• Calling days and hours of the governing body of the National Bank of Moldova for citizens.


  • Octavian Armașu, Governor of the National Bank of Moldova

    1st Monday of the month: 14.00-17.00;
    Appointment: +373 22 822 606;


  • Vladimir Munteanu, First Deputy Governor of the National Bank of Moldova

    2nd Monday of the month: 14.00-17.00;
    Appointment: +373 22 822 606;


  • Cristina Harea, Deputy Governor of the National Bank of Moldova

    3rd Monday of the month: 14.00-17.00;
    Appointment: +373 22 822 607;

  • Ion Sturzu, Deputy Governor of the National Bank of Moldova

    4th Monday of the month: 14.00-17.00;
    Appointment: +373 22 822 607.

Please, note the requirements for receiving and examining petitions to the National Bank of Moldova !

Details

 

Main navigation BNM

Expand Hide
04.01.2019

Regulation on requirements related to prevention and combating money laundering and terrorism financing in the activity of non-bank payment services provider No. 202 of 09 August, 2018

 

Note: The translation is unofficial, for information purpose only

Decision
of the Executive Board of the National Bank of Moldova no. 202 of 9 August 2018
on approval of the Regulation on requirements related to prevention and combating money laundering and terrorism financing in the activity of non-bank payment services provider

(in force as of 24.08.2018)

Published in the Official Monitor of the Republic of Moldova no. 321-332 of 24.08.2018, art. 1313

REGISTERED:
Ministry of Justice of the
Republic of Moldova
No.1355 of 21.08.2018

Pursuant to art. 5 par. (1) m), art. 11 par. (1) and art. 27 par. (1) c) of the Law no. 548-XIII of 21 July 1995 on the National Bank of Moldova (republished in the Official Monitor of the Republic of Moldova, 2015, no. 297-300, art. 544), art. 5 par. (2), art. 93 par. (2) letter b) and art. 94 of the Law on payment services and electronic money, no. 114 of 18 May 2012 and art. 13 par. (3) and (14), art. 15 par. (2) of the Law no. 308 of 22 December 2017 on the prevention and combating  money laundering and terrorist financing (Official Monitor of the Republic of Moldova, 2018, no. 58-66, art. 133), Executive Board of the National Bank of Moldova

DECIDES:

1. To approve the Regulation on requirements related to prevention and combating money laundering and terrorism financing in the activity of non-bank payment services providers, (see attached).

2. This decision shall enter into force at the date of publication in the Official Monitor of the Republic of Moldova.


Chairman
of the Executive Board

Sergiu CIOCLEA

Attachment

Approved by the
Decision of the Executive Board
of the National Bank of Moldova
No. 202 of 9 august 2018

REGULATION
on requirements related to prevention and combating money laundering and terrorism financing in the activity of non-bank payment services providers


Chapter I
GENERAL PROVISIONS

1. The Regulation on requirements related to prevention and combating money laundering and terrorism financing in the activity of non-bank payment services providers (hereinafter – Regulation) establishes rules for: identification and assessment by non-bank payment services providers of money laundering and terrorist financing risks, development of internal policies and programs, application of customer due diligence requirements, including customer enhanced due diligence measures; data storage; reporting the suspicious activities and transactions; application of financial sanctions related to terrorist activities and  proliferation of weapons of mass destruction; putting in place and implementation of the elements of the internal control system, as well as other requirements in order to minimize the risks related to money laundering and terrorist financing.

2. The non-bank payment service provider (hereinafter – Provider) shall apply the provisions of this Regulation in business relations with their customers or when conducting transactions (payments) both directly and through agents.

3. The terms and expressions used in this Regulation shall have the meanings stipulated in the Law no. 308 of 22 December 2017 on the Prevention and combating money laundering and terrorist financing, the Law no. 114 of 18 May 2012 on the Payment services and electronic money, Law no. 548 of 21 July 1995 on the National Bank of Moldova, as well as other regulatory acts of the National Bank of Moldova and of the Office for Prevention and Fight against Money Laundering, related to the field of prevention and combating money laundering and terrorism financing.


Chapter II
RESPONSIBILITIES

4. The Provider shall have in place and implement an internal program on prevention and combating money laundering and terrorist financing.

5. The Provider shall have in place an adequate internal control system to identify, assess, monitor and understand the risks of money laundering and terrorism financing. The Provider shall apply all necessary measures and use sufficient resources to minimize the identified risks.

6. The Provider is responsible for developing, approving and ensuring the implementation of the internal program on prevention and combating money laundering and terrorism financing and for compliance of the activity to the provisions of legislation in the field of prevention and combating money laundering and terrorism financing.

7. The Internal Audit subdivision of the Provider or an audit firm/external auditor shall perform, at least annually, an independent assessment of the adequacy and compliance of the Provider's activity with the Program on prevention of money laundering and terrorism financing. The results of the assessment shall be communicated to the responsible manager of the Provider and, on request, to the National Bank of Moldova.


Chapter III
REQUIREMENTS REGARDING THE INTERNAL PROGRAM ON PREVENTION AND COMBATING MONEY LAUNDERING AND TERRORIST FINANCING

8. The internal program on prevention and combating money laundering and terrorism financing represents a series of policies, procedures and other rules, including the customer due diligence procedures, promoting ethical and professional standards on the market for payment services, that aim to prevent organized criminal groups or their associates from using the Providers for money laundering or terrorist financing purposes. This program must ensure that payment operations are carried out in a safe and prudent way.

9. The Provider shall draw up the internal program on prevention and combating money laundering and terrorism financing in accordance with the provisions of the Law no.308 of 22 December, 2017 on Prevention and combating money laundering and terrorism financing, the present Regulation, other regulatory acts of the Office for the Prevention and Fight against Money Laundering, issued for the purpose of application of this law, taking into account the industry-accepted practices, including the documents issued by the international Financial Action Task Force (FATF).

10. When developing the internal program, it shall be taken into account the size, complexity, nature and amount of the activities carried out by the Provider, the types (categories) of customers, the degree (level) of risk associated with different customers or customer categories as well as the customers’ transactions, agencies and affiliates through which they operate.

