Offshore Banking and the Increasing Risks of Money Laundering

Offshore Banking and the Increasing Risks of Money Laundering

Offshore banking is a financial strategy that involves holding accounts or investments in banks outside one’s home country. It has evolved significantly since its inception. Offshore banking offers a range of benefits by providing global banking services with less stringent procedures and attractive schemes.

However, the growth of Offshore banking has also raised concerns about money laundering and regulatory compliance. This blog delves into the origins of offshore banking, its advantages, the challenges it faces, how it is linked to money laundering techniques, and strategies to combat money laundering in offshore banking.

What is Offshore Banking?

The word offshore refers to any place away from one’s own home country. For example, if one lives in UAE, UK is an offshore for that person. Offshore banking refers to the activity of utilising the services of a bank located in a country that is offshore for the account holder, located outside the account holder’s country of residence. Offshore banks are required to obtain an Offshore Banking License that enables the bank to conduct business with citizens and the currency of other countries, except for the country in which it is located.

Evolution of Offshore Banking

There are several records indicating that Offshore banking started due to Europe being in a constant state of revolutions and political disturbances during the mid-1800s. People felt the need to park their funds and wealth in countries that were relatively stable.

This type of banking system gained popularity in the 1900s when several offshore banks were operational in low or no-tax jurisdictions, which was accelerated by the enactment of the Swiss Banking Act of 1934. This law provided for customer information privacy, enhancing Switzerland’s reputation as a safe tax haven for privacy-seeking clients, which introduced a privacy clause that enhanced confidentiality for account holders and attracted international deposits.

From its inception in Europe, offshore banking soon spread to the rest of the world, and investors from afield took benefit of these tax havens. The modern era of offshore banking began in the 1960s, when the Bahamas established itself as one of the first Offshore Financial Centres (OFC), offering tax incentives and a favourable regulatory environment for international banks.

OFC is a financial centre where offshore activity takes place. This OFC trend accelerated in the 1970s during the oil crisis and the rise of petrodollars, leading to an influx of capital into offshore banking as banks expanded their services to meet growing demand. The 1980s and 1990s saw continued growth in the offshore banking industry, driven by globalisation and technological advances that facilitated cross-border transactions.

However, the 2008 global financial crisis brought increased scrutiny to the offshore banking sector, raising concerns about tax evasion and money laundering. In response, many offshore financial centres implemented stricter regulations and transparency measures to improve their reputations.

As the global economy recovered in the 2010s, new financial centres emerged, revitalising the role of offshore banking in global banking relationships. This evolution reflects a complex interplay of historical, regulatory, and economic factors that have shaped the offshore banking landscape over time.

Features of Offshore Banking

Knowing the basic features of offshore banking is essential to understand the linkage between offshore banking and money laundering. The following are features of offshore banking:

Anonymity

Offshore banking offers a higher degree of confidentiality and private protection, which may include not disclosing account holder information to the public to third parties without consent. This anonymity can be valuable for individuals seeking to maintain a low profile or protect sensitive financial information. This privacy needs to be aligned with compliance requirements like Anti-Money Laundering (AML) regulations and cannot restrict the sharing of information with regulatory authorities under certain circumstances.

Private Banking

Offshore banking is mostly private banking services that cater to high-net-worth individuals or investments looking to diversify their assets. As a private banking system, it includes providing personalised financial services and investment advisory that are tailored to the specific needs and goals of the clients.

Multi-Currency Accounts

Offshore banking includes multi-currency accounts, which allow clients to hold, manage, and transact in multiple currencies within a single account. This allows investors and businesses to engage in international trade or investment opportunities. Multi-currency accounts facilitate easier cross-border transactions, reduce currency conversion costs, and help with current fluctuations.

Online Banking

Offshore banking deals with non-residents, thus providing online banking platforms, enabling clients to manage their accounts from anywhere in the world. Online banking services include account monitoring, fund transfers, bill payments, access to financial tools, and investment opportunities. This allows clients to handle their banking needs efficiently, regardless of their location.

Dedicated Relationship Manager

Offshore banks often assign a dedicated relationship manager to each client, providing a personalised point of contact for all banking needs. This relationship manager acts as a liaison between the client and the bank, offering tailored advice, managing investments, and addressing any concerns or special requests.

Multilingual Support

Given the international nature of offshore banking, many offshore banks offer multilingual support to cater to a diverse clientele. This means that clients can receive banking services and assistance in their preferred language, enhancing communication and understanding.

Structured Products

Offshore banks often provide access to structured products, which are investment vehicles designed to meet specific financial goals. These products combine traditional investments with derivatives to create customised investment solutions that offer various risk-return profiles. Structured products can include options such as deposit accounts, international wire transfers, foreign currency, and income-generating investments, allowing clients to tailor their investment strategies to their unique financial objectives.

Reasons for Offshore Banking

Offshore banking developed for many reasons, which include the following:

New Investment Avenues

Offshore banking offers access to a wider range of investment opportunities and provides tax incentives, attracting investors from around the world. This leads to new investment avenues in emerging markets, alternative assets, and specialised financial products that might not be easily accessible in the home country.

Asset Protection

Offshore banking is a lucrative alternative to domestic asset protection strategies as it can safeguard investors against extreme events such as bankruptcy, costly litigation, and political and financial instability in their home country.

Global Banking Services

Offshore banking has opened the gates of global banking services. With offshore banking, people gain access to global banking services, including global investment opportunities, multi-currency accounts, and international wire transfers.

Higher Interest Rates

The flexibility of offshore banking provides investors with access to international markets that offer higher interest rates than domestic banks, which helps investors earn better returns on their deposits and savings, thereby maximising their financial growth.

Customised Banking Solutions

Offshore banks provide tailored banking solutions that cater to the needs of the client. Offshore banks can adapt their offerings to meet the unique requirements of individuals and businesses as they do not have to abide by the banking regulatory framework imposed by the central bank of the country.

Global Trade

Offshore banking facilitates smoother operations for businesses in global trade by providing easy access to foreign currency and streamlines cross-border transactions. Offshore banking also supports global trade by minimising currency conversion costs and improving transaction efficiency.

Tax Planning

Many countries with limited resources offer tax incentives to foreign investors to generate revenue. Making investments in these countries allows investors to save taxes as a part of their tax planning strategy. By investing in these countries, investors and businesses can benefit from their favourable tax regimes.

Privacy and Confidentiality

Offshore banks usually have strict privacy policies in place to protect the confidentiality of their customer details. These policies are supported by the jurisdiction’s domestic laws that establish strict privacy and data protection norms, ensuring clients’ financial details remain private and secure.

Geographical Diversification

Offshore banking allows investors and businesses to spread their assets across different regions. With such diversification, there is reduced risk associated with economic or political instability in a single country, stabilising their overall investment and portfolio performance.

Currency Diversification

Considering today’s geopolitical scenario, most investors do not rely on domestic investments in a single currency due to economic fluctuations that can diminish the currency’s value. Offshore banking is used to diversify the risk of currency risk by investing in stable foreign currencies.

Succession Planning

Offshore banking allows investors and individuals to use offshore accounts and trusts to transfer their wealth as they wish and to countries, they find potential in, with fewer complications and tax implications. This fact helps in preserving and managing assets for future generations.

Risk Management

With the diversification of assets across different jurisdictions and currencies, investors can better manage and mitigate various financial risks. Offshore banking can shield assets from market volatility, economic instability, and other risks linked to political or economic disturbance.

What is Money Laundering?

Money laundering is the process of concealing the illegal origins of money, making it appear as proceeds earned from a legitimate source. This is achieved by moving the funds through a series of complex transactions to obscure their criminal origins. The crime of money laundering takes place in three stages: placement, layering, and integration.

Offshore Banking and Increasing Money Laundering Risks

Banking Secrecy

Offshore banks offer a high level of confidentiality and privacy to their clients, creating an environment where illicit activities, such as laundered money, can be concealed more easily. The secrecy can hinder law enforcement and regulatory agencies from tracking financial transactions and identifying suspicious activities.

Weak Regulatory Environment

Offshore jurisdictions with less stringent regulations may attract clients looking to evade scrutiny. Weak regulatory frameworks can mean fewer checks on the sources of funds, less rigorous Anti-Money Laundering (AML) measures, and inadequate enforcement of financial laws. This laxity makes offshore banking in these areas more attractive to corporations and individuals looking to avoid taxation, as well as large amounts of banking secrecy and shadow banking, ultimately facilitating money laundering activities.

Multi-Currency Transactions

Offshore banks often deal with multiple currencies, which can complicate transaction tracking and monitoring. The use of various currencies can obscure the origin and difference of funds, making it more challenging for the regulator to track any suspicious activities across different financial systems.

Virtual Currency Transactions

With the advancement of cryptocurrencies and other virtual assets, a new system of anonymous transactions and cross-border transfers is happening, making them a popular tool for money laundering. The decentralised nature of these currencies and the lack of global standards make it challenging to detect and prevent any illicit activities facilitated by the use of virtual currencies.

Technological Advancements

Technological advancements such as encryption and blockchain have transformed the way of financial transactions. It has increased the reach and access to offshore banks. While these technologies offer the security and efficiency required for financial transactions, they can be used and exploited for money laundering by obscuring transaction trails and complicating investigations.

Inter-Relationship Between Offshore Banking and Money Laundering

Criminals use offshore banking as a medium to launder their dirty money and proceeds from criminal activities. The tools and environment provided by offshore banking can be used for money laundering and to facilitate the concealment and movement of illicit funds across borders. Here’s how offshore banking and money laundering are inter-related to each other:

Privacy and Confidentiality

Offshore banks are often located in countries that offer high levels of privacy and confidentiality and have stringent laws that protect the identities and financial information of account holders. With such confidentiality, offshore banking can be exploited by individuals or organisations involved in money laundering. The secrecy makes it harder for regulatory authorities to trace the origins of funds, enabling money launderers to conceal illicit activities more easily and effectively. It is a tendency of criminals to use offshore accounts to hide their identities and obscure the trail of their money.

Shell Companies

Shell companies are often established in offshore jurisdictions. These companies are legal entities that exist on paper but typically have no substantial operations or assets. It is one of the known mediums for money laundering. Money launderers use shell companies to create a facade of legitimacy. They funnel illicit money through these entities, making it appear as though the money comes from legitimate business activities. By setting up their shell companies in an offshore jurisdiction, they further obscure the ownership and flow of funds, aiding in the laundering process.

Layering Techniques

Layering involves complex financial transactions designed to obscure the origin of illicit funds. Offshore banks facilitate this by allowing rapid and opaque transfers between accounts in different jurisdictions. Money launderers use layering techniques to create a convoluted path for their money, making it difficult to trace. This might include transferring funds through multiple offshore accounts, converting money into different currencies, or making investments in various assets. Offshore banking services provide the necessary infrastructure to perform these transactions with relative ease and anonymity.

Use of Tax Havens

Tax havens are countries or jurisdictions that offer low or zero tax rates and financial secrecy. Offshore banks are usually located in these tax havens. Tax havens are attractive to money launderers because they offer both secrecy and a favourable regulatory environment. By routing money through these jurisdictions, launderers can evade taxes, hide illicit gains, and exploit legal loopholes. The combination of secrecy and lenient regulations makes tax havens a popular choice for laundering money.

Offshore Banking Compliance Challenges

Evolving Money Laundering Typologies

Money laundering typologies are constantly evolving as criminals find new ways to disguise illicit activities. This requires banks to stay ahead of emerging trends and adapt their compliance measures accordingly.

Inadequate Know Your Customer (KYC) Procedures

Conducting a thorough KYC process for offshore banks can be challenging due to distance, a lack of access to local resources, and varying levels of transparency and secrecy. Offshore banks often deal with clients from diverse geographical locations, which can complicate the verification process. Furthermore, offshore banks are required to undertake effective AML measures based on the identification and verification processes, which can be difficult to implement due to improper and deficient KYC procedures.

Complex International Regulatory Framework

The international regulatory framework for offshore banking is complex due to different banking regulations across different jurisdictions, which can complicate compliance for offshore banks. Regulatory environments are constantly evolving. Institutions must stay updated on laws and regulations changes in all relevant jurisdictions to remain compliant. This creates challenges in maintaining compliance and ensuring that all regulatory requirements are met.

Strategies for Combating Money Laundering in Offshore Banking

Regulatory Oversight

Regulatory oversight helps create a controlled environment where offshore banks are monitored and held accountable for their actions. Countries should implement and enforce regulations that enhance transparency requirements and mandate offshore banks to implement due diligence processes. The countries should, as part of regulatory oversight, ensure that all offshore banks have licensing requirements and that there are checks on their adherence to these requirements.
In UAE, the following Anti-Money Laundering (AML) laws mandate Financial Institutions such as banks to adopt efficient Customer Due Diligence (CDD) and other AML measures to detect and mitigate money laundering risks:
  • Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations.
  • Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018.

AML/CFT Policies and Procedures

Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) policies and procedures are essential for preventing financial crimes within businesses. As part of this strategy, offshore banks should create detailed policies, procedures, and controls for effective compliance with their AML/CFT regulatory obligations and the detection of suspicious activities related to money laundering, terrorism financing, and proliferation financing. As part of the AML/CFT policies, offshore banks should implement measures to identify the customer and, verify their identity and understand the nature of their transactions in order to mitigate the potential money laundering, terrorism financing, and proliferation financing risks associated with the clients.

The AML/CFT policies, procedures, and controls should be made in accordance with the risk-based approach. Risk-based approach requires offshore banks situated in UAE to assess the money laundering, terrorism financing, and proliferation financing risks the bank faces, and adopt risk control and management measures accordingly. Risk-based approach works on the principle of “higher the risks, higher the controls.”

AML Software

Advanced technological measures play a crucial role in detecting and preventing money laundering through automated systems. Offshore banks should use AML software that can monitor transactions and red flags and help generate reports. They should also ensure to update the AML software to adapt to new money laundering typologies and regulatory changes. When choosing AML software, offshore banks need to ensure that AML software integrates seamlessly with other systems for operational efficiency and effective monitoring.

A unified AML Software would have solutions for the following AML/CFT regulatory obligations:

  • Customer Due Diligence
  • Know Your Customer (KYC)
  • Sanctions Screening, Politically Exposed Person Screening, Adverse Media Screening
  • Customer Risk Assessment
  • Ongoing Monitoring of Business Relationships
  • Transaction Monitoring
  • Regulatory Reporting
  • AML Health Checks and Independent AML Audit
  • Record-Keeping

Awareness and Training

Offshore banks must ensure that their employees and staff are educated and equipped to detect and prevent money laundering risks. For this purpose, offshore banks need to conduct regular AML training sessions on AML/CFT policies, red flags, compliance requirements, reporting procedures, and emerging trends and tactics in money laundering. This training needs to be role-specific, so that the staff is equipped to play their role in AML compliance processes of the bank effectively.

In order to prevent and detect money laundering risks, offshore banks should focus on fostering a culture of compliance. Well-trained staff are better equipped to detect and respond to suspicious activities, which is crucial for effective AML efforts.

International Cooperation

Offshore banks involve cross-border transactions, which may be used for money laundering techniques, making international cooperation essential for effective detection and mitigation through enforcement. Money laundering often spans multiple jurisdictions, and international cooperation helps ensure a unified approach to combating it. Some international initiatives that offshore banks must follow include the following:
  • Adherence with Financial Action Task Force (FATF) Recommendations: FATF is an international watchdog that aims to set international standards to mitigate the crimes of money laundering, terrorism financing, and proliferation financing. FATF has released its recommendations to ensure international coordination and global response to these financial crimes. Offshore banks should follow these recommendations and take into account FATF reports and research while making their own AML/CFT policies, procedures, and controls.

  • Targeted Financial Sanctions (TFS) Implementation:     The United Nations Security Council (UNSC), through its UNSC Resolutions (UNSCR), sanctions individuals, groups, undertakings, etc., with the aim of combating the crimes of terrorism, terrorist financing, and financing of proliferation of weapons of mass destruction. These are called Targeted Financial Sanctions (TFS). In UAE, UN Financial Sanctions are implemented through:
    • Federal Decree-Law No. (20) of 2018 On Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations
    • Cabinet Decision No. (10) of 2019 Concerning the Implementing Regulation of Decree Law No. (20) of 2018
    • Cabinet Resolution No. (74) of 2020 Regarding Terrorism Lists Regulation and Implementation of UN Security Council Resolutions on the Suppression and Combating of Terrorism, Terrorist Financing, Countering the Proliferation of Weapons of Mass Destruction and its Financing and Relevant Resolutions
  • Group Oversight: When an offshore bank situated in UAE is part of a group, the offshore bank is obligated to ensure that its branches and majority-owned subsidiaries situated abroad apply AML/CFT measures that are in consonance with the AML/CFT laws of UAE. This includes the implementation of policies and procedures for sharing data with respect to CDD and money laundering, terrorism financing, and proliferation financing risk management. Further, in cases where there are diverse regulatory requirements, the offshore banks are obligated to implement the most stringent requirements. This ensures that offshore banks apply AML/CFT measures across jurisdictions.

Conclusion

Offshore banking, while providing numerous benefits such as asset protection, investment opportunities, and global financial services, is fraught with challenges, particularly regarding money laundering. The features that attract legitimate investors can also facilitate illicit activities. As criminals exploit these advantages to obscure the origins of their funds, the link between offshore banking and money laundering becomes increasingly concerning. In mitigating the threats posed by money laundering in offshore banking, OFCs and onshore banks must implement effective AML measures, equipping them to detect and prevent suspicious activities effectively.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

AML measures for non-face-to-face customers: Combatting money laundering threats

AML measures for non-face-to-face customers: Combatting money laundering threats

AML measures for non-face-to-face customers: Combatting money laundering threats

Regulated Entities such as Financial Institutions (FIs) and Designated Non-Financial Businesses and Professions (DNFBPs) have advanced to an enhanced level of customer service with the help of technology. One of the classes of customers catered through the use of technology is Non-Face-to-Face (NFTF) customers.

However, the Money Laundering (ML) and Terrorism Financing (TF) risks associated with such customers need to be mitigated with utmost care, and that is why Regulated Entities need well-defined and strict Anti-Money Laundering (AML) measures for NFTF customers.

To negate the chances of ML/TF, Regulated Entities need to be cautious during identity verification of NFTF customers.

The task of onboarding a remote customer is full of challenges, and this blog attempts to provide insights on implementing appropriate AML measures while onboarding and continuing business relationship with NFTF customers.

How do non-face-to-face clients pose a threat to your business?

Technology has made rapid inroads into DNFBPs, Virtual Assets Service Providers (VASPs), and FIs. Customers these days want to perform remote and digital transactions to avoid physical presence and visits. These digital transactions are conducted via mobile apps and the internet.

ID verification and Know Your Customer (KYC) software make all these possible. Many regulated entities, especially banks and other financial institutions, have embraced such digital business methods.

Customers prefer digital transactions to avoid visiting the vendor’s offices. The biggest demotivators are the hassle of visiting the office, providing hard copies for conducting transactions and standing in queues.

Digitally, Regulated Entities can manage several transactions at their convenience with online documentary evidence, ensuring decreased manual effort and faster service.

But, in such cases, ML and TF risks for the Regulated Entity needs to be carefully analysed and mitigated. Remote onboarding of NFTF customers exposes DNFBPs and VASPs to the following risks:

Fake identities

Customers can use fake identities to open an account with Regulated Entity’s business and conduct transactions. Since regulated entities won’t be able to associate their wrongdoing with a face and identity, it becomes difficult to ascertain the real perpetrators. This anonymity of NFTF customers may increase the ML and TF risks for regulated entity’s business.

Limited visibility of customer behaviour

Physical interaction with customers facilitates with understanding their behaviour and demeanour. In the absence of such face-to-face meetings, Regulated Entities have no idea of their actual conduct and actions. It becomes difficult to identify suspicious behaviour, activity, or transaction.

