Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

The Central Bank of the UAE (CBUAE) has issued new Guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT) for Licensed Financial Institutions (LFIs), which shall be applicable with immediate effect. The Guidance for LFIs on the use of Digital ID for customer due diligence aims to help the Financial Institution to adopt, understand and implement the statutory obligations concerning AML/CFT and considers the standards issued by Financial Action Task Force (FATF).

The Guidance talks about using digital ID systems/mechanisms by LFIs to fulfil their obligations about customer due diligence (“CDD”) in relation to natural persons.

Digital ID for Customer Due Diligence Guidance Applicability

The Guidance applies to all the Natural and legal persons licensed and/or supervised by the Central Bank of UAE in the below-mentioned categories:

National banks
Branches of foreign banks
Exchange houses
Finance companies
Issuers and providers of stored value facilities
Licensed retail payment service providers and card schemes
Registered hawala providers,
Insurance companies, Agencies, and Brokers.
Other LFIs not covered above.

Key Takeaways: Guidance on Digital ID for Customer Due Diligence

1. The Guidance talks about Identity proofing, enrollment, and authentication mechanisms with regard to the usage of digital ID systems. The terminology of “Digital ID systems” is defined as under:

“use electronic means to assert and prove a person’s identity online and/or in in-person environments, including through the use of:

Electronic databases, including distributed databases and/or ledgers, to obtain, confirm, store, and/or manage identity evidence;
Digital credentials to authenticate identity for accessing mobile, online, and offline applications;
Biometrics to help identify and/or authenticate individuals; and
Digital application program interfaces (“APIs”), platforms, and protocols that facilitate online identification and the verification and authentication of identity.”

2. LFIs are directed to use national-level identificationsystems and processes prevalent/under-development in UAE, like UAE Pass, Emirates ID, Emirates Facial Recognition, etc.

3. LFIs may use the online validation gateway of the Federal Authority for Identity and Citizenship and keep a copy of the Emirates ID and its digital verification in their records.

4. LFIs should leverage data generated by authentication for ongoing Customer Due-Diligence and transaction monitoring to identify suspicious customer activity/behavior /transactions with sanctioned or High-Risk jurisdictions.

5. LFIs may rely on customer identification, and verification carried out by a third party but shall make sure to abide by the following.

The LFIs shall obtain all relevant information from the third party.
Take the required steps to ensure that a third party provides copies of customer documentation/information used for CDD.
Third-party complies with the record-retention requirements provided in Cabinet Decision No. (10) of 2019 and Decree Law No. (20) of 2018 on Anti-Money Laundering

6. LFIs should take appropriate measures to safeguard and deal with the inherent technology risk and challenges posed by digital ID systems and shall ensure implementation of such processes and systems to reduce the Identity proofing and enrolment risks, e.g. cyberattacks, security/cyber breaches, use of stolen/falsified/synthetic ID details due to the reliance on the open networks like the Internet.

7. The Guidance sets out a strategy for mitigating threats to the identify proofing and enrollment process laid down by the U.S. National Institute of Standards and Technology (“NIST”) Digital Identity Guidelines.

8. The Guidance also talks about the risks at the authentication stage, like credential stuffing, Phishing, man-in-middle (credential interception), PIN code capture and replay, which are exploited without the owner’s knowledge.

9. LFI’s shall ensure that the Digital ID system adopted shall provide complete confidence/assurance and is working efficiently to produce desired results. The same should be protected against internal and external manipulation and shall detect unauthorized users, cyberattacks, and insider fraud.

10. LFIs shall at first conduct Assurance Level Assessmentto understand the assurance levels of the digital ID system based on its governance, technology, and architecture to determine its reliability and independence. The assessment can be performed by themselves, or they may consider obtaining an audit or assurance certificate from an expert body.

11. Post Assurance Level Assessment, the LFIs shall conduct an Appropriateness Assessment to determine whether the digital ID system is reliable to deal with potential Money Laundering, Terrorism Financing, fraud, and other financing risks. LFI’s Assurance and Appropriateness Assessmentof the digital ID system to perform CDD shall be documented and updated periodically.

12. The Guidance has various illustrations adapted from NIST Digital ID Guidelines for technical requirements for

the identity proofing and enrollment
authentication protocols and processes
authenticator lifecycle management

13. This Guidance focuses on the use of digital ID systems for performing Customer Due-Diligence at the time of Onboarding/opening of account and ongoing monitoring, which will help mitigate the potential risks of Money Laundering and Combatting the Financing of Terrorism and safeguarding the financial system of UAE.

How can NIYEAHMA help?

NIYEAHMA is one of the top AML Consulting firms providing end-to-end support services for Anti-Money Laundering and Combatting Terrorism Financing to Financial Institutions, DNFBPs and VASPs. We can assist you in conducting Business Risk assessment, selection and assurance assessment of Digital ID systems, complying with ongoing monitoring of Transactions, and identification and reporting of suspicious transactions.

About the Author

Dipali Vora

Associate Company Secretary

Dipali is an Associate member of ICSI and has a Bachelor’s in Commerce and a General Law degree. She has an overall experience of 7 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutinizer functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs. She knows Anti-money laundering rules and regulations prevailing in GCC countries and specializes in Enterprise-wide risk assessment, Customer Due-diligence, and Risk assessment.

Article UAE

Understanding the Predicate Offences to prevent money laundering

No significant financial crime can be executed without resorting to the smaller crimes, as generally, there exists a network of crime to drive another crime or act as a shield to one another. Various offenses are also part of more significant offenses like money laundering and terrorism financing and help them in a certain way either to achieve the purpose of such offenses or to help the offender from being caught after committing such offenses. These kinds of offenses are known as Predicate offenses.

Simply put, a predicate offense is an illegal activity that is the foundation or the first crime in the chain of another crime. For example, in money laundering, an illicit act of tax evasion can be construed as a “predicate offense,” as the illegal proceeds generated from tax evasion would be laundered.

What is Predicate Offense under UAE AML/CFT regulations?

Under the UAE AML/CFT regulations, the phrase “Predicate Offense” has been defined as under:

Any act constituting a felony or misdemeanor under laws of the UAE, whether committed inside or outside the UAE, when such act is punishable in both countries – UAE and the other country where the crime has been committed.

Further, the definition of the term “Crime” in the UAE AML/CFT regulations includes money laundering and related predicate offenses.

What activities will be considered Predicate offenses?

Predicate offenses vary in every country and are usually codified in a country’s criminal code, considering the economy and market of the country.

To include the broadest range of predicate offenses, the FATF has provided that countries should apply the crime of money laundering to all serious offenses. 21 Predicate offenses have been classified by FATF (Financial Action Task Force). These all are criminalized internationally. Note that this list is not a comprehensive list of predicate offenses, as there may be any other act of misdemeanors or felonies, apart from what is mentioned hereunder, which aids the laundering of funds and, thus, be considered as predicate offenses.

