Professional Documents
Culture Documents
Risk Management and Compliance Procedure
Risk Management and Compliance Procedure
Da Afghanistan Bank
Risk & Compliance Department General
2020
1
Approval of the High Council
Number: [ ]
Date:
The Risk Management and Compliance Procedure of Da Afghanistan Bank is approved by the High
Council of Da Afghanistan Bank in [ ] chapters and [ ] articles.
2
Table of Contents: Chapter Summary
PART I: GENERAL PROVISIONS
Chapter 1: General Provisions
Chapter 2: Risk Management Committee and Framework
Chapter 3: Risk & Compliance General Directorate
PART II: RISK FRAMEWORK & IMPLEMENTATION
Chapter 4: Risk Assessment General Principles
Chapter 5: Risk Assessment Framework
PART III: COMPLIANCE FRAMEWORK & IMPLEMENTATION
Chapter 6: Risk Register Book
Chapter 7: Compliance Management Principles
Chapter 8: Market Operations Compliance
Chapter 9: Bank Operations Compliance
Chapter 10: Payments Department Compliance
3
Contents
PART I: GENERAL OVERVIEW ........................................................................................................................ 7
Chapter 1: General Provisions ...................................................................................................................... 7
Article 1: Basis ........................................................................................................................................... 7
Article 2: Objectives .................................................................................................................................. 7
Article 3: Scope of Application .................................................................................................................. 7
Article 4: Definitions ................................................................................................................................. 7
Chapter 2: Risk Management Committee and Framework ........................................................................ 10
Article 5: Risk Management Committee ................................................................................................. 10
Article 6: Risk Management Committee Composition ........................................................................... 10
Article 7: Duties and Responsibilities’ of the Risk Management Committee ......................................... 10
Article 8: Meetings of the Risk Management Committee ...................................................................... 10
Article 9: Voting at the Risk Management Committee ........................................................................... 10
Chapter 3: Risk & Compliance General Directorate.................................................................................... 11
Account 10: Organizational Structure..................................................................................................... 11
Article 11: Risk Section Responsibilities .................................................................................................. 11
Article 12: Compliance Section Responsibilities ..................................................................................... 11
Article 13: DAB Embedded Compliance Teams ...................................................................................... 12
PART II: RISK FRAMEWORK & IMPLEMENTATION ......................................................................... 12
Chapter 4: Risk Assessment General Principles ............................................................................................ 12
Article 14: Risk Appetite/Tolerance ........................................................................................................ 12
Article 15: Risk Identification, Assessments, Control, and Monitoring .................................................. 12
Article 16: Risk Analysis Methodology .................................................................................................... 13
Article 17: Business Continuity Planning: ............................................................................................... 13
Article 18: Relationship with Management and Comptroller General Office: ....................................... 14
Article 19: Professional Standards .......................................................................................................... 14
Chapter 5: Risk Assessment Framework ....................................................................................................... 14
Article 20: Summary of Risk Assesssment Framework ........................................................................... 14
Article 21: Acceptable (low Impact) ........................................................................................................ 14
Article 22: Tolerable (low Impact) .......................................................................................................... 15
Article 23: Intolerable (High Impact) ...................................................................................................... 15
Article 24: Scale of likelihood .................................................................................................................. 15
4
Chapter 6: Risk Assessment Matrices ..................................................................................................... 15
Article 25: DAB Credit Risk Assessment Matrix ...................................................................................... 15
Article 26: DAB Liquidity Risk Assessment Matrix .................................................................................. 16
Article 27: DAB Operational Risk Assessment Matrix: ............................................................................ 16
Article 28: Legal Risk Assessment Matrix ................................................................................................ 16
Chapter 6: Risk Registration Book............................................................................................................... 17
Article 29: Objective of Risk Register: ..................................................................................................... 17
Article 30: Risk Identification .................................................................................................................. 17
Article 31: Risk Description ..................................................................................................................... 17
Article 32: Risk Trigger ............................................................................................................................ 17
Article 33: Risk probability ...................................................................................................................... 18
Article 34: Risk Impact ............................................................................................................................ 18
Article 35: Risk Score............................................................................................................................... 18
Article 36: Mitigating Controls ................................................................................................................ 18
Article 37: Residual Risks ........................................................................................................................ 19
Article 38: Accepted risk Probability and accepted Risk Impact ............................................................. 19
PART III: COMPLIANCE FRAMEWORK & IMPLEMENTATION ...................................................................... 19
Chapter 7: Compliance Management Principles ........................................................................................ 19
Article 39: Compliance Risk Management Principles ............................................................................. 19
Article 40: Reporting ............................................................................................................................... 20
Chapter 11: Compliance Function General Procedures.............................................................................. 20
Article 41: List Update Process ............................................................................................................... 20
Article 42: Screening Process .................................................................................................................. 20
Article 43: Matching Criteria ................................................................................................................... 20
Article 44: Evaluating the Quality of Potential matches ......................................................................... 21
Article 45: Issuance of Reports ............................................................................................................... 21
Article 46: Key performance Indicators (KPI) of DAB Compliance function ........................................... 21
Article 47: Sanctions Screening Procedure ............................................................................................. 21
Chapter 8: Market Operations Compliance ................................................................................................ 22
Article 48: Market Operations Department AML/CFT Compliance Unit ................................................ 22
Article 49: FX Auction Compliance .......................................................................................................... 22
Article 50: Financial Supervision Validation ............................................................................................ 22
Article 51: TT Compliance ....................................................................................................................... 23
5
Article 52: LC/BG Compliance ................................................................................................................. 23
Chapter 9: Bank Operations Compliance .................................................................................................... 24
Article 53: Bank Operations Compliance Section ................................................................................... 24
Article 54: Sanctions Checks ................................................................................................................... 24
Article 55: Afghani Payment Checks ....................................................................................................... 24
Article 56: USD Checks ............................................................................................................................ 24
Article 57: Politically Exposed Persons ................................................................................................... 24
Chapter 10: Payments Department Compliance ........................................................................................ 24
Article 58: Compliance Section in Payment Department ....................................................................... 24
Article 59: International Payments Compliance Checks ......................................................................... 25
Article 60: Exemptions ............................................................................................................................ 25
Chapter 12: Miscellaneous Articles ........................................................................................................ 25
Article 61: Review and update ................................................................................................................ 25
Article 62: Attachments .......................................................................................................................... 25
Article 63: Enforcement .......................................................................................................................... 26
Attachment No. 1: TTs Template for Natural Persons ................................................................................ 27
Attachment No. 2: Telegraphic Transfer Checklist – Legal Person ............................................................. 28
Attachment No. 3: Enhanced Due Diligence............................................................................................... 29
Attachment No. 4: Risk Register Template ................................................................................................. 30
Attachment No. 5: Credit Risk Assessment Matrix ..................................................................................... 32
Attachment No. 6: Liquidity Risk Assessment Matrix ................................................................................. 33
Attachment No. 7: Operational Risk Assessment Matrix ........................................................................... 34
Attachment No. 8: Legal Risk Assessment Matrix ...................................................................................... 35
CAPACITY BUILDING ................................................................................................................................. 36
6
PART I: GENERAL OVERVIEW
Chapter 1: General Provisions
Article 1: Basis
This charter is enacted based on the provisions set forth Article 2(1) of the Da Afghanistan bank Law
and the provisions of Anti-money Laundering and Proceeds of Crimes and Counter Financing of
Terrorism Law.
Article 2: Objectives
Objectives of this Procedure is to obtain the following:
(1) To protect the banking and financial system of Afghanistan from money laundering and
terrorism financing risks.
(2) To ensure that Da Afghanistan Bank [“DAB”] systems are protected and any transaction that
takes place through DAB is in accordance with AML/CFT laws, regulations, and standards.
(3) Ensure that DAB departments understand and operate within AML/CFT laws, regulations,
rules, and applicable international standards.
(4) Ensuring that DAB line departments develop and enhance tools to strengthen the three lines
of defense to detect, communicate, and manage and to report on AML/CFT compliance
Risks.
(5) Compliance function support DAB strategy by establishing clear roles and responsibilities to
help embed good AML/CFT compliance practices throughout DAB operations by using a
risk-based approach and align it with DAB’s risk appetite and risk tolerance limits.
(6) Compliance function at DAB is responsible to deepen the culture of AML/CFT compliance
in DAB by working together with DAB line department such as market operations, Banking
operations, and Payment to increase trust, accountability, transparency, and integrity in
evaluating, managing, and in reporting on AML/CFT compliance risks.
(7) Ensure the compliance will all issued laws, regulations, instructions, and circulars
(8) Conduct compliance risk assessments
(9) Implement the process of departments’ self-assessment (Risk Control Self-Assessment
(RCSA) and analyze the results received from DAB’s departments
(10) Develop compliance testing plan and conduct regular compliance testing and report any
discrepancy to DAB Risk Management Committee and DAB Executive board.
(11) Develop, update, and review compliance register.
Article 4: Definitions
The Below terms shall have the following meanings in this Procedure.
1. Compliance Function: Means the authorized and responsible team[s] for advising on and
for managing this Procedure within the Da Afghanistan Bank Departments.
2. Compliance Risk: Means the risk of impairment of DAB’s integrity whether it is a failure (or
perceived failure) to comply with Afghanistan’s Anti-Money Laundering and Proceeds of
7
crimes law and Counter Financing of Terrorism Law and other applicable international
standards.
3. Management: Means the Governor, Executive Board, High Council, and Department
Generals of the Bank.
4. Business Continuity Plan (BCP): Means a documented collection of procedures and
information that are developed, compiled, and maintained in readiness for use in an incident
to enable an organization to continue to deliver its critical products and services at an
acceptable predefined level.
5. Business Continuity Planning: The process of developing prior arrangements and
procedures that enable an organization to respond to an event in such a manner that critical
business functions can continue within planned levels of disruption. The end result of the
planning process is the BC Plan.
6. Compliance Risk: Risk of legal or regulatory sanctions, material framework loss, or loss to
reputation a business may suffer as a result of its failure to comply with laws, regulations, rules,
related self-regulatory organizational standards, and codes of conduct applicable to its business
activities.
7. Counterparty Risk: Risk to each party of a contract that the counterparty will
not live up to its contractual obligations.
8. Credit Risk: The risk of loss arising from a borrower or buyer who does not make payments
as promised in a transaction. Such an Event is called a default (AKA Default Risk).
9. Crisis Management: The process by which an organization manages the wider impact of any
situation until it is under control or a full BCP is invoked. It can be used in situations in which
the main activities are external such as dealing with malicious rumors, hostage taking, product
failure, or product recall.
10. Enterprise Risk Management: A process, effected by the Board of directors, Management,
and other personnel, applied in strategy setting and across the enterprise, designed to identify
potential events that may affect the entity and to manage risk to be within its risk appetite, to
provide reasonable assurance regarding the achievement of entity objectives.
11. Event: An incident or occurrence, from sources internal or external to an entity that affects
achievement of objectives.
12. Impact: Result or effect of an Event. There may be a range of possible impacts associated
with an event. The impact of an event can be positive or negative relative to the
entity’s related objectives.
13. Independent Non-executive Directors: Those Non-executive Directors who do not have
any pecuniary relationship or transactions with the organization, its subsidiaries, and its
management that, in the opinion of the board, will affect their independence of judgment.
14. Internal Control: A process, effected by an entity’s board of directors, management and other
personnel, designed to provide reasonable assurance regarding the achievement of
objectives in (I) effectiveness and efficiency of operations; (ii) reliability of financial reporting;
(iii) compliance with applicable laws and regulations.
15. Key Risk Indicators: Metrics used by organizations to provide an early signal of increasing
risk exposures in various areas of the enterprise.
16. Legal Risk: The risk of a loss being incurred on account of the unexpected application of a
law or regulation, or because a contract cannot be enforced.
17. Liquidity Risk: A risk that a party in a transaction suffers losses because a transaction cannot
be carried out due to the lack of liquid fund by either party. In terms of financial market, a risk
that the market as a whole runs out of liquidity, and thus transactions are delayed.
8
18. Market Risk: The risk that results from the characteristic behavior of an
entire market or asset class.
19. Non-executive Directors: Directors who do not hold executive management responsibilities
within the organization.
20. Operational Risk: The risk of loss resulting from inadequate or failed internal processes,
people, and systems or from external events. This definition includes Legal Risk but excludes
Strategic and Reputation risk.
21. Opportunities: The possibility that an Event will occur and positively affect the achievement
of objectives.
22. Reputation Risk: Risk arising from negative perception on the part of customers,
counterparties, shareholders, investors, or regulators that can adversely affect an organization’s
ability to maintain existing, or establish new, business relationships and continued access to
funding.
23. Risk: Anything that can keep an enterprise from meeting its objectives.
24. Risk Analysis: process to comprehend the nature of risk and to determine the level of risk
25. Risk Appetite: The broad-based amount of risk that DAB is willing to accept in pursuit of
its mission.
26. Risk Assessment: Process of identifying the risks to an institution, assessing the critical
functions necessary for an institution to continue its business operations, defining
the controls in place to reduce organization exposure and evaluating the cost for such controls.
Risk analysis often involves an evaluation of the probabilities of a particular Event.
27. Risk Culture: A system of values and behavior that is present throughout DAB that shape
risk decisions.
28. Risk Governance: Governance refers to the structure and process for the direction and
control of companies. Risk governance applies the principles of good governance to the
identification, assessment, management, and communication of risks. It incorporates the
principles of accountability, participation, and transparency in setting the policies and
structures to make and implement risk related decisions.
29. Risk Management: Coordinated activities to direct and control an organization with regard
to risk.
30. Risk Management Framework: The complete set of components that provide the
foundations and organizational arrangements for designing, implementing, monitoring,
reviewing, and continually improving Risk Management throughout the organization.
31. Risk Management Policy: A statement of the overall intentions and direction of an
organization related to risk management.
32. Risk Management Process: The systematic application of management policies,
procedures and practices to the activities of communicating, consulting, establishing the
context, and identifying, analyzing, evaluating, treating, monitoring, and reviewing risk.
33. Risk Manager: An officer of the Risk Management Department responsible for risk
management of DAB. The position reports to the Director General Risk Management and
Compliance Department.
34. Risk Measurement: The evaluation of the likelihood and extent (magnitude) of a risk.
35. Risk Tolerance: The acceptable variation relative to the achievement of an objective.
36. Strategic Risk: The risk of loss resulting from failure in execution of a business strategy.
37. Threat: A downside, adverse risk event.
38. Uncertainty: The spread in estimates for schedule, cost, performance arising from the
expected range of outcomes.
9
39. Risk Management Committee: A Committee established to propose solutions regarding
the risk management to the Governor and the Executive Board.
10
Chapter 3: Risk & Compliance General Directorate
11
8. Meet quarterly with the Chairman of Risk Management Committee and report on compliance
issues;
9. Manage the day-to-day operations of DAB Compliance department;
10. Manage consolidated internal and external reporting on the status of Compliance Risks and
Compliance frameworks across DAB.
11. In terms of general principles, the first line of defense is the operational department that owns
and should manage the risk affairs. Each department puts in place approved policies and
procedures to ensure systems are secured from AML/CFT risks.
12
4. Monitor the key risks and Key Risks Indicators, report irregularity, escalate risk issues
and recommend corrective actions;
5. Coordinate the set up and maintenance of a Risk Register and other risk information
with clearly defined risk categories and risks;
6. Provide analytical and administrative support to the DAB department in Risk
Assessment and Measurements;
7. Facilitate the integration of Risk Management into daily business operations;
8. Support the implementation of an enterprise-wide Risk Management Process in
accordance with international standards (such as ISO 31000); and
9. Review periodically, under the direction of DG Risk Management and Compliance,
the effectiveness of the Risk Management System in light of changes to its risk profile
and the external risk landscape.
13
3. Schedule and coordinate regular testing of plans;
4. Coordinate the escalation of the risk issues to the Risk Committee, via DG Risk
Management and Compliance, and activation of the BCP; and
5. Coordinate ongoing training, education, and awareness of BCP.
14
Article 22: Tolerable (low Impact)
(1) These risks will hurt DAB operations and reputation, but the damage is recoverable.
(2) DAB Risk Management and Compliance Department will deploy resources to mitigate the
consequences. For example, 1 day delay in processing of payment due to system failure.
15
Article 26: DAB Liquidity Risk Assessment Matrix
(1) Liquidity Risks Identified: DAB has liquidity risk from two front. Liquidity risk from
Afghanistan's domestic currency (Afghanis) and liquidity risk from Foreign exchange reserve
(USD, EURO, GBP). Foreign exchange reserves risk is managed by Risk Section (middle
office) of Market Operations Department. Risk Management and Compliance Department is
responsible to manage the domestic currency liquidity risk.
(2) Liquidity Risk Impact: DAB has a legal monopoly on the printing of Afghanistan's domestic
currency in accordance with Da Afghanistan Bank Law. The repercussions are intolerable. It
is therefore a high risk issue. In order to mitigate this risk, DAB Risk Management and
Compliance will conduct stress testing once a year to ensure that DAB can meet its obligations
and mitigate liquidity risk.
(3) Liquidity Risk Likelihood: The risk that DAB will not be able to meet its domestic currency
obligation is unlikely.
16
(4) Legal Risk Likelihood: It is unlikely that DAB systems might be used for money laundering
or terrorism financing because of its robust compliance program.
17
Article 33: Risk probability
(1) Risk probability is the chance that the risk will occur. By definition, a risk is probability of lose.
Risk Section of Risk Management and Compliance Department will use the following methods
to model risk probability at DAB.
1. Qualitative approach to Risk Probability: In qualitative approach to risk
probability, the risk section of Risk Management and Compliance Department will
assign a rating of low, medium, and high risks based on historical data and past
experiences. This will also include the expertise of the risk management staff.
2. Quantitative approach to Risk Probability: In this approach, a numerical figure will
be assigned to a risk probability. For example, 50% probability will be given 0.5.
Article 34: Risk Impact
Risk impact refers to an estimate of the potential losses associated with an identified risk. During a
risk assessment process, the risk section of Risk Management and Compliance Department will assess
the existing safeguards of DAB and analyze the risks to predict risk impact.
Article 35: Risk Score
(1) Risk score is a calculated number (score) that reflects the severity of a risk due to some factors.
Risk scores are calculated by multiplying probability and impact. In order to calculate risk
score, we need assign a value to each of the probability and impact levels (e.g. 1, 2, 3, 4, and
5). Our matrix now includes these values for each label.
Label Probability Cost Schedule Safety
Very Low: 1 1 in 100 < 1% 1 day Non injury accident
Low: 2 1 in 10 1-5% < 1 week Requires medical attention
Medium: 3 1 in 5 6-10% 2 weeks Requires hospitalization
High: 4 1 in 2 11- 20% 1 month > 1 day work lost
Very High: 5 ≥ 1 in 2 > 20% > 1 month > Fatality
(2) If we had risk that was assessed to have a high probability and medium impact it would land
on the matrix as shown below.
1. The risk score = High (4) x Medium (3) = 12
2. Risk scores can then be further defined into categories such as Catastrophic, Serious,
Moderate, and Low based on the calculated score:
Catastrophic: ≥ 15
Serious: ≥ 10
Medium: ≥ 5
Low: ≤ 4
18
Article 37: Residual Risks
Residual risks refers to the risks that remains after applying the internal controls. These risks are either
unknown, beyond the Control of DAB, or are not very serious.
19
Article 40: Reporting
(1) The Compliance Department shall provide a monthly report to the Risk Management
Committee, and present its findings to the Risk Management Committee on a quarterly basis.
(2) The Compliance Department shall provide daily FTT requests fort the Governor’s signature
(3) The Compliance Department shall provide a weekly FTT transaction summary report to the
Governor.
20
Article 44: Evaluating the Quality of Potential matches
(1) Compliance Managers stationed at DAB departments will evaluate the quality of close of
matches and recommend further action to be taken.
(2) The evaluation will involve determining if the close match is true or false and what further
action shall be taken.
(3) The evaluation of the quality of potential matches is rooted in the amount of information
available in the World Check System and the amount of information DAB is legally authorized
to collect about the customer.
(4) Risk Management and Compliance Department shall collect as much information as possible
and cross check it with the information from the World Check system to improve the quality
of the evaluation of the close matches.
21
(3) The close match for an individual means if the name and surname matches 100%. Then the
compliance team will look at other details such as date of birth and place of birth (nationality).
The compliance team is authorized to collect additional details such as Tax clearance, police
clearance to ascertain the close match is either true to false. The compliance section manager
is responsible to search for adverse media and other details to ensure that the close match is
true or false.
(4) If a close match is true and the person or entity in questioned is UN, OFAC, EU, or DAB
sanctioned entity, then the compliance manager will write a concise report and send to DG
Risk Management and Compliance Department.
(5) At the same time, the compliance manager will report the suspicious transaction to
FINTRACA for further follow and action.
(6) DG Risk Management and Compliance Department update the Governor and/or Executive
Board on regular basis and report to DAB Risk Management Committee quarterly.
22
3. Copy of Tax Identification Number (TIN Certificate) of the entity
4. Copy of police clearance of beneficial owners.
(4) The Compliance Unit, in case of suspicion, can request additional information such as bank
account statements, last year tax clearance certificate to ensure that all auction participants meet
the Federal Reserve and OFAC requirements and that AML/CFT risk is fully mitigated.
23
Chapter 11: Bank Operations Compliance
Article 53: Bank Operations Compliance Section
(1) Compliance Department has a section deployed at Bank Operations Department.
(2) Bank Operations Department pays all government of Afghanistan contractors and civil
servants. All funds going to government contractors through DAB AML/CFT risk.
24
2. All payments coming into Afghanistan are received by DAB Payments Department
and then settled to relevant account in Afghan commercial banks or government
accounts.
(3) Outgoing payments such as telegraphic transfers, letter of credits, and salaries of Afghan
diplomats are compliance checked in Bank Operation Department and then sent to Payments
Department to complete the transactions.
25
Article 63: Enforcement
This Procedure shall be enforced as soon as it is approved by the High Council. Upon the
enforcement of this Procedure, all other risk management procedures and policies shall be null and
void.
26
Attachment No. 1: TTs Template for Natural Persons
Telegraphic Transfer (TT) Checklist - Natural Person
Bank Name: Date:
Result
Item If No/HR
No:
TT Number: Yes No
1 Beneficiary Details:Bank Name: Stop Transaction
2 Account No: Stop Transaction
3 Full Name of the beneficiary: Stop Transaction
4 Address: Pending (ASK)
5 Email: Proceed
6 Contact Number: Pending (ASK)
7 Swift Code (if known): Stop Transaction
8 Date: Stop Transaction
9 Currency: Stop Transaction
10 Amount: Stop Transaction
11 purpose: Pending (ASK)
12 relationship with sender: Proceed
13 World Check: Stop or EDD
14 FinTRACA Watch- List: EDD
15 Country Risk: HR LR Stop or EDD
16 Profession/Occupation: HR LR HR, EDD
17 PEP: Yes No If Yes, EDD
18 Sender's Details: Name: Stop Transaction
19 Address: Stop Transaction
20 Passport/ID Number: Stop Transaction
21 Phone Number: Stop Transaction
22 Email: Proceed
23 Non-resident Customer EDD
24 Ocassional Transaction (Cash Transaction) Proceed if not HR
25 Account Name to be Debited: Stop Transaction
26 Account No: Stop Transaction
27 Verified Request: Pending (ASK)
28 Invoice/ Titlle deed or any other accepted doc Pending (ASK)
29 Is the amount less than 1 Million AFN No, EDD
30 Are the transactions batched: EDD
31 KYC Form: Pending (ASK)
32 Transaction is inline with expected turnover EDD
33 Profession: HR LR HR, EDD
34 World Check: Stop or EDD
35 FinTRACA Watch -List: Stop or EDD
36 Customer Risk*: Stop or EDD
37 Country Risk: Stop or EDD
38 PEP: If Yes, EDD
39 TT Request Form: Pending (ASK)
40 Officers Name:
41 Officers Sign:
42 Managers Name:
43 Managers Sign:
27
Note: Any discrepency or suspecioun should lead to EDD at first.
*As per ML/TF Risk Assessment Guidelines 2019
Attachment No. 2: Telegraphic Transfer Checklist – Legal Person
Telegraphic Transfer (TT) Checklist - Legal Person
Bank Name: Date:
Result
No: Item If No/HR
1 TT Number: Yes No
2 Beneficiary Details: Bank Name: Stop Transaction
3 Account No: Stop Transaction
4 Company Name: Stop Transaction
5 Address: Pending (ASK)
6 Email: Proceed
7 Website: Proceed
8 Contact Number: Pending (ASK)
9 Swift Code (if known): Stop Transaction
10 Date: Stop Transaction
11 Currency: Stop Transaction
12 Amount: Stop Transaction
13 Purpose: Pending (ASK)
14 World Check: Stop or EDD
15 FinTRACA List: Stop or EDD
16 Country Risk: HR LR Stop or EDD
17 PEP: If Yes, EDD
18 Sender's Details: Name: Stop Transaction
19 Address: Stop Transaction
20 Valid License: Stop Transaction
21 Passport (Pr/VP)/Verified Copy Tazkera: Pending (ASK)
22 Phone Number: Pending (ASK)
23 Email: Proceed
24 Ocassional Transaction (Cash Transaction) Ask information
25 Account Name to be Debited: Stop Transaction
26 Account No: Stop Transaction
27 Account Type (Company): Stop Transaction
28 Request Letter (Showing Trans Purpose): Pending (ASK)
29 Invoice/ Contract copy of Central Asian Countries/ IRoA Stop Transaction
30 Are the transactions batched: Ask information
31 Transaction is inline with expected turnover Ask information
32 World Check: Stop or EDD
33 FinTRACA Watch - List: Stop or EDD
34 Customer Risk*: Stop or EDD
35 TT Request Form: Pending (ASK)
36 Officers Name:
Officers Sign:
37
38 Managers Name:
39 Managers Sign:
Note: No transaction should be allowed to UN/FATF and OFAC blacklisted countries/persons. No transaction
should be processed to IRAN and those goods banned by IRoA.
* As per ML/TF Risk Assessment Guidelines 2019
28
Attachment No. 3: Enhanced Due Diligence
Enhanced Customer Due Diligence Requirements
No. Actions
If Sender (Natural Person) Is Considered High Risk
1 Tax Clearance Certificate
2 Documents on Source of Funds (Bank Statement )
3 Ask Bank for Enhanced Monitoring
4 Acknowledgment letter( Purpose of Transaction)
No. Actions
1 Tax Clearance Certificate
2 Documents on Source of Funds (Bank Statement )
3 Ask Bank for Enhanced Monitoring
4 Acknowledgment letter( Purpose of Transaction & Nature of Business)
29
002 001 Ref ID
Bank Operations Department Finance and Accounting and Financial Risk Owner
Supervision Department
30
All domestic currency liquidity demands are Commercial banks can manage their Positive
met on time. reputational and avoid Bank-Run situation. Risk
Response
In a Bank-run situation on all commercial Commercial Banks fail to meets its Negative
banks, DAB has to provide domestic currency obligations and DAB as a lender of last resort Risk
liquidity to help banks meet its obligations. intervenes. Response
Attachment No. 4: Risk Register Template
DAB will provide liquidity to any commercial DAB will provided credit to an failing Response
banks in a problem. commercial bank as a lender of last report. Description
The Bank asset may not generate enough
money to cover DAB credit and cause credit
risk for DAB.
DAB is responsible to provide domestic DAB intervention in case of failure is very Response
currency liquidity. essential. Impact
004 003
Unlikely possible
DAB Risk Management and Compliance DAB systems are updated and checked.
Departments has deployed dedicated unties to Moreover, DAB Risk Management and
monitor all payments going out and coming Compliance Department has developed a
into DAB. All the transactions are monitored. Business continuity and Disaster Recovery
plan to minimize the disruption in operations.
31
AML/CFT Laws, regulations and international There is no delay of more than two hour in all
standards are implemented. DAB operations.
AML/CFT law, regulation, or international DAB Operations are suspended for more than
standards are validated. 1 working day.
Risk Management and compliance department DAB Market Operation, Bank Operations and
checks each and every transaction going Payment Departments work closely with Risk
through DAB systems. Management and Compliance Department to
identify any operational deficiencies and
mitigate the operational risk in a timely
manner.
DAB is compliant with AML/CFT law, DAB is able to mitigate its operational risks
regulations. efficiently and effectively.
Attachment No. 5: Credit Risk Assessment Matrix
Credit Risk Assessment Matrix
Scale of Severity
Acceptable Tolerable Intolerable
Unlikely
32
Attachment No. 6: Liquidity Risk Assessment Matrix
High Risk
Possible
Likely
33
Attachment No. 7: Operational Risk Assessment Matrix
34
Attachment No. 8: Legal Risk Assessment Matrix
35
Attachment No. 9: Risk Assessment Checklist Farmat
GOVERNANCE
6. Reporting mechanisms
OPERATION
5. Effectiveness
6.Limitation of competence
CAPACITY BUILDING
1. General education
2. Specialized education
36
6. Specialized education (long term)
7. Employee abilities
DEVELOPMENT ACTIVITIES
2. Performance
2. Effectiveness
37
Attachment No. 10: Risk Assessment Timetable
38
The above pleanTIMETABLE FOR RISK
is changeable accourding ASSESSMENT
to the annual work plan. ( )
Completion of quationairs
Interviw
Document analysis
Report perepration
DATA COLLECTION
COMPLETION OF QUATIONAIRS
INTERVIW
DOCUMENT ANALYSIS
39
REPORT PEREPRATION
40
Problems in the workplace
(Internal External)
The following section is filled by the staff of the General Administration of Risk and in compliance
with the law of the house.
Name
Date
41