Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes
Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes
The overall Anti-Money Laundering compliance landscape covers implementing measures to comply with the Sanctions regime. Even the UAE AML regulations mandate the regulated entities to screen the customers, suppliers, and the Ultimate Beneficial Owners against the Sanctions List. This regulatory obligation applies to Virtual Asset Service Providers (VASPs) operating in UAE to manage the risk of sanctions violations through crypto transactions.
Let us explore the Sanctions compliance requirement under the UAE regulations, why is sanctions compliance by VASPs so significant, and how VASPs can ensure effective compliance with the Sanctions regime.
Sanctions Compliance under UAE AML framework
Sanctions are the restrictions or embargoes imposed upon known criminals engaged in terrorist activities or other serious crimes from accessing the financial systems or particular products or services. In this context, sanction compliance becomes pertinent to ensure that the businesses do not engage with the sanctioned entities or individuals, ensuring they safeguard themselves from financial misuse and avoid penalties for sanctions violations.
Under the UAE AML/CFT regulations, Sanctions compliance is integral to the AML/CFT program. The regulated entities are mandatorily required to screen the customers, suppliers, and Ultimate Beneficial Owners (UBOs) of the corporate customers/suppliers, employees, and any third party associated with the business against the following lists:
- UAE Local Terrorist List
- United Nations Consolidated List
In addition, the regulated entities must conduct screening against the relevant international lists when a foreign country or global economy is involved.
Basis the screening outcome, the regulated entities must take specific actions and file an appropriate report on the goAML portal.
With this basic idea about the Sanctions regime prevalent in the UAE, let us explore the sanctions compliance obligations of a VASP in the UAE.
Sanctions compliance by VASP in UAE
As the VASPs are subject to AML compliance in the UAE, they must also implement an effective sanctions compliance program. Sanctions compliance is necessary for the VASPs to ensure the virtual assets are not exploited by the sanctioned or designated persons to conduit terrorist financing or money laundering activities.
Subscribing to EOCN Notification System:
The regulated entities, including the VASPs, are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) to receive regular updates on the modification in the UAE Local Terrorist List and the UNSC Consolidated Sanctions List, i.e., intimation when any person is added in the lists, or de-listing of any individual, entity, or group on the lists.
Given the fact that virtual assets transfer sees no geographical boundaries, the VASPs must not only screen the originator and the beneficiaries against the local sanctions list but also consider the country-specific and all other international sanctions.
The VASP must screen the originator’s and beneficiary’s virtual asset wallet ID to identify if any sanctioned or blacklisted wallets are involved in the proposed transfer.
The screening is not a one-time affair; instead, it must be carried out on an ongoing basis to timely identify any update to the sanction status of an existing customer or virtual asset wallet. This will ensure timely action against the designated person or wallets.
Basis the hits found in the sanctions screening, the UAE Targeted Financial Sanctions (TFS) regime mandates the regulated entities, including VASP, to undertake specific actions.
- In the case of a “Confirmed Match,” all the identifying information about the person, entity, or group matches with the key identifiers (name, date of birth, nationality/country of incorporation, etc.) of the designated person mentioned in the sanctions list. For confirmed match cases, the VASP must freeze the virtual assets available in the designated person’s wallet with VASP and shall terminate the business relationship. While in a confirmed match for a potential customer, the VASP must reject the virtual asset transaction. These freezing or rejection measures must be taken within 24 hours of identifying the persons as sanctioned.
- However, in cases where all the key identifiers are not matching, or some of the information is missing but indicates a possibility of a matching basis, the partial name match, which the VASP cannot decide whether it is a confirmed match or false match, then in such cases, the VASP must suspend the transactions and the business relationships with such partial name match person. The VASP must continue such suspension unless any specific instructions are received from the EOCN.
Where the VASP identifies any confirmed or partial name match with the UAE Local Terrorist List or the UNSC Consolidated List, the VASP must report the same to the EOCN by filing the appropriate report on the goAML Portal. VASP must file a Funds Freeze Report (FFR) in case of a ‘confirmed match’ giving the details of virtual assets frozen and a Partial Name Match Report (PNMR) for a ‘partial name match’ case within 5 days from taking the abovementioned actions.
The VASP must ensure compliance with all the above 4 points to effectively implement the Targeted Financial Sanctions regime and maintain the integrity of the virtual asset world.
Step-by-Step Guide for VASP to ensure effective Sanctions Compliance
With the pace at which the virtual asset transfer occurs and the fact that the sanctions lists are updated regularly, the VASPs must follow a systematic approach to implement a robust Sanctions Compliance Program.
1. Designing a Sanctions Compliance Policy:
As a first step, the VASP’s management and the AML Compliance Officer must understand the sanctions compliance requirement to be adhered to and design a comprehensive Sanctions Compliance policy in accordance with the overall business risk and applicable regulations. The Sanctions Compliance Policy must clearly define the mandatory nature of undertaking sanctions screening, systems and controls required, actions to be taken by the team when matches are found (including review, freezing of funds, or termination/suspension of the business relationship, etc.) and the goAML reporting obligation.
Further, as part of the policy, the VASPs must also identify what sanctions lists would be screened.
2. Identifying the suitable Sanctions Screening solution:
Once the compliance requirements are identified, the VASP must look for an appropriate sanctions screening solution that supports the regulatory obligation and prevents the misuse of the crypto-assets.
While selecting the solution, the VASP must consider the following:
- What all sanctions lists does the tool support
- Form where is the sanctions database sourced (third-party data aggregator or directly from the official sources)
- How frequently this database is updated
- Can this system be integrated with the VASP’s online platform
- Does the platform support continuous screening
- Is the solution capable of supporting real-time screening
- Does the screening tool capable of handling large volumes of data
- Does the solution use AI or emerging technology to reduce the false positive hits
- Is the solution compliant with the data privacy and security requirements
3. Integrating and setting up the sanctions screening rules:
Once the tool is finalized, the same must be integrated seamlessly with the VASP’s internal systems and platform to ensure that the screening is conducted on a real-time basis before the virtual asset transfer actually takes place so that transactions involving any potential hits or confirmed matches can be blocked.
The VASPs must define the screening criteria and rules basis which the screening would be conducted. This includes defining the parameters or identifiers for screening (such as originator/beneficiary name, virtual asset wallet ID, type of virtual asset transferred, location, etc.
The workflows for managing the screening results must also be configured, i.e., how the hit alerts would be generated, who would review the matches found, and conclude on the type – confirmed match, partial name match, or false hit.
4. Employees Training on Sanctions regime:
The strength of the technology deployed for screening is ineffective unless the VASP’s team is well-trained on sanctions compliance measures and how to implement the screening solution. The AML Compliance Officer must ensure that the relevant staff, specifically front-line employees, are educated on the significance of the sanctions regime, how to conduct sanctions screening, and what actions are expected from the particular role. The VASP must ensure the team stays updated with the evolving sanctions framework and emerging technologies deployed for sanctions compliance.
5. Periodic review of the Sanctions Compliance Policy and solution:
It is pertinent for VASP to ensure that the policy designed and the tools implemented are aligned with the ever-changing regulatory landscape and the emerging red flags and typologies. The overall sanctions program must be reviewed to identify gaps and enhance the procedures and controls for avoiding any unknowingly business dealings with sanctioned persons or sanctions non-compliance penalties.
With an organized approach to implementing sanctions compliance, the VASPs can mitigate the risk of facilitating sanctions violations, protect their reputation by demonstrating the commitment to AML/CFT and sanctions compliance.
Let AML UAE assist you with implementing the Sanctions Compliance Program
AML UAE is a leading AML consultancy firm assisting AML-regulated entities, including Virtual Asset Service Providers, in establishing and maintaining a robust AML/CFT compliance program, including a comprehensive framework for implementing the Targeted Financial Sanctions regime. From assessing the sanctions violation risk to identifying the proper sanctions screening solution, we got your back.
Let’s stay compliant and fight back the financial crime!
Make significant progress in your fight against financial crimes,
With the best consulting support from AML UAE.
Our recent blogs
side bar form
Share via :
About the Author
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 22 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.
He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.