VLP Legal Press #36: Reporting Entity under Anti-money Laundering and Combating the Financing of Terrorism Law

Cambodia's economic landscape has evolved considerably over the past decade, marked by growing foreign investment, a maturing banking sector, and closer alignment with international regulatory standards.

A key part of that change is the Law on Anti-Money Laundering and Combating the Financing of Terrorism, enacted in 2020 (β€œAML Law”) to strengthen transparency and bring Cambodia's anti-money laundering framework in line with global best practice.

While banks and large financial institutions are widely known to fall under this law, many other businesses and professionals may not realize they also qualify as "reporting entities" with real legal obligations.

This article breaks down who is covered, what's required, and why it matters.

1.Who qualifies as a "reporting entity" under the AML Law?

A reporting entity is a person or organisation that is legally required to comply with obligations under the AML Law, such as conducting customer due diligence (CDD), maintaining records, and reporting suspicious transactions.

Article 4 of the AML Law identifies the following as reporting entities:

πŸͺ™Financial sector entities:

  • Banks and branches of foreign banks

  • Non-bank financial institutions, including securities firms and insurance companies

  • Microfinance institutions

  • Credit cooperatives

  • Leasing companies, investment funds, pension funds, investment companies, and fund management companies

  • Currency exchange businesses

  • Money remittance service providers

πŸ’ΌNon-financial businesses and professions:

  • Trusts

  • Real estate agents, property developers, and businesses dealing with land and buildings

  • Dealers in precious metals, precious stones, and gems

  • Postal operators providing payment services

  • Lawyers, notaries, accountants, auditors, investment advisers, and asset managers when they prepare for or carry outcertain financial or commercial transactions on behalf of clients

  • Casinos and other gambling businesses

  • Non-governmental organizations (NGOs) and foundations that engage in business activities or fundraising

πŸ₯… Catch-all:

  • Any other persons or professions designated by the Cambodia Financial Intelligence Unit (CAFIU).

☝🏻When do lawyers and other professionals become reporting entities?

Lawyers, notaries, accountants, auditors, investment advisers and asset managers are not reporting entities merely because of their profession. They become reporting entities only when they prepare for or carry out one or more of the following transactions on behalf of a client as stated in Article 5 of the AML Law:

  • buying or selling real estate;

  • managing client money, securities or other assets;

  • managing bank or securities accounts;

  • organizing contributions for the creation, operation or management of companies;

  • creating, operating or managing legal persons or legal arrangements, or buying or selling business entities; or

  • providing trust or company services, such as:

    • forming companies;

    • acting as, or arranging for another person to act as, a company director, company secretary or partner;

    • providing a registered office or business address;

    • acting as, or arranging for another person to act as, a trustee of an express trust; or

    • acting as, or arranging for another person to act as, a nominee shareholder.

In other words, it is the nature of the services provided and not the professional title that determines whether AML obligations apply. For example, a lawyer who is only drafting a contract, providing legal advice or representing a client in court would generally not be acting as a reporting entity for those activities.

2. What compliance obligations apply to reporting entities?

Once a business or professional falls within the definition of a reporting entity, the AML Law imposes a set of continuing legal duties.

These duties are not optional, and they do not depend on whether the business has ever encountered a suspicious client. They are mandatory and apply from the moment the relationship with a customer begins, and in some cases they continue for years after that relationship has ended.

The obligations can be grouped into 5 broad categories.

πŸ“ƒKnowing your customer - customer due diligence

Customer due diligence is one of the core obligations stated in Article 8 of AML Law.

The AML Law adopts what it calls a risk-based approach. This means a reporting entity is expected first to assess and understand its own exposure to money laundering and terrorist financing. Where the risk is high, enhanced measures are required; where the risk is genuinely low, simplified measures may be applied.

