Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • III. Preventive Measures

    • Article 5

      Financial Institutions (FIs), Designated Non-Financial Businesses and Professions (DNFBPs)shall identify, assess, and document their money laundering risks and keep it up to date, taking into account a wide range of risk factors, including those relating to its customers, countries or geographic areas, products, services, transactions and delivery channels, and provide risk assessment reports to the supervisory authorities upon request. The risk assessment under this Article shall include an assessment, prior to their use, of the risks associated with new products, business practices and technologies.

      5/1

      Financial institution or designated non-financial business and profession shall identify asses and document their money laundering risks in writing, and regularly update its money laundering risk assessment and any underlying information, and keep both the report and any underlying information readily available for the supervisory authority. The nature and extent of the risk assessment shall be appropriate to the nature and size of the financial institutions’ or designated non-financial businesses and professions’ business.

      5/2

      Financial institution or designated non-financial business and profession when assessing its money laundering risks, shall give consideration to the following:

       a.Customer risk factors and risk factors relating to the beneficial owner or beneficiary;
       b.Risk factors emanating from countries or geographic area in which customer operates or the place of origination or destination of a transaction;
       c.Risk arising from the nature of products, services and transactions offered and the delivery channels for products and services.
       

      5/3

      When carrying out a risk assessment, a financial institutions and designated non-financial businesses or professions shall take into account the any risks identified on the national level and any variables which may increase or decrease the money laundering risk in a specific situation, including:

       a.The purpose of an account or relationship;
       b.The size of deposits or transactions undertaken by a customer;
       c.The frequency of transactions or duration of the relationship.
       

      5/4

      Based on the outcome of the risk assessment, a financial institutions or designated non-financial businesses and professions shall develop and implement internal policies, controls and procedures against money laundering that set out the appropriate level and type of measures to manage and mitigate the risks that have been identified; to monitor the implementation of those policies, controls and procedures; and to enhance them as necessary.

      5/5

      For higher level of risks the financial institution or designated non-financial business and profession shall apply enhanced mitigation measures; for a lower level of risks a financial institution or designated nonfinancial businesses and profession may apply simplified measures to manage and mitigate the risks. Simplified measures shall not be permitted if there is a suspicion of money laundering.

      5/6

      A financial institution or designated non-financial business and profession shall identify and assess the money laundering risks that may arise from the development of a new product, business practice or delivery mechanism, or from the use of a new or developing technology for new or pre-existing products. The risk assessment shall be carried out prior to the launch of the new product, business practice or delivery mechanism or prior to the use of the new technology. A financial institution or designated non-financial business and profession shall take appropriate measures to manage and mitigate the identified risk.

    • Article 6

      A financial institution shall not keep or open an anonymous accounts or an accounts in obviously fictitious names, or numbered accounts.

    • Article 7

      FIs and DNFBPs shall: 
       
       1-Apply due diligence measures to their customers and the Implementing Regulation shall set forth the instances in which such measures shall be taken and the types of measures to be taken.
       2-Determine the extent of due diligence measures based on the risks relation to a customer or business relationship. Where a higher risk of money laundering was identified, they shall apply enhanced due diligence measures.

      7/1

      A financial institution or designated non-financial business and profession shall undertake due diligence measures at the following times:

       a.Before establishing a new business relationship or opening a new account;
       b.Before carrying out a transaction for a customer with whom the financial institution or designated non-financial business and profession is not in an established business relationship, whether the transaction was conducted for one time or several times where the transactions would appear linked to each other;
       c.Before carrying out a wire transfer as prescribed by Article 10 of the Law for a customer with whom the financial institution or designated non-financial business and profession ion are not in an established business relationship;
       d.Whenever there is a suspicion of money laundering, regardless of the amounts involved; or
       e.Whenever the financial institution or designated non-financial business and profession has doubts either about the veracity or adequacy of previously obtained customer information or identification data.
       

      7/2

      Due diligence measures shall be based on risk and, at a minimum, comprise of the following:

       a.Identify the customer and verify the customer’s identity, using reliable, independent source documents, data or information: 
        1.For a customer that is a natural person, the financial institution or designated non-financial business and profession shall obtain and verify the full legal name, residential or the national address, date and place of birth, and nationality;
        2.For a customer that is a legal person or a legal arrangement, the financial institution or designated non-financial business and profession shall, at a minimum, obtain and verify the name, legal form and proof of existence, the powers that regulate and bind the legal person or legal arrangement, the names of all directors, senior managers or trustees, and the address of the registered office and, if different, the principal place of business.
        3.Depending on the risk posed by a specific customer, the financial institution or designated nonfinancial business and profession shall determine whether any additional information must be collected and verified.
       b.Verify that any person purporting to act on behalf of a customer is so authorized, and identify and verify the identity of that person in line with subsection (a); 
       c.Identify the beneficial owner and take reasonable measures to verify the identity of the beneficial owners, using information and data obtained from a reliable source, such that the financial institution or designated non-financial business and profession is satisfied it knows who the beneficial owner is, as following: 
        1.For a customer that is a legal person, a financial institution or designated non-financial business and profession shall identify and take reasonable measures to verify the identity of the natural person who ultimately owns or controls 25% or more of the legal entity’s shares.
        2.Where no controlling ownership interest exists as stipulated in the previous para (1), or there is doubt whether the controlling shareholder is not indeed the beneficial owner, the identity of the natural person exercising control of the legal person through other means; or, as a last means, the identity of the natural person who holds the position of senior managing official, and verify it.
        3.For a customer that is a legal arrangement, a financial institution or designated non-financial business and profession shall identify and take reasonable measures to verify the identity of the endower, beholder, the beneficiaries or classes of beneficiaries, and any other natural person exercising ultimate effective control over the legal arrangement.
       d.Understand and obtain additional information on the purpose and intended nature of the business relationship, as appropriate. 
       e.For the legal persons or legal arrangement, the ownership and control structure of the customer should be understood.
             		 

      7/3

      A financial institution or designated non-financial business and profession shall verify the identity of the customer and beneficial owners before or during the course of establishing a business relationship or opening an account; or before carrying out a transaction for a customer with whom the financial institution or designated non-financial business and profession is not in an established business relationship. Where the money laundering risk is low, a financial institution or designated non-financial business and profession may complete verification of the customer’s identity as soon as practicable after the establishment of the business relationship if postponing the verification is essential not to interrupt the normal conduct of business and the financial institution or designated non-financial business and profession shall apply appropriate measures to manage the money laundering risk. The financial institution or designated nonfinancial business and profession shall take measures to managing the risk in the circumstances where the customer benefit from the business relationship before the verification is completed.

      7/4

      In addition to the measures under Section 7/2, a financial institution shall, in relation to a beneficiary of a saving and protection insurance or other investment related insurance policy, apply the following due diligence measures as soon as the beneficiary is identified or designated:

       a.For a beneficiary identified by name, take the name of that person whether it is natural or legal person;
       b.For a beneficiary designated by class or characteristics or any other means such as deeds , obtain sufficient information concerning the beneficiary to ensure that the financial institution will be able to identify the beneficiary prior to payout;
       

      In all cases, a financial institution shall verify the identity of the beneficiary prior to a payout under the insurance policy or prior to the exercising of any rights related to the policy.

      7/5

      A financial institution, when determining whether enhanced due diligence measures are required in relation to a specific policy, shall take into account risk factors relating to the beneficiary of the policy and, if the financial institution considers that a beneficiary poses a higher risk, shall in all cases identify and verify the identity of the beneficial owner of the beneficiary at the time of payout.

      7/6

      A financial institution or designated non-financial business and profession shall carry out ongoing due diligence on all business relationships in accordance with the risks posed, verify the transition throughout the business relationship to ensure the consistency with customer’s data, activities and risk posed by customer. Also It should be ensured that documents, data and information collected under the due diligence process is kept up-dates and relevant by undertaking reviews of existing records, in particular for higher risk customers.

      7/7

      A financial institution or designated non-financial business and profession shall apply due diligence measures to customers and business relationships that existed at the date of coming into force of the Law and this Implementing Regulations. A financial institution or designated non-financial business and profession shall apply due diligence measures to existing customers and business relationships based on materiality and risk and conduct ongoing due diligence on such existing customers and business relationships at appropriate times, taking into account whether and when due diligence measures have previously been undertaken, and the adequacy of data obtained.

      7/8

      A financial institution or designated non-financial business and profession that is unable to comply with the due diligence obligations may not open the account, establish the business relationship or carry out the transaction; or in relation to existing customers or business relationships, shall terminate the business relationship; and shall in all cases consider submitting a suspicious transaction report to the Directorate.

