How to update the AML Policies, Procedures, and Controls in line with UAE AML Laws?

How to update the AML Policies, Procedures, and Controls in line with UAE AML Laws?

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

How to update the AML Policies, Procedures, and Controls in line with UAE AML Laws?

In the present times, where the money laundering and terrorism financing typologies are evolving every day, the relevant regulatory frameworks are also changing regularly. In UAE, there have also been regular amendments in the Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) regulations to extend the coverage of compliance to various industries and effectively protect the country’s economy against financial crime. It is pertinent for the regulated entities to maintain their AML Policies, Procedures, and Controls documentation up to date with these regulatory changes and ensure complete compliance.

The regulated entities may face severe consequences for violating the AML obligations imposed under UAE AML laws and regulations. Thus, the regulated entities in UAE must be aware of the amending regulatory landscape, including industry-specific developments, and maintain the entity’s AML program in sync with these changes.

This article discusses a regulated entity’s systematic approach to updating the AML Policies, Procedures, and Controls. This article aims to guide law firms in the UAE on effectively updating their AML frameworks to adhere to the UAE AML regulations.

AML Compliance Requirements

Circumstances warranting the regulated entities to update the AML policies and procedures

The risk factors are never constant, changing as we speak. As the financial crime risk is dynamic, so are the AML regulations designed to prevent financial crime.

Here are the two critical circumstances that require the regulated entities to review and update their currently implemented AML framework:

Changes in the entity’s ML/FT risk exposure

The entity’s business may change over time, exposing the entity to newer risks and compliance challenges. This includes changes in the nature of the customer base, the expansion of the geographies in which the entity operates, the launch of new products or services or business practices, etc. These changes bring a different nature of risk, impacting the business differently.

To handle a changed risk scenario, the regulated entity must alter its AML/CFT policies, procedures, and controls that can effectively identify and mitigate the new vulnerabilities.

Money launderers and other financial criminals are constantly coming up with new techniques to execute financial crimes. The regulations and best practices also evolve to tackle these emerging trends, requiring the AML-regulated entities to modify their AML program.

The regulated entity must implement a system to maintain the entity’s overall risk profile updated as the business progresses, considering all the relevant risk parameters. The regulated entity can only amend its AML framework to manage these risks with the business risk monitored continuously.

Amendments in UAE’s AML Laws and Regulations

The UAE government periodically conducts the National Risk Assessment (NRA), and regulatory changes are introduced based on the outcome of this NRA. Further, the relevant regulatory updates are also implemented to align with the international best practices and FATF recommendations necessary to address emerging financial crime exposures.

The regulated entities must have systems and procedures to track these regulatory changes impacting the entity’s compliance obligations. This can be achieved with the AML Compliance Officer’s active participation in the authorities’ conducted webinars, subscribing to any professional network to receive update notifications timely, and attending AML-specific industry study groups or conferences.

How to update the AML Policies, Procedures, and Controls in line with UAE AML Laws?

Systematic Approach to Update AML Policies, Procedures, and Controls

The approach followed for maintaining the AML/CFT policies, procedures, and controls is equally essential as the need to keep these documents up-to-date. A systematic approach to these AML program updates will ensure that the regulated entities move closer to adequate regulatory adherence compliance without hampering or disturbing the ongoing business and compliance activities.

Reviewing the current AML Policies, Procedures, and Controls

To begin with, the regulated entities must analyze their existing AML framework, including the documented policies, procedures, and controls. This assessment must be in line with the modified risk exposure for the business and the regulatory amendments introduced that impact the entity’s business and compliance obligations.

The gaps between the “As-Is” and “To-Be” policies must be identified. The areas where changes or enhancements are required must be clearly identified. When reviewing the existing framework to assess the gaps, it is always good for the AML Compliance Officer to involve relevant teams like the compliance team, legal team, and senior management, seeking their thoughts on identified changes.

The impact of the regulatory or risk scenario changes must be evaluated in terms of:

When the Compliance Officer is ready with the enhancements requirement in the AML policies and procedures, making these changes in the AML Program would be a quick and easy task.

Incorporating the necessary changes in AML Policies, Procedures, and Controls

Once the required changes have been identified, the AML Compliance Officer of the regulated entity must immediately proceed with the exercise of incorporating these changes in the AML framework – policies and procedures. Due consideration must be given to the procedural changes, as through these revised procedures and processes the entity will be able to comply with revised policies.

Modifying or enhancing the existing controls to align with the revised policies and procedures is pertinent. Only when the policies, procedures, and controls are in sync the regulated entity can justify compliance with the amended provisions of the UAE AML regulations.

The revised policies and procedures must be presented to the senior management for review and approval.

Further, the version history of the policies must be appropriately maintained, enabling the regulated entity to track down the AML measures followed over the period.

Training the team on the updated AML framework

Merely making changes and updating the AML policies, procedures, and controls is not enough if the team on-ground is still following the old measures and processes. Here, comes the need for the regulated entity to ensure that the team, including the senior management, is aware of the revised set of the AML framework.

The regulated entity must immediately arrange for the AML training session to educate the team about these modified AML policies, procedures, and controls, their significance, and each employee’s role in meeting the revised AML compliance expectations. In cases where the changes significantly impact the existing measures or working style, the regulated entity must organize workshops or include case studies in the training program to give a practical sense to the team on its proper implementation.

If required, periodic refresher courses or discussions with the team must be scheduled to check on the team’s understanding and implementation of the revised AML policies, procedures, and controls.

Designing a comprehensive AML Training Program

Periodic review to ensure updated AML policies are followed

Maintaining the AML policies and overall framework updated is an ongoing activity to ensure its effectiveness in mitigating the risks, adequacy, and quality in terms of compliance with the AML laws of the land.

The regulated entity may implement a periodic internal AML audit or review function, where the AML framework and its implementation are reviewed. This will enable the regulated entities to spot flaws or non-compliance, allowing the entity to take timely remediation measures.

Let AML UAE design and maintain your AML Policies, Procedures, and Controls

Adopting a proactive approach is crucial for the regulated entities to periodically review and maintain the AML program, capturing the changes parallel to the regulatory amendments and emerging risk exposure.

AML UAE is here for your assistance. With a team of AML professionals, we continuously track the evolving ML/FT typologies, changes in the UAE’s AML regulations, and the international best practices emerging worldwide that can strengthen the business’s shield against financial crimes. We can help you customize your AML framework, including maintaining your policies, procedures, and controls updated with the legislative amendments, giving you the confidence to focus on business without worrying about AML non-compliance or potential exploitation by financial criminals.

Let’s join hands to stay AML-Compliant and ML-Safe!

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Right AML Solution to foster Corporate Service Providers’ AML Function

Right AML Solution to foster Corporate Service Providers’

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Right AML Solution to foster Corporate Service Providers’ AML Function

With emerging financial crime typologies and ever-changing regulatory requirements, the regulated entities, including the Corporate Service Providers, need robust AML software to mitigate the risk and stay AML compliant.

Corporate Service Providers are vulnerable to financial crime as they offer services like the formation of legal structures or legal arrangements, providing nominee services, assistance in the administration of trusts or special asset protection vehicles, etc., which may be exploited by the money launderers or other criminals to move their illegal proceeds.

By designing and implementing a comprehensive set of AML measures, backed by deploying the right technology and tools, the Corporate Service Providers can timely identify and prevent money laundering and terrorist financing risks and ensure compliance with the UAE AML regulations.

With this article, let us explore the key points to be considered and the step-by-step approach to selecting the right AML software to enable a Corporate Services Provider (CSP) to adhere to the UAE AML regulations and avoid non-compliance consequences.

AML Compliance Software’s Capabilities to be looked for by the CSP

When searching for an AML software or system, the CSP must consider the AML compliance obligations imposed under UAE AML regulations and the capabilities of the solution to support the same:

AML compliance obligations to be looked by CSP copy

Assessing the business risk

As conducting an Enterprise-Wide Risk Assessment helps the CSP evaluate the ML/FT risks and customize the AML program, the CSPs shall look for a solution to assess the business risk. The functionality must be comprehensive, enabling risk assessment considering the relevant risk parameters such as the type and activities of the customers, the location of business operations, the nature of transactions and the services offered, etc.

Assessing risk just once is not enough; the solution should adopt a dynamic approach to risk assessment, wherein the outcome of EWRA is updated as and when the CSP’s risk factor significantly changes.

How to conduct AML Business Risk Assessment Priv

Streamlining the Customer Due Diligence Process

The CSPs in UAE are required to implement a robust Customer Due Diligence (CDD) process to identify the customers, determine their risk levels, and apply adequate mitigation measures.

Hence, the AML solution must support the CSP in navigating the CDD steps smoothly, which includes the following:

  • Capabilities for customer identification and verification of their identities, whether it is an individual or a corporate customer,
  • Screening the customers against the Sanctions Lists (specifically UAE Local Terrorist List, UNSC Consolidated List, and facility to configure other international lists relevant to the CSP’s operations),
  • Screening the customer to identify any nexus with a Politically Exposed Person (PEP) or has any adverse or negative media against the person,
  • Conducting customer risk assessment considering their identification details, the outcome of screening, etc., to determine the risk profile.
Understand the types of CDD measures to effectively mitigate the ML-FT risks 

Continuous Monitoring of Business Relationships and Transactions

The customer’s profile may change in the course of the business relationship. Thus, the solution must support the ongoing monitoring of the customer’s information, time flagging off the expiry of the identity documents, change in the customer’s PEP status or screening outcome, etc.

Further, ongoing monitoring of transactions is also very critical for CSP to track the customer’s activities and their consistency with the initially assessed risk category. With technological support, the CSPs can easily monitor large volumes of data, develop a pattern to identify suspicion or unusual activities and generate timely alerts to prevent and report such matters to FIU.

Record Keeping and Reporting Capabilities

The solution must also have robust document maintenance and reporting functionalities. The documents and data uploaded on the solution must be maintained in an organized manner and shall be readily accessible. The software must allow the CSP to generate and analyze the reports on customers, transactions, risk profiles, suspicion or red flags observed, etc.

Further, the customization capabilities must be available to configure the reporting requirements to support the CSP’s Compliance Officer in meeting the regulatory obligations.

AML Record Keeping

Integrating with the CSP’s Existing Business Solution

The potential of the AML solution can be optimally utilized when the same is integrated with the business solution that the CSP is using. The AML tool must seamlessly connect with the existing IT infrastructure for a smooth exchange of data around customers and transactions, reducing the redundant efforts or delicacy of the data, streamlining customer onboarding, and making identifying red flags easy and prompt.

User-Friendly Navigation

The AML system must be easy to interact and use, ensuring that the team can effectively utilize the functionalities without much investment in training, and a comprehensive User Manual can be enough to explore basic features. The solution’s functionalities must be logically placed, allowing users to access the required items. Further, a “Help Kit” must be available, which the users can refer to and resolve any technical or contextual aspect of using the solution.

Right approach to select the right AML Compliance Solution

Having discussed the functions and capabilities to look for in an AML solution, let us discuss the selection process. There is many software available in the market offering the same set of features. In such cases, identifying an appropriate AML software is in itself an art requiring a lot of deliberations of various factors, as once you invest in the software, you may expect to continue using it for the longer future and not spend your resources on frequently switches from one to another tool.

So, identification of the right software must be done using a systematic approach, as detailed under:

Right AML Solution to foster Corporate Service Providers’

Assessing the AML Compliance requirements and Preparing the Business Requirements Document (BRD)

The CSP must first understand the business-specific AML compliance obligations in the context of the nature of services offered, the geographies the CSP deals with, the size and complexities of the transactions, etc. This understanding must be mapped with the features required in the AML solution. This Business Requirement Document (BRD) must cover the functional and non-functional aspects of the software the CSP is expecting, including the need for configurable parameters and customization possibilities. Further, this BRD must be approved by the CSP’s senior management, bringing them onboard concerning the required features and the budget allotted.

This BRD shall serve as a base and assist the CSP in navigating the software selection process.

Identifying and shortlisting a few AML solution providers

The CSP’s Compliance Officer must look for options matching the requirements. While identifying the software vendors, the CSP must consider the following factors:

  • Functionalities available
  • Pricing of the product, including any hidden or contingent costs
  • Reputation of the software provider (looking for customer reviews, testimonials, etc.)
  • Vendor’s readiness to handhold and train the team initially
  • Vendor’s post-implementation support
  • Scalability of the solution

Considering these parameters, the CSP must shortlist 2-3 solution providers that best match the AML compliance requirements and fit within the CSP’s budget.

Arrange for the demonstration of the solution

Once the potential fits have been identified, the CSP must arrange for a demonstration of these solutions to have a look and feel of the features offered and test the capabilities. Practically accessing the software and interacting with the vendor will give an understanding of the user interface, customization possibilities, vendor’s commitment towards training and after-sale services, etc. On the basis of this understanding, the CSP must score each of the shortlisted solutions, consider the pros and cons, and finally decide which one to go ahead with.

Get it started with proper documentation

Once the right software is identified, the CSP’s Compliance Officer must involve senior management and seek their support in closing the agreement. The agreement must be worded, specifying the scope of the parties, the features support, the prices, duration, any additional charges that may be levied in the future, etc.

As the AML software is a breakthrough for implementing the AML program, the choice of software must be made wisely following the proper decision-making methodology; otherwise, it can bring you reputation loss and non-compliance penalties.

Let AML UAE assist the Corporate Service Providers strengthen their AML Function with the right AML tool!

Deploying the right software is critical for Corporate Service Providers in the UAE to ensure timely compliance with regulatory obligations, identify financial crime risks, and prevent and report the same. Let experts assist you in this process.

AML UAE is a leading AML consultancy firm, providing end-to-end AML support to the regulated entities in UAE, including Corporate Service Providers. With our understanding of the regulations, we can assist you in defining your AML compliance requirements, preparing a detailed BRD, and identifying the right fit for your compliance needs. We do not stop here; we ensure that the solution implementation is a smooth ride for you without bothering your routine business activities, but at the same time, meeting your ongoing AML compliance requirements.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Exploring unusual transaction trends for VASPs under UAE AML Regulations

Exploring unusual transaction trends for VASPs under UAE AML Regulations

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Exploring unusual transaction trends for VASPs under UAE AML Regulations

With the growing acceptance of virtual assets (used to store the value, medium of exchange, for investment purposes, etc.), criminals have also started exploiting the sector for laundering illicit funds and financing terrorist activities. The launderers’ preference towards cryptocurrency and non-fungible tokens (NFTs) is owing to the nature of the product – easy to transfer across countries within a few seconds, and that too without disclosing the identity in most cases. This calls for the Virtual Asset Service Providers (VASPs) to stay alert to detect unusual trends or suspicious virtual asset transactions indicating the use of criminal proceeds or intended to conduct a financial crime.

For the same reason, the VASPs have been put under anti-money laundering (AML) regulatory regime, mandating the VASPs to develop and implement appropriate AML programs to curb the potential vulnerabilities.

This article will discuss the unusual activities involved in virtual assets, the financial crime red flags for VASPs, and the best practices that a VASP may adopt to detect and manage financial crime risk.

Identifying Unusual Transaction Patterns

Generally, the Virtual Asset Service Providers are entities conducting activities related to virtual assets in the course of routine business activities, which involve conversion of the virtual assets to fiat currencies or vice versa, transferring virtual assets from one wallet to another, providing virtual asset custodial services, etc.

The UAE AML regulations mandate the VASP to implement a comprehensive AML compliance program to combat money laundering and terrorist financing by deploying solid processes and systems to identify and prevent financial crime attempts involving crypto and NFTs. Given the vast volume and the pace of transactions, the VASPs must continuously monitor and report any unusual activities related to virtual asset transfers suggesting potential financial crime.

The VASPs must understand some common characteristics indicating the virtual asset transaction to be a potential risk of financial crime, and the monitoring rules and systems must be designed bearing these characteristics in mind to ensure timely identification and curbing of unusual transactions.

Some of the Common Characteristics of Unusual Transactions related to Virtual Assets

The following are some of the unusual transaction patterns related to virtual asset transfer that can serve as the key risk indicators for VASPs:

Persons attempting to avoid Customer Due Diligence requirements or providing false information

The person who tries to avoid the Customer Due Diligence process conducted by the VASP to evade the identification or the person who provides fake documents or false identification information is one of the biggest red flags that require the VASP to take immediate action.

Understand the types of CDD measures to effectively mitigate the ML-FT risks 

Large-value transactions without any apparent economic purpose

One of the risk indicators is that the person is making a large value transfer of virtual assets to one or multiple wallets without any logical or legal rationale. Such transactions require detailed inquiry from the VASPs to understand the actual intention and purpose of the transactions.

Person making multiple large-value virtual asset transfers in a short period

VASPs must stay alert when the person initiates multiple virtual asset transfers of large amounts within a short span of time. The investigation must be conducted to determine the source of funds for virtual assets and the beneficiaries to whom the transfers are made.

Frequent movement of funds between two virtual asset wallets

Rapid virtual asset movement from one wallet to another and vice versa can be construed as an unusual transaction intended to create multiple layers to disguise the origin of the funds and the owner.

Transactions with counterparties in high-risk countries or jurisdictions with weak AML controls over VASPs

Frequent transactions with counterparties in countries with no or weak AML regulations or countries known for money laundering can be treated as suspicious transactions, warranting examination by the VASP.

Virtual asset transfers to known criminals or involving the dark web

One of the critical risk indicators suggesting the transfer to be unusual is when the parties involved are known to have criminal connections or the transfers are routed using the dark web marketplaces.

Conversion of one type of cryptocurrency to multiple virtual assets

Frequent conversion of large amounts of one type of cryptocurrency into multiple virtual assets within a short period suggests a suspicious pattern of transactions.

Conversion of fiat currency to virtual asset and immediate withdrawal in another jurisdiction

With the easy conversion process of fiat to crypto, the launderers have started converting the illegal cash into virtual assets in one country, followed by immediate withdrawal of such virtual assets into fiat in some other jurisdiction. This is one of the nature of unusual activities, specifically when such other jurisdiction is under the “high-risk” category.

Exploring unusual transaction trends for VASPs under UAE AML Regulations

Managing the Unusual Transactions related to Virtual Asset transfer

The UAE AML regulatory regime requires the VASP to establish and maintain robust monitoring systems and controls that can effectively detect suspicious activities and generate timely alerts for the VASP to act and prevent.

Considering the volume and nature of virtual asset transactions, the VASP must consider deploying emerging technologies and tools like Artificial Intelligence, Machine Learning, or Blockchain that use advanced algorithms and data analytics techniques to identify inconsistencies and unusual patterns.

Best AML Practices for VASPs to Detect and Report Unusual Transactions Related to Virtual Assets

A. Adopting a Comprehensive AML Program

The primary AML responsibility of any VASP operating in the UAE is to assess the potential financial crime vulnerabilities it may face and accordingly design the AML Compliance Program. The AML framework must include the AML policies and procedures navigating and guiding the VASP to manage financial crime exposure and prevent money laundering, terrorist financing, and financial crimes damaging the virtual asset ecosystem.

These AML policies and procedures must include the following:

In addition to the above, the AML program must lay down the procedures and controls around continuous monitoring of the transactions to track the legitimacy, accuracy, accuracy, and consistency of the virtual asset transfer with the originators and the beneficiary’s risk profile. The monitoring program must consider factors like the nature of the customer, location, risk rating of the person, etc.

These AML frameworks – policies, procedures, and controls- serve as a foundation for the VASP’s AML compliance structure, shielding the virtual asset industry from being misused by money launderers and other financial criminals.

Checklist for implementing an effective AML Program

B. Leveraging the technology to reinforce the AML program

Ongoing and real-time transaction monitoring is essential to identify unusual transactions or customer behavior inconsistent with their profile. Managing large transfers, where millions of virtual assets are exchanged in a second, would not be possible without utilizing automated systems that support data analysis, detect anomalies, and highlight the same to the concerned person for due inquiry and resolution.

The solution for real-time monitoring must handle enormous amounts of data and be compatible with blockchain technology. This will allow the VASP to stay ahead of the criminals and possibly prevent the exploitation of the virtual assets before concluding the transfer.

The system must be configured to manage the VASP’s specific risks, using logical monitoring rules based on threshold amount, frequency of transactions, the wallets involved, detection of blacklisted wallets or restricted cryptocurrencies, high-risk jurisdictions, etc.

The tools should not be restricted to detecting red flags or inconsistencies, but the intelligent algorithms should help the VASP to predict the trends and risk vulnerabilities that may impact the operations in the near future. This will enable the VASP to adopt a proactive approach to get ready to fight financial crime.

Thus, the role of technology in monitoring transactions to identify unusual transactions and suspicious patterns cannot be overruled. Only by leveraging the automated tools and techniques supporting real-time monitoring can the VASPs strengthen the quality of their AML program to timely identify uncommon and suspicious activities and maintain integrity and transparency in the virtual asset domain.

With AML UAE, enhance your AML program to shoot down the suspicious activities

Awareness of the red flags and risk indicators related to virtual assets is essential to detect unusual transactions and suspicious patterns suggesting money laundering. Leverage the experience and knowledge of AML UAE’s professionals in building a robust AML program customized to VASP-specific risks. We help VASPs develop the AML controls ongoing monitoring rules, define the red flags that trigger prompt signals, and are backed by our support in identifying and implementing the right tools and software.

Let’s come together and safeguard the virtual assets industry.

Make significant progress in your fight against
financial crimes

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes

Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes

The overall Anti-Money Laundering compliance landscape covers implementing measures to comply with the Sanctions regime. Even the UAE AML regulations mandate the regulated entities to screen the customers, suppliers, and the Ultimate Beneficial Owners against the Sanctions List. This regulatory obligation applies to Virtual Asset Service Providers (VASPs) operating in UAE to manage the risk of sanctions violations through crypto transactions.

Let us explore the Sanctions compliance requirement under the UAE regulations, why is sanctions compliance by VASPs so significant, and how VASPs can ensure effective compliance with the Sanctions regime.

Sanctions Compliance under UAE AML framework

Sanctions are the restrictions or embargoes imposed upon known criminals engaged in terrorist activities or other serious crimes from accessing the financial systems or particular products or services. In this context, sanction compliance becomes pertinent to ensure that the businesses do not engage with the sanctioned entities or individuals, ensuring they safeguard themselves from financial misuse and avoid penalties for sanctions violations.

Under the UAE AML/CFT regulations, Sanctions compliance is integral to the AML/CFT program. The regulated entities are mandatorily required to screen the customers, suppliers, and Ultimate Beneficial Owners (UBOs) of the corporate customers/suppliers, employees, and any third party associated with the business against the following lists:

In addition, the regulated entities must conduct screening against the relevant international lists when a foreign country or global economy is involved.

Basis the screening outcome, the regulated entities must take specific actions and file an appropriate report on the goAML portal.

With this basic idea about the Sanctions regime prevalent in the UAE, let us explore the sanctions compliance obligations of a VASP in the UAE.

Sanctions compliance by VASP in UAE

As the VASPs are subject to AML compliance in the UAE, they must also implement an effective sanctions compliance program. Sanctions compliance is necessary for the VASPs to ensure the virtual assets are not exploited by the sanctioned or designated persons to conduit terrorist financing or money laundering activities.

Subscribing to EOCN Notification System:

The regulated entities, including the VASPs, are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) to receive regular updates on the modification in the UAE Local Terrorist List and the UNSC Consolidated Sanctions List, i.e., intimation when any person is added in the lists, or de-listing of any individual, entity, or group on the lists.

Screening:

Given the fact that virtual assets transfer sees no geographical boundaries, the VASPs must not only screen the originator and the beneficiaries against the local sanctions list but also consider the country-specific and all other international sanctions.

The VASP must screen the originator’s and beneficiary’s virtual asset wallet ID to identify if any sanctioned or blacklisted wallets are involved in the proposed transfer.

The screening is not a one-time affair; instead, it must be carried out on an ongoing basis to timely identify any update to the sanction status of an existing customer or virtual asset wallet. This will ensure timely action against the designated person or wallets.

Basis the hits found in the sanctions screening, the UAE Targeted Financial Sanctions (TFS) regime mandates the regulated entities, including VASP, to undertake specific actions.

Actions:

  • In the case of a “Confirmed Match,” all the identifying information about the person, entity, or group matches with the key identifiers (name, date of birth, nationality/country of incorporation, etc.) of the designated person mentioned in the sanctions list. For confirmed match cases, the VASP must freeze the virtual assets available in the designated person’s wallet with VASP and shall terminate the business relationship. While in a confirmed match for a potential customer, the VASP must reject the virtual asset transaction. These freezing or rejection measures must be taken within 24 hours of identifying the persons as sanctioned.
  • However, in cases where all the key identifiers are not matching, or some of the information is missing but indicates a possibility of a matching basis, the partial name match, which the VASP cannot decide whether it is a confirmed match or false match, then in such cases, the VASP must suspend the transactions and the business relationships with such partial name match person. The VASP must continue such suspension unless any specific instructions are received from the EOCN.
  • In cases where VASPs cannot decide whether it is Confirmed Match or False Positive and the said customer is existing one then VASPs must Suspend the transactions and services without any delay, and submit a PNMR through goAML within Five calaneder days from the day of suspension measures.
  • However in cases where Partial Name Match is identified on Potential Customer, then VASPs must obtain additional ID Documents within 10 business days to ascertain whether the match is Confirmed Match or False Positive and then implement TFS measures based on the screening results. 
  • If VASPs is unable to obtain ID Documents within 10 business days from the potential customer then it must reject the business relationship and file a PNMR via goAML within Five calender days.
  • In case if VASPs receives the ID Documents after the 10 days timeframe and PNMR is already reported, then it must consider it as a new transation, undertake screening on newly obtained ID Documents and based on the screening result, take the requisite steps and file a new report.

Reporting:

Where the VASP identifies any confirmed or partial name match with the UAE Local Terrorist List or the UNSC Consolidated List, the VASP must report the same to the EOCN by filing the appropriate report on the goAML Portal. VASP must file a Confirmed Name Match Report (CNMR) in case of a ‘confirmed match’ giving the details of virtual assets frozen and a Partial Name Match Report (PNMR) for a ‘partial name match’ case within 5 days from taking the abovementioned actions.

The VASP must ensure compliance with all the above 4 points to effectively implement the Targeted Financial Sanctions regime and maintain the integrity of the virtual asset world.

Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes

Step-by-Step Guide for VASP to ensure effective Sanctions Compliance

With the pace at which the virtual asset transfer occurs and the fact that the sanctions lists are updated regularly, the VASPs must follow a systematic approach to implement a robust Sanctions Compliance Program.

1. Designing a Sanctions Compliance Policy:

As a first step, the VASP’s management and the AML Compliance Officer must understand the sanctions compliance requirement to be adhered to and design a comprehensive Sanctions Compliance policy in accordance with the overall business risk and applicable regulations. The Sanctions Compliance Policy must clearly define the mandatory nature of undertaking sanctions screening, systems and controls required, actions to be taken by the team when matches are found (including review, freezing of funds, or termination/suspension of the business relationship, etc.) and the goAML reporting obligation.

Further, as part of the policy, the VASPs must also identify what sanctions lists would be screened.

2. Identifying the suitable Sanctions Screening solution:

Once the compliance requirements are identified, the VASP must look for an appropriate sanctions screening solution that supports the regulatory obligation and prevents the misuse of the crypto-assets.

While selecting the solution, the VASP must consider the following:

  • What all sanctions lists does the tool support
  • Form where is the sanctions database sourced (third-party data aggregator or directly from the official sources)
  • How frequently this database is updated
  • Can this system be integrated with the VASP’s online platform
  • Does the platform support continuous screening
  • Is the solution capable of supporting real-time screening
  • Does the screening tool capable of handling large volumes of data
  • Does the solution use AI or emerging technology to reduce the false positive hits
  • Is the solution compliant with the data privacy and security requirements

3. Integrating and setting up the sanctions screening rules:

Once the tool is finalized, the same must be integrated seamlessly with the VASP’s internal systems and platform to ensure that the screening is conducted on a real-time basis before the virtual asset transfer actually takes place so that transactions involving any potential hits or confirmed matches can be blocked.

The VASPs must define the screening criteria and rules basis which the screening would be conducted. This includes defining the parameters or identifiers for screening (such as originator/beneficiary name, virtual asset wallet ID, type of virtual asset transferred, location, etc.

The workflows for managing the screening results must also be configured, i.e., how the hit alerts would be generated, who would review the matches found, and conclude on the type – confirmed match, partial name match, or false hit.

4. Employees Training on Sanctions regime:

The strength of the technology deployed for screening is ineffective unless the VASP’s team is well-trained on sanctions compliance measures and how to implement the screening solution. The AML Compliance Officer must ensure that the relevant staff, specifically front-line employees, are educated on the significance of the sanctions regime, how to conduct sanctions screening, and what actions are expected from the particular role. The VASP must ensure the team stays updated with the evolving sanctions framework and emerging technologies deployed for sanctions compliance.

5. Periodic review of the Sanctions Compliance Policy and solution:

It is pertinent for VASP to ensure that the policy designed and the tools implemented are aligned with the ever-changing regulatory landscape and the emerging red flags and typologies. The overall sanctions program must be reviewed to identify gaps and enhance the procedures and controls for avoiding any unknowingly business dealings with sanctioned persons or sanctions non-compliance penalties.

With an organized approach to implementing sanctions compliance, the VASPs can mitigate the risk of facilitating sanctions violations, protect their reputation by demonstrating the commitment to AML/CFT and sanctions compliance.

Let AML UAE assist you with implementing the Sanctions Compliance Program

AML UAE is a leading AML consultancy firm assisting AML-regulated entities, including Virtual Asset Service Providers, in establishing and maintaining a robust AML/CFT compliance program, including a comprehensive framework for implementing the Targeted Financial Sanctions regime. From assessing the sanctions violation risk to identifying the proper sanctions screening solution, we got your back.

Let’s stay compliant and fight back the financial crime!

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Enhanced Due Diligence by Dealers in Precious Metals and Stones: EDD for High-Risk Customers

Enhanced Due Diligence by Dealers in Precious Metals and Stones

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Enhanced Due Diligence by Dealers in Precious Metals and Stones: EDD for High-Risk Customers

Precious metals like gold, silver, platinum, and precious stones such as diamonds, sapphires, pearls, etc., are highly vulnerable to money laundering and terrorism financing. The Dealers in Precious Metals and Stones (DPMS) must implement Enhanced Due Diligence (EDD) measures to manage the increased financial crime risks arising from high-risk countries or transactions.

Owing to the following inherent characteristics of the precious metals and stones, the products are closely associated with ML/FT typologies and bring the DPMS under the ambit of UAE AML regulations:

  • Small size, high value
  • Easy to transport
  • Used as a store of value
  • Can be used as a medium of exchange
  • Is acceptable in most parts of the world
  • Retains value and is subject to lesser value fluctuation

The UAE AML regulations mandate that Dealers in precious Metals and Stones adopt adequate Customer Due Diligence (CDD) measures to manage the ML/FT risks. The DPMS is required to implement enhanced customer due diligence measures when the customer is identified as high-risk.

In this article, we will navigate Enhanced Due Diligence under UAE AML regulations and how dealers in precious metals and stones can implement the EDD measures.

Enhanced Due Diligence measures under UAE AML Regulations

Understanding the concept of Enhanced Due Diligence as per UAE’s AML regulatory landscape?

Enhanced Due Diligence is essential to the overall AML Compliance Program in a Dealer in Precious Metals and Stones. EDD is a subsection of the Customer Due Diligence process, mandatory to be adhered to when dealing with high-risk customers.

Customer Due Diligence is implemented to identify the customer and its beneficial owners and verify their identity to ensure that the company, knowingly or unknowingly, does not expose itself to financial crime. In this CDD process, the customer’s risk is also assessed, and appropriate risk categorization is done (either as High, Medium, or Low) by performing Customer Risk Assessment. During such a process, if the customer’s risk is assessed to be high, the dealers in precious metals and stones need to deploy some additional checks and verification measures to mitigate the increased risk. This process of applying additional measures to the customer or business relationship is called “Enhanced Due Diligence.”

Understand the types of CDD measures to effectively mitigate the ML-FT risks 

What are the circumstances when EDD measures are to be applied?

EDD is adopted when the business relationship, customer, or transaction is identified as posing higher money laundering or terrorism financing risks to the business. Such situations may include:

  • Business relationship with a Politically Exposed Person (PEP)
  • When the customer is associated with a high-risk country
  • When the customer is coming from a jurisdiction having a weak or minimal AML/CFT regulatory framework
  • Transaction with a customer closely connected with a country notorious for money laundering or terrorist financing activities
  • When there is doubt about the accuracy or legitimacy of the information about the customer obtained earlier
  • When any ML/FT risk indicator or red flag is observed
PEP and PEP Screening under UAE AML Regulations pre

What measures must the Dealers in Precious Metals and Stone adopt as part of the Enhanced Due Diligence?

Enhanced Due Diligence is not just restricted to the basic identification of the customers and the beneficial ownership but goes one step ahead of the standard CDD process. Under EDD, the DPMS is expected to implement the following additional measures to manage the higher ML/FT risks:

Additional information and verification measures

Rigorous identity verification measures should be adopted, such as getting certified copies of the documents and verifying them against independent databases.

The dealers and precious metals and stones must make additional efforts to collect more information about the customer, such as looking out for adverse media or negative news about the person. An additional inquiry must be made around the customer’s intended purpose of the business relationship and the nature of the transaction.

Inquiry about the Customer’s Source of Funds and Wealth

Since precious metals and stones are high-value items, the DPMS must inquire about the customer’s source of funds for the proposed transaction. Further, to determine the customer’s financial position, the DPMS must seek information about the customer’s source of wealth to determine whether the value of transactions and the customer’s finances are aligned.

Obtaining the information is not sufficient. The dealer in precious metals and stones should also determine the legitimacy of the declared source of funds and wealth using reliable sources such as the customer’s bank statement, audited financial statement or Balance Sheet, Tax Return, Pay slips or employment contract, etc.

Obtaining senior management approval

Given the increased financial crime risk involved in the business relationship, the UAE AML regulations mandate the DPMS to seek approval from the senior management before establishing such a relationship. Further, management approval must also be obtained when executing a transaction with high-risk customers.

1st payment through customer’s own bank account

When engaging with high-risk customers, the DPMS must have the first payment processed through the customer’s bank account with a bank having similar Customer Due Diligence measures.

This implies that the dealers in precious metals and stones must not execute the first transaction in cash with high-risk customers.

Increased ongoing monitoring

Once high-risk customers are onboarded, it is the regulatory obligation of the DPMS to monitor the customer profile and the transactions pertaining to high-risk business relationships. Such customers must be subject to an increased frequency of CDD information updates (for example, once in six months). Further, the transaction must be closely monitored to ensure that the same is in accordance with the customer’s risk profile and financial information furnished earlier and consistent with the customer’s nature of business activities.

This will help the DPMS identify any suspicious activities or unusual transactions indicating the involvement of financial crime risks.

Undertaking these additional checks and measures during Enhanced Due Diligence will help the DPMS better understand the customers and effectively manage the risk, especially increased ML/FT risks.

Enhanced Due Diligence by Dealers in Precious Metals and Stones

What are the critical elements for implementing Enhanced Due Diligence in the DPMS sector?

For the quality implementation of the Enhanced Due Diligence process, the Dealers in Precious Metals and Stones need to adopt the following components, ensuring effective mitigation of the increased risk and AML regulatory compliance:

Customer Risk Assessment

The DPMS must clearly lay down the guidelines for when the customer shall be classified as high-risk, warranting the application of the EDD measures.

For this, the customer risk assessment methodology must be well-defined, allowing the company to detect the high-risk posing business relationships timely.

Key factors for Customer Risk Assessment under AML regulations

Well-crafted EDD Program

The company must design and maintain a comprehensive Enhanced Due Diligence Program, providing practical guidelines for the compliance team to manage the higher risk of money laundering or terrorism financing. The EDD policy must prescribe the additional information to be sought from the customer, the documents to be obtained, and the resources to be relied upon for independent verification.

The methods and frequency for performing ongoing monitoring of high-risk customers must be well-documented.

EDD Training to the Team

The circumstances requiring the application of the EDD process and the additional measures to be applied must be communicated with the team. Regular training must be conducted to ensure that the team understands the EDD program and can apply necessary checks on a timely basis.

Designing a comprehensive AML Training Program

Potential red flags suggesting higher ML/FT risks when DPMS must apply EDD measures

Given the nature of the products and services involved, the following are some of the risk factors when the Dealers in Precious Metals and Stones must adopt the Enhanced Due Diligence process:

  • When the transaction appears to be complex, involving multiple parties across different locations
  • Customer is a Politically Exposed Person or a close associate
  • When the customer insists on making a payment using cash, even when the transaction value is high
  • Inconsistency between the nature of the customer’s activities and the purpose of the transaction (Non-Profit Organization buying 1 kilogram of gold)
  • When the customer is hailing from or conducting business in high-risk countries
  • Customer making unreasonable request of converting the form of precious metals to ordinary objects
  • Customer making series of small value transactions
  • Payment being routed through an unrelated third-party account

Let AML UAE assist you in implementing the robust Enhanced Due Diligence mechanism to safeguard your precious metals and stones business

Implementing EDD measures in the DPMS sector is pertinent to manage the risk associated with precious metals and stones. AML UAE can assist you in developing the EDD program for your jewellery business, ensuring that you rightly identify high-risk customers and manage these risks with suitable AML measures and controls. We assess your business exposure to financial crime risks and customize the easy-to-implement AML/CFT Compliance framework, focused on detecting and preventing the exploitation of precious metals and stones for financial crime and staying AML Compliant.

Enhance the quality of your AML Program with a comprehensive Enhanced Due Diligence Process!

Make significant progress in your fight against
financial crimes

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Conducting Independent AML Audits in DNFBPs: A Comprehensive Handbook

Conducting Independent AML Audits in DNFBPS A Comprehensive Handbook

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Conducting Independent AML Audits in DNFBPs: A Comprehensive Handbook

In recent years, anti-money laundering (AML) regulations have become increasingly important for the non-financial sector in the United Arab Emirates. The UAE AML regulations mandate the Designated Non-Financial Businesses and Professions (DNFBPs) to design and implement a comprehensive AML/CFT framework to detect and prevent financial crime. As part of the AML/CFT program, the UAE AML regulations provide for implementing an independent AML audit function to check the quality of the AML measures adopted by these DNFBPs.

DNFBPs (such as dealers in precious metals and stones, real estate agents, lawyers, accountants/ auditors, and company service providers) are required to undertake ML/FT Enterprise-Wide Risk Assessment and establish adequate AML/CFT policies, procedures, and controls to manage these risks. This includes conducting Customer Due Diligence, compliance with the Sanctions regime, and measures to detect and report suspicious transactions on the goAML Portal. To test the adequacy and relevance of the implemented program, the DNFBPs are required to get their AML program independently audited by competent personnel.

Independent AML Audit is very different from regular auditing of books of accounts. This focuses on the DNFBP’s AML/CFT program and the controls and systems the entity has deployed to detect the red flags and manage the risks.

In this article, we will discuss the independent AML audit in DNFBPs, and the key elements necessary for ensuring the effectiveness of the AML audit.

What is the role of an Independent AML Audit?

The independent AML audit refers to a function – whether an internal department or an external third party – that audits and evaluates the quality of the organization’s AML policies, procedures, systems, and controls. This AML audit function operates independently from the routine operations of the business, including ongoing AML activities, and provides an unbiased opinion on the DNFBP’s AML efforts.

The independent AML audit function is entrusted with the responsibility of periodically reviewing the adequacy of the AML/CFT program of the company and detecting any potential gaps or weaknesses in the DNFBP’s AML measures. AML auditors are expected to thoroughly check the DNFBP’s AML/CFT policies, procedures, and controls to ensure that such framework is in line with UAE AML regulations and the overall enterprise-wide risk assessed by the company.

The independent AML audit is not just restricted to identifying the non-compliance instances or flaws in the implemented measures but also to suggesting the remedial actions necessary for improving the AML framework. The AML auditor’s recommendations may include a requirement for the implementation of additional controls, developing or enhancing the AML training programs, and adopting new technological solutions to strengthen the DNFBP’s AML capabilities.

An independent AML audit demonstrates the DNFBP’s commitment to AML compliance and safeguarding the economy from financial crimes. Periodic AML audits help the DNFBPs ensure that their AML efforts and resources are moving in the right direction. They are focused on effectively managing financial crime risks and staying AML compliant.

The independent AML audit is essential to the overall AML compliance framework for DNFBPs operating in the UAE. With an independent AML audit, the DNFBPs can enhance the business reputation, attracting customer loyalty with their efforts to prioritize AML regulatory compliance and combat financial crime. Further, the supervisory authorities also develop trust in the DNFBP’s AML/CFT measures and controls when an independent AML audit forms part of the overall AML framework.

Conducting Independent AML Audits in DNFBPS A Comprehensive Handbook

How to implement an Independent AML Audit in DNFBPs?

Implementing an independent AML audit in DNFBPs in UAE requires adequate planning, robust execution, and post-audit activities management.

AML Audit Plan

An independent AML audit starts with AML Audit Plan. This involves defining the following:

  • scope of the audit (what all AML aspects and records must be reviewed and the review period)
  • audit objectives (why is the AML audit conducted, i.e., to check the quality of the AML/CFT framework, etc.)
  • audit procedures (what auditing methods would be used – like records verification, on-site visit, positive confirmation, interviews, etc.)
  • audit resources (what resources would be deployed for conducting the AML audit, including the audit team)

The AML audit team must be adequately qualified and have appropriate skills to conduct the review and form an opinion on the status of the DNFBP’s AML compliance and the quality of the AML/CFT measures implemented. Further, the AML auditor must be aware of the latest regulatory amendments and understand the AML obligations of the particular DNFBP.

The AML audit plan must be designed considering the overall ML/FT risk exposure, size, and nature of the business. The audit plan and preparation must be aligned with the UAE AML regulations and the feedback from the supervisory authorities of the DNFBP.

Conducting Independent AML Audit

The designed AML audit plan must be diligently adopted for the effective execution of the independent AML audit.

The auditor must review the DNFBP’s documented AML/CFT policies, procedures, and controls to assess their completeness and relevance in the context of the relevant AML regulatory framework and the DNFBP’s ML/FT risk exposure. Any gaps or missing compliance aspects must be highlighted in the report.

Along with a review of the high-level AML/CFT program, the AML auditor must also verify the customer onboarding records to determine the accuracy of the Customer Due Diligence process. The transaction monitoring systems must also be examined to test the reasonableness and adequacy of the monitoring rules defined and their effectiveness in detecting unusual activities or suspicious transactions.

If the DNFBP has implemented any systems or tools for AML compliance, then the integrity and effectiveness of such systems and data security must be verified.

Wherever required, the AML audit team must interview the AML Compliance Officer and the compliance team members to understand their awareness of the internal AML/CFT program and their roles and responsibilities towards AML regulatory obligations. This shall also help the AML auditor determine the level of the entity’s AML training and whether any enhancements are required in the training program.

The team must maintain independence and be able to review and provide unbiased opinions on the company’s AML/CFT program.

Once the necessary audit procedures have been applied and the AML review is complete, the independent auditor must document its observations (identified gaps and non-compliance instances), and the corresponding recommendations in an audit report addressed to the senior management of the DNFBP.

These AML audit findings shall serve as one of the critical AML compliance measures, directing the DNFBPs to improve their AML compliance measures and effectively manage the financial crime risks

Managing the AML Audit findings (Post-Audit Activities)

Once the management receives the independent AML Auditor’s report, the senior management must immediately take necessary actions to address the AML/CFT deficiencies. The necessary team must be involved, including the AML Compliance Officer, to implement the AML auditors’ recommendations to enhance the quality and effectiveness of the DNFBP’s AML program.

In simple terms, an independent AML audit is a giant umbrella to check and test the DNFBP’s implemented AML/CFT measures, thriving to ensure its adequacy, quality, completeness, and relevance with appropriate AML audit planning and program, effectively executing the AML audit procedures and ensuring the redressal of the AML gaps as post AML audit.

Independent AML Audit

How can AML UAE assist in ensuring the quality of your AML framework with an independent AML audit?

Documenting the AML/CFT policies and procedures differs significantly from ensuring effective implementation. It is where the independent AML audit comes into the picture.

At all times, the implemented AML/CFT measures and controls must effectively identify and mitigate the money laundering and terrorism financing risks. The AML program must be aligned with relevant AML regulations and complete in all aspects, ensuring total coverage for fighting financial crimes and staying 100% compliant. Here is the role of the independent AML auditor to examine the existing measures, detect any loopholes and recommend the best practices to bridge the AML gaps.

AML UAE is a leading AML consultancy firm assisting the regulated entities in UAE, including DNFBPs, to design and implement customized AML policies and procedures to manage the ML/FT risks. With our domain experts and diverse experience, we can assist DNFBPs in auditing the AML framework and identify necessary improvement areas and regulatory violations that need immediate attention to strengthen the AML measures.

Implement robust independent AML audit to stay AML compliant and channel your AML efforts in the right direction!

Make significant progress in your fight against
financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

Real Estate is considered one of the typologies criminals exploit to launder illicit money. Thus, UAE AML regulations have included the real estate agents and brokers under the ambit of Designated Non-Financial Businesses and Professions (DNFBPs), required to adhere to an anti-money laundering framework, including the appointment of an AML Compliance Officer to oversee the implementation of AML measures and identify the money laundering instances.

In this article, we will explore the functions of an AML Compliance Officer in a real estate agent or brokerage firm and their significance in combating financial crime from the UAE real estate sector.

Understanding AML Compliance in the real estate sector

Certain business organizations have been entrusted with identifying, preventing, and reporting instances of money laundering and the financing of terrorism. In this context, the procedures and controls adopted by these organizations to mitigate the financial crime risks would be treated as AML Compliance.

AML compliance involves designing and implementing internal AML/CFT policies, procedures, systems, and controls to manage the money laundering risks, implementing the Customer Due Diligence process and ongoing monitoring program to identify and report suspicious transactions, training the relevant staff to create AML awareness, etc.

AML compliance for real estate agents and brokers will help ensure that the sector is not exploited or misused by criminals to place the proceeds of illegal activities. Real estate agents or brokerage firms’ efforts and commitment towards AML compliance will promote the reputation and attract responsible buyers and sellers engaging with the real estate brokerage firm.

AML non-compliance by real estate agents and brokers in UAE can result in reputational damage and hefty administrative fines.

Real estate agents and brokerage firms in UAE must understand their AML compliance obligations and appoint a competent AML Compliance Officer to stay AML compliant and safeguard businesses against financial crime.

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

The Role of an AML Compliance Officer to combat money laundering in the real estate sector

As one of the DNFBPs under UAE AML regulations, the real estate agents and brokers must comply with the UAE AML regulations and implement necessary measures to protect the firm from being exploited by the money launderers. To oversee the effective implementation of the AML/CFT framework across the firm, the law mandates appointing a designated person to act as an AML Compliance Officer.

The primary role of the AML Compliance Officer would include the following:

The Compliance Officer must conduct the Enterprise-Wide Risk Assessment to identify and evaluate the company’s possible ML/FT risk exposure. This risk assessment must be aligned with the management-approved risk appetite. It must consider the relevant risk factors, such as the nature of buyers and sellers the company is associated with, the geographies of its operations, the nature of properties involved, the complexity of the transactions, delivery channels used, etc.

The outcome of the EWRA or the overall business risk assessment shall help the AML Compliance Officer understand the AML/CFT measures required to safeguard the company.

The Compliance Officer (CO) must establish and implement comprehensive internal AML/CFT policies, procedures, and controls customized to its business operations and the assessed risk. The policies must consider the relevant AML regulations, including the specific guidelines, e.g., the Ministry of Economy’s supplemental guidance on AML/CFT for the real estate sector. The CO must periodically review and update the AML/CFT policies and procedures to ensure their relevance and effectiveness.

CO is also responsible for ensuring that the company follows robust Customer Due Diligence measures before establishing any business relationship with a customer (whether a buyer, seller, property developer, lessor, or lessee). This should also include designing Know Your Customer forms and implementing adequate customer risk assessment methodology to determine the risk each customer poses to the company’s real estate brokerage business.

CO should also ensure that the company has deployed necessary systems and tools to conduct timely screening of the customers, to comply with sanctions screening requirements and determine whether the customer is a Politically Exposed Person (PEP) or has any adverse media against the person, suggesting involvement in any criminal activities.

In case of customer is identified as high-risk, Compliance Officer must ensure that Enhanced Due Diligence measures are applied to manage the increased ML/FT risk, including additional checks and verification related to the customer’s identity, source of their funds and wealth, etc.

Ongoing monitoring is one of the essential aspects of overall AML compliance. The Compliance Officer must implement adequate systems and procedures to identify suspicious activities and monitor transactions and business relationships.

  The CO is, also known as a Money Laundering Reporting Officer (MLRO), responsible for accurate and timely reporting of suspicious activities and transactions with UAE’s Financial Intelligence Unit (FIU).

Apart from filing Suspicious Activity Report (SAR) and Suspicious Transaction Report (STR), the AML Compliance Officer of the real estate broker is accountable for the following additional reporting:

  1. Filing of the Real Estate Activity Report (REAR) on the goAML portal, furnishing details of the designated transactions related to the purchase/sale of Freehold real estate property,
  2. Preparing and submitting a periodic AML/CFT report to the company’s senior management, giving updates on the AML measures applied during the period, any red flags observed, any reports field with FIU, any additional requirements for AML resources, etc.,
  3. Submitting relevant information and documents to the supervisory authority when requested.

One other essential function of the Compliance Officer is to develop the AML training program for the company’s employees, including the senior management, to create awareness around the AML program and promote strong compliance culture.

Along with AML/CFT measures, the Compliance Officer must consider compliance with Targeted Financial Sanctions. This will include screening the relevant sanctions list and, if any matches are found, applying adequate TFS measures and reporting it to the Executive Officer for Control and Non-Proliferation (EOCN) by filing Confirmed Name Match Report (CNMR) or Partial Name Match Report (PNMR) on the goAML Portal.

The AML Compliance Officer is responsible for ensuring the maintenance of AML/CFT records and information in an organized manner for a minimum period of five (5) years from the end of the business relationship or transaction. However, the period threshold is six (6) years for the real estate agents and brokers operating in or from ADGM’s Financial Service Regulatory Authority (FSRA) or DIFC’s Dubai Financial Service Authority (DFSA).

Role of AML Compliance Officer in UAE Preview

Must have Skills and Qualifications for an AML Compliance Officer

To ensure the effective implementation of the entire AML compliance program in the real estate agent or brokerage firm and protect the business from being vulnerable to financial criminals, the firms must appoint a competent AML Compliance Officer having adequate seniority and independence.

The functions entrusted to an AML Compliance Officer require technical expertise, subject and business knowledge, analytical skills, and a commitment to AML compliance.

The Compliance Officer is expected to have the following skill sets:

  • Thorough knowledge and understanding of the relevant AML regulations applicable to the real estate sector,
  • An analytical skills to detect and evaluate the ML/FT red flags,
  • Communication skills to collaborate with staff, open communication with senior management and supervisory authority,
  • Attention to detail to promptly identify any unusual patterns or transactions indicating financial crime or involvement of criminal proceeds and accurately reporting the suspicious transactions to the FIU,
  • Professionalism and integrity are essential qualities for an AML Compliance Officer to ensure an unbiased approach towards AML compliance and avoid any conflict of interest between compliance and business.

Smoothening the functions of the AML Compliance Officer with adequate technology

with the help of emerging technology, the Compliance Officer can optimize the real estate broker’s compliance function to ensure timely detection of ML/FT risk indicators and stay 100% AML compliant.

AML Compliance Officer of a real estate agent or brokerage firm can implement developing tools and systems to automate the customer onboarding process, starting from buyer and seller identification, ID verification, liveness checks, real-time screening against sanctions, PEP, or adverse media, etc.

Further, artificial intelligence-based solutions can assess customer risk and monitor transactions and customer profiles. This ensures prompt alert generation for high-risk customers, unusual trends, or suspicious customer behavior.

Embracing developing technology and tools would ease the responsibilities and improve the effectiveness of the AML/CFT measures developed and maintained by the Compliance Officer in the real estate agent or brokerage firm in UAE by reducing the manual errors, and identification of potential ML/FT risks to curb the vice on a timely basis.

How can AML UAE assist the AML Compliance Officers of the UAE real estate agents and brokers to navigate the AML Compliance journey?

The role of an AML Compliance Officer in a real estate agent or brokerage firm in the UAE is critical to safeguard the real estate sector from being misused by criminals to route their dirty money.

AML UAE is a leading AML consultancy firm in the UAE. AML UAE can strengthen the efforts of the AML Compliance Officer by assisting in assessing the real estate agents and brokers’ ML/FT risk exposure and tailoring the internal AML/CFT policies, procedures, and controls to identify and report suspicious transactions.

We can also impart comprehensive AML training to the Compliance Officer and the staff, including senior management of the real estate brokers and agents, to promote collaborative attempts in the fight against financial crime. With our assistance in identifying and implementing the right AML technology and solutions, AML Compliance Officer can enhance the effectiveness of the compliance processes and efficiently identify potential ML/FT risks.

Stay AML Compliant!

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Governance for VASPs in the UAE: Building trust and strengthening compliance

AML Governance for VASPs in the UAE Building trust and strengthening compliance

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

AML Governance for VASPs in the UAE: Building trust and strengthening compliance

Virtual assets are increasing their acceptance and significance in the financial system of the UAE. However, with this comes the increased risk of money laundering and terrorist financing, given the inherent nature of anonymity and speed of virtual asset transactions. The UAE authorities have brought the Virtual Assets Service Providers (VASPs) under the Anti-Money Laundering (AML) regulatory landscape to mitigate these financial crime risks. Here, it becomes critical for VASPs in UAE to establish an effective AML governance and oversight function to manage financial crime vulnerabilities.

Why is AML Governance important for VASP in UAE?

The VASPs expose themselves to huge ML/FT risks while onboarding customers across the world without any boundaries. Further, as all the transactions are done virtually, the risk of unidentified originators and virtual asset beneficiaries is involved, which can be exploited for laundering illegal funds or financing terrorist activities.

The authorities have established specific regulatory guidelines, mandating the VASPs to adhere to them and safeguard themselves against financial crime risks. VASPs operating in UAE must register with the relevant authorities and comply with the AML/CFT regulations. Failure to comply with these compliance obligations can result in hefty administrative fines and reputation damage.

The AML regulations in UAE require the VASPs to conduct Enterprise -Wide Risk Assessment to identify the ML/FT risks, adopt a risk-based approach to design and implement internal AML/CFT policies, procedures, and controls, and report any identified suspicion to the Financial Intelligence Unit (FIU).

To mitigate the ML/FT risks and avoid regulatory non-compliance penalties, the VASPs must establish and maintain a robust AML governance and oversight function.

AML Governance for VASPs in the UAE Building trust and strengthening compliance

How to establish a robust AML Governance Function in VASP?

As a first step to AML governance, the VASPs must understand the AML regulations and compliance obligations imposed upon the organization. With a basic understanding of AML compliance requirements, let us understand the critical component of an effective AML governance framework.

Effective AML governance framework

As a first step to AML governance, the VASPs must understand the AML regulations and compliance obligations imposed upon the organization. With a basic understanding of AML compliance requirements, let us understand the critical component of an effective AML governance framework.

Appointment of AML Compliance Officer or Money Laundering Reporting Officer

VASPs must appoint a competent person with adequate knowledge and experience in AML compliance to act as the AML Compliance Officer or the MLRO.

The compliance officer shall be responsible for overall AML/CFT program management.

Identifying the business risks

VASP must perform an Enterprise-Wide Risk Assessment (EWRA) to identify and assess the ML/FT risks that the organization faces. The risk assessment must be based on qualitative and quantitative analysis of the relevant risk factors such as customer base, geographies of operations, nature of transactions, products or services offered by VASP, etc.

As the business activities and ML/FT risk typologies keep evolving, the business risk assessment must be dynamic. VASPs must regularly assess the risk to factor in the changes in business activities, regulatory amendments, and emerging financial crime trends. The risk assessment results should be used to develop the internal AML/CFT policies, procedures, and controls to manage the identified ML/FT risks.

How to conduct AML Business Risk Assessment Priv

Developing the comprehensive AML/CFT framework

VASPs must have in place a well-defined internal AML/CFT program, including policies, procedures, systems, and controls that can adequately identify and manage the ML/FT risks of the organization’s virtual assets operations.

The AML policies and procedures must reflect the VASP’s overall risk and be practical to mitigate the risks.

Having an AML policy is not enough. The VASP must periodically review the policies and procedures to ensure their adequacy, effectiveness, and relevance in combating financial crimes. The AML/CFT framework must, at all times, be effective in addressing the identified business risks and is compliant with AML regulatory requirements.

The policy should document the VASP’s AML obligations, the controls adopted by the VASP to manage the risks, and the roles and responsibilities of the AML Compliance Officer, employees, and senior management towards the AML program.

Robust Customer Onboarding Process

Millions of transactions related to the transfer of virtual assets are conducted amongst multiple originators and beneficiaries worldwide. For an effective AML/CFT compliance framework, an effective customer onboarding process is one of the key elements.

It is pertinent for VASPs to identify these originators and beneficiaries of the transactions and verify their identity. The VASP must screen these customers to understand their connection with the Sanctions List, or Politically Exposed Person (PEP), and the presence of adverse media suggesting criminal history.

As part of the Customer Due Diligence (CDD) process, the VASP should also perform a customer risk assessment to identify the risk each customer poses to the business. Basis the outcome of the customer risk profiling, the VASP must adopt a risk-based approach and perform Enhanced Due Diligence (EDD) measures to manage the increased risk posed by high-risk customers.

CDD does not end here. The VASP must implement systems to monitor the transactions and business relationships on an ongoing and real-time basis to identify unusual or suspicious activities.

Suspicious activities identification and reporting procedures

AML framework is incomplete without adequate internal systems and procedures to identify the ML/FT risk indicators or red flags, suggesting involvement in money laundering activities, criminal proceeds, or terrorism financing. A clear mechanism must be in place to guide the employees to actions to be taken once any suspicious activities are observed and how the reporting shall be done to the AML Compliance Officer.

Further, the guidelines about external reporting to the FIU must also be well defined to ensure the timely filing of a Suspicious Activity Report (SAR) or Suspicious Transactions Report (STR) with the FIU.

Support from the senior management

No business function can be successful without the support from senior management. Similar is the case of the AML function. The senior management plays a critical role in ensuring the effectiveness of the AML governance framework by setting the right compliance tone at the top and providing strategic oversight of the implemented AML/CFT policies and procedures.

The management must establish the VASP’s ML/FT risks appetite and review and approve the VASP’s business risk assessment and the developed AML/CFT compliance program. Management should ensure that the risk assessment and AML policies, procedures, and controls are periodically reviewed and updated to manage the risks effectively.

Further, the one important role of senior management is ensuring its compliance department is well-staffed with adequate resources necessary to manage the ML/FT risks and stay AML compliant.

As part of the AML governance and oversight function, the senior management and board of directors must seek periodic reports from the AML compliance officer capturing the VASP’s ML/FT exposure, identify suspicious actions taken by the compliance officer, any AML gaps observed, etc.

Responsibilities of Senior Management around AML program under UAE AML Laws

Effective oversight function with periodic AML review and independent AML audit

To ensure the effectiveness of the AML/CFT measures adopted by the VASPs, it is important to establish an independent AML audit and also an internal periodic AML review function. The policies, procedures, systems, and controls implemented by the VASPs must be periodically reviewed to test the quality, adequacy, and effectiveness of the AML/CFT program.

A periodic AML review and interviews with the AML compliance team must be conducted to check whether the AML policies are effectively followed across the organization and to identify any gaps in policies, procedures, or implementation flaws. This periodic review shall assist the VASPs in remediating the AML non-compliance or vulnerabilities before it has a multifield impact on the operations. The internal reviews can be considered as frequent routine checks on the effectiveness of AML/CFT systems and controls, necessary to ensure that the AML measures are up-to-date and capable of identifying the financial crime risks.

Further, the VASP must appoint an independent person, having adequate AML understanding and experience to conduct the AML review. An independent AML audit shall be a more focused and unbiased review by a third party (possibly an external person) to ensure that VASP has an appropriate framework to manage the risks and stay AML compliant.

AML training program

AML governance function is incomplete without the involvement of the entire staff and their contribution towards the AML/CFT program. AML Compliance Officer of the VASP must develop a robust and comprehensive AML training program for the staff, including senior management, to ensure that all the employees of the organization understand the ML/FT risks, compliance obligations, and their roles and responsibilities towards VASP’s AML/CFT efforts.

AML training shall ensure that staff is well aware of internal AML/CFT policies and procedures and can exercise sound judgement when any suspicion is observed.

Designing a comprehensive AML Training Program

AML governance using technology and data analytics

AML governance and oversight would be challenging without deploying adequate technology and data analytics tools in this virtual asset world where everything is online. With technology, VASPs can automate the ML/FT risk assessment and deploy adequate measures to mitigate the same. With the humungous volume of virtual asset transactions, technologies like Artificial Intelligence and Machine Learning make transaction monitoring easy and real-time, generating alerts for unusual activities and reducing false positives.

Further, data analytics algorithms can be trained to identify unusual customer behaviour, detect suspicious transactions, and identify patterns that may indicate money laundering or terrorist financing.

VASPs can effectively detect and prevent money laundering and terrorist financing involving virtual assets by integrating technology and data analytics in their AML governance and oversight functions.

Collaborating with regulatory authorities and industry partners

As an element of effective AML governance, VASPs are recommended to stay connected with AML regulatory and supervisory authorities to seek guidance on various AML/CFT compliance obligations. Further, seeking the authorities’ feedback on implementing AML measures is also critical to enhance and improve the AML/CFT function.

Webinars and awareness sessions conducted by the authorities can also be helpful for VASPs to manage their ML/FT risks and detect emerging ML/FT typologies.

Collaboration with other VASPs can also help understand the industry’s best practices to identify and manage the ever-evolving ML/FT risks arising from virtual asset transfers.

Measuring the effectiveness of your AML governance and oversight function

VASPs need to review and enhance their AML governance and oversight function. This can be done using key performance indicators (KPIs) such as –

  • Periodicity of AML/CFT report furnished by AML Compliance Officer to senior management
  • Identified gaps and time and actions taken to remediate the same
  • Feedback received from the authorities
  • Number of suspicions observed
  • Quality and frequency of the AML training program
  • Finding of internal AML review and independent AML audit

Though not exhaustive, assessing certain factors can give insights into the effectiveness of the VASP’s AML governance and oversight function.

How can AML UAE assist VASPs in UAE in establishing effective AML Governance Function?

Effective AML Governance and Oversight functions are critical for VASPs to stay AML compliant and manage the financial crime risks.

A robust AML/CFT program, commitment, and support from senior management, deployment of emerging technologies, comprehensive AML training, periodic AML review, audit, etc., can enhance the quality and relevance of the VASP’s AML/CFT framework.

AML UAE is one of the leading AML firms in UAE, supporting regulated entities, including VASP, to establish and maintain a strong internal AML/CFT compliance program aligned with its overall ML/FT risks and regulatory requirements. We also help the VASPs set up solid AML governance and Oversight functions, constantly contributing towards enhancing the effectiveness of the VASP’s AML/CFT measures.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Identity Verification for Partnership Firms: Navigating the essential element of customer onboarding under UAE AML Law

Identity Verification for Partnership Firms Navigating the essential element of customer onboarding under UAE AML Law

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

Identity Verification for Partnership Firms: Navigating the essential element of customer onboarding under UAE AML Law

UAE has introduced stringent regulations to combat financial crimes such as money laundering and terrorist financing. These laws mandate that Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) implement adequate frameworks within the organization to identify and prevent money laundering and terrorism financing instances.

Identifying the customers and verifying their identity is essential to the AML compliance program. The regulated entities must apply thorough identity verification measures when dealing with a partnership firm, not just individual customers.

In this article, we will discuss the critical elements of the identity verification process under UAE AML regulations when establishing a business relationship with a partnership firm.

Identity Verification for Partnership Firms Navigating the essential element of customer onboarding under UAE AML Law

Why are partnership firms vulnerable to financial crime?

A partnership firm is a legal structure owned and managed by individual persons. Sometimes, the legal identity of the partnership firm is exploited by criminals to conduct money laundering or terrorism financing, concealing their identity under cover of the partnership firm.

Further, setting up a partnership firm is relatively simple and quick, making it more vulnerable to financial crime risks and used as a money laundering technique to disguise the actual ownership of illegally obtained proceeds.

Given this, the UAE AML regulations mandate that when conducting a business transaction with a partnership firm, the firm’s identity, including the identity of the Ultimate Beneficial Owners (UBO) and the controlling parties, must be obtained and verified using reliable, independent documents, or sources. This measure shall help uncover the bogus firms established to execute financial crimes.

What is Customer Due Diligence under AML regulations?

Customer Due Diligence (CDD) is a process of identifying the customer or supplier or any third party with whom the business transactions are to be conducted and verifying their identity to determine the legitimacy, including assessing the ML/FT risk the customer poses to the business.

Understand the types of CDD measures to effectively mitigate the ML-FT risks 

How to ensure adequate identity verification for Partnership Firms?

When establishing a business relationship with a partnership firm, it is very pertinent to understand the firm and its true owners or controllers managing the firm’s business. It is necessary to ensure that the regulated organization is not unknowingly exploited by the partners of the firm for money laundering or other illegal activities.

To ensure adequate identity verification of a partnership firm, the following measures must be followed:

Obtain identification details, including other necessary information and documents

To begin with, the regulated entities must seek the identification details of the partnership firm. For this, it is recommended that the regulated entities get the “Know Your Customer” form filed by the firm, capturing legal name, legal structure, partners, their holding, contact details, license number, nature of the business activities, the purpose of the business relationship, etc.

Adequate documents supporting the identification details, such as a trade license or certificate of incorporation, must also be obtained. Further, documents presenting the organization structure must be obtained, which includes the Memorandum of Association and Article of Association.

Ensuring the identity documents obtained from the partnership firm are valid and up-to-date is vital.

All the information obtained about the firm shall assist in identifying and evaluating the ML/FT risks the firm poses to the business and accordingly determine the level and degree of the AML/CFT measures to be applied to manage the risk.

Know Your Customer - KYC Requirements under AML regulations in UAE

Identifying the partners and beneficial owners

Identification of a partnership firm is incomplete without identifying the actual mind behind the legal structure – the partners, UBOs, and the controlling parties. The regulated entities must seek adequate identification details about the UBOs and partners, such as full name, nationality, date and place of birth, address, identification number, etc.

Further, the necessary documents supporting the identification information must be obtained, for example, the passport, Emirates ID, Driver’s License, or any other government-issued document bearing the person’s photograph.

The regulated entities must ensure that the information obtained about partners and beneficial owners is complete and accurate. The partnership structure, as presented in the KYC form, must match the firm’s legal documents.

Identify UBOs to complete your AML Customer Due Diligence

Verify identity using documents obtained and other reliable, independent sources

Once all necessary documents and information have been collected, the next step is to verify the identity details’ authenticity and the documents’ legitimacy. For verification purposes, the regulated entities may rely on government-issued identity documents or resort to independent databases like the corporate registry or third-party paid resources to ensure that the partnership firm and its partners are legit persons to conduct business with.

The regulated entities should seek the original document for verification purposes and obtain a photocopy of such document, with a remark from the person verifying the documents as “original sighted and verified.” Suppose the firm cannot produce the original documents for verification. In that case, the regulated entity must insist on getting a certified copy of the identity document, certified as a “true copy” by a chartered accountant, bank manager, notary, police officer, etc.

The regulated entities must ensure that the identity documents are not forged or tampered with. Further, necessary steps must be taken to match the photo presented on the identification document with the person actually presenting it.

Screening the partnership firm and the partners, UBOs, and controlling parties

The regulated entities must screen the firm and its UBOs, partners, etc., to check whether any person is designated under any sanctions list, specifically under UAE Local Terrorist List or UNSC Consolidated List.

It is also essential to determine whether any of the partners of the firm or the UBOs are Politically Exposed Persons (PEPs) or close relatives of associates of PEP or any other high-risk individuals.

Further, the regulated entity must also check if there is any negative news or adverse media available against the firm or any of the partners of the firm, indicating criminal history or involvement in financial crime.

Ongoing monitoring

The regulated entities must ensure that the identification formation obtained about the partnership firm and the partners is accurate, complete, and valid at all times. For this, the entities must implement adequate ongoing monitoring measures and systems, including regular reviews of identification documents and maintaining adequate documentation related to the identity verification process and changes therein.

Record-keeping

Record-keeping is an important aspect of the identity verification process. Regulated entities must maintain accurate records of all the documents collected and the verification process, including records related to ongoing monitoring and changes in the initial information or documents. The identification verification-related records must be maintained in an organized manner and must be made available to the relevant authorities upon request.

A robust identity verification process, including identifying eth partners and UBOs, is mandatory to manage the ML/FT risks while establishing a business relationship with the partnership firm.

Record Keeping Requirement in UAE

How can technology come in handy in the identity verification process of the partnership firm?

Identity verification is essential to manage the risk and stay AML compliant. Given the legal structure of the partnership firm and the requirement to identify and verify the identity of the partners, the regulated entities are recommended to leverage the technology for efficient identity verification.

Regulated entities may use emerging technologies like Artificial Intelligence or Machine Learning to streamline the identity verification process while onboarding a partnership firm as a customer. For example, biometric verification (facial recognition) or automated identity document verification solutions can help reduce the time and resources required to carry out identity verification of the partnership firm and presents more accurate results, reducing the risk of manual errors or manipulation.

Identity verification is a crucial component of complying with AML regulations while establishing business relationships, specifically in the case of a legal person, including a partnership firm. A comprehensive identity verification process is essential to identify the ML/FT risks and determine the adequate measures to be implemented to manage the risk arising from the partnership firms onboarded as customers or suppliers.

Any gaps in customer identification may expose the business to unwanted financial crime risk and administrative fines for regulatory non-compliance.

How can AML UAE assist you in the identity verification process?

AML UAE is a leading AML consultancy service provider in UAE, assisting regulated entities in identifying business risks and tailoring the AML/CFT policies, procedures, and controls to mitigate the assessed risk effectively. It includes designing a robust customer onboarding framework, including the identity verification processes customized for partnership firms, corporate entities, individuals, trusts, etc., to assess customer risk and apply appropriate AML/CFT controls.

We also impart AML training to the Compliance Officer and the team to effectively implement the designed processes and controls and ensure that identity verification of partnership firms is adequately performed to prevent ML/FT vulnerabilities.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Compliance Requirements for Law Firms in UAE

AML Compliance Requirements for Law Firms in UAE

Blogs

Home Blogs
Table of Contents

Protect your business with reliable and effective AML strategies with AML UAE.

Contact Us Now

AML Compliance Requirements for Law Firms in UAE

With the increase in financial crimes, the introduction and implementation of anti-money laundering and combating the financing of terrorism (AML/CFT) regulations is increasing. In the UAE, lawyers and independent legal firms are covered under the purview of AML regulations. As the vulnerability of the lawyers, notaries, and legal service providers to financial crime, law firms, and legal professionals have been put under AML regulatory regime to identify and prevent money laundering and terrorism financing.

This article lets us navigate AML requirements for law firms operating in or from the UAE.

AML Compliance Requirements for Law Firms in UAE

What AML regulations apply to Law Firms in the UAE?

The primary legislation governing AML compliance is the Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing and its implementing guidelines under Cabinet Resolution No. (134) of 2025. The federal AML regulations identify the regulated entities and establish a comprehensive framework for such entities to be followed to identify, report, and mitigate the money laundering and terrorist financing risks.

One of the regulated entities defined under the UAE AML regulations as Designated Non-Financial Businesses and Professions (DNFBPs) include:

Lawyers, notaries, and other independent legal professionals, when preparing, conducting, or executing financial transactions in relation to the following activities on behalf of the customers:

  • Purchase and sale of real estate
  • Management of customer’s funds
  • Managing customer’s bank accounts, saving, or securities accounts
  • Organizing contributions for the establishment, operation, or management of the company
  • Creating, operating, or managing legal persons
  • Selling and buying commercial entities

For the law firms licensed in UAE, other than Abu Dhabi Global Market (ADGM) and Dubai International Financial Centre (DIFC), the Ministry of Justice is the AML supervisory authority.

With reference to the Federal AML regulations, the Ministry of Justice (MoJ) has also issued Ministerial Decision No. (533) of 2019 on Anti-Money Laundering and Combating Terrorism Financing related to Lawyers, Notaries, and Legal Independent Professionals and a detailed guide to help the law firms effectively implement the AML/CFT measures and prevent financial crimes.

Accordingly, law firms must comply with Federal AML legislation and the decision and guide issued by the Ministry of Justice.

AML Compliance Requirements

What are the AML Compliance requirements of a Law Firm in UAE?

As a regulated entity, law firms and legal professionals are responsible for identifying and reporting ML/FT-related suspicious transactions to the Financial Intelligence Unit. In this context, law firms must comply with Federal AML legislations and the decision and guide issued by the Ministry of Justice.

The following are the AML compliance obligations for a law firm in UAE:

AML compliance obligations for law firm in UAE

goAML Registration

Every law firm in UAE must be registered with the Financial Intelligence Unit’s (FIU) goAML Portal.

Simplifying UAE FIU goAML Registration A Visual Guide

Appointing an AML Compliance Officer

To ensure the effective implementation of the AML Compliance program, law firms must appoint a competent AML Compliance Officer. The appointment of the compliance officer must be approved by the supervisory authority, which is sought during the pre-registration stage of the goAML registration.

Role of AML Compliance Officer in UAE Preview

Conducting Enterprise-Wide Risk Assessment

The law firms must assess the overall money laundering and financing of terrorism (ML/FT) risk their firm is exposed to. The AML Enterprise-Wide Risk Assessment must be conducted based on the nature of the customers, associated geographies, nature of services offered, volume and complexities of the transactions, etc.

How to conduct AML Business Risk Assessment Priv

Establishing AML/CFT Policies, Procedures, and Controls

Based on the overall business risk assessment outcome, law firms and legal professionals must design and implement internal AML/CFT policies, procedures, and controls to manage ML/FT risks.

The internal AML/CFT framework must be aligned with applicable AML regulations and the nature and size of the business.

Client Due Diligence Measures

One of the key AML requirements for law firms in the UAE is to identify the customers and the beneficial owners and verify their identity.

The companies must adopt “Know Your Customer” (KYC) procedures to identify the customer, their activities, the purpose of the business relationship, etc.

The law firms must also conduct screening to determine whether any of the customers, their beneficial owners, or the senior management is mentioned on the Sanctions Lists. Screening must be conducted to identify the customer’s status as a Politically Exposed Person (PEP) or a relative or close associate of the PEP.

Adverse media checks must also be conducted to see whether the customer has been linked or alleged to any financial crime-related matters in the past.

Based on the customer identification details and screening results, law firms and legal professionals must identify each customer’s risk to the business and classify the customers as high, medium, or low based on the assessed ML/FT risks.

In cases where the customers are identified as high-risk, the law firms in UAE must seek additional information and adopt enhanced due diligence measures. The lawyers must take necessary actions to understand the customer’s source of wealth and funds and determine its legitimacy.

Ongoing Monitoring of transactions and business relationships

Law firms are required to maintain customer information up-to-date. The CDD information must be closely monitored to ensure that the legal professionals have complete and accurate data about their customers and beneficial owners and that any changes therein are promptly identified.

Further, ongoing monitoring of the transactions is also very important to identify any unusual or suspicious customer activities related to money laundering and terrorist financing. For high-risk customers, enhanced and more stringent monitoring measures must be applied.

Compliance with Targeted Financial SanctionsQ

Law firms are required to implement the Targeted Financial Sanctions (TFS) measures. Accordingly, the law firms must subscribe to the Executive Officer for Control and Non-Proliferation (EOCN) Notification System to receive regular updates about changes in the sanctions listsUnited Nations Consolidated List and the UAE Local Terrorist List.

All the customers, beneficial owners, and the customer’s senior management must be screened against these sanctions list. If any confirmed match is found, the law firms must immediately terminate the business relationship (existing customer) or reject the customer (prospect customer) and submit Fund Freeze Report (FFR) on the FIU’s goAML portal. In case of a partial name match where the law firm cannot conclude the match type, the business relationship must be suspended, and a report must immediately be filed on the goAML Portal – Partial Name Match Report (PNMR).

Identifying and reporting suspicious activities or transactions

Law firms must establish adequate procedures and controls to identify any potential ML/FT risk indicator and report suspicious activities to the FIU. The suspicions related to ML/FT must be reported to the FIU by filing the Suspicious Activity Report or Suspicious Transaction Report (STR), as the case may be.

The list of red flags and the internal procedures to be followed for reporting must be well documented as part of the AML/CFT framework.

AML Training

AML training for the staff is one of the critical compliance obligations for law firms. Regular training must be provided to the staff and senior management to create awareness about AML compliance obligations and their roles and responsibilities.

Designing a comprehensive AML Training Program

AML Governance

To ensure a robust AML Compliance culture, the senior management must support and contribute towards the law firm’s AML/CFT efforts.

The Compliance Officer must furnish a periodic AML report to the senior management, updating them on the firm’s AML measures, the requirement for any additional AML resources, any AML non-compliance identified, and the action taken by the compliance officer, along with routine AML matters. Senior management must review and provide feedback to the Compliance Officer.

The law firms must implement an  independent AML Audit function to periodically test the quality and adequacy of the AML/CFT measures to identify and mitigate the financial crime risks effectively.

Filing Real Estate Activity Report (REAR)

The lawyers and the legal professionals are required to file a Real Estate Activity Report (REAR) with the goAML portal to report the transaction pertaining to the buy/sale of Freehold Real Estate, which involves cash (equals to or exceeding AED 55,000) or virtual assets or funds converted from virtual assets.

Filing of Real Estate Activity Report (REAR) on goAML under UAE AML Law

AML Record Keeping

All AML-related records and documents, including CDD files and transactions with customers, must be maintained by law firms for at least five (5) years.

AML Record Keeping

How can AML UAE assist Law Firms in UAE to stay AML Complaint?

AML compliance is critical for law firms operating in the UAE to safeguard their practice from being exploited by financial criminals and avoid non-compliance penalties.

To understand the AML regulatory landscape and effectively meet the compliance obligations, reach out to AML experts – like AML UAE, your partner in making AML journey a smooth experience.

AML UAE is a leading AML consultancy service provider in UAE, assisting DNFBPs, including law firms, to identify overall ML/FT risks and implement best AML practices to prevent money laundering and terrorism financing crimes.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Contact Us Now

Share via :

About the Author

Linkedin-in

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti