The UAE is a global hub for international trade and finance. The country has several free trade zones that attract big business but also pose risks for money laundering and terrorist financing. To keep these threats at bay, the UAE maintains strict AML laws and regulations.
The UAE has taken significant steps in strengthening its AML regulations over the past several years. This includes the updated Guidelines for Financial Institutions issued in June 2021 and the establishment of the New Specialized Money Laundering Court.
Businesses that operate in the UAE must comply with all of these AML regulations. That’s why Sumsub prepared this guide to help businesses navigate the compliance process. We’ll keep updating this article with all the major developments.
Both domestic and international companies operating in the UAE need to follow AML-CFT Law. There are three main categories of companies that must comply:
All financial institutions (FIs) must comply if they conduct one or several of financial activities or operations on the customer’s behalf. These include:
This list is not exhaustive as the regulating authorities have the right to include additional activities or financial transactions to the list.
Designated Non-Financial Businesses and Professions (DNFBPs), similar to FIs, conduct financial activities on behalf of their customers. DNFBPs usually include the following types of businesses:
It should be noted that only lawyers and corporate servers providers that act on behalf of their customers are affected by the regulations. For example, legal professionals who manage funds owned by their clients fall into the category of DNFBPs.
Non-profit organizations (NPOs) are defined as any organized group of a continuing nature set for a temporary or permanent period, comprising natural or legal persons or not-for-profit legal arrangements.
Unlike FIs and DNFBPs, NPOs have very limited obligations under legislation.
In August 2020, the Central Bank of the UAE (CBUAE) established a special department to regulate all matters related to Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT). Previously, such operations were conducted by the Banking Supervision Department.
This Anti-Money Laundering and Combating the Financing of Terrorism Supervision Department (AMLD) is concerned with three main objectives:
The AMLD cooperates with the UAE’s National AML/CFT Committee and the Examination Division of the Banking Supervision Department. Additionally, the AMLD mediates between CBAUE and the domestic stakeholders.
There are other authorities that deal with AML/CFT activities, including the Securities and Commodities Authority and bodies that solely operate within special economic areas, such as the Dubai International Financial Center and federal and local supervisory and law enforcement authorities.
There are a variety of laws on AML/CFT activities in the UAE. The most important are:
According to the AML-CFT Law, a person acts unlawfully is they knowingly commit one of the following crimes:
To provide a better understanding of all the regulations, the UAE government has published special guidelines for FIs and DNFBPs.
To stay compliant with all the regulations, businesses should monitor customer transactions, ensure that they provide authentic data, and report suspicious cases.
Below, we talk about the major requirements, reporting process, and penalties in detail.
FIs and DNFBPs are required to undertake appropriate risk-based Customer Due Diligence (CDD) measures, including, among other things, understanding the nature of the customer’s business and the purpose of the transaction in the cases specified in Article 6 of the AML-CFT Decision. Such cases include:
FIs are obliged to enhance their CDD measures concerning customers identified as high-risk, which the AML/CFT Decisions divides into multiple categories. These include Politically Exposed Persons (PEPs), customers associated with high-risk countries, and correspondent banking institutions.
FIs can exercise Simplified Customer Due Diligence measures (SDD) concerning customers identified as low-risk. Elements of SDD include, but are not limited to:
There’re also Enhanced Due Diligence (EDD) measures, which involve more rigorous CDD measures applied towards high-risk customers:
Certain obligations need to be fulfilled by FIs in case they detect any suspicious activity related to ML/FT operations.
FIs are obliged to report transactions “without any delay” to the Financial Intelligence Union (FIU) when there are suspicions, or reasonable grounds to suspect, that the proceeds are related to a crime or to the attempt or intention to use funds or proceeds for the purpose of committing, concealing, or benefitting from a crime.
There is no minimum reporting threshold and no statute of limitations concerning ML/FT crimes or reporting of suspicious transactions. Under federal law and regulations, whether the FI operates in the mainland UAE or in a Financial or Commercial Free Zone, the designated Competent Authority for reporting suspicious transactions is the FIU.
Suspicious ML/FT activities should be reported to the FIU through the GoAML portal. All related companies should be registered on the portal. A complete guide on how to register is available here.
Depending on the circumstances, the statutory retention period for all records is at least five years, from the date of the most recent of any of the following events:
The records that FIs are obliged to keep can be separated into two categories: financial transaction records and CDD records.
Businesses need to follow Know Your Customer (KYC) requirements when working with their customers. Know Your Customer (KYC) is the process of identifying and verifying customers. To verify personal data, businesses need to collect different types of documents from individual customers and companies:
Individual customers:
Companies:
If FIs fail to report suspicious activities, their managers or employees may be subjected to imprisonment and fines between AED 100,000 (approximately $27,200) and AED 1,000,000 (approximately $272,000). For violating other AML/CFT requirements, companies may face imprisonment or fines between AED 10,000 (approximately $2,720) and AED 100,000 (approximately $27,200). For DNFBPs, the fines range from AED 50,000 to AED 200,000.
In 2021, the CBUAE announced that it imposed financial sanctions on 11 UAE banks for failing to comply with AML/CFT regulations.
The UAE keeps introducing new regulations and updating old ones to ensure a higher level of AML/CFT actions. Besides updating the Guidelines in 2021, the country started requiring businesses to adopt internal procedures to identify suspicious transactions with banks and exchange houses.
Additionally, the UAE is introducing new governmental bodies to ensure AML/CFT compliance. Among such organizations are the Executive Office of Anti-Money Laundering and Countering the Financing of Terrorism and Dubai’s Specialized Anti-Money Laundering Court.
It’s clear that the UAE will continue introducing new measures to minimize the level of money laundering, terrorist financing, and other illegal activities in the country. Therefore, it’s essential for all types of businesses to ensure they’re compliant with all the relevant regulations. Sumsub will continue to monitor developments in the UAE’s AML/CFT requirements.