Book traversal links for Guidance for Licensed Financial Institutions on the Risks Relating to Politically Exposed Persons
Guidance for Licensed Financial Institutions on the Risks Relating to Politically Exposed Persons
Effective from 1/8/20221. Introduction
1.1. Purpose of the Guidance
Article 44.11 of the Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations charges Supervisory Authorities with “providing Financial Institutions…with guidelines and feedback to enhance the effectiveness of implementation of the Crime-combatting measures.”
The purpose of this Guidance is to assist the understanding and effective performance by the United Arab Emirates Central Bank’s (“CBUAE”) licensed financial institutions (“LFIs”) of their statutory obligations under the legal and regulatory framework in force in the UAE. It should be read in conjunction with the CBUAE’s Procedures for Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organizations (issued by Notice No. 74/2019 dated 19/06/2019) and Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organizations for Financial Institutions (issued by Notice 79/2019 dated 27/06/2019) and any amendments or updates thereof.1 As such, while this Guidance neither constitutes additional legislation or regulation nor replaces or supersedes any legal or regulatory requirements or statutory obligations, it sets out the expectations of the CBUAE for LFIs to be able to demonstrate compliance with these requirements. In the event of a discrepancy between this Guidance and the legal or regulatory frameworks currently in force, the latter will prevail. This Guidance may be supplemented with additional separate guidance materials, such as outreach sessions and thematic reviews conducted by the CBUAE.
Furthermore, this Guidance takes into account standards and guidance issued by the Financial Action Task Force (“FATF”), industry best practices and red flag indicators identified by the FATF. These are not exhaustive and do not set limitations on the measures to be taken by LFIs in order to meet their statutory obligations under the legal and regulatory framework currently in force. As such, LFIs should perform their own assessments of the manner in which they should meet their statutory obligations.
This Guidance comes into effect immediately upon its issuance by the CBUAE with LFIs expected to demonstrate compliance with its requirements within one month from its coming into effect.
1 Available at https://www.centralbank.ae/en/cbuae-amlcft.
1.2. Applicability
Unless otherwise noted, this guidance applies to all natural and legal persons, which are licensed and/or supervised by CBUAE, in the following categories:
• National banks, branches of foreign banks, exchange houses, finance companies, stored value facilities, retail payment service providers, card schemes, registered hawala providers and other LFIs; and • Insurance and re-insurance companies, agencies, and brokers. 1.3. Legal Basis
This Guidance builds upon the provisions of the following laws:
• Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations as amended by Federal Decree Law No. (26) of 2021 (“AML-CFT Law”). • Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Federal Decree Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations, as amended by Cabinet Decision 24 of 2022 (“AML-CFT Decision”). 1.4. Acronyms and Definitions
Heads of International Organizations (HIO): Natural persons who are or have been entrusted with the management or any prominent function within an international organization.
International Organizations: Entities established by formal political agreements between their Member States that have the status of international treaties; their existence is recognised by law in their member countries; and they are not treated as resident institutional units of the countries in which they are located. Examples of international organisations include the United Nations and affiliated international organisations; regional international organisations; military international organisations, and economic organisations.
Politically Exposed Persons (PEP): Natural persons who are or have been entrusted with a prominent public function in the UAE or any other foreign country such as heads of states or governments, senior politicians, senior government officials, judicial or military officials, senior executive managers of state owned corporations, and senior officials of political parties, and persons who are, or have previously been, entrusted with the management of an international organisation or any prominent function within such an organisation; and the definition also includes the following:
• Direct family members (of the PEP who are spouses, children, spouses of children, parents) • Associates known to be close to the PEP, which include: o Individuals having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP; o Individuals having individual ownership rights in a legal person or arrangement established in favor of the PEP.
Related Customers: Customers that are the direct family members of a PEP or the associates known to be close to a PEP.
2. Understanding Risks
Article 15 of the AML-CFT Decision and the FATF standards impose specific Customer Due Diligence (CDD) obligations on LFIs with respect to Customers that are Politically Exposed Persons (PEPs) which include the Direct Family Members or Associates Known to be Close to the PEPs. The AML-CFT Law and Decision give special attention to these customers because they are likely to expose LFIs to a heightened risk of money laundering, terrorism financing, and other illicit finance. The special requirements related to PEPs are not an indication that LFIs should avoid dealing with such customers. Instead, these requirements are meant to ensure that LFIs have done the due diligence necessary to fully identify, understand their customers and have made fully-informed decisions regarding whether or not to accept the customer or to continue the relationship. There are three sub-groups of PEPs:
• PEPs who are or have been entrusted with their prominent public position in the UAE are known as “domestic PEPs”; • PEPs who are or have been entrusted with their prominent public position in any other foreign country are known as “foreign PEPs”; and • PEPs who are or have been entrusted with the management or any prominent function within an international organization are known as “Heads of International Organizations (HIOs)”.
Customers that are PEPs, and transactions involving PEPs, receive special attention under the UAE legal and regulatory framework and the FATF standards because they bear a higher risk of involvement in certain proceeds-generating offenses: corruption, misuse or theft of public funds, and bribery. It is important to note that the majority of PEPs are law-abiding public servants and that no more than a small percentage of PEPs are involved in these offenses. Nevertheless, the risk is still higher than in the general population.
PEPs are at higher risk of involvement in these crimes because of the powers that come with their position or status. Most importantly, a PEP has power or influence over how government funds are spent, or over state action. PEPs may use their power or influence to directly enrich themselves, their family members, and their associates, by stealing or misdirecting government funds. Or they may sell their power or influence to illicit actors who are seeking to obtain a specific outcome, whether it is a lucrative contract, the passage of a regulation, or the transfer of government secrets.
The AML-CFT Decision also requires LFIs to perform the same specific due diligence on the direct family members and known close associates of a PEP. These individuals may not themselves have any direct power or influence over government actions, but they nevertheless present higher risks to LFIs as a result of their relationship with a PEP.
• PEPs, knowing that their financial transactions will be subject to scrutiny, may use family members or associates to carry out illicit transactions or collect illicit funds, in an attempt to hide their involvement in a transaction and their illicit gains. In many countries where corruption is an issue, PEPs themselves may nominally possess few assets, while their family members and associates openly display their wealth. • Illicit actors seeking to persuade a PEP to take certain actions may seek to achieve this goal by paying off the people close to the PEP, the PEP’s family members and close associates. For instance, a person seeking a government contract may pay a PEP’s spouse to “put in a good word for him or her” with the PEP, or to gain access to the PEP by inviting the contractor to the PEP’s home. These payments may be made with or without the knowledge or consent of the PEP.
Article 15 of the AML-CFT Decision also requires LFIs to identify those legal person and legal arrangement customers that have at least one beneficial owner who is a PEP (see sections 3.2.1 and 3.2.2 below). In this Guidance, customers that are the direct family members of a PEP, the known close associates of a PEP, or that are legal persons or legal arrangements with at least one beneficial owner who is a PEP will be referred to as “Related Customers.”
Although LFIs are required to apply special procedures for all PEPs and Related Customers, not all PEPs and Related Customers are equally high-risk. The sources of risk for a PEP are closely related to the risk that a PEP could have abused his or her position for financial gain. Some factors that can influence the risks of a particular PEP are:
• The PEP’s ability to control highly consequential outcomes. Certain roles are more likely to attract large-scale corruption. For example, a judge in a traffic court may be offered bribes, but these are likely to be lower in value than the bribes potentially offered to a judge who presides over the trials of organized criminal groups. • The authority and independence inherent in the PEP’s role or function. Where a PEP has greater authority or independent decision-making authority, he or she is more likely to be able to achieve outcomes that are beneficial to him/herself or his/her family or associates. • The access to funds inherent in the PEP’s role. A PEP that can control the disbursement of funds is likely to have more opportunities for engaging in embezzlement and self-dealing. • The nature of governance in the state or organization that has entrusted the PEP with a prominent function. Poor governance undermines transparency and accountability. Strong governance can help ensure that public officials are unable to use their office for gain, or are quickly caught if they do so. Governance is a broad category that includes the strength of anti-corruption laws, the vigor with which corruption is investigated and prosecuted, and the authority of independent public auditors. • The overall level of corruption in the state or organization that has entrusted the PEP with a prominent function. Where corruption is rife, public officials are unlikely to be entirely immune.
The sources of risk for a Related Customer can be divided into two broad categories:
• The risk of the PEP to which the Related Customer is connected (i.e. understanding the risk of the PEP and its characteristics). • The relationship between the Related Customer and the PEP (i.e. the type and strength of the relationship (e.g. the closer the relationship, the more likely the Related Customer is to share the PEP’s risk)). 3. Mitigating Risks
The AML-CFT Decision contains specific, mandatory requirements for managing risks related to PEPs. It is important for LFIs to be aware that the Decision imposes baseline requirements that are higher than for other types of customers. LFIs cannot choose to omit these requirements even when they consider that risks associated with a specific customer or transaction are low. This does not mean, however, that LFIs are not expected to take a risk-based approach to these customers. LFIs should implement the baseline controls described below as well as consider whether additional controls are necessary when even higher risks are present.
Furthermore, the sections below discuss how LFIs can apply the required specific preventive measures to identify, manage, and mitigate the risks associated with PEPs. It is not a comprehensive discussion of all AML/CFT requirements imposed on LFIs. LFIs should consult the legal and regulatory framework currently in force, the Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations for Financial Institutions, and the CBUAE issued Guidances for further information2. The controls discussed below should at the minimum be integrated into the LFI’s larger AML/CFT compliance program and supported with appropriate governance and training.
2 Available at https://www.centralbank.ae/en/cbuae-amlcft
3.1. Legal Requirements
Article 15 of the AML-CFT Decision requires LFIs to carry out specific mandatory due diligence measures on PEPs and Related Customers, in addition to the standard CDD required for all customers under its Section 3 (described in Articles 5-14). In line with FATF standards (Recommendation 12), Article 15 imposes on LFIs different requirements for foreign PEPs as opposed to domestic PEPs and HIOs. For foreign PEPs and Related Customers, LFIs must:
(a) Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP (i.e. a foreign PEP, or the direct family member or known close associate of a PEP). (b) Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP (i.e. foreign PEP and Related Customers). (c) Take reasonable measures to establish the source of funds and wealth of Customers and Beneficial Owners identified as PEPs (i.e. foreign PEPs and Related Customers). (d) Conduct enhanced ongoing monitoring over such relationship (i.e. the relationship with a foreign PEP or Related Customers).
For domestic PEPs and HIOs and their Related Customers, LFIs must:
(a) Take sufficient measures to identify whether the Customer or the Beneficial Owner is considered one of those persons (see section 3.2.4). (b) Take the measures identified in (b), (c), and (d) when there is a high-risk business relationship accompanying such persons.
Like the FATF standards, article 15.2 of the AML-CFT Decision imposes special PEP-related requirements for certain insurance policies, although its requirements apply to a slightly broader range of policies. LFIs must take reasonable measures to determine whether the beneficiary, or the beneficial owner of a beneficiary, of a life insurance policy or of family takaful insurance is a PEP or a Related Customer. If identified as a PEP or Related Customer, LFIs must inform senior management before pay-out of those policies, or prior to the exercise of any rights related to them. LFIs must also thoroughly examine the overall business relationship, and consider filing a suspicious transaction report (STR), a suspicious activity report (SAR) or any other report types with the FIU where applicable (please see section 3.3.2 below).
3.2. Applying Legal Requirements
3.2.1. Classifying Customers as PEPs
The definition of PEP in the AML-CFT Decision specifically lists the following roles as persons who always qualify as PEPs:
• Heads of States or Governments; • Senior politicians; • Senior government officials; • Judicial officials; • Military officials; • Senior executive managers of state-owned corporations; • Senior officials of political parties; and • Persons who are, or have previously been, entrusted with the management of an international organisation or any prominent function within such an organisation.
However, as there is no exhaustive list of the positions that qualify an individual as a PEP globally, the above list is not exhaustive and LFIs should use their discretion in identifying PEPs, and develop risk-based policies and procedures to ensure they appropriately identify customers who are PEPs, or the family members or close associates of PEPs.
For example, LFIs should use discretion in determining whether a customer who is government official or manager of a state-owned corporation is sufficiently “senior” to qualify as a PEP under the definition of the AML-CFT Decision. Not all public sector employees are PEPs. For example, a civil servant who sorts mail at the post office is unlikely to be a PEP, and although any public employee can carry some level of corruption risk, in such cases the risk is not sufficiently high to warrant special procedures. This distinction is captured in the AML-CFT Decision’s definition of a PEP as a natural person who has been awarded a “prominent public function.” At the same time, the decision whether or not to treat a customer as a PEP cannot be based solely on the customer’s title, rank, civil service grade, or other similar factors. It is also important to be aware that “prominent” is not simply equivalent to ‘famous’ or ‘well-known,’ and that individuals may be “entrusted” with a public function in a wide variety of ways, including by appointment, election, and promotion through the civil service.
Furthermore, LFIs should also be aware that high risks of corruption can exist even when a customer is not immediately qualifying as a PEP per definition. For example, the heads of large trade unions and professional associations are likely to wield political power without having been appointed to those roles by a government or international organization. LFIs may decide, in terms of their own risk appetite, to treat such individuals as PEPs.
The determination of whether a customer is a PEP should therefore consider a number of factors, including, most importantly, whether the natural person currently holds, or has recently held, a role that gives him or her power or influence over decisions, policy or the disbursal of funds belonging to a government or an international organization. Factors to consider when making this determination include the nature of the political and governance system in the country or international organization where the customer holds his or her position; roles and responsibilities within that system; authority over government decisions and activities, and access to government funds and assets (whether directly or indirectly such as through the awarding of government contracts).
PEPs are always natural persons. However, LFIs should perform a PEP analysis on customers who are the beneficial owners of legal persons or legal arrangements. Depending on the customer’s ownership and control structure, it may also be appropriate to perform a PEP analysis on the customer’s senior managing officer or senior management. Where risks are higher, for example, in the case of companies with complex structure and complex trust arrangements, LFIs should consider identifying beneficial owners below the 25% threshold mandated by the AML-CFT Decision. For example, a PEP and his spouse and three children may each own 15% of a company. No single family member would have to be identified as a beneficial owner under UAE law, but when their ownership shares are added together the family clearly exercises control over the company. Such a company would likely need to be subjected to the EDD requirements discussed in section 3.2.6.
3.2.2. Classifying Customers as Related Customers
The AML-CFT Decision requires LFIs to treat the direct family members and close associates of PEPs as if they were PEPs themselves.
• Article 1 of the AML-CFT Decision defines direct family members of a PEP as the PEP’s spouses, children, spouses of children, and parents. • Article 1 of the AML-CFT Decision defines close associates of a PEP as:
o Natural persons having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP; and o Natural persons having individual ownership rights in a legal person or arrangement established in favour of the PEP.
The above-mentioned relationships should be viewed as a mandatory minimum, not as an exhaustive list of all relationships that may justify to treat a customer as a PEP. The link between the family member or the close associate with the PEP determine the level of risk. LFIs should take a risk-based approach and consider whether a relationship exists between their customer and the PEP that could be exploited or abused to obscure the PEP’s connection to illicit funds.
For example, an LFI may choose to also define as a direct family members any person in a relationship with a PEP, and, as close associates, partners, prominent members of the same political party or civil organization as the PEP; close friends or advisors; business partners or associates, especially those that share (beneficial) ownership of legal entities with the PEP, or who are otherwise connected (e.g. through joint membership of a company board) in accordance with FATF Guidance and the above mentioned definition.
Once an LFI has established that a qualifying relationship exists between a customer (or the beneficial owner of a customer) and a PEP, the LFI must treat the customer as a PEP (or as owned by a PEP). There is one important distinction, however, between a PEP and the direct family member or close associate of a PEP: the latter cannot transfer their status to their own family members and close associates. For example:
• General A is the head of the Air Force of a country. Mr. B, her son, is married to Mrs. B, a private citizen who owns a grocery store. General A is a PEP, and Mr. B and Mrs. B must be treated as PEPs because they are direct family members of General A.
• Mrs. B is the daughter-in-law of General A. Her brother, Mr. C, a lawyer in private practice, is not required to be treated as a PEP. Mr. C’s connection to the true PEP (General A) is too distant. Even though Mrs. B is treated as a PEP, Mr. C does not need to also be treated as a PEP merely because he is a sibling of Mrs. B.
LFIs should, however, apply EDD requirements and/or enhanced monitoring of the relationship if they have identified any high risks, such as concerns that the more distant family members or business associates of a PEP may be involved in corruption or any other sort of illicit activity, whether or not it involves the PEP.
Similarly:
• Mr. X is a prominent politician in a country who recently left office, but who may run for office in the future. Following his departure from office, Mr. X and Mrs. Y became cofounders of a real estate development company, with each owning 50% of the company. Due to Mr. X’s prominent function, the partnership has been extensively covered in the media. Mr. X is a PEP because of his recent past position. Mrs. Y must be treated as a PEP because she is a known close associate of Mr. X.
• Mrs. Y is also a 50% owner of an entirely separate business that manufactures cell phones. Mrs. Y’s co-owner of that business, Mr. Z, does not need to be treated as a PEP. As the business partner of a business partner of a PEP, his connection to Mr. X is too distant. LFIs should, however, apply EDD requirements and/or enhanced monitoring of the relationship if they have any concerns that the more distant family members or business associates of a PEP are involved in corruption or any other sort of illicit activity, whether or not it involves the PEP. 3.2.3. Time Limits of PEP Status
The definition of PEP in the AML-CFT Decision makes clear that a PEP does not cease to qualify as a PEP simply because they no longer hold a prominent public function (i.e. “Natural persons who are or have been entrusted with prominent public functions”). Nor does a Related Customer cease to require PEP treatment simply because the PEP to whom they are related no longer holds that position. A PEP’s risk (and, indirectly, the risk of a Related Customer) derives from the PEP’s power or influence over decisions, funds, or policy. Therefore, it may not be appropriate to continue to treat a customer as a PEP long after they have lost such power or influence. On the other hand, if PEP has amassed funds through corruption during his or her period in office, the PEP is likely to wait until being out of office to access or enjoy those funds. This means that the corruption risk remains even if a PEP has been out of office for a certain time.
Because each case is different it would not be appropriate for LFIs to apply a universal rule for determining whether a customer is no longer a PEP (e.g. one year after relinquishing the public position). Therefore, while LFIs may set a schedule to review PEP status, they should make a risk-based decision as to when sufficient time has passed for a customer to no longer be classified as a PEP. Factors to consider when making such a determination include:
• The seniority, prominence, and power inherent in the customer’s (or the customer’s beneficial owner’s) previous role.
• The corruption potential of the customer’s previous role. Where there was greater opportunity for illicit gain, it is more likely that the customer’s source of funds will continue to be corrupt proceeds for some time after the customer leaves office.
• Whether the customer still exercises informal influence over government decision-making through his or her current formal role (e.g. head of a prominent lobbying organization) or through informal relationships (e.g. the customer is an informal but widely accepted leader of a political party but has no official title).
• Whether the previous and current role of the customer are linked in any way;
• The customer’s relationships to other PEPs (e.g., if the customer is a retired politician whose children are involved in politics. In such cases the customer would also likely qualify as the family member of a PEP).
• The nature and purpose of the business relationship, and the overall risks of the products and services the customer avails or intends to avail.
• The customer’s relationship to the PEP. Family relationships tend to endure through time, but business relationships do not always persist. A customer who was formerly the close associate of a PEP, but who severed the business relationship some time ago, may present reduced corruption risk. 3.2.4. PEP Screening
Classification of a customer as a PEP or a Related Customer should take place during the CDD stage, prior to the commencement of the business relationship. Under Article 15 of the AML-CFT Decision, LFIs are required to have suitable risk management systems in place to determine whether a customer, or the beneficial owner of a customer, is a foreign PEP, or Related Customer and are required to take sufficient measures to identify whether a customer, or the beneficial owner of a customer, is a domestic PEP or an HIO, or Related Customer. In practice, however, it will generally be appropriate to conduct onboarding screening and ongoing screening on all customers. Even citizens of the UAE may qualify as foreign PEPs if they have been entrusted with prominent functions by foreign governments, for example, if they are dual citizens, or held office in a country that does not restrict prominent functions to citizens.
Screening may begin by including a question in onboarding forms or interviews that inquires whether the customer or any beneficial owner is a PEP or Related Customer. LFIs should not however rely solely on a customer’s assertion, but supplement this basic screening question with additional due diligence such as additional questions regarding the customer’s employment and job title, questions regarding the customer’s sources of funds and wealth, and conducting searches of public records (e.g. internet searches or searches of UAE databases) or proprietary databases. Should searches of public records or proprietary databases reveal adverse media on the potential PEP customer, the LFI should review the adverse media and determine whether it is within the LFI's risk appetite to onboard the potential PEP customer and/or subject the PEP to enhanced monitoring.
Where customers are public servants, LFIs should be sure to conduct these searches using not only the customer’s name but also the customer’s title, as some useful information (such as lists of high-level government positions) may be available by title only.
Some PEPs and Related Customers may be determined to conceal their status from financial institutions and the public at large in order to avoid enhanced scrutiny. In these cases, searches of public records or private databases may not reveal their status or the connection between the customer and a PEP. As always, LFIs should be alert to any aspects of a customer profile that are inconsistent or do not have a clear explanation. These ‘red flags’ may be connected to a variety of illicit or questionable activity, including concealed PEP status. Some potential indicators include:
• The customer purports to own and operate a business (particularly a business that relies on political connections) without having the experience or expertise that would likely be considered necessary to successfully operate such a business (e.g., a young person, or a person with no work history, owns a company in an industry that is closely connected to the public sector; or a small firm receives a large government contract that appears far beyond its work experience and capabilities);
• The customer engages in financial transactions that are inconsistent with his or her declared income;
• A minor, or a person with few assets, owns a shell company;
• The customer is a legal arrangement (particularly a complex legal arrangement) where the ultimate settlor and the ultimate beneficiary is the same person;
• The customer wishes to engage in complex transactions, or uses complex corporate structures, with no clear economic purpose.
Because a customer transforms from a non-PEP to a PEP immediately on being entrusted with a prominent public function, LFIs should use the ongoing monitoring process to determine whether a customer’s status has changed. Where a PEP customer, or a PEP who is connected to a Related Customer, has lost the prominent public function that qualified him or her for PEP status, ongoing monitoring can also determine whether it is appropriate to no longer classify the customer as a PEP or as a Related Customers, and to cease enhanced measures.
3.2.5. PEP Risk Rating
Under article 15.1.First.d) of the AML-CFT Decision, LFIs must conduct enhanced ongoing monitoring over relationship with foreign PEPs and Related Customers. This does not mean however that such customers should all be automatically assigned the same risk rating. In addition, as per article 15.1.Second.b), for domestic PEPs and HIOs, and their Related Customers, the EDD requirements in section 3.2.6 below are mandatory when there is a high-risk business relationship accompanying such persons. Therefore, it is important to appropriately risk-rate all PEP customers, customers whose beneficial owners are PEPs, and customers that are direct family members and close associates of a PEP. PEP-specific factors to consider in risk rating include:
• The nature of the PEP’s position. As discussed in section 2 above, where a PEP has greater ability to control or influence consequential government decisions, the corruption risk is greater. LFIs should consider, among other factors:
o The nature of the issues or decisions over which the PEP has or had control; o The extent to which the PEP had control over the disbursement of funds; o The degree of autonomy or independence the PEP has or had in decision-making; o The PEP’s rank or status within the government or international organization.
• The controls in place in the PEP’s own country jurisdiction to prevent corruption, including:
o The country’s position on widely adopted global corruption or transparency ratings; o The extent to which the country investigates and prosecutes high-level corruption; o Whether the country has a free and empowered political opposition and a free press; o Whether the agency, body, or organization in which the PEP holds his or her function has an internal audit/inspector/comptroller function; o Whether asset disclosure requirements or similar requirements apply to PEPs in that country or jurisdiction.
For Related Customers, LFIs should consider the risk of the PEP to which the customer is connected, and also the nature and extent of the connection, in determining the risk rating.
The risk-rating process should also take into consideration not just features specific to PEPs but also all the standard elements of customer risk rating, such as the nature of the customer’s business and the products and services the customer intends to use. For example, a PEP who owns a cash-intensive business and seeks to make bulk cash deposits would likely be considered higher risk than a PEP whose only income is his salary, even if the two customers hold similar positions within a similarly high-risk jurisdiction.
In those cases where a natural person customer has PEP status from two sources, or where more than one PEP is involved in a legal person customer, LFIs should always use the higher risk rating. For example, if a single natural person customer has been appointed to prominent public functions by both the government of the UAE and a foreign government, that customer should be treated as a foreign PEP. Similarly, if a legal person customer has two domestic PEP owners, one high risk and the other medium risk, the legal person customer should be subject to EDD requirements.
3.2.6. Enhanced Due Diligence Requirements
Under Article 15 of AML-CFT Decision, when a customer (or the beneficial owner of a customer) is determined to be a foreign PEP or Related Customer, or where a customer (or the beneficial owner of a customer) is determined to be a domestic PEP or HIO or Related Customer, and when there is a high-risk business relationship accompanying such persons, LFIs must take the following mandatory steps:
• Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP or Related Customer. The specific senior management member within the LFI who are responsible for approving these relationships will vary based on the LFI’s own unique governance arrangements. The CBUAE expects that, if the approving member represents the business (e.g. the Chief Executive Officer or Chief Operating Officer) as opposed to the compliance function (e.g. the Compliance Officer), the LFI’s policies and procedures will clearly require that the head of the LFI’s compliance function give an opinion as to whether the risk associated with the customer is acceptable. When approving an existing relationship with a PEP or Related Customer, senior management should be notified and their approval obtained for the continuance of the relationship. • Take reasonable measures to establish the source of funds, including the source of wealth, of PEPs and Related Customers. This requirement encompasses two distinct concepts:
o Source of funds: The direct source of the funds that are used to initially fund the account, and of any funds that are transacted through the account during the course of the business relationship. o Source of wealth: The source of the customer’s overall wealth, whether or not the LFI is exposed to it.
In the case of foreign PEPs, higher risk domestic PEPs or HIOs, and Related Customers, LFIs should understand, at least at a high level, how the customer acquired his or her wealth. The goal of the process is to provide the LFI with a reasonable degree of confidence that the customer has not generated his or her wealth through illicit activities. Determining source of wealth does not require that the LFI identify and account for every one of the customer’s assets. But the LFI should require the customer to provide information on the customer’s total net worth, and the customer’s principal sources of income (e.g., salary, inheritance, business income, spousal support, etc.). The LFI should supplement information provided by the customer with publicly or privately available information, including, for example media reports, public employee asset declarations (where required by the PEP’s national laws), or published salaries for civil service positions.
The LFI should then make two determinations:
o Whether the customer’s stated net worth is consistent with his or her declared sources of income. For example, if a customer who has spent his career in public service claims not to have inherited any funds yet has a net worth of several million of a currency, this would require further investigation. Alternatively, if a customer was a successful business person for most of his career and only recently entered public service, a high net worth may not be a “red flag”. o Whether the customer’s stated net worth is consistent with the customer’s financial behavior. PEPs who have engaged in illicit activities may lie about their net worth to hide discrepancies with their disclosed sources of income. This is likely to be exposed however when the PEP attempts to engage in financial behavior inconsistent with his or her declared income or net worth. For example, if a PEP declares a total net worth of one million of a currency, this may be consistent with his or her declared licit income; but if he or she chooses to invest a sum equivalent to the entire declared net worth in a speculative investment, this is a sign that his or her wealth requires further investigation.
Where risks are higher, LFIs should perform more intense due diligence on the customer’s source of wealth. For example, if a PEP declares that a substantial portion of his net worth is derived from ownership of a business, the LFI should collect information to satisfy itself that the business exists, is operational, and can reasonably be expected to generate such funds for the PEP.
• Conduct enhanced ongoing monitoring of the relationship. LFIs must perform risk-based ongoing monitoring of the business relationship for all customers. In the above mentioned cases, the required enhanced ongoing monitoring could include a number of actions designed to manage the enhanced risk of these customers:
o Subjecting the customer file to more frequent review and updating, including a manual review of transactions. All customer files should be reviewed on a risk-based schedule. For the highest-risk PEPs and Related Customers, reviewing the file as frequently as every six or nine months may be appropriate. This review should also include a review of substantial transactions on the account to ensure that they are consistent with information provided by the customer regarding source of funds and source of wealth. o Applying specific risk-based transaction monitoring rules. Where automated transaction monitoring systems allow it, LFIs should apply specific monitoring rules to all PEPs and Related Customers. These rules should have more sensitive thresholds for alerts, and should also be able to flag transactions between PEPs and Related Customers where both customers maintain accounts with the LFI. o Requiring pre-approval for large transactions. It may be appropriate for LFIs to require pre-approval from the compliance function for any transactions representing a substantial portion of the PEP’s declared net worth, taking into consideration the size of the LFI and defined risk appetite. 3.3. Transaction Monitoring and Suspicious Transaction Reporting
3.3.1. Transaction Monitoring
As required by Article 7 of the AML-CFT Decision, LFIs must continuously monitor all their transactions to ensure that the transactions conducted are consistent with the information they have about the customer, their type of activity and the risks they pose, including, when necessary, the source of funds. As with all customer types, LFIs that use automated monitoring systems should apply rules with appropriate thresholds and parameters that are designed to detect common typologies for illicit behaviour. When monitoring and evaluating transactions, the LFI should take into account all information that it has collected as part of CDD.
Monitoring systems can include manual monitoring processes and the use of automated and intelligence led monitoring systems. In all cases, the appropriate type and degree of monitoring should appropriately match the money laundering and financing of terrorism (ML/FT) risks of the institution’s customers, products and services, delivery channels, and geographic exposure, and may therefore vary across an LFI’s business lines or units, where applicable. TM programs should also be calibrated to the size, nature, and complexity of each institution. The transaction monitoring system used by LFIs should be equipped to identify patterns of activity that appear unusual and potentially suspicious for PEPs customers as well as unusual behaviour that may indicate that a customer’s business has changed in such a way as to require a high risk rating. Please consult also the CBUAE’s Guidance for Licensed Financial Institutions on Transaction Monitoring and Sanctions Screening3 for further information.
3 Available at: https://www.centralbank.ae/en/cbuae-amlcft
3.3.2. Suspicious Transaction Reporting
As required by Article 15 of the AML-CFT Law and Article 17 of AML-CFT Decision, LFIs must file an STR, SAR or other report types with the UAE Financial Intelligence Unit (UAE FIU) when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime. As per Article 18 of the AML-CFT Decision, In reporting their suspicions, employees must maintain confidentiality with regard to both the information being reported and the act of reporting itself, and make reasonable efforts to ensure the information and data reported are protected from access by any unauthorised person (Please consult also section 7.8 of the CBUAE’s Guidelines on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations for Financial Institutions). STR filing is not simply a legal obligation; it is a critical element of the UAE’s effort to combat financial crime and protect the integrity of its financial system. STR filings assist law enforcement in detecting criminal actors and preventing the flow of illicit funds through the UAE financial system. Please consult also the CBUAE’s Guidance for Licensed Financial Institutions on Suspicious Transaction Reporting4 for further information.
4 Available at: https://www.centralbank.ae/en/cbuae-amlcft
3.4. Governance and Training
The specific preventive measures discussed above should take place within, and be supported by, a comprehensive institutional AML/CFT program that is appropriate to the risks the LFI faces. The core of an effective risk-based program is an appropriately experienced AML/CFT Compliance Officer who understands the LFI’s risks and obligations and who has the resources and autonomy necessary to ensure that the LFI’s program is effective. Additionally, the LFI’s senior management must clearly endorse and support the AML/CFT program. As with all risks to which the LFI is exposed, the AML/CFT training program should ensure that employees are aware of the risks of PEPs customers, familiar with the obligations of the LFI, and equipped to apply appropriate risk-based controls. Training should be tailored and customized to the LFI’s risk and the nature of its operations. As such, an LFI that has a significant number of PEPs customers should offer training that includes an in-depth discussion of risk factors and “red flags” related to such customers (see Annex 1 below).
Annex 1. Red flags
The following is a list of red flags and indicators for suspicion associated with PEPs.5 PEPS ATTEMPTING TO SHIELD THEIR IDENTITY:
• Use of corporate vehicles (legal entities and legal arrangements) to obscure the beneficial owner. • Use of corporate vehicles without valid business reason. • Use of intermediaries when this does not match with normal business practices or when this seems to be used to shield identity of PEP. • Use of family members or close associates as legal owner.
RED FLAGS AND INDICATORS RELATING TO THE PEP AND HIS BEHAVIOUR:
• Use of corporate vehicles (legal entities and legal arrangements) to obscure i) ownership, ii) involved industries or iii) countries. • The PEP makes inquiries about the institution’s AML policy or PEP policy. • The PEP seems generally uncomfortable to provide information about source of wealth or source of funds. • The information that is provided by the PEP is inconsistent with other (publicly available) information, such as asset declarations and published official salaries. • The PEP is unable or reluctant to explain the reason for doing business in the country of the financial institution or Designated Nonfinancial Business and Profession (DNFBP). • The PEP provides inaccurate or incomplete information. • The PEPs seeks to make use of the services of a financial institution or DNFBP that would normally not cater to foreign or high value clients. • Funds are repeatedly moved to and from countries to which the PEPs does not seem to have ties with. • The PEP is or has been denied entry to the country (visa denial). • The PEP is from a country that prohibits or restricts its/certain citizens to hold accounts or own certain property in a foreign country.
THE PEP’S POSITION OR INVOLVEMENT IN BUSINESSES:
• The PEP has a substantial authority over or access to state assets and funds, policies and operations. • The PEP has control over regulatory approvals, including awarding licences and concessions. • The PEP has the formal or informal ability to control mechanisms established to prevent and detected ML/FT. • The PEP (actively) downplays importance of his/her public function, or the public function s/he is relates to associated with. • The PEP does not reveal all positions (including those that are ex officio). • The PEP has access to, control or influence over, government or corporate accounts. • The PEP (partially) owns or controls financial institutions or DNFBPs, either privately, or ex officio. • The PEP (partially) owns or controls the financial institution or DNFBP (either privately or ex officio) that is a counter part or a correspondent in a transaction. • The PEP is a director or beneficial owner of a legal entity that is a client of a financial institution or a DNFBP.
RED FLAGS AND INDICATORS RELATING TO THE INDUSTRY/SECTOR WITH WHICH THE PEP IS INVOLVED:
• Arms trade and defence industry. • Banking and finance. • Businesses active in government procurement, i.e., those whose business is selling to government or state agencies. • Construction and (large) infrastructure. • Development and other types of assistance. • Human health activities. • Mining and extraction. • Privatisation. • Provision of public goods, utilities.
BUSINESS RELATIONSHIP / TRANSACTION, PURPOSE OF BUSINESS RELATIONSHIP:
• Multiple STRs or other reports have been submitted on a PEP. • (Consistent) use of rounded amounts, where this cannot be explained by the expected business. • Deposit or withdrawal of large amounts of cash from an account, use of bank cheques or other bearer instruments to make large payments. Use of large amounts of cash in the business relationship. • Other financial institutions and DNFBPs have terminated the business relationship with the PEP. • Other financial institutions and DNFBPs have been subject to regulatory actions over doing business with the PEP. • Personal and business related money flows are difficult to distinguish from each other. • Financial activity is inconsistent with legitimate or expected activity, funds are moved to or from an account or between financial institutions without a business rationale. • The account shows substantial activity after a dormant period; or over a relatively short time; or shortly after commencing the business relationship. • The account shows substantial flow of cash or wire transfers into or out of the account. • Transactions between non-client corporate vehicles and the PEP’s accounts. • A PEP is unable or reluctant to provide details or credible explanations for establishing a business relationship, opening an account or conducting transactions. • A PEP receives large international funds transfers to a gaming account. The PEP withdraws a small amount for gaming purposes and withdraws the balance by way of cheque. • A PEP uses third parties to exchange gaming chips for cash and vice versa with little or minimal gaming activity. • A PEP uses multiple bank accounts for no apparent commercial or other reason.
PRODUCTS, SERVICE, TRANSACTION OR DELIVERY CHANNELS:
• Businesses that cater mainly to (high value) foreign clients. • Trust and company service providers. • Wire transfers, to and from a PEP account that cannot be economically explained, or that lack relevant originator or beneficiary information. • Correspondent and concentration accounts. • Dealers in precious metals and precious stones, or other luxurious goods. • Dealers in luxurious transport vehicles (such as cars, sports cars, ships, helicopters and planes). • High-end real estate dealers.
COUNTRY SPECIFIC RED FLAGS AND INDICATORS
• The foreign or domestic PEP is from a higher risk country. • Additional risks occur if a foreign or domestic PEP from a higher risk country would in his/her position have control or influence over decisions that would effectively address identified shortcomings in the AML/CFT system. • Foreign or domestic PEPs from countries identified by credible sources as having a high risk of corruption. • Foreign or domestic PEPs from countries that have not signed or ratified or have not or insufficiently implemented relevant anti-corruption conventions, such as the UNCAC, and the OECD Anti-Bribery Convention. • Foreign or domestic PEPs from countries with a mono economies (economic dependency on one or a few export products), especially if export control or licensing measures have been put in place. • Foreign or domestic PEPs from countries that are dependent on the export of illicit goods, such as drugs. • Foreign or domestic PEPs from countries (including political subdivisions) with political systems that are based on personal rule, autocratic regimes, or countries where a major objective is to enrich those in power, and countries with high level of patronage appointments. • Foreign or domestic PEPs from countries with poor and/or opaque governance and accountability. • Foreign or domestic PEPs from countries identified by credible sources as having high levels of (organised) crime. 5 FATF: https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf
Annex 2. Synopsis
Purpose of this Guidance Purpose The purpose of this Guidance is to assist the understanding and effective performance by licensed financial institutions (LFIs) of their statutory obligations under the legal and regulatory framework in force in the UAE relating to PEPs. Applicability This Guidance applies to all natural and legal persons, which are licensed and/or supervised by the CBUAE, in the following categories: national banks, branches of foreign banks, exchange houses, finance companies, stored value facilities, retail payment service providers, card schemes, registered Hawala providers, and other LFIs; and insurance and re-insurance companies, agencies, and brokers. Understanding Risks Article 15 of the AML-CFT Decision and the FATF standards impose specific Customer Due Diligence (CDD) obligations on LFIs with respect to Customers that are Politically Exposed Persons (PEPs) which include the Direct Family Members or Associates Known to be Close to the PEPs. The special requirements related to PEPs are not an indication that LFIs should avoid dealing with such customers. Instead, these requirements are meant to ensure that LFIs have done the due diligence necessary to fully identify, understand their customers and have made fully-informed decisions regarding whether or not to accept the customer or to continue the relationship.
There are three sub-groups of PEPs: (1) Domestic PEPs; (2) Foreign PEPs; and (3) Heads of International Organizations (HIOs). PEPs are at higher risk of involvement in crimes because of the powers that come with their position or status. PEPs may use their power or influence to directly enrich themselves, their family members, and their associates, by stealing or misdirecting government funds. Customers that are the direct family members of a PEP, the known close associates of a PEP, or that are legal persons or legal arrangements with at least one beneficial owner who is a PEP are referred to as "Related Customers.''
Although LFIs are required to apply special procedures for all PEPs and Related Customers, not all PEPs and Related Customers are equally high-risk. Some factors that can influence the risks of a particular PEP are:
• The PEP's ability to control highly consequential outcomes. • The authority and independence inherent in the PEP's role or function. • The access to funds inherent in the PEP's role. • The nature of governance in the state or organization that has entrusted the PEP with a prominent function. • The overall level of corruption in the state or organization that has entrusted the PEP with a prominent function. The sources of risk for a Related Customer can be divided into two broad categories:
• The risk of the PEP to which the Related Customer is connected • The relationship between the Related Customer and the PEP. Mitigating Risks Legal requirements The AML-CFT Decision requires LFIs to carry out specific mandatory due diligence measures on PEPs and Related Customers, in addition to the standard CDD required for all customers. In line with FATF standards, the AML-CFT Decision imposes different requirements on LFIs for foreign PEPs as opposed to domestic PEPs and HIOs.
• For foreign PEPs and Related Customers, LFIs must: (1) Put in place suitable risk management systems to determine whether a Customer or the Beneficial Owner is considered a PEP: (2) obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP; (3) take reasonable measures to establish the source of funds and the sources of wealth of Customers and Beneficial Owners identified as PEPs; and (4) conduct enhanced ongoing monitoring over such relationship. • For domestic PEPs and HIOs and Related Customers, LFIs must (1) Take sufficient measures to identify if their customer or the Beneficial Owner is considered one of those persons and (2) Take the measures identified in (b), (c), and (d) when there is a high-risk business relationship accompanying such persons. LFIs must take reasonable measures to determine whether the beneficiary, or the beneficial owner of a beneficiary, of a life insurance policy or of family takaful insurance is a PEP or a Related Customer. LFIs must inform senior management before pay-out of those policies, or prior to the exercise of any rights related to them. LFIs must also thoroughly examine the overall business relationship.
Applying Legal Requirements Classifying Customers as PEPs: • The legal definition of PEP specifically lists the roles of persons who always qualify as PEPs, such as Heads of States or Governments, senior politicians, senior government officials, and judicial officials, among others. • However, as there is no exhaustive list of the positions that qualify an individual as a PEP globally and LFIs should use their discretion in identifying PEPs and develop risk-based policies and procedures to ensure they appropriately identify customers who are PEPs, or the family members or close associates of PEPs. • The determination of whether a customer is a PEP should therefore consider a number of factors, including, most importantly, whether the natural person currently holds, or has recently held, a role that gives him or her power or influence over decisions, policy or the disbursal of funds belonging to a government or an international organization. • PEPs are always natural persons, and LFIs should perform a PEP analysis on customers who are the beneficial owners of legal persons or legal arrangements. Classifying Customers as Related Customers: • LFIs are required to treat the direct family members (spouses, children, spouses of children, and parents) and close associates of PEPs (Natural persons having joint ownership rights in a legal person or arrangement or any other close business relationship with the PEP or having individual ownership rights in a legal person or arrangement established in favour of the PEP) as if they were PEPs themselves. • The above-mentioned relationships should be viewed as a mandatory minimum, not as an exhaustive list of all relationships that may justify to treat a customer as a PEP. LFIs should take a risk-based approach and consider whether a relationship exists between their customer and the PEP that could be exploited or abused to obscure the PEP's connection to illicit funds. • Once an LFI has established that a qualifying relationship exists between a customer (or the beneficial owner of a customer) and a PEP, the LFI must treat the customer as a PEP (or as owned by a PEP). However, between a PEP and the direct family member or close associate of a PEP: the latter cannot transfer their status to their own family members and close associates. Time Limits of PEP Status: • A PEP's risk derives from the PEP's power or influence over decisions, funds, or policy. Therefore, it may not be appropriate to continue to treat a customer as a PEP long after they have lost such power or influence. While LFIs may set a schedule to review PEP status, they should make a risk-based decision as to when sufficient time has passed for a customer to no longer be classified as a PEP. • Factors to consider when making such a determination include: the seniority and power inherent in the customer's previous role; the corruption potential of the customer's previous role; whether the customer still exercises informal influence over government decisionmaking through his or her current formal role; whether the previous and current role of the customer are linked in any way; the customer's relationships to other PEPs and the nature and purpose of the business relationship, and the overall risks of the products and services the customer avails or intends to avail. PEP Screening: • Classification of a customer as a PEP or a Related Customer should take place during the CDD stage, prior to the commencement of the business relationship. LFIs are required to have suitable risk management systems in place to determine whether a customer, or the beneficial owner of a customer, is a foreign PEP, or Related Customer and are required to take sufficient measures to identify whether a customer, or the beneficial owner of a customer, is a domestic PEP or an HIO, or Related Customer. In practice, however, it will generally be appropriate to conduct onboarding screening and ongoing screening on all customers. • Preliminary screening may begin by including a question in onboarding forms or interviews that inquires whether the customer or any beneficial owner is a PEP or Related Customer. LFIs should not however rely solely on a customer's assertion, but supplement this basic screening question with additional due diligence. • LFIs should be alert to any aspects of a customer profile that are inconsistent or do not have a clear explanation. LFIs should use the ongoing monitoring process to determine whether a customer's status has changed. PEP Risk Rating: Under the AML-CFT Decision, LFIs must conduct enhanced ongoing monitoring over relationships with foreign PEPs and Related Customers. Therefore, it is important to appropriately risk-rate all PEP customers, customers whose beneficial owners are PEPs, and customers that are direct family members and close associates of a PEP. PEP-specific factors to consider in risk rating include: the nature of the PEP's position, and the controls in place in the PEP's own country jurisdiction to prevent corruption. For Related Customers, LFIs should consider the risk of the PEP to which the customer is connected, and also the nature and extent of the connection, in determining the risk rating. In cases where a natural person customer has PEP status from two sources, or where more than one PEP is involved in a legal person customer, LFIs should always use the higher risk rating. Enhanced Due Diligence Requirements: Under the AML-CFT Decision, when a customer (or the beneficial owner of a customer) is determined to be a foreign PEP or Related Customer, or where a customer is determined to be a domestic PEP or HIO or Related Customer, and when there is a high-risk business relationship accompanying such persons, LFIs must take the following mandatory steps: (1) Obtain senior management approval before establishing a business relationship, or continuing an existing one, with a PEP or Related Customer; (2) take reasonable measures to establish the source of funds, including the source of wealth, of PEPs and Related Customers; and (3) conduct enhanced ongoing monitoring of the relationship. Transaction Monitoring and Suspicious Transaction Reporting Transaction Monitoring: As required by the AML-CFT Decision, LFIs must continuously monitor all their transactions to ensure that transactions are consistent with the information they have about the customer, their type of activity and the risks they pose, including, when necessary, the source of funds. Monitoring systems can include manual monitoring processes and the use of automated and intelligence led monitoring systems. The transaction monitoring system used by LFIs should be equipped to identify patterns of activity that appear unusual and potentially suspicious for PEP customers as well as unusual behaviour that may indicate that a customer's business has changed in such a way as to require a high-risk rating. Suspicious Transaction Reporting: As required by the AML-CFT Law and the AML-CFT Decision, LFIs must file a suspicious transaction report (STR) or suspicious activity report (SAR) or other report types with the UAE Financial Intelligence Unit (UAE Fill) when they have reasonable grounds to suspect that a transaction, attempted transaction, or funds constitute, in whole or in part, regardless of the amount, the proceeds of crime, are related to a crime, or are intended to be used in a crime. Governance and Training The specific preventive measures discussed above should take place within, and be supported by, a comprehensive institutional AML/CFT program that is appropriate to the risks the LFI faces. As with all risks to which the LFI is exposed, the AML/CFT training program should ensure that employees are aware of the risks of PEPs customers, familiar with the obligations of the LFI, and equipped to apply appropriate risk-based controls.