Self Assessment Questionnaire for SARs, STRs and Transaction Monitoring
Self Assessment Questionnaire for SARs, STRs and Transaction Monitoring
The Ministry of Economy has asked the Designated Non-Financial Business or Professions (DNFBPs) to respond to their Self-Assessment questionnaire on SARs, STRs and Transaction Monitoring. The purpose of the review is to highlight the generic findings observed within the DNFBPs and provide targeted feedback to the sector
The Self‐Assessment Questionnaire for SARs, STRs and Transaction Monitoring shall be filled by the compliance officer/MLRO as he is responsible for establishing and maintaining AML/CFT systems. He shall approve and sign off the completed checklist.
DNFBPs are advised to read each question in the Self‐Assessment Questionnaire for SARs, STRs and Transaction Monitoring carefully before answering and use the text box to provide comments where the response to the question requires further elaboration.
Self Assessment Questionnaire Sections
Section 1: General Information
Company Trade License Number and Email Address: Enter the Company Trade License Number and Email Address of the reporting entity
Company activity Type: Select the applicable option from:
- Dealers in Precious Metals and Stones
- Trust and Company Service Providers
- Accountants/Auditors
- Real Estate Brokers and Agents Providers
Name of the DNFBP: Enter the reporting entity name
Section 2: Self Assessment Questionnaire
1. Do you collect and input data for all clients consistently?
Ans: Say ‘Yes’ if you collect and input data for all clients consistently.
2. Do you define the data that should be mandatorily filled as a system requirement (e.g. nationality, employment status, date of on-boarding, PEP status, status as a legal person or legal arrangement, correspondent, jurisdiction of incorporation, etc.)?
Ans: Say ‘Yes’ if you comply with the above requirements.
3. Do you flag customers as related parties or use any consolidated monitoring techniques (e.g., customers with the same beneficial owners, customers that are part of a corporate group, customers with the same mobile number, and residence address)?
Ans: Say ‘Yes’ if you comply with the requirements.
4. Do you assign a risk rating to each customer, and is it reflected in the system?
Ans: Say ‘Yes’ if you assign a risk rating to each customer, and it reflects in the system.
5. Do you have in place controls to identify transactions that are not consistent with the DNFBP’s knowledge of the customer, his business and risk rating?
Ans: Say ‘Yes’ if you comply with the requirements.
6. Do you have in place controls to identify any complex or unusually large transactions or unusual patterns of transactions that have no apparent or visible economic or legitimate purpose?
Ans: Say ‘Yes’ if you comply with the requirements.
7. Where customers or Business Relationships are identified as high-risk, do you investigate and obtain more information about the purpose of transactions and enhance ongoing monitoring and review of transactions in order to identify potentially unusual or suspicious activities?
Ans: Say ‘Yes’ if you investigate and obtain more information about the purpose of transactions and enhance ongoing monitoring and review of transactions to identify potentially unusual or suspicious activities for customers or Business Relationships identified as high-risk.
8. Are higher-risk customers subject to more stringent transaction monitoring, such as lower thresholds for alerts and more intensive investigation?
Ans: Say ‘Yes’ if high-risk customers are subject to more stringent transaction monitoring, such as lower thresholds for alerts and more intensive investigation.
9. Do you define a clear escalation framework for the alerts generated?
Ans: Say ‘Yes’ if you define a clear escalation framework for the alerts generated.
10. Do you conduct and complete an investigation of the alerted activity?
Ans: Say ‘Yes’ if you conduct and complete an investigation of the alerted activity
11. Do you document the results of any research or analysis performed and recommend whether an STR or SAR should be filed?
Ans: Say ‘Yes’ if you document the results of any research or analysis performed and recommend whether an STR or SAR should be filed.
12. In the case of an internal investigation”, Do you define the reasonable Request for Information “RFI” timeframe to allow the customer to respond to queries raised during a case investigation?
Ans: Say ‘Yes’ if you define the reasonable Request for Information “RFI” timeframe to allow the customer to respond to queries raised during an internal case investigation.
13. Do you have clear procedures for making RFIs on the customers of correspondents?
Ans: Say ‘Yes’ if you have clear procedures for making RFIs on the customers of correspondents.
14. Do you have a clear policy for limiting/restricting/terminating a correspondent’s account should the correspondent not respond to RFIs in a timely manner?
Ans: Say ‘Yes’ if you have a clear policy for limiting/restricting/terminating a correspondent’s account in case the correspondent does not respond to RFIs in a timely manner.
15. Do you have a process in place for the expedited filing of urgent reports in appropriate cases?
Ans: Say ‘Yes’ if you have a process in place for the expedited filing of urgent reports in appropriate cases.
16. Do you maintain a log of exited/terminated relationships and rejected cases?
Ans: Say ‘Yes’ if you maintain a log of exited/terminated relationships and rejected cases.
17. Do your AML/CFT systems in relation to suspicious transaction/ activity reporting include clear policies and procedures over internal reporting for SARs/STRs?
Ans: Say ‘Yes’ if your AML/CFT systems in relation to suspicious transaction/ activity reporting include clear policies and procedures over internal reporting for SARs/STRs
18. Do your AML/CFT systems in relation to suspicious transaction/ activity include clear policies and procedures for reporting to the UAE FIU?
Ans: Say ‘Yes’ if your AML/CFT systems in relation to suspicious transaction/ activity include clear policies and procedures for reporting to the UAE FIU
19. Do your AML/CFT systems in relation to suspicious transaction/ activity reporting include clear policies and procedures for post-reporting risk mitigation and prevention of tipping-off?
Ans: Say ‘Yes’ if your AML/CFT systems in relation to suspicious transaction/ activity reporting include clear policies and procedures for post-reporting risk mitigation and prevention of tipping-off.
20. Do you have measures in place to check, on an ongoing basis, that your AML/CFT systems in relation to suspicious transaction/ activity reporting comply with relevant legal and regulatory requirements and operate effectively?
Ans: Say ‘Yes’ if you have measures in place to check, on an ongoing basis the AML/CFT systems in relation to suspicious transaction/ activity reporting comply with relevant legal and regulatory requirements and are operating effectively.
21. Do you define a well-articulated workflow/ decision tree to decide whether or not a suspicious transaction/activities report should be filed?
Ans: Say ‘Yes’ if you define a well-articulated workflow/ decision tree to decide whether or not a suspicious transaction/activities report should be filed.
22. Do you have a process in place for the expedited filing of urgent suspicious transaction/activities reports in appropriate cases?
Ans: Say ‘Yes’ if you have a process in place for the expedited filing of urgent suspicious transaction/activities reports in appropriate cases.
23. Does the Compliance Officer or MLRO, or Deputy MRLO file a suspicious transaction/activities report to the FIU within 24 hours of the determination?
Ans: Say ‘Yes’ if the Compliance Officer or MLRO, or Deputy MRLO file a suspicious transaction/activities report to the FIU within 24 hours of the determination.
24. Are all decisions to file/ not to file suspicious transaction/activities reports documented and signed off by the MLRO or Head of Compliance or their deputy?
Ans: Say ‘Yes’ if all decisions to file/ not to file suspicious transaction/activities reports are documented and signed off by the MLRO or Head of Compliance or their deputy.
25. Do you maintain a register of all suspicious transaction/activities reports made to the FIU, as well as of all reports made by employees to the MLRO, including those where a decision is made by the MLRO not to report to the FIU?
Ans: Say ‘Yes’ if you maintain a register of all suspicious transaction/activities reports made to the FIU, as well as of all reports made by employees to the MLRO, including those where a decision is made by the MLRO not to report to the FIU.
26. Does your record of all ML/TF reports made to the MLRO include the following details a. Sufficient details of the customer concerned?
Ans: Say ‘Yes’ if the record of all ML/TF reports made to the MLRO includes sufficient details with respect to the customer concerned.
27. Does your record of all ML/TF reports made to the MLRO include the following details: The information giving rise to the suspicion?
Ans: Say ‘Yes’ if the record of all ML/TF reports made to the MLRO includes the details of information giving rise to the suspicion.
28. Does your record of all ML/TF reports made to the MLRO include the following details The date on which the report was made?
Ans: Say ‘Yes’ if the record of all ML/TF reports made to the MLRO includes the date on which the report was made.
29. Does your record of all ML/TF reports made to the MLRO include the following details are the staff members subsequently handling the report?
Ans: Say ‘Yes’ if the record of all ML/TF reports made to the MLRO includes the details of the staff members subsequently handling the report.
30. Does your record of all ML/TF reports made to the MLRO include the following details the result of the assessment?
Ans: Say ‘Yes’ if the record of all ML/TF reports made to the MLRO includes the details pertaining to the result of the assessment.
31. Does your record of all ML/TF reports made to the MLRO include the following details: a. whether the internal report result in a suspicious transaction/activities report to the FIU?
Ans: Say ‘Yes’ if you comply with the requirements.
32. Do you maintain a customer exit policy that outlines the process for reviewing the overall customer relationship and deciding on the next steps, including ending the relationship and notifying law enforcement and/or other group affiliates, as appropriate?
Ans: Say ‘Yes’ if you maintain a customer exit policy that outlines the process for reviewing the overall customer relationship and deciding on the next steps, including ending the relationship and notifying law enforcement and/or other group affiliates, as appropriate.
33. Do you provide sufficient training to your staff to enable them to form suspicion or to recognise the signs when ML/TF is taking place?
Ans: Say ‘Yes’ if you provide sufficient training to your staff to enable them to form suspicion or to recognise the signs when ML/TF is taking place.
34. Do you provide guidance to staff on identifying suspicious activity, taking into account the nature of the transactions and customer instructions that staff are likely to encounter?
Ans: Say ‘Yes’ if you provide guidance to staff on identifying suspicious activity, taking into account the nature of the transactions and customer instructions that staff are likely to encounter.
35. Do you provide guidance to staff on identifying suspicious activity taking into account the type of product or service?
Ans: Say ‘Yes’ if you provide guidance to staff on identifying suspicious activity, taking into account the type of product or service.
36. Do you provide guidance to staff on identifying suspicious activity taking into account the means of delivery, the customer risks, geographical risk and any risk derived from the change of circumstances?
Ans: Say ‘Yes’ if you provide guidance to staff on identifying suspicious activity, taking into account the means of delivery, the customer risks, geographical risk and any risk derived from the change of circumstances.
37. Do your STR/SAR documented procedures include red flags and suspicious indicators?
Ans: Say ‘Yes’ if your STR/SAR documented procedures include red flags and suspicious indicators.
38. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? “Transactions or instructions which have no apparent legitimate purpose and/or appear not to have a commercial rationale”
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that the Transactions or instructions have no apparent legitimate purpose and/or appear not to have a commercial rationale
39. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? “Transactions, instructions or activity that involve apparently unnecessary complexity or which do not constitute the most logical, convenient or secure way to do business”
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that the transactions, instructions or activities that involve apparently unnecessary complexity or which do not constitute the most logical, convenient or secure way to do business
40. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? “where the transaction being requested by the customer, without reasonable explanation, is out of the ordinary range of services normally requested, or is outside the experience of the financial services business and DNFBPs in relation to the particular customer.”
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that the transaction being requested by the customer, without reasonable explanation, is out of the ordinary range of services normally requested, or is outside the experience of the financial services business and DNFBPs in relation to the particular customer
41. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? “where without reasonable explanation, the size or pattern of transactions is out of line with any pattern that has previously emerged “
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios, which might possibly give rise to a suspicion that without reasonable explanation, the size or pattern of transactions is out of line with any pattern that has previously emerged.
42. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? “where the customer refuses to provide the information requested without reasonable explanation or who otherwise refuses to cooperate with the CDD and/or ongoing monitoring process.”
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that where the customer refuses to provide the information requested without reasonable explanation or who otherwise refuses to cooperate with the CDD and/or ongoing monitoring process.
43. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? where a customer who has entered into a business relationship uses the relationship for a single transaction or for only a very short period without a reasonable explanation
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that where a customer who has entered into a business relationship uses the relationship for a single transaction or for only a very short period without a reasonable explanation
44. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? The extensive use of trusts or offshore structures in circumstances where the customer’s needs are inconsistent with the use of such services
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that the extensive use of trusts or offshore structures in circumstances where the customer’s needs are inconsistent with the use of such services
45. Do you ensure staff are aware of and alert to the below situations/scenarios and consider them in certain circumstances to possibly give rise to suspicion? Transfers to and from high‐risk jurisdictions without reasonable explanation, which are not consistent with the customer’s declared business dealings or interests
Ans: Say ‘Yes’ if you ensure that the staff are aware of and alert to the situations/scenarios which might possibly give rise to a suspicion that Transfers to and from high‐risk jurisdictions without reasonable explanation, which is not consistent with the customer’s declared business dealings or interests
46. Do you ensure that the STRs filed with the FIU are of high quality, taking into account feedback and guidance provided by the FIU and your supervisor from time to time?
Ans: Say ‘Yes’ if you ensure that the STRs filed with the FIU are of high quality, taking into account feedback and guidance provided by the FIU and your supervisor from time to time
47. Upon filing an STR report to FIU, do you conduct an appropriate review of the business relationship, irrespective of any subsequent feedback provided by the FIU, and apply appropriate risk-mitigating measures?
Ans: Say ‘Yes’ if you conduct an appropriate review of the business relationship, irrespective of any subsequent feedback provided by the FIU, and apply appropriate risk-mitigating measures after filling an STR report to FIU
48. Upon filing an STR report to FIU, do you, if necessary, escalate the issue to the senior management to determine how to handle the relationship concerned to mitigate any potential legal or reputational risks posed by the relationship?
Ans: Say ‘Yes’ if you escalate the issue to the senior management to determine how to handle the relationship concerned to mitigate any potential legal or reputational risks posed by the relationship after filing an STR report to FIU.
49. If the FIU or your supervisor issues a no-consent letter, do you act according to the content of the letter and seek legal advice where necessary?
Ans: Say ‘Yes’ if, on the issue of a no-consent letter by FIU or your supervisor, you act according to the content of the letter and seek legal advice where necessary.
50. Does the record of all STRs made to the FIU include the following details?
Ans: Say ‘Yes’ if the record of all STRs made to the FIU includes the following details:
- The date of the STR was made;
- The person who made the STR; and
- The information to allow the papers relevant to the STR to be located.
51. Do you have a proper mechanism to provide additional information and documentation to FIU within the timeframe provided?
Ans: Say ‘Yes’ if you have a proper mechanism to provide additional information and documentation to FIU within the timeframe provided.
52. Are the STR/SAR reports and investigations records confidential and maintained in safekeeping and not accessible to all staff? But only accessible to designated staff?
Ans: Say ‘Yes’ if you comply with the requirements.
53. Have your entity registered in the GoAML system?
Ans: Say ‘Yes’ if your entity is registered in the GoAML system.
54. How many STR/SAR were submitted to the FIU through GoAML system in the past?
Ans: Mention the number of the STR/SAR submitted to the FIU through the GoAML system in the past
55. For how many cases of STR/SAR there were feedback received from the FIU?
Ans: Mention the number of feedback received from the FIU on filling of cases of STR/SAR.
AML Compliance services
AML UAE is the premium AML consulting firm in UAE. We help our customers with goAML registration, business risk assessment, AML policy documentation, AML training, AML software selection, KYC, Screening and Risk Profiling, STR filing, and more. Get in touch with us to remain compliant with UAE AML Laws and Regulations.
Our timely and accurate AML consulting services
For your smooth journey towards your goals
Our recent blogs
side bar form
Add a comment
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 25 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.
He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.