask the customer the right questions Perform a database check e. g. using a PEP database Refer to publicly available information. Carry out background check 4 8 March 12, 2017 on the Internet using search engines. Conducting ongoing transaction monitoring of a business relationship helps reveal patterns that are unusual or difficult to explain which triggers further inquiry into the customer’s

Controls and Procedures for Monitoring PEP/NGO accounts All accounts designated as “PEP” accounts will be opened only with the approval in writing of the Managing Director/CEO or the designate in this case who is an Executive Director. All PEP/FEP policies, irrespective of amount, will be signed off by the Managing Director/CEO. Where an existing customer of the company becomes a PEP/FEP, the designated Executive Director’s approval must be obtained in order to continue the business relationship. All “PEP/NGO” accounts shall be flagged on the Legend system on a special status such that the status appears whenever any inquiries or transactions are done on them. All transactions on “PEP/NGO” account equal to /greater than N 5 million or the equivalents in other currencies must be approved in writing by an Executive Director. 4 9 March 12, 2017

Controls and Procedures for Monitoring PEP/NGO Policies A weekly report on all PEP/NGO related transactions should be sent to the Managing Director and copied to the Chief Compliance Officer (CCO). In other words all PEP/NGO policies will be flagged and monitored weekly. A monthly return on all PEP transactions must be rendered to the NAICOM and Nigerian Financial Intelligence Unit as required by the AML/CFT Compliance Manual. Any form of suspicious transaction on PEP/NGO account must be reported to NAICOM, Nigerian Financial Intelligence Unit (NFIU) and other relevant authorities immediately it occurs. On a semi-annual basis, all “PEP/NGO” accounts will be reviewed by the Compliance unit to ensure that all the aforementioned processes and procedures are being followed in the management of these accounts. Any other deviation will be reported to the Managing Director/CEO. 5 0 March 12, 2017

What to do when we underwrite a policy for a PEP customer Once identified , a PEP has to be classified and considered as a 5 1 high-risk customer. Seek Senior management approval to open the account. Place on PEP customer watch list Conduct customer identification and verification checks i. e gather information on the customer and verify the information. Apply graduated Enhanced Due Diligence on the PEP customer in order to take account of the real risk posed by each individual PEP customer. The EDD measures to be applied include : Identification of beneficial owner : beneficial owner refers to the natural persons(s) who ultimately own or control a customer or transactions, beneficiaries, controllers or relevant third parties. Those who control include directors, trustees, guardians, attorney and founder of a foundation. A written declaration of beneficial owner of all customers is a critical first step in the identification and verification of beneficial ownership. Identify and verify the source of wealth and source of funds : This process provides key information that can assist a bank in determining whether a PEP is a legitimate customer. March 12, 2017

What to do when we underwrite a policy for a PEP customer (Cont'd) The tools to establish source of wealth and source of funds include obtaining information directly from the customer, with corroboration through documentation (for example, contracts, agreements for lease or sale, wills, court orders ) internet searches and intelligence from referrals or in-country sources. Why focus on PEPS? Corruption has a devastating effect on the economy and development of countries. In the world’s some poorest countries, anof individual corrupt PEP can have a disproportionate impact on a country or region. PEP’s pose a substantial legal and reputational risk to a financial system Standard CDD is not sufficient, as identified in some scandalous cases. Low numbers of PEP customers are not necessarily indicative of low numbers of corrupt PEPs. Corrupt PEPS are becoming more effective in hiding their identity through associates , legal entities, and 52

Section 7: Internal Control and Record Keeping Regulation 21 -(1) An insurance institution shall on a regular basis, carry out independent review of its AML/CFT Programme Regulation 22 –(1) An insurance company shall maintain all records of transactions, both domestic and international for at lest five years following completion of the transaction and this requirement applies regardless of whether the contract or business relationship is ongoing or has been terminated, provided that the NFIU and NAICOM may in specific cases require such records for longer periods. (2) The record of transaction required to be maintained shall include: The risk profile of each customer and/or beneficial owner All the data obtained through the CDD process and business correspondences.

Section 8: Sanction Provisions Regulation 28 -(1) Subject to the provisions of the Insurance Act, 2003 and subsisting AML/CFT legislations, contravention of any of the provisions of these Regulations by an insurance institution shall attract a fine of not less than One Million Naira(N 1, 000. 00) and an additional fine of Ten Thousand Naira (N 10, 000. 00) for everyday the offence subsists, and in addition, may include suspension or withdrawal of its operating license. (2) Where a person being the director, senior management, manager or other employee of an insurance institution, either acting alone or in partnership with others, contravenes the provisions of these Regulations under any circumstance, he shall be subjected to any or all of the following sanctions(a) have his appointment terminated on the direction of the Commission and be blacklisted from working in the insurance industry. (b) have the name of the officer penalized and reflected in the institution’s financial statements and published in the newspapers; and (c) report the defaulting staff to the Financial Reporting Council (FRC) and the professional body he/she belongs to, for appropriate disciplinary action.

Section 9: Staff Responsibilities Every employee of the company has personal obligations towards ensuring that the company is not used as a conduit for the laundering of the proceeds of crime. Below are staff legal obligations: Must know its policyholders business Must NOT assist a money or/and terrorist launderer financier Must report suspicious transactions Must not disclose to policyholders or anyone else that they are the subject of a report or under investigation. (Tipping off) Must not destroy documents. Must update themselves on the requirements of law at all times Must report suspected money laundering activities/suspicious transactions to the Chief Compliance Officer. Must comply strictly with the NAICOM’S know-your client guidelines and directives and AML/CFT Regulations.

CONCLUSION Money Laundering and Terrorist financing have wrecked many Countries globally The most critical area of development to stop criminals entering into the financial system is through the “Know Your Policy Holders” and “Know Your Customers’ Business” to enhance the detection of suspicious transactions and effectively join in the fight against financial and economic crimes. Financial Institutions have a responsibility to conduct due diligence on all accounts irrespective of who is involved – in fact the more “important” the person, the greater the need for due diligence. The importance of KYC in AML/CFT compliance cannot be overemphasized and we all have a role to play. Entrenching a culture of compliance would not only minimize the risk of our Company being used as vehicle to launder the proceeds of crime, corruption, financial embezzlement etc but will also help prevent fraud. We must all join hands together to ensure that the operators comply with the AML policies and procedures of our Company.

CASE STUDY – RAYMOND HUSHPUPPI Hushpuppi whose real name is Raymond Igbalodely came into limelight in 2015. Many praise his success for the fact that prior to his emergence into the spotlight, Hushpuppi used to be a ghetto kid. According to the internet sensation, he was born and bred in the Badagary and Oworonsoki areas of Lagos, Nigeria on June 14, 1988. His place of residenc is Dubai, United Arab Emirates and his nicknames are Aja 4, Gucci Master, Aja Puppi. Ray's lifestyle, crazy parties, exclusive designer outfits, and more have sparked speculation about the source of his wealth. What does Hushpuppi do for a living? Ray Hushpuppi job on his Instagram bio, claims that he is a Real Estate Developer. That revelation came only after his friend turned foe, Mompha, was arrested by officials of the economic and financial crime commission. Before the arrest, Ray had not confirmed any particular source of wealth. There is also a rumour that he is a professional scammer who gets wealthy by scamming unsuspecting people online. The rumour started when he took a screenshot to show off his wealth but ended up revealing an email sent by someone he knew. It was determined that the email received on his phone belongs to Jane Woodscrane, who resides in the USA. It was then assumed that he is a scammer who has several fake identities.

CASE STUDY – Continued How much is Ray Hushpuppi worth? Despite never publicly claiming how much he is worth, it is estimated that Ray Hushpuppi net worth is $20 million. This is an assumption based on all his cars, including a private jet, his jewellery, and his over the top lifestyle displayed online. After falling out with his friend, Mompha, he revealed some secrets about Hushpuppi. Mompha claimed that back at home in Nigeria, Ray's mother was a bread seller and his father was a taxi driver Apprehended In June 2020, he was taken into custody alongside Mr Woodbery and several others in Dubai by Interpol and FBI. According to a video that has been circulating on social media, he and his cronies were allegedly surrounded by the officers on the grounds of being internet fraudsters. I understood that the FBI did a great deal of work before they were able to arrest Nigerian millionaire who turned out to be a scammer, Ray Hushpuppi. In a new development, we have found out that a minor mistake Huspuppi made with his last transaction become his waterloo.

CASE STUDY – Continued • Prior to his arrest, Hushpuppi uploaded a screenshot of GTBank credit alert of NGN 300, 000 with an email address that made us curious. The bank account was registered with a suspicious email address – jwoodscrane@yahoo. com. A “social engineer” (SE) took this email address and ran it through a virtual mail registry. Then, performed a number of mappings to determine the social profile of this anonymous identity. When the SE compared the email from the virtual registry with the email from Hushpuppi‘s bank alert, it was a 100% match. But this is not the end. A step further to put a face to the mail address was also done and we see the email address was mapped to a single profile on Facebook, no suggestions or similar profiles at all. It is mapped directly to a single Facebook account: Jane Woodscrane. So as you can see, he has been under the radar of INTERPOL for a period of time after this last episode. .

THANK YOU FOR LISTENING