Transaction speed

Digital transactions are faster than normal in-person transactions. Money launderers prefer to engage in NFTF transactions so that criminal activity occurs quickly, before anyone can detect suspicious behaviour and report it for further action.

Hidden ownership structures

In the case of NFTF customers, understanding the ownership structure is challenging. Money launderers may use the anonymity feature in NFTF interactions to hide their beneficial ownership. There might be a possibility of the use of shell companies to conduct transactions. This is a widespread typology by which NFTF clients may launder money.

With in-person onboarding, the compliance team gets a chance to ask questions and counter-questions to the customer. Remote onboarding works in a pre-defined way and offers little flexibility. Further, the human element is missing, so judgement is on technology to identify suspicious customers and their activities.

Cross-border transactions

Engaging in cross-border transactions is one of the methods adopted by financial criminals to launder money. Identifying the origin and destination of funds in transactions conducted across different jurisdictions is challenging. It also becomes easier for anonymous customers to hide these details or produce false documents.

Third-party risks

DNFBPs and VASPs who rely on third parties to conduct KYC and Customer Due Diligence (CDD) expose themselves to ML/TF risks if the third parties do not adopt and successfully implement adequate procedures for customer identification and verification. The criminals may exploit the vulnerabilities existing in third-party KYC and onboarding procedures and misuse the system to launder money.

Data security and privacy

Online onboarding through technology exposes the Regulated Entities to data security and privacy breaches. The genuine customers’ accounts may be taken over by criminals to perform their illegal activities, and this exposes the regulated entities such as DNFBPs and VASPs to various types of ML/TF risks.

Regulated entities must devise and apply effective AML measures to reduce the risks of such occurrences and fight the money laundering threats.

Common ML/TF Typologies employed through NFTF Channels

Smurfing and structuring are the most common ML/TF typologies employed by money launderers that may be onboarded through NFTF channels.

Structuring

Criminals may resort to structuring large transactions into several small transactions to avoid their detection. Normally, regulators across the globe have specified thresholds for reporting cash transactions. The criminals smartly plan their transactions to avoid crossing these thresholds.

Smurfing

Smurfing is similar to structuring. In smurfing, the criminals split transactions into small amounts and use multiple parties to deposit funds into the banking system.

Effective AML measures for non-face-to-face customers

Following are some of the effective AML measures that Regulated Entities can carry out to manage ML/TF risks arising out of the digital onboarding of customers:

Develop a risk-based approach to respond to risks related to non-face-to-face clients

The risks from NFTF clients needs to be carefully examined. AML measures for NFTF customers must be well-planned, well defined, and well documented. Regulated Entities need to adopt a risk-based approach for such customers depending on the following factors:
  • Industry in which the regulated entity operates
  • Location of customers
  • ML/TF threats from customers
If an NFTF customer is found to pose high risk to the Regulated Entity, Enhanced Due Diligence (EDD) measures should also be implemented. If the NFTF customer poses low risk, Regulated Entities can continue with the existing KYC and simple due diligence.

Create customised identification and verification procedures

Since the risks posed by NFTF customers needs to be examined carefully, Regulated Entities can have custom identity checks to protect their business. They can do so by defining the minimum criteria for accepting NFTF customers. This depends on the nature of a Regulated Entity’s business operations. If the Regulated Entity’s sector is more susceptible to money laundering threats, it’s better to avoid onboarding such remote NFTF customers. Regulated Entities can define new verification procedures like submission of more documents, manual visits to the client’s office, or any other relevant action.

Conduct In-Depth KYC to Understand the Risks of Non-Face-to-Face Customers

While conducting KYC, the first thing to match for the Regulated Entities is the customer’s face with the government issued identity document (ID) shared by the customer, purporting to be the individual or the entity specified in such an ID document. Regulated Entities need to decide based on verification and validation of such ID document, whether the customer is genuine with a valid ID proof or if there is any element of underlying criminal activity in guise of such NFTF customer.

Regulated Entities must have a stringent KYC policy to verify the identities of NFTF customers. Regulated Entities must ensure the following:

  • Regulated Entities must check for certification and attestation of documents: Such certification must be from specific authorised individuals or organisations. Such attestation can facilitate higher credibility in the authenticity of documents.
  • Regulated Entities must ask for additional proof to know the NFTF clients better: These documents must be from reliable sources that can verify these customers’ identities.
  • Regulated Entities should have a known third party to guarantee the authenticity of such customers: To check if the Regulated Entity’s existing customers, suppliers, or associates have complete knowledge of these customers. Also, ensure that Regulated Entities have conducted complete KYC and due diligence of these third parties.

Consider the non-face-to-face clients’ geographical location

One aspect that Regulated Entities can consider critically is the geographical location of their customers. Regulated Entities must exercise caution if the customer is from any of the following jurisdictions:
  • Economically sanctioned regions
  • Jurisdictions with weak AML controls or financial systems
  • Politically unstable regions
  • Countries with high levels of corruption, drug trafficking, human trafficking, terrorism, or smuggling

Apply risk-based due diligence measures for non-face-to-face clients

Regulated Entities don’t have the NFTF customer in front of them while conducting the transaction. It means identity verification is a challenge. Since the NFTF customer risk needs to be examined with utmost care, regulated entities need to implement risk-based due diligence measures to prevent the risks of financial crimes. These measures include:
  • Exercising caution before engaging in transactions with NFTF clients. The first payment must be from a known bank account in the customer’s name. Even for the succeeding transactions, details need to be checked thoroughly.
  • Using safe and secure electronic identification technologies to verify the identities of NFTF customers.
  • Checking the publicly available information from reliable sources, also known as using open-source intelligence, by checking national registers of trade, businesses, associations, and patents. Even the population census and credit data registers can help Regulated Entities confirm the identities of their NFTF customers.
A combination of these identification and verification techniques can ensure the authenticity of NFTF customers’ documents and identities

Hire third parties for identity verifications of cross-border customers

Dealing with NFTF clients becomes challenging when they reside in other countries. The identity documents are different from the local UAE documents.

However, Regulated Entities must get all possible identity and address evidence from publicly available and reliable information. One solution in these cases is to hire third parties for conducting such identity verification process to prove the authenticity of documents and identities. However, Regulated Entities must be careful before engaging with a third-party provider.

Employ video conferencing AML measures for identifying and verifying non-face-to-face customers

Regulated Entities can conduct a video-based process to verify the identities of their customers. This will be a secure, live, and informed audio-visual interaction between the Regulated Entity and the customer. Regulated Entities must obtain the customer’s consent before conducting such a meeting.

To manage the KYC verification process through video conferencing, a live video call with the Regulated Entity’s KYC expert and the customer needs to be conducted. Regulated Entities will interview the customer with identity questions and detect their liveness. Verification also involves checking the customer’s identity documents live by asking the customer to hold them in the video and matching their face with the photo to verify the identity in real time. Verification also includes clicking live photos for facial recognition.

However, Regulated Entities also need to ensure a secure way of conducting this video interview. It must be end-to-end encrypted. The video must be clear enough to verify the identity of the customer. The live GPS coordinates and date-time of the customer interview must be available in the video recording.

Use advanced technologies to confirm non-face-to-face customer identity

Technologies like artificial intelligence, machine learning, and blockchain have improved many sectors. Regulated Entities can use the same technologies in AML measures for NFTF customers. One way to do this is to use them for customer data storage data and comparison with other documents.

Regulated Entities can use AI in facial recognition to verify customers’ identities based on the proof they submit. AI even helps confirm the authenticity of identity proof submitted by customers. AI makes it possible to check the passport chip of biometric passports and the authenticity of holograms. Regulated entities can use blockchain technology for secure and confidential data storage. Regulated entities can also implement AML software, which supports liveness checks. It will help regulated entities reduce deepfakes and strengthen their defences against ML/TF.

Monitor transactions for unusual trends or patterns

Transaction monitoring is an effective AML measure for NFTF customers. Regulated Entities should rely on transaction monitoring to identify any unusual or out-of-pattern behaviour of customer transactions. So, when monitoring their transactions, entities can look out for the following:
  • Unusual pattern not matching with customers’ profiles or regular transactions
  • If more than one user is using the same account
  • If the user opens more than one account
  • If the customer information and IP address don’t match
  • If the customer uses different payment methods for different transactions
When Regulated Entities see such patterns or unusual behaviour, they need to investigate the customer relationship, purpose of transaction and source of funds for such transaction further.

Ongoing monitoring is a critical AML measure for non-face-to-face clients

In the case of NFTF customers, ongoing monitoring is essential. Regulated Entities need to implement tools to conduct ongoing monitoring of business relationship.

Conclusion

While NFTF customers may pose significant ML/TF risks to a business, the AML measures discussed in the blog can help FIs, DNFBPs and VASPs in the UAE to detect, prevent and mitigate these risks.

AML UAE – your partner for professional AML consulting services

AML UAE is an expert in AML Consulting services. We have guided clients throughout the journey of becoming compliant with AML laws in the UAE. You will always find us with customised and appropriate solutions to your AML concerns. Our offerings include:
  • Customized AML policies, procedures, and internal controls
  • Risk assessments and analysis of your business
  • KYC and different levels of due diligence of your customers to build their risk profiles
  • Monitoring transactions and customers to detect suspicious ones and take respective actions
  • Personalized training solutions for your AML needs and industry requirements
  • Regular health checks and audits of your AML compliance
Likewise, we also help you deal with non-face-to-face customers with appropriate AML measures. We take all possible steps to prevent money laundering and terrorism financing threats from such customers. So, don’t worry about remote, digital customers; we have the right AML measures for you.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Mastering Periodic Customer Reviews with eKYC and Automation

Mastering Periodic Customer Reviews with eKYC and Automation

The process of conducting periodic reviews of customer information helps ensure the relevance of anti-money laundering and counter-financing of terrorism measures (AML/CFT) that designated non-financial businesses and professions (DNFBPs) have implemented in their business.
This blog elaborates upon the following:
  • The purpose and factors triggering the initiation of conducting customer reviews.
  • The management of such periodic review processes through automation with AML software.
  • The best practices for carrying out effective customer reviews.
  • The advantages of relying on eKYC with the use of automation tools.

Periodic Review of Customers in the context of AML/CFT Compliance

The AML/CFT law in UAE requires DNFBPs to conduct periodic reviews of customer information collected during the customer due diligence (CDD) process. Keeping the CDD information up to date is a legal requirement that DNFBPs need to adhere to. The guidelines for DNFBPs require them to adopt a risk-based approach (RBA) when it comes to updating CDD. To achieve this, DNFBPs are required to have in place appropriate AML/CFT policies and procedures, which clearly state the steps and measures taken by the DNFBP to conduct periodic reviews of customer information, the tools or software used, and defined workflows to ensure that customer information collected during the CDD is maintained up to date.

Purpose of Periodic Review of customer KYC details

The regulatory requirement of conducting periodic reviews of customer information throughout the business lifecycle is backed by purposes such as:

Identifying Suspicious Activities

Conducting periodic reviews enables DNFBPs to identify suspicious activities, which is made possible through tracking or monitoring the customer details. It also helps entities to submit required regulatory reports like SAR/STR.

Assessing Customer Risk Profiles

When the customer information and activity are monitored or supervised periodically, such periodic review enables the DNFBP to assess the fluctuation in customer risk, such as the shift of low-risk customers to high-risk status or vice-versa due to changes in their circumstances supported by valid documents.

Ensuring Compliance with Regulatory Requirements

The UAE AML/CFT laws and guidelines require DNFBPs to conduct periodic reviews of CDD information, which is a regulatory compliance requirement.

Strengthening Risk Management Practices

When periodic reviews are conducted in a timely manner, the DNFBP is able to identify the customer profiles needing attention and additional or enhanced due diligence (EDD) measures. The exercise of conducting periodic reviews helps strengthen risk management as a DNFBP is able to plan how it shall mitigate ML/FT and PF risks.

Key Triggers for Periodic Reviews

The situations or circumstances necessitating the carrying out of periodic reviews are:

Risk-Based

DNFBPs need to imbibe a risk-based approach, meaning that they shall deploy risk mitigation measures according to the degree and extent of risk they are exposed to. One of the simplest ways to set or determine the frequency and timing of periodic reviews is to review their profiles according to the risk they pose to a DNFBP’s business, for instance. A low-risk customer’s profile can be examined less frequently than a high-risk customer whose profile needs to be examined more frequently.

Coming across changes in customer information that would impact the customer’s existing risk profile.

Changes in the list of High-Risk countries as maintained by the FATF.

Event-Based

Change in circumstances of a legal entity customer, such as a change in beneficial ownership, legal structure, change of address, purpose of business, or capital structure. For instance, non-PEP customers getting classified as PEP, change in transaction pattern, etc.

Discovery of adverse or negative media about the natural person customer or ultimate beneficial owners (UBOs) of a legal entity customer, where such adverse news contains information that can materially impact the business relationship with a DNFBP. For instance, there is adverse news pertaining to involvement in a predicate offence, which might ultimately be linked to financial crime such as ML/FT or PF.

Commencement of legal proceedings against the customer.

Due to recommendations derived from findings of AML auditor.

Transactions or behaviours indicating suspicion with regard to ML/FT or PF involvement.

Time-Based

DNFBPs, through their internal AML/CFT policies and procedures, need to set rules according to various customer risk categories and the timing and frequency of their CDD reviews, whether such reviews shall be conducted through notification parameters configurated into eKYC software, the degree of manual input and automation parameters for CDD or KYC reviews.

DFNBP can set the periodicity of customer information reviews in their policy according to the ML/FT and PF risk customers pose to the business, which can be semi-annual, annual, etc.

Components Contributing to Periodic Customer Review

A periodic customer review of a DNFBP usually consists of the following components:

Transaction Monitoring

Transaction monitoring is an AML compliance component that enables the DNFBP to configure alert generation in the context of transactions by customers that are not normal, reasonable, or consistent with the customer’s risk profile. Any change or deviation in customer transaction patterns should be considered as a factor necessitating the initiation of customer review or re-KYC.

Behavioral Analysis

The suspicious nature of customer activities and transactions can be identified through behavioural pattern analysis. For example, if a customer starts behaving differently than their normal pattern, then such a change in behaviour must generate a red flag for a DNFBP, following which they can conduct KYC refresh or re-CDD to ascertain the consistency and identify the cause of change in customer behaviour.

eKYC/CDD, Ongoing Monitoring, and Transaction Monitoring software are often equipped with machine learning capabilities, which can be taught to identify or detect suspicious behaviour patterns to trigger KYC refresh

Screening

Screening of customers against relevant watchlists such as sanctions lists, politically exposed persons (PEPs) databases, and adverse media screening enables DNFBPs to identify if the customer’s name matches with that of the names contained in such watchlists or sanctions list, enabling the DNFBP to determine the degree of ML/FT and PF risk posed by such customer and classify them into high risk, medium risk, or low-risk categories.

Based on the assigned risk classification, the DNFBP can determine the periodicity of conducting a re-examination or review of customer information.

Risk Assessment

Based on the risk assessment of the ML/FT and PF risk posed by the customer, the DNFBP can determine at which level of risk classification it would request for KYC refresh or re-CDD and document the same in the AML/CFT policies and procedures.

Managing Periodic Review of Customers with AML Software

The process of periodic review of customers can be streamlined with the use of AML software solutions such as:

1. eKYC Software

An eKYC software is responsible for automating the KYC obligations of a DNFBP. The eKYC software facilitates the following:
  • Setting periodicity or time duration notifications or alerts for conducting eKYC refresh.
  • Generates alerts when any customer document is approaching expiry, necessitating document renewal and revision of eKYC information.
  • Remotely fulfilling eKYC requirements such as customer identity verification through liveness check.

2. Screening Software

Sanctions screening software helps with periodic review as it constantly monitors the customer names across relevant and applicable sanctions lists, generating notifications or alerts for further CDD refresh or EDD when a true match or partial match is found.

3. Customer Risk Assessment Software

Customer risk assessment software facilitates the implementation of the customer review process in terms of determining or configuring the risk classification criteria and assigning customer review periodicity. This helps segregate customers into high, medium, and low-risk categories and conduct re-KYC according to the duration defined in the organisation’s AML/CFT policy.

4. Case Management Software

A case management software for AML compliance facilitates holistic monitoring and management of ML/FT and PF risks. The case management tool helps by:
  • Designing workflows for escalation and management of tasks for conducting re-CDD, such as requesting document renewal for expired or about-to-expire documents.
  • Keeping track of the case status.

5. Transaction Monitoring Software

A transaction monitoring software generates alerts whenever it identifies any anomaly or change in the pattern of transactions in real-time, which facilitates DNFBPs to conduct re-CDD or KYC refresh in real-time.

6. Regulatory Reporting Software

Reporting software is extremely helpful when, during the screening of customers or transaction monitoring, any positive match or materially suspicious activity is found, which requires the immediate filing of a suspicious activity report (SAR)or suspicious transaction reports (STR) on the goAML portal of the UAE Financial Intelligence Unit (FIU).

Advantages of AML Software While Conducting Periodic Reviews

An AML software is advantageous in conducting periodic reviews in the following ways:

Streamlined Data Collection

AML software, such as eKYC software and screening software, helps with easy document collection where a customer can upload their documents remotely through the app-based customer onboarding tools.

Real-Time Monitoring

Transaction monitoring, ongoing monitoring, and sanctions screening software are the software or tools to look for when any DNFBP intends to track customer activity, behaviour patterns, sanctions inclusion, and PEP classification status in real-time.

Reduced Manual Efforts

The very purpose of software and tools is to automate repetitive manual processes such as entering customer data, screening across regulator-issued sanctions lists, customer document validation, etc., which, due to automation, can help DNFBPs to reduce manual efforts.

Workflow

Various AML software solutions, such as case management, regulatory reporting, monitoring, and screening software, facilitate companies to define and assign workflows for escalation of tasks according to expertise level, right from screening analyst or risk analyst through AML compliance officer or Money Laundering Reporting Officer (MLRO) for further actions or senior management approval for onboarding or continuation of business relationship with high-risk customers.

Document Management

AML software tools help in document management by facilitating the storing and generating of documents required for AML compliance and recording steps taken to ensure compliance with AML measures, such as steps taken to complete the CDD process, alerts set for document expiry, factors triggering re-KYC, timing or frequency of re-KYC, all such measures including others as the case may be, are recorded by the AML software, and such records can be fetched instantly to fulfil record-keeping requirements in UAE.

Regulatory Compliance

AML software facilitates ensuring the timely filing of regulatory reports as well as ensuring regulatory compliance with relevant AML/CFT obligations. AML software facilitates streamlined processes, which, as a result, helps ensure compliance.

Cost-Savings

The most lucrative prospect of switching or opting for AML software is the resultant cost saving that comes due to the reduction of human efforts and increased efficiency.

Best Practices for Effective Periodic Customer Reviews

Ensure Data Quality:

Rich quality data helps in identifying suspicious activity or behavior in a timely manner, reducing the incidences of false positives.

Take A Risk-Based Approach:

Implementing risk measures commensurate with the type and severity of the risk to which the business is exposed helps ensure that a periodic review of customer details is conducted in a timely manner, according to the type of risk the ML/FT and PF customer poses.

Utilise Technology:

The UAE AML/CFT laws and guidelines recommend using technology whenever needed to streamline and strengthen AML processes. Relying on technology to get alerts and triggers for conducting EDD and re-CDD is preferable for DNFBPs to ensure that further steps are taken to ensure regulatory compliance in a timely manner.

Provide Training and Awareness:

Whenever a new or different methodology or technology is introduced in an organisation, as a best practice, personnel must be trained on how to use technology for carrying out the AML/CFT compliance obligations such as ongoing monitoring, re-CDD, KYC refresh, the factors necessitating conducting re-CDD, recordkeeping of CDD and Re-CDD measures, and so on.

Consider Cross-Border Challenges:

Businesses must consider cross-border challenges, such as changes in regulatory requirements and the ability of personnel and technology used by such a business to adapt to the requirements of different jurisdictions.

