Introduction
On 28 July 2023, the State Bank of Vietnam (SBV) introduced Circular No. 09/2023/TT-NHNN (Circular 09), which came into force on 27 July 2023. Circular 09 guides the implementation of Vietnam's recent Law on Anti-Money Laundering, passed in 2022 (the AML Law). Circular 09 provides more comprehensive guidelines pertaining to the evaluation of:
• money laundering risk;
• methods for assessment;
• procedures for managing risk and internal rules; and
• internal rules and mechanisms for reporting substantial or suspicious transactions, especially electronic funds transfer (EFT).
Circular 09 aims to bolster compliance with anti-money laundering (AML) measures applied to financial organisations.
Reporting obligations for EFT
Circular 09 has introduced types of financial institutions engaged in EFT, comprising:
• initiating institutions (ie, entities originating transfer orders on behalf of clients);
• intermediary institutions (ie, institutions that receive and transmit transfer orders between initiating and beneficiary institutions); and
• beneficiary institutions (ie, institutions that receive transfer orders and disburse funds to recipients).
Consequently, specific conditions have been placed upon local institutions involved in EFT processing:(1)
• Initiating institutions must contain complete and accurate information, adhering to regulations on cashless payment and foreign exchange.
• Intermediaries institutions and beneficiaries must possess a mechanism to identify non-compliant transfers as per regulations on cashless payment and foreign exchange. They may reject, suspend or implement post-transaction control measures or report such non-compliant transfers as suspicious transfers.
Circular 09 has also clarified the threshold at which EFTs must be reported to the SBV.(2) These are:
• EFTs of 500 million Vietnamese dongs (approximately $20,000) or higher. This is applicable with EFTs involving financial institutions located only in Vietnam.
• EFTs of $1,000 or higher. This is applicable with EFTs involving at least one overseas financial institution.
In this context, financial institutions need to file a report consisting of at least the following:
• initiating and beneficiary institutions;
• individual and corporate customers; and
• transaction details such as account numbers, currency, date and purpose of transaction.
Certain customer identification details (ie, date of birth, identity card or passport number, business registration number or enterprise tax code) are not required for beneficiaries of outbound transfers from Vietnam. They are also not required for individuals transferring from overseas to Vietnam.
On the other hand, these reporting obligations do not extend to the following scenarios:
• intermediary financial institutions engaged in e-transaction;
• transactions stemming from debit or credit card payments or pre-paid cards to pay for the purchase of goods or services; and
• transactions occurring between transmitters and beneficiaries that are both financial institutions.
Assessing and managing money laundering risks
As further guidance on obligations of assessing and managing money laundering risks under the AML Law, the SBV has set out specific criteria and methods for reporting entities to adhere to. In particular, reporting entities must conduct an annual risk assessment covering a full calendar year and submit results to the SBV no later than 31 March of the subsequent year. Based on the risk assessment results, reporting entities are required to develop and implement internal risk management procedures appropriate for their scale and operations with certain minimum contents.(3) This will classify customers into low, moderate and high money-laundering probability based on such factors as:
• customers;
• products;
• services used or to be used by customers;
• geographic locations of customers' residence or head office; and
• other factors depending on practical situations.
Internal AML regulations
Circular 09 delineates the minimum contents of internal regulations for AML compliance by reporting entities. Other than standard contents under the AML Law,(4) Circular 09 sets out more detailed responsibilities of relevant individuals and departments in the implementation of money laundering countermeasures:(5)
• With regard to customers with high customer risk ratings, financial organisations are required to adopt enhanced due diligence, including:
o requesting the approval of management level that is at least a level higher than the management level which approves adoption of enhanced due diligence when customers with moderate customer risk ratings establish or continue business relationships with customers with high customer risk ratings;
o collecting, updating and verifying additional information of individual customers to serve customer risk rating evaluation and management. The information includes an average of the monthly income of customers in the last 6 months prior to the date of evaluation, as well as the contact information of agencies, organisations, heads of workplace or locations where the customers earn their primary income (if any). It also includes information relating to the origin of money or assets in customers' transactions; and
o collecting, updating, verifying additional information of organisation customers to serve customer risk rating evaluation and management. The information includes industry, services that generate primary revenues, total revenues in last two years prior to the date of evaluation, as well as information relating to the origin of money or assets in customers' transaction.
• An internal audit for AML can be done separately or together with other operations as long as the internal audit must be presented separately under audit report.
• The responsibilities of individuals and departments include:
o appointing compliance officers;
o establishing dedicated AML units or personnel; and
o assigning to one or several individuals units responsible for AML in branches and subsidiaries of reporting entities relevant to AML operations.
• The duties of reporting entities include:
o conducting annual staff training;
o submitting internal regulations and audit reports to the SBV within specified timeframes; and
o informing the SBV of any changes in contact details of responsible personnel and similar information.
These new regulations will make financial institutions pay more attention to AML laws when providing financial services to customers. Specifically, when carrying out know-your-customer checks, customers will have to provide more details (eg individual customers will need to share their average monthly income over the previous six months, and business customers will need to provide their total revenue for the previous two years).
Additionally, financial institutions must update their internal structures to prevent money laundering. When dealing with customers that pose a high risk of money laundering, they will need higher approval levels than other customer groups. Furthermore, financial institutions may need to assign a department or an officer responsible for anti-money laundering at their branches and subsidiaries. However, it needs to be clarified whether they need to appoint an officer or department for each branch and subsidiary or if one officer or department can oversee anti-money laundering across all branches and subsidiaries.
Comment
Circular 09 represents a major milestone in formalising Vietnam's anti-money laundering framework and addressing deficiencies identified in mutual evaluation reports, whereby playing its part in detecting and deterring money laundering, terrorist financing and other financial crimes. Such key aspects as risk-based customer due diligence, reporting obligations, and internet technology systems will significantly strengthen AML supervision and bring Vietnam closer to international standards. In particular, the risk-based approach is a major shift away from one-size-fits-all rules. Financial institutions must now gather intelligence on customers, products and jurisdictions to classify and mitigate risks.
On the other hand, these rigorous guards will tighten the process of money transfer of individuals and organisations, including transfers within Vietnam, inbound and outbound transfers. Furthermore, more stringent regulations will entail greater compliance costs for reporting entities, including expenses related to staff training, system upgrades and the establishment of AML units or personnel. The true test lies in effective execution by reporting entities, including reviews of existing policies, procedures, and systems to identify gaps against requirements under Circular 09. However, it needs to be clarified whether financial organisations need to appoint an officer or department for each branch and subsidiary, or if one officer or department can oversee anti-money laundering across all branches and subsidiaries.
Endnotes
(1) Article 8 of Circular 09.
(2) Article 9 of Circular 09.
(3) Article 4.1 of Circular 09.
(4) Article 24 of the AML Law.
(5) Article 5 of Circular 09.
*Disclaimer: This Briefing is for information purposesonly. Its contents do not constitute legal advice and should not be regarded asdetailed advice in individual cases. For legal advice, please contact our Partners.