MoEc’s Implementation Guide for DNFBPs on Customer Due Diligence (CDD)

Home Updates MoEc’s Implementation Guide for DNFBPs on Customer Due Diligence (CDD)

MoEc’s Implementation Guide for DNFBPs on Customer Due Diligence (CDD)

The Ministry of Economy (MoEc) has issued guidelines on Customer Due Diligence for DNFBPs in collaboration with the DNFBP’s Working Group under the Public and Private Partnership Committee. The standards set by the Financial Action Task Force (FATF), along with the industry’s best practices, are incorporated into these guidelines, providing a flexible approach for DNFBPs to meet their statutory obligations within the legal and regulatory environment.

The purpose of the MoEc’s Implementation Guide for DNFBPs on Customer Due Diligence (CDD) is to assist DNFBPs in tackling day-to-day compliance challenges and provide practical guidance in line with international best practices. Here is the summary of the key areas covered in the guideline.

What is Customer Due Diligence (CDD)?

Customer Due Diligence is a process employed by DNFBPs to understand the client profile. It includes measures like client identification and verification, understanding the purpose of business relationships, monitoring transactions, and keeping customer information up-to-date to counter financial crimes.

When do Business Need to Perform CDD?

CDD should be conducted in situations like:

  • Before starting a business relationship with a customer or during the process of starting a business relationship with a customer, opening an account or conducting transactions.
  • When the customer is making occasional transactions over AED 55,000, even if split into smaller amounts but seem connected or a transaction made in a single stretch.
  • Regardless of the stated exemption or threshold, if there’s any suspicion as to money laundering or terrorist financing.
  • When there are doubts about the veracity or adequacy of the previously provided customer information.

DNFBPs Customer Due Diligence Measures

For All Customers

  • DNFBPs should confirm and verify the identity of every customer, whether they are individuals, businesses or legal arrangements, through reliable and independent sources.
  • There must be proper authorisation and identity verification of the person acting on behalf of a customer.
  • Avoid dealings with any company that lacks genuine transparency or operates like a shell company.
  • Businesses must recognise and verify the identity of the beneficial owners, those with a significant stake (25% ownership or more) or effective control over the entity.
  • Gather information and understand the nature and purpose of the customer’s business relationship in order to understand its legitimacy.
  • Regularly review transactions and KYC information to check if they fit with the customer’s declared activities and risk profile.
  • Keep customer records updated, especially for customers categorised as high-risk.

For Legal Persons and Legal Arrangements

  • DNFBPs should understand the ownership and control structure of the customer and determine the nature of the business.
  • Identify and verify the information of the customer through:
    • Details such as name, legal form, Memorandum of Association, office address
    • Articles of Association recognised by relevant state authorities
    • Names of the people in the senior management
    • In the case of foreign entities, the details and documents of their legal representatives in the states are required.

Measures to Identify and Verify Beneficial Owners of the Customers

For Customers that are Legal Persons

  • Inquire whether any individual holds ownership interest, 25% or more of the company (directly or indirectly).
  • If it is unclear who is in control, identify individuals who manage or control the company in other ways, like decision-making authorities.
  • If no natural person can be identified, identify the senior managing official in power.
  • In the case of a listed company on a stock exchange subject to disclosure requirements or a majorly-owned subsidiary of such a company, the relevant identification data of the shareholders and beneficial owners can be obtained from a public register or the customer or other reliable sources.

For Customers that are Legal Arrangements

  • The settlor (person who creates the trust), the trustee(s) (person managing the trust), protector (if any), beneficiaries (people benefiting from the trust) or any other natural person with control in case of a trust.
  • Individuals holding similar positions in other types of legal arrangements.

Timing of Verification

DNFBPs must verify the information of their customers in the early phases of the business relationship, during or before the process of setting up business relationships with the customers. For occasional customers and in some cases if allowed, the verification of the customer identity may be completed after establishing the business relationship provided that:

  1. it is done as soon as possible
  2. it is necessary to avoid disrupting normal business operations.
  3. money laundering and terrorist financing risks are effectively managed.

In the above cases, DNFBPs are required to implement risk management procedures to ensure that they counter ML/TF risks effectively. These measures can include:

  1. Limitation on the number, types, and/or amount of transactions that can be performed
  2. Monitoring of large or complex transactions which do not align with the type of business relationship

CDD for Existing Customers

For existing customers, DNFBPs must review and apply CDD measures depending on the importance of the business relationship and the risk level of the situation. It is important to consider whether the CDD has been conducted in the past and whether the information is still relevant.

When CDD Cannot Be Completed

If a DNFBP is not able to successfully complete the Customer Due Diligence process:

  1. The DNFBP must refuse to start the business relationship or process a transaction.
  2. The business relationship must be terminated if the business relationship has started.
  3. The DNFBP needs to consider submitting a Suspicious Transaction Report (STR).

Avoid “Tipping Off” the Customer

DNFBPs and their staff should refrain from revealing information to anyone if they are filing a Suspicious Transaction Report (STR) with the Financial Intelligence Unit (FIU). In some cases where the DNFBPs suspect ML/TF but asking the customer for additional information will alert them, they are allowed to skip the due diligence process. Instead, they can directly file an STR with the authorities.

Reliance on CDD Measures Already Undertaken

A customer’s identity is not required to be verified for every transaction if their identity has already been verified. However, if there are concerns about the definiteness of the customer’s information, like the transactions do not match the customers’ business profile or there is a sudden increase in the volume of transactions, DNFBPs should reassess the provided information.

Ongoing Customer Due Diligence

Ongoing CDD means continuously monitoring and reviewing customer relationships to comply with regulations and reduce the risk of money laundering, fraud, and other financial crimes. The ongoing customer due diligence transaction process involves:

  1. Continuous Monitoring: Inspecting the transactions and activities of the customer on a regular basis to recognise any unusual or suspicious patterns.
  2. Updating Customer Information: Reexamining and updating customers’ details for any changes to be displayed on their risk profile.
  3. Customer Risk Assessment: Evaluating each customer’s risk level based on their behaviour, transactions, and their geographic location.
  4. Enhanced Due Diligence: Extra precautions when there are high-risk customers and performing strict checks, like taking extra documents or closely examining their transactions.
  5. Training Staff: It is important that the employees know the importance of ongoing CDD and are trained to observe warning signs.
  6. Regulatory Reporting: Following legal rules to report suspicious activities to the authorities.

The frequency of the ongoing monitoring needs to be decided based on the level of risks associated with the customer. High-risk customers need to undergo reviews more often than low-risk customers.

Record-Keeping Requirements

DNFBPs operating in the UAE must keep CDD records, whether physically or digitally, for at least five years after their business relationship with a customer ends.

Records can include identification documents, sanctions screening evidence, business records showing correspondence between the business and customer, and analysis records for background checks in the case of unusual or large transactions are also required to be maintained.

These records are required to keep domestic and international records and details of the customer transactions for the firm to respond to the request from government or regulatory bodies, and these records should be detailed enough to trace any specific transaction to use as evidence for charging somebody of criminal activity.

Guidelines for Record Keeping

  1. The documents collected for customer verification must be from dependable and independent sources, and the information should be current at the time it is obtained. The most dependable documents are those that are hard to forge or obtain illegally, like government-issued IDs and passports, reports from independent business or company registries, audited annual reports and other sources.
  2. All the documents must be clear and readable with a photo identity.
  3. For a copy of documents, they must be verified against the original by an authorised staff member. For the cases where the original document is not available, the copy of the document should be notarised by a notary, lawyer or a qualified professional.
  4. A staff member should provide a summary of the foreign language documents in the familiar language. It is the responsibility of the firm to ensure that they understand the nature and content of the document. The firm can also hire a professional translator to ensure that the document is properly understood.

Simplified CDD

DNFBPs use a risk-based approach to determine the level of Customer Due Diligence required, which means the intensity of the assessments depends on the level of money laundering or terrorism financing risks associated with a customer or transaction. Simplified Due Diligence is only acceptable when the risks are identified as lower based on thorough risk analysis.

When is Simplified Due Diligence Required?

Simplified CDD is allowed when:

  1. A customer is assessed as low-risk after a proper risk analysis.
  2. There is no indication from the customer suggesting money laundering or terrorism financing.
  3. The transactions carried out by the customers are low in value and fit with the customer’s profile.

Simplified CDD measures can not be undertaken when there is a suspicion as to ML/TF or where the associated risks are high.

Enhanced Due Diligence

Enhanced Due Diligence takes into account rigorous inspections, detailed evaluations, and closely monitored activities related to customers that are considered high-risk when the customer or beneficial owner of the customer is a PEP or associated with a PEP.

When is Enhanced Customer Due Diligence Required?

Enhanced Due Diligence is required in situations when a business relationship or transaction suggests a higher risk of money laundering or terrorist financing. These risks can arise from customers’ geographic location, their business activities, or their association with PEPs.

When a customer is identified as high-risk, the intensity and nature of the examination increase to assess whether the transactions or activities are suspicious.

When the Enhanced CDD process is complete for high-risk customers, the senior management is involved in deciding whether to start or continue doing business with them.

For high-risk customers, as a part of the EDD process, the DNFBPs are required to:

  1. Obtain additional information on the customer and beneficial owners
  2. Carry out more frequent CDD measures, and transaction reviews based on the patterns identified and increase the number and timing of controls applied.
  3. Obtain additional information on the intended nature of the business relationship
  4. Verifying Source of Funds and Source of Wealth (Particularly for foreign PEPs)
  5. Obtaining approval of the senior management to commence or continue the business relationship

Summing Up: Implementation Guide DNFBPs on Customer Due Diligence

Customer Due Diligence can be a complex process, but businesses can handle CDD efficiently with the right tools and strategies. MoEc’s Implementation Guidance for DNFBPs on Customer Due Diligence (CDD) provides practical and actionable guidance to DNFBPs in implementing an effective CDD process to counter ML/TF risks effectively.

With our AML expert guidance,

Start your AML compliance journey smoothly.

Contact Us

Share via :

Share on facebook
Share on twitter
Share on linkedin

Share via :

Share on facebook
Share on twitter
Share on linkedin