11. Internal program on prevention and combating money laundering and terrorist financing shall include, without being limited to, the following:
1) the responsibilities of the responsible manager of the Provider, which shall include at least:
a) knowing the criteria (indices) of increased risk clients;
b) approving significant operations of the increased risk clients;
c) determining the Provider's areas of activity exposed to the risk of money laundering and terrorist financing. Areas of activity exposed to the risk of money laundering and terrorist financing may be those related to: products and services provided, transactions made both directly and through payment agents, open payment accounts, etc.
d) remediation of deficiencies identified in the field of prevention and combating money laundering and terrorism financing, including reporting suspicious transactions to the Office for Prevention and Fight against Money Laundering;
e) the implementation of the internal program on preventing and combating money laundering and terrorist financing, including determination of responsibilities of personnel at different hierarchical levels;
f) implementation of internal procedures concerning the reasonable time access of the responsible staff to the information required for performance of work obligations;
2) the customer acceptance procedures that describe at least the categories of customers whom the Provider intends to attract as well as the staff levels that shall approve the initiation of a business relationship with such customers, depending on the degree of associated risk and the types of products and services that are to be provided to them;
3) the measures to be used to identify, verify and monitor customers and beneficial owners according to the degree of associated risk (CDD procedures), the criteria and the procedure of moving customers from one risk category to another;
4) the CDD measures, including simplified and enhanced CDD measures for each category of customers, products, services or transactions subject to these measures;
5) the procedures to be applied to monitor customer transactions for detecting significant, complex and unusual transactions without a clear legal or economic purpose, suspicious activities and transactions;
6) measures to identify and monitor customers and customer operations with countries / jurisdictions lacking effective anti-money laundering and terrorism financing systems, or posing an increased risk due to high levels of crime and corruption, and/or involved in terrorist activities;
7) the procedures describing the collection and storage of information as well as the conditions of granting access to them;
8) the procedures describing the internal and external (to competent authorities) reporting on suspicious activities and transactions;
9) the procedures and measures aiming to ascertain compliance with relevant standards and to assess their effectiveness;
10) standards developed for the personnel’s recruitment, employment and training programs in the field of prevention and combating money laundering and terrorism financing;
11) procedures for identifying and analyzing the risks of money laundering and terrorism financing, including the measures to minimize them, by using information technologies, including the modern ones, which are to be procured or developed as one of the Provider’s products or services.

12. Whenever required, but at least annually, the Provider shall review (update) its internal program on the prevention and combating of money laundering and terrorism financing, taking into account relevant legal provisions.


Chapter IV
THE ASSESSMENT OF RISK EXPOSURE TO MONEY LAUNDERING AND TERRORIST FINANCING. THE RISK-BASED APPROACH

13. The Provider commits to identify and evaluate the existing risk exposure to money laundering and terrorism financing, taking into account the national risk assessment of money laundering and terrorism financing, as well as the criteria and factors established by the National Bank of Moldova and the Office for the Prevention and Fight against Money Laundering. The results of the assessment shall be approved and periodically updated, responsible for this process being the Provider’s responsible manager, and on request shall be submitted to the Office for Prevention and Fight against Money Laundering and/or the National Bank of Moldova.

14. The provider, based on the results of the money laundering and terrorism financing risk assessment, uses the risk-based approach to prevent and mitigate money laundering and terrorism financing in proportion to the identified money laundering and terrorism financing risks in the field of activity.

15. For the purpose of implementing item 13 the Provider shall carry out and update, at least once in 3 years, the assessment of the risk exposure to money laundering and terrorism financing, which shall include at least:
1) the preparation of a written report describing the countries or geographical areas, products, customers and transactions presenting a high degree of risk, their share and impact on the Provider's activity;
2) the drawing up of an action plan aiming to minimize the identified risks of money laundering and terrorism financing;

16. The Provider shall identify and assess existing risks of money laundering and terrorism financing before:
1) it launched and developed new products and services;
2) it started using new or developing technologies for both new and existing products and services.

17. While assessing its risk exposure to money laundering and terrorism financing, the Provider shall use different sources of information to identify, manage and mitigate the risks associated with its field of activity. This includes considering typologies, risk indicators, guidelines and / or recommendations issued by national and international competent authorities. In identifying and assessing the risks of money laundering and terrorism financing to which it may be exposed, the Provider must consider at least the following factors:
1) nature, scale, diversity and complexity of the business;
2) the proportion of customers already identified as having an increased risk;
3) jurisdictions with which the provider operates, in particular, jurisdictions with increased vulnerability due to risk factors such as high crime, corruption, terrorism financing, regulation and limited supervision of the area of prevention and combating money laundering and terrorism financing;
4) distribution channels, including the extent to which the Provider performs operations directly with the customer or through agents and subsidiaries and the extent to which it relies on information provided by third parties to carry out client identification measures, the complexity of the payment chain and the settlement systems used between operators in the payment chain, the use of technology and the extent to which agent networks are used;
5) internal audit and internal regulations;
6) the volume and size of the Provider's transactions, taking into account his usual business and the profile of his clients.


Chapter IV
CUSTOMER DUE DILIGENCE MEASURES

Section 1
Customer acceptance procedures

18. The customer acceptance procedures will contain identifying and verifying the customer and, where applicable, the customer's beneficial owner, on the basis of reliable, independent information, data or documents. It also includes understanding the purpose and nature of the business relationship (where relevant) and, in high-risk situations, obtaining additional information.

19. The customer acceptance procedures will include several steps depending on the degree of the risk associated with each customer. The decision to start, continue or terminate a business relationship with a customer who is associated with an increased degree of risk shall be taken by the Provider’s manager responsible for the implementation and compliance with the requirements for the prevention and combating of money laundering and terrorist financing.

20. The Provider shall not enter into business relations with persons, groups or entities involved in terrorist activities and the proliferation of weapons of mass destruction, specified in art. 34 par. (11) of the Law No 308 of 22 December 2017 on the Prevention and combating of money laundering and terrorism financing. The Provider shall communicate immediately, but not later than within 24 hours, to the Office for the Prevention and Fight against Money Laundering its decision to refuse entering into business relationship with a customer, providing all supporting data pertaining to the case.

21. The customer acceptance procedures will take into account the risks of money laundering and terrorist financing identified by the provider.

Section 2
Establishing the identity of the customer and of the beneficial owner

22. The Provider shall take steps to establish the identity of the customers and of the beneficial owners:
1) before it entered into a business relationship with the customer;
2) in the case of all occasional transactions exceeding 20000 MDL, including those carried out by means of electronic equipment, if the money transfer is performed in a single transaction, or in a series of transactions that appear to be linked, if their value exceeds 300000 MDL;
3) when there is a suspicion of money laundering or terrorism financing, regardless of any applicable derogation, exemption or threshold;
4) when there are suspicions regarding the veracity, sufficiency and accuracy of the previously obtained customer identification data;

23. By way of derogation from item 22, based on a proper risk assessment demonstrating a low-level risk of money laundering and terrorism financing, the Provider, except for cases of redemption or withdrawal of cash exceeding the amount of 2000 MDL, may be exempted from the application of CDD measures, where electronic money or the prepaid payment instrument is used, provided the following conditions are met:
1) the maximum amount of electronic deposit does not exceed 5000 MDL;
2) the amount of monthly transfers does not exceed 5000 MDL; in the case of payment instruments that can be used only on the territory of the Republic of Moldova, the threshold can be increased up to 10000 MDL;
3) the payment instrument is used exclusively for the acquisition of goods or services;
4) the payment instrument cannot be funded with anonymous electronic money (which cannot be attributed to an identified person);
5) the issuer regularly monitors the transactions or the business relationship to enable the detection of suspicious transactions.

24. Customer identification measures are as follows:
1) for customers - natural persons, the provider shall obtain at least the following information:
a) name and surname;
b) date and place of birth;
c) citizenship and ID card data (IDNP, series and number, date of issue, code of the issuing organ (if any) or other unique indents of an identity document containing the holder's photograph);
d) permanent and/or residence address;
e) the occupation, the public office held and/or the name of the employer;
f) purpose and nature of the business relationship with the provider;
g) telephone, fax, e-mail address (if any);
i) resident/non-resident status.
2) for customers – legal persons (including individual entrepreneurs and legal entities managing the assets under trust management), the provider shall at least obtain the following information:
a) the name, the legal form of organization, the act of incorporation and the act on the state registration of the legal person;
b) headquarters/business address;
c) the state identification number (IDNO), according to the registration certificate and/or the extract from the State Register issued by the competent authority with the right to carry out the state registration;
d) the mailing address, other than the registered office (if any);
e) the identity of the natural person empowered to manage the account and exercising control over the ownership or other means (in the absence of this information, the manager of the legal person shall be indicated);
f) the identity of the beneficial owner of the legal entity;
g) rights and obligations of the management body of the company arising from the primary registration documents or the constitutive act;
h) the nature and purpose of the activity, their legitimacy;
i)   the intended use of the account;

25. The Provider shall identify the customer's beneficial owner and apply reasonable risk-based measures to verify his identity to be sure that it knows the ultimate beneficial owner and understands the property and control structures of the customer. In order to identify the beneficial owner, the Provider shall apply the measures described in item 24 sub-item 1).

26. When identifying the beneficial owner for the customer who is a legal person, including entities with complex ownership structure (a legal person whose direct owners are not natural persons), the Provider shall determine the beneficial owner on the basis of the appropriate registration documents. If there are no grounds for suspicion and if any possible means set out in item 25 have been exhausted, no person has been identified as the beneficial owner, the individual acting as the administrator of the client shall be deemed to be the beneficial owner. In this case, the provider keeps all the information and documents accumulated in the process of determining the beneficial owner of the customer – legal person and presents them, upon request, to the Office for the Prevention and Fight against Money Laundering and/or the supervisory organs. When identifying the beneficial owner, the provider shall take into account the identification criteria described in the Attachment.

27. Based on its own assessment, the Provider shall decide whether to apply simplified CDD measures to establish and verify the identity of the beneficial owner for the customer who is a listed company, whose securities are traded on a regulated market/multilateral trading system that imposes information disclosure either by stock exchange norms, or by applicable legislation to ensure proper transparency of the beneficial owner. Relevant identification data can be obtained from the public registers, from the customer or from other credible sources.

28. The Provider shall determine whether the person who opens the payment account or initiates a business relationship acts on his behalf (the person's statement of the beneficial owner) and if the opening of the payment account or the initiation of the business relationship is carried out by the empowered person, the provider shall request the Power of Attorney, certified in the manner prescribed by the law. The Provider shall apply CDD measures to establish the identity of the authorized representative, as well as assesses the necessity of applying enhanced precautionary measures in accordance with the provisions of this Regulation.

29. When performing the customer identification, the Provider shall verify the submitted information that relates to both the customer and the beneficial owner.

30. The Provider shall verify the identity of a customer and his beneficial owner prior to establishing a business relationship with the customer or at the moment of establishing such business relationship or conducting a transaction specified in item 22 sub-item 2).

31. In order to verify the identification information provided for the customer and the beneficial owner, the Provider shall use data and information obtained from reliable and independent sources. Verification effort must be proportionate to the risk associated with the customer and the types of submitted documents. For this purpose, the Provider shall use documentary and non-documentary verification procedures:
1) when dealing with customers who are natural persons:
a) to confirm the identity of a customer or a beneficial owner by using a legal valid document, containing a photograph of the holder, such as an identity card, passport, residence permit, etc.
b) to confirm the date and place of birth by using any legal documents, such as the birth certificate, ID card, passport, residence permit, etc.;
c) to confirm the validity of the presented identity documents by requesting an expert advice of competent persons, such as notaries, embassies, etc.;
d) to confirm the residence address by requesting the invoices for public utility services, tax payment documents, information provided by public authorities or other persons;
e) to confirm the information submitted after the account has been opened - by contacting the customer by telephone, fax, e-mail (if any) or by sending a letter by post;
f) to verify the reference provided by another provider/bank;
2) when dealing with customers who are legal persons (including individual entrepreneurs and legal entities managing the assets under trust management) - by any appropriate method depending on the degree of associated risk, so that the Provider can assure the veracity of the information, such as:
a) to verify a legal existence of the legal person by checking the records made in the State Register of legal persons or, as the case may be, in another public or private register or other independent safe source, such as legal firms, accountants, etc.;
b) to obtain a copy of the articles of incorporation or the memorandum of association, a partnership contract;
c) to verify in public or private databases information on the customer’s existing business relationships;
d) to examine the latest financial reports, if applicable;
e) to conduct a research / investigation, either individually or through another person, aiming to determine whether there is any evidence that the person is insolvent, filed for liquidation, intends to sell the entity or there are other potential financial problems which have to be taken care of;
f) to obtain the reference of a provider/bank with which the customer previously had business relations, if any;
g) to contact the customer by telephone or fax, by post or email, to check the information placed on the customer's website, if any, or to make a field visit to the headquarters or other business address indicated by the legal entity or the individual entrepreneur;
3) for the beneficial owner – the measures provided in sub-item 1).
4) where a person is empowered on behalf of the customer to open an account or to carry out transactions, the Provider shall verify the identity of the customer and the identity of the person in whose name it operates by using the same procedures described in this Regulation.

32. Documents submitted in order to identify the customer and the beneficial owner as well as to verify their identity must be valid on the date of their presentation and their copies shall be stored/archived by the Provider in accordance with the established internal procedures. The documents shall be submitted by the client in original or in copy (photocopy) legalized according to the applicable legislation. In the case of presentation of copy documents (photocopies) that are not properly authenticated, the provider shall solicit the submission of the original documents to corroborate the information and data presented. If the customer does not appear personally for identification, the provider shall request the necessary information and documents taking into account the provisions of item 54 of this Regulation.

33. Throughout its business relationship, the Provider shall review and update the identification information for customers and beneficial owners, depending on associated risk. It can update the information whenever it deems necessary, but at least annually - for high-risk customers, and once in every three years - for low-risk customers.

Section III
Monitoring of the customer’s activity and transactions

34. The Provider should adjust the scale of the client's activities and operations monitoring measures in accordance with the institutional risk assessment and individual risk profile of the clients. Increased monitoring is applied to high-risk situations. Monitoring systems need to be reviewed periodically, but not less than once a year.

35. Operations initiated/performed by the Provider’s agent must be monitored periodically under the same conditions as the Provider's operations. Monitoring must be performed by the Provider individually or in collaboration with that agent, on the basis of a concluded agreement and under the control of the provider.

36. The Provider who provides services through paying agents should include them in the internal program for preventing and combating money laundering and terrorism financing and monitor their compliance with the Provider's program.

37. The Provider shall continuously monitor the customer's activities, transactions or its business relationship with the customer. The ongoing monitoring process shall include:
1) determining the customer's ordinary (specific) transactions;
2) an extensive examination of transactions conducted during its business relationship with the customer, to ensure that they are in line with the information held by the Provider, the customer’s declared activity and the risk level associated with the customer. The examination of transactions requires the Provider to have in place at least those mechanisms / IT solutions, including the automated ones, for detecting suspicious activities, transactions or people. Detecting suspicious activities, transactions, and people can be achieved by setting transaction value limits for a particular group or class of transactions. A particular attention should be paid to transactions that exceed the established value limits and transactions that have no clear economic purpose ;
3) verifying whether documents and information gathered during the customer / transaction monitoring are up-to-date and relevant, including for high-risk customers or business relationships;
4) identification of suspicious activities or transactions, including potential ones, as well as of sources of funds used in these activities and transactions;
5) reporting to the responsible person of the information on risks identified with respect to the customers' accounts and transactions, including for high-risk customers;
6) a real-time monitoring of all transactions (payments) conducted by customers or potential customers, to identify persons, groups or entities involved in terrorist activities and the proliferation of weapons of mass destruction, including to identify and prevent any payments made by them in violation of the sanctions, prohibitions or other restrictions imposed.

38. The responsible manager of the Provider is responsible for documenting, storage and communicating with the relevant staff the results of the monitoring, as well as any problems that arise and their resolution.

39. The Provider shall refrain from executing any operations and transactions in financial means, for up to 5 business days, once it gained pertinent suspicions of money laundering or related offenses, terrorist financing, or the proliferation of weapons of mass destruction, whether these are at the stage of preparation, attempt, are in process or have been already completed.

40. The Provider shall apply the provisions specified under item 39 at the solicitation of the Office for Prevention and Fight against Money Laundering or on its own initiative. When acting on its own initiative while applying the requirements of item 39, the Provider shall inform immediately, but not later than within 24 hours, the Office for the Prevention and Fight against Money Laundering of the decision taken.

41. When applying the provisions of item 39, the Provider, may ask the customer to provide additional data and information, including any confirmatory documents for the transactions conducted, in order to apply proper CDD measures and, in particular, to understand the purpose and the nature of the business relationship, as well as the source of the implied assets.

42. The measures applied according to the provisions of item 39 shall cease ex officio based on the written permission and confirmation of the Office for the Prevention and Fight against Money Laundering. The provisions of this item do not exempt the provider from the obligations laid down in art. 5 par. (3) of Law No 308 of 22 December 2017 on prevention and combating money laundering and terrorism financing and in the internal program, elaborated in accordance with item 11.

43. The Provider shall commit:
1) not to carry out any operation or transaction, including through a payment account, or to enter into business relationship if the Provider cannot ensure compliance with the provisions of items 24, 25, 30 and 31;
2) in the case of an existing business relationship, to terminate the business relationship if the Provider cannot ensure compliance with the provisions of items 24, 25, 30 and 31;
3) in conditions specified in sub-items 1) and 2) hereto, to submit to the Office for the Prevention and Fight against Money Laundering, in accordance with the art. 11 of the Law no.308 of December 22, 2017 on the Prevention and combating of money laundering and terrorism financing, special forms developed for the reporting of suspicious activities or transactions. In this case, the Provider shall be relieved from the obligation to provide explanation to the customer on the reasons for its refusal to do business with the customer.

44. The Provider shall not open or maintain anonymous accounts or accounts in fictitious names, establish or continue a business relationship with a fictitious partner (fictitious institution) or a partner (institution) known to allow to another fictitious partner (fictitious institution) to use its accounts or to provide anonymous accounts for the use of its customers.

Section 4
Information obtained from third parties

45. In order to comply with the provisions of items 24, 25, 30, 31 and 84-86 the Provider shall be allowed to use information held by third parties under the following conditions:
1) the Provider has immediate possibility to obtain relevant information, held by third parties, that would enable the Provider to take measures provided for in items 24, 25, 30, 31;
2) the Provider develops and implements effective procedures that ensure quick access to the copies of identification data and other documents related to the measures specified under items 24, 25, 30, 31, held by third parties;
3) the third parties are adequately supervised and meet requirements similar to those stipulated n in the Law no. 308 of 22 December 2017 on Prevention and combating money laundering and terrorism financing;
4) the third parties do not reside in high-risk jurisdictions specified in the respective list issued by the Office for the Prevention and Fight against Money Laundering.

46. The Provider shall bear ultimate responsibility for the implementation of the measures set out in items 24, 25, 30, 31 and 84-86, in case of recourse to third parties.


Chapter VI
SIMPLIFIED CUSTOMER DUE DILIGENCE MEASURES

47. The Provider shall apply simplified CDD measures when, by their very nature, they present a lower degree of risk of money laundering or terrorism financing.

48. Simplified CDD measures represent CDD measures referred to in items 22 and 23 applied under a simplified procedure corresponding to the low degree of risk of money laundering and terrorism financing, which include:
1) the limitation of obtaining customer identification data by applying a simplified customer verification procedure;
2) the limitation of obtaining specific information or taking specific measures regarding the purpose and nature of the business relationship and deducting the purpose and nature of the business relationship from the type of transaction or business relationship established;
3) verifying the identity of the customer and of the beneficial owner after establishing a business relationship with the customer (for example, if transaction values rise above the defined financial threshold);
4) reduction of the frequency of customer identification updates in the case of an established business relationship;
5) a reduced degree and scale of ongoing monitoring and control of transactions, based on a reasonable amount limit.

49. Based on its own assessment, the Provider shall set out the factors that generate lower risk of money laundering and terrorism financing and which determine the application of simplified CDD measures, including at least the following factors:
1) business relationships/clients and/or products/services established in the Law no. 308 of 22 December 2017 on the Prevention and combating money laundering and terrorism financing;
2) reduced amounts for payments, deposit or cash withdrawal;
3) number of limited payments, deposit or redemption, including withdrawal of cash over a certain period of time;
4) a payment account that can store only limited amounts of funds;
5) the product or service can only be used nationally;
6) the product or service is accepted by a limited number of agents whose business is familiar to the provider;
7) money means are accepted as a means of payment for limited types of services or low-risk products;
8) the product is only available to certain customer categories, such as social benefits recipients or staff members of a company using the product to cover corporate expenses.
Based on the assessment of money laundering and terrorism financing risks at national level and based on criteria and factors established by the supervising organ, the provider accumulates sufficient information to identify whether the client, transactions or business relationships meet the conditions mentioned above.

50. The Provider will not apply simplified CDD measures if there is a suspicion of money laundering or terrorist financing.


Chapter VII
ENHANCED CUSTOMER DUE DILIGENCE MEASURES

51. In order to enforce the legislation on prevention and combating money laundering and terrorism financing, the Provider shall set out the categories of customers, activities and transactions that present a high degree of risk based on the indicators reflecting the volume of performed operations, the type of services requested, the type of business run, economic circumstances, the reputation of the country of origin, the plausibility of the customer's explanations, the pre-established value limits by transaction type.

52. Based on its own assessment, the Provider shall set out the factors that generate an increased degree of risk of money laundering or terrorism financing and which determine the application of enhanced CDD measures. The factors that generate increased risk are:
1) business relationships/clients and/or products/services established in the Law no. 308 of 22 December 2017 on Prevention and combating money laundering and terrorism financing;
2) products or services that allow large or unlimited cash operations;
3) the transaction is in cash or is financed by anonymous electronic money, including electronic money benefiting from the derogation provided for in item 23;
4) transactions are carried out from one or more payers from different countries to a local beneficiary;
5) the client performs operations for someone else (on behalf of another person);
6) the transactions made have no economic meaning;
7) the customer always performs transactions below the reporting threshold;
8) the use of the service by the client is unusual, for example sending or receiving money to or by itself or sending funds immediately after receiving them;
9) the client seems to know little or is reluctant to provide information about the beneficiary;
10) some of the provider's customers transfer money to the same beneficiary or appear to have the same identification information, such as the address or telephone number;
11) the operation is not accompanied by the necessary information about the payer or the beneficiary;
12) money sent or received is in contradiction with the client's income (if known);
13) business partners in foreign jurisdictions;
14) other factors identified in the risk assessment and by the supervisors.

53. The provider shall apply enhanced customer due diligence, in addition to those set out in item 24, in situations which, by their nature, may present a high risk of money laundering or terrorism financing, at least by:
1) obtaining additional customer information (type of activity, volume of assets, turnover, other information available in public sources and internet) as well as frequently updating the identification data of the customer and of the beneficial owner;
2) obtaining additional information on the nature and purpose of the intended business relationship;
3) obtaining additional information on the source of the customer’s funds and property;
4) obtaining information on the purpose of the activity or transaction whether intended, currently carried out or completed;
5) obtaining the approval of the responsible person and/or of the head of the branch for the establishment or continuation of the business relationship;
6) enhanced and permanent monitoring of the business relationship ensured through an increased number and extension of checks performed, and by selecting activities and transactions that require additional examination and by requesting additional information confirming the legality of the operations and the adequacy of these types of activity declared;
7) the implementation of specialized IT systems in order to ensure the efficiency of information management for proper identification, analysis and monitoring of customers and their transactions, as well as the reporting to the Office for the Prevention and Fight against Money Laundering on transactions, which present suspicions of money laundering and terrorism financing;
8) to alert customers whose activities or transactions are exposed to a higher risk of money laundering and terrorism financing on the need to increase their business partner due diligence measures and, where appropriate, on the termination of business relationships with them or the refusal to conduct business with such customers;
9) in the case of cross-border relationships, to restrict or terminate the business relationship or the execution of transactions in the event of inappropriate application and non-compliance with the requirements for the prevention and combating money laundering and terrorism financing by the partner/correspondent institution;
10) additional measures specified in items 54 to 56.

54. In case the customer cannot personally be present at the identification (e.g. in the relationship by correspondence, telephone, e-mail, internet or other electronic means), the Provider applies enhanced CDD measures by using such procedures as electronic signature, biometric methods, session keys, etc. At his first visit to the Provider, the customer has to present documents and information according to the requirements of the present Regulation. In addition, the Provider shall apply one or all of the following measures:
1) request the customer’s identification documents issued by a competent authority or organ, including specimen signature, other documents, as appropriate, for the customer's file;
2) take measures to ensure authenticity of electronic documents transmitted to the Provider;
3) use the information provided by a partner (provider, agent, bank) in which the customer holds an account and which applies at least similar CDD measures and is subject to effective supervision;
4) require the first payment to be made on behalf of the customer through an account from another provider/bank that applies at least similar CDD measures and is subject to an effective supervision, where appropriate;
5) establish and maintain a method of contacting the client, independent of the way remote client operations are performed.

55. In relationships with correspondent institutions, the Provider shall accumulate sufficient information about its partner to fully understand its field of activity. For this purpose, the Provider shall:
1) obtain information at least on:
a) the governance body of the correspondent institution, its main activities, its business address and the measures it applies to prevent and combat money laundering and terrorism financing;
b) the purpose of setting up a bank account;
c) the reputation of the correspondent institution including whether it has been the subject of an investigation or any remedial action relating to money laundering or terrorist financing from publicly available sources;
2) assess how appropriate and effective the policies of the corresponding institution are in preventing and combating money laundering and terrorism financing;
3) establish the correspondence relationship after obtaining the approval by the responsible administrator of the Provider;
4) obtain document(s) listing responsibilities of the correspondent institution in the field of the prevention and combating money laundering and terrorist financing, as well as documents to confirm the fact that the correspondent institution verifies the identity of its customers and has in place efficient CDD procedures;
5) makes arrangements allowing it to verify the CDD procedures applied by the correspondent institution and to transmit / receive, upon request, documents and information relating to customers, their business activity and transactions.
56. In case of business relationships or transactions with politically exposed persons, their family members or persons associated with politically exposed persons, the Provider, in addition to the measures specified in item 24, shall apply the following measures:
1) the development and implementation of appropriate risk management systems, including risk-based procedures to determine whether a client, potential client or beneficial owner of a client is a politically exposed person;
2) obtaining the approval of the Provider’s responsible person for the establishment of a business relationship and for the continuation of the business relationship with such clients;
3) adoption of appropriate measures for establishing the source of the customer’s funds and wealth involved in the business relationship or transactions with such clients;
4) ensuring an enhanced and continuous monitoring of the business relationship.


Chapter VIII
PROVIDER’S AGENTS

57. The provider applies due diligence measures to agents in order to know their legal form and property and control structure and will establish business relationships with agents who will implement the law requirements on prevention and combating money laundering and terrorism financing. The requirements described in this chapter will not apply to agents who are licensed reporting entities, regulated and supervised by the National Bank of Moldova, i.e. licensed banks and non-bank payment service providers. The internal procedures of the Provider upon its agents must include aspects such as:
1) when initiating a business relationship, it is necessary to identify the agent and apply due diligence measures regarding its previous activity, such as a recent change from the current relationship with other providers, regardless of whether the agent provides payment services on behalf of one or more providers, the duration of the activity in the field, the property structure, the financial soundness, the registration of the agent in the register of payment companies / postal service providers and the register of companies issuing the electronic money of the agent.
2) obtaining additional appropriate information to understand the agent's activity, such as providing services to other providers, information on prior compliance with the legislation, nature and expected level of operations, number of customers and geographical exposure.
3) when approving a new agent, it is necessary to organize training for the staff of the agent on legal requirements in the field of money laundering and terrorism financing, the program, internal policies and procedures for preventing and conformity for combating money laundering and terrorism financing with the provider’s one. Accordingly, these trainings should be organized periodically.
4) provides guidance and assistance to the provider's agent for complying with the provider's program of prevention and combating money laundering and terrorism financing.
5) ensuring compliance with legislation such as reporting suspicious activities, high value operations, monitoring of risks related to the domain, reporting and keeping records through the periodic verification program.
6) ensuring a prompt response and remediation of risk situations by remote check method and on-site at the agent and, where appropriate, organizing additional training, suspension or termination of the business relationship with the agent.

58. The provider monitors the agent's activity in order to ensure its proper implementation of the requirements for preventing and combating money laundering and terrorism financing. The degree and nature of paying agent’s monitoring depends on the volume of agent’s operations, the method of monitoring used (manual, automatic or combined), the countries where the money is transferred, the results of the previous monitoring (if applicable) and the type of activity. In applying a risk-based approach, the degree of monitoring will be based on the perceived risks, both external and internal, associated with the agent, such as the products or services provided by the agent, its location and the nature of the activity.

59. The provider monitors the agent's activity under a risk-based approach and identifies specific risk criteria to determine which paying agent activities need to be reviewed. The specific criteria defined for this purpose should be periodically reviewed to determine whether they are appropriate for the established risk levels.

60. For the purpose of redressing and minimizing specific risks deriving from the activity of an agent, the Provider shall implement at least the following measures:
1) creating and maintaining a register of high-risk agents.
2) the need to apply enhanced due diligence measures in appropriate cases.
3) applying limits to cash transactions.
4) providing specific trainings for paying agents specific suspicion indicators in order to improve their knowledge of the field and reporting standards.


Chapter IX
REQUIREMENTS FOR FUND TRANSFER TRANSACTIONS

61. This chapter refers to transfers of funds, carried out in any currency, which are transmitted or received by a Provider or an intermediary provider.

62. The provisions of this chapter shall not apply to transfers of funds carried out by using a payment card, an electronic money instrument or any other prepaid digital data device with similar characteristics, provided the following conditions are met:
1) the payment card, electronic money instrument or data device is used solely for the purchase of goods or services;
2) the number of the payment card, electronic money instrument or data device accompanies all money transfers resulting from the transaction.
However, this chapter shall apply where a payment card, electronic money instrument or any other prepaid digital data device with similar characteristics is used to transfer funds between persons.

63. This chapter does not apply to transfers of funds involving cash withdrawal from the payer's payment account.

Section 1
Obligations of the payer’s provider

64. The payer’s provider shall ensure that the transfers of funds are accompanied by the following information regarding the payer:
1) the full name of the payer;
2) the number of the payer's payment account;
3) the payer's address, ID number, fiscal code (IDNO / IDNP) or date and place of birth.

65. The payer’s provider shall ensure that the transfer of funds is accompanied by the following information regarding the payee:
1) the full name of the payee;
2) the number of the payee's payment account.

66. By way of derogation from item 64 sub-item 2) and item 65 sub-item 2), in the case of transfers not effected from or to a payment account, the payer's provider shall ensure that the transfer of funds is accompanied by a unique transaction identification code instead of the payment account number(s).

67. Prior to transferring the funds, the payer’s provider shall verify the completeness and accuracy of data specified in item 64 based on documents, data or information obtained from a credible and independent source, taking into account the provisions of this Regulation.

68. The Provider shall ensure that all cross-border fund transfers are accompanied by complete information on the payer and payee's names, the account number or a unique transaction / payment identification code.

69. In the case of the batch file transfers of loans made by a single payer to several payees whose payment service providers operate outside the Republic of Moldova, the provisions of item 64 shall not apply to grouped individual transfers, provided that a batch file transfer is accompanied by data referred to in items 64, 65 and 66, these data were verified in accordance with items 67, and individual transfers are accompanied by the number of the payer's payment account or, where applicable item 66, by the unique transaction identification code.

70. The Provider shall not execute / carry out any transfer of funds unless compliance with the provisions of items 64-69 has been ensured.

Section 2
Obligations of the payee’s provider

71. The payee’s provider shall put in place effective procedures, including, where appropriate, post-transaction or real-time checks, to determine whether the transaction data fields reflecting information on the payer and payee in the payment and settlement system used for the transfer of funds were completed in accordance with the provisions of items 64 and 65 of this Regulation.  

72. The payee’s provider shall verify the completeness and accuracy of information available on the payee, based on documents, data or information obtained from a credible and independent source, taking into account the provisions of this Regulation, in the case of transfers of funds, the amount of which does not exceed the threshold set out in item 22, sub-item 2), in the following situations:
1) when the payment is made in cash or in anonymous electronic money in the case of transactions that appear to be linked;
2) when there are good reasons to suspect that the transaction is part of the money laundering or terrorism financing scheme.

73. The payee’s provider shall apply effective risk-based procedures to determine whether to execute, reject or suspend a transfer of funds where complete information on the payer and the payee is missing.

74. Where upon the receipt of funds the payee’s provider finds that the information specified in items 64 and 65 is missing or is incomplete, the provider shall reject executing the transfer or request the provision of relevant information on the payer and the payee prior to crediting the payee's account or making money available to the payee, depending on the associated risk.

75. Where a partner making the payment systematically fails to provide relevant information on the payer or payee, the payee’s provider shall take steps which may first include issuing warnings and setting deadlines, either for rejecting any transfer of funds executed by this payment partner, or for deciding, where appropriate, to restrict or terminate the business relationship with it. The Provider shall report such incidents to the Office for the Prevention and Fight against Money Laundering in compliance with the applicable regulatory acts. 

Section 3
Obligations of intermediary providers

76. The intermediary provider shall put in place effective procedures, including, where appropriate, post-transaction or real-time checks, to determine whether the transaction data fields reflecting information on the payer and payee in the payment and settlement system used for the transfer of funds were completed in accordance with the provisions of items 64 and 65 of this Regulation.

77. The intermediary provider shall ensure that the batch file transfers contain information on the number of the payer's payment account or a unique transaction identification code, and that the batch file provides fully traceable information on the payer and payee of the transaction.

78. The intermediary provider applies effective risk-based procedures to determine whether to execute, reject or suspend a transfer of funds where complete information on the payer and the payee is missing.

79. Where upon the receipt of funds the Provider finds that the information specified in items 64 and 65 is missing or is incomplete, the Provider shall reject executing the transfer or request the provision of relevant information on the payer and the payee prior or after crediting the payee's account or making money available to the payee, depending on the associated risk.

80. Where a partner making the transfer/payment systematically fails to provide relevant information on the payer or payee, the payee’s provider shall take steps which may first include issuing warnings and setting deadlines, either for rejecting any transfer of funds executed by this payment partner, or for deciding, where appropriate, to restrict or terminate the business relationship with it. The Provider shall report such incidents to the Office for the Prevention and Fight against Money Laundering in compliance with the applicable regulatory acts.


Chapter X
ACTIVITY AND TRANSACTION REPORTING

81. The Provider commits to inform the Office for the Prevention and Fight against Money Laundering of:
1) any suspicious goods, activities or transactions suspicious to be related to money laundering, to associated offences and to terrorism financing that are in course of preparation, attempting, accomplishment, or are already performed – immediately or, latest, within 24 hours after the Provider has identified any action or circumstances that raise suspicions;
2)  any cash transactions or operations, whether they are carried out in a single transaction with value exceeding 200 000 MDL (or its equivalent) or through a series of cash transactions that appear to be linked - within 10 calendar days;
3) any transactions conducted through bank transfer with a value exceeding 500000 MDL (or equivalent) - not later than the 15th of the month following the reporting month.

82. The Provider shall have in place:
1) clear procedures, developed in compliance with the provisions of the Law no. 308 of 22 December 2017 on the Prevention and combating of money laundering and terrorism financing, which were made known to the entire staff and which provide for the reporting by personnel of all suspicious activities and transactions;
2) systems for detecting suspicious activities and transactions according to the established criteria and indices, including by competent authorities;
3) procedures for informing the responsible administrator on issues related to the prevention and combating of money laundering and terrorism financing.

83. The Provider shall, as appropriate, inform the National Bank in accordance with Law No. 308 of 22 December 2017 on the prevention and combating money laundering and terrorism financing, suspicious activities and transactions, fraud cases that essentially affect the provider's security, stability or reputation.


Chapter X
DATA STORAGE

84. The Provider shall keep all records and information on customers and beneficial owners, collected for CDD purposes, including copies of identification documents, archived accounts and primary documents, business correspondence, the results of researches conducted to identify any complex or unusual transactions, throughout the entire period of its business relationship with a customer and for a period of 5 years after its termination or after the date of each occasional transaction and transfer of funds. The retained data must be sufficient to permit the reconstitution of each activity or transaction in the manner in which it is necessary to serve as evidence in criminal proceedings, contraventions and other legal proceedings. 

85. The procedures of records and information storage shall include at least the following, as appropriate:
1) keeping a register of all customers and identified beneficial owners, which shall contain at least: the full name of the customer; IDNO / IDNP, as appropriate; the account number; the account opening and closing date;
2) keeping all primary documents, including business correspondence;
3) keeping files containing records regarding the identification and verification conducted on customers and beneficial owners; files containing records of the monitored customer transaction and the transaction supporting documents;
4) keeping records of all conducted transactions, including complex and unusual transactions;
5) archiving information on conducted transactions and related business correspondence in IT systems and ensuring that the archived data are safe and quickly accessible for operational purposes.

86. The Provider shall ensure that any document and information obtained as a result of the customer (beneficial owner) identification and verification procedures, any data related to transaction monitoring, including transaction supporting documents, are available to the National Bank of Moldova and the Office for the Prevention and Fight against Money Laundering, upon request. Based on the request of the competent authorities, in accordance with item 9 par. (2) of the Law no. 308 of 22 December 2017 on the Prevention and combating of money laundering and terrorism financing, the record storage period established for the information related to customers and their transactions may be extended for a period specified in the request but not more than 5 years.


Chapter XII
INTERNAL CONTROL SYSTEM REQUIREMENTS

87. The Provider shall have in place internal control systems that will ensure the continuous compliance with the applicable regulatory acts and the existing internal program in the field of prevention and combating money laundering and terrorism financing, that will contribute to reducing the related risks.

88. The provider's internal control system depends on several factors including the nature, scale and complexity of the payment service provider's business, the diversity of its operations, including geographic diversity, customer base, product and activity profile, the degree of risk associated with each jurisdiction of its operations and distribution channels, that is, the extent to which the provider interacts directly with the customer or through the paying agents.

89. When establishing subsidiaries and branches in the territory of other states as well as during their activity, the Provider shall apply measures developed for the prevention and combating of money laundering and terrorism financing in accordance with its own internal control system, internal policies and procedures and regulatory acts of the Republic of Moldova insofar as the legislation of the host country permits. Where the host country (jurisdiction) promotes less rigorous requirements for the prevention and combating of money laundering and terrorism financing, the Provider shall ensure the implementation of the requirements set forth in Moldovan regulatory acts insofar as the law of the host country (jurisdiction) permits. Where the host country (jurisdiction) does not allow proper application of the requirements set forth in Moldovan regulatory acts, the Provider shall apply appropriate additional measures to mitigate the risk of money laundering and terrorism financing and inform about this fact the National Bank of Moldova within two months’ period. The National Bank may exercise its supervision in accordance with the legal framework to ensure compliance of the Provider’s subsidiaries and branches established in the territory of other states with the relevant applicable regulatory acts; in the case of failure to comply with relevant regulatory acts, the National Bank of Moldova may restrict the activity of a respective subsidiary or branch, or withdraw its approval through which it authorized the establishment of the Provider’s subsidiary or branch in the territory of another state. In applying this item, the National Bank of Moldova issues technical standards on the type of additional measures and minimum steps to be taken by the Provider if the rules of law of another country (jurisdictions) do not allow the implementation of the measures provided for in this item.

90. The provider who performs operations through agents should include them in their internal control systems for preventing and combating money laundering and terrorism financing and monitor them to comply with their provisions.

91. The internal control system shall include at least the following elements:
1) an independent audit conducted by the provider's staff or an audit firm/external auditor to verify the provider’s compliance with the provisions regarding the prevention and combating of money laundering and terrorism financing. In this context, the audit shall include:
a) independent assessment of the program on prevention and combating of money laundering and terrorism financing and of the compliance with law requirements;
b) monitoring staff performance by compliance testing;
c) operations testing in case of necessity;
d) informing the responsible administrator on the assessment’s results and recommending measures to be taken to minimize identified risks and shortcomings;
2) the appointment of person, who is administrator, as responsible for ensuring compliance with the applicable legislation on the prevention and combating of money laundering and terrorism financing (hereinafter referred to as "responsible person"). For this purpose, the responsible person shall have the following tasks:
a) to provide advice to the provider's employees on issues arising during the implementation of the program on the prevention and combating of money laundering and terrorism financing, including on the identification and examination of provider’s customers and the assessment of the risk of money laundering and terrorism financing;
b) to take decisions based on the information received;
c) to take measures for reporting to the Office for the Prevention and Fight against Money Laundering in accordance with the law;
d) to organize trainings for the provider’s employees in the field of the prevention and combating of money laundering and terrorism financing;
e) to collaborate with the audit entity/officers in view of verifying compliance of the provider's activity with the legislation in the field of the prevention and combating of money laundering and terrorism financing;
g) to perform other functions in accordance with this Regulation and the internal documents of the provider;
3) internal provisions on the liability and sanctioning of employees who deliberately do not inform / report about any suspicious activities or transactions to the responsible person or directly to the competent authority and / or personally facilitate carrying out of transactions, which are part of the money laundering and terrorism financing schemes.

92. The person conducting the provider's audit analyzes the implementation of the program for preventing and combating money laundering and terrorism financing by the provider and submits a report in writing on the results of the analysis performed to the responsible person of the provider.

93. The Provider shall have in place programs for recruiting and ongoing training of the staff in the field of prevention and combating money laundering and terrorism financing. The Provider shall ensure that its personnel has appropriate knowledge, skills and abilities to effectively fulfil their responsibilities in the field of prevention and combating money laundering and terrorism financing.

94. The recruiting and training programs referred to under item 93 shall cover various aspects of the process of preventing and combating money laundering and terrorism financing as well as of obligations arising under the relevant legislation, including:
1) training of new employees on the importance and basic requirements set by the respective programs;
2) training of the frontline staff (employees who work directly with customers) in checking the identity of new clients, performing an ongoing monitoring of accounts / transactions conducted by existing customers, tracking indices and reporting of activities and transactions that raise suspicions or are subject to reporting;
3) regular updating of staff responsibilities;
4) new techniques, methods and schemes of money laundering and terrorism financing;
5) the level of staff involvement in the prevention and combating of money laundering and terrorist financing process.
The curriculum of staff trainings must be adapted to the individual needs of each provider.

95. The Provider shall process the customers’ personal data collected in compliance with the requirements of this Regulation and ensure their confidentiality, taking into account the requirements of the applicable regulatory acts on the personal data protection.


Chapter XIII
REQUIREMENTS FOR APPLICATION
OF INTERNATIONAL RESTRICTIVE MEASURES

96. The Provider shall immediately apply restrictive measures to assets, including those obtained from or generated by assets owned, held or controlled, directly or indirectly, by persons, groups and entities involved in terrorist activities and the proliferation of weapons of mass destruction subject to restrictive measures, and by legal persons who make part of or are controlled, directly or indirectly, by such persons, groups and entities.

97. For the application of restrictive measures under item 96, the Provider shall develop internal rules and procedures that shall include at least the following elements:
1) procedures for collecting, keeping and updating the list of persons, groups and entities involved in terrorist activities and the proliferation of weapons of mass destruction subject to international restrictive measures (including through the use of existing databases), in compliance with the provisions of the Law no. 308 of 22 December 2017 on the prevention and combating money laundering and terrorism financing and the Law no.25 of 4 March 2016 on the application of international restrictive measures, using in this purpose the Order of the Director of the Security and Intelligence Service on the lists of persons, groups and entities involved in terrorist activities;
2) procedures for screening / detection of designated persons or entities and of transactions /payments involving assets, which could be applied to potential customers, existing customers or customers conducting occasional and money transfer transactions;
3) competences of persons responsible for the implementation of internal rules and procedures for the application of international restrictive measures to block funds;
4) procedures for internal information dissemination / reporting as well as for reporting to the Office for the Prevention and Fight against Money Laundering.

98. Upon identification of assets owned, held, or controlled, directly or indirectly, by persons, groups and entities involved in terrorist activities and the proliferation of weapons of mass destruction subject to restrictive measures, the Provider shall undertake the following steps:
1) based on the decision of the Provider’s responsible person, shall put on hold, for an indefinite period of time, the execution of operations and transactions that are ordered by or benefit, directly or indirectly, the persons, groups and entities involved in terrorist activities and the proliferation of weapons of mass destruction subject to restrictive measures;
2) immediately inform, but not later than within 24 hours, the Office for the Prevention and Fight against Money Laundering, about its putting on hold, for an indefinite period of time, the execution of operations and transactions that are ordered by or benefit, directly or indirectly, the persons, groups and entities involved in terrorist activities and the proliferation of weapons of mass destruction subject to restrictive measures. The submitted information shall include at least the following: 
a) data and information (name of natural / legal person, IDNO / IDNP, if any, country of origin/residence, the list of the competent authority / organization which is referred to in the restrictive measure applied, etc.) on the person, group or entity identified;
b) data and information (amount, currency, payee, destination, etc.) of identified assets;
c) information on the decision of the Provider’s responsible person to put on hold, for an indefinite period of time, the execution of operations and transactions relating to identified assets;
3) where applicable, the Provider shall accept additional payments made by a third party, or the increase of the value of identified assets and extend the scope of the restrictive measure to include these assets, taking into account the provisions of item 98 sub-item 1), and shall duly inform on the above the Office for the Prevention and Fight against Money Laundering, in compliance with the provisions of item 98 sub-items 2) a) and b);
4) inform the National Bank of Moldova of the restrictive measures applied in compliance with the provisions of item 98 sub-item 2) a) and b).

99. In case of any identity doubts or suspicions that do not allow the Provider to form a firm opinion as to the identity of the person, group or entity included in the list referred to under item 34 par. (11) of the Law no. 308 of 22 December 2017 on the Prevention and combating money laundering and terrorism financing, the Provider shall immediately, but not later than within 24 hours, inform on the above condition the Office for the Prevention and Fight against Money Laundering.

100. The Provider shall ensure a constant monitoring of the official websites of the United Nations, the European Union and the Security and Intelligence Service in order to ensure the appropriate applicability of restrictive measures to persons, groups and entities involved in terrorist activities and in proliferation of weapons of mass destruction.


Chapter XIII
OTHER DISPOSITIONS

101. Where a Provider is found to be in breach of the provisions of this Regulation or of the obligations arising under the legislation on the prevention and combating of money laundering and terrorism financing, the National Bank of Moldova imposes sanctions to the Provider in accordance with the legislation in force.

102. When applying the present Regulation, the Provider shall inform the National Bank of Moldova of any suspicious activities and fraud incidents posing risks for the bank's safety, stability or reputation.

 

Attachment
To the Regulation on requirements
related to prevention and combating money laundering and
terrorism financing in the activity of non-bank payment service providers

Recommendations on the criteria for identifying the beneficial owner

Natural persons who may control the legal person through ownership interests

a) the natural person(s) who directly or indirectly holds a minimum percentage of ownership interest in the legal person (the threshold approach)

The provider shall consider the threshold higher than 25% owned by the natural person(s) as an essential factor in determining the beneficial owner. In the case of indirect control over the legal entity (legal entities or corporate vehicle chain), the beneficial owner is determined using the actual controlling ownership technique (calculating the share held by each potential beneficial owner in the chain and the natural person holding the highest level of participation is considered to be the beneficial owner).

b) the shareholders who exercise control alone or together with other shareholders, including through any contract, understanding, relationship, intermediary or tiered entity (a majority interest approach)

The provider shall consider indirect control, which may extend beyond legal (direct) ownership or could be through a chain of corporate vehicles and through certain nominations as a key factor in determining the beneficial owner. In such situations, the indirect control can be identified through various means, such as: agreement between shareholders, the exercise of a dominant influence or the power to appoint senior management. Shareholders can increase the level of control through formal or informal agreements or through the use of nominee shareholders (owner invested or registered, holding shares on behalf of the beneficial owner under a custody agreement). The provider considers the different types of ownership interests and the possibilities that may exist, including voting or economic rights (for example, equity or debt-for-equity securities).

Natural persons who may control the legal person through other means

a) The natural person(s) who exerts control of a legal person through other means

The provider shall consider the personal connections between the individual and the persons referred to in items (a) and (b) in identifying the beneficial owner or persons who own the property.

b) The natural person(s) who exerts control without ownership

The Provider considers situations when the individual participates in the financing of the legal entity or obtains benefits or there are close family relationships, historical or contractual associations, or if the legal entity defaults on certain payments (debts). In addition, control may be presumed even if control is never effectively exercised, such as the using, enjoying or benefiting from the assets owned by the legal person.

Natural persons who may exercise control through positions held within a legal entity

a) The natural person(s) responsible for strategic decisions that fundamentally affect the business practices or general direction of the legal entity

The Provider considers the situation when the position of director/administrator can play an active role in exercising control over the legal person's business. However, information on directors may be of limited value if its country allows the administrator to be a nominal person (the person acting on behalf of unidentified interests).

b) The natural person(s) who exercises executive control over the daily or regular affairs of the legal person through a senior management position

The Provider shall consider situations where the chief executive officer (CEO), chief financial officer (CFO), managing or executive director, or president may play an active role in exercising control over the business of the legal person, or the individual(s) have significant authority over financial relationships, including financial institutions (banks) and the ongoing financial affairs of the legal person.

Sources for obtaining information about beneficial owners

a) Register of founders or the list of shareholders submitted by the legal person, which is kept and permanently updated, compiled according to the data and information in the legal documents for the incorporation of the legal person and/or the memorandum and articles of association and registered with the state authorities or private registers, as determined by applicable law;

b) The public/private register of the registration data of the legal person, drawn up according to the applicable law, containing at least the following information: name, proof of registration, legal status and form, registration address, basic powers governing the activity, the list of directors and the register of shareholders or founders, including the categories of shares held and the right to vote;

c)  Information obtained from other reporting entities under similar conditions regarding the application of customer due diligence measures to clients and their beneficial owners;

d) Information held by other competent authorities on the basis of legal obligations (e.g. tax authorities, financial or regulatory authorities and other companies holding similar registers);

e) Available information on listed companies on a regulated market/multilateral trading system, which requires information disclosure requirements, either by stock exchange rules or by law or by enforceable means, in order to ensure the proper transparency of the beneficial owner.