Consider Emerging Threats:

As a best practice of risk management, it is important to identify the emerging patterns in the relevant field; doing so would enable better management of AML/CFT risk.

Conclusion

When it comes to end-to-end customer relationship management, conducting periodic reviews of customer details obtained during the eKYC or the CDD process can be simplified through the use of the eKYC process and automation with the use of various kinds of AML software to ensure regulatory compliance.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

AML/CFT Compliance Culture as a Strategic Tool in the Fight Against ML/TF

AML/CFT Compliance Culture as a Strategic Tool in the Fight Against ML/TF

Money laundering (ML) is the legitimisation of ill-gotten gains. Terrorism financing (TF) is the act of providing financial assistance to those persons who undertake terrorist activities. The UAE government strives to regulate those entities that are vulnerable to being used as a conduit for ML and TF through its anti-money laundering / combating the financing of terrorism (AML/CFT) regulatory regime. This blog discusses the importance of establishing an AML/CFT compliance culture in businesses to counter the risks of ML and TF.

This blog also attempts to shed light on the meaning, components and importance of AML/CFT compliance culture. It also provides guidance on how to create a robust culture of AML/CFT compliance.

What is AML/CFT Compliance Culture?

An AML/CFT compliance culture is the shared beliefs, values and ethical standards regarding adherence to the duties and obligations under a country’s AML/CFT regulatory regime. Such culture flows throughout the entire organisational structure of the entity. It becomes inseparable from the entity’s identity and is reflected in the entity’s decisions, services, practices and conduct. It shapes the behaviour of each individual associated with the entity, from the board of directors to entry-level employees. An AML/CFT compliance culture helps the entity stay on the right side of the law. It increases the reputation of the entity and creates a positive brand image. Therefore, the importance of adopting an AML/CFT compliance culture is immense and should not be understated.

Components of AML/CFT Compliance Culture

An AML/CFT Compliance culture can be understood comprehensively through its various components. These components are discussed below.

Leadership and Management Commitment

The culture of an organisation flows from its leadership; in simple words, it sets the tone from the top. An entity’s AML/CFT compliance will not be effective unless the board of directors or top management lays a strong foundation for the AML/CFT compliance program. Low or inadequate support by the top brass would mean that the AML/CFT policy remains just a paper document and is not reflected in the entity’s culture. Employees’ motivation to promote the entity’s AML/CFT compliance culture depends on encouragement from the leadership.
The role played by the top management in promoting an AML/CFT compliance culture includes the following:
  • Overseeing the timely formulation and approving the Enterprise-Wide Risk Assessment (EWRA).
  • Ensuring assessment of the AML/CFT risks faced by the entity through a risk-based approach and approving the risk appetite of the entity based on its size, business and customer base.
  • Approving the AML/CFT Policies and Procedures.
  • Reporting on new ML/TF Red flags and Typologies.
  • Ensuring regular independent audits of AML/CFT Compliance Framework.

Ethical Standards and Values

An AML/CFT compliance culture is characterised by values and ethical standards such as integrity, accountability, transparency, trust and collaboration. Through these values, entities are able to embody the ‘spirit of the law’ rather than just adhering to its letter or simply having a tick-box box approach towards compliance. These standards help entities make ethical decisions when they encounter circumstances not provided for in AML/CFT laws and regulations.

AML/CFT Policies and Procedures

Compliance obligations include not only legally mandated requirements but also the entity’s own internal AML/CFT policies, procedures and controls. Robust internal policies help entities meet their AML/CFT regulatory requirements successfully without any lapses. Set policies and procedures also ensure that everyone involved in the compliance process is aware of their individual roles and responsibilities. This helps coordinate and speed up the resolution of any issues.

Training and Education

When employees are made knowledgeable about the meaning, mode of operation, and red flags of ML and TF, as well as their role in the organisation, they are able to detect and deter AML/TF threats effectively and promptly. Such awareness allows the staff to make informed decisions regarding corrective actions to be taken when they face an ML or TF threat. Thus, AML/CFT training and education are important components of a strong AML/CFT compliance culture.

Importance of AML/CFT Compliance Culture

After discussing the meaning and components of robust AML/CFT compliance culture, it’s time to move the discussion towards the question of why it is imperative for entities to build a strong AML compliance culture.

Enhancing Organizational Integrity

Rules and regulations seek to deter the crimes of ML and TF. However, laws are ultimately just words on paper. A strong AML/CFT compliance culture inculcates integrity into the organisation and helps ensure that these laws are properly implemented and adhered to. By embedding a culture of integrity, entities not only comply with legal requirements but ethically deal with all situations not dealt with by the law.

Building Trust with Stakeholders

When an entity practices and portrays a strong culture of proper AML/CFT compliance, it generates trust and a positive reputation among its customers, investors, associates and regulatory authorities. The employees working for the entity have faith in it, which boosts employee morale. This creates a positive feedback loop, which results in the further strengthening of the entity’s compliance culture.

Ensuring Regulatory Compliance

ML and TF are threats that continuously evolve to avoid detection. To curb them. AML/CFT laws are dynamic and continuously developing to deal with the new tactics of money launderers and terrorist financers. When entities have a strong AML/CFT compliance culture, they are able to regularly update themselves and evolve new ways to comply effectively with the AML/CFT regulatory obligations.

The Role of AML/CFT Compliance Culture in Combating ML/TF

Preventive Measures

Robust AML/CFT Policy and Procedures

AML/CFT rules and regulations mandate regulated entities to draft and implement their own AML/CFT policies and procedures. To be effective, the AML/CFT policies and procedures must include the following:

  • Roles and responsibilities for all employees involved in AML/CFT compliance.
  • Proactive senior management oversight and appointment of AML/CFT Compliance Officer.
  • Adoption of a risk-based approach to counter ML/TF.
  • Continuous training and awareness programs for the staff involved in AML/CFT compliance.
  • Customer Due Diligence (CDD), including Know Your Customer (KYC), customer risk assessment and profiling.
  • Sanctions Screening and Adverse Media Screening
  • Reporting Procedures for Suspicious Activities or Transactions (SAR/STR)
  • Ongoing monitoring of customers and transactions Record keeping procedures
When these components are clearly defined, there is better oversight and coordination within the entity. Compliance responsibilities should not be ‘siloed’, i.e., restricted to specific departments with no internal communication. This ensures that all red flags encountered during the AML/CFT compliance process are swiftly identified and dealt with promptly. This prevents ML or TF risks from arising.

Comprehensive Due Diligence

Customer Due Diligence (CDD) is a process that must be undertaken by entities to check the authenticity of their customer’s identity. It helps them assess the risks posed by a customer through risk assessment, sanctions screening and adverse media screening. Through CDD, entities are able to form an informed decision of whether to onboard customers based on their risk appetite. A rigorous CDD process prevents entities from onboarding clients exposed to ML or TF and thus reduces risk exposure of the entities.

Transaction Monitoring

Transactions monitoring involves continuously observing transactions to detect any anomalies or red flags that may indicate ML or TF. Suspicious activities and transactions are identified through red flags such as transactions involving large amounts of funds, unusual behaviour by customers, inconsistency of the transaction with the customer’s economic profile or past behaviour, multiple transactions within a short period of time, transactions from, to or through a high-risk jurisdiction, etc. Thus, transaction monitoring helps prevent ML and TF before they occur or are in the early stages of occurrence by detecting and dealing with suspicious activities. Timely and rigorous transaction monitoring is an important constituent of an effective AML/CFT compliance culture.

Detective Measures

Data Analytics

Data analytics helps entities analyse large amounts of information to detect ML and TF threats. Big Data enables entities to streamline their AML/CFT compliance obligations through real-time updates in customer risk scoring and profiling, automatic transactions monitoring, prompt sanctions screening and adverse media screening, recognising anomalies in customer behaviour, etc. Data analytics thus eases the process of compliance by digitising processes that would otherwise be done manually. Thus, data analytics has made the detection of ML and TF simple and swift.

Health checks and Audits

Detecting vulnerabilities in the AML/CFT policies and procedures is an important part of the entire AML/CFT compliance process. This detection exercise is done through a health check or audit of an entity’s AML/CFT compliance program. A health check or audit involves a review of risk assessment of the entity, its policies, procedures and controls, communication channels open in the entity for coordination or grievance redressal, CDD and KYC methodologies adopted by the regulated entity, the process of suspicious activities detection and reporting by the entity, adequacy of records obtained and kept, regularity and quality of staff training and awareness, etc. The health check and audit process also includes analysis of the vulnerabilities detected, discussion about the same with top management, and adoption of remediation measures to fill the gaps identified.

Employee Vigilance and Reporting Channels

The active participation of the employees in the entity’s AML/CFT compliance program ensures efficiency in dealing with ML and TF threats. For example, frontline employees are considered the first line of defence and compliance officers, along with the compliance department, are the second line of defence under an entity’s AML/CFT program. Employee vigilance at these levels will nip ML and TF in the bud. Employee vigilance will enable early detection of ML and TF threats, prompt communication of the threat to the compliance officer, senior management, or board of directors, and subsequent reporting to the AML/CFT regulatory authority of the country in which the entity operates.

Reporting Obligations

Investigating Suspicious Activities

Suspicious activities are to be reported mandatorily under a country’s AML/CFT laws and regulations. Suspicious activities are those that indicate the occurrence of ML or TF. For example, the following activities cause suspicion as to ML and TF:

  • Customer refuses or is hesitant to provide KYC details or identity documents
  • Third party gives instructions or undertakes transactions through the customer’s account
  • Too many transactions in a short period of time
  • Uncharacteristically large funds being transferred
  • No economic rationale behind transactions or the source of funds or wealth is unexplained

When these suspicious activities are detected and reported in a timely manner, ML and TF threats are dealt with successfully.

Collaboration with Regulatory Authorities

Collaborating with AML/CFT regulatory authorities is crucial in aiding the authorities in curbing ML and TF in the country. The collaboration includes adhering to the AML/CFT obligations put on the entity, providing information promptly when required by the regulatory authorities, reporting suspicious activities and transactions as prescribed, etc. Collaborating with regulatory authorities will improve the regulator’s trust in the entity and improve the reputation of the entity in the country as law-abiding and transparent.

Implementing Corrective Actions

As discussed before, regular health checks and audits are significant features of an effective AML/CFT compliance culture. After a thorough audit, remediating the vulnerabilities identified through corrective actions is an important part of the AML/CFT Compliance process. Such corrective actions include reassessing risk exposure to ML and TF, making necessary changes to AML/CFT policy and procedures, revamping the compliance team structure, establishing new communication channels, etc.

Building a Strong AML/CFT Compliance Culture

Building a strong AML/CF compliance culture requires businesses to develop an understanding of what strong and weak AML/CFT compliance culture looks like; knowing the distinction between the two shall enable them to formulate a customised strong AML/CFT compliance culture.

After understanding the meaning, components and importance of a robust AML/CFT compliance culture, it is time to understand how such a strong culture can be built. This is discussed below.

Top Management Commitment

To build a robust AML/CFT compliance culture, top management must commit to:
  • Setting the tone of integrity, transparency, morality and non-tolerance towards lapses that enable ML and TF to occur.
  • Allocating adequate resources for the entity’s AML/CFT compliance.
  • Overseeing the risk assessment process and drafting of internal AML/CFT policy for the entity.
  • Having an open channel of communication to handle all the complaints, doubts, criticisms, and concerns regarding the entity’s AML/CFT policy and ensuring accountability.
  • Duly appoint an AML/CFT Compliance Officer or Money Laundering Reporting Officer (MLRO) who is qualified for the role.
  • Reviewing the AML/CFT reports and independent audits and remedying any vulnerabilities found.
  • Leading by example and actively participating in AML/CFT training, encouraging employees to participate and take their role with seriousness and professionalism.

Crafting Clear and Effective AML/CFT Policies and Procedures

Preparing AML/CFT policies and procedures is a legal obligation under a country’s AML/CFT laws and regulations. It is the backbone of a strong AML/CFT compliance culture. An effective AML/CFT policy has the following characteristics:
  • It is framed after gaining a thorough understanding of the country’s AML/CFT laws and regulations in which the entity operates.
  • It is grounded in a risk-based approach, which involves identifying the specific ML and TF risks faced by the entity and implementing tailored measures to mitigate them. This approach is customised to address the unique challenges posed by the firm’s products and services, customer base, geographical operations, and other relevant factors.
  • It is framed in a clear and concise manner, with all roles and procedures defined to leave no doubt or scope for overlap of responsibilities and powers. Top of Form
  • It should set clear policies on all the AML/CFT obligations of the entity such as risk assessment, CDD and KYC, sanctions screening, suspicious transactions or activities reporting, etc.
  • It should be regularly reviewed and updated to ensure all vulnerabilities are filled.

Implementing AML/CFT Compliance Program

After preparing AML/CFT policies and procedures, it is important to implement them in a manner that achieves its intent and objectives. For effective implementation, the following approach should be adopted:
  • Make a detailed checklist and ensure that all entries are tick-marked through completion. Here are the components of the checklist:
  • Registering with the AML/CFT regulator if required. For example, in the UAE, entities have to register with FIU’s goAML portal.
  • Designating a qualified AML/CFT compliance officer or MLRO with adequate authority.
  • Conducting Enterprise-Wide Risk Assessment (EWRA) and defining risk mitigation measures.
  • Laying down the customer onboarding process along with adequate customer due diligence and sanctions screening measures to be adopted.
  • Establishing a monitoring program that tracks customers, transactions and activities on an ongoing basis
  • Preparing procedures to detect and report suspicious activities and transactions
  • Training the employees involved in the AML/CFT program. This step is discussed in detail below.
  • Conducting an independent audit of the AML/CFT program of the entity and regularly updating it to fill any gaps
  • To execute the prepared checklist in a timely manner, a comprehensive action plan should be created with deadlines. Senior management must regularly monitor the implementation process. Adequate resources should be allocated to the AML/CFT program.

Training and Awareness

Training and awareness enable employees and other stakeholders involved in the AML/CFT program to recognise and adopt corrective measures to deal with any ML or TF threats they encounter. The employees must be given regular training by qualified AML/CFT experts. The training module must include subjects such as:
  • Meaning and typologies of ML and TF
  • A brief overview of the international efforts to fight ML and TF and the AML/CFT laws and regulations of the country in which the entity operates
  • Detailed understanding of the internal AML/CFT policies and procedures of the entity
  • ML and TF risks assessed, and risk mitigation strategies adopted by the entity
  • Customer onboarding protocol, including customer risk assessment, risk scoring, risk profiling, customer due diligence, KYC, sanctions screening and adverse media screening
  • Detecting and reporting suspicious activities and transactions
  • Records acquired during the AML/CFT process that must be kept
  • Coordinating and cooperating with the AML/CFT compliance department of the entity
The training program should be a continuous process. When regulations change, or independent audits find discrepancies, employees should be retrained to perform their roles more effectively. Further, new employees must be given basic AML/CFT training when they are onboarded.

Challenges in Combatting Money Laundering and Terrorism Financing

Building a strong AML/CFT compliance culture may not be easy at first. An entity may face the following hurdles while implementing and maintaining its compliance practices:

1. Business Goals

Entities often place profit and growth as their highest priority, ignoring business ethics in the process. There is a need to balance both ethics and profits to build an effective AML/CFT compliance culture.

AML/CFT compliance must be seen as adding to the profits and growth of a company rather than an obstacle. This is so because a reputation of being AML/CFT compliant increases trust among the customers and reduces the costs incurred due to non-compliance. Thus, having a robust AML/CFT compliance culture gives positive dividends.

2. Staff Resistance

Employees may not be aware of their role in combating ML or TF threats or may see their AML/CFT obligations as irrelevant to their overall job profile. They may resist changes when an entity first makes the decision to align their business with AML/CFT best practices. To deal with this challenge, it is necessary that positive behaviour is incentivised and encouragement is given to adhere to the entity’s AML/CFT compliance program that flows from the top leadership. When the leaders set the tone from the top, employees are bound to follow.

3. Resource Constraints

When the AML/CFT program is seen as a cost rather than an opportunity, AML/CFT compliance suffers. Developing and maintaining an AML/CFT program can be costly because it involves investments in technology, human resources, training, and services of AML/CFT experts. However, these costs have positive returns, such as a good reputation, trust from customers, and no non-compliance costs. Further, the costs of non-compliance, i.e., government-imposed fines and penalties, are significantly more than the cost of installing compliance measures.

4. Evolving Regulatory Framework

Since ML and TF typologies are evolving with advancing technology, AML/CFT laws and regulations are continuously adapting to deal with emerging threats. This means that the AML/CFT law is dynamic, and entities need to keep up. This may seem complex to regulated entities, which are already lagging behind in terms of AML compliance. However, being up to date with the AML/CFT regulatory changes is essential to ensuring AML/CFT compliance.

The Future of AML/CFT Compliance Culture in Combating ML/TF

After building an effective AML/CFT compliance culture, the next task is sustaining and developing it in a way that such culture becomes an enduring component of the entity’s identity. As ML/TF typologies, as well as AML/CTF regulations evolve, so must the culture surrounding AML/CFT compliance. Here’s a glimpse at the future of AML/CFT compliance culture.

Impact of AI and Machine Learning on Compliance

Artificial intelligence (AI), data analytics, and machine learning have made the AML/CFT compliance process easier, quicker and cheaper. These technological advancements make the following tasks more efficient:
  • Entering and keeping records of loads of customer data.
  • Detecting any red flags while conducting the customer due diligence process.
  • Sanctions Screening and Adverse Media screening using regularly updated databases.
  • Analyzing patterns of customer transactions and behaviour and detecting anomalies.

These technologies keep on improving and thus form the future of AML/CFT compliance culture by making compliance swift, simple and accurate.

These technologies keep on improving and thus form the future of AML/CFT compliance culture by making compliance swift, simple and accurate.

Future Regulatory Developments

As the world becomes increasingly interconnected, ML and TF threats evolve, and AML/CFT measures adapt to combat them. This means more cross-border collaborations between countries to deal with the ML/TF threats effectively. AML/CFT regulations may become more stringent and standardised. However, with a strong AML/CFT compliance culture, navigating through evolving and stricter AML/CFT laws and regulations would be easily manageable.

Importance of Evolving Compliance Practices

AML/CFT compliance culture needs to be dynamic and adapt to the emerging ML/TF threats and challenges as well as keep up with the AML/CFT regulatory developments. Entities must keep pace with technological advancements and adopt them in their AML/CFT compliance program. All vulnerabilities should be detected and reported. Periodical training on new AML/CFT typologies, technology and regulatory developments will ensure a strong and efficient AML/CFT compliance culture.

Fostering a Culture of Continuous Improvement

Continuous improvement can only be achieved through frequent health checks, open communication and swift handling of grievances and concerns. Leadership commitment to AML/CFT compliance will ensure that the entity’s objectives and practices are aligned towards constant improvement and innovation of the AML/CFT compliance program.

Conclusion

Establishing a robust AML/CFT compliance culture is imperative to comply with AML/CFT regulatory obligations. It is also an important strategic tool to combat the emerging threats of ML and TF. However, if the entities regulated under a country’s AML/CFT legal regime do not take their compliance obligations seriously, the objective of curbing ML and TF will remain a distant dream. From the macroeconomic prospects of the country to the society and the entity itself, everyone will be severely impacted.

Therefore, establishing a robust AML/CFT compliance culture must involve essential components such as leadership commitment, ethical standards, comprehensive policies, and continuous training to ensure that entities build resilience against the said financial crimes such as ML/TF. By embedding AML/CFT principles deeply into their identity, entities can better detect and deter illicit activities.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

A Framework for Decoding Sanctions Screening Results

A Framework for Decoding Sanctions Screening Results

Whether you use AML software or perform manual name screening, sanctions screening outcome interpretation is not limited to segregating screening outcomes into usual categories, such as those needing regulatory reporting and those requiring no action. Each match has a distinct implication, and the criteria for its analysis, disambiguation, and categorisation are based on the degree of similarity or distinction with key identifier details of the customer and sanctioned individual or entity. This blog provides a framework for decoding sanctions screening results so that you can categorise them into Perfect Match, Partial Match, False Match, and No Match.

A Framework for Decoding Sanctions Screening Results

What is Sanctions Screening?

Sanctions Screening is a process through which the names of prospective and existing customers, who can be natural persons or legal entities, are matched against names available in relevant and applicable sanctions lists to check if any of the customer names match those contained in the sanctions list.

What is Sanctions Compliance Program?

Financial Institutions, DNFBPs and VASPs operating in the UAE must have in place a Sanctions Compliance program that documents the Targeted Financial Sanctions (TFS) compliance measures, such as Sanctions Screening methodology, tools, and measures. Such a Sanctions Compliance Policy would generally elaborate upon the measures taken to assess sanctions-related risk by the regulated entity considering the regulatory framework in UAE concerning sanctions compliance and set rules and steps for conducting and disambiguating screening matches.

What is Targeted Financial Sanctions (TFS) ?

Targeted Financial Sanctions (TFS) are restriction measures imposed by UAE requiring Designated Non-Financial Businesses and Professions (DNFBPs) to freeze funds with other assets of any existing or prospective customer whose name is found in any of the:
  • Local Lists, including UAE local terrorist lists issued by the Cabinet and sanctions lists containing names of natural persons and legal entities linked to the Financing of Terrorism (FT) or Proliferation Financing (PF) of weapons of mass destruction.
  • Sanctions lists issued by the United Nations Security Council Resolutions (UNSCRs). The names of relevant UNSCRs for DNFBPs in UAE, according to Circular No. (2) of 2022 for implementation of Cabinet Decision No. 74 of 2020 are Resolutions 1718 (2006), and 2231 (2015) and following resolutions.
Also, read about aligning your business with global sanctions lists.

Why is Sanctions Screening important for AML compliance and fighting ML/TF/PF?

  • To ensure that prospective and existing customers do not bring along Money Laundering (ML), FT and PF risks to the regulated entity.
  • To identify if any prospective or existing customers appear in any of the relevant sanctions lists and report them to the UAE Financial Intelligence Unit (UAE FIU) through the goAML portal, ensuring regulatory reporting compliance obligation.
  • To ensure compliance with sanctions screening regulatory requirements prescribed in applicable Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) and TFS regulations in UAE.
Also, read the role of sanctions in achieving international peace and security.

What are the Common Sanctions Screening Outcomes?

Sanctions Screening process usually generates four types of outcomes, namely:

1. Perfect Match

The name of the customer matches completely with the screening outcome generated through screening across relevant Sanctions Lists. A complete match is also known as a full match, or complete match, or an exact match.

2. Partial Match

The name of the customer partially matches the screening outcome generated through screening across relevant Sanctions Lists.

3. False Match

The name of the customer does not match with the screening outcome generated through screening across relevant Sanctions Lists.

4. No Match

Screening the name of the customer across relevant Sanctions Lists generates no or zero outcomes.

Sanctions Screening Process

The Sanctions Screening Process is carried out by taking the following steps such as:

1. Subscription to relevant and applicable Sanctions Lists

The FIs, DNFBPs, and VASPs are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) mailing list to receive updates as to the addition and deletion of names in the sanctions list.

2. Collection of Key Identifier details

The DNFBPs are required to collect information to input data for conducting sanctions screening, such as in the case of:

a. Natural Person:

  • Name
  • Aliases
  • Date of Birth
  • Nationality
  • ID or Passport information
  • Last known address
b. Legal Entity:
  • Name
  • Aliases
  • Address of Registration
  • Address of branches, if any
  • Other relevant information

c. Ultimate Beneficial Owner (UBOs) of Legal Entity

  • Same as that of a natural person

3. Name Screening

Upon collection of key identifier information, all there’s left to do is to enter the key identifier details of the customer into the appropriate fields given in the Sanctions Screening software and execute the name-match command, doing so, will trigger the sanctions screening software to start searching the customer name entered across various relevant and applicable sanctions list to which the DNFBP is subscribed to.

The name-matching process can also be undertaken manually by searching through the relevant sanctions lists.

4. Screening Outcome Generation

Once the name-matching process is executed by the name screening software, screening outcomes will be generated, depending upon the type of filters and match percentage accuracy threshold settings configured into the sanctions screening software.

5. Screening Outcome Disambiguation

Finally, the analytical role of a Screening Analyst comes in; the screening outcomes generated by the sanctions screening software need to be segregated and organised by the screening analyst into the following categories:
  • Perfect Match
  • Partial Match
  • False Match
  • No Match
Enabling the regulated entity to deploy adequate AML/CFT Customer Due Diligence (CDD) measures and imposing TFS freezing measures if the need arises, based on the framework for decoding sanctions matches.

Decoding Sanctions Screening Matches: A Step-by-Step Guide

Usually, in a large-scale organisation, distinct roles and responsibilities are assigned to relevant personnel, such as having a dedicated Screening Analyst to decode sanctions screening results. However, a small business, usually having very few or no employees, requires the owner or founder to take responsibility for decoding sanctions screening results.

Also read, risks of unaddressed matches in sanctions screening.

Decoding the Sanctions Screening Results requires the person entrusted with screening matches disambiguation to conduct the following measures:

1. Initial Assessment:

When attempting to decode sanctions screening results, an initial assessment needs to be carried out. Ideally, this can be commenced by segregating screening results into potential matches and obvious false matches.

2. Verification and Validation:

The potential matches derived need to be examined for further verification of potential matches with the key identifier details of the customer collected by the regulated entity.

This verification process would entail careful comparison between the key identifier details of the customer and those mentioned in the profile of a potential match. Based on comparison, the degree of similarity between customer details and the screening outcomes generated can be validated.

Followed by verification, the validation of such findings is carried out with the help of government-issued customer identification documents or copies of the same available with the regulated entity. Examples include a Passport or Emirates ID for a natural person as a customer and a trade license or the certificate of registration of the legal entity.

The validation process helps in determining whether the potential match can be classified as:

  • Perfect Match
  • Partial Match
  • False Match
  • No Match

3. Risk-Based Approach (RBA):

The fundamentals of RBA dictate that risk mitigation measures must be applied in proportion to the extent of risk faced by an entity. In the AML/CFT and TFS compliance context, adopting RBA would mean that a business applies ML/FT and PF risk mitigation measures, such as Standard Due Diligence, Simplified Due Diligence, and Enhanced Due Diligence (EDD) based on the degree and extent of ML/FT and PF risk posed by the customer to the business.

Sanctioned individuals and entities pose a high degree of ML/TF/PF risks, and hence, the regulated entities are obligated not to establish a business relationship with them, apply freezing measures and submit a Funds Freeze Report (FFR). Further, in the case of partial matches, the risks could be higher, and hence, the regulated entities are required to submit a Partial Name Match Report (PNMR) with the UAE FIU.

4. Escalation:

Depending upon the severity of the sanctions screening outcome finding, the case can be escalated internally to the AML Compliance Officer or Money Laundering Reporting Officer (MLRO).

5. Documentation:

The regulated entity must document all the procedures, steps, methodologies, tools, sanctions lists subscribed to, verification findings, and validation exercises carried out while conducting match disambiguation and the sanctions compliance process.

6. Regulatory Reporting:

Depending upon the screening outcome, if a perfect match or partial match is found, such an observation and finding must be reported through the goAML portal by the regulated entity within 5 calendar days of such an observation.

7. Record-Keeping:

To ensure compliance with record-keeping requirements imposed by relevant regulators, regulated entities conducting Sanctions Screening must maintain all records of their Sanctions Compliance Program, including sanctions screening results, screening disambiguation findings, and CDD measures taken for the prescribed period.

Let us now delve into decoding screening results based on customer profile and details of potential match found during sanctions screening process.

Decoding Sanctions Screening Results: Perfect Match

Decoding Sanctions Screening Results when there is a Perfect Match requires the person conducting screening outcome disambiguation to know how the perfect match outcome is derived. A perfect match outcome is derived when all key identifier parameters of the customer match the screening outcome in totality.

Understanding the Sanctions Screening Perfect Match Disambiguation Matrix

Understanding the Perfect Match disambiguation matrix is quite straightforward. The comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a Perfect Match scenario, all the key identifier parameters of sanctions screening outcome and the customer profile are compared with one another. The conclusion of such comparison is that both the customer profile and sanctions screening outcome have been found to match exactly with one another, resulting in the initiation of the regulatory reporting process by the regulated entity conducting sanctions screening.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the sanctions screening outcome.
  2. For a sanctions-perfect match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Perfect Match

Upon finding a perfect match because of sanctions screening, the regulated entity is required to:
  • Freeze the assets of the sanctioned customer within 24 hours and prevent making any funds or services accessible to them.
  • File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware that the customer has been sanctioned.
In case a prospective customer is found to be a perfect match, the regulated entity is required to:
  • Reject or avoid onboarding the prospective customer.
  • File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware of the customer being sanctioned.
While taking the above measures, regulated entities must ensure that they do not let prospective or existing customers become aware of such a perfect match outcome.

Decoding Sanctions Screening Results: Partial Match

Decoding Sanctions Screening Results when there is a Partial Match requires the person conducting screening outcome disambiguation to know how partial match outcomes are usually found. Partial match outcomes are found only when the name of the customer matches partially with that of the screening outcome as either due to lack of further information, the match disambiguation exercise on remaining key identifying factors cannot be concluded or only limited key-identifier details match, such as first name only.

Understanding the Sanctions Screening Partial Match Disambiguation Matrix

The partial match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a Partial Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile, only the partial name of the customer matches with that of the screening outcome. Some of the reasons for partial name match are as follows:
  • Lack of complete information with screening data, sanctions data aggregator, or the DNFBPs themselves, where the screening analyst can neither confirm nor deny the potential match as perfect match or no match.
  • Lack of validating documents such as government-issued identification cards or licenses (in case of a legal entity customer) that can help rule out a potential match result as no match or perfect match. Also, upon request, the customer fails to provide or avoids providing additional or missing validation documents, or repeated requests for the same might result in ‘tipping off’ the customer.
  • Though the regulated entity is in possession of validating identifying documents or the screening aggregator provides such information through their database, the authenticity of such information or documentation is questionable due to identifying documents appearing to be forged or tampered with, resulting in inconclusive findings, often the photographs match, date of birth or age matches, and the partial name matches but remaining information is different. Such a situation can be the result of forged or tampered documents or identity theft, making it impossible to decide whether the match is a perfect match or no match.
The conclusion of comparison is that both the customer profile and sanctions screening outcome match only on the aspect of partial name and are inconclusive on the status of match likelihood of other key identifier parameters. Resulting in the initiation of a partial name match regulatory reporting process by the regulated entities conducting sanctions screening.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. For a partial match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are potentially the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Partial Match

Upon coming across a partial match, the regulated entity is required to:
  • Suspend all transactions with existing customers and prospective customers with immediate effect and maintain the suspension of the business relationship until further instructions from the UAE FIU.
  • File a Partial Name Match Report (PNMR) on the goAML portal within 5 calendar days.
While taking the above measures, the regulated entity must take care of tipping off provisions and ensure that it doesn’t let prospective or existing customers become aware of the partial name match outcome and its regulatory reporting.

Decoding Sanctions Screening Results: False Match

False match outcomes are found when the customer’s name initially generates a screening outcome. However, upon comparing the customer profile and screening outcome, the screening analyst conducting screening disambiguation can conclude that the potential match is a false match.

Understanding the Sanctions Screening False Match Disambiguation Matrix

The false match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a False Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile initially appear similar or sanctions screening software has generated the false screening outcome due to the following factors:
  • Customer data quality and uniformity issues, due to which the screening software is generating false matches.
  • Algorithmic errors in the screening tool result in the generation of false matches.
  • The fuzzy match threshold is set too low while conducting sanctions screening.
  • Lack of knowledge as to what nationalities, languages, and cultures the screening data and customer details belong to, leading to not setting screening parameters accordingly.
  • Lack of fine-tuning the screening parameter filters or lack of customizability of the screening tool.
  • Outdated screening data and lack of whitelisting.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. For a false match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are not the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions False Match

When a False Match is found during sanctions screening, no regulatory reporting or compliance measures need to be initiated. The regulated entity can onboard the potential customer or continue the business relationship as usual with an existing customer upon finding a false match.

Sanctions Screening Best Practices to Avoid Unusually High False Matches

As a best practice measure, the regulated entities can analyse if the occurrence of false matches is normal or higher than usual, based on its experience and acceptable thresholds. If false matches appear higher than normal, the regulated entities must take measures to minimise false matches by taking measures such as:
  • Re-tuning the sanctions screening tool
  • Opting for a better sanctions screening tool with a proven record of least false matches.
  • Opting for whitelisting certain repetitive false matches, but with caution.
  • Conducting a sanctions screening software testing and validation exercise or conducting an AML software audit to identify the cause of false matches.
  • Ensure that the sanctions screening tool is customisable to modify rules and re-set match percentage parameters.
Thinking of changing your sanctions screening software because of its inability to detect false matches? Read Switching Sanctions Screening Software: Pain or Gain?

Decoding Sanctions Screening Results: No Match

When conducting sanctions screening of a customer across sanctions lists generates no result, then such lack of screening outcome is also known as ‘No Match’. This simply means that the screening exercise generated no results, and the customer’s name does not appear in any of the sanctions lists to which the regulated entity has subscribed.

Understanding the Sanctions Screening No Match Disambiguation Matrix

The no-match screening result between the customer profile and screening outcome would visually appear like the matrix given. However, such a matrix happens in the background of the screening software process, and the illustrative matrix helps visualise how a no-match result is generated by screening software. This happens when, on all customer key identifier parameters and names available in the sanctions list, the screening software is unable to find any remotely matching outcome.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. Sanctions Screening software must be properly tested, leaving no room for false negatives.

AML/CFT Regulatory Requirements Around a Sanctions No Match

When there are no matching results while conducting sanctions screening, the regulated entity may onboard such a customer and conduct CDD according to its customer onboarding policy or may continue the business relationship as usual in case of an existing customer relationship.

Conclusion

The Sanctions Screening Compliance is not merely limited to conducting sanctions screening and regulatory reporting if needed. Businesses in UAE, such as DNFBPs, need to understand the intricacies of why sanctions screening is required in the first place, the laws governing sanctions compliance, and the methodology and process of conducting sanctions screening to be able to decode the sanctions screening outcomes with the framework illustrated effectively.

Regulated entities must also understand their rights and obligations in the event of every possible type of sanctions screening outcome generated, and they must be equipped with personnel and know-how to ensure AML compliance that a possible screening outcome requires, be it filing FFR, PNMR, or proceeding with customer onboarding, as the need be.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

What is a White-Collar Crime and Its Inter-Relationship with ML/TF

A non-violent and financially motivated crime is termed a white-collar crime when it is executed by an employee while carrying out their responsibilities at work. This blog aims to elaborate upon the concept of white-collar crime, its characteristics, and its types. The blog also sheds light on how white-collar crime impacts not only the country where it originates but also its impact across the globe and how white-collar crime is carried out.

In addition, the blog elaborates upon how machine learning helps counter white-collar crime, the challenges in investigating and prosecuting the same, the steps that businesses can take to combat the occurrence of white-collar crime, and how white-collar crime is closely linked to money laundering (ML) and terrorism financing (TF).

What is a White-Collar Crime

The term ‘white collar’ refers to any person employed in an organisation who does not carry out manual labour and makes use of their intellectual capacities.

White-collar crimes refer to crimes carried out by white-collar employees. White-collar employees may tend to misuse their ability to make decisions at work to conceal, deceive, violate trust or commit fraud related to large amounts of money upon any other company or person.

Characteristics of a White-Collar Crime

White-collar crimes have the following characteristics which make them different from blue-collar crimes:

1. Non-Violent

White-collar crimes, by definition, are non-violent in nature. An example of this would be no violent activity being carried out in committing white-collar crimes such as insider trading. This crime takes place by misuse of unpublished price–sensitive information by any person within the business (usually a white–collar employee in this example) to book profits or facilitate price manipulation. Here, the entire crime gets executed, generating immense profits for the criminal without the use of violence.

2. Financially Motivated

The primary motive behind white-collar crimes is generating quick financial gains illegally. In many businesses, where the management itself is ignorant about ethical conduct and does not set the tone from the top for utmost good behaviour and ethically carrying out duties in the interest of the business. This mismanagement, coupled with frustrated employees who are morally and ethically compromised, get attracted to making quick money by disclosing confidential company information or carrying out corrupt and fraudulent activities to enrich themselves financially.

3. Carried Out by Professionals

The nature of white-collar crime is such that it can be carried out by knowledgeable and educated professionals in their relevant sphere, as they are aware of how to misuse the loopholes in compliance within their workspace. This can be better understood with the help of an example: a white-collar employee, such as a screening analyst facilitating terrorism financing, can simply manually manipulate sanctions screening results flagging a sanctioned individual to a non-sanctioned individual, resulting in the onboarding of such a sanctioned person carrying out terrorism financing by using the business as a vehicle to move funds for terrorist end-use.

4. Carefully Planned

The execution of white-collar crime requires the person executing it to devise steps to work around the checks and balances and plan for carrying out the intended white-collar crime. Generally, white-collar crimes are carried out by identifying loopholes and navigating checks and balances well in advance, as a lack of planning would result in the employee getting caught and questioned for misconduct.

5. Technology-Driven

A lot of white-collar crimes these days, such as forgery, misappropriation of funds, cybercrime, personal data privacy violations, and intellectual property infringement, are carried out online or with the help of hacking into secure databases containing sensitive data or information.

6. Concealment and Deception

White–collar crimes, in general, have an element of concealment and deception as a normal–appearing employee facilitates the planning and execution of crime in the background. Such employees, in the guise of their routine work, look for opportunities which they can exploit to make financial gains.

Understanding White-Collar Crime

White-collar crimes are non-violent, sophisticated crimes. Professionals in high-paying private or government jobs and big corporations engage in such crimes. These crimes are more strategic, innovative, and meticulously planned to avoid detection.

However, the fight against these crimes is not so strong because detection is challenging and often goes unaddressed in terms of legislation. Since these crimes are non-violent and involve many complexities, misuses, and misrepresentations, uncovering these crimes and the persons committing them before they impact society is challenging. The major impact is on individuals, corporations, economies, and communities. If caught, the perpetrators will face financial penalties, jail terms, and bankrupt business.

Why is White-Collar Crime a Matter of Global Concern

The impact of white-collar crimes on – employees, customers, and society – is enormous. They lose money, assets, jobs, and mental peace. Even the countries suffer substantial economic costs, investor confidence loss, and customer trust reduction. Bankruptcies and business failures can destroy the entire country’s economy. It can also distort competition, create social unrest, weaken integrity, and aggravate inequality and poverty.

These effects on the societies and economies sometimes spread to other jurisdictions. This is because of globalisation, which has interconnected many global financial systems. Cross-border white-collar crimes have also become frequent, affecting several countries. So, it is a matter of grave concern for global watchdogs and regulatory authorities.

Types of White-Collar Crime

The different types of white-collar crimes include:

Fraud

Fraud involves misrepresentation or the use of a false pretence to obtain something from someone. There are various ways to deceive someone to get their money or other valuable assets.

Embezzlement

Embezzlement occurs when someone entrusted with funds or assets misappropriates them without the consent of the company or agency allocating the funds or assets.

Insider trading

Insider trading refers to misusing unpublished price-sensitive information that has the potential to sway market prices to make profits out of it.

The insiders can be directors, promoters, employees, executives of the company, or someone closely related to such people who have access to inside information.

Bribery

Bribery involves influencing the decision or action of an individual or entity in power to get preferential treatment in exchange for gifts, payments, or valuable items. The bribe can be cash, property, services, or favours. The reason can be anything like getting a government contract or an award.

Cybercrimes

Cybercrimes are crimes occurring using digital means, including laptops, mobile phones, computers, and the internet. Criminals use these mediums to harass someone, lure people online, or conduct fraudulent activities. These are sophisticated crimes conducted for monetary or non-monetary gains. This can be data theft, mental harassment, stealing online money, or any other crime.

Money Laundering

Money laundering is a white-collar crime in which criminals disguise the illegal origins or sources of funds by layering them with legal transactions or integrating them into the legal financial system. Criminals hide the sources of such funds through complex transactions or a series of money movements. These activities lead to cleaning the illegitimate origins of the funds to make them appear legal.

Tax Evasion

Tax evasion means avoiding taxes by falsifying data, hiding income, or other illegal ways. Some common tax evasion strategies include underreporting income, using shell companies to hide the beneficial owners of assets, not reporting illegal income, avoiding tax audits, altering financial statements, having offshore accounts in tax havens, and many more.

Ponzi Schemes

It is a type of white-collar crime involving fraudulent investment schemes. The initiator of the scheme promises investment of money to generate higher profits for distribution. However, the investments of new investors are actually used as returns to pay off earlier investors. When the new investments are less than the amount to be paid off to previous investors, the scheme fails.

Forgery

Forgery includes altering or copying legal documents or records to defraud someone. Criminals can forge currency, cheques, identity documents, artwork, wills, certificates, or contract agreements. It can be a physical forgery or electronic. Criminals use sophisticated technologies to forge or create false documents. For example, employees may create a false letter of recommendation to get a job in a company.

Counterfeiting

Counterfeiting means imitating a genuine or authentic object. Counterfeiting aims to replace the original and earn greater value from the sale of fake products. The objects generally counterfeited are currency, identity documents, luxury goods, chemicals, spare parts, medicines, and food items. It primarily affects the trader of original products who suffers losses. Counterfeiting can also harm the lives, health, safety, and well-being of individuals, companies, or economies.

Extortion

Extortion involves threatening a person or their family or friends to gain some money or other valuable things. The criminal might threaten the victim’s family, use force to intimidate them or use violence to harm them. The criminal gains money, property, valuable security, or a signature on a critical document from the victim.

Environmental Crime

Environmental crime means the exploitation of natural resources or causing harm to the environment. It affects a country’s natural resources, human health, plants and animals’ lives, food chains, life expectancy, and biodiversity. These can include crimes such as improper disposal of waste, the killing of protected wild animals, illegal trading of plant species, illegal operations of destructive substances or materials, and others. Chemical pollutants released by industries and factories are a big crime, destroying environments across the globe.

Common Methods Used in White-Collar Crime

Knowing these common methods of conducting white-collar crimes enables businesses to detect them before the crime occurs. The common ways in which white-collar crimes occur are:

Identity Theft

Identity theft occurs when someone illegally obtains or uses an individual’s identity details without consent.

This information includes personal identification documents such as an identity, credit/debit card, bank account details, and many more. Criminals use this information to conduct any of the following:

  • Open new accounts
  • Obtain products and services in the victim’s name
  • Use the victim’s existing bank accounts to conduct transactions
  • Apply for loans
  • Spend money on travel, tickets, property purchases, etc.
  • Buy medicines or medical facilities, affecting health insurance coverage
  • Commit a crime under the victim’s name, leading to legal consequences

Accounting Data Manipulation

Another way criminals conduct white-collar crimes is by manipulating accounting data. It involves the misstatement or misrepresentation of a company’s or individual’s financial data. Companies manipulate these statements to avoid the repercussions of showing an adverse financial scenario. Some of the ways they manipulate this information are:
  • Recording fictitious revenues or adding other incomes to it
  • Change the accounting period for a few expenses
  • Adjusting accounting estimates and assumptions
  • Understating liability or overstating assets
  • Creating fake invoices
  • Falsifying cash and bank balances.

Market Manipulation

Manipulating the markets is another way to conduct white-collar crimes. The aim is to influence people’s behaviour in one direction so that the criminal can benefit. It means artificially affecting a financial instrument’s demand, supply, or price. It can be a currency, commodity, or share. Market manipulation can involve any of the following:
  • Manipulating the quotes or prices of securities
  • Spreading misleading information about a company
  • Posting fake orders
  • Acting on insider information not made public yet.

Exploitation of New and Emerging Technology

Technological advancements are a benefit to any economy because they solve problems. However, the exploitation of such technologies by criminals has increased. Financial criminals know how to utilise technology to deceive businesses, regulators, or individuals to achieve some financial benefits.

The primary ways in which fraudsters exploit emerging and new technologies for their personal gain are:

  • Data breaches
  • Gaining wrongful access to sensitive customer information
  • Malicious software or hacking to steal money
  • Hacking financial systems to get insider information
  • Technologies make identity theft easier
  • Cyber fraud
  • Fake online marketplaces
  • Using digital currencies to launder money.

Challenges in Investigating and Prosecuting White-Collar Crime

White-collar criminals exploit technologies, manipulate data, and misuse information to conduct crimes. Their work is so sophisticated that detecting the crime is challenging.

Cross-Border Transactions

Investigating cross-border transactions is challenging, given the jurisdictional variances and the need for cross-border collaborations. Currency fluctuations and regulatory differences make it easier to commit crimes. Prosecuting becomes even tougher due to legal differences in civil and criminal laws.

Resource-Intensive Investigations

Having adequate compliance measures in place and implementing them to avoid the materialisation of white-collar crimes requires funding, as compliance tools such as the screening software or employee background and monitoring policy require substantial funding, which not all types of businesses can afford. Even if the funding is available, it is difficult to recruit the right skills. This gives scope for businesses being used for conducting white-collar crimes.

Influential Perpetrators

The wrongdoers in white-collar crimes are employees, top management, or leaders of entities. In most cases, they are business and government professionals. These people have earned respect in their community. They are influential people with known credibility and trust among their professional and personal networks. So, detecting such people and understanding their criminal minds is challenging. Further, if they are guilty of having committed a white-collar crime, they use their influential network to jeopardise the investigation against them.

Evolving Crime Typologies

Crimes worldwide are increasing day-by-day. Countries are introducing new laws, and companies are developing new technologies to restrict the execution of crimes. But criminals find loopholes and harness them for their benefit. They try new ways, identify new loopholes in laws, and harness technologies’ weak points to commit crimes.

Difficulty in Gathering Evidence

White-collar crimes involve either the entire organisation, a few top managers, or one individual. One can identify all these only after in-depth investigations. Detecting the part where the fault lies or from where it all started is challenging.

Machine Learning and its Application in Detecting White-Collar Crimes

Machine learning (ML) learns the data patterns and predicts future occurrences. Based on these predictions, potential red flags can be spotted and stopped before occurrence. Machine learning helps businesses with the following:

Anomaly Detection

Anomaly means the behaviour in contrast to the usual customer activity. ML helps spot unusual patterns, outliers, or irregularities in customer or transaction data. These irregularities point towards a potential fraud, vulnerability, or failure. Incomplete data, unexpected manual intervention, or inconsistencies in the dataset are warning signs.

These signs indicate a problem which needs further investigation. Anomaly detection helps businesses to spot suspicions in datasets in real time so that immediate action can be taken.

Predictive Analytics

Predictive analytics in machine learning predicts future outcomes based on historical data analysis. So, while studying the old data, predictive analytics identifies patterns and trends and analyses them. It uses past learnings while analysing the new data. Based on the analysis of old data on user behaviour, ML predicts potential patterns in new data. It recognises similar trends and behaviour and flags them as suspicious.

Automated Monitoring

Any system using ML techniques to sift through data runs on automated monitoring. It is in continuous action. It continuously monitors it. It studies the old data, identifies patterns, and applies the same learning to the new incoming data. It checks and tracks the data in real-time to identify trends and flag them for further investigation.

Network Analysis

Network analysis means studying the relationships between factors. Businesses can identify the linkages between data points under study in machine learning and detect the following:
  • Relationships between various people involved in the crime
  • The pattern of relationships between them
  • Key influencers in the group who control others
  • The spread of unique behaviour that led to the crime
  • The organisation and hierarchy of criminal groups

Natural Language Processing (NLP)

Natural language processing means processing and understanding the natural language of humans. Using this feature, ML helps study, comprehend, and analyse text. Text-based data can be from emails, videos, audio, social media posts, or other sources. It helps understand the text exchanged between white-collar criminals. It sifts through all this qualitative data and detects suspicious behaviour. Whether it is phrases, keywords, tone, or patterns, it can study them to identify suspicious behaviour.

What is Money Laundering and Terrorist Financing

Money laundering means disguising the origin or source of illegal money and introducing it into the legal financial system. It is a financial crime committed by individuals, entities, and big criminal organisations. When an individual earns or generates illicit funds from a transaction, they layer these funds with complex transactions and integrate them with legal money. This entire process of placement, layering, and integration is called money laundering.

Terrorist financing means funding the activities of terrorists and terrorism. This can include operational activities of terrorism, terrorist attacks, travel, and lives of terrorists, or buying weapons. Any activity that provides financial support to terrorist organisations to carry out their terrorist acts is terrorist financing. The process of terrorism financing is carried out by collecting funding either legally or illegally, followed by making provisions to store or park such funds until they can be moved safely for further use without raising suspicion.

The Inter-Relationship between White-Collar Crime and Money Laundering and Terrorist Financing

Generally, it’s the greed of some individuals or entities that leads to white-collar crimes. These criminals are already in a position of power and prestige and command respect for it. But they want a commercial or personal advantage, more money, or avoid losing their assets.

White-collar crimes involve manipulating data or markets, misusing identities, or exploiting technology. Using these techniques, white-collar criminals can deceive the legal and regulatory authorities and people. Now, hiding this illegal money or disguising illegal funds and reintroducing it into the financial system as legitimate gains or income is possible with money laundering.

Criminals hide the illegal money or assets gained from such white-collar crimes by taking the money far from their origins. The aim is to confuse the investigators who want to trace the money or assets. So, criminals either layer them with several transactions or integrate them with the legal financial system. This is how white-collar crimes, in a way, facilitate money laundering.

White-collar criminals might also use money from such crimes to fund terrorist activities. If they have more dangerous aims, they will transfer the money to terrorist organisations. In doing this, they use false identities to save their name from all crimes.

To distance themselves from illicit sources of income or gains, white-collar criminals resort to:
  • Hiding the source or destination of funds
  • Creating layers of transactions to conceal them
  • Using the illicit layered money for a legal transaction
This is how white-collar crimes are interrelated with ML/TF. Not only this, the financial gains from white-collar crimes are also used in drug trafficking, arms dealing, and other transnational criminal activities. So, they create a maze of unlawful and unethical activities to hide their face and name.

Measures to Combat White-Collar Crimes, ML, TF

Businesses need to find a weak link in interrelationships between these white-collar crimes to catch them and implement the following measures to prevent these crimes by having in place:

Strong Legal and Regulatory Framework

In cognisance of the white-collar crimes in the country, UAE has taken strong steps to fight them and reduce their impact. The UAE Penal Code, the Federal Decree Law on AML/CFT and TFS Compliance are measures taken by the government to identify and take action in the event of any white-collar crime and have in place measures to report suspicious activity to the goAML portal by filing a Suspicious Activity Report.

Also, laws governing the protection of whistleblowers contribute to quick detection of potential white-collar crime.

Enhanced Supervision and Oversight

Businesses must strive to improve the supervision and oversight of their anti-crime measures. This will enable the business to know the status of each procedure, internal control, and technique applied against these white-collar crimes and gauge the following with such supervision:
  • Positive points of its anti-financial crime measures
  • Gaps, weaknesses, and areas of concern
  • Ways to fill these gaps and solutions for them
  • Whether these measures facilitate compliance with regulations
  • Reporting the compliance status to authorities
  • Any non-compliance penalties or legal proceedings against the business

Corporate Governance

The senior management in a company must set the tone at the top. Once that is taken care of, it is possible to design and implement effective measures against these crimes. Businesses must have a strong board of directors and top management who define the plan, accountability, and responsibilities.

Other corporate governance practices that help in preventing these white-collar crimes are:

  • Defining clear roles and responsibilities to facilitate faster crime prevention initiatives.
  • Defining a code of conduct, including acceptable and unacceptable behaviours, to create an ethical environment in the entity.
  • Ongoing training to employees and other stakeholders on crime prevention, compliance, and ethical behaviour.
  • Defining data permissions and accessibility to prevent data theft or misuse by internal people.
  • A reporting structure to keep everyone in the entity aware of the entity’s financial health and any potential crime threats.
  • Auditing by internal and external parties to ensure accuracy and completeness of the anti-crime measures.

Enhanced Compliance

UAE has specific laws against money laundering, terrorism financing, proliferation financing, fraud, embezzlement, cybercrimes, and many more. These laws mention the mandatory requirements needed to be followed to prevent white-collar crimes by enabling businesses to:
  • Identify and analyse the risks to the business from these crimes
  • Implement policies, procedures, and internal controls to fight these crimes
  • Train employees on these procedures
  • Conduct processes to know your customers and their transactions better
  • Appoint relevant officers and team to handle the compliance requirements
  • Perform audits of all these systems, technologies, and procedures to improve
Performing all these activities leads to compliance with these regulations.

Technological Solutions

Technology is a sure-shot solution to white-collar crimes. Advanced technologies like artificial intelligence, machine learning, data analytics, and others can help detect suspicious activities. They can identify potential warning signs in customers’ behaviour and transactions.

These technological solutions help mitigate crimes besides prevention. Technological systems help in conducting audits, monitoring, and investigations of measures against financial crimes.

Training and Awareness

It is difficult to achieve success in anti-crime measures without knowledge. Businesses must conduct employee training on the above aspects to make them aware and diligent in their approach. Building a positive, anti-crime culture in any business is crucial so that no employee resorts to white-collar crimes. Such culture also ensures that employees report or discourage others from committing white-collar crimes. Having a legally compliant and ethical culture is an excellent anti-crime measure.

Collaborative Approach

Collaboration and coordination with regulators, peers, and industry-specific associations is an effective step against these crimes. Such collaboration helps businesses by:
  • Understanding the challenges and finding their solutions
  • Learning about the best practices peers have implemented
  • Detecting the new emerging risks and white-collar crime tactics
  • Improving record-keeping and reporting procedures by consulting with regulators.

Harmonisation of Laws

By coordinating with authorities of the free zones and federal, regional, and international jurisdictions, businesses can create consistent anti-financial crime/AML frameworks and internal guidelines. Harmonised laws make compliance easier and faster. Also, it reduces criminals’ opportunities to exploit jurisdictional differences in laws.

Whistleblower Protection

One vital activity that can help businesses uncover white-collar crimes or criminals is whistleblowers. They are people from inside the organisation who report suspicious activities or operations. However, one factor that discourages them from such reporting is personal risks. If businesses do not keep them anonymous, criminals or their associates can harm whistleblowers or their families’ lives or jobs.

Whistleblower protection programs are essential to encourage employees to report their suspicions. They must feel safe and secure to report such crimes. Businesses must create policies to protect their anonymity and keep their information confidential. With a guarantee of a safe environment, whistleblowers will be active in detecting suspicions and reporting them on time.

Media and Civil Society Participation

This is also a measure not in the hands of entities but other associations and society. Regulatory authorities must run campaigns to increase the awareness of white-collar crimes and the significance of measures against them. They must impart training on ethics, fraud prevention strategies, and corporate governance to improve the workforce’s integrity. Besides, the following can help:
  • Media must write articles on such crimes and measures businesses implement against them.
  • The supervisory authorities must keep a check on businesses in their industry to ensure the implementation of anti-crime measures.
  • Civil society must provide platforms for whistleblowers to voice their concerns and protect them.
  • The media can create anonymous reporting channels so whistleblowers feel safe and secure to report.
  • Media and civil society can create public pressure and lobby for stronger laws against white-collar crimes.
  • They can facilitate collaboration between different stakeholders and the community to devise a plan against crimes.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

The significance of cash thresholds in fighting money laundering and terrorist financing

The significance of cash thresholds in fighting money laundering and terrorist financing

Money Laundering and Terrorist Financing are global concerns. They have an adverse effect on the economy and society. Governments across the world have enacted various laws and regulations. One of the important controls implemented by regulators across the world is establishing cash thresholds, i.e., setting up cash transaction limits to ensure that criminals don’t indulge in large-scale placement of their illicit money.

Definition of cash thresholds

Cash thresholds are the limitations on cash transactions that regulatory authorities impose to monitor them. Cash threshold is a monetary limit and if the transaction value exceeds that limit, the regulated entities are required to report it to the authorities.

This article focuses on the significance of cash thresholds in the fight against money laundering and terrorist financing. We will understand how criminals generate illicit cash by committing predicate offences and try to place it into the legitimate economy and how regulators try to control it, and the blog throws light on the following:

  • Importance of UBO identification in cash transactions
  • Challenges in implementing cash thresholds
  • Best practices to implement cash transaction limits effectively
  • Role of technology in enforcing cash thresholds

Overview of how cash thresholds function in AML/CFT framework

Financial Action Task Force (FATF)

Money laundering and terrorism financing are foremost matters of interest worldwide. These are types of financial crimes that are damaging the international financial system. These crimes can also affect people’s security, economic stability, and a country’s integrity.

Money laundering involves hiding the origin of illegal funds and placing them in the legal financial system. Terrorist financing means funding activities related to or causing terrorism. Thus, both are financial crimes plaguing the global economy.

Importance of fighting ML/TF for global stability and security

These are transnational crimes that affect many countries worldwide. So, regulators need to implement proper AML/CTF measures to prevent or mitigate these threats. Fighting against ML and TF guarantees strong financial systems and economies worldwide.

By fighting against ML and TF, you can also contribute to global stability, security, and integrity in the following ways:

  • The proper drafting and implementation of AML/CFT regulations help curb financial crimes, creating a stable, trustworthy, and secure financial system.
  • The AML/CFT measures aimed at blocking illicit funds from entering the financial system help prevent and detect financial crimes. They also ensure that legitimate businesses are not used as conduits for conducting illegal activities.
  • The fight against terrorist financing helps ensure the safety and security of citizens.
    Various ML/TF countermeasures like cash transaction limits help track funds generated from other illegal activities like corruption, drug or human trafficking, bribery, and fraud. Thus, these measures help reduce crimes in the world, making it secure and better.
  • The implementation of proper AML/CTF measures contributes to international cooperation in the fight against the ML/TF.

How can cash transactions be used for money laundering and terrorist financing?

Cash payment is the most convenient way for customers to buy products and services. At the same time, it’s the most accessible medium for money launderers to commit crimes. Financial criminals use cash to launder money or finance illicit activities.

Money Laundering

Cash transactions can enable any of the three stages of money laundering – placement, layering, and integration. Whether it is placing illegal funds in the legitimate financial system, creating layers to hide its source, or bringing back the illicit money into the financial system in a clean form, cash transactions facilitate all three.

Money laundering and cash transactions:

  • Conducting small cash transactions from different bank branches or accounts.
  • Using illegal cash to buy property and then selling it at lower prices.
  • Overvaluing or undervaluing the property price to launder the difference.
  • Using illegal cash to buy luxury items and resell them to make the transaction legitimate.
  • Using cash-intensive businesses like restaurants to mix dirty money with legal revenues.
  • Placing illegal cash between legitimate cash transactions and showing higher business revenues.
  • Processing illicit cash transactions through shell companies or offshore bank accounts.
  • Using money mules to conduct multiple small cash transactions across borders.
  • Using dirty money in cash form to buy insurance or securities.
  • Converting illicit cash into different currencies through currency exchange services.
  • Using illegal cash in gambling and casinos and requesting a cheque for the remaining amount to make it look legal.
  • Moving cash across borders by over or under-invoicing or misrepresenting the quantity or quality of goods.

Terrorist financing

Cash transactions also enable the four stages of terrorism financing – collecting, storing, moving, and using funds for terrorist activities. Since one can use cash in any of these stages, terrorist financing becomes possible with cash transactions in the following ways:
Terrorist financing and cash transactions:
  • Direct cash transactions to buy weapons, explosives, or any other items necessary for terrorism.
  • Using cash to support the living needs of terrorists.
  • Buying luxury items with illicit cash and selling them later to raise funds for terrorist activities.
  • Terrorists run cash-intensive businesses like casinos, restaurants, etc., and disguise illicit money as cash generated from legitimate business activities.
  • Cash can be transported across borders via individuals, bags, or vehicles using multiple routes to avoid detection.
  • Creating charitable and religious organisations to receive cash donations and use them in terrorism activities.
  • Misrepresentation of quality, quantity, or value of goods in international trade to fund terrorism.
  • Terrorists over or under-invoice goods across borders for international trade to hide illegal cash movements.
  • Using cash to support terrorist movements across borders by blending them with refugees or migrants.
  • Using students, tourists, or other mules to transfer cash across borders to fund terrorism activities.

Why do criminals prefer cash transactions?

Criminals prefer cash transactions to conduct various activities for the following reasons:

No records

Cash transactions leave no trail, so criminals prefer them.

Involvement of third parties

It is easier to include third parties or intermediaries in cash transactions. No need to maintain records of such persons and use as many to add layers of complexity.

Convenience

Cash is a preferred way of conducting a financial transaction in several jurisdictions. In particular, cash-intensive businesses like restaurants, casinos, and retail stores. One can mix illegal money with the revenues of such businesses to show exaggerated revenues.

Easy and fast

Cash transactions are easy and fast, involving no hassles or tedious procedures.

Easy to smuggle

It is easier to smuggle cash across jurisdictions.

Convertible

Cash is the preferred payment method to buy luxury goods or deposit in bank accounts. Thus, one can convert dirty money into legitimate money.

Easy to hide

It is easier to hide illicit cash. Moreover, one can break down a large cash transaction into several smaller valued ones. Whatever way one uses, one can avoid thresholds or restrictions.

Cash thresholds and AML/CFT regulatory requirements

The UAE has laid relevant cash threshold requirements under AML/CFT regulations to curb ML/TF. Here is the list of Cash Transaction Limit in UAE:

Cash Transaction Limit for Real Estate Agents and Lawyers

Real Estate Cash Transaction Limit for Free Hold Real Estate Buy/Sale Transactions:

Real Estate Agents and Lawyers are required to report any single cash transaction or several transactions that appear to be interrelated equal to or exceeding AED 55,000/- to the UAE FIU in the form of a Real Estate Activity Report (REAR).

Cash Transaction Limit for Dealers in Precious Metals and Stones

Gold, Jewellery, Precious Stones Cash Transaction Limit:

Dealers in Precious Metals and Stones are required to submit Dealers in Precious Metals and Stones Report (DPMSR) with the UAE FIU for any single cash transaction or several transactions that appear to be interrelated equal to or exceeding AED 55,000/-.

Other AML/CFT Regulatory thresholds

Customer Due Diligence

Ocassional Transaction Limit:

Customer Due Diligence is a mandatory requirement for establishing a business relationship. In case of occasional transactions, if the transaction value equals to or exceeds AED 55,000/-, Customer Due Diligence must be performed.

If the occasional transaction involves a wire transfer equal to or exceeding AED 3,500/-, customer due diligence must be performed.

Further, Virtual Asset Service Providers (VASPs) have to carry out customer due diligence when conducting occasional transactions in favour of a client for amounts equal to or exceeding AED 3,500, whether the transaction is carried out in a single transaction or in several transactions that appear to be linked.

Threshold related to DPMS and Applicability of AML/CFT Laws

Dealers in Precious Metals and Stones when they engage in carrying out any single monetary transaction, or several transactions which appear to be interrelated, whose value is equal to or greater than AED 55,000 are required to follow AML/CFT obligations under the AML/CFT legislative and regulatory framework of the United Arab Emirates.

Record keeping

UAE requires regulated entities to maintain records of all transactions for five years. However, the record keeping duration varies from one supervisory authority to another.
  • The Virtual Assets Regulatory Authority (VARA) mandates Virtual Assets Service Providers (VASPs) to maintain records for a duration of 8 years
  • Dubai International Financial Centre (DIFC) requires DNFBPs to maintain AML/CFT compliance and CDD records for 6 years.
  • UAE Securities and Commodities Authority (SCA) requires regulated entities to maintain AML/CFT compliance and CDD records for 10 years.
This applies to transactions above and below the cash thresholds.

Customs Declaration Form

Besides AML/CFT regulations, Travellers entering or leaving the UAE carrying currencies, negotiable bearer financial instruments, precious metals, or precious stones of value exceeding AED 60,000 have to submit the customs declaration form.

Thus, cash thresholds are a significant part of AML/CTF regulations. With these limits, one can detect and report suspicious transactions.

Why is it important to identify UBOs in cash transactions?

By the risk factors of cash transactions, you would have understood why AML measures are necessary for them. These AML measures enable an intense fight against cash transaction threats. You can also prevent possible money laundering and terrorism financing activities.

Such appropriate AML measures include KYC and CDD. Identifying UBOs is a critical element of KYC and CDD. So, make it a practice to identify the ultimate beneficial owners of cash transactions.

A UBO means an individual controlling, owning, or benefitting from an entity. They might not be the apparent owners, but they receive all the benefits or control the operations in the background. In the case of a cash transaction, it means the individual that benefits from the cash transaction.

Identifying UBOs of cash transactions helps figure out the actual person behind a cash transaction and check if they are sanctioned individuals, PEPs, or persons with criminal history. If there are any red flags around the UBOs, you can take a risk-based approach, conduct EDD and submit SAR/STR as per the facts of the case.

Significance of cash thresholds in fighting ML/TF

Cash transaction limits play a huge role in the early detection of a possible crime. Here are the points highlighting the significance of cash thresholds in fighting money laundering and terrorist financing:

Helps identify suspicious activities

Cash transaction thresholds help identify suspicious activities where customers resort to purposefully keeping transaction amounts below the regulatory reporting thresholds.

Helps fight ML/TF effectively

Cash transaction thresholds enable the identification of suspicious activities. You can stop them or conduct further investigations to confirm the suspicion. Thus, these cash transaction limitations help you strengthen your fight against money laundering, terrorism financing, and other crimes.

Ensures regulatory compliance

Setting cash transaction thresholds helps you detect reportable transactions to the UAE FIU. Hence, it ensures regulatory compliance with UAE’s AML laws.

Ongoing monitoring

Cash transaction thresholds help in the ongoing monitoring of a business relationship. One can study various trends and patterns and identify customers who structure their transactions to avoid them being reported to the authorities.

Discourages illicit activities

Cash transaction thresholds discourage illicit activities because it makes it difficult for criminals to make large-scale cash deposits.

Helps take a risk-based approach

Setting a cash transaction limit helps you identify customers conducting such risky transactions. You know their risk levels and define enhanced due diligence measures for them. Thus, you can take a risk-based approach to AML measures against money laundering and terrorism financing.

Facilitates international cooperation

Defining cash thresholds and implementing them helps follow global best practices and FATF recommendations. It shows commitment to the global fight against financial crimes by facilitating cross-border investigations.

Challenges in establishing and enforcing cash transaction thresholds

So, you can see that the significance of cash transaction thresholds is in the prevention of financial crimes. However, it is not easy to establish these thresholds, here is the list of challenges:

Structuring

Criminals tend to structure transactions in such a way that they are able to avoid reporting thresholds. The detection of this is resource-intensive, and not all small and medium-sized businesses are equipped to detect such transactions.

Use of multiple accounts

Another way criminals avoid cash thresholds is by conducting transactions through multiple accounts. When they use different accounts in the same or different financial institutions, they can avoid detection.

Resource-intensive

Cash threshold necessitates transaction monitoring to detect and analyse various trends and patterns. This increases operational burden.

False positives

Another challenge of cash thresholds is the number of wrong suspicions they generate. Many transactions exceed the cash transaction limits when they are linked, so you mark them as suspicious and generate reports. However, on further investigation, many of them will be false. Dealing with such false positives can overwhelm you and regulatory authorities.

Data quality

Data quality is also a critical test in such cash thresholds. The customer data you check has little to no information on all factors. Or the data is inaccurate. Handling all these data quality issues is a big challenge while enforcing cash thresholds.

Varying AML/CFT regulations

The problem in cash threshold implementation occurs at the time of cross-border transactions. The varying limits around cash transaction reporting make it difficult to detect illicit transactions. It becomes challenging when a customer prefers transactions in jurisdictions with no cash thresholds or limits.

Privacy concerns

Data privacy is a challenge while enforcing cash thresholds. Per the transaction monitoring requirements under AML, one needs to collect a lot of personal information about the customers. Customers might find all these queries invasive and not cooperate or form a business relationship. Thus, compliance with data privacy laws becomes a challenge with implementing cash transaction thresholds.

Employee awareness and training

Establishing and enforcing cash thresholds becomes difficult if the employees are not trained. Awareness of these cash thresholds, red flags of suspicious transactions, and managing the procedure is essential. In the absence of such awareness and training, it becomes challenging to enforce cash transaction limits.

Insider threats

Insider threats are crucial challenges in any compliance-related topic. If employees comingle with criminals, the regulatory threshold enforcement becomes next to impossible.

Evolving methods of ML/TF

Money launderers keep innovating to have as many opportunities to conduct crimes. They engage in discovering techniques to circumvent AML measures. In such cases, the existing cash thresholds might not serve the purpose.

Multiple-party transactions

A big challenge in enforcing cash thresholds is complex customer transactions. Complexity increases when there are multiple parties or jurisdictions in a transaction. The multiplicity makes tracking and detection challenging.

Cash-based economies

Establishing cash thresholds in cash-based economies is a challenge. Since most of the transactions in cash-based economies are in cash, highlighting each suspicious transaction above the cash threshold and further investigating it will be an operational burden. Thus, cash thresholds in cash-intensive countries are a challenge.

Best practices in enforcing cash transaction thresholds to fight ML/TF

To address these challenges in establishing and enforcing cash thresholds, one must adopt the following best practices:

KYC and CDD

Regulated must adopt comprehensive KYC procedures to collect all the required details of customers and carry out identity verification checks. The documentary evidence should be cross-checked, and proper due diligence must be carried out to understand the customer’s business, the expected volume of transactions, beneficial owners, and the risks associated with them. The data points resulting from KYC and CDD help create customer risk profiles. If you have these risk details on customers, it is easier to enforce cash thresholds.

Transaction monitoring software

A robust transaction monitoring software helps track transactions. It helps you create rules based on potential red flags of money laundering in your industry. Based on these rules, the software spots patterns, trends, and anomalies for you to investigate them further.

The software generates an alert if the transaction exceeds the cash threshold amount. Such software enables real-time monitoring of transactions to detect suspicion as and when they are being conducted. Thus, the software facilitates quick identification, reporting, and recording of transactions equal to or exceeding reporting thresholds.

Advanced analytics and AI

The latest advanced technologies canhelp identify linked transactions which are carried out to circumvent reporting thresholds. Data analytics allow the detection of patterns, unusual trends, or anomalies. Machine learning algorithms make pattern detection accurate. You can reduce the number of false positives and improve genuine alerts. It also helps you adapt to the evolving ML/TF risks.

Staff training

Cash threshold enforcement is enhanced if the staff is aware of its importance. Knowledge of transaction monitoring tools and cash thresholds help comply with the regulatory requirements around cash transaction reporting.

Besides training, motivating employees to align with AML/CTF initiatives is crucial.

Data privacy

Data privacy and confidentiality are common challenges in such AML compliance measures. Since you monitor your customers and their transactions, you have tons of data on them. It’s possible that you lose data, it gets hacked, or some employee leaks the data.

To solve this concern, you must implement effective data protection policies. With such data confidentiality and privacy guarantees, your customers trust you more with their details. They will give due importance to AML measures and cooperate with you.

Keeping up with regulatory updates

Despite the implementation of cash transaction threshold rules, one might commit errors in AML compliance. One must stay up-to-date with UAE’s AML requirements to avoid such mistakes. Keep checking the latest guidelines and updates on AML rules. One must also keep an eye on international AML standards.

The internal AML policies, procedures, and controls must align with national regulations and international AML best practices.

Insider threat mitigation

Insider threat is a critical challenge for regulated entities under AML laws. Insiders in the business might misuse customer data. They might also collude with customers to avoid detection of their transactions as suspicious.

One must be wary of such insider threats. Segregate the duties based on employee skills, past performance, and behaviour. Hold them accountable and responsible for the AML procedures they perform. Insider threat mitigation helps one implement cash transaction limits more effectively.

Continuous learning and adaptation

One best practice while enforcing cash thresholds is learning from past experience and innovations. One can make this possible by conducting regular reviews and health checks. One can improve upon the areas where there are gaps.

Concentrate on high-risk areas

One needs to take a risk-based approach and prioritise risks to target. Customers coming from high-risk jurisdictions, known ML/TF typologies and red flags, cash-intensive business, etc., must be taken into consideration while designing controls and cash transaction thresholds.

Global information sharing

The regulatory authorities conduct a National Risk Assessment and provide information about inherent risks related to ML/TF. Regulated entities should participate in this exercise and provide all the required information and assistance to the authorities to counter the global menace of money laundering and terrorist financing.

Record-keeping

Record-keeping is a best practice for all entities. The regulated entities must maintain all the records related to KYC, screening, risk assessment, business transactions, and regulatory reporting.

Public awareness campaigns

The regulators must run public awareness campaigns around the cash transaction threshold limits so that genuine customers cooperate with regulated entities in providing the required information.

Role of technology in enforcing cash transaction thresholds

Technology is one of the key best practices for establishing and enforcing cash thresholds. It helps you fight most of the challenges of implementing cash thresholds while monitoring transactions. Technology solutions provide the following benefits:

Automated reporting with transaction monitoring systems

Transaction monitoring systems have a reporting feature. This feature allows the generation of reports on transactions equal to or exceeding the reporting thresholds.

Thus, this automated reporting feature enables accurate and timely reports that you can submit to authorities, making you AML-compliant. Technology solutions also streamline data storage and record keeping.

Data analytics and patterns identification

Technology solutions make transaction monitoring faster, more accurate, and easier. Data analytics, predictive analytics, and machine learning help you study the data and identify patterns. You can detect the possible anomalies in transactions and better understand them.

Customer risk assessment

AML software enables ongoing monitoring of a business relationship. This helps detect trends and patterns and assign appropriate risk ratings to customers. This goes a long way in prioritising resources and countering money laundering and terrorist financing.

Real-time alerts and notifications

The best feature of transaction monitoring solutions is alerts. The solution generates alerts when it spots a reportable transaction. It also notifies you of the suspicion or a pattern or trend identified in a transaction so that you can take the required action.

Predictive analytics

Transaction monitoring technology systems use predictive analytics techniques. This technique allows you to predict future outcomes. The system generates alerts when it detects a linked

transaction crossing the statutory threshold. Such predictive analytics lets you take proactive measures so that issues do not escalate.

Adaptive learning and scalability

Transaction monitoring software with cash thresholds is adaptive to changes. Over a period of time, your business grows, risks change, new customers come, transactions increase, and various other adjustments happen. Amid all these amendments, your system also updates. It adapts to the new transaction monitoring rules based on customer and transaction characteristics. Thus, your existing system learns the new patterns, assesses large cash transactions, and adapts to changes.

AML compliance automation

AML compliance is the biggest concern for reporting entities under AML laws. With such technology systems, you can perform the AML procedures efficiently. They automate KYC, CDD, customer screening, and transaction monitoring processes. Such automation helps you achieve compliance in a faster, comprehensive, and more accurate way. Moreover, there are fewer possibilities of violating cash transaction threshold compliance requirements with audit facilities.

Location-based monitoring

Such technology systems for monitoring transactions allow location-based monitoring. This means that if the transaction is from a high-risk jurisdiction, the system highlights it. Since transactions from high-risk jurisdictions are highly risky, you can put such transactions on hold and submit the necessary SAR/STR.

Summarized output

Technology solutions enable summarized results through dashboards. User-friendly interfaces provide detailed and summarized insights to help management make quick decisions. This also facilitates collaboration with other industry players and authorities.

Security

Technology solutions for enforcing cash transaction thresholds are secure and safe systems. These solutions come with biometric and multi-factor authentication features, ensuring no unauthorised access. Data encryption and secured storage facilities keep your data private and protected from cyber threats.

Conclusion

Thus, cash thresholds play a critical role in AML/CFT compliance framework. You must understand the significance of identifying reportable transactions by setting appropriate limits on cash transactions.

Since cash will always remain a critical part of most economies, implementing cash thresholds is an excellent prevention technique. Moreover, using technological solutions with AI, machine learning, and data analytics features makes them more capable.

So, use cash thresholds to detect suspicious transactions and reduce the likelihood of money laundering in cash transactions. If you need help with these AML measures, AMLUAE is your one-stop destination. We provide a wide range of AML compliance services to help your business from the impact of money laundering, terrorism financing, and other crimes.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Updated list of FATF high-risk countries and countries under increased monitoring: 21st February 2025

Updated list of FATF high-risk countries and countries under increased monitoring: 21st February 2025

FATF List of High Risk Countries

In the latest plenary, which concluded on 21st February 2025, Philippines was removed from the Financial Action Task Force (FATF) Grey List, Nepal & Laos were added to the Grey List. The FATF Grey List is also known as the Jurisdiction under Increased Monitoring list. This list includes countries that are actively working with the FATF to address strategic deficiencies in their regimes to counter money laundering, terrorist financing, and proliferation financing.

The FATF an international body that establishes intercontinental standards to combat money laundering, counter-terrorism financing and combat financing of proliferation of weapons of mass destruction, updates the list of jurisdictions under increased monitoring thrice annually.

List of Jurisdictions under Increased Monitoring (Grey List) as of 21st February 2025

1. Algeria 2. Angola 3. Bulgaria 4. Burkina Faso 5. Cameroon 6. Côte d’Ivoire 7. Croatia 8. Democratic Republic of Congo 9. Haiti 10. Kenya 11. Laos 12. Lebanon 13. Mali 14. Monaco 15. Mozambique 16. Namibia 17. Nepal 18. Nigeria 19. South Africa 20. South Sudan 21. Syria 22. Tanzania 23. Venezuela 24. Vietnam 25. Yemen

Jurisdictions under Increased Monitoring - Grey List

Which publicly recognizes jurisdictions that have committed to, or are actively working with, the FATF to resolve strategic deficiencies in their anti-money laundering, combatting of terrorism financing as well as combatting of proliferation financing (AML/CFT/CPF) regimes within agreed timelines. This list is commonly known as the “grey list.”

FATF Grey List and Blacklist Update History:

In the latest plenary, which concluded on 21st February 2025, Philippines was removed from the Financial Action Task Force (FATF) Grey List, and:

  • Laos
  • Nepal
were added to the Grey List.

In the plenary that concluded on 25th October 2024, Senegal was removed from the Financial Action Task Force (FATF) Grey List, and:

  • Angola,
  • Algeria,
  • Côte d’Ivoire
  • Lebanon
were added to the Grey List.
In the plenary that concluded on 28th June 2024, Jamaica and Türkiye were removed from the FATF Grey List and:
  • Monaco
  • Venezuela
were added to the Grey List.

In its plenary, which concluded on 23rd February 2024, the FATF removed UAE, Barbados, Gibraltar, and Uganda from the Grey List, whereas:

  • Kenya
  • Namibia
were added to the Grey List.
In October 2023, the, while the following countries were removed: Albania, Cayman Islands, Jordan. and Panama and:
  • Bulgaria
were added to the Grey List.

The FATF established two statements as part of its listing and monitoring procedures to assure consistency with its international standards.

To learn more about the difference between FATF-blacklisted countries and greylisted countries: Checkout What are FATF Blacklist and Grey list countries?

High-Risk Countries Subject to a Call for Action - FATF Blacklist

FATF categorises certain countries as “Blacklist” countries. This “Blacklist” identifies jurisdictions with substantial strategic weaknesses publicly in their AML/CFT/CPF regimes and calls on all FATF members to conduct enhanced due diligence and, in the most severe cases, implement countermeasures to protect the international financial system from money laundering, funding of terrorism and proliferation risks stood by the identified nations. This list is commonly referred to as the “Blacklist.”

Recently, the FATF has added Myanmar to this list of High-Risk countries subject to a Call for Action. Accordingly, with effect from 21st October 2022, the FATF “Blacklist” stands as under

  • Iran and the Democratic People’s Republic of Korea (subject to FATF call on its members/jurisdictions to apply countermeasures),
  • Myanmar (subject to FATF call on its members/jurisdictions to apply enhanced due diligence measures proportionate to the risks arising from Myanmar).

AML Compliance pertaining to grey-listed and blacklisted countries

All Financial Institutions (FIs) and Designated Non-Finance Businesses and Professions (DNFBPs) are required to have appropriate risk-based AML/CFT protections in place to limit the potential of money laundering and terror financing posed by countries subject to increased monitoring or listed as high-risk jurisdictions subject to a “Call for Action” by FATF.

As a result, FI and DNFBPs must screen customers against the FATF Jurisdictions under Increased Monitoring and High-Risk Jurisdictions Subject to a Call for Action while onboarding and continuously monitor their transactions throughout their business relationship. DNFBPs should ensure that their customer due diligence measures verify their customer’s residence in, or business with, listed countries and that their transaction monitoring measures can examine the size, frequency, and pattern of transactions involving high-risk countries to determine the possibility of occurrence of financial crimes such as money laundering.

FIs and DNFBPs must file suspicious transaction/activity reports (STR/SAR) to the Financial Intelligence Unit (FIU) when red flags are observed so that enforcement actions can be conducted.

Further, FIs and DNFBPs are obligated to report the transaction or activity with high-risk countries subject to a “Call for Action” to the FIU by filing High-Risk Country Transaction Report or High-Risk Country Activity Report (HRC/HRCA), as the case may be

Role of AML UAE

AML UAE is a leading AML compliance services provider in UAE. We help you with fulfilling all the requirements for AML and CFT in UAE. Our spectrum of AML compliance services is not restricted to national boundaries, but we also make sure that you comply with the global regulations of AML.

We can help you with:

  • Creating firm-specific AML policies, procedures, internal controls, best practices, and guidelines for your smooth business operations
  • Setting up an expert AML compliance department for your firm that can handle all AML-related activities
  • Selecting the most effective and appropriate AML software for your business needs to ensure AML compliance
  • Helping you in filing and submitting annual AML/CFT risk assessment reports with the UAE government
  • Conducting training for your employees in handling KYC, screening, risk profiling, CDD, EDD, and filing of STRs

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

The role of shell companies in money laundering

The role of shell companies in money laundering

Shell companies are a preferred avenue for financial criminals to hide their crimes. These include money laundering, fraud, evading sanctions, escaping taxes, and many others. To protect yourself from these risks and prevent shell companies from exploiting your business, you need to apply proper AML measures. In this article, let’s understand the role of shell companies in money laundering and other financial crimes.

The world of shell companies is based on committing the crime and staying undetected. Shell companies are also known as ghost companies. That means they are the vehicles used in the second stage – layering – of money laundering. Layering allows criminals to disguise the origin and place of dirty money. Thus, you must have enough AML measures to prevent the risks of shell companies in money laundering.

What are the risks of shell companies in money laundering?

What is a shell company?

A shell company is a company without any physical presence and assets. It is not active in business operations. No services provision. No sale of goods. Moreover, it does not have any significant assets. That is why it is a great technique to hide a firm’s ultimate and real beneficial ownership. Criminals form shell companies to conduct illicit business transactions.
Shell companies are characterised by:
  • Lack of physical presence
  • No income
  • No employees
  • Occasionally hold bank accounts and investments
  • Inactive
  • Complex ownership structure
  • Nominee directors and shareholders

Are shell companies legal?

Yes, shell companies are legal even if they are inactive. An individual can form a new company to hold some assets. The newly formed company holds the asset, and that’s its only purpose. It remains inactive and does not conduct sale or purchase transactions.

What are the legitimate and illegitimate uses of shell companies?

Shell companies and their legitimate use cases

  • To invest in various countries
  • To raise funds from the international market
  • To prevent tax lawsuits on assets
  • To hold funds
  • To hold assets like bonds, real estate, stocks, etc.
  • To protect intellectual property rights
  • To employ tax planning strategies
  • To facilitate mergers and acquisitions

Shell companies and their illegitimate use cases

  • To hide dirty money earned from illegal activities
  • To conceal the identities of beneficial owners
  • To evade taxes by hiding income in a shell company in a different jurisdiction
  • To conduct fraud, scam, or a crime
  • To store washed funds in the shell company’s accounts
  • To hide assets during mergers and acquisitions or divorces to avoid sharing with others
  • To finance and exchange dual-use goods with other shell companies, leading to the proliferation of financing
  • To provide phantom services by raising invoices for services that were never rendered

The impact of shell companies

  1. Money laundering, terrorist financing, drug trafficking
  2. Tax evasion
  3. Market manipulation
  4. Unfavourable conditions for legitimate businesses
  5. Fraud
  6. Corruption
  7. Illegal payments

What is the difference between shell, shelf, and front company?

Shell companies have no business activities, significant assets, or employees. They exist on paper but not physically. They are not illegal corporations, but companies use these structures to conduct illicit transactions like money laundering, tax evasion, and concealing beneficial ownership, as well as for legitimate purposes. Trust companies use shell companies as trustees. Companies use shell companies to evade taxes through transfer pricing strategies.

Shelf companies are incorporated companies. They can or cannot have customers but stay dormant for years with no business activities. The secretaries, shareholders, and directors of a shelf company are inactive.

A front company is a legal business – a fully functioning company. However, criminals use front companies to hide their illegitimate financial transactions.

Why are shell companies vulnerable to money laundering?

Shell companies’ vulnerability to money laundering is due to the following reasons:

Anonymity

The most significant characteristic of shell companies is their anonymity. It keeps the identity of beneficial owners secret and private. This is possible because shell companies are constructed in less-regulated or tax-haven countries. These countries have no mandatory requirements for the disclosure of structure, and shareholding. You can move funds from one country to another without divulging any transaction and ownership details. This is the feature that money launderers leverage to conduct crimes.
Low cost and easy company formation procedure
Another characteristic that makes shell companies susceptible to money laundering is the low cost and ease of formation. You don’t need to spend much money on its establishment and operations. Moreover, their setup does not involve many steps or hassles of approvals and documentation. Such ease and less-costly company structuring enable money launderers to opt for shell company formation.
No physical presence
Shell companies do not have a physical presence. They exist only on paper. So, you will find it challenging to trace the company’s whereabouts. This is also one of the reasons why their vulnerability to financial crimes is high.
Relaxed regulatory rules

Offshore destinations with relaxed rules are preferred destinations for shell companies. These jurisdictions do not restrict a business’s and its owners’ confidentiality, privacy, and anonymity. Strong bank secrecy rules, strict privacy laws, and relaxed regulatory standards make a country a preferred hub for shell companies.

Superrich use such shell structures to hide their wealth because of relaxed regulations. Also, the creation of shell companies involves fewer regulatory investigations and checks. The absence of or minimal reporting requirements attracts criminals who use shell companies to commit crimes. Even low or no corporate tax rates make a jurisdiction a preferred destination for shell companies.

A confusing network of several shell companies in different jurisdictions
The network of multiple shell companies in different jurisdictions benefits money launderers. Such a complex network lets one create a chain of several transactions. This structure makes tracing funds’ ownership, source, and destination difficult. Regulatory and investigating authorities have to handle too many jurisdictions and their laws. Also, collaboration between authorities in so many jurisdictions is a big concern. Some jurisdictions might have a vested interest in such schemes, so they don’t help in investigations.

How do shell companies launder money?

Criminals set up a shell company, invest their proceeds of crime into it and then move funds to their own account by using fake invoices.

Red flags of financial crimes by shell companies to exploit your business

Since shell companies’ risk in money laundering is high, you must be vigilant about their activities. One way of doing that is learning about the red flags of customers’ illicit behaviour. These are the warning signs of suspicious transactions using shell companies. So, you must be aware of these red flags to spot suspicions at the right time and stop the transaction. These red flags include the following:
  1. Atypical directorship in companies
  2. Dubious addresses of companies
  3. Mass registration of many directors, shared names, or addresses indicates the involvement of many shell companies.
  4. Dormancy of a company for a few years and a sudden rise in presence with a spike in revenues
  5. Too young or too old beneficial owners like five years or more than 100 years
  6. Circular ownership of several companies with each other to hide beneficial ownership
  7. Dubious addresses as address proof of entities
  8. A mismatch between the company’s registration jurisdiction and the directors’ residency or nationality, specifically involving high-risk jurisdictions
  9. The home jurisdiction of the shell company is a sanctioned or terrorist country or one with weak AML and other regulatory controls
  10. Some odd financial anomalies
  11. Ultimate beneficial ownership is significantly different from the expected
  12. The company has not undertaken any real business activities
  13. The formal nominees mentioned for the company are nominated agents for many shell companies
  14. The nominees are generally the spouses, children, or relatives who do not contribute to the enterprise’s operations
  15. The shell company conducts many transactions, but none generates income
  16. It does not contribute to taxes, social benefits, and employee benefits
  17. One party is the origin and destination of financial benefits in the case of international funds transfer, or the transaction is between two different businesses, but they have the same registration address
  18. The unnecessary creation or involvement of representative offices or similar delegation services
  19. Cash transactions, different from the usual payment mode used
  20. Account signatory executes a large transaction but with no controlling interest in the assets or company
  21. Involvement of family members in business transactions with no legal business purpose
  22. Private third parties provide loans, but there is no supporting agreement, interest repayments, or collateral
  23. Doubtful and questionable relations between parties with no clear explanation by the customer
  24. Unusual transactions considering the client’s profile, business model, or previous transactions
  25. The origin and destination of transaction funds involve a foreign jurisdiction with no justified linkage with the client
  26. The business account used for a transaction is also used for personal transactions like buying assets or other reasons with no linkages to the client’s profile
  27. Involvement of two or more parties in a transaction with no apparent reason or legal rationale
  28. Finance from a lender – an individual or a company – without any commercial reason or justification
  29. Goods or services transacted do not correspond to the sender or receiver’s business profile
  30. The unwillingness of the party to disclose information on the transaction
  31. Transactions involving beneficiaries from offshore or high-risk jurisdictions
  32. Transactions with fake invoices having a shell company’s name as the seller of products
  33. Complex transactions with multiple layers of buying and selling
  34. Large volume or value transactions with other ghost companies
With so many red flags and others, you must keep an open eye on all incoming and outgoing transactions. All these are obscuring the illicit behaviour of the transactions, which you must be aware of. It makes tracing of money laundering and criminals challenging for investigators. However, with proper AML measures and transaction monitoring, you can identify the legal, fair transactions from the illegal, unfair ones.

How do you prevent shell companies from exploiting your business?

So, now you understand that shell corporations are risky for your business. You must safeguard yourself from these risks to reduce the likelihood of involvement in money laundering activities. You need to be proactive in your efforts to build a resilient business. To protect your business from the risks of shell companies in money laundering, you must apply the following measures:

KYC

Know your customers. It is a critical way to prevent shell companies from exploiting your business. You must know all the details about your customers, such as:
  • Business name
  • Registered business address or residential address
  • Email address and contact number
  • Business license number
  • Nature of business
  • Business type and structure
  • Business details like board of directors, date and place of establishment, and annual report
You must collect proof of all these details. The documentary proof helps you verify your client’s identity. You can identify if your customer is a shell company or not.

Due diligence

KYC is a fundamental way of knowing your customers. Due diligence involves more intense scrutiny. You must investigate your customers’ funds and wealth further. This will help you detect any linkage with illegal activities.

Investigate the following about your customers:

  • Source of funds
  • Source of wealth
  • Beneficial ownership (name, address, relation with the firm, national identity, and other details)
  • The business structure
  • Payment methods used
  • Financial statements
  • Geographical presence
All these data points help you understand the customer’s background. You can get confirmation on the authenticity of the company’s business operations and business owners, customers, and suppliers. Investigating beneficial ownership and background helps you understand whether the client is a shell company created for illicit reasons. Once you know the beneficial owners and risks associated with them, you can examine any probable involvement of shell companies.

Customer Risk Assessment

Once you manage to conduct KYC and CDD, you have a decent amount of information on your customers. Now, you can manage to create risk profiles of your customers. Based on this risk profiling, you can categorise customers as high, medium, and low risk.

The risk profile includes rating your customer based on the risks from their products/services, geographical presence, delivery channels, and transactions. If the customer is high-risk, you need to be more cautious.

Transaction monitoring

Monitoring shell company transactions is necessary to spot suspicions. By checking transactions, you can spot any shell company’s participation in financial crimes. For this, you must look at the transactional patterns or irregularities in customer behaviour. Also, keep a check on the value and volume of transactions. Lack of transparency or unwillingness to disclose identity or transaction details is a typical red flag of shell companies.

So, awareness of the red flags of shell companies’ involvement in money laundering is essential. The section above contains warning signs you must be wary of when detecting shell companies’ involvement in illicit transactions.

Technology solutions

Use technology solutions to perform your business’s AML and risk management strategies. These solutions have the latest advanced technologies, such as the following:
  • Artificial intelligence
  • Data Analytics
  • Blockchain technology
  • Machine learning
  • Data mining

All these technologies help you with accurate sifting and analysis of data. They help you analyse loads of data to verify customers’ identities. These technologies can identify patterns and behavioural characteristics matching potential red flags. Thus, you can identify suspicious transactions and customers linked to shell companies.

The best part about AI is that it adapts over time to new rules. When new money laundering tactics emerge, or risks evolve, you can update your solution to these new rules. Thus, you can put up an intense fight against money laundering through shell companies. You can devise strategies against the risks of shell companies in money laundering and prevent them from exploiting your business.

AML compliance program

To prevent shell companies from exploiting your business, you must take a risk-based approach to your AML compliance program. You must develop specific policies, procedures, and internal controls for your business. This framework depends on industry-specific risks and shell companies’ role in money laundering.

Your framework must include KYC, CDD, and transaction monitoring. It involves continuous monitoring of risks from customers and their transactions. Knowing the risks allows you to take relevant action and stop your business’s exploitation. You must also monitor these AML programs on an ongoing basis to make improvements that bring you closer to AML compliance in UAE.

Training

Training of frontline employees and compliance teams goes a long way in countering ML/TF risks emanating from shell companies. The training programs should revolve around the identification of UBOs, known red flags, and known ML/TF typologies.

All these measures help you know who you are dealing with. Thus, you are aware of the risks from your customers and suppliers. Based on your risk appetite, you can decide whether to form a business relationship and transact with them. These measures help you stay vigilant against the risks of shell companies in money laundering.

If you apply these proactive AML efforts, you can detect the illegal network of shell companies that launder dirty money. Thus, these measures help you prevent shell companies from exploiting your business. You can improve the financial system’s integrity and comply with AML regulations.

AML UAE – your partner for professional AML consulting services

AML UAE can help you design and implement customised solutions to prevent shell companies from exploiting your business. Our AML initiatives strengthen your fight against shell companies and reduce their threats. We can help you:
  • Know your clients better
  • Conduct due diligence checks on them
  • Monitor their transactions on an ongoing basis
  • Assess risks from shell companies
  • Design appropriate AML compliance programs
  • Select and implement the right technology solutions for your business
  • Conduct training to strengthen your team against ML/TF risks posed by shell companies
All these measures reduce the risks of shell companies to your business. Thus, with AML UAE’s help, you can prevent shell companies from misusing your business to conduct money laundering activities.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

A complete guide to effective customer due diligence

A complete guide to effective customer due diligence

Companies are vulnerable to financial crimes and used as channels for facilitating or carrying out illegal activities, such as money laundering (ML), financing of terrorism (FT), and proliferation financing (PF) of weapons of mass destruction. Thus, it is crucial for them to undertake an effective Customer Due Diligence process to mitigate the ML/FT and PF risks posed by customers. Here is a complete guide to effective customer due diligence to help you fight ML/TF risks.

Customer Due Diligence (CDD) is an essential element of UAE’s AML/CFT regulatory framework, which assesses the ML/FT and PF risks that arise from various factors such as customers, geographies to which customers belong, delivery channels, modes of transaction, etc.

CDD enables businesses to check the legitimacy of their prospective customers by identifying and verifying their identity details and ensuring that the customers are indeed the persons or entities they claim to be. This safeguards their businesses against potential financial crime threats.

What is Customer Due Diligence?

Customer Due Diligence (CDD) is all about identifying potential customers and checking their authenticity and legitimacy. In addition, it means cross-verification of the details provided by the customer for their legal validity and accuracy.

The CDD meaning remains the same, but the procedures change across the industries. In total, there are four aspects of CDD, namely, simplified, standard, enhanced, and ongoing.

By conducting CDD, businesses aim to mitigate the potential for financial crimes such as ML/FT and PF. Additionally, this multifaceted approach serves as a foundational element in establishing trust, credibility, and regulatory compliance within the business landscape.

UAE AML/CFT Regulations for CDD

The UAE has established robust AML laws to combat financial crimes, including ML/FT and PF. These robust regulatory frameworks include Federal regulations, which are aligned with international standards set out by the Financial Action Task Force (FATF).

Additionally, as part of the AML/CFT legal landscape, the regulated authorities in the UAE have released various guidelines supporting the primary regulations for undertaking effective measures.

The UAE’s regulatory framework necessitates CDD measures for every customer. The framework governing CDD is also based on FATF recommendation No. 10, which lays down the principle of undertaking a customer due diligence process. This includes disclosure of beneficial ownership and verification of identities.

Furthermore, Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations Guidelines for Designated Non-Financial Businesses and Professions mandate DNFBPs to undertake CDD measures in assessing and combating risk associated with customers based on the risk-based approach taken by the entities.

Role of CDD in AML Regulatory Framework

As a crucial measure of UAE’s AML/CFT regulatory framework, regulated entities are required to undertake CDD measures, which include a thorough process of identifying and verifying customers, assessing their risk profile, and monitoring them throughout their customer lifecycle. Implementation of an effective CDD process helps reporting entities determine the different levels of risk associated with different customers and further establish the appropriate CDD measures for risk mitigation.

The CDD process provided under the UAE’s Regulatory Framework lays down a comprehensive framework for addressing potential ML/FT and PF threats when engaging with both new and existing customers. Therefore, CDD plays an important role in assisting reporting entities in maintaining regulatory compliance and safeguarding themselves against financial crimes.

Reporting Entities subject to CDD in the UAE

The legal framework governing AML/CFT in UAE applies to all financial institutions, banks, insurance companies, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Services Providers (VASPs). Furthermore, these DNFBPs include:
  • Dealers in precious Metals and Stones
  • Real Estate Agents and Brokers
  • Trust and Corporate Service Providers
  • Auditors & independent Accountants
  • Lawyers, Notaries & Other Legal Professionals
Therefore, every reporting entity in UAE needs to adopt an effective AML/CFT framework in order to mitigate and manage ML/FT and PF risks.

When is CDD required?

The need to apply the AML CDD process comes into the picture when a business organisation is required to abide by AML/CFT regulations and intends to establish a business relationship with a potential customer.

In line with the Customer Due Diligence Policy and Procedures, businesses try to understand the following and take adequate CDD measures:

  • Why is an account being opened?
  • How will it be used?
  • What will be the nature of transactions?
  • What will be the volume and frequency of transactions?
The business must verify the customer’s identity and assess the risk profile. Therefore, DNFBPs/FIs must carry out the Know Your Customer (KYC) procedure as part of CDD compliance procedures in the following situations.
  • Customer Due Diligence becomes mandatory and simply inevitable at the time of entering a new business relationship with an individual or a legal entity. This is important in order to verify the identity of the customer. When undertaking the CDD process for a new customer, the customer’s risk profile is also assessed, and the applicability of enhanced due diligence is determined.
  • Various occasional transactions warrant customer due diligence measures. An occasional transaction equal to or exceeding AED 55,000/- requires regulated entities to perform proper due diligence on customers.
  • An occasional wire transfer for an amount equal to or exceeding AED 3,500/- requires proper performance of CDD measures.
  • Business organizations who suspect the involvement of their customers or proposed customers in activities such as money laundering or financing of terrorism should impose KYC, CDD checks.
  • When it is observed that the identification documents provided by potential customers are inadequate, unreliable, or suspicious, KYC and CDD measures must be undertaken.

When is CDD conducted?

CDD is conducted:
  1. Before entering into a business relationship or
  2. During the course of entering into a business relationship or
  3. Before opening an account or
  4. During the course of opening an account or
  5. Before carrying out a transaction with a new customer
  6. Before entering into occasional transactions exceeding monetary thresholds
  7. When there is a suspicion as to ML/TF
  8. When the previously obtained customer identification data is not proper or adequate.

Fundamentals of Customer Due Diligence

At the initial level, CDD starts by verifying the identity of the customer and understanding the nature of its business. The entire CDD process involves certain steps and a few regulatory obligations imposed on DNFBPs under AML/CFT regulations, as follows:

1. Identification of customer

DNFBPs should first identify their customers by seeking personal information like name, date of birth, nationality, and address. This should further be backed by conclusive evidence issued by the Government in the form of a passport, ID Card, Driving License, etc. Businesses need to implement a comprehensive customer identification program (CIP) to comply with legal requirements.

2. Beneficial ownership

Customer Due Diligence measures should identify the beneficial owner of the customer or proposed transaction. This includes understanding the customer’s ownership control or the organisation’s structure.

3. Business Relationship

After verifying the customer and identifying business ownership, DNFBPs should focus on obtaining information related to the nature of the business relationship the client intends to establish.

Step-by-Step CDD Process

1. KYC - Identification and Verification

The foremost step of the CDD process is identifying and verifying the identities of customers before entering into business relationships with them. This process is what we call Know-Your-Customer (KYC). KYC is a fundamental element of the CDD process.

KYC is further divided into two steps: identification and verification of the customer.

a) Identification and collection of customer information

The first step of CDD is to get the essential information from customers or potential customers. A Know Your Customer Form or KYC form can be maintained for this purpose. The information to be obtained for the purpose of AML due diligence includes the following:

– KYC for Natural Persons

Here is the list of information to be sought from the customer:

  • Complete Name
  • Address of the customer
  • Contact numbers
  • Additional/ alternative contact numbers
  • Legit, accessible, and working email address
  • Place of birth
  • Date of birth
  • Nationality
  • Gender
  • Government-issued identification number
  • Occupation
  • Signature

Along with the above, at a minimum, a copy of the ID document and proof of address are also obtained.

– KYC for Legal Entities

Here is the list of information to be sought from the customer who is a business entity:

  • Name of the business entity
  • Type of the business entity
  • Nature of business the entity is into
  • Date and place of establishment
  • Information related to the board of directors
  • Certificate of establishment/incorporation
  • Information related to shareholders or ultimate beneficial owners
  • Annual report for the previous year
  • Information pertaining to senior management

Along with the above, a copy of the trade license, Memorandum of Association, Articles of Association, address proof, UBO details, and organisation chart are also obtained.

In high-risk situations, source of funds and source of wealth information is also obtained.

b) Verification of the customer

The second step of the KYC under the CDD program is to verify all the information that has been collected in the identification step. Again, it is essential to note that most of the collected data can be confirmed with the help of a government agency’s site or any reputable independent institution. For instance, documents like identity cards, tax receipts, and passports can be verified on the respective government portals based on the unique number associated with them.

2. Name Screening

Name screening is done in order to identify if the customer is a sanctioned individual or entity, a politically exposed person or a person with a criminal history and adverse media references. The primary objective behind carrying out the process of name screening is to check that the customers do not fall under the following categories:
  • Sanctioned individual or an entity
  • Politically Exposed Persons (PEPs)
  • Reported in Media with alleged involvement in any criminal activities

3. Customer Risk Profiling

At this stage, the AML Compliance Officer determines the risk level of each customer or potential customer based on various factors. While performing risk-based customer due diligence, the following risk factors are taken into consideration:
  • Type and nature of business relationship/transaction
  • Nationality of the customer
  • Political exposure of the customer
  • Mode of payment (Cash, Bank Transfer, Cheque)
  • Net worth of the individual
  • Documentary evidence available
  • Amount of transaction
  • The complexity of business structure
  • Local/international business
  • Transaction with a customer based in a blacklisted country
  • Transaction with a customer based in a grey-listed country etc.

Customer Risk Rating

Once the customer risk profile is identified, DNFBPs and FIs can decide the type of monitoring and level of controls to be imposed on such customers. The customers are classified into low-risk, medium-risk, and high-risk categories to determine the extent and frequency of monitoring required.

4. Ongoing Monitoring

Once the Customer Due Diligence process is completed and necessary decisions around risk classification have been made, regular monitoring of the customer’s risk profile cannot be overlooked. Monitoring should be carried out regularly for identified accounts for all financial transactions. The customer’s behaviour, along with accounts and transactions, must be compatible with the usual activities, and this needs to be tracked or overviewed at all costs. Depending upon the risks associated, ongoing due diligence frequency is determined.

5. Reporting Suspicion

During employing CDD measures, if the reporting entity comes across any suspicion or reasonable grounds that suggest that a customer is involved in criminal activity, it must take a thorough investigation and must report that information on the goAML platform via suspicious activity report (SAR). It should be noted that all employees, company directors, and officers are prohibited from tipping off customers if a SAR/STR has been filed against them.

Additionally, they need to report other reports, like HRC and HRCA, when engaging with a customer belonging to a high-risk country.

6. Record Keeping

This is the final stage of the entire AML CDD process. At this stage, one has to maintain the CDD-related records in accordance with the retention policies of the business organisation and as prescribed under AML/CFT regulation. In the UAE, AML/CFT regulations require maintenance of Client Due Diligence and other AML/CFT-related records for the period of 5 years from the relevant dates.

However, the record keeping duration varies from one supervisory authority to another.

  • The Virtual Assets Regulatory Authority (VARA) mandates Virtual Assets Service Providers (VASPs) to maintain records for a duration of 8 years
  • Dubai International Financial Centre (DIFC) requires DNFBPs to maintain AML/CFT compliance and CDD records for 6 years.
  • Abu Dhabi Global Market (ADGM) requires DNFBPs and VASPs to maintain AML/CFT compliance and CDD records for 6 years.
A systematic record-keeping facilitates the DNFBPs to meet its reporting obligation under AML/CFT regulations and furnish such details to the relevant supervisory authorities as and when demanded in the context of any Suspicious Transaction Report filed by the DNFBP.

What risks does a reporting entity face if it fails to carry out CDD?

If a reporting entity like a financial institution, DNFBP, or VASP does not carry out Customer Due Diligence, it harms its reputation and exposes itself to various risks like ML/FT and PF. It may also be subjected to administrative penalties. Further, a regulated entity must not enter into a business relationship if it fails to carry out customer due diligence and consider filing SAR/STR with the UAE FIU.

Types of Customer Due Diligence

Reporting entities deal with different types of customers, having different backgrounds, reasons for business establishment, wealth structures, etc. Similarly, risks associated with customers also vary, requiring different kinds of measures to deal with them.

To enhance the overall capabilities of the AML framework, reporting entities need to undertake different CDD procedures.

The following are different types of CDD processes that the reporting entity needs to undertake:

1. Simplified Due Diligence

The process of simplified customer due diligence comes into the picture when the customer belongs to a low-risk category. The Designated Non-Financial Business and Professions (‘DNFBP’) is required to know the customer’s identity and basic details under a simplified customer due diligence process, and there is no need to carry out detailed due diligence.

2. Standard Due Diligence

Generally, DNFBPs adopt Standard Customer Due Diligence procedures for the majority of the customers. As a part of this process, the identity of the respective customer is verified from several reliable sources. In addition to that, DNFBPs also determine and evaluate the nature of the customer’s business or the customer’s purpose for entering into a transaction with the DNFBP.

3. Enhanced Due Diligence

Enhanced Due Diligence is usually required for only those customers who have a high-risk quotient and are more likely to get involved with money laundering or financing of terrorism. There are undoubtedly quite a few factors that clearly establish that a particular customer hails from a high-risk background. For instance, Politically Exposed People (PEPs) are usually categorised as high-risk customers and require enhanced customer due diligence.

With the help of enhanced customer due diligence, the information of the customers is verified, and critical information like the origin or the source of their funds, source of wealth, and the primary purpose of the transaction is obtained.

Further, as a part of the enhanced CDD measures, it is ensured that the customer makes the payment from the bank account in his own name.

It is also required to obtain approval from senior management before entering into a transaction with high-risk customers. Once you meet the above Enhanced Due Diligence Requirements, you can carry out transactions with the customer.

Ongoing Due Diligence

The risks associated with a customer change over a period of time. One needs to have a proper monitoring system in place to detect changes in customer profiles. Ongoing due diligence should aim at discovering changes in the attributes related to a customer. Say a customer becomes a Politically Exposed Person or is placed on a Sanctions list. The KYC software should trigger alerts for the compliance officer the moment it detects changes in the customer profile, which necessitates a change in the risks associated with them.

Unless regulated entities require customers to provide their KYC documents on a regular basis, it becomes difficult to detect changes in their risk profile. A change in risk profile would also be reflected in the transaction patterns associated with a customer.

If the customer happens to be a High-risk customer, he should be placed under more frequent monitoring and CDD refresh.

Here’s a checklist of circumstances requiring KYC refresh:
  1. Changes in the beneficial owner
  2. Customers making unusual transactions not aligned with their profile
  3. Changes in a business relationship with a customer
  4. Changes in ownership structure at the customer’s end

Why is CDD necessary?

As mentioned above, CDD is a crucial process for assessing risks associated with customers and ensuring compliance with regulatory compliance.

Here’s a list of reasons that make undertaking the CDD process necessary:

Take a Risk-Based Approach

It is important for reporting entities to adopt the risk-based approach to help them assess risks based on different factors like geographical location, nature of business, etc. CDD facilitates taking a risk-based approach by adopting measures that assess the level of risk associated with the customers, which allows them to tailor their risk management strategies and allocate resources to high-risk customers where they are most needed.

Prevent Financial Crimes

It is important for reporting entities to employ measures that help prevent and detect illicit crimes, including ML/FT and PF. For this purpose, reporting entities undertake CDD measures, which aid in identifying and mitigating the ML/FT and PF risks. Further, it also helps them to easily detect and prevent suspicious activities by verifying the identities of customers and understanding the nature of their transactions.

ML/FT Risk Management

The whole reason why reporting entities adopt an AML framework is to effectively manage ML/FT and PF risks. The CDD process helps them to effectively manage the ML/FT and PF risks associated with customers. Additionally, by implementing robust CDD procedures, reporting entities can identify high-risk customers and transactions and, based on that, implement appropriate control measures and report suspicious activities.

Maintain Reputation

It is essential for reporting entities to maintain their reputation in order to grow and keep doing business. Undertaking CDD practices helps reporting entities to effectively detect and deter ML/FT and PF risks associated with customers, which further aids them in maintaining their reputation in the eyes of regulators and customers, which is essential for long-term success.

Maintain Financial Integrity

The business of reporting entities depends highly on the financial sector in which they are working. For this reason, they need to take actions that help maintain financial integrity. Employing effective CDD processes prevents illicit activities, which aids in maintaining and upholding the integrity of their operations and financial system and further contributes to a safer and more transparent financial environment.

Comply with Regulations

Reporting entities are mandated to comply with the regulatory framework. In UAE, the AML/CFT legal framework requires reporting entities to comply with regulations. Therefore, undertaking CDD practices helps them fulfil their regulatory obligations and avoid penalties, legal consequences, and reputational damage.

Benefits of Effective CDD Measures

Implementing robust CDD measures helps reporting entities to effectively measure the risks associated with customers.

The following are some points highlighting the benefits of undertaking an effective CDD process:

Risk Mitigation

CDD helps reporting entities check the background and activities of customers, which helps them to easily assess the ML/FT and PF risks associated with customers and accordingly take mitigation measures.

Regulatory Compliance

Conducting CDD measures is a regulatory requirement. Therefore, reporting entities must undertake effective CDD processes to comply with regulatory requirements, which is essential to avoid fines, penalties, and legal actions.

Decision Making

Employing CDD measures helps reporting entities get valuable insights about customer identities, which aid in decision-making about onboarding, monitoring, or terminating customer relationships. Furthermore, it helps them assess whether customers align with their risk appetite and business objectives.

Prevention of Financial Crime

CDD helps reporting entities to identify and verify the identities of customers, which further prevents financial crimes such as ML/FT and PF thus safeguarding the integrity of the financial system.

Adoption of a Risk-Based Approach

CDD measures facilitate reporting entities to adopt a risk-based approach to the AML compliance framework. This helps them to employ focused measures for high-risk customers and transactions while applying less-intensive measures to lower-risk ones.

Base for Enhanced Due Diligence

CDD processes help identify high-risks, such as PEPs or sanctioned individuals. This forms the basis for conducting EDD to gather additional information and mitigate associated risks.

Facilitates Ongoing Monitoring

CDD is a continuous process that monitors customer activities for any suspicious behaviour or changes in risk profile. This helps reporting entities to comply with ongoing compliance and risk management.

Limitations of CDD:

Although CDD is one of the important elements of the AML/CFT framework, there are various limitations of CDD in combating financial crimes and ensuring regulatory compliance.

Here’s the list of limitations of CDD:

Complexity

CDD requires undertaking thorough processes and procedures to gather and analyse various types of information about customers, their transactions, and potential risks. This makes the entire CDD process intricate and complex.

Reliance on Third Party

The main element of the CDD process is collecting and verifying data. For this purpose, reporting entities need to gather information from external sources, which introduces their dependencies on third parties, increases potential inaccuracies in the data, and further makes the verification process lengthy and complex.

Resource Intensive

Undertaking thorough investigations and monitoring processes, especially for large volumes of customers or transactions, requires significant resources in terms of time, experts, and technology to conduct. Therefore, CDD takes up a lot of resources, which indirectly impacts the efficiency of the reporting entities.

Difficulty in identifying UBOs

Reporting entities deal with various kinds of customers. Determining the true beneficiaries or owners of complex corporate structures from such numbers of customers can be challenging for them, especially in cases of shell companies or foreign entities.

Dynamic Nature of Risk

Financial crimes keep evolving, and criminals find new ways to facilitate their activities, including ML/FT and PF. This requires the reporting entity to take additional measures to adapt and stay updated to effectively mitigate these risks, making the CDD process more complicated and lengthier.

Dynamic Regulatory Framework

Compliance requirements and regulations related to CDD may change frequently to combat the dynamic nature of financial crimes. This evolving legal landscape makes it difficult for reporting entities to stay consistently compliant.

Privacy Issue

CDD process is about collecting, verifying, and maintaining customer information. However, this often leads to resistance from customers who are concerned about sharing their personal information due to privacy reasons. This reluctance poses a significant challenge, as it can make the CDD process seem intimidating and unwelcoming to customers.

Time Consuming

A thorough CDD process requires undertaking various processes and practices, which can be time-consuming. This leads to delays in onboarding new customers or processing transactions, which not only impacts customer experience but also affects the overall efficiency of business operations.

Best Practices for Effective CDD Program

Employing CDD is of utmost importance for the reporting entities to combat the ML/FT and PF risks. However, the CDD program should be effective and capable of detecting and preventing risks associated with customers or transactions. Therefore, to adopt an effective CDD program, they need to incorporate a few best practices.

Here are some practices that reporting entities can employ for adopting a comprehensive CDD program:

Adopting a Risk-Based Approach

Reporting entities engage with various customers who pose different levels of risk. Therefore, they need to adopt tailored CDD measures based on the customer’s risk profile. For this purpose, they should implement a risk-based approach while employing CDD measures that consider various risk factors like their industry, geographical location, transaction volume, and the products or services they use. Risks must be prioritised for their impact, and commensurate controls must be put in place.

Establishing CDD measures

CDD is a thorough program that requires undertaking CDD measures. Therefore, reporting entities should clearly define the steps and requirements of processes for undertaking CDD on new and existing customers.

Name Screening for Sanctions, PEP, and Adverse Media Checks

CDD is all about assessing the risk associated with customers by identifying and verifying their profiles and activities. As part of the CDD screening process, reporting entities should implement robust screening processes to identify any matches with sanction lists, politically exposed persons (PEPs), or adverse media coverage. This helps them mitigate the risk of customers involved in illegal or high-risk activities.

CDD Process Automation

Reporting entities should automate their CDD process using modern solutions and technologies to retrieve and evaluate data, determine risk levels, and make customer onboarding decisions based on results. This automation helps them to streamline their AML compliance efforts, which reduces manual errors and enhances the effectiveness of their risk management strategies in countering ML/FT and PF risks.

Data Security Measures

The main element of the CDD measure is collecting information from customers. However, maintaining information becomes challenging due to customers being hesitant about their private information. Therefore, to safeguard customer information and sensitive data, reporting entities can install effective data security measures such as encryption, access controls, regular security audits, and compliance with data protection regulations.

Regulatory Reporting

Reporting entities are required to assess suspicious activities and ensure compliance with relevant regulatory requirements by accurately reporting them to the appropriate authorities. They should be attentive when conducting CDD practices that assess customer risk about any suspicious activities or transactions. Further, based on the assessment, they should file STR/SAR reports or other regulatory filings on the goAML portal as soon as possible.

Periodic Reviews

Onboarding customers, as well as engagement with customers, is an ongoing process. Therefore, reporting entities should conduct regular reviews of customer information and transaction activity to ensure ongoing compliance with CDD requirements. They should also update customer profiles as necessary based on changes in risk profile or regulatory requirements.

CDD Training Programs

Conducting CDD requires expertise. For this purpose, reporting entities should provide comprehensive training to employees involved in the CDD process so they can easily understand their roles and responsibilities. These training programs should cover regulatory requirements, risk assessment methodologies, and the use of CDD tools and systems.

Record Keeping

It is a compliance requirement that reporting entities should keep a record of AML measures. Therefore, they need to maintain thorough and accurate records of CDD activities, including KYC documents, risk assessments, and transaction records. This documentation is essential for audit purposes, submission to regulated authorities when intimated, and demonstrating compliance with regulatory requirements.

AML Customer Due Diligence Checklist

Here is the CDD checklist that the compliance team must follow to ensure that they don’t miss out on any of the customer due diligence steps:
  1. Collect Customer ID and Residential Proof
  2. Verify Customer ID and Residential Proof
  3. Perform screening against the UAE Local Terrorist List and UNSC Sanctions List
  4. Perform Customer Risk Assessment
  5. Ongoing Monitoring of Business Relationships with Customer
  6. Record Keeping for 5 Years

Final Words on Effective CDD Process

Anti Money Laundering Customer Due Diligence is an important element of an effective AML CFT Program. Customer Due Diligence is the primary responsibility of the compliance team and frontline employees. Customer Due Diligence checks help identify red flags and counter ML/TF risks.

AML UAE provides consulting services on customer onboarding, KYC processes, CDD, and risk profiling of customers. If you are looking to automate your CDD functions, we can help you with the customer due diligence software. We also provide training on customer due diligence procedures and help you comply with UAE AML laws and regulations.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik