A comprehensive AML Guide for ADGM companies

The Financial Services Regulatory Authority (FSRA) supervises Abu Dhabi Global Market (ADGM) entities.

FSRA has issued rules and guidelines for implementing AML and Sanctions by ADGM entities to mitigate financial crimes. Though the ADGM’s AML Rulebook considers the Federal AML rules, the regulated entities in ADGM must follow the Rulebook and the Federal AML Law requirements.

This article focuses on the critical AML compliance requirements of entities in ADGM.

Business Risk Assessment and AML Policies, Procedures and Controls

The FSRA-issued AML rulebook mandates the ADGM entities to assess the ML/FT risks their business is exposed to.

While conducting AML business risk assessment, the ADGM entities must identify and analyze the ML/FT risk associated with the below-mentioned risks parameters:

Customers
Products, services, and transactions
Geographic risk
Distribution channels
Other risk factors such as technology

Basis the results of the AML Business Risk Assessment, adopting the risk-based approach, the entities must establish AML controls, procedures, policies, and systems aligned with the AML regulations to help entities identify, manage, and mitigate the ML/FT risks.

To ensure the effectiveness of the ML/FT mitigation measures, it is important to review ML/FT risk factors impacting the business and update the assessment to identify any new risk scenarios and design relevant controls to manage the increased level of risks.

Customer Risk Assessment and Customer Due Diligence

The entities must assess the customers’ profile, transactions, and business relationships to identify the ML/FT risk such customers pose to the business. Considering various risk parameters, a risk rating should be assigned to the customer, and appropriate Customer Due Diligence measures should be applied before establishing a business relationship.

For performing Customer Risk Assessment, the entities must consider various factors associated with the customer, a few of them illustrated hereunder:

Ownership, control structure, and nature of customer
Nature of the customer’s business
Nature and purpose of the business relationship
Nationality and residence of the customer
Place of incorporation of the customer who is a legal person.

Based on these factors, the risk rating is allocated to each customer – high, medium, or low. For low-risk customers, entities may conduct Simplified or Standard Due Diligence. While for customers identified as high-risk, Enhanced Due Diligence measures must be applied.

Depending on the risk profiling or risk classification of the customer, the ADGM entities must carry out Customer Due Diligence under the following circumstances:

Before onboarding a customer or establishing a business relationship
Before executing a transaction with an occasional customer for an amount equal to or more than US$15,000
When the customer or transaction is suspected to be related to money laundering or financing of terrorism.
When there is doubt about the authenticity of documents provided by the customers

As part of the Customer Due Diligence process, the ADGM entities must undertake the following:

Identify the customers, their representatives, and beneficial owners and verify their identities,
Screen the customer, beneficial owners, and senior managerial persons to check if any of these persons are sanctioned under the UAE local list, UNSC Consolidated List or any other relevant international sanctions list,
Understand the nature and purpose of the business relationship,
Have systems and controls in place to determine whether the customer, beneficial owners, or senior managerial person is a Politically Exposed Person (PEP),
Conduct ongoing monitoring of the business relationships and transactions conducted with the customer to check their consistency with the customer’s business and risk rating

However, when a customer is assigned a high-risk rating, Enhanced Due Diligence (EDD) measures must be applied before establishing a business relationship or executing a transaction with such a customer. Here, the EDD measures would include the following:

Get more information to identify the customer and its beneficial owners,
Identify and verify the source of wealth and funds of the customer and its beneficial owners,
Establishing reasonableness of the purpose of the business relationship,
Seek senior management’s approval to start a business relationship with a high-risk customer,
Insist on getting the first payment through the customer’s account with the bank subject to similar AML standards,
More frequent monitoring of the customer’s profile and transactions.

Money Laundering Reporting Officer (MLRO)

Every ADGM entity must appoint an MLRO to ensure compliance with AML requirements as prescribed under the FSRA-issued AML Rulebook and the AML Federal laws. Such MLROs must be residents of the UAE.

Further, the FSRA must approve the appointment of the MLRO.

If an MLRO leaves the company immediately, a new MLRO must be appointed, or at least a Deputy MLRO must be appointed to manage the AML compliance function temporarily until the appointment of an MLRO. FSRA Rulebook allows the ADGM entities to outsource the MLRO position to a third party.

AML Training and Awareness

FSRA mandates entities to conduct regular training for its employees responsible for AML compliance. Such training and AML awareness sessions must customize be customized basis the entities’ business operations, products/services, transaction complexities, distribution channels, and customers.

ADGM entities must conduct such AML training at least once a year and keep it up-to-date. Further, it is mandatory to record details of such training programs, including their dates, duration, nature, and list of participants.

Reporting Suspicious Activities

Every ADGM entity must have procedures, controls, policies, and systems to detect suspicious activities and report them immediately to the Financial Intelligence Unit (FIU) by filing SAR/STR on the goAML portal.

Frontline employees observing the suspicion must report it to the entity’s MLRO and submit all the details about the activity, customer or transaction involving money laundering or terrorist financing activity. When the MLRO receives an internal STR/SAR from an employee, they must investigate the activity. MLRO must submit an external STR/SAR with the FIU based on the evidence collected.

ADGM entities must maintain a list of ML/FT risk indicators and keep reviewing and updating this list to identify and mitigate the risks effectively.

AML Record Keeping

ADGM entities must maintain AML-related records for a minimum period of six (6) years in electronic format. The records to be maintained include the following:

Entities’ AML Business Risk Assessment and the AML framework implemented
Documents and information received from customers during KYC and CDD
Copies of business correspondence with customers, including transactional details
Suspicious activity/transactions reports – internal and external, related investigation records, documents, etc.
Records of communication and correspondence with the FIU

AML Annual Return

ADGM entities must fill in all the details in the AML Return Form and submit such AML Annual Return with the FSRA for the year starting from 1st January to 31st December every year. Such AML Annual Return is to be furnished with the authorities before the end of April of the following year.

The key differences between Federal AML Law and the FSRA-issued ADGM AML Rules and Guidance

(a) FSRA AML Rulebook includes the following under the definition of the “Designated Non-Financial Businesses and Professions (DNFBPs), which is not the case under Federal AML Laws:

Dealer engaged in trading of any saleable item where the transaction amount equals to or exceeds US$ 15,000 in cash through a single transaction or series of connected transactions.
Tax Consulting Firm

(b) FSRA-regulated entities must appoint a Compliance Officer or Money Laundering Reporting Officer who is a resident of the UAE. No such specific condition around residency is mentioned in the Federal AML Law.

(c) The minimum period prescribed for maintaining the AML record is six (6) years for ADGM entities, as compared to five (5) years prescribed under the Federal AML Laws.

(d) AML Annual Return is to be filed by the ADGM entities every year for the period 1st January to 31st December by the end of April of the following year. The AML Annual Return requirement is in addition to the semi-annual report requirement mentioned under Cabinet Decision No. (10) of 2019.

Need expert assistance to comply with ADGM’s AML Rulebook?

The companies in ADGM must follow all these requirements as per the ADGM AML Rulebook. Any non-compliance with these requirements calls for heavy administrative fines. The best way to avoid these fines and penalties is to take the help of a professional AML consultant.

Niyeahma is a leading AML consultant in the UAE. Our comprehensive services help you comply with the relevant AML/CFT requirements and mitigate the threats of money laundering and terrorism financing.

We understand Federal AML laws and ADGM-specific rules to help clients identify and assess their business risk and develop solid and comprehensive AML/CFT policies, procedures, and controls. We can help you set up your in-house AML compliance department and impart AML training to your team, to manage ML/FT compliance competently.

Our strength lies in our solid team of ADGM compliance specialists and experienced and knowledgeable AML professionals. So, leave your AML compliance worries to us, and focus on your core business operations.

About the Author

Dipali Vora

Associate Company Secretary

Dipali is an Associate member of ICSI and has a Bachelor’s in Commerce and a General Law degree. She has an overall experience of 7 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutinizer functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs. She knows Anti-money laundering rules and regulations prevailing in GCC countries and specializes in Enterprise-wide risk assessment, Customer Due-diligence, and Risk assessment.

Article UAE

A Guide to Avoiding the Top 6 AML Record-Keeping Mistakes

AML record-keeping is one of the most crucial obligations of the regulated entities. The entities need to ensure that they maintain adequate AML/CFT records to meet regulatory requirements. The ML/FT records maintained by an entity help authorities in further investigations and combatting financial crimes. In this article, we will explore the top 6 AML record-keeping mistakes and global best practices to avoid them.

Singapore AML regulations

The Monetary Authority of Singapore (MAS) supervises the implementation of AML provisions in financial institutions. Further, The Accounting and Corporate Regulatory Authority (ACRA) supervises accountants, accounting firms and trust or company service providers (TCSPs). The Council for Estate Agents supervises the real estate agency sector, and the Casino Regulatory Authority supervises casinos.

These authorities mandate the regulated entities to keep all data, documents, and information related to:

Customer due diligence (CDD)
Know Your Customer (KYC)
Customer risk assessments
Transaction monitoring results
Records of transactions with customers
Copies of STRs, SARs, and other reports submitted to MAS
Other AML-related relevant documents

The regulated entities must maintain all these records for five years following the transaction completion or termination of business relations.

You can maintain these records as originals or copies in any of the following forms:

Paper
Electronic form
On microfilm

The Singapore court of law may ask for these documents as evidence. You must create and maintain these records to submit them to the court when requested.

What records must be maintained under the AML/CFT Laws of Singapore?

The law requires regulated entities to maintain records of the following:

Customers’ identities

You must collect information on individuals, such as names, dates of birth, addresses, and other details. Gather necessary documents to verify these details, like address proof and identity documents. For entities, you must find information on names, incorporation date, number of employees, beneficial owners, and other relevant data. You must also save your correspondence with customers on transactions, business relationships, and other matters.

You must save these data points on your individual and entity customers. And refer to them when needed before a transaction. Collecting these data points before forming a business relationship is essential. Results of customer screening against watchlists, PEPs, and sanctions are also vital.

Also, you must recheck them regularly to update the changes, if any. Maintain proper records in the correct format and language. Raise an alert when you detect something suspicious. Maintaining the templates and forms you use to collect KYC and CDD data is also crucial.

Transaction details

It would be best if you tracked your transactions to avoid any possibility of money laundering. For this, you must collect data on each transaction, such as:

Date of transaction
Parties involved and their role
Type of transaction
Transaction value
Taxes and charges involved
Medium of payment
Payment date
Source of money or name of the sender

All these information points can serve as a good reference point in the future when you want to track it. Also, you can raise an alert if you spot something out of the ordinary. For example, it is suspicious if the payment value is enormous and the customer prefers an all-cash transaction.

Suspicious transactions and activities

Most of the effort for AML compliance is towards identifying suspicious transactions. You can stop,g prevent, or reduce their effects only when you identify them. So, it’s crucial to have records of these suspicious transactions.

Every regulated entity must understand what a suspicious transaction is in their field of operations. Like a sizeable cash-value transaction. Or a transaction with the involvement of an unknown third party. All these are different types of suspicious transactions found in different industries. You must make a list of all the possible transactions. Then, review your transactions and compare them to detect suspicious ones.

You must maintain records of such suspicious transactions and other related details. It helps you avoid similar transactions. Since you maintain records of all transactions, separate the suspicious transactions from that list and make another file. Analyse it properly to identify patterns or trends and make conclusions. Thus, these records can help you in your future decisions. Also, you need to report these to authorities.

Records of detailed investigations

When you identify suspicious transactions, some of them are false positives. But if those relate to high-risk customers, you must investigate further.

More investigations require you to collect more data from customers and other parties. You must maintain records of the extra data and information you analyse. Whatever evidence you get, save it. Such records help you determine whether the activity has linkages to money laundering.

If you want any third party or authority to investigate further, you can submit these records to help in their assessment.

AML Compliance Officer’s reports

Entities under the AML regime in Singapore must have a dedicated AML compliance team. This team must have a deserving AML compliance officer to manage all AML-related activities.

They will ensure the business complies with all the AML provisions in Singapore. For this, they will:

Create AML framework, policies, procedures, and controls
Manage the monitoring of transactions with customers
Supervise risk assessments of customers and build risk profiles
Conduct training for employees
Ensure submission of reports to MAS and other authorities

You must maintain a copy of the reports the officer submits to the senior management and MAS. These records will help you refer to them for decision-making in the future. Also, these reports are a summary of the entity’s efforts for AML compliance. So, you must maintain them as records to assess your past performance and make plans.

Training programs with complete details

AML regulations in Singapore require you to conduct AML training for your employees. The authorities might ask you about the different training programs conducted for them. So, it would be best if you made a note of the following details on your training programs:

Topics covered in training
Number of participants
Seniority level in the business
Education and experience of participants
Materials used
Medium of training

These records enable you to prove to others that you are doing enough to follow AML regulations.

Communication with MAS and other authorities

An often ignored aspect of record-keeping is all your communication with MAS. You must maintain its records until there is clarity on that aspect. Records of the following are necessary:

Any requests for submissions of documents or reports from MAS and other authorities
Any complaints raised by MAS on your AML compliance
Your response to MAS on their complaints and their approval
Any requests/queries, or doubts submitted by you to MAS

These will help you get confirmation on your AML compliance and work towards it better.

AML actions taken until now

MAS and other relevant AML authorities in Singapore expect AML compliance from you. In this race, they supervise your AML efforts. They review your AML compliance and recommend remediation measures to you.

In response to these recommendations, you must act to comply with AML regulations. For every action taken by you, you must maintain records of it. You must give details on the recommendation action taken and its impact on your business. You must also attach the audit reports on your AML compliance efforts.

These records are essential to know your actions in response to MAS’s supervisory engagement. Also, it proves that you are working towards complying with all provisions of AML laws.

Unprocessed information

Suppose you conduct investigations on customers or transactions that later turn out to be non-suspicious. That means the customer or transaction is legal, and you did not find any trace of money laundering. It does not mean that you delete the records of such investigations.

You must maintain proper records of such transactions and customers who were initially suspicious but later found non-suspicious.

Top 6 AML record-keeping mistakes to avoid

The above section explains the various types of records you must maintain for AML compliance. While creating and maintaining these records, adopt the global best practices. You must avoid the following mistakes to keep your records relevant for your business and Singaporean authorities:

1. Failure to maintain records per requirements

It’s the age of technology. Generally, companies maintain records in the AML KYC Software. This ensures complete and accurate records. Also, you can be sure of their safety and security. You can keep these records confidential by managing permissions for accessibility. Also, such software solutions allow analytics and insights generation, leading to better decision-making and compliance.

In Singapore, you must maintain records in originals and copies in paper, digital, or microfilm formats. So, you must maintain these records in these forms.

2. Not keeping records secure and confidential.

Data confidentiality is a serious issue. There are chances of data theft by internal employees or external hacking. So, make it a practice to protect all your sensitive data.

In the case of AML, generally, you have data on customers and transactions. Any theft of this data leaks customer information and payments-related materials. So, you must encrypt the data to keep it secure. Also, permit only a few trustworthy personnel to access data.

3. Failure to keep updated ML/FT records

Constant changes occur in AML compliance requirements. Even organisations undergo changes in operations, processes, data, and other aspects. So, all these amendments must have equal adjustments in records as well.

You can’t keep your records outdated. So, update them according to the changes in your business. If you keep them up-to-date, there are higher chances of easy and smooth compliance. So, don’t forget to update your records as and when new changes come.

4. Overlook the need for regular audits of records.

Your records might have some errors or loopholes. Also, the record-keeping processes can have deficiencies or gaps. These deficiencies can lead to inaccurate or incomplete records, affecting your AML compliance. So, it is crucial to pay attention to audits of your records and record-keeping processes.

You can set a schedule for regular internal audits. You can identify errors and rectify them to improve their quality and efficiency. Also, you can set an annual external audit by an AML auditor to get an outside perspective on your record-keeping procedures. These records must meet regulatory standards and help you comply with them.

5. Insufficient reporting

You are maintaining records of customers and their identities. You also have records of transactions in value and volume and related aspects. You maintain all these records to help you with AML compliance.

What happens when you detect some red flags in records? Or some strange activity, different from the usual? You report it to authorities. This is what you are supposed to do with records. Whenever you spot something unusual, report it to senior management or regulatory authorities. These records help you create reports to submit to authorities according to Singaporean reporting requirements.

6. Improper destruction of records

According to Singaporean AML regulations, you must maintain these records for five years. After five years, you can destroy them unless MAS asks you not to destroy specific records.

But while destroying these records, ensure it happens properly and securely. Use a solution to ensure permanent deletion from electronic sources. If those are paper records, you can shred them to destroy every part of the paper. Whatever way you use, ensure there is no trace left.

How can AML Singapore help you?

You know the various records you must maintain for AML compliance in Singapore. These records will act as evidence of a successful AML compliance program. Also, the investors and senior management feel confident about the entity’s AML efforts after seeing these records. So, avoid these basic pitfalls in record-keeping to ensure up-to-date, accurate, and complete records.

If you need help designing your record-keeping procedures, hire an expert AML consultant like Niyeahma.

Niyeahma is a leading AML consultant in Singapore. We help with this fundamental task of proper record-keeping. Our expert AML professionals ensure you stay safe from the legal repercussions of AML non-compliance. We also regularly audit these records to check for gaps and inconsistencies. Besides AML compliance, it helps you with operational efficiency and financial management.

So, give record-keeping the importance it deserves and adopt its best practices.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

Adverse media and social media checks under AML compliance

Customer Due Diligence (CDD) is the most critical element of an AML compliance framework. The purpose of conducting CDD is to collect information about customers and verify their identities and legitimacy around the proposed or executed transactions. Adverse media and social media checks can significantly assist in concluding your search for a customer’s identity and avoiding onboarding the customer involved in money laundering or any criminal activities.

Adverse media means negative news or information about customers in publicly available sources or articles. The media sources may include TV, newspapers, radio, magazines, web articles, blogs, etc. If there is any negative mention of the customer in such media sources, it is adverse media or negative news.

Social media platforms, such as LinkedIn, Facebook, Twitter, etc., contain the customer’s profile, known publicly. Also, such platforms sometimes contain references to negative news about the customer.

Though negative news screening has received very little regulatory attention, it is a critical part of CDD.

As a best practice, companies have incorporated adverse media screening and social media monitoring in their CDD processes. It helps you find your customer’s connections with or involvement in suspicious activities.

This article focuses on understanding its importance in CDD measures.

Regulations on adverse media and social media checks

The Financial Action Task Force (FATF) recommends that organizations include adverse media checks in their AML customer onboarding processes. Further, the AML regulations applicable in UAE also provide that the regulated entities look out for negative news for high-risk customers from reliable, independent sources.

Open media sources should be screened to gather the information around the following to build the customer risk profile effectively:

Business Type
Nature of business
Past criminal investigations
Regulatory penalties

Further, social media should be checked to ensure the customer information shared with the company matches the person’s social profile, such as the name the person is socially known by, the name of the employer, location, etc.

Importance of adverse media and social media screening

Building client’s risk profile

Any client can be a threat to your business or reputation. So, before forming a business relationship, you need to know them thoroughly.

Getting information about customers’ details from reliable and independent sources provides you confidence in the details furnished by the customer.

Not only during customer onboarding, but you can also keep a constant check on your customers. Frequent checks allow you to check for any change in the risks. If there is any change in data, you can update the risk profile.

Protecting oneself against reputational risks, penalties, and fines

Creating a fake profile and hiding the real identity is easier in the ever-evolving digital world. A fake identity is used to cover or carry out illegal transactions. Along with CDD measures, adverse media and social profile screening help you detect customers’ connections with criminal activities. If you turn a blind eye to this process and avoid the information known to the world, you would be exposing yourself to criminal activities, thus, resulting in the imposition of fines or penalties. Thus, you must monitor regular adverse news to avoid risks, AML penalties, and fines.

It helps you detect any suspicious transactions with your customers. It also helps you recognize any characteristics or patterns in a customer’s profile that may lead to suspicious activities in the future. So, you can remove any possible chances of attacks on your reputation due to association with money laundering activities.

Sources for negative news and social profile screening

Companies refer to many official and unofficial data sources for finding information about their clients. You can find insights on the customers from the following data sources:

Government databases
Newspaper articles
Online forums
Corporate websites
Social media feeds (LinkedIn, Facebook, Twitter, etc.)
Blogs
Legal prosecutions
Research portals and Private databases

You may not trust some of these unstructured data sources. But the onus lies on you to check the credibility and quality of information. You must confirm the information with other sources to check if it is fake, biased, or partial.

Best practices to implement negative news & social media screening

Some of the best practices to adopt to improve your process of collecting adverse media and checking the social profile of your clients are:

Keep your customer data up-to-date and complete

Ensure completeness and correctness of basic demographic information about your customers. Inaccurate and incomplete information serves no purpose while conducting an advanced search on your clients. When checking negative media mentions in a tool, companies use these primary details to match the new-found information. Thus, core customer data has to be complete and accurate to determine the relevancy of the negative news found or the customer’s social presence.

Create a sound negative news & social media screening policy

You cannot just collect their information and conduct adverse media checks when onboarding new customers. You need a well-laid-out policy and methodology for conducting these searches to ensure effectiveness and quality in less time.

You can prepare a standardized template to collect the necessary information and document the same. It must have fields like:

Customer details
Name of the individual who performed the screening
Date and time of the screening
Information found, along with source and URLs
Context of information
Conclusion
Possible actions to take.

Basis the research and conclusion, you can recommend relationship termination or filing of suspicious activity report if you suspect the customer’s involvement with money laundering or terrorism financing.

Engage in regular adverse media monitoring

Your job does not end with a one-time screening of adverse media at the time of customer onboarding. You must regularly check your customers’ social profiles and negative remarks on public sources.

There is a possibility that during onboarding, the customer was fair. But they may engage in money laundering or similar financial crimes later in their operations. So, regular adverse media or news checks on your customers are vital.

Invest in an online tool to screen negative news

In some companies, adverse media check is a manual process. But it is time-taking, tedious, and tiresome, sometimes resulting in errors or missing essential information.

Tech solutions and software are in trend that screens numerous news sources worldwide to generate more accurate results. These tools generate negative news for every category of financial crimes and provide the source details of such news.

The paramount need is for the solution to track many media and news sources and generate complete, verifiable information.

Companies have started using AI-based media monitoring solutions. The tool sifts through credible and current media and news to find any material on customers. You can set parameters for a relevant search, analyze the results, and take necessary action.

Thus, your customer onboarding process becomes faster and more trustworthy with an intelligent technology solution.

The technological tool must have the following features and functionalities:

Customized alerts
Fast research and retrieval of information
Comprehensive list of worldwide data sources
Supports multiple languages
Batch processing
Real-time updates and notifications for changes in the risk status of existing customers
Access to updated watchlists, Sanctions, and PEPs
Intelligent category tagging

How can Niyeahma help you streamline your CDD process with robust negative and social media screening?

You must conduct regular negative media and social media searches to check for any possible connection of customers with financial crimes. Make it a practice before onboarding new customers, during regular monitoring, and in event-triggered exercises. It makes your customer due diligence efficient and effective.

To ensure you do not go wrong with adverse media screening and social media checks, it is best to engage an expert AML services provider – Niyeahma, to set your processes right.

Niyeahma is a leading provider of the following professional services related to AML:

Carry out a business risk assessment
Develop a customized AML/CFT policy
Assist in setting up an in-house AML compliance department and team
Conduct AML training for employees
Manage KYC and CDD
Support in selecting a suitable AML software
Assist in regulatory submissions
Conduct AML/CFT health checks

Contact us if you need assistance managing your KYC and due diligence processes. We verify your customer’s details, including negative news screening, and share the customer’s risk profile with you. We ensure you precisely know whom you are dealing with to reduce the threats of financial crimes. So, manage or mitigate your risks well with Niyeahma’s team.

About the Author

Dipali Vora

Associate Company Secretary

Dipali is an Associate member of ICSI and has a Bachelor’s in Commerce and a General Law degree. She has an overall experience of 7 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutinizer functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs. She knows Anti-money laundering rules and regulations prevailing in GCC countries and specializes in Enterprise-wide risk assessment, Customer Due-diligence, and Risk assessment.

Article UAE

AML Transaction Monitoring: A powerful tool to detect financial crimes

Ever received a call from your bank to confirm if you have conducted a specific high-value transaction? If yes, then that is what transaction monitoring means. They know your routine transactions. If they see one unusual transaction and different from your general banking behaviour, they make a confirmation call.

Financial criminals conduct fraudulent activities by harnessing loopholes in regulations. They create an air of legitimacy around their scheme, company, and transactions.

Transaction monitoring can help detect patterns of suspicious behaviour and financial crimes to and from customers. That is why it is a significant step in companies’ and governments’ AML and CFT programs. With transaction monitoring, you can detect crimes before their occurrence or in their early stages. Timely detection saves you from the repercussions.

This article aims to explain the concept of transaction monitoring, its significance, and the best monitoring practices.

What is AML transaction monitoring?

Transaction monitoring means regularly keeping a close watch on the transactions. It involves checking a customer’s historical transactions, customer’s profile, account details, and interactions. These checks enable the identification of possible customer risks and the prediction of their future behaviour.

You can track the transactions in real-time during their occurrence to block them and prevent fraud. Alternatively, you can check transactions to identify any set patterns after their occurrence. Conduct periodic transaction monitoring to check the customer’s behaviour in terms of irregularities or set patterns.

Thus, financial institutions, as well as DNFBPs, must conduct frequent checks of their transactions.

Significance of AML transaction monitoring

Generally, anti-money laundering regulations in countries include the practice of transaction monitoring. It is mandatory for entities to track suspicious customers, suppliers, or transactions.

Entities have started using transaction monitoring systems to detect suspicious transactions. But it also requires human intelligence and experience to separate fraudulent transactions from non-fraudulent ones.

A constant check on customers’ activities is essential to avoid financial crimes. Transaction monitoring allows entities to adopt a risk-based approach, wherein the monitoring is done based on set rules defined considering the customer’s risk profile developed and the nature of transactions executed by the customer.

Based on the risk profile, you must monitor the customers. For a high-risk client, you need to adopt an advanced level of transaction monitoring.

Nowadays, criminals have advanced ways of conducting financial crimes in the times of the online, digital world. The complexity of money laundering and terrorist financing has increased, which requires a measure that can spot right from wrong. So, transaction monitoring with the definition of a clear rule is crucial to identifying criminal activities.

Furthermore, the transaction monitoring framework gives confidence to regulators and stakeholders of the organization. It shows the seriousness of entities toward detection of financial crime. It leads to a safe business ecosystem in the country and builds trust between existing and new partners.

Steps to an effective transaction monitoring program

Transaction monitoring is a risk-based approach with the following steps:

1. Risk assessment of your business

Identifying risks your business faces from customers, products and services, and operating environment is critical for your AML compliance. For this, you must conduct a detailed analysis of the industry in which you operate.

Analysis of risk parameters will determine your business’s risk appetite. A deep understanding of the risks you take as an entity and the measures you use to cover these risks is crucial. Also, you get to know what types of customers you will be handling, types and volumes of transactions and related risks thereof.

2. Define red flags of suspicious transactions

To ensure the correct identification of suspicious transactions, you must know what it looks like. For this, you must define the red flags your employees will look for while reviewing transactions or the rules set in the transaction monitoring solution. Some of the red flags can be:

Transactions involving large amounts of money,
A sudden new transaction unusual for a customer (nowhere like any other transactions done before),
Several small transactions of the same type involving one or more accounts/persons in a short time,
Inconsistency of the transaction with the customer’s economic profile,
The transaction is directed to or from a high-risk country or a jurisdiction featured in the sanction list,
Customer’s insistence on having no face-to-face communication always.

You must feed these red flags into the transaction monitoring system to generate alerts when witnessed. The team handling this system receives an alert notification. The entity can conduct a further investigation based on the alert to classify it as suspicious.

3. Create transaction monitoring rules

You must create transaction monitoring rules based on your risk appetite and red flag indicators. The system for transaction monitoring will have to be aligned with these rules to identify suspicious transactions. The rules may be created around the following:

The maximum amount of a transaction,
Number of unusual transactions from a customer,
Number of small transactions, after which the system generates an alert,
Transaction directed to or from a high-risk jurisdiction.

The monitoring system analyses the transaction against the set rules. Based on the defined rules, the system should be able to identify the suspicious pattern or characteristic and generate a trigger or alert for the same.

4. Review the generated alerts

You must review these alerts generated for suspicious transactions. The analysts must conduct a manual evaluation to check if the pattern or behaviour is suspicious. To produce a detailed report, they must collect all relevant information for that transaction.

If you find it suspicious, prepare a report of the investigation conducted, which should be shared with the senior management for sign-off. Basis your evaluation, you may even drop the alert, but document the reason.

Best practices of a robust AML transaction monitoring program

Some of the best practices you can adopt for transaction monitoring include:

Remain up-to-date with regulations

Keep an eye on the local and national regulations for combating money laundering and other financial crimes. Compliance with them is essential. With knowledge of all rules and regulations, you can update your red flags, optimize the monitoring rules and identify suspicious transactions efficiently.

Know about your industry and products/services

You must have deep knowledge of your sector and products/services to ensure effective transaction monitoring. Awareness of industry-specific risks, customer demographics, and product/service weaknesses can help create effective monitoring rules.

Furthermore, keep updating your knowledge on these factors. The updated information helps you improvise your transaction monitoring solution and timely capture all money laundering and terrorist financing activities.

Create an exhaustive list of transaction monitoring rules

Consider all the possible red flags for your industry and product/services while creating transaction monitoring rules. These rules must encompass a range of simple and complex scenarios to detect all possible suspected transactions.

Criminals keep updating their crime techniques to take advantage of your operations, processes, products, customers, etc. Similarly, you must frequently update these rules to stay on top of your criminal typologies.

Ensuring quality of AML transaction monitoring

Entities must try to avoid making transaction monitoring an operational, time-bound task. You must consider it as an action against decreasing or eliminating financial crimes. Accordingly, entities must base the employees’ performance on the quality and efficiency of transaction evaluation, not the volume of transactions handled.

Document the AML monitoring scenarios

The transaction monitoring system generates alerts if a transaction is against any rules fed into the system. Then, the analyst evaluates it comprehensively by collecting all related and relevant information.

You must document all this information, analysis, and insights. Documentation helps develop a precise, comprehensive scenario. And documentation of all these scenarios helps create more rules and logic to better your transaction monitoring process.

Do not assume that one size fits all

Do not oversimplify the risk scenarios. Create detailed, to-the-point, granular-level characteristics to identify risky behaviours or patterns of customers or transactions. The clarity in scenarios enables better comparison with the rules to identify suspicious transactions and reduce the possibility of false positives.

Do not have too many risk scenarios

Entities create an exhaustive list of risk scenarios to capture every possible suspicious transaction. But in this process, they forget to remove duplicates and non-contextual scenarios. With such an extensive list of possible risk scenarios, employees’ workload increases, and the quality of alerts decreases. So, while creating scenarios, avoid overlap and add relevant context to each.

Use artificial intelligence in transaction monitoring

Only rules based on logic will not be sufficient for effective transaction monitoring. You must have AI-based transaction monitoring systems to generate more insights and identify red flags that human eyes can overlook. Artificial intelligence can catch any pattern or behaviour that slips through the manual monitoring rules.

About the Author

Dipali Vora

Associate Company Secretary

Dipali is an Associate member of ICSI and has a Bachelor’s in Commerce and a General Law degree. She has an overall experience of 7 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutinizer functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs. She knows Anti-money laundering rules and regulations prevailing in GCC countries and specializes in Enterprise-wide risk assessment, Customer Due-diligence, and Risk assessment.

Article UAE

The ABC of AML screening: 8 common mistakes you can’t afford to make

The ABC of AML screening: 8 common mistakes you can’t afford to make

AML screening helps assess the risks of an existing or potential customer for your business. These risks include money laundering, terrorism financing, and similar financial crimes. Screening allows you to check and verify their identities against several lists. Let’s explore the ABC of AML Screening and learn about the common mistakes that businesses make while screening a person or an entity.

The screening helps match your customers against the lists of:

Terrorists
Sanctions
Politically Exposed Persons (PEPs)
Banned or wanted
Adverse media

These checks are necessary to see if your customers are on any lists. If they do, you do not transact with terrorists, sanctioned, or banned customers. You conduct Enhanced Customer Due Diligence (ECDD) for politically exposed persons (PEPs) and customers with negative media references before forming a business relationship. If they don’t appear on the above lists, you can be sure of their identities and proceed with the transaction.

AML screening of employees is also essential for entities. You must check their backgrounds to verify their involvement in money laundering activities. These checks help you prevent the threats of financial crimes.

Let’s dive into the world of AML screening to understand:

Types of AML screening
Benefits of AML screening
Process of AML screening
When is AML screening necessary?
Mistakes to avoid while performing AML screening

Types of AML screening

The different types of AML screening include:

PEP checks

PEP means politically exposed persons. These can be government officials or members of a political party. Because of their job and position, they have higher opportunities to engage in bribery, corruption, money laundering, or other financial crimes. These can also include high-position officials in other public sectors.

By PEP screening, you can prevent the occurrence of these crimes. You can screen your clients against this PEP list. If matches are found, you perform Enhanced Customer Due Diligence and obtain senior management approval before entering into a transaction.

Sanctions screening

Sanctions are the lists of restrictions countries or international organizations impose on individuals, entities, activities, countries, or regions. These restrictions exist to avert threats to security, peace, or humanity. Restrictions can include:

Trading not allowed
No access to financial systems
Penalties

Family members or business associates might also feature in the sanctions list because of their association with a sanctioned individual or entity. By sanction screening, you can identify such customers and avoid onboarding them.

Watchlist screening

Watchlists are databases of known criminals or suspected persons. These can be individuals involved in:

Terrorist activities
Illegal arms, human, or drug trafficking
Corruption
Money laundering
Proliferation of weapons of mass destruction

Governments, regulatory bodies, international organizations, and law enforcement agencies create such lists. You scan your clients against these lists to see if their names feature in any of them. If yes, you can stop transacting with them or don’t enter into a business relationship with them.

Adverse media screening

It includes checking your existing and potential clients’ names in adverse media. You can check the news, media databases, and social media posts for this. Databases of legal filings and public records are also good sources to search for adverse media.

Any negative news about them in the past can be a tip for you on their involvement in illegal activities. You must search the individual’s name and related keywords on these databases for negative mentions. Nowadays, companies use artificial intelligence (AI), natural language processing (NLP), and other advanced technologies to screen adverse media.

You can perform Enhanced Customer Due Diligence for such customers and submit a Suspicious Transaction Report if you suspect ML/TF.

Background checks of employees and outsourcing service providers

These are not the usual checks of customers. These pertain to screening your employees and outsourcing service providers. You must conduct background checks whenever you onboard a new employee or outsource a task to a third party.

Any kind of association of employees or outsourcing vendors with illegal activities may harm your reputation. By conducting such checks, you can prevent the following types of threats:

Recruitment of a criminal candidate
Theft of data or intellectual property
Association with perpetrators of illegal activities

Benefits of AML screening

By screening your customers regularly, you realize who is risky and who isn’t. Besides, you can also enjoy the following benefits:

Contribute to the greater good

AML compliance is one of the ways to protect national and international economies from financial crimes. Screening customers, transactions, and employees helps you identify and verify suspicions. Thus, it helps keep your business from transacting with criminals. You can avert the entry of illegal money into the regulated and legal financial system. This is how you can ensure national and global business community security.

Comply with AML regulations

Conducting KYC and due diligence of customers are critical parts of an AML framework. And AML screening of customers is one of the ways to know your customers better. Thus, by conducting an AML screening, you fulfil one requirement of your AML framework. It helps you in AML compliance. Thus, you also protect your business from non-compliance fines or penalties.

Prevent financial crimes

By conducting customer screening, you verify their identities. Thus, you learn about the potential source of risks to your business. Based on the results of such AML screening, you can decide whether to form a business relationship with them. If you don’t transact with them, you save your business from the risks of financial crimes.

Maintain your business reputation

If you conduct such AML screening, you can detect risks to your business better. Thus, you can make plans to manage and mitigate them. This shows your serious attention to AML compliance to avoid financial crimes. It gives you good publicity, building customers’ trust in you. Thus, you can improve your business reputation and reliability in the market.

Process of AML screening

The process of AML screening includes the following steps:

Collect customer data and information necessary for screening them against watchlists.
Verify their identities through identity documents collected from them.
Match your customers against different national and international watchlists.
Keep aside the confirmed matches and take the required measures.
For potential matches, investigate further to reduce the chances of false positives.
Regularly screen your customers against these watchlists to detect suspicions.

When is AML screening necessary?

You must conduct AML screening during or before the following processes:

Before onboarding a new customer
Before employing new employees
Constant and regular monitoring of customers
When the local and international lists of sanctions, PEPs, bans, terrorists, etc., undergo changes
When your existing customers’ beneficial owners or management changes

8 Mistakes to avoid while performing AML screening

Different types of AML screening are essential for your AML compliance program. You know the benefits it provides to your business. You can also see the procedure for conducting AML screening. If you commit any mistake during this process, it might not generate the stated benefits. The blunders you must try to dodge while conducting this process include the following:

1. Conducting only manual screening

This aspect needn’t be explained but is a common pitfall in AML screening. Sometimes, entities only screen their customers manually against lists of sanctions and PEPs. This would be okay if the dataset is too small.

In the case of a large database of customers, manual screening may not be the best option. The process is erroneous, takes time, and you might miss matching a few. Using advanced technological systems can be a game changer in such situations. You get a guarantee of high accuracy, less time, and a comprehensive screening process.

So, choose a combination of manual and automated screening for better quality results and higher efficiency.

2. Missing international databases

This aspect needn’t be explained but is a common pitfall in AML screening. Sometimes, entities only screen their customers manually against lists of sanctions and PEPs. This would be okay if the dataset is too small.

In the case of a large database of customers, manual screening may not be the best option. The process is erroneous, takes time, and you might miss matching a few. Using advanced technological systems can be a game changer in such situations. You get a guarantee of high accuracy, less time, and a comprehensive screening process.

So, choose a combination of manual and automated screening for better quality results and higher efficiency.

3. Failure to generate reports of such AML screenings

As a part of your AML frameworks, you will conduct regular AML screenings of customers. It’s a best practice to maintain records of the screening performed. Businesses often tend to neglect this aspect and fail to meet the record-keeping requirements required under the law.

4. Using outdated lists for matching

How about screening your customers against outdated lists? There are higher chances of false positives. You gauge a customer as a sanctioned individual, but they are not on the updated list. Alternatively, you do not find a customer in any sanction list and transact with them. But they may feature in updated lists.

In any of these cases, you will suffer. In the first case, you miss out on a good customer. In the second case, you get involved with a criminal.

So, use updated lists of PEPs, sanctions, and watchlists. The relevant organizations release updated lists, so you must stay up-to-date with them.

5. Conducting AML screening only once during the entire customer lifecycle

Individuals change. Entities change. And you must also adjust to these changes. So, you cannot stay put with the first screening of customers you did while onboarding them.

It’s crucial to screen your customers on an ongoing basis. If you miss, you might become vulnerable to such financial crimes. Situations like the following call for ongoing AML screening:

Changes in your clients’ beneficial owners or global presence
Request for some unusual, unique, highly complex, or unreported transaction
Change in the source of funds
Request for a transaction inconsistent with the customers’ risk profile or usual activities
Involvement of a third party in the transaction
Changes in the sanctions, PEP database, and Adverse Media lists

You might never know when you become a part of an illegal transaction. So, match your customers with these lists regularly. Regular monitoring helps you avoid any chances of money laundering crimes.

6. Absence of quality checks of AML screening process

Is your AML screening process generating false positives? Are you doubtful of the quality of AML screening results? If yes, your AML screening process is not up to the mark.

It’s not only about the quality of the technological system you use for these checks. The overall process needs a revamp. You must check with the Screening software vendors for the reliability and relevance of the data, data update frequency, fuzzy logic, ongoing monitoring functionality, and more.

7. Forgetting to screen former names or acronyms

Sometimes, the mismatch between customers and these watchlists is due to acronyms, nicknames, or different names.

Now, the watchlists and databases might use the former names of individuals or entities. You screen your clients’ current names. In such cases, there is a possibility of no match.

Alternatively, entities might be using acronyms while databases mention the full names of companies. Sometimes, the names are not in the Latin alphabet, and their translation is inaccurate. So, you must check all these options to avoid missing any matches.

8. Lack of fuzzy logic matching

A critical aspect to remember while matching clients with databases is approximate matching. Generally, entities believe in 100% matching of names. But that shouldn’t be the case. You might be missing out on some criminals or money launderers just because they didn’t match 100%.

You must include fuzzy logic matching in your AML screening tools. It allows you to set alerts for approximate matches. Also, ensure the incorporation of AI and machine learning to improve data accuracy in fraud detection.

Concluding thoughts

You must adopt these best practices in your AML screening processes. Comprehensive screening with accurate and faster results is what you aim for. So, the best solution is to use advanced technology systems to automate the process. You can conduct further investigations and deploy adequate risk mitigation initiatives based on the alerts generated.

You can also refer to MAS’s guidance on Strengthening AML/CFT Name Screening Practices released in April 2022. It is an information paper on MAS’s inspections of entities’ name screening processes. It assessed how robust the entities’ AML screening frameworks were and provided the results.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article Singapore

Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

Use of Digital ID for Customer Due Diligence -New Guidance issued by CBUAE for LFIs

The Central Bank of the UAE (CBUAE) has issued new Guidance on anti-money laundering and combatting the financing of terrorism (AML/CFT) for Licensed Financial Institutions (LFIs), which shall be applicable with immediate effect. The Guidance for LFIs on the use of Digital ID for customer due diligence aims to help the Financial Institution to adopt, understand and implement the statutory obligations concerning AML/CFT and considers the standards issued by Financial Action Task Force (FATF).

The Guidance talks about using digital ID systems/mechanisms by LFIs to fulfil their obligations about customer due diligence (“CDD”) in relation to natural persons.

Digital ID for Customer Due Diligence Guidance Applicability

The Guidance applies to all the Natural and legal persons licensed and/or supervised by the Central Bank of UAE in the below-mentioned categories:

National banks
Branches of foreign banks
Exchange houses
Finance companies
Issuers and providers of stored value facilities
Licensed retail payment service providers and card schemes
Registered hawala providers,
Insurance companies, Agencies, and Brokers.
Other LFIs not covered above.

Key Takeaways: Guidance on Digital ID for Customer Due Diligence

1. The Guidance talks about Identity proofing, enrollment, and authentication mechanisms with regard to the usage of digital ID systems. The terminology of “Digital ID systems” is defined as under:

“use electronic means to assert and prove a person’s identity online and/or in in-person environments, including through the use of:

Electronic databases, including distributed databases and/or ledgers, to obtain, confirm, store, and/or manage identity evidence;
Digital credentials to authenticate identity for accessing mobile, online, and offline applications;
Biometrics to help identify and/or authenticate individuals; and
Digital application program interfaces (“APIs”), platforms, and protocols that facilitate online identification and the verification and authentication of identity.”

2. LFIs are directed to use national-level identificationsystems and processes prevalent/under-development in UAE, like UAE Pass, Emirates ID, Emirates Facial Recognition, etc.

3. LFIs may use the online validation gateway of the Federal Authority for Identity and Citizenship and keep a copy of the Emirates ID and its digital verification in their records.

4. LFIs should leverage data generated by authentication for ongoing Customer Due-Diligence and transaction monitoring to identify suspicious customer activity/behavior /transactions with sanctioned or High-Risk jurisdictions.

5. LFIs may rely on customer identification, and verification carried out by a third party but shall make sure to abide by the following.

The LFIs shall obtain all relevant information from the third party.
Take the required steps to ensure that a third party provides copies of customer documentation/information used for CDD.
Third-party complies with the record-retention requirements provided in Cabinet Decision No. (10) of 2019 and Decree Law No. (20) of 2018 on Anti-Money Laundering

6. LFIs should take appropriate measures to safeguard and deal with the inherent technology risk and challenges posed by digital ID systems and shall ensure implementation of such processes and systems to reduce the Identity proofing and enrolment risks, e.g. cyberattacks, security/cyber breaches, use of stolen/falsified/synthetic ID details due to the reliance on the open networks like the Internet.

7. The Guidance sets out a strategy for mitigating threats to the identify proofing and enrollment process laid down by the U.S. National Institute of Standards and Technology (“NIST”) Digital Identity Guidelines.

8. The Guidance also talks about the risks at the authentication stage, like credential stuffing, Phishing, man-in-middle (credential interception), PIN code capture and replay, which are exploited without the owner’s knowledge.

9. LFI’s shall ensure that the Digital ID system adopted shall provide complete confidence/assurance and is working efficiently to produce desired results. The same should be protected against internal and external manipulation and shall detect unauthorized users, cyberattacks, and insider fraud.

10. LFIs shall at first conduct Assurance Level Assessmentto understand the assurance levels of the digital ID system based on its governance, technology, and architecture to determine its reliability and independence. The assessment can be performed by themselves, or they may consider obtaining an audit or assurance certificate from an expert body.

11. Post Assurance Level Assessment, the LFIs shall conduct an Appropriateness Assessment to determine whether the digital ID system is reliable to deal with potential Money Laundering, Terrorism Financing, fraud, and other financing risks. LFI’s Assurance and Appropriateness Assessmentof the digital ID system to perform CDD shall be documented and updated periodically.

12. The Guidance has various illustrations adapted from NIST Digital ID Guidelines for technical requirements for

the identity proofing and enrollment
authentication protocols and processes
authenticator lifecycle management

13. This Guidance focuses on the use of digital ID systems for performing Customer Due-Diligence at the time of Onboarding/opening of account and ongoing monitoring, which will help mitigate the potential risks of Money Laundering and Combatting the Financing of Terrorism and safeguarding the financial system of UAE.

How can NIYEAHMA help?

NIYEAHMA is one of the top AML Consulting firms providing end-to-end support services for Anti-Money Laundering and Combatting Terrorism Financing to Financial Institutions, DNFBPs and VASPs. We can assist you in conducting Business Risk assessment, selection and assurance assessment of Digital ID systems, complying with ongoing monitoring of Transactions, and identification and reporting of suspicious transactions.

About the Author

Dipali Vora

Associate Company Secretary

Dipali is an Associate member of ICSI and has a Bachelor’s in Commerce and a General Law degree. She has an overall experience of 7 years in the compliance domain, including Anti-Money Laundering, due diligence, secretarial audit, and managing scrutinizer functions. She currently assists clients by advising and helping them navigate through all the legal and regulatory challenges of Anti-Money Laundering Law. She helps companies to develop, implement, and maintain effective AML/CFT and sanctions programs. She knows Anti-money laundering rules and regulations prevailing in GCC countries and specializes in Enterprise-wide risk assessment, Customer Due-diligence, and Risk assessment.

Article UAE

10 Mistakes To Avoid In Defining Risk Appetite For A Solid Risk-Based Approach

In the world of Anti-Money Laundering, risk appetite is the amount of Money Laundering (ML), Terrorism Financing (TF), and other financial crime risk you are willing to take as a part of your business strategy. Businesses adopt a risk-based approach to counter ML/TF risks and prioritise resources. The article highlights the top 10 mistakes to avoid in defining risk appetite for a solid risk-based approach.

The business world is dynamic. It changes every moment. There are new opportunities to explore. And there are emerging risks that you need to be wary of.

Similarly, criminals are exploring new ways of committing financial crimes. There are new avenues for money laundering, terrorism financing, and similar crimes. It requires you to prepare your business to prevent, manage, or eliminate these risks. You can do this when you know your risk appetite.

There is no universal standard of ML/TF risk appetite. It differs from entity to entity. Also, the risk appetite can change at different stages of an entity’s lifecycle.

Defining ML/TF risk appetite is crucial for risk identification, assessment, and management. Once you know how much risk you are willing to take, you can determine the strategies to tackle it. So, identify your risk appetite in a clear, comprehensive way. Avoid the most common mistakes businesses make while doing so.

If you take too many risks, you might compromise compliance requirements. If you play too safe, your growth might stagnate. So, it would be best to strike a fine balance between the two to decide your risk appetite.

We list the common missteps businesses in India take while identifying their risk appetite. You must dodge these pitfalls to enable a successful risk management framework. But before this, we give you more details on why risk appetite is significant for any entity in India.

What Is Risk Appetite

It is best to define ML/FT Risk Appetite as the amount and type of risk an entity is willing to take on in pursuit of its goals and objectives.

Difference Between Risk Appetite And Risk Tolerance

Risk Appetite differs from risk tolerance in the sense that it’s an umbrella term defining the philosophy behind the overall risk management efforts. In contrast, risk tolerance is the level of risk that an entity is willing to take per individual risk.

The Importance Of Defining Risk Appetite Statement

Risk appetite is the amount of risk you are prepared to accept to realise your objectives. It is your risk-taking philosophy. It displays your attitude and outlook on risk-taking. It is the uncertainty that you are ready to bear pursuing your business goals.

The risk appetite statement defines your willingness to accept risk. It determines the various risks you are ready to take and the ones you don’t accept. It helps you adopt the risk-based approach.

By defining your risk appetite, you guide your risk management process. You can understand, manage, and mitigate money laundering risks properly. Thus, you can limit the scope of financial crimes and illegal activities in your business.

Risk Appetite Statement is the formal way to communicate the entity’s stand on accepting risks. You can determine what opportunities to explore despite the risk and what prospects to reject owing to higher risks. This means risk appetite gives you a solid base to analyse trade-off decisions. Thus, your strategic discussions, decisions, and actions get a better direction.

It is also a great way to manage resource allocation. Moreover, you can determine your business’s technology needs based on the risk appetite statement. Thus, it helps you plan for your business’s future requirements.

Your AML control measures depend on your risk appetite definition. It structures your brainstorming and discussions on AML programs. As a result, you have more information while designing the AML framework, leading to greater efficacy.

10 Critical Lapses While Defining Risk Appetite Of The Entity

While identifying and defining your business’s risk appetite, avoid making the following mistakes:

1. Making It A Theoretical Exercise And Ignoring The Practical Implication

You understand the importance of identifying risk appetite. It is crucial for your risk management and AML policy development.

So, do not make the mistake of treating it only as a theoretical exercise. It is not a bureaucratic process. Use it where necessary. It is a critical part of your AML journey, so you must analyse its practical implications. You must consider all the aspects of your business and identify your risk appetite.

Your risk appetite definition must be a part of your risk management planning. It must feature in your plans for defining AML procedures, policies, and controls. So, you must take it seriously and focus completely on it.

2. Focusing Only On The Qualitative Or Quantitative Aspects Of Risk Appetite

For some of you, defining risk appetite means writing a statement and abiding by it. It says that you are ready to accept these various risks and avert the other risks. Qualitatively, it sounds straightforward.

For some other businesses, it is a quantitative exercise. You list the various risks and the percentage of acceptability. Yes, it takes time and requires calculation and analysis. Also, it is challenging to get accurate numbers or percentages.

No one is wrong here. Both are correct. You must have qualitative and quantitative definitions for better understanding across the organisation. Take a holistic approach to defining risk in words and numbers to better understand the risk appetite.

3. Lack Of 360-Degree View In The Identification Of Risk Appetite

It’s essential to consider every team’s viewpoint before defining risk appetite. Whether you are the top management executive, risk manager, or AML compliance officer, only one person’s outlook is insufficient to define risk appetite. You must discuss with the internal stakeholders, understand and define their perspective.

The top management’s view is needed to understand the company’s long-term goals; they know the strategic plans, actions to take, and yearly goals. They can assess what objectives are necessary to achieve while managing the risks.

An AML compliance officer’s perspective is essential to understand the money laundering scenario. They can comprehend the legal requirements, AML trends, emerging risks, and your business’s possible AML controls. They know better what risks are acceptable and what are not bearable in your AML journey.

Also, you need inputs from all teams to get a 360-degree of the risk appetite. The risk appetite might be partial and incomplete without such a holistic view. It won’t serve the purpose of risk management, making you more susceptible to money laundering threats.

4. Copying Risk Appetite From A Peer Organisation Or A Competitor

Give risk appetite the importance it deserves. For this, stop thinking of your risk appetite as the same as a similar company’s in the market. That’s not possible. Even if two entities are similar in size, sector, products/services, and business model, their risk appetites aren’t.

A one-size-fits-all approach does not work in the case of risk appetite. It is specific and unique for every entity. So do not copy-paste the risk appetite from another entity. If you make a general risk appetite statement, your employees will not accept it. So, customise it to ensure the possible management, mitigation, and prevention of risks.

Conduct your own research. Interview your internal stakeholders. Understand your business model, growth trajectory, and objectives. Based on this analysis, identify how much risks you are willing to take for your business’s journey.

5. Too Technical, Inconsistent Language, Or Complex Words

You are defining the risk appetite for your organisation. Your employees, team members, and management will need to refer to it for their decisions and strategies. So, try to write the risk appetite statement in entity-fitting language. This means the language commonly used in your business operations.

Don’t make it too jargonish. Too many technical words will not be comprehensible for some of the employees. Also, the use of acronyms will make it incoherent. So, make it simple, unambiguous, and less technical. All your employees must be able to interpret it easily for use in decision-making.

Also, keep the terminology for risk appetite and related measures consistent. You must use similar language in risk management programs, AML policies, and due diligence measures. Such consistency enables better understanding and clarity of the entity’s risk philosophy.

6. Neglecting Negatives Over Positives Or Vice Versa While Defining Risk Appetite

Risk appetite covers your risk philosophy. And it will include both – the positives and the negatives. But if you ignore one over the other or forget to include both aspects, your risk appetite definition is incomplete.

It means you must consider the opportunities that risk-taking offers. Obviously, when you accept some risks, you will get returns. You can explore more business prospects, expand to new markets, acquire new customer segments, or take any other action.

You must also not ignore the downside risks, which means the threats. Analyse the effects of such potential threats before defining the risk appetite. So, keep a fine balance between the two to ensure you do not suffer later.

7. A Static, Rigid Approach To Risk Appetite Identification

Industries are evolving. The world and Indian economies are changing. So, the risks are also fluctuating and new risks are coming up. Even organisations’ regulatory landscape is transforming.

Amid all these changes, your risk appetite definition must also change. You can’t keep it as before. It must reflect the changes in the following factors:

Macroeconomic environment
Regulations
Stakeholders’ feedback
Emerging risks
Trends in business verticals
Delivery Channels
New business opportunities
Demand-supply in market
Geographies
Products/Services offered
Type of customers served

So, you must review your risk appetite at regular intervals. You must go through it to see if it reflects the changes in the business context. If not, update it. You can set it as an annual exercise to evaluate it so that you can incorporate changes based on internal and external business evolution.

8. Absence Of Acceptability Of The Risk Appetite By The Internal Stakeholders

If new employees join your company, but their thoughts are not aligned with your vision/goals, their efforts will be questionable. Similarly, implementation would be challenging if the internal stakeholders do not align with the risk appetite statement.

So, get the acceptability of all internal stakeholders on the risk appetite. They must accept it. The employees must be ready to undergo training on managing this risk appetite. They must know how the risk appetite affects decision-making and the best actions to take.

Also, the senior management must set the tone. This means it must ensure that employees accept the risk appetite and work with it to achieve business objectives. That is why it is crucial to identify risk appetite in coordination with all departments. The senior management must ensure an appropriate risk culture is set and acted upon.

9. Disregarding Risk Exposure, Priorities, And Tolerance

You cannot ignore risk probability while determining risk appetite. You can determine the exposure once you know the likelihood of various risks. Risk exposure knowledge helps you analyse the impact of various risks. You can determine your risk priorities based on this information on risk exposure and impact.

You must also know your risk tolerance (how much extra risk you are ready to take after your risk appetite). These cultural factors of your business help you better understand your risk appetite.

Now, since you know your boundaries, priorities, and tolerance levels, you can define the risk appetite. Thus, ignoring any one factor can lead to incorrect definitions. And correct identification of risk appetite enables you to achieve your long-term strategic goals.

10. Not Integrating Risk Appetite With Decision-Making

So, you define your risk appetite in simple words. It is a result of qualitative + quantitative exercise. It considers all your business aspects and is acceptable to all internal stakeholders. This means you avoid all the above mistakes and are happy with your risk appetite.

But, then? What if your decisions still lack risk consideration? What if you make strategies without deliberating over your risk appetite? This means it is not serving the purpose.

Use it in your decision-making. For example, when analysing whether to “go or no go” for an alternative, consider your risk appetite. When deciding whether to onboard a high-risk customer, consider your risk appetite. Evaluate what option is within your risk appetite and what you can handle. Ignore the option that is out of your risk appetite limits. Thus, it can be a point of comparison between various decision alternatives.

Conclusion

Thus, these common lapses can occur when identifying and defining risk appetite. You must be extra cautious to avoid falling into such traps. Try to avoid these errors to have a clear, comprehensive risk appetite statement. Once you have this, you can expect a smooth risk management and mitigation ride.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Understanding the Predicate Offences to prevent money laundering

No significant financial crime can be executed without resorting to the smaller crimes, as generally, there exists a network of crime to drive another crime or act as a shield to one another. Various offenses are also part of more significant offenses like money laundering and terrorism financing and help them in a certain way either to achieve the purpose of such offenses or to help the offender from being caught after committing such offenses. These kinds of offenses are known as Predicate offenses.

Simply put, a predicate offense is an illegal activity that is the foundation or the first crime in the chain of another crime. For example, in money laundering, an illicit act of tax evasion can be construed as a “predicate offense,” as the illegal proceeds generated from tax evasion would be laundered.

What is Predicate Offense under UAE AML/CFT regulations?

Under the UAE AML/CFT regulations, the phrase “Predicate Offense” has been defined as under:

Any act constituting a felony or misdemeanor under laws of the UAE, whether committed inside or outside the UAE, when such act is punishable in both countries – UAE and the other country where the crime has been committed.

Further, the definition of the term “Crime” in the UAE AML/CFT regulations includes money laundering and related predicate offenses.

What activities will be considered Predicate offenses?

Predicate offenses vary in every country and are usually codified in a country’s criminal code, considering the economy and market of the country.

To include the broadest range of predicate offenses, the FATF has provided that countries should apply the crime of money laundering to all serious offenses. 21 Predicate offenses have been classified by FATF (Financial Action Task Force). These all are criminalized internationally. Note that this list is not a comprehensive list of predicate offenses, as there may be any other act of misdemeanors or felonies, apart from what is mentioned hereunder, which aids the laundering of funds and, thus, be considered as predicate offenses.

The 21 Predicate offenses that are provided by the FATF are as follows: –

terrorism, including terrorist financing
illicit arms trafficking
participation in an organized criminal group and racketeering
trafficking in human beings and migrant smuggling
sexual exploitation, including sexual exploitation of children
tax crimes (related to direct taxes and indirect taxes)
illicit trafficking in stolen and other goods
corruption and bribery
forgery
counterfeiting currency
insider trading and market manipulation
environmental crime
murder, grievous bodily injury
kidnapping, illegal restraint and hostage-taking
robbery or theft
smuggling; (including in relation to customs and excise duties and taxes)
illicit trafficking in narcotic drugs and psychotropic substances
extortion
fraud
piracy; and
counterfeiting and piracy of products.

For example, a public officer abused public office, resorted to corruption, and used these illegally obtained funds to buy gold and diamond jewellery. In this case, bribery/corruption would be treated as the predicate offense, and the conversion of the funds into precious metals and stones would be the actual money laundering crime (act to conceal the source of proceeds).

Thus, for predicate offenses, it can be said that the crime of money laundering would not have been possible had there been no funds from the predicate offense of corruption/bribery.

Why is it essential to fight predicate offense?

As mentioned above, predicate offenses are the underlying crime that generates the motive – the illegal proceeds, for committing money laundering. Mitigating these crimes at the first stage is pertinent to prevent the large-scale financial crime of money laundering.

In the above example of corruption and conversion of illegal funds into precious metals/stones, had the corruption crime been identified and prevented, there would not have been any funds for the person to launder.

Apart from money laundering, such predicate offenses harm society and the economy.

For example –

Corruption pollutes the government’s work and causes a loss of faith in the country’s bureaucracy,
Arms trafficking creates violence,
Drugs and narcotics have adverse impacts on the health of individuals,
Piracy devalues the original art and demotivates the creator, etc.

Given the adverse effects of these predicate offenses and the fact that it drives major financial crimes, it is pertinent to target these more minor crimes from the root and cut them off to safeguard the economy and society.

Regulatory bodies understand the significance of curbing predicate offenses to prevent money laundering. Accordingly, regulatory provisions have been enacted to consider these predicate offenses as crimes and made punishable to safeguard the financial systems.

Can a person committing a predicate offense be held guilty under UAE AML/CFT regulations?

The AML/CFT law provides that a person shall be held guilty of committing a predicate offense and be treated as the perpetrator of the money laundering crime if he knows the fact that the associated proceeds have originated from a misdemeanor or felony and intentionally commits any of the following acts:

Carrying or transmitting the proceeds to hide the illicit source of funds,
Hiding the actual source, nature, location, ownership, and rights associated with those proceeds,
Acquisition, possession, or utilization of those illicit proceeds,
Helping the money launderer or perpetrator of predicate offenses escape punishment.

The UAE AML/CFT laws provide that the penetrator of predicate offenses will not be saved from the punishment of committing the crime of money laundering, as these two crimes would be treated as independent crimes. Thus, a person guilty of a predicate offense would also be charged with a money laundering crime and punishable under both offenses.

Companies need skillful and knowledgeable employees to implement a robust AML framework to safeguard the business from being exploited by money launderers.

AML training brings a consistent understanding, across all levels, of the importance of AML compliance and their role in identifying ML/FT threats to save the company and its reputation. All the employees, including the senior management, stay more aligned with AML-related organizational objectives, resulting in the more successful adoption of the AML/CFT compliance program.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Best Practices for Selecting a Name Screening Software

Developers use augmented reality dashboard icons with responsive

Best Practices for Selecting a Name Screening Software

As a regulatory requirement, regulated entities in India must perform screening of their existing and potential customers. The customers are screened for sanctions, watchlists, PEP databases, and adverse media. For these needs, a standard technology solution across countries is the name screening software. It helps identify such individuals and entities matching these lists. The article outlines the best practices for selecting name screening software.

Significance Of The Name Screening Software

Generally, entities use local and international-level watchlists from relevant authorities to match their customers. By this, you can identify risky customers, employees, and transactions. These lists include PEPs (Politically Exposed Persons), Sanctions, Terrorists, Drug traffickers, Weapons proliferators, and other financial criminals.

News sources and media sites are also excellent tools for news about your customers. You can sift through this news to search for the negative connotations.

By identifying criminals, you can stop transacting with them if they are existing customers. If potential, then you can avoid forming a business relationship with them.Thus, you can prevent money laundering and terrorism financing threats to your business. Also, you can ensure AML compliance and prevent AML penalty imposition on your business.

Besides, with a name screening tool, you can ensure result accuracy due to the absence of human errors. You also screen the names against updated lists, improving the preciseness of your results. Also, such tools can screen massive datasets, saving time and money. With the rise in your customers and transactions, the system can handle huge workloads without compromising the quality.

Having such software shows your commitment to enabling secure transactions and business. Identifying a robust and effective name screening software is a critical activity. Since it is crucial for your AML compliance, you can make mistakes in the selection process. So, we bring you a list of best practices to adopt while selecting a name screening software.

Name Screening Software Features

Ensure that the Name Screening Software supports the following features:

Reliable, comprehensive, and up-to-date data sources
Easy use navigation
Due diligence workflows
Batch screening
Global coverage
API integration

When you have these features, you get the guarantee of accurate and on-time results. You can identify risky customers, avoid them, and prevent financial crimes.

Name Screening Software Selection Best Practices

Your name screening software must be accurate and up to date. Customisation for your business needs and goals makes it more efficient and effective. Also, it must be easy to use and understand for the users. To have these features and make it useful for your business, you must follow the following best practices:

Keep In Mind The Evolving AML Regulatory Needs

The name screening solution must be able to check your customers’ names in any of the watchlists. If they appear in the list, you will not transact with them. If not, you can identify them as genuine and unrelated to financial crimes. In such cases, you can form business relations with them. Thus, it is a medium to keep you away from money laundering threats.

You can follow AML regulations with it. That is why you must consider the evolving nature of India’s AML regulations. The solution must stay updated to include all relevant AML regulations. Also, it must comply with the global sanctions, watchlists, and regulations. Complying with industry-specific requirements can be a significant value addition.

User Interface And Experience Must Be Top-Class

The effectiveness of a technological solution depends on its user interface and experience. A similar case is the case with a name screening solution. It must be easy to learn, understand, train, use, and navigate.

So, while selecting sanctions screening software, ensure it has these capabilities. The user interface must be intuitive to make its use smoother and understandable. This feature results in efficient performance of the solution and user satisfaction.

Ensure That The Solution Is Scalable

In future, your business will grow. You will have more customers, employees, and transactions. This will lead to an increase in data volumes. So, it would help to have a solution that can handle large datasets.

While selecting a name screening software, ensure that the system is scalable. It must be able to adjust to the rise in data volumes. Even if your data increases, it must be able to match with the watchlists and generate results for your business. Thus, you do not need to change the software even when your company grows.

Accurate Results Must Be The Prime Feature Of The Solution

What is the first feature you will look for in name screening software?

Accurate results. Preciseness.

So, while selecting the solution, please pay attention to its accuracy. Research on the algorithms used for building the solution. Understand the parameters based on which the solution defines rules to generate results.

Since it is a name screening system, it should eliminate false positives to reduce your time and effort. So, try to reduce the number of false positives and false negatives. This is possible only if the parameters, factors, and rules are correctly set. You can expect higher accuracy if these are defined per industry needs and local and global watchlists.

Name screening becomes challenging when the customers belong to countries that do not use the Latin alphabet. Conversion of these names has a higher chance of inaccuracies. So, ensure that the screening algorithm does not only focus on the full name. It must include the parameters of acronyms, aliases, spelling variations, nicknames, and other minor differences.

Report Creation Must Be Possible In The Sanctions Screening Software

Choose a solution that also produces reports on the generated results. Reports are the proof of the results generated by the name screening solution.

You will need these reports to submit to your senior management and authorities. It will help you determine which customers are sanctioned individuals/entities and which are not. Your management can decide whether to start or continue the business relationship. The authorities may need these reports as proof of matches with the watchlists and as a regulatory record-keeping requirement.

Customisation Is The Key Differentiator

If you are required to comply with AML regulations in India, you must be one of the following:

Financial institutions
Virtual asset service providers
Participants of the securities market
DNFBPs (casinos, CA, CS, legal professionals, jewellers, real estate agents, etc.)

Despite the same regulations, risks, transactions, customers, business models, and processes differ. Due to these distinctive features, the AML frameworks, policies, procedures, and controls will be unique.

Also, the unique business needs of an entity make it different from other entities in the same or different industry sectors. That is why the solution you select for name screening needs customisation per your preferences.

In the AML scenario, your risk appetite and tolerance differ from other players. This factor also impacts the customisation you need in the name screening system. You will have rules, thresholds, and criteria for matching customers with watchlists.

There is also a difference in the sensitivity of transactions for different customers. So, consider all these factors while deciding the matching thresholds of the solution. For all these reasons, it is crucial for you to look for customisation while selecting the name screening solution.

Data Security And Privacy Of The Solution Is A Priority

Your name screening software has loads of information on your customers. You need this information to match with the watchlists. But you cannot compromise on the confidentiality of this data.

So, you must select a solution that keeps the data secure and private. It must enable encryption of data and secured data transmission to avoid security lapses. Also, the solution must follow the data protection rules in India. Thus, you must ensure that the data remains confidential and secure.

Aligned With EWRA And AML/CFT Program

The name screening software must fulfil the regulatory compliance requirements and ensure alignment with the Enterprise-Wide Risk Assessment (EWRA) and the AML/CFT program implemented by the entity. The name screening software must be configurable for fuzzy matches and approval workflows in line with the AML/CFT framework.

Integration With Existing Systems

Integration with the existing systems makes your work smoother. It becomes easy for you to run the name screening process in alignment with other workflows. Your processes become efficient and faster.

For example, integration with the system you are using for KYC and CDD can work out best. Since these solutions handle customers, they have a shared database of customers’ information. With one database, an integrated solution can generate results for KYC, due diligence, and name screening.

Employee Training Is A Requisite For A Successful Run Of The Software

What will happen if you install a name screening solution and your employees do not know how to operate it? No ROI of such a solution. Therefore, you must train your employees on the new solution to generate quality results.

Besides training on using the name screening system, you must also explain the purpose of doing this process. Points like:

Necessity of AML screening
Process of conducting it
Regulatory compliance requirements

Once they understand these, they can better contribute to the name screening process. Moreover, they must know the latest regulations to incorporate them into the parameters, rules, and thresholds.

Selection Of The Right Vendor Providing The Name Screening Software Is A Game Changer

Above are the key features and capabilities you must have in your name screening solution. But you need to find a vendor who will provide such a solution, along with support services. So, selecting the right vendor is crucial for your AML screening process.

You must look for the right vendor to provide a solution that meets your needs. You must assess the following factors while finalising a vendor:

Willingness to customise the solution per your needs
Training and support services
Customer testimonials of successful solutions and services
Frequency and regularity of software update
Up-to-date watchlist database
A dedicated team to handle your project
Integration services

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article India

Uncovering the Red Flags of NFT-Related Money Laundering

Uncovering the Red Flags of NFT-Related Money Laundering

With the increased acceptance of artwork using Non-Fungible Tokens (NFTs), comes the increased risk of money laundering and terrorism financing, induced by anonymity around the origin, mode of transfer, and payment. With this, awareness about the risk indicators associated with NFTs is very pertinent amongst NFT users and society as a whole.

Recently, the Joint Chiefs of Global Tax Enforcement (J5) issued a list of red flags that financial institutions, business organizations, and individuals must be aware of. The document released by J5 is the ‘J5 NFT Marketplace Red Flag Indicators’, which highlights how criminals constantly develop new ways to exploit emerging technologies.

NFT Critical red flags suggesting high ML/FT risk

Collection or organization of the NFTs from the high-risk jurisdictions
Collection of similar kinds of NFTs in large numbers to launder money between related wallets
Distribution or giveaway of fake or forged NFTs
Manipulation of the NFT values (unreasonably high) by the frequent buy-sell transactions between connected wallets (also known as “Wash Trading”)
High turnover of low-valued NFTs
Sell of newly minted NFTs at a very high value, contradictory with the other NFTs and a general trend
A high volume of trading of overpriced/underpriced NFTs within a short time gap
Mismatch in the NFT minting address and the contract address appearing on the exchange portal
A high volume of trading for the NFT collection purchased from a mixer or tumbler
Transaction value exceeding US$ 100,000 for newly minted or secondary market tokens without any apparent community
Request to share the seed phrase (translation of the private key) from the virtual asset wallet to execute the transaction
The same tokens were reacquired from the same party or the third party at a lower price, to whom earlier the said tokens were sold at a higher value
Phishing – flooding the inbox by sharing fake NFT offers
The unreasonably high price gap between the legitimate marketplace and a particular site
Unverified social media presence, with no apparent followers
Unnecessary exchange of NFTs between the same group of people or network

Other Risk Indicators suggesting medium ML/FT Risk related to NFTs

NFT with re-used code
NFT without any thumbnail appearing on the marketplace
No information is available about when and where the NFT was minted
Minting an NFT or buying it at an inflated price and immediately selling it off at a significant loss
The absence of the contract address makes the tracing of NFT difficult in the marketplace
High-volume transactions of the tokens purchased from the same wallet or network of wallets
Unverified accounts on the market profile
Details of the NFT not clearly captured – properties and description of the token missing
High value structured into smaller valued multiple transactions, over a short period, with no observable community

It is essential to understand these red flags and stay alert towards the same to reduce the chances of exploitation of the NFTs for laundering money or financing terrorism.

This list will enable the market participants to improve their fraud detection policies and deploy the necessary mitigation measures. They must implement customized compliance programs to avoid becoming victims of money laundering or other financial crimes.

Let us all fight the risks of the execution of financial crimes using cryptocurrency and virtual assets.

How can Niyeahma assist you in AML NFT Compliance?

Awareness of the NFT-induced red flags is critical to safeguard yourself from being vulnerable to financial criminals exploiting the technologies.

AML UAE is a firm offering end-to-end AML consultancy services to Financial Institutions, DNFBPs, and the VASPs. We offer assistance in implementing the AML framework, training the compliance officer and team, offering AML software, managing customer onboarding, etc.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE