Legal Instruments and Structures to disguise beneficial ownership

Legal Instruments and Structures that Disguise Beneficial Ownership

A beneficial owner is a natural person who effectively owns or controls a legal person or legal arrangement or on whose behalf transactions are conducted. Criminals deploy a range of methods to conceal their ownership over their illegally derived assets and funds.

Scrutinising the ownership structure is a part of AML/CFT obligations for Financial Institutions (FIs), Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs). Some of the commonly used techniques to disguise beneficial ownership have been listed below:

Bearer Securities

Bearer securities are instruments that grant ownership to individuals who physically hold the certificate. Bearer securities have recently gained prominence due to their anonymity feature, as they are not registered and can be transferred easily, as there are requirements to record the transfer of bearer securities.

However, the lack of transparency in determining the owner of shares makes it easy for criminals to conceal the identity of beneficial owners that control the bearer instruments. That being said, UAE has implemented Federal Decree Law No. (32) of 2021 for commercial companies and Cabinet Decision No. (109) of 2023 On Regulating the Beneficial Owner Procedures for legal persons in the state (including commercial free zones) that restricts them from issuing bearer shares and bearer share warrants.

Fronts and Nominees

Front companies are completely functional companies that have the same attributes as a legitimate business entity but are used for disguising illegal financial activities While front companies can be used to simplify transactions or for other lawful purposes, they can also be misused for fraudulent schemes, such as false invoicing and phoenix activity.

Offenders can additionally use nominee shareholders or directors to further obscure the identity of beneficial owners. A nominee shareholder holds shares in a company for the benefit of another person. A nominee director is appointed to the board of a company to represent the interests of the appointer.

Nominees can be exploited to circumvent restrictions on foreign business ownership or foreign trade or by individuals who are prohibited from acting as directors of a company owing to their past conduct.

UAE’s regulatory regime requires nominee board members to disclose to the legal person that they are acting as a nominee within fifteen days of becoming a nominee board member. The nominee member is also obligated to inform the legal person if he or she ceases to be a nominee board member.

The Register of Partners or Shareholders kept by the legal person must also include data of any of the partners or shareholders serving as a nominee board member. This includes:

Number of shares held along with the category of the shares and associated voting rights
The date on which the partner or shareholder acquired that position in the legal person
Particulars of the partner or shareholder, depending on whether they are a natural or legal person

The nominee member must inform the legal person if there are any updates in any of the above-mentioned information within 15 days of such change.

Non-Profits, Charities and Foundations

Non-Profit Organisations (NPOs), charities and foundations are natural or legal persons or legal arrangements that work to raise funds for purposes such as charitable, religious, cultural, educational, social, and other noble causes. However, the goodwill associated with non-profits is abused by illicit actors to funnel the proceeds of their crimes by way of donations, as charities have access to considerable sources of funds.

The regulatory regime in UAE also requires DNFBPs dealing with NPOs to adopt a risk-based approach.

Offshore Companies

Offshore companies are entities whose place of incorporation and principal place of operation fall under different jurisdictions. When creating complex structures, criminals often resort to setting up offshore companies in tax haven countries or countries with flexible business regulations and stringent privacy laws.

Shell and Shelf Companies

Shell companies are companies which have no significant independent business operations or related assets or employees, whereas shelf companies are companies that have been dormant for a long duration with inactive shareholders, directors, and secretaries. Shell companies offer a variety of functions during corporate mergers or to protect the company’s brand name and identity against third-party violation.

Shell companies are also used for illicit purposes, such as the distribution of assets across multiple countries and pass-through transactions to hide the origin of funds. On the other hand, shelf companies can be used by new owners to secure business relationships based on the company’s history or access markets based on pre-established relationships with financial institutions, making it difficult to identify the real owners of the company.

Trusts

A trust is a fiduciary relationship where a settlor gives the trustee the right to hold title for the beneficiary’s assets. Trusts such as express trusts are commonly misused by criminals to maintain anonymity, creating an additional layer of complexity by separating the legal title and control of an asset from its beneficial ownership.

Private Investment Vehicles

Private Investment Vehicles or Companies (PIVs/PICs) are investment companies that have a few investors without any intention of public offering. Generally, PIVs or PICs are used by high-net-worth individuals to hold their assets.

Criminals can misuse PIVs/PICs and appoint nominee shareholders, directors and secretaries to create an additional layer of confidentiality that can obscure beneficial ownership and create complex structures.

How to Identify UBO within Complex Ownership Structures

Regulated Entities in the UAE are required to identify and verify the ultimate beneficial owner (UBO) to decode the corporate structure. Complex ownership structures are those legal entities whose actual ownership is difficult to identify.

This infographic attempts to showcase how a regulated entity can identify the UBO of a legal entity customer who has a complex ownership structure through the use of various measures discussed.

The UBO Regulations in UAE define a beneficial owner as a natural person who has:

Ultimate ownership, or
On whose behalf transactions are carried out, or
Ultimate effective control over the legal entity in terms of decision-making authority.

Various methods to identify UBOs within Complex Ownership Structure are as follows:

Seek Ownership Information until Natural Persons with Significant Share found

A regulated entity must strive to peel layers of corporate ownership within corporate ownership until the ownership or control can be found with a natural person.

For instance, the if one legal entity is found to be owned by another legal entity or legal arrangement, which is further owned by another legal arrangement, then the regulated entity should make efforts to identify the UBO, who is the natural person or person operating behind the complex web of corporate ownership structures.

Ownership information can be sought through the ‘Know Your Customer’ (KYC) component of the Customer Due Diligence (CDD) process carried out to meet anti-money laundering/ counter financing of terrorism (AML/CFT) obligations of a regulated entity.

The KYC process helps in the collection of necessary documents required to ascertain the UBO of a complex ownership structure.

Beneficial Ownership Verification

It is one thing to identify the UBO, but it is equally important to verify the identity of such a UBO against reliable government-issued identity documents and records.

This helps rule out the possibility of such UBO being falsely identified due to identity theft or forgery.

Scrutinise Ownership Structure of Offshore Businesses

Regulated entities need to be extra vigilant during the identification process of any offshore entity client, as there is always a possibility that criminals use offshore tax or regulatory havens to form legal entities with complex ownership structures to disguise the true identity of a UBO who might be sanctioned individual, or politically exposed person, or an individual having their name in an international criminal watchlist.

Analyse Documents of Legal Entity

Regulated entities must carefully seek and examine the corporate documents of a legal entity customer to identify the trail of ownership and control.

The type of documents that a regulated entity can seek from corporate entity clients can be referred from Know Your Business (KYB) – Key element of AML compliance.

Ongoing Monitoring of Business Relationships

Regulated entities must exercise caution as there is always a possibility that after onboarding a legal entity client, its ownership rights might be transferred from one UBO to another, which is riskier due to being sanctioned or PEP.

To rule out such an event from materialising, the regulated entity must conduct ongoing monitoring of business relationships to ensure that customer details collected during the KYC process, such as ownership structure, share capital, net worth, and the purpose of business remain consistent with the customer profile throughout the business lifecycle.

Scrutinise Reliable Publicly Available Information

Regulated entities, in an attempt to identify and verify the UBO prior to onboarding and after establishing business relationships, need to scrutinise and comb through publicly available reliable information for the following purposes:

To rule out the possibility of any adverse media in the name of the UBO.
To verify or validate UBO information from the government, ministry, or regulator, run websites to conclude the CDD exercise.

Navigating Risk with Enhanced Due Diligence: A Compliance Roadmap

Enhanced Due Diligence (EDD) process is a strategic tool which protects businesses regulated under the anti-money laundering (AML), combating the financing of terrorism (CFT) and combating proliferation financing (CPF) laws in the UAE, from money laundering (ML), terrorism financing (TF) and proliferation financing (PF) threats posed by high-risk customers.

Recently, our in-house AML expert, Dipali Vora, explained the intricacies of EDD as a critical component of the AML/CFT/CPF compliance framework. Watch the recording of the webinar to gain valuable insights into:

AML/CFT/CFT compliance requirements in the UAE
Customer Due Diligence process as a significant component of AML/CFT/CPF compliance
Name Screening, Customer Risk Assessment and choosing the right type of due diligence based on customer risk profile
What, when and how of EDD, providing a complete roadmap, including benefits and best practices for effective EDD implementation
Importance of the Know Your Customer (KYC) process and its nexus with EDD
High-Risk customer onboarding cycle for a better understanding of how to efficiently manage high-risk customers such as Politically Exposed Persons (PEP), customers from high-risk jurisdictions, etc.

In addition, the webinar is integrated with live quizzes to solidify your understanding of the EDD process.

Don’t miss this opportunity to strengthen your understanding of EDD and its important role in ensuring robust AML/CFT/CPF compliance in the UAE. Watch the webinar today and enhance your business’s ability to navigate the EDD process successfully!

Effective AML consulting services

make your business dealings brighter, smoother, and better

Share via :

Building AML Framework for a Legal Firm

AML UAE assessed the regulatory requirements and built an effective Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) framework for a legal firm based in UAE. Our client is a leading legal firm providing legal services across various areas.

The UAE’s AML regulatory framework requires legal firms to implement efficient AML/CFT measures. For this purpose, the client approached AML UAE to help them build an AML/CFT framework that incorporates and implements effective AML measures aligned with the regulatory framework.

Customer Goals:

As the client was struggling with building the AML framework, our client had the following aims:

To develop a robust AML framework that is tailored to the specific needs and requirements of the legal firm.
To adopt an AML framework that can be tailored according to the evolving AML regulations as well as exposure of ML, FT, and PF risks to legal firms.
To achieve transparency and effectiveness in the AML measures implemented to mitigate financial risks, including ML, FT, and PF.

Challenges:

The complexity of AML/CFT laws and regulations posed a significant challenge for the client. The client struggled with:

Developing a Tailored AML Framework: The client lacked the specialised knowledge needed to build an AML framework that not only met compliance standards but also addressed the unique ML, FT, and PF risks specific to the legal sector.
Adapting to Evolving Risks: With financial crimes evolving and regulatory scrutiny increasing, the client found it challenging to keep their AML measures up-to-date and effective against emerging threats.

Thus, recognising these challenges, the client highlighted the need for AML experts to develop a framework that would help it maintain compliance requirements, integrity, and trust within the legal industry.

Legal Background:

The legal firm is governed by the following regulations:

Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Federal Decree Law No (26) of 2021 to amend certain provisions of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Cabinet Decision No (10) of 2019 concerning the Executive Regulations of Federal Decree Law No (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations
Guidelines for Designated Non-Financial Businesses and Professions (DNFBPs)
Lawyers’ Guide on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations
Ministerial Decision No. (533) of 2019 On Anti-Money Laundering and Combating Terrorism Financing related to Lawyers, Notaries and Legal Independent Professionals

At present, the AML regulatory framework in the UAE includes lawyers within the businesses and professions that are considered Designated Non-Financial Businesses and Professions (DNFBPs), mandating all legal firms in the UAE to comply with the regulatory framework governing AML/CFT compliance.

As part of the AML regulatory requirement, legal firms need to draft and implement an AML framework that covers internal policies, procedures, control measures, and compliance requirements.

Solution Provided by AML UAE Team:

AML UAE helped the client and provided a comprehensive approach for building and framing an effective AML framework. Our strategy focused on understanding the company’s existing AML framework policies and procedures and optimising them to ensure efficiency and cost-effectiveness.

Here’s how we assisted the legal firm:

Examined the compliance requirements under the AML regulatory framework for legal firms in the UAE and dug into specific challenges and risks faced by legal firms in combating ML/FT.
Conducted risk assessment to identify and assess ML/FT and PF in line with National Risk Assessment (NRA) and Sectoral Risk Assessment that highlight the risk factors legal firms encounter in their business lines and services.
Aided the client in adopting a risk-based approach for the AML framework instead of a tick-based approach.
Documented advanced AML policies, procedures, and control measures based on the client’s risk appetite and aligning with the compliance requirements, including Know Your Customer (KYC), Customer Due Diligence, Ongoing Monitoring, and Reporting Obligations.
Undertaken AML/CFT training to improve the overall skill set of employees and AML compliance officer, ensuring AML/CFT measures are implemented in the best possible way.
Helped with the implementation of AML software to achieve efficiency of the AML framework.

Our approach enabled the client to adopt an AML framework that is capable of addressing various compliance requirements and effectively mitigating ML, FT, and PF risks.

End Result:

Our collaboration with the client resulted in the successful building and development of an AML framework, incorporating best practices and regulatory requirements for legal firms. With the AML/CFT framework, the client significantly enhanced its capability to comply with the AML regulations, thereby mitigating the legal firm’s exposure to ML, FT, and PF risks.

Key outcomes of our efforts included:

Compliance optimisation by identifying and addressing areas where the client was under-compliant/over-compliant and helped the client become compliant across relevant areas.
Through effective AML measures and the implementation of AML technologies, the client improved efficiency in compliance requirements by 75% and operational effectiveness by 60%.
Additionally, with AML/CFT training by AML UAE, employees and compliance officers became more diligent about fulfilling their legal obligations.
It resulted in enhanced AML compliance capabilities, thereby reinforcing the reputation and credibility of compliant professionals in the legal industry.

AML UAE’s partnership with the legal firm resulted in a transformative improvement, addressing the client’s goals and aligning with UAE’s regulatory requirements and evolving financial risks. The customised AML/CFT framework developed by AML UAE demonstrated how a well-designed AML framework can greatly benefit businesses in managing AML compliance and undertaking mitigating measures.

Share via :

Mastering Periodic Customer Reviews with eKYC and Automation

Protect your business with reliable and effective AML strategies with AML UAE.

The process of conducting periodic reviews of customer information helps ensure the relevance of anti-money laundering and counter-financing of terrorism measures (AML/CFT) that designated non-financial businesses and professions (DNFBPs) have implemented in their business.

This blog elaborates upon the following:

The purpose and factors triggering the initiation of conducting customer reviews.
The management of such periodic review processes through automation with AML software.
The best practices for carrying out effective customer reviews.
The advantages of relying on eKYC with the use of automation tools.

Periodic Review of Customers in the context of AML/CFT Compliance

The AML/CFT law in UAE requires DNFBPs to conduct periodic reviews of customer information collected during the customer due diligence (CDD) process. Keeping the CDD information up to date is a legal requirement that DNFBPs need to adhere to. The guidelines for DNFBPs require them to adopt a risk-based approach (RBA) when it comes to updating CDD. To achieve this, DNFBPs are required to have in place appropriate AML/CFT policies and procedures, which clearly state the steps and measures taken by the DNFBP to conduct periodic reviews of customer information, the tools or software used, and defined workflows to ensure that customer information collected during the CDD is maintained up to date.

Purpose of Periodic Review of customer KYC details

The regulatory requirement of conducting periodic reviews of customer information throughout the business lifecycle is backed by purposes such as:

Identifying Suspicious Activities

Conducting periodic reviews enables DNFBPs to identify suspicious activities, which is made possible through tracking or monitoring the customer details. It also helps entities to submit required regulatory reports like SAR/STR.

Assessing Customer Risk Profiles

When the customer information and activity are monitored or supervised periodically, such periodic review enables the DNFBP to assess the fluctuation in customer risk, such as the shift of low-risk customers to high-risk status or vice-versa due to changes in their circumstances supported by valid documents.

Ensuring Compliance with Regulatory Requirements

The UAE AML/CFT laws and guidelines require DNFBPs to conduct periodic reviews of CDD information, which is a regulatory compliance requirement.

Strengthening Risk Management Practices

When periodic reviews are conducted in a timely manner, the DNFBP is able to identify the customer profiles needing attention and additional or enhanced due diligence (EDD) measures. The exercise of conducting periodic reviews helps strengthen risk management as a DNFBP is able to plan how it shall mitigate ML/FT and PF risks.

Key Triggers for Periodic Reviews

The situations or circumstances necessitating the carrying out of periodic reviews are:

Risk-Based

DNFBPs need to imbibe a risk-based approach, meaning that they shall deploy risk mitigation measures according to the degree and extent of risk they are exposed to. One of the simplest ways to set or determine the frequency and timing of periodic reviews is to review their profiles according to the risk they pose to a DNFBP’s business, for instance. A low-risk customer’s profile can be examined less frequently than a high-risk customer whose profile needs to be examined more frequently.

Coming across changes in customer information that would impact the customer’s existing risk profile.

Changes in the list of High-Risk countries as maintained by the FATF.

Event-Based

Change in circumstances of a legal entity customer, such as a change in beneficial ownership, legal structure, change of address, purpose of business, or capital structure. For instance, non-PEP customers getting classified as PEP, change in transaction pattern, etc.

Discovery of adverse or negative media about the natural person customer or ultimate beneficial owners (UBOs) of a legal entity customer, where such adverse news contains information that can materially impact the business relationship with a DNFBP. For instance, there is adverse news pertaining to involvement in a predicate offence, which might ultimately be linked to financial crime such as ML/FT or PF.

Commencement of legal proceedings against the customer.

Due to recommendations derived from findings of AML auditor.

Transactions or behaviours indicating suspicion with regard to ML/FT or PF involvement.

Time-Based

DNFBPs, through their internal AML/CFT policies and procedures, need to set rules according to various customer risk categories and the timing and frequency of their CDD reviews, whether such reviews shall be conducted through notification parameters configurated into eKYC software, the degree of manual input and automation parameters for CDD or KYC reviews.

DFNBP can set the periodicity of customer information reviews in their policy according to the ML/FT and PF risk customers pose to the business, which can be semi-annual, annual, etc.

We help you prepare and implement

a robust Anti-Money Laundering Program.

Components Contributing to Periodic Customer Review

A periodic customer review of a DNFBP usually consists of the following components:

Transaction Monitoring

Transaction monitoring is an AML compliance component that enables the DNFBP to configure alert generation in the context of transactions by customers that are not normal, reasonable, or consistent with the customer’s risk profile. Any change or deviation in customer transaction patterns should be considered as a factor necessitating the initiation of customer review or re-KYC.

Behavioral Analysis

The suspicious nature of customer activities and transactions can be identified through behavioural pattern analysis. For example, if a customer starts behaving differently than their normal pattern, then such a change in behaviour must generate a red flag for a DNFBP, following which they can conduct KYC refresh or re-CDD to ascertain the consistency and identify the cause of change in customer behaviour.

eKYC/CDD, Ongoing Monitoring, and Transaction Monitoring software are often equipped with machine learning capabilities, which can be taught to identify or detect suspicious behaviour patterns to trigger KYC refresh.

Screening

Screening of customers against relevant watchlists such as sanctions lists, politically exposed persons (PEPs) databases, and adverse media screening enables DNFBPs to identify if the customer’s name matches with that of the names contained in such watchlists or sanctions list, enabling the DNFBP to determine the degree of ML/FT and PF risk posed by such customer and classify them into high risk, medium risk, or low-risk categories.

Based on the assigned risk classification, the DNFBP can determine the periodicity of conducting a re-examination or review of customer information.

Risk Assessment

Based on the risk assessment of the ML/FT and PF risk posed by the customer, the DNFBP can determine at which level of risk classification it would request for KYC refresh or re-CDD and document the same in the AML/CFT policies and procedures.

Managing Periodic Review of Customers with AML Software

The process of periodic review of customers can be streamlined with the use of AML software solutions such as:

1. eKYC Software

An eKYC software is responsible for automating the KYC obligations of a DNFBP. The eKYC software facilitates the following:

Setting periodicity or time duration notifications or alerts for conducting eKYC refresh.
Generates alerts when any customer document is approaching expiry, necessitating document renewal and revision of eKYC information.
Remotely fulfilling eKYC requirements such as customer identity verification through liveness check.

2. Screening Software

Sanctions screening software helps with periodic review as it constantly monitors the customer names across relevant and applicable sanctions lists, generating notifications or alerts for further CDD refresh or EDD when a true match or partial match is found.

3. Customer Risk Assessment Software

Customer risk assessment software facilitates the implementation of the customer review process in terms of determining or configuring the risk classification criteria and assigning customer review periodicity. This helps segregate customers into high, medium, and low-risk categories and conduct re-KYC according to the duration defined in the organisation’s AML/CFT policy.

4. Case Management Software

A case management software for AML compliance facilitates holistic monitoring and management of ML/FT and PF risks. The case management tool helps by:

Designing workflows for escalation and management of tasks for conducting re-CDD, such as requesting document renewal for expired or about-to-expire documents.
Keeping track of the case status.

5. Transaction Monitoring Software

A transaction monitoring software generates alerts whenever it identifies any anomaly or change in the pattern of transactions in real-time, which facilitates DNFBPs to conduct re-CDD or KYC refresh in real-time.

6. Regulatory Reporting Software

Reporting software is extremely helpful when, during the screening of customers or transaction monitoring, any positive match or materially suspicious activity is found, which requires the immediate filing of a suspicious activity report (SAR)or suspicious transaction reports (STR) on the goAML portal of the UAE Financial Intelligence Unit (FIU).

AML Health Check process just got Smarter, Easier, and more Efficient.

Advantages of AML Software While Conducting Periodic Reviews

An AML software is advantageous in conducting periodic reviews in the following ways:

Streamlined Data Collection

AML software, such as eKYC software and screening software, helps with easy document collection where a customer can upload their documents remotely through the app-based customer onboarding tools.

Real-Time Monitoring

Transaction monitoring, ongoing monitoring, and sanctions screening software are the software or tools to look for when any DNFBP intends to track customer activity, behaviour patterns, sanctions inclusion, and PEP classification status in real-time.

Reduced Manual Efforts

The very purpose of software and tools is to automate repetitive manual processes such as entering customer data, screening across regulator-issued sanctions lists, customer document validation, etc., which, due to automation, can help DNFBPs to reduce manual efforts.

Workflow

Various AML software solutions, such as case management, regulatory reporting, monitoring, and screening software, facilitate companies to define and assign workflows for escalation of tasks according to expertise level, right from screening analyst or risk analyst through AML compliance officer or Money Laundering Reporting Officer (MLRO) for further actions or senior management approval for onboarding or continuation of business relationship with high-risk customers.

Document Management

AML software tools help in document management by facilitating the storing and generating of documents required for AML compliance and recording steps taken to ensure compliance with AML measures, such as steps taken to complete the CDD process, alerts set for document expiry, factors triggering re-KYC, timing or frequency of re-KYC, all such measures including others as the case may be, are recorded by the AML software, and such records can be fetched instantly to fulfil record-keeping requirements in UAE.

Regulatory Compliance

AML software facilitates ensuring the timely filing of regulatory reports as well as ensuring regulatory compliance with relevant AML/CFT obligations. AML software facilitates streamlined processes, which, as a result, helps ensure compliance.

Cost-Savings

The most lucrative prospect of switching or opting for AML software is the resultant cost saving that comes due to the reduction of human efforts and increased efficiency.

Focused. Flexible. Relevant.

Intelligent, all-encompassing AML training for your business is just a call away.

Best Practices for Effective Periodic Customer Reviews

Ensure Data Quality:

Rich quality data helps in identifying suspicious activity or behavior in a timely manner, reducing the incidences of false positives.

Take A Risk-Based Approach:

Implementing risk measures commensurate with the type and severity of the risk to which the business is exposed helps ensure that a periodic review of customer details is conducted in a timely manner, according to the type of risk the ML/FT and PF customer poses.

Utilise Technology:

The UAE AML/CFT laws and guidelines recommend using technology whenever needed to streamline and strengthen AML processes. Relying on technology to get alerts and triggers for conducting EDD and re-CDD is preferable for DNFBPs to ensure that further steps are taken to ensure regulatory compliance in a timely manner.

Provide Training and Awareness:

Whenever a new or different methodology or technology is introduced in an organisation, as a best practice, personnel must be trained on how to use technology for carrying out the AML/CFT compliance obligations such as ongoing monitoring, re-CDD, KYC refresh, the factors necessitating conducting re-CDD, recordkeeping of CDD and Re-CDD measures, and so on.

Consider Cross-Border Challenges:

Businesses must consider cross-border challenges, such as changes in regulatory requirements and the ability of personnel and technology used by such a business to adapt to the requirements of different jurisdictions.

Consider Emerging Threats:

As a best practice of risk management, it is important to identify the emerging patterns in the relevant field; doing so would enable better management of AML/CFT risk.

Conclusion

When it comes to end-to-end customer relationship management, conducting periodic reviews of customer details obtained during the eKYC or the CDD process can be simplified through the use of the eKYC process and automation with the use of various kinds of AML software to ensure regulatory compliance.

Ready to fight money laundering and terrorist financing?

Equip your team with our expert AML/CFT training today!

Share via :

Add a comment

Related Blogs

28/08/2024

What Is The Role of Technology In Anti-Money Laundering Compliance

14/08/2024

A Framework for Decoding Sanctions Screening Results

30/07/2024

AML Compliance Requirements for Jewellers in UAE

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

A complete guide on Re-KYC Process in AML Compliance

For regulated entities under the UAE’s Anti-Money Laundering (AML) laws and regulations, Know Your Customer (KYC) process provides a solid foundation for the Customer Due Diligence (CDD) requirements. KYC helps you identify and verify customer identities and enables you to conduct the Customer Risk Assessment (CRA) process.

However, KYC is conducted at the time of customer onboarding. On the other hand, customer information, money laundering, terrorism financing and proliferation financing risks associated with them may change over time. Here comes the role of re-KYC. Re-KYC is the exercise through which KYC information related to the customer is periodically updated.

This e-book examines the pivotal role of re-KYC in AML compliance. Read this e-book to gain insights into:

The meaning and elements of re-KYC: Gain an in-depth understanding of the meaning of re-KYC as a process to update and track the changing customer profiles periodically.

The essentiality of re-KYC: Since customer profiles, AML regulations, and industry dynamics shift constantly, re-KYC becomes your frontline defence.

Step-by-step guide on how to conduct the re-KYC process: We have outlined the steps involved in the re-KYC process to help you implement it effectively and swiftly. From communicating with the client to collecting information and assessing the money laundering risks associated with the updated information, learn about these steps in detail.

Best practices to adopt while conducting the re-KYC process: Avoid mistakes and ensure smooth performance of the re-KYC process through best practices such as incorporating effective re-KYC software solutions and adopting a risk-based approach.

Answers to common questions regarding re-KYC to solve all your doubts: Strengthen your understanding of the re-KYC process through these answers and let no confusion regarding the process remain in your mind!

With this e-book, understanding and incorporating the re-KYC process in your business will be a breeze! We at AMLUAE can further provide you with expert guidance to tailor the re-KYC process to the nature and size of your business. From KYC and re-KYC to every aspect of AML compliance, trust us to keep you ahead of your AML obligations. Contact us now!

Related Infographics

Configuring Sanctions Screening Software: Must-Have Features for Compliance

Regulated entities subscribe to sanctions screening software to automate the screening and ongoing monitoring requirements. However, if the software is not properly configured, it won’t provide the desired outcomes, resulting in non-compliance and fines. Configuring sanctions screening software requires careful consideration of various aspects. Explore the same in our latest infographic.

Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Assets Service Providers (VASPs) in UAE are bound by the Anti-Money Laundering (AML), Counter Financing of Terrorism (CFT), Counter Proliferation Financing (CPF) laws and regulations, requiring them to conduct sanctions screening. The sanctions screening software must have configuration functionalities such as the following:

Watchlist Customization

A sanctions screening software must have customisability for selecting relevant and applicable lists or watchlists to match with a DNFBP’s or VASP’s individual requirements based on the geographies it operates and most of its customers or suppliers are based out of.

Screening Type Configurability

The option to select whether to screen a single customer or a batch of a large number of customers must be as each DNFBP’s or VASP’s requirements differ from one another.

Further, the screening software must also provide functionality to screen a natural person customer as well as a legal entity customer.

Notification Management

A sanctions screening software must have the function of setting the notification parameters according to the requirement of the DNFBP or VASP using it.

Such functionality must be provided for setting the duration, frequency, recipients, reminder frequency, etc., so that the DNFBPs and VASPs can achieve the most out of their screening software.

Match Type Customization

Match type customisation refers to setting the match percentage or sameness parameters prior to the generation of screening results.

Generally, match-type parameters are classified as close match or exact match, which helps the DNFBPs or VASPs to determine if it wants to cast a wide net for searching a customer name using close match settings or narrow down the search outcomes using exact match settings.

Script Name Acceptability

Due to variations in the name spelling, pronunciation, and writing conventions, the manner in which names are spelt, written and pronounced in different cultures and countries differs largely from one another.

For instance, the names in certain cultures are written in such a manner that differentiating first name, middle name, and last name is complex, therefore sanctions screening software must have the acceptability to enter customer name in the script it is found. This increases the chances of finding relevant matches for sanctions compliance purposes.

The feature of fuzzy matching helps manage script name and phonetic variations while generating screening results.

Customer Relationship Activity/Dormancy Status

The screening software should have a feature where the user, such as DNFBPs or VASPs, can set the customer dormancy and activity status, basis on which further due diligence measures, such as ongoing screening and determining the periodicity of Know Your Customer refresh, can be determined and consistently applied.

Enabling Ongoing Monitoring

Ongoing Monitoring is the essential legal obligation of DNFBPs and VASPs according to UAE regulations. A screening software with a feature to switch on an ongoing monitoring feature in the background that automates the ongoing monitoring across the relevant sanctions list for finding customer names in screening lists is highly preferable.

Case Management

A sanctions screening software must have the functionality to generate cases if it finds matching results. These cases would be then further escalated to the screening analyst for his review and disambiguation.

Integration with Regulatory Reporting Tools

The screening software should be customisable according to the regulatory reporting requirements of the relevant jurisdiction.

For instance, for a DNFBPs or VASPs operating in UAE, the sanctions screening software must be customisable and configurable to be integrated with regulatory reporting software to meet UAE regulatory reporting requirements in terms of reports to be filed such as Confirmed Name Match Report (CNMR) and Partial Name Match Report (PNMR) Reporting on goAML portal.

Case Auto-Approval Threshold Configuration

To reduce the workload that comes as a result of disambiguation of matches or decoding the sanctions screening results, a screening software must have the functionality to set the “auto-approve” parameters for cases or screening results that generate no or nil results, this feature is helpful for improving customer onboarding process.

Conclusion

To conclude, regulated entities need to configure their screening software in a way that would not only help reduce their workload but also comply with legal requirements. If proper attention is not paid to the proper configuration of the software, it can result in screening software providing too many match results or ignoring true positives. The entities must take a risk-based approach (RBA) while fulfilling its sanctions screening requirement, which shall help the business to mitigate terrorism financing and proliferation financing risks effectively.

eBook on Record-Keeping Requirements in the UAE

Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) measures for regulated entities under UAE’s AML/CFT regulations involve obligations such as Know Your Customer (KYC), Customer Due Diligence (CDD), transactions monitoring, AML/CFT risk assessment, etc. These obligations require the regulated entities to collect information and documents from customers, suppliers, third parties, etc. This collected information needs to be maintained with the entity. This, in essence, constitutes the record-keeping obligations of the regulated entities under UAE’s AML/CFT regulations.

This e-book lays bare the record-keeping requirements, helping you grasp the full scope of your record-keeping obligations and ensure compliance with UAE’s AML/CFT requirements. In this e-book, we will discuss the answers to the following questions regarding recording keeping in detail:

What is AML record-keeping? Learn about the basics of record-keeping to start your journey to understanding it comprehensively
What types of records are required to be maintained? From Enterprise-Wide Risk Assessment (EWRA) to KYC records, we have provided a comprehensive list of information that needs to be maintained as part of the record-keeping process.
Why is record-keeping of customer-related information necessary? With numerous reasons why record-keeping is necessary, record-keeping is not just a regulatory obligation; it’s a strategic tool to protect your business from money laundering, terrorism financing and proliferation financing risks.
How do you maintain customer identity and transaction records? Get a practical understanding of how to maintain and secure records efficiently.
What are the challenges faced when maintaining customer records? Understand the common challenges while complying with your record-keeping obligations.
What are the best practices for effective record-keeping or customer information? Gain insights into the best practices of complying with the AML/CFT record-keeping requirements through our best practices guide, compiled for you by our experts.

Whether you’re a financial institution, a designated non-financial business, or a virtual asset service provider, this e-book equips you with the knowledge to ensure compliance with AML/CFT record-keeping requirements and protect your business’s integrity against money laundering, terrorism financing or proliferation financing threats. Read now and get on with your AML/CFT compliance journey with us!

Integrating External Information for a Holistic EWRA Approach

Integrating external information on anti-money laundering / combating the financing of terrorism (AML/CFT) measures from authoritative external sources is essential to developing a holistic AML/CFT Enterprise-Wide Risk Assessment (EWRA). This ensures effective management of money laundering (ML), terrorism financing (TF) and proliferation financing (PF) risks. In this infographic, the list of external sources and information to be referred to while conducting the EWRA process is discussed. This list is discussed as under:

1. ML/TF/PF National Risk Assessment (NRA)

NRA is an assessment of ML, TF or PF risks done at the national level by the government authorities. In the UAE, NRA is released by the National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC). The NRA of UAE helps in gaining a thorough and comprehensive understanding of the ML and TF risks faced by the UAE. While conducting their EWRA, entities should take the NRA into account and incorporate its findings, suggestions and best practices.

2. Sectoral Risk Assessments

Entities should take into account the specific risks related to ML, TF or PF that are relevant and unique to the sector in which they operate. These risks are often assessed by the sector’s AML/CFT regulator. For example, the Central Bank of the UAE releases its Sectoral Report on ML and TF Risk Assessment for the financial sector. Financial institutions must refer to it while conducting their EWRA exercise.

3. NRA of other jurisdictions in which the Regulated Entity operates or the customers are based

If the entities operate in multiple countries or have customers from different nations, the NRAs of these countries should be taken into account while conducting their EWRA process. Understanding the ML, TF, and PF risk assessments and regulatory frameworks of these countries helps identify cross-border risks and take a risk-based approach.

For example, if an entity operating in the UAE has clients from Singapore, it should consider the NRA of Singapore to ensure that EWRA is comprehensive.

4. Guidelines issued by the relevant Supervisory Authorities

Supervisory Authorities release AML/CFT guidelines to help the entities supervised by them effectively comply with their AML/CFT obligations. For example,

The Central Bank of UAE has issued Guidance for Licensed Financial Institutions on risks relating to payments, risks related to politically exposed persons, etc.
The Ministry of Economy of the UAE has released guidelines for Designated Non-Financial Businesses and Professions (DNFBPs) on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
The Ministry of Economy of the UAE has released
- supplemental guidance for dealers in precious metals and stones
- supplemental guidance for auditors
- supplemental guidance for the real estate sector
- supplemental guidance for trust and company service providers.
The Anti-Money Laundering and Combating Terrorism Financing Department of the Ministry of Justice has issued Lawyers’ Guide on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations
The Financial Services Regulatory Authority (FSRA) has released Anti-Money Laundering and Sanctions Rules and Guidance for entities operating in the Abu Dhabi Global Market (ADGM)
Virtual Asset Regulatory Authority (VARA) has issued Compliance and Risk Management Rulebook for Virtual Asset Service Providers (VASPs) operating in the Emirate of Dubai.
Dubai Financial Services Authority (DFSA) has released DFSA Rulebook on AML, CFT and Sanctions for entities operating in Dubai International Financial Centre (DIFC).

For more information on the various guidelines issued by AML/CFT authorities in the UAE, visit our downloads section here.

5. Information from Industry Bodies or Representatives 

Industry bodies and representatives provide insights into emerging typologies, risks, and best practices regarding AML/CFT measures and compliance.

Incorporating this information enables more accurate risk assessments while conducting the EWRA.

For example, the London Bullion Market Association (LBMA) published best practices and code of business conduct for dealers in precious metals.

6. Information from international standard-setting bodies and international organisations

International AML/CFT trend-setting bodies often release guidance, reports and recommendations to address the ML, TF and PF threats faced by the global financial system. For example,

The Financial Action Task Force (FATF), a global money laundering and terrorism financing watchdog, evaluates the AML/CFT measures at country levels and releases publications on emerging ML, TF and PF risks, such as Guidance on Beneficial Ownership and Transparency of Legal Arrangements, Risk-based Approach Guidance for the Real Estate Sector, etc.
The Egmont Group connects financial intelligence units (FIUs) all around the world. FIUs are responsible for AML/CFT measures in the countries in which they are established. Egmont group enables them to share information and intelligence regarding ML, TF and PF risks.
The Wolfsberg Group is a group of twelve international banks with the aim to develop frameworks and guidance to mitigate financial crimes.
The Basel AML Index is an independent ranking of MT and TF risks globally. It is conducted by the Basel Institute on Governance.
Organisation for Economic Co-operation and Development (OECD) works towards building policies for global standards setting, including those related to AML/CFT measures.

7. Mutual Evaluation Reports of other jurisdictions and Typologies Reports

Mutual Evaluation Reports are conducted by the FATF to assess how effectively jurisdictions implement AML/CFT measures, such as for UAE, India, Singapore, etc. Reviewing these reports from other countries can offer insights into potential risks and effective mitigation strategies to be integrated into the EWRA.

EWRA should also be integrated with information from ML, TF, or PF methods and typologies reports to ensure that the emerging threats of these crimes are combated.

For example, the Financial Intelligence Unit-UAE issued a strategic analysis report on real estate money laundering typologies and patterns.

8. Information published by reputable non-governmental organisations

Reputable non-governmental organisations and other institutions often publish research and reports on ML, TF and PF risks and measures. Integrating their findings into the EWRA will result in gaining a more comprehensive understanding of the risks and challenges related to ML, TF and PF.

For example, Transparency International conducts research and investigative work on anti-money laundering measures all over the world. International Consortium of Investigative Journalists works towards exposing financial crimes all around the world.

To know more about organisations working to fight money laundering, check out our article here.

9. Any other credible and reliable sources 

Other credible and reliable sources include peer-reviewed academic research, AML/CFT expert opinions, books on AML/CFT measures, etc. Reference guides, Frequently Asked Questions (FAQs), notices, etc, available on the websites of AML/CFT supervisors should also be referred. For example, FIU-UAE has released FAQs on its goAML portal, and ADGM has released quick guides on AML/CFT governance framework for DNFBPs, Customer Risk Assessments, etc.

Conclusion

By systematically integrating external information from the above-discussed sources, an entity’s EWRA will be holistic, robust and aligned with both national and international standards, enhancing its effectiveness.

Key Elements of an Effective EWRA Framework

Conducting an Enterprise-Wide Risk Assessment (EWRA) is a necessary step towards fulfilling an entity’s obligations under UAE’s anti-money laundering / countering the financing of terrorism (AML/CFT) laws, including the Federal Decree by Law No. (10) of 2025 and Cabinet Resolution No. (134) of 2025.

An EWRA framework is aimed at ensuring the mitigation of money laundering (ML), terrorism financing (TF) and proliferation financing (PF) risks that the entity may face. This infographic highlights the key elements that must be incorporated in the EWRA to make it effective and robust. The key elements of an effective EWRA framework are elaborated upon below.

1. Tailored to the nature and size of the business

EWRA must be tailored to the specific characteristics of the business, such as its nature and size. This is so that the unique risks associated with the business are recognised and addressed. Customising AML/CFT measures to these specific risks ensures that they are effectively prevented and mitigated. For example, a dealer in precious metals and stones would face different ML, TF and PF risks than a banking company.

2. Comprehensive ML/TF/PF risk Consideration

EWRA must take into Consideration ML/TF/PF risks posed by the following:

Customers:

While conducting the EWRA, entities must take into account the risks posed by their potential customers. For example, if an entity often provides services to politically exposed persons (PEPs) or persons from high-risk jurisdictions, the entity needs to manage the risks associated with such high-risk customers.

Products and Services:

The products and services offered by a business must be considered while conducting the EWRA. Certain financial products or services are exposed to a higher risk of ML, TF, and PF due to their nature, complexity, or how they are used. For example, products that allow for high-value transactions, anonymous transactions, or cash-based transactions are more exposed to the risks of ML, TF, or PF. These businesses need to adopt risk mitigation measures accordingly.

Transactions:

Businesses need to analyse the nature and volume of transactions they usually undertake, as well as the ML, TF, or ML risks posed by such transactions. For example, high-value transactions or cash-intensive transactions pose higher risks, and effective AML/CFT measures need to be adopted accordingly. Having an effective transaction monitoring mechanism in place helps detect any abnormalities that arise in the course of a business relationship and report such risks to regulatory authorities in a timely manner.

Delivery Channels:

Delivery channel risks are those that are associated with the medium through which client interaction occurs, and the products and services are provided. Firms need to consider the channel of interaction with the client, whether the client’s instructions were channelled through a third party, whether the interaction with the customer is face-to-face or non-face-to-face, etc. Further, online or remote delivery channels may pose increased exposure to risks due to anonymity or false identity. Therefore, these channels require increased risk mitigation and customer due diligence mechanisms.

Geography:

Entities need to consider the geographies on which their customers are based. For example, customers from geographies that are on the FATF blacklist can be classified as high-risk. The entities must put proper controls to mitigate such risks.

Technologies:

EWRA should assess the risks associated with the products and services delivered through the new and upcoming technologies. These technologies should be assessed to ensure that the systems are secure and up to date and can handle the evolving risks of ML, TF, and PF.

Other Relevant Risk Factors:

Other risks that the EWRA should take into consideration are third-party risks, such as those associated with the agents or intermediaries engaged by the entity, risks of not keeping with the dynamic AML/CFT laws and regulations, risks of inadequate ongoing monitoring mechanisms for customer relationships, transactions, etc.

3. Alignment with the National Risk Assessment (NRA)

National Risk Assessment (NRA) of the UAE is published by the National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee (NAMLCFTC) to provide a broad overview of the ML, TF or PF risks faced by UAE at the national level. NRA offers valuable insights into the country’s ML, TF, or PF vulnerabilities. While conducting their EWRA, entities should take the NRA of the UAE into account and incorporate its findings and suggestions.

4. Incorporation of the Sectoral Risk Assessment

Entities should consider the specific ML, TF or PF risks faced by the sector in which the entity operates. These specific risks are often assessed by the sector’s AML/CFT regulator. For example, the Central Bank of UAE releases its Sectoral Report on Money Laundering and Terrorism Financing Risk Assessment for entities operating in the financial sector of the UAE. Entities must incorporate the findings and suggestions of sector-specific risk assessments into their EWRA.

5. Regular Review and Updates

EWRAs must be regularly reviewed and updated through regular audits and health checks. ML, TF, and PF are constantly evolving, and so are the AML/CFT laws and regulations that deal with emerging threats. Regular reviews ensure that EWRAs are up to date with their AML/CFT compliance and have the ability to handle the emerging threats of ML, TF and PF. Regular reviews also ensure that any gaps in the AML/CFT program of the entity are identified and remediated.

6. Senior Management Approval

Senior management must be involved in the conducting of the EWRA and approve it after its completion. The participation of senior management ensures that the EWRA is conducted efficiently and in a timely manner. After the EWRA is conducted, the senior management should review and sign off on the same to formalise the EWRA and endorse its contents as an integral part of the entity’s internal AML/CFT program. The approval reinforces the importance of the EWRA.

Conclusion

An effective AML/CTF EWRA requires careful consideration of various factors that have been discussed in this infographic. Ensuring that these factors are incorporated into the EWRA sets the foundation for a comprehensive AML/CFT program. Therefore, these elements must be considered while conducting the EWRA process.

Legal Instruments and Structures that Disguise Beneficial Ownership