FAQ
FAQ

Where can I view the public information about my registered or regulated status?
The AFSA maintains and publishes a Public Register of current and past grants of withdrawals and suspensions of licences and authorisations of all Registered Entities, Authorised Firms, Authorised Market Institutions (AMI), Ancillary Service Providers, Recognised Non-AIFC Members, Special Purpose Companies and FinTech Lab Participants. The public register is published on the AFSA website www.afsa.kz > Public Register > Firms.
What provisions are mandatory for AIFC Participants’ internal document on AML matters?
AIFC AML Rules set forth minimum standards for participant’s internal documents regulating AML/CFT. Internal control rules should include: (i) appropriate representation of AML compliance function in the management, organisation of internal control system on AML matters; (ii) risk management programme (BRA, CRA); (iii) customer identification programme (KYC/CDD); (iv) transaction monitoring and reviewing; (v) employee training and awareness programme; (vi) adequate screening procedures to ensure high standards when hiring employees (Know Your Employee); (vii) independent audit function to test the system.
What law are AFSA participants subject to in terms of AML/CFT - AIFC AML Rules or Kazakhstan's Law on AML/CFT?
Both. All AIFC Participants whose activities are subject to financial monitoring are required to comply with the Law of the Republic of Kazakhstan on AML/CFT, as well as the AIFC AML/CFT and Sanctions Rules. On the territory of the AIFC, the requirements of the laws of the Republic of Kazakhstan are applied to the extent not regulated by AIFC Acts or the Constitutional Law of the Republic of Kazakhstan.
Is there any requirement to conduct AML audit and how frequent should it be
Participants should ensure regular reviews and assessments of the effectiveness of AML policies, procedures, systems, controls, and audits on compliance with AIFC AML Rules. Such audits may be conducted by an internal audit function or externally by a competent firm at least once in two years.
Does the Person responsible for AML matters have to be registered or approved?
Yes, such function should be approved and according to GEN 2.1.1, the MLRO position is to be filled by Approved Individuals and it is a Controlled Function.
What is the reason behind the AIFC AML framework within a FinTech company prohibiting operations with cash?
The reason is not regarding FinTech companies only, but this is the general approach to limit the turnover of cash in the AIFC. The outcomes of National Risk Assessment and international regulatory bodies (FATF, FCA, Egmont) have identified that cash transactions present increased risks of facilitation of the laundering of illicit funds because it is anonymous and is difficult to trace. Cash is a bearer negotiable instrument that gives no details either on the origin of the proceeds or the beneficiary of the exchange. Business operations specific to cash-intensive businesses present specific risks associated with the following misconduct: a) laundering large amounts of cash, which are proceeds of criminal activity, by claiming that the funds originate from economic activities, b) laundering proceeds of criminal activity, by justifying its origin based on fictitious economic activities (both for goods and services), and c) financing, through often small amounts of cash, terrorist activities without any traceability. The AFSA expects that Relevant Persons should refrain or limit from employing cash-based operations in or from AIFC.
Can you clarify the relationship between Kazakhstan's Law on AML\CFT (including orders) and AIFC AML Rules and Practical Guidelines?
Astana International Financial Centre (hereinafter Centre or the AIFC) is a defined territory within the city of Astana, which has a special legal framework for the financial sphere. This legal framework is a distinctive feature of the Centre and gives the bodies of AIFC an authority to adopt the AIFC Acts based on the principles, legislation and precedents of the law of England and Wales and/or on the standards of leading global financial centres. In addition, the AIFC territory is also subject to the legislation of the Republic of Kazakhstan, which is applied in the part not regulated by the Constitutional Law or acts adopted by the AIFC. Thus, in terms of countering money laundering (legalization) of criminal proceeds and financing of terrorism(AML/CFT), the respectiveLaw of the Republic of Kazakhstan is in force on the territory of the AIFC, but at the same time a number of regulatory acts regulating activities of AIFC Participants have also been developed and implemented in order to comply with AML/CFT requirements based on the best practices of global financial centres and international standards. Relevant persons shall comply with AIFC AML Rules, while in any parts that are not regulated by AIFC AML Rules the Persons shall comply with Kazakhstan's AML/CFT Law. Practical Guidance to AIFC AML/CFT framework serves as support to understand the requirements of AIFC AML framework.
How can an efficient organisational structure be established, and how should responsibilities be divided within the company? Who should assume the ultimate responsibility for AML Regime violations?
The ultimate responsibility for violations of the AML regime lies with the company's senior management. The MLRO, in turn, is responsible for operational activities and implementation of effective internal controls in the field of AML/CFT. The most efficient structure in terms of functions and disseminating duties is when three lines of defence are stipulated in the system of internal control. Three lines of defence model gives an overview roles and responsibilities for internal control and risk assessment in a simple and effective manner. Even in small organisations where there is no formal structure or risk management system, the model can help improve the efficiency and understanding of corporate risk exposure and internal control. The model provides a description of the organisation's control structure and distinguishes three groups (or areas) that are involved in effective internal control and risk management: • The First Line of Defence is the process owners who manage the business risks in the organization’s processes. It owns the risk and is accountable for the design and execution of the organisation’s internal controls - “Risk ownership” (client facing divisions, front office) • The second line is designed to support management and provide additional expertise and knowledge, process excellence and monitoring to ensure effective risk and control management. Its activities are separate from the First Line of Defence and are partially independent (like MLRO as regards STR and TTR) but they still report functionally to Senior Management (or Special Committee in Board). – “Risk Control”. • The third line, which is internal audit, provides senior management and the Board with assurances of the effectiveness of the First and Second lines. The Third line is not allowed to perform managerial functions to protect their objectivity and independence. It has direct reporting to the BOD. It is important to know that the functions of the second and third line of defence must operate independently of the lines they control. In other words, they should not perform tasks that are the responsibility of the first line. On the contrary, they should check and monitor the implementation of tasks in accordance with external and internal rules and regulations.
Can a compliance officer be additionally appointed as an auditor within the same licenced firm?
It is not recommended to combine second and third lines of defence so that it does not negatively impact the results of the assessment of AML/CFT systems and controls from the audit perspective.
A client has requested us to provide them the services for AML Compliance, so we need to do a revision on how the Client complies with AML law. The question is the following: do we need a licence in order to provide such services since we only have a licence to provide audit services?
There is no specific licence for carrying out an AML audit. Nevertheless, it is recommended using Practical Guidance to AIFC AML/CFT framework and particular Annex 7 which contains the information regarding AML audit and AFSA's requirements and expectations to the quality and scope of the AML audit. Practical Guidance to AIFC Anti-Money Laundering and Counter – Terrorist Financing Framework (myafsa.com)
What is the difference between AML Policy and AML Procedures? Are applicants required to develop both?
Policy is a high-level document, which may contain general description of developed and implemented AML programmes. Procedures serve as a detailed instruction for internal use. Procedures may also be interpreted as internal control rules for AML matters and should contain full description of all mandatory programmes and respective measures, processes and controls implemented in the company. AIFC AML Rules set forth minimum standards for participant’s internal documents regulating AML/CFT. Internal control rules should include: (i) appropriate representation of AML compliance function in the management, organisation of internal control system on AML matters; (ii) risk management programme (BRA, CRA); (iii) customer identification programme (KYC/CDD); (iv) transaction monitoring and reviewing; (v) employees training and awareness programme; (vi) adequate screening procedures to ensure high standards when hiring employees (Know Your Employee); (vii) independent audit function to test the system.
Which authority serves as FIU for the AIFC Participants?
FIU - national centre for the receipt and analysis of: (a) suspicious transaction reports; and (b) other information relevant to money laundering, associated predicate offences and terrorist financing, and for the dissemination of the results of that analysis. FIU in Kazakhstan is the Agency of Financial Monitoring
What type of AML returns should be submitted and how often?
A Relevant Person must complete AFSA's AML Return form on an annual basis and submit such form to AFSA within two months after the end of each year; you can find the form here (AFSA Annual AML Return Form.docx (live.com)
Can a firm be relieved of AML obligations on monitoring for suspicious activities?
If a firm is considered as obliged entity (Relevant Person), it cannot be relieved of Anti-Money Laundering (AML) obligations on monitoring for threshold transactions and suspicious activities. AML obligations require firms to have robust compliance cultures, governance, and risk management programme. The firm's senior management is expected to hold prioritise AML/CFT as a top priority and demonstrate a commitment to adhering to AML obligations. The firm must establish and maintain effective internal controls, including monitoring systems, to detect and report potentially suspicious activity. Failure to comply with AML obligations or intentional violations may result in regulatory penalties, reputational damage and even criminal liability. Therefore, firms are expected to fulfil their AML obligations and actively monitor for threshold and suspicious transactions.
Can you clarify the distinctions between AFSA AML supervision and Kazakhstan FIU Supervision, and specify which state authority authorised individuals must report to?
AFSA is responsible for Anti-Money Laundering supervision in the AIFC. AFSA oversees the compliance of Relevant Persons (financial institutions) with AML/CFT obligations, including the efficiency of their reporting of suspicious/threshold transactions and maintaining effective internal controls. The Kazakhstan FIU (Financial Intelligence Unit) is responsible for AML supervision at the national level in Kazakhstan. They receive and analyse Suspicious Transactions Reports (STRs) and Threshold Transaction Reports (TTRs) and disseminate intelligence date to relevant authorities, if needed. In terms of reporting obligations, MLRO must report information relating to money laundering to the FIU, which is responsible for receiving STRs/TTRs and other relevant reports at the national level. After the STR/TTR was reported to FIU, AFSA should be notified on the case. It is acceptable to provide this information to AFSA not on a case-by case basis, but by accumulating a series of cases over a certain period of time.
