(1) A designated person that is part of a group shall implement group-wide policies and procedures, including data protection policies and policies and procedures for sharing information within the group, for the purposes of carrying out customer due diligence and preventing and detecting the commission of money laundering and terrorist financing.
(2) A designated person incorporated in the State that operates a branch, majority-owned subsidiary or establishment in a place other than the State shall ensure that the branch, majority-owned subsidiary or establishment adopts and applies group-wide policies and procedures referred to in subsection (1).
(3) Where a place referred to in subsection (2), other than a Member State, is a place that does not permit the implementation of the policies and procedures required under subsection (1) the designated person shall -
(a) ensure that each of its branches and majority-owned subsidiaries in that place applies additional measures to effectively
…