The United Arab Emirates (UAE) is a global business hub for international trade and finance. It is one of the most important economies in the world. UAE attracts big business, however entail risks for money laundering and terrorist financing. For preventing from these the UAE maintains strict AML laws and regulations. Both domestic and international businesses, who are operating in the UAE need to follow Anti-Money laundering/Combatting the Financing of terrorism (AML/CFT) laws. The UAE has AML/CFT laws that require financial institutions to implement policies and procedures to identify, monitor, and report suspicious transactions.

AML Regulatory Authorities

AML regulators are entities that monitor financial transactions and identify suspicious behaviour. Their main purpose is to ensure that financial institutions follow compliance requirements. FATF is one of the main regulatory bodies worldwide.

FATF (Financial Action Task Force)

In 1989, the Global Financial Action Task Force (FATF) was formed by a group of governments and organizations. Its mission was to develop and promote international standards for preventing money laundering. The FATF is a policy-making body. FATF regularly publishes AML regulation guidance. The members and financial institutions of these organizations must comply with the money laundering regulations. FATF imposes sanctions on financial institutions that do not comply with regulations.

The Central Bank of UAE (CBUAE)

CBUAE is the main regulator for AML in the UAE. The CBUAE regulates all banks, moneychangers, finance companies, and other financial institutions operating in the United Arab Emirates. CBUAE provides supervision through Anti-Money Laundering and Combatting the Financing of Terrorism Supervision Department (AMLD).

AMLD is responsible for overseeing and enforcing Anti-money laundering (AML) and combatting the financing of terrorism (CFT) regulations within a jurisdiction or organization. It conducts inspections, audits, provide guidance and support, and takes enforcement actions when necessary to address non-compliance. There are other regulatory authorities in the UAE as well.

Dubai Financial Services Authority (DFSA)

DFSA is the independent regulator of financial services conducted in or from the Dubai International Financial Centre (DIFC), a leading financial free zone in the United Arab Emirates (UAE). DFSA regulates Authorised Firms, which include banks, insurance companies, investment banks, asset managers, and fund administrators. The key functions and responsibilities of DFSA are Regulatory oversight, Licencing and Authorization, Supervision and Monitoring and Policy deployment.

Ministry of Economy

The Ministry of Economy’s role is to supervise the ‘Designated Non-financial Businesses and Professions’ (DNFBPs) sector at the state level and commercial free zones in order to combat money laundering and financing of terrorism in the UAE.

DNFBP include the businesses like Lawyer, Notaries, Independent Legal Professionals, Accountant and Auditor, Real Estate Agents and Dealers in Precious Metals and Stones etc. It provides guidance, knowledge, and training support to Designated Non-financial Businesses and Professions (DNFBPs).  It is also involved in developing a regulatory framework to combat AML and terrorism financing and maintaining the UAE’s reputation and position in global markets, and with international partner organizations.

Financial Services Regulatory Authority (FSRA)

FSRA is the regulatory authority responsible for overseeing and regulating financial services activities within the Abu Dhabi Global Market (ADGM). One of the key responsibilities of FSRA is Prevention of Financial Crimes including Money Laundering and Terrorist Financing. FSRA sets setting requirements for customer due diligence, suspicious transaction reporting, and compliance with international standards.

Legal Framework for AML in the UAE

The UAE’s robust legal framework for AML and CFT encompasses various laws and Regulations, which includes –

  • Federal Decree-Law No. (20) of 2018On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organizations (the “AML-CFT Law” or “the Law”).
  • Cabinet Decision No. (10) of 2019Concerning the Implementing Regulation of Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations (the “AML-CFT Decision” or “the Cabinet Decision”).
  • Central Bank Regulations: The Central Bank issued guidelines for CDD, STR, and risk management within Financial Institutions.
  • DIFC Laws and Regulations: The Dubai International Financial Centre (DIFC), a financial-free zone, has its own framework, including the AML Law (DIFC Law No. 1 of 2019) and AML Rules and Guidance.
The Financial Intelligence Unit (FIU)

The FIU under the Central Bank of the UAE, analyses and disseminates information on suspicious financial activities. As per Ministry of Economy, “The UAE Financial Intelligence Unit (FIU) analyses suspicious transactions and activities that may involve money laundering, terrorism financing and related criminal activities, based on data and reports from financial institutions (FIs) and Designated Non-Financial Business and Professions (DNFBPs) that collaborate and share knowledge to detect and act against such activities. FIU encourages collaboration and strategic partnerships with local, regional and international stakeholders that have similar goals of combatting financial crimes. Such collaboration entails developing shared network platforms that allow for enhanced knowledge sharing between agencies to combat money laundering and terrorism financing”. In order to submit an STR to the UAE FIU, a reporting entity should be connected to the goAML platform, which is the UAE FIU’s reporting platform launched in June 2019.

Functions and Activities of FIU:
  • Receiving and processing suspicious transaction reports (STRs) and other financial intelligence submitted by reporting entities.
  • Conducting assessment of the financial intelligence received to identify potential money laundering, terrorist financing, and other illicit activities.
  • Disseminating actionable intelligence to relevant domestic and international law enforcement and regulatory agencies for further investigation and enforcement action.
  • Providing guidance, training, and support to reporting entities and other stakeholders on AML/CFT compliance and reporting obligations.
AML Policies and Procedures

The objective of an Anti-Money Laundering (AML) policy is to establish a framework of policies and procedures for preventing and detecting money laundering and terrorist financing activities within an organization. The primary goals of an AML policy are Prevention of Financial crime, Legal and Regulatory Compliance, Financial system Stability and Risk assessment. The AML Policies and Procedure the UAE must be followed by Financial Institutions, Banks, Insurance Companies, Designated Non-Financial Businesses and Professions (DNFBP) and Virtual Asset Service Providers (VASP). Here are the AML Policies and Procedures for the UAE-

Know Your Customer (KYC) – KYC procedures are a critical function to assess customer risk and to comply with Anti-Money Laundering (AML) laws. KYC is primarily the identity verification process. Its principal purpose is to better understand your customers and their financial dealings. As per Central Bank of The UAE (CBUAE), there are three different types of KYC Processes that must be applied to all Financial Institutions in the UAE:

  1. Customer Identification (CID) Process – Customer identification involves verifying the identity of individuals or legal entities to establish a business relationship with a Financial Institution and Designated Non-Financial Business or Profession (DNFBP). The primary objectives of CID are to ensure the accurate identification of customers, obtain essential information about the customer’s identity, such as name, date of birth, address, nationality, and official identification documents and establish the purpose and nature of the business relationship.
  2. Customer Due Diligence (CDD) ProcessCustomer Due Diligence (CDD) is a risk-based process that involves understanding and assessing the potential risks associated with an individuals or Legal entities and their transactions. Customer due diligence require to check the risk level of the customer (Individuals or entities), obtaining the additional information of the customer’s source of funds, business operations and beneficial ownership structure and monitoring the customer’s transactions.
  3. Enhanced Due Diligence (EDD) ProcessEnhanced Due Diligence is conducted for higher risk customers to provide deeper understanding of customer’s financial activities. Generally, customers who are classified under the high risk category after CDD are prone to money laundering and financing of terrorism. The high risk customers and businesses which need Enhanced Due Diligence are Politically Exposed Persons (PEPs), High risk products and services and suspicious transactions. EDD applying a greater level of scrutiny, more frequent monitoring of transactions and supervision of business relationship.

Transaction Monitoring and Screening – Financial institutions and DNFBPs must implement robust transaction monitoring systems to monitor unusual transaction patterns. This help identify transactions that deviate from expected patterns based on customer profiles and risk assessments. It involves a customer’s historical transactions, account details and customer’s profile and interactions.

Sanctions and watch list – Firms in the UAE face a higher level of sanctions risk, so must implement an effective sanctions screening solution to identify designated customers on international sanctions lists. Firms should similarly seek to identify Politically Exposed Persons (PEPs) by screening against PEP lists. In the UAE, Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs) are required to comply with domestic and international sanctions regimes. This involves screening transactions, customers, and counterparties against sanctions lists to prevent prohibited dealings with sanctioned individuals, entities, or countries.

Suspicious Transaction Reporting – Financial Institutions and Designated Non-Financial businesses and professions (DNFBPs) must file a Suspicious Transaction Report (STR) with the UAE Financial Intelligence Unit (UAE FIU) when they have reasonable grounds to suspect a transaction and attempted transaction. STR process include:

  • Identification of Suspicious TransactionsEmployees of a financial institution, Banks, Money exchange houses etc. recognize the suspicious activities which include transactions involving PEPs, unusual pattern of transactions and large cash transactions.
  • Internal Review and Assessment – After detecting the suspicious transactions, the designated personnel conducts an internal review and assessment to check the nature of activity.
  • Suspicious Transaction Report (STR) Filing – After reviewing, the entity needs to report the suspicious transaction to Financial Intelligence Unit (FIU), which is responsible for receiving and processing of STR. Reporting entities submit the report to the FIU through the prescribed channels and formats, ensuring that all necessary information and documentation are provided.
  • Confidentiality – Reporting entities are bound by strict confidentiality about the Information contained in the report. The report is protected from disclosure to the customer or any third party, except as required by law or authorized by regulatory authorities.
  • Legal ProtectionReporting entities are provided with legal immunity and protection from civil, criminal, or administrative liability for making a good-faith report of suspicious activity to the FIU.

The STR process plays a crucial role in detecting and combatting Money Laundering and Terrorist Financing activities in the UAE. By promptly reporting suspicious transactions to the FIU, reporting entities contribute to the efforts to safeguard the integrity of the financial system and protect against financial crime.

Employee training and awareness – It is necessary for Financial Institutions and Designated Non-Finance Companies and Professions (DNFBPs) such as Dealers of Precious Metals and Stones, Real Estate Agents, Auditors, and Corporate Service Providers to establish an effective AML training program for employees. As per CBUAE guidelines for employee training, The AML/CFT training materials must be reviewed and updated at regular intervals or whenever there are changes in the AML Laws, Regulations, Notices, the Standards and the Licensed Person’s AML policy/ procedures. AML/CFT training material must include:

  • Introduction to AML/CFT concepts
  • Legal and regulatory framework
  • Know Your Customer, Customer Due Diligence and Enhanced Due Diligence
  • Transaction monitoring and reporting
  • AML/CFT Policies and Procedures
  • Penalties for non-compliance of AML/CFT Laws
  • Assessment and certifications
  • Refresher training

Record keeping and documentation – As per Article 24 of Cabinet Decision No. (10) of 2019, Financial Institutions and Designated Non-Finance Companies and Professions (DNFBPs) are required to keep all records, documents, data and statistics for all transactions for a minimum period of five (5) years from the date of completion of the transaction or termination of the business relationship or from the closing date of the account. Records must be maintained in an organized manner so as to permit data analysis and, where relevant, the tracking of financial transactions. For AML compliance, various types of records need to be maintained to ensure adherence to regulatory requirements and facilitate effective oversight and monitoring. These records are:

  • Customer Due Diligence (CDD) Records
  • Transaction Records
  • Suspicious Activity Reports (SARs)
  • Employee Training Records
  • Policies and Procedures Documentation
  • Risk Assessment Records
  • Audit Trails and Compliance Reviews
  • Correspondence and Communications

These records provide an overview of an organization’s AML compliance efforts, demonstrate adherence to regulatory requirements, and support monitoring of AML activities. Maintaining accurate, complete, and organized records is essential for demonstrating regulatory compliance, facilitating audits and inspections, and detecting and preventing financial crime.

Adhering to the prescribed Policies and Regulations safeguards an organization from any potential liabilities arising from their financial transactions. By implementing robust AML frameworks, institutions can mitigate the risks of financial crime, safeguard their reputation, and maintain regulatory compliance. Through ongoing vigilance, collaboration, and adherence to international standards, financial institutions contribute to the integrity and stability of the UAE’s financial system.