3.3.1.5. Non-Face-to-Face Relationships
Effective from 31/10/2022Insurance operators should develop policies and procedures to address any specific risks associated with non-face-to-face customer relationships and transactions undertaken in the course of such relationships. Such policies and procedures should be applied when establishing a new customer relationship and when conducting ongoing monitoring, and should be at least as stringent as those that would be required to be performed if there was face-to-face contact.
| ○ | Note: Relationships in which personal contact between an insurer or agent and the customer is achieved via video teleconference are not considered to be non-face-to-face relationships for the purpose of this Guidance. | |||||||
Heightened ML/FT risks may arise from establishing business relationships or undertaking transactions according to instructions conveyed by customers over the internet (absent personal contact via video teleconference), post, fax, or telephone. An operator should note that online applications and transactions may pose greater risks than other non-face-to-face business due to the following factors, which taken together may compound the associated ML/FT risks:
| • | The ease of unauthorized access to the facility, across time zones and locations; | |||
| • | The ease of making multiple fictitious applications without incurring additional cost or the risk of detection; | |||
| • | The absence of physical documents; and | |||
| • | The speed of electronic transactions. | |||
The measures taken by an insurance operator for verifying the identity of customers and beneficial owners in the context of non-face-to-face relationships will depend on the nature and characteristics of the product or service provided and the customer’s risk profile. Where verification of identity is performed without face-to-face contact (e.g., electronically), an operator should apply additional checks to manage the risk of impersonation. The additional checks may consist of robust anti-fraud checks that the operator routinely undertakes as part of its existing procedures, which may include as appropriate and feasible:
| • | Telephone contact with the customer at a residential or business number that can be verified independently; | |||
| • | Confirmation of the customer’s address through an exchange of correspondence or other appropriate method; | |||
| • | Subject to the customer’s consent, telephone confirmation of the customer’s employment status with his or her employer’s human resource department at a listed business number of the employer; | |||
| • | Confirmation of the customer’s salary details by requiring the presentation of recent bank statements where applicable; | |||
| • | Provision of certified identification documents by lawyers or notaries public; | |||
| • | Requiring the customer to make an initial premium payment using a check drawn on the customer’s personal account with a bank in the UAE; and | |||
| • | Video call with the customer. | |||