cfps

Anti-Money Laundering Policy

Download AML Policy

version 7.2

date: 25. 04. 2023

Chapter 1: Introduction

Definitions

Money laundering is the generic term used to describe the process by which criminals disguise the original ownership and control of the proceeds of criminal conduct by making such proceeds appear to have derived from a legitimate source.” Source ICA (www.int-comp.org).

"Terrorist financing is the process by which terrorists fund their operations in order to perform terrorist acts. Terrorists need financial support to carry out their activities and to achieve their goals. There is little difference between terrorists and other criminals in their abuse of the financial system. While different from money laundering, terrorists often exploit similar weaknesses in the financial system.” Source ACAMS (acams.org).

Sanctions – The United Arab Emirates (UAE), as a member of the UN, is committed to implementing the United Nations Security Council Resolutions (UNSCRs), including those related to UN sanctions regimes. Consequently, through the Cabinet Resolution No. 74 of 2020, the UAE is implementing UNSCRs on the suppression and combating of terrorism, terrorist financing & countering the financing of proliferation of weapons of mass destruction, in particular, targeted financial sanctions (TFS) regimes as defined by the UN.

1. CFP Technology FZCO (“FZCO” or the “Firm”) is committed to maintaining effective prevention and detection measures to assist law enforcement authorities in combating financial crime. This handbook sets out the policies and procedures which have been adopted to meet CFP Technology’s legal obligations under UAE anti-money laundering and counter-terrorist legislation.

2. These policies and procedures must always be adhered to.

3. FZCO always seeks to ensure that:

  • Clients’ identities are satisfactorily verified in accordance with the firm’s risk-based approach before FZCO does business with them.
  • FZCO knows our clients and understands their reasons for doing business with us both at the client acceptance stage and throughout the business relationship.
  • Our staff is trained and made aware of both their personal legal obligations and the legal obligations of FZCO.
  • Our staff is trained to be vigilant for activities where there are reasonable grounds for suspicion that money laundering could be taking place and to make reports to the MLRO.
  • Sufficient records are kept for the required period.
  • We establish, maintain and implement appropriate procedures to achieve these objectives.

4. Money laundering, fraud, and market abuse threats are dynamic, and criminals constantly devise new techniques and exploit the easiest targets in the financial services sector. To mitigate the risk of being used as a vehicle for financial crime FZCO will systematically assess, mitigate, and monitor these risks. It will seek to identify fraud, money laundering, and market abuse as well as conduct risk implications at an early stage of the client acceptance process, escalate this to senior management and take appropriate action.

5. A risk-based approach adopted by FZCO drives our overall strategy of fighting financial crime. Through this approach, we identify the areas of greatest vulnerability and focus our resources on those areas. Ultimate responsibility for this approach lies with the senior management but all staff carries a responsibility to maintain the effectiveness of systems and controls.

6. Customer Due Diligence (CDD) is the mid-level risk-based approach and as such, is the entry-level of all measures. Once entered at the CDD level, up-risk or down-risk processes may be applied.

7. Given the continually evolving environment and the nature of the risks involved, It is not possible to cover every possible eventuality in this handbook. Should an issue arise that is not specifically covered in this handbook, employees should refer to the MLRO for further guidance.

1.1 Financial Crime Risk

8. The DFSA as a supervisory authority is committed to maintaining an Anti-Money Laundering (AML), Combating the Financing of Terrorism (CTF) and Counter-Proliferation Financing (CPF) regime that acts as a significant deterrent to any criminal elements. Money laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds of their criminal activities, thereby avoiding prosecution, conviction, and confiscation of criminal funds.

9. Money laundering and terrorist financing risks are closely related to the risks of fraud and insider dealing. While these are separate offenses, money laundering involves handling the proceeds of any crime, including the proceeds of these activities.

10. The ability to launder the proceeds of crime through the financial system is vital to the success of criminal operations. London, as one of the world’s major financial centers, has a major role to play in combating money laundering. Firms that become involved in money laundering risk prosecution and damage to their reputation.

11. In recognition of this the procedures that FZCO has adopted, to reduce the incidence of financial crime, focus on knowing our clients, understanding their businesses, carrying out proportionate verification checks, and identifying and reporting suspicious activity.

1.2 Law, Regulation, and Industry Practice

12. FZCO is subject to UAE Federal AML, CTF, and CPF legislation which includes:

  1. Federal Law No. 20 of 2018 on Anti-Money Laundering and Combating the Financing of Terrorism and Illegal Organisations.
  2. Federal Law No. 7 of 2014 on Combating Terrorism Offences.
  3. Federal Law No. 5 of 2012 on Combating Cyber Crimes.
  4. Central Bank Board of Directors’ Decision No. 59/4/219 regarding procedures for AML and CTF and Illicit organizations.
  5. UAE Federal legislation may be accessed via the UAE Ministry of Justice’s Legislation Portal (available in Arabic and English): https://elaws.moj.gov.ae/indexEN.aspx

13. In order to comply with UAE laws, regulations, and guidance, FZCO adopts the following principles.

1.3 Anti-Money Laundering Policies

14. FZCO has implemented policies, procedures, and controls aimed at deterring criminals from using FZCO for the laundering of proceeds of crime. These policies and procedures are tailored to the risk posed by individual clients, in accordance with UAE laws.

1.4 Money Laundering Reporting Officer

15. FZCO has appointed its Money Laundering Reporting Officer (“MLRO”). The MLRO acts as the central point of contact both with law enforcement agencies and internally, in relation to all matters relating to money laundering.

16. The MLRO monitors FZCO’s compliance with anti-money laundering procedures and submits reports to senior management at least on an annual basis.

1.5 Customer Due Diligence (‘CDD’)

17. FZCO has established Customer Due Diligence procedures to identify the users of its services and, in relation to higher-risk clients, the principal beneficial owners and origins of funds. These procedures include knowing the nature of our client’s businesses and being alert to abnormal transactions.

1.6 Suspicious Transactions

18. Suspicious activity includes, but is not limited to, any transactions or account activity that is not customary, routine, or commensurate based upon past or expected transactions or activity, or that is otherwise suspicious or lacking an apparent business or legal purpose.

19. Unexplained or abnormal transactions or activities that are suspected of being linked to criminal activity should be reported to the MLRO in writing without delay using the Suspicious Transaction Reporting Form (Money Laundering) in Appendix 1, reports will be highly confidential and can be made anonymously. The MLRO will determine whether to report the suspicions to the Financial Intelligence Unit (FIU). If the MLRO is absent, reports should be made to the appointed Deputy MLRO. An acknowledgment of receipt should be obtained from the MLRO for every such report.

1.7 Training

20. All personnel must be informed of their individual and collective responsibilities and FZCO ’s anti-money laundering policies. Personnel is provided with training to enable them to understand the vulnerabilities of FZCO ’s business and to recognize and report suspicious activities.

21. Copies of all training material must be kept at all times and referred to by the attendance registers or ad-hoc training as may occur.

1.8 Record-Keeping

22. FZCO keeps records of who has been trained and the timing and form of training sessions. We retain all records verifying the identity of our clients for at least 5 years following the end of the business relationship. We also retain the records of any internal reports of suspicion submitted to the MLRO and any disclosures made to FIU.

23. All changes to this policy must be version controlled and details of changes made are recorded appropriately. This may be used as a defense if any litigation arises from actions by the Firm or its staff.

Chapter 2: Offences

24. There are a number of pieces of legislation that make up the UAE Anti-money laundering/counter-terrorist financing legal framework.

25. A brief summary of the main pieces of legislation is provided below. All employees of FZCO should be aware that it is not only the firm that is subject to the legislation but also the employees within the firm. Failure to comply with certain aspects of the legislation can result in an individual being subject to prosecution with the threat of a custodial sentence or fine.

26. Offences are punishable whether the attempt to launder money was successful or not.

2.1 Criminal Conduct

27. Criminal conduct is conduct that constitutes an offense in any part of UAE (or would constitute an offense in any part of UAE. if it occurred there).

2.2 Criminal property

28. Property is criminal property if it constitutes a person's benefit from criminal conduct or it represents such a benefit (in whole or part and whether directly or indirectly), and the alleged offender knows or suspects that it constitutes or represents such a benefit. It is immaterial:

  • who carried out the conduct
  • who benefited from it

29. A person benefits from conduct if they obtain property, advantage, or benefit as a result of or in connection with the conduct or any other conduct. Where the property is land, this includes a servitude, right, or interest in relation to that piece of land. Property is all property wherever situated and includes:

  • money
  • all forms of property, real or personal, heritable or moveable
  • things in action and other intangible or incorporeal property

2.3 Arrangements

30. A person commits an offense if he enters into or becomes concerned with an arrangement that he knows or suspects facilitates (by whatever means) the acquisition, retention, use, or control of criminal property by or on behalf of another person.

31. Concealing the source of illicit gains, aiding, abetting money laundering, and inciting and attempting the offense can be considered a criminal offense.

32. This offense is punishable by imprisonment and/or a fine.

2.4 Acquisition, Use, and Possession

33. A person commits this offense if he:

  • acquires criminal property
  • uses criminal property
  • has possession of the criminal property

34. This offense covers any conduct wherever it takes place if it would constitute a criminal offense if committed in UAE. This excludes minor offenses committed overseas where the conduct is lawful in the jurisdiction where the offense in question is committed (for example, bullfighting in Spain). This offense however includes, but is not restricted to, drug trafficking, terrorist activity, corruption, theft, fraud, tax evasion, robbery, forgery, product piracy, illegal deposit taking, blackmail, and extortion.

35. It is a defense to show that a person reported their suspicion to the MLRO (in the case of the MLRO, to a law enforcement agency).

36. This offense is punishable by imprisonment and/or a fine.

2.5 Tipping Off

37. It is a criminal offense that a disclosure has been made to either FIU or the MLRO or that the police or customs authorities are carrying out or intending to carry out a money laundering investigation.

38. It is a defense to show that a person had either lawful authority or a reasonable excuse to make the disclosure. It is also a defense that a person neither knew nor suspected that the disclosure would prejudice an investigation.

39. Tipping off is punishable by imprisonment and/or a fine.

2.6 Failure to Disclose

40. It is a criminal offense for persons working in the regulated sector not to disclose if they have reasonable grounds to know or suspect, in the course of their employment, that another person is engaged in money laundering. The report should be made without undue delay and not later than two business days after the identification of the suspicious activity or transaction. This offense also covers a failure of the MLRO to report a suspicion to FIU without a reasonable excuse.

41. Reporting to the MLRO in accordance with FZCO ’s procedures will satisfy the obligation to report.

42. Legislation protects those reporting suspicions of money laundering from claims in respect of any alleged breach of client confidentiality.

43. Failure to disclose is punishable by imprisonment and an unlimited fine.

2.7 Money Laundering Regulations

44. FZCO’s business activities are within the scope of the Money Laundering Regulations and we, therefore, have in place appropriate policies and procedures covering:

  • Customer due diligence
  • Reporting
  • Record keeping
  • Internal control
  • Risk assessment and management
  • Compliance management; and
  • Communication

45. FZCO is aware that they are sanctioned for not having adequate procedures in place.

46. Failure to comply with the Regulations constitutes an offense punishable by imprisonment, a fine, or both.

2.8 US Legal Obligations

47. The US criminal money laundering laws, in particular the USA Patriot Act 2001, have extra-territorial effects. Where FZCO has any established activities in, or linked to the USA, whether through a branch, subsidiary, associated company, or correspondent banking relationship there is a risk that US regulations and sanctions may apply. This includes dealing with clients that are US citizens, whether these legal obligations apply will be determined during the KYC/KYB checks. The MLRO ensures that where this falls into scope procedures are followed to ensure compliance.

2.9 Office of Foreign Assets Control (OFAC)

48. The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments.

49. The OFAC Main Page can be found at: https://home.treasury.gov/

50. OFAC Sanctions Lists can be found at:

2.10 Sanction Programs

51. Currently there are a number of sanction programs in operation internationally. FZCO is required by law to ensure full compliance and ensure that any links are identified, directly or indirectly. Such links may include:

  • Jurisdiction of where an entity is registered;
  • Jurisdiction of where an entity is operating;
  • Beneficial ownership and control;
  • Any other significant link to an individual or entity, which has been identified as a Specially Designated National (“SDN”).

52. In consideration of this, where one of the above criteria is indicated for a prospective client, the AML Compliance Officer should escalate to the MLRO for review, who may seek legal advice from FZCO’s Board members if required.

53. The full list of current programs in operation in UAE, including the list of destinations with trade restrictions and terrorist organizations can be found here: https://www.uaeiec.gov.ae/en-us/un-page?p=2#

54. All new account openings must ensure that all prospective client names are subject to KYC screening which will check applicable international sanction lists. In accordance with the risk matrix, it may be necessary to also check all directors and shareholders, ensuring that they are added to the ongoing screening database when deemed necessary.

55. As a matter of good practice, for high-risk clients the MLRO may deem it necessary to independently review the Sanctions List and run an OFAC search using this source: https://ofac.finra.org/#/

56. If in doubt about the nature of any of the information listed in the sanctions section, speak with the MLRO.

57. The Firm may use external third parties for electronic checking.

58. A breach of the International Sanctions Act carries a fine of up to €400,000.

2.11 Predicate offenses

59. A predicate offense is a crime that is a component of a larger crime. For FZCO this would be predominantly any crime that generates monetary income.

60. The expanded list of predicate offenses:

  • Participating in an organized crime group or racketeering
  • Human trafficking and migrant smuggling
  • Sexual exploitation
  • Illicit trafficking in narcotics and psychotropic substances
  • Illegal arms trafficking
  • Trafficking stolen goods
  • Corruption
  • Murder and grievous bodily harm
  • Fraud
  • Counterfeiting currency
  • Counterfeiting and piracy of products
  • Kidnapping and hostage-taking
  • Robbery and theft
  • Smuggling
  • Tax crime relating to both direct and indirect taxes
  • Extortion
  • Forgery
  • Piracy
  • Cybercrime
  • Terrorism
  • Insider trading and market manipulation

Chapter 3: Internal Communications

3.1 Money Laundering Reporting Officer

61. FZCO has appointed Money Laundering Reporting Officer (“MLRO”). The MLRO has overall responsibility for the establishment and maintenance of effective anti-money laundering systems and controls.
62. The MLRO is a required function. The expects the MLRO to be based in UAE and to be of sufficient seniority within FZCO to be able to act on his own authority. The MLRO must have access to all Know Your Business/Customer information, data, and dashboards. The MLRO’s responsibilities include the following:

  • Monitoring of the effectiveness of FZCO ’s anti-money laundering controls;
  • Overseeing the firm’s compliance with the DFSA’s rules on anti-money laundering systems and controls;
  • Having overall responsibility for the day-to-day operation of such policies, even where these have been delegated;
  • Ensuring that client account opening standards are compliant with FZCO ’s policy;
  • Receiving and reviewing internal disclosures and submitting external reports to FIU;
  • Responding promptly to any reasonable request for information made by the DFSA or law enforcement;
  • Liaising with the DFSA, FIU, and other external agencies;
  • Ensuring that anti-money laundering training is provided, its standards and scope are appropriate, and that records are kept;
  • Reporting to the senior management on at least an annual basis (via MLRO Report) and keeping the management updated on money laundering issues;
  • Obtaining and using national and international findings, for example, the findings of the Financial Action Task Force, International Monetary Fund, and World Bank;
  • Ensuring there is no padding and abetting activity within the firm.
  • Appointing a Deputy MLRO to cover the MLRO’s periods of absence (If the MLRO is temporarily unavailable for 12 weeks or more in any consecutive 12-month period,);
  • Ensuring that client and transaction monitoring is being undertaken;
  • Assessing the risks of FZCO ’s client base and business activities in relation to money laundering on an ongoing basis;
  • Ensuring the firm’s policies and procedures are being communicated effectively to all relevant employees.

 63. While the MLRO may delegate their duties to another appropriate person, such delegation needs to be documented.

3.2 Contact with Third Parties

64. FZCO’s personnel must not discuss any issues relating to the firm’s anti-money laundering policies and procedures with any third parties without the prior consent of the MLRO. All requests from the DFSA, FIU, Police, or other investigating and enforcement agencies must be referred to the MLRO without delay.

3.3 Orders

65. The following orders may be served on FZCO as part of an ongoing investigation. Should you receive any such order, please give it to the MLRO without delay:

  • a disclosure order from any law enforcement organization
  • an account monitoring order from any law enforcement organization
  • a search and seizure warrant

Chapter 4: The Risk-based Approach

66. FZCO is required to operate a risk-based policy in order to identify, manage and mitigate the risks associated with the firm being used for money laundering or terrorist financing. This approach will identify the most cost-effective and proportionate way to manage and mitigate the risks posed to the firm. It is accepted that a risk-based regime cannot be a zero-failure regime but that it should strike a balance between cost and the realistic threat of being used for money laundering or terrorist financing. The aim is to focus the efforts where they are most needed and will have the most impact.

67. A risk-based approach requires FZCO to undertake the following steps:

  • Assess the risks applicable to the firm. In the case of FZCO, these risks will predominantly relate to our customers and the products and or services we provide to them.
  • Design and implement controls to manage and mitigate these risks
  • Monitor and improve the effective operation of the firm’s controls
  • Record what has been done and why.

68. FZCO adopts a risk-based approach to business that enables it to utilize its resources in the most efficient and cost-effective manner. While we will, as far as reasonably practicable, ensure consistent application of our risk-based approach, we recognize that this approach cannot anticipate every eventuality. Therefore in any given case the Compliance Officer or MLRO may exercise their judgment in deciding whether or not to deviate from the written policies. This judgment will be clearly reasoned and documented.

4.1 Geographical location of the client and their business

69. When and if FZCO deals with clients located in countries without adequate anti-money laundering standards it will either obtain additional Customer Due Diligence information or perform more intensive monitoring of the client’s account. Countries presenting a high geographical risk are those where:

  • Cash is the normal medium of exchange
  • There is a politically unstable regime with high levels of public or private sector corruption
  • That is known to be drug-producing or drug-transit countries
  • Have been classified as countries with inadequacies in their anti-money laundering strategies

70. A useful source of information on geographical risk is Transparency International: www.transparency.org

71. The Transparency International Corruption Perception Index is attached to the Handbook as Appendix 8. The up-to-date index can be found at http://www.transparency.org/ Downloading the information package provides a host of data and it is subdivided into continents.

72. FZCO’s client base is divided into three risk categories: Low, Medium, and High. The Compliance Officer or MLRO determines to which category a client belongs. They will record the basis of assessment for each client. Given the nature of business undertaken by FZCO, it is expected that the majority of our clients will be assessed as either Low/Medium/High Risk. The entry-level is medium risk and evaluation is performed from that point.

73. The following should be used as guidance when applying a risk-based approach to the assessment of money laundering risk posed by each client. Consideration of the overall information held may alter the risk profile of the client.

4.2 Low Risk

74. Regulated financial institutions based in UAE; those located in EU, FATF, or comparable jurisdictions. A list of comparable jurisdictions and a list of FATF member countries can be found in Appendix 5.

75. Companies or their subsidiaries (50% or more) whose shares are traded on EU regulated market or equivalent exchange. A list of such exchanges can be found in Appendix 5.

76. A third country is identified by credible sources as having a low level of corruption or other criminal activity, such as terrorism, money laundering, and the production and supply of illicit drugs. Furthermore, a third country, on the basis of credible sources, such as evaluations, detailed assessment reports, or published follow-up reports published by the Financial Action Task Force, the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development, or other international bodies or non-governmental organizations:

  • has requirements to counter money laundering and terrorist financing that are consistent with the revised Recommendations published by the Financial Action Task Force in February 2012 and updated in October 2016, June 2019, and May 2021; and
  • effectively implements those Recommendations.

77. Reputable, well-known organizations, with long histories in their industries or large market capitalization and with substantial public information about them and their principals and/or controllers.

78. Clients represented by those whose appointment is subject to court approval or ratifications (e.g. executors)

4.3 High Risk

79. The following are examples of what would normally be considered High Risk. This list is not exhaustive.

  • Relationships where a Politically Exposed Person (“PEP”) or their connected person, have been identified as having a significant involvement. This definition of PEP would include heads of state or of government, senior politicians, senior government, judicial or military officials, senior executives of publicly owned enterprises, and important political party officials. Please consult the MLRO if you think that you may be dealing with PEP or their connected person. (See Chapter 6: Identification Evidence).
  • Clients seeking to purchase, or purchasing a “golden passport”, i.e. the client applies for residence rights or citizenship in any country in exchange for capital transfers, purchase of property or government bonds, or investment in corporate entities.
  • Complex business ownership structures, such as offshore special-purpose vehicles, make it easier to conceal underlying beneficial owners, especially where there is no legitimate commercial rationale.
  • Accounts that involve regular payments to or from unrelated third parties.
  • Names that have been previously linked with financial crime.
  • Clients based in or conducting business in or through high-risk jurisdictions with a known level of corruption and organized crime, or drug production and distribution.
  • Clients engaged in higher-risk business activities, for example where large amounts of cash are involved.
  • Companies issuing bearer shares, especially if incorporated in higher-risk jurisdictions.
  • Clients that have been subject to a Suspicious Transaction Report.
  • Clients that have not been physically present for identification purposes. This does not apply to clients to whom SDD applies.

4.4 Medium Risk

80. All other clients that do not fall within either a low-risk category or a high-risk category including (but not restricted to):

  • Subsidiaries of or entities associated with low-risk clients
  • Private companies from UAE, EEA, or comparable jurisdictions provided they are not undertaking high-risk business.

4.5 Additional Considerations

81. FZCO will take the following additional considerations into account when determining the risk posed by a client. While these considerations will not determine the risk on their own, they will be considered alongside other factors in judging the overall money laundering risk posed by a particular client.

  • Whether FZCO is engaged in a one-off transaction or business relationship
  • In relation to the introduced business, the effectiveness of the due diligence carried out by the introducer
  • The nature and length of any existing or previous relationship between either FZCO or our employees and the client
  • The way in which information is obtained (e.g. from a government department, regulated firm, or other sources)
  • The nature and extent of any assurances given by other regulated firms that may be relied upon.
  • Any associations the client may have with other entities or jurisdictions, such as headquarters, operating facilities, branches or subsidiaries, and the individuals who may influence its operations.
  • Other relevant considerations; such as whether the client has a regulated investment manager or adviser, a prime broker (who have performed due diligence on the client), and other considerations that the Compliance Officer or MLRO may reasonably consider relevant to the client’s risk assessment.
  • The type of products or services that FZCO is providing to the client.

4.6 MLRO’s Ongoing Risk Assessment

82. Risk management is a continuous process. The MLRO is responsible for ensuring the firm’s risk assessment is up-to-date and appropriate. This is done by means of an ongoing risk assessment.

83. On an ongoing basis the MLRO will review FZCO ’s business activities, including:

  • Appropriate procedures to identify changes in client characteristics, which come to light in the normal course of business
  • Ways in which different products and services may be used for money laundering or terrorist financing, and how these ways may change
  • Adequacy of staff training and awareness
  • Monitoring compliance arrangements (such as internal audit/quality assurance, processes, or external review)
  • The balance between technology-based and people-based systems
  • Capturing appropriate management information
  • Upward reporting and accountability
  • Effectiveness of the liaison with regulatory and law enforcement agencies

84. The MLRO will identify any changes to FZCO ’s services that may expose the firm to a higher risk of money laundering. This may also highlight the need for a formal assessment of risks posed by either of our client categories or individual clients. The results of this ongoing assessment will be detailed in the annual MLRO Report to senior management.

Chapter 5: Customer Due Diligence Procedures

85. The Money Laundering Regulations specify the Customer Due Diligence (CDD) measures that are required to be carried out, the timing, as well as actions required if CDD measures are not carried out. The purpose of this chapter is to provide guidance on the following:

  • The meaning of CDD measures
  • Timing of, and non-compliance with CDD measures
  • Application of CDD measures
  • Simplified Due Diligence
  • Enhanced Due Diligence

86. For lists of the documentation to be obtained and verified in respect of specific business types please refer to Chapter 6 of this handbook.

5.1 What is CDD?

87. CDD is the entry-level approach that the Firm must take. Following this, evidence to ensure SDD or risks identified to raise the level of EDD is then taken.

88. The CDD measures that must be carried out involve:

  • Identifying the customer and verifying the identity;
  • Identifying any person purporting to act on behalf of the customer, and verifying their identity;
  • Identifying the beneficial owner, where relevant, and verifying their identity;
  • Obtaining information on the purpose and intended nature of the relationship;
  • Conducting ongoing monitoring of the relationship;
  • In the case of legal entities, the firm must understand the ownership and control structure.

89. These measures are designed to make it harder for the financial services industry to be used to launder money or fund terrorism.

We will apply CDD to all customers on a risk-sensitive basis, and monitor the service provider to ensure that the measures taken are appropriate.

5.2 Timing of, and non-compliance with, CDD measures

90. FZCO will ensure that it has completed appropriate client due diligence prior to entering into a legally binding agreement with the client to undertake regulated business.

91. The Compliance Officer/MLRO may, at his discretion, allow an account to be opened before all the documentation has been obtained if it is necessary in order not to interrupt the normal conduct of business and there is little risk of money laundering. In these cases, the decision must be fully documented, and all outstanding documentation obtained as soon as possible. In these instances, the firm should not make any payments from that account either to the client or to a third party until such times as the documentation has been obtained and verified.

92. If FZCO is unable to comply with the required CDD measures in relation to a customer, then the firm must not undertake any transactions for that client and should terminate any existing relationship. At this point, it will be necessary to consider making a Suspicious Transaction Report to the MLRO.

93. If the client does not possess the right documents, then the firm should consider whether there are any other ways of being reasonably satisfied with the client’s identity.

94. Where an account is to be terminated due to a lack of CDD the MLRO should be consulted as to the appropriate way to return the funds.

95. If you suspect that any documents have been falsified or are fraudulent you must notify the MLRO immediately.

5.3 Who is the Customer?

96. The term customer is not defined by the Money Laundering Regulations but, in general, will be the party with whom the business relationship would be established. If in doubt as to who should be identified as the customer, please seek guidance from the Compliance Officer or MLRO.

97. Where there is a party purporting to act on behalf of the Customer, the Money Laundering Regulations require that the party’s identity be verified. If in doubt as to how to meet this requirement, please seek guidance from the Compliance Officer or MLRO.

5.4 Who is the beneficial Owner?

98. The Money Laundering Regulations require that anyone owning or controlling 25% or more of a legal entity is identified and that their identity be verified in line with the firm’s risk-based approach.

99. Also, where the actual beneficiary is an individual who, regardless of the size of the share of ownership, makes important decisions regarding the company (for example, on the basis of a shareholder agreement), their identity should be verified in line with the firm’s risk-based approach.

5.5 Existing Customers

100. If a client has already been identified by FZCO, no additional information needs to be obtained in respect of such a client unless the information already available is either out of date; or if the client’s risk profile has changed. This may happen if the firm supplies a different product or service to the client or if FZCO becomes aware of any information that results in a change to the client’s risk profile.

101. If FZCO has any legal duty in a calendar year to contact the client to review their relevant beneficial ownership information, FZCO must apply/reapply CDD on the client.

5.6 Simplified Due Diligence (SDD)

102. SDD can be applied to certain low-risk entities. Whilst this means there is no requirement to perform checks on the client’s identity or beneficial ownership structure it is necessary to prove that they fall within the SDD exemption. SDD can be applied to:

  • Financial institutions in UAE, EU, or comparable jurisdictions that are subject to the ML Regulations or equivalent
  • Companies listed on a regulated market
  • UAE public authorities
  • Legal and accountancy firms in UAE that are members of a recognized professional body.
  • Community institutions (e.g. Abu Dhabi Department of Community Development, European Investment Bank, Environment Agency, Europol)

103. Further detail on the application of SDD to these entities can be found in Chapter 6: Identification Evidence.

5.7 Enhanced Due Diligence

104. Under the risk-based approach adopted by FZCO, EDD will need to be conducted on any clients falling into the high-risk category. In addition to these clients, the regulations state specific instances where EDD must be applied. These are:

  • Where the client is not physically present
  • In respect of correspondent banking relationships
  • Any relationship or transaction involving a Politically Exposed Person (“PEP”)
  • Where the client is located in a high-risk third country
  • Transactions relating to cultural artifacts and other items of archaeological, historical, cultural, and religious importance, or of rare scientific value, as well as ivory and protected species

105. Specific guidance on the application of enhanced due diligence is contained in Chapter 6: Identification Evidence.

5.8 Account Opening Process

106. FZCO will use a standard form to open new client accounts.

5.9 Exception to Full Identification

107. While we will use our standard account opening procedure to verify the identity of our clients whenever possible; it may be the case that a client cannot provide standard information, or there are other factors that may influence the client’s risk profile. FZCO ’s procedure cannot accommodate every eventuality and in some cases the Compliance
Officers/MLRO will need to exercise their judgment. This may justify a deviation from the firm’s standard client opening procedure. All such exceptions must be agreed upon and documented by the Compliance Officer or MLRO in accordance with FZCO ’s risk-based approach.

5.10 Client Acting as an Agent

108. When identifying a client that acts on behalf of underlying customers AND is either of
the following:

  • A regulated financial sector firm; or
  • A non-UAE firm located in a comparable jurisdiction AND regulated by an overseas regulator

109. FZCO will not need to identify the underlying customers, even if their identity is disclosed to us unless we take instruction directly from the underlying customers.

110. In all other cases, FZCO will obtain identification and verification evidence in respect of both an intermediary and an underlying customer in accordance with our risk-based approach.

111. When the client is located in a Non-Comparable Jurisdiction, unless FZCO is satisfied that the client acting as an agent operates client identification procedures equivalent to UAE standards, the underlying customers must be identified or the business declined.

112. When the client is unregulated and located in a Comparable Jurisdiction, unless FZCO is satisfied that the client acting as an agent operates client identification procedures equivalent to UAE standards, the underlying customers must be identified, or the business declined.

5.11 FZCO Acting Solely as an Introducer

113. FZCO may act solely as an introducer between the client and the firm providing a product or service (“Provider Firm”). FZCO will play no part in the actual transaction and have no other relationship with either of the parties.

114. In such cases, the identification and verification obligations will lie with the Provider Firm, and not with FZCO, provided that:

  • FZCO does not give advice to the client; and
  • FZCO does not play any part in the negotiation or execution of the transaction; unless FZCO is acting as an agent of the Provider Firm.

5.12 Client Risk

115. The level of documentation required for each client will vary depending on the risk category of a particular client.

5.13 Financial Sanctions Targets

116. It is a criminal offense to make funds or financial services available to sanctioned entities and people (targets) on the list maintained by the Supreme Council for National Security (Supreme Council ). This would include dealing directly with these targets and dealing with these targets through intermediaries (such as lawyers or accountants).

117. Please contact the MLRO for the Sanctions List (https://www.uaeiec.gov.ae/en-us/un-page).

5.14 Origin of Documents

118. Generally, when identifying a client, a document issued by a government department or agency, or by a court will provide a high level of confidence. FZCO will normally accept non-government-issued documentary evidence verifying identity only if it originates from a public sector body or a regulated financial services firm in a comparable jurisdiction, or is supplemented by the knowledge that FZCO has of the person or entity, which has been documented (please refer to Section B2 box 7 in the NAO Form in Appendix 3).

5.15 Home Visit Evidencing Address

119. No home visits will be permitted.

5.16 Documents in a Foreign Language

120. If documents are in a foreign language, FZCO will take appropriate steps to be reasonably satisfied that the documents do in fact provide evidence of the client’s identity. This is likely to involve the translation of either all or part of a document.

5.17 Documentary and Electronic Evidence

121. FZCO will rely on electronic identification evidence. As we choose to rely on electronic evidence only, we must use data from multiple sources, and across time, or incorporate qualitative checks that assess the strength of the information supplied. We cannot rely exclusively on electronic systems that access data from a single source only
(e.g. a single check against the Electoral Roll). For further information on the use of electronic evidence please consult the Compliance Officer or MLRO.

5.18 Certification of Documents

122. We will not be operating with any requirement to obtain certified copies of identification documents.

5.19 Clients’ Websites

123. FZCO understands that although the information on the websites of its clients or potential clients may be helpful, it is not independently verified. While FZCO may use such information as corroborative evidence, it will not exclusively rely on it; an exception can be made by the Compliance Officer/MLRO for low-risk clients.

5.20 Public Information

124. Listed and some unlisted public companies are subject to a high level of disclosure in relation to ownership and business activities; and may have public filing obligations. Private companies and some partnerships, although not subject to such a level of disclosure, often have public filing obligations. Whenever possible and appropriate, FZCO will seek to use reliable public information in its identification process.

5.21 Signatories

125. On some occasions, and where appropriate, FZCO may be provided with a list of those authorized to give instructions for the movement of funds or assets, along with an appropriate instrument authorizing one or more directors (or equivalent) to give FZCO such instructions. FZCO will use this information in determining whom to identify, using its risk-based approach.

5.22 Non-Face To Face Clients

126. Given FZCO ’s business model, it is unlikely we would not meet our clients face to face.

127. Given our business and the type of service we provide, it is unlikely that clients accepted in such a manner will deliberately avoid face-to-face contact. Therefore, a non-face-to-face business will not in itself magnify a money laundering risk posed by a particular client. However, non-face-to-face identification carries an inherent risk of impersonation fraud. To address this risk FZCO will perform at least one additional verification check for non-face-to-face clients, such as:

  • Verifying additional aspects of the client’s identity (or the same or different aspect of identity by electronic means)
  • Sending Terms of Business or other applicable documentation to a verified address (to be signed and returned by the client)
  • Requiring copy documents to be certified by an appropriate person

5.23 Controller of Funds

128. If it appears that another person may have control over the funds which form or otherwise relate to the relationship with our client, we will seek to identify the controller as well as the client, if and when justified by risk.

  • SOW – Statement of Wealth – this can be a certified HNW certificate;
  • SOF – Source of Funds – through ongoing transaction monitoring;
  • SOW & SOF – definitely required for PEP and High-Risk Customers;

129. Documents evidencing each item declared on SOW are a requirement under the EU 4th Directive on Money Laundering.

130. Each declaration on the SOW or assets owned by the customer must be evidenced by documentation and should be independently verified. A verifiable Chartered Accountant’s letter would be acceptable, ideally categorizing the cash, property, shareholdings and

131. Should the bank decide to take a reduced-risk approach on some PEP customers SOW is required with evidence supporting the wealth taken from publicly available information, transaction records (statements), and searches.

132. domestic PEPs should be initially treated as PEP and when the MLRO or delegated officer is satisfied that there is no other involvement or concern, they can be risk assessed and treated with a lower level of due diligence if appropriate. This de-risking should be recorded in line with the PEP recording process.

5.24 Source of Funds

133. Income from Employment

  • An original or certified copy of a recent pay slip- the last pay slip within 3 months
  • Written confirmation of salary signed by the employer.

134. Property Sale

  • Original or certified copy of the contract of sale
  • Written confirmation of sale signed by advocate/solicitor

135. Sale of Investments

  • Original or certified copy of contract notes
  • Written confirmation of sale/holding signed by accountant/broker

136. Inheritance

  • Original or certified copy of will or grant of probate
  • Written confirmation of inheritance signed by advocate/ trustee/ executor.

137. The beneficiary of the Life Insurance policy

  • Original or certified copy of the policy with the client listed as the beneficiary
  • Written confirmation of paid-out policy to the client signed by the insurance company

138. Company Sale

  • Original or certified copy of the contract of sale
  • Written confirmation of sale signed by advocate/solicitor
  • Internet research of Company Registry

139. Divorce Settlement

  • Original or certified copy of Court Order
  • Written confirmation of settlement signed by advocate/solicitor.

140. Savings

  • Statement from the savings institution – 3 months - and inquiry of the source of wealth

141. Lottery / Gambling win

  • Evidence from the lottery company
  • Cheque
  • Winnings receipt

 142. Companies

  • Accounts – latest/last annual
  • Industry/sector of their clients
  • Products or services they offer and the delivery channels
  • New ventures
  • New products or services / new delivery channels / new client types
  • Any other relevant areas considered necessary

5.25 Controllers and Beneficial Owners

143. FZCO must ensure that controllers and Ultimate Beneficial Owners (UBO) of entities are identified and verified.

144. Appropriate identification, verification, and due diligence must be completed. Where required we should take sufficient measures to reach a good understanding of the underlying structure and ownership by considering information such as:

  • the legal form of the Entity (for example corporation, limited company, partnership, trust, etc.; and
  • the controllers of the company (for example knowledge of who within the Entity is authorized to make major decisions, such as executive management or executors)

145. The standards for identification and verification set out earlier in this Policy must be used to verify and identify controllers or UBOs.

5.26 Other Considerations

146. Passport copies should be clear and of good quality.

147. Clients should be discouraged from sending original valuable documents by post.

148. Consideration should be given as to whether the documents relied upon may have been forged.

Chapter 6: Identification Evidence

149. The purpose of this section of the manual is to provide detailed guidelines to staff in respect of obtaining account opening documentation. The information below covers the types of legal entities that are likely to be clients of FZCO. However, due to the diversity of legal structures in place, it is not possible to cover all possible scenarios below. If a potential new client does not appear to fit into any of the categories detailed below you should seek guidance from the MLRO as to the most appropriate type of documentation to obtain.

150. Refusal by the customer to provide information or documents required for due diligence measures is deemed a fundamental breach of the contract and should be reported to the MLRO immediately.

151. There are five parts to Customer Due Diligence, this chapter covers the first three parts listed below:

  • Knowing who the applicant for business is (identification)
  • Is the client who they say they are (verification)
  • Ascertaining the nature and purpose of the relationship
  • Keeping information up to date
  • Ongoing monitoring to assess if in line with what is expected

6.1 Clients entitled to Simplified Due Diligence (SDD)

6.1.1 Regulated Financial Institutions

152. Where the new client is a regulated financial institution in UAE, EU, FATF, or comparable jurisdiction there is no requirement to perform identity or verification checks. It is however a requirement that FZCO has reasonable grounds for believing the customer is an institution covered by SDD.

153. Therefore, when dealing with regulated firms FZCO will obtain the following information:

  • The evidence of the client’s regulated status; AND
  • The evidence of the client’s address

154. The list of regulators provided in Appendix 5 will assist FZCO in identifying such clients.

6.1.2 UAE Public Authorities and Community Institutions

155. In respect of UAE public authorities and community institutions, FZCO may apply SDD.

156. Therefore, when dealing with a UAEpublic authority or community institution FZCO will obtain the following information:

  • The evidence of the client’s public status; AND
  • The evidence of the client’s address

6.1.3 Companies listed on an EU-regulated market or equivalent exchange

157. Companies listed on an EU-regulated market or equivalent exchange are publicly owned and accountable.

158. For all such customers, FZCO will obtain the evidence of address as well as reliable evidence that the client is either of the following:

  • A publicly quoted company (that is subject to public disclosure rules), or
  • A 50% (or more) consolidated subsidiary of a publicly quoted company

159. Whilst the SDD standards are lower for the types of clients mentioned above it does not negate the need to obtain and verify further information if the risk assessment of the new clients suggests this may be appropriate.

160. If a regulated market is located within the EEA there is no requirement to undertake checks on the market itself. FZCO will, however, record the steps it has taken to ascertain the status of the market. If the market is outside the EEA but is one which subjects companies whose securities are admitted to trading to disclosure obligations which are
contained in international standards and are equivalent to the specified disclosure obligation in the EU, similar treatment is permitted.

6.1.4 Companies subject to the licensing and prudential regime of a statutory regulator in the EU

161. This would include companies that are subject to regulators such as OFWAT OFGEM or OFCOM or an EU  equivalent e.g. power and telecommunications companies.

6.1.5 Members of recognized professional bodies

162. This will include legal and accountancy firms in the UAE that are members of a recognized professional body. FZCO will obtain appropriate evidence that the firm is a member of the recognized professional body and this will be held on file.

6.2 Clients Subject to Full Identification Requirements

6.2.1 Unregulated Private Companies and Limited Partnerships

163. FZCO, when identifying a company or limited partnership will seek to understand its legal form, ownership structure, and business. The amount of information that we will seek to obtain will depend on the money laundering risk posed by a particular company. Money Laundering Risk is discussed in Chapter 4.

164. Different information requirements in relation to different types of entities are detailed below. For all such clients FZCO as a matter of course will seek to obtain the following Standard Information; that is information required for all clients. Additional information will need to be obtained in relation to Medium and High-Risk clients.

6.2.2 Standard Information for Medium-Risk Clients

165. FZCO will obtain the following standard information in respect of each corporate client. The extent of verification of this information will depend on the risk posed by a particular client. When verifying the identity of a client in accordance with a risk-based approach, we will take into account the below-mentioned examples of documentation that can be used for such verification.

  • An official document containing the client’s full name and registered number. Examples: A copy of Certificate of Incorporation or Partnership Agreement (if any), Companies House (or equivalent registry) search
  • Evidence of the client’s registered office in the country of its incorporation. Examples: A confirmation of the address by a reputable professional person, Companies House (or equivalent registry) search
  • Evidence of client’s business address. Examples: A copy of a utility bill, A government issued document, A record of a visit to the client’s place of business
  • Names of all directors
  • Names of all direct and indirect beneficial owners owning 25% or more of the entity. Where no beneficial owner has an interest of 25% or more, the Compliance Office will determine whose identity should be verified, taking a risk-based approach.
  • Copy of latest audited accounts where available.
  • A group/shareholding chart (where relevant)

166. Wherever possible this information must be obtained from an independent source such as Companies House or from a reputable business information provider. Further detail of the standard of evidence is given in Chapter 5.

167. Where any discrepancies are identified between a client’s beneficial ownership information available at the Registrar of Companies (ROC) and the information FZCO obtains through our own compliance checks, we are required to report the discrepancies to the MLRO.

168. The identity of beneficial owners owning 25% or more of the company and the identity of at least one director must be verified in line with the requirements for private individuals.

6.2.3 Limited Partnerships which are Medium Risk Clients

169. Limited Partnerships are treated in the same way as a private company the only difference being a list of partners will be obtained in place of the lists of directors and beneficial owners.

170. The identity of the partners or other beneficial owners with a beneficial interest of 25% or more of the partnership, including the General Partner/Managing Partner, must be verified in line with the requirements for private individuals.

171. If the General Partner/Managing Partner is a corporate entity, the identity of the ultimate beneficial owner of that corporate entity must be verified.

6.2.4 High-Risk Clients

172. In relation to High-risk clients, we will obtain at least the following information, added to both the standard information for Medium risk clients (save for overlapping requirements), or both:

  • Identification information for two executive directors (if applicable), in accordance with identification requirements for individuals; AND
  • In respect of Politically Exposed Persons (“PEPS”) senior management approval will need to be obtained together with details of the source of funds/wealth involved - see

6.11 Politically Exposed Persons.

173. For an entity, we will also obtain the following information:

  • Industry/sector of their clients
  • Products or services they offer and the delivery channels
  • New ventures
  • New products or services / new delivery channels / new client types
  • Any other information deemed relevant/necessary

6.2.5 High-risk third countries

174. For clients residing in or nationals of high-risk third countries, Enhanced Due Diligence measures must be applied:

  • verification of the identity of the customer or the beneficial owner
  • verification of the intended nature of the business relationship, and the source of funds,
  • verification of the source of wealth of the customer and the beneficial owner, as well as information on intended or performed transactions

175. The current list of high-risk third countries as defined by the European Commission lists the following 25 countries in 2022:

  • Afghanistan
  • Barbados
  • Bahamas
  • Burkina Faso
  • Cambodia
  • Cayman Islands
  • Democratic People's Republic of Korea
  • Haiti
  • Iran
  • Jamaica
  • Jordan
  • Mali
  • Morocco
  • Myanmar
  • Nicaragua
  • Pakistan
  • Panama
  • Philippines
  • Senegal
  • South Sudan
  • Syria
  • Trinidad and Tobago
  • Uganda
  • Vanuatu
  • Yemen and
  • Zimbabwe.

An up-to-date list can be found in High-risk third countries and the International context content of anti-money laundering and countering the financing of terrorism (Europa.eu)

6.2.5 Legal and accountancy firms

176. Firms that are members of a recognized professional body (accountants and lawyers) will often be set up as limited companies or partnerships. As they will be classified as low risk from a money laundering perspective FZCO has decided that there is no need to obtain the various documents that would apply to a private company or partnership that was not a member of a recognized professional body (Medium Risk Clients).

6.3 Partnerships

177. FZCO will treat partnerships and other unincorporated businesses in accordance with the requirements and guidelines set out above for private companies (as noted earlier this will not apply to partnerships that are members of a recognized professional body).
The standard information for all such businesses will consist of:

  • Evidence of trading address
  • Nature of business activities
  • List of all partners
  • Copy of partnership deed
  • A copy of the latest (audited, where available) financial statements.

178. The identity of the partners or other beneficial owners with a beneficial interest of 25% or more of the partnership must be verified in line with the requirements for private individuals.

179. If any of the partners is a corporate entity, the identity of the ultimate beneficial owner of that corporate entity must be verified in accordance with the requirements for individuals.

6.4 Non-UAE Governments and Public Authorities

180. When accepting a new client that is a government body or public authority in a country other than UAE, the approach to identification and verification has to be tailored. The guidance below should be sufficient to identify and verify most organizations but in the case of any doubt please seek advice from the MLRO.

181. The following information should be obtained:

  • Full name of the entity
  • Nature and status of the entity
  • Address of entity
  • Name of home state authority
  • Names of directors (or equivalent)

182. The firm will verify the name, address and where possible the home state authority.

183. For higher-risk organizations, the firm will undertake verification of the identity of two directors.

6.5 Trusts, Foundations, and Similar Entities

184. It is unlikely that our client base will include trusts. However, we do not rule out the possibility that we may be dealing with a trust. FZCO will treat trusts in accordance with its risk-based approach. In relation to trusts, we will have regard to the following considerations, as well as the general considerations outlined above in implementing our risk-based approach:

  • Transparency of the trust’s activities
  • The complexity of the trust’s structure (e.g. the presence of numerous layers of ownership)
  • Location of the trust (e.g. in a “tax haven” previously associated with money laundering)

185. In many cases, a trust will not be a separate legal entity but should still be regarded as the customer. The trustees of a trust will be considered the controllers. The purpose and objects of most trusts are set out in a trust deed. Please consult the Compliance Officer or MLRO if you are unsure as to who your client is.

186. Most trusts accepted as clients of FZCO will fall into the Medium risk category. If the trustees of a trust are all regulated entities or publicly listed companies it may be possible to consider them Low risk if there is nothing to suggest they should be treated otherwise.
For each trust, we will seek to obtain the following information:

  • Full name of the trust
  • Nature and purpose of the trust (e.g., discretionary, testamentary, bare)
  • Country of the establishment of the trust
  • Names of all trustees
  • Names of any beneficial owners (see below-concerning verification)
  • Name and address of any protector or controller

187. If the client is to be a low risk then it will be necessary to demonstrate that all trustees (i.e. controllers) are either regulated institutions or listed companies.

6.6 Medium-Risk Trusts

188. Trusts set up under testamentary arrangements and small, local trusts funded by small, individual donations from local communities, serving local needs, will be classified as Medium risk.

189. In addition to verifying information in accordance with procedures for Low-risk clients, we will obtain the following information:

  • Either a register search in the country of establishment;
  • Or a summary of the instrument establishing the trust.

6.7 High-Risk Trusts

190. Offshore trusts and trusts with complex structures will be classified as High risk. In respect of High-risk trusts FZCO will seek to obtain and, where appropriate, verify some or all the following additional information in addition to the information required for Low and Medium risk clients:

  • Names of the donor, settlor, or grantor of the funds (where there are large numbers of small donors, donors of 10% or more only)
  • Domicile of business/activity
  • Nature of business or activities of the trust
  • Operating address of the trust
  • Names and/or classes of the trust’s beneficiaries
  • Deed of Trust
  • Memorandum and Articles of Association
  • Certificate of Incorporation
  • Registered address and business address
  • List of Trustees
  • Full ID proof of Trustees, passports, addresses, verification, Thomson Reuters
  • Signatures
  • Power of Attorney
  • In the case of a charitable trust – the Charity Commission Register number
  • Name of the settlor or dummy settlor/protector/beneficiary (note - these are often the same person)
  • Full ID proof of Trustees, passports, addresses, verification, Thomson Reuters
  • Statement of the source of wealth
  • Witnessed Mandate to open an account

6.8 UAE & Non-UAE Charities

191. The following information must be obtained for all UAE and non-UAE registered charities - prior to opening the account:

  • Full legal name
  • Company registered number and charity registration number
  • Registered office in the country of incorporation
  • Business address
  • Nature of the company’s business
  • Completion of the Bank’s account opening form
  • Latest accounts
  • Mandate to open an account
  • Statement of the source of wealth (funds-donations, size, and regularity)
  • Beneficial owners
  • ID, passport, ID card, proof of address
  • Statement of source/s of funds

6.9 Beneficial owners

192. For all trusts, the identity of the beneficial owners will need to be verified. These will be:

  • The trustees or individuals having control over the trust
  • any individual who is entitled to a specified interest (that is, a vested, not a contingent, interest) in at least 25% of the capital of the trust property

193. Following our assessment of the money laundering risk presented by the trust, we may decide to verify the identities of additional trustees, and/or of the settlors.

6.10 Private Individuals

194. In cases where FZCO needs to identify a private individual, it will always seek to obtain the following information:

  • Full name
  • Residential address
  • Date of birth

195. In verifying the individual’s identity, we will obtain:

196. EITHER: A government-issued document that incorporates the client’s full name and photograph AND either their residential address or their date of birth

197. OR: A government-issued document (without a photograph) that incorporates the client’s full name. This must be SUPPORTED BY a second document, either government-issued, or issued by a judicial authority, a public sector body or authority, or another UAE-regulated firm in the AUE financial services sector, or in a comparable jurisdiction, which incorporates the client’s full name AND either their residential address or their date of birth

198. Client identification performed electronically should mirror the above requirements.

199. In the case of private individuals that have not been met by the firm an additional piece of acceptable documentation must be obtained.

200. Please refer to Appendix 4 for a non-exhaustive list of acceptable documents for individual identity verification.

201. If the client has been deemed to be of higher risk, then the following applies:

6.10.1 Verifying the Identity of Higher Risk Individuals

202. Full name, date, and place of birth must be verified using:

203. EITHER a current passport (to include the photograph page and pages containing reference numbers, date country of issue, nationality, and place of birth)

204. OR a national identity card (to include the photograph page and pages containing
reference numbers, date country of issue, nationality, and place of birth).

6.10.2 Verifying the address of higher risk individuals

205. At least one of the following original documentary evidence confirming the individual’s current residential address is required for all relationships classified as medium or high risk.

206. (The documents are listed in order of preference - Not all documents are appropriate in some countries):

  • Current national identity card (if not used to verify identity)
  • Current photographic driving license
  • Correspondence from a central or local government department or agency e.g. tax assessment or notice of tax code (issued during the previous 12 months)
  • Social security card (if current residential address is included)
  • Council tax demand letter or statement (issued during the previous 12 months)
  • Bank statement or credit card statement which shows the individual’s name and address (issued less than 3 months previously);
  • Mortgage statement (issued less than 3 months previously);
  • Utility bills (but not ones printed off the internet).

207. If an individual has lived at their current residential address for less than 12 months FZCO will require a document that confirms the individual’s previous residential address. Please note – a C/O address or PO Box is not acceptable.

6.11 Politically Exposed Persons (‘PEPS’)

208. It is necessary for enhanced due diligence (“EDD”) to be conducted when a client is a PEP or where one or more of the directors or beneficiary owners of a client is a PEP.

209. A PEP is defined as an individual who has, at any time in the preceding year, been entrusted with prominent public functions and an immediate family member or known close associate of such a person. The risks of Politically Exposed Persons (PEPs) are that they may handle proceeds of corruption and/or may offer, be offered, or expect/demand bribes. A prominent public function could include, but is not limited to:

  • Heads of state, heads of government, ministers, and deputy or assistant ministers
  • Members of Parliament (MPs)
  • Members of supreme courts or other high-level judicial bodies
  • Members of courts of auditors or of the boards of central banks
  • Ambassadors, chargés d’affaires, and high-ranking officers in the armed forces
  • Members of administrative, management, or supervisory boards of state-owned enterprises

210. There is no initial distinction between the locations of a PEP and the Money Laundering Directives identify domestic PEPs to be treated as PEP.

211. Politically Exposed Persons, and family members or known close associates of PEPs, are individuals who by virtue of their position pose an inherently higher money laundering risk, particularly if they are based in a higher-risk country or business. Money Laundering Regulations require us to monitor all PEP relationships due to the likelihood
that they will pose a higher risk.

212. When taking on new customers and updating existing customer Identification and Due Diligence, we must screen customers against publicly available PEP lists in order to determine if they are politically exposed.

213. In respect of PEPs FZCO must have

  • Senior management sign off on the NOA
  • evidence of the source of wealth and source of funds that are involved in the business relationship or transaction.

6.12 FATCA & Global Intermediary Identification Number (GIIN)

214. The Foreign Account Tax Compliance Act (FATCA) is a 2010 United States federal law to enforce the requirement for United States persons including those living outside the U.S. to file yearly reports on their non-U.S. financial accounts to the Financial Crimes Enforcement Network (FinCEN).

215. GIIN is an abbreviation of the Global Intermediary Identification Number. The FATCA Registration System approves foreign financial institutions (FFI), financial institution (FI) branches, direct reporting non-financial foreign entities (NFFE), sponsoring entities, sponsored entities, and sponsored subsidiary branches. Institutions and entities assigned a GIIN can use it to identify themselves to withholding agents and tax administrators for FATCA reporting purposes.

216. If an individual’s account holds any of the following seven criteria, we may need to request further information or documentation to determine if the customer is a US person under FATCA.

  • US citizenship or US residence.
  • US place of birth.
  • US address including US PO boxes.
  • US telephone number.
  • Repeating payment instructions to pay amounts to a US address or an account maintained in the US.
  • The current power of attorney or signatory authority granted to a person with a US address.
  • In the care of or hold mail address which is the sole address for the account holder.

6.13 Other Considerations

217. Passport copies should be clear and of good quality.

218. from sending original valuable documents by post.

219. Consideration should be given as to whether the documents relied upon may have been forged or altered in any way.

Chapter 7: Introductions by Intermediaries

220. FZCO may accept a confirmation from an intermediary that a client’s identity has been appropriately verified. We will take account of the following considerations when deciding whether it is reasonable for us to rely on an intermediary to have properly identified the client:

  • The public disciplinary record of the intermediary, to the extent it is available.
  • The nature of the client, the product or service sought, and the sums involved.
  • Any adverse experience of the intermediary’s general efficiency in business dealings.
  • Any other knowledge, whether obtained at the outset of the relationship or subsequently that we have regarding the standing of the intermediary.

7.1 Introducers

7.1.1 Reliance on Third Parties

221. Where the business relies on a third party for compliance with this policy or additional applicable AML requirements, the MLRO must ensure that such reliance is permissible under law and consistent with this policy, and reasonable under the circumstances.

222. When a relevant person relies on a third party to apply customer due diligence measures it:

  • must immediately obtain from the third party all the information needed to satisfy the requirements of regulations 28(2) to (6) and (10) in relation to the customer, the customer’s beneficial owner, or any person acting on behalf of the customer;
  • must enter into arrangements with the third party which:
  • enable the relevant person to obtain from the third party immediately on request copies of any identification and verification data and any other relevant documentation on the identity of the customer, the customer’s beneficial owner, or any person acting on behalf of the customer;
  • require the third party to retain copies of the data and documents referred to in line with record keeping policy for the period required by FZCO.

7.1.2 Regulated Financial Sector Firms

223. Provided the introducer satisfies the general criteria above, FZCO will normally be able to rely on an Introduction Certificate from a UAEregulated firm or regulated financial institution in a comparable jurisdiction.

224. An Introduction Certificate states that one regulated entity has conducted appropriate checks to satisfy money laundering requirements for a client. It can be forwarded to another regulated entity and can be relied upon to satisfy money laundering requirements by the entity receiving the Certificate.

7.1.3 Professional Firms

225. FZCO will not accept Introduction Certificates from lawyers, accountants, and other professionals but may rely on the copies of verification documentation supplied by a professional firm to us if these have been assessed by FZCO as satisfactory.

7.1.4 Firms in Non-Comparable Jurisdictions

226. If the introducing firm is located in a non-comparable jurisdiction, FZCO will either:

  • Identify the introduced client itself; or
  • Rely on an Introduction Certificate if it is accompanied by copies of identification documents certified in accordance with our standards.

7.2 Group Introductions

227. When a client is introduced by one part of a financial sector group to another, it is not necessary for their identity to be re-verified, provided that:

  • The client’s identity has been verified by introducing part of the group in line with standards in UAE, EU, or a comparable jurisdiction; and
  • A group introduction confirmation is obtained and held with the client’s records (except if FZCO has day-to-day access to all group client information and records)

228. It is the responsibility of the UAE firm to satisfy itself that the standards of identification are acceptable.

7.3 Production of Documents

229. Any Introducer must be able to supply copies of the client's due diligence documents to FZCO on request. The documentation should be provided within 48 hours unless an extended timeframe is agreed upon between both parties.

230. If at any time you become concerned that an introducer is not obtaining sufficient information on clients and or is unable to provide copies of documents on request, then this matter must be referred to the MLRO.

Chapter 8: Suspicious Transactions

8.1 Internal Reporting

8.1.1 Obligation to Report

231. Every member of FZCO ’s staff is required to make a formal report to the MLRO if, in the course of their employment, they know, suspect, or have reasonable grounds for either knowing or suspecting money laundering or terrorist financing. Reporting in accordance with this requirement will not result in a breach of the General Data Protection Act, confidentiality, or any other contractual or statutory provisions.

232. Remember that a duty to report a suspicion of money laundering exists even if a potential client does not conduct any business through FZCO, or if we decline the business. The obligation to report is in respect of anyone, whether the firm’s client or not. This is different from the obligation to report fraud that applies to FZCO ’s actual, and not potential, clients only.

8.1.2 Objective Test

233. It is important to understand that a person could be found guilty of a failure to report even if they did not actually suspect but ought to have suspected money laundering. The test is whether an honest and reasonable person, working within the financial services industry, would have formed a suspicion based on the facts available at the time.
Generally, to satisfy this test you would have to know your client, their business, and the rationale for their instruction, activity, or transaction. A failure to make adequate inquiries or assess relevant facts will not provide protection against the objective test of reasonable suspicion.

234. A suspicious activity or transaction will often be:

  • Any transaction or instruction that is not logical from an economic, financial, or banking point of view.
  • Any transaction where the amount, duration, or other specific feature is inconsistent with the customer's professional or business activities or expected account activity.

235. Reasonable grounds to know or suspect is a negligence test as a deterrent against those in banks and other financial sector banks who fail to act competently, reasonably, and honestly where information before them ought to make them suspect money laundering. It may therefore be considered to cover:

  • Wilful blindness i.e. turning a blind eye to the obvious.
  • Negligence i.e. failing to make adequate inquiries that an honest and reasonable person would be expected to make in the circumstances.
  • Failing to assess adequately the facts and information that is either presented or available would put an honest and reasonable person on inquiry.

8.1.3 Timing of Reporting

236. The obligation is to make a report without undue delay and not later than two business days after the identification of the suspicious activity or transaction.

8.1.4 Discharge of Individual Responsibility

237. By submitting a report to the MLRO you will discharge your individual responsibility, thus protecting yourself from criminal prosecution for the offense of a failure to disclose. Therefore, when reporting a suspicion, you will receive a formal written acknowledgment from the MLRO. Please retain it for your own records.

8.1.5 Consultation with a Colleague or Line Manager

238. It is acceptable to discuss your suspicion with your line manager. However, if after consulting your line manager you remain suspicious, it is your responsibility to ensure that a report is submitted to the MLRO.

239. While a line manager may comment on the proposed report, they do not have the authority to block or attempt to block any report being made to the MLRO. Should you encounter an attempt to prevent a report from being made, you should discuss this with the MLRO directly.

240. In addition, if you consult a colleague, this colleague will have knowledge on the basis of which they must consider whether or not to make a report to the MLRO. To avoid making duplicate reports, the colleague, if suspicious, should only report if they are reasonably satisfied that the employee will not make such a report.

241. To reduce the risk of inadvertently tipping off a client the case should be discussed with as few people as possible.

8.1.6 Continuous Obligation to Report

242. Making a report does not remove the need to notify the MLRO of further suspicions that may arise with the same or different client. If further suspicions arise additional reports must be made to the MLRO.

8.1.7 After Submission of a Report

243. Until the MLRO informs you that no report to FIU is to be made, any further transactions or activity in respect of the suspected client must be reported to the MLRO as soon as they arise.

8.1.8 MLRO’s Determination

244. The MLRO will consider the report and surrounding circumstances and decide whether or not to submit an external report to FIU. If the MLRO decides to do so, they must do this as soon as practicable.

245. In order to undertake this investigation, the MLRO may need further information or access to client files. The MLRO must be given free access to all client records. If further information needs to be obtained from the client or from an intermediary, then this should normally be obtained by the employee with the client relationship. This is to
minimize the risk of alerting the client or intermediary that a disclosure of FIU is being considered.

246. The MLRO will record all internal inquiries made in relation to the report of suspicion and the basis for their decision to make or not to make a report to FIU.

247. A failure to make a report when there are reasonable grounds for suspicion may constitute assistance, potentially incriminating you as a party to a crime.

248. If disclosure to the MLRO causes them to acquire knowledge or suspicion of money laundering (or gives them reasonable grounds for such knowledge or suspicion) and the MLRO fails to make a report to FIU, then they will be committing the offense of a failure to disclose.

8.1.9 Pre-Transaction Reporting to FIU

249. If a pre-transaction report is made by the MLRO to FIU, no business may be conducted with or for a client until you receive consent from FIU. FIU has 7 working days, from the working day following the day of the disclosure, in which to respond to the MLRO. Dealing with or advising a client before receiving consent from FIU may constitute one of the offenses, that is concealing, arrangements or acquisition, use, and possession.

250. Note there are no provisions under the Terrorism Act for consent to be given within a specified period. If a report is made to the FIU under this Act no related transaction or activity is allowed to proceed until FZCO has been contacted by FIU or a law enforcement agency.

251. The MLRO will inform you whether FIU consents to you dealing with the client or not. Please liaise directly with the MLRO who will provide guidance on what information may be provided to a client or potential client.

8.1.10 Post-Transaction Reporting to FIU

252. Since FIU cannot provide consent after a transaction or activity has already occurred, it will provide an acknowledgment of receipt of a report to the MLRO. In the absence of an indication to the contrary from the MLRO, you may deal with the client as normal.

However, you must inform the MLRO of every interaction with the client and seek guidance on how to deal with that client.

8.1.11 Contact with Client and Third Parties

253. Any contact from the client questioning the delay in processing their transaction needs to be handled very carefully. In these circumstances, please liaise closely with the MLRO.

254. Whether or not FIU allows you to proceed with a transaction, you may not tip off the client that a disclosure to the authorities has been made. Neither may you disclose that such a disclosure has been made in response to a data protection request.

255. Unless specifically authorized to do so, you must not discuss any reports of suspicions of money laundering with third parties. Any requests for information from third parties, such as the Police or Customs, must be immediately referred to the MLRO.

8.1.12 Court Orders

256. Any evidence to be presented in Court will be obtained under a court order. The following are the types of orders that may be served on FZCO as part of an investigation.

  • a disclosure order from any law enforcement organization
  • an account monitoring order from any law enforcement organization
  • a search and seizure warrant
  • All such orders should be passed to the MLRO immediately who will liaise with FZCO ’s legal advisers as appropriate.

8.1.13 Failure to Make a Report

257. FZCO will take disciplinary action against any member of staff who fails to report a suspicion without a reasonable excuse.

8.1.14 Form of Reporting

258. Please make your report to the MLRO on the Suspicious Transaction Reporting Form (Money Laundering) attached as Appendix 1. Please give as much information on this form as possible to assist the MLRO.

8.2 Examples of Suspicious Activity

259. Below is a list of activities that may give rise to a suspicion of money laundering or terrorist financing. This is not an exhaustive list of circumstances; neither will they necessarily give rise to suspicion. However, any of these occurrences are likely to form a basis for further inquiry in most cases. It will be ultimately a matter of your own
consideration to decide whether or not to report a suspicion.

  • Transactions with no apparent purpose or that make no economic sense
  • Transactions of a size or pattern which is out of line with transactions normally undertaken by the client
  • The client refuses to provide the information requested
  • Accounts that are used for a short period of time only
  • Dormant accounts that get reactivated
  • Extensive use of offshore vehicles or structures, especially if they do not make economic sense
  • Unnecessary routing of funds through third-party accounts

8.3 Ongoing Relationships with Suspicious Clients

260. FZCO’s policy is not to maintain relationships if the firm believes we may be used for money laundering. Where a client has been involved in a suspicious transaction, the MLRO, together with the senior management, makes a decision regarding the ongoing relationship with that client. If we decide to continue a client relationship, we may implement increased monitoring of the client’s account.

261. Where a client has been the subject of a referral to FIU by the MLRO, the MLRO must be informed before any action is taken to exit the relationship. In such circumstances, the MLRO will consult FIU to obtain permission to terminate the client relationship.

8.4 Data Protection – Subject Assess Requests (SARS)

262. Occasionally SAR will be received in respect of a client where an internal or external suspicious transaction report has been made. Whilst the General Data Protection Regulations (“GDPR”) seeks to ensure all information is included in any response to a SAR request; it does allow to the omission of information that may prejudice the prevention or detection of crime. Any such request will need to be handled sensitively and will require the MLRO to liaise with FIU as well as their legal advisers when deciding whether to omit any information. Any decision in respect of any exemption must be clearly documented.

8.5 Record Keeping

263. Article 5 (e) of the GDPR states personal data shall be kept for no longer than is necessary for the purposes for which it is being processed.

264. For Money Laundering purposes, records of all internal and external reports together with any supporting documentation must be retained for 5 years from the date of the report. If, however, the firm is aware of an ongoing investigation in relation to any report it must be retained until the relevant agency has confirmed that the case is now closed.

Chapter 9: Training and Awareness

9.1 Introduction

265. For the purpose of this manual “Awareness” refers to actions taken by FZCO to ensure that on an ongoing basis, personnel is informed of money laundering and associated risks as well as their individual and collective responsibilities.

266. “Training” refers to a more specific process whereby staff is educated on specific areas, their attendance is recorded, and understanding is measured.

267. FZCO has a legal responsibility to ensure that person receives appropriate anti-money laundering training. Failure to provide training may constitute a criminal offense.

9.2 Awareness

268. It is our policy to ensure that all employees are aware and kept up to date with money laundering developments. This Policy serves as the basis for awareness within FZCO. It will be supplemented with additional material as and when necessary.

269. At the start of their employment, every employee must be given a copy of this Handbook and must sign an Anti-Money Laundering Policy Declaration attached as Appendix 6 to confirm that they have read and understood the provisions of this Handbook.

9.3 Training

270. FZCO provides training to relevant staff upon recruitment and on an annual basis. The definition of “relevant staff” is set as widely as possible to encompass all employees who may be able to identify suspicious transactions during the course of their work. The requirement to train relevant staff is also applicable to any part-time, temporary, or consulting staff.

271. Anti-money laundering training will, as a minimum, comprise the following issues:

  • The need to obtain sufficient evidence of identity
  • Recognition and reporting of suspicions of money laundering via the MLRO to FIU
  • The identity and responsibilities of the MLRO
  • Anti-money laundering rules, guidance, and regulations
  • Effects of breaches of money laundering legislation on FZCO and its Employees

272. Attendance or completion of anti-money laundering training is mandatory for all relevant personnel. If you are unable to attend on a scheduled training date you should contact the course organizer or provider as soon as possible to arrange an alternative date. Repeated failures to attend training courses may result in disciplinary action.

273. If, after attending a training course, you feel that you would benefit from further clarification on certain subjects; please contact the MLRO.

9.4 Screening of Staff

274. FZCO will conduct initial and periodic screening of relevant staff. Relevant staff includes compliance staff, employees in the front office, those who introduce the business, and those who engage with clients.

275. The initial and annual screening will include an assessment of the individual’s skills, knowledge, and expertise in order to ascertain whether they are capable of carrying out their functions effectively, as well as conducting an assessment of the conduct and integrity of the individual.

9.5 Record Keeping

276. FZCO will retain the records of all materials issued to its personnel in relation to anti-money laundering, counter-terrorism, and sanctions training and awareness for at least 5 years from the date of issue of materials.

277. These records will include the names of attendees, dates of all training sessions, the content of courses and presentations, and, where applicable, test results. All staff will be required to sign the Register of Attendees attached as Appendix 2 confirming that they have received training and understood their legal responsibilities.

278. FZCO will retain the records in relation to the screening of staff for at least 5 years from the date of issue of material.

Chapter 10: Monitoring

10.1 Introduction

279. Due to FZCO ’s size and nature of its business, the firm, in monitoring clients’ activities, places reliance on two main factors:

  • Having up-to-date client information; and
  • Asking pertinent questions to elicit the reasons for unusual transactions

10.2 Up-To-Date Client Information

280. We ensure that the information we keep about our clients is up-to-date through regularly performing client reviews. The frequency of such reviews is determined by the client’s risk category. Apart from the transaction monitoring on each account, we review our clients with the following frequency:

  • Low-risk clients are re-assessed every 5 years
  • Medium-risk clients are re-assessed every 3 years
  • High-risk clients are re-assessed at least annually
  • PEPs are re-assessed six monthly

281. The purpose of these reviews is to identify any significant changes to the corporate structure, management, and activities of the client. Unless the MLRO resolves otherwise, it is not always necessary to obtain all the information required for account opening or to re-verify all identification information. These reviews are coordinated by the MLRO. In addition to reviewing changes to the client’s structure, management and profile an overall review of the client’s activity over the period is normally conducted. This will allow FZCO to assess if there have been changes in the client’s activity which could be considered unusual given the information held about the client.

282. Notwithstanding these timescales, should any member of staff become aware of a change in the circumstances of a client, for example, a change of ownership structure or a move into a new business area, this information should be recorded on the client file immediately. If this information could affect the risk assessment of the client then the
MLRO should be informed. The MLRO will then decide if there is a need to re-evaluate the client’s risk assessment.

10.3 Transaction Monitoring

283. We consider that a combination of anti-money laundering training and commercial awareness will enable our staff to monitor for, recognize and report suspicious activities.

284. We will seek to understand the rationale for the client undertaking a particular transaction or activity. When identifying unusual or potentially suspicious activity our staff will use their knowledge of the client and of what would be normal in a given set of circumstances.

285. In general terms, all members of staff should have regard to the following considerations when monitoring client accounts, as well as factors detailed in other chapters of this Policy:

  • Whether the financial performance of an enterprise is in line with the nature and scale of its business, and whether the corporate finance services it seeks appear legitimate in the context of those activities
  • Whether the transaction has no apparent lawful or economic purpose
  • The unusual nature of a transaction: e.g., abnormal size or frequency or complexity for that client or type of client
  • The nature of a series of transactions: for example, a number of cash payments, a complex series of transactions
  • The geographic destination or origin of payment: for example, to or from a high-risk jurisdiction
  • Whether the transactions are in support of a client seeking to purchase, or purchasing a “golden passport”, i.e. the client applies for residence rights or citizenship in any country in exchange for capital transfers, purchase of property or government bonds, or investment in corporate entities
  • The parties concerned: for example, a request to make a payment to or from a person on a Sanctions List.

286. However, FZCO recognizes that while staff training is important, it is not a comprehensive substitute for transaction monitoring. Therefore, on a quarterly basis, FZCO will formally review all transactions undertaken each quarter to ensure that no money laundering has been facilitated or taken place.

287. Please refer to the Post-Transaction Review Form contained in Appendix 7 of this Handbook.

10.4 Record Keeping

288. Evidence of all monitoring undertaken by FZCO will be retained for a period of at least 5 years from the date of the review.

Chapter 11: Records Retention

11.1 Introduction

289. This chapter provides guidance on the record-keeping procedures that FZCO needs to meet its obligations in respect of the prevention of money laundering and terrorist financing.

290. Keeping adequate records will ensure that FZCO can:

  • Provide an audit trail for all advice given and activity undertaken on a client’s behalf
  • Provide adequate information to law enforcement agencies to assist with their investigations
  • Undertake to monitor of client activity against expectations
  • Identify and report any suspicious activity
  • Provide evidence of meeting all statutory and regulatory obligations.

11.2 What records must be kept?

291. The following material must be kept:

  • Client information, including evidence of identity
  • Details of all transactions made on behalf of each client
  • Internal and external reports of suspicion
  • Reports sent to ROC of discrepancies in a client’s beneficial ownership information
  • MLRO annual report and any other reports
  • Information not acted upon
  • Training and compliance monitoring
  • Information about the effectiveness of training

292. Keeping the required records for the specified time period will not result in FZCO breaching the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data). This information will be made available to the competent authorities in the context of any relevant criminal investigations and prosecutions.

11.3 Identification Records

293. Client identification records must be kept for a period of at least 5 years from the date of the end of a client relationship. That is either the date of the last transaction with the client or the closure of the client's account, whichever is the latest.

294. The revised FATF Recommendations demonstrate that, in order to be able to cooperate fully and comply swiftly with information requests from competent authorities for the purposes of the prevention, detection, or investigation of money laundering and terrorist financing, obliged entities should maintain, for at least five years, the necessary information obtained through customer due diligence measures and the records on transactions.

295. In order to avoid different approaches and in order to fulfill the requirements relating to the protection of personal data and legal certainty, the retention period should be fixed at five years after the end of a business relationship or of an occasional transaction.
However, if necessary for the purposes of prevention, detection, or investigation of money laundering and terrorist financing, and after carrying out an assessment of the necessity and proportionality, Member States should be able to allow or require the further retention of records for a period not exceeding an additional five years, without prejudice to the national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings.

11.4 Transaction Records

296. Transaction records must be kept for a period of at least 5 years from the date of the transaction. They should be maintained in a form that provides a satisfactory audit trail of all transactions effected via FZCO allowing their reconstruction.

11.5 Third party Record Keeping

297. It is FZCO’s responsibility to ensure the third party complies with the record-keeping obligations. This principle applies to the use of third-party service providers such as introducers or administrators.

11.6 Internal and External Suspicious Transaction Reports

298. We will retain the following records of any reports of suspicions of money laundering regardless of whether the MLRO made a report to FIU. These records will consist of:

  • Records of actions taken under the internal and external reporting requirements
  • When the MLRO had reviewed an internal report and decided not to make a report to FIU, a record of all the information considered
  • Copies of reports of suspicions submitted to FIU

299. These records will be retained for 5 years from the date the report is made. However, if FZCO is aware that either FIU or another law enforcement agency is investigating a client, FZCO will retain all records in relation to that client until the agency confirms that the case is closed. If, within 5 years of a disclosure being made, FZCO has not been advised of an ongoing investigation, it may destroy the records.

11.7 Anti-Money Laundering, Counter Terrorist and Sanctions Training Records

300. We will retain the following records for at least 5 years in relation to Anti-Money Laundering (“AML”) training:

  • Date(s) AML training was given
  • Nature and content of the training
  • Names of people who received the training
  • The results of the tests taken, if applicable

11.8 Compliance Monitoring Records

301. The following records are retained for at least 5 years in relation to compliance monitoring:

  • Annual MLRO report to the board and any other reports to senior management
  • Records of consideration of those reports and of any action taken as a consequence

11.9 Refused Business Records

302. Where a business has been refused because it does not meet our client identification, verification and KYC standards, a record of the refusal will be retained for 5 years.

11.10 Wire Transfer and Electronic Payment Records

303. All electronic payment messages should contain sufficient information to identify the parties involved (i.e. both the party making the payment and the beneficiary). This information should include full names, addresses and account numbers. Where this information cannot be provided in the electronic payment message, full records must be retained.

11.11 Format and Retrieval of Records

304. FZCO aims to reduce the volume and density of records. While still complying with the statutory requirements we may choose to keep records:

  • By way of original documents
  • By way of photocopies of original documents
  • On microfiche
  • In scanned form
  • In computerized or electronic form

305. FZCO may keep records either offsite or outside UAE but will remain responsible for ensuring that all required records can be made available without undue delay and meet the UAE regulatory requirements. FZCO will ensure that all records, however, kept, are capable of being retrieved within 48 hours. FZCO will, whenever possible, seek to retain all records on the business premises.

11.12 Sanctions and Penalties

306. Where a firm fails to observe the record-keeping requirements either the firm or relevant person(s) or both are open to prosecution.

To view the Appendix, download the full text of the file at the top