“Money laundering is the generic term used to describe the process by which criminals disguise the original ownership and control of the proceeds of criminal conduct by making such proceeds appear to have derived from a legitimate source.” Source ICA (www.int-comp.org).
“Terrorist financing is the process by which terrorists fund their operations in order to perform terrorist acts. Terrorists need financial support to carry out their activities and to achieve their goals. There is little difference between terrorists and other criminals in their abuse of the financial system. While different from money laundering, terrorists often exploit similar weaknesses in the financial system.” Source ACAMS (acams.org).
“Sanctions – The United Arab Emirates (UAE), as a member of the UN, is committed to implementing the United Nations Security Council Resolutions (UNSCRs), including those related to UN sanctions regimes. Consequently, through the Cabinet Resolution No. 74 of 2020, the UAE is implementing UNSCRs on the suppression and combating of terrorism, terrorist financing & countering the financing of proliferation of weapons of mass destruction, in particular, targeted financial sanctions (TFS) regimes as defined by the UN.
1. CFP Technology FZCO (“FZCO” or the “Firm”) is committed to maintaining effective prevention and detection measures to assist law enforcement authorities in combating financial crime. This handbook sets out the policies and procedures which have been adopted to meet CFP Technology’s legal obligations under UAE anti-money laundering and counter-terrorist legislation.
2. These policies and procedures must always be adhered to.
3. FZCO always seeks to ensure that:
4. Money laundering, fraud, and market abuse threats are dynamic, and criminals constantly devise new techniques and exploit the easiest targets in the financial services sector. To mitigate the risk of being used as a vehicle for financial crime FZCO will systematically assess, mitigate, and monitor these risks. It will seek to identify fraud, money laundering, and market abuse as well as conduct risk implications at an early stage of the client acceptance process, escalate this to senior management and take appropriate action.
5. A risk-based approach adopted by FZCO drives our overall strategy of fighting financial crime. Through this approach, we identify the areas of greatest vulnerability and focus our resources on those areas. Ultimate responsibility for this approach lies with the senior management but all staff carries a responsibility to maintain the effectiveness of systems and controls.
6. Customer Due Diligence (CDD) is the mid-level risk-based approach and as such, is the entry-level of all measures. Once entered at the CDD level, up-risk or down-risk processes may be applied.
7. Given the continually evolving environment and the nature of the risks involved, It is not possible to cover every possible eventuality in this handbook. Should an issue arise that is not specifically covered in this handbook, employees should refer to the MLRO for further guidance.
8. The DFSA as a supervisory authority is committed to maintaining an Anti-Money Laundering (AML), Combating the Financing of Terrorism (CTF) and Counter-Proliferation Financing (CPF) regime that acts as a significant deterrent to any criminal elements. Money laundering is the process by which criminals attempt to hide and disguise the true origin and ownership of the proceeds of their criminal activities, thereby avoiding prosecution, conviction, and confiscation of criminal funds.
9. Money laundering and terrorist financing risks are closely related to the risks of fraud and insider dealing. While these are separate offenses, money laundering involves handling the proceeds of any crime, including the proceeds of these activities.
10. The ability to launder the proceeds of crime through the financial system is vital to the success of criminal operations. London, as one of the world’s major financial centers, has a major role to play in combating money laundering. Firms that become involved in money laundering risk prosecution and damage to their reputation.
11. In recognition of this the procedures that FZCO has adopted, to reduce the incidence of financial crime, focus on knowing our clients, understanding their businesses, carrying out proportionate verification checks, and identifying and reporting suspicious activity.
12. FZCO is subject to UAE Federal AML, CTF, and CPF legislation which includes:
13. In order to comply with UAE laws, regulations, and guidance, FZCO adopts the following principles.
14. FZCO has implemented policies, procedures, and controls aimed at deterring criminals from using FZCO for the laundering of proceeds of crime. These policies and procedures are tailored to the risk posed by individual clients, in accordance with UAE laws.
15. FZCO has appointed its Money Laundering Reporting Officer (“MLRO”). The MLRO acts as the central point of contact both with law enforcement agencies and internally, in relation to all matters relating to money laundering.
16. The MLRO monitors FZCO’s compliance with anti-money laundering procedures and submits reports to senior management at least on an annual basis.
17. FZCO has established Customer Due Diligence procedures to identify the users of its services and, in relation to higher-risk clients, the principal beneficial owners and origins of funds. These procedures include knowing the nature of our client’s businesses and being alert to abnormal transactions.
18. Suspicious activity includes, but is not limited to, any transactions or account activity that is not customary, routine, or commensurate based upon past or expected transactions or activity, or that is otherwise suspicious or lacking an apparent business or legal purpose.
19. Unexplained or abnormal transactions or activities that are suspected of being linked to criminal activity should be reported to the MLRO in writing without delay using the Suspicious Transaction Reporting Form (Money Laundering) in Appendix 1, reports will be highly confidential and can be made anonymously. The MLRO will determine whether to report the suspicions to the Financial Intelligence Unit (FIU). If the MLRO is absent, reports should be made to the appointed Deputy MLRO. An acknowledgment of receipt should be obtained from the MLRO for every such report.
20. All personnel must be informed of their individual and collective responsibilities and FZCO ’s anti-money laundering policies. Personnel is provided with training to enable them to understand the vulnerabilities of FZCO ’s business and to recognize and report suspicious activities.
21. Copies of all training material must be kept at all times and referred to by the attendance registers or ad-hoc training as may occur.
22. FZCO keeps records of who has been trained and the timing and form of training sessions. We retain all records verifying the identity of our clients for at least 5 years following the end of the business relationship. We also retain the records of any internal reports of suspicion submitted to the MLRO and any disclosures made to FIU.
23. All changes to this policy must be version controlled and details of changes made are recorded appropriately. This may be used as a defense if any litigation arises from actions by the Firm or its staff.
24. There are a number of pieces of legislation that make up the UAE Anti-money laundering/counter-terrorist financing legal framework.
25. A brief summary of the main pieces of legislation is provided below. All employees of FZCO should be aware that it is not only the firm that is subject to the legislation but also the employees within the firm. Failure to comply with certain aspects of the legislation can result in an individual being subject to prosecution with the threat of a custodial sentence or fine.
26. Offences are punishable whether the attempt to launder money was successful or not.
27. Criminal conduct is conduct that constitutes an offense in any part of UAE (or would constitute an offense in any part of UAE. if it occurred there).
28. Property is criminal property if it constitutes a person's benefit from criminal conduct or it represents such a benefit (in whole or part and whether directly or indirectly), and the alleged offender knows or suspects that it constitutes or represents such a benefit. It is immaterial:
29. A person benefits from conduct if they obtain property, advantage, or benefit as a result of or in connection with the conduct or any other conduct. Where the property is land, this includes a servitude, right, or interest in relation to that piece of land. Property is all property wherever situated and includes:
30. A person commits an offense if he enters into or becomes concerned with an arrangement that he knows or suspects facilitates (by whatever means) the acquisition, retention, use, or control of criminal property by or on behalf of another person.
31. Concealing the source of illicit gains, aiding, abetting money laundering, and inciting and attempting the offense can be considered a criminal offense.
32. This offense is punishable by imprisonment and/or a fine.
33. A person commits this offense if he:
34. This offense covers any conduct wherever it takes place if it would constitute a criminal offense if committed in UAE. This excludes minor offenses committed overseas where the conduct is lawful in the jurisdiction where the offense in question is committed (for example, bullfighting in Spain). This offense however includes, but is not restricted to, drug trafficking, terrorist activity, corruption, theft, fraud, tax evasion, robbery, forgery, product piracy, illegal deposit taking, blackmail, and extortion.
35. It is a defense to show that a person reported their suspicion to the MLRO (in the case of the MLRO, to a law enforcement agency).
36. This offense is punishable by imprisonment and/or a fine.
37. It is a criminal offense that a disclosure has been made to either FIU or the MLRO or that the police or customs authorities are carrying out or intending to carry out a money laundering investigation.
38. It is a defense to show that a person had either lawful authority or a reasonable excuse to make the disclosure. It is also a defense that a person neither knew nor suspected that the disclosure would prejudice an investigation.
39. Tipping off is punishable by imprisonment and/or a fine.
40. It is a criminal offense for persons working in the regulated sector not to disclose if they have reasonable grounds to know or suspect, in the course of their employment, that another person is engaged in money laundering. The report should be made without undue delay and not later than two business days after the identification of the suspicious activity or transaction. This offense also covers a failure of the MLRO to report a suspicion to FIU without a reasonable excuse.
41. Reporting to the MLRO in accordance with FZCO ’s procedures will satisfy the obligation to report.
42. Legislation protects those reporting suspicions of money laundering from claims in respect of any alleged breach of client confidentiality.
43. Failure to disclose is punishable by imprisonment and an unlimited fine.
44. FZCO’s business activities are within the scope of the Money Laundering Regulations and we, therefore, have in place appropriate policies and procedures covering:
45. FZCO is aware that they are sanctioned for not having adequate procedures in place.
46. Failure to comply with the Regulations constitutes an offense punishable by imprisonment, a fine, or both.
47. The US criminal money laundering laws, in particular the USA Patriot Act 2001, have extra-territorial effects. Where FZCO has any established activities in, or linked to the USA, whether through a branch, subsidiary, associated company, or correspondent banking relationship there is a risk that US regulations and sanctions may apply. This includes dealing with clients that are US citizens, whether these legal obligations apply will be determined during the KYC/KYB checks. The MLRO ensures that where this falls into scope procedures are followed to ensure compliance.
48. The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC acts under Presidential national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze assets under US jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments.
49. The OFAC Main Page can be found at: https://home.treasury.gov/
50. OFAC Sanctions Lists can be found at:
51. Currently there are a number of sanction programs in operation internationally. FZCO is required by law to ensure full compliance and ensure that any links are identified, directly or indirectly. Such links may include:
52. In consideration of this, where one of the above criteria is indicated for a prospective client, the AML Compliance Officer should escalate to the MLRO for review, who may seek legal advice from FZCO’s Board members if required.
53. The full list of current programs in operation in UAE, including the list of destinations with trade restrictions and terrorist organizations can be found here: https://www.uaeiec.gov.ae/en-us/un-page?p=2#
54. All new account openings must ensure that all prospective client names are subject to KYC screening which will check applicable international sanction lists. In accordance with the risk matrix, it may be necessary to also check all directors and shareholders, ensuring that they are added to the ongoing screening database when deemed necessary.
55. As a matter of good practice, for high-risk clients the MLRO may deem it necessary to independently review the Sanctions List and run an OFAC search using this source: https://ofac.finra.org/#/
56. If in doubt about the nature of any of the information listed in the sanctions section, speak with the MLRO.
57. The Firm may use external third parties for electronic checking.
58. A breach of the International Sanctions Act carries a fine of up to €400,000.
59. A predicate offense is a crime that is a component of a larger crime. For FZCO this would be predominantly any crime that generates monetary income.
60. The expanded list of predicate offenses:
61. FZCO has appointed Money Laundering Reporting Officer (“MLRO”). The MLRO has overall responsibility for the establishment and maintenance of effective anti-money laundering systems and controls.
62. The MLRO is a required function. The expects the MLRO to be based in UAE and to be of sufficient seniority within FZCO to be able to act on his own authority. The MLRO must have access to all Know Your Business/Customer information, data, and dashboards. The MLRO’s responsibilities include the following:
63. While the MLRO may delegate their duties to another appropriate person, such delegation needs to be documented.
64. FZCO’s personnel must not discuss any issues relating to the firm’s anti-money laundering policies and procedures with any third parties without the prior consent of the MLRO. All requests from the DFSA, FIU, Police, or other investigating and enforcement agencies must be referred to the MLRO without delay.
65. The following orders may be served on FZCO as part of an ongoing investigation. Should you receive any such order, please give it to the MLRO without delay:
66. FZCO is required to operate a risk-based policy in order to identify, manage and mitigate the risks associated with the firm being used for money laundering or terrorist financing. This approach will identify the most cost-effective and proportionate way to manage and mitigate the risks posed to the firm. It is accepted that a risk-based regime cannot be a zero-failure regime but that it should strike a balance between cost and the realistic threat of being used for money laundering or terrorist financing. The aim is to focus the efforts where they are most needed and will have the most impact.
67. A risk-based approach requires FZCO to undertake the following steps:
68. FZCO adopts a risk-based approach to business that enables it to utilize its resources in the most efficient and cost-effective manner. While we will, as far as reasonably practicable, ensure consistent application of our risk-based approach, we recognize that this approach cannot anticipate every eventuality. Therefore in any given case the Compliance Officer or MLRO may exercise their judgment in deciding whether or not to deviate from the written policies. This judgment will be clearly reasoned and documented.
69. When and if FZCO deals with clients located in countries without adequate anti-money laundering standards it will either obtain additional Customer Due Diligence information or perform more intensive monitoring of the client’s account. Countries presenting a high geographical risk are those where:
70. A useful source of information on geographical risk is Transparency International: www.transparency.org
71. The Transparency International Corruption Perception Index is attached to the Handbook as Appendix 8. The up-to-date index can be found at http://www.transparency.org/ Downloading the information package provides a host of data and it is subdivided into continents.
72. FZCO’s client base is divided into three risk categories: Low, Medium, and High. The Compliance Officer or MLRO determines to which category a client belongs. They will record the basis of assessment for each client. Given the nature of business undertaken by FZCO, it is expected that the majority of our clients will be assessed as either Low/Medium/High Risk. The entry-level is medium risk and evaluation is performed from that point.
73. The following should be used as guidance when applying a risk-based approach to the assessment of money laundering risk posed by each client. Consideration of the overall information held may alter the risk profile of the client.
74. Regulated financial institutions based in UAE; those located in EU, FATF, or comparable jurisdictions. A list of comparable jurisdictions and a list of FATF member countries can be found in Appendix 5.
75. Companies or their subsidiaries (50% or more) whose shares are traded on EU regulated market or equivalent exchange. A list of such exchanges can be found in Appendix 5.
76. A third country is identified by credible sources as having a low level of corruption or other criminal activity, such as terrorism, money laundering, and the production and supply of illicit drugs. Furthermore, a third country, on the basis of credible sources, such as evaluations, detailed assessment reports, or published follow-up reports published by the Financial Action Task Force, the International Monetary Fund, the World Bank, the Organisation for Economic Co-operation and Development, or other international bodies or non-governmental organizations:
77. Reputable, well-known organizations, with long histories in their industries or large market capitalization and with substantial public information about them and their principals and/or controllers.
78. Clients represented by those whose appointment is subject to court approval or ratifications (e.g. executors)
79. The following are examples of what would normally be considered High Risk. This list is not exhaustive.
80. All other clients that do not fall within either a low-risk category or a high-risk category including (but not restricted to):
81. FZCO will take the following additional considerations into account when determining the risk posed by a client. While these considerations will not determine the risk on their own, they will be considered alongside other factors in judging the overall money laundering risk posed by a particular client.
82. Risk management is a continuous process. The MLRO is responsible for ensuring the firm’s risk assessment is up-to-date and appropriate. This is done by means of an ongoing risk assessment.
83. On an ongoing basis the MLRO will review FZCO ’s business activities, including:
84. The MLRO will identify any changes to FZCO ’s services that may expose the firm to a higher risk of money laundering. This may also highlight the need for a formal assessment of risks posed by either of our client categories or individual clients. The results of this ongoing assessment will be detailed in the annual MLRO Report to senior management.
85. The Money Laundering Regulations specify the Customer Due Diligence (CDD) measures that are required to be carried out, the timing, as well as actions required if CDD measures are not carried out. The purpose of this chapter is to provide guidance on the following:
86. For lists of the documentation to be obtained and verified in respect of specific business types please refer to Chapter 6 of this handbook.
87. CDD is the entry-level approach that the Firm must take. Following this, evidence to ensure SDD or risks identified to raise the level of EDD is then taken.
88. The CDD measures that must be carried out involve:
89. These measures are designed to make it harder for the financial services industry to be used to launder money or fund terrorism.
We will apply CDD to all customers on a risk-sensitive basis, and monitor the service provider to ensure that the measures taken are appropriate.
90. FZCO will ensure that it has completed appropriate client due diligence prior to entering into a legally binding agreement with the client to undertake regulated business.
91. The Compliance Officer/MLRO may, at his discretion, allow an account to be opened before all the documentation has been obtained if it is necessary in order not to interrupt the normal conduct of business and there is little risk of money laundering. In these cases, the decision must be fully documented, and all outstanding documentation obtained as soon as possible. In these instances, the firm should not make any payments from that account either to the client or to a third party until such times as the documentation has been obtained and verified.
92. If FZCO is unable to comply with the required CDD measures in relation to a customer, then the firm must not undertake any transactions for that client and should terminate any existing relationship. At this point, it will be necessary to consider making a Suspicious Transaction Report to the MLRO.
93. If the client does not possess the right documents, then the firm should consider whether there are any other ways of being reasonably satisfied with the client’s identity.
94. Where an account is to be terminated due to a lack of CDD the MLRO should be consulted as to the appropriate way to return the funds.
95. If you suspect that any documents have been falsified or are fraudulent you must notify the MLRO immediately.
96. The term customer is not defined by the Money Laundering Regulations but, in general, will be the party with whom the business relationship would be established. If in doubt as to who should be identified as the customer, please seek guidance from the Compliance Officer or MLRO.
97. Where there is a party purporting to act on behalf of the Customer, the Money Laundering Regulations require that the party’s identity be verified. If in doubt as to how to meet this requirement, please seek guidance from the Compliance Officer or MLRO.
98. The Money Laundering Regulations require that anyone owning or controlling 25% or more of a legal entity is identified and that their identity be verified in line with the firm’s risk-based approach.
99. Also, where the actual beneficiary is an individual who, regardless of the size of the share of ownership, makes important decisions regarding the company (for example, on the basis of a shareholder agreement), their identity should be verified in line with the firm’s risk-based approach.
100. If a client has already been identified by FZCO, no additional information needs to be obtained in respect of such a client unless the information already available is either out of date; or if the client’s risk profile has changed. This may happen if the firm supplies a different product or service to the client or if FZCO becomes aware of any information that results in a change to the client’s risk profile.
101. If FZCO has any legal duty in a calendar year to contact the client to review their relevant beneficial ownership information, FZCO must apply/reapply CDD on the client.
102. SDD can be applied to certain low-risk entities. Whilst this means there is no requirement to perform checks on the client’s identity or beneficial ownership structure it is necessary to prove that they fall within the SDD exemption. SDD can be applied to:
103. Further detail on the application of SDD to these entities can be found in Chapter 6: Identification Evidence.
104. Under the risk-based approach adopted by FZCO, EDD will need to be conducted on any clients falling into the high-risk category. In addition to these clients, the regulations state specific instances where EDD must be applied. These are:
105. Specific guidance on the application of enhanced due diligence is contained in Chapter 6: Identification Evidence.
106. FZCO will use a standard form to open new client accounts.
107. While we will use our standard account opening procedure to verify the identity of our clients whenever possible; it may be the case that a client cannot provide standard information, or there are other factors that may influence the client’s risk profile. FZCO ’s procedure cannot accommodate every eventuality and in some cases the Compliance
Officers/MLRO will need to exercise their judgment. This may justify a deviation from the firm’s standard client opening procedure. All such exceptions must be agreed upon and documented by the Compliance Officer or MLRO in accordance with FZCO ’s risk-based approach.
108. When identifying a client that acts on behalf of underlying customers AND is either of
the following:
109. FZCO will not need to identify the underlying customers, even if their identity is disclosed to us unless we take instruction directly from the underlying customers.
110. In all other cases, FZCO will obtain identification and verification evidence in respect of both an intermediary and an underlying customer in accordance with our risk-based approach.
111. When the client is located in a Non-Comparable Jurisdiction, unless FZCO is satisfied that the client acting as an agent operates client identification procedures equivalent to UAE standards, the underlying customers must be identified or the business declined.
112. When the client is unregulated and located in a Comparable Jurisdiction, unless FZCO is satisfied that the client acting as an agent operates client identification procedures equivalent to UAE standards, the underlying customers must be identified, or the business declined.
113. FZCO may act solely as an introducer between the client and the firm providing a product or service (“Provider Firm”). FZCO will play no part in the actual transaction and have no other relationship with either of the parties.
114. In such cases, the identification and verification obligations will lie with the Provider Firm, and not with FZCO, provided that:
115. The level of documentation required for each client will vary depending on the risk category of a particular client.
116. It is a criminal offense to make funds or financial services available to sanctioned entities and people (targets) on the list maintained by the Supreme Council for National Security (Supreme Council ). This would include dealing directly with these targets and dealing with these targets through intermediaries (such as lawyers or accountants).
117. Please contact the MLRO for the Sanctions List (https://www.uaeiec.gov.ae/en-us/un-page).
118. Generally, when identifying a client, a document issued by a government department or agency, or by a court will provide a high level of confidence. FZCO will normally accept non-government-issued documentary evidence verifying identity only if it originates from a public sector body or a regulated financial services firm in a comparable jurisdiction, or is supplemented by the knowledge that FZCO has of the person or entity, which has been documented (please refer to Section B2 box 7 in the NAO Form in Appendix 3).
119. No home visits will be permitted.
120. If documents are in a foreign language, FZCO will take appropriate steps to be reasonably satisfied that the documents do in fact provide evidence of the client’s identity. This is likely to involve the translation of either all or part of a document.
121. FZCO will rely on electronic identification evidence. As we choose to rely on electronic evidence only, we must use data from multiple sources, and across time, or incorporate qualitative checks that assess the strength of the information supplied. We cannot rely exclusively on electronic systems that access data from a single source only
(e.g. a single check against the Electoral Roll). For further information on the use of electronic evidence please consult the Compliance Officer or MLRO.
122. We will not be operating with any requirement to obtain certified copies of identification documents.
123. FZCO understands that although the information on the websites of its clients or potential clients may be helpful, it is not independently verified. While FZCO may use such information as corroborative evidence, it will not exclusively rely on it; an exception can be made by the Compliance Officer/MLRO for low-risk clients.
124. Listed and some unlisted public companies are subject to a high level of disclosure in relation to ownership and business activities; and may have public filing obligations. Private companies and some partnerships, although not subject to such a level of disclosure, often have public filing obligations. Whenever possible and appropriate, FZCO will seek to use reliable public information in its identification process.
125. On some occasions, and where appropriate, FZCO may be provided with a list of those authorized to give instructions for the movement of funds or assets, along with an appropriate instrument authorizing one or more directors (or equivalent) to give FZCO such instructions. FZCO will use this information in determining whom to identify, using its risk-based approach.
126. Given FZCO ’s business model, it is unlikely we would not meet our clients face to face.
127. Given our business and the type of service we provide, it is unlikely that clients accepted in such a manner will deliberately avoid face-to-face contact. Therefore, a non-face-to-face business will not in itself magnify a money laundering risk posed by a particular client. However, non-face-to-face identification carries an inherent risk of impersonation fraud. To address this risk FZCO will perform at least one additional verification check for non-face-to-face clients, such as:
128. If it appears that another person may have control over the funds which form or otherwise relate to the relationship with our client, we will seek to identify the controller as well as the client, if and when justified by risk.
129. Documents evidencing each item declared on SOW are a requirement under the EU 4th Directive on Money Laundering.
130. Each declaration on the SOW or assets owned by the customer must be evidenced by documentation and should be independently verified. A verifiable Chartered Accountant’s letter would be acceptable, ideally categorizing the cash, property, shareholdings and
131. Should the bank decide to take a reduced-risk approach on some PEP customers SOW is required with evidence supporting the wealth taken from publicly available information, transaction records (statements), and searches.
132. domestic PEPs should be initially treated as PEP and when the MLRO or delegated officer is satisfied that there is no other involvement or concern, they can be risk assessed and treated with a lower level of due diligence if appropriate. This de-risking should be recorded in line with the PEP recording process.
133. Income from Employment
134. Property Sale
135. Sale of Investments
136. Inheritance
137. The beneficiary of the Life Insurance policy
138. Company Sale
139. Divorce Settlement
140. Savings
141. Lottery / Gambling win
142. Companies
143. FZCO must ensure that controllers and Ultimate Beneficial Owners (UBO) of entities are identified and verified.
144. Appropriate identification, verification, and due diligence must be completed. Where required we should take sufficient measures to reach a good understanding of the underlying structure and ownership by considering information such as:
145. The standards for identification and verification set out earlier in this Policy must be used to verify and identify controllers or UBOs.
146. Passport copies should be clear and of good quality.
147. Clients should be discouraged from sending original valuable documents by post.
148. Consideration should be given as to whether the documents relied upon may have been forged.
149. The purpose of this section of the manual is to provide detailed guidelines to staff in respect of obtaining account opening documentation. The information below covers the types of legal entities that are likely to be clients of FZCO. However, due to the diversity of legal structures in place, it is not possible to cover all possible scenarios below. If a potential new client does not appear to fit into any of the categories detailed below you should seek guidance from the MLRO as to the most appropriate type of documentation to obtain.
150. Refusal by the customer to provide information or documents required for due diligence measures is deemed a fundamental breach of the contract and should be reported to the MLRO immediately.
151. There are five parts to Customer Due Diligence, this chapter covers the first three parts listed below:
6.1.1 Regulated Financial Institutions
152. Where the new client is a regulated financial institution in UAE, EU, FATF, or comparable jurisdiction there is no requirement to perform identity or verification checks. It is however a requirement that FZCO has reasonable grounds for believing the customer is an institution covered by SDD.
153. Therefore, when dealing with regulated firms FZCO will obtain the following information:
154. The list of regulators provided in Appendix 5 will assist FZCO in identifying such clients.
6.1.2 UAE Public Authorities and Community Institutions
155. In respect of UAE public authorities and community institutions, FZCO may apply SDD.
156. Therefore, when dealing with a UAEpublic authority or community institution FZCO will obtain the following information:
6.1.3 Companies listed on an EU-regulated market or equivalent exchange
157. Companies listed on an EU-regulated market or equivalent exchange are publicly owned and accountable.
158. For all such customers, FZCO will obtain the evidence of address as well as reliable evidence that the client is either of the following:
159. Whilst the SDD standards are lower for the types of clients mentioned above it does not negate the need to obtain and verify further information if the risk assessment of the new clients suggests this may be appropriate.
160. If a regulated market is located within the EEA there is no requirement to undertake checks on the market itself. FZCO will, however, record the steps it has taken to ascertain the status of the market. If the market is outside the EEA but is one which subjects companies whose securities are admitted to trading to disclosure obligations which are
contained in international standards and are equivalent to the specified disclosure obligation in the EU, similar treatment is permitted.
6.1.4 Companies subject to the licensing and prudential regime of a statutory regulator in the EU
161. This would include companies that are subject to regulators such as OFWAT OFGEM or OFCOM or an EU equivalent e.g. power and telecommunications companies.
6.1.5 Members of recognized professional bodies
162. This will include legal and accountancy firms in the UAE that are members of a recognized professional body. FZCO will obtain appropriate evidence that the firm is a member of the recognized professional body and this will be held on file.
6.2.1 Unregulated Private Companies and Limited Partnerships
163. FZCO, when identifying a company or limited partnership will seek to understand its legal form, ownership structure, and business. The amount of information that we will seek to obtain will depend on the money laundering risk posed by a particular company. Money Laundering Risk is discussed in Chapter 4.
164. Different information requirements in relation to different types of entities are detailed below. For all such clients FZCO as a matter of course will seek to obtain the following Standard Information; that is information required for all clients. Additional information will need to be obtained in relation to Medium and High-Risk clients.
6.2.2 Standard Information for Medium-Risk Clients
165. FZCO will obtain the following standard information in respect of each corporate client. The extent of verification of this information will depend on the risk posed by a particular client. When verifying the identity of a client in accordance with a risk-based approach, we will take into account the below-mentioned examples of documentation that can be used for such verification.
166. Wherever possible this information must be obtained from an independent source such as Companies House or from a reputable business information provider. Further detail of the standard of evidence is given in Chapter 5.
167. Where any discrepancies are identified between a client’s beneficial ownership information available at the Registrar of Companies (ROC) and the information FZCO obtains through our own compliance checks, we are required to report the discrepancies to the MLRO.
168. The identity of beneficial owners owning 25% or more of the company and the identity of at least one director must be verified in line with the requirements for private individuals.
6.2.3 Limited Partnerships which are Medium Risk Clients
169. Limited Partnerships are treated in the same way as a private company the only difference being a list of partners will be obtained in place of the lists of directors and beneficial owners.
170. The identity of the partners or other beneficial owners with a beneficial interest of 25% or more of the partnership, including the General Partner/Managing Partner, must be verified in line with the requirements for private individuals.
171. If the General Partner/Managing Partner is a corporate entity, the identity of the ultimate beneficial owner of that corporate entity must be verified.
6.2.4 High-Risk Clients
172. In relation to High-risk clients, we will obtain at least the following information, added to both the standard information for Medium risk clients (save for overlapping requirements), or both:
6.11 Politically Exposed Persons.
173. For an entity, we will also obtain the following information:
6.2.5 High-risk third countries
174. For clients residing in or nationals of high-risk third countries, Enhanced Due Diligence measures must be applied:
175. The current list of high-risk third countries as defined by the European Commission lists the following 25 countries in 2022:
An up-to-date list can be found in High-risk third countries and the International context content of anti-money laundering and countering the financing of terrorism (Europa.eu)
6.2.5 Legal and accountancy firms
176. Firms that are members of a recognized professional body (accountants and lawyers) will often be set up as limited companies or partnerships. As they will be classified as low risk from a money laundering perspective FZCO has decided that there is no need to obtain the various documents that would apply to a private company or partnership that was not a member of a recognized professional body (Medium Risk Clients).
177. FZCO will treat partnerships and other unincorporated businesses in accordance with the requirements and guidelines set out above for private companies (as noted earlier this will not apply to partnerships that are members of a recognized professional body).
The standard information for all such businesses will consist of:
178. The identity of the partners or other beneficial owners with a beneficial interest of 25% or more of the partnership must be verified in line with the requirements for private individuals.
179. If any of the partners is a corporate entity, the identity of the ultimate beneficial owner of that corporate entity must be verified in accordance with the requirements for individuals.
180. When accepting a new client that is a government body or public authority in a country other than UAE, the approach to identification and verification has to be tailored. The guidance below should be sufficient to identify and verify most organizations but in the case of any doubt please seek advice from the MLRO.
181. The following information should be obtained:
182. The firm will verify the name, address and where possible the home state authority.
183. For higher-risk organizations, the firm will undertake verification of the identity of two directors.
184. It is unlikely that our client base will include trusts. However, we do not rule out the possibility that we may be dealing with a trust. FZCO will treat trusts in accordance with its risk-based approach. In relation to trusts, we will have regard to the following considerations, as well as the general considerations outlined above in implementing our risk-based approach:
185. In many cases, a trust will not be a separate legal entity but should still be regarded as the customer. The trustees of a trust will be considered the controllers. The purpose and objects of most trusts are set out in a trust deed. Please consult the Compliance Officer or MLRO if you are unsure as to who your client is.
186. Most trusts accepted as clients of FZCO will fall into the Medium risk category. If the trustees of a trust are all regulated entities or publicly listed companies it may be possible to consider them Low risk if there is nothing to suggest they should be treated otherwise.
For each trust, we will seek to obtain the following information:
187. If the client is to be a low risk then it will be necessary to demonstrate that all trustees (i.e. controllers) are either regulated institutions or listed companies.
188. Trusts set up under testamentary arrangements and small, local trusts funded by small, individual donations from local communities, serving local needs, will be classified as Medium risk.
189. In addition to verifying information in accordance with procedures for Low-risk clients, we will obtain the following information:
190. Offshore trusts and trusts with complex structures will be classified as High risk. In respect of High-risk trusts FZCO will seek to obtain and, where appropriate, verify some or all the following additional information in addition to the information required for Low and Medium risk clients:
191. The following information must be obtained for all UAE and non-UAE registered charities – prior to opening the account:
192. For all trusts, the identity of the beneficial owners will need to be verified. These will be:
193. Following our assessment of the money laundering risk presented by the trust, we may decide to verify the identities of additional trustees, and/or of the settlors.
194. In cases where FZCO needs to identify a private individual, it will always seek to obtain the following information:
195. In verifying the individual’s identity, we will obtain:
196. EITHER: A government-issued document that incorporates the client’s full name and photograph AND either their residential address or their date of birth
197. OR: A government-issued document (without a photograph) that incorporates the client’s full name. This must be SUPPORTED BY a second document, either government-issued, or issued by a judicial authority, a public sector body or authority, or another UAE-regulated firm in the AUE financial services sector, or in a comparable jurisdiction, which incorporates the client’s full name AND either their residential address or their date of birth
198. Client identification performed electronically should mirror the above requirements.
199. In the case of private individuals that have not been met by the firm an additional piece of acceptable documentation must be obtained.
200. Please refer to Appendix 4 for a non-exhaustive list of acceptable documents for individual identity verification.
201. If the client has been deemed to be of higher risk, then the following applies:
6.10.1 Verifying the Identity of Higher Risk Individuals
202. Full name, date, and place of birth must be verified using:
203. EITHER a current passport (to include the photograph page and pages containing reference numbers, date country of issue, nationality, and place of birth)
204. OR a national identity card (to include the photograph page and pages containing
reference numbers, date country of issue, nationality, and place of birth).
6.10.2 Verifying the address of higher risk individuals
205. At least one of the following original documentary evidence confirming the individual’s current residential address is required for all relationships classified as medium or high risk.
206. (The documents are listed in order of preference – Not all documents are appropriate in some countries):
207. If an individual has lived at their current residential address for less than 12 months FZCO will require a document that confirms the individual’s previous residential address. Please note – a C/O address or PO Box is not acceptable.
208. It is necessary for enhanced due diligence (“EDD”) to be conducted when a client is a PEP or where one or more of the directors or beneficiary owners of a client is a PEP.
209. A PEP is defined as an individual who has, at any time in the preceding year, been entrusted with prominent public functions and an immediate family member or known close associate of such a person. The risks of Politically Exposed Persons (PEPs) are that they may handle proceeds of corruption and/or may offer, be offered, or expect/demand bribes. A prominent public function could include, but is not limited to:
210. There is no initial distinction between the locations of a PEP and the Money Laundering Directives identify domestic PEPs to be treated as PEP.
211. Politically Exposed Persons, and family members or known close associates of PEPs, are individuals who by virtue of their position pose an inherently higher money laundering risk, particularly if they are based in a higher-risk country or business. Money Laundering Regulations require us to monitor all PEP relationships due to the likelihood
that they will pose a higher risk.
212. When taking on new customers and updating existing customer Identification and Due Diligence, we must screen customers against publicly available PEP lists in order to determine if they are politically exposed.
213. In respect of PEPs FZCO must have
214. The Foreign Account Tax Compliance Act (FATCA) is a 2010 United States federal law to enforce the requirement for United States persons including those living outside the U.S. to file yearly reports on their non-U.S. financial accounts to the Financial Crimes Enforcement Network (FinCEN).
215. GIIN is an abbreviation of the Global Intermediary Identification Number. The FATCA Registration System approves foreign financial institutions (FFI), financial institution (FI) branches, direct reporting non-financial foreign entities (NFFE), sponsoring entities, sponsored entities, and sponsored subsidiary branches. Institutions and entities assigned a GIIN can use it to identify themselves to withholding agents and tax administrators for FATCA reporting purposes.
216. If an individual’s account holds any of the following seven criteria, we may need to request further information or documentation to determine if the customer is a US person under FATCA.
217. Passport copies should be clear and of good quality.
218. from sending original valuable documents by post.
219. Consideration should be given as to whether the documents relied upon may have been forged or altered in any way.
220. FZCO may accept a confirmation from an intermediary that a client’s identity has been appropriately verified. We will take account of the following considerations when deciding whether it is reasonable for us to rely on an intermediary to have properly identified the client:
7.1.1 Reliance on Third Parties
221. Where the business relies on a third party for compliance with this policy or additional applicable AML requirements, the MLRO must ensure that such reliance is permissible under law and consistent with this policy, and reasonable under the circumstances.
222. When a relevant person relies on a third party to apply customer due diligence measures it:
7.1.2 Regulated Financial Sector Firms
223. Provided the introducer satisfies the general criteria above, FZCO will normally be able to rely on an Introduction Certificate from a UAEregulated firm or regulated financial institution in a comparable jurisdiction.
224. An Introduction Certificate states that one regulated entity has conducted appropriate checks to satisfy money laundering requirements for a client. It can be forwarded to another regulated entity and can be relied upon to satisfy money laundering requirements by the entity receiving the Certificate.
7.1.3 Professional Firms
225. FZCO will not accept Introduction Certificates from lawyers, accountants, and other professionals but may rely on the copies of verification documentation supplied by a professional firm to us if these have been assessed by FZCO as satisfactory.
7.1.4 Firms in Non-Comparable Jurisdictions
226. If the introducing firm is located in a non-comparable jurisdiction, FZCO will either:
227. When a client is introduced by one part of a financial sector group to another, it is not necessary for their identity to be re-verified, provided that:
228. It is the responsibility of the UAE firm to satisfy itself that the standards of identification are acceptable.
229. Any Introducer must be able to supply copies of the client’s due diligence documents to FZCO on request. The documentation should be provided within 48 hours unless an extended timeframe is agreed upon between both parties.
230. If at any time you become concerned that an introducer is not obtaining sufficient information on clients and or is unable to provide copies of documents on request, then this matter must be referred to the MLRO.
8.1.1 Obligation to Report
231. Every member of FZCO ’s staff is required to make a formal report to the MLRO if, in the course of their employment, they know, suspect, or have reasonable grounds for either knowing or suspecting money laundering or terrorist financing. Reporting in accordance with this requirement will not result in a breach of the General Data Protection Act, confidentiality, or any other contractual or statutory provisions.
232. Remember that a duty to report a suspicion of money laundering exists even if a potential client does not conduct any business through FZCO, or if we decline the business. The obligation to report is in respect of anyone, whether the firm’s client or not. This is different from the obligation to report fraud that applies to FZCO ’s actual, and not potential, clients only.
8.1.2 Objective Test
233. It is important to understand that a person could be found guilty of a failure to report even if they did not actually suspect but ought to have suspected money laundering. The test is whether an honest and reasonable person, working within the financial services industry, would have formed a suspicion based on the facts available at the time.
Generally, to satisfy this test you would have to know your client, their business, and the rationale for their instruction, activity, or transaction. A failure to make adequate inquiries or assess relevant facts will not provide protection against the objective test of reasonable suspicion.
234. A suspicious activity or transaction will often be:
235. Reasonable grounds to know or suspect is a negligence test as a deterrent against those in banks and other financial sector banks who fail to act competently, reasonably, and honestly where information before them ought to make them suspect money laundering. It may therefore be considered to cover:
8.1.3 Timing of Reporting
236. The obligation is to make a report without undue delay and not later than two business days after the identification of the suspicious activity or transaction.
8.1.4 Discharge of Individual Responsibility
237. By submitting a report to the MLRO you will discharge your individual responsibility, thus protecting yourself from criminal prosecution for the offense of a failure to disclose. Therefore, when reporting a suspicion, you will receive a formal written acknowledgment from the MLRO. Please retain it for your own records.
8.1.5 Consultation with a Colleague or Line Manager
238. It is acceptable to discuss your suspicion with your line manager. However, if after consulting your line manager you remain suspicious, it is your responsibility to ensure that a report is submitted to the MLRO.
239. While a line manager may comment on the proposed report, they do not have the authority to block or attempt to block any report being made to the MLRO. Should you encounter an attempt to prevent a report from being made, you should discuss this with the MLRO directly.
240. In addition, if you consult a colleague, this colleague will have knowledge on the basis of which they must consider whether or not to make a report to the MLRO. To avoid making duplicate reports, the colleague, if suspicious, should only report if they are reasonably satisfied that the employee will not make such a report.
241. To reduce the risk of inadvertently tipping off a client the case should be discussed with as few people as possible.
8.1.6 Continuous Obligation to Report
242. Making a report does not remove the need to notify the MLRO of further suspicions that may arise with the same or different client. If further suspicions arise additional reports must be made to the MLRO.
8.1.7 After Submission of a Report
243. Until the MLRO informs you that no report to FIU is to be made, any further transactions or activity in respect of the suspected client must be reported to the MLRO as soon as they arise.
8.1.8 MLRO’s Determination
244. The MLRO will consider the report and surrounding circumstances and decide whether or not to submit an external report to FIU. If the MLRO decides to do so, they must do this as soon as practicable.
245. In order to undertake this investigation, the MLRO may need further information or access to client files. The MLRO must be given free access to all client records. If further information needs to be obtained from the client or from an intermediary, then this should normally be obtained by the employee with the client relationship. This is to
minimize the risk of alerting the client or intermediary that a disclosure of FIU is being considered.
246. The MLRO will record all internal inquiries made in relation to the report of suspicion and the basis for their decision to make or not to make a report to FIU.
247. A failure to make a report when there are reasonable grounds for suspicion may constitute assistance, potentially incriminating you as a party to a crime.
248. If disclosure to the MLRO causes them to acquire knowledge or suspicion of money laundering (or gives them reasonable grounds for such knowledge or suspicion) and the MLRO fails to make a report to FIU, then they will be committing the offense of a failure to disclose.
8.1.9 Pre-Transaction Reporting to FIU
249. If a pre-transaction report is made by the MLRO to FIU, no business may be conducted with or for a client until you receive consent from FIU. FIU has 7 working days, from the working day following the day of the disclosure, in which to respond to the MLRO. Dealing with or advising a client before receiving consent from FIU may constitute one of the offenses, that is concealing, arrangements or acquisition, use, and possession.
250. Note there are no provisions under the Terrorism Act for consent to be given within a specified period. If a report is made to the FIU under this Act no related transaction or activity is allowed to proceed until FZCO has been contacted by FIU or a law enforcement agency.
251. The MLRO will inform you whether FIU consents to you dealing with the client or not. Please liaise directly with the MLRO who will provide guidance on what information may be provided to a client or potential client.
8.1.10 Post-Transaction Reporting to FIU
252. Since FIU cannot provide consent after a transaction or activity has already occurred, it will provide an acknowledgment of receipt of a report to the MLRO. In the absence of an indication to the contrary from the MLRO, you may deal with the client as normal.
However, you must inform the MLRO of every interaction with the client and seek guidance on how to deal with that client.
8.1.11 Contact with Client and Third Parties
253. Any contact from the client questioning the delay in processing their transaction needs to be handled very carefully. In these circumstances, please liaise closely with the MLRO.
254. Whether or not FIU allows you to proceed with a transaction, you may not tip off the client that a disclosure to the authorities has been made. Neither may you disclose that such a disclosure has been made in response to a data protection request.
255. Unless specifically authorized to do so, you must not discuss any reports of suspicions of money laundering with third parties. Any requests for information from third parties, such as the Police or Customs, must be immediately referred to the MLRO.
8.1.12 Court Orders
256. Any evidence to be presented in Court will be obtained under a court order. The following are the types of orders that may be served on FZCO as part of an investigation.
8.1.13 Failure to Make a Report
257. FZCO will take disciplinary action against any member of staff who fails to report a suspicion without a reasonable excuse.
8.1.14 Form of Reporting
258. Please make your report to the MLRO on the Suspicious Transaction Reporting Form (Money Laundering) attached as Appendix 1. Please give as much information on this form as possible to assist the MLRO.
259. Below is a list of activities that may give rise to a suspicion of money laundering or terrorist financing. This is not an exhaustive list of circumstances; neither will they necessarily give rise to suspicion. However, any of these occurrences are likely to form a basis for further inquiry in most cases. It will be ultimately a matter of your own
consideration to decide whether or not to report a suspicion.
260. FZCO’s policy is not to maintain relationships if the firm believes we may be used for money laundering. Where a client has been involved in a suspicious transaction, the MLRO, together with the senior management, makes a decision regarding the ongoing relationship with that client. If we decide to continue a client relationship, we may implement increased monitoring of the client’s account.
261. Where a client has been the subject of a referral to FIU by the MLRO, the MLRO must be informed before any action is taken to exit the relationship. In such circumstances, the MLRO will consult FIU to obtain permission to terminate the client relationship.
262. Occasionally SAR will be received in respect of a client where an internal or external suspicious transaction report has been made. Whilst the General Data Protection Regulations (“GDPR”) seeks to ensure all information is included in any response to a SAR request; it does allow to the omission of information that may prejudice the prevention or detection of crime. Any such request will need to be handled sensitively and will require the MLRO to liaise with FIU as well as their legal advisers when deciding whether to omit any information. Any decision in respect of any exemption must be clearly documented.
263. Article 5 (e) of the GDPR states personal data shall be kept for no longer than is necessary for the purposes for which it is being processed.
264. For Money Laundering purposes, records of all internal and external reports together with any supporting documentation must be retained for 5 years from the date of the report. If, however, the firm is aware of an ongoing investigation in relation to any report it must be retained until the relevant agency has confirmed that the case is now closed.
265. For the purpose of this manual “Awareness” refers to actions taken by FZCO to ensure that on an ongoing basis, personnel is informed of money laundering and associated risks as well as their individual and collective responsibilities.
266. “Training” refers to a more specific process whereby staff is educated on specific areas, their attendance is recorded, and understanding is measured.
267. FZCO has a legal responsibility to ensure that person receives appropriate anti-money laundering training. Failure to provide training may constitute a criminal offense.
268. It is our policy to ensure that all employees are aware and kept up to date with money laundering developments. This Policy serves as the basis for awareness within FZCO. It will be supplemented with additional material as and when necessary.
269. At the start of their employment, every employee must be given a copy of this Handbook and must sign an Anti-Money Laundering Policy Declaration attached as Appendix 6 to confirm that they have read and understood the provisions of this Handbook.
270. FZCO provides training to relevant staff upon recruitment and on an annual basis. The definition of “relevant staff” is set as widely as possible to encompass all employees who may be able to identify suspicious transactions during the course of their work. The requirement to train relevant staff is also applicable to any part-time, temporary, or consulting staff.
271. Anti-money laundering training will, as a minimum, comprise the following issues:
272. Attendance or completion of anti-money laundering training is mandatory for all relevant personnel. If you are unable to attend on a scheduled training date you should contact the course organizer or provider as soon as possible to arrange an alternative date. Repeated failures to attend training courses may result in disciplinary action.
273. If, after attending a training course, you feel that you would benefit from further clarification on certain subjects; please contact the MLRO.
274. FZCO will conduct initial and periodic screening of relevant staff. Relevant staff includes compliance staff, employees in the front office, those who introduce the business, and those who engage with clients.
275. The initial and annual screening will include an assessment of the individual’s skills, knowledge, and expertise in order to ascertain whether they are capable of carrying out their functions effectively, as well as conducting an assessment of the conduct and integrity of the individual.
276. FZCO will retain the records of all materials issued to its personnel in relation to anti-money laundering, counter-terrorism, and sanctions training and awareness for at least 5 years from the date of issue of materials.
277. These records will include the names of attendees, dates of all training sessions, the content of courses and presentations, and, where applicable, test results. All staff will be required to sign the Register of Attendees attached as Appendix 2 confirming that they have received training and understood their legal responsibilities.
278. FZCO will retain the records in relation to the screening of staff for at least 5 years from the date of issue of material.
279. Due to FZCO ’s size and nature of its business, the firm, in monitoring clients’ activities, places reliance on two main factors:
280. We ensure that the information we keep about our clients is up-to-date through regularly performing client reviews. The frequency of such reviews is determined by the client’s risk category. Apart from the transaction monitoring on each account, we review our clients with the following frequency:
281. The purpose of these reviews is to identify any significant changes to the corporate structure, management, and activities of the client. Unless the MLRO resolves otherwise, it is not always necessary to obtain all the information required for account opening or to re-verify all identification information. These reviews are coordinated by the MLRO. In addition to reviewing changes to the client’s structure, management and profile an overall review of the client’s activity over the period is normally conducted. This will allow FZCO to assess if there have been changes in the client’s activity which could be considered unusual given the information held about the client.
282. Notwithstanding these timescales, should any member of staff become aware of a change in the circumstances of a client, for example, a change of ownership structure or a move into a new business area, this information should be recorded on the client file immediately. If this information could affect the risk assessment of the client then the
MLRO should be informed. The MLRO will then decide if there is a need to re-evaluate the client’s risk assessment.
283. We consider that a combination of anti-money laundering training and commercial awareness will enable our staff to monitor for, recognize and report suspicious activities.
284. We will seek to understand the rationale for the client undertaking a particular transaction or activity. When identifying unusual or potentially suspicious activity our staff will use their knowledge of the client and of what would be normal in a given set of circumstances.
285. In general terms, all members of staff should have regard to the following considerations when monitoring client accounts, as well as factors detailed in other chapters of this Policy:
286. However, FZCO recognizes that while staff training is important, it is not a comprehensive substitute for transaction monitoring. Therefore, on a quarterly basis, FZCO will formally review all transactions undertaken each quarter to ensure that no money laundering has been facilitated or taken place.
287. Please refer to the Post-Transaction Review Form contained in Appendix 7 of this Handbook.
288. Evidence of all monitoring undertaken by FZCO will be retained for a period of at least 5 years from the date of the review.
289. This chapter provides guidance on the record-keeping procedures that FZCO needs to meet its obligations in respect of the prevention of money laundering and terrorist financing.
290. Keeping adequate records will ensure that FZCO can:
291. The following material must be kept:
292. Keeping the required records for the specified time period will not result in FZCO breaching the Personal Data Protection Law (Federal Decree-Law No. 45 of 2021 Regarding the Protection of Personal Data). This information will be made available to the competent authorities in the context of any relevant criminal investigations and prosecutions.
293. Client identification records must be kept for a period of at least 5 years from the date of the end of a client relationship. That is either the date of the last transaction with the client or the closure of the client’s account, whichever is the latest.
294. The revised FATF Recommendations demonstrate that, in order to be able to cooperate fully and comply swiftly with information requests from competent authorities for the purposes of the prevention, detection, or investigation of money laundering and terrorist financing, obliged entities should maintain, for at least five years, the necessary information obtained through customer due diligence measures and the records on transactions.
295. In order to avoid different approaches and in order to fulfill the requirements relating to the protection of personal data and legal certainty, the retention period should be fixed at five years after the end of a business relationship or of an occasional transaction.
However, if necessary for the purposes of prevention, detection, or investigation of money laundering and terrorist financing, and after carrying out an assessment of the necessity and proportionality, Member States should be able to allow or require the further retention of records for a period not exceeding an additional five years, without prejudice to the national criminal law on evidence applicable to ongoing criminal investigations and legal proceedings.
296. Transaction records must be kept for a period of at least 5 years from the date of the transaction. They should be maintained in a form that provides a satisfactory audit trail of all transactions effected via FZCO allowing their reconstruction.
297. It is FZCO’s responsibility to ensure the third party complies with the record-keeping obligations. This principle applies to the use of third-party service providers such as introducers or administrators.
298. We will retain the following records of any reports of suspicions of money laundering regardless of whether the MLRO made a report to FIU. These records will consist of:
299. These records will be retained for 5 years from the date the report is made. However, if FZCO is aware that either FIU or another law enforcement agency is investigating a client, FZCO will retain all records in relation to that client until the agency confirms that the case is closed. If, within 5 years of a disclosure being made, FZCO has not been advised of an ongoing investigation, it may destroy the records.
300. We will retain the following records for at least 5 years in relation to Anti-Money Laundering (“AML”) training:
301. The following records are retained for at least 5 years in relation to compliance monitoring:
302. Where a business has been refused because it does not meet our client identification, verification and KYC standards, a record of the refusal will be retained for 5 years.
303. All electronic payment messages should contain sufficient information to identify the parties involved (i.e. both the party making the payment and the beneficiary). This information should include full names, addresses and account numbers. Where this information cannot be provided in the electronic payment message, full records must be retained.
304. FZCO aims to reduce the volume and density of records. While still complying with the statutory requirements we may choose to keep records:
305. FZCO may keep records either offsite or outside UAE but will remain responsible for ensuring that all required records can be made available without undue delay and meet the UAE regulatory requirements. FZCO will ensure that all records, however, kept, are capable of being retrieved within 48 hours. FZCO will, whenever possible, seek to retain all records on the business premises.
306. Where a firm fails to observe the record-keeping requirements either the firm or relevant person(s) or both are open to prosecution.
Please, read the information about CFPS Fees and Limits on the Fees page.
