Cabinet Resolution No. (24) of 2022 Amending some provisions of Cabinet Resolution No. (10) of 2019 On the Executive Regulations of Federal Decree-Law No. (20) of 2018 on Combating Money Laundering and the Financing of Terrorism and Illegal Organizations
The Cabinet:
- Having perused the Constitution,
- Federal Law no. (1) of 1972 on Competencies of the Ministries and Powers of the Ministers and its amendments,
- Federal Decree-law No. (20) of 2018, on Combating Money Laundering and the Financing of Terrorism and Illegal Organizations
- Cabinet Resolution No. (10) of 2019 on the Executive Regulations of Federal Decree-Law No. (20) of 2018 on Combating Money Laundering and the Financing of Terrorism and Illegal Organizations.
- And based on the proposal made by the Minister of Finance and the approval of the Cabinet,
Has promulgated the following Resolution:
Clause I
To replace the wording of the articles no (1), (2), (4), (8), (9), (10), (11), (15), (17), (18), (19), (21), (22 ), (24), (27), (31), (37), (42), (44), (51), (52) and (57) of the aforementioned Cabinet Resolution No. (10) of 2019, to be as follows:
Article no. (1):
In application of the provisions of this Resolution, the following terms and expressions shall have the following meanings assigned to them unless the context requires otherwise:
State: United Arab Emirates
Minister: Minister of Finance
Central Bank: Central Bank of the United Arab Emirates
Governor: Governor of the Central Bank
Committee: National Committee for Combating Money Laundering and the Financing of Terrorism and Illegal Organizations
Unit: Financial Intelligence Unit.
Supervisory Authority: Federal and local authorities entrusted by legislation to supervise the Financial Institutions, the designated non-financial businesses professions, Virtual Asset Service Providers and non-profit organizations or the competent authority in charge of approving the exercise of an activity or a profession if the legislation does not specify the relevant regulatory authority
Law-enforcement Authorities: Federal and local authorities entrusted under applicable legislation to conduct combat, search, investigate and collect evidences on crimes including AML/CFT crimes and financing illegal organizations.
Competent Authorities: Concerned government authorities that are in charge of implementing any provision of the Decree Law in the State.
Predicate Offence: Any act constituting a felony or misdemeanor under the applicable legislation of the State, whether committed inside or outside the State, when such act is punishable in both countries.
Money Laundering: Any of the acts mentioned in Clause (1) of Article (2) of the Decree-Law.
Financing of Terrorism: Any of the acts mentioned in Articles nos. (29 and 30) of Federal Law no. (7) of 2014 on Combating Terrorism Offences.
Illegal Organizations: Organizations whose establishment is criminalized, or which exercise a criminalized activity.
Financing Illegal Organizations: Any physical or legal action aiming at providing funding to an illegal organization, or any of its activities or its members.
Crime: Money laundering crime and related predicate offences, or financing of terrorism or illegal organizations.
Funds: Assets, regardless of the manner in which they are earned, their type or their form, whether tangible or intangible, movable or immovable, electronic, digital or encrypted, including national and foreign currencies, legal documents and instruments of whatever form, including electronic or digital forms that prove the ownership of these assets, shares or related rights and economic resources that are assets of any kind, including natural resources. As well as bank credits, cheques, payment orders, shares, securities, bonds, bills of exchange, letters of credit, and any interest, dividends or other incomes derived or resulting from these assets, and can be used to obtain any financing or goods or services.
Virtual Assets: A digital representation of the value that can be digitally traded or transferred, and can be used for payment or investment purposes, and do not include digital representations of fiat currencies, securities, or other funds.
Proceeds: Funds generated directly or indirectly from the commitment of any felony or misdemeanor including profits, benefits, and economic interests, or any similar funds converted wholly or partly into other funds.
Means: Any means used or intended to be used to commit a felony or misdemeanor.
Suspicious Transactions: Transactions related to funds for which there are reasonable grounds to believe that they are earned from any felony or misdemeanor or related to the financing of terrorism or of illegal organizations, whether committed or attempted.
Freezing or seizure: Temporary attachment over the moving, conversion, transfer, replacement or disposition of funds in any form, by an order issued by a competent authority.
Confiscation: Permanent expropriation of private funds or proceeds or instrumentalities by a judgment issued by a competent court.
Financial Institutions: Whoever conducts one or more of the financial activities or transactions in for or on behalf of a client.
Financial Intermediary: The financial institution that receives and transfers a wire transfer between the financial institution issuing the transfer and the beneficiary financial institution or another financial intermediary.
The beneficiary financial institution: the financial institution that receives a wire transfer from the financial institution issuing the transfer directly or through an financial intermediary institution, and provides the money available to the beneficiary.
Financial activities or operations: any activity or operation or more of what is stipulated in Article no. (2) of this Resolution.
Designated Nonfinancial Businesses and Professions: Whoever conducts one or more of the commercial or professional activities defined in Article no. (3) of this Resolution.
Non-Profit Organizations: Any organized group, of a continuing nature set for a temporary or permanent period, comprising natural or juridical persons or a legal arrangement not seeking profit, that collects, receives or disburses funds for charitable, religious, cultural, educational, social, communal or any other charitable activities.
Legal Arrangement: the relationship established by means of a contract concluded between two or more parties, including but not limited to trust funds or other similar arrangements.
Trust Fund: A legal relationship whereby the trustee places funds under which the trustor places the funds under the control of the trustee for the account of a beneficiary or for particular purpose , and deemed to be Funds independent of the trustee's property. The right of the trustor’s Funds remains in the name of the trustor or in the name of another person on behalf of the trustor.
Trustor: A natural or juridical person who transfers the management of his funds to a trustee under a document.
Trustee: A natural or juridical person enjoying the rights and powers granted to it by the Trustor, under which he manages, uses and disposes of the trustor’s funds in accordance with the terms imposed on him by either of them.
Client: Any person who carries out or attempts to carry out any of the activities specified in Articles nos. (2) and (3) of this Resolution with a Financial Institutions or designated non-financial businesses and professions or Virtual Asset Service Providers
Transaction: Any disposal or use of Funds or proceeds including for example: deposits, withdrawals, transfer, sale, purchase, lending, swap, mortgage, and donation.
Real Beneficiary : The natural person who owns or exercises effective ultimate control, whether directly or indirectly, over a client or the natural person on whose behalf a transaction is being conducted or a person who exercises effective ultimate control over a juridical person or legal arrangement, whether directly or through a chain of ownership, or control or other indirect means.
Virtual Asset Service Providers: Any natural or juridical person, who conducts any activity of commercial business, conducts one or more of the activities of virtual assets for the benefit or on behalf of another natural or legal person in any of the following activities:
1- Exchange between virtual assets and fiat currencies.
2- Exchange between one or more types of virtual assets.
3- Transfer of virtual assets.
4- Saving or managing virtual assets or tools that enable control of virtual assets.
5- Providing financial services or activities related to an issuer’s offer or, selling or participating in virtual assets.
Business relationship: Any ongoing business or financial relationship arising between Financial Institutions or Designated Non-Financial Business or Professions, and their client related to the activities or services they provide thereto.
Correspondent banking relationship: relationship between a correspondent financial institution and a recipient institution through a current account, or any other type of account or any other associated service therewith, including the correspondent relationship arising for securities transactions or money transfer.
Intermediary Payment Accounts: correspondent account used directly by a third party to perform transactions for its account.
Financial Group: A group of Financial Institutions consisting of a holding company or other juridical person that exercises control over the rest of the group and coordinates the functions in order to control at the level of the group and its branches and subsidiaries, in accordance with the international basic principles of financial control and the policies and procedures for AML/CFT.
Fundamental Principles of International Financial Control: Principles of the Basel Committee for Effective Banking Supervision Nos. (1, 2, 3, 5 to 9, 11 to 15, 26 and 29), the Principles of the International Association of Insurance Supervisors (IAIS). (1, 3 to 11, 18, 21 to 23, 25), and the Principles of the International Organization of Securities Commissions (IOSCO) Nos. (24, 28, 29 and 31) and Responsibilities (A, B, C, and D).
Wire Transfer: A financial transaction carried out by a financial institution itself or through an intermediary institution, on behalf of a sender, through which funds are delivered to a beneficiary in another financial institution, whether the sender and the beneficiary are the same person or others.
Fictitious Bank: A bank registered or licensed in a state that has no physical presence therein, does not belong to a regulated and supervised financial group..
Registrar: entity in charge of supervising the register of commercial names for all types of establishments registered in the State.
Due Diligence Measures: The process of identifying or verifying the information of the Client or the real Beneficiary owner, whether a natural, juridical person or a legal arrangement, and the nature of its activity, and the purpose of the business relationship, and the ownership structure, control over it for the purpose of the Decree-Law and this Resolution.
Controlled Delivery: process by which a competent authority allows the entery or transferring of illegal or suspicious funds or crime revenues to and from the State for the purpose of investigating a crime or identifying the identity of its perpetrators.
Undercover Operation: process of search and investigation conducted by one of the judicial officer by impersonating or playing a disguised or false role in order to obtain evidence or information related to the Crime.
High Risk Client: A Client who represents a risk, either in person , or through his activity, business relationship, its nature or his geographical area, such as a Clientclient from high-risk countries, or non-resident in a country for which does not have an identity card, or of a complex structure, or who carries out complex or unclear operations with an economic or legal purpose, or carries out intensive cash transactions, operations with an unknown third party, or conduct operations without direct confrontation, or any other high-risk operations specified by Financial Institutions, Designated Non-Financial Businesses and Professions, or the Regulatory authority.
Politically exposed persons: Natural persons who are or have been entrusted with prominent functions in the State or in any other State, such as heads of State or Government, senior politicians, high-ranking government officials, judicial or military officials, senior executives of State-owned enterprises, senior officials of political parties, and persons who are or have been entrusted with the management or any other prominent function of international organizations. The definition shall include the following:
1- The immediate family members of the politically exposed person, namely spouses, children, their spouses, and parents.
2- Partners known to be close to the Politically Exposed Person, namely:
a- Persons having joint ownership of a juridical person, or legal arrangement or any close business relationship with the politically exposed person.
b- Persons having the exclusive ownership of a single of a juridical person or legal arrangement established for the benefit of the politically exposed person.
Decree-Law: Federal Decree-Law No. (20) of 2018 on Combating Money Laundering and the Financing of Terrorism and Illegal Organizations, and its amendments.
Article no. (2):
The following shall be considered as Financial Activities and Operations:
1- Receipt of deposits and other payable funds by the public, including Shariah-compliant deposits.
2- Provision of private banking services.
3- Provision of credit facilities of all types.
4- Provision of Financing facilities of all types, including Shariah-complaint Financing facilities.
5- Provision of monetary intermediary services.
6- Financial transactions in securities, financing and financial leasing.
7- Provision of exchange and money transfer services.
8- Issuance and management of means of payment, guarantees or obligations.
9- Provision of stored values services, retail e-payments and digital cash services.
10- Provision of virtual banking services.
11- Trading in, investment, operation or management of funds, options and future financial contracts, exchange rate and interest rate operations, and other financial derivatives or negotiable instruments.
12- Participation in issuing securities and providing of financial services related to these issues
13- Management of funds and portfolios of all kinds
14- Custody of Funds
15- Preparing or marketing financial activities.
16- Direct insurance operations, reinsurance operations for the type and branches of personal insurance, and money making operations in insurance companies, insurance brokers and agents.
17- Any other financial activity or transaction specified by the Supervisory Authority.
Article no. (4):
1- Financial Institutions and Designated Non-Financial Businesses and Professions shall identify, evaluate and understand their crime risks, in a manner commensurate with the nature and size of their business and shall abide by the following:
a- Observing all relevant risk factors such as risks of Clients, countries or geographical areas, products, services, operations and their delivery channels before determining the overall risk level and the appropriate level of risk reduction measures to be applied Client
b- Documenting and continually updating risk assessments and providing them upon request.
2- Financial Institutions and Designated Non-Financial Businesses and Professions shall undertake to reduce the risks identified under Clause no 1) of this Article, taking into account the results of the national risk assessment, through the following:
a- Developing internal policies, controls and procedures commensurate with the nature and size of its business approved by the senior management, which enable it to manage the identified risks and follow up their implementation and strengthen them if necessary, in accordance with Article no. (20) of this Resolution.
b- Taking enhanced due diligence measures to manage high risks when identified, including the following for example:
1) Obtaining and verifying further information as information on the identity of the Client, the beneficial owner, his/ her profession, and the amount of funds and information available through public databases and open sources.
2) Obtaining additional information about the purpose of the business relationship or the reasons for the operations expected or actually performed.
3) Updating Client Due Diligence (CDD) information in a more regular manner about the Client and the beneficial owner.
4) Applying reasonable measures to determine the source of funds and wealth of the Client and the beneficial owner.
5) Increasing the degree and level of continuous monitoring of the business relationship in order to determine whether they look unusual or suspicious, and to select patterns of operations that need further examination and review.
6) Make the first payment through an account in the Client's name at a financial institution subject to similar due diligence standards.
7) Obtain senior management approval to start or continue the business relationship with the Clientclient.
3- If the requirements indicated in clauses nos. (1) and (2) of this Article are met, the Financial Institutions and Designated Non-Financial Businesses and Professions may apply simplified due diligence measures to manage and reduce risks when low risks are identified, unless there is a suspicion of a crime has been committed. Simplified due diligence measures must be commensurate with low risk elements, including the following for example:
a- Verifying the Clientclient’s identity and the real beneficiary owner after starting the business relationship.
b- Updating Clientclients’ data at intervals.
c- Reducing the rate of continuous monitoring rate and examination operations.
d. Inferring the purpose and nature of the business relationship from the type of the established transactions or business relationship, without the need to collect information or undertake specific procedures.
Article no. (8):
1- Financial Institutions and Designated Non-Financial Businesses and Professions shall recognize the identity of Client the client, whether permanent or occasional, and whether he/ she is a natural or juridical person or a legal arrangement they must also verify his/ her identity, using original documents, data or information from a reliable and independent source, as follows:
a- As for natural persons:
Name as shown in the identity or travel document, the nationality, the address, the place of birth and, where applicable, the name and address of the employer, with an attached original copy of the valid identity card or travel document.
b- As for juridical persons and legal arrangements:
1) the Name, the legal form, and Articles of Incorporation.
2) The address of the head office or the principal place of business, and if the person is a foreigner, the name and address of his/ her legal representative in the state, if any, shall be stated and the relevant supporting documents shall be submitted.
3) Articles of Association or any other similar approved documents.
4) The names of the relevant persons who hold senior management positions with the juridical person or legal arrangement.
2- Financial Institutions and Designated Non-Financial Businesses and Professions shall verify that any person who is acting on behalf of the ClientClient is authorized to do so, and shall identify such person in the manner provided for in clause no. (1) of this article.
3- Financial Institutions and Designated Non-Financial Businesses and Professions shall understand the purpose and nature of the business relationship and obtain information related to this purpose when needed.
4- Financial Institutions and Designated Non-Financial Businesses and Professions shall understand the nature of the Clientclient's business and the ownership and control structure of the Client.
Article no. (9):
Financial Institutions and Designated Non-Financial Businesses and Professions shall take reasonable measures that take the risks of crime arising from the client Client and business relationship into account, to identify and verify the beneficial owner of juridical persons and legal arrangements, using documents, data or information obtained from a reliable and independent source, as follows:
1- ClientClients from among juridical persons :
a- Obtaining the identity of the natural person, whether he/ she works alone or with another person who has an actual controlling share or equity in the juridical person by (25%) or more.
b- In case of doubt as to the identity of the natural person in accordance with the preceding clause, or as to whether the natural person who has a controlling share or equity is the beneficial owner, or where no natural person exercises control through the equity, the natural person who exercises actual or legal control over the juridical person or legal arrangement shall be identified through any other direct or indirect means.
c- If no natural person is identified under paragraphs nos. (a) and (b) of this clause, the natural person in question holding the position of Senior Management Officer, whether one or more persons, shall be identified.
2- ClientClients from among Legal arrangements:
Determing the Trustor or trustee, the beneficiaries or classes of beneficiaries, and any other natural person who exercises ultimate effective control, including through a series of controls or ownership over the trust directly or indirectly, and obtain sufficient information about the real beneficial owner so that he/ she can be identified at the time of payment or when he/ she intends to exercise his / her legally acquired rights.
With respect to other legal arrangements, they shall recognize the identity of the natural persons holding equivalent or similar positions.
Article no. (10):
Financial Institutions and Designated Non-Financial Businesses and Professions and virtual assets services providers shall be exempt from determining and verifying the identity of the shareholder or partner or the Real Beneficiary, provided that such information is obtained from reliable sources in cases where the Client or owner of the controlling interest is of any of the following:
- 1- A company that is listed on a regulated securities market and that is subject to disclosure requirements under any means that impose the requirements of adequate transparency for the Real Beneficiary.
- 2- A subsidiary company whose majority of shares or stocks are owned by a holding company.
Client
Article no. (11):
1- In addition to the Due Diligence measures required for the ClientClient and the beneficial owner, Financial Institutions must take Due Diligence measures and continuous supervision towards the beneficiary of personal insurance policies and money making operations, including life insurance products, family takaful insurance and other investment insurance products, as soon as the beneficiary is identified or named as follows:
a- As for the named beneficiary, the name of the person must be obtained, whether he/she is a natural or legal person or a legal arrangement.
b- As for the beneficiary identified by category or description such as family relationship such as spouse, children or any other means such as will or estate, sufficient information about the beneficiary must be obtained to ensure that the financial institution will be able to identify the beneficiary when disbursing compensation or benefits.
c- Verifying the identity of the beneficiary in the two previous cases when paying compensation or dues or exercising any rights related to those documents.
2- In all cases, Financial Institutions must consider the clientClient and beneficiary of life insurance policies and family takaful insurance as risk factors when determining the applicability of enhanced due diligence procedures. Moreover, if they find that the beneficiary is a high risk legal person or arrangement, they must take enhanced due diligence measures, which must include reasonable procedures to identify and verify the beneficial owner of the policy beneficiary when paying compensation or dues or exercising any rights related to those policies.
Article no. (15):
1- Financial Institutions and Designated Non-Financial Businesses and Professions must, in addition to implementing ClientClient Due Diligence (CDD) in accordance with the third part of the first section of this chapter, adopt the following:
First: As for Foreign Politically exposed person (PEPs),
a- Developing the appropriate risk management systems to determine whether the Client or the beneficial owner is a Foreign Politically exposed person.
b- Obtaining senior management approval before establishing or continuing the business relationship for current Clients who are Foreign Politically exposed persons.
c- Taking reasonable measures to determine the sources of funds and wealth of Clients, and the beneficial owners who have been identified as politically exposed persons.
d. Carrying out continuous and enhanced follow-up of the business relationship.
Second: As for local politically exposed persons and persons who have already been assigned a prominent position in an international organization:
a- Taking sufficient measures to determine whether the Client or the beneficial owner is one of these persons.
b- Taking the measures mentioned in paragraphs nos. (b), (c) and (d) of article “First”, when there is a high-risk business relationship with such persons.
2- Subject to clause no. (1) of this article, the Financial Institutions concerned with life and family takaful insurance policies must take reasonable measures to determine whether the beneficiary or beneficial owner is a politically exposed person before paying compensation or dues or exercising any rights related to those policies. When there are higher risks, they must inform senior management before paying compensation or dues or exercising any rights related to them, conduct a thorough examination of the overall business relationship, and consider reporting a suspicious transaction report to the Unit.
Article no. (17):
1- In the case of suspecting, or if they have reasonable grounds to suspect, that an Operation or an attempt to carry out an Operation or that Funds representing Proceeds, in whole all or in part, are related to the Crime or that they will be used for such purpose regardless of their value, Financial Institutions and Designated Non-Financial Businesses and Professions shall comply with the following without invoking bank secrecy or professional or contractual confidentiality:
a- Report directly Suspicious Transaction Reports (STRs) to the Unit without delay through its electronic system or any other means approved by the Unit.
b- Respond to all additional information requested by the Unit.
2- Lawyers, notaries and other independent legal professionals and independent legal auditors shall be exempt from the provision of Clause no. (1) of this Article if obtaining information relating to such operations on their assessment of the legal status of the client, defending or representing him/ her, before the courts, arbitration or mediation proceedings, or the provision of legal opinion in a matter relating to a judicial proceeding. This includes providing advice on the commencement or avoidance of such proceedings whether the information was previously obtained, during or after the proceedings or in other circumstances in which they are subject to professional secrecy.
3- Financial Institutions, Designated Non-Financial Businesses and Professions, Virtual Asset Service Providers, members of their boards of directors, employees and legally authorized representatives shall not incur any administrative, civil or criminal responsibility resulting from the disclosure of any secret, when informing the unit or providing it with information in good faith, even if they do not know exactly what the crime is or whether it actually occurs.
Article no. (18):
1- Financial Institutions and Designated Non-Financial Businesses and Professions, their directors, officials and employees shall not disclose, directly or indirectly, to the Client or any other person, their reporting, or that they are about to report suspicious operations or information and data related to them. They shall not also disclose the existence of an investigation. This does not prevent sharing of information with branches and subsidiaries at the level of the financial group in accordance with the provisions of Article no. (31) of this decision.
2- An attempt by lawyers, notaries pubic, other independent legal professionals, or independent legal auditors to dissuade the Client from performing an act that is contrary to the law shall not be considered as disclosure.
Article no. (19):
1- Taking into account the countries that the Committee identifies as high risk and the countries that suffer from weaknesses in AML/CFT systems, the Financial Institutions and the Designated Non-Financial Businesses and Professions may rely on a third party to carry out Client Due Diligence (CDD) in accordance with the third part of the first section of this chapter. The financial institution and the Designated Non-Financial Businesses and Professions shall be responsible for the validity of these measures, and shall do the following:
a- Immediately obtain the identification data and necessary information collected during the Client Due Diligence (CDD) measures from the third party, and ensure that copies of the necessary documents for these measures can be obtained without delay upon request.
b- Ensure that the third party is subject to regulation and control, and complies with the requirements of Client Due Diligence and keeps the registers provided for in this Decision.
2- The financial institution and the Designated Non-Financial Businesses and Professions that that engage a third party who is part of the same Financial Group shall ensure the following: a-Ensure that the Group applies the Client Due Diligence Measures towards Clients and Politically Exposed Persons, that records are kept and that anti-Crime programmes are implemented in accordance with Parts 3, 4 and 11 of Section 1 of this Chapter and Article (31) of this Decision; .
b- Sufficiently reduce any high risks related to countries through the Group-related anti-Crime policies and controls.
Article no. (21):
Financial Institutions and Designated Non-Financial Businesses and Professions shall undertake to appoint a compliance officer, who shall have the appropriate competence and experience under its responsibility, to carry out the following tasks:
1- Controlling of the Crime-Related Transactions
Accessing records and receiving, examining and studying data on Suspicious Transactions and taking the decision to notify the Unit or to retain such records and data while stating the reasons, under complete confidentiality.
3- Reviewing the internal systems and procedures for anti-money laundering and combating the financing of terrorism and financing of illegal organizations, and their consistency with the provisions of the decree-law and this resolution. This is in addition to assessing the extent of the institution's commitment to its application and proposing what is necessary to update and develop it, and prepare periodic reports thereon to be submitted to the senior management. This is in addition to sending a copy to the concerned regulatory authority at its request, including the observations and decisions of the senior management.
4- Developing, implementing and documenting ongoing programs and training and qualification plans for employees working for the organization on all matters related to anti-money laundering and combating the financing of terrorism and financing of illegal organizations and ways to confront them.
5- Cooperating with the Regulatory Authority and the Unit, providing them with the data they request, and enabling their assigned employees to view the records and documents necessary to exercise their competencies.
Article no. (22):
1- Financial Institutions and Designated Non-Financial Businesses and Professions shall apply enhanced due diligence measures in proportion to the degree of risk that may arise from business relationships or transactions with a natural or legal person from the countries that the Committee identifies as high risk or countries that suffer from weaknesses in AML/CFT systems.
2- Financial Institutions and Designated Non-Financial Businesses and Professions shall apply countermeasures and any other measures requested by the regulatory Authorities on their own or on the basis of what the Committee determines with regard to high-risk countries and countries that suffer from weaknesses in AML/CFT systems.
Article no. (24):
1- Financial Institutions and Designated Non-Financial Businesses and Professions shall keep all records, documents, papers and data, for all financial operations and local or international commercial and cash transactions, for a period of no less than (5) years from the completion date of the transaction or the end of the business relationship with the Client.
2- Financial Institutions and Designated Non-Financial Businesses and Professions must keep all records and documents obtained through Client due diligence measures, continuous supervision, accounts files, commercial correspondence, and copies of personal identity documents, including suspicious transaction reports and the results of any conducted analysis. This shall be for a period of no less than (5) years from the end date of the business relationship or from the closure date of the account for Clients who maintain accounts with these institutions. In addition, after the completion of an occasional process, from the date after the completion of the inspection by the supervisory authorities, from the completion date of the investigation, or from the date of a final judgment issued by the competent judicial authorities, all as the case may be.
3- The operations and the documents records and the kept documents shall be so organized as to be sufficient to permit the reconstitution or re-arrangement of individual operations, the analysis of data and the tracking of financial operations, in such a manner as to provide, where appropriate, evidence of claim against criminal activity.
4- Financial Institutions and Designated Non-Financial Businesses and Professions shall ensure all Client information related to Client due diligence, ongoing control and the results of their analysis, records, files, documents, correspondence and forms thereof immediately available to the concerned authorities upon their request.
Article no. (27):
1- Financial Institutions shall ensure that all international wire transfers equal to or more than (AED 3.500) are always accompanied by the following data:
a- The full name of the sender and the beneficiary.
b- The account number of the sender and the beneficiary, and in the absence of such account, the transfer must include a unique reference number that allows Financial Institutions to track it.
c- The sender's address, identification number, travel document, date and place of birth, or Client identification number with the transferring financial institution, which shall refer to a record containing these data.
2- In case of several international wire transfers are collected from one being combined in a transfer file to be sent to the beneficiaries, the transfer file shall include accurate data about the sender, and full information about the beneficiaries, which can be fully tracked in the beneficiary's country. Hence, the financial institution is required to include the sender's account number, or a unique reference number for the process.
3- Financial Institutions shall ensure that all international wire transfers that are less than the amount of AED (3.500) are accompanied by the data contained in Clause no. (1) of this Article, without the need to verify the validity of the referred data, unless there are doubts about the commission of the crime
4- Financial Institutions transferring local wire transfers shall ensure that the information attached to the wire transfers includes the same data on the transferor referred to in Clause no. (1) of this Article, unless such data is available to the beneficiary Financial Institutions and the concerned parties by other means.
5- When the data attached to the local wire transfer is available to the beneficiary Financial Institutions and the concerned authorities through other means, the transferring financial institution is required to include the account number or the unique reference number of the transaction only, provided that this number allows the tracking of transactions to the transferor or the beneficiary. Moreover, the transferring financial institution must provide such data within three (3) working days of receiving the request from the beneficiary financial institution or the concerned authorities.
6- Financial Institutions are prohibited from executing wire transfers if they do not comply with the conditions set out in this article.
7- The transferring Financial Institutions must keep all the collected information about the transferor and the beneficiary, in accordance with the provisions of Article No. (24) of this Resolution.
Article no. (31):
The financial groups shall implement anti-crime programs at the group level, that shall be applicable to all branches and subsidiaries in which the group has a majority. In addition, these programs include the following, in addition to the measures stipulated in Article no. (20) of this Resolution:
1- Information exchange policies and procedures required for Client due diligence and crime risk management purposes.
2- Provision of information related to Clients, accounts and operations from branches and subsidiaries to the AML/CFT officials at the level of the financial group, when necessary. This shall be for the purposes of countering crime, including information on analyzing operations or activities that seem unusual or suspicious, in addition to suspicious transaction reports, their basic information, or an evidence on filing a report of a suspicious transaction. In all cases, branches and subsidiaries are provided with this information when appropriate and necessary to risk management.
3- Provision of adequate guarantees on confidentiality and use of exchanged information.
Article no. (37):
1- Trustees in legal arrangements shall keep information about the real beneficial owner as stated in clause no. (2) of Article no. (9) of this Resolution.
2- Trustees in legal arrangements must keep basic information about supervised intermediaries and service providers, including investment advisors, managers, accountants, and tax advisors.
3- Trustees in legal arrangements must disclose their status to Financial Institutions, Designated Non-Financial Businesses and Professions, and Virtual Asset Service Providers, when they establish a business relationship or carry out an occasional transaction that exceeds the specified limit under the provisions of this resolution. They must also provide them with information related to the beneficial owner and the assets that will be kept or managed under the terms of the business relationship, if requested.
4- The information mentioned in clauses nos. (1) and (2) of this Article shall be accurately kept and updated within fifteen (15) working days upon any amendment or variation therein. The representatives of the legal arrangements shall retain such information for a period of five (5) years from the date of termination of their dealings with the legal arrangement.
5- The concerned authorities, in particular law enforcement authorities, may request and obtain without delay the information kept by trustees, Financial Institutions, Designated Non-Financial Business or Professions or virtual assets services providers related to the following:
a- The real beneficial owner of legal arrangements.
b- place of residence of the Trustee.
c- The Funds held or managed by the Financial Institution or the Designated Non-Financial Business in respect of any Trustee with whom they have a Business Relationship or for whose account they perform a casual transaction.
Article no. (42):
In the course of performing its duties as regards suspicious transaction reports, the Unit shall have competence to carry out the following::
1- Receive, study and analyse reports from Financial Institutions, Designated Non-Financial Businesses and Virtual Asset Service Providers according to the models approved thereby, and save the same in its database.
2- Request Financial Institutions, Designated Non-Financial Businesses, Virtual Asset Service Providers and the Competent Authorities to provide it with any additional information or documents relating to the reports and information it has received and other information it deems necessary for the performance of its functions, including information on customs reforms, on the date and the form specified by the Unit..
3- Analyse reports and information available thereto as follows:
a- Conduct an operational analysis using available information and data that can be obtained to identify specific targets such as persons, money or criminal networks, track the course of specific activities or Operations, and identify linkages between these objectives, activities or Operations and the potential Proceeds of the Crime.
b- Conduct a strategic analysis using available information and information that can be obtained, including data provided by the Competent Authorities, to identify the trends and patterns of the Crime.
4- Providing Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers with the results of the analysis of the information provided on the reports received by the Unit, in order to enhance the effectiveness of the implementation of procedures to confront crime and detect suspicious transactions.
5- Cooperating and coordinating with the Supervisory Authorities by referring the results of the analyzes they conduct related to the quality of the received reports, in order to ensure the compliance of Financial Institutions, Designated Non-Financial Businesses and Professions, and Virtual Asset Service Providers with the procedures for confronting crime.
- 6-
6- Refer the data related to the reports and the results of the analysis it conducts and other relevant information to Law Enforcement Authorities, when there are sufficient grounds to suspect their connection with the Crime, so as to take the necessary action in their respect.
7- Provide judicial and Law Enforcement Authorities with Crime-related information and other information that they can be obtain from Financial Intelligence Units in other countries automatically or upon request.
Article no. (44):
The Regulatory Authorities of Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers, each according to its competence, shall undertake the tasks of supervision, control and follow-up to ensure compliance with the provisions stipulated in the Decree-Law, this Resolution, the supervisory decisions and any other relevant decisions. They shall also be concerned with the following:
1- The identification, evaluation and updating of the potential risk of the crime in legal persons, including Financial Institutions, Designated Non-Financial Businesses and Professions, virtual assets activities and Virtual Asset Service Providers activities.
2- The application of a risk-based approach to ensure that the money laundering and terrorist financing prevention or mitigation measures are commensurate with the identified risks.
3- The development of instructions, systems and models to counter crime for those under its control when necessary.
4- The development of the policies, procedures and controls necessary to verify the compliance of those under its control with the provisions of the Decree-Law, this resolution and any other legislation related to confronting crime in the state, and requesting information related to the implementation of this commitment.
5- The development of merit and eligibility regulations, rules and standards and applying them to anyone who seeks to own, control, participate in the management or operation of Financial Institutions, Designated Non-Financial Business or Professions or virtual assets services providers, directly or indirectly, or who is the beneficial owner thereof.
6- Office and field supervision and inspection of Financial Institutions, Designated Non-Financial Businesses and Professions, and Virtual Asset Service Providers on the basis of a risk-based approach.
7- Determining the periodicity of the supervision and inspection of Financial Institutions, financial groups, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers based on the following:
a- National Risk Assessment
b- The distinctive features of Financial Institutions, financial groups, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers, in terms of their diversity, size and degree of freedom of disposal granted to them according to the risk-based approach.
c- Crime risks and understanding them and the policies, internal controls and procedures applied by Financial Institutions, financial groups, Designated Non-Financial businesses or Professions or Virtual Asset Service Providers, as defined in the Supervisory Authority's assessment of their respective risk structure. 8- Taking all necessary measures to ensure full compliance with the Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers by implementing the Security Council resolutions relating to the prevention and suppression of terrorism and its financing and the prevention, suppression and cessation of the proliferation of weapons of mass destruction (WMD) and their financing. This is in addition to other relevant resolutions, through field visits and continuous follow-up, and imposing appropriate administrative penalties when violating or failing to apply the instructions.
9- Verifying that the establishments under its control adopt and apply the controls, procedures and measures prescribed in accordance with the provisions of the Decree-Law and this resolution, and implementing them in its foreign branches and subsidiaries in which it owns the majority share to the extent permitted by the regulations of the state in which these branches and companies are located.
10- Verify the extent to which the Financial Institutions subject to the international basic principles of financial control are subject to regulation and control in accordance with those principles. Such principles shall include the application of consolidated control at the level of the financial group for AML/CFT purposes. This is in addition to ascertain the extent to which they are subject to regulation, control or follow-up, with regard to other Financial Institutions, in accordance with the degree of ML/FT risks.
11- Reviewing the assessment of the Establishment and the financial group of the crime risk structure, including the risk of non-compliance, periodically or when there are significant developments in the management of the Establishment or the financial group and its operations.
12- Establishing adequate controls and procedures to ensure that Financial Institutions, Designated Non-Financial Businesses and Professions, and Virtual Asset Service Providers are informed of the Committee's decisions related to the following:
a- Enhanced due diligence and countermeasures identified by the Committee.
b- Any concerns related to weaknesses in AML/CFT systems in other countries.
c- Any other resolutions issued by the Committee.
13- Providing those under its control with guidance and feedback to enhance the effectiveness of its implementation of anti-crime measures.
14- Maintaining an updated list of the names and data of compliance officials of the establishments under its control and informing the unit of it. In addition, it has the right to oblige those establishments to obtain its prior approval before appointing compliance officials.
15- Organizing awareness programs and campaigns on anti-crime.
16- Issuing decisions to impose administrative sanctions in accordance with the provisions of the Decree-Law, this Resolution, the supervisory decisions and any other relevant decisions and the mechanism of filing complaints against them.
17- Keeping statistics on the measures taken and the sanctions imposed.
Article no. (51):
The Competent Authorities shall give priority to all requests for international cooperation in criminal matters, particularly those related to the Crime and implement them expeditiously through clear and secure mechanisms and channels. The confidentiality of the information received, subject-matter of such request, shall be observed if so stipulated in the request. Should it be impossible to observe confidentiality, the requesting authority shall be notified thereof.
Article no. (52):
Within the scope of the implementation of the provisions of the Decree-Law and this Resolution, a request for international cooperation should not be refused on the basis of any of the following:
1- The crime includes financial, tax or customs matters.
2- Binding confidentiality provisions for Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers in a manner that does not violate the legislation in force in the country, unless the relevant information has been obtained in the circumstances in which legal professional privileges or professional confidentiality apply.
3- The crime is political or related thereto.
4- The request relates to a crime under inquiry or judicial investigation in the state, unless the request will hinder such inquiry or investigations.
5- The act on which the request is based does not constitute an offence in the State or has no common features to an offence provided for therein, unless it includes compulsory measures, or pursuant to the legislation in force in the State.
6- The criminal act in the State is listed under a different name or description or its elements differ in the requesting State.
Article no. (57):
The competent judicial authority may, at the request of a judicial authority in another State with which the State has a convention in force, or on the condition of reciprocity in acts punishable in accordance with the legislation in force in the State, provide judicial assistance in investigations, trials or procedures related to the offence. Moreover, it may order the following:
1- The identification, freezing, seizure or confiscation of funds, proceeds or means resulting from the offence used or attempted to be used in it or its equivalent. As well, if the accused is unknown, refuses his/ her criminal responsibility or in case of the expiry of the penal case, this does not prevent taking these procedures.
2- Any other measures that can be applied in accordance with the legislation in force in the country, including providing records kept by Financial Institutions, designated non-financial businesses or professions, Virtual Asset Service Providers or non-profit organizations. Such measures also include inspecting persons and buildings, collecting witness statements, obtaining evidence, and using investigation techniques such as undercover operations, interception of communications, electronic data and information collection, and controlled delivery.
3- Extradition and recovery of persons and objects related to the crime in accordance with the legislation in force in the State.
Clause II
1- The title of the second chapter of the aforementioned Cabinet Resolution No. (10) of 2019 is hereby replaced to be as follows: (Financial Institutions, Designated Non-Financial Businesses and Professions, Virtual Asset Service Providers and non-profit organizations).
2- The title of the first part of the fifth Chapter of the aforementioned Cabinet Resolution No. (10) of 2019 shall be replaced to be as follows: (The Supervisory Authority for Financial Institutions, Designated Non-Financial Businesses and Professions and Virtual Asset Service Providers).
Clause III
A fourth part entitled (Virtual Asset Service Providers), is added to the second chapter of the aforementioned Cabinet Resolution No. (10) of 2019, which includes the following articles:
Article no. (33) bis (1):
1- Every natural or legal person who carries out any of the activities of Virtual Asset Service Providers, provides their products or services or carries out their operations from the state must be licensed, enrolled or registered, as the case may be, by the competent Supervisory Authority.
2- The Supervisory Authority on Virtual Asset Service Providers, each according to its competence, may issue the necessary decisions, circulars and procedures for the purposes of adequate organization thereof, taking into account the identified risks in a manner that achieves compliance with the provisions of the Decree-Law and this Resolution.
3- In all cases, the Supervisory Authority on Virtual Asset Service Providers shall, on its own or in coordination with the concerned authorities, take the necessary measures to determine who carries out any of the activities of the Virtual Asset Service Providers in violation of Clause No. (1) of this Article. It shall also apply the appropriate sanctions against them. These procedures may include the following:
a- Reviewing public and open-source databases to identify relevant ads over the information network or potential business requests by a person who is not licensed, enrolled, nor registered.
b- Establishing feedback channels with Concerned authorities, or communication channels to receive public comments from the public in this regard.
c- Coordinating with the Unit to obtain information available to it such as suspicious transaction reports or the results of other information collection it carried out.
d. Reviewing non-public information, such as information related to the denial, suspension, restriction or revocation of a license, enrollment or registration of virtual asset service provider activities, and any relevant information with law enforcement authorities.
4- Subject to the provisions of Chapter (7) of this Resolution, the concerned authorities may, pursuant to the legislation in force in the State and the international agreements to which the State is a party or based on the condition of reciprocity, execute international cooperation requests related to predicate offenses, money laundering crimes, financing of terrorism, or financing of Illegal Organizations related to virtual assets and Virtual Asset Service Providers as expeditiously and effectively as possible. This shall be applied regardless of the nature and difference in the names of the supervisory Authorities or the status of the Virtual Asset Service Providers in other countries.
Article no. (33) bis (2):
Virtual Asset Service Providers must identify, assess, manage and reduce their risks related to money laundering and terrorist financing, as stated in clauses nos. (1) and (2) of Article no. (4) of this Resolution.
Article no. (33) bis (3):
Virtual Asset Service Providers must comply with the provisions of Articles nos.(5-9), (12-15/1), (16, 17/1, 18/1, 19-32, 35, 38, 39), and (60) of this Resolution, and consider the following:
1- Taking Client Due Diligence (CDD) measures when conducting casual operations equal to or more than (AED 3.500).
2- Obtaining and keeping the required transfer information precisely by the Virtual asset service provider, the transfer originator.
This is in addition to requesting the information of the beneficiary of the transfer. It must provide such information to the virtual asset service provider, the beneficiary or the financial institution - if any, immediately and safely. It must also make it available to the competent authorities upon request.
3- Obtaining and keeping the required transferor information and the beneficiary precisely by the virtual asset service provider obtains. It must also make it available to the competent authorities upon request.
4- All requirements contained in this part of this resolution shall apply to Financial Institutions when they send or receive virtual asset transfers on behalf of the Client.
Clause IV
Every provision violating or contradicting with the provisions hereof shall be cancelled.
Clause V
This Resolution shall be published in the Official Gazette, and comes into force on the day following the date of its publication.
//Stamp (UAE- Cabinet)//
The original copy is signed by His Highness Sheikh