TFS Self Assessment Checklist for SARs and STRs

The Ministry of Economy has required Financial Institutions and DNFBPs to respond to their questionnaire on completing the TFS self assessment checklist for SARs and STRs.

The TFS Self-Assessment Checklist has been designed to provide a structured and comprehensive framework for FIs/ DNFBPs to assess compliance with key TFS Transaction monitoring requirements.

This Questionnaire on Completing the TFS Self Assessment Checklist for SARs and STRs is in line with the risk-based approach and methodology that supervisory authorities in UAE have adopted for the assessment of its Financial Institutions (“FIs”) and Designated non-financial business and professions (“DNFBPs”) money laundering / terrorist financing (ML/TF) risk profile through the collection of ML/TF risk indicators measuring threats and vulnerabilities.

The Supervisory authorities in UAE have assessed the Financial Institutions (“FIs”) and Designated non-financial business and professions (“DNFBPs”) exposure to ML/TF risks on a thematic basis, focusing on key ML/TF threats and vulnerabilities derived from the risks outlined in the Financial Action Task Force’s (FATF) 40 Recommendations, the UAE’s National Risk Assessment (NRA) and Topical Risk Assessment.

The purpose of the review is to highlight the generic findings observed within selected FIs and DNFBPs and provide targeted feedback to the sector.

FIs and DNFBPs are advised to read each question in the TFS Self Assessment Checklist for SARs and STRs carefully before answering and use the text box to provide comments where the response to the question requires further elaboration.

Salient Features of this TFS Self Assessment Checklist for SARs and STRs

FIs/ DNFBPs will be able to save and print the checklist as required for their own internal reviews and follow-ups.
The self-assessment checklist is to be completed by the AML compliance officer/MLRO, who has the overall responsibility for establishing and maintaining the regulated entity’s AML/CFT systems and should also approve and sign off the completed checklist.
Each question in the self-assessment checklist provides a number of response options, including ‘Yes’, ‘No’, ‘Not applicable (“N/A”)’.
When the FIs/ DNFBPs confirm the response to be ‘Yes’ to any of the questions in the tick box, it represents compliance with the requirement. For some of the questions, further specified information should be given in the text box for a ‘Yes’ response.

When the FIs/ DNFBPs confirm the response to be ‘No’ to any of the questions in the tick box, it represents a potential non-compliance with the requirement. If the response to a question is ‘No’, the FIs/ DNFBPs should use the text box to additionally document:

How do the FIs/ DNFBPs plan to remediate the potential gap identified;
When do the FIs/ DNFBPs plan to complete the remediation for any potential gaps identified?

When the FIs/ DNFBPs confirm the response to be ‘N/A’ to any of the questions in the tick box, it represents the requirement does not apply to the FIs/ DNFBPs.
Where any deficiencies in your systems and controls are identified, you should construct a remediation plan and discuss this with your superviso

Section 1: General Information

Name of the LFI/DNFBP: Enter the reporting entity name
Checklist Completed By: Enter the name of the MLRO/Compliance Officer
Checklist Completed by: Enter MLRO/Compliance Officer as the case may be
Date of Completion: Provide the date of completion of this TFS Self-Assessment Checklist for SARs/STRs

If you want to understand the role of an independent AML auditor in UAE, you can check our blog, “Role of an Auditor Under UAE AML Compliance”.

Section 2: TFS Reporting

1. Did you register in the EOCN Notification System?

Ans: You may say ‘Yes’ if you have subscribed to the Executive Office For Control & Non-Proliferation’s Sanction List notification system – UN page | EXECUTIVE OFFICE FOR CONTROL & NON-PROLIFERATION (uaeiec.gov.ae) and include remarks in the text box.

2. Did you register in the goAML system?

Ans: You may say ‘Yes’ if you are already registered with the goAML system and add your Ord ID in the text box.

Section 3: TFS Screening

1. Do you conduct screening on UAE Local Terrorist List and UN Consolidated List?

Ans: Say ‘Yes’ if you conduct screening based on the UAE Local Terrorist List and UN Consolidated Sanctions List.

2. Do you have adequate screening systems in place (whether manual or using the third-party tool) to be able to detect potential and confirmed matches to UAE Local Terrorist List and UN Consolidated List.?

Ans: Say ‘Yes’ if you have a manual or software-based screening system in place.

3. Do you check the UN website for press releases (https://www.un.org/press/en/content/press- release) daily to remain vigilant on any updates to UN Sanctions Lists?

Ans: Say ‘Yes’ if you follow the UN press releases as to UN Sanctions Lists.

4. Do you maintain the most up-to-date records of UN Consolidated List and UAE Local Terrorist List at all times in their screening systems?

Ans: Say ‘Yes’ if you keep your manual system or software updated with the latest UN Consolidated List and UAE Local Terrorist List.

5. Do you have a tactical/manual alternative process in place to add any missing names in their screening list, in case they rely on an external list provider for obtaining lists and if there is a delay in any names of recently sanctioned persons to appear in the vendor-provided lists.

Ans: Say ‘Yes’ if you are able to add missing names in the screening list manually in the screening software.

6. Do you conduct screening in the following circumstances: Upon any updates to the Local Terrorist List or UN Consolidated List. In such cases, screening must be conducted immediately and without delay to ensure compliance with implementing freezing measures without delay (within 24 hours).

Ans: Say ‘Yes’ if you perform screening immediately upon an update to UAE Local Terrorist List or UNSC Sanctioned List.

7. Do you conduct screening in the following circumstances: Prior to onboarding new customers.

Ans: Say ‘Yes’ if the screening is part of your customer onboarding process.

8. Do you conduct screening in the following circumstances: Upon KYC reviews or changes to a customer’s information

Ans: Say ‘Yes’ if you conduct screening upon KYC reviews or changes to a customer information.

9. Do you conduct screening in the following circumstances: Before processing any transaction.

Ans: Say ‘Yes’ if you conduct screening before processing any transaction.

10. Do you conduct screening on the following: Existing customer databases. All systems containing customer data and transactions need to be mapped to the screening system to ensure full compliance.

Ans: Say ‘Yes’ if you screen existing customers and transactions, and they are mapped to the screening software.

11. Do you conduct screening on the following: Potential customers before conducting any transactions or entering a business relationship with any Person.

Ans: Say ‘Yes’ if you conduct a screening of your potential customers or others before entering into a business relationship with them.

12. Do you conduct screening on the following: Names of parties to any transactions (e.g., buyer, seller, agent, freight forwarder, etc.)

Ans: Say ‘Yes’ if you screen buyer, seller, agent, freight forwarder, and other parties related to a transaction.

13. Do you conduct screening on the following: Ultimate beneficial owners, both natural and legal.

Ans: Say ‘Yes’ if you screen UBOs.

14. Do you conduct screening on the following: Names of individuals, entities, or groups with direct or indirect relationships with designated persons.

Ans: Say ‘Yes’ if you screen individuals, entities, or groups directly or indirectly associated with sanctioned persons/entities.

15. Do you conduct screening on the following: Directors and/or agents acting on behalf of customers (including individuals with power of attorney).

Ans: Say ‘Yes’ if you screen directors and/or agents acting on behalf of customers, including those holding power of attorney to execute a transaction.

16. Do you maintain records of all screening results (negative, false positive, potential, and confirmed matches) for a period of at least five years?

Ans: Say ‘Yes’ if you maintain screening records at least for a period of 5 years.

17. Do you complete the TFS survey after each sanction alert notification received by the EOCN?

Ans: Say ‘Yes’ if you participate in the TFS Survey after each sanction alert notification received from the Executive Office For Control & Non-Proliferation.

18. Do you conduct screening on trade-based transactions that may involve dual-use goods against the UAE Control Lists?

Items as mentioned on the EO IEC website: https://www.uaeiec.gov.ae/en-us/
Items as per the list mentioned in Cabinet Resolution No. 50 for 2020 concerning the control list annexed to Federal Law No. 13 for 2007 relating to commodities subjected to import and export control.

Ans: Say ‘Yes’ if you deal in such items as per the above lists.

Section 4: Internal Control

1. Do you freeze or suspend, without delay (within 24 hours), all funds or other assets upon identification of confirmed or potential match and refrain from providing any services?

Ans: Say ‘Yes’ if you comply with the above requirements.

2. Do you lift freezing measures, without delay (within 24 hours), on all funds or other assets upon receiving notice of de-listing of the designated person from EO Notification System or upon receiving communication from EOCN on goAML?

Ans: Say ‘Yes’ if you comply with the above requirements.

3. Do you implement Enhanced Due-Diligence (EDD) procedures on all Financial Transactions, including trade transactions linked to High-Risk Jurisdictions?

Ans: Say ‘Yes’ if you comply with the above requirements.

4. Do you have internal procedures to ensure that customers have a valid permit when dealing in the export and import of dual-use items before processing transactions or engaging in business relations?

Ans: Say ‘Yes’ if you deal in dual-use items and comply with the requirements.

5. Do you have alert systems that include both TF and PF sanctions evasion red flags?

Ans: Say ‘Yes’ if you have an alert system for TF and PF sanction evasion red flags.

Section 5: TFS Reporting

1. Do you report any confirmed matches on UAE Local Terrorist List or UN Consolidated List by raising a Funds Freeze Report (FFR) in goAML in a timely manner?

Ans: Say ‘Yes’ if you comply with the above requirements.

2. Do you report potential matches on the Local Terrorist List or UN Consolidated List by raising a Partial Name Match Report (PNMR) in goAML in a timely manner?

Ans: Say ‘Yes’ if you comply with the above requirements.

3. Do you respond to communications (queries, requests for information, etc.) received from EOCN via the goAML message board within 48 hours of receiving the communication?

Ans: Say ‘Yes’ if you comply with the above requirements.

4. Do you conduct adequate internal training and awareness on TFS obligations and sanctions evasion typologies to relevant staff and senior management (e.g., MLROs, Front Desk Staff, Relationship Managers, Compliance Officers, etc.)?

Ans: Say ‘Yes’ if you comply with the above requirements.

5. Does your staff attend TFS training sessions held by EOCN and/or Supervisory Authorities?

Ans: Say ‘Yes’ if you comply with the above requirements.

Section 6: TF and PF Risk Assessment

1. Have you identified and assessed their TF and PF risks for customers, countries or geographic areas, products, services, transactions or delivery channels?

Ans: Say ‘Yes’ if you perform TF and PF Risk Assessment based on customers, geography, products, services, transactions, and delivery channels.

2. Do you verify the nature and extent of the Terrorism Financing and proliferation financing Risk Assesment are appropriate to the nature and size of the Reporting Entities business?

Ans: Say ‘Yes’ if your Risk Assessment commensurates with the nature and size of your business.

3. Do you provide guidance to staff on identifying suspicious activity taking into account the means of delivery, the customer risks, geographical risk and any risk derived from the change of circumstances?

Ans: Say ‘Yes’ if you comply with the above requirements.

4. Do you verify that the TF and PF RA are kept up to date?

Ans: Say ‘Yes’ if you comply with the above requirements.

AML Compliance services 

Niyeahma is the premium AML consulting firm in UAE. We help our customers with goAML registration, business risk assessment, AML policy documentation, AML training, AML software selection, KYC, Screening and Risk Profiling, STR filing, and more. Get in touch with us to remain compliant with UAE AML Laws and Regulations.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Differences in AML requirements under UAE Federal Law, DIFC and ADGM Rulebooks

UAE’s battle against money laundering and other financial crimes is becoming stronger daily.

Several robust federal and free zone regulations. Effective reporting of suspicious activities. Investigations. Prosecutions. Fines and penalties.

The country has committed to implementing strategies and policies to reduce financial crimes. It also supports global efforts of FATF and other bodies for combatting money laundering and terrorism financing.

Regarding this, the UAE has introduced regulations at a Federal AML regulation, and it’s implementing guidelines, laying down the measures regulated entities must take to combat money laundering and terrorism financing. Since Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) are financial-free zones, they have different regulations for entities operating in these areas. But still, the basis of these regulations remains the two principal Federal AML regulations of the UAE:

Federal Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Financing of Illegal Organisations
Cabinet Decision No. (10) of 2019 concerning the Implementing Regulation of Decree-Law No. (20) of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations

DIFC and ADGM apply the federal law as it is. Additionally, they have implemented AML-specific rules and guidance for the entities established in their respective free zones. A few differences exist between the AML compliance requirements as applicable to units in DIFC and ADGM vis-à-vis units operating in mainland UAE.

Let’s have a look at each of the AML provisions and highlight the differences:

Regulatory authority

Federal AML Regulations

Various Supervisory Authorities have been identified to regulate mainland UAE entities’ AML/CFT compliance.

Units operating in Mainland UAE	Supervisory Authority
Financial Institutions (including insurance companies)	Central Bank of UAE
Lawyers & Legal Consultants	Ministry of Justice
Virtual Asset Service Providers (VASPs) in Dubai	Virtual Assets Regulatory Authority of Dubai
Capital Market & VASP (other than Dubai)	Securities & Commodities Authority
Other Designated Non-Financial Businesses and Professions (DNFBPs)	Ministry of Economy

DIFC

The Dubai Financial Services Authority (DFSA) regulates, controls, and administers AML requirements in DIFC.

ADGM

The Financial Services Regulatory Authority (FSRA) enforces the rules and requirements of AML and CFT in ADGM.

Definition of DNFBP

Federal UAE

The definition of DNFBP in UAE includes the following:

Brokers and real estate agents in relation to the buying and selling of real estate property for the benefit of its customers
Dealer in precious metals or stones
A law firm, notary firm, or other independent legal professionals
Independent Accountants and Auditors
Trust or Company Service Provider

DIFC

In the case of DIFC, the definition changes a bit. Besides the above, it includes:

A real estate developer
Insolvency firm
A person who issues or provides services related to Non-Fungible Tokens (NFTs) or Utility Tokens.

A Registered Auditor is not a DNFBP but is subject to AML Regulations in DIFC.

ADGM

In the case of ADGM, the definition of DNFBP includes a dealer trading any saleable item where the transaction amount equals or exceeds US$ 15,000 in cash through a single transaction or series of connected transactions. Further, it also includes taxation consulting firms explicitly.

Risk-based approach & AML Enterprise-Wide Risk Assessment

Entities must assess the several risks their business is exposed to. These risks may relate to the following:

Nature of the business
Products and services
Customers the entities deal with
Delivery-channels
Transactions

Based on the risk levels, entities must implement measures to tackle those risks. Also, you must keep reviewing the risk assessment to update it with changes at regular intervals. You must also document the findings and results for future reference.

The provisions for a risk-based approach are standard in all three – Federal AML regulations, DIFC, and ADGM, except that the DIFC units are also required to consider the tax-crime risks.

Basis the overall AML risk assessment of its business, regulated entities must develop their AML controls, procedures, policies, and systems to mitigate or manage the AML risks.

Circumstances warranting performance of Customer Due Diligence

Entities must undertake customer due diligence:

When it enters into a business relationship with the customer
When it carries out an occasional transaction valuing more than a defined number with a customer
When it suspects a customer or transaction of money laundering
When it has doubts about the validity or adequacy of information or documents provided by the customer

There are minor differences in the circumstances when CDD is to be performed under three regulations.

Federal AML regulations

As per the UAE Federal AML Law, the threshold prescribed for conducting CDD in case of the occasional transaction is equal to or exceeding AED 55,000. This transaction can be a single transaction or several interlinked transactions.

DIFC

In the case of DIFC, there is no limit on the transaction amount with the customer to carry out CDD.

Further, the entities in DIFC can delay the identity verification of customers and their beneficial owners if:

The AML risk is low
Carrying out verification interrupts or delays the normal course of business

But verification must be completed within 30 business days of effecting the transaction.

ADGM

In the case of ADGM, the defined number is USD 15,000.

Also, entities can delay the identity verification of customers and their beneficial owners if:

The AML risk is low
Carrying out verification interrupts or delays the ordinary course of business

But the entities must complete this verification within 20 business days of effecting the transaction.

Money laundering reporting officer

DIFC and ADGM entities must appoint a Compliance Officer or Money Laundering Reporting Officer who is a resident of the UAE. No such residency-related specific condition is mentioned under the UAE Federal AML Law.

Record keeping

DIFC and ADGM entities must maintain the AML/CFT-related records for a minimum of six (6) years. At the same time, the minimum data retention period prescribed under the UAE Federal AML Law is five (5) years.

AML Annual Return

Units in DIFC and ADGM are required to furnish an AML Annual Return to the respective supervisory authorities.

The entities in DIFC must submit the AML Annual Return to the DFSA by the end of September every year. It covers the reporting year from August 1 of the previous year to July 31 of the reporting year.

While the ADGM units are required to furnish an AML Annual Return to FSRA by the end of April every year, covering the AML/CFT records and data about the previous year from January 1 to December 31.

Niyeahma

This blog clarifies the differences between AML requirements under the Federal AML regulations, DFSA Rulebook and the ADGM AML Rulebook. Generally, the provisions of the Federal AML regulations apply, with specific clauses of the AML and Sanctions Rulebooks issued by the regulatory authorities of the financial free zones – DIFC and ADGM. If you still have doubts, AMLUAE will always help you.

Niyeahma is one of the leading AML consultancy service providers in the UAE. We ensure 100% AML compliance by our clients in the UAE by offering AML support related to the following:

Conducting AML Enterprise-Wide Risk Assessment (EWRA)
Customizing the AML/CFT policies, procedures, and controls
Conducting AML training for the employees
Managing the KYC and CDD of the customers
Assistance in setting up an AML compliance department
Conducting AML/CFT health check
Managing regulatory reporting on the goAML portal and with the Supervisory Authority.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Top 10 mistakes to avoid while appointing an independent AML auditor

Appointing an independent AML auditor

Appointing an independent AML auditor is one of the crucial functions of the senior management. Anti-Money Laundering audits are necessary to inspect the quality and adequacy of AML policies, procedures, and controls. If these are enough, good; but if not, the authorities recommend corrective actions. Make auditing of the AML framework and the implementation thereof a regular activity.

To conduct such independent audits, you must appoint AML auditors. Some firms also prefer to outsource this task to an independent third party. If you prefer to appoint an internal person, ensure they are unrelated to the AML/CFT team to ensure their independence.

Entities make some common mistakes while appointing an independent AML auditor. You must avoid these mistakes to ensure top-quality audit results. You must include all the critical aspects in your AML auditor appointment process.

What is an independent AML audit?

An independent AML audit means a review of an entity’s AML framework. It evaluates whether the entity’s AML program is enough for the level of risks it faces. It also checks the quality of AML initiatives to prevent money laundering threats. Auditors check whether the entity is doing what is written in the framework.

Thus, an independent AML audit checks the following:

Enterprise-Wide Risk Assessment
AML/CFT framework
AML records, including KYC and CDD records
STRs, SARs, and other reports filed
AML training programs
Transaction monitoring process and results
The adequacy and reliability of Sanction Screening software, KYC software, transaction monitoring software
Past audit reports to review the implementation of the recommendations

With all these assessments, the AML auditor can identify loopholes in your AML framework and implementation thereof. You can improve them to prevent and mitigate ML/FT threats effectively. Thus, independent AML audits aim to strengthen your AML framework and initiatives. You can check its importance and benefits in our blog, “Why is an Independent AML Audit Necessary?”

What is the need for an independent AML auditor?

The auditors help you identify gaps in your AML/CFT framework and the practical implementation thereof. This helps you fight ML/FT better and comply with legal requirements.

If you want to understand the role of an independent AML auditor in UAE, you can check our blog, “Role of an Auditor Under UAE AML Compliance”.

Top 10 mistakes to avoid while appointing an independent AML auditor

While appointing an independent AML auditor, you must avoid the following mistakes:

1. Not considering the relevant qualifications and experiences of the auditor

The first factor entities look for in any candidate for any job is relevant qualifications and experience. The same is the case here.

An auditor needs to have relevant qualifications for the job. With no education in auditing, it is nearly impossible to work on the main tasks of the job. So, if you need an independent AML auditor, you must check the applicant’s qualifications.

Also, auditing experience is a must. Relevant auditing experience ensures that the auditor performs his job well.

2. Not checking the AML auditor’s knowledge of UAE’s AML regulations

The AML auditor must have complete knowledge of the UAE’s AML regulations. They must know the key provisions and implications for an entity. Also, knowledge of the chief aspects to look for in an entity’s AML framework is crucial. The auditor must know the global best practices and the relevant standards issued by the FATF.

They must also have the zest to stay up-to-date on these regulations and changes. Because as laws change, you must tweak your auditing process and criteria. So, keep an eye on this aspect.

3. Not checking if the AML auditor possesses sector-specific knowhow

An AML auditor’s job is a specialised skill job. The auditor must understand the industry risks and possible ML/FT threats. The absence of industry expertise can lead to inadequate or ineffective audit reports. It will not serve your purpose.

So, select an AML auditor who knows the industry risks, trends, and regulations. The regulatory nuances and guidelines differ for each industry. The red flags, reports to submit, and risk types are distinct. The auditor must be familiar with such industry specificities and relevant risks.

So, ensure checking the auditor’s expertise in industry aspects before appointing them.

4. Disregarding the conflict of interest or independence of the auditor

What are your expectations from the AML audit?

An accurate picture of where your AML framework stands and what improvements it needs.

An AML auditor can only show you such an accurate picture if there is no conflict of interest. For example, the audit might be partial if the auditor has close relations with your senior management or any other stakeholder. They might not speak about the real issues with your AML framework.

Such biased, good reviews are pleasing to the eyes and ears. But they are detrimental to your AML compliance. The audit’s effectiveness is questionable. So, stay cautious of such audits and auditors. Check the auditor’s independence to save your AML audit’s objectivity.

5. Not checking AML auditor’s background, references, and testimonials

It always helps to check an AML auditor’s background, references and testimonials. Conduct reference checks by contacting past clients who received their AML auditing services. Check their satisfaction with the auditor’s AML auditing quality and accuracy.

Background check is also essential to see the AML auditor’s relation with any ML and FT activities. Even if not ML/FT, any association with corruption, bribery, trafficking, or other illicit financial activities makes an auditor questionable; their close relation with people involved in such financial crimes is also a concern. So, check all these aspects before deciding on an AML auditor.

Ensure checking the track record of the AML auditor in the appointment process.

6. Not specifying the scope of an independent AML audit

Before shortlisting auditors for an independent audit of your AML framework, understand your requirements. You must enlist your requirements and expectations and define the scope of an independent AML audit.

So, define the objectives of your AML audit process. Mention the scope and expected deliverables from the auditor. Also, mention the areas or risks you want the auditor to focus on. All these must be set before the appointment process starts. Such clarity on your AML requirements lets you express it to auditors to know their take.

7. Not insisting on having an AML audit plan before the start of the audit process

Before appointing an independent AML auditor, check the auditor’s auditing plan. If it is not customised to your needs, think about it again.

So, check with the auditor about their plan for your entity’s AML audit. It would be best if you had answers to the following questions:

Does it address industry-specific AML issues?
Is it a complete plan enough to audit your AML initiatives?
Does the auditor have the necessary resources to conduct an audit?

Answers to these questions are essential for an AML audit unique to your organisation. You have unique risks, risk appetite and tolerance, and AML controls. Also, the audit would not be successful if the essential resources were missing.

So, try to get a customised auditing approach from the AML auditor, including timelines, budget, and resources.

8. Not focusing on the follow-up procedures of AML audits

While appointing an AML auditor, you must also prepare for the audit process. Once the auditor starts auditing your AML initiatives, you must be ready to implement corrective actions. So, start preparing yourself for the follow-up.

The auditor will give you a list of weaknesses or loopholes in your AML frameworks. They will also provide the necessary corrective actions to take. So, at the end moment, you cannot just say no to executing these corrective measures. You must prepare your employees, finances, and projects to take care of the AML issue resolution.

If you ignore these follow-up procedures, you cannot resolve the loopholes. The result is high vulnerability to money laundering and other financial crimes.

9. Not creating transparent channels of communication and collaboration

Communication is vital for any business relationship. You have to communicate your requirements and expectations. Moreover, the AML auditor will communicate the results – loopholes and recommendations. To facilitate this, you must have smooth channels of communication.

Like this, collaboration is also crucial to making the AML auditing exercise successful. Collaboration is possible when you communicate frequently with the auditor on all aspects of the project. So, adopt the following practices to cooperate better with the AML auditor:

Set a single point of contact in your team
Mention the mediums of communication – mail, call, etc.
Allocate persons handling different aspects of the AML audit project
Have frequent meetings to discuss all the findings

All these collaborative exercises will help you address issues and achieve desired outcomes.

10. Not establishing data security and confidentiality agreement

When appointing an independent AML auditor, signing an agreement is crucial. The agreement will have terms and conditions on pricing, timelines, and allocated resources. Another important constituent of this agreement must be data security provisions.

The auditor will have access to all your AML processes and data during the auditing process. So, they must have solid measures in place to protect data confidentiality. They must use secure systems for auditing and permit accessibility to relevant persons.

Key takeaways

Avoid the above mistakes while appointing an independent AML auditor. You can appoint such a person internally or externally. If internal, they must not be from the AML compliance or customer-facing team. But if you do not have internal expertise, getting external help is a better solution.

By appointing an external AML auditor, you can get faster and more accurate audits. You have access to the expertise and specialisation of an experienced AML auditor. You can enjoy detailed, efficient audit reports with positive repercussions for your business. These efficient audits ensure no questions from the regulators on your AML compliance.

Niyeahma’s pivotal role in your AML compliance

Niyeahma is a leading provider of AML compliance services in the UAE. We help you in your journey of creating and implementing initiatives and practices to comply with AML laws in the UAE. We develop, execute, review, and improve AML policies and procedures for your business.

Our professionals have relevant expertise in risk management and AML consulting services. We help you have systems and controls in adherence to the latest AML regulations of UAE. We commit to AML initiatives and ensure your commitment to the same. These initiatives help you prevent, manage, and mitigate money laundering threats. We help entities with AML health checks and independent AML audits.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

STR/SAR Filing on goAML Portal: Common lapses and best practices

The UAE AML regulations mandate the reporting entities to identify the suspicion related to money laundering, terrorism financing or proliferation financing and report such suspicion by filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR). When you suspect a transaction or activity, the same warrants prompt STR/SAR filing on the goAML Portal, but beware of the common errors the regulated entities generally commit in the course of STR/SAR filing.

In this article, we have covered some of these lapses in submitting SAR/STR on the goAML Portal and the best practices to manage the same. Before that, let us understand what the UAE AML laws provide for STR/SAR filing.

What are STRs and SARs?

How will you safeguard the business against financial crime?

What actions will you undertake to prevent crimes like money laundering or terrorism financing from occurring?

The answer here is by timely detecting the transaction or activity attempted to carry out money laundering/terrorism financing or suspected to involve proceeds of crime. The laws in UAE need you to monitor your business relationship and transactions continuously, as the risk indicators can be observed at any stage – while onboarding the customer, while executing the transaction or after a transaction is completed. Whenever you detect any suspicious behaviour or unusual pattern, you must investigate further to assess the involvement of money laundering or terrorism financing activities.

After identifying such suspicious activities or transactions, it is important to bring these suspicions to the notice of regulatory authorities to take necessary actions to address these crimes. This is possible by submitting adequate details to the authorities and furnishing reports in the prescribed formats.

In UAE, when any regulated entity identifies a transaction or activity as suspicious, it must file a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR).

A suspicious transaction is one where the transfer, deposit, withdrawal, or flow of funds is doubtful. It occurs when you transact or form a business relationship with a customer to provide goods or services. For example, a customer making multiple purchases of gold using cash in a small denomination or payment for a transaction is being made from a high-risk country. In such cases, you must submit STR with the UAE’s Financial Intelligence Unit (FIU) via the goAML Portal.

Suspicious activity relates to any attempted or unexecuted transaction where the customer acts unusually, or the customer’s behavioural traits suggest any connection with money laundering or terrorism financing. For example, a customer refuses to submit identity documents or does not cooperate in the satisfactory completion of the Customer Due Diligence processes. The other example could be where the customer insists on involving many intermediaries to perform a transaction without any business logic. In such cases, you must report such suspicious activity by filing SAR on the goAML portal.

The main constituents of a STR or SAR are the following:

Parties involved in the transaction
The location of the occurrence of the transaction
Time and date of occurrence of suspicious transaction or activity
The red flags or warning signs detected
Action taken by the regulated entity

A critical question here is how you know a transaction is suspicious.

To ensure that your team understands the ML/FT/PF risk indicators and is alert to spot the same, it is important to have adequate knowledge and understanding of the general and industry-specific warning signs indicating connection with money laundering, terrorism financing or proliferation financing. You must maintain a comprehensive list of such red flags and implement necessary systems and tools, depending on the nature and size of the operations, to detect suspicious activities and transactions.

Let’s look into the common lapses by entities in STR/SAR filing on the goAML portal. We also explore the best practices for managing these gaps and errors for an accurate goAML reporting.

Common lapses in STR/SAR Filing on the goAML Portal

While submitting SARs and STRs on the goAML portal, please avoid these common lapses:

Failing to register on the goAML portal

You cannot submit SARs and STRs with the FIU without registering on the goAML Portal. You must complete the 2-stage goAML registration process to access the Portal to furnish any AML-related report to the FIU or other regulatory authority.

In the first stage, you must register with the SACM (Service Access Control Manager) system. Upon submitting the details, along with the relevant documents – a copy of the trade license, an authorisation letter for the appointment of the AML Compliance Officer, and identity proof of the Compliance Officer, you get a username and secret code. Now, you must install the Google Authenticator App and create an account. After this, you can access the goAML Portal and complete the register as an “Organization”.

Once approved by the supervisory authority, your goAML registration is successful, and you can complete the necessary reporting.

Forgetting to follow the regulatory policies and laws

Submitting accurate and on-time STRs and SARs is a regulatory obligation in the UAE. UAE has also specific guidelines of:

Details to fill in STR and SAR
Documents to submit
Step-by-step procedure

You must keep track of regulatory laws to stay up-to-date on all these points and adhere to requirements on time. If you fail to do so, it will make you non-compliant and hence vulnerable to ML/TF risks.

Providing inaccurate and incomplete information in STRs and SARs

Your SARs and STRs do not serve their purpose if filled out inaccurately. So, you must ensure that these reports are complete and accurate.

In STRs, fill out accurate details on the parties involved in the transaction, date, location, amount, and other relevant information. In SARs, mention the parties, observed risk indicators, and other relevant data points like the action you took to identify such a red flag. While providing these details, double-check the names of parties and other details populated. Also, mention the transaction or customer activity aspect you found suspicious.

Ensure that you attach the relevant documents – identification proof and transaction records. These serve as evidence to support your suspicion of the transaction or activity. Only comprehensive and precise details in SARs and STRs can make these reports useful to the authorities in combating financial crime, as investigation would be possible only when they have all the necessary details.

Also, be cautious while writing down the values in the report. Use simple and straightforward language in your reports. Don’t use jargon and ambiguous terms that confuse authorities using those reports. Be clear. Provide comprehensive information on your suspicion. And report all accurate details collected on the incident.

Delaying the submission of reports

The purpose of these reports – SARs and STRs – is to enable timely action by relevant authorities to prevent financial crime or reduce its impact on the national economy. If you do not submit these reports on time, this action will be delayed. So, you must ensure the prompt submission of these reports.

If you delay, the investigations are held up. Acting at that time would not generate the expected outcomes. Thus, the effectiveness of AML and CFT efforts suffers.

Lack of collaboration with regulatory authorities on STRs and SARs

Your work does not end there after you submit the STRs and SARs. The regulatory authorities might need more information on the reports. They might need more proof to support the reported activity. So, you must stay alert to such messages from authorities. Also, respond quickly to their queries to enable a better investigation. Ensure that no feedback or instructions received from the authorities remain unattended for longer.

Not being accountable and precise in your suspicion

Just a tiny suspicion does not mean you submit the report on goAML. You must conduct your independent and thorough investigation of the related records and seek more information (without tipping off) to determine the existence of a suspicion with reasonable belief. Not all suspicious transactions or activities turn out to be true. But that does not mean you can include any or all suspicions in the STR/SAR.

Conduct sufficient investigation into your suspicions. Assess the transaction, origin and destination, parties involved, medium, and value. Analysing all these factors gives you a better understanding of its doubts. Have experts look into the transaction or activity to decide whether it is suspicious.

Absence of relevant training for staff

Do you have the human expertise to detect suspicious transactions and report them? If not, you are at a loss. You need employees who have the skills to detect suspicious transactions or activities.

These employees must know the general and industry-specific red alerts documented in the entity’s AML/CFT program. Knowledge of these warning signs is essential to detect suspicious transactions. Also, employees must know how to report these suspicions, including the knowledge of the internal STR/SAR forms designed and implemented for the purpose. They must know the data points to mention and the relevant documents to attach.

Employees can have skills in all these aspects only with proper training. You must conduct regular training programs on identifying and reporting suspicions. The identification must be correct, and reporting must be precise in the required format for effective action.

Neglecting data confidentiality and privacy concerns

The data added on suspicious transactions and activities in these reports is confidential. You must not share it with people other than your internal team members working on it.

You must keep the data in STRs and SARs confidential and private, ensuring adherence to the no “tipping off” requirements prescribed under the UAE AML laws.

Not sharing the reports with the senior management

For implementing AML measures, effective communication within the entity is essential. In particular, you must share all the reported suspicions and actions taken with senior management periodically (possibly in the semi-annual AML/CFT report prepared by the AML Compliance Officer).

Sharing information facilitates collaboration and coordination in AML efforts. It helps you combat money laundering and terrorism financing more effectively.

Missing the review of the reporting process

You have a well-defined reporting process on the goAML portal. You have been able to submit the STRs and SARs through this procedure.

But it does not remain the same always. You must conduct frequent reviews of the process, including the formats used for internal STR/SAR reporting, to check for errors or missing parts. You might identify gaps that need improvement. Also, the process must stay relevant to the UAE’s AML laws and align with your AML objectives.

To ensure that alignment and relevance are checked, you must assess the process periodically. Make improvements for effective reporting of suspicious transactions and activities.

Best practices around STR/SAR filing on the goAML Portal

These are the ten critical lapses that can occur during STR/SAR filing on the goAML Portal. Avoid them at all costs to reduce the chances of failure in this process. The likelihood of non-compliance is high if you commit any of these errors.

Some of the best practices you can implement to avert these deficits are:

Register on the goAML Portal and ensure the details furnished on the portal about the entity and Compliance Officer are up-to-date.
Documenting a detailed list of general red flags and industry-specific risk indicators in the AML/CFT policy itself.
Develop a clear reporting hierarchy and step-wise process to be followed by the frontline employees when any suspicion is observed.
Designing a comprehensive internal STR/SAR format, covering the fields to capture mandatory details and the staff’s understanding of the risk indicator involved in a specific activity or transaction.
Having a checklist to ensure accurate and complete details are furnished in the STR/SAR filed on the goAML Portal.
Keeping a log of the reports filed and copies thereof.
Periodically apprise the senior management of the STR/SAR filed, key red flags identified, and the action taken by the entity.
Creating awareness amongst the team around the “no tipping off” requirement.
Immediately adhere to the authorities’ feedback or instructions against the STR/SAR filed.
Mandatory training to the staff at the time of joining and at periodic intervals to keep them aligned with the emerging ML/FT typologies.

Niyeahma’s support in ensuring timely compliance with STR/SAR filing on the goAML Portal

If you want a faultless process of submitting STR and SAR, you can connect with our team. We will help you at every step in identifying suspicious transactions and activities and reporting them to authorities. With our expertise, you can generate accurate, complete, and on-time reports and submit them on goAML.

Niyeahma is a distinguished provider of AML compliance services in the UAE. We keep your business protected and compliant with the UAE’s AML regulations.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Proliferation Financing Institutional Risk Assessment by FIs, DNFBPs, and VASPs

Have you conducted an Enterprise-Wide Risk Assessment to identify the money laundering (ML) and terrorism financing (TF) risks to your business? Did you factor in the risk you may face on account of proliferation financing (PF)? Is your customer risk assessment methodology comprehensive enough to assess the PF risk your customer poses to the business? Identifying and assessing your business’s vulnerabilities to the threats of proliferation financing is essential. The Executive Office for Control and Non-Proliferation (EOCN) has issued a Proliferation Financing Institutional Risk Assessment Guidance for FIs, DNFBPs, and VASPs.

In its recommendations, the FATF included a thorough assessment of the PF risk and the development of adequate counter-proliferation financing (CPF) measures for managing this risk. As an active member of FATF, the UAE commits to developing detection, prevention, and mitigation measures against PF.

Before we discuss the key highlights of the guidelines and the authority’s recommendations to the private sector, let us understand the importance of proliferation financing risk assessment in safeguarding the business.

Why is proliferation financing risk assessment important?

Proliferation financing means supporting or facilitating the proliferation of weapons of mass destruction (WMD) and their delivery systems. It means providing funds for or facilitating the following activities related to nuclear, biological, and chemical weapons:

Manufacturing
Using
Developing
Possessing
Transporting
Brokering
Trading
Transferring
Transshipping
Stockpiling

It also includes financing or facilitating the delivery of these weapons or their related materials, i.e., dual-use goods or technologies used for illegal purposes.

Unless you identify the potential vulnerabilities, your business may be unknowingly exploited for the above-mentioned proliferation financing activities. Thus, to counter proliferation financing risk, you must assess the potential PF threats at the business level and also at the business relationship level. You must learn how your business is vulnerable to PF risks. You must know the characteristics of PF risks, which you can spot and raise an alert.

You will face enormous penalties if you do not apply CPF measures or willingly or unwillingly engage in proliferation financing activities. It may result in various national and international sanctions, leading to irreversible reputational damage and loss of customer trust and revenue.

So, it becomes essential for you to identify and prevent the proliferation financing risks. This is possible with timely and accurate PF risk assessment and developing an integrated risk management framework, combing anti-money laundering, combating terrorism financing, and countering proliferation financing. The PF risk assessment at the entity level is popularly known as Proliferation financing Institutional Risk Assessment, Proliferation financing Business Risk Assessment, or Proliferation financing Enterprise-Wide Risk Assessment.

EOCN’s guidance on proliferation financing institutional risk assessment

EOCN released a guidance note on PF risk assessment for Financial Institutions (FIs), Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs). The guidelines discuss various risk categories and factors associated with proliferation financing, the methodology the regulated entities must consider in assessing the overall PF risk the business is exposed to, the customer-specific PF risk, and the risk mitigation measures to be implemented as part of CPF.

The guidelines also elaborate on the various questions that can be included in the Know Your Customer (KYC) and Customer Risk Assessment process to assess the PF risk posed by each customer or transaction.

The guidelines also discuss some of the best practices the regulated entities must implement to identify and counter the proliferation financing risk.

Proliferation financing Institutional Risk Assessment

While evaluating the risks of ML and TF, entities must also assess the PF risks. During this procedure, you must handle the following steps:

Assess inherent risks

You must analyze the inherent proliferation financing risk your business is exposed to considering the following risk factors:

Customer and the nature of business activities the customer is associated with
Geography
Products, services, and transactions
Delivery channels
Cyber risks to software and systems

The assessed inherent PF risk can be classified as low, medium, or high, considering the PF vulnerabilities, the risk appetite of the business, etc.

Check the adequacy and effectiveness of controls

The next step is checking the adequacy and effectiveness of control measures. These measures aim to manage and mitigate the inherent risks identified in Step 1.

A control measure is adequate only if it is accurate in risk detection and prevention. The control effectiveness must be determined considering the quality of the control design and the operation efficacy of the controls. The outcome of the control effectiveness can be determined only based on the degree and extent of how well the controls can manage the impact of the risk on the business.

Based on the analysis of the adequacy or deficiencies in the design and operation of the controls, the control measures can be classified as effective, partially effective, or ineffective.

You must conduct frequent reviews of control measures to test effectiveness and sufficiency. If found otherwise, you must take corrective actions.

Identify residual risks

Residual risk = inherent risk (less) controls’ effectiveness

It means whatever risk remains from the inherent risk after considering control measures is the residual risk.

Ongoing risk assessment

When new, emerging risks arise, a risk assessment must be conducted. Based on these new risk scenarios, your control measures must change. Thus, you must frequently review and update PF risk assessment for the business and particular customer.

Proliferation financing (PF) risk mitigating measures

The business must apply adequate PF risk mitigation measures based on the assessed risk and adopt a risk-based approach.

The measures you apply to combat ML and TF risks may also help you fight the PF risks. But pay attention to the PF risk factors while applying these measures to avoid missing the PF-specific threats to your business. These risk-mitigating measures include:

KYC and CDD during client onboarding

During this process, you will identify customers and verify their identities. You learn about customer’s:

Backgrounds
Sources of wealth/funds
The purpose of the relationship
Their ultimate beneficial owners (in the case of a legal entity)
Connection with sanctions or the presence of any adverse media
Association with Politically Exposed Person (PEP)
Primary market and customer base
Engagement in dual-use goods or other controlled goods and, if so, license to trade in such goods

Further, you must include detailed questions in the KYC and customer risk assessment questionnaire to uncover the PF risk the customer may pose. Such questions may relate to the following:

geographies the customer is associated with,
the jurisdictions proposed to be involved in the transactions,
the consistency between the proposed transaction and the customer’s social and economic profile,
ease and cooperation in identifying the UBOs,
ease in identifying the customer’s source of funds and wealth,
delivery channels used – mode of interacting with and onboarding the customer,
customer’s business segment, whether associated with a high-risk industry,
nature of the products or services requested by the customer,
customer’s legal structure – is it overly complex,
reasonableness of the transaction value,
frequency of the transactions executed by the customer, etc.

As applied to the customer, the KYC and customer due diligence measures must also be adopted for the beneficial owners, senior management, power of attorney, and authorized signatories of the customer.

Understanding the customer’s association with dual-use goods or controlled items, either as direct trading or involvement in the shipment or transshipment of goods, is essential to assessing the PF risk.

The customer details must be periodically reviewed to ensure their validity, relevance, and accuracy and to identify any change in the customer profile that may impact the customer’s PF risk assessment.

Customer screening against sanctions and adverse media

As one of the CPF measures, you must screen your customers against a comprehensive and accurate database pertaining to sanctions, watchlists, and adverse media. You must screen the customer and connected persons, including the ultimate beneficial owners, directors, attorney holders, and authorized signatories.

Screen them against various lists to find matches with:

Adverse media or news
Criminal cases
PEPs or close relations with PEPs
Sanctions or association with sanctioned persons
Links with proliferators or proliferation financing activities

The screening results must be considered for determining the customer’s risk profile and the risk mitigation measures required.

Enhanced Due Diligence (EDD)

When the PF risk arising from a business relationship is high, you must apply enhanced due diligence measures. The following is an illustrative list of customer attributes that call for EDD measures:

If a customer is a PEP
If the customer is residing in or has business operations in a high-risk jurisdiction
If the customer engages in products or services with higher risks of PF
If the customer has a highly complex and opaque ownership structure
If the customer is associated with a high-risk business sector
If the customer uses international corporate vehicles for asset structuring and investment needs

Considering the above and other factors, if the customer is assessed as posing an increased risk, you must collect more information from independent sources for customer identification and identity verification purposes. In such high-risk corporate customers, you may reduce the beneficial ownership threshold from 25% to 10% to apply checks on more individuals associated with the customer.

You must conduct frequent and more rigorous transactions and business relationship monitoring. Check their financial data, litigation history, and criminal records to build their risk profile. Whether you start, continue, or exit the business relationship with them, you must get approval from the senior management.

Ongoing monitoring – Business Relationship and Transaction

You must continuously monitor the customer profile and transactions to check the consistency between the customer’s risk profile and the transactions executed by the customer. The frequency of reviewing and updating the KYC and CDD details highly depends on the existing risk profile of the customer. If a customer’s risk profile changes, necessary measures must be immediately applied to manage the changed level of risks, e.g., if the risk changes from low to high, EDD measures must be applied. You must note and report anything found suspicious in a transaction or customer.

Suspicious Activity Reporting

Stay alert to unusual behaviour while onboarding the customer, managing the transaction, and performing ongoing monitoring. If you detect any suspicion indicating the involvement of proliferation financing or customer’s association with PF, conduct further investigation, and if required, submit a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) via the goAML portal.

Employee screening and training

Besides screening your customers, conduct employee screening before hiring them. Check for their competence, integrity, and ethical behaviour. Assess their background to find any linkages with proliferation financing activities.

Everyone in the entity must align with the goals to fight against ML, TF, and PF. So, they must undergo relevant training to detect and deter the exploitation of the business for proliferation financing activities. All employees, including senior management, must participate in PF-specific training. Customer-facing employees or those whose job duties expose them to PF risks must undergo specialized training. Employees who perform transaction monitoring, CDD, KYC, EDD, risk assessments, and screening must get focused training to identify the PF risks while performing their duties.

Overall CPF framework

All these measures help you identify, assess, and combat PF risks. For effective implementation of the counter-proliferation financing framework, adopt the following best practices:

Including the proliferation financing risk factors while conducting an overall Enterprise-Wide Risk Assessment.
Including and integrating CPF in the business’s overall governance framework.
Information manuals on proliferation financing risks must be developed and communicated across the organization, covering the policies, procedures, and controls to identify and effectively mitigate PF risk.
CPF policies must provide guidance on dealing with dual-use goods and detecting and reporting PF-related suspicious activity.
Adequate screening systems that enable timely detection of customers associated with dual-use goods and sanctioned lists must be implemented.
A proper process and system must be deployed to apply asset-freezing measures when any designated entity or person is identified entities. It should also support prompt termination or suspension of business relationships and timely reporting to the EOCN.
The effectiveness and adequacy of the CPF measures must be periodically tested and enhanced.
Before launching new products or services, the entity must assess the PF vulnerabilities.
Process and system must be implemented for mandatory senior management approval before onboarding a customer posing PF risk.

Niyeahma’s role in proliferation financing institutional risk assessment

Since you have understood the necessity of assessing and combating the proliferation financing risk, why not give it the importance it deserves? You must be proactive enough to include them in your overall AML/CFT framework. If you need any support, Niyeahma is at your service.

We are a leading provider of AML, CFT, and CPF compliance services in the UAE. We help our clients fight well against financial crimes, including money laundering, terrorism financing, and proliferation financing. Besides AML compliance services, our consultants and expert professionals help you:

Understand the importance of CPF in the context of financial crimes
Detect and assess the emerging risks of PF
Identify the appropriate measures against PF
Implement these CPF measures and controls to mitigate or prevent PF risks

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

A Guide to Avoiding Common Mistakes in AML Compliance for VASPs

12 best practices for setting up an AML compliance department

A Guide to Avoiding Common Mistakes in AML Compliance for VASPs

With the rise of instances of money laundering in the virtual assets ecosystem, the UAE government introduced anti-money laundering regulations to supervise and safeguard this sector. Virtual asset service providers (VASPs) operating in the UAE must know these rules. You must create a customised AML framework aligning with these rules and regulations, in sync with the nature and size of the virtual asset activities. While implementing them, be careful of the common mistakes to avoid in AML compliance for VASPs for effective results.

This blog explores these common AML compliance challenges that a VASP must avoid. By avoiding them, you are adopting an effective methodology for achieving your AML compliance obligations and protecting virtual assets from ML/FT vulnerabilities. Before covering the mistakes, we’ll understand why the money laundering threats affect VASPs’ businesses.

Why is the threat of money laundering looming over VASP businesses?

What is the primary factor influencing money laundering activities? Disguised or concealed identities. By hiding their identities, money launderers bring illicit money into the legal financial system and layer it with other transactions.

This is so much possible in the case of cryptocurrencies and virtual assets. The reasons being:

The virtual asset transactions are decentralised
These transactions allow anonymity or pseudo-anonymity
High-value and high-frequency transactions are common
Easy and quick transfer of virtual assets from one person to another across boundaries
Regulatory frameworks for VASPs and virtual assets are still evolving

All these reasons increase their vulnerability to money laundering threats. So, virtual asset service providers must stay alert to the standard red flags and ML/FT typologies. These indicators must warn you of suspicious activity, which you can investigate further and prevent financial crime. You can find these red flags in our blog: Unusual Transaction Trends for VASPs.

These red-flag indicators help you spot a suspicious customer or transaction. After spotting, you can avoid or stop them. Besides this, you must follow the AML regulations as applicable to the VASPs (such as the Compliance and Risk Management Rulebook issued by VARA or the rulebooks issued by the ADGM’s FSRA or DIFC’s DFSA, along with Federal AML regulations). Per these regulations, you can achieve AML compliance by applying the following AML measures:

Creating AML framework, including policies, procedures, and controls
Applying appropriate customer due diligence measures, including KYC, screening and risk profiling
Applying adequate KYT (Know Your Transaction) measures
Training your employees on AML and CFT
Complying with FATF travel rule requirements
Maintaining adequate records and information
Monitoring customers and transactions
Reporting your suspicious activities to the FIU

Mistakes to avoid in AML compliance for VASPs

VASPs invest in these measures and implement them in their operations. But during their planning or execution, you might face challenges. The following are the common mistakes to avoid in AML compliance for VASPs:

Inability to manage changes per AML regulatory updates

The world of virtual assets is a new and emerging business territory. People are still understanding its uses and benefits. Meanwhile, money launderers have already started using it for their illicit activities. They are leveraging the characteristics of virtual assets to launder dirty money. That is why the rules for VASPs are still evolving in the UAE to manage criminals’ new and sophisticated money laundering methods.

With such an evolutionary nature, you must keep track of regulatory changes. As and when laws change, you need to adjust your AML policies to them. If you miss these changes, your compliance will be incomplete or inaccurate, leading to penalties.

So, one key AML compliance challenge for a VASP to avoid is operating in an uncertain regulatory market. This leads to inconsistent AML practices. To cover this challenge, monitor the AML updates. As and when new rules are introduced, understand them and make relevant changes in your AML strategies. Thus, you can bring consistent and AML-compliant business practices to your virtual asset activities.

Difficulty in keeping pace with the technological innovations and developments

One common mistake to avoid in AML compliance by VASPs is not upgrading their technologies related to the compliance function.

Blockchain, cryptocurrency, and virtual asset worlds witness new technologies daily. Such technological innovations are a big challenge for VASPs.

You must up your game in the technological development space to bridge the gaps between the tools deployed by the criminals and the technologies you use for combating these crimes. Keep your systems updated and in alignment with the market requirements and the newer money laundering trends and patterns. Upgrade your system’s security and work on data protection. Investing in cybersecurity measures can reduce your vulnerability to security breaches and help mitigate ML/FT exposure.

Failure to assess risks to your business

You are a virtual asset service provider. So, you must know the potential risks to your business. If not, it is one of the severe mistakes around AML compliance. You must immediately get it done to identify and understand the risks and plan their AML control measures accordingly.

You must conduct an enterprise-wide risk assessment (EWRA) to identify the potential exposure to all aspects of your business. The risks can be from any or all of the following-

Customers and other parties involved
Products and services
Geographies of your business or where your customers are from
Delivery or distribution channels
Nature, size and complexity of the transactions
Technologies deployed

These factors might expose you to money laundering or terrorism financing risks. So, identify them, analyse their possible impact, and their level. You must be able to build your own business’s risk profile. A comparison of the risk profile with your risk appetite is the gap you want to fill with your AML efforts.

Remember to repeat this exercise regularly to stay on top of your business’s potential risks. You must update the risk assessment when business conditions and elements change.

The absence of a well-defined, customised AML framework

One of the critical aspects of AML compliance is the documented comprehensive AML framework. Without an AML framework, you do not have the policies, strategies, procedures, and controls. You must have a well-defined AML framework tailored to your business and the outcome of the ML/FT business risk assessment. These help you follow the AML compliance requirements and safeguard your virtual asset activities.

After the risk assessment, you need an AML compliance program to mitigate or manage these risks. It must have the following:

Relevant AML policies per your AML goals
Procedures for due diligence before customer onboarding and during business relationship
Checklist of red flags and process to spot them
Record-keeping and reporting systems for AML
Internal controls to combat these risks
Norms to comply with KYT and travel rule requirements
Procedures for ensuring effective implementation of the targeted financial sanctions

You must communicate these to all your departments and employees. Also, get approval from the senior management. Also, you must update the framework with regulatory amendments and revisions in business risks.

No focus on the customer due diligence

Customer due diligence is a critical part of any AML compliance program. Its correct and on-time performance is a vital AML compliance challenge for VASPs. However, this process is crucial for identifying suspicious customers and managing vulnerabilities.

Your CDD process must include:

Knowing your customer: You must collect the identity details of your customer, along with evidence. For legal entities, collect information on beneficial ownership, nature of business, etc.
Knowing your transaction: You must know the originator and beneficiary of a virtual asset transaction. Collect details on wallet addresses, transaction hashes, device identifiers, and other points that help you know it better.
Customer screening: The pseudo-anonymity of a virtual asset transaction makes it riskier. So, you need to be extra careful with whom you are dealing. You must match your customers against lists of sanctions, PEPs, terrorists, and adverse media. If matched, make informed decisions to ensure compliance with laws and management-approved risk appetite.
Customer risk profiling and enhanced due diligence for high-risk customers: The above three assessments help determine whether a customer or a transaction is high, medium, or low risk. Once you know the high-risk customers, you must apply enhanced due diligence for extra care. Seek information on the source and destination of funds, check their legitimacy, and double-check beneficial owners. Do not form a business relationship or conduct the transaction if it is doubtful.

Thus, all these steps of customer due diligence ensure you are in a better AML compliance position. You know your customers and their risk profiles so that you can decide accordingly. Such risk assessment allows you to take a risk-based approach to AML compliance.

No plan in place to Know Your Counterparty VASP

A virtual asset service provider sells, holds, exchanges, converts, safe-keeps, or transfers virtual assets on behalf of other legal or natural persons. So, in such virtual assets activities, more than one VASP is involved, and thus, such counterparty VASP may also pose a certain degree of risk, influencing the transaction. So, knowing your counterparty VASP is crucial for any virtual asset service provider.

Failing to do this is a crucial mistake to avoid in AML compliance for VASPs. So, you must make it a practice to check and know your VASP before engaging in a transaction. You can check the importance of this requirement on our blog: FATF Travel Rule and Know Your Corresponding VASPs.

Like customer profiling, check your counterparty VASP’s beneficial ownership. Make it a practice to check their compliance with the AML regulations. All these details will give you a better view of how legitimate or illegitimate their business is and what sort of risk it can bring to the virtual asset transaction.

Lack of AML training for employees

You must be aware of the applicable AML regulatory landscape. Besides, everyone in your team handling customers, transactions, or any other AML compliance procedure must learn about the process, including the senior management. All this knowledge enables the adequate performance of your business responsibilities while considering the AML measures and compliance obligations.

So, you must design a comprehensive AML training program for your employees. Include theoretical and practical training to facilitate a better understanding of procedures. Provide practical examples of cases with relevant live training on CDD, transaction monitoring, and sanction screening. It makes the conceptual clarity better and more accurate.

If not internally, you can hire an external AML consultant for imparting training. Partner with someone with expertise and experience in training different industries. Missing such training is a big mistake to avoid in AML compliance for VASPs.

Inability to find the right balance between user privacy and AML compliance requirements

The design and delivery of virtual assets is such that you can ensure anonymity. However, AML compliance requires you to gather all details on your customers. So, a proper balance between the two is essential. This is a big AML compliance challenge that VASP must avoid.

Virtual asset transactions sometimes enable the concealment of true identities. Some cryptocurrencies, like privacy coins, enhance anonymity and privacy.

This is in contrast to the AML requirements that VASPs must adhere to. You must get the customers’ identity and other details to fulfil the needs of KYC and CDD under AML. So, you need to find a balance between this anonymity and AML requirements.

Insufficient and incomplete records and reports

Another mistake to avoid in AML compliance for VASPs is insufficient recording and reporting. If you don’t keep records, it would be treated as non-compliance with record-keeping requirements, and also, you won’t have evidence to prove your regulatory compliance. Also, you’ll be unable to submit reports to authorities without such records. So, pay close attention to maintaining records and submitting reports to authorities.

Maintain records of KYC, CDD, customer screening, EDD, KYT, transactions executed, etc. Also, create and save records of transaction monitoring and suspicious transactions identified. These records must be up-to-date, comprehensive, and accurate. Authorities might ask for them during audits and investigations.

Another need is to create comprehensive reports of your AML measures and submit them to the necessary authorities. One mandatory provision is submitting a report on suspicious transactions and activities. Forgetting to do so leads to non-compliance and penalties. So, comply with the reporting and recording requirements of AML compliance in UAE.

You must be aware of and avoid these common mistakes in AML compliance for VASPs. By avoiding them, you make your AML compliance practices effective.

Niyeahma – your partner for professional AML consulting services

Niyeahma is one of the leading providers of AML consulting services to the VASPs operating in the UAE. We help clients face AML compliance requirements with complete preparations. You can find help with:

Conducting the ML/FT enterprise-wide risk assessment
Creating and implementing AML policies and procedures
Training your employees
Monitoring transactions
Managing your KYC and CDD compliance

For any help in AML compliance, you’ll have the support of Niyeahma.

So, get on a call with our team and discuss your requirements.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

12 best practices for setting up an AML compliance department

Who forms the heart of AML compliance in a regulated entity? The AML compliance department. It is a department dedicated to ensuring compliance with the applicable AML laws. The compliance department and its people manage all the AML requirements per the UAE AML laws. It consists of an AML Compliance Officer and other team members. This article provides insights into the 12 best practices that FIs, DNFBPs, and VASPs must follow for setting up an AML compliance department.

Why set up an AML Compliance Department?

The AML Compliance Department takes care of the following compliance activities:

Risk assessments
Transaction monitoring
KYC, KYB, and KYT
Due diligence of customers
Development of AML frameworks
Implementation of AML policies, procedures, and controls
AML training for employees
Regulatory reporting
Engagement with industry bodies and regulatory authorities

Thus, the AML compliance department spearheads all the necessary tasks for achieving AML compliance. It helps you navigate AML’s legal maze in the country and globally.

With such a critical role and responsibilities, you, as an entity, cannot go wrong while setting it up. Exercise caution while building such an in-house AML compliance department. A small error can mar all your attempts to set up a proper team that can manage all tasks. So, note the possible blunders, avoid them, and incorporate the best practices for effective results.

Best practices to adopt while setting up an AML compliance department

The AML compliance department is a principle of corporate conduct. It makes your operations possible within ethical and legal boundaries.

It enables the handling and management of critical compliance tasks in the entity. Only with the successful performance of these tasks can you move ahead in your AML journey. For this purpose, you must adopt the following best practices while setting up and operating an in-house AML compliance department:

1. Analyze your compliance needs

Before creating a new department in your entity, you must know that department’s objectives. You must know how it will help you reach your strategic goals.

So, before forming the AML compliance department, assess your compliance needs. List the fundamental laws, regulations, guidelines, and industry standards applicable to your business. Identify the potential ML/TF risks your business faces.

This research helps you better understand the objectives of the AML compliance department. You’ll be able to determine what the compliance function will do at a strategic and operational level. You will know the market expectations from you on ethical conduct and governance.

2. Onboard skilful professionals for the AML department

The first thing that a new department needs is the correct set of people to run it. After creating a department to handle AML, you must consider its human resources. Human assets are essential to do all the tasks for that department.

You can recruit new people externally for this team. Alternatively, you can internally hire from other departments to the AML team. However, ensure that these people have the necessary skills to perform AML tasks.

While onboarding people, check the following:

Skills
Educational background
Any experience in regulatory compliance activities
Relevant knowledge of AML requirements
Commitment to the entity’s AML goals
Criminal history/Adverse media

Human resources are essential to perform the various tasks under the AML regime. You need them to monitor transactions, conduct KYC and KYB, and build risk profiles. You can use technology to do these activities. But you need human skills to run systems, analyze results, and make decisions. So, pay attention to having the right team members for the AML compliance department.

3. Allow the use of technological systems for compliance processes

In the current times, technology is what can give you an edge over others. It is an excellent tool to ease your AML compliance requirements. Technological systems can make compliance easier, smoother, more accurate, and faster.

While setting up an AML compliance department, ensure it has relevant technological systems. You will need technology solutions for the following activities:

Conducting risk assessments and building risk profiles
Thorough due diligence of customers
Effective transaction monitoring to detect suspicious transactions

Technology is essential for the effective operations of these processes. You can achieve quick results with a higher probability of accuracy. You can set rules and generate alerts when a suspicious transaction is in process. So, having access to the best technological systems is necessary while building an AML compliance department.

4. Allocate adequate budget for the compliance department

An AML compliance department takes care of all your AML requirements. It needs to perform several activities to help you follow the AML rules. For this, it needs to have a sufficient budget.

You will need to spend on recruiting and hiring new people. Spending on salaries, incentives, and benefits is a significant cost. Also, you will be spending on buying technology solutions to expedite processes. The daily expenses of running the department are another cost element. So, having enough financial resources is vital to operate the AML compliance department without hiccups.

5. Make it independent from other business units but still integrated

Independent but still integrated?

Now, this sounds confusing!

You must create a dedicated AML compliance department. It must be separate from other business units and departments to keep the focus intact. By having a devoted department, you can stay committed to the AML goal.

The issue is if you keep it in silo form, it will just be a tick-box exercise. For compliance purposes, you will complete all the deliverables and submit reports. But you will forget aligning it with your strategic goals and objectives. So, it is necessary to integrate it well with other processes.

Integrating it with other processes can build a stronger AML culture in the entity. This, in the end, leads to higher commitment from all stakeholders. Thus, you can make AML compliance meaningful for the entity’s objectives by integrating it with other processes but still keeping it independent from other departments.

6. Define smooth lines of communication and collaboration

The previous point said you need a siloed AML department that is well-integrated with other functions. One way of integrating it well is through a smooth flow of communication. Communication lets you collaborate with other teams and departments. So, while building such a department, define the communication structure.

Smooth communication facilitates collaboration between teams. You can coordinate with other functions on a few processes for more efficiency. Also, communication with external stakeholders is necessary to enhance AML compliance efforts.

A lack of such collaborative efforts can lead to gaps in AML compliance activities. Like you will have the AML-side view, but no perspective on the business side. Or, you are unaware of the ground-level application of an AML procedure. So, do not let the lack of collaboration become a roadblock to your AML efforts. Invest enough thought into it and decide accordingly.

7. Provide access to data on customers, transactions, and other relevant information

Every process and procedure in your entity’s operations needs data. If you do not provide accurate data on time, processing them is next to impossible.

In the same way, AML compliance activities need appropriate data for processing. You need to have information on the following:

Customers and their identities
Transactions
Geographies of operation
Delivery and distribution channels
Other relevant data for AML

The AML department will need access to customer data to process it for further analysis. You must give ready access to this data to process it further and generate outcomes. Lack of such access will obstruct the AML compliance processes. Your AML compliance will suffer from delays, inaccuracies, or incompleteness.

8. Give direct reporting access to the senior management

The AML compliance department must have a dedicated AML compliance officer. This officer handles many critical tasks in AML. The officer will submit reports or ask for approvals for all these tasks. You must direct all this to the senior management.

So, while creating an AML compliance department, allocate an AML compliance officer. And give that officer direct access to the senior management.

Direct reporting access is essential because AML is critical for any entity. If you keep many hierarchy levels, you will lose time in several approvals and miss deadlines. The processing at several levels will harm the procedures or results and also affect the independence of the compliance officer.

Another vital point is that the officer must be able to execute AML measures without approvals. Thus, you must give the department enough leeway to make decisions and implement them. Also, they must be in direct contact with senior management for approvals and discussions.

9. Conduct training and awareness programs for the department

Remember, you are creating a department from scratch. You will be having some internal and some new employees join this department. And they will work on one of the most critical compliance requirements – AML.

So, AML training them enough for their responsibilities in the team is vital.

You must conduct awareness programs on AML compliance. They must know the significance of complying with AML laws in the UAE. They must be aware of the various regulations and requirements to comply with. You must train them on relevant processes that are specific to their job profile in the team.

In the absence of such training programs, your AML efforts will not be in the right direction. You might fail to follow some requirements, leading to penalties or reputational harm. It spoils the effectiveness of your AML framework. So, appropriate training and awareness programs are vital for successful AML compliance.

10. Provide security of leadership buy-in for AML policies

What will happen if you do not implement the AML compliance department-recommended policies? What if you do not take any action on the suspicious transaction reports submitted by the team? What if the management does not allocate enough budget for AML compliance?

Many “what-if” questions. But it can have only one answer, and that is leadership buy-in.

You need support from the senior management and board of directors to move ahead in the compliance journey. Their support is essential to put proper AML measures in place. Their approval is vital for taking action against suspicious transactions or customers.

The leadership must commit to supporting AML compliance efforts and creating an AML culture in the entity. So, while creating the department, get the necessary leadership buy-in. This will enable you to make it a priority strategy.

11. Keep up with the regulatory authorities and their guidelines

The regulatory authorities have specific laws and regulations for industry verticals. They create guidelines for businesses to follow for the AML compliance journey. You must know about all these laws and guidelines.

Also, there are specific labour or employment laws. You must also be aware of them while building your AML compliance department and hiring team members.

These rules pertain to:

Payment rules
Privacy
Record keeping
Data sharing
Workplace safety and health

Also, you must ensure that the department follows these rules. Every member of the department must be aware of their rights and duties. They must know the hierarchy structure, company rules, and employment benefits. All these aspects ensure the smooth running of the department.

12. Prepare a code of conduct for the AML compliance department

When the department is ready for your entity, you must also define the code of conduct. It helps you align your team members’ behaviour with the expectations. The code of conduct must cover the following aspects:

How to comply with laws
Definition of ethical behavior
Rules of communication
Behavioral rules towards seniors, AML compliance officer, and other colleagues
Environmental, health, and safety rules
Protection of property and entity reputation
Job duties and authority rules

Conclusion

Remember these 12 best practices while establishing an in-house AML compliance department. Since it is a critical task, you cannot ignore these best practices. Adopting them allows you to achieve AML compliance and prevent ML/TF threats.

If you need help creating such a department in your entity, Niyeahma is here. Alternatively, you are at the right destination if you want to outsource compliance tasks.

We are a leading provider of AML compliance services in the UAE. We can help you with transaction monitoring, risk assessments, and customer due diligence. We also support you in the selection of the right software and framing of the AML framework. Besides these services, we also aid in the setup of the AML compliance department. And if you want us to be your AML compliance function, we can also expertly play that role.

So, get on a call with our team and discuss your requirements.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Know Your Transaction: Boosting AML compliance with KYT

We understand that KYC (Know Your Customer), the crucial aspect of AML compliance, identifies the customers with whom business transactions are executed. Similarly, there is a concept, “KYT” – Know Your Transaction, aimed at uncovering the details of the transaction proposed to be carried out with the customer, including assessing the risk associated with such transaction.

Once the regulated entities know the transactions and related details, they are better placed in their anti-money laundering efforts, detecting the potential red flags. So, let us understand what KYT (Know Your Transaction) is.

What is KYT?

Know Your Transaction is one of the risk mitigation measures, which involves collecting the critical details of the business transaction to understand it better, determine its consistency with the customer’s overall profile, and determine the involvement of money laundering (ML) or any other financial crime risk.

KYT completes the Customer Due Diligence process, helping the regulated entity establish the customer profile, including the customer risk assessment, as the transactional details do give information about the customer’s activities or at least validate the customer profile determined by the compliance team.

By analyzing the financial transactions, the regulated entity can determine suspicious activities and stop them. Based on the data points, the regulated entity can determine whether the transaction aligns with the customer’s usual activities or if something suspicious exists.

What is the need for KYT?

The regulated entities subject to the AML regime in UAE deploy KYC measures to identify the customers. This includes obtaining identification details like customers’ names, ultimate beneficial owners (UBOs) in case of corporate customers, addresses, contact details, and other relevant details to establish the customer’s identity. But merely with KYC, the regulated entity cannot develop a complete customer profile or assess the potential risk exposure until the entity understands the proposed transactions.

This is where KYT comes into action.

With KYC, the regulated entity can identify whether a customer is the one they claim to be or is a financial criminal with some negative background. If they are identified as a criminal or sanctioned, the regulated entity applies adequate controls or possibly does not transact with them. But where the customer’s identity has been established to be clear, the risk of such a person exploiting the business for money laundering or terrorism financing cannot be negated. Thus, it is crucial to assess the transaction and identify the transactional parameters and their consistency with the identification details furnished by the customer.

The significance of KYT has increased due to a rise in cryptocurrency transactions. Since these are anonymous and decentralized transactions, the ML threat is higher. So, knowing more about the transactions before undertaking them becomes critical. Besides, KYT is also necessary for electronic fund transfers, including cross-border transactions.

In this context and as mandated by UAE AML regulations, for financial institutions like banks and Virtual Asset Service Providers (VASPs), KYT is very crucial to decode the identity of the originator and the beneficiary involved in the fund transfer or the virtual asset transfer. Not just this, these regulated entities are required to transmit the message to the counterparty financial institution or the VASP, capturing the details of the originator (payer) or the beneficiary (payee), along with the fund or virtual asset transfer request (complying the requirement of FATF Travel Rule).

KYC helps identify the suspicion related to the person, but to spot the red flags in the proposed transaction, KYT is inevitable.

With adequately implemented KYT, the regulated entities can identify and assess the following aspects of a transaction:

All details on involved parties (originator, beneficiary, their account or virtual asset wallet details)
Geographies involved (including geo-location and IP address in case of electronic transfers)
Amount of the transaction
Date of transaction

Not restricted to one-time activity, KYT also refers to the ongoing monitoring of transactions. Thus, once the entity has all these details on a transaction, along with transaction history and the customer profile, it can identify patterns or trends in them. If something suspicious is detected, the regulated entity can investigate further for any ML/FT threat. Thus, KYT is essential to keep the business safe from financial crimes.

Now that we know why KYC is significant, let’s look at the tips that must be adopted to ensure a smooth KYT process.

Tips to improve the KYT process

Besides KYC processes, KYT is essential for achieving AML compliance. Pay attention to the following tips and tricks to remove inaccuracies in KYT and leverage the benefit of KYT to foster the ML/FT guards:

Give it as much importance as KYC

We all know that KYC is a critical pillar of AML compliance. KYC enables the regulated entities to know the customers better. It helps to find out if any of the existing or potential customers have any potential links to money laundering or other criminal activities. However, these measures are incomplete and do not give a complete picture of the customer’s risk profile without knowing the transactions. Thus, KYT is an equally critical measure for AML compliance.

Understanding and investigating the transactions enables the regulated entity to know if they facilitate illegal activity. If not, the entity is suitable to move ahead with the transaction. If yes, the regulated entity can terminate or cancel the transaction. Thus, the business is saved from reputational damage and non-compliance penalties.

Use all data on transactions to analyze them

When applying the KYT measures, collect all information pertaining to the transaction. It includes parties to the transaction (originator of the transfer and the beneficiary/(ies)), date, value involved, geographic location, and other relevant information (like unique transaction reference number or transaction hash in case of virtual asset transfer).

The regulated entity cannot determine whether the transaction is suspicious based only on one factor. It must consider all the details to know the ins and outs of the transaction. The regulated entity can find its linkages with illegal activities or criminals by analyzing various transactional parameters. Thus, the regulated entity must assess all the aspects of a transaction, considering the outcome of the KYC and overall customer profile, to determine if it is suspicious.

Define rules to detect unusual trends or patterns

To detect any red flags or suspicions, the regulated entity must define specific rules or parameters to gauge each transaction, considering all the relevant transactional parameters. These rules include transactional patterns, frequencies, time gaps, beneficiaries involved, geographies associated with the transaction and the value. And when anything goes against these rules, there must be an alert.

Further, the rules must also be defined, factoring in the customer’s identification details and the overall risk profile. Thus, the regulated entity is immediately notified if any inconsistencies are observed between KYC and KYT.

Regulated entities can determine unusual patterns or trends based on these rules and algorithms. It can identify if a transaction’s execution deviates from the established norms. Such deviation, unusual activity, or uncertain behaviour are the aspects that make a transaction suspicious. Therefore, defining rules, parameters, or criteria is essential to monitor transactions.

Ensure data quality to reduce false positives

When transactional data quality is ensured, accurate results can be expected, and risk indicators can be spotted promptly. Obtaining quality data and maintaining it securely is challenging.

The regulated entity can invest in quality data management systems to maintain data quality. The regulated entities can also use quality and reliable KYT solutions to investigate transactions. With well-defined algorithms and rules, the possibility of false positives can be reduced significantly.

Another aspect that needs to be taken care of is ensuring data consistency. The data may be obtained from different sources in different formats and languages. So, engaging in data cleansing and standardization is crucial before assessment and pattern detection.

Align the KYT exercise with UAE AML regulations

The regulatory requirements for AML keep changing. As and when new risks erupt, authorities amend AML rules. Also, particular guidelines for different industry sectors exist under the AML regime, e.g., mandatory compliance with the FATF Travel Rule by the financial institutions and the VASPs.

So, the regulated entities must align the KYT process with these regulations. It must stay up-to-date with the latest amendments to incorporate them into the KYT rules. Such alignment ensures an effective KYT process and also smooth AML compliance.

Technology is the go-to place for KYT automation

Collecting many data points on each transaction is a daunting task. And then analyzing them to detect suspicious behaviour demands high-level analytical skills. Manual management of all these steps will lead the business to errors and misses.

So, the best option is to automate the KYT process. Select a suitable KYT solution from the market customized to the business goals and needs. Set up relevant rules and parameters in it. With such a customized solution, the regulated entity will not miss any data and ensure accuracy. Also, it will save time with the automated KYT process, driving efficiency and quality of results.

With the emergence of AI, the Internet of Things (IoT), Machine Learning, Natural Language Processing (NLP), and Robotic Process Automation (RPA), the future of KYT is bright. These technologies can make KYT processes faster, more accurate and more efficient. The regulated entity can quickly analyze vast volumes of data in real-time and identify patterns. Thus, it can improve the quality of results in less time and effort.

Train the employees on KYT processes

The employees must have the necessary skills in transactional data collection and assessment. Explain to them the importance of the KYT process for achieving AML compliance. Training the staff around the nitty-gritty of KYT is essential for an accurate and comprehensive process.

Only with proper training will they know how to review and examine transactional data. When using tools and technologies like AI or machine learning for the KYT process, the employees must be extensively trained and educated on using these systems.

Report the suspicious transactions to authorities

What if a transaction is identified as suspicious?

The same must be reported to the authorities – internal (Compliance Officer) and external (Financial Intelligence Unit). That is what KYT and transaction monitoring are for.

When a transaction is identified as illegitimate or facilitating money laundering, report it to the AML Compliance Officer. The Compliance Officer shall investigate it further or instruct the discontinuation of the business relationship with that customer. Also, make a report to the Financial Intelligence Unit.

Maintain data confidentiality and security

Like KYC, KYT involves collecting sensitive information on transactions. Using such sensitive data can lead to data protection and confidentiality concerns.

So, the entity must ensure data security and disallow its further use for other purposes. The customer and transactional information must be safeguarded in all possible ways. Data privacy regulations, data encryption, and secure technologies to keep data safe.

How can Niyeahma help in nurturing your AML compliance efforts?

You know the best practices to adopt in your KYT process. If you do it yourself, adopt these tips to ensure quality and accurate results. Niyeahma is here to design and help you deploy the best practices around KYT and manage the ML/FT risks.

We can assist you in detecting and configuring the right tools and systems to comply with KYT requirements.

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Best practices when seeking third-party assistance in AML Compliance

The Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs) and Virtual Asset Service Providers (VASPs) have been identified as regulated entities under the anti-money laundering (AML) regulations of the UAE. While designing and implementing the measures for combating money laundering and managing the regulatory compliance obligations under AML laws, these regulated entities may face challenges and seek professional assistance from third-party AML experts.

With effective compliance and quality risk mitigation measures, the regulated entities can safeguard the business from financial crime vulnerabilities, non-compliance penalties and reputational damages.

Given the significance of AML compliance by the regulated entities in the UAE, regulated entities recognize its necessity. However, managing all compliance activities with the business operations may not be easy. It requires commitment towards AML compliance with an adequate investment of financial resources, time, and exceptional AML proficiency.

Thus, when struggling to manage compliance, the recommended solution is to seek professional assistance from third-party consultants specialized in the AML domain.

When relying on third parties to support the AML journey, the regulated entities must identify the appropriate service providers and assess their capabilities.

This blog discusses the best practices for choosing the right third-party professionals to complement the AML compliance function. Before that, let’s understand the merits of seeking third-party AML expertise for the compliance function.

Importance of seeking third-party professional help for managing AML compliance function

AML compliance is a complex, challenging, and time-consuming exercise. It requires the regulated entities to manage many tasks, documentation and reporting. Amid these complexities and routine business workload, the possibility of goofing up the accuracy and timeliness of AML compliance cannot be overruled. To avoid these errors, incompleteness, and delays, the regulated entities can seek assistance from AML consultants as advisory support or outsource some of the AML compliance exercises.

Relying on or seeking support from third-party professionals ensures that an expert AML compliance services provider works on the regulated entities’ AML obligations. This means fewer chances of errors, on-time submissions, and completeness. Thus, this can guarantee quality work, employing the proper AML measures to detect and prevent risks and successfully complying with AML regulations.

Another benefit of outsourcing AML compliance is a complete focus on strategic initiatives. Since the experts handle the AML compliance function, the regulated entities needn’t worry about it and can put all the energy, time, and effort into operational excellence. This empowers the entity’s focus on critical goals and core business operations.

Working with expert AML compliance consultants gives access to their skills and knowledge. Also, they use the latest technology solutions for managing the AML processes and procedures. They are aware of the ins and outs of the entire AML framework. Thus, third-party professionals can bring better results, more insights, and a complete AML compliance trail for the regulated entities to the table.

AML compliance services providers stay up-to-date on the latest regulations and guidelines. When trying to manage compliance on its own, there are possibilities that the regulated entities rely on out-of-date and non-trendy AML practices. Outsourcing or seeking professional assistance with the latest updates, advanced tools, and human expertise is always recommended.

By outsourcing some of the core AML compliance tasks, the regulated entities save hiring and recruiting money. If the entities do it internally, they will need to build a compliance team and hire specialists, which requires spending a lot of time and money on hiring, onboarding, and aml training. However, third-party consultants help the entities do away with this burden and costs while leveraging the benefit of experienced and trained professionals.

Another benefit of outsourcing or using AML professional’s support is an unbiased and fair view of compliance. They are experts and have been working on the AML landscape for years. So, their views are objective and independent of the entity’s business or customer relationships. Such transparent and independent views prevent money laundering threats to the business and ensure adequate compliance in the routine course of business.

So, consider using third-party expertise and outsourcing the AML compliance function for cost-effective services and AML-compliant business. Incorporate the best practices mentioned in the section below while identifying the right AML consultant for the business.

Best practices while appointing a third-party AML consultant for AML compliance

While outsourcing the AML compliance function, keep in mind the following best practices:

Understand the objectives behind appointing consultants and the extent of AML function outsourcing

If the regulated entities want outsourcing to add value to the business, understand the reasons for doing it. If the entities do not have well-defined objectives but are outsourcing or appointing a consultant only since their counterparts are doing it, they are in for doom. Engage in a prudent assessment of the AML and overall business objectives before outsourcing the compliance function.

List the activities under AML compliance requirements. Compare the pros and cons of outsourcing vs in-house for each. Consider the factors of skills, costs, time, and impact on operations for comparison. At the end of this analysis, the entities will understand what they want to outsource and what is to be managed in-house.

Such an assessment will give the entities a complete view of what tasks are to be outsourced to the consultants or the extent of reliance to be placed on managing AML functions. This may include:

Managed Know Your Customer (KYC) and Customer Due Diligence (CDD) function
Conducting Enterprise-Wide Risk Assessments
Developing and maintaining the AML/CFT policies, procedures and controls
Assistance in the preparation and filing of regulatory reports and AML surveys

Check if the outsourcing partner has relevant resources and capabilities for AML

The regulated entities must check the outsourcing partner’s capabilities in AML compliance. They must have relevant skills and competencies to help the business with all AML activities.

Their consultants and professionals must have AML knowledge and awareness of laws. They must have adequate experience performing such AML activities.

Besides human expertise, they must have the tools and technologies to bring efficiency and accuracy in compliance. Technological solutions can make risk assessments, CDD, and data management faster and easier.

Thus, check these attributes while outsourcing the compliance function to an expert AML service provider. Ensure the service provider has all these skills and case studies of successful AML compliance. Only once the entities get that trust in them can they have a successful outsourcing relationship, adding value to the AML compliance function.

Ensure they follow a customized approach for AML compliance

The outsourcing AML partner must understand the regulated entity’s business. They cannot come on board and start the AML activities unless they learn the entity’s business profile and existing compliance obligations. It needs a careful assessment followed by a customized approach.

The third-party consultants must study the business’s AML requirements. They must understand the industry-specific AML expectations in the UAE. It requires an assessment of the business’s exposure to financial crime. They must conduct a gap analysis to understand where the entity lacks AML compliance. These specifications of AML and deliverables give the service provider an idea of the compliance journey.

Based on these assessments, the consultant must prepare a customized plan detailing how to go about with AML compliance of the regulated entity. The customization is specific to the AML requirements, business model, and industry sector. A generalized AML compliance framework can increase the chances of incompleteness or inaccuracies in compliance.

Put in place an agreement for the discussed terms and conditions and scope of work

The dynamics of the outsourcing or AML consultancy relationship depend on how clear the contract is. The regulated must sign an agreement with the outsourcing services provider. The contract must mention the scope, inclusions, exclusions, cost, schedule, and terms and conditions. All these elements are essential for clarity purposes, including reference to the following critical aspects:

The communication flow between the regulated entity’s team and the consultant’s team,
List the areas where both teams will collaborate,
Explain the process flow for approvals and permissions (for AML-specific controls, etc.).

Talk about data security and confidentiality

How can the regulated entities ensure the safety and security of business-sensitive data?

The entities will share the customers’ personal data and company information with the AML consultant. If there are leakages of any of this data, it can harm the business’s reputation and customer trust.

The entities must talk about it with the outsourcer before signing the agreement. Discuss what the business expects from them and what security measures they have taken. The regulated entity must check its data security and business continuity strategies. Track the tools and techniques they are using to protect information.

Establish clear lines of communication

If the regulated entities do not have regular communication with the AML outsourcing service providers, it can affect the quality of the AML compliance efforts.

The regulated entity must identify and allocate a dedicated contact person to keep the communication channel open and live with the AML service provider. The person must communicate the entity’s expectations and changes with the service provider and be ready to help them with data based on their requests and requirements. Thus, establish transparent communication practices to foster collaborative work for AML compliance.

Clear communication facilitates planning during uncertain situations. Ensure to have effective communication, even with different time zones and languages.

Be involved in the AML compliance function as a controlling factor

After outsourcing the AML compliance function, what do the regulated entities do?

Do entities intervene? If yes, on a daily or weekly basis? If not, how to track work performance?

All these are crucial aspects the regulated entities must decide on with the third-party AML solution provider. At least the entity must stay involved as a controlling factor in each AML activity, as the ultimate compliance responsibility lies with the regulated entity itself. The regulated entity’s Compliance Officer must monitor the execution of each task and the outcome.

The entity must conduct regular meetings to see the work status and results.

The entity’s money is being spent on the outsourced AML functions, and reputation and regulatory compliance are at stake. The regulated entities must oversee how judicious the spending is. With such surface-level engagement, the entities know whether they can achieve AML goals.

The regulated entities must incorporate these best practices while outsourcing the AML compliance function or seeking professional assistance for managing the business risk. It will lead to more chances of success in the AML efforts, preventing the threats of money laundering and terrorism financing.

Many businesses fear outsourcing their AML compliance function. They dread loss of data confidentiality, control of processes, and accountability. But if due consideration is given to the essential elements, outsourcing and reliance on third parties is safe and offers value-addition.

If you are looking for a proficient and professional AML compliance services provider, we are here for you.

Niyeahma’s expertise as an AML Consultancy Service Provider

Niyeahma is a leading provider of AML compliance services for regulated entities in the UAE. Our spectrum of services helps you adhere to all the provisions of AML regulations. We help you build confidence in your AML policies, procedures, and controls for effective results.

You can partner with us for one-off service or regular support to the AML compliance function. Whatever way we engage with you, your business complies with regulatory obligations. You get recommendations for remediation actions based on your business’s AML requirements and the quality and efficacy of existing measures.

So, if you are searching for end-to-end AML support for managing your AML compliance functions, you are at the right destination.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

AML compliance best practices for real estate agents in UAE

The nature of the real estate business makes it vulnerable to money laundering risks. So, UAE includes real estate agents and brokers in the list of DNFBPs that must follow AML regulations. To adhere to these laws, you must follow the AML compliance best practices for real estate professionals.

These best practices for real estate agents in UAE align business with Anti-Money Laundering and Countering Financing of Terrorism obligations. So, make them a part of your routine operations and remain compliant with the requirements of law.

Red flags of money laundering for real estate entities

The aspects of the real estate business that make it vulnerable to money laundering are:

Rapid buying and selling of property at significantly lower or higher prices than the market rates.
Artificial inflation of property values via property flipping schemes. It facilitates the laundering of money through several transactions.
Large cash transactions with no specific reasons or obvious explanation.
Transactions involving foreigners or non-residents from sanctioned, high-risk, or weak AML-regime countries.
Concealing the property ownership using complex ownership structures or shell companies.
The client focuses on transaction completion instead of property characteristics like location or neighbourhood.
Movement of illicit money through cross-border real estate transactions.
A good number of transactions with a single client in a short time with no obvious purpose.
Client’s unusual requests before transactions
Client not following standard procedures to avoid data points that can call for more scrutiny.
Client’s refusal to submit identity documents or financial records per due diligence requirements.
The property buyer is in an illegal business.
Client engaging in repeated transactions valuing less than the threshold limit to avoid reporting and revealing the transactional details.
Involvement of several parties through complex financing arrangements to hide funds’ sourcing.
No match of the property’s location with that of the buyer or seller.
Disguising the source of funds using unconventional payment methods like cryptocurrencies or third-party cheques.
Hiding the true identity of beneficial owners through front persons acting on someone else’s behalf.
Client’s inconsistent financial status or history, like sudden changes in income, finances, or employment.
Inconsistency of client’s wealth with their financial history or source of income.
Hiding the property’s beneficial ownership by providing misleading information like parties involved in the transaction.
A transaction involving a person or entity in a foreign country of proliferation concern.

AML compliance best practices for real estate brokers

Note these warning signs for real estate businesses discussed in the previous section. Save yourself from such indicators in customers and transactions. Apply the following best practices for real estate businesses to achieve AML compliance:

Conduct Enterprise-Wide Risk Assessment (EWRA)

The real estate brokers and agents must carry out the Enterprise-Wide Risk Assessment to identify, assess, and mitigate ML, TF, and PF risks. The EWRA helps identify risk factors, their likelihood of materializing, the gross risk, controls deployed to counter ML, TF, and PF risks, and the residual risk.

If the residual risk is within the risk appetite of the real estate broker or agent, no further action is needed. If the residual risk exceeds the risk appetite, more controls must be placed to keep the risks in check.

One must be aware of the risks to the business. Be it from customers, transactions, or property locations, one must assess each risk. The risk environment in which one operates is critical to understand.

Comprehension of business risks guides you on preventive actions to apply. For example, if you find a customer suspicious, you can collect more details on their identity. In the case of a suspected transaction, you can report it to the authorities. All these actions are possible only if you understand the possible risk indicators for your real estate business.

Check out our video on Business Risk Assessment/EWRA.

Implement an AML/CFT Compliance Program

Real estate businesses must design and implement AML/CFT and PF policies and procedures to guide the employees in carrying out their day-to-day compliance work. The AML/CFT compliance program must be aligned with the EWRA to counter various risks. The top management must sign the AML compliance program, and a complete trail of updates must be maintained.

Check out the infographics.

Perform KYC and CDD checks

Knowing your customers is essential. You must know their identities specifically before onboarding. Knowing your customers during the business relationship is a best practice for real estate entities in AML checks.

You must conduct KYC before onboarding them as customers. Collect their identity details and documents and verify those. Also, collect proof of the entity’s registration, office address, and finances. Only after all these verifications must you onboard them.

Such customer investigation mustn’t stop during the business relationship. You must conduct thorough due diligence to identify every client’s risks. Beneficial ownership, source of funds, presence in other countries, and type of product/service are vital factors to collect information on. You must also screen them against sanctions, terrorist lists, watchlists, and adverse media.

All these examinations help you build a customer risk profile. You must adjust your due diligence measures based on each customer’s risk level.

Be aware of the local property market

Be it real estate companies, professionals, or agents, it is crucial to know your industry. You must know the market norms to identify the what and who of an illicit transaction or business. The normalcies of the property market help you differentiate the abnormalities. So, awareness of the property market values is an AML compliance best practice for real estate professionals.

Such knowledge helps you identify suspicious transactions. You can detect when a transaction is out of the norm or shows an unusual pattern. So, increase awareness of the local property market for easier and faster reporting.

Develop a compliance culture

As a real estate business owner, you cannot comply with AML laws alone. You need the support of your management, employees, and other stakeholders. So, the entire entity’s recognition of the significance of AML is crucial. Develop a compliance culture within the company to tackle ML/TF and PF.

Emphasise the importance of AML compliance for avoiding penalties and reputational harm. Educate them on how AML compliance creates a transparent and secure market. Train them in the fundamental processes and procedures of the AML framework. Give them all the necessary information on the following:

KYC and CDD
Transaction monitoring
Sanction screening
Business risk assessment
Implementing AML controls

Recognising the worth of AML compliance for your business helps build an AML culture. Employees understand that they must contribute to executing AML policies and procedures. They commit to performing their AML responsibilities to prevent money laundering activities. This is how you can create a culture of compliance in your entity. Also, the senior management must focus on AML compliance and be proactive in its efforts.

Perform transaction monitoring

An AML compliance best practice for real estate professionals is continuous transaction monitoring. You already know the warning signs of money laundering in real estate transactions. To detect them at the right time, you must scrutinise them at regular intervals. If suspicious, you can stop those transactions and report them to authorities.

For this, you can install transaction monitoring software. You can set the red flags in transactions as rules. The system will generate alerts if it identifies any of these red flags. Report any occurrence of unusual patterns or discrepancies to higher authorities. Based on the suspicions, you can investigate further and decide further action.

Create and maintain records and reports

UAE regulations require you to maintain AML documents and records for a specific period. These are essential during audits or when asked by supervisory authorities. So, maintaining proper records is an AML compliance best practice for real estate professionals.

These records serve as a guide for your future AML policies. Also, you need them as proof of your AML compliance initiatives in the entity. You will need to show them to authorities during external audits. Moreover, supervisory authorities may ask for documents as evidence against customers or transactions. So, you must be ready with proper record-keeping.

AML regulatory requirements ask you to submit reports like STR, SAR, FFR, PNMR, HRC, and HRCA. Besides, as a real estate entity, you must also submit a Real Estate Activity Report (REAR) if you are dealing in cash or crypto.

Know your employees

Knowing your customers and transactions is critical. But you also need to know your employees, which most entities ignore. An AML compliance best practice for real estate professionals is knowing your employees. You never know; they might be dealing with criminals to launder money through your business transactions. It would be best if you prevented such interventions.

The best practice for real estate is AML checks of employees. Check their background and employment history. Investigate their family to identify any association with money launderers. Observe their behaviour to determine involvement in suspected illicit activities or illegal linkages.

Independent audit of AML efforts

You perform all these AML activities to follow UAE regulations. You create an AML framework with each process’s necessary policies and controls. So, it’s also critical to see how this AML framework functions. If it can achieve AML goals or you are still non-compliant.

For this, you must audit your AML efforts. The audit shall cover your AML/CFT program, procedures, records, controls, and various quantitative and qualitative aspects concerning the AML/CFT obligations. Appraisal of the AML framework is a best practice for real estate AML checks. Identify the weaknesses. Check what is working and what is not. Track the submissions to authorities.

Once you know the weaknesses, you can improve upon them. You can implement corrective actions to improve the effectiveness of your AML compliance. So, regular assessment of the AML framework is an AML compliance best practice for real estate professionals.

Collaborate with authorities and industry players

One best practice for real estate AML checks is collaboration with regulatory authorities. Such collaboration facilitates information sharing. You can contribute to authorities’ investigations by providing timely reports. These show your commitment to preventing money laundering in the real estate industry.

Such collaboration helps you stay up-to-date on regulatory changes and updates to laws. With regular tracking of these amendments, you can adjust your internal controls. Also, you get to know about emerging risks and industry-specific guidelines.

Interactions with other real estate entities and professionals also help you know the best practices. You can learn about the industry-specific red flags to spot and avoid. Participation in industry conferences helps you with information on AML trends. Thus, collaboration with industry players, regulatory authorities, and legal professionals is beneficial.

Implement a governance framework

Implement a governance framework and establish clear authorities and responsibilities around AML compliance. Lay down detailed guidance on who does what and the procedures to make changes to the AML/CFT program.

There are eleven AML compliance best practices for real estate businesses. You must adopt them in your business to streamline your AML compliance. These best practices for real estate in AML checks empower you to prevent financial crimes. If you need support in AML compliance, we at AMLUAE are here to make your journey smoother.

AMLUAE – your partner for professional AML consulting services

AML UAE is a well-known provider of AML compliance services to clients in different industries. We have been helping clients frame AML policies, procedures, and controls. We handhold you through the execution of these procedures. We create a culture of AML compliance in your entity to ease compliance with all regulations.

Our offerings on AML compliance for real estate professionals include the following:

Performing KYC and CDD
Monitoring transactions to detect suspicious ones
Imparting training to employees
Creating a customised AML framework
Executing AML policies, procedures, and controls
Finding the right AML software for your business
Business risk assessment
Health Check
Submitting STRs, SARs, and other relevant reports
Creating and maintaining documentation and records

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 25+ years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.

He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.

Article UAE