The 21 Predicate offenses that are provided by the FATF are as follows: –

terrorism, including terrorist financing
illicit arms trafficking
participation in an organized criminal group and racketeering
trafficking in human beings and migrant smuggling
sexual exploitation, including sexual exploitation of children
tax crimes (related to direct taxes and indirect taxes)
illicit trafficking in stolen and other goods
corruption and bribery
forgery
counterfeiting currency
insider trading and market manipulation
environmental crime
murder, grievous bodily injury
kidnapping, illegal restraint and hostage-taking
robbery or theft
smuggling; (including in relation to customs and excise duties and taxes)
illicit trafficking in narcotic drugs and psychotropic substances
extortion
fraud
piracy; and
counterfeiting and piracy of products.

For example, a public officer abused public office, resorted to corruption, and used these illegally obtained funds to buy gold and diamond jewellery. In this case, bribery/corruption would be treated as the predicate offense, and the conversion of the funds into precious metals and stones would be the actual money laundering crime (act to conceal the source of proceeds).

Thus, for predicate offenses, it can be said that the crime of money laundering would not have been possible had there been no funds from the predicate offense of corruption/bribery.

Why is it essential to fight predicate offense?

As mentioned above, predicate offenses are the underlying crime that generates the motive – the illegal proceeds, for committing money laundering. Mitigating these crimes at the first stage is pertinent to prevent the large-scale financial crime of money laundering.

In the above example of corruption and conversion of illegal funds into precious metals/stones, had the corruption crime been identified and prevented, there would not have been any funds for the person to launder.

Apart from money laundering, such predicate offenses harm society and the economy.

For example –

Corruption pollutes the government’s work and causes a loss of faith in the country’s bureaucracy,
Arms trafficking creates violence,
Drugs and narcotics have adverse impacts on the health of individuals,
Piracy devalues the original art and demotivates the creator, etc.

Given the adverse effects of these predicate offenses and the fact that it drives major financial crimes, it is pertinent to target these more minor crimes from the root and cut them off to safeguard the economy and society.

Regulatory bodies understand the significance of curbing predicate offenses to prevent money laundering. Accordingly, regulatory provisions have been enacted to consider these predicate offenses as crimes and made punishable to safeguard the financial systems.

Can a person committing a predicate offense be held guilty under UAE AML/CFT regulations?

The AML/CFT law provides that a person shall be held guilty of committing a predicate offense and be treated as the perpetrator of the money laundering crime if he knows the fact that the associated proceeds have originated from a misdemeanor or felony and intentionally commits any of the following acts:

Carrying or transmitting the proceeds to hide the illicit source of funds,
Hiding the actual source, nature, location, ownership, and rights associated with those proceeds,
Acquisition, possession, or utilization of those illicit proceeds,
Helping the money launderer or perpetrator of predicate offenses escape punishment.

The UAE AML/CFT laws provide that the penetrator of predicate offenses will not be saved from the punishment of committing the crime of money laundering, as these two crimes would be treated as independent crimes. Thus, a person guilty of a predicate offense would also be charged with a money laundering crime and punishable under both offenses.

Companies need skillful and knowledgeable employees to implement a robust AML framework to safeguard the business from being exploited by money launderers.

AML training brings a consistent understanding, across all levels, of the importance of AML compliance and their role in identifying ML/FT threats to save the company and its reputation. All the employees, including the senior management, stay more aligned with AML-related organizational objectives, resulting in the more successful adoption of the AML/CFT compliance program.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Uncovering the Red Flags of NFT-Related Money Laundering

Uncovering the Red Flags of NFT-Related Money Laundering

With the increased acceptance of artwork using Non-Fungible Tokens (NFTs), comes the increased risk of money laundering and terrorism financing, induced by anonymity around the origin, mode of transfer, and payment. With this, awareness about the risk indicators associated with NFTs is very pertinent amongst NFT users and society as a whole.

Recently, the Joint Chiefs of Global Tax Enforcement (J5) issued a list of red flags that financial institutions, business organizations, and individuals must be aware of. The document released by J5 is the ‘J5 NFT Marketplace Red Flag Indicators’, which highlights how criminals constantly develop new ways to exploit emerging technologies.

NFT Critical red flags suggesting high ML/FT risk

Collection or organization of the NFTs from the high-risk jurisdictions
Collection of similar kinds of NFTs in large numbers to launder money between related wallets
Distribution or giveaway of fake or forged NFTs
Manipulation of the NFT values (unreasonably high) by the frequent buy-sell transactions between connected wallets (also known as “Wash Trading”)
High turnover of low-valued NFTs
Sell of newly minted NFTs at a very high value, contradictory with the other NFTs and a general trend
A high volume of trading of overpriced/underpriced NFTs within a short time gap
Mismatch in the NFT minting address and the contract address appearing on the exchange portal
A high volume of trading for the NFT collection purchased from a mixer or tumbler
Transaction value exceeding US$ 100,000 for newly minted or secondary market tokens without any apparent community
Request to share the seed phrase (translation of the private key) from the virtual asset wallet to execute the transaction
The same tokens were reacquired from the same party or the third party at a lower price, to whom earlier the said tokens were sold at a higher value
Phishing – flooding the inbox by sharing fake NFT offers
The unreasonably high price gap between the legitimate marketplace and a particular site
Unverified social media presence, with no apparent followers
Unnecessary exchange of NFTs between the same group of people or network

Other Risk Indicators suggesting medium ML/FT Risk related to NFTs

NFT with re-used code
NFT without any thumbnail appearing on the marketplace
No information is available about when and where the NFT was minted
Minting an NFT or buying it at an inflated price and immediately selling it off at a significant loss
The absence of the contract address makes the tracing of NFT difficult in the marketplace
High-volume transactions of the tokens purchased from the same wallet or network of wallets
Unverified accounts on the market profile
Details of the NFT not clearly captured – properties and description of the token missing
High value structured into smaller valued multiple transactions, over a short period, with no observable community

It is essential to understand these red flags and stay alert towards the same to reduce the chances of exploitation of the NFTs for laundering money or financing terrorism.

This list will enable the market participants to improve their fraud detection policies and deploy the necessary mitigation measures. They must implement customized compliance programs to avoid becoming victims of money laundering or other financial crimes.

Let us all fight the risks of the execution of financial crimes using cryptocurrency and virtual assets.

How can Niyeahma assist you in AML NFT Compliance?

Awareness of the NFT-induced red flags is critical to safeguard yourself from being vulnerable to financial criminals exploiting the technologies.

AML UAE is a firm offering end-to-end AML consultancy services to Financial Institutions, DNFBPs, and the VASPs. We offer assistance in implementing the AML framework, training the compliance officer and team, offering AML software, managing customer onboarding, etc.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

What is NFT money laundering and how to combat it?

Technology has entered every field of work. The art field is the latest to have been impacted by technology in the form of Non-fungible Tokens (NFTs). NFTs are blockchain-based tokens depicting various art forms – painting, music, and games.

Since technological evolution brought the digitalization of art, money launderers came up with new typologies to exploit the same.

