As mentioned above, LFIs must conduct appropriate CDD on all customers, regardless of their type or sector. The majority, if not all, of Payment Sector participant customers will be legal persons for which LFIs should conduct CDD as required by Articles 8 and 9 of the AML-CFT Decision. In particular, under Article 9 of the AML-CFT Decision, LFIs are required to identify the beneficial owners of a legal person customer by obtaining and verifying the identity of all individuals who, individually or jointly, have a controlling ownership interest in the legal person of 25% or more, and where no such individual meets this description, the LFI must identify and verify the identity of the relevant individual(s) holding the senior management position in the entity. For more information, please consult the CBUAE’s Guidance for Licensed Financial Institutions providing services to Legal Persons and Arrangements. LFIs should ensure that their contractual agreements with Payment Sector participant customers ensure that the LFI can access necessary information in a timely fashion. If LFIs cannot access this information in accordance with timelines laid out in its policies, they should consider restricting and ultimately terminating the relationship.

 

Furthermore, as per Articles 8.3 and 4 of AML-CFT Decision, for all customer types, LFIs are required to understand the purpose for which the account or other financial services will be used, and the nature of the customer’s business. This step requires the LFI to collect information that allows it to create a profile of the customer and of the expected uses to which the customer will put the LFI’s products and services. In the context of payments, the LFI must understand whether and how its services are being used by its Payment Sector participant customer to facilitate provision of the PPS to its customer (Payment Sector participant customers may also be transacting on a proprietary basis). This should include a determination of whether nesting will take place. If the LFI prohibits nesting, it should make that prohibition clear to the customer.

 

In addition to the standard required CDD elements of Sections 2 and 3 of the AML-CFT Decision, LFIs should collect all the information necessary to risk-rate the Payment Sector participant customer considering the risk factors described in section 3.2 above and whether aspects of the customer profile require EDD. LFIs should also consider the following steps to gain a more detailed understanding of the customer’s business in order to be sure that they fully understand it:

Under Article 7 of the AML-CFT Decision, all customers must also be subject to ongoing monitoring throughout the business relationship. Changes in the design or structure of a PPS, as well as changes in a Payment Sector participant’s customer base (including both the consumer and merchant customer base), can have a major impact on the overall risk associated with the Payment Sector participant. Ongoing monitoring of the customer relationship should be sufficiently rigorous to identify when such changes have taken place, as well as any other changes that impact the customer’s risk rating, and should be conducted at a frequency appropriate to the customer’s risk and the materiality of its transactions. Ongoing monitoring should also include a review of the customer’s transactional activity to determine whether it is in line with expectations established at onboarding and with activity during the previous review period. Sharp or substantial changes in activity may have a fully legitimate cause, such as growth in the customer’s user base, but LFIs should still ensure they understand the reasons for these changes.