News
Anti-Money Laundering and Counter-Financing of Terrorism -
04-Mar-2025
Dr. Talal Abu-Ghazaleh
This section describes the reporting accountant’s responsibility for the AML/CFT-related record maintenance and retention. It is recognized that a “one-size-fits-all approach” does not work well for all reporting entities. However, consistent with his respective obligations, pursuant to the AML/CFT Law, the accountant shall keep records, documents, and evidence supporting his compliance with such obligations. In practice, the accountant (auditor) shall keep records as evidence of his compliance with the AML/CFT Law and its Implementing Regulations, specifically adopting and implementing the risk-based approach to mitigate risks, conduct CDD measures, and ongoing monitoring. Such records include but not limited to:
- Documents and data obtained through CDD measures.
- Account files.
- Business correspondence with the customer.
- Results of the STRs analysis undertaken.
Transaction records should be sufficient to permit reconstruction of individual transactions so as to provide, if necessary, evidence for prosecution of criminal activity. As such, record-keeping enables detecting money launderers and terrorism financiers and provides material evidence that can be traced by competent authorities in order to prosecute and track illicit actors.
1. How Long Should Reports be Kept for?
The accountant/auditor should be required to maintain all necessary records on transactions, both domestic and international, for at least 10 years following the completion of the transaction. The auditor should be required to keep all records obtained through CDD measures, account files and business correspondence, and results of any analysis undertaken, for at least 10 years following the termination of the business relationship or after the date of the occasional transaction.
Auditors must retain records beyond the end of the ten-year period mentioned above:-
- If they have filed with the FIU a suspicious transaction report relating to the applicant for business or customer.
- If they know that the applicant for business or customer is under investigation by law enforcement or judicial authorities for issues related to money laundering or terrorism financing.
Auditors should ensure that all CDD records, data, and documents on transactions and operations are available without delay to the competent authorities upon request. Auditors should also establish proper systems to ensure prompt response to the requests of the competent authorities.
2. Where Should Reporting Records be Located?
Records related to internal and external SARs of suspicious activity are not part of the working papers relating to client assignments. They should be stored separately and securely as a safeguard against tipping off and inadvertent disclosure to someone making routine use of client working papers.
3. What Do Businesses Need to Do Regarding Third-party Arrangements?
A business may arrange for another organization to perform some of its AML-related activities – CDD or training, for example. In this case, it must also ensure that the other party’s record-keeping procedures are good enough to demonstrate compliance with the MLTF obligations, or else, it must obtain and store copies of the records for itself. It must also consider how it would obtain its records from the other party should they be needed, as well as what would happen to them if the other party ceased trading.
4. What are the Requirements Regarding the Deletion of Personal Data?
Regulations may require that once the periods specified in point No. 1 of this guidance have expired, the business deletes any personal data unless:
- The business is required to retain it under statutory obligation, or
- The business is required to retain it for legal proceedings, or
- The data subject has consented to the retention.
The businesses are not required to keep any records for more than 10 years after the end of the business relationship.