When to conduct CDD? CDD must be carried out at four points:

  1. Before establishing a business relationship. For example, opening an account or entering into any other ongoing business dealing;

  2. Before carrying out an occasional or one-off transaction at or above the threshold of KHR40,000,000 or foreign currency equivalent, set by CAFIU ;

  3. Whenever there is a suspicion of money laundering or terrorist financing, regardless of the amount involved;

  4. Whenever there is doubt about the accuracy or adequacy of information previously obtained.

What happens if CDD cannot be conducted? Two consequences follow if due diligence cannot be completed. First, the reporting entity must not proceed: it should decline to open the account, decline to commence the relationship, or terminate an existing relationship. Second, it should consider filing a suspicious transaction report. If completing the due diligence would itself alert the customer to the entity's suspicions, the entity may stop the process and report the matter instead.

Two sector-specific points are worth noting:

  1. Real estate agents, companies and developers must apply the full due diligence requirements to any transaction involving the purchase or sale of immovable property with no monetary threshold.

  2. Dealers in precious metals, stones and gems, and casinos and gambling institutions must apply them to transactions at or above the threshold set by CAFIU as follows:

    • KHR60,000,000 or foreign currency equivalent (for dealers in precious metals, stones and gems; and

    • KHR12,000,000 or foreign currency equivalent for casinos and gambling instituions.

⚠️ Special attention to higher-risk activity and prohibited accounts

The AML Law requires reporting entities to pay particular attention to certain categories of business, and to seek additional information as to the origin and destination of the money, the purpose of the transaction and the identity of the transacting parties. These categories include:

  • complex, unusual or unusually large transactions;

  • unusual patterns of transactions with no apparent economic or lawful purpose;

  • dealings with institutions or persons in jurisdictions lacking adequate AML/CFT systems;

  • wire transfers that do not contain complete originator information;

  • relationships established without any face-to-face contact;

  • dealings with politically exposed persons; and

  • cross-border correspondent banking or similar relationships.

Additionally, reporting entities may not open or maintain anonymous accounts, numbered accounts, or accounts in obviously fictitious names. Nor may they issue, keep or accept any financial product where due diligence has not been carried out.

🏒 Reporting to CAFIU

There are two distinct reporting duties:

(a) Cash transaction reports. Any cash transaction at or above the threshold  of KHR40,000 or foreign currency equivalent, must be reported, including several connected cash transactions whose combined total value exceeds the threshold.

(b) Suspicious transaction reports (STRs). Where a reporting entity suspects, or has reasonable grounds to suspect, that funds are the proceeds of an offence or are related to the financing of terrorism, it shall promptly, within 24 hours, report such suspicions" to CAFIU. This duty applies irrespective of the amount and irrespective of whether a cash transaction report has already been filed.

Once a report has been made, the reporting entity must supply any further information requested by CAFIU or by a law enforcement agency investigating the matter. CAFIU may also direct an entity not to proceed with a transaction for a period not exceeding 48 hours while it makes inquiries.

3. What are the legal consequences of non-compliance?

A reporting entity that fails to comply with the AML Law may face administrative measures, financial sanctions, and, in certain cases, criminal liability, depending on the nature and seriousness of the violation.

πŸŸ₯Administrative measures: imposed by supervisory authorities, which include: a warning, reprimand, prohibition or limitation on conducting transactions for a set period, revocation of the business license, demotion of relevant officers or directors.

πŸ’°Financial Sanctions: imposed under Prakas No. T12. 020. 024 of the National Bank of Cambodia on Imposing Financial Disciplinary Sanctions against Reporting Entities who Fail to Comply with laws and regulations on Anti-Money Laundering and Combating the Financing of Terrorism. The Prakas complements the AML Law by prescribing specific monetary penalties for failures to comply with AML Law, which include financial sanctions for failures relating to customer due diligence, record keeping, internal controls, employee training, reporting obligations, and other compliance requirements.

πŸš”Criminal sanctions: imposable when the non-compliance constitutes an offence under the AML Law, such as money laundering, terrorist financing, tipping-off, or obstruction of enforcement. The responsible individuals or entities may also face criminal penalties, including fines and/or imprisonment

For examples:

  • Tipping off carries 1 month to 1 year imprisonment and a fine of KHR 50 million to 200 million for individuals.

  • An individual convicted for terrorist financing faces 10 to 20 years imprisonment, while a legal entity faces a fine of KHR 1 billion to KHR 2 billion.

4. What measures should reporting entities implement to ensure compliance?

Article 16 of the AML Law requires reporting entities to develop programs for the prevention of money laundering and financing of terrorism in accordance with a directive issued by the CAFIU. This is a structural obligation. An entity that falls within the definition of β€œreporting entities” that has never encountered a suspicious transaction is still in breach if it has no programme in place.

The AML Law sets out 4 mandatory components, which should be read as the minimum foundation rather than a complete obligation:

πŸ“ƒ Internal policies, procedures and controls

Reporting entities must establish internal policies, procedures and controls, including appropriate compliance arrangements and adequate screening procedures to ensure high standards when hiring employees.

The employee-screening requirement is easily overlooked. The reasoning behind it is that AML controls are only as strong as the people operating them.

Reporting entities must also ensure an understanding of their own money laundering and terrorist financing risks and establish appropriate internal control systems for managing and mitigating them.

πŸ‘©πŸ½β€πŸ’ΌDesignation of a compliance officer

A compliance officer must be designated at senior management level.

The officer must be a senior officer with relevant qualifications and experience sufficient to enable them to respond adequately to enquiries relating to the reporting entity and the conduct of its business. Their responsibilities include, at a minimum:

  • establishing and maintaining internal policies, procedures and the manual of compliance;

  • ensuring compliance by staff with the AML Law and with those internal policies; and

  • acting as the liaison between the reporting entity and the CAFIU on compliance matters.

πŸ‘©πŸ½β€πŸ« Ongoing training

Reporting entities must provide ongoing training for officers or employees. Staff must be equipped to recognise suspicious activity as it arises, to escalate it through the correct internal channel, and to understand that the customer must not be alerted.

Training should be tailored to role. Staff who deal directly with customers face different risks from those who approve transactions or those who manage the business.

βœ”οΈ Internal audit

Finally, there must be an internal audit function to check compliance with and effectiveness of the measures taken to apply the AML Law. The audit function exists to test whether the controls actually work, not merely whether the internal policies and procedures are being followed.

Separately, supervisory authorities are required to ensure that the management and shareholders of reporting entities are fit and proper, so as to prevent criminals and their associates from holding a significant or controlling interest or a management function.

⭐A practical sequence

For a business that has only recently recognised it is a reporting entity should minimally consider the following:

  • Establish which of the Article 4 categories applies, and for professionals such as lawyers, notaries, accountants, auditors, investment advisors and asset managers which of the Article 5 activities the firm actually performs.

  • Conduct a risk assessment of its business and the existing AML-related process. Without it, an entity cannot know whether enhanced or simplified measures are appropriate.

  • Appoint the compliance officer. This person will oversee the remaining steps.

  • Document policies and procedures, including CDD, record retention, reporting and employee screening.

  • Train staff, and schedule continuous refresher training.

  • Establish the internal audit function and review the programme periodically as the business changes.

  • Monitor CAFIU directives. The AML Law leaves a number of key operational details to be set by directive thresholds, the requirements for enhanced and simplified due diligence, risk assessment methodology, and countermeasures for high-risk foreign jurisdictions. These are subject to change from time to time so entities shall ensure consistency in law compliance.

The information in this article reflects the law as at the date of publication and is for general reference only. It does not constitute comprehensive legal advice. If you need further guidance, feel free to reach out to us at connect@vlplaw.co.

Next
Next

VLP Legal Press #35: Law on Competition – Agreements Which Prevents, Restrict or Distort Competition