This article discusses NFT money laundering, why and how it is conducted, and what measures businesses should consider combating.

What are NFTs?

NFTs are tokens, which are data in the form of videos, pictures, artwork, memes, tweets, or any digital asset. These are stored on different forms of distributed ledgers, such as blockchains. These cannot be interchanged with other NFTs. Thus, they are non-interchangeable digital assets but can only be bought and sold using cryptocurrencies.

They have unique identifying codes and are finite in numbers. People can see NFTs for free, but to own them, they must pay the price to the actual owner. The value of an NFT is based on its perceived value, driven by its market demand.

After the purchase, there is a built-in authentication, which the new user can show as proof of ownership. Here, the new owner gets ownership of the NFT and not the physical object, while the original creator owns the intellectual rights of the work. So, NFTs are famous because people value digital bragging rights over an item instead of the actual physical item.

How are NFTs different from cryptocurrencies?

The only similarity between cryptocurrencies and NFTs is that they are built on the same programming. Both are secured in digital wallets. And you need cryptocurrencies to buy NFTs.

Any physical currency and cryptocurrency are fungible. It means that these assets can be interchanged and traded with one another. That is not the case with NFTs because they are non-fungible.

Cryptocurrencies and physical currencies are equal in value. It means one dollar is equal to one dollar. One Ethereum is equal to one Ethereum. In the case of NFTs, each has a digital signature that makes it unique; thus, one NFT cannot be exchanged with another NFT. At any given moment, only one person can own an NFT, and the digital signature gives that ownership value.

Why are NFTs attractive to money launderers?

As it is said, the perceived value of art and its market demand decide an NFT. The perceived value factor makes dealing with NFTs a bit subjective and hence, away from the scrutiny of regulators.

The transfer of ownership of NFT happens in an instant. Buying and selling NFTs is easy and smooth and requires no additional financial cost except the token’s value. Also, there are no geographical restrictions on these transactions; NFTs created in one country can be done in another country without any limitation

Moreover, NFT is an entirely new concept and a new market. Many different NFT platforms exist with different structures, operations, standards, ownership models, and due diligence rules. Therefore, it becomes challenging for regulators to create standard regulations for the NFT space applicable to various countries across the globe.

Smart contracts in the NFT market are one of the critical reasons money launderers are attracted to it. In smart contracts, the user generates revenue each time a transaction occurs on the blockchain. So, launderers rapidly conduct a transaction to generate revenues. Now, this becomes a significant motivation to execute smart contracts; in the process, forget about the identity verification of buyers. Launderers exploit this loophole to their benefit.

How does NFT money laundering occur?

Wash trading

Generally, criminals use their illicit money (converted into cryptocurrency) to buy an NFT. They use illegal money, but the purchase is a legal one. Later, they can sell the NFT and earn legal cryptocurrencies. This process is called wash trading.

The central concept in wash trading is to increase the value of the transaction. Thus, in this transaction, criminals benefit in two ways: they avoid taxes and convert unlawful funds to legitimate digital assets or currencies. Only a record of this purchase and sale transaction is present on the blockchain, and nothing about the funds obtained to buy this NFT.

Standard money laundering

Another way is to do multiple buying and selling transactions between their accounts or someone known to them to create layers of fake transactions. With each transaction, illegitimate money gets transformed into legitimate money.

Now, since the determination of the fair market value of an NFT depends only on how the appraiser values it, you never get to know the actual price of the NFT. Launderers create multiple accounts and transfer assets from one account to another for any price. These transactions layer the illegal money with legitimacy and cleanse huge funds.

How to combat NFT money laundering?

Whenever there is a new technological innovation, money launderers exploit them. And NFT is the latest technology to become its victim.

Individuals and businesses dealing in NFTs or facilitating NFTs exchanges must find ways to regulate NFT activities – to verify the buyer and seller’s identity and the transaction’s authenticity. They can improve their AML and KYC checks or implement some monitoring software to track all movements. They must trace NFT transactions between wallets and conduct the KYC of wallet holders.

They must know how launderers engage in NFT money laundering and related red flags to identify suspicious transactions. Countries can implement relevant regulatory laws and actions to control this NFT market. It requires efforts globally because NFT transactions can occur globally without border restrictions.

Money launderers exploited the NFT world as countries, and international regulators introduced AML rules in the traditional buying and selling activities of art. So, criminals come up with newer ways and means; businesses must take the help of AML consultants to identify the risks to NFTs.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

A guide to sanction and PEP screening in customer onboarding process

Sanctions are basically the penalties imposed on institutions or organizations that fail to comply with laws and regulations. Government or global organizations usually apply a sanction decision to other individuals or states. A sanction check is taken in order to prevent transactions with persons prohibited from certain activities and transactions.

There could be various reasons behind sanctions. However, the primary reasons behind sanctions could be economic or political disputes. Economic and political conflicts between two or more countries lead to sanctions against each other.

In this article, we will discuss the importance of sanctions and PEP screening during the customer onboarding process.

What are the various types of sanctions?

There are undoubtedly many types of sanctions. The sanctions are based on different reasons. The reasons and various kinds of sanctions are significant for business enterprises.

1- Economic Sanctions

Economic sanctions are basically a foreign policy instrument between war and diplomacy. There are three main objectives of economic sanctions.

Undermining the target country
Punish the target country
Change the behavior of the target company.

2- Military Sanctions

Some countries do not produce their own military equipment. Hence, the most common type of military sanctions is actually the prohibition of the sale of military equipment. With the help of this advantage, stronger states warn the weak states.

3- Diplomatic Sanctions

Diplomatic sanctions are the political measures taken in order to express dissatisfaction between two or more governments. A few of the political sanctions are the cancellation of senior government visits and the withdrawal of diplomatic persons from the target country.

Sanctions on Individuals

Sanctions on individuals are nothing but the sanctions imposed on economic persons, political leaders, or any illegal identities. Organizations sanction terrorists or governments, money launderers, drug traffickers are the people who are more likely to perform any sort of illicit activities, resulting in blockage of bank accounts.

Many local and global regulators effectively control financial institutions. The sole purpose of these sanction checks is to combat financial crimes. Regulators need these financial institutions to know their customers. Therefore, regulators regularly publish new customer guidelines.

Sanction and politically exposed person screening (PEP) screening in customer onboarding process

For financial institutions (FIs), and Designated Non-Financial Businesses and Professions, the customer onboarding process is quite tedious and challenging. As per the know your customer (KYC) requirements, enterprises have to make some checks in the process of onboarding the customers.

The purpose behind PEP screening is to identify the ability of the customers to pose any threat or risks. The accuracy of the information of the customer is verified at the first stage. Once the customer identification information is confirmed, the level of risk of that particular customer is also identified.

Customer Due Diligence (CDD) and Enhanced Due Diligence (EDD) procedures enable the FIs and DNFBPS to identify the overall risk level involved.

During the course of this process, the customer is scanned against the list maintained by the UAE local Government and the UNSC list. It is also checked if the customer is a politically exposed person (PEP).

If the customer and his account come out clean, then the account of that particular customer or client will be opened, and business transactions can be made. However, the business enterprises will still have to carry out PEP KYC, sanctions, and PEP screening at regular intervals.

Why is the sanction check and PEP check required for business companies?

Bribery, financing of terrorists, money laundering, and corruption are financial crimes that are considered highly hazardous all over the world. The majority of these financial crimes occur because of the loopholes in the law and economic systems.

Regulators try to prevent all of these financial crimes by thoroughly regulating the companies in the financial sector. Many anti-money laundering regulations have been published to serve this purpose individually.

In order to comply with these anti-money laundering regulations, financial institutions and DNFBPs should get involved in some sort of control process. Therefore, a sanction search and PEP screening are essential processes for financial institutions and DNFBPs to ensure AML compliance.

Sanction and PEP screening in the process of transaction screening

Quite a lot of transactions take place throughout the day in your financial systems. Therefore, as per the anti-money laundering regulations, financial institutions should control the financial operations of their clients. If the financial transactions are not handled, severe financial crimes like money laundering and terrorist financing come into play.

However, manually controlling all your financial transactions can be a cumbersome and time-consuming process. Hence, you can use automated tools to carry out sanctions and PEP screening.

Politically exposed person screening in the process of background check

The most essential thing for companies or business enterprises is their reputation. If any business enterprise loses its reputation, it directly loses its customers or clients.

Enterprises make internal controls regularly in order to avoid all of these risks. Pre-employment background checks, employment background checks, and company background checks are taken by the companies in order to protect the reputation of the company.

PEPs screening is performed performed against the politically exposed person list on the employees in order to check for the possibility of any sort of risk for the company.

Watchlist and PEP screening helps regulated entities implement necessary controls while onboarding high-risk customers.

How do business enterprises comply with anti-money laundering regulations?

Financial institutions (FIs) and DNFBPs have to apply sanction checks on their clients in order to comply with anti-money laundering regulations.

Financial institutions need sanction screening in order to protect the reputation of the company and not to violate any sanctions-related decisions. With the ever-evolving technology, manual sanction checks and PEP screening have lost all the points and have become merely a way of wasting time.

There are pretty many sanctions listed across the world, and enterprises can practically and logically not check them all manually.

Hence, the need and importance of anti-money laundering screening software come into the picture. This type of software automates the complete compliance process of the enterprises.

In addition to that, financial institutions and DNFBPs can quickly check their clients with the help of automated compliance software. This type of software scans the sanctioned lists and instantly intimates any kind of suspicious activity.

PEP Screening Software: Enhancing Due Diligence and Regulatory Compliance

To comply with the UAE AML Regulations, it’s essential that regulated entities carry out screening before onboarding a customer.

In order to identify individuals holding prominent public positions or persons associated with individuals, the implementation of Politically Exposed Persons Screening Software is a must. PEP Screening Software helps regulated entities to identify and mitigate risks associated with PEPs.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Crypto money laundering and how to combat the same

Crypto money laundering:

Money laundering is on the rise globally. Money launderers and financial criminals are increasingly exploiting technological advancements to conduct financial crimes. They are misusing loopholes in regulations and technology to find out new ways of placing and layering illicit money. And the latest victim of their laundering attacks is the world of virtual assets and cryptocurrency.

Why is crypto money laundering attractive to criminals?

Inadequate or no regulation

The absence or lack of controls and regulations on cryptocurrencies is the primary reason for a rise in crypto money laundering. Many laws and rules exist for other financial channels, currencies, and instruments, wherein fines and penalties are imposed for non-compliance with these laws.

However, these are not currently prevalent in regulating the world of cryptocurrencies. Since it is a new form of currency, not yet acceptable in all countries, it is not adequately regulated by most countries. There are no centralized authorities involved in crypto transactions. Money launderers are attracted to crypto assets, as loose regulations result in a higher scope of not being caught by authorities.

Anonymous in nature

Individuals do not have to share their names while dealing with cryptocurrencies. Public addresses are used in these transactions, which do not relate to the user’s name. It provides users with a degree of anonymity, which is what makes cryptocurrencies desirable to money launderers.

There is no paper trail of a transaction. Only a digital record exists on the distributed ledger technology. Therefore, it is easier for criminals to move large amounts of illicit funds through blockchain technology without disclosing their identity.

Fast and convenient

The processing of cryptocurrencies occurs through online exchanges. These online transactions can happen across borders without many protocols. Thus, launderers are not required to deal with cash, which is more suspicious to investigators. Also, these transactions can happen rapidly between senders and recipients in any part of the world without giving much time to AML regulators to notice the transactions.

Fewer chances of being suspected

Transactions of cryptocurrencies are recorded in public domains on the blockchain. Only the individual who carried out the transaction can access their wallet. It is highly encrypted. Therefore, there are fewer chances of linking it to a specific individual or wallet. It reduces the chances of being suspected of money laundering, as the specific transaction by a criminal may get mixed up with genuine transactions over the blockchain.

No legal tender

Since cryptocurrencies have no legal tender, they cannot be authorized. Also, anyone can subscribe to it. Since no owner details are maintained, it is easier to launder.

How does crypto money laundering occur?

Gambling and gaming websites

Money launderers use illicit cryptocurrencies to buy chips or game currency on gambling websites. Once they are finished with gambling or gaming, they encash the remaining amount. Thus, the illicit cryptocurrency entered the gaming or gambling website is cleaned and converted to cash.

Anonymizing services

Launderers can hide illicit funds’ sources by anonymizing services on crypto exchanges. Anonymizing services breaks the connection between cryptocurrency transactions. Launderers can also participate in Initial Coin Offering (ICO) – using one type of coin to buy another. Thus, they can disguise the origins of the unlawful money by creating multiple layers.

Tumblers and mixing services

Tumblers are mixtures of different digital assets – dirty and clean – from diverse addresses. Once these are blended well, they are redistributed to new addresses or wallets. Once mixed, it is difficult to differentiate the legal and illegal currencies.

Also, by blending the cryptocurrencies, their anonymity increases, making it more challenging for investigators to find the owners. Thus, criminals can save themselves from being suspected and transfer the blended funds to legal businesses or crypto exchanges.

Use of cryptocurrencies in terrorism financing or paying for drugs

Many terrorist organizations raise cryptocurrencies through Telegram and Facebook groups. Many intermediaries are involved in transferring such funds to terrorist organizations. Further, money generated from drug trafficking on the internet is disguised as cryptocurrencies.

Illegal payments are made in cryptocurrency. Fiat currency is converted to cryptocurrency through a blockchain trading platform. These are later transferred to drug traffickers’ accounts.

The payments received in cryptocurrencies are transferred to virtual wallets in different crypto exchanges. Thus, it becomes difficult to trace the origin of funds.

Dark exchanges

Many unregulated cryptocurrency exchanges operate across the world. They do not conduct any identity checks or KYC of customers or transactions. So, criminals use such exchanges to launder cryptocurrencies. Specifically, launderers use illegal money in fiat currency to open an online account with currency exchanges.

Money launderers repeatedly transfer illegal currency to multiple accounts or move from one currency to another, thereby developing various layers to cleanse the funds. They sent the cleaned currency to an external cryptocurrency wallet in the last transfer. Alternatively, they convert it into cash using crypto ATMs.

Over-the-counter (OTC) brokers

Over-the-counter brokers facilitate transactions between buyers and sellers of cryptocurrencies. They are the intermediaries who get commissions to facilitate transactions. They are involved in converting illegal cryptocurrency to cash or vice versa by charging high commission rates.

Integration stage

In the integration stage, criminals aim to legitimize illicit cryptocurrency. They have successfully laundered the illegal money but need to show a legal source. In such cases, crypto money launderers create a fake online company that allows crypt currencies as payment methods.

Thus, they transform illegal crypto into legal money by faking the trade transaction. Alternatively, launderers can show the money as the sale of a profitable business or an asset appreciation.

What are the red flags of crypto money laundering?

You must be aware of the following red flags to save yourself from the threat of crypto money laundering:

When funds are received from a platform that does not have any AML regulations or has been categorized as a jurisdiction with high money laundering risks.
Several high-value transactions suddenly occur in an inactive account or in a new one.
When there are multiple transfers of cryptocurrencies from multiple crypto wallets to one account.
When there are several transactions of purchase of cryptocurrencies by several individuals with the same IP address, followed by several transfers to accounts in another country.
When the crypto sending and receiving transactions are just below the mark of reporting thresholds.
When several credit cards and bank accounts are linked to a single crypto wallet to use it to move funds around.
Connected crypto wallets where the customer profiles do not match.
Continuous occurrence of many high-value transactions in a short time.
When several high-value transactions occur in a regular pattern and stop entirely after a specific period.
When there are cryptocurrency transactions that do not match the profile of a customer.
When there are frequent transactions of fiat conversion to crypto with no logical reasoning.
When many unrelated wallets transfer cryptocurrencies to one common wallet, which immediately converts it to fiat currency.
When transactions occur with digital wallets whose owners are earlier connected to cases of fraud, ransomware, or feature in the sanctions list.

How to combat crypto money laundering?

Yes, there is anonymity in cryptocurrency transactions, which launderers take benefit of. But all the cryptocurrency transactions are documented on a distributed public ledger. These digital records stay permanently. One mistake in the entire money laundering process can help investigators trace the illegitimacy.

One way of protecting cryptocurrencies from money laundering threats is implementing KYC rules. With KYC norms, exchanges could identify the customers and have data about owners of virtual wallets and cryptocurrencies. Registration and licensing of operators in the cryptocurrency market is also a solution that can address the money laundering issue.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

What is trade-based money laundering?

Trade-based money laundering is one of the most common forms of money laundering. It is an easy way exploited by criminals to launder money between different countries, wherein they misrepresent the quality, value, or amount of goods traded through various channels.

Trade financing processes are misused to facilitate the flow of illicit funds. Trade is conducted across different jurisdictions subject to different regulations, making detecting suspicious transactions difficult. Also, the complexity of trade transactions and the volume of goods traded are the loopholes these launderers exploit to their advantage.

Let’s understand trade-based money laundering, related red flags, and how businesses can mitigate the risk arising from trade-based money laundering.

What is trade-based money laundering?

Trade-based money laundering (TBML) cleans dirty money through trade transactions and activities. The trade transactions are exploited to transfer and convert illicit money into legitimate cash or commodity, avoiding the suspicion from regulatory authorities disguising the process as legitimate trade.

For example, importing and exporting goods is just a cover for the movement of illegal funds, making the trade transaction appear legal between two countries.

It is also a way to evade taxes. Companies show different amounts in invoices, thereby reporting reduced profits and taxes decrease. Alternatively, they show multiple payments for only one set of goods received from the exporter, increasing their procurement expenses.

Why do criminals engage in trade-based money laundering?

Lack of regulations

There are no standard regulations for trading transactions. Import and export of goods are regulated by the agreement between a buyer and seller and the respective countries’ regulations. No global regulator controls these transactions; the two parties entering the contract govern the trade terms.

A rise in the amount and volume of trade

Globalization has resulted in increased trade activities across the world. Countries engage in multiple import and export transactions with several countries. These transactions have increased in number and value over the years. It allows criminals to bypass commercial rules during these humongous trade transactions, avoiding the attention of the authorities.

Increase in free trade zones

Businesses are attracted to free trade zones for their ease of conducting business, as there are fewer regulatory constraints in these zones. The absence of rules is better than circumventing rules. The number of TBML transactions has also increased with a rise in free trade zones.

Use of open account payment method

Open account transactions are the ones where payment is due after a specified time of the occurrence of the trading activity, i.e., the goods are delivered to the party, and the payment is made after 30/90 days. This time gap minimizes the connection between the actual trade and the related payment. These transactions are subject to less oversight from financial institutions; hence, criminals increasingly use these methods.

How is trade-based money laundering conducted?

Understanding the standard techniques of conducting trade-based money laundering is essential to combat the same. The following are the most used TBML techniques:

Over-invoicing of goods

The exporter inflates the price of the goods in the invoice compared to their market value. In this case, exporters receive higher payments from the importer, allowing the importer to launder money and convert/transfer through import/export transactions.

Under-invoicing of goods

The exporter prepares the invoice for the goods at a price lower than the fair market value. Importers get goods at a lower value, resulting in the evasion of import duties.

Multi-invoicing

Exporters create multiple invoices for the same set of goods to be shipped. They can receive multiple payments for the same shipment, using different payment methods adding layers of complexity. Thus, launderers legitimize their illicit money through multiple invoicing.

Changing the quantity of goods

Launderers can also change the quantity or weight of goods being traded. They may report the quantity as more than the actual or less than the actual. In the case of over-quantity, they receive illicit money as payment and convert it to legitimate money. While in the case of under-quantity, they launder money by avoiding the payment of actual import duties.

Alternatively, they might report a specific quantity of goods while there is no shipment done. It is called phantom shipping or ghost shipping. Importers and exporters collaborate to create false invoices and other documentation without the actual shipping of goods. The illicit money is moved from the importer to the exporter without actual trade transactions.

Misrepresentation of goods

The exporters may represent the goods as expensive, though in reality, the goods are cheap. Thus, the invoice and customs documents show a high price while the actual value is less.

It is common in the gems and jewellery sector, where the invoice says raw diamonds and the shipment is of polished diamonds or artificial ones.

Non-documentary trade

For some trading transactions, there are no documents available for investigation. It is not that no documents are prepared for the transaction, but these are not accessible. The regulators have access to only the name, account number, and address of the buyer and seller.

In non-documentary trade transactions, regulators are unaware of the underlying flow of goods and trade activities. It is difficult for them to validate transactions. The absence of due diligence on the volume, type, quantity, and value of goods makes it easier for launderers to launder money.

What are the red flag indicators of trade-based money laundering?

The best option for individuals, companies, and countries is to observe the red flags of trading transactions. With the identification of suspicious transactions, you can investigate them further. Following is an illustrative list of TBML indicators:

Differences in the descriptions of items to be traded in the invoice and the shipping bill.
Differences in the market value of the items and the value mentioned on the invoice.
Involvement of trading entities with registered addresses in residential buildings.
The shipment size does not match the customer’s profile and regular business activities.
Trading of an item from one jurisdiction to another or from one subsidiary to another, whose business activities are in no way related to each other or without logical economic reason.
Involvement of trading entities with no physical presence or an online presence that does not align with its business activities.
The type of goods traded does not align with the regular shipment of customers or the client’s profile and business activities.
Trading transactions involving a third party with no relation to the transaction (either receiving cash payments or managing documents); offshore front companies or shell companies may be involved in such transactions.
Trade deals involve complex trade routes that do not make geographical sense.
Goods are exported from or imported into high-risk jurisdictions or countries with poor AML regulations.
Missing trade documents or false documents.
A sudden increase in trade transactions from or to a company that was dormant for a long time.
Sudden high volumes or value of trade from an entirely new company.

What is the way out for businesses from trade-based money laundering?

Know Your Customer (KYC) and customer due diligence (CDD) are the best solutions for reducing trade-based money laundering. Businesses must implement policies to collect details on all their customers and transactions. Further, ongoing monitoring of the customer’s profile and the transaction is necessary to identify any unusual patterns. If they see any red flag, deeper scrutiny is essential to identify money laundering risks.

Using advanced technology systems or artificial intelligence is also an excellent solution to reduce money laundering risks. These systems can help businesses identify money laundering threats and send alerts. It allows the entities to report the TBML activities to the authorities promptly.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

High-Risk Country Reporting – HRC and HRCA

With increased monitoring emphasized on transactions with persons or entities hailing from high-risk countries, the Ministry of Economy provides for filing of a separate report capturing details about such transactions. These reports are:

High-Risk Country Report or High-Risk Country Transaction Report (HRC)
High-Risk Country Activity Report (HRCA)

The reports mentioned above are to be filed by both – Financial Institutions and Designated Non-Financial Businesses and Professions (DNFBPs).

When is HRC/HRCA to be filed?

High-Risk Country Transaction Report: If at the time of establishing or in the course of the customer relationship or when conducting transactions on behalf of a customer, a reporting entity observes transactions related to high-risk countries subject to a Call for Action (access the list of jurisdictions here), then the entity is required to submit an HRC.

High-Risk Country Activity Report: If during the establishment or course of the customer relationship or when conducting an activity on behalf of a customer, a reporting entity identifies activities related to high-risk countries subject to a Call for Action (access the list of jurisdictions here), then the entity should submit an HRCA.

What activities or transactions are to be reported in HRC/HRCA?

Any cross-border transaction involving the transfer of funds through a banking channel or any remittances, either originating from, destined to, or passing through a high-risk country, would be subject to reporting in HRC/HRCA.

It does not necessarily require the physical presence of the person (transferor or transferee of funds) in the high-risk country at the time of remittance or receipt of funds. Instead, association by nationality or place of residence in high-risk countries would also be considered in the case of a natural person. While in the case of a corporate entity, the company’s place of incorporation or operation, as well as the association of the UBOs or authorized signatory or senior management with high-risk jurisdictions, must be considered.

Accordingly, any transaction or activity about transferring funds into or from high-risk countries would be subject to reporting to FIU. Please note that such reporting is irrespective of the amount involved or the currency.

How and to whom is HRC/HRCA to be filed?

As the Financial Intelligence Unit (FIU) is the reporting authority for all AML matters in the UAE, the HRC and HRCA must also be filed with FIU.

Like all other AML reports (such as STR, SAR, DPMSR), HRC and HRCA are also reported through the goAML Portal. While submitting the reports on goAML, the appropriate report type must be selected by the reporting entity. FIU does not accept any report either through physical mode, via email, or as a message on the Message Board available on the goAML Portal.

In the case of a transaction with a person from a high-risk country, if the reporting entity does not have the necessary details related to the transactional attributes mandatory to be captured on goAML, then the reporting entity may choose to file an HRCA. Here, the reporting entity must ensure that all the adequate details of parties, value involved, etc., are adequately captured.

What is the Financial Institution’s and DNFBP’s obligation post-filing HRC/HRCA?

Once HRC or HRCA has been filed with FIU, reporting entity must withhold the execution of the transaction for three (3) days from the date of reporting to FIU, as the FIU is expected to respond to such HRC/HRCA during these days. If, during these three (3) days, FIU does not object to or respond to filed HRC/HRCA, then reporting entity can conduct the transaction basis the due diligence performed for the subject party and the transaction. Such transaction execution will be at the judgment of the reporting entity only.

If the FIU issues any instructions concerning filed HRC/HRCA within the prescribed time, the same needs to be adhered to by the reporting entity.

Transactions and the parties reported in HRC/HRCA should be subject to frequent ongoing monitoring by the reporting entity

Is there any exemption from filing HRC/HRCA?

HRC/HRCA reporting requirement is applicable only in cases of cross-border transfers.

Accordingly, transactions like domestic cheques, payment of domestic utility bills using a card issued in UAE or cash by a person hailing from a high-risk country, etc. are exempted from HRC/HRCA reporting requirements, as no banking or remittance channels have been used for the international transfer of funds.

Illustration:

A. Assume you are a TCSP and a corporate entity with a place of incorporation in the high-risk jurisdiction approaches you for assistance in setting up a branch in UAE. For such a transaction, the person has traveled to UAE from another country. The payment for the said services would be remitted to your account from the company’s account with a bank in another high-risk country.

Since there is cross-border movement of funds by bank transfer, the proposed transaction must be reported in HRC/HRCA. Here, DNFBP shall ensure that the reported transaction shall only be executed if the FIU does not object to the transaction and after three working days after filing an HRC.

B. An individual from high-risk jurisdiction has visited a non-banking financial institution in UAE to get the US Dollars converted to AED. Here, the currency exchange transaction occurs in UAE without any funds transferred through banks. Accordingly, the financial institution would be exempt from reporting this transaction with FIU.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

FAQs About High-Risk Country Reporting

Yes, DNFBPs and Financial Institutions are required to file HRC with FIU.

The DNFBPs and the Financial Institutions must file HRC or HRCA using their goAML registration credentials. Third parties can assist you in filing these reports with FIU, using the reporting entity’s credentials for the goAML portal.

While establishing business relationships or conducting business activities, if you identify any activity or transaction with a person or entity having an association with high-risk countries, then as DNFBP, you are required to submit the HRC or HRCA with FIU UAE via the goAML Portal.

HRC or HRCA reporting requirement is for high-risk countries classified as “High-risk jurisdictions subject to a Call for Action” by FATF.

FATF has classified the below-mentioned countries as high-risk jurisdictions subject to a “call for action”:

Democratic People’s Republic of Korea (DPRK)
Iran

There is no threshold amount prescribed for filing HRC and HRCA. Every transaction involving high-risk countries must be reported in HRC and HRCA, irrespective of the transaction value.

Transactions not involving any cross-border transfer of funds to or from the high-risk countries are exempted from HRC/HRCA reporting requirements, like domestic cheques, payment of domestic utility bills using a card issued in UAE, cash by a person from a high-risk country, etc.

Once an HRC or HRCA has been filed with FIU, the reporting entity shall keep the execution of the subject transaction on hold for three days from the date of submission of HRC/HRCA.

Article UAE

A guide to Enhanced Due Diligence – Element of AML Compliance framework

Enhanced Due Diligence (EDD) is one of the critical elements of the entire customer onboarding journey, forming part of the AML compliance program. EDD is a higher version of the standard customer due diligence process, requiring extra checks and verifications to establish the person’s identity or any related information.

Let’s learn about enhanced due diligence, its purpose, the process involved, and its significance in complying with AML regulations and safeguarding the business against financial crime risks.

What is Enhanced Due Diligence (EDD)?

EDD is a part of the Know Your Customer (KYC) process, adopted as part of the AML framework while onboarding new customers/clients.

While conducting the risk profiling of the customer/client as part of the standard Customer Due Diligence (CDD) process, if the designated entities identify the person as “high-risk,” it calls for taking enhanced measures to assess the legitimacy of the person’s identity and other related information.

For low-risk customers, it is enough to conduct a standard CDD process, such as obtaining and verifying the customer’s identity, address, etc. However, it becomes critical for high-risk customers to dive a little deeper into the process and seek additional information or perform additional verifications.

Performing EDD is necessary as it is a regulatory requirement in case of customers classified as “high-risk,” requiring increased scrutiny and higher verification standards. It also becomes pertinent to safeguard yourself from being exposed to money laundering or terrorism financing activities.

An illustrative list of red flag indicators suggesting the need for EDD measures

Customers hailing from jurisdictions notified as “high-risk” or subject to increased monitoring (FATF grey list countries)
The customer is a Politically Exposed Person (PEP) or associated with PEP
A person having a criminal history or has been charged for any financial crimes and proceedings are underway
The customer insists on settlement of the transaction in virtual assets
Doubt about the appropriateness of customer’s risk classification
Customer is a non-profit organization (NPO)
Red-flag indicators of potentially unusual or suspicious activity, such as:

When intermediaries are involved in the transaction without any logical reasoning
When the customer’s legal structure is unnecessarily complex
Customer hesitant is sharing the details of the ultimate beneficial owner

Enhanced Due Diligence Procedures

Following for conducting adequate EDD measures:

Seeking additional details

Once a customer has been classified as “high-risk,” the following additional information is to be sought from the customer:

Nature of business
Source of funds
Source of wealth
Purpose of transaction

Such information should be backed up by substantial documentation, such as obtaining bank statements or audited books for determining the source of funds/wealth, etc.

Additional verification and establishing the legitimacy of the information received

Relying on third-party databases (e.g., cross-checking the identity of the foreign national with the country’s embassy or consulate)
Evaluating the reasonableness of the purpose of the transaction
Verifying the professional and financial background of the person

These verifications should be based on credible and independent sources such as private databases or official government websites to avoid bias or wrong information.

Adverse Media and Social profile check

Reviewing the open source information for the adverse media or negative news about the person helps to understand the person’s history and reputation. It corroborates your verification and overall risk categorization of the person.

Along with this, social profiles like LinkedIn or Facebook, etc., of the person should be looked for and reviewed to understand that social presence and association with other organizations. It helps in understanding the person’s social stature, as it is seen that a person indulging in financial crimes may not have strong social prominence.

Senior management approval

Before onboarding a high-risk customer, approval from senior management is mandatory.

Enhanced or frequent monitoring of customer information and the transactions

Given the high risk associated with the customers subjected to EDD, the AML regulations also require the designated entities to monitor the customer information and their transaction more frequently. Such enhanced monitoring would help in identifying and reporting the following:

Change in customer information contradicting the information shared earlier
Unusual pattern of transactions
Sudden change in terms of transactions,
Customer behavior suggesting money laundering-related suspicion, etc.

Why are EDD measures necessary?

As mentioned above, the primary purpose of EDD is to conduct detailed assessments of the customer’s identity, the purpose of the transaction, and the source of funds. These additional measures are critical:

Combat financial crimes

The additional information collected and rigorous verification measures performed as part of EDD help you and the government keep a tab on transactions of high-risk customers and identify any suspicious behavior beforehand, helping you prevent financial crimes.

Comply with regulations

EDD is a prominent part of the AML compliance framework. You conduct due diligence on your customers to avoid the risks of money laundering or other financial crimes. Thus, you follow these requirements by implementing EDD procedures, avoiding resultant fines and penalties.

Build your reputation

When you put in place proper EDD procedures, you not only adhere to the AML regulations but also safeguard your business from being vulnerable to money laundering and financial crime risks. It also conveys your ideologies and support to fight these financial crimes. It brings you customer loyalty and public trust, improving your reputation.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

A deep dive into the AML compliance requirements for the real estate sector in the UAE

AML compliance requirements for the real estate sector in the UAE

The real estate sector is one of the main non-financial sectors that are highly vulnerable to money laundering activities. This is because large sums of money are involved in real estate transactions with limited regulatory scrutiny. So, money laundering activities and terrorist financing transactions are quite common in the real estate sector.

It becomes essential for the regulators to make the sector more regulated and controlled. It is also important to identify the possible suspicious transactions and conduct regular monitoring of real estate transactions. UAE has made special provisions for AML requirements in the real estate sector.

In the blog, we list down the situations that real estate businesses must be aware of to identify money laundering. We also cover the UAE regulations that govern AML/CFT provisions in the country. Lastly, we include the AML requirements that real estate agents and brokers must fulfill.

Suspicious transactions in the real estate sector that raise a concern for money laundering

Following are the possible situations that raise suspicion regarding involvement of money laundering or any financial crime in the real estate sector:

Payment of the entire amount of the value of property in cash
People use complex loan structures or credit finance as a source of finance for buying property to launder money. In the repayment of these loans, the illicit money is forced into the legitimate financial system.
Undervaluation or overvaluation of property or sequence of property sale transactions to get a higher value is a way of laundering money.
Making frequent, unnecessary renovations and improvements in property are a sign of investment of illicit money.
Customers (buyers or sellers of property) use unknown third parties with a clean criminal record to hide their identity as the owner of the property.
Hiding the ownership of a property by the use of trust and company structures, shell companies, or front companies
Multiple purchases or sales of property
A legal owner of any property having an unusual nature of use or possession of assets, a mortgage with an unidentified lender, a strange rise in the financial funding, or an erratic relationship between income and living standards can be a suspicion of money laundering activity in real estate.
Purchase of property by Political Exposed Persons (PEPs) or individuals with Sanctions by posing as high-ranking foreign officials or members of their families.
Using the purchased property to carry out illicit or criminal activities such as drug production is a money-laundering example. Criminals use these revenues to buy more properties and thus hide the origin of illicit money.
A property buying or selling transaction that does not make any commercial or professional sense because of a lack of interest exhibited by any party.
Money launderers may buy a property in a third party’s name and show themselves as a tenant. Then they use illicit money to pay rent to the third party.
Money launderers use the help of different professionals to launder money with no possibility of detection. They use the services of accountants, trust and company service providers, lawyers, or any others to make their criminal activity look legitimate.
Buying real estate in a foreign country using illicit funds to hide assets from own country’s lawmakers.

In regards to these possibilities, the UAE government introduced AML/CFT regulations. Let us look at the key regulations and directives that control the real estate sector’s compliance with AML/CFT.

AML regulation for real estate sector in UAE

Decree-Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organizations is the primary law for AML in UAE. The Cabinet Decision No. 10 of 2019 concerning the Implementing Regulation of this Decree-Law makes real estate agents and brokers subject to the AML law. This means that the AML law applies to real estate agents and brokers in the UAE.

These regulations are necessary since the real estate sector has a lower level of awareness of possible suspicious ML/FT transactions. Also, the real estate sector is big with not many rules to invest or do business in it. This makes the sector highly exposed to ML/FT activities that disturb the economy and income distribution of the country.

The Cabinet Decision provides a list of Designated Non-Financial Businesses and Professions (DNFBPs) that includes real estate brokers and agents. These define the various CDD obligations of the real estate industry and ways to identify risk factors. Let us look at the AML/CFT compliance requirements for the real estate sector in the UAE.

AML/CFT compliance requirements for real estate brokers and agents in UAE

Real estate agents and brokers must comply with the following requirements under the AML regulations of UAE:

Understand possible ML/FT risk exposure

You must have a detailed understanding of how your real estate business can be exposed to ML and FT risks. For this:

You must adopt a risk-based approach to identify risks in your business transactions. These risks may be of different types based on business nature, type of service, the operational environment, and other factors. Accordingly, you must adopt risk mitigation measures.
You must be aware of the source of ML/FT risks and the phase in which the money laundering risk is high.
You must know the latest ML/FT trends and understand the various customer risks, channel risks, and geographic risks to the real estate industry. You must be able to identify each type and strategize for their elimination.
You must be aware of the type, size, complexity, transparency, geographic origins, or any unusual nature of financial arrangements or instruments related to the buying and selling of property.
Brokers and agents must have full information on a customer’s residence status, type of real estate transaction, and speed and frequency of transactions to gauge the risk.
You must keep all this information related to risk profiling documented and saved. The information must include methods of risk identification used, models used, and overall risk score.

Implement Customer Due Diligence measures

Real estate brokers and agents must apply the necessary customer due diligence (CDD) measures based on the category and profiling of the ML/FT risk. If there is any change in the risk category, they must update the due diligence measures as well. You must apply these measures during or before the transaction happens or the business relationship starts.

These due diligence measures include the following:

You must have in place a defined process for screening customers and prospects against Sanctions Lists. You must conduct background checks on your customers and prospects to identify any association with financial crimes.
You must be vigilant of the identity of the beneficial owner of your client. You must obtain all relevant proofs for establishing their identity and the source of funding.
You must check for the compatibility of the customer’s profile with the relevant real estate transaction to see if it suits their financial stature and professional circumstances.
You must track the legal arrangement or structure used in the transaction, as it may result in hiding the identity of the owner or source of funds.
You must also keep an eye on any association with Political Exposed Persons (PEPs), specifically in the case of foreign buyers or sellers.
You must check for any previous business transaction or relationship between buyer and seller.

Ongoing monitoring of transactions

Whenever you identify high-risk customers, you must conduct a regular check of their transactions. You must monitor the frequency and type of real estate transactions they have been involved in. You must check the status of the financial instrument during the lifecycle of the transaction or you must check the land registry details.

Put in place internal policies, controls, and procedures

The real estate brokers and agents must implement necessary measures to manage and mitigate the ML/FT risks. One of the key measures is the implementation of strong and effective internal policies, controls, and procedures. You must assess these policies for effectiveness and update them accordingly as and when the need arises.

These policies must relate to customer due diligence and suspicious transaction reporting. It must also include requirements for governance and record-keeping. Overall, such procedures must ensure management and mitigation of risks.

Report suspicious transactions to Financial Intelligence Unit (FIU)

You must report any kind of suspicious transactions to the Financial Intelligence Unit as and when you suspect it. You must add all the relevant information for the suspected transaction and keep it updated. You must be extra vigilant to identify any suspicion in any transaction or customer.

Some of the indicators for suspicious transactions include:

Unnecessary complex transactions whose purpose or beneficial owner is not known
Transactions that are inconsistent with the customer’s risk profiling
Large transactions (relatively large to a customer’s income or turnover)
Unexplained changes in the ownership of entities or unnecessary involvement of a third party
Transactions involving high-risk countries or third parties with no relationship with customers
Unclear or dubious sourcing of funds for a transaction
Refusal of customers to provide relevant information or proofs required for due diligence measures

Real Estate Activity Report Submission

Ministry of Economy has recently issued a Circular (No. 05/2022 dated 24th June 2022), requiring the real estate brokers to report the specified transactions pertaining to real estate in the new report named as – Real Estate Activity Report (‘REAR’). The reporting entities have to submit REAR with the FIU UAE.

Devise and implement a sound governance structure

You must formulate a governance structure to ensure your business complies with AML/CFT requirements. For this, you must appoint a fit and capable compliance officer. He/she must be capable of handling Ml/FT reporting, AML/CFT program management, and training and development of the team.

You must keep your employee up-to-date on AML/CFT laws, policies, and norms. You must design a training manual and impart it to relevant team members. You must also assess the effectiveness of these training programs to ensure the right knowledge development.

A well-functioning governance structure is tested by an independent audit frequently. This auditing procedure will check the risk profile of products and services, customers, and target markets. If it is not possible for you to keep an internal audit team, then you can hire a third-party auditing team.

Anti-money laundering regulations for real estate transactions

The real estate sector brings a huge difference to UAE’s economy. So, it is immensely critical to keep money laundering and terrorism financing in check in this sector. You must implement all the above-mentioned measures to comply with national and global AML regulations.

The compliance with the anti-money laundering regulations for real estate transactions will enable you to save yourself and your business from any fraudulent transaction or business relationship. This, in turn, helps you to minimize your exposure to money laundering and terrorism financing risks. These measures also help you to be in congruence with international AML/CFT regulations and best practices.

To plan and implement any of these measures, you can also take the support of AML consultants in the UAE. A professional, AML consultant will be better equipped to help real estate brokers and agents with the right, relevant measures against money laundering. The consultant will ensure that industry-specific steps are taken in the fight against money laundering and terrorism financing.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE