Money Laundering Fines and Penalties in UAE

Money Laundering Fines and Penalties in UAE

Money Laundering Fines and Penalties in UAE

AML compliance is mandatory for financial institutions, Designated Non-Financial Businesses and Professions (DNFBP), and other regulated entities. The UAE Ministry of Economy announced different Money Laundering Fines and Penalties in UAE. The Ministry has listed 26 categories of fines for violating the money laundering and terrorism financing laws.
The UAE government monitors the AML compliance and has set up a specialised unit to investigate the control of DNFBPs, dealers in precious metals and stones, auditors, real estate agents and brokers, etc., as such businesses and professionals are prone to money laundering and corruption. 
Let’s know the different fines and penalties applicable in the UAE for violating AML rules and regulations.

1. Money Laudering Fine of Dirhams 1 million or more

When organizations fail to take appropriate actions for customers included in the international or local sanction lists– they must follow the due diligence process before starting a business relationship. If there is a dealing with unauthorized banks, AED 1 million or more fine is also applicable. The penalty is also applicable if bank accounts are opened or maintained using fake names, not the actual holders’ names. 

2. Money Laundering Fines and Pentalties of Dirhams 200,000 or more

  • If the Enhanced Due Diligence process is not followed to identify the high-risk customers. If the FIU- Financial Information Unit is not informed of the STR- Suspicious Transaction Report in cases where the institutions cannot follow the customer verification process- due diligence process before creating or maintaining a business relationship or carrying out a transaction for the benefit of the client or in his name.
  • If the FIU has asked for additional information for the reported suspicious transactions and organisations fail to comply, then a fine is also levied in such cases.
  • Suppose, due to suspicions about the nature of the business relations- its process or intentions are disclosed directly or indirectly to the customer or a third party. In that case, such actions attract a penalty of AED 200,000 or more.
  • If the measures identified by the National Committee for Combating Money Laundering regarding customers from high-risk countries are not implemented, the fines are levied.

3. AML Violations and Fine of Dirhams 100,000 or more

  • If the requisite measures are not adopted for identifying risk and evaluating the same when the services are provided or undertaken with new professional activities.
  • If the requisite due diligence measures are not taken for clients before establishing or continuing a business relationship or making a transaction that benefits the customer.
  • If the customer identity and that of the UBO or their deputy is not verified before or while establishing a business relationship or before with a client with whom there’s no previous business relationship.
  • If there’s a delay of information about the STR to the FIU in events where there’s a suspicion that the customer is related to crime wholly or partly- if there’s reasonable ground to suspect that the client money is involved in establishing the business relationship has been obtained from criminal activities.
  • If the due diligence measures are not followed for PEPs-Politically exposed Persons before establishing or maintaining a business relationship.
  • If proper records are not maintained on the financial transactions with the customers.

4. Money Laundering Fine of Dirhams 50,000 or more

If proper AML training is not provided to the staff to help them be aware of the procedure of abiding by the AML laws. Preventing competent authorities’ access upon their request and the results obtained from due diligence and continued monitoring are not provided. Access is granted to analyse the results- the records, files, documents, correspondence, and forms on both sides.
If financial transactions records are not maintained for:
  1. five years from the date of transaction completion,
  2. expiry of the customer relationship,
  3. completion of inspection of their facility.
  • The fine is applicable as maintenance of such records is mandatory.
  • If irregular records for financial transactions have been maintained and do not help in analysing data and tracking the financial activities, a fine is imposed.
  • It is mandatory to appoint an AML compliance officer (MLRO), and failure of such an appointment attracts a penalty.
  • If due diligence measures for continuous customer monitoring are not taken, and the required procedure is not followed to understand the type and nature of the client’s business, the ownership structure, and control (UBO) –then the fine is levied.
  • If the institution has not taken the required measures to understand the purpose and nature of the business relationship and has not obtained information for the same, it also attracts a penalty of AED 50,000 or more.
  • If the institution has not followed the simplified due diligence processes to manage low risk.
  • Internal AML policies, procedures, and controls are required to be established to identify suspicious transactions, prevent money laundering and identify customer risk- failure to do so attracts a penalty.
  • If necessary, measures and procedures are not adopted to mitigate the identified risks, which come to light after a national risk assessment and self-assessment.

AML Fines and Penalties in UAE

The UAE government has neatly classified each non-violation of AML rules and regulations and clearly defined the fines for them. So it’s essential to follow the AML laws and keep the business AML compliant at all times to avoid penalties. It is necessary to conduct AML/ CFT Health Check, create the Annual AML/ CFT Assessment Report and follow the AML / CFT Policy Controls and Procedures Documentation. AML Training helps to sync with the latest AML guidelines and train the employees about the diligence process and identifying suspicious transactions and financial activities.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Decoding AML Program Implementation in IFSC Entities

Decoding AML Program Implementation in IFSC Entities

Decoding AML Program Implementation in IFSC Entities

Decoding AML Program Implementation in IFSC Entities

India has set up the International Financial Service Centre (IFSC) to develop India as the global investors’ hub, resulting in foreign investors setting up their business operations in IFSC. With IFSC entities’ global exposure in terms of business activities and customers, the risk of financial crime becomes more worrisome. Strong AML program implementation in IFSC entities must be ensured to overcome the risk of financial crimes. The IFSC-regulated entities must adhere to the AML/CFT regulations introduced by the authorities to safeguard the business and the economy against ML/FT vulnerabilities.

Understanding The Applicability Of The AML/CFT Regulations In IFSC

The IFSC Authority issued the International Financial Service Centre Authority (AML, CFT, and KYC) Guidelines, 2022, to provide detailed instructions and guidance to the business registered into IFSC around combating financial crimes. The IFSCA AML Guidelines have been developed based on the Prevention of Money Laundering Act, 2002 (PMLA) and the Prevention of Money Laundering (Maintenance of Records) Rules, 2005.
The IFSCA AML Guidelines are applicable to all the companies licensed to operate in IFSC and are subject to supervision by the IFSCA. Thus, every IFSC entity has to comply with the AML regulations, irrespective of the nature and size of the business activities – whether a financial institution or a non-financial business or profession.
The IFSCA AML Guideline mandates the regulated entities to assess their risk and implement appropriate AML/CFT policies, procedures, and controls to mitigate these risks.
Decoding AML Program Implementation in IFSC Entities
Non-compliance with AML/CFT regulations by the IFSC entities can result in adverse consequences such as heavy administrative fines, cancellation, or suspension of business licenses. Apart from this, the entities’ reputation is also affected, losing out the customers’ trust and confidence.

Stepwise Process For Effective Implementation Of An AML Program In IFSC Entities

To ensure the effectiveness and comprehensiveness of the AML policies, procedures, and systems, the IFSC entities must follow a systematic approach, which includes the following steps:

Assessing The ML/FT Risk By Conducting Enterprise-Wide Risk Assessment

The AML program has to be customized to manage the actual ML/FT risk exposure of the IFSC business. Thus, the initial exercise is to identify and evaluate the risk the IFSC entity is vulnerable to by performing an Enterprise-Wide Risk Assessment or the AML Business Risk Assessment. The risk assessment must be performed considering the relevant risk factors such as the company’s customer base, the geographies from which the business is conducted, the nature of goods or services offered, the delivery and distribution channels deployed, etc.
The risk assessment must be comprehensive, based on the quantitative and qualitative aspects of the ML/FT risk to identify the potential risk the business may face. The assessed risk must be classified as a high, medium, or low basis, its likelihood of occurrence, and the impact it may cause on the business. Accordingly, resources must be prioritized, and risk mitigation measures must be deployed.

