Common mistakes to avoid while submitting a Real Estate Activity Report

The UAE AML regulations mandate that real estate agents/brokers and lawyers/law firms furnish a Real Estate Activity Report (REAR) on the goAML Portal. REAR is to be filed for reporting the transactions involving the purchase and sale of freehold real estate, where the payment towards property is settled either in cash equal to or exceeding AED 55,000 or using virtual assets or funds converted from virtual assets.

This reporting requirement is the UAE AML authority’s step to track and prevent the exploitation of the real estate sector for money laundering activities – to route the illicit money and make it appear clean. Thus, to contribute towards these AML efforts, it is essential that the regulated entities timely and accurately furnish the required details in the Real Estate Activity Report.

The AML Compliance Officer is the person made responsible for adequate reporting of the specified transaction related to Freehold properties.

In this article, we shall discuss some of the common mistakes made by the entities while submitting REAR on the goAML Portal and best practices that may help avoid these errors, which can assist the AML Compliance Officer in discharging the REAR reporting duties satisfactorily.

What are common mistakes observed while filing a Real Estate Activity Report (REAR)?

Real Estate Activity Report assist the authorities in preventing the misuse of the real estate sector for conducting financial crimes. However, for optimal utilization of the REAR as an AML measure, it is necessary to furnish the details carefully, avoiding mistakes. Let’s understand what common mistakes are observed when submitting REAR on the goAML Portal and the best practices to address the same.

Incomplete or inaccurate details

Furnishing correct and complete details is very crucial to serve the purpose of submitting REAR. The regulated entities must include accurate details about the parties involved in the transaction, details of the transaction (date and time), the location of the property involved, transaction value (property value), mode of payment, etc. must be captured.

Capturing incomplete details and errors in the information furnished are the standard and most frequent mistakes observed in REAR.

Solution

The regulated entity may establish an internal reporting mechanism, developing the standard REAR form for internal reporting. The entity may design and implement a REAR template (as available on the goAML portal), wherein the client-serving team can create a draft REAR ready capturing the required details and submit the same to the AML Compliance Officer for review and final filing of the REAR on the goAML Portal. This will enable adequate workflow, bringing in a maker-checker role to ensure the details’ accuracy while ensuring no required details are missed.

Incorrect or insufficient documents are attached

While filing REAR, the regulated entities should attach the relevant documents like the identity document of the parties, the sale/purchase agreement, UBOs’ identification documents in case of a corporate buyer/seller, etc.

These documents can be helpful to the authorities to understand the transaction better, and if required, these can be used in the course of inquiry or be presented as evidence.

However, the mistake around documentation involves –

not uploading the necessary documents
uploading the incorrect or expired documents
the uploaded documents are not legible or clear

Solution

The regulated entity must have an internal checklist listing the documents to be uploaded as part of REAR filing. These documents must be obtained from the customer (buyer/seller) if the entity is not privy to the same. The checklist can be used to ensure the completeness of the information and documents to be filed with REAR.

Further, before uploading the documents, the legibility of the documents must be verified.

As required on the goAML Portal, the entity should merge the documents into a single PDF file, meeting the size criteria defined on the portal, without impacting the document’s clarity or resolution.

Delayed filing

Currently, the AML regulations in UAE do not provide any timeline within which such REAR filing is to be concluded. In the absence of any specific deadline, the regulated entities generally are seen to delay the filing beyond a reasonable period of time. This may sometimes result in absolutely missing on reporting the specific transaction in REAR.

Only when the transaction is timely intimated to the authorities will the purpose of detecting suspicious activities and preventing attempted money laundering activities be served.

Solution

The regulated entity must understand the criticality of timely reporting of REAR and set an internal timeframe within which the reporting of the designated transactions would be completed on the goAML. For this, the entity may determine a certain reasonable timeframe – such as within two weeks from the trigger event (as prescribed for filing of Dealers in Precious Metals and Stones Report on the goAML report for submitting details of designated transactions involving precious metals and stones).

Additionally, the entity may explore the possibility of deploying necessary technology or tools to review the transactions that require REAR filing and trigger a reminder to the relevant personnel.

Other best practices for effective REAR filing

In addition to the above, the following practices may assist the regulated entity in boosting the AML compliance measures and authorities’ trust in the entity’s AML program when quality REAR are furnished:

Periodic Review of REAR-related processes

It is recommended that the regulated entity conduct a periodic review of the transactions and internal processes to determine whether all the transactions warranting REAR have been furnished. Further, a sample REAR filed during the past period must be verified independently to check the quality and adequacy of the information reported on the goAML Portal.

If any weakness or gaps have been identified in the REAR reporting process, the AML Compliance Officer must immediately address them.

Training on Real Estate Activity Report

The relevant team, engaging with a client or managing the business relationship, must be trained to REAR submission requirements and identify the activities where REAR filing is mandatory. The discussion on internal reporting mechanisms and best practices must be included in the session. The team must also be trained on the details obtained from the customer and maintain the same in an organized manner that assists the Compliance Officer in timely and accurate reporting of REAR.

REAR Documentation

The regulated entities must obtain and retain a copy of the REAR furnished on the goAML Portal and copies of the documents shared with the authorities.

How can Niyeahma assist you in ensuring compliance with REAR filing?

The real estate agents and the law firms must ensure proper REAR submission, as it demonstrates the entity’s commitment towards AML compliance. Let Niyeahma be your partner in REAR submission.

We can assist you in developing an AML framework for the business, including the guidelines for identifying and reporting the transactions triggering REAR filing. These policies and procedures are customized to the entity’s ML/FT risk exposure and business activities, ensuring compliance with regulatory regimes and contribution to protecting the real estate sector against financial crime.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

AML Case Management Software: Significant element of AML Compliance

With changing times where automation is impacting every aspect of business, anti-money laundering is no exception. The regulated entities in UAE – Financial Institutions, DNFBPs and Virtual Asset Service Providers (VASPs) must implement adequate financial crime risk mitigation framework to safeguard the business and comply with the applicable regulatory landscape. In this pursuit, the entities are moving towards AML Case Management solutions to bring efficiencies and effectiveness to their fight against money laundering and terrorist financing.

In this article, we will understand what AML Case Management software is and how it can revamp the face and quality of the entity’s AML efforts.

Understanding the AML Case Management Software

With emerging ML/FT trends and newer and more sophisticated methods, the timely identification of financial crime attempts is becoming challenging. In such situations, robust AML case management software can be a saviour for regulated entities to prevent financial crime vulnerabilities and avoid regulatory non-compliance consequences.

What is AML Case Management Software?

AML case management software is a platform offering automated capabilities to the regulated entities to efficiently manage the entire AML compliance cycle – from Customer Due Diligence to monitoring the transaction and identifying the potential suspicious transactions.

AML case management software is a comprehensive solution developed using advanced technologies, like artificial intelligence and machine learning, to facilitate regulated entities to navigate the AML compliance journey smoothly.

What are the Core Features of AML Case Management Software?

The following are the core features or functionalities of a robust AML case management software that fosters the AML compliance program of any regulated entity:

Customer Due Diligence:

Identification and identity verification of the customers and the beneficial owners, screening, and customer risk profiling to determine the nature and degree of the Customer Due Diligence (CDD) measures to be applied.

The CDD module of the AML case management solution is fundamental to identifying and preventing any potential financial criminals from sliding in and exploiting the business for laundering illicit funds. CDD functionality assists the regulated entities in determining the risk profile of each customer and business relationship and the CDD measures to be applied, considering the outcome of the customer identity verification and the screening against sanctions and other relevant databases. It will help in the optimal utilisation of resources, adopting the risk-based approach.

It is not a one-time activity. Instead, the AML case management solution comes in handy in KYC remediation and periodic review of the customer’s profile, including tracking the changes in the customer’s identification details.

Transaction Monitoring and Alert Management:

Real-time processing of a huge volume of financial transactional records and generating alerts for potential suspicious transactions or any unusual trend.

The AML case management software supports continuous monitoring of the transactions to detect anomalies and suspicious trends in customer activities and promptly flag the same basis the predefined rules and logic. The power of technologies like machine learning and blockchain reduces false positive alerts, allowing more time for the compliance team to focus on genuine suspicious warnings. This can be used to prioritise the alerts generated based on the nature or count of deficiencies or suspicions observed and help the entity address these alerts efficiently.

Managing the Alert Investigation Workflow:

Structured methodology and approach to investigate the flagged transactions, ensuring accuracy and consistency in the review process.

As the name suggests, the AML case management software enables the entity to manage the workflow of any alert as a “case”, starting from alert generation to its disposition, including thorough investigation capabilities. The software guides the compliance team to gather the flagged transaction-related data at one point and critically review the same. Case management software enables systematic analysis of the alerts, maintaining the audit trail and necessary records.

The standardization approach in investigation enables evaluation of all the critical information, ensuring that no ML/FT attempts go undetected and, simultaneously, no efforts are wasted on genuine transactions flagged as suspicious.

Collaboration amongst the team:

Facilitating smooth communication and coordination among various teams involved in AML compliance function.

For managing the AML compliance function effectively, collaboration and integration of various business functions are crucial – such as customer relationship manager, customer service executive, the finance and accounts team and, importantly, the AML compliance team. AML case management software enables a seamless exchange of information between the concerned teams, allowing the timely disposal of the case, be it a transaction monitoring alert or CDD process during customer onboarding.

Serves as Document Management System:

Maintenance of AML records in an organised manner, with utmost security and easy retrieval.

AML case management software is a document management system that retains the records and information in a tamper-proof system. The regulated entities can use this as an audit trail to check the progress and disposition of the alerts.

Further, it also acts as a single data repository of all AML-related documents and information, including CDD files and customer documents, transaction-related information, and records, including alerts generated and suspicions observed.

AML Reporting and Analytics:

Capabilities to generate AML reports required for submission with the AML authorities or for internal management to draw insights around AML compliance.

AML case management software empowers the regulated entities to generate AML reports required to be filed on the goAML portal – such as Suspicious Activity Reports (SARs) or Suspicious Transaction Reports (STRs), transactional reports like Dealers in Precious Metals and Stones Report (DPMSR) or Real Estate Activity Report (REAR), sanctions related reports like Fund Freeze Report (FFR) or Partial Name Match Report (PNMR).

Not limited to regulatory reporting, the AML case management solution can also offer capabilities to extract insights into an entity’s AML compliance. This may include information about the customers and their risk profile; the transaction flagged as suspicious and the outcome of the investigation; the number of reports filed with the Financial Intelligence Unit during the period; the ML/FT related trends and patterns, enabling Compliance Officer and the management to determine the actions to enhance the relevance and quality of AML efforts.

What factors should be considered while evaluating AML Case Management Software?

The selection of the right AML case management software is significant for advancing the AML compliance program of the entity. Thus, the entity must consider the various factors while identifying the right fit for the AML function, such as:

The solution must be feature-rich, aligned with the applicable AML regulations and offer necessary customization to work in tandem with the entity’s business operations. This requires the software to support the end-to-end AML compliance journey of the regulated entity, including AML reporting and analytics.
The module interface must be intuitive and user-friendly – easy to use and navigate. It is necessary to ensure that the software boosts compliance efficiency and productivity rather than attracting resistance from the users owning to its complex functioning mechanism.
Integration capabilities of the software, the integration between the existing system and the AML case management systems is essential for seamless transfer of data for ensuring completeness and accuracy of the data relied upon for AML compliance.
The software must be easy to scale as and when the volume and complexity of the customers and transactions increases. The solution must be capable of handling the evolving regulatory amendments and new AML compliance obligations.
The software must adhere to robust information security standards that can protect the entity’s sensitive and confidential information.

All the points mentioned above must be well considered while evaluating the AML case management software, including the pre- and post-implementation support for its successful deployment and implementation.

What are the benefits of AML Case Management Software?

The following points highlight the significance of AML case management software:

It streamlines the AML compliance activities and automates the manual tasks, improving compliance efficiency and reducing human errors.
Timely detection of the red flags enables the entity to implement necessary risk mitigation procedures.
Structure planning and deployment of resources to manage the risk, using risk-based algorithms and reduced false positive alerts.
Compliance with the UAE AML regulations, avoiding non-compliance consequences like imposition of fines, damage to the business reputation and loss of customer trust.
Provide actionable insights on AML compliance to the AML Compliance Officer and the senior management, highlighting the areas that need immediate efforts for strengthening the AML controls.

How can Niyeahma help you bring in the benefits of the AML Case Management Software?

AML case management software can be an excellent tool for regulated entities looking to upgrade their AML compliance structure. And Niyeahma is here to help you select the right AML case management solution. We understand your business operations, identify the AML compliance obligations and map them to the required AML capabilities to ensure compliance and protection against ML/FT vulnerabilities.

Let’s leverage the power of AML case management solution to detect the ML/FT attempts and timely prevent them before they influence the economy.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Suspicious Transactions around Precious Metals and Stones: Timely Identification and Reporting

To prevent the misuse of the precious metals and stones sector, the UAE authorities have brought the sector under anti-money laundering regulations. These AML regulations mandate the Dealers in Precious Metals and Stones (DPMS) implement necessary measures and controls to detect unusual transactions and activities appearing as an attempt to launder funds through the sector and immediately report the same to the Financial Intelligence Unit (FIU).

Precious metals like gold, platinum and precious stones such as diamonds and pearls have been common typologies exploited by money launderers to circulate illicit funds through the layers and make it look like they were generated from legitimate sources. Awareness of the anomalies and uncommon activities is critical for the DPMS to spot the red flags promptly and take necessary actions to prevent the laundering of funds through precious metals and stones.

In this article, let us discuss some unusual transactions that trigger an alert, internal and external reporting mechanism, and some of the best practices the dealers in precious metals and stones must adopt.

Identifying the Unusual Transactions involving precious metals and stones

Identifying suspicious transaction patterns is essential for the DPMS to protect their business from being misused for routing illicit money through the precious metals and stones mode. The UAE AML regulations mandate that dealers in precious metals and stones develop and implement a robust monitoring system to detect unusual transaction patterns and customer behaviour inconsistent with their risk profile.

One important aspect of detecting unusual transactions is knowledge of the common methods through which the launderers can exploit the industry. Only when the DPMS is aware of such trends and techniques can they be cautious towards the customer’s buying and selling activities to recognize the financial crime signals. Some of the commonly observed methods to be used by criminals to launder the funds are:

Structuring of transactions

The customer undertakes multiple weekly cash transactions, each valued between AED 50,000 and AED 53,000. This red flag indicates the customer’s intention to avoid the reporting threshold.

Involvement of high-risk jurisdictions

Frequent transactions where payment is released through a bank account located in high-risk jurisdictions.

Inconsistency with the nature of business activities

A corporate customer is making high-value purchases of precious metals with no logical connection with the business activities it is engaged in. For example, a non-profit organization buying diamonds.

Sudden change in the volume and value of transactions

A regular customer (in the case of a B2B business relationship) suddenly purchases double the value it has typically been undertaking without any economic rationale.

Abnormal customer requests for precious metal conversion

The customer makes an unusual request to convert precious metals like gold into ordinary objects to disguise the identification of gold.

Series of transactions in different names

The same person carrying out multiple transactions involving the purchase of precious metals furnishing different identity documents claimed to be close relatives. Though appearing genuine initially, it is a red flag suggesting an attempt to launder huge cash with forged IDs and fake names.

Mismatch in the transaction value and the customer’s financial profile

A customer makes transactions worth value beyond the ordinary means of the customer, as identified by a review of the customer’s financial document.

With awareness of the gaps comes the approach to staying vigilant to detect unusual transactions and prevent money laundering and terrorist financing.

Reporting of Suspicious Transactions involving precious metals and stones

The AML regulations in UAE provide that the regulated entities, including the dealer in precious metals and stones, must report the identified red flags to the Financial Intelligence Unit without any delay. To comply with this regulatory reporting requirement, the DPMS must adopt a thorough and systemic approach, following the below steps:

1. Preliminary inquiry to determine the nature of suspicion

Once the frontline employee, upon detection of any unusual activity or risk indicator, must make further inquiry into the matter. This inquiry may involve reviewing the customer’s profile, past transaction history, etc. If required, the employee may seek clarification or further details from the customer, but subject to compliance with the “non-tipping off” requirement.

The employees must evaluate the matter diligently to avoid sending unnecessary reports to the AML Compliance Officer, which, upon preliminary investigation, turns out to be genuine and legitimate activity.

2. Intimation to the AML Compliance Officer

If the employee has reasonable grounds to believe that the suspicion still prevails even after investigation and requires escalation to the AML Compliance Officer for further investigation, it must intimate the matter to the AML Compliance Officer. Such reporting or intimation to the Compliance Officer must be in writing, capturing the necessary details about the transaction, why the employee considers the subject activity or transaction suspicious, parties involved, and other details and documents necessary for the Compliance Officer to investigate the suspicion further.

3. Independent investigation by the AML Compliance Officer

Upon receipt of the internal report on observed suspicion from the employees, the AML Compliance Officer must attend to the matter immediately and independently review the facts to determine the legitimacy of the suspicion and the suspected transaction/activity. The investigation’s basis and the review’s outcome must be well documented. If the Compliance Officer believes that the transaction or activity is suspected of involving money laundering or terrorism financing, the reporting shall be done with the FIU by filing the Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR), as the case may be.

However, if the Compliance Officer is of the view that the transaction is genuine and does not involve any proceeds of crime, then such a decision must be recorded along with the rationale for the same.

4. Reporting the suspicion to the Financial Intelligence Unit (FIU)

Having determined the suspicion, the AML Compliance Officer, also known as the Money Laundering Reporting Officer, must immediately file the relevant report to the FIU, furnishing information about the parties suspected, the nature and value of the transaction, red flags observed, action taken by the authorities, etc.

Following a robust and systematic reporting mechanism, the DPMS can ensure timely and quality reporting of suspicious situations to the FIU.

