Questions and answers about AML/CFT
-
What law applies to the area of AML/CFT?
The area of anti-money laundering and combating the financing of terrorism (AML/CFT) is governed by the Prevention of Money Laundering and Terrorist Financing Act (the ZPPDFT-2; Official Gazette of the Republic of Slovenia, No. 48/22).
-
Are banks required to conduct customer due diligence when executing a transaction?
Banks are also required to meet their obligations under the ZPPDFT-2 when executing transactions. Banks are required to conduct due diligence on each customer, and to regularly monitor their business activities in accordance with the ZPPDFT-2. The elements of customer due diligence are set out in Article 21 of the ZPPDFT-2, point 1 of the first paragraph of which stipulates that customer due diligence encompasses measures to establish and verify the customer’s identity on the basis of authentic, independent and objective sources. Customer due diligence is mandatory in the cases set out by Article 22 of the ZPPDFT-2 (1.when entering into a business relationship with a customer; 2. when executing any transaction in the amount of EUR 15,000 or more, irrespective of whether executed individually or in several apparently linked transactions; 3. for operators and concession-holders that provide gambling services, when paying out winnings or taking bets or both, in the case of a transaction in the amount of EUR 2,000 or more, irrespective of whether executed individually or in several apparently linked transactions; 4. whenever there is a doubt as to the veracity and suitability of the data obtained about the customer or its beneficial owner, and 5. whenever there exist, in connection with a transaction, the customer, the funds or the assets, grounds for suspecting money laundering or terrorist financing, irrespective of the value of the transaction) and for occasional transactions constituting the transfer of funds in excess of EUR 1,000 (first paragraph of Article 23 of the ZPPDFT-2).
When executing transactions referred to in points 2 and 3 of the first paragraph of Articles 22 and 23 of the ZPPDFT-2, obliged entities must carry out the prescribed measures referred to in points 1, 2 and 3 of the first paragraph of Article 21 of the aforementioned law, having regard for the second paragraph of Article 22 thereof, before executing the transaction. In accordance with the sixth paragraph of Article 54 of the ZPPDFT-2, the obliged entity must also ensure that the information and documentation obtained about the customer is updated if a change in material circumstances is established on the side of the customer, if the obliged entity is legally required to establish contact with the customer for the purposes of determining its beneficial owner and at least five years after the last review of the customer if the customer has executed at least one transaction with the obliged entity in the last 12 months. Should the bank as the obliged entity be unable to meet its customer due diligence obligations, it may not enter into a business relationship or execute a transaction with the customer, or must terminate the business relationship where one has already been entered into in accordance with Article 26 of the ZPPDFT-2.
-
When withdrawing a large sum of money, does a reason for the withdrawal have to be provided in writing?
The law does not make any such requirement. However, in accordance with the first paragraph of Article 75 of the ZPPDFT-2 the obliged entity (the bank) is required to report certain information to the Office for Money Laundering Prevention (including the purpose of the transaction and the method of execution of the transaction) about any cash transaction in excess of EUR 15,000 as soon as it has been executed, or within three days of the execution of the transaction. Notwithstanding the above, the bank may apply restrictions and conduct additional measures at lower amounts, in accordance with its own internal policies. Here it should be clarified that the decision to provide the required information to the bank is a matter for the customer, while the bank’s business decision is how to respond to a refusal to provide documentation: in the worst case scenario, in accordance with the contractual provisions and the general terms and conditions of business, the bank may also withdraw from the contract (e.g. by closing the current account) on the grounds of refusal of the request.
-
Must banks conduct due diligence on the customer and the source of funds in the case of a cash deposit?
Under the ZPPDFT-2 obliged entities (including banks and savings banks) are required to take measures to identify and prevent money laundering and terrorist financing, and as part of this process to ensure the identification of the customer, including the source of the funds that the customer is transacting with. It is not documentation submitted by the customer that has sole bearing on this, but also other information that the bank has obtained from the customer within the framework of the know your customer (KYC) process and during transaction monitoring. Clarifications and evidence of the source of funds may be requested directly from the customer if this helps obliged entities meet the requirements imposed by the ZPPDFT-2. The scope of the required clarifications and evidence depends on the level of familiarity with the customer (e.g. a new or existing customer) and the assessed risk of money laundering and terrorist financing, and is therefore a matter of the specific business relationship between the obliged entity and the customer.
-
Are banks required to monitor the customer’s business activities when executing transactions?
In accordance with Article 54 in connection with Article 55 of the ZPPDFT-2, banks are required to diligently monitor the business activities of their customers, and are consequently required to adequately review the background and purpose of any transaction that does not match the customer’s usual or expected transactions and to strengthen the monitoring of the customer’s business activities to establish if such transactions or activities seem suspicious, for which they can require evidence from the customer.
The ongoing monitoring of the business activities that a customer pursues with the bank on the basis of Article 54 of the ZPPDFT-2 includes vetting that the customer’s transactions comply with the purpose and intended nature of the business relationship, monitoring and vetting that the customer’s transactions conform to their usual scale, and vetting and updating information and documentation obtained about the customer. The scope and frequency of the implementation of transaction monitoring measures must be tailored to the risk of money laundering or terrorist financing that the bank is exposed to when executing a particular transaction or when doing business with a particular customer. This means that the bank is required to take more stringent measures in the case of higher risk than in the case of lower risk.
For the purposes of Article 55 of the ZPPDFT-2, obliged entities (including banks and savings banks) are required to put in place a system for identifying unusual transactions, and to address the identified transactions from the perspective of suspicion and the need to report them to the Office for Money Laundering Prevention. When addressing unusual transactions, banks are required to examine the background and purpose of the transactions, including the source of assets and source of funds, to the extent possible in view of the circumstances. This also entails obtaining additional information and documentation, with the definitive set of data and documents not prescribed by law, but instead determined in detail by the bank. Given the impossibility of prescribing all details in advance for all possible situations, there is to a certain extent a need for subjective judgment on the part of the bank, which should be based on its expertise and experience. In exercising its judgment the bank must take account of the entire background, and must also assess the individual transaction in connection with other circumstances. One of the circumstances that can increase risk is a lack of cooperation from the customer, and in practice it is not unusual for the bank to warn a customer that the execution of a transaction might be refused if the required documentation is not provided.
-
What are the consequences of failing to meet customer due diligence obligations?
In accordance with Article 26 of the ZPPDFT-2, an obliged entity that is unable to take the measures referred to in points 1, 2 and 3 of the first paragraph of Article 21 of the ZPPDFT-2 may not enter into the business relationship or execute the transaction, or must terminate the business relationship where one has already been entered into, and must examine the possibility of reporting information about the customer or the suspicious transaction to the Office for Money Laundering Prevention in accordance with Article 75 of the aforementioned law.
-
What are the options for opening a current account at banks without being there in person?
The ZPPDFT-2 requires banks to conduct due diligence on each customer, and to regularly monitor their business activities. The elements of customer due diligence are set out in Article 21 of the ZPPDFT-2, point 1 of the first paragraph of which sets out measures to establish and verify the customer’s identity on the basis of authentic, independent and objective sources. The customer due diligence obligations are set out in Article 22 and, for occasional transactions, Article 23 of the ZPPDFT-2.
Under certain conditions, Article 32 of the ZPPDFT-2 allows the bank to establish and verify the identity of customers, statutory representatives or authorised representatives from a copy of an official personal identification document that the aforementioned persons submit to the obliged entity in paper or digital form. This method of identification is only allowed when an insignificant risk has been determined on the basis of the customer risk assessment.
The bank may also establish and verify the identity of a natural person (i.e. the customer, statutory representative or authorised representative) on the basis of an electronic means of identification with a high level of reliability, or on the basis of other methods of electronic identification for accessing electronic services with a high level of reliability in accordance with the regulations governing electronic identification and trust services (Article 33 of the ZPPDFT-2).