The Code of Criminal Law (Penal Code) of Curacao lays down the procedures for the prosecution of a money laundering offence as well as the measures for the confiscation of property upon a conviction of money laundering, measures for the freezing of assets when a person is charged with an offence of money laundering and measures for the issuance of an investigation and/or attachment order when a person is suspected of having committed an offence of money laundering.
The policies and procedures in this Manual aim to comply with both the rules and guidance contained in the NOPML, the NORUT and the NOIS which regulations themselves are referring to the Penal Code. In addition to these regulations the Central Bank of Curacao and Sint Maarten has introduced a comprehensive framework with provisions and guidelines to prevent and combat money laundering and terrorist financing (hereinafter: the “Provisions and Guidelines” or “P&G”). Curaçao – as a member of the FATF – has based these Provisions and Guidelines on, among others, the FATF recommendations.
Both the NORUT and the NOIS are applicable on entities which are offering the possibility to take part in offshore hazard games (online gambling) in or out of Curaçao which is the case for the Company. The NOIS prohibits subject persons from forming a business relationship or carrying out an occasional transaction with an applicant for business unless said subject person maintains the following measures and procedures established in relation to that business in accordance with the provisions of the NOIS:
- customer due diligence measures;
- record-keeping procedures; and
- internal reporting procedures.
The Company is obliged to apply the above measures and procedures including the cases when entering into or undertaking non-face-to-face relationships or transactions directly or indirectly through its affiliated group Company.
The Company is also obliged to ensure that employees are made aware of applicable AML/CFT legislation as well as the subject person’s policies and measures in this regard. Employees must undergo appropriate due diligence procedures prior to their engagement and are also expected to be provided with training regarding the recognition and handling of transactions carried out by, or on behalf of, any person who may have been, is, or appears to be engaged in money laundering or the funding of terrorism.
- a clear statement of the culture and values adopted towards the prevention of financial crime;
- a commitment to ensuring that identity will be satisfactorily verified in all cases and in a risk-based manner, before applicants for business are accepted as clients;
- a commitment to ongoing customer due diligence throughout the business relationship;
- a commitment to ensuring that staff are trained and aware of the law, their legal obligations, and how to meet those obligations
- a clear allocation of roles, responsibilities and organizational structure, and recognition of the importance of staff promptly reporting their suspicions internally
AML risk factors
An AML business risk assessment overview will be maintained in order to allocate and track the components of the separate risk classifications.
- Customer risk
- Interface risk
The Implementing Procedures state that the purpose of the risk-assessment procedures is to enable the Company to be in a position to identify and assess the ML/FT risks that the subject person is or may become exposed to and thereby determine:
- Whether the application of enhanced due diligence is necessary;
- The point in time when the application of customer due diligence in accordance with the NOIS to existing customers is to be carried out; and
- Whether a customer presents a low risk of ML/FT for the purposes of delaying the performance of verification proceedings to after the commencement of a business relationship
Risk assessment for the Company is carried out on at on-boarding stage (prior to engagement) and subsequently at periodic monthly intervals.
Customers of the Company are subject to risk-based initial and ongoing due diligence procedures.
Initial due diligence seeks to obtain the identity of the customer and verify the identity prior to the establishment of the business relationship.
Information on the purpose and intended nature of the business relationship, is also obtained, such that the Company is able to establish the business and risk profile of the customer and to accept or reject a client. Ongoing procedures ensure that the initial due diligence information remains up-to-date.
The risk-based approach to the prevention of financial crime is reflected in the approach to the operation and development of the systems and controls designed to minimize the risk of the Mirage Corporation being used for the purposes of financial crime. Risk is central to the development of the business, new products, development of product functionality or the operation in new markets.
Financial crime risk assessment
Financial crime risk assessments are undertaken on an ongoing basis, and in particular, applied when the business environment changes through, for example:
- Entry into new markets; and
The results of the financial crime risk assessment will be used to support the development of appropriate systems and controls (policies and procedures) designed to minimize the risk of being used for the purposes of financial crime. Developments will be reported to the Board.
We seek to minimize the opportunities for carrying out financial crime, i.e., money laundering or funding of terrorism, and to then address and mitigate any risks.
Internal controls focus on:
- Due diligence of clients, including levels of enhanced due diligence based on risk assessments of each customer;
- Assessing risks and setting out measures to mitigate the said risks;
- Monitoring key risk factors for reassessing a specific customer’s risk;
- Financial crime systems and controls will continue to be developed over time in order to adequately address the changing risk environment.
Existing systems and controls will be reviewed and where necessary amended to reflect changes in assessed risk and identified vulnerabilities.
The Provisions and Guidelines state that it is essential that the controls to manage and mitigate the identified risks are constantly monitored. This should be done so that in the event of a change in circumstances, which might mitigate or exacerbate a particular risk, the respective control is modified accordingly.