Book traversal links for 6.5 Simplified Due Diligence (SDD) Measures
6.5 Simplified Due Diligence (SDD) Measures
Effective from 13/7/2023(AML-CFT Decision Articles 4.3, 5, 10)
In keeping with a risk-based approach to CDD, under certain circumstances and in the absence of a ML/FT suspicion, FIs are only permitted to exercise simplified customer due diligence measures (SDD) with regard to customers identified as low-risk through an adequate analysis of risks.
SDD generally involves a more lenient application of certain aspects of CDD measures, including elements as:
• | A reduction in verification requirements with regard to customer or Beneficial Owner identification; |
• | Fewer and less detailed inquiries in regard to the purpose of the Business Relationship, the nature of the customer’s business, the customer’s source of funds, and the purpose of individual transactions; |
• | More limited supervision of the Business Relationship, including less frequent monitoring of transactions, and less frequent review/updating of customer due diligence information. |
Specifically, the AML-CFT Decision permits the application of SDD in the following circumstances:
• | Identified low-risk customers. When the customer or Beneficial Owner is identified as posing a low risk of ML/FT, FIs are permitted to complete the verification of their identity after the establishment of a Business Relationship under the conditions specified in the relevant provisions of the AML-CFT Decision. In this regard, FIs are required to implement appropriate and effective measures to control the risks of ML/FT, including the risks in regard to the customer or Beneficial Owner benefitting from the Business Relationship prior to the completion of the verification process. Examples of such measures which FIs may consider taking in this regard are, among others:
| ||||
It should be noted that the provision allowing a relaxation of the timing for the completion of the identity verification procedures does not imply that FIs are permitted to establish a Business Relationship without any customer identification at all. On the contrary, in all cases, the basic identification information in relation to the customer (whether a natural or legal person or arrangement) should be obtained; however under the specified conditions, FIs are permitted to establish the Business Relationship prior to the completion of the verification process, which may include such steps as: obtaining appropriate supporting documentation, certifications or attestations, when necessary (for example, as regards the corporate documents of a legal person); or obtaining all the necessary information related to the relevant parties of a legal person or Legal Arrangement, such as Beneficial Owners, settlors, trustees or executors, protectors, beneficiaries, or other controlling persons. | |||||
• | Listed companies. FIs are exempted from identifying and verifying the identity of any shareholder, partner or Beneficial Owner of a legal person under the conditions specified in the relevant provisions of the AML-CFT Decision. Namely:
|
Without prejudice to the above, in the case of foreign stock exchanges, FIs should take steps to adequately assess and document the relevant disclosure and transparency requirements related to Beneficial Ownership, and to ensure that they are at least equivalent to those of the UAE.
In addition, FIs should be aware that, regardless of the exemption mentioned above, FIs are required with respect to listed companies to verify that any person purporting to act on behalf of the customer is so authorised, and verify the identity of that person.
As part of their overall AML/CFT framework, FIs should use a risk-based approach to determine the internal policies, procedures and controls they implement in connection with the application of SDD procedures. Examples of some of the factors they should consider when developing their risk-based policies include:
• | the ML/FT risks identified in the ML/TF business risk assessment, especially with regard to low-risk categories of customers; |
• | Circumstances, timing, and composition in regard to the application of SDD measures; |
• | Frequency of reviews and updates in relation to customer SDD information; |
• | Extent and frequency of ongoing supervision of the Business Relationship and monitoring of transactions in relation to customers to which SDD measures are applied. |
Such policies, procedures and methodologies should be reasonable and proportionate to the risks involved, and, in formulating them, FIs should consider the results of both the NRA and any Topical Risk Assessment and their own ML/FT business risk assessments. Commensurate with the nature and size of the FIs’ businesses, the policies, procedures and methodologies should also be documented, approved by senior management, and communicated at the appropriate levels of the organisation.