9.       Obligations of specified party

          (1) A specified party shall-

    (a)     implement and maintain a customer acceptance policy, internal rules, programmes, policies, procedures or such controls as may be prescribed to protect its system from financial offences;

    (b)     designate compliance officers at the management level who will be in charge of the implementation of internal programmes and procedures, including maintenance of records and reporting of suspicious transactions;

    (c)     ensure that a compliance officer designated under paragraph (b) has at all times, timely access to customer identification data, transaction records and other relevant information;

    (d)     implement and maintain compliance programmes;and

    (e)     develop and maintain audit functions to evaluate any policies,  procedures and controls developed in accordance with this section to ensure compliance with measures taken by the specified party to comply with the Act and the effectiveness of those measures.

          (2) For the purposes of subsection (1)-

    (a)     programmes referred to in subsection (1)shall be consistent with instructions, guidelines or recommendations issued under section 27 (1)(b) and may include-

         (i)       the establishment of procedures to ensure high standards of integrity of employees and a system to evaluate the personal, employment and financial history of employees;

         (ii)       on-going employee training programme with regard to the specified party's obligations under this Act;

        (iii)       an independent audit function to check compliance with programmes; and

    (b)     the internal rules referred to in subsection (1) shall be consistent with prescribed requirements and be made available to all employees of the specified party and shall include-

         (i)       the information the record of which is required to be kept under this Part;

         (ii)       identification of reportable transactions;and

        (iii)       training of employees of the specified party to recognise financial offences.

          (3) A specified party that fails to take such measures as are reasonably necessary to ensure that neither it nor a service offered by it, is capable of being used by a person to commit or to facilitate the commission of a financial offence shall be liable to a fine not exceeding P100 000 as may be imposed by a supervisory authority.

10.     Identification of customers

          (1) A specified party shall not establish a business relationship or conclude a transaction with a customer unless the specified party has undertaken due diligence measures and such other steps as may be prescribed-

    (a)     to establish and verify the identity of the customer;

    (b)     if the customer is acting on behalf of another person, to establish-

         (i)       the identity of that other person,

         (ii)       the customer's authority to establish the business relationship or to conclude a transaction on behalf of that other person;

    (c)     if another person is acting on behalf of the customer, to establish and verify-

         (i)       the identity of the customer;and

         (ii)       that other person's authority to act on behalf of the customer.

          (2) Where a specified party had established a business relationship with a customer before the coming into force of this Act, the specified party shall not conclude a transaction in the course of that relationship unless it has complied with subsection (1).

          (3) Proof of identity of a customer under this section shall be through the production of a National Identity Card for citizens and a passport for non citizens.

          (4) A person who transacts business with a specified party using false identification documents shall be guilty of an offence and liable to a fine not exceeding P100 000 or to imprisonment for a term not exceeding five years or to both.

          (5) A specified party that contravenes a provision of this section shall be liable to such fine not exceeding P250 000 as may be imposed by the supervisory authority.

11.     Keeping of records

          (1) Where a specified party establishes a business relationship or concludes a transaction with a customer, the specified party shall maintain records of-

    (a)     the identity of the customer;

    (b)     if the customer is acting on behalf of another person-

         (i)       the identity of the person on whose behalf the customer is acting, and

         (ii)       the customer's authority to act on behalf of that other person;

    (c)     if another person is acting on behalf of the customer-

         (i)       the identity of that other person, and

         (ii)       that other person's authority to act on behalf of the customer;

    (d)     the manner in which the identities of the persons referred to in paragraphs (a), (b) and (c) were established;

    (e)     the nature of the business relationship or transaction;

    (f)      the amount involved in the transaction and the parties to the transaction;

    (g)     all accounts that are involved in a transaction concluded by a specified party in the course of a business relationship or single transaction;

    (h)     the name of the person who obtained the information referred to under paragraphs (a), (b) and (c) on behalf of the specified party; and

    (i)      any document or copy of a document obtained by the specified party in order to verify a person's identity.

          (2) Records kept in terms of subsection (1) may be kept in electronic form.

12.     Period records to be kept

          (1) Aspecified party shall keep records referred to under section 11 for at least five years from the date a transaction is concluded.

          (2) Notwithstanding the generality of subsection (1), an investigatory authority may by request in writing, require a specified party to keep and maintain a record referred to under section 11 for such longer period as may be specified in the request.

13.     Records kept by third party

          (1) The duty imposed under section 11 on a specified party may be performed by a third party on behalf of the specified party.

          (2) Where a specified party appoints a third party to perform duties imposed under section11, the specified party shall forthwith provide the Agency with such particulars of the third party as may be prescribed.

          (3) Where a third party fails to perform the duties imposed under section 11, the specified party shall be liable for the failure.

14.     Admissibility of electronic records

          An electronic record kept in accordance with section 11 shall be admissible as evidence in court.

15.     Offences relating to records

          (1) A specified party that fails to keep records in accordance with sections 11 and 12 shall be liable to a fine not exceeding P100 000 as may be imposed by the supervisory authority.

          (2) A person who destroys or removes any record, register or document kept in accordance with this Part shall be guilty of an offence and liable to a fine not exceeding P100 000 or to imprisonment for a term not exceeding five years or to both.

16.     Access to records of specified party

          (1) An examiner of the Agency or supervisory authority shall have access to any record kept in accordance with section 11 and may make extracts from or copies of any such records.

          (2) The Agency or a supervisory authority, may at any time cause to be carried out on the business premises of a specified party an examination and an audit of its books and records to check whether the specified party is complying with the requirements of this Act, or any guidelines, instructions or recommendations issued under this Act.

          (3) For the purposes of subsection (2), an examiner may-

    (a)     by request in writing or orally require the specified party or any other person whom the Agency or supervisory authority reasonably believes has in its possession or control a document or any other information that may be relevant to the examination to produce the document or furnish the information as specified in the request;

    (b)     examine, and make copies of or take extracts from, any document or thing that he considers may be relevant to the examination;

    (c)     retain any document it deems necessary; and

    (d)     orally or in writing, require a person who is or apparently is an officer or employee of the specified party to give information about any document that an examiner considers may be relevant to the examination.

          (4) The specified party, its officers and employees shall give the examiner full and free access to the records and other documents of the specified party as may be reasonably required for the examination.

          (5) Any person who-

    (a)     intentionally obstructs the examiner in the performance of any of his duties under this section;or

    (b)     fails, without reasonable excuse, to comply with a request of the examiner in the performance of the examiner's duties under this section,

shall be guilty of an offence and liable to a fine not exceeding P100 000 or to imprisonment for a term not exceeding five years or to both.

          (6) For the purposes of this section, an "examiner" means a person designated as such in writing by the Agency or the supervisory authority.

          (7) Notwithstanding the provisions of subsections (1)to (6), an authorised officer of an investigatory authority may apply to court for a warrant to exercise powers set out under this section.

          (8) The court shall issue a warrant under subsection (7)where it is satisfied, from information on oath or affirmation, that there are reasonable grounds to believe that the records may assist the investigatory authority to prove the commission of a financial offence.