      7/9

      Where a financial institution or designated non-financial business and profession has a suspicion of money laundering and it reasonably believes that performing due diligence may tip off the customer, it may opt to not carry out due diligence measures and shall submit a suspicious transaction report to the Directorate of financial intelligence , and stating the reasons as to why due diligence was not applied.

      7/10

      A financial institution or designated non-financial business and profession may rely on another financial institution or designated non-financial business and profession to perform identification and verification of the customer; identification and verification of the beneficial owner; and to take the necessary measures to understand the nature and intended purpose of the business relationship.

      7/11

      If financial institution or designated non-financial business and profession place reliance on another party as stated in 7/10, they shall do the following:

       a.immediately obtains all necessary information as required under Article 7 of the Law and this Implementing Regulation;
       b.take measures to satisfy that copies of identification data and other relevant documentation relating to the due diligence measures will be made available , and without delay;
       c.ensure that financial institution or designated non-financial business and profession relied upon is regulated, supervised for and has measures in place for compliance with due diligence and record keeping requirements in line with the requirements stipulated under the Law and this Implementing Regulation.
       d.Take into account information available with (AMLPC) and the Directorate of Financial intelligence with regard to high-risk countries identified.
       

      The ultimate responsibility of all requirements stipulated in this law and its implementing regulation relay on the requesting financial institution and designated non-financial business and profession.

      7/12

      when a financial institution is being relied upon by another domestic or foreign financial institution, confidentially requirements under Saudi law shall not preclude a financial institution from exchanging information as required for the reliant party to determine whether the relied upon financial institutions applies appropriate standards

      7/13

      A financial institution or designated non-financial business and profession that relies on a financial institution or designated non-financial business and profession that is part of the same financial group may consider that the financial institution or designated non-financial business and profession relied upon meets the requirements under Article 7/10 and 7/11 provided the group applies due diligence and record keeping requirements in line with the Law and this Implementing Regulation, the implementation of such policies is supervised at the group level by a competent authority and any higher country risk is adequately mitigated by the group’s policies and controls.

      7/14

      A financial institution or designated non-financial business and profession shall determine the extent and depth of application of due diligence measures under Article 7 of the Law based on the types and levels of risk posed by a specific customer or business relationship.

      Where the risk of money laundering is higher, a financial institution or designated non-financial business and profession shall apply enhanced due diligence measures consistent with the risks identified. Where the risk of money laundering is lower, a financial institution or designated non-financial business and profession may conduct simplified due diligence measures provided there is no suspicion of money laundering, in which case simplified due diligence shall not be permitted. The simplified measures shall be commensurate with the lower risk.

    • Article 8

      FIs and DNFBPs shall use appropriate systems to determine whether a customer or beneficial owner is or has become assignee with a prominent public function in the Kingdom or a foreign country; or with a senior management position in an international organization and if so, apply additional measures as prescribed by the Implementing Regulation.

      8/1

      The person is or has become assignee with a prominent public function in the Kingdom or a foreign country; or with a senior management position in an international organization is consider as “politically exposed person”, it shall comprise the following:

       a.Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, and important party officials
       b.Directors, deputy directors, and members of the board or equivalent function, of any international organization.
       

      8/2

      The obligations under Article 8 of the Law shall apply in relation to politically exposed persons, their close associates and family members.

      8/3

      A family member of a politically exposed person shall include any individual who is related to a politically exposed person by blood or marriage up to the second degree.

      8/4

      A close associate of a politically exposed person shall include any natural person who is known to have joint beneficial ownership of a legal entity or legal arrangement or who is in a close business relationship with the politically exposed person, or who has a beneficial ownership of a legal entity or legal arrangement which is known to have been set up for the benefit de facto of a politically exposed person.

      8/5

      A financial institution or designated non-financial business and profession shall in relation to politically exposed persons from a foreign country, obtain senior management approval before establishing or continuing such a business relationship; take reasonable measures to establish the source of wealth and the source of funds of the politically exposed person; and conduct enhanced ongoing monitoring on the business relationship; and the same applied in relation to politically exposed persons from the Kingdom, in case of a higher risk of money laundering.

      8/6

      A financial institution shall take the reasonable measures to determine whether the beneficiaries or the beneficial owner from the saving and protection policy or any other investment insurance policy, before the payout of the policy prior to the exercising of any rights related to the policy, are PEPs, if so, the FI shall inform the senior management before the payout or prior to the exercising of any rights related to the policy, and conduct enhanced scrutiny on the business relationship, and consider making a suspicious transaction report.

    • Article 9

       1-Before entering into a cross-border correspondent relationship, financial institutions shall apply appropriate risk mitigation measures as prescribed by the Implementing Regulation, and shall satisfy themselves that the respondent institution does not permit their account to be used by a shell bank.
       2-Financial institutions shall not enter into or continue a correspondent relationships with a shell bank or a respondent institution that permits its account to be used by a shell bank.

      9/1

      Before entering into a cross-border correspondent relationship, a financial institution shall apply the following risk mitigating measures:

       a.gather sufficient information about the respondent institution to understand fully the nature of the respondent’s business, and determine from publicly available information the reputation of the institution and the quality of supervision, and whether the respondent institution has been subject to a money laundering investigation or regulatory action;
       b.assess the respondent institution’s anti-money laundering controls;
       c.obtain approval from senior management before establishing new correspondent relationships; and
       d.clearly understand the respective anti-money laundering responsibilities of each institution.
       e.Reach satisfactory convention that a respondent financial institution does not allow the use of its account by shell banks.
       

      9/2

      Where a financial institution registered and licensed in the Kingdom enters into a correspondent relationship in order to receive services from a foreign correspondent financial institution, confidentially requirements under Saudi law shall not preclude the financial institution from providing to the foreign institution the information and documents required for the foreign institution to satisfy itself that the conditions under 9/1 (a) and (b) are met.

    • Article 10

       1-Financial institutions provide wire transfer activities shall obtain information on the originator and beneficiary and ensure that such information is kept with the wire transfer or related message throughout the payment chain. A financial institution that is unable to obtain required originator or beneficiary information shall not permit the execution of the wire transfer.
       2-A financial institution shall record all originator and beneficiary information and keep the records, documents, data, and files in accordance with Article 12.
       3-A financial institution shall comply with all measures on wire transfers as set out in the Implementing Regulation.

      10/1

      Article 10 of the Law shall apply to cross-border wire transfers and domestic wire transfers in any currency, including serial payments and cover payments, which are received, or sent or processed by a financial institution in the Kingdom, including credit or debit or prepaid card, mobile phone or other digital or IT prepaid or postpaid device that are used to effect a person-to-person transfer of funds. The scope of the Law does not extend to a transfer that

       a.flows from a transaction carried out using a credit or debit or prepaid card, a mobile phone or any other digital or IT prepaid or postpaid device with similar characteristics and exclusively for the purchase of goods or services, provided the credit or debit or prepaid card number accompanies the transfer flowing from the transaction; or
       b.constitutes a transfer or settlement between two financial institutions where both the originator and the beneficiary are a financial institution acting on their own behalf.
       

      10/2

      Originator information shall include:

       a)The full name of the originator;
       b)The originator account number where such an account is used to process the transaction or in the absence of an account number, a unique transaction number that permits traceability of the transaction; and
       c)The originator’s address, or customer identification, or date and place of birth.
       

      Beneficiary information shall include:

       a)The full name of the beneficiary; and
       b)The beneficiary account number where such an account is used to process the transaction or in the absence of an account number, a unique transaction number that permits traceability of the transaction.

      10/3

      A financial institution that orders a wire transfer shall include required and verified originator information and required beneficiary information with each wire transfer. In case of a suspicion, an STR shall be submitted according to Article 15 of the Law. If a financial institution cannot comply with its obligations under this provision, it shall not order the wire transfer.

      10/4

      Where several individual cross-border wire transfers from a single originator are bundled in a batch file for transmission to several beneficiaries, the ordering financial institution shall include in the batch file the required and verified originator information; the required beneficiary information that is fully traceable within the beneficiary country; and the originator’s account number of unique transaction reference number.

      10/5

      For domestic wire transfers, the obligations set out in Article 10/3 shall apply unless the ordering financial institution is in a position to make all required originator and beneficiary information available to the financial institution ultimately receiving the wire transfer or competent authorities by other means, in which case the ordering financial institution may only include the account number or a unique transaction reference number that permits the transaction to be linked with the relevant originator or beneficiary information. The ordering institution shall make the required and verified originator and required beneficiary information available within three business days upon receiving a request for such information from the financial institution ultimately receiving the wire transfer or a competent authority.

      10/6

      A financial institution shall maintain all originator and beneficiary information in accordance with Article 12 of the Law.

      10/7

      For cross-border wire transfers, a financial institution processing an intermediary element of the payment chain shall ensure that all originator and beneficiary information that accompanies a wire transfer is retained with it, and shall keep all wire transfer information including originator and beneficiary information in accordance with Article 12 of the Law.

      10/8

      Where technical limitations prevent the required originator or beneficiary information accompanying a cross-border wire transfer from remaining with a related domestic wire transfer, the intermediary financial institution shall keep a record for ten years of all the information received from the ordering or other intermediary financial institution.

      10/9

      A financial institution ultimately receiving or processing an intermediary element of a wire transfer shall have in place and apply procedures for:

       a)Identifying wire transfers that lack required originator or beneficiary information;
       b)Determining, on a risk basis, when to execute, reject, or suspend a wire transfer that lacks required originator or required beneficiary information; and
       c)Taking appropriate risk based follow-up action which may include restricting or terminating the business relationship.
       

      10/10

      A financial institution ultimately receiving a cross-border wire transfer shall take reasonable measures to identify cross-border wire transfers that lack required originator or beneficiary information. Such measures may include post-even monitoring or real-time monitoring where feasible. , if the identity has not been previously verified, a financial institution ultimately receiving the transfer shall verify the identity of wire-transfer sender’s information and maintain this information in accordance with Article 12 of the Law.

      10/11

      Confidentially requirements under Saudi law shall not preclude a financial institution from exchanging information with other domestic or foreign institutions that are processing any part of the transaction as required to comply with the provisions under this Article.

    • Article 11

       1-FIs and DNFBPs shall apply enhanced due diligence measures proportionate to the risks involving business relationships and transactions with a person from a country that was identified as high risk by the FI or DNFBP or the Anti-Money Laundering Permanent Committee.
       2-FIs and DNFBPs shall apply the countermeasures prescribed by the Anti-Money Laundering Permanent Committee with respect to high risk countries.

    • Article 12

       1-FIs and DNFBPs shall, for all domestic or international financial transactions as well as commercial and monetary transactions, keep all records and documents for a period of no less than ten years from the date of concluding the transaction or closure of account.
       2-FIs and DNFBPs shall keep all records obtained through due diligence measures, account files and business correspondences and copies of personal identification documents, including the results of any analysis undertaken, for at least ten years after the business relationship has ended or a transaction was carried out for a customer is not in an established business relationship.
       3-In specific cases, the Public Prosecution may oblige FIs and DNFBPs to extend the record keeping period for as long as required for the purpose of a criminal investigation or prosecution.
       4-Records shall be sufficient to permit reconstruction of transactions and shall be maintained in a manner so that they can be readily made available to competent authorities upon request.

    • Article 13

      FIs and DNFBPs shall: 
       
       1-Monitor and scrutinize transactions, document and data on an ongoing basis to ensure that they are consistent with the reporting entity’s knowledge of the customer, the customer’s commercial activities and risk profile, and where necessary the customer's source of funds.
       2-Examine any complex and unusual large transaction, and any unusual pattern of transactions that has no clear economic or legal objective.
       3-Where the risks of money laundering are higher, the FI and DNFBP shall perform enhanced due diligence where the ML/TF risks are higher and increase the level and nature of monitoring of the relevant business relationship to determine whether the transaction is unusual or suspicious.
       4-Keep records for a period of ten years and make them available to competent authorities upon request.

    • Article 14

       1-FIs and DNFBPs shall:
        A-Have in place and effectively implement internal policies, procedures and controls against money laundering aimed at managing and mitigating any risks identified as clarified in Article 5. The policies, procedures and controls shall be proportionate to the nature and size of the FI and DNFBP’s business and shall be approved by senior management. FI and DNFBP shall review and enhance them as needed. 
        B-Apply its internal policies, procedures and controls said in (A) of this Article, to all of its branches and majority-owned subsidiaries. 
       2-The Implementing Regulation shall specify the matters that must be addressed in the internal policies, procedures and controls under (1/A) in this Article for Anti-Money Laundering.

      14/1

      The policies, procedures and internal controls shall be proportionate to the nature and size of the financial institution or designated non-financial business and profession’s business and shall address the following:

       a.Due diligence measures as required under this law and its Implementing Regulation, including risk management procedures for utilization of a business relationship prior to completion of the verification process;
       b.Transaction reporting procedures;
       c.Appropriate anti-money laundering compliance management arrangements, including appointment of an anti-money laundering compliance officer at the senior management level;
       d.Adequate screening procedures to ensure high standards when hiring employees;
       e.Ongoing employee training programs; and
       f.An independent audit function to test the effectiveness and adequacy of internal policies, controls and procedures.
       

      14/2

      A financial group shall implement a group-wide program against money laundering, apply the internal policies, controls, procedures to all of its branches and majority-owned subsidiaries and ensure effective implementation thereof by all branches and majority-owned subsidiaries. In addition to the issues set out in subsection 14/1, a group level policy shall address also the sharing of information between all members of the group; the provision of customer, account and transaction information to group-level compliance, audit or anti-money laundering functions; and the safeguarding of confidentiality and use of the information exchanged.

      14/3

      Where the anti-money laundering requirements of a foreign country are less strict than those imposed under the Law and this Implementing Regulation, a financial institution or designated non-financial business and profession shall ensure that its branches and majority-owned subsidiaries operating in that foreign country apply measures consistent with the requirements under the Law and this Implementing Regulation. If the foreign country does not permit the proper implementation of such measures, the financial institution or designated non-financial business and profession shall inform the Saudi supervisory authority of this fact and take any additional measures necessary to appropriately manage and mitigate the money laundering risks associated with its operations abroad. The financial institution or designated non-financial business and profession shall comply with any instructions received from the supervisory authority in this regard.

    • Article 15

      FIs, DNFBPs, and NPOs including the attorneys and any person providing legal or accounting type services, that suspects or has reasonable grounds to suspect that funds or parts thereof, regardless of their amounts, are proceeds of crime or are related to money laundering or that such funds will be used in acts of money laundering, including attempts to initiate such a transaction, shall Promptly and directly take the following measures: 
       
       1-Report such transaction to the General Directorate of Financial Intelligence; and provide a detailed report including all available data and information on such transaction and relevant parties.
       2-Promptly and fully respond to requests from the Directorate for additional information.

      15/1

      Suspicious reporting requirement stipulated under this article shall include the following:

       a)A financial institution or designated non-financial business or profession or NPO that suspects or has reasonable grounds to suspect that funds or parts thereof, are proceeds of crime or are related to money laundering or that such funds will be used in acts of money laundering, including attempts to initiate such a transaction,
       b)A financial institution or designated non-financial business or profession or NPO that suspects or has reasonable grounds to suspect that any of the complicated, high-volume, or suspicious transaction that relates to money laundering, including the attempt to execute any of these transations.
       

      15/2

      The reporting obligation under Article 15 of the law applies regardless of the amounts involved.

      15/3

      A financial institutions, designated non-financial businesses and professions, or NPO shall implement indicators of suspected acts of money laundering. These indicators shall be updated on a continuous basis according to the development and diversity of methods used to carry out such acts, while complying with the publications of supervisory authorities in this regard.

      15/4

      The reporting shall be provided as per the form adopted by the Directorate, and as minimum shall include the following information:

       A.Names, addresses and phone numbers of those carrying out suspicious transactions;
       B.A statement of the suspicious transaction, its involved parties, circumstances surrounding its detection and its current status;
       C.Specifying the amount of the suspicious transaction and relevant bank or investment accounts; and
       D.The reasons and causes of suspicion on the basis of which the employee made such report.
       

      The directorate of financial intelligence shall further specify the manner in which reports under this Article are to be made and the information that shall be transmitted as part of the report.

    • Article 16

       1-FIs, DNFBPs, and NPOs as well as their Members of Board of Directors, directors, Members of its executive or supervisory management, and employees are prohibited from disclosing to a customer or any other person the fact that a report under this Law or related information will be, is being or has been submitted to the Directorate, or that a criminal investigation is being or has been carried out. This shall not preclude disclosures or communications between directors and employees or communications with lawyers or competent authorities.
       2-FIs, DNFBPs, and NPOs as well as their Members of Board of Directors, directors, Members of its executive or supervisory management, and employees shall be protected from any liability toward the reported if they report their suspicions to the Directorate in good faith.

      16/1

      The protection under Article 16 of the Law shall include protection from any criminal, civil, contractual, disciplinary or administrative liability and applies also in situations where the financial institution or designated non-financial business and profession or its employees or directors did not know precisely what the underlying criminal activity of the reported transaction was and regardless of whether illegal activity actually occurred.