CIRCULAR

GUIDING IMPLEMENTATION OF THE LAW ON ANTI-MONEY LAUNDERING

Pursuant to the Law on State Bank of Vietnam Dated June 16, 2010;

Pursuant to the Law on Anti-Money Laundering dated November 15, 2022;

Pursuant to Decree No. 102/2022/ND-CP dated December 12, 2022 of the Government on functions, tasks, powers, and organizational structure of the State Bank of Vietnam;

At request of Chief Banking Inspector and Supervisor;

The Governor of State Bank of Vietnam promulgates Circular guiding implementation of the Law on Anti-Money Laundering.

Article 1. Scope

...

...

...

Article 2. Regulated entities

1. Financial institutions

2. Organizations and individuals engaging in relevant non-financial professions.

3. Vietnamese organizations, individuals, foreign organizations, foreigners, international organizations trading with financial institutions, organizations, individuals engaging in relevant non-financial professions.

4. Other organizations and individuals relating to anti-money laundering.

Article 3. Criteria and method for assessing money laundering risks of reporting entities

1. Assessment criteria of money laundering risks of reporting entities include money laundering probability criteria and viability of internal policies, regulations regarding AML in reporting entities.

2. Money laundering probability criteria include probability criteria in business environment of reporting entities and risk criteria from business activities of reporting entities, to be specific:

a) Probability criteria in business environment of reporting entities include money laundering probability in business sectors; countries, territories where reporting entities are operating according to results of national risk assessment on money laundering and are determined by reporting entities;

...

...

...

3. Viability of internal policies and regulations on AML in reporting entities include coverage of internal policies, regulations on AML and effectiveness of those internal policies and regulations, to be specific:

a) Coverage of internal policies and regulations on AML in reporting entities includes adequacy of internal policies and regulations on AML; level of compliance with regulations and law on AML; level of compliance with money laundering risk levels of reporting entities; periodic review of internal policies and regulations to adhere to amendments of regulations of the law and practical operation situation;

b) Effectiveness of internal policies and regulations on AML in reporting entities include effectiveness of AML measures; level of understanding and compliance with professional rules, standards of leaders and employees whose responsibilities are related to AML; effectiveness of AML management.

4. Assessment method for money laundering risks shall be score-based method. Score-based method is a method where each criterion under Clause 2 and Clause 3 of this Article is given a score, to be specific:

a) Score of each criterion under Clause 2 of this Article shall be determined on a scale from 1 to 5 where a lower score translates to a lower probability of money laundering;

b) Score of each criterion under Clause 3 of this Article shall be determined on a scale from 1 to 5 where a lower score translates to a higher viability of internal policies and regulations on AML;

c) Weighting factor of each criterion under Clause 2 and Clause 3 of this Article shall be percentage (%) determined by importance of each criterion in AML. Reporting entities shall determine weighting factor based on operational scale, scope, and characteristics;

d) Score of money laundering probability shall be determined by calculating total score of criteria under Point a of this Clause multiplied by weighting factor under Point c of this Clause. Money laundering probability is low if final score is equal to or less than 1; moderate-low if final score is greater than 1 and equal to or less than 2; moderate if final score is greater than 2 and equal to or less than 3; moderate-high if final score is greater than 3 and equal to or less than 4; high if final score is greater than 4 and equal to or less than 5;

dd) Score of viability of internal policies and regulations on AML shall be determined by calculating total score of each criterion relating to viability of internal policies and regulations on AML under Point b of this Clause multiplied by weighting factor under Point c of this Clause. Level of viability of internal policies and regulations on AML is high if final score is equal to or less than 1; moderate-high if final score is greater than 1 and equal to or less than 2; moderate if final score is greater than 2 and equal to or less than 3; moderate-low if final score is greater than 3 and equal to or less than 4; low if final score is greater than 4 and equal to or less than 5;

...

...

...

5. Information and data shall be collected for the purpose of assessing and updating money laundering risks of reporting entities from January 1 to December 31 inclusive of assessing, updating year. Reporting entities must complete reports on assessment and update on money laundering risks by March 31 of the following year.

Article 4. Money laundering risk management and customer risk ratings

1. Based on money laundering risk assessment and update results under Article 3 hereof, reporting entities shall develop and promulgate internal money laundering risk management procedures. Money laundering risk management procedures must be a step-based process appropriate to operational scale, scope, and characteristics of reporting entities which serves to manage money laundering risks. Money laundering risk management procedures must contain:

a) Scope and objectives of money laundering risk management;

b) Identified and evaluated impact level of money laundering risks at reporting entities;

c) Low, moderate, high customer risk ratings which are determined by reporting entities based on: customers; products, services used or to be used by customers; geographic locations of customers’ residence or head office and other factors depending on practical situations, and stated under risk management procedures;

d) Procedures for identifying and assessing money laundering risks before providing new products and services; existing products and services applying new, innovative technology;

dd) Risk management procedures for executing, rejecting, suspending, controlling post-transaction, reviewing, reporting suspicious transactions for electronic fund transfers that contain inaccurate or inadequate required information;

e) Measures taken corresponding to customer risk ratings, including customer identification information update and verification frequency, level of supervision of customers’ transactions corresponding to money laundering risk levels, simplified due diligence and enhanced due diligence under Clause 2 and Clause 5 of this Article.

...

...

...

a) Not collecting information on purpose, nature of business relationship if the purpose and nature of business relationship have been identified via transactions or other established business relationships;

b) Reducing update frequency of customer identification information compared to that of customers with moderate customer risk ratings;

c) Reducing supervision level of customers’ transaction compared to that of customers with moderate customer risk ratings.

3. Reporting entities are not allowed to adopt simplified due diligence in situations that involve suspicions relating to money laundering.

4. In regard to customers with moderate customer risk ratings, reporting entities must adopt customer due diligence measures in accordance with the Law on Anti-money Laundering and Decree of the Government elaborating the Law on Anti-money Laundering.

5. In regard to customers with high customer risk ratings, in addition to adoption of customer due diligence under the Law on Anti-money Laundering and Decree of the Government elaborating the Law on Anti-money Laundering, reporting entities are required to adopt enhanced due diligence, including:

a) Approval of management level that is at least a level higher than the management level which approves adoption of enhanced due diligence is required for the case where customers with moderate customer risk ratings establish or continue business relationship with customers with high customer risk rating;

b) Collect, update, verify additional information of individual customers to serve customer risk rating evaluation and management. The information includes: Average monthly income of customers in the last 6 months prior to the date of evaluation; contact information of agencies, organizations, heads of workplace or locations where the customers earn their primary income (if any); information relating to origin of money or assets in customers’ transactions;

c) Collect, update, verify additional information of organization customers to serve customer risk rating evaluation and management. The information includes: Industry, services that generate primary revenues; total revenues in last 2 years prior to the date of evaluation; information relating to origin of money or assets in customers’ transactions;

...

...

...

dd) Implement enhanced monitoring for customers’ transactions made via reporting entities, business relationships by applying control measures and selecting transaction samples to inspect, ensure that customers’ transactions conform to objectives and purpose of business relationships between customers and reporting entities and business activities of customers; promptly discover signs of suspicions and consider reporting suspicious transactions;

e) Increase update frequency of customer identification information compared to that of customers with moderate customer risk ratings.

Article 5. Internal regulations on AML

Internal regulations on AML of reporting entities under Points b, c, e, g, h, i, and k Clause 1 Article 24 of the Law on Anti-money Laundering include:

1. Customer identification procedures which include collecting, updating, verifying information in accordance with anti-money laundering laws and regulations on situations during identification, identification information, and update; classification of responsibilities for identifying customers based on risk levels and operational scale, scope, characteristics of reporting entities.

2. Money-laundering risk management procedures in reporting entities must include details under Clause 1 Article 4 hereof.

3. Regulations on information storage and security according to Article 38, Article 40 of the Law on Anti-money Laundering.

4. Regulations on adoption of temporary measures according to Article 44 of the Law on Anti-money Laundering and Decree of the Government elaborating the Law on Anti-money Laundering.

5. Regulations on reporting and informing the State Bank of Vietnam (hereinafter referred to as “SBV”) and competent authority, including regulations on report and communication procedures, methods which satisfy regulations on report deadline and contents.

...

...

...

7. AML training and advanced training, including: regulations of the law and internal regulations on AML; responsibilities in case of failure to adhere to regulations of the law or internal regulations on AML; money laundering schemes; money laundering risks relating to products and services; tasks assigned to leaders and employees.

8. Internal audit in anti-money laundering, including: independently and objectively inspecting, reviewing, and evaluating internal audit system, compliance with internal regulations and regulations of the law on AML; proposing solutions for improving effectiveness of money laundering countermeasures. Internal audit for AML can be done separately or together with other operations as long as the internal audit must be presented separately under audit report. If reporting entities are not required to perform internal audit as per the law, reporting entities must control compliance with internal regulations and regulations of the law on AML.

9. Responsibilities of relevant individuals and departments in implementation of money laundering countermeasures must ensure that:

a) At least one manager of reporting entities or one individual authorized by managers of reporting entities is assigned to be responsible for organizing, directing, and inspecting compliance with regulations on AML (hereinafter referred to as “AML compliance officer”);

b) Depending on operational scale, scope, and characteristics, reporting entities must establish specialized units (department, ward, group) or designate existing units to oversee AML compliance or designate AML compliance officers in their head office; assign one or several individuals, units to responsible for AML in branches and subsidiaries of reporting entities relevant to AML operations (if any).

10. Reporting entities are responsible for:

a) on an annual basis, providing AML training for leaders and employees whose operations are relevant to AML (including employees assigned with tasks directly relating to trading in money, assets with customers);

b) on an annual basis, updating regulations of AML laws, policies, risk management procedures appropriate to AML risk management results in reporting entities and practical situations in order to evaluate internal regulations and consider amendment, replacement accordingly; sending internal regulations on AML to authority exercising AML tasks affiliated to the SBV (hereinafter referred to as “AML authority”) within 30 days from the date on which AML internal regulations are promulgated, amended, or replaced;

c) on an annual basis, sending internal audit reports on AML in reporting entities to AML authority within 60 days from the date on which a financial year ends except for reporting entities that are not required to perform internal audit as per the law;

...

...

...

dd) informing AML authority in writing when information under Point d Clause 10 of this Article is changed within 15 days from the date on which the information is changed.

11. Reporting entities that are micro-enterprises and individuals shall promulgate internal regulations on AML which include Clauses 1, 2, 3, and 4 of this Article and Points a, dd Clause 1 Article 24 of the Law on Anti-money Laundering.

Article 6. Reporting of large transactions

1. Reporting entities are responsible for reporting large transactions in accordance with Clause 1 Article 25 of the Law on Anti-money Laundering to AML authority via electronic means in accordance with Clause 1 Article 10 hereof or via physical means in accordance with Appendix I attached hereto if compatible information technology system has not been established to facilitate reporting.

2. If customers make large cash deposits in foreign currency to purchase VND or make large cash deposits in VND to purchase foreign currency, only cash deposits are reported.

Article 7. Reporting of suspicious transactions

1. Reporting entities are responsible for reporting suspicious transactions to AML authority in accordance with Article 26 of the Law on Anti-money Laundering. Reports shall be produced via physical means in accordance with Appendix II attached hereto or electronic means once compatible information technology system has been established to facilitate electronic reporting in accordance with Clause 1 Article 10 hereof except for cases where reports are sent to other competent state authorities in accordance with Clause 3 Article 37 of the Law on Anti-money Laundering.

2. Reporting of suspicious transactions under Article 26 of the Law on Anti-money Laundering does not depend on value of the transactions nor whether the transactions have completed or not.

3. AML authority are responsible for verifying that they have received reports on suspicious transactions sent to personal or unit email address in accordance with Point b Clause 9 Article 5 hereof or that they have received reports on suspicious transactions sent physically within 5 working days from the date on which they receive the reports; discussing arising issues with reporting entities (if any).

...

...

...

Article 8. Electronic funds transfer

1. Financial organizations engaging in electronic funds transfer include:

a) Transmitting organizations mean financial organizations that create electronic funds transfer order and transfer on behalf of requesting individuals;

b) Intermediary organizations mean financial organizations that receive and relay electronic funds transfer order on behalf of transmitting organizations and destination organizations or on behalf of other intermediary organizations;

c) Destination organizations mean financial organizations that receive electronic funds transfer from transmitting organizations or via intermediary organizations and transfer to beneficiaries.

2. Domestic transmitting organizations are only allowed to engage in electronic funds transfer if electronic funds transfer order contains adequate information in accordance with regulations on cashless payment and foreign exchange administration.

3. Domestic intermediary organizations engaging in electronic funds transfer must:

a) Develop solutions for identifying electronic funds transfers that do not contain adequate information according to regulations on cashless payment and foreign exchange administration;

b) Adopt appropriate measures which include rejecting or suspending transactions or adopt post-transaction control measures or review, report suspicious transactions in regard to electronic funds transfers that do not contain adequate information according to regulations on cashless payment and foreign exchange administration.

...

...

...

a) Develop solutions for identifying electronic funds transfers that do not contain adequate information according to regulations on cashless payment and foreign exchange administration;

b) Adopt appropriate measures which include rejecting or suspending transactions or adopt post-transaction control measures or review, report suspicious transactions in regard to electronic funds transfers that do not contain adequate information according to regulations on cashless payment and foreign exchange administration.

Article 9. Reporting of electronic funds transfer

1. Reporting entities are responsible for collecting information under Clause 3 of this Article and reporting to AML authority via electronic means according to Clause 1 Article 10 hereof when executing electronic funds transfer which falls under any of the cases below:

a) Electronic funds transfer where all participating financial organizations under Clause 1 Article 8 hereof are located in Vietnam (hereinafter referred to as “domestic electronic funds transfer”) and minimum transfer value is 500.000.000 VND or in equivalent value in foreign currency.

b) Electronic funds transfer where at least one participating financial organization under Clause 1 Article 8 hereof are located outside of Vietnam (hereinafter referred to as “international electronic funds transfer”) and minimum transfer value is 1.000 USD or in equivalent value in other foreign currency.

2. Reporting entities that are intermediary organizations in electronic funds transfer are not required to produce report in accordance with Clause 1 of this Article.

3. Report on electronic funds transfer must contain:

a) Information on transmitting organizations and destination organization, including: business name of the organizations or trading branches; address of head office (or bank identification code for domestic electronic funds transfer or swift code for international electronic funds transfer); destination and transmitting countries;

...

...

...

c) Information on customers that are organizations engaging in electronic funds transfer: full business name and abbreviations (if any); head office address; establishment license or enterprise identification or tax identification number; countries where head office of these organizations are located;

d) Information on transactions: account number (if any): amount; type of currency; amount converted to VND (if the money transferred is in foreign currency); reason and purpose of transactions; code of transaction; date of transaction;

dd) Other information requested by AML authority for the purpose of AML from time to time.

4. Information regarding date of birth, ID Card or Citizen ID Card or Personal Identification or Passport or visa (if any) number under Point b Clause 3 of this Article; establishment license or enterprise identification or tax identification number under Point c Clause 3 of this Article is not required for:

a) Beneficiaries in international electronic funds transfer where money is transferred from Vietnam to other countries;

b) Transmitting individuals in international electronic funds transfer where money is transferred to Vietnam from other countries.

5. Electronic funds transfer that is not required to be reported include:

a) Transactions originating from services that involve the use of debit cards, credit cards, or pre-paid cards to pay for goods and services;

c) Transactions and payments between financial institutions where both transmitters and beneficiaries are financial institutions.

...

...

...

1. Format of electronic report

a) Reporting entities shall establish transmission and connect to communication network with the SBV via Department of Information Technology in order to send report and communicate about AML;

b) Electronic reports shall be sent via transmission and communication network under Point a of this Clause. Electronic reports must comply with instructions of AML authority in terms of format and file structure;

c) Reporting entities allowed to implement electronic funds transfer must develop appropriate information technology system to facilitate electronic report and software system to screen, filter by blacklists, greylists, politically exposed persons (PEPs) under Clause 9, Clause 10 Article 3 and Clause 1 Article 17 of the Law on Anti-money Laundering, detect and issue warnings for signs of suspicions in order to prevent money laundering.

2. Time limit of electronic report: reporting entities must send reports on large transactions and reports on electronic funds transfer before 4:00 p.m. of the working day following the date on which such transactions occur. If days on which reports are supposed to be sent are holidays, New Year holidays, or weekends, the reports shall be sent on the next working days following said holidays, New Year holidays, and weekends.

3. Revision to electronic reports:

a) If reporting entities fail to submit adequate reports, they must submit written presentation and additional reports within 1 working day from the date on which AML authority issues written confirmation. If information and data under reports submitted to AML authority is inaccurate, reporting entities must produce physical or electronic presentations document and submit revised reports within 1 working day from the date on which inaccurate details are found;

b) If reporting entities receive notice of AML authority regarding inadequacies of the reports, reporting entities must send physical or electronic presentation documents and submit revised reports within 7 working days from the date on which they receive the notice;

c) If reporting entities receive notice of competent authority regarding review and revision to the reports, reporting entities must inform AML authority and issue written presentation, send revised reports after obtaining written confirmation of AML authority.

...

...

...

Article 11. Entry into force

1. This Circular comes into force from July 28, 2023, except for cases under Clause 2 of this Article.

2. Regulations on money laundering risk management under Clause 2 Article 5, regulations on reporting of large transactions under Article 6, regulations on reporting of electronic funds transfer under Article 9, and suspicious transaction report forms under Appendix II attached hereto come into force from December 1, 2023. Until the date on which Clause 2 Article 5, Article 6, Article 9, and Appendix II attached hereto become effective, reporting entities shall comply with regulations on risk management procedures, reporting of large transactions, reporting of electronic funds transfer, suspicious transaction reports forms under Clause 2 Article 3a, Article 5, Article 7, Article 10, Form No. 1 under Circular No. 35/2013/TT-NHNN dated December 31, 2013 of the Governor of State Bank of Vietnam guiding implementation of regulations on anti-money laundering (amended by Clause 3 Article 1 of Circular No. 31/2014/TT-NHNN dated November 11, 2014 of Governor of the State Bank of Vietnam on amendment to Circular No. 35/2013/TT-NHNN and Clause 2, Clause 4 Article 1 of Circular No. 20/2019/TT-NHNN dated November 14, 2019 of Governor of the State Bank of Vietnam on amendment to Circular No. 35/2013/TT-NHNN).

3. Circulars below shall expire from the effective date hereof under Clause 1 of this Article:

a) Circular No. 35/2013/TT-NHNN dated December 31, 2013 of the Governor of State Bank of Vietnam, except for regulations on reporting of large transactions, reporting of electronic funds transfer, suspicious transaction report forms under Article 5, Article 7, Article 10, Form No. 1 which expire from December 1, 2023;

b) Circular No. 31/2014/TT-NHNN dated November 11, 2014 of the Governor of State Bank of Vietnam, except for regulations on reporting of electronic funds transfer under Clause 3 Article 1 which expire from December 1, 2023;

c) Circular No. 20/2019/TT-NHNN dated November 14, 2019 of Governor of State Bank of Vietnam, except for regulations on risk management procedures and electronic funds transfer under Clause 2, Clause 4 Article 1 which expire from December 1, 2023.

Article 12. Responsibilities for organizing implementation

1. Chief of Office, Chief Banking Inspector and Supervisor, heads of AML authority, heads of entities affiliated with SBV, and organization reporting entities are responsible for organizing implementation of this Circular.

...

...

...

PP. GOVERNOR
DEPUTY GOVERNOR




Pham Tien Dung