A detailed guide of AML compliance requirements for auditors and accountants in the UAE

A detailed guide of AML compliance requirements for auditors and accountants in the UAE

The profession of auditors and accountants is not an easy thing. They have access to the financial records and activities of their clients. This accessibility to financial records increases their vulnerability to money laundering. The involvement of their clients in money laundering activities also increases their exposure.
So, they must be extra vigilant to the risks of money laundering and terrorism financing. In this article, we list down the red flags of money laundering that auditors and accountants must be aware of. We also mention the important AML requirements that they must fulfil to remain in compliance with UAE’s AML regulations.

Key aspects that make auditors and accountants vulnerable to money laundering and financial crime

Some of aspects of the profession of auditors and accountants make them vulnerable to financial crimes. They must be aware of these factors to save themselves from becoming a victim of money laundering and terrorism financing. These factors include:
  • Payments from clients are the proceeds from a money laundering or financial crime incident.
  • The financials of a client are unusual in terms of source, complexity level, type of business activity, geographical origins, etc.
  • The client hides the identity details of the ultimate beneficial owner (UBO), senior managers, signatories, legal representatives, etc. to launder the proceeds of criminal activities.
  • The client may use shell companies or complex legal structures to layer the laundered money from illicit sources and bring the money back into the legal financial system of the country.
  • The client conceals the sourcing of funds of the company and the auditor and/or accountant, being responsible for the financial management of this company, becomes a part of money laundering crime.
A detailed guide of AML compliance requirements for auditors and accountants in the UAE
  • An accountant or auditor may unknowingly be involved in laundering the proceeds of a fraud activity of a client through shell companies.
  • The client hides any kind of association with Politically Exposed Persons (PEPs) concerning some kind of controlling stake
  • The client tries to influence the accuracy or transparency of the auditor’s or accountant’s work through bribery or any other ways

AML regulation for auditors and accountants in UAE

Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations is the primary law for AML in UAE. The Cabinet Decision No. 10 of 2019 concerning the Implementing Regulation of this Decree-Law makes accountants and auditors subject to the AML law. This means that the AML law applies to all auditors and accountants in UAE.
The Cabinet Decision provides a list of Designated Non-Financial Businesses and Professions (DNFBPs). AML regulations apply to these DNFBPs that include auditors and accountants. Given the nature of their profession and the content of their duties, accountants and auditors must comply with AML requirements as stated in the regulations for DNFBPs.
Their exposure to money laundering and financial crime activities is high because of the nature of their profession. They are responsible for financial management, examination of financial records and accounts, and assessment of governance structure and control procedures. These activities are the reason why illicit organizations or individuals exploit or bribe auditors and accountants to launder money.
The Ministry of Economy of UAE provides a Supplemental Guidance for auditors and accountants. It mentions in detail the AML/CFT obligations for both of these professions. These obligations include risk identification, customer due diligence, identification and reporting of suspicious transactions, and internal control and governance frameworks.

AML/CFT compliance requirements for auditors and accountants in UAE

Auditors and accountants must comply with the following requirements under the AML regulations of UAE:

Understand possible ML/FT risk exposure

You must have a detailed understanding of how your accounting and auditing business can be exposed to ML and FT risks. This requires an assessment at both the enterprise level and customer level. For this:
  • You must adopt a risk-based approach to identify risks in your business transactions. These risks may be of different types based on business nature, type of service, the operational environment, and other factors. Accordingly, you must adopt risk mitigation measures.
  • You must be aware of the source of ML/FT risks and the phase in which the money laundering risk is high. You must know the client who is exposing you to such money laundering risks.
  • You must know the transactions of clients that are making you vulnerable to financial crimes – valuation of certain types of assets or liabilities, approval of changes in a company’s capital structure, approval of company restructuring option, use of reserve account, approval of write-off of uncollected debt, payments from clients that are proceeds of financial crimes, or any other.
  • You must consider different types of risks to your business due to money laundering. These risks include customer risk, geographic risk, transaction risk, channel risk, or any other. You must be able to identify each type and strategize for their elimination.
  • You must conduct a risk assessment to understand the impact of these risks on your business. You must also analyze it in depth, document it, and update it as and when the changes occur.
You must conduct a similar assessment of ML/FT risks on your client’s business. You must identify potential risks, adopt a risk-based approach, and document the methodologies adopted. Also, based on the client’s type and nature of business, you must appoint Compliance Officer and relevant team members to facilitate compliance with AML regulations.

Put in place internal policies, controls, and procedures

Auditors and accountants must implement necessary measures to manage and mitigate the ML/FT risks. One of the key measures is the implementation of strong and effective internal policies, controls, and procedures. You must assess these policies for effectiveness and update them accordingly as and when the need arises.
These policies must relate to customer due diligence and suspicious transaction reporting. It must also include requirements for governance and record-keeping. Overall, such procedures must ensure management and mitigation of risks.
Auditors and accountants must apply the same for their client’s businesses as well. They must check whether the client has implemented relevant internal policies and control measures related to AML/CFT. They must ensure that these policies and procedures are in alignment with the risk appetite of the client.

Implement customer due diligence measures

Auditors and accountants must apply the necessary customer due diligence (CDD) measures based on the category and profiling of the ML/FT risk. If there is any change in the risk category, they must be ready to update the due diligence measures as well. You must apply these measures during or before the transaction happens or the business relationship starts.
You need to apply similar CDD measures for your clients as well. These due diligence measures include the following:
  • You must screen all your existing and prospective clients against Sanctions Lists. You must check information about beneficial owners, management control, or any associations with financial criminals or PEPs.
  • You must conduct a risk-based identification and verification of the true beneficial owner of your clients. For this, you must test your clients’ CDD measures to check the authenticity of their business relationships and counterparties.
  • After obtaining all this information from the clients, you must check its consistency and authenticity through reliable independent sources. You can use sources such as bank references, public registries, tax identification numbers, and any other relevant registries for information on assets.
  • You must check for use of any fraudulent or forged documents in transactions with clients. While working as an auditor or accountant, you must check the legitimacy of the client’s corporate documents.

Report suspicious transactions to Financial Intelligence Unit (FIU)

Auditors and accountants must report any kind of suspicious transactions to the Financial Intelligence Unit as and when they suspect it. You must add all the relevant information for the suspected transaction and keep it updated. You must be extra vigilant to identify any suspicion in any transaction or customer.
Some of the indicators for suspicious transactions in their own business or client’s business include:
  • Unnecessary complex transactions whose purpose or beneficial owner is not known
  • Transactions that are inconsistent with the customer’s risk profiling
  • Large transactions (relatively large to a customer’s income or turnover) that are unusual for that client
  • Large deposits or withdrawals inconsistent with customer’s business nature
  • Unexplained changes in the ownership of entities or unnecessary involvement of a third party
  • Transactions involving high-risk countries or third parties with no relationship with customers
  • Unclear or dubious sourcing of funds for a transaction
  • Refusal of customers to provide relevant information or proofs required for due diligence measures

Ongoing monitoring of their and clients’ activities

Auditors and accountants must be vigilant of their clients’ activities and transactions. They must protect their business transactions and their clients’ from possible misuse by terrorists or criminals. So, you must check the client’s business and transactions often to be sure of no involvement of financial crime.
You must do continuous monitoring of the following activities of your client’s business:
  • You must check for any unexpected changes, amendments, or transfers that are unusual to your client’s routine transactions.
  • You must keep a check on any changes in ownership, capital contributions, dividend payments, powers of attorney, or any other transaction that changes the control of the client’s business.
  • You must monitor any unusual transaction, which does not align with the client’s expected business activity. This may include funds transfers or financial transactions, or any other transaction that does not give the correct source of financing.
  • An important consideration for auditors and accountants must be to check the source of the payments received from clients. You must ensure that the payments come from known sources and not from any unknown foreign accounts or third parties. The mode of payment must be such that it does not hide the origin of funds and must be the usual mode used by the client.

Conclusion

Auditors must understand the vulnerability of their professional activities to money laundering risks. With that understanding, they must implement the above measures to comply with UAE’s AML/CFT regulations. These measures ensure that they themselves and their clients are not exposed to money laundering or terrorism financing activities.
To plan and implement any of these measures, you can also take the support of AML consultants in the UAE. A professional, AML consultant will be better equipped to help accountants and auditors with the right, relevant measures against money laundering. The consultant will ensure that industry-specific steps are taken in the fight against money laundering and terrorism financing.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 7+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.