The deadline for adopting internal rules on money laundering and terrorist financing control and prevention is August 21, 2020 at 24:00h. In accordance with the Measures Against Money Laundering Act (“MAMLA”), a wide range of entities are obliged to introduce clear measures in fulfillment of the international requirements for money laundering prevention.
The initial deadline was June 9, 2020, six months after the publication of the results of the National Risk Assessment on the website of the State Agency for National Security (SANS).
However, in light of the state of emergency declared in Bulgaria, some terms have been suspended, including the one for the adoption of internal rules for control and prevention of money laundering and terrorist financing On 14.05.2020, the Amending and Supplementing Act of the Bulgarian Health Act (“ASAHA”) entered into force. Pursuant to §13 of the Transitional and Final Provisions of the ASAHA, terms which were suspended during the state of emergency, begin to run within 7 days of the promulgation of the ASAHA.
Therefore, the deadline for adopting internal rules against money laundering expires on 21 August 2020 at 24:00h.
For non-profit legal persons:
- which do not simultaneously fall into another category of persons under Art. 4 MAMLA, and
- which have an annual turnover of over BGN 20,000 and
- for which an obligation has emerged to prepare a risk assessment on the basis of the risk assessment criteria, prepared and published by the SANS,
the term for adoption of the internal rules expires on September 13, 2020 at 24.00h.
The internal rules for money laundering and terrorist financing control and prevention should define:
1. clear criteria for recognising suspicious operations or transactions and customers;
2. the procedure for the use of technical means for the purpose of prevention and detection of money laundering and terrorist financing;
3. a system for internal control over the fulfillment of obligations established in the MAMLA, and its implementing acts;
4. the possibility of an internal audit review, where the person referred to in Article 4 of the MAMLA has established such an audit function, to test and evaluate the rules, procedures and requirements;
5. the possibility of an independent audit to test and evaluate the rules, procedures and requirements, where appropriate in view of the size and nature of the business of the person referred to in Article 4 of the MAMLA;
6. an internal system for determining customers who are politically exposed persons (PEPs) or who are closely linked to any PEPs;
7. internal system for risk assessment and for determining the risk profile of customers;
8. corresponding to the nature and the size of the business activity of the person, referred to in Article 4 of the MAMLA, policies, controls and procedures to effectively mitigate and manage the money laundering and terrorism financing risks, identified at EU level, at national level and at the level of the obliged entity;
9. rules and organisation for clarifying the sources of funds and assets;
10. the terms and procedure for the collection, retention and disclosure of information;
11. the time intervals over which the databases and customer dossiers are reviewed and updated to comply with Articles 15 and 16 of the MAMLA, taking into account the level of risk for customers and business relationships identified and documented according to the procedure established by Article 98 of the MAMLA;
12. the designation of responsibilities for the application of:
- the anti-money laundering measures between the branches of the person under Article 4 of the MAMLA and
- the measures that include risk assessment procedures with respect to branches and subsidiaries, if any, under the terms established by Article 7 of the MAMLA;
13. the rules on the organisation and operation of the specialised service as per Article 106 of the MAMLA, as well as the rules on the training of employees in the specialised service;
14. rules on the training of the rest of the employees;
15. the distribution of responsibilities among the representatives and employees of the person referred to in Article 4 of the MAMLA for the fulfillment of the obligations established in this Act, and its implementing acts, as well as contact details of the person referred to in Article 4 and of its representatives and employees for the purposes of this Act;
16. corresponding to the nature and the size of the business activity of the person, referred to in Article 4 of the MAMLA, a procedure for anonymous and independent internal reporting by employees of breaches of the Act and its implementing acts;
17. the assessment referred to in Article 98 (4) of the MAMLA;
18. other rules, procedures and requirements in accordance with the specifics of the activities of the person referred to in Article 4 of the MAMLA.
The Financial Intelligence Directorate of SANS is to prepare and publish model internal rules for some categories of obliged persons.
According to changes in the MAMLA from May 2019, once adopted, the internal rules should not be sent to SANS.
In addition, on May 7, 2020, the European Commission adopted a new delegated regulation, which amends Delegated Regulation (EU) 2016/1675 concerning high-risk third countries with strategic deficiencies in their anti-money laundering regimes, which pose a serious threat to the European Union's financial system. The delegated regulation, supplemented the list of jurisdictions with strategic deficiencies in their systems: Afghanistan, the Bahamas, Barbados, Botswana, Cambodia, North Korea, Ghana, Iran, Iraq, Jamaica, Mauritius, Mongolia, Myanmar, Nicaragua, Pakistan, Panama, Trinidad and Tobago, Uganda, Vanuatu, Yemen and Zimbabwe. According to Art. 46 of the MAMLA, the persons bound by the Act should apply enhanced customer due diligence measures in relation to operations and transactions with persons from countries like aforementioned, which do not apply the international standards against money laundering and terrorist financing.