Best Practices to avoid exploitation of precious metals and stones for financial crime

For effectively handling the identification and reporting of unusual transactions, here are a few best practices the dealers in precious metals and stones must adopt:

Adequately documenting the red flags

To assist the employees in understanding the unusual transaction patterns and detect the risk indicators, it is recommended that the DPMS have a list of red flags relevant to the business and circular amongst the team. With a list of potential risk indicators handy, identifying unusual transactions and evaluating the same to confirm the suspicion becomes quick and efficient.

Implementing tools and technology

When the number of customers visiting the jewellery showroom and the volume of transactions is too huge, deploying the right tools and software always proves to be the backbone of AML compliance. The emerging technologies, having data analytics capabilities, can review the transactions in real time, detect the patterns and trends that appear uncommon for the business, and generate alerts for the team to review further.

This will filter out the false positive alerts, allowing the team to focus more on the disposition of the genuine red flags.

Staying updated on the emerging trends and ML/FT typologies

The AML Compliance Officer of the DPMS must stay up-to-date on the evolving ways criminals could exploit the precious metals and stones industry. This knowledge would be crucial to proactively implement the necessary controls to detect such attempts and prevent business exploitation through innovative laundering methods.

Designing internal SAR/STR forms

To ensure accurate and comprehensive reporting, the DPMS must design internal STR/SAR forms. This shall ensure consistency in the details furnished by the frontline employees to the Compliance Officer without missing any critical information.

Furnishing complete and accurate details to the FIU

The AML Compliance Officer must ensure that the report filed with FIU has relevant, complete, and accurate information, which helps the FIU to analyze the possibility of money laundering or terrorism financing and make sure that necessary actions are initiated against the culprit.

Moreover, the Compliance Officer should avoid unnecessarily flooding the FIU with false alerts, reported just for the sake of reporting without diving into the actual nature of suspicion.

Conducting necessary training

Training is pivotal to imbibing a sense of awareness in the team toward identifying and handling unusual transactions. Adequate training on suspicion transactions promotes employee accountability, enabling them to detect and respond to the observed red flags effectively. Education around the internal reporting mechanism must be ensured to empower the team to manage the internal suspicious reporting requirement skillfully.

The above-mentioned best practices around identifying red flags and reporting thereof would offer a competitive edge to the DPMS to detect the red flag before it significantly impacts the business and stay AML compliant.

Let Niyeahma assist the DPMS sector in timely detecting and reporting suspicious activities!

A thorough understanding of the red flags and awareness of its reporting process is fundamental in detecting and reporting suspicious transactions. With our team of professionals at Niyeahma, we assist the dealers in precious metals and stones in UAE in designing the AML framework, including the list of sector and business-specific ML/FT typologies, and developing the standard reporting system to help the team in timely and accurately reporting the observed red flags to the AML Compliance Officer. We also impart training to the team on identifying and reporting suspicious transactions discussing case studies to bring a practical aspect to the learning.

Let’s unite to maintain the integrity of the precious metals and stones segment!

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

AML Risk Assessment before launch of a new product or service

The regulated entities in the UAE are required to assess the overall exposure of the business to financial crimes. For this, the Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) must conduct the Enterprise-Wide Risk Assessment (EWRA) considering the relevant risk factors. One critical scenario that impacts the business’s ML/FT risk is the potential of the new products or new practice areas being exploited by the criminals for laundering illicit money or financing terrorist activities.

When the regulated entities evaluate the risk associated with the new products or services, it would be possible for the entities to develop and deploy the necessary risk mitigation measures.

Through this article, let’s explore what business risk assessment is, the significance of assessing the ML/FT risk before introducing any new business practices, products, or services, and the best practices to assess this risk thoroughly.

Understanding the AML Risk Assessment

An AML Business Risk Assessment is an exercise conducted to evaluate the potential threats to the entity’s business operations, considering the overall profile in terms of customer base, business model, geographies in which the entity operates, the nature of products or services offered, the size, volume, and complexity of the transactions, the delivery channels and distribution methods used by the entity.

The EWRA includes the following sub-processes:

Identifying the risk factors and the relevant risk scenarios that impact the business
Determining the likelihood of the risk scenario materializing, its frequency, and the extent of the impact it can have on the business (this is an inherent financial crime risk the business may face)
Mapping the controls needed against these risk parameters (whether already in place or any additional controls or systems are required)
Analysing the strength and effectiveness of these controls
Assessing the residual risk and comparing the same against the entity’s management-approved risk appetite

The assessed risk gives insight to the regulated entity on the potential vulnerabilities and the risk mitigation measures required to overcome these risks or at least minimize the impact.

This understanding helps the entity to determine the resources required and its optimal allocation based on the severity of the risks. Moreover, EWAR forms a base for the entity for designing the internal AML/CFT policies, procedures, and controls to stay safe and compliant with AML regulations.

AML Risk Assessment before launch of a new product or service

Development and launch of a new product or service bring a good business opportunity but may expose the business to newer types of financial crime risks. Thus, the regulated entities must evaluate the potential ML/FT vulnerabilities that may surface exploitation of the new products or services. With timely assessment of the associated risk, the regulated entities can proactively determine the mitigation measures required before the financial criminals misuse the newly introduced offerings.

The regulated entities must have systems and procedures to track these regulatory changes impacting the entity’s compliance obligations. This can be achieved with the AML Compliance Officer’s active participation in the authorities’ conducted webinars, subscribing to any professional network to receive update notifications timely, and attending AML-specific industry study groups or conferences.

Best practices to be followed for assessing the potential ML/FT vulnerabilities associated with new product or service

Involving AML Compliance Team in product/service design

The product or service development team must involve the AML Compliance Officer while discussing the design and development aspects. The AML Compliance Officer’s feedback can prove valuable in managing the product design in a way that reduces the risk possibilities.

The Compliance Officer’s understanding of the AML regulations would help the entity develop a product or practice that meets the compliance requirements without specifically providing options to the criminals to place the illegal funds into the economy.

Identify the risk scenarios

The regulated entity must evaluate the possible circumstances of how the criminals can exploit the new product or services for money laundering or terrorism financing. The entity may refer to ML/FT typologies associated with similar products/services. Reference should also be made to reliable data sources publishing the information and statistics about the financial crime vulnerabilities faced by peers offering the same or similar products.

Further, the regulated entity may also rely on emerging technologies like Machine learning or Big Data to study the existing data, draw patterns, and highlight the expected risks from recently established products or services.

For example, if a dealer in precious metals and stones plans to start an eCommerce portal for selling the jewellery online. Before making this portal live, the dealer must consider the ML/FT threats, such as the possibility of criminals making multiple transactions of smaller values using different IDs or fake IDs, to what extent the online portal would favour anonymity or provide an opportunity to criminals to conceal the actual beneficiaries, etc.

Assessing the nature and degree of controls required

Once the risk associated with new products and services is identified, the regulated entity must determine the risk mitigation measures required for such risks. The nature of controls and systems needed to be well documented against the identified risk parameter and how effectively these controls can tackle the risks.

Continuing the above example, if the dealer in precious metals and stones is planning to accept the payment in virtual assets, then the entity should have controls around screening the virtual assets wallets or identifying the geolocation of the party to avoid exploitation by criminals from high-risk jurisdictions.

Creating awareness and training the team

It is essential to onboard the senior management and the staff on this new products/services AML journey. The regulated entity must impart required AML training to the team around potential risk situations that may arise with these products/services, the modified systems and controls implemented, and the expected role of the employees in managing the risks.

When the systematic approach is adopted for assessing the risk arising from new products and services, mitigating this risk and its impact on the business can be managed efficiently.

Implementing additional controls of modifying the existing ones

Once the controls have been identified, the regulated entities must check whether existing controls can be used or enhanced to manage the new product/service’s risk. If not, the additional controls must be incorporated into the existing systems, making them capable of handling the newer risk scenarios.

In the current example, the dealer in precious metals and stones would be required to enhance the existing KYC forms and the Customer Due Diligence measures to cover the identification of the customer (as non-face-to-face transactions pose a different level of risk) and inquiry around the mode of payment.

Further, the jeweller might not have the systems that allow the screening of crypto wallets. Here, the existing systems must be upgraded or replaced with an advanced tool that supports the identification of red flags related to virtual assets, monitors the crypto transactions, and triggers an alert when any suspicious activities are observed.

Significance of the AML Risk Assessment before launch of a new product or service

This beforehand assessment of the financial crime risk and implementation of the necessary controls will enable the regulated entities to check the exploitation of new products or services by the financial criminals.

The proactive approach of the entity demonstrates the entity’s commitment to combat financial crimes. It instils the trust and confidence of the customers and other stakeholders in the entity’s business practices.

Further, identifying the risk before introducing new products or services is also mandated under the UAE AML regulations. Thus, with this risk assessment, the entities avoid non-compliance fines and penalties, safeguarding the business against reputational damage and unnecessary legal hassle.

When the business and compliance goals are aligned for a newly developed product or service, the future hassle or complexities associated with the products can be eliminated, bringing the desired outcome of fresh offerings.

Let AML UAE assist in identifying and managing the ML/FT risk associated with new products or services

The ML/FT risk assessment is crucial for the regulated entities before introducing or developing any new product or services to understand the new risk vulnerabilities and deploy the timely mitigation measures without allowing the launderers to exploit these new launches. In this journey, let AML UAE help you assess the risk arising from such a new product/service while you focus on business development. With a thorough understanding of the AML regulatory framework and the industry experience, we can assist you in assessing the overall business risk, implementing the required controls, and creating awareness amongst the team to stay AML compliant.

Let’s partner in your efforts to protect the economy’s integrity and security against financial criminals.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

How to update the AML Policies, Procedures, and Controls in line with UAE AML Laws?

In the present times, where the money laundering and terrorism financing typologies are evolving every day, the relevant regulatory frameworks are also changing regularly. In UAE, there have also been regular amendments in the Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) regulations to extend the coverage of compliance to various industries and effectively protect the country’s economy against financial crime. It is pertinent for the regulated entities to maintain their AML Policies, Procedures, and Controls documentation up to date with these regulatory changes and ensure complete compliance.

The regulated entities may face severe consequences for violating the AML obligations imposed under UAE AML laws and regulations. Thus, the regulated entities in UAE must be aware of the amending regulatory landscape, including industry-specific developments, and maintain the entity’s AML program in sync with these changes.

This article discusses a regulated entity’s systematic approach to updating the AML Policies, Procedures, and Controls. This article aims to guide law firms in the UAE on effectively updating their AML frameworks to adhere to the UAE AML regulations.

Circumstances warranting the regulated entities to update the AML policies and procedures

The risk factors are never constant, changing as we speak. As the financial crime risk is dynamic, so are the AML regulations designed to prevent financial crime.

Here are the two critical circumstances that require the regulated entities to review and update their currently implemented AML framework:

Changes in the entity’s ML/FT risk exposure

The entity’s business may change over time, exposing the entity to newer risks and compliance challenges. This includes changes in the nature of the customer base, the expansion of the geographies in which the entity operates, the launch of new products or services or business practices, etc. These changes bring a different nature of risk, impacting the business differently.

To handle a changed risk scenario, the regulated entity must alter its AML/CFT policies, procedures, and controls that can effectively identify and mitigate the new vulnerabilities.

Money launderers and other financial criminals are constantly coming up with new techniques to execute financial crimes. The regulations and best practices also evolve to tackle these emerging trends, requiring the AML-regulated entities to modify their AML program.

The regulated entity must implement a system to maintain the entity’s overall risk profile updated as the business progresses, considering all the relevant risk parameters. The regulated entity can only amend its AML framework to manage these risks with the business risk monitored continuously.

Amendments in UAE’s AML Laws and Regulations

The UAE government periodically conducts the National Risk Assessment (NRA), and regulatory changes are introduced based on the outcome of this NRA. Further, the relevant regulatory updates are also implemented to align with the international best practices and FATF recommendations necessary to address emerging financial crime exposures.

The regulated entities must have systems and procedures to track these regulatory changes impacting the entity’s compliance obligations. This can be achieved with the AML Compliance Officer’s active participation in the authorities’ conducted webinars, subscribing to any professional network to receive update notifications timely, and attending AML-specific industry study groups or conferences.

Systematic Approach to Update AML Policies, Procedures, and Controls

The approach followed for maintaining the AML/CFT policies, procedures, and controls is equally essential as the need to keep these documents up-to-date. A systematic approach to these AML program updates will ensure that the regulated entities move closer to adequate regulatory adherence compliance without hampering or disturbing the ongoing business and compliance activities.

Reviewing the current AML Policies, Procedures, and Controls

To begin with, the regulated entities must analyze their existing AML framework, including the documented policies, procedures, and controls. This assessment must be in line with the modified risk exposure for the business and the regulatory amendments introduced that impact the entity’s business and compliance obligations.

The gaps between the “As-Is” and “To-Be” policies must be identified. The areas where changes or enhancements are required must be clearly identified. When reviewing the existing framework to assess the gaps, it is always good for the AML Compliance Officer to involve relevant teams like the compliance team, legal team, and senior management, seeking their thoughts on identified changes.

The impact of the regulatory or risk scenario changes must be evaluated in terms of:

Relevance of the Enterprise-Wide Risk Assessment methodology
Effectiveness of the currently followed Customer Due Diligence process
Adequacy of the present controls and systems
Need for additional resources, etc.

When the Compliance Officer is ready with the enhancements requirement in the AML policies and procedures, making these changes in the AML Program would be a quick and easy task.

Incorporating the necessary changes in AML Policies, Procedures, and Controls

Once the required changes have been identified, the AML Compliance Officer of the regulated entity must immediately proceed with the exercise of incorporating these changes in the AML framework – policies and procedures. Due consideration must be given to the procedural changes, as through these revised procedures and processes the entity will be able to comply with revised policies.

Modifying or enhancing the existing controls to align with the revised policies and procedures is pertinent. Only when the policies, procedures, and controls are in sync the regulated entity can justify compliance with the amended provisions of the UAE AML regulations.

The revised policies and procedures must be presented to the senior management for review and approval.

Further, the version history of the policies must be appropriately maintained, enabling the regulated entity to track down the AML measures followed over the period.

Training the team on the updated AML framework

Merely making changes and updating the AML policies, procedures, and controls is not enough if the team on-ground is still following the old measures and processes. Here, comes the need for the regulated entity to ensure that the team, including the senior management, is aware of the revised set of the AML framework.

The regulated entity must immediately arrange for the AML training session to educate the team about these modified AML policies, procedures, and controls, their significance, and each employee’s role in meeting the revised AML compliance expectations. In cases where the changes significantly impact the existing measures or working style, the regulated entity must organize workshops or include case studies in the training program to give a practical sense to the team on its proper implementation.

If required, periodic refresher courses or discussions with the team must be scheduled to check on the team’s understanding and implementation of the revised AML policies, procedures, and controls.

Periodic review to ensure updated AML policies are followed

Maintaining the AML policies and overall framework updated is an ongoing activity to ensure its effectiveness in mitigating the risks, adequacy, and quality in terms of compliance with the AML laws of the land.

The regulated entity may implement a periodic internal AML audit or review function, where the AML framework and its implementation are reviewed. This will enable the regulated entities to spot flaws or non-compliance, allowing the entity to take timely remediation measures.

Let Niyeahma design and maintain your AML Policies, Procedures, and Controls

Adopting a proactive approach is crucial for the regulated entities to periodically review and maintain the AML program, capturing the changes parallel to the regulatory amendments and emerging risk exposure.

Niyeahma is here for your assistance. With a team of AML professionals, we continuously track the evolving ML/FT typologies, changes in the UAE’s AML regulations, and the international best practices emerging worldwide that can strengthen the business’s shield against financial crimes. We can help you customize your AML framework, including maintaining your policies, procedures, and controls updated with the legislative amendments, giving you the confidence to focus on business without worrying about AML non-compliance or potential exploitation by financial criminals.

Let’s join hands to stay AML-Compliant and ML-Safe!

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Right AML Solution to foster Corporate Service Providers’ AML Function

Right AML Solution to foster Corporate Services

Right AML Solution to foster Corporate Service Providers’ AML Function

With emerging financial crime typologies and ever-changing regulatory requirements, the regulated entities, including the Corporate Service Providers, need robust AML software to mitigate the risk and stay AML compliant.

Corporate Service Providers are vulnerable to financial crime as they offer services like the formation of legal structures or legal arrangements, providing nominee services, assistance in the administration of trusts or special asset protection vehicles, etc., which may be exploited by the money launderers or other criminals to move their illegal proceeds.

By designing and implementing a comprehensive set of AML measures, backed by deploying the right technology and tools, the Corporate Service Providers can timely identify and prevent money laundering and terrorist financing risks and ensure compliance with the UAE AML regulations.

With this article, let us explore the key points to be considered and the step-by-step approach to selecting the right AML software to enable a Corporate Services Provider (CSP) to adhere to the UAE AML regulations and avoid non-compliance consequences.

AML Compliance Software’s Capabilities to be looked for by the CSP

When searching for an AML software or system, the CSP must consider the AML compliance obligations imposed under UAE AML regulations and the capabilities of the solution to support the same:

Assessing the business risk

As conducting an Enterprise-Wide Risk Assessment helps the CSP evaluate the ML/FT risks and customize the AML program, the CSPs shall look for a solution to assess the business risk. The functionality must be comprehensive, enabling risk assessment considering the relevant risk parameters such as the type and activities of the customers, the location of business operations, the nature of transactions and the services offered, etc.

Assessing risk just once is not enough; the solution should adopt a dynamic approach to risk assessment, wherein the outcome of EWRA is updated as and when the CSP’s risk factor significantly changes.

Streamlining the Customer Due Diligence Process

The CSPs in UAE are required to implement a robust Customer Due Diligence (CDD) process to identify the customers, determine their risk levels, and apply adequate mitigation measures.

Hence, the AML solution must support the CSP in navigating the CDD steps smoothly, which includes the following:

Capabilities for customer identification and verification of their identities, whether it is an individual or a corporate customer,
Screening the customers against the Sanctions Lists (specifically UAE Local Terrorist List, UNSC Consolidated List, and facility to configure other international lists relevant to the CSP’s operations),
Screening the customer to identify any nexus with a Politically Exposed Person (PEP) or has any adverse or negative media against the person,
Conducting customer risk assessment considering their identification details, the outcome of screening, etc., to determine the risk profile.

Continuous Monitoring of Business Relationships and Transactions

The customer’s profile may change in the course of the business relationship. Thus, the solution must support the ongoing monitoring of the customer’s information, time flagging off the expiry of the identity documents, change in the customer’s PEP status or screening outcome, etc.

Further, ongoing monitoring of transactions is also very critical for CSP to track the customer’s activities and their consistency with the initially assessed risk category. With technological support, the CSPs can easily monitor large volumes of data, develop a pattern to identify suspicion or unusual activities and generate timely alerts to prevent and report such matters to FIU.

Integrating with the CSP’s Existing Business Solution

The potential of the AML solution can be optimally utilized when the same is integrated with the business solution that the CSP is using. The AML tool must seamlessly connect with the existing IT infrastructure for a smooth exchange of data around customers and transactions, reducing the redundant efforts or delicacy of the data, streamlining customer onboarding, and making identifying red flags easy and prompt.

User-Friendly Navigation

The AML system must be easy to interact and use, ensuring that the team can effectively utilize the functionalities without much investment in training, and a comprehensive User Manual can be enough to explore basic features. The solution’s functionalities must be logically placed, allowing users to access the required items. Further, a “Help Kit” must be available, which the users can refer to and resolve any technical or contextual aspect of using the solution.

Right approach to select the right AML Compliance Solution

Having discussed the functions and capabilities to look for in an AML solution, let us discuss the selection process. There is many software available in the market offering the same set of features. In such cases, identifying an appropriate AML software is in itself an art requiring a lot of deliberations of various factors, as once you invest in the software, you may expect to continue using it for the longer future and not spend your resources on frequently switches from one to another tool.

So, identification of the right software must be done using a systematic approach, as detailed under:

Assessing the AML Compliance requirements and Preparing the Business Requirements Document (BRD)

The CSP must first understand the business-specific AML compliance obligations in the context of the nature of services offered, the geographies the CSP deals with, the size and complexities of the transactions, etc. This understanding must be mapped with the features required in the AML solution. This Business Requirement Document (BRD) must cover the functional and non-functional aspects of the software the CSP is expecting, including the need for configurable parameters and customization possibilities. Further, this BRD must be approved by the CSP’s senior management, bringing them onboard concerning the required features and the budget allotted.

This BRD shall serve as a base and assist the CSP in navigating the software selection process.

Identifying and shortlisting a few AML solution providers

The CSP’s Compliance Officer must look for options matching the requirements. While identifying the software vendors, the CSP must consider the following factors:

Functionalities available
Pricing of the product, including any hidden or contingent costs
Reputation of the software provider (looking for customer reviews, testimonials, etc.)
Vendor’s readiness to handhold and train the team initially
Vendor’s post-implementation support
Scalability of the solution

Considering these parameters, the CSP must shortlist 2-3 solution providers that best match the AML compliance requirements and fit within the CSP’s budget.

Arrange for the demonstration of the solution

Once the potential fits have been identified, the CSP must arrange for a demonstration of these solutions to have a look and feel of the features offered and test the capabilities. Practically accessing the software and interacting with the vendor will give an understanding of the user interface, customization possibilities, vendor’s commitment towards training and after-sale services, etc. On the basis of this understanding, the CSP must score each of the shortlisted solutions, consider the pros and cons, and finally decide which one to go ahead with.

Get it started with proper documentation

Once the right software is identified, the CSP’s Compliance Officer must involve senior management and seek their support in closing the agreement. The agreement must be worded, specifying the scope of the parties, the features support, the prices, duration, any additional charges that may be levied in the future, etc.

As the AML software is a breakthrough for implementing the AML program, the choice of software must be made wisely following the proper decision-making methodology; otherwise, it can bring you reputation loss and non-compliance penalties.

Let Niyeahma assist the Corporate Service Providers strengthen their AML Function with the right AML tool!

Deploying the right software is critical for Corporate Service Providers in the UAE to ensure timely compliance with regulatory obligations, identify financial crime risks, and prevent and report the same. Let experts assist you in this process.

Niyeahma is a leading AML consultancy firm, providing end-to-end AML support to the regulated entities in UAE, including Corporate Service Providers. With our understanding of the regulations, we can assist you in defining your AML compliance requirements, preparing a detailed BRD, and identifying the right fit for your compliance needs. We do not stop here; we ensure that the solution implementation is a smooth ride for you without bothering your routine business activities, but at the same time, meeting your ongoing AML compliance requirements.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Exploring unusual transaction trends for VASPs under UAE AML Regulations

With the growing acceptance of virtual assets (used to store the value, medium of exchange, for investment purposes, etc.), criminals have also started exploiting the sector for laundering illicit funds and financing terrorist activities. The launderers’ preference towards cryptocurrency and non-fungible tokens (NFTs) is owing to the nature of the product – easy to transfer across countries within a few seconds, and that too without disclosing the identity in most cases. This calls for the Virtual Asset Service Providers (VASPs) to stay alert to detect unusual trends or suspicious virtual asset transactions indicating the use of criminal proceeds or intended to conduct a financial crime.

For the same reason, the VASPs have been put under anti-money laundering (AML) regulatory regime, mandating the VASPs to develop and implement appropriate AML programs to curb the potential vulnerabilities.

This article will discuss the unusual activities involved in virtual assets, the financial crime red flags for VASPs, and the best practices that a VASP may adopt to detect and manage financial crime risk.

Identifying Unusual Transaction Patterns

Generally, the Virtual Asset Service Providers are entities conducting activities related to virtual assets in the course of routine business activities, which involve conversion of the virtual assets to fiat currencies or vice versa, transferring virtual assets from one wallet to another, providing virtual asset custodial services, etc.

The UAE AML regulations mandate the VASP to implement a comprehensive AML compliance program to combat money laundering and terrorist financing by deploying solid processes and systems to identify and prevent financial crime attempts involving crypto and NFTs. Given the vast volume and the pace of transactions, the VASPs must continuously monitor and report any unusual activities related to virtual asset transfers suggesting potential financial crime.

The VASPs must understand some common characteristics indicating the virtual asset transaction to be a potential risk of financial crime, and the monitoring rules and systems must be designed bearing these characteristics in mind to ensure timely identification and curbing of unusual transactions.

Some of the Common Characteristics of Unusual Transactions related to Virtual Assets

The following are some of the unusual transaction patterns related to virtual asset transfer that can serve as the key risk indicators for VASPs:

Persons attempting to avoid Customer Due Diligence requirements or providing false information

The person who tries to avoid the Customer Due Diligence process conducted by the VASP to evade the identification or the person who provides fake documents or false identification information is one of the biggest red flags that require the VASP to take immediate action.

Large-value transactions without any apparent economic purpose

One of the risk indicators is that the person is making a large value transfer of virtual assets to one or multiple wallets without any logical or legal rationale. Such transactions require detailed inquiry from the VASPs to understand the actual intention and purpose of the transactions.

Person making multiple large-value virtual asset transfers in a short period

VASPs must stay alert when the person initiates multiple virtual asset transfers of large amounts within a short span of time. The investigation must be conducted to determine the source of funds for virtual assets and the beneficiaries to whom the transfers are made.

Frequent movement of funds between two virtual asset wallets

Rapid virtual asset movement from one wallet to another and vice versa can be construed as an unusual transaction intended to create multiple layers to disguise the origin of the funds and the owner.

Transactions with counterparties in high-risk countries or jurisdictions with weak AML controls over VASPs

Frequent transactions with counterparties in countries with no or weak AML regulations or countries known for money laundering can be treated as suspicious transactions, warranting examination by the VASP.

Virtual asset transfers to known criminals or involving the dark web

One of the critical risk indicators suggesting the transfer to be unusual is when the parties involved are known to have criminal connections or the transfers are routed using the dark web marketplaces.

Conversion of one type of cryptocurrency to multiple virtual assets

Frequent conversion of large amounts of one type of cryptocurrency into multiple virtual assets within a short period suggests a suspicious pattern of transactions.

Conversion of fiat currency to virtual asset and immediate withdrawal in another jurisdiction

With the easy conversion process of fiat to crypto, the launderers have started converting the illegal cash into virtual assets in one country, followed by immediate withdrawal of such virtual assets into fiat in some other jurisdiction. This is one of the nature of unusual activities, specifically when such other jurisdiction is under the “high-risk” category.

Managing the Unusual Transactions related to Virtual Asset transfer

The UAE AML regulatory regime requires the VASP to establish and maintain robust monitoring systems and controls that can effectively detect suspicious activities and generate timely alerts for the VASP to act and prevent.

Considering the volume and nature of virtual asset transactions, the VASP must consider deploying emerging technologies and tools like Artificial Intelligence, Machine Learning, or Blockchain that use advanced algorithms and data analytics techniques to identify inconsistencies and unusual patterns.

Best AML Practices for VASPs to Detect and Report Unusual Transactions Related to Virtual Assets

A. Adopting a Comprehensive AML Program

The primary AML responsibility of any VASP operating in the UAE is to assess the potential financial crime vulnerabilities it may face and accordingly design the AML Compliance Program. The AML framework must include the AML policies and procedures navigating and guiding the VASP to manage financial crime exposure and prevent money laundering, terrorist financing, and financial crimes damaging the virtual asset ecosystem.

These AML policies and procedures must include the following:

Robust customer onboarding process – strong Customer Due Diligence, covering the Know Your Customer (KYC) and Know Your Transactions (KYT) measures to identify the virtual asset wallet holder and assess the customer’s risk profile.
Effective measures to identify the corresponding VASP (Know Your VASP)
Implementing the Targeted Financial Sanctions to refrain from the entry of the sanctioned individuals.
Mechanism to identify and report suspicious activities.
Adequate AML training program to ensure the team is well-aware and well-trained to detect and report unusual transactions.
Appropriate Management Information Systems (MIS) to track the virtual asset activities.

In addition to the above, the AML program must lay down the procedures and controls around continuous monitoring of the transactions to track the legitimacy, accuracy, accuracy, and consistency of the virtual asset transfer with the originators and the beneficiary’s risk profile. The monitoring program must consider factors like the nature of the customer, location, risk rating of the person, etc.

These AML frameworks – policies, procedures, and controls- serve as a foundation for the VASP’s AML compliance structure, shielding the virtual asset industry from being misused by money launderers and other financial criminals.

B. Leveraging the technology to reinforce the AML program

Ongoing and real-time transaction monitoring is essential to identify unusual transactions or customer behavior inconsistent with their profile. Managing large transfers, where millions of virtual assets are exchanged in a second, would not be possible without utilizing automated systems that support data analysis, detect anomalies, and highlight the same to the concerned person for due inquiry and resolution.

The solution for real-time monitoring must handle enormous amounts of data and be compatible with blockchain technology. This will allow the VASP to stay ahead of the criminals and possibly prevent the exploitation of the virtual assets before concluding the transfer.

The system must be configured to manage the VASP’s specific risks, using logical monitoring rules based on threshold amount, frequency of transactions, the wallets involved, detection of blacklisted wallets or restricted cryptocurrencies, high-risk jurisdictions, etc.

The tools should not be restricted to detecting red flags or inconsistencies, but the intelligent algorithms should help the VASP to predict the trends and risk vulnerabilities that may impact the operations in the near future. This will enable the VASP to adopt a proactive approach to get ready to fight financial crime.

Thus, the role of technology in monitoring transactions to identify unusual transactions and suspicious patterns cannot be overruled. Only by leveraging the automated tools and techniques supporting real-time monitoring can the VASPs strengthen the quality of their AML program to timely identify uncommon and suspicious activities and maintain integrity and transparency in the virtual asset domain.

With Niyeahma, enhance your AML program to shoot down the suspicious activities

Awareness of the red flags and risk indicators related to virtual assets is essential to detect unusual transactions and suspicious patterns suggesting money laundering. Leverage the experience and knowledge of Niyeahma’s professionals in building a robust AML program customized to VASP-specific risks. We help VASPs develop the AML controls ongoing monitoring rules, define the red flags that trigger prompt signals, and are backed by our support in identifying and implementing the right tools and software.

Let’s come together and safeguard the virtual assets industry.

About the Author

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti

Article UAE

Sanctions Compliance by VASPs in UAE: Safeguarding the Virtual Asset segment against financial crimes

The overall Anti-Money Laundering compliance landscape covers implementing measures to comply with the Sanctions regime. Even the UAE AML regulations mandate the regulated entities to screen the customers, suppliers, and the Ultimate Beneficial Owners against the Sanctions List. This regulatory obligation applies to Virtual Asset Service Providers (VASPs) operating in UAE to manage the risk of sanctions violations through crypto transactions.

Let us explore the Sanctions compliance requirement under the UAE regulations, why is sanctions compliance by VASPs so significant, and how VASPs can ensure effective compliance with the Sanctions regime.

Sanctions Compliance under UAE AML framework

Sanctions are the restrictions or embargoes imposed upon known criminals engaged in terrorist activities or other serious crimes from accessing the financial systems or particular products or services. In this context, sanction compliance becomes pertinent to ensure that the businesses do not engage with the sanctioned entities or individuals, ensuring they safeguard themselves from financial misuse and avoid penalties for sanctions violations.

Under the UAE AML/CFT regulations, Sanctions compliance is integral to the AML/CFT program. The regulated entities are mandatorily required to screen the customers, suppliers, and Ultimate Beneficial Owners (UBOs) of the corporate customers/suppliers, employees, and any third party associated with the business against the following lists:

UAE Local Terrorist List
United Nations Consolidated List

In addition, the regulated entities must conduct screening against the relevant international lists when a foreign country or global economy is involved.

Basis the screening outcome, the regulated entities must take specific actions and file an appropriate report on the goAML portal. With this basic idea about the Sanctions regime prevalent in the UAE, let us explore the sanctions compliance obligations of a VASP in the UAE.

Sanctions compliance by VASP in UAE

As the VASPs are subject to AML compliance in the UAE, they must also implement an effective sanctions compliance program. Sanctions compliance is necessary for the VASPs to ensure the virtual assets are not exploited by the sanctioned or designated persons to conduit terrorist financing or money laundering activities.

Subscribing to EOCN Notification System:

The regulated entities, including the VASPs, are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) to receive regular updates on the modification in the UAE Local Terrorist List and the UNSC Consolidated Sanctions List, i.e., intimation when any person is added in the lists, or de-listing of any individual, entity, or group on the lists.

Screening:

Given the fact that virtual assets transfer sees no geographical boundaries, the VASPs must not only screen the originator and the beneficiaries against the local sanctions list but also consider the country-specific and all other international sanctions.

The VASP must screen the originator’s and beneficiary’s virtual asset wallet ID to identify if any sanctioned or blacklisted wallets are involved in the proposed transfer.

The screening is not a one-time affair; instead, it must be carried out on an ongoing basis to timely identify any update to the sanction status of an existing customer or virtual asset wallet. This will ensure timely action against the designated person or wallets.

Basis the hits found in the sanctions screening, the UAE Targeted Financial Sanctions (TFS) regime mandates the regulated entities, including VASP, to undertake specific actions.

Actions:

In the case of a “Confirmed Match,” all the identifying information about the person, entity, or group matches with the key identifiers (name, date of birth, nationality/country of incorporation, etc.) of the designated person mentioned in the sanctions list. For confirmed match cases, the VASP must freeze the virtual assets available in the designated person’s wallet with VASP and shall terminate the business relationship. While in a confirmed match for a potential customer, the VASP must reject the virtual asset transaction. These freezing or rejection measures must be taken within 24 hours of identifying the persons as sanctioned.
However, in cases where all the key identifiers are not matching, or some of the information is missing but indicates a possibility of a matching basis, the partial name match, which the VASP cannot decide whether it is a confirmed match or false match, then in such cases, the VASP must suspend the transactions and the business relationships with such partial name match person. The VASP must continue such suspension unless any specific instructions are received from the EOCN.

Reporting:

Where the VASP identifies any confirmed or partial name match with the UAE Local Terrorist List or the UNSC Consolidated List, the VASP must report the same to the EOCN by filing the appropriate report on the goAML Portal. VASP must file a Funds Freeze Report (FFR) in case of a ‘confirmed match’ giving the details of virtual assets frozen and a Partial Name Match Report (PNMR) for a ‘partial name match’ case within 5 days from taking the abovementioned actions.

The VASP must ensure compliance with all the above 4 points to effectively implement the Targeted Financial Sanctions regime and maintain the integrity of the virtual asset world.

Step-by-Step Guide for VASP to ensure effective Sanctions Compliance

With the pace at which the virtual asset transfer occurs and the fact that the sanctions lists are updated regularly, the VASPs must follow a systematic approach to implement a robust Sanctions Compliance Program.

1. Designing a Sanctions Compliance Policy:

As a first step, the VASP’s management and the AML Compliance Officer must understand the sanctions compliance requirement to be adhered to and design a comprehensive Sanctions Compliance policy in accordance with the overall business risk and applicable regulations. The Sanctions Compliance Policy must clearly define the mandatory nature of undertaking sanctions screening, systems and controls required, actions to be taken by the team when matches are found (including review, freezing of funds, or termination/suspension of the business relationship, etc.) and the goAML reporting obligation.

Further, as part of the policy, the VASPs must also identify what sanctions lists would be screened.

2. Identifying the suitable Sanctions Screening solution:

Once the compliance requirements are identified, the VASP must look for an appropriate sanctions screening solution that supports the regulatory obligation and prevents the misuse of the crypto-assets.

While selecting the solution, the VASP must consider the following:

What all sanctions lists does the tool support
Form where is the sanctions database sourced (third-party data aggregator or directly from the official sources)
How frequently this database is updated
Can this system be integrated with the VASP’s online platform
Does the platform support continuous screening
Is the solution capable of supporting real-time screening
Does the screening tool capable of handling large volumes of data
Does the solution use AI or emerging technology to reduce the false positive hits
Is the solution compliant with the data privacy and security requirements

3. Integrating and setting up the sanctions screening rules:

Once the tool is finalized, the same must be integrated seamlessly with the VASP’s internal systems and platform to ensure that the screening is conducted on a real-time basis before the virtual asset transfer actually takes place so that transactions involving any potential hits or confirmed matches can be blocked.

The VASPs must define the screening criteria and rules basis which the screening would be conducted. This includes defining the parameters or identifiers for screening (such as originator/beneficiary name, virtual asset wallet ID, type of virtual asset transferred, location, etc.

The workflows for managing the screening results must also be configured, i.e., how the hit alerts would be generated, who would review the matches found, and conclude on the type – confirmed match, partial name match, or false hit.

4. Employees Training on Sanctions regime:

The strength of the technology deployed for screening is ineffective unless the VASP’s team is well-trained on sanctions compliance measures and how to implement the screening solution. The AML Compliance Officer must ensure that the relevant staff, specifically front-line employees, are educated on the significance of the sanctions regime, how to conduct sanctions screening, and what actions are expected from the particular role. The VASP must ensure the team stays updated with the evolving sanctions framework and emerging technologies deployed for sanctions compliance.

5. Periodic review of the Sanctions Compliance Policy and solution:

It is pertinent for VASP to ensure that the policy designed and the tools implemented are aligned with the ever-changing regulatory landscape and the emerging red flags and typologies. The overall sanctions program must be reviewed to identify gaps and enhance the procedures and controls for avoiding any unknowingly business dealings with sanctioned persons or sanctions non-compliance penalties.

With an organized approach to implementing sanctions compliance, the VASPs can mitigate the risk of facilitating sanctions violations, protect their reputation by demonstrating the commitment to AML/CFT and sanctions compliance.

Let Niyeahma assist you with implementing the Sanctions Compliance Program

Niyeahma is a leading AML consultancy firm assisting AML-regulated entities, including Virtual Asset Service Providers, in establishing and maintaining a robust AML/CFT compliance program, including a comprehensive framework for implementing the Targeted Financial Sanctions regime. From assessing the sanctions violation risk to identifying the proper sanctions screening solution, we got your back.

Let’s stay compliant and fight back the financial crime!

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

Enhanced Due Diligence by Dealers in Precious Metals and Stones: EDD for High-Risk Customers

Precious metals like gold, silver, platinum, and precious stones such as diamonds, sapphires, pearls, etc., are highly vulnerable to money laundering and terrorism financing. The Dealers in Precious Metals and Stones (DPMS) must implement Enhanced Due Diligence (EDD) measures to manage the increased financial crime risks arising from high-risk countries or transactions.

Owing to the following inherent characteristics of the precious metals and stones, the products are closely associated with ML/FT typologies and bring the DPMS under the ambit of UAE AML regulations:

Small size, high value
Easy to transport
Used as a store of value
Can be used as a medium of exchange
Is acceptable in most parts of the world
Retains value and is subject to lesser value fluctuation

The UAE AML regulations mandate that Dealers in precious Metals and Stones adopt adequate Customer Due Diligence (CDD) measures to manage the ML/FT risks. The DPMS is required to implement enhanced customer due diligence measures when the customer is identified as high-risk.

In this article, we will navigate Enhanced Due Diligence under UAE AML regulations and how dealers in precious metals and stones can implement the EDD measures.

Understanding the concept of Enhanced Due Diligence as per UAE’s AML regulatory landscape?

Enhanced Due Diligence is essential to the overall AML Compliance Program in a Dealer in Precious Metals and Stones. EDD is a subsection of the Customer Due Diligence process, mandatory to be adhered to when dealing with high-risk customers.

Customer Due Diligence is implemented to identify the customer and its beneficial owners and verify their identity to ensure that the company, knowingly or unknowingly, does not expose itself to financial crime. In this CDD process, the customer’s risk is also assessed, and appropriate risk categorization is done (either as High, Medium, or Low) by performing Customer Risk Assessment. During such a process, if the customer’s risk is assessed to be high, the dealers in precious metals and stones need to deploy some additional checks and verification measures to mitigate the increased risk. This process of applying additional measures to the customer or business relationship is called “Enhanced Due Diligence.”

What are the circumstances when EDD measures are to be applied?

EDD is adopted when the business relationship, customer, or transaction is identified as posing higher money laundering or terrorism financing risks to the business. Such situations may include:

Business relationship with a Politically Exposed Person (PEP)
When the customer is associated with a high-risk country
When the customer is coming from a jurisdiction having a weak or minimal AML/CFT regulatory framework
Transaction with a customer closely connected with a country notorious for money laundering or terrorist financing activities
When there is doubt about the accuracy or legitimacy of the information about the customer obtained earlier
When any ML/FT risk indicator or red flag is observed

What measures must the Dealers in Precious Metals and Stone adopt as part of the Enhanced Due Diligence?

Enhanced Due Diligence is not just restricted to the basic identification of the customers and the beneficial ownership but goes one step ahead of the standard CDD process. Under EDD, the DPMS is expected to implement the following additional measures to manage the higher ML/FT risks:

Additional information and verification measures

Rigorous identity verification measures should be adopted, such as getting certified copies of the documents and verifying them against independent databases.

The dealers and precious metals and stones must make additional efforts to collect more information about the customer, such as looking out for adverse media or negative news about the person. An additional inquiry must be made around the customer’s intended purpose of the business relationship and the nature of the transaction.

Inquiry about the Customer’s Source of Funds and Wealth

Since precious metals and stones are high-value items, the DPMS must inquire about the customer’s source of funds for the proposed transaction. Further, to determine the customer’s financial position, the DPMS must seek information about the customer’s source of wealth to determine whether the value of transactions and the customer’s finances are aligned.

Obtaining the information is not sufficient. The dealer in precious metals and stones should also determine the legitimacy of the declared source of funds and wealth using reliable sources such as the customer’s bank statement, audited financial statement or Balance Sheet, Tax Return, Pay slips or employment contract, etc.

Obtaining senior management approval

Given the increased financial crime risk involved in the business relationship, the UAE AML regulations mandate the DPMS to seek approval from the senior management before establishing such a relationship. Further, management approval must also be obtained when executing a transaction with high-risk customers.

1st payment through customer’s own bank account

When engaging with high-risk customers, the DPMS must have the first payment processed through the customer’s bank account with a bank having similar Customer Due Diligence measures.

This implies that the dealers in precious metals and stones must not execute the first transaction in cash with high-risk customers.

Increased ongoing monitoring

Once high-risk customers are onboarded, it is the regulatory obligation of the DPMS to monitor the customer profile and the transactions pertaining to high-risk business relationships. Such customers must be subject to an increased frequency of CDD information updates (for example, once in six months). Further, the transaction must be closely monitored to ensure that the same is in accordance with the customer’s risk profile and financial information furnished earlier and consistent with the customer’s nature of business activities.

This will help the DPMS identify any suspicious activities or unusual transactions indicating the involvement of financial crime risks.

Undertaking these additional checks and measures during Enhanced Due Diligence will help the DPMS better understand the customers and effectively manage the risk, especially increased ML/FT risks.

What are the critical elements for implementing Enhanced Due Diligence in the DPMS sector?

For the quality implementation of the Enhanced Due Diligence process, the Dealers in Precious Metals and Stones need to adopt the following components, ensuring effective mitigation of the increased risk and AML regulatory compliance:

Customer Risk Assessment

The DPMS must clearly lay down the guidelines for when the customer shall be classified as high-risk, warranting the application of the EDD measures.

For this, the customer risk assessment methodology must be well-defined, allowing the company to detect the high-risk posing business relationships timely.

Well-crafted EDD Program

The company must design and maintain a comprehensive Enhanced Due Diligence Program, providing practical guidelines for the compliance team to manage the higher risk of money laundering or terrorism financing. The EDD policy must prescribe the additional information to be sought from the customer, the documents to be obtained, and the resources to be relied upon for independent verification.

The methods and frequency for performing ongoing monitoring of high-risk customers must be well-documented.

EDD Training to the Team

The circumstances requiring the application of the EDD process and the additional measures to be applied must be communicated with the team. Regular training must be conducted to ensure that the team understands the EDD program and can apply necessary checks on a timely basis.

Potential red flags suggesting higher ML/FT risks when DPMS must apply EDD measures

Given the nature of the products and services involved, the following are some of the risk factors when the Dealers in Precious Metals and Stones must adopt the Enhanced Due Diligence process:

When the transaction appears to be complex, involving multiple parties across different locations
Customer is a Politically Exposed Person or a close associate
When the customer insists on making a payment using cash, even when the transaction value is high
Inconsistency between the nature of the customer’s activities and the purpose of the transaction (Non-Profit Organization buying 1 kilogram of gold)
When the customer is hailing from or conducting business in high-risk countries
Customer making unreasonable request of converting the form of precious metals to ordinary objects
Customer making series of small value transactions
Payment being routed through an unrelated third-party account

Let Niyeahma assist you in implementing the robust Enhanced Due Diligence mechanism to safeguard your precious metals and stones business

Implementing EDD measures in the DPMS sector is pertinent to manage the risk associated with precious metals and stones. Niyeahma can assist you in developing the EDD program for your jewellery business, ensuring that you rightly identify high-risk customers and manage these risks with suitable AML measures and controls. We assess your business exposure to financial crime risks and customize the easy-to-implement AML/CFT Compliance framework, focused on detecting and preventing the exploitation of precious metals and stones for financial crime and staying AML Compliant.

Enhance the quality of your AML Program with a comprehensive Enhanced Due Diligence Process!

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE

A Comprehensive Guide to AML Customer Risk Assessment for DNFBPs in UAE

As per UAE AML regulations and to cope with the ever-evolving financial landscape, the regulated entities – Financial Institutions, Designated Non-Financial Businesses and Professions (DNFBPs), and Virtual Asset Service Providers (VASPs) – are required to conduct Customer Risk Assessments. The Customer Risk Assessment is a critical AML measure focused on identifying the money laundering or financing of terrorism (ML/FT) risk posed by each customer.

In this article, we will discuss the significance of performing customer risk assessment for DNFBPs in UAE and the best practices to conduct the same to manage the risk and stay compliant with the UAE AML regulations.

Understanding the Importance of Customer Risk Assessment

UAE has introduced AML/CFT regulations, providing guidelines for regulated organizations to implement AML compliance programs and combat financial crimes like money laundering and terrorism financing. One of the AML measures provided under the UAE AML laws is the Customer Due Diligence (CDD) process.

CDD is a set of comprehensive measures to be applied while onboarding a customer. It includes Know Your Customer (KYC), aimed at identifying the customers and verifying their identity, including the Ultimate Beneficial Owners (UBOs). The name screening of the customers and UBOs also forms part of the CDD process. Additionally, the Customer Due Diligence measures also include customer risk assessment.

What is Customer Risk Assessment under AML Compliance Program?

Customer Risk Assessment plays a pivotal aspect in the AML program, as it assists in adopting the risk-based approach to deploy the resources and optimally manage the financial crime risks. It involves assessing the potential ML/FT risk the customer is expected to pose to the business, i.e., creating the customer risk profile or conducting the risk assessment.

By assessing the risk associated with customers, regulated organizations can determine the level of procedures to be performed and the controls to be applied to manage risk effectively.

The customer risk assessment is primarily based on customer identification information, the nature of business activities, the geographies they are associated with, the purpose of the business relationship, the expected transactions, the actual transaction pattern, etc. Evaluation of the risk basis of these factors, along with other relevant risk parameters, assists the business in determining the level of customer risk and accordingly deploying adequate AML measures.

Why is Customer Risk Assessment a significant part of the AML Compliance Program?

As an outcome of the Customer Risk Assessment, the customer’s risk profile is created and classified as either high, medium, or low risk for the business. It assists businesses in determining the level of due diligence measures to be applied. For example, enhanced due diligence measures are applied to manage the increased risk for customers categorized as posing a high risk to the business. The businesses may adopt simplified verification measures for customers with low ML/FT risk. Thus, it helps the organizations apply the risk-based approach in its true and use the resources optimally, with smooth customer onboarding in line with the risk profile.

It serves as the foundation to build the ongoing monitoring program to identify any unusual patterns or suspicious activities, allowing the businesses to prioritize the monitoring efforts toward high-risk customers.

Moreover, the customer’s information and the activity profile keep evolving over time; thus, it is pertinent to ensure the customer’s risk assessment is updated to identify the level of risk associated with the customer and ensure appropriate mitigation measures are applied.

With a comprehensive customer risk assessment process, businesses can protect themselves from being exploited by financial criminals and ensure compliance with the AML regulatory landscape of the country.

How to conduct Customer Risk Assessment (CRA)?

Adopting the following steps will enhance the effectiveness of the Customer Risk Assessment:

Identifying and evaluating the risk factors

The first step in CRA is identifying the risk factors that expose the business to ML/FT vulnerabilities. These risk factors can include the following:

nature of the customer
customer’s country of residence, business, nationality, and birth
occupation and employer details of the customer
nature of the proposed transaction
transactional parameters like nature of product, services
mode of payment
person’s background (adverse media, connection with sanctioned persons, or past incidence of reporting suspicious transactions)
customer’s source of funds and wealth

For example, the customer working with an industry connected with ML/FT typologies, such as precious metals and stones or real estate, is treated as a high-risk customer. Further, the customer whose proposed payment mode is cash or virtual assets without any business rationale may trigger a suspicion warranting to classify the customer as high-risk.

The customer associated with a country on the FATF Grey List or jurisdiction notorious for higher risk of money laundering poses a higher risk to the business than the customer with a jurisdiction having strong AML regulations.

The comprehensive and combined evolution of these factors helps the business determine the risk associated with each customer and create its risk profile.

The evaluation of the risk factors to help identify the inherent ML/FT risk the customer poses and the level of AML/CFT measures are required to mitigate this inherent risk. For instance, regulated organizations must perform additional verification checks and obtain documents for high-risk customers to establish the legitimacy of the customer’s source of funds and wealth. Moreover, senior management approval must also be sought to establish a business relationship with such a customer.

Adopting appropriate mitigation measures significantly reduces the ML/FT risk, ensuring an inherent level of risk is brought within the business’s risk appetite to conduct a transaction with such a customer.

The factors considered for the risk assessment, the methodology adopted and the outcome of the CRA must be well-documented to demonstrate AML compliance.

Periodic review and reassessment

The customer risk profile is not a static one, i.e., once a customer is classified as high-risk would not necessarily pose such increased ML/FT risk to the business. The risk exposure changes as the customer’s profile is updated, the business activities change, the relevant country’s AML regulatory framework changes, etc. Further, the evolving AML regulations and emerging risk typologies also impact the customer’s risk profile.

Thus, the regulated entities must ensure that the customer’s risk assessment is dynamic, updated as and when there is any movement in the risk factor.

Empowering the team

Well-crafted AML/CFT procedures and controls are of no use without having a well-trained team to implement the same effectively. The regulated entities must impart adequate AML training to their employees around the performance of customer risk assessment and its impact on the nature of AML/CFT measures to be applied. The factors to be considered for risk assessment and the methodology to be adopted must be discussed during the AML training program.

How can the use of tools and techniques improve the effectiveness of the Customer Risk Assessment?

When assessing customer risk, regulated entities can deploy a wide range of tools and techniques to obtain accurate and real-time results. These tools and techniques would be both – manual as well as automated using technology.

Use of emerging technology in performing Customer Risk Assessment

With the use of developing technologies, businesses can improve the effectiveness of the risk assessment process. The automated software and tools can process a large volume of customer data to assess the level of risk and provide insights into the customer’s risk profile.

Leveraging these technological tools can speed up the processes, providing real-time assessment of the customer risk upon every transaction executed with the customer, without worrying about remembering the requirement to reassess the customer risk.

Moreover, these solutions use the initially assessed risk level as a base and can promptly identify any unusual patterns and suspicious activities inconsistent with the customer’s profile.

Use of manual techniques for assessing customer risk

Though deploying technology for customer risk assessment is one of the best alternatives, the power of manual techniques can’t be ignored. Small and medium-sized businesses can use sophisticated Excel-based methods to assess the risk, including manually verifying customer documents and information.

With the human touch, businesses can assess the risk by interviewing the customer, studying their behavior, involving third parties to evaluate the customer’s financial position, etc.

When the manual techniques are combined with technological tools, the comprehensiveness of the CRA measures enhances, ensuring that tool-based assessment is supported by manual verification and no potential risk exposure goes unnoticed.

Let Niyeahma help you design your Customer Risk Assessment Program

As the risk factors and AML regulations in UAE keep advancing, the methodologies of conducting customer risk assessment also change. Seek professional help from AML experts like Niyeahma to develop your customer risk assessment policies and program, ensuring you appropriately determine the customer’s ML/FT risk and apply necessary mitigation measures.

Niyeahma, with its diversified experience and subject knowledge, can assist the regulated entities in customizing the AML framework in accordance with the nature and risk exposure of the business while staying AML compliant and managing the risks effectively.

Whichever way you go – technological or manual – Niyeahma can help you either by identifying and assisting in implementing the right AML software for CRA or designing the manual techniques and processes to create customer risk profiles effectively.

With Customer Risk Assessment, manage your ML/FT risks effectively!

About the Author

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik

Article UAE