Conducting Independent AML Audits in DNFBPs: A Comprehensive Handbook

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Conducting Independent AML Audits in DNFBPs: A Comprehensive Handbook

In recent years, anti-money laundering (AML) regulations have become increasingly important for the non-financial sector in the United Arab Emirates. The UAE AML regulations mandate the Designated Non-Financial Businesses and Professions (DNFBPs) to design and implement a comprehensive AML/CFT framework to detect and prevent financial crime. As part of the AML/CFT program, the UAE AML regulations provide for implementing an independent AML audit function to check the quality of the AML measures adopted by these DNFBPs.

DNFBPs (such as dealers in precious metals and stones, real estate agents, lawyers, accountants/ auditors, and company service providers) are required to undertake ML/FT Enterprise-Wide Risk Assessment and establish adequate AML/CFT policies, procedures, and controls to manage these risks. This includes conducting Customer Due Diligence, compliance with the Sanctions regime, and measures to detect and report suspicious transactions on the goAML Portal. To test the adequacy and relevance of the implemented program, the DNFBPs are required to get their AML program independently audited by competent personnel.

Independent AML Audit is very different from regular auditing of books of accounts. This focuses on the DNFBP’s AML/CFT program and the controls and systems the entity has deployed to detect the red flags and manage the risks.

In this article, we will discuss the independent AML audit in DNFBPs, and the key elements necessary for ensuring the effectiveness of the AML audit.

What is the role of an Independent AML Audit?

The independent AML audit refers to a function – whether an internal department or an external third party – that audits and evaluates the quality of the organization’s AML policies, procedures, systems, and controls. This AML audit function operates independently from the routine operations of the business, including ongoing AML activities, and provides an unbiased opinion on the DNFBP’s AML efforts.

The independent AML audit function is entrusted with the responsibility of periodically reviewing the adequacy of the AML/CFT program of the company and detecting any potential gaps or weaknesses in the DNFBP’s AML measures. AML auditors are expected to thoroughly check the DNFBP’s AML/CFT policies, procedures, and controls to ensure that such framework is in line with UAE AML regulations and the overall enterprise-wide risk assessed by the company.

The independent AML audit is not just restricted to identifying the non-compliance instances or flaws in the implemented measures but also to suggesting the remedial actions necessary for improving the AML framework. The AML auditor’s recommendations may include a requirement for the implementation of additional controls, developing or enhancing the AML training programs, and adopting new technological solutions to strengthen the DNFBP’s AML capabilities.

An independent AML audit demonstrates the DNFBP’s commitment to AML compliance and safeguarding the economy from financial crimes. Periodic AML audits help the DNFBPs ensure that their AML efforts and resources are moving in the right direction. They are focused on effectively managing financial crime risks and staying AML compliant.

The independent AML audit is essential to the overall AML compliance framework for DNFBPs operating in the UAE. With an independent AML audit, the DNFBPs can enhance the business reputation, attracting customer loyalty with their efforts to prioritize AML regulatory compliance and combat financial crime. Further, the supervisory authorities also develop trust in the DNFBP’s AML/CFT measures and controls when an independent AML audit forms part of the overall AML framework.

How to implement an Independent AML Audit in DNFBPs?

Implementing an independent AML audit in DNFBPs in UAE requires adequate planning, robust execution, and post-audit activities management.

AML Audit Plan

An independent AML audit starts with AML Audit Plan. This involves defining the following:

scope of the audit (what all AML aspects and records must be reviewed and the review period)
audit objectives (why is the AML audit conducted, i.e., to check the quality of the AML/CFT framework, etc.)
audit procedures (what auditing methods would be used – like records verification, on-site visit, positive confirmation, interviews, etc.)
audit resources (what resources would be deployed for conducting the AML audit, including the audit team)

The AML audit team must be adequately qualified and have appropriate skills to conduct the review and form an opinion on the status of the DNFBP’s AML compliance and the quality of the AML/CFT measures implemented. Further, the AML auditor must be aware of the latest regulatory amendments and understand the AML obligations of the particular DNFBP.

The AML audit plan must be designed considering the overall ML/FT risk exposure, size, and nature of the business. The audit plan and preparation must be aligned with the UAE AML regulations and the feedback from the supervisory authorities of the DNFBP.

Conducting Independent AML Audit

The designed AML audit plan must be diligently adopted for the effective execution of the independent AML audit.

The auditor must review the DNFBP’s documented AML/CFT policies, procedures, and controls to assess their completeness and relevance in the context of the relevant AML regulatory framework and the DNFBP’s ML/FT risk exposure. Any gaps or missing compliance aspects must be highlighted in the report.

Along with a review of the high-level AML/CFT program, the AML auditor must also verify the customer onboarding records to determine the accuracy of the Customer Due Diligence process. The transaction monitoring systems must also be examined to test the reasonableness and adequacy of the monitoring rules defined and their effectiveness in detecting unusual activities or suspicious transactions.

If the DNFBP has implemented any systems or tools for AML compliance, then the integrity and effectiveness of such systems and data security must be verified.

Wherever required, the AML audit team must interview the AML Compliance Officer and the compliance team members to understand their awareness of the internal AML/CFT program and their roles and responsibilities towards AML regulatory obligations. This shall also help the AML auditor determine the level of the entity’s AML training and whether any enhancements are required in the training program.

The team must maintain independence and be able to review and provide unbiased opinions on the company’s AML/CFT program.

Once the necessary audit procedures have been applied and the AML review is complete, the independent auditor must document its observations (identified gaps and non-compliance instances), and the corresponding recommendations in an audit report addressed to the senior management of the DNFBP.

These AML audit findings shall serve as one of the critical AML compliance measures, directing the DNFBPs to improve their AML compliance measures and effectively manage the financial crime risks

Managing the AML Audit findings (Post-Audit Activities)

Once the management receives the independent AML Auditor’s report, the senior management must immediately take necessary actions to address the AML/CFT deficiencies. The necessary team must be involved, including the AML Compliance Officer, to implement the AML auditors’ recommendations to enhance the quality and effectiveness of the DNFBP’s AML program.

In simple terms, an independent AML audit is a giant umbrella to check and test the DNFBP’s implemented AML/CFT measures, thriving to ensure its adequacy, quality, completeness, and relevance with appropriate AML audit planning and program, effectively executing the AML audit procedures and ensuring the redressal of the AML gaps as post AML audit.

How can AML UAE assist in ensuring the quality of your AML framework with an independent AML audit?

Documenting the AML/CFT policies and procedures differs significantly from ensuring effective implementation. It is where the independent AML audit comes into the picture.

At all times, the implemented AML/CFT measures and controls must effectively identify and mitigate the money laundering and terrorism financing risks. The AML program must be aligned with relevant AML regulations and complete in all aspects, ensuring total coverage for fighting financial crimes and staying 100% compliant. Here is the role of the independent AML auditor to examine the existing measures, detect any loopholes and recommend the best practices to bridge the AML gaps.

AML UAE is a leading AML consultancy firm assisting the regulated entities in UAE, including DNFBPs, to design and implement customized AML policies and procedures to manage the ML/FT risks. With our domain experts and diverse experience, we can assist DNFBPs in auditing the AML framework and identify necessary improvement areas and regulatory violations that need immediate attention to strengthen the AML measures.

Implement robust independent AML audit to stay AML compliant and channel your AML efforts in the right direction!

Make significant progress in your fight against
financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Role of an AML Compliance Officer in a real estate agent or brokerage firm in UAE

Real Estate is considered one of the typologies criminals exploit to launder illicit money. Thus, UAE AML regulations have included the real estate agents and brokers under the ambit of Designated Non-Financial Businesses and Professions (DNFBPs), required to adhere to an anti-money laundering framework, including the appointment of an AML Compliance Officer to oversee the implementation of AML measures and identify the money laundering instances.

In this article, we will explore the functions of an AML Compliance Officer in a real estate agent or brokerage firm and their significance in combating financial crime from the UAE real estate sector.

Understanding AML Compliance in the real estate sector

Certain business organizations have been entrusted with identifying, preventing, and reporting instances of money laundering and the financing of terrorism. In this context, the procedures and controls adopted by these organizations to mitigate the financial crime risks would be treated as AML Compliance.

AML compliance involves designing and implementing internal AML/CFT policies, procedures, systems, and controls to manage the money laundering risks, implementing the Customer Due Diligence process and ongoing monitoring program to identify and report suspicious transactions, training the relevant staff to create AML awareness, etc.

AML compliance for real estate agents and brokers will help ensure that the sector is not exploited or misused by criminals to place the proceeds of illegal activities. Real estate agents or brokerage firms’ efforts and commitment towards AML compliance will promote the reputation and attract responsible buyers and sellers engaging with the real estate brokerage firm.

AML non-compliance by real estate agents and brokers in UAE can result in reputational damage and hefty administrative fines.

Real estate agents and brokerage firms in UAE must understand their AML compliance obligations and appoint a competent AML Compliance Officer to stay AML compliant and safeguard businesses against financial crime.

The Role of an AML Compliance Officer to combat money laundering in the real estate sector

As one of the DNFBPs under UAE AML regulations, the real estate agents and brokers must comply with the UAE AML regulations and implement necessary measures to protect the firm from being exploited by the money launderers. To oversee the effective implementation of the AML/CFT framework across the firm, the law mandates appointing a designated person to act as an AML Compliance Officer.

The primary role of the AML Compliance Officer would include the following:

– The Compliance Officer must conduct the Enterprise-Wide Risk Assessment to identify and evaluate the company’s possible ML/FT risk exposure. This risk assessment must be aligned with the management-approved risk appetite. It must consider the relevant risk factors, such as the nature of buyers and sellers the company is associated with, the geographies of its operations, the nature of properties involved, the complexity of the transactions, delivery channels used, etc.

The outcome of the EWRA or the overall business risk assessment shall help the AML Compliance Officer understand the AML/CFT measures required to safeguard the company.

– The Compliance Officer (CO) must establish and implement comprehensive internal AML/CFT policies, procedures, and controls customized to its business operations and the assessed risk. The policies must consider the relevant AML regulations, including the specific guidelines, e.g., the Ministry of Economy’s supplemental guidance on AML/CFT for the real estate sector. The CO must periodically review and update the AML/CFT policies and procedures to ensure their relevance and effectiveness.

– CO is also responsible for ensuring that the company follows robust Customer Due Diligence measures before establishing any business relationship with a customer (whether a buyer, seller, property developer, lessor, or lessee). This should also include designing Know Your Customer forms and implementing adequate customer risk assessment methodology to determine the risk each customer poses to the company’s real estate brokerage business.

CO should also ensure that the company has deployed necessary systems and tools to conduct timely screening of the customers, to comply with sanctions screening requirements and determine whether the customer is a Politically Exposed Person (PEP) or has any adverse media against the person, suggesting involvement in any criminal activities.

In case of customer is identified as high-risk, Compliance Officer must ensure that Enhanced Due Diligence measures are applied to manage the increased ML/FT risk, including additional checks and verification related to the customer’s identity, source of their funds and wealth, etc.

– Ongoing monitoring is one of the essential aspects of overall AML compliance. The Compliance Officer must implement adequate systems and procedures to identify suspicious activities and monitor transactions and business relationships.

– The CO is, also known as a Money Laundering Reporting Officer (MLRO), responsible for accurate and timely reporting of suspicious activities and transactions with UAE’s Financial Intelligence Unit (FIU).

– Apart from filing Suspicious Activity Report (SAR) and Suspicious Transaction Report (STR), the AML Compliance Officer of the real estate broker is accountable for the following additional reporting:

Filing of the Real Estate Activity Report (REAR) on the goAML portal, furnishing details of the designated transactions related to the purchase/sale of Freehold real estate property,
Preparing and submitting a periodic AML/CFT report to the company’s senior management, giving updates on the AML measures applied during the period, any red flags observed, any reports field with FIU, any additional requirements for AML resources, etc.,
Submitting relevant information and documents to the supervisory authority when requested.

– One other essential function of the Compliance Officer is to develop the AML training program for the company’s employees, including the senior management, to create awareness around the AML program and promote strong compliance culture.

– Along with AML/CFT measures, the Compliance Officer must consider compliance with Targeted Financial Sanctions. This will include screening the relevant sanctions list and, if any matches are found, applying adequate TFS measures and reporting it to the Executive Officer for Control and Non-Proliferation (EOCN) by filing Confirmed Name Match Report (CNMR) or Partial Name Match Report (PNMR) on the goAML Portal.

– The AML Compliance Officer is responsible for ensuring the maintenance of AML/CFT records and information in an organized manner for a minimum period of five (5) years from the end of the business relationship or transaction. However, the period threshold is six (6) years for the real estate agents and brokers operating in or from ADGM’s Financial Service Regulatory Authority (FSRA) or DIFC’s Dubai Financial Service Authority (DFSA).

Must have Skills and Qualifications for an AML Compliance Officer

To ensure the effective implementation of the entire AML compliance program in the real estate agent or brokerage firm and protect the business from being vulnerable to financial criminals, the firms must appoint a competent AML Compliance Officer having adequate seniority and independence.

The functions entrusted to an AML Compliance Officer require technical expertise, subject and business knowledge, analytical skills, and a commitment to AML compliance.

The Compliance Officer is expected to have the following skill sets:

Thorough knowledge and understanding of the relevant AML regulations applicable to the real estate sector,
An analytical skills to detect and evaluate the ML/FT red flags,
Communication skills to collaborate with staff, open communication with senior management and supervisory authority,
Attention to detail to promptly identify any unusual patterns or transactions indicating financial crime or involvement of criminal proceeds and accurately reporting the suspicious transactions to the FIU,
Professionalism and integrity are essential qualities for an AML Compliance Officer to ensure an unbiased approach towards AML compliance and avoid any conflict of interest between compliance and business.

Smoothening the functions of the AML Compliance Officer with adequate technology

with the help of emerging technology, the Compliance Officer can optimize the real estate broker’s compliance function to ensure timely detection of ML/FT risk indicators and stay 100% AML compliant.

AML Compliance Officer of a real estate agent or brokerage firm can implement developing tools and systems to automate the customer onboarding process, starting from buyer and seller identification, ID verification, liveness checks, real-time screening against sanctions, PEP, or adverse media, etc.

Further, artificial intelligence-based solutions can assess customer risk and monitor transactions and customer profiles. This ensures prompt alert generation for high-risk customers, unusual trends, or suspicious customer behavior.

Embracing developing technology and tools would ease the responsibilities and improve the effectiveness of the AML/CFT measures developed and maintained by the Compliance Officer in the real estate agent or brokerage firm in UAE by reducing the manual errors, and identification of potential ML/FT risks to curb the vice on a timely basis.

How can AML UAE assist the AML Compliance Officers of the UAE real estate agents and brokers to navigate the AML Compliance journey?

The role of an AML Compliance Officer in a real estate agent or brokerage firm in the UAE is critical to safeguard the real estate sector from being misused by criminals to route their dirty money.

AML UAE is a leading AML consultancy firm in the UAE. AML UAE can strengthen the efforts of the AML Compliance Officer by assisting in assessing the real estate agents and brokers’ ML/FT risk exposure and tailoring the internal AML/CFT policies, procedures, and controls to identify and report suspicious transactions.

We can also impart comprehensive AML training to the Compliance Officer and the staff, including senior management of the real estate brokers and agents, to promote collaborative attempts in the fight against financial crime. With our assistance in identifying and implementing the right AML technology and solutions, AML Compliance Officer can enhance the effectiveness of the compliance processes and efficiently identify potential ML/FT risks.

Stay AML Compliant!

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Governance for VASPs in the UAE: Building trust and strengthening compliance

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

AML Governance for VASPs in the UAE: Building trust and strengthening compliance

Virtual assets are increasing their acceptance and significance in the financial system of the UAE. However, with this comes the increased risk of money laundering and terrorist financing, given the inherent nature of anonymity and speed of virtual asset transactions. The UAE authorities have brought the Virtual Assets Service Providers (VASPs) under the Anti-Money Laundering (AML) regulatory landscape to mitigate these financial crime risks. Here, it becomes critical for VASPs in UAE to establish an effective AML governance and oversight function to manage financial crime vulnerabilities.

Why is AML Governance important for VASP in UAE?

The VASPs expose themselves to huge ML/FT risks while onboarding customers across the world without any boundaries. Further, as all the transactions are done virtually, the risk of unidentified originators and virtual asset beneficiaries is involved, which can be exploited for laundering illegal funds or financing terrorist activities.

The authorities have established specific regulatory guidelines, mandating the VASPs to adhere to them and safeguard themselves against financial crime risks. VASPs operating in UAE must register with the relevant authorities and comply with the AML/CFT regulations. Failure to comply with these compliance obligations can result in hefty administrative fines and reputation damage.

The AML regulations in UAE require the VASPs to conduct Enterprise -Wide Risk Assessment to identify the ML/FT risks, adopt a risk-based approach to design and implement internal AML/CFT policies, procedures, and controls, and report any identified suspicion to the Financial Intelligence Unit (FIU).

To mitigate the ML/FT risks and avoid regulatory non-compliance penalties, the VASPs must establish and maintain a robust AML governance and oversight function.

How to establish a robust AML Governance Function in VASP?

As a first step to AML governance, the VASPs must understand the AML regulations and compliance obligations imposed upon the organization. With a basic understanding of AML compliance requirements, let us understand the critical component of an effective AML governance framework.

Effective AML governance framework

As a first step to AML governance, the VASPs must understand the AML regulations and compliance obligations imposed upon the organization. With a basic understanding of AML compliance requirements, let us understand the critical component of an effective AML governance framework.

Appointment of AML Compliance Officer or Money Laundering Reporting Officer

VASPs must appoint a competent person with adequate knowledge and experience in AML compliance to act as the AML Compliance Officer or the MLRO.

The compliance officer shall be responsible for overall AML/CFT program management.

Identifying the business risks

VASP must perform an Enterprise-Wide Risk Assessment (EWRA) to identify and assess the ML/FT risks that the organization faces. The risk assessment must be based on qualitative and quantitative analysis of the relevant risk factors such as customer base, geographies of operations, nature of transactions, products or services offered by VASP, etc.

As the business activities and ML/FT risk typologies keep evolving, the business risk assessment must be dynamic. VASPs must regularly assess the risk to factor in the changes in business activities, regulatory amendments, and emerging financial crime trends. The risk assessment results should be used to develop the internal AML/CFT policies, procedures, and controls to manage the identified ML/FT risks.

Developing the comprehensive AML/CFT framework

VASPs must have in place a well-defined internal AML/CFT program, including policies, procedures, systems, and controls that can adequately identify and manage the ML/FT risks of the organization’s virtual assets operations.

The AML policies and procedures must reflect the VASP’s overall risk and be practical to mitigate the risks.

Having an AML policy is not enough. The VASP must periodically review the policies and procedures to ensure their adequacy, effectiveness, and relevance in combating financial crimes. The AML/CFT framework must, at all times, be effective in addressing the identified business risks and is compliant with AML regulatory requirements.

The policy should document the VASP’s AML obligations, the controls adopted by the VASP to manage the risks, and the roles and responsibilities of the AML Compliance Officer, employees, and senior management towards the AML program.

Robust Customer Onboarding Process

Millions of transactions related to the transfer of virtual assets are conducted amongst multiple originators and beneficiaries worldwide. For an effective AML/CFT compliance framework, an effective customer onboarding process is one of the key elements.

It is pertinent for VASPs to identify these originators and beneficiaries of the transactions and verify their identity. The VASP must screen these customers to understand their connection with the Sanctions List, or Politically Exposed Person (PEP), and the presence of adverse media suggesting criminal history.

As part of the Customer Due Diligence (CDD) process, the VASP should also perform a customer risk assessment to identify the risk each customer poses to the business. Basis the outcome of the customer risk profiling, the VASP must adopt a risk-based approach and perform Enhanced Due Diligence (EDD) measures to manage the increased risk posed by high-risk customers.

CDD does not end here. The VASP must implement systems to monitor the transactions and business relationships on an ongoing and real-time basis to identify unusual or suspicious activities.

Suspicious activities identification and reporting procedures

AML framework is incomplete without adequate internal systems and procedures to identify the ML/FT risk indicators or red flags, suggesting involvement in money laundering activities, criminal proceeds, or terrorism financing. A clear mechanism must be in place to guide the employees to actions to be taken once any suspicious activities are observed and how the reporting shall be done to the AML Compliance Officer.

Further, the guidelines about external reporting to the FIU must also be well defined to ensure the timely filing of a Suspicious Activity Report (SAR) or Suspicious Transactions Report (STR) with the FIU.

Support from the senior management

No business function can be successful without the support from senior management. Similar is the case of the AML function. The senior management plays a critical role in ensuring the effectiveness of the AML governance framework by setting the right compliance tone at the top and providing strategic oversight of the implemented AML/CFT policies and procedures.

The management must establish the VASP’s ML/FT risks appetite and review and approve the VASP’s business risk assessment and the developed AML/CFT compliance program. Management should ensure that the risk assessment and AML policies, procedures, and controls are periodically reviewed and updated to manage the risks effectively.

Further, the one important role of senior management is ensuring its compliance department is well-staffed with adequate resources necessary to manage the ML/FT risks and stay AML compliant.

As part of the AML governance and oversight function, the senior management and board of directors must seek periodic reports from the AML compliance officer capturing the VASP’s ML/FT exposure, identify suspicious actions taken by the compliance officer, any AML gaps observed, etc.

Effective oversight function with periodic AML review and independent AML audit

To ensure the effectiveness of the AML/CFT measures adopted by the VASPs, it is important to establish an independent AML audit and also an internal periodic AML review function. The policies, procedures, systems, and controls implemented by the VASPs must be periodically reviewed to test the quality, adequacy, and effectiveness of the AML/CFT program.

A periodic AML review and interviews with the AML compliance team must be conducted to check whether the AML policies are effectively followed across the organization and to identify any gaps in policies, procedures, or implementation flaws. This periodic review shall assist the VASPs in remediating the AML non-compliance or vulnerabilities before it has a multifield impact on the operations. The internal reviews can be considered as frequent routine checks on the effectiveness of AML/CFT systems and controls, necessary to ensure that the AML measures are up-to-date and capable of identifying the financial crime risks.

Further, the VASP must appoint an independent person, having adequate AML understanding and experience to conduct the AML review. An independent AML audit shall be a more focused and unbiased review by a third party (possibly an external person) to ensure that VASP has an appropriate framework to manage the risks and stay AML compliant.

AML training program

AML governance function is incomplete without the involvement of the entire staff and their contribution towards the AML/CFT program. AML Compliance Officer of the VASP must develop a robust and comprehensive AML training program for the staff, including senior management, to ensure that all the employees of the organization understand the ML/FT risks, compliance obligations, and their roles and responsibilities towards VASP’s AML/CFT efforts.

AML training shall ensure that staff is well aware of internal AML/CFT policies and procedures and can exercise sound judgement when any suspicion is observed.

AML governance using technology and data analytics

AML governance and oversight would be challenging without deploying adequate technology and data analytics tools in this virtual asset world where everything is online. With technology, VASPs can automate the ML/FT risk assessment and deploy adequate measures to mitigate the same. With the humungous volume of virtual asset transactions, technologies like Artificial Intelligence and Machine Learning make transaction monitoring easy and real-time, generating alerts for unusual activities and reducing false positives.

Further, data analytics algorithms can be trained to identify unusual customer behaviour, detect suspicious transactions, and identify patterns that may indicate money laundering or terrorist financing.

VASPs can effectively detect and prevent money laundering and terrorist financing involving virtual assets by integrating technology and data analytics in their AML governance and oversight functions.

Collaborating with regulatory authorities and industry partners

As an element of effective AML governance, VASPs are recommended to stay connected with AML regulatory and supervisory authorities to seek guidance on various AML/CFT compliance obligations. Further, seeking the authorities’ feedback on implementing AML measures is also critical to enhance and improve the AML/CFT function.

Webinars and awareness sessions conducted by the authorities can also be helpful for VASPs to manage their ML/FT risks and detect emerging ML/FT typologies.

Collaboration with other VASPs can also help understand the industry’s best practices to identify and manage the ever-evolving ML/FT risks arising from virtual asset transfers.

Measuring the effectiveness of your AML governance and oversight function

VASPs need to review and enhance their AML governance and oversight function. This can be done using key performance indicators (KPIs) such as –

Periodicity of AML/CFT report furnished by AML Compliance Officer to senior management
Identified gaps and time and actions taken to remediate the same
Feedback received from the authorities
Number of suspicions observed
Quality and frequency of the AML training program
Finding of internal AML review and independent AML audit

Though not exhaustive, assessing certain factors can give insights into the effectiveness of the VASP’s AML governance and oversight function.

How can AML UAE assist VASPs in UAE in establishing effective AML Governance Function?

Effective AML Governance and Oversight functions are critical for VASPs to stay AML compliant and manage the financial crime risks.

A robust AML/CFT program, commitment, and support from senior management, deployment of emerging technologies, comprehensive AML training, periodic AML review, audit, etc., can enhance the quality and relevance of the VASP’s AML/CFT framework.

AML UAE is one of the leading AML firms in UAE, supporting regulated entities, including VASP, to establish and maintain a strong internal AML/CFT compliance program aligned with its overall ML/FT risks and regulatory requirements. We also help the VASPs set up solid AML governance and Oversight functions, constantly contributing towards enhancing the effectiveness of the VASP’s AML/CFT measures.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Identity Verification for Partnership Firms: Navigating the essential element of customer onboarding under UAE AML Law

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Identity Verification for Partnership Firms: Navigating the essential element of customer onboarding under UAE AML Law

UAE has introduced stringent regulations to combat financial crimes such as money laundering and terrorist financing. These laws mandate that Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) implement adequate frameworks within the organization to identify and prevent money laundering and terrorism financing instances.

Identifying the customers and verifying their identity is essential to the AML compliance program. The regulated entities must apply thorough identity verification measures when dealing with a partnership firm, not just individual customers.

In this article, we will discuss the critical elements of the identity verification process under UAE AML regulations when establishing a business relationship with a partnership firm.

Why are partnership firms vulnerable to financial crime?

A partnership firm is a legal structure owned and managed by individual persons. Sometimes, the legal identity of the partnership firm is exploited by criminals to conduct money laundering or terrorism financing, concealing their identity under cover of the partnership firm.

Further, setting up a partnership firm is relatively simple and quick, making it more vulnerable to financial crime risks and used as a money laundering technique to disguise the actual ownership of illegally obtained proceeds.

Given this, the UAE AML regulations mandate that when conducting a business transaction with a partnership firm, the firm’s identity, including the identity of the Ultimate Beneficial Owners (UBO) and the controlling parties, must be obtained and verified using reliable, independent documents, or sources. This measure shall help uncover the bogus firms established to execute financial crimes.

What is Customer Due Diligence under AML regulations?

Customer Due Diligence (CDD) is a process of identifying the customer or supplier or any third party with whom the business transactions are to be conducted and verifying their identity to determine the legitimacy, including assessing the ML/FT risk the customer poses to the business.

How to ensure adequate identity verification for Partnership Firms?

When establishing a business relationship with a partnership firm, it is very pertinent to understand the firm and its true owners or controllers managing the firm’s business. It is necessary to ensure that the regulated organization is not unknowingly exploited by the partners of the firm for money laundering or other illegal activities.

To ensure adequate identity verification of a partnership firm, the following measures must be followed:

Obtain identification details, including other necessary information and documents

To begin with, the regulated entities must seek the identification details of the partnership firm. For this, it is recommended that the regulated entities get the “Know Your Customer” form filed by the firm, capturing legal name, legal structure, partners, their holding, contact details, license number, nature of the business activities, the purpose of the business relationship, etc.

Adequate documents supporting the identification details, such as a trade license or certificate of incorporation, must also be obtained. Further, documents presenting the organization structure must be obtained, which includes the Memorandum of Association and Article of Association.

Ensuring the identity documents obtained from the partnership firm are valid and up-to-date is vital.

All the information obtained about the firm shall assist in identifying and evaluating the ML/FT risks the firm poses to the business and accordingly determine the level and degree of the AML/CFT measures to be applied to manage the risk.

Identifying the partners and beneficial owners

Identification of a partnership firm is incomplete without identifying the actual mind behind the legal structure – the partners, UBOs, and the controlling parties. The regulated entities must seek adequate identification details about the UBOs and partners, such as full name, nationality, date and place of birth, address, identification number, etc.

Further, the necessary documents supporting the identification information must be obtained, for example, the passport, Emirates ID, Driver’s License, or any other government-issued document bearing the person’s photograph.

The regulated entities must ensure that the information obtained about partners and beneficial owners is complete and accurate. The partnership structure, as presented in the KYC form, must match the firm’s legal documents.

Verify identity using documents obtained and other reliable, independent sources

Once all necessary documents and information have been collected, the next step is to verify the identity details’ authenticity and the documents’ legitimacy. For verification purposes, the regulated entities may rely on government-issued identity documents or resort to independent databases like the corporate registry or third-party paid resources to ensure that the partnership firm and its partners are legit persons to conduct business with.

The regulated entities should seek the original document for verification purposes and obtain a photocopy of such document, with a remark from the person verifying the documents as “original sighted and verified.” Suppose the firm cannot produce the original documents for verification. In that case, the regulated entity must insist on getting a certified copy of the identity document, certified as a “true copy” by a chartered accountant, bank manager, notary, police officer, etc.

The regulated entities must ensure that the identity documents are not forged or tampered with. Further, necessary steps must be taken to match the photo presented on the identification document with the person actually presenting it.

Screening the partnership firm and the partners, UBOs, and controlling parties

The regulated entities must screen the firm and its UBOs, partners, etc., to check whether any person is designated under any sanctions list, specifically under UAE Local Terrorist List or UNSC Consolidated List.

It is also essential to determine whether any of the partners of the firm or the UBOs are Politically Exposed Persons (PEPs) or close relatives of associates of PEP or any other high-risk individuals.

Further, the regulated entity must also check if there is any negative news or adverse media available against the firm or any of the partners of the firm, indicating criminal history or involvement in financial crime.

Ongoing monitoring

The regulated entities must ensure that the identification formation obtained about the partnership firm and the partners is accurate, complete, and valid at all times. For this, the entities must implement adequate ongoing monitoring measures and systems, including regular reviews of identification documents and maintaining adequate documentation related to the identity verification process and changes therein.

Record-keeping

Record-keeping is an important aspect of the identity verification process. Regulated entities must maintain accurate records of all the documents collected and the verification process, including records related to ongoing monitoring and changes in the initial information or documents. The identification verification-related records must be maintained in an organized manner and must be made available to the relevant authorities upon request.

A robust identity verification process, including identifying eth partners and UBOs, is mandatory to manage the ML/FT risks while establishing a business relationship with the partnership firm.

How can technology come in handy in the identity verification process of the partnership firm?

Identity verification is essential to manage the risk and stay AML compliant. Given the legal structure of the partnership firm and the requirement to identify and verify the identity of the partners, the regulated entities are recommended to leverage the technology for efficient identity verification.

Regulated entities may use emerging technologies like Artificial Intelligence or Machine Learning to streamline the identity verification process while onboarding a partnership firm as a customer. For example, biometric verification (facial recognition) or automated identity document verification solutions can help reduce the time and resources required to carry out identity verification of the partnership firm and presents more accurate results, reducing the risk of manual errors or manipulation.

Identity verification is a crucial component of complying with AML regulations while establishing business relationships, specifically in the case of a legal person, including a partnership firm. A comprehensive identity verification process is essential to identify the ML/FT risks and determine the adequate measures to be implemented to manage the risk arising from the partnership firms onboarded as customers or suppliers.

Any gaps in customer identification may expose the business to unwanted financial crime risk and administrative fines for regulatory non-compliance.

How can AML UAE assist you in the identity verification process?

AML UAE is a leading AML consultancy service provider in UAE, assisting regulated entities in identifying business risks and tailoring the AML/CFT policies, procedures, and controls to mitigate the assessed risk effectively. It includes designing a robust customer onboarding framework, including the identity verification processes customized for partnership firms, corporate entities, individuals, trusts, etc., to assess customer risk and apply appropriate AML/CFT controls.

We also impart AML training to the Compliance Officer and the team to effectively implement the designed processes and controls and ensure that identity verification of partnership firms is adequately performed to prevent ML/FT vulnerabilities.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Compliance Requirements for Law Firms in UAE

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

AML Compliance Requirements for Law Firms in UAE

With the increase in financial crimes, the introduction and implementation of anti-money laundering and combating the financing of terrorism (AML/CFT) regulations is increasing. In the UAE, lawyers and independent legal firms are covered under the purview of AML regulations. As the vulnerability of the lawyers, notaries, and legal service providers to financial crime, law firms, and legal professionals have been put under AML regulatory regime to identify and prevent money laundering and terrorism financing.

This article lets us navigate AML requirements for law firms operating in or from the UAE.

What AML regulations apply to Law Firms in the UAE?

The primary legislation governing AML compliance is the Federal Decree by Law No. (10) of 2025 Regarding Anti-Money Laundering, and Combating the Financing of Terrorism and Proliferation Financing and its implementing guidelines under Cabinet Resolution No. (134) of 2025. The federal AML regulations identify the regulated entities and establish a comprehensive framework for such entities to be followed to identify, report, and mitigate the money laundering and terrorist financing risks.

One of the regulated entities defined under the UAE AML regulations as Designated Non-Financial Businesses and Professions (DNFBPs) include:

Lawyers, notaries, and other independent legal professionals, when preparing, conducting, or executing financial transactions in relation to the following activities on behalf of the customers:

Purchase and sale of real estate
Management of customer’s funds
Managing customer’s bank accounts, saving, or securities accounts
Organizing contributions for the establishment, operation, or management of the company
Creating, operating, or managing legal persons
Selling and buying commercial entities

For the law firms licensed in UAE, other than Abu Dhabi Global Market (ADGM) and Dubai International Financial Centre (DIFC), the Ministry of Justice is the AML supervisory authority.

With reference to the Federal AML regulations, the Ministry of Justice (MoJ) has also issued Ministerial Decision No. (533) of 2019 on Anti-Money Laundering and Combating Terrorism Financing related to Lawyers, Notaries, and Legal Independent Professionals and a detailed guide to help the law firms effectively implement the AML/CFT measures and prevent financial crimes.

Accordingly, law firms must comply with Federal AML legislation and the decision and guide issued by the Ministry of Justice.

What are the AML Compliance requirements of a Law Firm in UAE?

As a regulated entity, law firms and legal professionals are responsible for identifying and reporting ML/FT-related suspicious transactions to the Financial Intelligence Unit. In this context, law firms must comply with Federal AML legislations and the decision and guide issued by the Ministry of Justice.

The following are the AML compliance obligations for a law firm in UAE:

goAML Registration

Every law firm in UAE must be registered with the Financial Intelligence Unit’s (FIU) goAML Portal.

Appointing an AML Compliance Officer

To ensure the effective implementation of the AML Compliance program, law firms must appoint a competent AML Compliance Officer. The appointment of the compliance officer must be approved by the supervisory authority, which is sought during the pre-registration stage of the goAML registration.

Conducting Enterprise-Wide Risk Assessment

The law firms must assess the overall money laundering and financing of terrorism (ML/FT) risk their firm is exposed to. The AML Enterprise-Wide Risk Assessment must be conducted based on the nature of the customers, associated geographies, nature of services offered, volume and complexities of the transactions, etc.

Establishing AML/CFT Policies, Procedures, and Controls

Based on the overall business risk assessment outcome, law firms and legal professionals must design and implement internal AML/CFT policies, procedures, and controls to manage ML/FT risks.

The internal AML/CFT framework must be aligned with applicable AML regulations and the nature and size of the business.

Client Due Diligence Measures

One of the key AML requirements for law firms in the UAE is to identify the customers and the beneficial owners and verify their identity.

The companies must adopt “Know Your Customer” (KYC) procedures to identify the customer, their activities, the purpose of the business relationship, etc.

The law firms must also conduct screening to determine whether any of the customers, their beneficial owners, or the senior management is mentioned on the Sanctions Lists. Screening must be conducted to identify the customer’s status as a Politically Exposed Person (PEP) or a relative or close associate of the PEP.

Adverse media checks must also be conducted to see whether the customer has been linked or alleged to any financial crime-related matters in the past.

Based on the customer identification details and screening results, law firms and legal professionals must identify each customer’s risk to the business and classify the customers as high, medium, or low based on the assessed ML/FT risks.

In cases where the customers are identified as high-risk, the law firms in UAE must seek additional information and adopt enhanced due diligence measures. The lawyers must take necessary actions to understand the customer’s source of wealth and funds and determine its legitimacy.

Ongoing Monitoring of transactions and business relationships

Law firms are required to maintain customer information up-to-date. The CDD information must be closely monitored to ensure that the legal professionals have complete and accurate data about their customers and beneficial owners and that any changes therein are promptly identified.

Further, ongoing monitoring of the transactions is also very important to identify any unusual or suspicious customer activities related to money laundering and terrorist financing. For high-risk customers, enhanced and more stringent monitoring measures must be applied.

Compliance with Targeted Financial SanctionsQ

Law firms are required to implement the Targeted Financial Sanctions (TFS) measures. Accordingly, the law firms must subscribe to the Executive Officer for Control and Non-Proliferation (EOCN) Notification System to receive regular updates about changes in the sanctions lists – United Nations Consolidated List and the UAE Local Terrorist List.

All the customers, beneficial owners, and the customer’s senior management must be screened against these sanctions list. If any confirmed match is found, the law firms must immediately terminate the business relationship (existing customer) or reject the customer (prospect customer) and submit Fund Freeze Report (FFR) on the FIU’s goAML portal. In case of a partial name match where the law firm cannot conclude the match type, the business relationship must be suspended, and a report must immediately be filed on the goAML Portal – Partial Name Match Report (PNMR).

Identifying and reporting suspicious activities or transactions

Law firms must establish adequate procedures and controls to identify any potential ML/FT risk indicator and report suspicious activities to the FIU. The suspicions related to ML/FT must be reported to the FIU by filing the Suspicious Activity Report or Suspicious Transaction Report (STR), as the case may be.

The list of red flags and the internal procedures to be followed for reporting must be well documented as part of the AML/CFT framework.

AML Training

AML training for the staff is one of the critical compliance obligations for law firms. Regular training must be provided to the staff and senior management to create awareness about AML compliance obligations and their roles and responsibilities.

AML Governance

To ensure a robust AML Compliance culture, the senior management must support and contribute towards the law firm’s AML/CFT efforts.

The Compliance Officer must furnish a periodic AML report to the senior management, updating them on the firm’s AML measures, the requirement for any additional AML resources, any AML non-compliance identified, and the action taken by the compliance officer, along with routine AML matters. Senior management must review and provide feedback to the Compliance Officer.

The law firms must implement an independent AML Audit function to periodically test the quality and adequacy of the AML/CFT measures to identify and mitigate the financial crime risks effectively.

Filing Real Estate Activity Report (REAR)

The lawyers and the legal professionals are required to file a Real Estate Activity Report (REAR) with the goAML portal to report the transaction pertaining to the buy/sale of Freehold Real Estate, which involves cash (equals to or exceeding AED 55,000) or virtual assets or funds converted from virtual assets.

AML Record Keeping

All AML-related records and documents, including CDD files and transactions with customers, must be maintained by law firms for at least five (5) years.

How can AML UAE assist Law Firms in UAE to stay AML Complaint?

AML compliance is critical for law firms operating in the UAE to safeguard their practice from being exploited by financial criminals and avoid non-compliance penalties.

To understand the AML regulatory landscape and effectively meet the compliance obligations, reach out to AML experts – like AML UAE, your partner in making AML journey a smooth experience.

AML UAE is a leading AML consultancy service provider in UAE, assisting DNFBPs, including law firms, to identify overall ML/FT risks and implement best AML practices to prevent money laundering and terrorism financing crimes.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

How to ensure effective Suspicious Activity Reporting?

Employee training on effective suspicious activity reporting

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

How to ensure effective Suspicious Activity Reporting?

In UAE, Anti-Money Laundering and Combating of Financing of Terrorism (AML/CFT) measures and regulations are critical to identifying potential risks and timely reporting these suspicious activities to ensure the financial stability and security of the economy.

When regulated organizations – whether Financial Institutions, Virtual Asset Service Providers (VASPs), or Designated Non-Financial Businesses and Professions (DNFBPs) – fail to implement the policies and procedures around suspicious activity reporting, the consequences are severe for the organization and the country. The employees must be trained on ML/FT risk indicators, identifying suspicious activities, and appropriately reporting to the Financial Intelligence Unit (FIU).

How to identify Suspicious Activity under AML regulations?

Employees engaging with customers and managing the business relationship are vital in identifying suspicious activity. For effective suspicious activity reporting, the employees must understand the red flags and the actions to be taken when such risk indicators are observed.

Once any ML/FT red flags are observed, the employees must collate adequate information about the suspicion and immediately report such suspicious activity to the AML Compliance Officer.

What are the common risk indicators suggesting Suspicious Activity?

Some common indicators of suspicious activity that the employees of the regulated organization must be aware of are:

Customer suddenly starts making large value transactions, contrary to the transaction history or not matching with the customer’s financial position
Customer coming from or is closely connected with the high-risk jurisdictions,
Customer having adverse media or criminal records for being involved in financial crime in past
Customer refusing to share the identity documents or reluctant to disclose the identity of the beneficial owners
Customer has no active connection with UAE, or the purpose of the transaction is not clear
Customer’s legal structure is excessively complex, without any business rationale
Customer hesitates in sharing information about the beneficial ownership
Customer engaging in multiple transactions with values exactly below the AML threshold
Identity document furnished by the customer is found to be fake or forged
Payment towards the transaction is being initiated from a third-party account not related to the business transaction
Unnecessary involvement of third-party agents or intermediaries, without any business sense, to conceal the identity of the customer.

The employees must be informed of the red flags suggesting a potential association with money laundering or terrorism financing. Further, employees should be aware of the list of high-risk countries.

Employees must be well-trained to look for unusual patterns of transactions, recognize these risk indicators, and immediately report such suspicious observations to the AML Compliance Officer.

What is the Role of Employees in detecting ML/FT-related Suspicious Activity?

Under the AML Compliance program, employees are considered the first line of defense against money laundering and terrorism financing. Employees play a pivotal role in identifying suspicious activity related to financial crime. Therefore, creating awareness around AML measures and identifying suspicious activities amongst employees is essential.

In addition to identifying suspicious activity, employees should be trained on adequate reporting procedures to ensure accuracy and completeness in internal reporting. This includes knowing when reporting will be done, to whom, and what details will be captured in the report.

Employees should be encouraged to ask relevant questions to determine the nature of the suspicion, including escalating the observed red flags to the departmental head.

Training shall be conducted for the employees covering real-life scenarios and case studies around money laundering or terrorism financing indicators observed by the internal staff and what actions were taken by that employee.

How to establish a robust Suspicious Activity Reporting System?

A strong system must be implemented within the regulated organization for internal reporting of suspicious activities to ensure that suspicions are reported on time and adequately addressed.

Establishing Clear Reporting Procedure

For timely reporting of suspicious activity, timely identification of the potential risk indicators is essential. To assist the employees with immediate detection of the ML/FT red flags and evaluate the possibility of suspicion, the organization must include a business-specific list of risk indicators in its policy. These red flags must be well communicated amongst the team, including imparting specific training to create better awareness.

Documenting Red flags and risk indicators

Clear reporting procedures should be designed and communicated with the relevant employees. This includes policies around who is responsible for reporting, the internal reporting shall be done to whom, how the reporting would be done (through email, physical internal Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR) format, etc.), who should be included in the communication trail, etc.

The details of the AML Compliance Officer, including their contact information, must be available to every employee of the regulated organization.

Ensuring Confidentiality and Employee Protection

Employees must feel comfortable reporting suspicious activity without any fear of retaliation. The information of the employee reporting the suspicious activity must be kept confidential. The regulated organization must develop adequate policies to protect employees from retaliation.

No “Tipping off”

The employees must be aware of the requirement not to disclose any information about the identified suspicion to the subject party or any third party, directly or indirectly. The employees should understand that “tipping off” is a criminal offense under UAE AML regulations and attract hefty penal penalties, including imprisonment for such contravention.

Imparting training to the employees

The employees – whether serving clients or managing client relationships – are the first to observe the potential suspicion in transactions or customer behaviour. Also, the back-office teams play a significant role in detecting the red flags while clearing the payments or generating account statements. Thus, all employees of the organization must be imparted adequate training and equipped with the necessary resources to identify the ML/FT suspicion and exercise sound judgment around the necessity to report the same to the Compliance Officer.

Imparting adequate employee training on identifying and reporting suspicious activity is very important to promote a compliance culture in the organization and receive the required contribution from the employee to prevent financial crime.

Periodically Reviewing and Updating the Suspicious Activity Reporting System

The regulated organization should regularly review the internal suspicious activity reporting procedures and system to check its effectiveness and update, if necessary, to stay compliant with UAE AML regulations.

What are suspicious activity reporting requirements under UAE AML Regulations?

The AML regulations mandate the regulated organizations to identify and report suspicious activities related to money laundering, terrorist financing, or financing of the proliferation of weapons for mass destruction.

The entire AML compliance framework revolves around effective suspicious activity reporting, including designing the AML policies and AML training the employees to identify and undertake timely reporting.

A regulated organization that fails to identify and report suspicious activities in accordance with UAE AML regulations faces severe consequences, including damage to its reputation and non-compliance penalties.

What are suspicious activity reporting requirements under UAE AML Regulations?

To stay AML compliant and safeguard the business against the exploitation of financial crimes, adequate systems and procedures to identify and report suspicious activities effectively are a must.

AML UAE is a leading AML consultancy service provider, assisting clients in developing a robust AML compliance framework, including establishing internal and external suspicious activity reporting policies. With a team of experienced professionals, AML UAE imparts comprehensive AML training to the employees, covering basic concepts of ML/FT, AML measures, the organization’s internal policies and procedures, and best practices for suspicious activity reporting.

Timely identify and report suspicious activities to complete your AML Compliance circle!

Make significant progress in your fight against
financial crimes

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Shining the business conduct with LBMA’s Global Precious Metals Code, 2022

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Shining the business conduct with LBMA’s Global Precious Metals Code, 2022

London Bullion Market Association (LBMA) has issued LBMA’s Global Precious Metals Code, 2022, laying down the highest standards for business conduct expected from market participants engaged in the global Over-The-Counter (OTC) wholesale trade of precious metals.

Who is subject to LBMA’s Global Precious Metals Code?

Various participants are engaged in the Precious Metals Market, with different activities around precious metals –extraction, refining, storage, financing, transportation, storage, financing, trading, and marketing. The LBMA’s Global Precious Metals Code applies to all Precious Metals Market participants involved in global OTC wholesale trade, which include:

LBMA Members
Precious metals Refineries & Mining entities
Precious metals Logistics firms
Precious metals Fabricators
Jewellery entities
Financial institutions like Banks, Asset management companies, Exchange Traded Funds, Firms engaged in high-frequency trading strategies, Brokers, investment advisers, aggregators, etc.
Trading houses and Affirmation & settlement platforms
Sovereign wealth funds
Benchmark Administrators

All these market participants are required to implement this Code commensurate with the size and nature of the business activities.

What precious metals are governed under LBMA’s Global Precious Metals Code?

The Code sets out the standards for ensuring the highest quality conduct of the market participant engaged in activities related to the following precious metals:

Gold
Silver
Platinum
Palladium

What are the four (4) principles discussed in the LBMA's Global Precious Metals Code?

The following four principles are emphasized in the Code to ensure the global best practices in the Precious Metals Market:

A. Ethics:

All the precious metals organizations subject to this Code are expected to act professionally and ethically to maintain the integrity of the global precious metals market. It must deal with all its customers, suppliers, employees, and all other business associates in the utmost fair manner.

The companies are expected to implement appropriate internal policies to identify and address the conflict of interest that may comprise its code of ethics or professional standards.

The companies are expected to promote equality and avoid discrimination amongst customers, employees, etc.

The market participants are expected to impart adequate training to their employees to ensure that market obligations are discharged ethically and professionally.

B. Governance, Compliance, and Risk Management:

Market Participants are expected to identify the risks associated with their precious metals activities and implement appropriate governance and risk management frameworks to manage these risks, including a comprehensive compliance management program.

The companies are expected to evaluate the risk arising out of the following factors concerning their precious metals operations:

Market and credit-related risks
Operational and Settlement-related risk
Risks related to Technology & Cyber Security
Compliance and Legal risk
Business Continuity risk
Conduct and Reputational risk
Economic and Trade risk

As part of an adequate governance structure, the senior management is responsible for designing the business strategies and overseeing the business operations to ensure the company’s financial security.

Precious metals companies must comply with all the applicable rules and regulations, including the anti-money laundering framework. The internal policies must be well documented, highlighting the regulatory obligations, procedures & controls to ensure adequate compliance.

Further, the companies are expected to have well-defined lines of reporting, with clear roles and responsibilities for managing the precious metals operations. There shall be smart systems for the accurate and timely generation of MIS reports, which is necessary as part of the governance and risk management framework.

Through a well-designed whistle-blowing policy, employees must be encouraged to escalate any observed instances of inappropriate business practices or unethical behaviour of any market participants – internally and externally.

A periodic review of the governance, compliance, and risk management framework is suggested in the Code to ensure that the companies’ set operations mechanism is aligned with the highest professional standards and the applicable laws, including this LBMA’s Code. Any gaps identified by the independent reviewer must be highlighted to the senior management for their immediate action to rectify these breaches.

C. Information Sharing:

Precious metals market participants must communicate effectively and transparently within the business community. Market Participants are also expected to manage the confidentiality of critical market Information.

The companies shall not divulge confidential information that hampers standard market practices.

The communication must be fair and open, with clear language and with no or minimal use of technical jargon. Further, appropriate communication channels must be used to ensure the market’s integrity and maintain the required audit trails.

Companies are strictly prohibited from initiating or spreading rumours or circulating any misleading information which affects the best business practices of the precious metals market.

D. Business Conduct:

Precious metals companies are expected to effectively manage their pre-trade and post-trade business activities fairly and transparently.

As part of pre-trade business conduct, the market participants are expected to sign an agreement or similar document with the customers, suppliers, etc., with a clear scope of a business deal, terms of trade, and price points. Appropriate Know Your Customer and Customer Due Diligence measures must be applied before establishing any business relationship with other market participants. The companies must identify any risk associated with the customers and suppliers, including the supply-chain risk.

The precious metals trades must be executed fairly, with clear disclosure of the markups and the methods used for arriving at the markup. The markups must be determined professionally without misrepresenting any cost factors. The companies are prohibited from executing any trade against the LBMA’s precious metals benchmark (i.e., the prices determined by LBMA).

For post-trade business conduct, the company must initiate confirmation communication with the customer about the executed trade or deals that are amended or cancelled. Further, the market participants are expected to perform ongoing reviews and monitoring of the transactions, including periodic reconciliation of the customer’s accounts to identify gaps or delinquent payments.

The market participants are expected to design internal policies to ensure no trade payments are expected from unrelated third parties or cash payments exceeding a certain threshold.

How can AML UAE assist you with developing your Code of Business Practices aligned with the LBMA’s requirements?

The Dealers in Precious Metals in UAE, engaged in the wholesale trade of gold, silver, platinum, and palladium, are expected to adopt this Global Precious Metals Code, 2022, to promote transparency and integrity of the global precious metals market.

AML UAE is an AML consultancy firm supporting Dealers in Precious Metals and Stones to implement the AML framework and stay AML compliant. We help the DMPS develop tailor-made AML/CFT policies, procedures, and controls to identify and mitigate financial crime risks.

With our experience of dealing closely with dealers in precious metals, we understand the business operations and compliance requirements of the precious metals sector, such as the Responsible Gold Sourcing Code and the LBMA’s Global Precious Metals Code. With this, you design a comprehensive compliance framework to manage your business operations with highest of the ethical practice and professional standards while staying compliant with local and international regulatory frameworks (FATF, OECD, LBMA, etc.).

Make significant progress in your fight
against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 11 years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Choosing an apt AML Software for DPMS

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

Choosing an apt AML Software for DPMS

Dealers in precious metals and stones are one of the Designated Non-Financial Businesses and Professions (DNFBPs) required to comply with anti-money laundering and combating financing of terrorism (AML/CFT) regulations in the UAE. Non-compliance with AML requirements has severe consequences, including monetary fines, administrative penalties, and reputational damage. The importance of choosing an apt AML software for the DPMS sector cannot be overstated. Adopting an appropriate AML compliance software for Dealers in Precious Metals and Stones is very important to ensure compliance with the AML requirements and safeguard your precious metals and stones business against exploitation by financial criminals.

This article discusses the critical consideration for selecting the right AML software for your AML compliance needs.

Understanding the AML Compliance requirements for Dealers in Precious Metals and Stones in the UAE

Before selecting an AML screening solution, we must understand the AML compliance requirements in the UAE and why a dealer in precious metals and stones must comply with these AML requirements.

Money laundering is concealing the source of the illegally obtained funds and disguising the same as proceeds from legitimate business activities. Financial criminals often use precious metals and stones to launder their dirty and illicit money without attracting the attention of the regulatory authorities. Precious metals and stones are commonly used for laundering funds, given their inherent characteristics – high in value, compact in size and easy to transport across borders.

What are “Precious Metals and Stones” in UAE under the AML regulations?

Under UAE AML regulations, the following are considered “Precious Metals and Stones”:

– Precious Metals

Gold (minimum purity of 500 parts per 1,000)
Silver (minimum purity of 800 parts per 1,000)
Platinum (minimum purity of 850 parts per 1,000)
Palladium (minimum purity of 500 parts per 1,000)

– Precious Stones

Rough diamonds of any weight in carats
Polished diamonds (minimum weight of 0.3 carats per stone if loose, or a minimum weight of 0.5 carats per any single stone mounted in a setting)
Coloured Gemstones like Emeralds, Rubies, and Sapphires (minimum weight of 1 carat per stone if loose, or a minimum weight of 2 carats per any single stone mounted in a setting)

– Pearls

Loose (minimum diameter of 3 millimetres per bead)
Strung or mounted in a setting (minimum diameter of 10 millimeters per any single bead)

– Other

Any object with a minimum 50% value of the object is comprised of precious metals and stones.

Who is Dealer in Precious Metals and Stones in UAE?

A person engaged in any of the following activities related to precious metals and stones would be treated as a dealer in precious metals and stones (DPMS) in UAE:

Extraction, refining, cutting, polishing or fabrication
Import or export
Purchase, sale, re-purchase or re-sale, including scrap sale of precious metals and stones
Barter, or exchange of precious metals and stones
Loan or lease arrangements
Possession of precious metals and stones, e.g., as a fiduciary, warehousing, or safekeeping arrangement
Job work arrangement, e.g., cutting, polishing, refining, casting or fabrication services related to precious metals and stones.

What is AML Compliance in UAE?

Anti-money laundering (AML) compliance is a set of regulations and governing frameworks focused on detecting and preventing the process of laundering illegal money from entering into a legitimate financial system. In UAE, the primary AML/CFT regulations are the Federal Decree-Law No. 20/2018, and its implementing guidelines in Cabinet Decision No. 10/2019.

AML compliance is essential to safeguard the business from being vulnerable in the hands of money launderers. By developing a comprehensive AML compliance framework, businesses can detect and prevent suspicious activities on time without getting their business impacted by financial criminals for money laundering activities.

The AML regulations in the UAE mandate that Financial Institutions, Virtual Assets Service Providers (VASP) and certain Designated Non-Financial Businesses and Professions (DNFBPs) comply with these regulations. Dealers in precious metals and stones are one of the DNFBPs, required to design and implement AML/CFT policies, procedures, and controls to identify, prevent, and report suspicious transactions and activities related to money laundering and terrorism financing.

An AML Compliance Software helps meet KYC, Screening, and Reporting requirements and saves time and costs.

Why is AML Compliance necessary for Dealers in Precious Metals and Stones in the UAE?

As precious metals and stones are considered as closely associated with money laundering typologies, the dealers in precious metals and stones are entrusted with the responsibility of iden

tifying any red flags intended towards using precious metals and stones for conducting the money laundering process.

Following are a few ML/FT red flags for dealers in precious metals and stones:

Customer requests reshaping of gold into ordinary-looking items to hide the nature of precious metals
Customer frequently trades diamonds and gold jewellery for cash in small incremental amounts
Transaction involving precious metals with unusual characteristics, not matching market standards
Charitable organization requesting to buy gold worth AED 1 million, not aligned with the customer’s activities, etc.

Complying with AML regulations helps the business from non-compliance penalties and protects the business from reputational damage. With your commitment towards complying with AML compliance requirements, you gain trust and respect from your customers, suppliers, and other stakeholders, achieving customer loyalty and long-term commercial benefits.

AML compliance is a necessary part of the routine business operations of a dealer in precious metals and stones, ensuring the business does not aid any financial criminal in laundering the illegal proceeds of crime.

An AML Screening Software will help you meet legal obligations and counter money laundering and terrorism financing.

Key Features and Functionalities of an Ideal AML Software

AML compliance is integral to any business operation to maintain integrity and avoid non-compliance penalties. With increasing importance and awareness about AML compliances, new technological solutions are designed to detect, prevent, and report money laundering activities. To ensure the completeness and accuracy of the AML compliance requirements, the selection of the right AML software is necessary. While finalizing the AML software, the following key features must be emphasized.

Customer Identification and Verification

The AML software must support the performance of customer due diligence, including Customer identification and identity verification of the customers and their beneficial owners. The customer identification process should be accurate and reliable to determine whether the customer is the one he claims to be. The software should also be able to verify the customer’s address, nationality, and date of birth.

The software should support identifying the designated person or entity mentioned in the sanctions list, specifically in the UAE Local Terrorist and UNSC Consolidated lists. Further, the AML software should also allow screening of the customers and the ultimate beneficial owners against the global list of Politically Exposed Persons (PEP) and adverse media searches.

Risk Assessment and Management

The AML software should allow the Dealers in Precious Metals and Stones to assess the ML/FT risk for each of the customers and, thus, overall enterprise-wide risk assessment. The risk assessment process should be robust and accurate, considering all the relevant risk parameters such as the customer’s business activities, geographies involved, the transactional elements like mode of payment and the frequency of transactions, beneficial ownership, association with PEP, etc.

The risk scoring methodology of the AML compliance software must be simple to understand but comprehensive, assisting the AML Compliance Officer in taking necessary due diligence measures depending on the risk rating to manage the money laundering risk.

Ongoing Monitoring

The AML Compliance software should allow for maintaining and monitoring the customer’s profile and transactions executed with the customer. The transactions should be monitored against the customer’s information file to detect suspicious or unusual activity. Any unusual pattern or mismatch between the customer’s profile and the activities must be highlighted for further investigation by generating an alert. The flagging of the ML/FT red flags would ensure timely actions to prevent or mitigate the impact of the risks.

Regulatory Reporting and Record-Keeping

The AML screening software should support the generation of intelligent and analytic reports to monitor the organisation’s compliance status.

The retention of the necessary AML records and documents must be enabled in the AML software, as required under the UAE AML regulations. The software should maintain a complete audit trail and history of the compliance activities, including the customer screened, transactions monitored, alerts generated, etc. This AML recording-keeping functionality of the AML software should serve as documentary evidence to be furnished to the regulatory authorities as proof of AML compliance.

Integration with Existing Operational Systems

The AML software should integrate easily with the business’s existing systems, processes and databases to ensure efficient AML compliance management without hampering any routine business operations. The precious metals and stones dealers can easily integrate their CRM solution with the AML software and streamline the customer due diligence process.

With comprehensive data around AML compliance available in one place, the AML Compliance Officer can review the organisation’s compliance level and ensure the quality of the AML compliance framework implemented across the organization.

Selecting the right AML compliance software is of utmost importance to ensure that dealers in precious metals and stones comply with relevant AML compliance obligations and safeguard themselves from being used for money laundering activities. Right AML Software will equip you with the resources to effectively manage your 100% AML compliance requirements.

Evaluating AML Software Providers

Selection of the right AML software vendor is equally important. You may have the best of the AML software, but you may not optimally use the features if the software provider is not professional and does not provide handholding support. Partnering with the wrong AML software provider can cost you non-compliance fines and reputational damage. Here are a few key factors to consider when evaluating AML software vendors:

Reputation and Industry Experience

The AML software provider’s reputation and industry experience are among the most important factors. Look for an AML screening software provider with experience in the precious metals and stones industry. With the vendor’s understanding of the business operations and the industry, you will get customized AML software mapped with the AML compliance requirements of the dealers in the precious metals and stones sector.

You can check the Name Screening Software vendor’s reputation and experience by referring to online reviews, customer feedback and testimonials from other dealers in precious metals and stones. It helps you make decisions, providing information about the vendor’s strengths and weaknesses and their commitment to customer satisfaction.

Customer Support and Training

Another key factor to consider is the level of post-implementation customer support and training the AML compliance software vendor provides. Implementing AML software is a different task from buying one. The implementation requires support from the vendor in configuring the features as per business needs, training the employees to use the AML screening solution and extending post-implementation ongoing support to manage any issues while using the AML software, which may arise in future once the software is live.

Pricing and Contract Terms

The budget and cost of the AML software are other crucial factors while the software providers. Look out for any additional hidden charges or costs, such as implementation or annual maintenance costs. The contractual arrangement with the vendor must be clear and transparent, laying down the scope of AML software.

Scalability and Customization Options

One-size-fits-all is not a practical principle in business. The AML software must support customization, allowing the businesses to tailor-make the AML compliance software per the business needs and compliance obligations of the dealers in precious metals and stones. Further, the solution must be scalable, supporting the organisation’s growing business. The AML software, which allows scalability and customization, is always preferred over other AML software.

Selection of the right AML software, supported by the right software vendor, is necessary for the long-term success of the investment in AML technology and for ensuring 100% AML compliance in your precious metals and stones business.

Rightfully implementing the AML Software in the Jewellery Business

Managing AML compliance is necessary to keep financial criminals away from the precious metals and stones business and avoid regulatory fines for non-compliance and reputational damage. With effective implementation of the software, you can manage your AML compliance. Take care of the following aspects while going live with the AML software, and half of your AML compliance job is done:

Configuration of the AML Software

The AML software must be aligned with local and international regulatory developments and the latest data sources to ensure accurate and correct AML compliance by dealers in precious metals and stones.

Preparing the Team

The compliance team must be well-trained in the AML software’s features and functionalities to use the AML software efficiently. The training should discuss the AML compliance obligations and how the software will help achieve each AML compliance requirement.

While deciding on the AML software, AML Compliance Officer, IT professionals and senior management must be involved. This will ensure that the Compliance Officer is satisfied with the solution’s functionalities, the IT team approves the technical configuration and data security, the management signs off the investment in AML software, and shows commitment towards compliance.

How can AML UAE assist you in selecting the right AML Software for your precious metals and stones business?

The quality and effectiveness of AML compliance depend on the resources deployed, including AML Software. Appropriate AML compliance software will help your business achieve 100% compliance with AML regulations prevalent in the UAE.

AML UAE is one of the leading AML consultancy service providers in the UAE, assisting clients in setting up and implementing the AML compliance framework. Our domain experts and AML professionals understand your business requirements and help you identify the most appropriate AML solution, including discussing the solution’s functionalities and negotiating prices with vendors.

Stay Safe, Stay AML-Compliant!

Make significant progress in your fight
against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

The Vital Role of an AML Compliance Officer in Safeguarding VASPs in the UAE

Blogs

Protect your business with reliable and effective AML strategies with AML UAE.

The Vital Role of an AML Compliance Officer in Safeguarding VASPs in the UAE

With the increasing acceptance of virtual assets, Virtual Asset Service Providers (VASPs) also continue to grow around the globe, including in the UAE. However, given the nature of the virtual assets – anonymity involved and easy transferability – criminals misuse them for money laundering and terrorism financing activities.

To manage the exploitation of virtual assets, the countries have implemented stringent regulations and have entrusted VASPs with compliance obligations to identify and prevent the ML/FT risk. To effectively implement the AML compliance program and adhere to the regulatory requirements, the role of the anti-money laundering (AML) Compliance Officer is important for VASP.

In this article, we will discuss the role of AML Compliance Officers in ensuring AML Compliance for VASPs in the UAE.

Introduction to AML Compliance in the UAE

The UAE government intends to develop the country as an international virtual assets centre. To promote this, robust AML compliance regulations around mitigating the risk of money laundering and terrorism financing have been introduced.

To manage the activities of the virtual asset in Dubai, the government has formed a supervisory authority – the Virtual Assets Regulatory Authority (VARA) of Dubai. At the same time, there are other authorities designated to supervise the activities of the virtual asset across the UAE, such as the Financial Services Regulatory Authority for VASPs registered in Abu Dhabi Global Market (ADGM), Dubai Financial Services Authority for VASPs operating from Dubai International Financial Centre (DIFC) and Securities and Commodities Authority of UAE for rest of the 6 Emirates and free zones.

These authorities have developed and implemented comprehensive AML regulatory guidelines and rulebooks for VASPs, mandating VASPs to design solid AML frameworks and ensure compliance with international best practices and FATF recommendations around managing ML/FT risks associated with virtual assets.

The Importance of AML Compliance

Compliance with AML regulations is mandatory for various regulated organizations, including Virtual Assets Services Providers in the UAE. A robust AML compliance program will safeguard virtual asset activities against being exploited for money laundering or terrorism financing activities. Further, non-compliance with any AML obligation will lead to severe adverse consequences for the VASP, such as substantial administrative fines, reputational damage and even termination of the license to conduct virtual asset activities.

Adequate AML compliance will help VASP create customer loyalty and seek respect from various stakeholders and market players worldwide, looking at its efforts towards combating money laundering and financing terrorism.

UAE's Regulatory Framework for AML Compliance

The UAE has established a comprehensive AML regulatory framework for financial institutions, VASPs and other Designated Non-Financial Businesses and Professions (DNFBPs). The legislative framework includes the Federal Decree-Law and the implementing Cabinet Decision, specific guidance issued by the relevant supervisory authorities like the Central Bank of UAE, Securities and Commodities Authority of UAE, Ministry of Economy, Ministry of Law, etc.

These AML regulations lay down comprehensive AML requirements for regulated entities operating in the UAE, including customer due diligence measures that must be adopted before establishing a business relationship, ongoing transaction monitoring requirements, procedures for identifying and reporting suspicious transactions, etc.

The UAE government is committed to fighting financial crimes and developing UAE as a safe and secure internal financial centre. Violating the UAE’s AML regulations requires heavy penalties and a long-term impact on the reputation.

Defining Virtual Asset Service Providers (VASPs) in UAE

In simple language, the business organization providing virtual assets-related services to its customer is a Virtual Asset Service Provider. For instance, the company operating a cryptocurrency exchange or services of converting eth fiat currency into virtual assets or vice versa.

Virtual assets are digital representations of value that can be transferred or traded using distributed ledger technology. The virtual assets include cryptocurrencies like Bitcoin and Ethereum, Non-Fungible Tokens (NFTs) and other digital assets like stablecoins. VASPs are essential in facilitating virtual asset trade, transfer and use.

Types of VASP in UAE

The different types of virtual assets-related services that qualify as VASP include:

an exchange between virtual assets and fiat currencies or between one or more forms of virtual assets,
transfer of virtual assets between wallets by way of virtual asset transactions on behalf of another person,
safekeeping and administration of virtual assets owned by other persons or instruments, enabling control over virtual assets,
Facilitating and providing financial services related to virtual assets issuer’s offer or sale of a virtual asset into the primary or secondary market.

VASP Regulation in the UAE

To safeguard virtual assets from financial crime, the UAE has developed a robust AML regulatory framework for VASPs, including stringent licensing requirements and ongoing regulatory oversight of virtual asset activities. Along with Federal Decree-Law and the implementing guidelines, the regulatory authorities have also issued guidance and AML rulebooks for monitoring the VASP in their respective jurisdictions, such as ADGM’s FSRA, VARA, DIFC’s Dubai Financial Services Authority, etc.

The UAE’s AML regulations for VASPs are based on international best practices and the FATF recommendations around virtual assets and VASPs. The regulatory framework mandates that VASPs in the UAE comply with customer due diligence processes and sanctions screening requirements, implement transaction monitoring systems and procedures, ensure timely reporting of suspicious transactions to the Financial Intelligence Unit (FIU) and the regulatory authority, etc.

The Role of an AML Compliance Officer in VASP

To ensure effective compliance with AML obligations, the VASP must appoint a competent AML Compliance Officer or a Money Laundering Reporting Officer (MLRO). The AML compliance officer’s role is pivotal in ensuring 100% AML compliance by VASPs, including safeguarding the VASP against the evil of money laundering and terrorism financing and preventing these financial crimes.

The overall responsibility of implementing and overseeing the effectiveness of the AML compliance framework lies with the AML Compliance Officer.

Key roles and responsibilities of AML Compliance Officer

The AML compliance officer in VASP is entrusted with several key responsibilities around AML compliance, such as:

1. Conducting overall business risk assessments or enterprise-wide risk assessments of the VASP, considering all the relevant risk factors posing a risk to the business

2. Designing and implementing a robust AML compliance framework aligned with the overall business risks and regulatory requirements, including policies, procedures, and controls.

3. Developing and implementing a comprehensive customer onboarding process, including Know Your Customer, Know Your Transactions, and sanctions screening.

4. Implementing the systems and procedures for assessing customer risk and applying adequate customer due diligence measures, including enhanced due diligence.

5. Defining the rules for ensuring ongoing monitoring of transactions to identify unusual patterns or suspicious activity and ensure relevance and effectiveness.

6. Identifying the potential red flags and making them part of the AML policies. A few red flags related to virtual assets activities are:

Structuring virtual asset transactions in small amounts,
Making multiple high-value transactions within 24 hours,
Transferring virtual assets immediately to multiple VASPs in another country where there are no AML/CFT regulations,
Depositing virtual assets at an exchange and then immediately withdrawing the same without any further activity,
Conducting a large deposit to open a new wallet with a VASP, which is inconsistent with the customer’s economic profile,
Conducting VA-fiat currency exchange at a potential loss,
The use of decentralized/un-hosted wallets.

7. Receiving internal reports on observed suspicion, investigating the same and filing the Suspicious Transaction Reports (STR) or Suspicious Activity Reports (SARs) with FIU and regulatory authorities.

8. Designing and conducting AML training programs for the employees, including senior management.

9. Conducting a periodic review of the AML program and submitting a report to the senior management.

10. Ensuring AML-related records are adequately maintained and secured from unauthorized access.

Required Skills and Qualifications

Given the importance of the AML compliance officer’s role in VASP, the designated person must have a strong understanding of AML regulations and industry knowledge and experience.

Moreover, the AML compliance officer must possess excellent communication skills supported by problem-solving approaches. Officers must be competent and independent enough to effectively manage the AML compliance requirements and prevent misuse of virtual assets for money laundering or terrorism financing activities.

Key Challenges Faced by AML Compliance Officers

AML compliance officers in VASP face various challenges in ensuring compliance with AML regulatory requirements. One of the significant challenges is keeping pace with the evolving ML/FT typologies related to virtual assets and amending AML regulations. The Compliance Officer must stay up-to-date with AML compliance obligations to avoid non-compliance penalties and safeguard the business from being exploited by criminals using new money laundering techniques.

Another challenge the AML compliance officers faces is managing the large volume of data about customers and transactions. Such a colossal database makes monitoring and identifying suspicious activity difficult without sophisticated AML software.

The role of the AML Compliance Officer in VASP must be independent of regular business operations and client relationship management. The Compliance Officer must balance the business and AML Compliance without comprising the AML regulatory obligations.

Implementing AML Compliance Programs in VASP

The AML compliance program in VASP must be comprehensive, aligned with the VASP’s overall ML/FT risk and capable of identifying and mitigating the money laundering and terrorist financing risks effectively. The AML compliance framework should include the methodology of conducting enterprise-wide risk assessment, customer due diligence process, ongoing transaction monitoring, compliance with FATF travel rule, AML record keeping, and procedures for identifying and reporting suspicious transactions.

Business Risk Assessment

The risk assessment process involves identifying and evaluating the money laundering and terrorist financing risks the VASP is exposed to. The Compliance Officer should consider various risk factors such as customer base, geographies, products and services, etc.

Risk Mitigation Policies, Procedures and Controls (AML Framework)

Once the overall risk has been identified, it is the role of the AML Compliance Officer to design and implement adequate risk mitigation policies, procedures, and controls. The AML framework must be aligned with the size, nature and complexity of the business activities and must be approved by the management of the VASP.

Customer Due Diligence (CDD), Know Your Customer (KYC) and Know Your Transaction (KYT) Procedures

KYC and KYT procedures are essential to identify and verify the customer’s identity and understand the transactional elements associated with the virtual asset transfer. Further, the framework should include adequate customer risk profiling procedures and implementing the Targeted Financial Sanctions (TFS) and screening requirements.

Effective customer due diligence will ensure that VASPs deal with genuine customers and do not unintentionally aid in money laundering activities by onboarding financial criminals as their customers.

Identifying and Reporting of Suspicious Activities

Adequate procedures and systems must be implemented to monitor the transactions and customer profiles to detect and report suspicion. The Compliance Officer shall ensure that potential suspicious transactions are investigated internally and only reported to the FIU and the supervisory authority if the internal examination confirms the ML/FT suspicion warranting the external reporting.

One of the important roles of the AML Compliance Officer is to ensure the timely filing of the Suspicious Transaction Report (STR) or Suspicious Activity Report on the goAML Portal.

AML Governance

The Compliance Officer must assess the AML training needs of the employees and design a comprehensive AML training program. The AML training program must be included in the AML framework, highlighting the timing, course, and employees involved in this training.

Further, periodic reviews must be conducted of implemented AML program, and a report must be submitted to the senior management of the VASP by the AML Compliance Officer, highlighting the AML compliance gaps and mitigation measures additionally required.

Record Keeping

AML-related records must be maintained adequately for the specified period and in an organised manner.

Collaboration with Regulatory Authorities

AML Compliance Officer, or Money Laundering Reporting Officer (MLRO), is the key contact between the VASP and the regulatory authorities. One of the key roles of the AML Compliance Officer in VASP is to ensure effective correspondence with the authorities, including the following:

Reporting of Suspicious Transactions and Activities

Identifying and reporting suspicious transactions is a crucial responsibility of AML Compliance Officers in VASP. If suspicious activities are observed, the front-line team must immediately intimate to the Compliance Officer, who would investigate the matter and, if reporting is required, should immediately file a SAR or STR with the FIU.

Ongoing Training and Education

The AML Compliance Officer must attend AML training sessions and workshops conducted by the authorities to be updated with evolving AML regulations and practices.

Ensuring Compliance with Evolving AML Regulations

AML Compliance Officer must ensure that VASP’s AML/CFT framework, including policies, procedures, and controls, are up-to-date with the amended regulatory requirements.

How can AML UAE assist AML Compliance Officers in fulfilling their roles in VASPs?

AML Compliance Officer must ensure that its Virtual Asset Service Provider (VASP) complies with UAE local AML regulations and the FATF recommendations around virtual assets transactions. The role of the AML Compliance Officer in VASP is critical to identify and mitigate the financial crimes risks by developing a robust AML compliance framework.

AML UAE is a leading AML consultancy firm, assisting VASPs in assessing the overall risk, designing and implementing an AML compliance program, establishing a competent AML compliance department and imparting adequate AML training to ensure regulatory compliance and avoid administrative fines for AML violations.

Make significant progress in your fight against financial crimes,

With the best consulting support from AML UAE.

Share via :

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik

Anti-Money Laundering For Dealers in Precious Metals and Stones (DPMS)

Protect your business with reliable and effective AML strategies with AML UAE.

Anti-Money Laundering For Dealers in Precious Metals and Stones (DPMS)

Money laundering is a serious crime, and its scope is not merely restricted to financial institutions, small or medium-scale businesses. However, it has expanded its wings for Anti-Money Laundering For Dealers in Precious Metals and Stones (DPMS). Compliance related to Anti-Money Laundering for Dealers in Precious Metals and Stones (DPMS) requires thorough knowledge of AML regulations in the UAE.

The smuggling, stealing, and trading of precious metals, stones, or gems are pretty frequent and regular. The proceedings from such unlawful activities are later on used for Anti-Money Laundering For Dealers in Precious Metals and Stones.

Dealers of precious metals, stones, or gems can undoubtedly be drawn into money laundering schemes. For instance, criminals or money launderers use dirty money in order to buy gold, diamond, and other precious metals or stones. The money launderers or criminals then resell the precious metals or stones to bring the money into the financial markets again and tag it as legitimate or authentic.

It must be challenging to identify and understand Anti-Money Laundering For Dealers in Precious Metals and Stones and what are the ways in which you can avoid it. Here are a few indicators that might alarm you that the transaction (buying or selling of precious stones, metals, gems) might be a money laundering attempt.

Money Laundering for Dealers in Precious Metals and Stones - Key Indicators:

Payments are made in cash. Usually, in a transaction of precious stones or metals, massive amounts are involved. But if the payments are bifurcated in cash, multiple money orders, cashier’s cheque, or traveler’s cheque, or are being paid through a third-party account. Then you might suspect the probability of money laundering.
The customer is not willing to provide complete or accurate financial references, contact information, or any type of business affiliations
The supplier or customer attempts to maintain a high degree of secrecy about a transaction, like normal business records should not be maintained
Sales or purchases don’t conform to industry standards.
Sales or purchases are unusual for a particular supplier, customer, or a type of supplier or a customer

Dealers in precious metals and stones are expected to have a well-designed compliance program tailored as per their jewellery business. Anti-Money Laundering For Dealers in Precious Metals and Stones starts with the assessment of the overall risks involved, and as it progresses, it should include four-pillar requirements, which are as follows.

Written policies, procedures, and internal controls
Appointment of an anti-money laundering compliance officer
Provision of ongoing anti-money laundering training for appropriate personnel.
Independent testing at regular intervals.

Compliance. Trust. Transparancy

Customised and cost-effective AML compliance services to
support your business always

What Are The Various Problems Associated With Anti-Money Laundering For Dealers in Precious Metals and Stones?

Compliance for Anti-Money Laundering for Dealers in Precious Metals and Stones (DPMS) is quite challenging:

It is often challenging to understand and monitor Anti-Money Laundering For Dealers in Precious Metals and Stones. It is vital to have a completed risk assessment to keep up with anti-money laundering regulations and company or customer activities changes. A risk- based approach should always be built upon sound foundations. Developing a risk-based approach will facilitate the foundation for designing the compliance program.
Dealers of precious metals, stones, and jewels often face some kind of challenges in order to keep up with the regulatory changes. Designating an efficient anti-money laundering compliance officer who is familiar with all the regulatory requirements will leave no stone unturned in protecting you from regulatory risks.
The anti-money laundering programs fail to offer adequate training. An effective AML compliance program should have well-defined procedures, policies, internal controls, designation of an AML officer, training, and independent testing. Training is the key in order to find any kind of unusual activity.
Dealers in precious metals, gems, and jewellery might be confused as to whether they are subject to regulations.

Key Trends: Anti-Money Laundering For Dealers in Precious Metals and Stones (DPMS)

Here we discuss key trends related to Anti-Money Laundering for Dealers in Precious Metals and Stones (DPMS):

Technological advancements and innovations have increased the size and sophistication of criminal enterprises. If you are conducting business using advanced payment systems, you have to make sure that these processes are reflected in your risk assessment.
AML Compliance manual, which incorporates policies, procedures, and internal controls, designation of the compliance officer is the essential requirement.
Anti-money laundering training program materials and proof of training for the respective individuals must be kept for a period of 5 years.
Reports prepared from conducting independent audits and performed testing shall be maintained for a period of 5 years.
Reporting requirements as to DPMSR and STR should be fully taken care of.
Customer Due Diligence (CDD) and Enhanced Customer Due Diligence (EDD) should be carried out in the case of all customers.
Record keeping and any other type of documentation as required.
Transactions happening between the dealers are considered low-risk ones. It is simply because each dealer in precious metals and stones is required to have a reasonably designed anti-money laundering compliance program.

Compliance. Trust. Transparancy

Customised and cost-effective AML compliance services to
support your business always

AML Risks for Jewellers

Here are the risks and opportunities involved with AML policies for dealers in precious metals and jewels.

Risks

Here are a few risks:

Reputational and financial risks to the institution
Civil and criminal penalties for the individuals as well as institutions

Opportunities

Here are the opportunities that you can leverage if you are a dealer in precious metals and gems.

Protecting and maintaining the integrity of the financial system.
Protecting your clients from falling prey to any kind of criminal activities or assaults.
Aiding to protect your company from financial losses and reputational exposure.
Harnessing efficiencies combining resources and IT systems to monitor for any kind of anti-money laundering and anti-fraud activities.

Skills

Here are a few skills that you require in order to meet all the requirements to abide by your AML compliance policies.

Regulatory experience
Valid certification from an authorized anti-money laundering association
Experience working in the compliance department of any financial institution.

FAQs - AML For Dealers in Precious Metals and Stones

Here are a few frequently asked questions about the Anti-Money Laundering For Dealers in Precious Metals and Stones (DPMS).

A legal or natural person involved in buying and selling precious metals, gems, jewellery, precious stones, etc., as a business is a dealer in precious metals.

Yes, gold is used in money laundering because it is challenging to trace gold. Also, its value is universal in nature and can be readily determined. Also, most of the transactions happen in cash, which can be brought from any source, leading to chances of financial crime.

Here are a few situations in which the AML/CFT obligations apply to DPMS.

Under the AML/CFT decisions and AML/CFT laws, DPMS is obliged to apply the required AML measures when they qualify as DNFBPs.

This occurs whenever they carry out either a single transaction or a series of multiple transactions that are related to each other and the total value of these transactions is equals to or exceeds more than AED 55,000,

Here is the process that you must follow in order to comply with your AML/CFT obligations for DPMS.

Define processes, policies, and internal controls

Carry out know your customer (KYC)

Screening

Risk profiling

Carry out enhanced due diligence (EDD), if required

Submit STR

Independent Audit

Record Maintenance for a period of 5 years

Repeat the process

Share via :

Add a comment

Related Blogs

20/01/2026

What is a sanction list?

16/01/2026

Best AML Consultants in UAE

30/12/2025

Best practices for KYC compliance

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is an ACAMS-certified AML consultant specialising in governance, risk, and compliance for regulated entities in the UAE. He brings over 28 years of experience, with 1,000+ hours of AML training and 200+ advisory engagements across DNFBPs, VASPs, and FIs. He supports businesses in aligning with AML/CFT requirements from the CBUAE, DFSA, MoET, MoJ, VARA, CMA, FSRA, and FATF. Known for translating complex regulations into audit-ready procedures, Pathik enables operational clarity and compliance readiness.

Reach Out to Pathik