Internal Regulations on Anti–Money Laundering

Internal Regulations on Anti – Money Laundering

Article 24 of the 2022 Law on Anti – Money Laundering provides for Internal Regulations on Anti–Money Laundering as follows:

1. Reporting entities that are organizations must issue internal regulations on anti–money laundering, which shall include the following principal contents:

a) Customer acceptance policy, including provisions on refusing to open accounts, establish business relationships, conduct transactions, or terminate business relationships with customers in cases where the reporting entity is unable to complete customer identification because the customer refuses to provide information or provides insufficient information;

b) Customer identification procedures;

c) Risk management policies and procedures, including the contents prescribed in Clause 1 Article 16, Clause 1 Article 19, and Clause 2 Article 34 of this Law;

d) Procedures for reporting reportable transactions;

dd) Procedures for reviewing, detecting, handling, and reporting suspicious transactions; methods of communication with customers conducting suspicious transactions;

e) Information retention and confidentiality;

g) Application of temporary measures and principles of handling in cases of transaction delay;

h) Reporting regime and provision of information to the State Bank of Vietnam and competent state authorities;

i) Recruitment, training, and professional development for anti–money laundering activities;

k) Internal control and audit of compliance with policies, regulations, procedures, and processes related to anti–money laundering activities; responsibilities of each individual and department in implementing internal regulations on anti–money laundering.

2. Reporting entities that are micro-enterprises or individuals must issue internal regulations on anti–money laundering containing the contents set out in Points a, b, c, dd, e, and g of Clause 1 of this Article.

3. Internal regulations must ensure the prevention, detection, deterrence, and handling of activities suspected of being related to money laundering; be consistent with the organizational structure, scale of operations, and money-laundering risk levels of the reporting entity; and be applied and disseminated throughout the reporting entity’s system and its agents.

4. Annually, reporting entities must review their internal regulations on anti–money laundering to consider amendments and supplements as appropriate.

5. The Governor of the State Bank of Vietnam shall detail this Article.

This Article is guided by Article 5 of Circular No. 27/2025/TT-NHNN as follows:

Contents of internal regulations on anti–money laundering of reporting entities under Points b, c, e, g, h, i, and k Clause 1 Article 24 of the Law on Anti–Money Laundering are prescribed as follows:

1. Customer identification procedures and processes, implemented on a risk-based approach, including collection, updating, and verification of information in accordance with the law on anti–money laundering, assignment of responsibilities for customer identification according to risk levels and the scale, scope, and characteristics of the reporting entity’s operations, with the following contents:

a) Cases requiring customer identification and the collection and updating of customer identification information, including cases where customers do not have an account or have an account but have not conducted any transaction within six consecutive months prior to making one or more transactions to deposit, withdraw, or transfer funds with a total value of VND 400,000,000 or more (or equivalent in foreign currency) in a single day, excluding transactions for closing savings accounts, withdrawing savings interest, paying credit card debt, paying debt on credit facilities to financial institutions, periodic payments or payments made according to a pre-registered schedule with financial institutions, and withdrawals of investment interest in securities or bonds;

b) Verification of customer identification information as prescribed in Articles 12, 13, and 14 of the Law on Anti–Money Laundering; regulations on verification of customer identification information, including verification of beneficial owner information from reliable sources;

c) Regulations on identification information of a customer’s authorized representative or legal representative (if any), including cases where the representative participates in a legal arrangement on behalf of the customer;

d) Regulations on customer identification where the customer is an organization under Article 10 of the Law on Anti–Money Laundering, in which the reporting entity must collect information on the founder(s). If such information cannot be collected because the founder has divested, is deceased, no longer exists, or information is otherwise insufficient, the reporting entity must state the reason for failing to collect such information during the process of customer identification and information updating;

dd) Regulations on customer identification for parties involved in legal arrangements, including identification information such as: full and abbreviated transaction name (for trustee organizations) or name of the trustee (for individuals acting as trustees); registered address of the trustor (if an organization) or nationality and address (if an individual); foreign registration/licensing information (if any); business sector; trustor, beneficiaries, related parties (if any), and the natural persons exercising ultimate control over the trust;

e) Regulations on ongoing monitoring of business relationships with customers on a risk-based basis through: close monitoring of transactions consistent with the customer’s risk level throughout the establishment and maintenance of the business relationship to ensure transactions align with customer identification information, understanding of the customer’s business activities, and the source of funds/assets; and reviewing and assessing customer identification records to ensure customer information is regularly updated, especially for high-risk customers;

g) Regulations on timing requirements for completing customer information verification and for reviewing/updating customer identification records consistent with customer risk levels and the applicable legal requirements to ensure feasibility without disrupting business operations.

2. The money laundering risk management process of reporting entities must include the contents prescribed in Clause 1 Article 4 of this Circular.

3. Regulations on information retention, retention periods, and information confidentiality in accordance with Articles 38 and 40 of the Law on Anti–Money Laundering and other relevant laws, including responsibility for retaining information, files, documents, and results of analysis/assessment (if any) of transactions below the reporting threshold to promptly provide to competent authorities as required by law.

4. Regulations on the application of temporary measures under Article 44 of the Law on Anti–Money Laundering and the Government’s decree detailing certain articles of the Law on Anti–Money Laundering.

5. Regulations on reporting obligations and provision of information to the State Bank of Vietnam and other competent state authorities, including methods and procedures for reporting and providing information to ensure compliance with statutory deadlines and reporting requirements.

6. Regulations on personnel recruitment, including requirements for identifying and selecting personnel suitable for the job position; providing basic anti–money laundering training within six months from recruitment.

7. Contents of training and professional development on anti–money laundering, including: legal regulations and internal regulations on anti–money laundering; responsibilities for non-compliance; money laundering methods and techniques; money laundering risks related to products and services; and duties assigned to managers and employees.

8. Contents of internal audit on anti–money laundering, including: independent and objective examination, review, and assessment of the internal control system and compliance with internal regulations and legal provisions on anti–money laundering; recommendations and proposals for improving the effectiveness and efficiency of anti–money laundering activities. Internal audits may be conducted independently or combined with other audit activities but must be addressed as a separate section in the audit report. If the reporting entity is not required by law to conduct internal audits, it must ensure internal compliance checks on anti–money laundering regulations.

9. Responsibilities of individuals and departments involved in anti–money laundering must ensure:

a) Assignment of a manager or a person authorized by a senior manager under internal regulations to be responsible for organizing, directing, and inspecting compliance with anti–money laundering laws (hereinafter referred to as the person responsible for anti–money laundering);

b) Depending on size, scope, and operational characteristics, the reporting entity must establish a dedicated AML unit (team, division, or department) or designate an existing unit or individual to be responsible for anti–money laundering at the head office; and assign one or more individuals or units responsible for anti–money laundering at branches or subsidiaries involved in AML-related operations (if any).

10. Reporting entities are responsible for:

a) Annually conducting AML training and professional development for managers and relevant employees (including employees directly engaged in customer cash or asset transactions);

b) Annually reviewing and updating legal regulations on anti–money laundering, AML risk management policies, and procedures consistent with the entity’s money laundering risk assessment and practical implementation; within 10 days from the issuance, amendment, supplementation, or replacement of internal AML regulations, submitting such internal regulations to the Anti–Money Laundering Department (for reporting entities in the monetary and banking sector) or to the state management ministry/agency (for other reporting entities);

c) Annually submitting internal AML audit reports (except entities not required by law to conduct internal audits) within 60 days from the end of the financial year to the Anti–Money Laundering Department (for monetary/banking entities) or to the relevant state management ministry/agency (for other reporting entities). If the entity is not required to conduct annual internal audits, it shall submit reports for the audited year in accordance with this provision;

d) Registering information on the full name, workplace address, phone number, and email address of the person responsible for anti–money laundering under Point a Clause 9 of this Article and the person in charge of anti–money laundering under Point b Clause 9 of this Article, and the email address of the designated AML unit (if any), with the Anti–Money Laundering Department and relevant state management ministries/agencies;

dd) Notifying in writing the Anti–Money Laundering Department and relevant state management ministries/agencies of any changes to the information under Point d Clause 10 of this Article within 15 days from the date of change.

11. Reporting entities that are micro-enterprises or individuals shall issue internal regulations on anti–money laundering that must include the contents prescribed in Clauses 1, 2, 3, and 4 of this Article and Points a and dd Clause 1 Article 24 of the Law on Anti–Money Laundering.