Skip to main content
Back Custom print Text Only Rich Text Print

  • 3.1 Risk-Based Approach

    • 3.1.1 Overarching common requirements

      LFIs must take a risk-based approach to the preventive measures they put in place for all customers, including customers in the real estate and precious metals and stones sectors. A risk-based approach means that LFIs should dedicate compliance resources and effort to customers, business lines, branches, and products and services in keeping with the risk presented by those customers, business lines, branches, and products and services, as assessed in accordance with Article 4 of AML-CFT Decision.

      The risk-based approach has three principal components:

      • 3.1.1.1 Conducting an enterprise risk assessment, as required by Article 4.1 of AML-CFT Decision.

        The enterprise risk assessment should reflect the presence of higher-risk customers, including DPMS and real estate sector participants in an LFI's customer base. This assessment should include higher-risk customers from outside the UAE whose risks will also need to be assessed. These assessments should in turn be reflected in the LFI's inherent risk rating. In addition, the controls risk element of the LFI's enterprise risk assessment, as required by section 4.2.1 of the Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations Guidelines for Financial Institutions, should take into consideration the strength of the controls that the LFI has in place to mitigate the risks posed by its higher-risk customers, including the preventive measures discussed below.

      • 3.1.1.2 Identifying and assessing the risks associated with specific customers.

        The LFI should assess the risk of each customer to identify those that require enhanced due diligence (EDD) and to support its entity risk assessment. In assessing the risks of a DPMS or real estate sector participant, LFIs should consider:

         i.Geographic Risk: The risks associated with the jurisdictions in which the customer lives (for individuals) or is registered/headquartered (for legal persons) and where it operates, including the jurisdictions where it has subsidiaries, where it sources its products (where relevant), and where its main counterparties are based. These may include the overall risk of money laundering, terrorist financing, and financing of proliferation, as well as what is known regarding the prevalence of abuse of entities in these sectors.
         
          There are a number of sources that LFIs can use to develop a list of high-risk countries, jurisdictions, or regions. LFIs should consult any publications issued by the National Anti-Money Laundering and Combating the Financing of Terrorism and financing of Illegal Organizations Committee (NAMLCFTC)5, UAE FIU and by the FATF, including the FATF's list of jurisdictions subject to countermeasures and to increased monitoring. LFIs may also use public free databases such as, for example, the Basel AML Index6 or the Transparency International Corruption Perceptions Index.7 LFIs should not rely solely on public lists, however, and should consider their own experiences and the nature of their exposure to each jurisdiction when assessing the risk of that jurisdiction.
         
         ii.Customer Risks: For real estate agents and brokers and DPMS, customer risk can be assessed as the proportion of higher-risk customer types (e.g. PEPs, legal persons, and customers from high- risk jurisdictions) within a customer's customer base.
         
         iii.Product, Service, and Delivery Channel Risk: LFIs should assess risk in this category on two dimensions:
         
          a.The products and services that the customer offers to its customers, and the delivery channels through which it offers these products and services. Products, services, and delivery channels that promote the rapid, anonymous transfer of high values are particularly attractive to illicit actors. These may include, but are not limited to:
         
           i.Online/non-contact sales: Non-face to face transactions make it easier for criminals to hide their identifies.
         
           ii.Accepting cash for high-value purchases. Cash is very difficult to trace and can be exchanged without involving the formal banking system, and thus is particularly attractive to criminals.
         
           iii.Accepting virtual assets: Virtual assets, like cash, are anonymous and difficult to trace to their users. Unlike cash, virtual assets allow parties to carry out transactions even when they are at a distance from one another. These qualities, combined with the lack of consistent regulation of entities that deal in virtual assets, make virtual assets high risk for abuse by illicit actors.
         
           Specific high-risk products and services offered by each customer type are discussed below in sections 3.1.2 and 3.1.3.
         
          b.The LFI products and services that the customer intends to use, and the delivery channels through which the LFI will provide these services. LFIs should draw on their entity risk assessment to assess the risk of the products and services each customer uses or intends to use. (This subject is also discussed in section 3.2.1.3.2 below in relation to understanding the nature and purpose of the business relationship.)
         
         iv.Controls Risk: LFIs should seek to understand the regulatory requirements in place for the customer, as well as how well they are enforced. This assessment is particularly important for those DPMS and real estate brokers that qualify as DNFBPs and therefore are also subject to such requirements. Other participants in the real estate sector, such as developers, are not required to comply with AML/CFT preventive measures. In addition, participants in the precious metals and stones sector may also be required to comply with UAE requirements or global standards related to sourcing precious metals and stones and transparency of supply chains. Where relevant to a customer's business, LFIs should consider whether its customer conducts appropriate supply chain due diligence.
         

        Questions that an LFI may ask to determine customer risk profile include, but are not limited to:

         Where is the customer incorporated? Where does it operate? Are these high-risk jurisdictions?
         What products and services does the customer provide?
         What is the trading volume of the business?
         What customer base does the customer serve?
         What is the regulatory environment in the jurisdiction(s) where the customer is incorporated/has operations?
         Is there an authority that actively enforces the requirements?
         Is the customer required to perform CDD on cash customers above a certain threshold in all jurisdictions where it operates? In such scenarios, is it required to identify the beneficial owners of legal person customers?
         Is the customer required (as are DNFBPs in the UAE) to conduct a regular independent audit? Did the most recent audit have any material findings?
         Does the customer perform sanctions screening?
         What is the main channel (in-person vs. online) and methods (cash, wire transfers, checks, etc.) of conducting transactions and in which currency (or multiple currencies)?
         

        In addition to risk rating customers, LFIs should also consider the risks of specific transactions, especially high-value transactions, those involving high-risk jurisdictions, and those that represent departures from a customer's standard or expected behavior. LFIs should be aware of sectoral risks when reviewing large transactions associated with the DPMS or real estate sectors, or transactions of any size that do not have a clear licit economic purpose.

        5 Available at: https://www.namlcftc.gov.ae/en/high-risk-countries.php
        6 Available at: https://baselgovernance.org/basel-aml-index
        7 Available at: https://www.transparency.org/en/cpi/2020/index/nzl

      • 3.1.1.3 Applying EDD and other preventive measures

        LFIs must apply EDD and other preventive measures to customers determined to be higher-risk, as required by Article 4.2(b) of AML-CFT Decision, or to specified higher-risk customer types, no matter their risk rating, as required by AML-CFT Decision. EDD measures should be designed to mitigate the specific risks identified with particular customers. Examples of EDD measures are offered below in section 3.2.

    • 3.1.2 Key Considerations for DPMS

      Beyond the general considerations discussed above, in assessing the risk of a DPMS customer LFIs should consider:

       Geographic Risk: Whether the jurisdiction(s) in which the customer is based or operates are known centres for illegal or unregulated mining of precious metals and stones.
       
       Product, Service, and Delivery Channel Risk: The following products and services are particularly high risk:
       
        oTrade in gold bullion and diamonds: The high inherent value of these substances, their ability to retain value for a long period of time, the size and stability of the market, relative ease of exchange, high value by weight, and the difficulty of tracing them makes gold and diamonds particularly attractive to criminals.
       
        oMetal accounts: Metal accounts are accounts held by a custodian institution and denominated in precious metals (such as gold, silver, or platinum) rather than in fiat currencies. They allow the account holder to quickly buy and sell precious metals without needing to have a face-to-face interaction with a DPMS.
       

    • 3.1.3 Key Considerations for the Real Estate Sector

      Beyond the general considerations discussed above, in assessing the risk of a customer who is a participant in the real estate sector, LFIs should consider:

       Controls Risk: In the case of transactions or customers related to the real estate sector, an assessment of controls risk should also include the regulations governing the real estate sector as a whole, and not just regulations governing the sector participants (real estate agents and brokers). LFIs should assess whether regulations governing property transactions are likely to make the sector more or less attractive to illicit actors. As discussed above in section 2.2.2, these may include the openness to foreigners, the widespread use of cash and shell companies, and the intensity of scrutiny of real estate transactions.
       

      In many cases neither party to a real-estate related-transaction will be a business or individual whose primary activity is related to the real estate sector (e.g., the sale of a private home). In such cases, in addition to the risk of the specific customer involved, LFIs should consider aspects of the transaction itself, including:

       The jurisdiction in which the real property that is the subject of the transaction is located;
       The jurisdiction in which the customer's counterparty is located;
       If the LFI's customer is the purchaser, whether the purchase price is consistent with the purchaser's known means and income;
       Whether the purchase price is generally consistent with the market price for roughly similar properties;
       Whether all parties to the transaction are resident in jurisdictions other than the jurisdiction in which the property is located;
       Whether the seller of the property has owned it only for a short period of time;
       Whether shell companies or other legal structures are involved in the purchase in such a way as to obscure the true owner of the property; and
       Whether the parties to the transaction appear to be related (e.g. are represented by the same law firm or real estate broker, share corporate directors, or share an address), but the relationship between them is unclear.