UAE Financial Rules & Regulations

Chapter 5 Anti-Money Laundering and Combating the

Financing of Terrorism (15 Questions)
CISI UAE Rules & Regulations - Chapter 5

1. Offences
Under the legislation, specifically Federal Law No. 20 of 2018, the offences of both money laundering and the
financing of terrorism are laid down in Articles 2 to 4.

Money laundering involves funds that are criminally derived – the proceeds of a felony or a misdemeanour according
to the law. The criminal offence from which the proceeds were derived is typically referred to as the ‘predicate
offence’. Any person who has knowledge of this and wilfully commits any of the following acts is guilty of money
laundering
• transferring or moving proceeds or conducting any transaction with the aim of concealing or disguising their illegal
source
• concealing or disguising the true nature, source or location of the proceeds as well as the method involving their
disposition, movement, ownership of or rights with respect to those proceeds
• acquiring, possessing or using proceeds upon receipt, or
• assisting the perpetrator of the predicate offense to escape punishment
CISI UAE Rules & Regulations - Chapter 5

2. The Role of the Financial Services Industry

Financial institutions, such as banks, designated non-financial businesses, such as brokers, real estate agents and
dealers in precious metals, and designated non-financial professions, such as lawyers and accountants, are all required
to report suspicions of money laundering and terrorist financing.

If there is suspicion or if there are reasonable grounds to suspect money laundering or terrorist financing is happening
or being attempted, a detailed report should be submitted to the UAE’s Financial Intelligence Unit (FIU), which is the
financial intelligence department at the UAE Central Bank.

These reports must include all of the data and information available regarding the transaction and the parties involved,
and provide any additional information required by the FIU, with no right to object under confidentiality provisions.

Lawyers, notaries, other legal professionals and independent legal auditors are exempted from this provision if the
information related to the operation has been obtained subject to professional confidentiality.
CISI UAE Rules & Regulations - Chapter 5

2. The Role of the Financial Services Industry

2.2 Customer Due Diligence (CDD)
Customer due diligence (CDD) is a vital component in the prevention and detection of money laundering and terrorist
financing. In simple terms, it is verifying whether customers are who they say they are, confirming they are not on any
prohibited lists and assess their risk factors. In other words, CDD is the act of performing background checks on the
customer to ensure that they are properly risk-assessed before being onboarded.
Article (6) of Decision No. 10 of 2019 requires financial institutions and designated non-financial businesses and
professions (DNFBPs) to undertake CDD measures:
• when establishing a business relationship
• when carrying out occasional transactions in favour of a customer for amounts equal to or exceeding AED 55,000,
whether the transaction is carried out in a single transaction or in several transactions that appear to be linked
• when carrying out occasional transactions in the form of wire transfers for amounts equal to or exceeding AED
3,500
• whenever there is a suspicion of crime
• where there are doubts about the veracity or adequacy of the identification data previously obtained for the
customer.
CISI UAE Rules & Regulations - Chapter 5

2. The Role of the Financial Services Industry

2.2 Customer Due Diligence (CDD)
The customer due diligence (CDD) measures require verification of the identity of the customer and the beneficial
owner before or during the establishment of a business relationship, opening of an account, or before executing a
transaction for a customer with whom there is no business relationship.
It is only in cases where there is a low crime risk that verification of customer identity is allowed to take place after the
establishment of the business relationship, which must meet the following conditions:
a. The verification will be conducted in a timely manner as of the commencement of business relationship or the
implementation of the transaction.
b. The delay is necessary in order not to obstruct the natural course of business.
c. The implementation of appropriate and effective measures to control the risks of crime.

Importantly, financial Institutions and DNFBPs are always required to take measures to manage the risks in
circumstances where customers are able to benefit from the business relationship prior to completion of the
verification process.
CISI UAE Rules & Regulations - Chapter 5

2. The Role of the Financial Services Industry

2.2 Customer Due Diligence (CDD)
CDD should be done using documents, data or information from a reliable and independent source or any other source
to verify the identity. This is required as follows:
• For natural persons:
• The name, as in the identification card or travel document, nationality, address, place of birth, name and address of
employer, attaching a copy of the original and valid identification card or travel document. Approval of senior
management is also required where either the customer or the beneficial owner is a PEP.
• For legal persons and legal arrangements:
• The name, legal form and memorandum of association.
• Headquarters office address or the principal place of business (if the legal person or arrangement is a foreigner, it
must mention the name and address of its legal representative in the UAE and submit the necessary documents as a
proof).
• Articles of association or any similar documents, attested by the competent authority within the UAE.
• Names of relevant persons holding senior management positions in the legal person or legal arrangement
CISI UAE Rules & Regulations - Chapter 5

2. The Role of the Financial Services Industry

2.3 Beneficial Ownership
Financial institutions and DNFBPs are required to take reasonable measures to verify the identity of the beneficial
owners of legal persons and legal arrangements. This should be done using information, data, or statistics acquired
from a reliable source.
For customers that are legal persons, beneficial ownership verification involves:
a. Obtaining and verifying the identity of the natural person, who alone or jointly with another person, has a
controlling ownership interest in the legal person of 25% or more.
b. In the event of failing to verify the identity of the natural person exercising control, or where the person(s) with the
controlling ownership interest is not the beneficial owner, the identity shall be verified for the relevant natural
person(s) holding the position of senior management officer, whether one or more persons.
CISI UAE Rules & Regulations - Chapter 5

4. Politically Exposed Persons (PEPs)

We saw in the section on CDD that, for natural persons, senior management approval is required where the customer
or the beneficial owner is a politically exposed person (PEP).

A PEP is defined as a natural person that is or has been entrusted with a prominent public function in the UAE
(domestic PEP) or any other foreign country (foreign PEP).

Examples of prominent public functions include heads of state or government, senior politicians, senior government
officials, judicial or military officials, senior executive managers of state-owned corporations, senior officials of political
parties and persons who are, or have previously been, entrusted with the management of an international organisation
or any prominent function within such an organisation.

The definition also includes direct family members of a PEP, which includes the spouse, children, spouses of children
and parents.

Furthermore, associates known to be close to a PEP, are also within the definition, such as individuals having joint-
ownership rights in a legal person or arrangement or any other close business relationship with a PEP, and individuals
having individual ownership rights in a legal person or arrangement established in favour of a PEP.
CISI UAE Rules & Regulations - Chapter 5

5. Suspicious Transaction Reports (STRs)

For PEPs, in addition to undertaking CDD measures, financial institutions and DNFBPs must carry out the following:
• For foreign PEPs:
a. Put in place suitable risk management systems to determine whether a customer or the beneficial owner is
considered a PEP.
b. Obtain senior management approval before establishing a business relationship, or continuing an existing one,
with a PEP.
c. Take reasonable measures to establish the source of funds of customers and beneficial owners identified as
PEPs.
d. Conduct enhanced ongoing monitoring over such relationship.
• For Domestic PEPs and individuals previously entrusted with prominent functions at international organisations:
a. Take sufficient measures to identify whether the customer or the beneficial owner is considered one of those
persons.
b. Take the same steps as for foreign PEPs listed as b, c and d above when there is a high-risk business
relationship accompanying such persons
CISI UAE Rules & Regulations - Chapter 5

6. Practical Measures
6.1 Third Party Service Providers and New Technologies
Financial institutions and DNFBPs can utilise the services of a third party service provider to undertake the required
CDD measures, but only with the following caveats, the financial institution or DNFBP must
• remain responsible for the validity of the measures undertaken
• immediately obtain the identification data and other necessary information collected through the CDD measures
and ensure that copies of the documents for such measures can be obtained without delay and upon request, and
• ensure that the third party is regulated and supervised, and that it adheres to the required CDD measures towards
customers and record-keeping provisions.
Financial institutions and DNFBPs can rely on third parties that are part of the same group.
Where a financial institution or DNFBP is developing new products and practices, including the means by which new
and existing products will be made available, it must identify and assess the risks of money laundering and terrorism
financing that may arise and take appropriate measures to manage and mitigate such risks.
CISI UAE Rules & Regulations - Chapter 5

6. Practical Measures
6.3 Compliance Officer Tasks
The appointed compliance officer must have the appropriate competencies and experience to be responsible for
performing the following tasks:
1. Detecting money laundering and terrorist financing transactions.
2. Receiving, reviewing and scrutinising data concerning potentially suspicious transactions, and taking decisions to
notify the FIU whilst maintaining complete confidentiality.
3. Reviewing and assessing the internal rules and procedures and their consistency with the law and other regulatory
requirements and decisions. Proposing updates where necessary and preparing and submitting semi-annual
reports to senior management, copying the report to the relevant supervisory authority with senior management
remarks and decisions
4. Preparing, executing and documenting ongoing training and development programmes and plans for the
institution’s employees on money laundering and the financing of terrorism and illegal organisations, and the
means to combat them.
5. Collaborating with the supervisory authority and the FIU, providing them with all requested data, and allowing
their authorised employees to view the necessary records and documents that will allow them to perform their
duties.
CISI UAE Rules & Regulations - Chapter 5

7. Record Keeping Requirements

Financial institutions and DNFBPs must retain all records, documents, data and statistics for all financial transactions
and local or international commercial and cash transactions for a period of no less than five years from the date of
completion of the transaction or termination of the business relationship with the customer.

These records and documents should include those obtained through CDD measures, ongoing monitoring, account files
and business correspondence, and copies of personal identification documents, including STRs and the results of any
analysis.
CISI UAE Rules & Regulations - Chapter 5

8. Penalties
8.1 Administrative Penalties
The following administrative penalties will be imposed on financial institutions and designated non-financial businesses
and professions that violate the law and regulations in relation to money laundering and terrorism financing:
• Warnings.
• Administrative penalties of no less than AED 50,000 and no more than AED 5,000,000 for each violation.
• Banning the violator from working in the sector related to the violation for the period determined by the
supervisory authority.
• Constraining the powers of the board members, supervisory or executive management members, managers or
owners who are proven to be responsible for the violation including the appointment of temporary inspector.
• Arresting managers, board members and supervisory and executive management members who are proven to be
responsible for the violation for a period to be determined by the supervisory authority, or request their removal.
• Arrest or restrict the activity or the profession for a period to be determined by the supervisory authority.
• Cancel the violator’s licence.
The supervisory authority will, upon imposing administrative penalties, publish the penalties. The supervisory authority
may also request regular reports on the measures taken to correct the violation.
CISI UAE Rules & Regulations - Chapter 5

8. Penalties
8.2 Money Laundering
Any person who commits or attempts to commit the crime of money laundering will be sentenced to imprisonment for
a period not exceeding ten years and to a fine of no less than AED 100,000 and no more than AED 5,000,000.

A temporary imprisonment and a fine of no less than AED 300,000 and no more than AED 10,000,000 will be applied if
the perpetrator of a money laundering crime commits any of the following:
• abuses the influence or the power granted by the person’s profession or professional activities
• commits the crime through a non-profit organisation
• commits the crime through an organised crime group
• is a repeat offender.
An attempt to commit a money laundering offence is punishable by the full penalty prescribed for perpetrating the
same offence.
CISI UAE Rules & Regulations - Chapter 5

8. Penalties
8.4 Penalties for Legal Persons
Legal persons, as opposed to natural persons, may face a penalty in the form of a fine of no less than AED 500,000 and
no more than AED 50,000,000 where representatives or managers or agents commit the crimes of money laundering,
financing terrorism or financing illegal organisations for its account or in its name.
Additionally, if the legal person is convicted of the crime of financing terrorism, the court will order its dissolution and
closure of its offices where its activities are performed.
The court will also order the publishing of a summary of the judgment by the appropriate means at the expense of
guilty party.
8.5 Failure to Report Suspicions
A failure to report suspicions, or gross negligence in implementing processes and procedures in relation to suspicions
can result in imprisonment and/or a fine of no less than AED 100,000 and no more than AED 1,000,000.
8.6 Tipping Off
Anyone who notifies or warns a person in relation to suspicions, or reveals any transaction under review in relation to
suspicions, is guilty of ‘tipping off’. The offence of tipping off leads to imprisonment for no less than six months and/or
a penalty of no less than AED 100,000 and no more than AED 500,000
CISI UAE Rules & Regulations - Chapter 5

9. Market Abuse Regulations in the UAE

Rules relating to the prevention and penalties arising from market abuse in the UAE are derived from two sources:
1. Article 16 (the Regulations as to Trading, Clearing, Settlement, Transfer of Ownership and Custody of Securities)
says that any dealing in securities with the aim of deceiving other transacting parties will be null and void.
Furthermore, resorting to a series of illusory transactions to delude others as to the existence of an active market in
the securities traded is deemed to be a form of deception. Any act aimed at causing a rise or a fall in the price of
any securities with the intention of encouraging other transacting parties to join in, whether as sellers or
purchasers of the securities, will also be null and void.
2. Article 37 (the Regulations as to Disclosure and Transparency) details the potential penalties. It states that any
person will be liable to imprisonment for a period of not less than three months and not more than three years and
a fine of not less than AED 100,000 and not more than AED one million, or either of these penalties, if they:
• furnish any data, or proffer any declaration or information being untrue and such as to affect the market value
of the securities and an investor’s decision to invest or otherwise
• deal in securities on the basis of unpublicised or undisclosed information they acquired by virtue of their
position
• spread tendentious rumours regarding the selling or buying of shares
• exploit unpublicised information which could affect the prices of securities to achieve personal benefits.
Any dealing or transaction effected on the basis of the preceding shall be null and void.