Developing And Implementing The AML Policies, Procedures, And Controls

The results of the business risk assessment must be used to design the AML Program of the IFSC entity that can effectively tackle the identified ML/FT risks. The AML framework must be aligned with the nature and size of the business and the applicable regulatory obligations. The policies must include the following:
  • customer onboarding process (Know Your Customer, customer screening against sanctions, identification of Politically Exposed Person (PEP), Customer Risk Assessment methodology, managing the high risk with Enhanced Due Diligence measures, ongoing transaction monitoring systems, etc.)
  • Identifying and reporting suspicious transactions (defining the red flags, laying down an internal reporting mechanism, etc.)
  • AML Governance Structure (appointment of the AML Principal Officer and Designated Director, creating AML awareness, seeking support from the senior management, implementing AML audit function, etc.)
  • AML Record-Keeping requirement (how and what documents to be maintained)
The AML policies and procedures must be practical to implement in the course of routine business operations conducted by the IFSC entity. The same shall be reviewed and approved by the senior management. These internal policies must be well-communicated amongst the relevant team members to ensure their commitment and contribution towards AML/CFT measures.
The Principal Officer or the AML Compliance Officer must periodically review these defined AML/CFT procedures and controls to consider the legislative amendments, emerging risks, and changing business operations.

Identifying And Deploying The Right AML Solution

In this tech-driven world, where criminals are using technology to execute money laundering and terrorism financing crimes, business needs to adopt emerging tools and systems to detect and prevent these crimes. This is more relevant for IFSC entities, which serve the entire globe.
In line with eth assessed risk and the defined internal policies, the IFSC entities must implement an appropriate AML solution that strengthens the company’s AML efforts. The company must consider using technology that supports customer screening, identifying overall customer risk and deploying adequate due diligence measures, ongoing monitoring of transactions, detecting unusual customer activities, etc.
With the right tools and software, the detection of the risk indicators becomes accurate and real-time, allowing the company to take timely actions to safeguard the business and prevent crime.

Imparting AML Training

An AML Principal Officer cannot manage the AML compliance function in isolation; instead, the support of all the departments, such as sales, accounting, customer relationship management, etc., including the senior management, is required.
The IFSC entities must develop and implement an appropriate AML training program for its employees to create awareness about AML compliance, its internal standards and procedures for combating financial crimes, and how each employee can contribute to safeguarding the company and IFSC against money laundering and terrorism financing vulnerabilities.
The AML training sessions must include discussing customer due diligence measures, ongoing monitoring of the transactions and business relationships, identification and reporting of the ML/FT risk indicators, the consequences of non-compliance with the internal AML/CFT policies, etc.
The training must be conducted for every new joiner, and also periodic refresher courses on AML must be designed to ensure that the staff is up-to-date with AML laws and risk trends.

Periodic Review And Audit Of The AML Program

To ensure that the adopted AML/CFT measures are adequate and effective in mitigating the assessed risks, the IFSC entities must implement an independent audit function that periodically reviews the quality of the AML program and identifies the gaps.
The periodic review of the AML functions shall ensure that the company complies with the applicable AML regulations and has a strong working shield against potential money laundering and terrorism financing vulnerabilities.
The AML audit or review must cover the following areas:
  • Checking the relevance of the last conducted Enterprise-Wide Risk Assessment
  • Whether the Customer Due Diligence processes are followed accurately and on a timely basis
  • Review the ongoing monitoring system implemented for checking the transactions and business relationship
  • Whether the red flags listed are adequate and aligned with recent ML/FT typologies
  • Is the internal mechanism for the identification and reporting of suspicious transactions adequate
  • Are the AML records appropriately maintained for the required time frame
  • Is the overall AML program in sync with the outcome of risk assessment and the latest AML regulations
Any gaps or weaknesses identified during the audit or periodic review must be addressed immediately, and remediation measures should be deployed.
With a systematic roadmap to the AML program, the IFSC entities can ensure 100% compliance with the legal requirements, protect themselves from exploitation by financial criminals, and avoid non-compliance consequences (heavy penalties and loss of business reputation).

Partner With AML India To Implement A Robust AML Program For Your IFSC Business

With the changing provisions of PMLA and corresponding amendments in IFSCA guidelines, the entities operating in IFSC need to stay updated to ensure the quality and relevance of the implemented AML policies, procedures, and controls. Let AML India help you with smooth navigation of the AML journey, ensuring your AML program is aligned with the outcome of your AML/CFT risk assessment and the latest regulatory landscape. AML India will assist you in managing the ever-evolving risk trends and monitor the regulatory changes so that your AML compliance framework is adequate to combat money laundering and terrorism financing. We help you deploy top-notch systems and controls to fight financial crimes and safeguard the integrity of the IFSC.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

How To Find The Best Anti-Money Laundering Software?

Find The Best Anti-Money Laundering Software

How To Find The Best Anti-Money Laundering Software?

How To Find The Best Anti-Money Laundering Software?

Anti-Money Laundering software is a technological solution that facilitates organizations to meet their AML obligations. In recent years, technological advancements have enabled business enterprises to utilize the power of anti-money laundering software instead of manual methods in the process of anti-money laundering compliance. Companies want to use the best Anti-Money Laundering Software to automate their AML Compliance.
As a result, anti-money laundering solutions have multiple advantages as compared to the manual way of operations. Hence, in the current modern times, with an ever-evolving state of technology, AML software is gradually starting to come into the limelight.

What Is The Need for An Anti-money Laundering Software?

The financial service industry and Designated Non-Financial Businesses and Professions (DNFBPs) have evolved exponentially in the last few decades and are expected to grow in the coming years as well substantially. Because of this, the AML software industry has also evolved along with the same. However, the success of any financial service industry depends upon the level of customer satisfaction.
Hence, financial institutions (FIs) primarily focus on developing and offering solutions that will amplify the overall customer experience and satisfaction.
In addition, financial institutions have to provide for these services by clearly meeting their anti-money laundering obligations. Therefore, financial institutions can offer solutions and services under anti-money laundering obligations with the respective AML solutions that they use.
Several financial crimes such as money laundering or terrorist financing continue to pose significant risks across the globe. Accordingly, the audits and regulations of anti-money laundering regulators have increased substantially in recent years.
Business enterprises that fail to meet their anti-money laundering obligations have to bear hefty amounts as penalties or fines. This is the primary reason why anti-money laundering compliance has become vital for all types of business enterprises, especially financial institutions.
Find The Best Anti-Money Laundering Software
Anti-money laundering software solutions play a huge role in ensuring the AML compliance of the companies.

Checklist for AML Software

While buying AML software, you must check on the availability of the following functionalities and supporting features:

Functionalities:

  • Individual Name Search
  • Bulk Name Search
  • Individual ID Search
  • Bulk ID Search
  • Search scheduler
  • Categorization/scoring of screened person basis the database searched and results found
  • Maintains historical records and audit trail
  • Allows capturing of comments – Individually as well as in multiple search items
  • Easy downloading of search results with captured comments
  • Real-time update of the database
  • Email notification for changes in historical search results, basis the update in the database
  • Intelligent algorithm to minimize the False Positive outcome
  • Customer-wise case management

Database

  • Local/National Terrorist or Sanctions or Alert List
  • International Sanctions
  • Global Watchlists
  • Global PEP database
  • Negative media information
  • Global shelf company database
  • Law and Regulatory Enforcement

Other Support

  • Easy set-up or onboarding
  • Mandatory training on software
  • Online support for ongoing query resolution related to softwar

Benefits of an Anti-Money Laundering Software

Initially, the business enterprises used to leverage the power of manual controls for anti-money laundering compliance. However, with the constantly evolving state of technology, manual controlling methods have become obsolete and an insecure method of AML controlling.
Manual processes have always been unreliable, and the companies adopting these methods were wasting a lot of money and time. With the development of Anti-money Laundering (AML) software solutions, you can now perform all the manual processes in a more accessible and quicker manner. In addition to that, the entire process is now a lot safer and more secure. The best AML Software will not only make you more efficient but will also help you take timely decisions.

Data Is Quite Crucial For AML Solutions

One of the obligations of all the DNFBPs and Dealers in Precious Metals and Stones (DPMS) when it comes to the customer onboarding process is implementing the risk assessment. Anti-money laundering name screening software aids the business houses in implementing risk assessments for their customers.
AML name screening software screens the name of their potential clients in sanction lists, PEP (politically exposed persons), and adverse media screening to check whether it is safe to onboard a particular client or not. The level of risks is being determined at this stage.
If required, enhanced due diligence (EDD) can be conducted along with the filing of an STR in case if you detect any type of suspicious activities or transactions. The primary function of such software is to provide the companies to scan their potential clients in sanctions, PEPs, and adverse media data that is published by several countries on a regular basis.
Data plays a crucial role in PEPs, sanctions, and adverse media screening solutions. Hence many anti-money laundering software vendors who offer real-time and globally comprehensive data should be preferred.
Furthermore, it is extremely important to have access to real-time data because the sanction lists, PEPs, and adverse media screening are highly dynamic and volatile and simply keep changing with every single second passing by.
Hence, business enterprises need to control their clients in real-time data to achieve the sole purpose of the control process. In addition to that, with the development of several financial technologies, most financial institutions (FIs) started to provide international services. Hence, these business enterprises must apply spherical risk assessment is comprehensive and complex global data in order to protect themselves from potential risks.
This elevates the probability of monetary instability due to improper allocation of resources. It also facilitates a way to avoid taxation and hence depriving the income of the country.
As a result, customers, depositors, borrowers, and investors end their business relationships with the financial institutions whose reputation has been distorted by allegations of criminal activities like terrorist financing and money laundering.

Database coverage

Though the Federal law provides for screening through the UNSC Consolidated List and the UAE Local Terrorist List, it is ideal to have a comprehensive database covering the following, as such additional sanctions lists come handy when you are dealing with people from different countries and the respective countries’ list needs to be screened:
  • Argentina RePET
  • Australia DFAT
  • Azerbaijan FMS
  • Bahrain Terrorist List
  • Bangladesh CBB
  • Belgium FPSF
  • Canada Autonomous Sanctions
  • Canada Public Safety
  • Canada RCMP Crypto Freezes
  • Canada United Nations Act
  • China MFA
  • EU Sanctions
  • France Tresor Registre de Gels
  • India MHA
  • Indonesia DTTOT
  • Iran MFA
  • Japan MOF
  • Kazakhstan KFM
  • Kyrgyzstan FIU
  • Latvia FIS
  • Malaysia MHA
  • Nepal MHA
  • Netherlands Terrorist Sanctions
  • New Zealand Designated Terrorist Entities
  • Pakistan Proscribed
  • PMA Freezing List
  • Qatar NCTC
  • Russia Rosfinmonitoring List of Terrorists and Extremists (Current)
  • Russia Rosfinmonitoring List of Terrorists and Extremists (Included)
  • Saudi Arabia PSS
  • Singapore MAS
  • South Africa FIC
  • Switzerland SECO
  • Tajikistan FMD
  • Thailand AMLO
  • UAE National List of Terrorist Individuals and Entities
  • UK HMT OFSI Sanctions
  • Ukraine SFMS
  • United Nations Sanctions
  • US OFAC Non-SDN
  • US OFAC SDN
  • US OFAC SSI
  • US State Department Cuba Restricted List
  • US State Department Non-proliferation Sanctions (ISN)
  • US State Department Terrorist Exclusion
  • Vietnam MPS
  • EU Europol Most Wanted
  • Interpol Red Notices
  • Turkey MOI Wanted Terrorists
  • US DEA Most Wanted
  • US FBI Most Wanted
  • Regulatory Enforcement: US FRB Enforcement Actions
  • Regulatory Enforcement: US OCC Enforcement Actions

Advanced Search Algorithms in AML Software

Advanced search algorithms are required in order to reduce both the false positives as well as negatives in customer monitoring and the customer screening process.
During the course of the customer account opening process, a few errors might occur in the name and surname of the customer. Missing information or incorrect information can lead to a few unintended errors in knowing your customer (KYC) and customer due diligence (CDD) processes.
Hence, you should pay close attention to whether there is an advanced search algorithm in the PEPs, sanctions lists, or adverse media search data solutions that you have selected.

API Integration feature in AML Software

AML software solutions actually automate the anti-money laundering compliance process of companies. API integration is the feature that facilitates automation.
By integrating the project of your client and anti-money laundering software with API, business enterprises can ensure that all the scanning processes are taking place automatically without having any workforce working actively in the background.
For instance, you are a financial institution that encounters over a thousand clients each day. It would require a massive workforce in order to query all of these customers manually. But the API integration eliminates this problem, resulting in the conduction of all of such processes in the background automatically, quicker, and safer.
AML Compliance officers should take the required steps in order to ensure that the software is updated to its latest version and is perfectly fit to serve its baseline purpose.
In addition, anti-money laundering compliance officers should also consider the unique training needs of the employees within their financial institution. Finally, the employees who will be using this software have to get through with the processing of the entire technology.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Checklist for AML Compliance: Best Practices for Anti-Money Laundering Compliance

Best Practices for Anti-Money Laundering Compliance

Checklist for AML Compliance: Best Practices for Anti-Money Laundering Compliance

Checklist for AML Compliance: Best Practices for Anti-Money Laundering Compliance

How do you track the progress as far as complying with anti-money laundering is considered? In order to make your compliance program more resilient, cost-effective, and efficient, you need to follow best practices for anti-money laundering compliance and use checklists for AML compliance extensively.
This article is going to suggest some of the best practices you can adopt in order to comply with your AML programs. So without wasting much of your time, let us begin with the same.

Best Practices For AML Compliance

Here are the best practices that you have to follow in order to comply with the Anti-Money Laundering Laws and Regulations.

1. Anti-Money Laundering Compliance Fundamentals

Every jurisdiction has its own set of requirements, but there are a few practices that form the ground rule for the compliance of Anti-money laundering practices.
  • Do not try to overlook the importance of written Anti-Money Laundering Policies. AML compliance is not something you have control over in order to improvise it. You must first understand your AML policies well, then pen it down for your staff, business executives, and regulators. While making all your staff aware of the guidelines, you must ask a few questions to yourself so that you don’t have to compromise on the authenticity and efficiency of those policies.
  • What type of KYC records do you have?
  • What is the screening mechanism?
  • Is the customer due diligence process efficient?
Best Practices for Anti-Money Laundering Compliance
  • What communication procedures do you adopt?
  • What are your record retention policies?
  • You must have a designated individual who is responsible for the program and its efficiency. That one individual is responsible for ensuring that all the processes are followed well and are being updated on time.
  • In addition to that, the officer also has to look out for proper preparation of reports, adequate training and development, and lastly, that the entire system is working smoothly and without any hassles.
  • For the position of an AML compliance officer, you must consider someone from the senior-level management because they have both the powers and the potential to influence the qualitative as well as a quantitative measure of your business.
  • Every employee of your company who deals with transactions or customers directly or indirectly needs to understand the policies and procedures of your company.
  • All the employees must be well aware of the techniques used by the money launderers, checks they should make, legal requirements, and how to report any kind of suspicious activity.
  • However, it is crucial for you to note that AML training is an ongoing process in order to keep your staff informed and vigilant to ensure that the entire program is up-to-date.
  • Another vital aspect of that is reviewing. If you think everything is working pretty and there is no need to check your daily operations and efficiency, you are committing a serious mistake.
  • By the time you will start witnessing a problem or a hassle in the system, it will be too late. To avoid this situation, you must have an independent expert who is not directly associated with your daily operations but can monitor and review your processes on a regular basis.

2. Red Flags of Anti-Money Laundering Compliance

There will always be some signs that clearly establish that something is not right in the system or the process. Money laundering is all about bringing the illegalized money back into the market after legitimizing it through several means.
Here are a few unusual activities/red flags that you must control:
  • Unusual large cash transactions.
  • Enhanced frequency or level of transactions in multiple accounts to divide the significant amount as per the thresholds.
  • Spikes in amounts and activities.
  • Transactions associated with businesses that deal with vast amounts of cash on a daily basis, for instance, through gambling.
  • Transactions associated with several jurisdictions that have a history of money laundering activities.
  • Transactions associated with businesses or individuals that almighty be potential money launderers.
You can experience these activities at an early stage of the Customer Due Diligence (CDD) process or via an ongoing monitoring process.
At the time of onboarding a client, normal and baseline information like the type of account, expected transactions, and sources of funds should be gathered to avoid last-minute chaos.
However, it is essential for you to note that irrespective of internal examination or external reporting to the regulators, the information mentioned above is not enough to tag the activity or the transaction as a red flag.

3. Anti-Money Laundering Compliance Screening

One of the best ways to eliminate risk or reduce its impact is first to identify the scope of any sort of risks in your system and take mitigative measures at the right time.
For instance, you might want to perform a comprehensive identity verification check that has the potential to reduce the risk or scope of any fraudulent activities.
This verification check has the power to keep you safe from the threat of dealing with illegal money, breaking the rules of compliance, and many more.
People with ill intentions or the idea of fraud on their heads are getting more and more sophisticated these days.
Terrorists and money launderers are getting proficient in identifying the weak links or the loopholes in your systems which in return helps them in hiding their authentic sources of income or funds and also their relation to it.
You can block access to the individuals who want to bypass your safeguards, making your prevention systems even more secure and robust.

4. Anti-Money Laundering Compliance Monitoring

Compliance is not complete merely after the initial onboarding process. You have to keep a constant eye on the entire process. Monitoring is basically the analysis of ongoing and continuous activities to ensure that all the other activities are in compliance with each other.
You need to keep an eye on a few activities like exceeding thresholds, change of status, suspicious activities, surveillance of employees and staff, recording of the communications, new regulations, trade data, market trends, and transaction monitoring needs of various other markets.
Financial institutions must monitor all the activities thoroughly in order to ensure that no fraudulent activities are going on. In addition to that, it also restricts terrorism funding, and money laundering is not entering their financial systems.

5. Risk Management for Anti-Money Laundering Compliance

With the rate of regulatory and technological change, determining modern-day risk assessment is not the only motive. Instead, it is more about creating dynamic, adaptable, and defendable procedures and policies.
In order to make your business grow, you have to mitigate the risks even before it gets into the power of position to destroy your business.
Therefore, in order to identify the possible quantifiable risk, you must constantly monitor all the activities and take data-driven and not guts-driven business decisions.

6. Integrating Anti-money Laundering Compliance Technology

Merely hiring dedicated staff to manage costly manual compliance activities is not enough. You must utilize the potential of automation software instead of using rather wasting manual intelligence and energy.
Here are the few technologies and their eternal use that you might want to add to your existing systems in order to enhance the efficiency of the entire process.
  • Look out for already proven efficient technological options like blockchain.
  • What is the utility of adding up a new state of technology?
  • How quickly after integrating the latest technologies can you expect some noticeable results.
It is crucial for you to understand that automation won’t eliminate the need for manual powers and judgments, especially in investigations. But with the help of automation, you will be able to reduce regulatory risks, streamline the process, and restricts unnecessary overheads.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Micro money laundering: The New Kid on the Block

Micro money laundering The New Kid on the Block

Micro money laundering: The New Kid on the Block

Micro money laundering: The New Kid on the Block

Micro-money laundering has made it even more challenging to identify the fraudulent transactions carried out in small amounts several times.
Governments worldwide have implemented stricter rules and regulations for AML compliance. There’s also increased awareness on the part of the financial institutions as they are being urged by compliance authorities to follow the AML rules and regulations.
The government is monitoring the traditional financial transactions. But the criminals are now adopting new ways to launder money. With the advent of technology and a massive increase in online transactions, it has become difficult to trace the source of the funds obtained from criminal proceeds.

What is Micro Money Laundering?

Micro money laundering involves frequently laundering money in small amounts using digital channels. The small amounts are transferred to prevent detection, and transactions are made to appear regular. The illicit money is not transferred via big or small projects, but they are spread in smaller digital transactions done every day. It makes it difficult for governments to trace every small transaction and identify the risk of money laundering. 
Digital channels are evolving and available in abundance. Multiple payment channels are available today, making it easy for companies to do business and making it effortless for consumers to make payments and buy goods and services online. But criminals have found this evolving digital space attractive, and they are devising new ways to launder money, and the new kid on the block is micro money laundering.
The digital landscape is continuously evolving, and criminals keep pace with the new technology to devise new ways to launder money. Micro money laundering is on the rise as the criminals take advantage of the loopholes in the AML compliance framework and target online users who are entirely unaware of the fraudulent activities that the criminals resort to launder their money.
They unknowingly fall prey to the criminals who target them to launder money online. 
But the fact is that the regulators and authorities are now coming to terms with how criminals are adopting new ways to launder money and indulge in terrorist financing. They need to identify the emerging risks and thwart the challenges arising out of online transactions, which remain mostly anonymous.
Micro money laundering The New Kid on the Block
The criminals have been using traditional mechanisms for money laundering, such as regulated financial systems, offshore accounts, and shell companies. But now, they have diverted their attention towards online transactions, with transfers in small amounts done multiple times to evade government scrutiny.
Criminals always take advantage of the anonymous nature of the internet and commit fraud. They carry out massive volumes of micro-transactions every day. Each small transaction goes unnoticed, but the overall amount is a cause of worry as criminals become successful in gradually laundering vast amounts of money in multiple transactions.

How is micro-money laundering done?

The new digital frauds have become a favourite of the criminals who are continuously devising new ways to launder their ill-gotten money. Today it is common to buy and sell in-game currencies, and criminals think of it as an opportunity to launder money.
An instance of micro money laundering came to light when the criminals targeted Fortnite- a highly popular game. They used the game for money laundering with stolen credit cards to buy and sell the in-game currency.
They created Fortnite accounts using stolen credit cards, bought the currency, and made it available to other players to sell them at a lower price within the game. To evade the regulators’ attention, they sold them on C2C sites, eBay, or transacted on the dark web.
Another example is of using online job portals such as Fiverr. The criminals create an account on such websites to make fake job requests. They search for services that are offered at a particular fee. They log on to the same site with a different user account and a different IP address to reply to the same job offer.
The amount is paid to an escrow account of the website, and then the first account creator authorises the second account holder (which is the same person) to perform the task advertised. After the work is completed (as shown by the job seeker), the first account authorises the platform to release the payment, and the second account receives the payments. The sender and the receiver are the same, and this modus operandi is rampantly used by criminals in online job markets.

Reason

One reason criminals are flourishing in micro money laundering is lack of awareness as it is a new method that criminals have adopted. AML training should include creating awareness about it and preventative measures. Businesses and enforcement agencies should work together to identify such emerging threats and combat them successfully. 
One of the primary reasons is that AML compliance is put on the backburner as companies have other core activities to ensure business continuity. The online marketplace is continuously evolving, and companies are scrambling to get new products to augment business growth. But all in this hustle, they forget the security of their businesses. Equally enthusiastic technology-savvy criminals jeopardise it. The only difference is that they abuse technology for their unlawful gains.

The Way Forward

Technology can come to the rescue of the authorities, regulators, and business organisations that should use it to combat money laundering and terrorist financing. The AML software can automatically identify unusual transactions, irregular patterns, or unusual consumer behaviour, letting the business know that it needs attention and investigation. Manually it is impossible to track the billions of microtransactions, and the criminals get a free run. However, technology should be used daily and right from the beginning – while verifying customers during the onboarding process. It can go a long way in preventing money laundering.
The KYC process- Know your Customers, CDD-Customer Due Diligence, EDD-Enhanced Due Diligence, and all other procedures part of the AML compliance program should be diligently followed using technology. It will drastically reduce the number of money laundering cases. Training is also necessary to identify unusual transactions and take the appropriate actions to prevent them
The KYC process- Know your Customers, CDD-Customer Due Diligence, EDD-Enhanced Due Diligence, and all other procedures part of the AML compliance program should be diligently followed using technology. It will drastically reduce the number of money laundering cases. Training is also necessary to identify unusual transactions and take the appropriate actions to prevent them
It would be best to rely on AML consultants to improve the AML compliance program and identify money laundering risks. Some measures include choosing the right AML software, AML Training, and setting up an in-house AML compliance department. Businesses can also outsource other AML compliance activities to stay AML compliant and be ahead of the curve. 
Directors and/or senior management demonstrate overall responsibility and awareness of AML/CFT matters within the entity. The companies must also mention whether the Board and/or senior management receive regular AML/CFT reports from the Compliance Officer.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Key Terms and Concepts in the AML Compliance Program

Key Terms and Concepts in the AML Compliance Program- Strengthening the AML Foundation

Key Terms and Concepts in the AML Compliance Program

Key Terms and Concepts in the AML Compliance Program

The Singapore authorities have introduced a solid regulatory framework around Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT). These AML/CFT legislations provide that the regulated entities must develop and maintain a complete set of standards and principles to detect and mitigate financial crime risks. The measures and controls to be adopted by the regulated entities are known as the AML Compliance Program, aimed to safeguard the business against financial crimes vulnerabilities and ensure compliance with the local AML/CFT regulations.
In this article, let us discuss the AML/CFT Program and the key concepts that build the structure of an effective AML Compliance Program.

What is an AML/CFT Program under the Singapore AML Regulations?

The Financial Institutions and the Designated Non-Financial Businesses and Professions (DNFBPs) must comprehend the below concepts and adopt them while designing the AML/CFT Compliance Program to effectively manage the risks and comply with the Singapore AML laws:

Enterprise-Wide Risk Assessment or Business Risk Assessment

The AML laws of Singapore allow the regulated entities to adopt a risk-based approach to manage the risks, i.e., the higher the possibility of financial crime exploitation, the more stringent controls to be implemented. To effectively adopt this approach, the entities must conduct a business risk assessment to determine the potential risk exposure of the business to money laundering and terrorism funding.
The risk assessment must consider various risk factors such as customer base, products and services officer, geographies, nature and complexities of the sanctions, delivery and distribution channels, etc. The outcome of these comprehensive enterprise-wide risk assessments serves as the foundation for developing robust and customized Internal AML Policies, Procedures, and Controls to manage the assessed risks effectively.
Key Terms and Concepts in the AML Compliance Program- Strengthening the AML Foundation

Internal Policies, Procedures, and Controls (IPPC)

The Internal AML Policies, Procedures, and Controls refer to a set of guidelines that help the organization spot and prevent money laundering and combat the financing of terrorism. The policies and procedures enable the company to identify suspicious transactions, detect red flags indicating high-risk activities such as trade involving products associated with ML/FT typologies, proposed business relationships with sanctioned individuals/entities, or identifying complicated delivery channels which may be an attempt to conceal the origin of the unlawful money.
This IPPC acts as a shield against money laundering and terrorism financing attempts. It lays down the foundation for the company’s employees to navigate AML compliance and contribute towards protecting the company from being misused by criminals.
Further, establishing and implementing comprehensive internal AML policies and procedures would ensure that the company adheres to the compliance obligations imposed upon under the Singapore AML regulations and avoid administrative penalties for non-compliance.

Customer Due Diligence

Customer Due Diligence is commonly known as CDD. It is the basic process regulated entities must follow to identify customers and verify their identity using reliable, independent sources. Companies need to follow the CDD process for AML compliance that involves verifying the name, address, nature of the business, etc., to determine the risk of associating with the customers and the risk they pose in money laundering, terrorist financing, or other financial frauds.
CDD primarily consists of Know Your Customer, Screening, identification of Politically Exposed Persons, conducting a customer risk assessment to develop their risk profile, Enhanced Due Diligence, and continuous transaction monitoring to determine changes in the customer profiles during the course of business relationships. CDD is crucial to prevent money laundering attempts and financing of terrorism, and thus, a mandatory control to be adopted while onboarding the customers.

Know Your Customer (KYC)

Know Your Customer or KYC, as we all know, is the primary step in a customer onboarding journey and an integral part of Customer Due Diligence. KYC is a process of collecting customer information to accurately verify their details, including name, addresses, contact numbers, background, etc., with the documents furnished by the customers. To verify the customer identity, the regulated entities may rely on independent resources and establish whether the person is actually the one he is declaring as.
KYC must also include identification and verification of the beneficial owners of the customers, who are legal persons.

Enhanced Due Diligence

Enhanced Due Diligence (EDD) is a type of CDD followed in case of high-risk customers or transactions. EDD involves implementing additional checks and verification measures to establish high-risk customers’ identities and manage increased financial crime risks.
As part of EDD, the regulated entities are required to obtain information about the customer’s source of funds and wealth, verifying it against reliable sources, obtaining management approval before establishing a business relationship or executing transactions with such high-risk customers, followed by ongoing monitoring of the customer’s profile at increased frequency.

Beneficial Owners

In the case of a legal person or legal arrangement, natural persons manage the operations under the corporate veil. Such individuals are the person who ultimately owns or controls the corporates or arrangements – Company, Trust, Foundation, etc. These are the natural persons who eventually benefit from financial transactions.
The regulated entities can identify the beneficial ownership based on the number of shareholding patterns, the voting rights, or the controlling rights of the person. In some exceptional cases, even the customer’s senior management can be classified as the beneficial owners.

Politically Exposed Person

A Politically Exposed Person (PEP) is essential in the AML Compliance Program. PEPs are the natural persons entrusted with the functioning of a prominent public position and can influence public funds. PEP also includes individuals closely associated with people holding influential positions in the government.
When establishing a business relationship with a customer, the regulated entities must determine whether the person is a PEP or a close associate of the PEP, as PEP is generally treated as high-risk from a money laundering perspective, given their powers to exercise significant influence and access to government resources.

Suspicious Transactions

Suspicious transactions refer to financial transactions with a reasonable belief or grounds to suspect that they may be conducted for concealing the source or owner of the illegal money or is funded using proceeds of crime.
The transactions may arise from complex arrangements making it challenging to trace the source of the funds or where multiple parties are involved, making it challenging to identify the beneficial owner. Frequent cash deposits and immediate withdrawals are bound to raise suspicions. Transactions involving high-risk countries or individuals and large amounts made just within the permissible threshold are some red flags businesses should look for to identify suspicious transactions.
The regulated entities must define the red flags and risk indicators that suggest potential suspicious transactions and assist the employees in detecting and reporting the same timely.

Sanctions

While talking about AML compliance, one will encounter the word Sanctions. Sanction is a punishment or coercion measure imposed by a government on another country or group of countries against criminals to prevent businesses from dealing with such designated persons. Singapore’s regulated entities must follow the Designations by the UNSC Committee and the Domestic Designations under the Terrorism (Suppression of Financing) Act.
Sanctions compliance generally involves screening the customers against the Sanctions List, applying freezing measures, and timely reporting the designated person to the relevant authorities (Suspicious Transaction Reporting Office (STRO) or the Monetary Authority of Singapore (MAS))

AML Compliance Officer

An AML Compliance Officer is the designated person responsible for designing the AML Program and ensuring that the company diligently follows the same to fight financial crime and fulfill AML obligations.
The Compliance Officer is also responsible for conducting the business risk assessment, imparting AML training to the team, reporting the observed red flags by filing Suspicious Transaction Report (STR), etc. In all, the AML Compliance Officer is the backbone of the AML Program and is entrusted with overseeing the entity’s AML measures and combating the money laundering and terrorism financing activities.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Enterprise-Wide Risk Assessment: Factors to be considered by the Regulated Entity in IFSC

AML Enterprise-Wide Risk Assessment- Factors to be considered by the Regulated Entity in IFSC

AML Enterprise-Wide Risk Assessment: Factors to be considered by the Regulated Entity in IFSC

AML Enterprise-Wide Risk Assessment: Factors to be considered by the Regulated Entity in IFSC

Anti-Money Laundering (AML) framework of any regulated entity – be it a Financial Institution or a Designated Non-Financial Institution (DNFBP) regulated by any AML supervisory authority – would always be effective when its foundation is set with a comprehensive Enterprise-Wide Risk Assessment. This is no exception for the IFSC entities regulated by the International Financial Services Centre Authority (IFSCA).
Even the IFSCA (Anti Money Laundering, Counter-Terrorist Financing and Know Your Customer) Guidelines, 2022 mandate the regulated entities to perform the Enterprise-Wide Risk Assessment.
In this article, let us explore the concept of Enterprise-Wide Risk Assessment, or “AML Business Risk Assessment,” and what factors must be considered by an IFSC entity when assessing the potential money laundering or terrorism financing risk its business is vulnerable to.

What Is An AML Enterprise-Wide Risk Assessment?

AML Enterprise-Wide Risk Assessment (EWRA) is the process regulated entities adopt to identify and assess the ML/FT risks of the business. The EWRA exercise involves the following:
  • identifying the risk factors that expose the business to money launderers and other financial criminals
  • assessing the possibility or likelihood of such risk materializing
  • evaluating the impact such risk can have on the business in the risk actually occurs
  • checking whether such risk is within the company’s ML/FT risk appetite
  • determining the controls necessary to mitigate the assessed business risks
  • evaluating the strength and adequacy of the existing controls to check whether these would be sufficient to manage the risks
  • if not, designing and implementing the additional controls and mitigation measures to ensure that the
AML Enterprise-Wide Risk Assessment- Factors to be considered by the Regulated Entity in IFSC
It is not just a one-time task; the IFSC-regulated entities must periodically assess their business exposure to ML/FT risks and update the controls required to manage the risks effectively.
The results of the business risk assessment are used to customize the AML Program of the company, ensuring the optimal utilization of the resources targeted to manage the risk exposure, i.e., more resources to be deployed for high-risk elements while managing the low-risk areas with low or moderate resources.
Given the fact that the entire AML Program is based on the outcome of the EWRA, it is pertinent to ensure accuracy and comprehensiveness in identifying the risk parameters basis which the business risk assessment should be conducted.
The company must consider the nature and size of its business, along with other risk parameters such as the nature of the customers, geographies, products, and services offered, nature of transactions, delivery channels involved, etc.
Let us discuss these risk factors in detail.

What Factors Must Be Considered By An IFSC-Regulated Entity For Enterprise-Wide Risk Assessment?

The overall business exposure to money laundering or terrorism financing is an outcome of a combined evaluation of various factors, such as:

Risk Associated With Customer’s Profile

Understanding the nature of the customers (including suppliers) the company engages with is crucial to EWRA. The regulated entity must consider the following customer-related aspects when assessing the overall business risk:
  • customer’s legal structure
  • nature of the customer’s business activities – whether regulated or unregulated
  • financial position of the customers
  • customer’s status as a Politically Exposed Person (PEP) or a close associate or relative of a PEP
  • ownership structure of the corporate customers (whether reasonable considering the business activities or excessively complex)
  • circumstances under which the customer intends to establish a business relationship
  • customer’s cooperation towards applying Customer Due Diligence measures
  • whether the customer is an existing customer or a new
  • whether any nexus with the Sanctions List or has any adverse media
  • customer is a legit setup, or has any nominee shareholders or any bearer shared issued
The analysis of the customer base would help the entity assess the contribution of the risk arising from the customers to the overall business risk and the controls required to manage the same.

Geographic Risk

The jurisdiction or the geographies in which the company is pertaining (having branches outside IFSC) and the customers’ location are pertinent in assessing the IFSC entity’s exposure to money laundering and terrorism financing risks.
In determining the location-based risk, the company must consider whether it has any direct nexus or through its customers with any of the following:
  • countries known to have weak or no AML/CFT regulatory framework
  • countries notorious for assisting terrorist activities or funding terrorist organizations
  • jurisdictions having higher rates of corruption
  • countries subject to any international sanctions or embargoes
The entity must consider the countries defined under the Financial Action Task Force (FATF)’s Grey List (Jurisdictions Subject to Increased Monitoring by FATF) or Blacklist (Countries subject to “Call for Action” by FATF).
Factoring in the locations of its business operations and the customer’s jurisdiction is essential to bring clarity around the ML/FT risks the business may face when foreign countries get involved and mitigation measures required to manage these risks.

Risk Associated With Products And Services Offered

The nature of the products and services offered by an IFSC-regulated entity highly influences the company’s overall ML/FT risks. A particular category of products or services poses a higher risk or has a high potential of being exploited by the financial criminal.
Products such as private banking or acting as nominee shareholders or directors are subject to a higher risk of being used as a conduit for money laundering. Similarly, the products offering anonymity are highly vulnerable to money laundering.
Further, the regulated entity must assess the risk before launching any product or introducing a new service practice.

Risk Related To The Nature Of Transactions

The nature, volume, and complexity of the transactions are important aspects shaping the outcome of the EWRA. Some of the risk indicators related to transactions are:
  • Complex transactions involving multiple parties
  • Multiple transactions conducted in a short period just within the reporting threshold
  • Payment routed through an unassociated third-party account
  • Customer insisting on making large payments in cash or virtual digital assets
  • Inconsistency between the customer’s financial position and the value of the transaction
  • Sudden change in the transactional parameters almost near the end of the transaction
The transactions’ quantity and quality must be considered while assessing the business risk.

Delivery Channels

How the regulated entity delivers the product or services or onboards, the customers is also an essential factor determining the risk of the business.
The company must consider the following while assessing the risk posed by the delivery or distribution channels:
  • whether the customers are onboarded directly or through third-party intermediaries
  • business relationships established on a non-face-to-face basis
  • products sold or services delivered online or remotely
whether the customers are onboarded directly or through third-party intermediaries business relationships established on a non-face-to-face basis products sold or services delivered online or remotely

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

AML Periodic inspection: What to expect when authorities come for a Periodic AML Inspection

AML Periodic inspection

AML Periodic inspection: What to expect when authorities come for a Periodic AML Inspection

AML Periodic inspection: What to expect when authorities come for a Periodic AML Inspection

The team representing the Ministry of Economy UAE has started visiting companies to conduct periodic AML inspections regarding the implementation of AML/CFT procedures. As a part of their AML periodic inspection, the team checks whether the company has implemented suitable procedures for anti-money laundering and combating terrorism financing.
The Ministry’s notification directs the companies to cooperate with the inspection team during the visit. This notification is in regards to the Federal Decree No. 20 of 2018 and Cabinet Decision No. 10 of 2019 for the implementation of Federal Decree law No. (20) of 2018 on anti-money laundering. The financial institutions and DNFBPs are required to fill in the checklist with accurate details and submit a signed copy to the inspection team during their visit.
DNFBPS must fill in the following information in different sections as asked in the checklist:

Company details

  • Legal name
  • DNFBP category
  • Licensing Authority, Number, and Date
  • Address
  • Inspection Date
  • The name and signature of the authorized signatory, which can be a Compliance Officer or Manager
  • Ownership structure including details on ultimate beneficial owner (UBO)
  • Description of the products and services you offer and types of customers
AML Periodic inspection

General policies and procedures

In this section, you have to mention whether you have prepared and documented AML/CFT policies and procedures. If you have those, you have to share your AML Policy via email. The Ministry also intends to know whether you have circulated these procedures and policies to all your employees.

Internal risk assessment

In this section, the Ministry requires you to mention whether you carry out and document an internal risk assessment to identify the money laundering risks to your business. In the document, you need to provide details on the risk categories included in the risk assessment, such as:
  • Country risk
  • Customer risk – Check our infographic on customer risk assessment
  • Delivery channels risk
  • Products, services, and transaction risk
  • Results of the National Risk Assessment of the UAE’s money laundering and terrorist financing risks

Governance

In this section, the Ministry intends to know whether the Board of Directors and/or senior management demonstrate overall responsibility and awareness of AML/CFT matters within the entity. The companies must also mention whether the Board and/or senior management receive regular AML/CFT reports from the Compliance Officer.

Compliance Officer

This section requires information on the Compliance Officer. The first point you have to mention is whether you have appointed a compliance officer. If the answer to it is yes, the Ministry requires the name and email address of the Officer.
The Ministry also intends to know whether the company has provided all the relevant details and documents to the Compliance Officer, including financials. Also, you must talk about the reporting manager of the Compliance Officer.

Customer acceptance and onboarding

This section requires companies to talk about their customer onboarding process and policies. The Ministry intends to know whether you have:
  • A Know Your Customer (KYC) form, including details such as name, address, contact details, profession, and copy of identity proofs. Check out what is know your customer (KYC) and best practices for KYC compliance. Also, check out our article highlighting the importance of identity verification.
  • Implemented procedure to identify whether the potential customers are /related to Politically-Exposed Persons (PEPs). Check out our guide to Sanction and PEP screening
  • Established mechanisms to categorise your customers as high risk, low risk, and medium risk. Check out our infographic on the customer risk assessment program
  • Whether the policy is in place for Identification of the true beneficiary of your customer. Read our complete guide to the Ultimate Beneficial Owner verification

Cash transactions

In this section, the Ministry wants to know whether you allow cash transactions in your business. You must mention the details of specific controls and procedures implemented in your company for cash transactions.
The Ministry intends to know from you details on:
  • Percentage of cash transactions of the company’s total transactions
  • Cases of cash transactions of more than AED55,000.0 during the last 24 months

Suspicious transaction reporting

In this section, the company must answer the following:
  • If they have signed up to the Financial Intelligence Unit’s goAML platform. Check out our goAML pre-registration guide and goAML registration guide
  • If they have submitted any suspicious transaction reports via the platform; if yes, how many
  • If they have a documented list of red flags or indicators for suspicious transactions; if yes, share it in email

Record keeping

The Ministry intends to know if you keep all records, documents, materials, and data of all local or international financial, commercial, and cash transactions for a period of no less than five years from the date of completing the process or the end of the relationship with the customer. Check out our infographic on AML Compliance Requirements in UAE

Training and awareness

You must provide information on the regular and appropriate training programmes you conduct for your employees in line with the nature and degree of risks of its activities to train employees on AML/CFT procedures. You must describe the training and its format in detail. Check our article emphasising the importance of AML training.

Targeted financial sanctions

This section allows the Ministry to know if your customers are subject to targeted financial sanctions by the UAE government, the UN Security Council, or any other relevant body. You must also inform any screening tool that you use to check the same in this form.
You must mention if you have ever identified exposure to targeted financial sanctions designated persons. If yes, what were the actions the company took, including but not limited to asset freezing, reporting to the competent authority, etc.

Financial activity

In this section of the checklist, you must list all your bank accounts and related details such as name, location, IBAN, etc. The Ministry wants to know if you faced any issues with any banking institution, along with the relevant details.

Conclusion

All these details will help the inspecting team know about the procedures in place on your premises related to AML/CFT. This proves your commitment to abiding by the AML law and dedication to reducing money laundering activities.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

AML Program Failure: Decoding the Causes and Corrective Measures

AML Program Failure: Decoding the Causes and Corrective Measures

AML Program Failure: Decoding the Causes and Corrective Measures

AML Program Failure: Decoding the Causes and Corrective Measures

The AML Program, commonly called “AML Compliance Program” is a critical component of AML compliance efforts. Failure of the AML Program exposes the business to financial crime risks, jeopardizes its reputation, and results in hefty non-compliance penalties.
At all times, the AML measures adopted by the regulated entity must be adequate and effective in identifying the money laundering activities and aligned with Singapore’s AML regulations. It is pertinent to identify the reasons for the AML program’s failure to implement the necessary rectification measures for enhancing its quality and effectiveness.
Let us understand what should be included in an ideal AML program, what causes the AML program to fail, and what remedial measures are to be adopted to correct the failure and strengthen the AML Compliance Program.

What are the elements of an effective AML Program?

An AML program comprises a comprehensive framework of guidelines the business must follow to stay AML compliant and protect itself from money laundering and terrorism financing threats.
AML framework or program involves:
  • Assessing the financial crime risk by conducting Enterprise-Wide Risk Assessment (EWRA) or Business Risk Assessment
  • AML policies, procedures, controls, and systems
  • Customer Due Diligence measures, including Enhanced Due Diligence (EDD), identification of Politically Exposed Persons (PEP) & Beneficial Owners (BOs)
  • Ongoing monitoring of the transaction and business relationships
  • Imparting AML training to the staff and creating awareness towards AML measures
  • Sanctions implementation program
A robust and effective AML program includes all the relevant guidelines that will help the business prevent money laundering and financing of terrorism, keeping pace with the emerging trends in the global market and overall business risk.
AML Program Failure: Decoding the Causes and Corrective Measures
Any flaws in the AML measures adopted by the company that results in non-compliance with AML regulations or violates the requirement of identifying and preventing financial crime instances, the regulated entities are subjected to heavy administrative fines and other legal proceedings.
So, what causes the AML programs to fail and put the organization, the stakeholders, and the customers at risk? Let’s discuss the top reasons for the failure of AML programs and ways to improve the overall AML efforts of the company.

Understanding the primary reasons for an AML Program’s failure and its corrective measures

1. Incorrect Business Risk Assessment:

Businesses can integrate an effective AML compliance policy, controls, and procedures only when they correctly assess the risk of being exploited by the money launderers. These could arise from the nature of customers, the type of products and services offered, the geographies of business operations, etc.
Suppose the business is unable to assess the business risk correctly. In that case, the AML program can fail miserably, as the business risk assessment is the foundation for designing the policies and AML controls.
An AML program not in sync with the actual ML/FT risk exposure will be ineffective in mitigating the risks and ultimately result in regulatory non-compliance.
Solution: The companies must periodically review the business risk assessment and update the same, considering the changes in the business operations, evolving money laundering risk typologies, and the latest regulatory amendments. The AML program must always be proportionate to the assessed business risk to ensure that implemented AML measures directly tackle the identified risk and not merely a tick-box approach by adopting a “fit-for-all” AML program.

2. Keeping pace with changing regulatory requirements:

Regulated entities often struggle to keep pace with the ever-changing regulatory requirements. The government and regulatory authorities issue improved guidelines and quash some of them based on the changes in the market environment and developing ML/FT threats. The AML regulatory landscape is updated repeatedly, and ensuring the regulated entity complies with these new obligations becomes challenging.
Solution: Coordination amongst the industry peers and following the official sources is one of the best ways to keep your AML knowledge up-to-date. You can also rely on domain experts who update your AML program as and when the regulations are amended. Further, regulatory compliance, such as screening, technology solutions, and tools, can be an excellent option to stay compliant with updated sanctions lists and avoid penalties.

3. Lack of collaboration:

The compliance program cannot be successful until the management, the compliance officer, and the relevant stakeholders collaborate internally and externally with the regulatory authorities to trace suspicious transactions and prevent money laundering.
Solution: Collaboration among the management, all the employees, and the compliance officer is necessary to ensure effective implementation of the AML rules and regulations. A unified approach towards AML efforts will help you achieve the goals predefined for the AML compliance process.
Further, the compliance officer maintains a healthy relationship with the authorities to seek their timely feedback and directions to improve the quality of AML function.

4. No deploying appropriate technology:

Criminals are devising new ways to launder money, including misuse of developing technologies. Without adequate technologies, it would be challenging for businesses to detect the red flags. Further, with tools and software, the accuracy of AML measures like real-time screening and ongoing monitoring is always doubtful.
Solution: Businesses, too, must catch up with the times and use technology to identify money laundering attempts and thwart the challenges. Companies can use emerging technologies like Artificial Intelligence, Blockchain, etc., to improve the speed and accuracy of AML compliance, such as identity verification, and monitor bulky transactions and customer data to detect any unusual patterns or risk indicators. AML software enables the business to implement AML programs efficiently.

5. Lack of a compliance culture:

The compliance program is bound to suffer if there’s no awareness of the AML compliance process and inadequate information on the regulatory requirements. The compliance culture starts with the management. If the leadership tends to overlook the importance of an AML program, the employees and the stakeholders will undermine the importance of the program and fail to recognize the contribution that can help them stay AML compliant.
Solution: An organization must have a strong compliance culture that should start with senior management’s support and trickle down the organizational hierarchy. Awareness about the compliance regulations and responsibility towards the government, the company, stakeholders, and, most importantly, the customers pave the way for a robust AML compliance culture throughout the organization.

6. Lack of AML Training:

AML training is required to help employees and stakeholders understand the business’s ML/FT risk exposure and equip them to identify suspicious transactions. The training is essential for the employees to understand the AML compliance process, the regulatory requirements, the challenges involved, and the methods used to mitigate the risks. Lack of training is a significant cause of the failure of the AML compliance program.
Solution: Companies should make AML training a significant part of the AML compliance program. Mandatory AML training must be conducted for new employees, while an annual refresher course on AML must be arranged for all the employees to ensure that they understand their AML responsibilities and are updated on the latest AML developments. An AML Compliance Officer can conduct the training in-house, or a third-party AML professional may be appointed to design and impart comprehensive AML training for all the employees, senior management, and Compliance Officer.

Identifying the AML flaws and strengthening the AML compliance program

The businesses must adopt an independent AML audit function to ensure periodic review of the AML program, including internal policies, procedures, and controls, to test its quality, adequacy, and relevance in the context of AML regulations and overall business risk assessment.
These independent reviews shall assist the company in identifying the gaps or non-compliance instances that need immediate attention and redressal to prevent the business’s exploitation by the money launderers and avoid any administrative penalties. The observations or findings of the AML auditor must be addressed to the senior management, and the same must be remediated at the earliest to improvise the AML program.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

The Complete Guide to the Ultimate Beneficial Owner Verification

The Complete Guide to the Ultimate Beneficial Owner Verification

The Complete Guide to the Ultimate Beneficial Owner Verification

Ultimate Beneficial Owner (UBO) Verification

As per the KYC onboarding and remediation process, customers must be verified for Ultimate Beneficial Ownership. It is necessary to comply with AML/ CTF sanctions and regulations and meet the tax compliance legislation and standards. UBO is defined as an individual who benefits the most and has ultimate effective control over an arrangement– a legal entity or a natural person, irrespective of the chain of control is UBO – Ultimate Beneficial Owner. UBO check is necessary for different entities such as banks, brokers or dealers in securities, commodities, hedge funds, futures commission agents, blockchains, currency exchange officers casinos, digital lenders, FX, and binary options brokers.
CDD – Customer Due Diligence has come into the spotlight with the several scandals unearthed in recent times, such as the headlines grabbing Panama Papers and others. More emphasis is being laid on CDD now. Increased regulatory compliance helps in improving ownership disclosure and transparency. It is critical to follow the new compliance regulations, as it can put a business on the verge of getting a bad reputation and increase the risk of financial loss.
The legal arrangements are complex, and detangling them is also cumbersome. Several factors hinder UBO verification, such as lack of clarity on multiple beneficial ownership outlines, non-co-operation, and other factors that make it difficult to carry out the process quickly and prevent compliance with the KYC process.

What is UBO (Ultimate Beneficial Owner)?

The UBO is the Ultimate Beneficial Owner of a legal person.
A natural person can only be a UBO. The Ultimate Beneficial Owner owns or controls the legal entity or a natural person who conducts the transaction with the firm. The UBO may or may not be known as the owner of the business.
Reporting entities in the UAE are required to perform UBO checks to identify the real person behind the transactions. The Ultimate Beneficial Owner checks are important to prevent the business from money laundering and terrorist financing risks.
As per the UAE regulations, any person owning more than 25% of shares, controlling more than 25% of the voting rights, or the person exercising control over the company is termed as UBO.
The Complete Guide to the Ultimate Beneficial Owner Verification

UAE Cabinet Decision No. (58) of 2020 Regulating the Beneficial Owner Procedures

The UAE Ministry of Cabinet Affairs (‘Cabinet’) published Cabinet Resolution No. 58 of 2020 on the regulation of the Procedures of the Beneficial Owner ‘ (‘Resolution 58’) as part of the UAE’s shift toward greater openness and to be in line with global norms.
Resolution 58 mandated that entities in the UAE (with few exclusions) gather and retain relevant, accurate, and up-to-date information on their genuine beneficiaries (‘Beneficial Owner ‘), as well as inform the authorities. This law establishes a beneficial ownership framework for UAE “mainland” and free zone entities, as well as requiring the maintenance of necessary registers. As per Article 5, UBO is anyone who owns or controls, whether directly or indirectly, through shares or bearer shares:
  • 25% or more of the legal person’s share capital;
  • or 25% or more of the legal person’s voting rights.
This could be accomplished through a control chain or by having the power to appoint or remove the majority of the company’s management.
If no natural person meets the foregoing conditions, or if there are any uncertainties about who does, the UBO is the natural person who has power over the legal person by any other methods. If a natural person cannot be identified, the UBO is the senior manager of the legal entity.
The main reason for UBO verification is to arrest financial manipulation, money laundering that goes into funding terrorism, and financial crimes hidden behind the garb of legal entities.

Final CDD Rule

The CDD final rule amends the Bank Secrecy Act regulations, which improves financial transparency; It will help prevent money laundering and misuse of legal entities to hide the illegal activities of funding criminal and terrorist activities. The CDD rule works on four elements which require financial institutions to maintain written policies and processes to perform the following functions-
  1. Identification and verification of the customers’ identity.
  2. Identification and verification of the UBO of the companies opening accounts.
  3. Create a Customer Risk profile by understanding customer relationships.
  4. Regular monitoring of transactions to detect and report suspicious transactions. Update the customer information regularly.
Any individual who owns 25 % or more of a legal entity and the individual who controls the legal entity must be subjected to verification of beneficial ownership information.

UBO International Standards

The FATF: Financial Action Task Force is an organisation that keeps a tab on global money laundering and terrorist financing activities. It lays down the international standards that aim to prevent illegal financial transactions. Two hundred countries agreed to the rules established by the Financial Task Force for beneficial ownership in 2003 and 2012. The 4th AMLD and CDD rules are applicable, but several countries adhere to the terms laid down in the international treaties that require beneficial ownership declarations. The organisation regularly keeps a vigilant eye on the money laundering and terrorism financing methods and improves its standards to combat the challenges of evolving money laundering techniques.
As a result of the FATF study, there has been massive awareness, and legitimate governments are targeting corruption. The emphasis on obtaining information on beneficial ownership due diligence has increased more than ever before, serving many purposes such as increased financial transparency, preventing money laundering, and stopping funding of terrorism and unlawful activities.

Ultimate Beneficial Owner Step-by-Step Process

You need to follow the unique compliance standards for each country in which the business is operating. But there are a few standard procedures that must be followed to develop an effective UBO program strategically.

1. Obtain the firm's credentials

Complete records of the companies have to be provided, such as company’s names, address, official status, top management employees and verify the records’ accuracy.

2. Identify Ownership Structure and Percentages

It’s crucial to know about the entities who have a stake in the company, directly or indirectly via another party.

3. Identify Beneficial Owners

Identify UBO by determining the entity or natural person’s ownership interest or management control – total percentage of shares, ownership stake, management control, and verify if any of it falls under the ambit of UBO UAE.

4. Perform AML/KYC checks on all persons identified as UBOs

Companies can adopt this vigilant approach and prevent the misuse of the internet to launder money and fund criminal and terrorist activities. Financial institutions can use AI and ML to avoid criminals with AML software. Modern technologies such as Blockchain can prove to be effective in preventing money laundering and ensuring AML compliance.

Ultimate Beneficial Ownership and AML Compliance

Automated solutions are the futuristic way of compliance with the AML/ CFT requirements as they make the detection and validation of UBOs a seamless and quick process.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik