Tourists shop at a duty-free shopping mall in Sanya, south China's Hainan Province, March 12, 2020. (Xinhua/Guo Cheng)

Key Things to Know about AML/CFT on the Retail Sector

 


1. What does “AML/CFT” mean?

“AML/CFT” stands for Anti-Money Laundering and Combatting Financing of Terrorism.

Simply put, money laundering is the process of making dirty money (assets originated from illegal activities) look clean. While the term originated from classic laundromats used by mafia members to hide illegitimate funds, money laundering is now much more sophisticated and harder to detect.J

Money laundering represents a serious threat to the financial system and international security. Implementing proper AML/CFT rules is a global effort and priority to curb the access of funds by terrorists, drug traffickers, arms dealers, and criminal groups.

2. Is the retail sector subject to AML/CFT rules?

AML/CFT rules are mostly associated with financial institutions, and for a good reason: it is the gateway to the financial system. However, criminals are now using other outlets to launder money, including (but not limited to) the gaming, real estate, and retail sector.

In fact, recent money laundering trends have shown that gift cards and vouchers used in the retail sector are an extremely attractive tool for money laundering due to its anonymous nature, which would further allow criminals to obscure the source of funds.

Although the retail industry is often overlooked, its AML/CFT risks were not ignored by Macau legislation, which extends its requirements to “dealers of high unitary value goods”. 

The Macau Economic and Technological Development Bureau (“DSEDT”) issued Notice no. 1/2019 (an AML/CFT guideline for the retail sector, auctions, and other company service providers) (the “DSEDT Notice”). The DSEDT Notice provides some examples of “high unitary value goods”, including pawn shops, dealers in precious metals, precious stones and luxury vehicles. 

Notwithstanding, the list is not exhaustive: if you trade goods over the amount of MOP 120,000 (or equivalent in foreign currency) or if the transactions you carry out have the potential of reaching or exceeding MOP 120,000 (or equivalent in foreign currency), you may be regarded by local authorities as a “dealer of high unitary value goods”.

3. What is “CDD”?

CDD means “Customer Due Diligence”. CDD is regarded by many as the paramount AML/CFT duty. CDD includes KYC (“Know Your Customer”): the process to determine the identity of the customer. CDD enables the entity to predict the types of transactions in which the customer is likely to engage, and to determine whether a certain transaction is unusual comparing to the customer’s baseline activity. The main goal is to allow the entity conducting the CDD to learn who is carrying out the transaction and prevent the entity from being used for money laundering activities.

In the retail industry, CDD is required whenever the retailer:

  1. Establishes a business relationship with a client;
  2. Suspects the commission of money laundering or financing of terrorism;
  3. Doubts the veracity or adequacy of previously obtained customer data;
  4. Witnesses a person about to carry out transactions in cash (or travelers cheques / bearer shares) in the amount of MOP 120,000 or above (or equivalent in foreign currency), in a single transaction, or aggregate transactions carried out within a period of 30-days.

Generally, the retailer should be able to grasp the basic information of the customer and its representatives (including name, type and number of identification document, permanent address, and date of birth), as well as the transaction information (date, means of payment, amount of transaction, and purchased goods). If the customer is a legal person, its name, address of registered office and copy of registration certificate should also be obtained.

The main point is that the retailer should have at least a basic knowledge of who it is dealing with; however, if there are doubts about the identity of the customer/representatives or if there are any suspicions of illegal activity, the retailer is encouraged to obtain additional clarifications from the customer/representatives, in line with the risk-based approach. This means that if the transaction presents higher risks, additional and enhanced measures should be implemented (“Enhanced Due Diligence” or “EDD”). 

Moreover, to ensure the truthfulness of the data obtained, the retailer should also ask to verify the person’s identity through reliable sources (such as the Identification Card or Passport).

4. What is a “PEP”?

PEP is a “Politically Exposed Person” – a person who is or had been entrusted with prominent public functions by a foreign jurisdiction (a “Foreign PEP”), or domestically (a “Domestic PEP”), or by an international organization (an “International Organization PEP”). Relatives and close associates of PEPs are also considered to be PEPs.

PEPs have historically been linked to higher risk for corruption, money laundering, terrorist financing and bribery, due to the nature and influence they hold in their position. As such, retailers are required to implement EDD when dealing with PEPs.

5. Are transactions over MOP 120,000 in cash deemed as “suspicious transactions”?

Not necessarily. A suspicious transaction is not exclusively linked to the amount of the transaction. In fact, the transaction amount could even be below MOP 120,000 and be more “suspicious” than a transaction well over that amount.

To understand whether a transaction is suspicious you may ask yourself:

  1. Is this person trying to avoid being identified by structuring the transaction?
  2. Do you feel an atypical reluctance from the person during KYC?
  3. Is the person behaving in an unusual manner? 

These questions may offer a general guidance to verify the “suspicions”. However, these queries cannot be read without the elements of the specific case. Perhaps, the reluctancy to provide the information is due to the sensitivity of what and how something is being asked; or maybe the customer is asking to split an invoice merely because there are multiple end-customers to that specific transaction.

For your further reference, the DSEDT has published a list of examples of suspicious transactions in the retail sector. 

6. How do you report a suspicious transaction?

Once you realize a transaction (or the attempt to transact) is suspicious, you have two working days to report the transaction to the Macau Financial Intelligence Office (“GIF”), by using the relevant Suspicious Transaction Form. To the extent possible, you should provide the identification data of the suspicious person and transaction. Moreover, you should describe the transaction and the reasons behind your suspicions.

7. Can you tell the customer they are “suspicious”?

Absolutely not. Letting the customer know that they are (or might be) the object of a suspicion is “tipping-off”, which is strictly prohibited. Tipping-off may gravely hinder the investigations and is deemed by Macau legislation as an administrative offence. Tipping-off may be punished with a fine up to MOP 500,000 (for natural persons) or MOP 5,000,000 (for legal persons).

8. If you think the transaction is suspicious, can you continue with the transaction?

It depends. While Macau legislation is very clear in stating that the retailer is required to refuse the transaction whenever the KYC cannot be completed, it remains dubious how retailers should act when confronted with a suspicious transaction.

Most of the time, non-completion of KYC – such as avoidance or reluctancy to provide information – could result in suspicions. In this case, refusal of transaction is mandatory.

However, there are cases in which the person provided all required information, but some suspicions remain. Can you resume the transaction? Although the immediate perception would be to assume all suspicious transactions should be rejected, it is crucial to understand whether such refusal could entail “tipping-off” to the customer. In such cases, conducting the transaction might be preferable. Retailers are encouraged to analyze the situation on a case-by-case basis to ensure proper compliance with Macau legislation.

9. Are you required to keep KYC and suspicious transaction-related documents?

Yes. Retailers are required to retain KYC documents and information, as well as data related to suspicious transactions, for at least 5 years from the date of the performance of the transaction.

10. How should you cooperate with Macau authorities?

In accordance with the DSEDT notice, retailers are required to actively report:

  1. High-Risk Transactions on a bi-annual basis to the DSEDT; and
  2. Suspicious Transactions to the GIF.

Furthermore, retailers are expected to provide information and documentation when so requested by local authorities – making the duty of document retention especially relevant. In addition, having a dedicated team to respond to local authorities may bring advantages to the organization as:

  1. It can properly monitor local authorities’ requests;
  2. It can keep the organization’s management updated; and
  3. It can keep the confidentiality of the information and documentation requested by the authorities.

More importantly, retailers should not ignore the vulnerability of the industry to money laundering risks. Retailers are recommended to adopt an effective AML/CFT compliance program, which may greatly reduce the risk of financial crime and protect the organization’s reputation.