AML and CFT requirements for trusts and company service providers in the UAE
AML and CFT requirements for trusts and company service providers in the UAE
Corporate service providers and trusts engage in certain activities that are vulnerable to money laundering and terrorism financing. Generally, they carry out these activities on behalf of their customers. Performance of these activities requires access to financial services sector companies, and this is how the risk of ML and FT arises.
The activities include:
- Acting as an agent in the creation or establishment of legal persons
- Acting as a director or secretary of a company, or as a partner in a legal person or arranging for another person to act as the above
- Providing a registered office, work address, residence, correspondence address, or administrative address for a legal person or legal arrangement
- Performing work (or equipping another person to act) as a trustee for a direct trust or performing a similar function in favor of another form of legal arrangement
- Acting or arranging for another person to act as a nominee shareholder in favor of another person
During the performance of these activities, trusts and corporate service providers (TCSPs) use corporate vehicles. This is when money launderers and financers of terrorism activities facilitate the misuse of money. If TCSPs do not conduct proper due diligence of their clients, their ML/FT risk increases.
The risks may also increase when TCSPs in UAE collaborate with TCSPs in other countries where AML/CFT regulations are absent or less stringent. So, TCSPs must be careful of such suspicious transactions and associations. We will cover such suspicious transactions and relevant AML requirements for TCSPs in this article.
Suspicious transactions that raise a concern of ML/FT in TCSPs
ML/FT risks occur for TCSPs at both enterprise and customer levels. These risks may occur in the business relationships they have with their clients. Risks may also arise in the form of nature and type of customer or type of arrangement involved.
Some of the possible red flag indicators are as follows:
- Business relationships with complex and opaque legal entities and arrangements
- Clients hide their beneficial ownership details from TCSPs using nominee agreements
- Clients who want to setup a business in UAE hide their business identities from TCSPs by giving wrong addresses or fake identity documents
- Clients may bribe TCSPs to conduct unauthorized or illegal transactions through their accounts
- Clients use the services of TCSPs to form complex company structures that are used for layering money laundering of illicit funds or hiding their criminal transactions
- Clients with a base in tax havens or countries with a high number of terrorist organizations, high levels of corruption, subject to Sanctions, or weak AML/CFT regime
- Clients that do not make or take direct payments to you but via a third party whose identity is unknown or the payment method is unusual of the client
- Clients that have either a high number of cash transactions, a significant debt amount, are PEPs or have association with PEPs, unusually high level of assets, have funds that are disproportionate to their status or have frequently changed their organizational structure
- Accounting of transactions that are not true to their actual nature, such as over or under-invoicing, multiple invoicing, false entries of goods and services, multiple trading, etc.
These are the possible transaction, client, and country risks that make TCSPs in UAE vulnerable to ML and FT. You, as a trust or company service provider, must be aware of these risks. Also, you must abide by the regulations of AML/CFT that we list down below.
AML regulation for trusts and company service providers in UAE
Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations is the primary law for AML in UAE. The Cabinet Decision No. 10 of 2019 concerning the Implementing Regulation of this Decree-Law applies this AML law UAE to trusts and company service providers as well. This means that the TCSPs in UAE must comply with every provision of this law and its related guidelines.
They must fulfill the obligations stated in these regulations to ensure an effective AML/CFT program internally. These measures will ensure their protection from exploitation by money launderers or financial criminals. These guidelines help TCSPs identify business relationships, transactions, and clients that make them vulnerable to ML and FT risks.
These regulations provide the guidelines for identifying suspicious transactions and reporting them. They provide the measures for customer due diligence and internal policies and procedures to keep TCSPs safe from ML/FT risks. We also get to know the governance framework that TCSPs must implement for AML compliance.
AML/CFT compliance requirements for trusts and company service providers in UAE
Trusts and company service providers must comply with the following requirements under the AML regulations of UAE:
Understand possible ML/FT risk exposure
It is highly crucial to understand your business’ exposure to ML/FT risks. For this, you must:
- Adopt a risk-based approach to identify the risks and take relevant AML/CFT measures to manage them. Identification of these risks is also dependent on the role TCSPs play in the business relationship. They may act either as a representative, advisory and consulting role, or service providers to entities.
- You must be careful of the client risks that include their nature of business, level of complexity, country of origin, or the country of operations in case of a foreign client.
- You must identify any possibility of channel risk of the client. Specifically, this risk refers to the channel by which the customer is introduced and the preferred mode of communication in the relationship.
- You must be vigilant of any unusual nature of financial arrangements or payments with the client, specifically if they are different from the standard practice in the market. Also, investigate the type, complexity, size, geographical sources, and transparency of financial transactions.
- Identification of these different types of risks associated with a client must be documented. You can use it to allocate a risk rating to the client and develop AML/CFT measures accordingly.
Implement customer due diligence measures
Once you identify the risks, the next step is to implement relevant customer due diligence measures. CDD is essential for TCSPs since their clients are the most significant ML and FT risks source. You need to be doubly sure of your clients’ identities and activities to save yourself from money laundering.
You must have the following CDD measures implemented in your firm:
- You must implement a regular process of screening existing and prospective customers against Sanction lists. You must check their background information to identify any association with PEPs or financial crimes. You must dig information about your client’s customers and third-party intermediaries facilitating the relationship between you two.
- You must pay full attention to deriving any information about the beneficial owner of the client. It is also essential to verify this information through established independent sources. Money launderers conceal beneficial ownership by using third-party intermediaries, proxies, or some kind of legal arrangement.
- You must ask pertinent questions to all your clients to determine their beneficial ownership. Then, you should confirm this information for consistency and reasonableness through reliable, independent sources. If questions persist, you can scrutinize them further to know their identity.
- You must check the compatibility of the client’s profile with the kind of activities or transactions they engage in.
- You must be alert to clients’ usage of opaque or complex legal arrangements to hide their identity or business activities.
- You must assess any kind of influence of the client on how you carry out your duties and transactions.
- It is also essential to check the authenticity of documents submitted by the client. These documents may relate to acquisition, transfer, financing, or any other transaction involving financial instruments.
Put in place internal policies, controls, and procedures
The trusts and company service providers must implement necessary measures to manage and mitigate the ML/FT risks. One of the key measures is the implementation of strong and effective internal policies, controls, and procedures. You must assess these policies for effectiveness and update them accordingly as and when the need arises.
These policies must relate to customer due diligence and suspicious transaction reporting. It must also include requirements for governance and record-keeping. Overall, such procedures must ensure management and mitigation of risks.
Report suspicious transactions to Financial Intelligence Unit (FIU)
You must report any kind of suspicious transactions to the Financial Intelligence Unit as and when you suspect it. You must add all the relevant information for the alleged transaction and keep it updated. You must be extra vigilant to identify any suspicion in any transaction or customer.
Some of the indicators for suspicious transactions include:
- Unnecessary complex transactions whose purpose or beneficial owner is not known
- Transactions that are inconsistent with the customer’s risk profiling
- Large transactions (relatively large to a customer’s income or turnover)
- Unexplained changes in the ownership of entities or unnecessary involvement of a third party
- Transactions involving high-risk countries or third parties with no relationship with customers
- Unclear or dubious sourcing of funds for a transaction
- Refusal of customers to provide relevant information or proofs required for due diligence measures
Ongoing monitoring
Continuous monitoring of business relationships and client’s activities is a crucial part of AML and CFT measures. TCSPs must make efforts not to become victims of money laundering and any other financial crimes by their clients. Specifically when their clients are from high-risk countries or have a history of financial crimes or PEPs.
- For this, you must periodically check information about your clients in public or commercial registries. This will help you detect any changes, transfers, or additional information that may add to their identity. You will also be able to notice any inconsistencies or unusual patterns in their information or activities.
- You must monitor the transactions with clients until their closure or for the entire account life cycle. You need to be alert to any change in frequency, size, or amount of transaction that is unusual to the client.
- Another critical point of consideration is checking the source of your payments from the clients. You must ensure that these payments are not from third-party accounts, foreign accounts, or unknown sources. Also, the method of payment must be consistent with the client’s history of payments and profile.
Conclusion
Thus, the TCSPs must understand the importance of these AML/CFT measures to fight against money laundering and terrorism financing. When forming new business relationships, you must be extra careful to implement due diligence measures to identify and manage risks. All these measures will ensure compliance with UAE’s AML/CFT measures and similar global regulations.
These measures will enable you to save yourself and your business from any fraudulent transaction or business relationship. This, in turn, helps you to minimize your exposure to money laundering and terrorism financing risks. These measures also help you to be in congruence with international AML/CFT regulations and best practices.
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.
