5. Lessons Learned and Examples from Amld Supervision
Effective from 7/6/2021The CBUAE’s examinations of LFIs have found that some LFIs struggle with key aspects of the preventive measures regime for legal persons. LFIs should take care to implement effective compliance programs, including by avoiding common deficiencies such as:
| • | Incomplete and out of date CDD: CBUAE has identified instances where CDD files are missing key information, such as the country of operation, the nature of the business, and the nationality of beneficial owners, shareholders, and directors. Equally important, CDD files are often out of date, with expired customer information. | |||
| • | Inadequate systems: LFIs’ systems for supporting CDD do not always mandate the collection of all required information or guide the compiler to supply complete information, such as the full name of a beneficial owner. LFIs’ core banking systems may not be capable of linking or tracking related parties, which inhibits identification of suspicious behavior. In some cases, risk-rating and identification of UBOs is done manually, which increases the likelihood of user error or manipulation. | |||
| • | Incomplete risk-rating: LFIs’ risk rating tools for legal persons and arrangements did not always take into account critical information, such as the type of entity and the risk rating of beneficial owners. | |||