The attention of Banks, Finance and Leasing Companies (FLCs), Money Exchange Establishments (MEEs) and Payment Service Providers (PSPs) is drawn to the guidelines on Off-site Surveillance Framework of Anti-Money Laundering and Combating the Financing of Terrorism issued by CBO. In this regard, AML/ CFT Data Collection Returns and Controls Questionnaire must be completed and submitted using the STRIX solution (Software tool acquired by CBO for automation of entire process).
This system enables CBO to produce Sectoral Risk Assessment for money laundering and terrorist financing. Financial Institutions/Reported entities must under no circumstances used STRIX for any purpose other than completing the periodic surveys/questionnaires (Data Collection and Control questionnaires). Reported entities should be aware of the security risks involved in using the internet, and are responsible for their internet connection and their computer hardware. As a minimum requirement, reported entities must have an up-to-date antivirus software, operating system, and browser, in order to alert CBO to any damage relating to non-secure use of STRIX.
Reported entities are solely liable for the use of their strictly confidential access credentials, the completion of their surveys, and more generally their use of STRIX solution. Any action that could damage, overload, modify, copy, disable, or cause the STRIX solution to fail, is prohibited.
All financial institutions are advised to ensure accuracy, completion and timely submission of the information in order to avoid any regulatory action by CBO.
CBO accepts no liability for any damage or loss sustained by reported entities as a result of a breach or modification of their confidential information when accessing or completing the periodic surveys, or any damage that may occur in the event that STRIX is maliciously accessed, used, or compromised by a third party. Consequently, CBO cannot be held liable to repair any direct or indirect damage or loss, of a commercial or other nature, or any effects arising from erroneous, fraudulent, or obsolete information.
No claim of any kind whatsoever may be made against CBO in the event that the STRIX solution is unavailable or inaccessible.
Reported entities undertake to be vigilant and to inform CBO immediately and by any means, upon becoming aware of any malfunction, intrusion, data loss, vulnerability, or irregularity which may or does alter the STRIX solution.
They undertake not to breach any legal or regulatory provisions. Any attempt to commit fraud or any infringement of any kind shall be considered grounds for prosecution.
All licensed institutions are advised to comply with the requirement and ensure accuracy and timely submission of the information in order to avoid any regulatory action.