How frequently should ongoing training for appropriate personnel be done?
Relevant Persons should take a risk based approach to AML training. AML training should be provided by a Relevant Person to each of its relevant employees at intervals appropriate to the role and responsibilities of the employee. In the case of an Authorised Firm, training should be provided to each relevant employee at least annually. In addition, it is expected by AFSA that all new employees of AIFC Participants undergo relevant trainings upon commencing employment with the Participant.
What are the minimal requirements for MLRO appointment?
When appointing the MLRO, it is strongly recommended to consider that the candidate has at least two years of work experience in the field of AML/CFT, certificates of continuous studying in the field of AML/CFT. In the absence of the specified work experience, it is important to pay attention to certificates of training for AML/CFT purposes, which are not older than 2 years, and include theoretical and practical parts as well as the results of final tests. In addition, for candidates for CO and MLRO positions an impeccable business reputation is crucial. For more detailed information please also use Practical Guidance to AIFC Anti-Money Laundering and Counter – Terrorist Financing Framework (myafsa.com)
Is the MLRO required to approve the STR or TTR reports with senior management?
No. MLRO must have such level of seniority and independence within the Relevant Person which enables him/her to act on his/her own authority and to act independently in carrying out his/her responsibility on reporting.
What specific AML certifications are required for individuals holding the MLRO position?
By choosing the courses or certification programmes for AML/CFT matters, it is recommended to focus on those that offer both theoretical and practical workshops or masterclasses for MLROs in obliged entities. It is important that the course also contains final testing. The results of testing demonstrate the level of dedication of candidate and confirm their acquired knowledge and understanding. It is preferable when the course providers have tutors or lecturers certified by international professional programmes (like ACAMS, ICA, ACFCS or the equivalent of such)
Is there an option to combine the responsibilities of MLRO and Compliance Officer?
Yes. Given the nature, complexity, scale and money laundering risks of the activities of the firm’s business, some companies may decide to combine two functions in one position. Depending on the circumstances of each company, a decision may be made to organise these functions (combine or separate). It is important, however, that whoever performs the compliance function, MLRO must devote sufficient time to the role. Candidates who only intend to spend a few hours a week on this will usually fail, if they do not consider company’s exact needs. Many large companies have 2 staff members who are responsible for these functions. In those cases, the compliance officer monitors the activities of the MLRO, since the risks of the AML/CFT are part of the compliance system. Smaller companies may offer a combination of functions. Sometimes it may be the case that a company hires an MLRO to perform this role on a part-time basis - and AFSA sometimes agrees to this - but it is important that their commitment to this role must be proportionate and sufficient. If the proposed Chief Compliance Officer or MLRO serves in another role within or outside the firm, any conflicts of interest must be understood and addressed. For example, successful candidates will typically be independent of the customer facing side of the business, as one of their responsibilities will be to oversee the customer facing business and make the decision to accept the client.
What MLRO Certification in KZ is acknowledged by the AIFC? What are the minimum requirements for courses?
By choosing the courses or certification programmes for AML/CFT matters, it is recommended to focus on those that offer both theoretical and practical workshops or masterclasses for MLROs in obliged entities. It is important that the course also contains final testing. The results of testing demonstrate the level of dedication of candidate, confirm their acquired knowledge and understanding. It is preferable when the course providers have tutors or lecturers certified by international professional programs (like ACAMS, ICA, ACFCS or analogy)
How critical is the requirement to appoint a Deputy MLRO?
It is a mandatory requirement. A Relevant Person should make adequate arrangements to ensure that it remains in compliance with AIFC AML/CFT and Sanctions Rules in the event that its MLRO is absent. Adequate arrangements would include appointing a temporary (deputy) MLRO for the period of the MLRO's absence or making sure that the Relevant Person’s AML systems and controls allow it to continue to comply with the Rules when the MLRO is absent.
What does RBA stand for and what are the main takeaways of RBA for AIFC Participants?
Risk-based approach or RBA. Obliged entities should identify, assess, and understand the money laundering, terrorist financing and sanctions risks they face. They should take appropriate measures to mitigate the identified risks. The risk-based approach allows to allocate limited resources in a targeted manner in line with specific circumstances to increase the efficiency of preventive measures. Certain aspects of a financial organisation’s business pose greater money laundering risks than others and therefore require additional controls to mitigate those risks. Other aspects of business present a minimal risk and do not need the same level of attention.
What does BURA stand for?
Business (enterprise-wide) risk assessment or BURA. In order to identify and assess the risks of money laundering a Relevant Person must conduct a business risk assessment. Before designing an AML/CFT programmes and developing the internal policies and procedures, it is imperative to understand what is required of a financial organisation, its employees, and customers according to the risk exposure. The Company should understand its vulnerabilities and threats. A risk-based approach requires financial organisations to implement systems and controls that are commensurate with the specific risks of money laundering and terrorist financing they can face. When assessing risk, it is recommended considering: • Customer risk factors, such as type of customers • Country or geographic/jurisdictional risks • Product, service, transaction, and delivery channel risk factors. Business risk assessment should be conducted regularly and the outcomes have to be provided to Senior Management.
What risk factors must be taken into account?
When assessing risk, it is recommended considering: • Customer risk factors, such as type and characteristics of customers • Country or geographic/jurisdictional risks • Product, service, transaction, and delivery channel risk factors
What does risk model mean?
Risk Model for AML matters denotes quantitative (numerical) and qualitative (hybrid) approach that aims to produce systematic risk assessments for the purpose of AML Risk understanding and management. RBA identifies, manages and analyses AML/CFT risks in order to develop and effectively implement appropriate procedures and controls. It is therefore critical that risk ratings accurately reflect existing risks, provide meaningful assessments leading to practical steps to reduce those risks, are reviewed periodically and, where necessary, regularly updated. The risk-based analysis should include, among other things, relevant inherent and residual risks at the country, industry, entity itself and business relationship levels. Inherent risks represent the level of risks that exist in the absence of controls, however, residual risks are the amount of risks that remains after controls are applied. As a result of this analysis, the Relevant Person should develop a thorough understanding of the risks inherent in its customer base, products, delivery channels, services offered (including new services/products offered), and the jurisdictions in which it and its customers do business or territories where they are registered. This understanding should be based on operational, transactional and other internal information collected by the organisation, as well as external reliable sources. When identifying all ML/TF risks, all relevant information must be considered. This typically requires the input of experts from the business, risk management, compliance / legal departments, as well as advice from external experts when necessary. Current and new business products and services should be assessed for vulnerability to money laundering and sanctions, and appropriate controls should be put in place before going life. There is also a growing number of useful ML/TF risk assessment guidelines available to the public that should be taken into account. For example, published by the FATF, FSRB, regulators and other agencies such as the UNODC, the IMF, the World Bank, as well as jurisdiction-specific information, advice and guidance. Risk is dynamic and requires constant management. It should also be noted that the environment in which every organisation operates is subject to constant change. Externally, political changes in a jurisdiction, as well as the introduction or lifting of economic sanctions, can affect a country's risk rating.
What is a risk scoring?
The risk assessment model uses numerical values to determine the risk category (geography, customer type, products, services, channels used) and the customer's overall risk. Each category can be scored differently, depending on the circumstances of each company's business. The general idea is that, for instance, if the scale is from 1 to 10, then 10 will correspond to the highest risk and 1 to the lowest (the same logic should be if the scale will be from 1 to 100). Individual categories can be scored: 1–3—"lower risk”, 4–7—"medium risk”, and 8–10—"high risk”, if the outcomes exceed the 10, it should be considered as prohibited or extremely high (intolerable). Such a model is particularly useful in risk analysis to help determine appropriate controls. These risk categories are then combined to produce a composite score. A simple model simply adds up the category totals, resulting in a score ranging. The model can be made more complex by weighting each of the factors and subfactors differently, for example by focusing more on customer type rather than to product or country. The model can be made even more complex, for example by creating combinations of factors that will determine the overall rating. The degree of complexity varies by organization; the more complex, the more likely the rating will reflect the real client's overall risk. If we take a simple three-element model (Customer type, product risk factor and country risk factor). Care must be taken to avoid inadvertently excluding any element that is different from the other elements. For example, if each item has a risk score of 3, the composite or cumulative score will be 9. However, if two of the three items have a score of 1 and the other has a score of 7, the composite risk score will also be 9. In this case, it is needed to determine how and in what way an item rated 7 should be mitigated. This may mean introducing much stricter controls or introducing some additional restrictions. It is crucial to understand that by combining categories, a customer's risk profile becomes clearer. For example, when you combine a product with a customer type, the combination can radically change the level of risk. For example, we have a small foreign private company, that registered less than year ago and has liaisons with offshore jurisdictions and about which you have little information, that wants to open account with money transfer capabilities. This client's ability to quickly transfer funds increases the level of risk as well as its connections to the offshore territories impacts the risk rating. A customer may also have a higher risk rating depending on geographic location, customer type, and products and services. Another example is a public domestic company with the decades of history and listed on a major stock exchange that wants to create a salary plan for its own employees in your financial institution. Public companies must provide extensive information to list on a major stock exchange. Moreover, salary plan accounts are not very vulnerable to money laundering. As a result, this customer and account will pose less risk than the foreign private company example. The next step is to determine what thresholds should be set for each risk category. The company must ensure that high-risk relationships do not form too large segment of the general customer portfolio; This is not to say that assessments should be tailored to a customer's portfolio, but rather that high-risk clients do require much more attention. Additionally, if a portfolio is too heavily weighted toward high risk, the overall level of risk in the organization may be too high and it should reconsider the concept of its business.
What is a "reasonable time" to verify customers' identities before or after the relationship with the customer is established.
Relevant Person should conduct KYC/CDD before establishing relationships with the customer. The inability to conduct KYC/CDD procedures should be a reason for not carrying out a transaction with or for the customer through a bank account or in cash, to not opening an account or otherwise provide any service; to not otherwise establish a business relationship or carry out any transactions; to terminate any existing business relationship with the customer; and considering whether the inability to conduct or complete CDD necessitates the making of a STR to the FIU. The reasonability depends on business specific. There is a difference between opening a checking account with a commercial bank and registering as a portfolio investor with an investment company. The goal is to understand whether the risks are acceptable before the client can operate.
What recordkeeping requirements are mandatory to be followed?
A Relevant Person must maintain a copy of all documents and information obtained in conducting initial and on-going KYC/CDD, all the supporting records (consisting of the original documents or certified copies) in respect of the customer business relationship, including transactions; STRs, TTRs and any relevant supporting documents and information, including internal findings and analysis; any relevant communications with the FIU; and results of risk assessments analysis. All documents must be maintained for at least six years from the date on which the notification or report was made, the business relationship ends, or the transaction is completed, whichever occurs last. For more detailed information please also use Practical Guidance to AIFC Anti-Money Laundering and Counter – Terrorist Financing Framework (myafsa.com)
How long must a firm retain customer identification records for?
A Participant must retain records of all of the identification information obtained from the customer, STRs, TTRs any relevant communications with the FIU and other information mentioned in the AIFC AML Rules 14.5 for at least 6 (six) years after the business relationship ends or the transaction is completed, whichever occurs last. For more detailed information, please also use: Practical Guidance to AIFC Anti-Money Laundering and Counter – Terrorist Financing Framework (myafsa.com)
Can the Relevant Person rely on third party for the on-going monitoring on its customers?
No. It is prohibited in accordance to the R.17 FATF. Conducting ongoing due diligence on the business relationship and scrutiny of transactions undertaken throughout the course of that relationship to ensure that the transactions being conducted are consistent with the institution’s knowledge of the customer, their business and risk profile, including the source of funds. The Relevant Person can rely on the third party for: (a) Identifying the customer and verifying customer’s identity using reliable, independent source documents, data or information. (b) Identifying the beneficial owner and taking reasonable measures to verify the identity of the beneficial owner, such that the financial institution is satisfied that it knows who the beneficial owner is. For legal persons and arrangements this should include financial institutions understanding the ownership and control structure of the customer. (c) Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship. But not conducting on-going monitoring (due diligence).
What documents can serve as justification for a source of funds and source of wealth?
The rationale behind AFSA's (AIFC AML Rules) request for a Source of Funds (SOF) and Source of Wealth (SOW) is to ensure that the funds used in a transaction are legitimate and not derived from criminal activities. By obtaining information about the SOF and SOW, AFSA aims to assess the risk profile of the customer and identify any potential money laundering or terrorist financing risks. Understanding the SOF involves determining where the funds for a specific service or transaction are coming from, such as a specific bank account or financial institution. This information helps verify the legitimacy of the funds and their alignment with the customer's SOW. There are documents that can serve as justification for SOF and SOW. These documents can include: Proof of Dividend Payments: Documents that demonstrate dividend payments connected to a shareholding. Release of pension - a copy of the client’s pension statement and a copy of their bank account statement showing the money being received from the pension company. Savings: Statements from bank showing how the client gets paid from their employer, pension, annuity and the money growing in their bank account over time (six months) Salary/Bonus Certificates: Certificates or documents that verify the customer's salary or bonus payments. Loan Documentation: Documentation related to loans, such as loan agreements or loan statements. Proof of Transaction: Documents that provide evidence of a specific transaction that gave rise to the payment into the account. Share Certificates: Certificates that confirm ownership of shares in a company. Data of Registers or databases that provide information on the ownership of companies and assets. Probate Documents: Documents related to the distribution of a deceased person's estate, such as a will or grant of probate. Audited Accounts and Financial Statements: Financial statements and audited accounts that provide information on the financial situation of a legal person. These documents, among others, can be used to establish the source of funds and source of wealth. The specific documents required may vary depending on the circumstances and the nature of the customer's financial activities. It is important for Relevant Persons to obtain and verify relevant documentation to ensure compliance with AML/CFT regulations. It is important to focus not only on confirmation of the existence of funds but on their sources and the length of their existence.
Are there any tools available to help my firm search the U.S. Treasury's Office of Foreign Asset Control's (OFAC’s), UK HMT, EU, or Kazakhstan sanctions lists?
There are openly available resources. OFAC’s Sanctions List Search is a free source that assists the public in complying with sanctions programmes by facilitating the use of the Specially Designated National and Blocked Persons list (the “SDN list”) and other sanctions lists administered by OFAC: https://sanctionssearch.ofac.treas.gov/ For HM Treasury list please follow the link: https://sanctionssearchapp.ofsi.hmtreasury.gov.uk/ For EU sanction list please follow the link: https://www.eeas.europa.eu/eeas/european-union-sanctions_en For UNSC and Kazakhstan sanction lists please use the FIU platform AFM (websfm.kz).
Must AIFC licenced firms comply with sanctions imposed by the relevant authorities in the US, EU and UK?
Yes. AIFC participants should stipulate relevant procedures and controls to mitigate the risks of sanctions violations.
Who should serve as the main point of contact with the FIU and law enforcement agencies?
MLRO should be responsible for acting as the point of contact within the Relevant Person for the AFSA, FIU and any other competent authority regarding money laundering issues.
Does the AFSA cooperate and coordinate activities with other jurisdictions?
The AFSA is a member of various international organisations and standard setting bodies. It applies best international standards and is a signatory to many Memoranda of Understanding (MoUs), IOSCO and IAIS Multilateral Memorandums of Understanding (MMoU) and bilateral agreements with such bodies and regulators around the world. These MoUs, MMoUs and bilateral agreements place international obligations of cooperation on AFSA with these bodies and regulators in other jurisdictions.
What does carrying on activities “in or from” the AIFC mean?
Carrying on activities in or from the AIFC refers to activities carried out in the AIFC between two AIFC Participants or between an AIFC Participant and another party located outside the AIFC, either in the Republic of Kazakhstan or outside of the Republic of Kazakhstan.
Does an AIFC Participant’s authorisation allow it to operate outside the AIFC?
The Authorisation authorises an AIFC Participant to carry on activities in or from the AIFC. If an AIFC Participant wishes to establish an additional office outside the AIFC, it must comply with the relevant legislation in the jurisdiction where it proposes to establish and comply with any restrictions or requirements that other jurisdictions may impose. We urge AIFC Participants to take independent legal advice as to whether they would require an additional license or authorisation from regulatory authorities of the Republic of Kazakhstan, such as the Agency for Regulation and Development of Financial Markets. Please also read the FAQ section related to AIFC Participants (please, go to www.aifc.kz > FAQ > AIFC Participation).
Is there an application fee for authorisation and how much does it cost?
The authorisation application fees vary depending on the nature and extent of the Regulated Activity, Market Activity or Ancillary Service. Please refer to Schedule 1, 2, 3 and 4 of the AIFC Fees Rules (Main > Legal Framework > Financial Services Legislation > Fees Rules) to find details on fees for applying for a Licence to carry on Regulated, Market Activities, Ancillary Services and for applications for Recognised Non-AIFC Market Institution and Recognised Non-AIFC Member status. You can download the authorisation application form and application forms for Approved Individuals and Designated Individuals from AFSA’s website at www.afsa.kz > Firms > Authorisation > Forms. The forms include guidance notes which provide information on completing the forms and should be read in conjunction with the relevant legislation.
What is a materially complete application?
An application that fully satisfies the threshold conditions for authorisation and answers all questions asked. Note that the application process is interactive, and may involve meetings, correspondence, review of policies and procedures from the applicant or third parties and sometimes even an onsite inspection.
How long does it take to obtain an authorisation from the AFSA?
We endeavor to process all licence applications promptly, however, the actual process times depend on the complexity of the applicant’s proposed operations, the timeliness of responses and the quality of the application itself. Average application processing time for applications related to regulated activities and market activities, from the time the AFSA receives a materially complete application, is around two to three months. This does not include anytime the AFSA is awaiting information or a response from the applicant. On average materially complete applications for ancillary services take a month.
What is the timeline for authorisation?
When you apply for authorisation, you need to provide complete and detailed information about your business – such as, its structure, key individuals and financial resources. In return, we offer you the commitments listed below. Our commitments are: We will tell you that we have received your application within 2 working days. We will also tell you which case officer we have assigned to your application. The assigned case officer will handle all communication about your application. We will send you our Initial Review Letter within 4 weeks. During this period, we will: - assess your business, considering whether it meets the minimum ‘threshold conditions’; - check your application against various databases and information held by other regulatory agencies. You will have up to 2 months to address all our comments and observations. During this period, we may also require having an interview with some candidates for Controlled and Designated Functions. When we receive an updated application package, we expect that all our outstanding comments are cleared. However, experience shows, that this is not always the case. Therefore, we will send you our second review comments within 2 weeks. The faster and better you address our comments, the faster we will make a decision on your application. In rare cases it happens that the third draft application still does not satisfy our requirements. We will then have to charge a Supplementary Fee for incurring additional costs in dealing with the application. We will notify you as soon as reasonably practicable that a supplementary fee is to be required, for you to make an informed decision as to whether keep or withdraw an application. If you decide to continue the authorisation process, we will send you our third review comments within 2 weeks. The designated case officer will give you an update on the current status of your case at least monthly and often more frequently. You will be notified within a week once your application is considered complete, at which point you will also be given an indication as to when your application is likely to be decided. These commitments will apply until we approve your application or tell you of our decision that it should be refused, in which case you will have an opportunity to withdraw an application, otherwise we will apply a formal refusal process. Please note that failure to provide requested information may lead to delays in assessing your application. Thus, we endeavour to process all licence applications promptly, however, the process times depend on the complexity of the applicant’s proposed operations and the quality of the application itself. In general, average application processing time, from the time the AFSA receives a materially complete application, is around two to three months.
Why can’t staff within AFSA’s Authorisations Division provide advice on my authorisation application?
AFSA is an independent regulator and therefore cannot give advice on the same application it is assessing for authorisation. While members of the AFSA Authorisation team might be able to assist applicants regarding the application process and AFSA’s requirements relating to the application, the AIFC’s Business Connect can provide more hands-on assistance. Applicants are therefore urged to speak to a Business Development Officer within Business Connect prior to submitting an application. Alternatively, there are a number of AFSA authorised Consultants listed on the AFSA’s Public Register that can provide a service. For more information, please, go to www.afsa.kz > Public Register.
Who can I contact for information prior to completing an application for Authorisation?
We strongly suggest that firms, in the first instance, engage with the AIFCA Participants Support and Sales. They will help you understand the value proposition of the AIFC to assist your evaluation of whether a presence here will make business sense for your firm. Please contact the Participants Support and Sales team by emailing [email protected].
What is the scope of Regulated Activity of Opertaing a Representative Office?
Operating a Representative Office is a regulated activity authorised by the AFSA, which essentially means marketing from an establishment in the AIFC, of one or more financial services or investments which are offered in a jurisdiction other than the AIFC. The Financial Service of Operating a Representative Office is defined in the AIFC Representative Office Rules (REP) 2.3 (2). It means the marketing by a Person of one or more financial services or financial products which are offered in a jurisdiction other than the AIFC. REP Rules 2.3 defines “marketing” as: (a) providing information on one or more financial products or financial services; (b) engaging in promotions in relation to (a); or (c) making introductions or referrals in connection with the offer of financial services or financial products. Under the AIFC Representative Offices (REP) Rule 2.3 (3) (a), a Representative Office must not represent anyone other than itself or a member of its Group. The term “Group” is defined in the AIFC Glossary. For more information, please, go to www.aifc.kz > Legal Framework > Legal Framework > AIFC Financial Services Framework > Representative Office.
What is the difference between Recognised Company and Recognised Non-AIFC Member?
While Recognised Company is a branch of Foreign Company/Partnership located outside of the AIFC jurisdiction that has been registered (and authorised, if applicable) by the AFSA, and is considered to be an AIFC Participant, Recognised Non-AIFC Member is a broker or dealer from a recognised jurisdiction by AFSA with a relevant licence granted by recognised financial services regulator, who obtains permission from the AFSA to get an access to the AIX directly, without establishing legal presence and obtaining relevant authorisation, but is not considered an AIFC Participant.
Are RNAMs and RNAMIs authorised AIFC firms?
No, they are not authorised AIFC firms. RNAMs and RNAMIs are based outside the AIFC but receive a Recognition Order based on the satisfaction of certain requirements, which includes an equivalent regulatory environment. For example, Qualified market participants, such as brokers and dealers, may apply for recognition status and get access to the Astana International Exchange (AIX) and/or MTF/OTFs.
What is a Recognised Non-AIFC Member (RNAM) and Recognised Non-AIFC Market Institution (RNAMI)?
A broker or dealer, located in a jurisdiction other than the AIFC may apply to AFSA for an order declaring it be a Recognised Non-AIFC Member, while a firm which operates an investment exchange or clearing house from a place of business in a jurisdiction other than the AIFC may apply to the AFSA for an order declaring it to be a Recognised Non-AIFC Market Institution. For more information on RNAMs, please, go to www.afsa.kz > Media Centre > News > AFSA Note on Recognized Non-AIFC Members.
Can a company first register within the AIFC first and hold on to a Licence for Regulated Activities or Ancillary Services by applying for the authorisation later?
No, registration prior to Authorisation is not permitted due to several reasons: 1) As a regulator, we want to make sure that an applicant firm is fully aware of all the requirements, Rules and Regulations it has to comply with; 2) We want to make sure that as a regulator, there is no financial service or ancillary service conducted without our supervision.
Do I need to register or incorporate the company prior to authorisation?
No. This can be done post-authorisation. The registration/incorporation is a condition of every authorisation.
How do I know whether I need an authorisation or just registration?
All entities intending to carry on one or more Regulated Activity, Ancillary Service or Market Activity, in or from the AIFC, need to seek authorisation and registration/incorporation to become an AIFC Participant. Entities intending to carry on non-financial services activities, in or from the AIFC, will only need to register and incorporate.
Does my firm need to apply for Registration?
If you plan to carry on financial services activities or non-financial services activities, in or from the AIFC, you will need to register with the AFSA and incorporate your entity.
Are there any residency requirements for individuals performing a Controlled Function or Designated Function?
Generally, the Money Laundering Reporting Officer (MLRO) function must be performed by an individual ordinarily resident in the Republic of Kazakhstan. While there is no strict requirement for the Senior Executive Officer to be resident in Kazakhstan, the expectation is that the individual must spend an appropriate amount of his/her time in the Republic of Kazakhstan having due regard to the responsibilities that the Senior Executive Officer entails.
What is a Designated Function?
A Designated Function is any of the functions specified in GEN 2.3. This consists of the following functions – Senior Manager; Responsible Officer; Risk Manager and Internal Audit Manager.
Who is a Designated Individual?
A ‘Designated Individual' is an individual appointed by the firm to perform a ‘Designated Function’ on behalf of an Authorised firm. Designated Individuals occupy less critical roles, referred to as “Designated Functions”. They do not require AFSA approval, but may only be appointed by a firm after it has applied a fit and proper test. AFSA must be notified of the appointment.
What is a Controlled Function?
This consists of the following functions – Senior Executive Officer; Director; Finance Officer, Compliance Officer, and Money Laundering Reporting Officer. These individuals has to know and meet our regulatory requirements, as well as understand how we apply them. The functions specified in GEN 2.2.2 to 2.2.5 are Controlled Functions (please, go to www.afsa.kz > Legal Framework > Legal Framework > AIFC Financial Services Framework > General Rules).
Who is an Approved Individual?
An Approved Individual is an individual who is approved by the AFSA to carry out a Controlled Function. Approved individuals are employees of Authorised Persons who attract regulatory attention as they occupy the most critical roles in an Authorised Person, which are referred to as “Controlled Functions”. Their appointment requires the approval of the AFSA.
Can I become an authorized firm as an individual in my own right?
The AIFC laws and regulations do not allow for Sole Traders as a legal form of company. Therefore, an individual cannot be authorized in his/her own right to carry on a Regulated Activity, an Ancillary Service or a Market Activity in or from the AIFC. He/she may, however, carry on these services/activities as an Approved Individual or Designated Individual of an AIFC Participant.
What are the Regulated Activities? Is there a list somewhere?
The Regulated Activities are financial services that need authorisation from the AFSA. These include brokers and dealers, investment and fund management, banking, fund administration, providing and arranging custody, islamic finance, and other activities including operating a representative office. AFSA also authorises professional services that support the financial services industry i.e. Ancillary Services. There is a list of all the activities with descriptions that are authorised by the AFSA in the AIFC GEN Rules Schedules 1 and 2 (please, go to www.aifc.kz > Legal Framework > Legal Framework > AIFC Financial Services Framework > General Rules).
What companies need to seek authorisation?
Any company intending to carry on one or more Regulated Activity, Ancillary Service or Market Activity in or from the AIFC needs to seek authorisation to become an AIFC Participant. The full list of Regulated Activities, Market Activities and Ancililary Services authorised by the AFSA is included in the Schedules 1, 2 and 4 of AIFC General Rules (GEN). It is important to note that in accordance with Section 24 of the AIFC Financial Services Framework Regulations, a Centre Participant must not carry on a Regulated Activity, Market Activity or Ancillary Service unless it is licensed to do so by the AFSA. For more information, please, go to www.aifc.kz > Legal Framework > Legal Framework > AIFC Financial Services Framework > General Rules / Financial Services Framework Regulations
What type of companies in terms of their business activity can be registered in the AIFC?
The Centre can accommodate a broad range of activities outside the ones that are described as Regulated, Ancillary or Market Activities. Currently, there is a range of non-financial services firms and holding companies which have been registered by the AFSA as Centre Participants.