Skip to main content
  • 2.2 Customer Due Diligence and Enhanced Due Diligence

    The goal of the CDD process is to ensure that LFIs understand who their customer is and the purpose for which the customer will use the LFI's services. Where an LFI cannot satisfy itself that it understands a customer, then it must not accept the customer. If there is an existing business relationship, the LFI should not continue it. LFIs should also consider filing an STR, SAR or other report types to the FIU as discussed in section 2.3.2 below. This guidance is not an exhaustive list of LFIs' CDD obligations and LFIs should consult the legal and regulatory framework in force in the UAE for the measures to be taken.

    • 2.2.1 Customer Identification and Verification

      Under Article 8 of AML-CFT Decision, LFIs are required to identify and verify the identity of all customers. Please see also the AML/CFT Guidelines for Financial Institutions for full information on customer identification. In particular, when verifying the Emirates ID card, LFIs must use the online validation gateway of the Federal Authority for Identity & Citizenship and keep a copy of the Emirates ID and its digital verification.

      Hawala providers based in the UAE are required to have an active registration certificate issued by the CBUAE and a commercial trade license that includes Hawala Activity. In particular, when opening any accounts for hawala providers, LFIs must physically check the original hawala provider registration certificate issued by the CBUAE and keep a copy thereof. LFIs should not form business relationships or conduct transactions with hawala providers without an active registration certificate issued by the CBUAE (unregistered hawala providers). In addition, if an LFI determines that a customer or prospective customer has materially misrepresented itself or its business, it must not accept the customer, must exit the relationship if one has been established, should add the customer, its beneficial owners, directors and managers to its internal watchlists, and should file an STR with the FIU.

    • 2.2.2 Beneficial Owner Identification

      Where the hawala provider customers is a legal person, please consult the CBUAE's Guidance for LFIs providing services to Legal Persons and Arrangements for details on the identification of beneficial owners.11


      11 Available at https://www.centralbank.ae/en/cbuae-amlcft.

    • 2.2.3 Customer's Business and Business Relationship

      For all customer types, LFIs are required to understand the purpose for which the account or other financial services will be used, and the nature of the customer's business. This element of CDD will have important implications for the customer risk rating. This is particularly true of the purpose of the account, which will likely be an essential determinant of risk for hawala provider customers. It is critical that LFIs have processes and controls in place to ensure that they are able to identify hawala customers. LFIs must ensure that they fully understand their customers' source of funds and the business in which they are engaged. In addition to interviewing the customer, requesting financial records, and reviewing invoices, LFIs should also search company databases and consider visiting the customer's business premises.

      Underground hawala providers often try to evade detection by creating new companies and/or frequently switching to new financial institutions. In addition, even those that operate legally, may seek to misrepresent the purpose of the relationship in order to evade scrutiny and controls imposed by the LFI. It can be particularly difficult for an LFI to establish the bona fides and business activities of a newly established company, which is likely to not have any customers or inventory, especially when that company's line of business (e.g. import/export) is vague. LFIs should screen the names of new customer's beneficial owners, directors, and managers against its internal watchlists of customers previously exited by the LFI.

      When a customer provides information indicating it is a hawala provider, LFIs must collect sufficient information during the CDD process to understand the full scope of the customer's business, including not only its provision of hawala services but also any other business activities in which the customer engages. LFIs should pay particular attention to the jurisdictions with which their hawala provider customers does business, and must understand whether their customer offers financial services to other hawala providers (e.g. participates in clearing networks or makes transfers on behalf of the customers of another provider who lacks a network in certain jurisdictions). Furthermore, LFIs must fully understand the intended use of the account and the expected activity on the account, to the extent that it can generally predict activity on the account and identify activity that does not fit the profile. This may be many small cash deposits followed by large cross-border transfers or volume of activity that does not fit the customer's business. They must also understand whether the hawala provider may be using the LFI's accounts to conduct business and to move funds on behalf of customers while attempting to conceal this activity from the LFI. Section 2.3.1 contains red flags for concealed activity.

    • 2.2.4 Ongoing Monitoring

      All customers must be subject to ongoing monitoring throughout the business relationship to ensure that transactions are reasonable, and legitimate. Ongoing monitoring is particularly important in the context of business relationships with hawala providers, where the risks these relationships create for the LFI can change significantly based on the hawala provider's business activities. LFIs are required to ensure that the CDD information they hold on all customers is accurate, complete, and up-to-date. LFIs should update CDD for all customers on a risk-based schedule, with CDD on higher-risk customers being updated more frequently. EDD on all customers should involve more frequent CDD updates.

      In addition to a review of the customer's CDD file, the LFI should also review the customer's transactions to determine whether they continue to fit the customer's profile and business, and are consistent with the business the customer expected to engage in when the business relationship was established. This type of transaction review is distinct from the ongoing transaction monitoring discussed in 2.3.1 below. The purpose of the review is to complement ongoing transaction monitoring by identifying behaviours, trends, or patterns that are not necessarily subject to transaction monitoring rules. For example:

       Company M, a hawala provider, opens an account with Bank B, an LFI. At onboarding, Company M tells Bank B that it operates as a money transfer service to Country X. A year after the account is opened, Bank B conducts a scheduled CDD review and discovers that, six months after onboarding, Company M began to make and receive periodic transfers to and from Country Y. Bank B makes inquiries and discovers that Company M is now providing money transfer services to Country Y as well. Bank B decides to put a restriction on the account requiring prior authorization to make transfers beyond Country X and Country Y, requires Company M to sign a warrant that it will inform Bank B in advance of any future changes to its business model, and raises the customer risk-rating.
       

      When customers are higher risk, including hawala provider customers, monitoring should be more frequent, intensive, and intrusive. LFIs should review the CDD files of higher risk customers on a frequent basis, such as twice a year. The methods LFIs use to review the account should also be more intense and should not rely solely on information supplied for the customer. For example, LFIs should consider:

       Reviewing all transactions on the account, rather than a sample of transactions;
       
       Conducting site visits at the customer's premises and requesting a meeting with the customer;
       
       Conducting searches of public databases, including news and government databases in order to independently identify material changes in a customer's ownership or business activities. Such searches should include adverse media searches of public records and databases, using relevant key words, including but not limited to, allegation, fraud, corruption, laundering.