AML compliance for the luxury goods market in Singapore

Money laundering threats are a common stain on all kinds of luxury goods. Worldwide, financial criminals consider art, antiques, gems and stones, yachts, and watches to be an accessible medium to launder money. So, AML compliance for the luxury goods market is essential to eliminating money laundering.

Recently, Singapore fell prey to such a money laundering scandal in the luxury goods market in 2023. The criminals earned dirty money through illicit means and cleaned them up in the legal Singaporean financial system. Using this money, they bought several luxury goods, which the police seized during investigations. This scam brought the country’s regulatory authorities’ attention back to strengthening AML regulations for the luxury goods market.

Let’s examine these AML regulations in Singapore. Moreover, we’ll discover the AML compliance initiatives that luxury goods market operators must implement to reduce the risks of financial crimes. These measures mitigate money laundering risks and prevent criminals from exploiting this market.

AML compliance mandate concerning luxury goods

The AML regulations in Singapore apply to “precious products”.

Recently, the Singapore authorities introduced a Bill seeking to expand the scope of “precious products.” Previously, this term was restricted to high-value products wherein at least 50% of value was attributed to precious stones or precious metals (PSPM). Now, with the newly proposed definition of “precious products,” the mandatory condition of having a PSPM element in a product to qualify as a “precious product” has been relaxed.

Now, the “precious products” would include the following items subject to the prescribed threshold, and the dealers engaged in such precious products would be subject to AML compliance in Singapore:

Jewellery, watches, ornaments, apparel, accessories, etc., of value exceeding S$ 20,000, irrespective of the value attributable to the PSPM.

Considering the money laundering vulnerabilities associated with luxury items, the definition of “precious product” is proposed to be amended to include high-value luxury items traded at premium prices because of the brand label associated with the item or the involvement of craftsmanship.

Such products include high-end watches, accessories, apparel, etc., though they involve very little or no element of precious metals or precious stones. Criminals have exploited these products, resulting in the laundering of illegally obtained proceeds.

Money laundering threats in the luxury goods market

The risks associated with luxury goods are high due to the following reasons:

High-valued items

Luxury items are high-valued goods, attracting money launderers who exploit them in several ways. High-valued items make it easier for money launderers to launder vast sums of money.

Cash transactions

The purchase and sale of luxury goods are mainly through cash transactions. Thus, it becomes difficult for authorities and police to track their source and destination.

Global Nature

You can transact luxury items globally across multiple jurisdictions. This feature increases your exposure to money laundering and similar other threats, with no restriction on the boundaries.

Easy to transport

These goods are easily transportable, and questioning and interrogation are minimal or non-existent. You can carry some of these items, like jewellery, luxurious apparel or ornaments, across borders without hassles.

High resale value

One unique characteristic of luxury items is their high resale value. There is a high demand for these goods among wealthy and high-net-worth individuals. These goods also fetch a good resale value, specifically in the case of rare and unique collectibles. So, criminals leverage this feature to their benefit.

Involvement of intermediaries

Luxury items provide an easy way to use shell companies or third parties to buy, sell, and manage these assets. This means you buy these items not directly but using offshore or foreign accounts. The anonymity and privacy associated with these intermediaries increase the possibility of money laundering activity, concealing the true identity of the criminal or launderer.

Confidentiality

The luxury goods markets enjoy a sense of confidentiality and discretion. You need not provide details on the actual owners of these goods. That is why the risk of financial crimes is high.

Low awareness

Dealers in such luxury items are unaware of the AML compliance requirements worldwide and nationally. Moreover, they are ignorant of the risks of such financial crimes to their business.

Trade-based money laundering

Trade-based money laundering is possible in the case of luxurious items carrying a premium associated with the brand, which is abstract. It is an accessible market for over- or under-invoicing. You can manipulate the prices to show higher or lower rates for laundering money. Criminals might also create false invoices to show a purchase and sale transaction despite no such activity.

Secured transaction zones for art

Another primary factor that has cropped up in recent years is the construction of Freeports. These are storage spaces in transit zones near airports to facilitate art purchase and sale transactions. These are secured zones offering privacy and anonymity to buyers and sellers. In these spaces, no tax is applicable on art and antiques, so you are also saved from those costs.

Easy to buy and sell personal luxury items

Money laundering in personal luxury items is easy because anyone can buy these from any country. Ineffective due diligence measures at borders lead to easy transit to the country of residence. Thus, provoking the launderers to evade taxes on such items and launder money without coming into the spotlight of the origin country’s regulator. Moreover, no one asks the beneficial ownership of these personal luxury items.

Possible use as currency or medium of exchange

Luxury goods obtained illegally are used as a means of payment or to barter another luxury item. Thus, you can place dirty money in the legal market as a currency.

Virtual luxury items

Now, these luxury items are also available in virtual form. So, the risks associated with virtual assets also apply to them. Specifically, they can avoid many regulatory mandates and sanctions.

Thus, these are the possible ways criminals can engage in money laundering through luxury goods transactions.

Accordingly, recognising the legal requirement and the associated risk, you must prevent criminals and launderers from saving your business from exposure to financial crimes. If you don’t, you will be AML non-compliant, inviting fines and penalties. It can lead to criminal action against you, reputational damage, or loss of business. So, you must adopt appropriate techniques to prevent them.

Strategies in AML compliance for the luxury goods market

To prevent and mitigate money laundering and other financial crimes, you must implement the following techniques in AML compliance for the luxury goods market:

Strategies to Ensure AML Compliance in Luxury Goods Market

Detailed AML compliance program

The high risks of money laundering require a detailed strategy for fighting it. You need to know your plan for complying with AML regulations. It is also essential to prevent and mitigate the potential money laundering threats.

So, design a comprehensive customized AML compliance program. It must have adequate policies and controls to fight these financial crimes. This includes procedures for KYC, CDD, transaction monitoring, and sanction screening. Keep updating them on time to align with the evolving regulations and innovations in money laundering.

The strategy must also define the skills you need in your business to handle AML compliance. Based on this, you can hire people for AML compliance-specific jobs. It also enables you to design relevant AML training for your AML activities. Thus, the strategy directs you on how to go about your AML compliance.

This AML compliance program must align with the following acts applicable to luxury items businesses in Singapore:

Corruption, Drug Trafficking, and Other Serious Crimes Act (CDSA)
Terrorism (Suppression of Financing) Act (TSOFA)
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Act, 2019
Precious Stones and Precious Metals (Prevention of Money Laundering and Financing of Terrorism) Regulations, 2019

KYC and customer due diligence

AML compliance requirements need you to know about your customers. So, you must focus your efforts on conducting KYC and customer due diligence of your customers. Collect the following details on your customers and verify the same using reliable, independent sources:

Name, address, occupation
Nationality
Transaction’s purpose and objective
Source of funds and wealth
Beneficial owners of luxury items
Expected mode of payment

The most critical information is where the money is coming from and where it is going. Also, the information bit on beneficial ownership. Both these data points help you establish any potential linkages to financial crimes.

You must create your customers’ risk profiles based on all these details. The risk profile helps you categorise customers as low, medium, and high risks. It is also necessary to screen your customers against different national, regional, and international watchlists, including but not limited to:

Terrorists
Politically Exposed Persons (PEPs)
Sanctions
Individuals involved in corruption, bribery, and other illegal acts

So, you must be extra careful while dealing with high-risk customers. All these information-gathering and analysing processes need you to deal with more paperwork.

Transaction monitoring & Identifying suspicious transactions

Monitoring your customers’ transactions is critical to spot suspicious ones. You must be aware of the red flags to detect them. Once you know them, it is easier for you to detect them. You can investigate them further and take action based on the results.

Understanding the layering of transactions is essential. This is where launderers play smartly to hide dirty money in clean money. So, you must create custom transaction rules based on your customers’ risk profiles and transaction patterns. Look for signs that raise doubt in your mind, like the following:

Large cash transactions
Concealing beneficial ownership
Inconsistency of the transaction with the customer’s profile
Customers from high-risk jurisdictions
Involvement of layers of intermediaries in transactions

Using a technological solution to monitor transactions is a smart move. You can ensure accurate results, complete monitoring, and faster processing. But do not ignore adding the human touch to transaction monitoring. Check the suspicious ones manually to understand the customer behaviour behind possible money laundering.

AML training

You must make it a point to give due importance to AML compliance in your entity. All employees must understand how significant AML compliance is in preventing financial crimes.

Thus, whether you want to create an AML culture in your business, monitor transactions, conduct CDD, or report suspicions, your employees must know how to do all this. If your employees are unaware of the reason and procedures, your AML compliance will go haywire.

So, pay attention to training your employees on AML measures and strategies. Such training must teach the following topics:

Significance of AML compliance for your industry
Methods of conducting KYC, due diligence, and sanction screening
Monitoring transactions, identifying and reporting suspicions

Until employees know the what, why, and how of AML procedures and controls, it is challenging to get their focused dedication; only when they give their 100% can you ensure a culture of AML compliance. It will help you prevent money laundering risks and follow Singaporean AML requirements.

Reporting & AML Recording Keeping

As crucial as transaction monitoring and due diligence are to AML compliance, similar criticality is held by reporting and record-keeping. You will be checking transactions to identify the suspicious ones amongst those. You will also be monitoring your customers to detect their levels of risk to your business. If you forget to maintain records of these results, they do not serve the complete purpose.

Recording and reporting these procedures and results is significant. Since you need to file suspicious activity reports and cash transaction reports, you must have a well-defined procedure for them. Define the people responsible for them, the procedure, and the format. Also, explain any internal reporting process you must follow for AML compliance.

Similarly, maintain records of each of your AML procedures. Save everything, be it KYC records, due diligence reports, customer risk profiles, transaction monitoring results, or AML training manuals. As stipulated in the regulations, maintain these records for at least five years.

Internal and external collaboration

An often overlooked AML strategy is internal and external collaboration, communication, and cooperation.

Smooth communication on AML between departments eases your AML compliance journey. You must discuss the AML procedures that overlap with your activities and challenges, deliberate on potential solutions, and consider their impact. You must also communicate well with senior management to discuss suspicious transactions and customers. The management must communicate the AML policies and procedures to the employees.

Besides internal communication, external cooperation is necessary with:

Industry regulators for AML expectations & guidance
Peers for shared database in KYC, sanctions screening, and due diligence

Thus, you must collaborate with your industry players to achieve AML compliance and free the luxury goods market from money laundering threats.

Niyeahma – your AML compliance journey partner

These AML compliance strategies can ensure your luxury items business sparkles. But doing it all alone while dealing with the rising competition is daunting. So, the best option is to partner with a specialist AML compliance services provider. And who better than AML Singapore to join hands with to move ahead in your AML compliance journey?

Amidst all these money laundering concerns regarding luxury items, you have a beacon of hope in AML Singapore. We help you with all the necessary strength to fight money laundering. Our consultants provide support to protect the integrity of financial transactions.

Our consultants are here to help you with any of the AML compliance strategies listed above. Not only this, we create a customised strategy to suit your business needs. These AML measures ensure you protect your luxury items from exposure to money laundering threats.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article Singapore

FATF travel rule compliance requirements for VDASPs in India

FATF Travel Rule is one of the advanced measures in the anti-money laundering regime to bring transparency around the electronic movement of the funds – whether wire transfer or transfer of virtual digital asset. This rule, FATF’s Recommendation 16, applies to financial institutions and Virtual Digital Asset Service Providers.

It requires the identification of the originator (payer) and beneficiary (payee) involved in the electronic transfer of funds or exchange of virtual digital assets. This data helps the reporting entities understand the parties involved in exchanging funds or virtual digital assets and detect any potential connection with money laundering.

In India, along with financial institutions, the FATF travel rule compliance under the AML framework has been made mandatory for virtual digital asset service providers (VDASPs). Let’s explore the FATF travel rule requirements and their impact on virtual digital asset businesses.

What Is The FATF Travel Rule?

FATF travel rule is the compliance requirement warranting the identification of the person initiating the transfer of funds and the intended recipient. It is similar to the traditional bank wire transfer transaction. While transferring money from one bank account to another, the reporting entities need to identify the account holder transferring the funds and the recipient of such funds. A similar requirement is now being adhered to by the reporting entities providing services related to virtual digital assets as part of travel rule compliance.

The travel rule requires the reporting entity engaged in virtual digital asset-related activities to obtain necessary details about the originator and beneficiary, apply necessary verification measures, and exchange such information with the counterparty VDASP or the recipient service provider.

Here, the one sending the virtual digital assets would be treated as the Originator, and the one receiving them is the Beneficiary.

India’s Adoption Of The FATF Travel Rule In AML

Money launderers have exploited all possible financial instruments to commit crimes. With virtual digital assets’ popularity worldwide, they have also found ways to commit crimes through them. In this regard, compliance with the FATF travel rule will imbibe transparency between the VDASPs regarding the parties involved in the virtual digital transfers.

In line with India’s Prevention of Money Laundering Act 2002 (PMLA), the Central Government of India issued a notification on 07th March 2023 to bring the activities related to virtual digital assets under the ambit of the anti-money laundering regime. Pursuant to this inclusion of VDASPs as the reporting entity under PMLA, the authorities issued detailed AML and CFT guidelines for the reporting entities providing services related to the virtual digital assets on 10th March 2023, laying down the directives and compliance obligations of the VDASPs to safeguard the VDA ecosystem from being exploited by the financial criminals.

Collecting The Necessary Information

Under these guidelines, the VDASPs are mandated to comply with the Travel Rule, which requires the originating VDASPs to collect the required and accurate details about the originator and the beneficiary of the VDA transfer and securely share this information with the beneficiary VDASP along with the transfer request.

The information to be collected by the Originating or Ordering VDASPs and shared with the Beneficiary VDASPs includes:

Originator

Originator’s Permanent Account Number (PAN) or National Identity Number,
Complete name of the VDA transfer’s originator,
Originator’s account number (VDA wallet address) used to process the transaction or from where the VDA transfer has been initiated,
The originator’s geographical location helps in identifying the originator,
Date and place of birth of the originator.

Beneficiary

Name of the beneficiary, i.e., the person named as the recipient of the VDA to be transferred by the originator,
Wallet address of the beneficiary

Role Of VDASPs Involved In The Transfer

Originating VDASP

The ordering or the originating VDASP must obtain accurate details of the originator and the beneficiary, as mentioned above.

Additionally, the VDASP must verify the originator’s identity and address using reliable information as part of the KYC and Customer Due Diligence process. The ordering VDASP is not required to verify the beneficiary’s identity, but the beneficiary must be screened for sanctions checks and be cautious of ML/FT suspicion.

Once the originating VDASP is satisfied with the accuracy and completeness of the required details, it must share them with the beneficiary VDASP along with the VDA transfer message.

Beneficiary VDASP

Upon receiving the details along with the VDA transfer communication, the beneficiary VDASP must check the details to determine if any necessary details are missing.

The beneficiary VDASP must verify the beneficiary’s identity before concluding the transfer if such a person has not been verified as part of the customer onboarding and CDD process.

Intermediary VDASP

An intermediary VDASP facilitating the transfer of virtual digital assets must ensure that the necessary originator and beneficiary details are adequately transmitted along with the VDA transfer trail while retaining the same information at the intermediary level.

The regulated entity must verify the customer’s identity using reliable documents. To verify a natural person’s identity and resident address, a regulated entity must obtain that contains a photograph of the customer, name, unique identification number, date of birth, and nationality.

Additionally, a regulated entity can verify residential addresses based on OVD or recent utility bills, bank statements, etc.

Retaining The Obtained Information

The originating VDASPs must retain the information acquired about the originator and the beneficiary for five (5) years from the date of transfer. Similarly, the beneficiary VDASPs must accurately maintain the originator and beneficiary information obtained from the originating VDASP for a minimum five (5) year’s period.

When Information About The Originator Or Beneficiary Is Not Available

In cases where the VDASPs cannot obtain the required information about the originator or beneficiary or where such information cannot be adequately verified, then the VDASP must not execute the virtual digital asset transfer transaction. Further, if required under the circumstances, the VDASP must consider reporting the suspicion to the Financial Intelligence Unit, India, by submitting the Suspicious Transaction Report.

Counterparty Due Diligence

As part of travel rule compliance, the originating VDASP must apply necessary due diligence measures on the counterparty VDASP, involved in transferring virtual digital assets, adopting a risk-based approach. Further, the originating VDASP must ensure that such counterparty due diligence is satisfactorily concluded before transmitting the information about the originator and beneficiary to avoid any engagement with criminals or aiding the illicit movement of funds.

Challenges Of FATF Travel Rule Compliance And Solutions

FATF travel rule compliance is an excellent method to prevent money laundering in virtual digital asset transactions. With timely collection and exchange of originator and beneficiary details between the VDASPs involved in the transfer, the detection and reporting of money laundering activity become easy.

The travel rule in AML checks virtual asset transactions’ transparency and traceability. It also enables collaboration between VDASPs to better the sector, which could lead to a trustworthy and credible virtual digital asset ecosystem

Challenges

Despite the merits of the FATF travel rule, it also has many challenges, such as

Difficulties in obtaining accurate details about the beneficiary, given the anonymity involved and frequent reference to the wallet address of the beneficiaries.
Delay in exchange of information from the originating VDASP to the recipient VDASP without proper tools and solutions at both ends.
Non-maintenance of the originator and beneficiary details for the required time period.
There is no standardised mechanism worldwide for consistently implementing the travel rule across cross-border VDA transfers. Many countries have mandated compliance with the travel rule, while some are still considering adopting it, making it challenging to exchange information when a transaction occurs between two counterparties in different jurisdictions.

Solutions For Challenges

One possible solution to fight these challenges is innovative technology. The VDASPs can have a technological solution to collect, verify and store data. Also, the data-sharing feature is essential for exchanging information with the counterparty securely and on a timely basis, accompanying the VDA transfer instruction. The onus is on VDASPs to find an appropriate solution to fulfil these needs and promote industry growth.

The solution must be in a universal language understood across countries. Real-time customer identification and verification can be an advanced feature of such a tool. The aim must be to ensure smooth data collection and exchange between counterparties.

Further, the VDASP must make it a policy not to accept the transfer request unless the originator and beneficiary of the VDA transfer are adequately identified.

Niyeahma – Your Trustworthy AML Compliance Consultant

Niyeahma has been leading from the front in AML compliance. We help clients understand the requirements of AML regulations and comply with them. Together with you, we aim to prevent money laundering and terrorism financing threats to your business. So, we take a customised approach to make you AML compliant and protect you from financial crimes.

You can hire us for any or all of the following AML compliance services:

Conducting the Enterprise-Wide Risk Assessment to assess the ML/Ft exposure to your VDA activities
Developing and implementing an AML program for managing the ML/FT risks
Appointing an AML Principal Officer and assisting in setting up an AML compliance department
Creating transaction monitoring rules to detect suspicious VDA transfers timely

Thus, you can find all kinds of support related to AML compliance at Niyeahma.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article India

Mitigating ML/TF risks associated with high-net-worth individuals

The ML/TF risks associated with high-net-worth individuals are high. Their relation to money laundering (ML) and terrorist financing (TF) is two-fold:

Fraudsters and criminals target them because of the presence of many opportunities to commit fraud. High-net-worth individuals can themselves engage in illicit business activities; their wealth might be from illicit sources or dirty money.

If you have a high-net-worth individual as a customer, you are prone to money laundering in both cases. So, you must have appropriate AML measures to deal with the risks of high-net-worth individuals. But first, let’s understand what a high-net-worth individual is in AML and the ML/TF risks posed by them.

Risks associated with high-net-worth individuals (HNIs)

Generally, the definition of HNIs varies from industry to industry and within the same industry. However, an individual with a net worth between US$1 and US$5 million is considered a high-net-worth individual. Net worth means a person’s liquid financial assets. If the individual has a net worth of US$5-30 million, they are very high-net-worth individuals (VHNIs). Then there are ultra high-net-worth individuals (UHNIs) with a net worth exceeding US$30 million.

High-net-worth individuals are more vulnerable to money laundering and other financial crimes. The potential threats include:

With the digitalisation of transactions, high-net-worth individuals’ transactions are at a higher risk. Cybercriminals access these transactions to change the destination of funds transfers.
HNIs might be keeping funds in offshore bank accounts to enjoy the tax savings in that jurisdiction. Also, it helps them transfer funds anonymously or protect illicitly gained assets.
As they are HNIs, they have connections with PEPs, other HNIs, and other influential persons. Such connections might force them to take part in or assist with fraudulent transactions or money laundering activities.

In all these cases, you are at risk as a product or service provider to such HNI. So, when you onboard a high-net-worth individual, consider the risks they pose to your business. Your exposure to such risks will increase your vulnerability to money laundering and terrorist financing threats.

Considering the risks, if you do not onboard such HNIs, you will lose big sales and revenues. It will also affect your credibility in the market. It will not have much impact in the short term, but the long-term effects are unavoidable. So, you need to be cautious while dealing with the AML risks of high-net-worth individuals.

Best practices to deal with ML/TF risks posed by high-net-worth individuals

You must implement the following best practices and AML measures to deal with the risks of high-net-worth individuals:

Maintain a list of ML/TF red flags

The first action you can take is to be aware of the fact that high-net-worth individuals are risky for your business. It does not mean they will indeed cause money laundering or terrorist financing. However, the ML/TF risks are high. So, you must know the potential red flags or warning signs of HNIs’ money laundering activities. Some of these red flags are:

Not cooperating in the KYC and due diligence process
Providing wrong documents or missing out some information in the KYC process
Engaging in financial transfers with unusual patterns, different from their usual transactions
Unexplained or erratic customer behaviour while conducting financial transactions
Using unrelated or unknown third parties in a transaction
Financial activities that don’t align with the HNI’s business
Sudden or unexplained large transactions to or from high-risk jurisdictions
Providing incorrect information on identity, business, or transactions
Too many transactions of buying and selling properties despite financial losses
Linkages to business in sectors like gambling, weapons of mass destruction, or arms trade
Frequent cross-border transactions in jurisdictions with no relation to HNIs’ business interests
A high volume of cash transactions

If you are aware of these, you can take the right action. You can investigate the transaction further to confirm the particulars. If found suspicious, you can report it to the UAE FIU.

Perform Enhanced Due Diligence

HNIs are high-risk customers. Since you know this, you must be ready to implement strict KYC and due diligence on your HNI customers. So, deep research should be conducted on these clients.

Conducting in-depth research on HNI customers’ identities is essential. You must know the following details:

Full names with family details
All the previous residential addresses
Past and present passports held
Nationalities and citizenships of different countries
Professional background
Shareholdings in different entities
Utility bills

Focus on finding every possible information on their wealth, funds, assets, and structuring. So, you must collect and verify the following information on HNIs:

Origin and legitimacy of their funds
Overall wealth (holdings and assets) and their sources
Types of assets like properties, salaries, investments, inheritances, dividends, bonuses, and shareholdings
Financial statements
Identifying their structures’ complexity
Presence in opaque and risky jurisdictions

All these data points help you spot suspicious activities or transactions.

Perform name screening

HNIs are hi-fi individuals known to the public. But you must be careful before dealing with them. In addition to due diligence, try every possible method to learn more about them. Conduct a deeper examination of their identities and financial behaviour. Screen them against lists of:

National, regional, and international sanctions released by authorities
Terrorists or terrorist-funding organisations
Politically Exposed Persons (PEPs)
High-profile people with links to financial crimes like money laundering, corruption, bribery, etc.

It’s not enough to check only if HNIs’ names are on the list. HNIs might have linkages to people featured in these lists. So, you must also verify those points. Use databases and intelligence tools for any linkages to illicit activities.

Another check that is essential for you is adverse media sources. Check if their names appear in any adverse news related to crimes. Any negative mention of their names in media must be investigated in depth. The issue is that some criminals own such media channels or pay them good money to hide their negative news. They plant more positive news about themselves to paint an optimistic picture. That is why you must have experts working on investigating HNIs.

Examine tax compliance status

Checking high-net-worth individuals’ sources of wealth, linkages to financial crimes, and assets is crucial. But another critical factor that is generally ignored is their tax compliance. You must know about their tax compliance status to decide on their connections with illicit activities.

Generally, criminals use many offshore bank accounts to transfer money from one tax jurisdiction to another. Also, they engage in multiple global money transfers, which is, again, a suspicious activity. They also use structures like trusts, shell companies, and charities to invest, move, and control assets.

Collect necessary data on their tax compliance to understand if they are compliant. Identify any tax evasive strategies they have used in their past or current operating years. Check if they have used shell structures or other opportunities to avoid paying taxes or mitigate tax liabilities illegally.

Ongoing monitoring

You have already conducted KYC and due diligence. However, there is a chance that you will miss some data points or fail to focus on a document. So, ongoing monitoring is essential to prevent any money laundering risks to your business from high-net-worth individuals.

Constant monitoring helps to factor in:

Changes in the data of HNIs
Emerging risks of money laundering and terrorism financing
Advanced technologies and techniques for collecting information
Variations in HNIs’ risk profiles

If you have HNIs as customers, conduct real-time monitoring of their transactions. You must look for some unusual patterns or suspicious activities. Set a threshold or limit to transactions and investigate them if you observe outliers. Manual reviews of such suspicious transactions enable you to draw more conclusions.

Scrutinise crypto investment or payment

Are your high-net-worth customers dealing in cryptocurrencies?

Do they make payments using cryptocurrencies?

If your answer is yes to any of these, you must be extra careful. Cryptocurrencies are more vulnerable to money laundering. Also, cryptocurrency transactions have a higher degree of confidentiality and privacy. This fact makes it easier to conceal the illegitimacy of a transaction.

That is why if your HNI customer uses cryptocurrencies, conduct more investigations. Check if they are trading crypto assets or have invested in such assets. All these data points help you confirm your high-net-worth customers’ legitimacy.

Partner with an expert AML consultant

All of the above measures are necessary to confirm the identities of your HNI customers. You need to know them in and out to check for any connections with financial crimes. Collecting and verifying all these data points is an arduous task. So, hiring a specialist AML consultant who performs identity verification is a better option.

Search for a services provider with expertise in KYC and customer due diligence. One, who can collect all information on high-net-worth individuals and verify with respective documents. The vendor must have industry connections, access to databases, and skilful professionals to conduct these exercises. They will have complete knowledge of UAE’s AML regulations to ensure compliance. Such expertise is essential to ensure data accuracy, relevance, and completeness for high-net-worth customers.

So, as a regulated entity in UAE with high-net-worth individuals as customers, you must apply these seven AML measures to avoid falling prey to money laundering risks. For the last one, you have the best option in Niyeahma as your expert AML compliance partner.

Niyeahma – your partner for professional AML consulting services

Niyeahma is an expert provider of AML compliance consulting services in the UAE. You can always ask our experts for help in AML compliance. With immense knowledge and extensive experience in AML compliance, our professionals can help you through any AML procedure.

We help you with KYC, due diligence, and screening of all types of customers. If the customers are high-net-worth individuals or high-risk, you’ll have more digging to do. Our AML experts manage all data collection and verification with a unique investigative approach. We help you build customers’ risk profiles so that you know whom to onboard and, thus, take a risk-based approach to fight ML/TF.

Besides KYC and due diligence, our expertise lies in:

Monitoring transactions of your customers
Conducting risk assessments and building customers’ risk profiles
Creating and implementing customised AML policies and procedures
Selecting proper AML software for your compliance needs
Hiring and appointing an expert AML compliance office
Forming a capable and skilful AML team for your business

So, for all these needs, you have one contact to call – Niyeahma.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Customer Due Diligence Requirement under IFSCA AML Guidelines

Navigating the AML Regulatory Framework in India

Customer Due Diligence Requirement under IFSCA AML Guidelines

Customer Due Diligence Requirement Under IFSCA AML Guidelines

As an international financial hub, the International Financial Service Centre in India provides a platform for businesses operating within to increase their customer base and expand their reach on a global scale. With global exposure, the risk of such businesses being used as vehicles or channels for furthering the movement of illicit proceeds or carrying out illegal activities (such as money laundering (ML), financing of terrorism (FT) and proliferation financing (PF) of weapons of mass destruction) also increases. Thus, the performance of adequate Customer Due Diligence measures is an integral part of the IFSCA anti-money laundering (AML) framework.

The ML/FT and PF risks may arise from various factors such as customers, geographies to which customers belong, delivery channels, modes of transaction, etc. The IFSCA has issued IFSCA Anti-Money Laundering, Counter-Terrorist Financing and Know Your Customer Guidelines, 2022 (IFSCA AML Guidelines), which provide for entities operating in the IFSC to conduct Customer Due Diligence process to mitigate the ML/FT and PF risks posed by customers.

Customer Due Diligence (CDD) enables businesses to check the legitimacy of their prospective customers by identifying and verifying their identity details and ensuring that the customers are indeed the persons or entities they claim to be. This safeguards their businesses against potential financial crime threats.

What Is Customer Due Diligence?

Customer Due Diligence is a process that includes identifying and verifying the customer and the beneficial owner (in the case of corporate customers) using reliable and independent sources. The CDD measures are focused on customer identification to check their authenticity and legitimacy. It includes a set of internal controls that help businesses establish a customer’s identity, determine the nature and purpose of transactions that the customer is likely to engage in and assess associated ML/FT, and PF risks the businesses may face when dealing with such customers.

Further, depending on the risk-based approach, the degree of strictness and scrutiny of the CDD measures shall vary according to the ML/FT and PF risks posed by various customers.

Role Of CDD In AML Regulatory Compliance

CDD is a crucial element of the IFSCA AML Guidelines as it helps verify the identity of customers, assess their risk profiles, and monitor their transactions to detect and prevent financial crimes. With the implementation of the CDD procedures, regulated entities can determine the varying levels of risk associated with different customers and establish the appropriate CDD measures for risk mitigation.

The CDD process provided under the IFSCA AML Guidelines maps out a comprehensive framework for addressing potential threats of ML/FT when engaging with both new and existing customers. Thus, it assists regulated entities in safeguarding themselves and maintaining compliance with regulatory requirements.

When Is CDD Required?

The CDD process is a must before establishing the business relationship to establish the identity of the prospective customer. Additionally, the regulated entity must undertake CDD measures on an existing customer if there are doubts regarding the authenticity and legitimacy of provided documents, data, or information. Further, CDD measures should be undertaken if the regulated entity comes across suspicions of ML/FT, a change in the customer’s risk rating, or any material change in the customer’s circumstances.

Thus, CDD is also crucial on an ongoing basis, in the course of the business relationships, to ensure that the customer’s identified profile holds good and that any changes in the identification details are immediately identified, which may pose an increased risk to the business.

Who All Are Subject To CDD By The IFSC Regulated Entities?

As per the IFSCA AML Guidelines, CDD measures must be adequately applied to all customers, whether individuals, legal persons, or legal arrangements, including the beneficial owners of such legal persons or arrangements.

Decoding The Customer Due Diligence Process

Customer Due Diligence is a necessary procedure that must be undertaken in a structured manner with utmost due care to better comply with the IFSCA AML Guidelines while achieving its objective of safeguarding the business against potential financial criminals. Here is a detailed note on the elements of the CDD process that you need to keep in mind:

Data Collection And Verification (Know Your Customer)

The first level of CDD involves identifying and verifying the customer’s identity and understanding the nature of the business. This process is generally known as “Know Your Customer” (KYC). The regulated entity must undertake the KYC process and seek information from its natural and legal customers.

After collecting the data, CDD’s next step is to verify all such customer information. It is essential to verify the information provided to check its adequacy and establish the authenticity of the customer and proposed business relationship. A customer with ill intentions of routing illicit funds may furnish information that may not be legitimate. Therefore, verification becomes crucial so that the regulated entity can mitigate risk by knowing the true identity of a customer and understanding the purpose of the transaction.

The critical components of the KYC are as follows:

1. Identification and Verification of Identity of Customer

A regulated entity must collect KYC information from the customers, whether a natural person or a legal structure.

2. Natural Person

This information typically includes a natural person’s full name, Unique Identification Number, date of birth, nationality, address, and contact details.

The regulated entity must verify the customer’s identity using reliable documents. To verify a natural person’s identity and resident address, a regulated entity must obtain that contains a photograph of the customer, name, unique identification number, date of birth, and nationality.

Additionally, a regulated entity can verify residential addresses based on OVD or recent utility bills, bank statements, etc.

3. Legal Person

A legal person established in whatever form must provide KYC information containing the full name and trading name, Unique Identification Number, registered or business address, principal place of business, date and place of incorporation. Furthermore, in cases where the customer is a legal person or legal arrangement, a regulated entity shall also identify the legal form, constitution and powers that regulate and bind the legal person or legal arrangement.

The regulated entity shall verify the legal form, proof of existence, constitution, and document defining regulatory powers. For such purposes, a regulated entity must obtain a certificate of incorporation, partnership deed/agreement, trust deed, constitutional document, certificate of registration or any other document.

4. Identification and Verification of the Natural Person appointed to act on behalf of the Customer

A natural or legal person may appoint one or more natural persons to deal with on its behalf for business purposes. Therefore, a regulated entity needs to identify and verify such a person. All documents specified above should be obtained from appointed natural persons acting on behalf of the customer. Additionally, documents authorising the appointment of such a natural person should also be obtained, including power of attorney, resolutions passed by the governing body, etc.

5. Identification and Verification of Identity of Beneficial Owner

CDD measures should also use relevant information to identify the beneficial owner of the customer, who is a legal person or legal arrangement. This includes understanding the customer’s control or ownership structure.

For legal persons, the regulated entity should identify the natural persons exercising control over the entity through ownership. In case of uncertainty or no natural person owning the legal person, the regulated entity should identify the natural persons having effective control over it.

For legal arrangements like trusts, the information regarding beneficial owners includes the trust’s author, trustee, beneficiaries having a significant interest, and any other person exercising control over the trust.

The IFSCA AML Guidelines have prescribed certain percentage thresholds for varying legal structures to determine ownership or control rights. For example, a beneficial owner of a corporate entity is a person who holds more than 10% of the entity’s shares.

6. Information on the Purpose and Intended Nature of business relationship

When gathering customer information, a regulated entity must also obtain information regarding the purpose and intended nature of a customer’s business relationship. To collect such information, a regulated entity should employ methods that align with the risk level and complexity of the regulated entity’s business.

Name Screening

Sanction screening is a process to ensure that the regulated entity does not deal with the organisations and individuals sanctioned under the Ministry of Home Affairs, United Nations Security Council, and other relevant sanction lists, as per the firm’s risk-based approach.

Thus, name screening is performed primarily to check whether customers are designated under any local or international list of banned or sanctioned persons. For name screening, the regulated entity must scan the customer against the national list issued by the Ministry of Home Affairs, the UNSC sanctions list, or any other international sanction lists relevant to the particular business relationship.

Additionally, screening must be undertaken to identify if any customer is a Politically Exposed Person (PEP) or has connections with financial crime as captured in reliable adverse media sources.

The regulated entities must conduct the sanctions screening to reinforce the KYC process and identify any additional details that may impact the customer’s risk profile.

Customer Risk Profiling

The risk landscape related to customers is multifaceted and affected by various factors. Thus, customer risk profiling is essential as it establishes the customer’s risk profile and helps determine the level of due diligence required of every customer. The IFSCA AML Guidelines mandate that regulated entities assess the risk posed by each customer. In accordance with risk assessment, the regulated entity applies mitigation measures, adopting a risk-based approach.

Thus, the regulated entities must assess the level of ML/FT risk the customer poses to the business and determine its risk profile while establishing the business relationship or executing a transaction. Here is the list of parameters that must be considered to assess the customer risk systemically:

Timing and seasonality of transactions
Involvement of counterparties and intermediaries
Customer’s financial profile
Ownership and management structure
Nature and purpose of the business relationship
Location of customer
Nature of customer’s activities
Estimated size or value of the transaction

Based on these parameters, the regulated entities must determine the degree of customer involvement in a business relationship and classify the customers as high, medium, or low. With this risk allocation, the regulated entities can tailor the risk mitigation strategies for each customer to effectively mitigate the risk while staying compliant with the AML regulatory framework.

Here are the required or permitted modifications to the standard CDD measures as per IFSCA AML Guidelines, depending upon the degree and severity of the ML/FT risks:

Enhanced Customer Due Diligence (ECDD)

When a customer is identified as high-risk, there is increased ML/FT risk associated with them. Therefore, additional identity checks and verification measures are to be applied. These additional measures to be applied under ECDD include identifying and verifying the customer’s source of funds and wealth and seeking senior management approval before onboarding the customer or executing the transaction.

Simplified Customer Due Diligence (SCDD)

Simplified Due Diligence means applying relaxed identification checks and measures to manage risk when customers are designated low-risk. Therefore, SCDD measures allow regulated entities to adopt a process where lower ML/FT risk is adequately managed with optimal resource utilisation.

Ongoing Customer Due Diligence

The ongoing monitoring of the business relationship offers the regulated entity an opportunity to determine if the risks originating from the customer are still the same as identified at the time of customer onboarding. The ongoing CDD process allows for the regulated entities to monitor their customers’ profiles on an ongoing basis and assists the entities in timely spotting any fluctuation or change in the risks, empowering them to take prompt mitigation actions.

Periodic Updating of CDD

As part of ongoing CDD, the regulated entities must periodically review and update the customer’s documents and CDD information to reflect any necessary updates, such as a change in address or renewal of an important document such as a passport. Thus, as part of ongoing CDD, this period of CDD update measures shall ensure that customer information gathered remains updated and relevant to determine the customer’s existing risk profile.

The regulated entities should adopt a risk-based approach to conducting periodic CDD updates. According to the IFSCA AML Guidelines, the frequency of periodic CDD updates varies based on customers’ risk levels.

Record Keeping

This is the last step, which requires the regulated entities to maintain the CDD-related records adequately for six (6) years from the date the business relationship ends or the transaction is completed. Systematic record-keeping facilitates the regulated entities’ meeting of their reporting obligation and furnishing such details to the concerned authorities or any law enforcement agency immediately upon request.

What Happens When CDD Is Not Performed?

Onboarding customers without applying any CDD or inadequate measures can subject a regulated entity to severe risks such as reputation loss, compliance risk, and financial loss. It is mandated that a regulated Entity establishes a business relationship only after employing adequate CDD measures to identify the customer and associated risk. When a regulated entity cannot perform or complete the CDD process for a customer, the IFSCA AML Guidelines impose certain restrictions on the regulated entities, such as:

It should avoid opening an account and provide a service to the customer.
It must not conduct a transaction with or for the customer whose CDD has not been conducted.
When CDD measures are not undertaken, a Regulated Entity must terminate or suspend any business relationship with the customer.
A regulated entity must return any funds or assets received from the customer.

Furthermore, in such cases, it is crucial to assess whether the lack of CDD requires the submission of a Suspicious Transaction Report (STR).

Imposing these restrictions on a regulated entity where the CDD process is not properly conducted is to protect the business from inadvertently facilitating any transactions leading to ML/FT crimes.

Best Practices For Implementing Effective CDD Program

For implementing CDD measures effectively, here are a few points that a regulated entity should consider:

Including CDD Program Into Internal AML Policy And Procedures

The regulated entity should incorporate CDD procedures into its AML/CFT policies, procedures and controls to improve consistency in CDD measures implementation across the organization. The CDD program must detail the KYC process, the details to be obtained, the documents and sources to be relied upon for verification of the customer identity, the frequency of ongoing CDD and periodic review, etc.

The AML policy should also define staff roles and responsibilities in conducting CDD. This will promote clarity and compliance with regulatory requirements.

Appointing A Competent Person To Conduct CDD

It is essential that the person overseeing compliance with regulatory requirements is skilled and has the expertise to conduct CDD procedures. Customer-facing CDD staff should know basic CDD procedures, associated red flags, and ML/FT and PF typologies. Employing such a skilled person for CDD measures enhances the productivity and accuracy of the CDD process and brings efficiency to the AML efforts to protect the business.

Implementing Software And Tools For Conducting CDD Rd Of India

A regulated entity must consider employing suitable tools to streamline and improve the CDD process. These software include various aspects such as identity verification systems, collecting information from different sources, sanctions screening, systematic customer risk assessment, and ongoing transaction monitoring.

Employing Data Security Measures

CDD collects customers’ data, which needs to be handled carefully. Thus, while conducting CDD procedures, a regulated entity should include encryption protocols, controlled access to the data, and audits to prevent data breaches. Data security measures help businesses gain the trust of their customers and protect their data from unauthorised access. By implementing and making its customers aware of the regulated entity’s Data Protection and Privacy Policy, the regulated entity ensures it utilises and stores customer data solely for regulatory compliance, ensuring transparency and accountability in data handling practices.

Periodic CDD Reviews And Updates

As mentioned above, the IFSCA AML Guidelines provide for the periodic review of customers’ CDD files. A regulated entity must include a methodology and a system to conduct periodic reviews to keep up with changes related to customers’ business, wealth, and overall profile. Keeping up with new updates helps businesses be more vigilant towards suspicious activities and proactively identify and manage the risk.

CDD Training And Awareness Programs

As a regulatory requirement, the regulated entity must conduct regular training sessions and awareness programs to educate staff about processes, procedures, and the importance of CDD. This helps update employees with emerging AML trends and clarify their roles and responsibilities in ensuring compliance with regulations. Furthermore, training programs should be tailored to employees’ specific needs and roles, such as training programs for senior management, operational staff, and managers.

Conclusion

CDD is an essential factor for mitigating risks associated with ML/FT. An IFSCA-regulated entity that implements CDD practices can establish the identity of its customers, understand the nature of its business relationships, and assess the potential risks involved in the particular business relationship. Additionally, for better performance, best practices in CDD should be employed, such as incorporating a CDD program within the documented AML policy, employing adequate AML software to empower the CDD process, and conducting AML training for the staff.

Therefore, prioritizing CDD not only helps organisations comply with regulatory requirements but also safeguards their financial integrity and reputation.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article India

Why is Record-Keeping of Customer Identity and Transactions necessary?

Illicit financial activities, such as money laundering, financing terrorism, and proliferation financing (ML/FT and PF), hamper the integrity of the economy as well as the operations of business entities. To combat these illicit activities, businesses adopt robust Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) measures, which are aligned with the regulatory framework.

As part of the UAE’s AML/CFT regulatory framework, all regulated entities, including Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs), are required to maintain records of KYC, CDD, EDD, transactions, audit logs, software audit trail, AML/CFT policy, procedures, etc.

In this article, we’ll discuss why record keeping of customer identity and transactions is important and what its best practices are.

What is Record-Keeping?

Whenever regulated entities undertake measures and activities to mitigate ML/FT and PF risks, such as customer due diligence, transaction monitoring and AML audit, they generate several documents in the process. Maintaining these documents is necessary as it makes it easier for them to access data as and when required, which is crucial for combating financial crimes, including ML/FT and PF.

This is the essence of AML record-keeping. Therefore, record-keeping in the AML framework means maintaining documents pertaining to AML measures that include customer identity records, transaction records, adverse media checks, etc. Record-keeping thus carries a significant purpose in ensuring AML compliance.

What type of records are required to be maintained?

The types of records that regulated entities need to maintain depend on the regulations they need to follow. In the UAE, regulated entities must maintain records related to various compliance measures undertaken by them.

Here is a comprehensive list of customer-related information and transactions which require record-keeping in the UAE:

1. EWRA, Internal policies, Procedures and Control Measures

The CDD process includes verifying the customer’s identity and keeping a copy of references and other related pieces of evidence. Other documents include a copy of identities and any other additional information that must be maintained to facilitate regular monitoring of the records. Companies must also keep customers’ scanning process records on various checks such as PEP and Sanction. They can present them as evidence to the investigation agencies as and when needed.

As part of policies and procedures, regulated entities need to establish a risk appetite statement that provides the entity’s stand on accepting risks and sets a base to analyse trade-off decisions. A risk appetite statement helps everyone understand the level of risks the entity is willing to take and accordingly apply suitable control measures.

Furthermore, based on risk appetite, the regulated entity must also identify and enforce AML control measures to combat ML/FT and PF risks associated with the entity.

2. Customer Due Diligence

It is essential for regulated entities to conduct the CDD process to measure ML/FT and PF risks associated with customers. There are various elements for an effective CDD. The CDD process includes conducting know-your-customer (KYC) measures to verify the customer’s identity. It is required to maintain KYC records along with supporting documents like Emirates ID, Passport, Utility Bill, etc.

Customer risk assessment is a key component of the CDD process that helps detect and prevent ML/FT and PF risks by evaluating the risk associated with each customer. Regulated entities must maintain customer risk assessment documents as evidence of their risk profiling.

Based on customer risk assessment, regulated entities are needed to undertake Enhanced Due Diligence (EDD) for higher-risk customers that pose ML/FT and PF risks and thus present increased exposure to them. They need to maintain any additional information related to customers within CDD records concerning EDD.

3. Transactional Records

Regulated entities have to keep a record of the business relationship- transactions involved from five years of completing the transaction. The various transaction records involve purchase orders, sales orders, invoices, receipts, payments, credit and debit notes and correspondence with the business. Regulated entities must maintain all the documents to establish a proper audit trail.

4. Regulatory Reports

To meet the internal and external reporting requirements, regulated entities must maintain all submissions made to the regulatory authorities.

As a part of his responsibility, the compliance officer prepares a semi-annual AML compliance report, which he submits to the senior management. These reports must be preserved. Further, semi-annual reports submitted to the regulatory authorities must be preserved for a period of 5 years.

The AML regulations in the UAE mandate the regulated entities to identify suspicions related to ML/FT and PF and report such suspicions by filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR). As part of record-keeping compliance, they must keep records of STR/SAR.

In addition to MLRO and STR/SAR, the regulated entity needs to submit additional reports based on the nature of the customer’s business, circumstances and place of the customer’s business or transactions. These reports include the High-Risk Country Report, High-Risk Country Activity Report, Real Estate Activity Report, Fund Freeze Report, Partial Name Match Report and Dealers in Precious Metals and Stones Report. Regulated entities in the UAE are mandated to maintain such reports.

An Independent AML Audit report issued by the external auditor must be preserved for at least 5 years.

5. Correspondence and Directives Issued by Regulatory Authorities

Regulated entities should also keep records related to communication and directives issued by regulatory bodies, ensuring compliance with applicable laws and regulations. With such records, regulated entities in the UAE can effectively manage risks associated with their customers and transactions and help supervisory authorities keep checks and balances.

6. Training Logs

Training logs are key tools within the AML/CFT framework. They ensure that staff and employees within businesses are adequately trained to fulfill their responsibilities effectively. By maintaining comprehensive training logs, regulated entities demonstrate their commitment to AML/CFT compliance, fostering a culture of compliance within the organization and empowering staff to detect and prevent financial crimes effectively.

Why is record-keeping of customer-related information necessary?

Record-keeping is an integral part of the AML/CFT framework. It supports various compliance activities like customer due diligence, transaction monitoring, reporting, compliance documentation, regulatory examinations, and investigations. Properly maintained customer records are essential for compliance with AML regulations.

Here is the list of reasons that make record-keeping of customer information and transactions necessary:

Legal and Regulatory Compliance

The AML/CFT regulatory framework requires regulated entities to maintain customer-related AML records. If a regulated entity fails to maintain records, it can result in legal consequences, fines, or penalties. Therefore, having a system for record-keeping helps in avoiding legal implications.

Customer Due Diligence

AML regulations require regulated entities to conduct due diligence on their customers to assess their risk levels and verify their identities. Record keeping helps regulated entities maintain proper documentation of customer information, identity verification, and risk assessments. Furthermore, it helps them avoid any financial and reputational loss in case a customer is engaged in illicit activities.

Proactive Monitoring

Regulated entities are required to monitor customer transactions for suspicious activities that may indicate money laundering or other illicit activities. Record-keeping plays a vital role in enabling proactive monitoring from an AML/CFT standpoint.

Regulatory Reporting

When suspicious activities are detected, financial institutions must file SAR/STR with the appropriate regulatory authorities. Proper record-keeping ensures that all necessary information related to the customer’s suspicious activity is documented and can be provided to regulatory authorities.

Performance Evaluation

Record-keeping helps regulated entities assess the performance of AML measures across the entire organisation, including those measures incorporated for customers. By tracking KPIs over time, regulatory entities can easily identify AML measures’ strengths, weaknesses, and gaps for improvement.

Decision Making

Records provide valuable data and insights that aid in making informed decisions. Whether it’s about customer-business relationships, control measures, or strategic direction, having access to historical records enables better decision-making. A well-structured record-keeping system allows for better tracking of suspicions, which in turn helps in making informed decisions.

Independent AML Audit

Regulated entities need to appoint an independent AML auditor to carry out the audit of their AML/CFT compliance. Record-keeping facilitates such audits.

Inspections and Investigationsit

Often, regulatory authorities come for inspections and ask for various compliance records. Record-keeping also helps investigators conduct investigations into cases related to money laundering and terrorist financing.

How do you maintain customer identity and transaction records?

Record keeping procedure depends on local and global regulatory requirements. The number of records required to be maintained affects the manner in which such records are maintained. The records can be maintained physically or in an electronic form. Ideally, the following documents should be maintained:

Original documents
Photocopies of original documents
Documents stored in electronic form

It is noteworthy that the records maintained should be easily accessible. If the source documents are available in a foreign language, then translated copies must be made available to ensure AML/CFT compliance.

Challenges for maintaining customer records

Although it is necessary to keep records of customer information and transactions, regulated entities face various challenges in maintaining an efficient system.

The following are some major challenges:

Large and Complex Data

Customer records are comprehensive data that include information relating to customer due diligence, transactions, ongoing monitoring, suspicion reports and internal policies, procedures, and controls. Thus, handling the large volume and complexity of AML records becomes challenging for businesses.

Regulatory Variations

Global businesses have to adhere to multiple laws and regulations. Such variations in regulatory requirements pose a constant challenge as every jurisdiction requires different record-keeping obligations, making adherence to regulatory frameworks challenging for the entities.

Privacy and Consent

KYC information is personal in nature. Before keeping records, regulated entities must obtain consent from the person to whom such information belongs. However, customers are hesitant to provide information due to privacy concerns. Further, remote onboarding procedures require liveness checks, IP address logging, etc. If customers are not willing to part such information, it becomes difficult to onboard customers.

Data Security

Keeping a large amount of data requires effective security measures. Businesses face challenges in ensuring the security of sensitive data. Additionally, information pertaining to customers and their transactions is very sensitive and is targeted by criminals for facilitating their illicit activities. This obligates regulated entities to deploy enhanced data security measures.

Incomplete and Inaccurate Data

There is an abundance of information collected by the regulated entity from various sources while undertaking AML measures. However, not all information is relevant, complete, or accurate. It becomes a challenge to segregate qualitative and accurate data from the amount of information available.

Best practices for effective record-keeping of customer information

It is essential for regulated entities to implement effective record-keeping measures to maintain accurate documentation concerning customers and third parties.

Here are some best practices that regulated entities can establish for record-keeping of customer information:

Implement Document Management Software

Document management tools provide a harmonious and logical filing system that is easy to understand and use. Regulated entities can implement such tools to standardise AML record-keeping processes for maintaining customer information and transactions across their operations.

Use Cloud-based Storage

Regulated entities collect a large volume of customer data for which they can use cloud-based storage. The transition to cloud-based storage solutions can help them store records while providing scalability and accessibility.

Implement Security and Privacy Guidelines

Customers have privacy concerns about data usage and retention, which makes it difficult for regulated entities to obtain consent from them. Thus, to maintain their trust, they should establish clear data usage and retention policies which comply with relevant privacy regulations.

Deploy Data Security Tools

Keeping a large amount of data requires effective security measures. For this purpose, regulated entities should implement encryption technology, firewalls, etc., to limit unauthorised access and tackle data breaches.

Backup and recovery

Maintaining customer information is very important for regulated entities, and any loss of data can lead to major repercussions. Thus, regulated entities must implement backup procedures for records to prevent data loss by system failure or cyber-attacks. Further, they should also develop a recovery plan to ensure that records can be quickly restored in the event of loss.

Regular Updates and Review

Regulated entities must regularly update their systems and underlying procedures to remain compliant with the ever-changing regulatory environment. Internal health-check reviews must be conducted to find discrepancies in record-keeping and take immediate remedial measures.

Final Words on Maintaining Effective Customer-related Records

For regulated entities, record-keeping of the identities of their customers and transactions is crucial to ensure compliance with regulations, manage risks, and easily access data for submitting it to the authorities as and when required.

Niyeahma is a global AML/CFT consulting firm assisting regulated entities in deploying countermeasures to curb financial crimes.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

AML measures for non-face-to-face customers

Financial institutions and DNFBPs have moved to the next level of customer service. One such aspect that they cover is non-face-to-face customer onboarding or transactions. However, the ML/TF risks associated with such customers are high, and that is why you need well-defined and strict AML measures for non-face-to-face customers.

A customer’s physical absence during onboarding is a red flag of money laundering or other financial crimes. Also, such customers avoid meeting the officials of regulated entities. In some cases, customers are present at the time of onboarding but conduct all transactions remotely. Such non-face-to-face (NFTF) customers have a high risk of money laundering for these entities.

To negate the chances of money laundering, you need to be extra careful during identity verification. That is, again, a task since you must have more documents to verify identities and addresses.

The task of onboarding a remote customer is full of challenges, and here is the article that provides insights on implementing appropriate AML measures for non-face-to-face (NFTF) customers.

How do non-face-to-face clients pose a threat to your business?

Technology has made rapid inroads into DNFBPs, VASPs, and FIs. Customers require on-demand, anytime, and anywhere services. They want to perform remote and digital transactions to avoid physical presence and visits. These are digital transactions conducted via mobiles or the internet.

ID verification and KYC software make all of these possible. Many regulated entities, especially banks and other financial institutions, have embraced such digital business methods.

Customers prefer digital transactions to avoid visiting the vendor’s offices.

The biggest demotivators are the hassle of visiting the office, providing hard copies for conducting transactions and standing in queues. Digitally, you can manage several transactions at your convenience with online documentary proof. So, less effort and faster service.

But, in such cases, money laundering risks for the regulated entity increase. Remote onboarding of non-face-to-face customers exposes DNFBPs and VASPs to the following risks:

Fake identities

Customers can use fake identities to open an account with your business and conduct transactions. Since you won’t be able to associate their wrongdoing with a face and identity, it becomes difficult to capture them. This anonymity of non-face-to-face customers increases the ML, TF, and PF risks for your business.

Limited visibility of customer behaviour

Physical interaction with customers enables an understanding of their behaviour. In the absence of such face-to-face meetings, you have no idea of their conduct and actions. So, it becomes difficult to identify suspicious behaviour, activity, or transaction.

Transaction speed

Digital transactions are faster than normal in-person transactions. So, money launderers prefer to engage in non-face-to-face transactions so that criminal activity occurs faster before anyone detects suspicious behaviour.

Hidden ownership structures

In the case of non-face-to-face customers, understanding the ownership structure is challenging. They might be using this anonymity feature to hide their beneficial ownership. There might be possibilities of the presence of shell companies to conduct transactions. This is a widespread way by which non-face-to-face clients launder money.

With in-person onboarding, the compliance team gets a chance to ask questions and counter-question the customer. Remote onboarding works in a pre-defined way and offers little flexibility. Further, the human element is missing, so judgement is on technology to identify suspicious customers and their activities.

Cross-border transactions

Engaging in cross-border transactions is the most effective way for non-face-to-face financial criminals to conduct crimes. Identifying the origin and destination of funds in transactions conducted across different jurisdictions is challenging. Also, it becomes easier for anonymous customers to hide these details or produce false documents. This is how money laundering occurs predominantly in such cases.

Third-party risks

DNFBPs and VASPs who rely on third parties to conduct KYC and CDD expose themselves to ML/TF risks if the third parties do not adopt adequate procedures for customer identification and verification. The criminals may exploit the vulnerabilities existing in third-party KYC and onboarding procedures and misuse the system.

Data security and privacy

Online onboarding exposes the firm to data security and privacy breaches. The genuine customers’ accounts may be taken over by criminals to perform their illegal activities, and this exposes the DNFBPs and VASPs to various types of ML/TF risks.

You must devise and apply effective AML measures to reduce the risks of such occurrences and fight the money laundering threats.

Common ML/TF Typologies employed through NFTF Channels

Smurfing and structuring are the most common ML/TF typologies employed by criminals onboarded through NFTF channels.

Structuring

Criminals are resorting to structuring split large transactions into several small transactions to avoid their detection. Normally, regulators across the globe have specified thresholds for reporting cash transactions. The criminals smartly plan their transactions to avoid crossing the thresholds.

Smurfing

Smurfing is similar to structuring. Here, the criminals split transactions into small amounts and use multiple parties to deposit funds into the banking system.

Effective AML measures for non-face-to-face customers

Following are some of the effective AML measures that you can carry out to manage your ML/TF risks arising out of the digital onboarding of customers:

Develop a risk-based approach to respond to risks related to non-face-to-face clients

Understand that the risks from non-face-to-face clients are high. So, you must be better prepared for such customers. Your AML measures for non-face-to-face customers must be well-planned and defined. Give it due importance in your scheme of things so that you can prevent and avoid the risk.

Take a risk-based approach to such customers depending on the following factors:

Industry of your operations
Location of customers
Money laundering threats from customers

If customers’ risks are high, enhanced due diligence measures should also be implemented. If the risk is low, you can continue with the existing KYC and simple due diligence.

Create customised identification and verification procedures

Since the risk is high, you can have custom identity checks to protect your business. Define the minimum criteria for accepting non-face-to-face customers. This depends on the nature of your business operations. If your sector is more susceptible to money laundering threats, it’s better to avoid such remote online customers. You can define new verification procedures like submission of more documents, manual visits to the client’s office, or any other relevant action.

Conduct in-depth KYC to understand the risks of non-face-to-face customers

The first thing to match for the regulated entities is the customer’s face with the identity document. You make a decision based on a match or no match. However, in the case of non-face-to-face clients, the customer’s face is not available to match. This is a big challenge for you.

You can face such situations when onboarding a new remote customer or while conducting a transaction. So, you must have a stringent KYC policy to know your customers better. The KYC and CDD measures are the same, plus some additional aspects. Since the risk is higher, you must ensure the following:

Check for certification and attestation of documents. Such certification must be from specific authorised individuals or organisations. Such attestation can facilitate higher credibility in the authenticity of documents.
You must also ask for additional proof to know the non-face-to-face clients better. These documents must be from reliable sources that can verify these customers’ identities.
Have a known third party to guarantee the authenticity of such customers. Check if your existing customers, suppliers, or associates have complete knowledge of these customers. Also, ensure that you have complete KYC and due diligence of these third parties.

Consider the non-face-to-face clients’ geographical location

One aspect that you can consider critically is the geographical location of your customers. Be very careful about who you onboard as a customer. Have second thoughts if the customer is from any of the following jurisdictions:

Economically sanctioned
Weak AML controls or financial systems
Politically unstable
High levels of corruption, drug trafficking, human trafficking, terrorism, or smuggling

If your non-face-to-face customer is from any of the above jurisdictions, the smarter decision would be not to onboard them. By onboarding them, you’ll increase your risk exposure. You’ll need to put more effort into KYC and CDD before transactions.

Apply enhanced due diligence measures for non-face-to-face clients

You don’t have the customer in front of you for conducting the transaction. It means identity verification is a challenge. Since the risk is high, you can’t let it go. So, you must apply enhanced due diligence measures to prevent the risks of financial crimes:

Exercise caution before engaging in transactions with these non-face-to-face clients. The first payment must be from a known bank account in the customer’s name. Even for the succeeding transactions, check the details thoroughly.
Use safe and secure electronic identification technologies to verify the identities of your non-face-to-face customers.
You can also check the national registers of trade, businesses, associations, and patents. Even the population and credit data registers can help you confirm the identities of your non-face-to-face customers.

A combination of these identification and verification techniques can ensure the authenticity of your customers’ documents and identities. But do check the dates of the latest updates to these registers for timely information.

Hire third parties for identity verifications of cross-border customers

Dealing with non-face-to-face clients becomes challenging when they reside in other countries. The identity documents are different from the local UAE documents. However, you must get all possible identity and address evidence from your customers. Now, match the details provided by the customers with these documents.

One solution in these cases is to hire third parties for such certifications to prove the authenticity of documents and identities. However, you must be careful before engaging with a third-party provider. Ensure that the provider is registered and licensed in the jurisdiction of its operations. Check the quality of its KYC and due diligence technology systems and procedures. Also, management understanding and technical acumen are required to ensure quality services.

Employ video conferencing AML measures for identifying and verifying non-face-to-face customers

You can conduct a video-based process to verify the identities of your customers. This will be a secure, live, and informed audio-visual interaction between the regulated entity and the customer. You must obtain the customer’s consent before conducting such a meeting.

Manage the KYC verification process through this video conferencing method. Have a live video call with the regulated entity’s KYC expert. You will interview them with identity questions and detect their liveness. Check their identity documents live by asking the customer to hold them in the video. Match the face with the photo to verify the identity in real time. Also, click live photos for facial recognition.

However, you also need to ensure a secure way of conducting this video interview. It must be end-to-end encrypted. The video must be clear enough to verify the identity of the customer. The live GPS coordinates and date-time of the customer interview must be available in the video recording.

Use advanced technologies to confirm non-face-to-face customer identity

Technologies like artificial intelligence, machine learning, and blockchain have improved many sectors. You can use the same technologies in AML measures for non-face-to-face customers. One way to do this is to use them for customer data storage data and comparison with other documents.

You can use AI in facial recognition to verify customers’ identities based on the proof they submit. AI even helps confirm the authenticity of identity proof submitted by customers. AI makes it possible to check the passport chip of biometric passports and the authenticity of holograms. You can use blockchain technology for secure and confidential data storage. You can also implement AML software, which supports liveness checks. It will help you reduce deepfakes and strengthen your defenses against ML/TF.

Monitor transactions for unusual trends or patterns

Transaction monitoring is an effective AML measure for non-face-to-face customers. You should be careful about any unusual or out-of-pattern behaviour of customer transactions. So, when supervising their transactions, look out for the following:

Unusual pattern not matching with customers’ profiles or regular transactions
If more than one user is using the same account
If the user opens more than one account
If the customer information and IP address don’t match
If the customer uses different payment methods for different transactions

When you see such patterns or unusual behaviour, investigate further. You must report the issue to higher authorities and classify the transaction as suspicious.

Ongoing monitoring is a critical AML measure for non-face-to-face clients

Face-to-face customers visit you for transactions. So you can still verify their identities. It is also possible to monitor their activity and behaviour. However, in the case of non-face-to-face customers, ongoing monitoring is essential. You cannot skip it at all.

So, keep monitoring the customers’ risks. Keep an eye on their transactions to spot anything out of the usual. Maintain records of their transactions for a specific period for analysis whenever you wish. Keep repeating this exercise to prevent any potential money laundering risks.

If you have any suspicions about the customer’s activity, report it to the FIU using SAR/STR. In cases where the risks posed by customers are beyond your risk appetite, you can exit the business relationship. Carefully draft your customer acceptance and exit policies to effectively counter ML/TF.

These 10 AML measures for non-face-to-face customers can help you reduce the money laundering risks. You can confirm their identities and decide whether to proceed with the business relationship or transaction. If you still find the customer as suspicious, do not engage in a transaction. Start a business relationship if any of these verification methods prove their authenticity.

If you need help dealing with such non-face-to-face customers, hire an expert AML consultant like Niyeahma.

Niyeahma – your partner for professional AML consulting services

Niyeahma is an expert in AML Consulting services. We have guided clients throughout the journey of becoming compliant with AML laws in the UAE. You will always find us with customised and appropriate solutions to your AML concerns. Our offerings include:

Customized AML policies, procedures, and internal controls
Risk assessments and analysis of your business
KYC and different levels of due diligence of your customers to build their risk profiles
Monitoring transactions and customers to detect suspicious ones and take respective actions
Personalized training solutions for your AML needs and industry requirements
Regular health checks and audits of your AML compliance

Likewise, we also help you deal with non-face-to-face customers with appropriate AML measures. We take all possible steps to prevent money laundering and terrorism financing threats from such customers. So, don’t worry about remote, digital customers; we have the right AML measures for you.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

AML compliance vs AML risk management: Closely aligned despite striking differences

Understanding AML compliance vs AML risk management is essential. In the realm of AML, businesses use compliance and risk management as substitutes. Both are crucial for any business entity. So, you must understand the differences between risk management and compliance in AML.

Anti-money laundering compliance is an ‘in-trend’ term for businesses nowadays. Another similar term that has been in use for quite a long time is risk management, specifically in the case of financial institutions. While the former talks about adherence to rules, the latter entails managing threats to a business.

In this blog, we will explore the distinctions between the two. First, we will understand what AML compliance and AML risk management mean. Then, we will discover the similarities and differences between AML risk management and compliance.

Compliance and risk management: Term differences

What is compliance?

Compliance means adhering to regulations, laws, and rules. It means you are ethical in your business practices. You do what the government and the law expect you to without deviating from the business morals. Thus, it is a reactive exercise to show your country and regulator that you follow the rules.

Suppose you are a business in the UAE. You must follow the local rules and regulations related to your operations, license, environment, labour, and many other aspects. The process of following these rules and how well you are able to do it means compliance.

By complying with laws, the regulator or relevant authority will not impose penalties or fines on you. Also, you will not face any legal cases for non-compliance. Thus, by complying, you save yourself from financial losses, legal ramifications, and reputational damages.

What is risk management?

Risk management means managing the risks to your business. How do you manage them? You identify these risks, categorise them, measure their probability and impact, and develop strategies to mitigate, control, or manage them.

You can try to avoid risks in the first place. Or, you can try to reduce their impact on your business activities. Whatever you do, you can plan it before the risks affect you. Thus, it is a proactive action from your side based on your expectations of potential risks.

When there is a change in the business environment, potential risks change. So, you must keep changing your risk management strategies. Thus, risk management requires you to be more strategic in your thinking while planning for it.

Thus, compliance and risk management differ in many aspects. But, when you consider these terms related to money laundering, some more differences crop up. Let’s explore these differences between AML risk management and compliance.

AML compliance vs AML risk management: Definitions

AML compliance

AML compliance means adhering to the regulations to protect your business from money laundering. It involves creating a framework that includes policies, procedures, practices, and internal controls to guide the fight against money laundering. Moreover, this framework or strategy is unique to each business’s needs and activities.

AML compliance requires businesses to comply with the local AML regulations. As per the UAE AML/CFT laws, you need to:

Create an AML compliance department and appoint an AML compliance officer
Assess the money laundering risks to your business from several factors so that you can fight them
Create a risk-based AML compliance program that enables adherence to each requirement of the law
Monitor transactions to identify suspicious ones
Conduct KYC, screening, and due diligence of customers to identify threats
Conduct training of your employees on AML-specific aspects
Implement technology solutions or manual systems to facilitate compliance
Create reports on suspicious transactions and customers and report them to authorities

AML risk management

If you check the aspects of AML compliance, risk management is an integral part of it. It requires you to identify the money laundering risks from your:

Customers
Transactions
Geographies
Delivery methods
Products and services

After risk identification, it entails analysis, rating, and categorising. Based on the levels of risks identified, you can take a risk-based approach for your AML compliance. It allows you to determine:

Stern AML measures for high-risk customers
Less strict AML actions for moderate-risk customers
Relaxed AML strategies for low-risk customers

These measures include:

KYC of customers, which is typical for every risk type
Customer due diligence, which is standard for every customer
Enhanced due diligence for high-risk customers
Monitoring of transactions of high-risk and medium-risk customers
Ending the relationship or cancelling the transaction is possible only in the case of high-risk customers

Differences between AML risk management and AML compliance

AML compliance vs AML risk management is crucial but challenging to understand. However, you must remember that to comply with AML regulations, you need to follow the rules. Risk management is a strategy to ensure that you adhere to these rules.

Superset vs subset

A crucial aspect of the AML compliance vs AML risk management contest is to identify which concept includes the other.

AML compliance is the set of activities you must undertake to adhere to the UAE regulations. AML risk management is a broader term that includes strategies, policies, and procedures an organisation implements to identify, assess, and counter ML/TF risks. Thus, AML compliance is a subset of AML risk management.

Compliance has always been a part of risk management. Further, there is something called compliance risk management, wherein the risks associated with non-compliance are identified, assessed, and managed.

Reactive vs proactive

AML compliance is a reactive exercise. As a business entity in the UAE, you must follow UAE’s AML regulations. To avoid penalties, you must adhere to each requirement. Thus, you react to a mandate by the government.

In contrast, AML risk management is a proactive exercise. You must protect your business from money laundering risks so you can take action to prevent or mitigate them. Thus, you act before these risks affect you.

Legal vs strategic aspect

Another factor that differentiates AML compliance from AML risk management is the business aspect covered.

AML compliance is a legal requirement in the UAE. Since you are one of the financial institutions, DNFBPs, or VASPs, you must follow the UAE’s AML regulations. So, the goal is the same for all of you, although your compliance journey might differ.

When you follow these rules accurately and on time, you are AML-compliant. These requirements include submitting:

Suspicious Transaction Report and Suspicious Activity Report
Funds Freeze Report and Partial Name Match Report
DPMSR and REAR reports
HRC and HRCA reports
PNMR and FFR reports
Surveys and Questionnaires

On the other hand, AML risk management is a strategy to enable AML compliance. You must identify, categorise, rate, and assess risks to manage and mitigate risks. During this process, you generate KYC, CDD, PNMR, FFR, DPMSR, REAR, STRs, and SAR records.

Your risk management differs from that of other organisations because the risks differ. Even in the same industry, the impact of these risks differs because your operations and business models vary. So, you need to create a unique strategy for AML risk management to help you with legal and regulatory compliance in AML.

Current vs futuristic

AML compliance is more of a current process. It defines your legal obligations for this year. So, this year, you have to follow these specific AML requirements. So, you know what you have to do. You are legally obligated to follow these rules, which makes you compliant for this year.

On the other hand, AML risk management ensures you are safe from money laundering risks now and in the future. You have to predict the risks your business will face from money launderers. You need to consider the emerging threats of predicate offences as well. Thus, it makes you more of a planner for the current and future risks.

Tangible vs intangible

The tangibility of the process is a crucial point in AML compliance vs AML risk management.

AML compliance is a tangible process. You have to follow specific rules to comply with industry standards. If you follow these particular requirements of the AML regulator, you become AML-compliant. If you do not follow them, you will have to face penalties. Thus, you will suffer financial losses, reputational damage, and legal proceedings.

In the case of AML risk management, there are no concrete rules. You have to analyse the business environment in which your firm operates. You need to predict and evaluate the possible ways criminals can launder money through your business processes. Thus, it is unique to every firm. If you cannot control or mitigate these risks, your business suffers. The money laundering risks will affect your business, causing losses in terms of customers, credibility, and money.

However, the FATF has recommended that regulated entities follow a risk-based approach, and similarly, the UAE Federal Decree Law No. (20) of 2018 and related cabinet decisions require reporting entities to do the same. By virtue of this, AML risk management is embedded in the AML compliance requirements.

Tickmark exercise vs continuous process

AML compliance is more of a checklist-based process. The AML compliance department ensures the business adheres to each requirement and tickmarks it. If you miss any of these, you have to pay a penalty. Once you adhere to the requirements, your work ends.

In contrast, AML risk management is not a tickmark exercise. It’s not like you have submitted a report, so you are done with it. It is a continuous process. You need to keep identifying the money laundering risks your business faces. Analyse them. Find ways to mitigate, prevent, or manage them. So, you must continue the AML risk management exercise to reap complete benefits.

Besides these differences between AML risk management and compliance, there are also some similarities. These include:

Risk management tactics and compliance strategies keep changing. As and when the regulations change, you need to make changes in your AML compliance program. Moreover, the money laundering risks, macroeconomic climate, and industry trends keep changing, leading to amendments in your AML risk management policies.
Both AML compliance and risk management become better with the help of technology. Innovative solutions and technologies make these procedures smoother. The technologies use data analytics, artificial intelligence, and other advanced concepts to ensure your process is faster, smoother, and more accurate.
Both AML compliance and risk management need decision-making at the top level. Since identifying and managing money laundering risks is critical, the top management must set the tone. Only when you ensure AML compliance and risk management culture at the top, you can maintain it across the firm.
One significant challenge in both these procedures is maintaining a good customer experience. Customers demand a seamless user experience. If you are unable to do that, you might lose customers. So, while managing AML compliance and risk management, you must ensure the processes are not time-consuming or intrusive for them. On the other hand, collecting all information is also essential for successful procedures.

Setting the similarities and differences aside, your primary focus must be to protect your business from money laundering threats. To do this, you need to create a robust AML compliance program. This program will include a well-defined AML risk management strategy. In combination, it will help you meet UAE’s AML regulations and prevent risks.

Exploring these differences and similarities enables you to fit both into your strategy. You can determine the efforts, resources, timelines, and overall alignment with business operations. This is how you can prevent potential threats and create value for your business. To help you achieve this objective, partnering with an expert AML consultant like Niyeahma will help.

How can Niyeahma help you?

Niyeahma has revolutionised the AML compliance landscape in the UAE. We help clients strategise risk management and compliance in AML. Be it just one part of AML compliance or the entire journey, you can rely on us for quality services.

Your business can enjoy our expertise in:

Monitoring transactions and identifying suspicious ones
Conducting KYC and due diligence of customers
Identifying money laundering risks to your business and assessing them
Developing a risk-based AML compliance framework personalised to your entity
Imparting AML training to your employees
Preparing and submitting STR, SAR, and other industry-specific reports to authorities

By partnering with us, you get a streamlined AML compliance process for the fight against money laundering risks.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

A guide To establishing an Effective AML/CFT Framework in your business

Financial Institutions and Designated Non-Financial Businesses and Professions that do not abide by the Money-Laundering laws or regulations have to pay heavy penalties and face severe reputational losses.

Therefore, every business has to establish an effective AML/CFT framework to operate as per the legal requirements of the country.

So, the question arises: what should you consider when managing AML/CFT compliance in your business? This article provides the best practices for establishing an effective AML/CFT framework in your business.

What is an Anti-Money Laundering Framework?

Implementing elements of the Anti-money laundering (AML) framework using a risk-based approach is crucial for preventing money laundering, financing terrorism, and proliferation financing (ML/FT and PF). The AML framework is a set of policies, procedures and controls that are formed to detect, deter, and report ML/FT and PF activities.

The AML framework lays down a structured strategy that aims to fulfil regulatory obligations and achieve mitigation of ML/FT and PF risks.

Importance of an Anti-Money Laundering Framework

The following is a list of factors stating why the AML framework is essential:

Ensure regulatory compliance:

DNFBPs are required to comply with different AML regulations, including regulations imposed by national and international regulators. In case it fails to comply with such regulatory requirements, penalties and fees are imposed on DNFBPs. Therefore, with the implementation of an effective AML framework, they can ensure compliance with these regulations and stay away from associated penalties and fines.

Risk mitigation:

The major threat to DNFBPs is using their platforms to facilitate financial risks. Criminals often use them to indulge in criminal activities because of inherent vulnerabilities. The AML framework employs measures that help DNFBPs in detecting ML/FT and PF activities and further aid in combating ML/FT and PF risks.

Protect business’s reputation:

As DNFBPs work in a highly competitive market, it is essential for them to maintain a good reputation to attract and retain clients and customers. Commitment to AML compliance can act as a deciding factor for clients to enter into a business relationship with the DNFBP. Any linkage to ML/FT and PF activities can damage its reputation, which results in client and business loss. The AML framework helps DNFBPs avoid risk and maintain their reputation by laying down the best strategy within its framework.

Maintain the integrity of the financial system:

By promoting stability, preventing illicit activities, risk management, and regulatory compliance, the AML framework helps maintain the integrity of the financial system. With such measures, the AML framework enables a safe, secure and strong global economy.

Regulatory requirements around AML/CFT framework

AML regulatory framework in the UAE includes national regulations, international regulatory framework and national AML strategy.

National Regulatory Framework

The national regulatory structure in the UAE contains federal civil, commercial and criminal regulations. Because criminal legislation comes under federal jurisdiction throughout the country, the ML/FT and PF criminal activities are covered under it. The following are such regulations within the country:

Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
Cabinet Decision No. 10 of 2019 Concerning the Implementing Regulation of Federal Law No. 20 of 2018.
Cabinet UBO Resolution No. 58 of 2020 on the Regulation of the Procedures of the Real Beneficiary (UBO Resolution)

International regulatory framework

The AML framework in the UAE is aligned with the international bodies network, which implements international treaties and conventions for combating illicit crimes. These integrated laws are supervised by the regional regulatory authorities.

For such an integrated framework, the government and competent authorities in the UAE collaborated with various international bodies such as:

United Nations
Financial Action Task Force (FATF)
Middle East and North Africa Financial Action Task Force (MENAFATF)
Egmont Group of Financial Intelligence Units

National AML Strategy

The UAE government has implemented strategic decisions in the form of the National Strategy on Anti-Money Laundering and Countering the Financing of Terrorism. The strategy shapes the key initiative of the country’s national action plan. This strategy is based on four pillars that include:

Legislative & Regulatory Measures
Transparent Analysis of Intelligence
Domestic and International Cooperation & Coordination
Compliance and Law Enforcement

Furthermore, the National Committee for Combating Money Laundering and the Financing of Terrorism and Illegal Organisations looks into the implementation of strategy, emphasising effective coordination between different authorities, compliance with regulations and awareness of ML/FT risks among DNFBPs.

Regulatory Obligations and AML/CFT Framework

The AML framework needs to be aligned with the statutory obligations of DNFBPs as follows:

ML/FT Enterprise-Wide Risk Assessment

ML/FT Enterprise-Wide Risk Assessment, also known as Business Risk Assessment, is an assessment that lays down an extensive plan that needs to be carried out to manage ML/FT and PF risks at an enterprise level. EWRA is a key pillar of a risk-based approach that addresses business-specific AML risks, threats, and vulnerabilities and further takes action to mitigate them.

EWRA is a continuous process to identify and assess ML/FT and PF risks that DNFBPs face in business lines, their products, and services and associated with different customers. While conducting the assessment, it considers various internal and external factors such as geographical risks, customer behavior, distribution channels and adequacy of the current AML policies.

DNFBPs with EWRA can effectively detect money laundering risks, identify mitigating measures, point out gaps and take cautious decisions relating to risk appetite and allocation of resources.

Customer Due Diligence

Customer Due Diligence (CDD) is an extensive process to identify and verify customer identity with the help of verified documents. CDD process also includes assessing customer risk profile, understanding the nature of transactions and monitoring customer activities. Additionally, it also focuses on assessing risk associated with customer’s business relationships and transactions.

Further, the CDD process differs depending on the ML/FT and PF risks that customers are associated with. CDD comes in three types: Simplified Due Diligence, Standard Due Diligence and Enhanced Due Diligence. Different CDD types are employed for each customer to mitigate ML/FT and PF risks, depending on the circumstance.

Ongoing Monitoring

Only after CDD measures are employed for customers can DNFBPSs establish business relationships with them. Once they enter into these relationships, DNFBPS must undertake ongoing monitoring measures. This measure is crucial as it continuously detects and reports suspicious activities.

Further, as part of ongoing monitoring, DNFBPs monitor business relationships with each customer on an ongoing basis to prevent any probable ML/FT and PF activities which an existing customer can pose.

DNFBPs also need to undertake ongoing monitoring of transactions. In order to undertake such a measure, they need to implement a robust transaction monitoring system that can detect suspicious activity effectively by pointing out unusual patterns and frequent transactions and alerting the involvement of high-risk jurisdictions.

Regulatory Reporting

It is a regulatory obligation under the UAE’s AML regulatory framework to swiftly report suspicious transactions or any reasonable situation where any suspicion relating to proceeds is in question. DNFBPs in the UAE must put in place and update indicators that could be used to identify possible suspicious transactions.

Regulatory reporting means submitting various reports provided under the AML/CFT regulatory framework to the relevant authorities. In the UAE, Suspicious Activity Report (SAR) or Suspicious Transactions Report (STR) are standard reports filed by DNFBPs to report any suspicious activity they come across.

Furthermore, in addition to SAR/STR, they must also file reports depending on the circumstances and nature of their business. These include filing of Partial Name Match Report (PNMR), Fund Freeze Report (FFR), Real Estate Activity Report (REAR), Dealers in Precious Metals and Stones Report (DPMSR), High-Risk Country (HRC), and High-Risk Customer Activity (HRCA) reports.

AML/CFT Governance

For an effective AML framework, DNFBPs must include AML/CFT governance within their AML framework. This governance measure acts as a foundational structure. DNFBPs must include the following measures within AML/CFT governance:

AML governance must include compliance staffing and training to ensure that compliance officers and employees understand their responsibilities surrounding AML and further effectively undertake them.
It is mandated by the UAE’s regulatory framework that senior management is involved in the institution of the AML framework. Further, the law imposes various responsibilities on it, such as implementing governance and operating systems, approval of internal policies, procedures, and controls, application of the directives of Competent Authorities, and oversight of the AML/CFT compliance programme.
The AML framework must include an AML/CFT health check mechanism within DNFBPs that evaluates the business’s performance against all applicable AML/CFT obligations. This measure establishes ways to oversee vulnerabilities across DNFBPs, thereby strengthening the effectiveness of AML policies.
AML governance must include AML Independent Audit measures to evaluate efficacy and adherence to AML measures. It is an essential factor of the AML framework to engage auditors for conducting thorough reviews of current policies, procedures, and controls.

Record Keeping

Having a record-keeping system is essential within the AML framework. Records are an important source of information not only for DNFBPs but also for regulators. With record keeping, it is easier to undertake investigations and ensure transparency. As per the UAE’s AML regulatory framework, it is mandated that DNFBPs keep comprehensive information related to transactions, CDD, and any SAR/STR for five years.

Maintaining such records helps in identifying potential ML/FT and PF activities and underscores regulatory oversight. By keeping such records, DNFBPs can effectively counter ML/FT crimes and further safeguard themselves. Furthermore, having robust record-keeping practices, DNFBPs can effectively respond to regulators and commit to having a transparent and answerable culture.

Targeted Financial Sanctions

Targeted Financial Sanctions (TFS) include measures that the regulatory authority imposes to restrict financial transactions with specific individuals, entities, or countries. DNFBPs must undertake such measures to prevent transactions with sanctioned individuals or entities and freeze their assets when identified.

To avoid indulgence with ML/FT and PF risk, DNFBPs, as part of this measure, undertake screening procedures for customers against relevant sanctions lists released by national and international bodies and further report any matches to the appropriate authorities.

How to frame effective AML Controls framework?

Here are a few ways in which you can effectively build AML Controls Framework

1. Having Qualified Compliance Professionals

The first and foremost step to building an effective AML and CFT framework is to have an effective and efficient AML expert who wouldn’t shy away from taking the help of creativity and innovation.

A practical AML/CFT framework requires a structure of corporate governance that incorporates compliance professionals or officers who are fluent in terms of legal regulations requirements.

Anti-money laundering professionals are basically responsible for making sure that the reported issues within the organization are addressed or looked after within the organization and within a time frame that will restrict you from further damage.

In addition to that, it is your moral duty to make all the employees of your organization and not just AML professionals know about the legal and ethical responsibilities that need to be effectively managed at an individual level as well in order to comply with the legal AML regulations.

Furthermore, all the employees must understand the fundamental idea of AML/CFT. In order to effectively comply with AML or CFT regulations, all the employees must undergo interdisciplinary training or certification programs in order to identify potential risks.

2. Training of Anti-Money Laundering Experts

Anti-money laundering is a pretty dynamic subject. There is always some sort of updates, changes in regulations, proposals, or laws happening. In addition to that, various methods continue to find channels in criminals with every passing day.

Improving the overall skill set of your employees is essential in order to ensure that AML/CFT measures are actually implemented in the best possible way.

Professionals from the finance department must clearly understand the AML and CFT legislation and regulations for identifying and reporting any suspicious transactions.

Likewise, management employees who have direct contact with customers or the ones who process documents and money must understand the requirements of the Anti-Money Laundering Laws in the UAE.

Your entire staff must be well aware of the AML/CFT Framework and various roles of the consultants, compliance officers, officers, senior management, and the board of directors.

In addition to that, all of your staff members must be aware of ways in which they are supposed to react if at all they encounter suspicious activity.

3. Risk Assessment And Risk-Based Approach

The foundation of a practical counter-terrorism financing framework (CTF) and anti-money laundering (AML) is actually based on a risk-based approach.

Business enterprises should determine the risk level of the clients by conducting an accurate risk assessment during the process of client recruitment.

Post this, enterprises should aim to implement an efficient and effective AML compliance program in accordance with the AML/CFT Framework. By developing a tailor-made control program in accordance with the risk levels of your respective clients.

Building policies and adequate controls to reduce the risk and even the potential of money laundering
Understanding the overall levels of risks associated with business transactions and relationships
Identifying various sources of risks and evaluating all the potential risk reduction controls
Effectively running the successful AML compliance programs
Making accurate risk-based decisions about the employees as well as customers

In addition to that, a risk-based approach is adopted in order to detect and prevent all sorts of money laundering activities.

However, risk-bearing capacity and the risk appetite of all the companies and customers are pretty different from one another. As a result, companies would be failing miserably if they try to implement the same AML controls for every customer.

There are basically two fundamental steps for organizations to move ahead with a risk-based approach. The first one is undoubtedly assessing the risk and the second one is to appropriate control processes to various risk levels.

4. Advanced Anti-Money Laundering Policies

Highly dynamic anti-money laundering policies are needed to protect a business enterprise from criminal activities like money laundering and fully comply with relevant regulations and laws.

Enterprises need to implement robust risk-based governance to guide systems and processes. Providing a practical anti-money laundering policy framework is the topmost priority when it comes to meeting AML obligations.

Anti-money laundering policies should be easily verifiable by the authorized regulators, reflecting the overall risk appetite.

For instance, your AML policies should incorporate customer risk ranking during the recruitment process and due diligence.

Business enterprises should know their customers in order to comply with local and global legal anti-money laundering requirements and operate within the purview of the established AML/CFT Framework.

5. Know Your Customer (KYC)

Know your customer processes incorporate the process of accurately and completely defining the information of the respective customers. Generally, KYC is the most critical step in the entire anti-money laundering control process.

Once you are sure of who your customers really are, the risk levels of these customers can be evaluated without any hassle, and post which, you can apply customer due diligence (CDD) processes.

Determining the level of risks of your customers or even potential customers with the help of CDD makes the AML control process much faster and efficient for the company.

During the process of CDD, the potential customer must be screened in politically exposed persons (PEPs) and the sanction list.

If any politically exposed person is found in this list, then the need and importance of enhanced due diligence (EDD) come into the picture.

This is simply because politically exposed persons are usually considered as individuals who hail from a high-risk profile, and thus, merely CDD processes might not be sufficient. As a result, the risks and threats related to the customer’s account opening can be detected, allowing you to take more effective AML controls and establish a highly-effective AML/CFT Framework.

6. Ongoing Monitoring

Information or risks of institutions or customers may change over a period of time. For example, individuals who are not PEP might become politically exposed person by taking up any new task.

Hence, it is essential to be familiar with the information of the customer that may change over a period, also changing the risk levels of that particular customer.

Therefore, all of this information should be updated in your systems at regular intervals.

In addition to that, the accuracy of this information should also be confirmed so that it does not lose its functions of the risk-based approach.

If you are unable to keep up with the constantly changing customer information, you have to be prepared for some severe consequences.

The AML and CTF framework or policies makes an effective risk management tool. Additionally, an effective AML and CTF regime also reduces the probability of damage to the organization due to fraudulent activities.

7. Detecting And Reporting Any Suspicious Transactions

The primary purpose of anti-money laundering checks is to detect financial crimes and suspicious transactions. Financial crimes must be detected, and necessary precautions must be taken in order to bring your AML processes to their actual purpose.

Although it is pretty challenging to check suspicious transactions almost instantly, they can be detected with the help of transaction monitoring solutions available to you. All of these transactions are stopped immediately and passed onto some other AML experts.

8. Upgrade The Anti-Money Laundering System With AI-Powered Solutions

With the constant technological change, crimes are also changing their pace and ways dramatically, resulting in the evolution and development of the regulations. With this given, manual anti-money laundering controls remain insufficient in organizations that are prone to the risk of money laundering activities.

AI-powered anti-money laundering software solutions help you track the unusual transactions for the known patterns, and they reduce the risk of ML to a greater extent and thereby help in implementing an effective AML/CFT Framework.

Conclusion on Effective AML/CFT Framework in Your Business

The anti-money laundering (AML) framework is vital for preventing ML/FT and PF risks. Policies, procedures, and controls established under the AML framework help to detect, mitigate, and report illicit activities, including ML/FT and PF.

Additionally, as a structured strategy, the AML framework aids in a better understanding of the UAE’s AML/CFT regulatory compliance, thus ensuring compliance and avoiding penalties and fines. Therefore, with the implementation of the AML framework, DNFBPs can protect themselves from ML/FT and PF activities.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Counting on Compliance: The Vital Role of Accounting in AML

With growing instances of money laundering and terrorist financing, the UAE AML laws are evolving, imposing more regulatory compliance and reporting obligations upon the regulated entities to combat these crimes. To abide by the AML compliance and reporting requirements, the regulated entities – be it a Financial Institution, Virtual Asset Service Provider (VASP), or Designated Non-Financial Business and Profession (DNFBP), the need for a transparent, accurate, and comprehensive accounting of the business activities cannot be overlooked.

In this article, we shall explore why accounting is so significant in implementing the AML program efficiently and the intersection of the accounting and AML framework.

Intersection and Significance of Accounting in the AML Program

Accurate and complete accounting is crucial to detecting and combating financial crime and staying compliant with regulatory reporting. Here are some of the critical points where the alignment of AML compliance and the accounting function must be ensured:

Business Risk Assessment

The UAE AML regulations mandate the regulated entities to periodically conduct the Enterprise-Wide Risk Assessment to identify and evaluate the financial crime risk the business is vulnerable to. For assessing the risk, the regulated must rely on the qualitative and quantitative parameters impacting their business. The “quantitative” aspect of the risk assessment reflects the entity’s historical information, such as instances where any high-risk indicators or red flags were observed.

For this, the regulated entities generally refer back to their business trends for the previous years. This is not possible unless the records and details are appropriately accounted for in the company’s books of accounts.

The quality and relevance of the business risk assessment are highly dependent upon the quality and accuracy of the data used for performing the risk assessment. Thus, the primary step of assessing the ML/FT risk cannot be concluded satisfactorily if the accounting function of the entity is flawed.

Transaction Monitoring

One more obligation imposed upon the regulated entities is to develop and maintain a robust ongoing transaction monitoring program, having adequate controls in place to detect unusual patterns suggesting a connection with money laundering or terrorism financing. The essential requirement of an effective Transaction monitoring program is to have an appropriate data source covering the complete and up-to-date details about the transactions executed by various customers of the regulated entity. The data must be comprehensive regarding purchase, sale, deposit, withdrawal, payments, receipts, time, party, location, value, etc.

This need to have the correct data source on which the monitoring rules and logic shall be applied depends on the entity’s accounting functions. Only if the business’s financial transactions are correctly recorded can such transactional data be made available to the Transaction Monitoring system to analyze and identify the red flags.

Regulatory compliance and reporting requirements

Periodic AML report from the Compliance Officer to the senior management

The AML Compliance Officer of the regulated entities is required to prepare and furnish a periodic AML report to the senior management, providing an update on the entity’s compliance status. This update must include the critical business statistics around the number of transactions with high-risk customers, transactions where payment is received in cash, transactions involving high-risk jurisdictions, etc. This is possible only when the AML Compliance Officer has access to the transactional records, properly accounted for with necessary details.

AML Audit

The regulated entities in the UAE must have an independent AML Audit function in place to test the status and adequacy of the entity’s compliance with regulatory requirements. Performing an AML audit is impossible without having proper records to check on which the auditor can provide its opinion. Thus, fulfilling the AML audit requirement would be faulty in the absence of proper accounting.

AML Surveys

The AML Supervisory Authorities in UAE often issue surveys to the regulated entities, requesting for sharing the details about the value and volumes of specified categories of transactions. It is pertinent to adhere to this survey request and furnish accurate and complete information to the authorities. Again, without having done adequate and timely accounting, retrieving the required data and ensuring its validity would always be a challenge.

AML Recording Keeping requirement

Further, the AML laws require the regulated entities to maintain the AML records for a minimum period of 5 years from the transaction’s completion date or the end of the business relationship, whichever is later. The details and information to be maintained under AML must include the transaction details capturing the nature of the transaction, date, and value of the transaction, parties involved, mode of payment, reference to connected transactions, etc. The financial records must be maintained in a way that can be promptly furnished to the authorities when requested, allowing them to review the entity’s compliance efforts and its authenticity.

This AML Documentation requirement can only be achieved when the entities appropriately account for the transactions executed both ways – inward and outward supplies, including receipts, payments, withdrawals, etc.

Best practices for leveraging the benefits of accounting to AML compliance

The following practices shall prove to help accelerate the AML compliance program with the assistance of the accounting function:

AML training to the accountants

Accountants are well-versed in the study and analysis of financial data, enabling them to detect unusual financial transactions, gaps around the cash flows, or inconsistencies in the working capital cycle of the business.

With ready access to the financial data, they can strongly support the entity’s transaction monitoring program. The accounting team must be trained around the AML framework, internal procedures and controls, and intricacies of the ongoing monitoring rules and logic. When accountants review the transactions, they can quickly evaluate for the possibility of any anomalies and promptly notify the red flags identified. When the accounting brains back the robust monitoring program, malicious transactions can be uncovered effectively.

They can scrutinize the transactions to detect any structuring arrangement to avoid the reporting threshold or unexpected change in the customer’s transactional pattern.

Further, accountants generally understand the business’s possible risk exposure and define the required controls. When accountants understand AML requirements and the financial crime vulnerabilities, the controls proposed by the accountants would be wholesome and capable of managing the overall business risk, including the money laundering and terrorism financing risk.

Integrating the AML systems with accounting systems

A regulated entity needs to have a seamless connection between the AML systems, such as customer screening and transaction monitoring, with the accounting tools used by the business. This integration will ensure that the complete data maintained from the financial records perspective is made available to the AML systems in real-time, permitting timely review of the transactions and business relationships and curbing potential financial crime attempts.

Further, the integrated systems should handle the generation of intelligent MIS reports and business-AML analytics that serve as a base for the AML Compliance Officer to check the overall quality of the AML controls and procedures and prepare necessary reports required to be furnished to the internal reporting authorities or external AML authorities.

Collaboration between the accounting team and the AML Compliance Officer

The AML Compliance Officer must proactively communicate and collaborate with the accountants to design and develop comprehensive and integrated controls and processes for AML compliance.

Allow Niyeahma to uphold the potential of your accounting function for the benefit of AML compliance

Financial accountability and transparency are of utmost significance in all aspects of business, including AML compliance. Niyeahma has a team of professionals from accountancy backgrounds with vast experience in AML compliance who can assist you in combining the accounting and AML functions to optimally utilize accounting to foster AML compliance and prevention of money laundering and terrorism financing. We can help you design standard controls and risk mitigation measures, adequately meeting your compliance and accounting needs and training the team of accountants, empowering them to contribute to the entity’s AML efforts.

Let’s make the most of the accounting team in the course of AML compliance.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Identity Verification for Partnership Firms

UAE has introduced stringent regulations to combat financial crimes such as money laundering and terrorist financing. These laws mandate that Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) implement adequate frameworks within the organization to identify and prevent money laundering and terrorism financing instances.

Identifying the customers and verifying their identity is essential to the AML compliance program. The regulated entities must apply thorough identity verification measures when dealing with a partnership firm, not just individual customers.

In this article, we will discuss the critical elements of the identity verification process under UAE AML regulations when establishing a business relationship with a partnership firm.

Why are partnership firms vulnerable to financial crime?

A partnership firm is a legal structure owned and managed by individual persons. Sometimes, the legal identity of the partnership firm is exploited by criminals to conduct money laundering or terrorism financing, concealing their identity under cover of the partnership firm.

Further, setting up a partnership firm is relatively simple and quick, making it more vulnerable to financial crime risks and used as a money laundering technique to disguise the actual ownership of illegally obtained proceeds.

Given this, the UAE AML regulations mandate that when conducting a business transaction with a partnership firm, the firm’s identity, including the identity of the Ultimate Beneficial Owners (UBO) and the controlling parties, must be obtained and verified using reliable, independent documents, or sources. This measure shall help uncover the bogus firms established to execute financial crimes.

What is Customer Due Diligence under AML regulations?

Customer Due Diligence (CDD) is a process of identifying the customer or supplier or any third party with whom the business transactions are to be conducted and verifying their identity to determine the legitimacy, including assessing the ML/FT risk the customer poses to the business.

How to ensure adequate identity verification for Partnership Firms?

When establishing a business relationship with a partnership firm, it is very pertinent to understand the firm and its true owners or controllers managing the firm’s business. It is necessary to ensure that the regulated organization is not unknowingly exploited by the partners of the firm for money laundering or other illegal activities.

To ensure adequate identity verification of a partnership firm, the following measures must be followed:

Obtain identification details, including other necessary information and documents

To begin with, the regulated entities must seek the identification details of the partnership firm. For this, it is recommended that the regulated entities get the “Know Your Customer” form filed by the firm, capturing legal name, legal structure, partners, their holding, contact details, license number, nature of the business activities, the purpose of the business relationship, etc.

Adequate documents supporting the identification details, such as a trade license or certificate of incorporation, must also be obtained. Further, documents presenting the organization structure must be obtained, which includes the Memorandum of Association and Article of Association.

Ensuring the identity documents obtained from the partnership firm are valid and up-to-date is vital.

All the information obtained about the firm shall assist in identifying and evaluating the ML/FT risks the firm poses to the business and accordingly determine the level and degree of the AML/CFT measures to be applied to manage the risk.

Identifying the partners and beneficial owners

Identification of a partnership firm is incomplete without identifying the actual mind behind the legal structure – the partners, UBOs, and the controlling parties. The regulated entities must seek adequate identification details about the UBOs and partners, such as full name, nationality, date and place of birth, address, identification number, etc.

Further, the necessary documents supporting the identification information must be obtained, for example, the passport, Emirates ID, Driver’s License, or any other government-issued document bearing the person’s photograph.

The regulated entities must ensure that the information obtained about partners and beneficial owners is complete and accurate. The partnership structure, as presented in the KYC form, must match the firm’s legal documents.

Verify identity using documents obtained and other reliable, independent sources

Once all necessary documents and information have been collected, the next step is to verify the identity details’ authenticity and the documents’ legitimacy. For verification purposes, the regulated entities may rely on government-issued identity documents or resort to independent databases like the corporate registry or third-party paid resources to ensure that the partnership firm and its partners are legit persons to conduct business with.

The regulated entities should seek the original document for verification purposes and obtain a photocopy of such document, with a remark from the person verifying the documents as “original sighted and verified.” Suppose the firm cannot produce the original documents for verification. In that case, the regulated entity must insist on getting a certified copy of the identity document, certified as a “true copy” by a chartered accountant, bank manager, notary, police officer, etc.

The regulated entities must ensure that the identity documents are not forged or tampered with. Further, necessary steps must be taken to match the photo presented on the identification document with the person actually presenting it.

Screening the partnership firm and the partners, UBOs, and controlling parties

The regulated entities must screen the firm and its UBOs, partners, etc., to check whether any person is designated under any sanctions list, specifically under UAE Local Terrorist List or UNSC Consolidated List.

It is also essential to determine whether any of the partners of the firm or the UBOs are Politically Exposed Persons (PEPs) or close relatives of associates of PEP or any other high-risk individuals.

Further, the regulated entity must also check if there is any negative news or adverse media available against the firm or any of the partners of the firm, indicating criminal history or involvement in financial crime.

Ongoing monitoring

The regulated entities must ensure that the identification formation obtained about the partnership firm and the partners is accurate, complete, and valid at all times. For this, the entities must implement adequate ongoing monitoring measures and systems, including regular reviews of identification documents and maintaining adequate documentation related to the identity verification process and changes therein.

Record-keeping

Record-keeping is an important aspect of the identity verification process. Regulated entities must maintain accurate records of all the documents collected and the verification process, including records related to ongoing monitoring and changes in the initial information or documents. The identification verification-related records must be maintained in an organized manner and must be made available to the relevant authorities upon request.

A robust identity verification process, including identifying eth partners and UBOs, is mandatory to manage the ML/FT risks while establishing a business relationship with the partnership firm.

How can technology come in handy in the identity verification process of the partnership firm?

Identity verification is essential to manage the risk and stay AML compliant. Given the legal structure of the partnership firm and the requirement to identify and verify the identity of the partners, the regulated entities are recommended to leverage the technology for efficient identity verification.

Regulated entities may use emerging technologies like Artificial Intelligence or Machine Learning to streamline the identity verification process while onboarding a partnership firm as a customer. For example, biometric verification (facial recognition) or automated identity document verification solutions can help reduce the time and resources required to carry out identity verification of the partnership firm and presents more accurate results, reducing the risk of manual errors or manipulation.

Identity verification is a crucial component of complying with AML regulations while establishing business relationships, specifically in the case of a legal person, including a partnership firm. A comprehensive identity verification process is essential to identify the ML/FT risks and determine the adequate measures to be implemented to manage the risk arising from the partnership firms onboarded as customers or suppliers.

Any gaps in customer identification may expose the business to unwanted financial crime risk and administrative fines for regulatory non-compliance.

How can Niyeahma assist you in the identity verification process?

Niyeahma is a leading AML consultancy service provider in UAE, assisting regulated entities in identifying business risks and tailoring the AML/CFT policies, procedures, and controls to mitigate the assessed risk effectively. It includes designing a robust customer onboarding framework, including the identity verification processes customized for partnership firms, corporate entities, individuals, trusts, etc., to assess customer risk and apply appropriate AML/CFT controls.

We also impart AML training to the Compliance Officer and the team to effectively implement the designed processes and controls and ensure that identity verification of partnership firms is adequately performed to prevent ML/FT vulnerabilities.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE