4.4. Customer Due Diligence

Effective from 11/11/2021

The goal of the CDD process is to ensure that LEH understand who their customer is and the purpose for which the customer will use the LEH’s services. Where a LEH cannot satisfy itself that it understands a customer, then it must not accept the customer. If there is an existing business relationship, the LEH should not continue it. LEH should also consider filing an STR, SAR or other report types to the FIU as discussed in section 5 below. This guidance is not an exhaustive list of CDD obligations and LEH should consult the legal and regulatory framework in force in the UAE for the measures to be taken.

Under Article 8 of AML-CFT Decision, LEHs are required to identify and verify the identity of all customers. In particular, when verifying the Emirates ID card (either physically or by way of digital or e-KYC solutions) the LEH must use the online validation gateway of the Federal Authority for Identity & Citizenship, the UAE-Pass Application, or other UAE Government supported solutions, and keep a copy of the Emirates ID and its digital verification record. Where acceptable IDs other than the Emirates ID are used in the KYC process, a copy must be physically obtained from the original ID and certified as “Original Sighted and Verified” by the employee who carries out the CDD process.

As required by Paragraph 16.7 of the Standards, LEH must implement a strong Know Your Customer (“KYC”) process that is based on clear and comprehensive written policies and procedures. Implementation of an effective KYC process is an essential cornerstone of a LEH’s AML/CFT Program and is necessary in order to:

	•	Understand who LEH’s customers and counterparties are.
	•	Detect suspicious activity or transactions in a timely manner.
	•	Promote safe and sound business practices.
	•	Minimize the risk that the LEH is abused by illicit actors.
	•	Reduce the risk of processing transactions when the customer is involved in criminal activity.
	•	Protect the reputation of the LEH.
	•	Comply with statutory obligations.

The KYC process must be risk-based and, as such, the KYC measures applied must be commensurate with the ML/FT risks associated with their customers or transactions. Accordingly, Paragraph 16.7.3 of the Standards requires three types of KYC processes that must be applied depending on the customer’s risk and the nature of the transaction and customer. These are:

	•	Customer Identification (CID);
	•	Customer Due Diligence (CDD); and
	•	Enhanced Due Diligence (EDD).

Please refer to the table below on when to use each KYC measure and to refer to the respective paragraphs in the Standards for the detailed requirements:

Customer Type	Customer Activity	Value of Transaction	Preventive Measure Required	Paragraph in the Standards, Version 1.20
Natural Persons	Currency Exchange	Equal to or greater than AED 3,500 and less than AED 35,000	CID	16.8
		Equal to or greater than AED 35,000 and less than AED 55,000 within a 90-day period	CID and CDD	16.8 16.9
		Equal to or greater than AED 55,000 within a 90-day period	CID, CDD, and EDD	16.8 16.9 16.10
	Money Transfer	Any value less than AED 55,000	CID and CDD	16.8 16.9
	Money Transfer	Equal to or greater than AED 55,000 within a 45-day period	CID, CDD, and EDD	16.8 16.9 16.10
All Legal Persons or Arrangements	Any Activity	Any Value	CDD and EDD	16.11
Counterparty Relationships	Any Activity	Any Value	CDD and EDD	16.11.8 to 16.11.12 16.11.2
PEPs	Any Activity	Any Value	CID, CDD, and EDD	16.13
DNFBPs/DPMS	Any Activity	Any Value	CID (if the customer is a natural person), CDD, and EDD	16.14/16.15
High-Risk Natural Persons	Any Activity	Any Value	CID, CDD, and EDD	16.16 16.8, 16.9 16.10
High-Risk circumstances	Any Activity	Any Value	CID (if the customer is a natural person), CDD, and EDD	16.16 16.8, 16.9 16.10/11
Third Party Transactions	Any Activity	Any Value	CID (if the customer is a natural person), CDD, and EDD	16.20 16.8, 16.9 16.10/11