Skip to main content

Article (24): Anti-Money Laundering and Combating the Financing of Terrorism and Illicit Organizations

2/2024 Effective from 21/8/2024

1.

This Article (24) applies to an AML Obligor in addition to, and without prejudice to, that AML Obligor’s obligations under other applicable UAE AML/CFT laws and regulations, including but not limited to the AML Law.

2.

AML Obligors must comply with relevant and applicable UAE AML/CFT laws and regulations, address money laundering and terrorist financing risks through appropriate preventive measures to deter abuse of the sector as a conduit for illicit funds, detect money laundering and terrorist financing activities and report any suspicious transactions to the Financial Intelligence Unit at the Central Bank.

3.

AML Obligors must have comprehensive and effective internal AML/CFT policies, procedures and controls in place.

4.

AML Obligors shall be prohibited from invoking banking, professional or contractual secrecy as a pretext for refusing to perform their statutory reporting obligation in regard to suspicious activity.

5.

Payment Token Services shall be considered to carry high money laundering and terrorist financing risk due to their speed, anonymity and cross-border nature.

6.

AML Obligors must identify, assess, and understand the AML/CFT risks to which they are exposed and conduct enterprise-level and business relationship-specific risk assessments. Accordingly, all AML/CFT CDD, monitoring and controls must be risk-based and aligned to the risk assessments.

7.

AML Obligors shall undertake an AML/CFT risk assessment and take appropriate measures to manage and mitigate the identified risks in accordance with applicable legal and regulatory requirements. AML Obligors shall comply with the FATF Guidance for a Risk-based Approach to Virtual Assets and Virtual Assets Service Providers, as may be supplemented from time to time, or any related standards or guidance in assessing and managing risks in Payment Token Services.

8.

AML Obligors shall undertake periodic risk profiling of Customers and assessment based on the AML/CFT requirements.

9.

AML Obligors shall assess whether a business relationship presents a higher money laundering and terrorist financing risk and assign a related risk rating. AML Obligors shall be prohibited from dealing in any way with shell banks or other shell financial institutions and from establishing or maintaining any business relationship or conducting any Payment Token Services under an anonymous or fictitious name or by pseudonym or number.

10.

AML Obligors shall ensure that their CDD models are designed to address the specific risks posed by a Customer profile and Payment Token or Payment Token Service features. AML Obligors shall be prohibited from establishing or maintaining any business relationship with a Customer or performing any Payment Token Services for a Customer in the event that they are unable to complete adequate risk-based CDD measures for any reason for that Customer.

11.

AML Obligors must undertake CDD measures concerning Wire Transfers as stipulated in the relevant provisions of the AML Law if Wire Transfer services are provided by the AML Obligor. AML Obligors must introduce appropriate systems for screening, as part of the CDD process, on all parties involved in a transaction against all applicable sanction lists (including the UN sanction lists and the names contained in the ‘search notices’/’search and freeze notices’ issued by the Central Bank).

12.

If AML Obligors conduct Wire Transfers, they must take freezing action and prohibit conducting transactions with designated persons and entities, as per the obligations set out in the Central Bank’s Notice 103/2020 on the Implementation of United Nations Security Council (UNSC) and the UAE Cabinet Resolutions regarding UNSC and Local Lists, as amended from time to time.

13.

AML Obligors must also be guided by FATF Standards on anti-money laundering and countering the financing of terrorism and proliferation. AML Obligors must incorporate the regular review of AML/CFT trends and typologies into their compliance training programmes as well as into their risk identification and assessment procedures.

 

Risk Factors

14.

In assessing the risk associated with a Payment Token or Payment Token Service for the purposes of Article (24)6, 7, 10 and 13, AML Obligors must take into account the following risk factors:

a)

maximum stored value or transaction amount of the Payment Token Service or Wallet – Payment Token Services or Wallets which enable higher transaction values or higher maximum stored value may increase the money laundering and terrorist financing risk;

b)

methods of funding – Payment Token Services or Wallets that can be funded by cash or with little or no audit trail present a higher money laundering and terrorist financing risk. Funding from unverified sources or via other payment methods without Customer identification can also create an anonymous funding mechanism and hence present higher money laundering and terrorist financing risks;

c)

cross-border usage – in general, Payments Tokens and Payment Token Services providing for cross-border usage may increase the risk as transactions may be subject to different AML/CFT requirements and oversight in other jurisdictions and also give rise to difficulties with information sharing;

d)

person-to-person fund transfer function – Payments Tokens and Payment Token Services that allow person-to-person fund transfers may give rise to higher money laundering and terrorist financing risks;

e)

cash withdrawal function – Payments Tokens and Payment Token Services that enable access to cash for instance through automated teller machine networks may increase the level of money laundering and terrorist financing risk;

f)

holding of multiple Wallets – Payment Token Services that allow a Customer to hold more than one Wallet may also increase the money laundering and terrorist financing risk as it may be utilized by a third-party user other than the Customer;

g)

payment for high-risk activities – some Merchant activities, for example, gaming, present higher money laundering and terrorist financing risks.

15.

The money laundering and terrorist financing risks of a Payment Token or Payment Token Service can be reduced by implementing risk mitigating measures, which may include:

a)

the application of limits on the maximum storage values, cumulative turnover or transaction amounts;

b)

disallowing higher risk funding sources;

c)

restricting the Payment Token Services from being used for higher risk activities;

d)

restricting higher risk functions such as cash access; and

(e)

implementing measures to detect multiple Wallets held by the same Customer or group of Customers.

16.

The level of money laundering and terrorist financing risks posed by a particular Payment Token or Payment Token Service will depend on a consideration of all risk factors, the existence and effectiveness of risk mitigating measures and their functionality.

17.

AML Obligors must assess whether a business relationship with a Customer presents a higher money laundering and terrorist financing risk and assign a related risk rating. Generally, the Customer risk assessment will be based on the information collected during the identification stage and subsequently updated as new information becomes available through ongoing due diligence and transaction monitoring. AML Obligors must ensure that their CDD models are designed to address the specific risks associated to its Customer profile and Payment Token or Payment Token Service features.

 

Compliance management arrangements

18.

AML Obligors must have appropriate compliance management arrangements that facilitate their implementation of AML/CFT systems to comply with relevant legal and regulatory obligations and to manage money laundering and terrorist financing risks effectively. Compliance management arrangements must at a minimum include oversight by the AML Obligor’s Senior Management and appointment of a compliance officer and a money laundering reporting officer.

19.

In addition, AML Obligors must put in place comprehensive AML/CFT policies and procedures in accordance with the AML/CFT laws and regulations.

 

Use of technology

20.

The Central Bank supports innovative means by which AML Obligors implement AML/CFT systems effectively as well as exploring the greater use of technology and analytical tools. The Central Bank expects AML Obligors, before introducing any new product, service or technology, to conduct adequate risk assessments and ensure that any identified risks are effectively managed or mitigated.

21.

In general, the electronic Know Your Customer process currently adopted by licensed banks for digital onboarding of Customers is acceptable for Wallet opening and provision of Payment Token Services. No physical face-to-face meetings with the Customer or physical documents verification are required so long as the digital authentication of the Customer and digital verification of all required documents can be done in accordance with the existing requirements of the Central Bank.

22.

Depending on the nature of relationship, AML Obligors may undertake additional CDD measures, including the collection of sufficient information to adequately understand the nature of the Customer’s business. The extent of CDD measure should be commensurate with the assessed money laundering and terrorist financing risks of the Customer.

23.

Globally there is an emerging range of new products and services involving Virtual Assets. In line with the FATF standards, before an AML Obligor offers any new products relating to Virtual Assets, it must undertake money laundering and terrorist financing risk assessment and take appropriate measures to manage and mitigate the identified risks in accordance with applicable legal and regulatory requirements. AML Obligors are encouraged to refer to the suggestions provided by the FATF Guidance for a risk-based approach to Virtual Assets.