The regulated entities, such as DNFBPs, Financial Institutions, and VASPs, are required by the UAE AML Regulations to evaluate the risk that each customer poses to the company and implement Enhanced Due Diligence procedures to manage high-risk customers.

EDD involves investigating the customer’s identity in depth, whether legal or personal. It also involves inquiring into the customer’s wealth and funding sources and verifying their legitimacy.

EDD allows the regulated entity to distinguish between customers who are simply posing an increased risk and customers who are actually suspected of being connected to financial crime through additional checks.

When it comes to AML CFT, customer due diligence is a crucial element. Customer due diligence is a process of identifying the customers, verifying their identity, and evaluating the potential risk a customer may pose to the business before establishing a business relationship and onboarding such a customer.

CDD process aims to determine whether the business is vulnerable to financial crime risks when dealing with a person and what controls must be deployed to mitigate such risks.

The Enterprise Risk Assessment (EWRA)/ Business Risk Assessment is vital in ensuring AML compliance.

The reporting entities (Financial Institutions, DNFBPs and VASPs) shall conduct ERWA considering the relevant risk factors, their likelihood of occurrence, and countermeasures deployed.

To safeguard the reporting entities (Financial Institutions, DNFBPs and VASPs) from financial crime risks and to remain compliant with AML requirements, an AML Audit must be conducted independently by competent personnel on a periodic basis to ensure that the AML Program of the entity is consistent with AML rules and regulations.

AML Audit is entirely different from a financial audit of the books of accounts. The Independent AML Audit verifies the entity’s AML/CFT compliance framework.

According to AML UAE regulations, the reporting entities (Financial Institutions, DNFBPs and Virtual Asset Service Providers) must comply with reporting requirements with FIU on the goAML portal. Based on the red flags identified concerning any suspicious activity/ transaction, the entities must report the same to FIU on the goAML portal by filing a Suspicious Activity Report (SAR)/ Suspicious Transaction Report (STR).

The reporting entities (financial institutions, DNFBPs, and VASPs) must have a robust program in place to ensure compliance with AML rules and regulations. Ensuring the same requires the support of senior management, which plays a vital role in AML compliance.

The reporting entities must design and implement AML Policies and Procedures to ensure compliance with all the mandatory requirements. One of Senior Management’s key responsibilities is appointing a Compliance Officer. The Senior Management has the following roles and responsibilities:

Pursuant to UAE AML Rules and Regulations, Financial Institutions, DNFBPs, and Virtual Asset Service Providers must register on the goAML Portal to comply with timely reporting requirements with the FIU and the concerned supervisory authority.

The reporting entities are required to submit various reports on the goAML portal, depending upon the nature of the transaction. This video will help you understand various reports that must be filed under  UAE AML regulations.

Based on KYC/ KYB and screening, the reporting entities (Financial Institutions, DNFBPs and Virtual Asset Service Providers) must assess the risk associated and assign an appropriate risk rating to the customer.

The reporting entities shall assess the Customer Risk by classifying the customer risk profile depending upon the risks involved as unacceptable, high, medium, or low. The higher the risks, the more stringent controls must be in place to mitigate such risks.

In case customers are classified as “high-risk”, the reporting entities must apply Enhanced Due Diligence (EDD) measures. The following parameters can be considered while doing risk profiling:

The reporting entities (Financial Institutions, DNFBPs and Virtual Asset Service Providers) must comply with goAML reporting requirements with the Financial Intelligence Unit.

The reporting entities must screen their new/ existing customers based on the UNSC consolidated list and UAE local terrorist list before onboarding or carrying out any occasional transaction.

The key element of Customer Due Diligence before onboarding corporate customers is to identify ultimate Beneficial Owners (UBO) and unveil their true identity to fight against money laundering and terrorist financing.

If UBO pertains to high risk, then the entity will also be treated as high risk, and Enhanced Due Diligence is to be conducted for both. UBO can only be a natural person. The following qualifies as UBO: