Skip to main content
Entire section Custom print Text Only Rich Text Print

Annex 3. Synopsis of the Guidance

Effective from 4/7/2021
Purpose of this GuidancePurposeThe purpose of this Guidance is to assist the understanding and effective performance by the CBUAE licensed financial institutions (LFIs) of their statutory obligations under the legal and regulatory framework in force in the UAE related to targeted financial sanctions, screening and reporting requirements as well as the development of an appropriate sanctions compliance program.
ApplicabilityThis Guidance applies to all natural and legal persons, which are licensed and/or supervised by the CBUAE, in the following categories:
  • national banks, branches of foreign banks, exchange houses, finance companies, payment service providers, registered hawala providers and other LFIs; and
  • insurance companies, agencies, and brokers.
Sanctions Compliance ProgramSenior Management CommitmentLFI senior management's commitment to, and support of, the Sanctions Compliance Program (SCP) is one of the most important factors in determining its success. In order to facilitate effective senior management commitment, an LFI should, among other things:
  • Ensure that senior management has reviewed and approved the organization's SCP;
  • Clearly designate the personnel responsible for ensuring proper implementation of the SCP; and
  • Ensure that the SCP is fully integrated into the organization's daily operations and allocating adequate resources to it.
Risk AssessmentLFIs should take appropriate steps to conduct a regular and updated sanctions risk assessment to identify, understand, assess, monitor and manage their risks in line with their business nature and size.
Sanctions Risk appetiteLFIs should develop and maintain a comprehensive written sanctions risk appetite approved by the LFI's senior management and embedded through policies, procedures, and screening systems parameterization.
Internal ControlsInternal controls are the mechanisms, rules, and procedures implemented to help ensure the integrity and effectiveness of an LFI's SCP. LFIs must have and maintain strong and clear internal controls to ensure compliance with their statutory sanctions obligations and ensure the effective implementation of their SCP.
Policies and ProceduresLFIs should develop and maintain clear and comprehensive written policies and procedures that should, among other things:
  • Be approved by senior management; and
  • Enable the LFI to clearly and effectively identify, prevent, escalate, and report potentially prohibited transactions and activities.

LFIs should ensure the effective and consistent implementation of the policies and procedures related to the SCP across their organizations, including branches, subsidiaries, and other entities in which LFIs hold a majority interest. LFIs should implement a formal review process, at least annually, of the policies and procedures at appropriate levels subject to approval where changes are material.

TrainingA robust training program is an integral component of an effective SCP and should, among other things:
  • Be of a scope and nature proportionate to the LFI's overall risk profile;
  • Be specific to the role carried out by the employee, with tailored training for employees engaged in sensitive roles; and
  • Provide training to all appropriate employees and personnel upon onboarding in a timely manner and at least annually thereafter.
Independent Audit and Testing of Processes and SystemsIndependent audit helps the LFI assess the effectiveness of current processes, including by assessing the sufficiency of the program and by checking for any inconsistencies between the policy and procedures and day-to-day operations in order to identify SCP weaknesses and deficiencies. In addition, LFIs should deploy an independent risk-based testing regime to regularly test their processes’ and systems’ adequacy and expected outcomes, as well as to assess their effectiveness in managing the specific risks articulated in the risk assessment.
Record keepingLFIs must maintain, at least for five years, detailed records associated with their ML/FT risk assessment and mitigation measures as well as all records, documents, data and statistics for all financial transactions, all records obtained through CDD measures for both the originators and the beneficiaries, account files and business correspondence, and copies of personal identification documents, including STRs and results of any analysis performed; and make them available to authorities on request.
Screening OperationsSanctions EvasionLFIs should remain vigilant in order to identify attempts to evade, avoid, or circumvent sanctioned activities. LFIs should monitor not only for sanctions violations but also for red flags of potential evasion risks. LFI's should also prohibit activity that aims to evade or circumvent sanctions prohibitions.
Maintenance of Sanctions List and Local ListsLFIs should rely on the official websites of the UNSC and the Executive Office of the Committee for Goods & Materials Subject to Import & Export Control (Executive Office) respectively for the most updated UN Consolidated List and Local Terrorist List. LFIs must register on the Executive Office's website in order to receive automated email notifications with updated and timely information about the listing and de-listing of individuals or entities in the Local Terrorist List and in the UN Consolidated List.
Customer ScreeningScreening should be conduct at various stages of the customer lifecycle, to include periodic name screening, ad hoc name screening, and re- screening.
Name ScreeningIn addition to the regular screening utilizing the lists indicated above, LFIs should maintain additional sanctions compliance procedures relating to name screening to prevent and detect sanctions breaches. These procedures should address the ownership/control rule, fuzzy matching, and weak or low-quality aliases.
Verification of False PositivesLFIs should compare potential matches with the sanctions lists indicated above in order to confirm whether they are true matches and to eliminate “false positives.” If the LFI establishes that the match is a false positive, then the LFI does not need to freezing or apply other measures related to sanctions. The LFI may allow the transaction or relationship to continue its normal course, provided that the transaction or relationship is not suspicious and does not trigger any other concerns. LFIs are required to maintain evidence of the false positive verification process in their records and make them available to the competent authorities immediately upon request.
Payments ScreeningLFIs should also screen information regarding counterparties of all incoming and outgoing transfers in order to identify any potential match to Listed Persons.
Confirmed MatchWhen a match is found through the screening process, LFIs must immediately, without delay and without prior notice, freeze all Funds. Without delay, as defined by Cabinet Decision 74, means within 24 hours of the listing decision being issued by the UNSC, the Sanctions Committee or the UAE Cabinet, as the case may be.
NotificationsNotifications to the CBUAE and Executive OfficeLFIs must immediately notify the CBUAE, as well as the Executive Office, of any freezing measures and/or attempted transactions. LFIs should notify the CBUAE and the Executive Office within two (2) business days from taking any freezing measures and/or attempted transactions. For the reporting mechanism and form(s), please consult the CBUAE's and the Executive Office's websites as updated from time to time.
AnnexesAnnex 1Red flag indicators for TF and PF
Annex 2Lessons learned from CBUAE Supervision
Annex 3Synopsis of the Guidance