Annex 2. Synopsis

Effective from 1/8/2022

Purpose of this Guidance

Purpose

The purpose of this Guidance is to assist the understanding and effective performance by licensed financial institutions (LFIs) of their statutory obligations under the legal and regulatory framework in force in the UAE relating to PEPs.

Applicability

This Guidance applies to all natural and legal persons, which are licensed and/or supervised by the CBUAE, in the following categories: national banks, branches of foreign banks, exchange houses, finance companies, stored value facilities, retail payment service providers, card schemes, registered Hawala providers, and other LFIs; and insurance and re-insurance companies, agencies, and brokers.

Understanding Risks

Article 15 of the AML-CFT Decision and the FATF standards impose specific Customer Due Diligence (CDD) obligations on LFIs with respect to Customers that are Politically Exposed Persons (PEPs) which include the Direct Family Members or Associates Known to be Close to the PEPs. The special requirements related to PEPs are not an indication that LFIs should avoid dealing with such customers. Instead, these requirements are meant to ensure that LFIs have done the due diligence necessary to fully identify, understand their customers and have made fully-informed decisions regarding whether or not to accept the customer or to continue the relationship.

There are three sub-groups of PEPs: (1) Domestic PEPs; (2) Foreign PEPs; and (3) Heads of International Organizations (HIOs). PEPs are at higher risk of involvement in crimes because of the powers that come with their position or status. PEPs may use their power or influence to directly enrich themselves, their family members, and their associates, by stealing or misdirecting government funds. Customers that are the direct family members of a PEP, the known close associates of a PEP, or that are legal persons or legal arrangements with at least one beneficial owner who is a PEP are referred to as "Related Customers.''

Although LFIs are required to apply special procedures for all PEPs and Related Customers, not all PEPs and Related Customers are equally high-risk. Some factors that can influence the risks of a particular PEP are:

•	The PEP's ability to control highly consequential outcomes.
•	The authority and independence inherent in the PEP's role or function.
•	The access to funds inherent in the PEP's role.
•	The nature of governance in the state or organization that has entrusted the PEP with a prominent function.
•	The overall level of corruption in the state or organization that has entrusted the PEP with a prominent function.

The sources of risk for a Related Customer can be divided into two broad categories:

•	The risk of the PEP to which the Related Customer is connected
•	The relationship between the Related Customer and the PEP.

Mitigating Risks

Legal requirements

The AML-CFT Decision requires LFIs to carry out specific mandatory due diligence measures on PEPs and Related Customers, in addition to the standard CDD required for all customers. In line with FATF standards, the AML-CFT Decision imposes different requirements on LFIs for foreign PEPs as opposed to domestic PEPs and HIOs.

•	For foreign PEPs and Related Customers, LFIs must: (1) Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP: (2) obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP; (3) take reasonable measures to establish the source of funds and the sources of wealth of Customers and Beneficial Owners identified as PEPs; and (4) conduct enhanced ongoing monitoring over such relationship.
•	For domestic PEPs and HIOs and Related Customers, LFIs must (1) Take sufficient measures to identify if their customer or the Beneficial Owner is considered one of those persons and (2) Take the measures identified in (b), (c), and (d) when there is a high-risk business relationship accompanying such persons.

LFIs must take reasonable measures to determine whether the beneficiary, or the beneficial owner of a beneficiary, of a life insurance policy or of family takaful insurance is a PEP or a Related Customer. LFIs must inform senior management before pay-out of those policies, or prior to the exercise of any rights related to them. LFIs must also thoroughly examine the overall business relationship.

Applying Legal Requirements

Classifying Customers as PEPs:

•	The legal definition of PEP specifically lists the roles of persons who always qualify as PEPs, such as Heads of States or Governments, senior politicians, senior government officials, and judicial officials, among others.
•	However, as there is no exhaustive list of the positions that qualify an individual as a PEP globally and LFIs should use their discretion in identifying PEPs and develop risk-based policies and procedures to ensure they appropriately identify customers who are PEPs, or the family members or close associates of PEPs.
•	The determination of whether a customer is a PEP should therefore consider a number of factors, including, most importantly, whether the natural person currently holds, or has recently held, a role that gives him or her power or influence over decisions, policy or the disbursal of funds belonging to a government or an international organization.
•	PEPs are always natural persons, and LFIs should perform a PEP analysis on customers who are the beneficial owners of legal persons or legal arrangements.

Classifying Customers as Related Customers:

•	LFIs are required to treat the direct family members (spouses, children, spouses of children, and parents) and close associates of PEPs (Natural persons having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP or having individual ownership rights in a legal person or arrangement established in favour of the PEP) as if they were PEPs themselves.
•	The above-mentioned relationships should be viewed as a mandatory minimum, not as an exhaustive list of all relationships that may justify to treat a customer as a PEP. LFIs should take a risk-based approach and consider whether a relationship exists between their customer and the PEP that could be exploited or abused to obscure the PEP's connection to illicit funds.
•	Once an LFI has established that a qualifying relationship exists between a customer (or the beneficial owner of a customer) and a PEP, the LFI must treat the customer as a PEP (or as owned by a PEP). However, between a PEP and the direct family member or close associate of a PEP: the latter cannot transfer their status to their own family members and close associates.

Time Limits of PEP Status:

•	A PEP's risk derives from the PEP's power or influence over decisions, funds, or policy. Therefore, it may not be appropriate to continue to treat a customer as a PEP long after they have lost such power or influence. While LFIs may set a schedule to review PEP status, they should make a risk-based decision as to when sufficient time has passed for a customer to no longer be classified as a PEP.
•	Factors to consider when making such a determination include: the seniority and power inherent in the customer's previous role; the corruption potential of the customer's previous role; whether the customer still exercises informal influence over government decisionmaking through his or her current formal role; whether the previous and current role of the customer are linked in any way; the customer's relationships to other PEPs and the nature and purpose of the business relationship, and the overall risks of the products and services the customer avails or intends to avail.

PEP Screening:

•	Classification of a customer as a PEP or a Related Customer should take place during the CDD stage, prior to the commencement of the business relationship. LFIs are required to have suitable risk management systems in place to determine whether a customer, or the beneficial owner of a customer, is a foreign PEP, or Related Customer and are required to take sufficient measures to identify whether a customer, or the beneficial owner of a customer, is a domestic PEP or an HIO, or Related Customer. In practice, however, it will generally be appropriate to conduct onboarding screening and ongoing screening on all customers.
•	Preliminary screening may begin by including a question in onboarding forms or interviews that inquires whether the customer or any beneficial owner is a PEP or Related Customer. LFIs should not however rely solely on a customer's assertion, but supplement this basic screening question with additional due diligence.
•	LFIs should be alert to any aspects of a customer profile that are inconsistent or do not have a clear explanation. LFIs should use the ongoing monitoring process to determine whether a customer's status has changed.

PEP Risk Rating: Under the AML-CFT Decision, LFIs must conduct enhanced ongoing monitoring over relationships with foreign PEPs and Related Customers. Therefore, it is important to appropriately risk-rate all PEP customers, customers whose beneficial owners are PEPs, and customers that are direct family members and close associates of a PEP. PEP-specific factors to consider in risk rating include: the nature of the PEP's position, and the controls in place in the PEP's own country jurisdiction to prevent corruption. For Related Customers, LFIs should consider the risk of the PEP to which the customer is connected, and also the nature and extent of the connection, in determining the risk rating. In cases where a natural person customer has PEP status from two sources, or where more than one PEP is involved in a legal person customer, LFIs should always use the higher risk rating.

Enhanced Due Diligence Requirements: Under the AML-CFT Decision, when a customer (or the beneficial owner of a customer) is determined to be a foreign PEP or Related Customer, or where a customer is determined to be a domestic PEP or HIO or Related Customer, and when there is a high-risk business relationship accompanying such persons, LFIs must take the following mandatory steps: (1) Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP or Related Customer; (2) take reasonable measures to establish the source of funds, including the source of wealth, of PEPs and Related Customers; and (3) conduct enhanced ongoing monitoring of the relationship.

Transaction Monitoring and Suspicious Transaction Reporting

Transaction Monitoring: As required by the AML-CFT Decision, LFIs must continuously monitor all their transactions to ensure that transactions are consistent with the information they have about the customer, their type of activity and the risks they pose, including, when necessary, the source of funds. Monitoring systems can include manual monitoring processes and the use of automated and intelligence led monitoring systems. The transaction monitoring system used by LFIs should be equipped to identify patterns of activity that appear unusual and potentially suspicious for PEP customers as well as unusual behaviour that may indicate that a customer's business has changed in such a way as to require a high-risk rating.

Suspicious Transaction Reporting: As required by the AML-CFT Law and the AML-CFT Decision, LFIs must file a suspicious transaction report (STR) or suspicious activity report (SAR) or other report types with the UAE Financial Intelligence Unit (UAE Fill) when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime.

Governance and Training

The specific preventive measures discussed above should take place within, and be supported by, a comprehensive institutional AML/CFT program that is appropriate to the risks the LFI faces. As with all risks to which the LFI is exposed, the AML/CFT training program should ensure that employees are aware of the risks of PEPs customers, familiar with the obligations of the LFI, and equipped to apply appropriate risk-based controls.